From 070978c373d34832bc71588be608be3314f9e6f3 Mon Sep 17 00:00:00 2001
From: Reinhard Tartler <siretart@tauware.de>
Date: Sun, 16 Apr 2023 18:16:11 -0400
Subject: [PATCH] Import Debian changes 3.0.1+dfsg1-3+deb11u4
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
libpod (3.0.1+dfsg1-3+deb11u4) bullseye; urgency=medium
.
* Recompile to fix parsing of DBUS_SESSION_BUS_ADDRESS (Closes: #1018816)
.
libpod (3.0.1+dfsg1-3+deb11u3) bullseye; urgency=medium
.
* Fix and tighten dependencies
.
libpod (3.0.1+dfsg1-3+deb11u2) bullseye; urgency=medium
.
* CVE-2022-1227: pickup changes in containers/psgo, Closes: #1020907
* CVE-2022-27649: do not set the inheritable capabilities, Closes: #1020906
.
libpod (3.0.1+dfsg1-3+deb11u1) bullseye; urgency=medium
.
* Rebuild against containers-common to pickup seccomp updates required
for newer kernels. Closes: #​994451, #1006138
.
libpod (3.0.1+dfsg1-3) unstable; urgency=medium
.
* Add networking-lookup-child-IP-in-networks.patch, fixes rootless
connection issue "Connection reset by peer", Closes: #989803
.
libpod (3.0.1+dfsg1-2) unstable; urgency=medium
.
* Prefer crun over runc, Closes: #985379
* Add depends in iptables, Closes: #987207
.
libpod (3.0.1+dfsg1-1) unstable; urgency=medium
.
* New upstream release
* debian/control: tighten dependencies
* drop inspect-volume-data.patch, merged upstream
* Use packaged version of ocicrypt
.
libpod (3.0.0+dfsg1-2) unstable; urgency=medium
.
* Adjust dependencies on containers/{storage,image,common,buildah}
as discussed with upstream
.
libpod (3.0.0+dfsg1-1) unstable; urgency=medium
.
* New upstream release
.
libpod (3.0.0~rc3+dfsg1-1) experimental; urgency=medium
.
* New upstream release
* Cleanup varlink service, closes: #981708
* Tighten dependency on buildah to pickup fix for caching bug,
closes: #982467
.
libpod (3.0.0~rc2+dfsg1-2) unstable; urgency=medium
.
* Upload to unstable
.
libpod (3.0.0~rc2+dfsg1-1) experimental; urgency=medium
.
* New upstream release
* Install auto-update systemd units
* debian/copyright: more updates
* Install auto-update systemd units
* systemd: Don't enable podman-auto-update.service in default.target
(Closes: #981097)
* Pass buildtags also go test invocation to unbreak autopkgtests when
run as root
.
libpod (3.0.0~rc1+dfsg1-1) experimental; urgency=medium
.
* New upstream version
* Drop varlink references, dropped upstream
* Remove confusing line (Closes: #980480)
.
libpod (2.2.1+dfsg1-1) experimental; urgency=medium
.
* New upstream version
* drop cobra-spf13-api.patch, no longer needed
* Rely on upstream's build scripts to install manpages (Closes: #977502)
* Remove conflicting manpage container-mounts(5), Closes: #977502
* drop old-docker-api.patch, no longer needed
.
libpod (2.2.0+dfsg1-1) experimental; urgency=medium
.
* debian/changelog: Bump to libpod 2.2.0
* Refresh distro patches
* debian/control: Tighten build-dependency on buildah
* add cobra-spf13-api.patch
* debian/copyright: manual updates
* podman: Add depends on golang-github-containernetworking-plugin-dnsname
.
libpod (2.1.1+dfsg1-7) unstable; urgency=medium
.
* Pass buildtags also go test invocation to unbreak autopkgtests
on machines that run as real root.
.
libpod (2.1.1+dfsg1-6) unstable; urgency=medium
.
* debian/rules: Remove confusing line (Closes: #980480)
* systemd: Don't enable podman-auto-update.service in default.target
(Closes: #981097)
.
libpod (2.1.1+dfsg1-5) unstable; urgency=medium
.
* Install auto-update systemd units
.
libpod (2.1.1+dfsg1-4) unstable; urgency=medium
.
* Ignore containers.conf sysctl when namespaces set to host
(Closes: #979313)
.
libpod (2.1.1+dfsg1-3) unstable; urgency=medium
.
[ Dmitry Smirnov ]
* Tightened versioned dependency on "containernetworking-plugins".
.
[ Reinhard Tartler ]
* debian/copyright: various cleanups
* Fix handling of Ambient/Inheritable caps for non root user, Closes: #977717
* Rely on upstream's build scripts to install manpages
* Remove conflicting manpage container-mounts(5), Closes: #977502
.
libpod (2.1.1+dfsg1-2) unstable; urgency=medium
.
[ Reinhard Tartler ]
* Install runc by default, Closes: #971253
* Builds against structured-merge-diff/v4, Closes: #976410
.
[ Antonio Terceiro ]
* Recommend catatonit before the other inits (Closes: #971815)
.
libpod (2.1.1+dfsg1-1) unstable; urgency=medium
.
[ Reinhard Tartler ]
* New upstream release: 2.1.1
* golang-github-containers-libpod-dev: expose golang sources
* debian/copyright: update using cme update dpkg-copyright
.
[ Arnaud Rebillout ]
* Unvendor sigs.k8s.io/yaml
.
libpod (2.0.6+dfsg1-2) unstable; urgency=medium
.
* Restored io.podman/varlink interface, which is still in use by
nomad-driver-podman.
.
libpod (2.0.6+dfsg1-1) unstable; urgency=medium
.
* New upstream release
* debian/copyright: cleanups
* drop malformed lintian override
* Bump standard version, no changes needed
.
libpod (2.0.4+dfsg2-5) unstable; urgency=medium
.
* Team upload.
* Upload to unstable
.
libpod (2.0.4+dfsg2-4) experimental; urgency=medium
.
* Team upload.
* Tighten buildah Build-Depends version
.
libpod (2.0.4+dfsg2-3) experimental; urgency=medium
.
* Team upload.
.
[ Reinhard Tartler ]
* Add more notes on how to get started with Debian kernels
.
[ Shengjing Zhu ]
* Add patch to fix build with new runc
.
libpod (2.0.4+dfsg2-2) unstable; urgency=medium
.
[ Martin Pitt ]
* Bump conmon dependency
.
[ Dmitry Smirnov ]
* Harmonize repacksuffix to fix CI.
* Tighten recommendation on fuse-overlayfs (>= 1.0.0~).
.
[ Reinhard Tartler ]
* Bug fix: "Breaks docker", thanks to Jan Hudec (Closes: #968207).
- No longer create symlink /run/docker.sock to avoid interfering
with the docker daemon. Users that wish to replace the docker
daemon with podman are advised to install the symlink themselves
and arrange appropriate permissions for podman.sock.
.
libpod (2.0.4+dfsg2-1) unstable; urgency=medium
.
* Vendor in protobuf 3 to workaround #961814
* Remove "insanity workaround" related to protobuf
* Hand in forgotten changelog entry in 2.0.4+dfsg1-1
.
libpod (2.0.4+dfsg1-1) unstable; urgency=medium
.
* New upstream release
* No longer install /etc/containers/libpod.conf (Closes: #961016)
This file is deprecated in version 2.0 and is superseeded by
/etc/containers/containers.conf, which is provided by the
golang-github-containers-common package. The old file hardcodes
a default OCI runtime that breaks in default installations.
* Fixed REST API regression (Closes: #966501)
.
libpod (2.0.3+dfsg1-1) unstable; urgency=medium
.
* Team upload.
* New upstream release
* Install systemd helper files in favor of varlink (Closes: #966118)
.
libpod (2.0.2+dfsg1-3) unstable; urgency=medium
.
* Team upload.
* Upload to unstable.
.
libpod (2.0.2+dfsg1-2) experimental; urgency=medium
.
* Team upload.
* debian/rules: Add XDG_RUNTIME_DIR settings on build
- Based on debian/rules from the ibus package, unbreaks
testsuite on many buildds
.
libpod (2.0.2+dfsg1-1) experimental; urgency=medium
.
* Team upload.
* New upstream version, Closes: #964378
.
libpod (1.6.4+dfsg1-4) unstable; urgency=medium
.
* Team upload.
* Rename golang-x-text-dev to golang-golang-x-text-dev
.
libpod (1.6.4+dfsg1-3) unstable; urgency=high
.
* Team upload.
* Do not copy up when volume is not empty
CVE-2020-1726, Closes: #961421
.
libpod (1.6.4+dfsg1-2) unstable; urgency=medium
.
* Un-vendored "golang-github-checkpoint-restore-go-criu-dev".
* Tightened dependency: "conmon (>= 2.0.2~)".
* rules:
+ Golang insanity workaround.
+ Removed obsolete "containers_image_ostree" build tag.
.
libpod (1.6.4+dfsg-1) unstable; urgency=medium
.
* New upstream release.
* Install "seccomp.json".
* Install tutorials.
* Un-vendored "openshift/api" library.
* Build-Depends:
- golang-github-boltdb-bolt-dev
+ golang-github-coreos-bbolt-dev (>= 1.3.3~)
- golang-github-containerd-continuity-dev
= golang-github-containers-buildah-dev (>= 1.11.6~)
= golang-github-containers-image-dev (>= 5.0.0~)
+ golang-github-openshift-api-dev
.
libpod (1.6.2+dfsg-3) unstable; urgency=medium
.
* Install annotated CNI examples.
* Replaced default CNI "bridge" policy with "ptp".
.
libpod (1.6.2+dfsg-2) unstable; urgency=medium
.
* Added note about "swapaccount" to README.Debian.
* libpod.conf: prefer "crun" over "runc".
* Tightened "fuse-overlayfs" dependency.
* Only install "registries.conf" example but not conf file.
* Use "tini-static" for "init_path" built-in default instead of
"catatonit".
* Added "buildah" to Recommends since it provides "containers/image" man
pages.
* Standards-Version: 4.4.1
.
libpod (1.6.2+dfsg-1) unstable; urgency=medium
.
* Initial release (Closes: #930440).
---
debian/.gitlab-ci.yml | 25 +
debian/README.Debian | 55 ++
debian/changelog | 361 ++++++++++++
debian/clean | 7 +
debian/control | 215 ++++++++
debian/copyright | 522 ++++++++++++++++++
debian/etc/cni/net.d/87-podman-ptp.conflist | 31 ++
debian/etc/containers/libpod.conf | 149 +++++
.../cni/net.d/87-podman-bridge.conflist | 37 ++
.../cni/net.d/87-podman-bridge_l2.conflist | 24 +
.../examples/cni/net.d/87-podman-ptp.conflist | 31 ++
debian/examples/registries.conf | 11 +
debian/fill.copyright.blanks.yml | 17 +
debian/fix.scanned.copyright | 20 +
.../golang-github-containers-libpod-dev.docs | 4 +
...olang-github-containers-libpod-dev.install | 1 +
...not-set-the-inheritable-capabilities.patch | 109 ++++
...tworking-lookup-child-IP-in-networks.patch | 83 +++
debian/patches/rm-containers-mounts-5.patch | 23 +
debian/patches/series | 5 +
debian/patches/systemd-tweaks.patch | 13 +
.../test--skip-TestPostDeleteHooks.patch | 37 ++
debian/podman.bash-completion | 1 +
debian/podman.docs | 11 +
debian/podman.examples | 2 +
debian/podman.install | 3 +
debian/podman.lintian-overrides | 2 +
debian/podman.maintscript | 3 +
debian/podman.manpages | 2 +
debian/podman.podman-auto-update.service | 1 +
debian/podman.podman-auto-update.timer | 1 +
debian/podman.postinst | 31 ++
debian/podman.service | 1 +
debian/podman.socket | 1 +
debian/podman.user.service | 1 +
debian/podman.user.socket | 1 +
debian/rules | 64 +++
debian/source/format | 1 +
debian/upstream/metadata | 3 +
debian/watch | 12 +
40 files changed, 1921 insertions(+)
create mode 100644 debian/.gitlab-ci.yml
create mode 100644 debian/README.Debian
create mode 100644 debian/changelog
create mode 100644 debian/clean
create mode 100644 debian/control
create mode 100644 debian/copyright
create mode 100644 debian/etc/cni/net.d/87-podman-ptp.conflist
create mode 100644 debian/etc/containers/libpod.conf
create mode 100644 debian/examples/cni/net.d/87-podman-bridge.conflist
create mode 100644 debian/examples/cni/net.d/87-podman-bridge_l2.conflist
create mode 100644 debian/examples/cni/net.d/87-podman-ptp.conflist
create mode 100644 debian/examples/registries.conf
create mode 100644 debian/fill.copyright.blanks.yml
create mode 100644 debian/fix.scanned.copyright
create mode 100644 debian/golang-github-containers-libpod-dev.docs
create mode 100644 debian/golang-github-containers-libpod-dev.install
create mode 100644 debian/patches/0001-do-not-set-the-inheritable-capabilities.patch
create mode 100644 debian/patches/networking-lookup-child-IP-in-networks.patch
create mode 100644 debian/patches/rm-containers-mounts-5.patch
create mode 100644 debian/patches/series
create mode 100644 debian/patches/systemd-tweaks.patch
create mode 100644 debian/patches/test--skip-TestPostDeleteHooks.patch
create mode 120000 debian/podman.bash-completion
create mode 100644 debian/podman.docs
create mode 100644 debian/podman.examples
create mode 100644 debian/podman.install
create mode 100644 debian/podman.lintian-overrides
create mode 100644 debian/podman.maintscript
create mode 100644 debian/podman.manpages
create mode 120000 debian/podman.podman-auto-update.service
create mode 120000 debian/podman.podman-auto-update.timer
create mode 100644 debian/podman.postinst
create mode 120000 debian/podman.service
create mode 120000 debian/podman.socket
create mode 120000 debian/podman.user.service
create mode 120000 debian/podman.user.socket
create mode 100755 debian/rules
create mode 100644 debian/source/format
create mode 100644 debian/upstream/metadata
create mode 100644 debian/watch
diff --git a/debian/.gitlab-ci.yml b/debian/.gitlab-ci.yml
new file mode 100644
index 0000000..73ddb5d
--- /dev/null
+++ b/debian/.gitlab-ci.yml
@@ -0,0 +1,25 @@
+---
+# https://docs.gitlab.com/ce/ci/yaml/#include
+include:
+ - remote: https://salsa.debian.org/onlyjob/ci/raw/master/onlyjob-ci.yml
+
+## "amd64-unstable" always runs by default followed by lintian.
+
+## Job to check Build-Depends versioning:
+amd64-testing_unstable:
+ extends: .build
+ variables:
+ arch: amd64
+ dist: testing_unstable
+
+i386-unstable:
+ extends: .build
+ variables:
+ arch: i386
+ dist: unstable
+
+amd64-experimental:
+ extends: .build
+ variables:
+ arch: amd64
+ dist: experimental
diff --git a/debian/README.Debian b/debian/README.Debian
new file mode 100644
index 0000000..d3a04ae
--- /dev/null
+++ b/debian/README.Debian
@@ -0,0 +1,55 @@
+User Namespaces
+===============
+
+podman requires a Linux Kernel with userspaces enabled. Debian
+Kernels have that functionality, but the local system administrator
+needs to enable it manually, with a command like this:
+
+sudo sysctl -w kernel.unprivileged_userns_clone=1
+
+ -- Reinhard Tartler <siretart@tauware.de>, Thu, 13 Aug 2020 11:51:18 -0400
+
+
+Troubleshooting rootless mode
+=============================
+
+> Error processing tar file(exit status 1): there might not be enough IDs
+> available in the namespace (requested 0:42 for /etc/gshadow):
+> lchown/etc/gshadow: invalid argument
+
+This probably means that _subuid_ range is not defined in the "/etc/subuid"
+file. On up-to-date system subuid/subgid ranges are automatically assigned
+when a new user is added (e.g. `adduser {USER}`) but on systems upgraded
+from prior Debian releases {USER} created in old environment before upgrade
+may not have _subuid_ mapping.
+
+"usermod" command have "--add-subuids" and "--add-subgids" options but it
+does not check "/etc/login.defs" for ranges.
+An awkward solution may be to add a new temporary user, apply her ranges to
+{USER} (in "/etc/subuid" and in "/etc/subgid") then remove a temporary user
+(e.g. `deluser --remove-home {USER}`).
+
+The following command show the subuids and subgids of the current user:
+
+ grep $USER /etc/s*id
+
+Configuration
+=============
+
+Podman configuration files are in "/etc/containers".
+
+Please review "/etc/containers/policy.json" (provided by package "buildah")
+and check the corresponding man page for details:
+
+ containers-policy.json(5)
+
+
+Kernel options
+==============
+
+We higly recommended to add "swapaccount=1" to default Linux boot options
+(e.g. "/etc/default/grub" :: "GRUB_CMDLINE_LINUX_DEFAULT").
+
+ sudo dpkg-reconfigure grub-pc
+
+Then add "swapaccount=1" to "Linux default command line".
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..2fce944
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,361 @@
+libpod (3.0.1+dfsg1-3+deb11u4) bullseye; urgency=medium
+
+ * Recompile to fix parsing of DBUS_SESSION_BUS_ADDRESS (Closes: #1018816)
+
+ -- Reinhard Tartler <siretart@tauware.de> Sun, 16 Apr 2023 18:16:11 -0400
+
+libpod (3.0.1+dfsg1-3+deb11u3) bullseye; urgency=medium
+
+ * Fix and tighten dependencies
+
+ -- Reinhard Tartler <siretart@tauware.de> Fri, 07 Apr 2023 22:10:33 -0400
+
+libpod (3.0.1+dfsg1-3+deb11u2) bullseye; urgency=medium
+
+ * CVE-2022-1227: pickup changes in containers/psgo, Closes: #1020907
+ * CVE-2022-27649: do not set the inheritable capabilities, Closes: #1020906
+
+ -- Reinhard Tartler <siretart@tauware.de> Wed, 05 Apr 2023 21:00:36 -0400
+
+libpod (3.0.1+dfsg1-3+deb11u1) bullseye; urgency=medium
+
+ * Rebuild against containers-common to pickup seccomp updates required
+ for newer kernels. Closes: #​994451, #1006138
+
+ -- Reinhard Tartler <siretart@tauware.de> Sun, 27 Feb 2022 08:49:15 -0500
+
+libpod (3.0.1+dfsg1-3) unstable; urgency=medium
+
+ * Add networking-lookup-child-IP-in-networks.patch, fixes rootless
+ connection issue "Connection reset by peer", Closes: #989803
+
+ -- Reinhard Tartler <siretart@tauware.de> Sun, 13 Jun 2021 18:28:49 -0400
+
+libpod (3.0.1+dfsg1-2) unstable; urgency=medium
+
+ * Prefer crun over runc, Closes: #985379
+ * Add depends in iptables, Closes: #987207
+
+ -- Reinhard Tartler <siretart@tauware.de> Wed, 21 Apr 2021 17:36:07 -0400
+
+libpod (3.0.1+dfsg1-1) unstable; urgency=medium
+
+ * New upstream release
+ * debian/control: tighten dependencies
+ * drop inspect-volume-data.patch, merged upstream
+ * Use packaged version of ocicrypt
+
+ -- Reinhard Tartler <siretart@tauware.de> Wed, 24 Feb 2021 06:46:17 -0500
+
+libpod (3.0.0+dfsg1-2) unstable; urgency=medium
+
+ * Adjust dependencies on containers/{storage,image,common,buildah}
+ as discussed with upstream
+
+ -- Reinhard Tartler <siretart@tauware.de> Fri, 12 Feb 2021 08:42:39 -0500
+
+libpod (3.0.0+dfsg1-1) unstable; urgency=medium
+
+ * New upstream release
+
+ -- Reinhard Tartler <siretart@tauware.de> Fri, 12 Feb 2021 06:12:02 -0500
+
+libpod (3.0.0~rc3+dfsg1-1) experimental; urgency=medium
+
+ * New upstream release
+ * Cleanup varlink service, closes: #981708
+ * Tighten dependency on buildah to pickup fix for caching bug,
+ closes: #982467
+
+ -- Reinhard Tartler <siretart@tauware.de> Wed, 10 Feb 2021 06:54:28 -0500
+
+libpod (3.0.0~rc2+dfsg1-2) unstable; urgency=medium
+
+ * Upload to unstable
+
+ -- Reinhard Tartler <siretart@tauware.de> Tue, 02 Feb 2021 17:21:00 -0500
+
+libpod (3.0.0~rc2+dfsg1-1) experimental; urgency=medium
+
+ * New upstream release
+ * Install auto-update systemd units
+ * debian/copyright: more updates
+ * Install auto-update systemd units
+ * systemd: Don't enable podman-auto-update.service in default.target
+ (Closes: #981097)
+ * Pass buildtags also go test invocation to unbreak autopkgtests when
+ run as root
+
+ -- Reinhard Tartler <siretart@tauware.de> Sat, 30 Jan 2021 22:17:33 -0500
+
+libpod (3.0.0~rc1+dfsg1-1) experimental; urgency=medium
+
+ * New upstream version
+ * Drop varlink references, dropped upstream
+ * Remove confusing line (Closes: #980480)
+
+ -- Reinhard Tartler <siretart@tauware.de> Sun, 24 Jan 2021 11:16:44 -0500
+
+libpod (2.2.1+dfsg1-1) experimental; urgency=medium
+
+ * New upstream version
+ * drop cobra-spf13-api.patch, no longer needed
+ * Rely on upstream's build scripts to install manpages (Closes: #977502)
+ * Remove conflicting manpage container-mounts(5), Closes: #977502
+ * drop old-docker-api.patch, no longer needed
+
+ -- Reinhard Tartler <siretart@tauware.de> Fri, 18 Dec 2020 07:16:27 -0500
+
+libpod (2.2.0+dfsg1-1) experimental; urgency=medium
+
+ * debian/changelog: Bump to libpod 2.2.0
+ * Refresh distro patches
+ * debian/control: Tighten build-dependency on buildah
+ * add cobra-spf13-api.patch
+ * debian/copyright: manual updates
+ * podman: Add depends on golang-github-containernetworking-plugin-dnsname
+
+ -- Reinhard Tartler <siretart@tauware.de> Tue, 08 Dec 2020 15:45:22 -0500
+
+libpod (2.1.1+dfsg1-7) unstable; urgency=medium
+
+ * Pass buildtags also go test invocation to unbreak autopkgtests
+ on machines that run as real root.
+
+ -- Reinhard Tartler <siretart@tauware.de> Mon, 01 Feb 2021 06:43:56 -0500
+
+libpod (2.1.1+dfsg1-6) unstable; urgency=medium
+
+ * debian/rules: Remove confusing line (Closes: #980480)
+ * systemd: Don't enable podman-auto-update.service in default.target
+ (Closes: #981097)
+
+ -- Reinhard Tartler <siretart@tauware.de> Tue, 26 Jan 2021 21:51:00 -0500
+
+libpod (2.1.1+dfsg1-5) unstable; urgency=medium
+
+ * Install auto-update systemd units
+
+ -- Reinhard Tartler <siretart@tauware.de> Mon, 25 Jan 2021 07:49:44 -0500
+
+libpod (2.1.1+dfsg1-4) unstable; urgency=medium
+
+ * Ignore containers.conf sysctl when namespaces set to host
+ (Closes: #979313)
+
+ -- Reinhard Tartler <siretart@tauware.de> Wed, 06 Jan 2021 20:48:36 -0500
+
+libpod (2.1.1+dfsg1-3) unstable; urgency=medium
+
+ [ Dmitry Smirnov ]
+ * Tightened versioned dependency on "containernetworking-plugins".
+
+ [ Reinhard Tartler ]
+ * debian/copyright: various cleanups
+ * Fix handling of Ambient/Inheritable caps for non root user, Closes: #977717
+ * Rely on upstream's build scripts to install manpages
+ * Remove conflicting manpage container-mounts(5), Closes: #977502
+
+ -- Reinhard Tartler <siretart@tauware.de> Tue, 22 Dec 2020 13:00:57 -0500
+
+libpod (2.1.1+dfsg1-2) unstable; urgency=medium
+
+ [ Reinhard Tartler ]
+ * Install runc by default, Closes: #971253
+ * Builds against structured-merge-diff/v4, Closes: #976410
+
+ [ Antonio Terceiro ]
+ * Recommend catatonit before the other inits (Closes: #971815)
+
+ -- Reinhard Tartler <siretart@tauware.de> Mon, 07 Dec 2020 06:56:09 -0500
+
+libpod (2.1.1+dfsg1-1) unstable; urgency=medium
+
+ [ Reinhard Tartler ]
+ * New upstream release: 2.1.1
+ * golang-github-containers-libpod-dev: expose golang sources
+ * debian/copyright: update using cme update dpkg-copyright
+
+ [ Arnaud Rebillout ]
+ * Unvendor sigs.k8s.io/yaml
+
+ -- Reinhard Tartler <siretart@tauware.de> Fri, 27 Nov 2020 12:45:58 -0500
+
+libpod (2.0.6+dfsg1-2) unstable; urgency=medium
+
+ * Restored io.podman/varlink interface, which is still in use by
+ nomad-driver-podman.
+
+ -- Dmitry Smirnov <onlyjob@debian.org> Thu, 22 Oct 2020 21:33:07 +1100
+
+libpod (2.0.6+dfsg1-1) unstable; urgency=medium
+
+ * New upstream release
+ * debian/copyright: cleanups
+ * drop malformed lintian override
+ * Bump standard version, no changes needed
+
+ -- Reinhard Tartler <siretart@tauware.de> Mon, 14 Sep 2020 15:35:01 -0400
+
+libpod (2.0.4+dfsg2-5) unstable; urgency=medium
+
+ * Team upload.
+ * Upload to unstable
+
+ -- Shengjing Zhu <zhsj@debian.org> Sun, 23 Aug 2020 02:42:00 +0800
+
+libpod (2.0.4+dfsg2-4) experimental; urgency=medium
+
+ * Team upload.
+ * Tighten buildah Build-Depends version
+
+ -- Shengjing Zhu <zhsj@debian.org> Thu, 20 Aug 2020 02:54:27 +0800
+
+libpod (2.0.4+dfsg2-3) experimental; urgency=medium
+
+ * Team upload.
+
+ [ Reinhard Tartler ]
+ * Add more notes on how to get started with Debian kernels
+
+ [ Shengjing Zhu ]
+ * Add patch to fix build with new runc
+
+ -- Shengjing Zhu <zhsj@debian.org> Thu, 20 Aug 2020 01:00:02 +0800
+
+libpod (2.0.4+dfsg2-2) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Bump conmon dependency
+
+ [ Dmitry Smirnov ]
+ * Harmonize repacksuffix to fix CI.
+ * Tighten recommendation on fuse-overlayfs (>= 1.0.0~).
+
+ [ Reinhard Tartler ]
+ * Bug fix: "Breaks docker", thanks to Jan Hudec (Closes: #968207).
+ - No longer create symlink /run/docker.sock to avoid interfering
+ with the docker daemon. Users that wish to replace the docker
+ daemon with podman are advised to install the symlink themselves
+ and arrange appropriate permissions for podman.sock.
+
+ -- Reinhard Tartler <siretart@tauware.de> Tue, 11 Aug 2020 07:41:44 -0400
+
+libpod (2.0.4+dfsg2-1) unstable; urgency=medium
+
+ * Vendor in protobuf 3 to workaround #961814
+ * Remove "insanity workaround" related to protobuf
+ * Hand in forgotten changelog entry in 2.0.4+dfsg1-1
+
+ -- Reinhard Tartler <siretart@tauware.de> Mon, 03 Aug 2020 07:20:45 -0400
+
+libpod (2.0.4+dfsg1-1) unstable; urgency=medium
+
+ * New upstream release
+ * No longer install /etc/containers/libpod.conf (Closes: #961016)
+ This file is deprecated in version 2.0 and is superseeded by
+ /etc/containers/containers.conf, which is provided by the
+ golang-github-containers-common package. The old file hardcodes
+ a default OCI runtime that breaks in default installations.
+ * Fixed REST API regression (Closes: #966501)
+
+ -- Reinhard Tartler <siretart@tauware.de> Thu, 30 Jul 2020 07:12:41 -0400
+
+libpod (2.0.3+dfsg1-1) unstable; urgency=medium
+
+ * Team upload.
+ * New upstream release
+ * Install systemd helper files in favor of varlink (Closes: #966118)
+
+ -- Reinhard Tartler <siretart@tauware.de> Sun, 26 Jul 2020 10:53:39 -0400
+
+libpod (2.0.2+dfsg1-3) unstable; urgency=medium
+
+ * Team upload.
+ * Upload to unstable.
+
+ -- Reinhard Tartler <siretart@tauware.de> Mon, 20 Jul 2020 10:18:00 -0400
+
+libpod (2.0.2+dfsg1-2) experimental; urgency=medium
+
+ * Team upload.
+ * debian/rules: Add XDG_RUNTIME_DIR settings on build
+ - Based on debian/rules from the ibus package, unbreaks
+ testsuite on many buildds
+
+ -- Reinhard Tartler <siretart@tauware.de> Fri, 17 Jul 2020 06:56:20 -0400
+
+libpod (2.0.2+dfsg1-1) experimental; urgency=medium
+
+ * Team upload.
+ * New upstream version, Closes: #964378
+
+ -- Reinhard Tartler <siretart@tauware.de> Thu, 16 Jul 2020 18:06:15 -0400
+
+libpod (1.6.4+dfsg1-4) unstable; urgency=medium
+
+ * Team upload.
+ * Rename golang-x-text-dev to golang-golang-x-text-dev
+
+ -- Shengjing Zhu <zhsj@debian.org> Sun, 12 Jul 2020 18:51:51 +0800
+
+libpod (1.6.4+dfsg1-3) unstable; urgency=high
+
+ * Team upload.
+ * Do not copy up when volume is not empty
+ CVE-2020-1726, Closes: #961421
+
+ -- Reinhard Tartler <siretart@tauware.de> Thu, 28 May 2020 17:24:41 -0400
+
+libpod (1.6.4+dfsg1-2) unstable; urgency=medium
+
+ * Un-vendored "golang-github-checkpoint-restore-go-criu-dev".
+ * Tightened dependency: "conmon (>= 2.0.2~)".
+ * rules:
+ + Golang insanity workaround.
+ + Removed obsolete "containers_image_ostree" build tag.
+
+ -- Dmitry Smirnov <onlyjob@debian.org> Tue, 14 Jan 2020 10:56:58 +1100
+
+libpod (1.6.4+dfsg-1) unstable; urgency=medium
+
+ * New upstream release.
+ * Install "seccomp.json".
+ * Install tutorials.
+ * Un-vendored "openshift/api" library.
+ * Build-Depends:
+ - golang-github-boltdb-bolt-dev
+ + golang-github-coreos-bbolt-dev (>= 1.3.3~)
+ - golang-github-containerd-continuity-dev
+ = golang-github-containers-buildah-dev (>= 1.11.6~)
+ = golang-github-containers-image-dev (>= 5.0.0~)
+ + golang-github-openshift-api-dev
+
+ -- Dmitry Smirnov <onlyjob@debian.org> Fri, 03 Jan 2020 08:36:51 +1100
+
+libpod (1.6.2+dfsg-3) unstable; urgency=medium
+
+ * Install annotated CNI examples.
+ * Replaced default CNI "bridge" policy with "ptp".
+
+ -- Dmitry Smirnov <onlyjob@debian.org> Tue, 31 Dec 2019 12:07:07 +1100
+
+libpod (1.6.2+dfsg-2) unstable; urgency=medium
+
+ * Added note about "swapaccount" to README.Debian.
+ * libpod.conf: prefer "crun" over "runc".
+ * Tightened "fuse-overlayfs" dependency.
+ * Only install "registries.conf" example but not conf file.
+ * Use "tini-static" for "init_path" built-in default instead of
+ "catatonit".
+ * Added "buildah" to Recommends since it provides "containers/image" man
+ pages.
+ * Standards-Version: 4.4.1
+
+ -- Dmitry Smirnov <onlyjob@debian.org> Sun, 29 Dec 2019 20:49:01 +1100
+
+libpod (1.6.2+dfsg-1) unstable; urgency=medium
+
+ * Initial release (Closes: #930440).
+
+ -- Dmitry Smirnov <onlyjob@debian.org> Tue, 12 Nov 2019 13:29:33 +1100
diff --git a/debian/clean b/debian/clean
new file mode 100644
index 0000000..61ce52a
--- /dev/null
+++ b/debian/clean
@@ -0,0 +1,7 @@
+## Debian CI:
+debian/.gitlab-ci.yml
+
+.gopathok
+docs/build/man/*.1
+docs/*.5
+pkg/hooks/docs/oci-hooks.5
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..39efe79
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,215 @@
+Source: libpod
+Section: admin
+Priority: optional
+Standards-Version: 4.5.0
+Maintainer: Debian Go Packaging Team <pkg-go-maintainers@lists.alioth.debian.org>
+Uploaders: Dmitry Smirnov <onlyjob@debian.org>, Reinhard Tartler <siretart@tauware.de>
+Build-Depends: debhelper-compat (= 12)
+ ,bash-completion
+ ,conmon
+ ,dh-golang
+ ,go-md2man
+ ,golang-any
+ ,golang-dbus-dev (>= 5.0.2~)
+ ,golang-ginkgo-dev
+ ,golang-github-appc-cni-dev (>= 0.8)
+ ,golang-github-buger-goterm-dev
+ ,golang-github-checkpoint-restore-go-criu-dev
+ ,golang-github-containerd-cgroups-dev
+ ,golang-github-containernetworking-plugins-dev (>= 0.8.7)
+ ,golang-github-containers-buildah-dev (>= 1.19.6)
+ ,golang-github-containers-common-dev (>= 0.33.4+ds1-1+deb11u2)
+ ,golang-github-containers-image-dev (>= 5.10.2)
+ ,golang-github-containers-ocicrypt-dev
+ ,golang-github-containers-psgo-dev (>= 1.5.2-1+deb11u1)
+ ,golang-github-containers-storage-dev (>= 1.24.8+dfsg1-1+deb11u1)
+ ,golang-github-coreos-bbolt-dev (>= 1.3.3~)
+ ,golang-github-coreos-go-iptables-dev (>= 0.4.2~)
+ ,golang-github-coreos-go-systemd-dev (>= 20~)
+ ,golang-github-cyphar-filepath-securejoin-dev (>= 0.2.2~)
+ ,golang-github-docker-distribution-dev (>= 2.7.1~)
+ ,golang-github-docker-docker-dev (>= 20.10.0~)
+ ,golang-github-docker-go-connections-dev (>= 0.4.0~)
+ ,golang-github-docker-go-units-dev (>= 0.4.0~)
+ ,golang-github-docker-spdystream-dev
+ ,golang-github-fullsailor-pkcs7-dev
+ ,golang-github-ghodss-yaml-dev
+ ,golang-github-google-shlex-dev
+ ,golang-github-google-uuid-dev
+ ,golang-github-hashicorp-go-multierror-dev
+ ,golang-github-influxdata-tail-dev (>= 1.0.0+git20180327.c434825-2~) | golang-github-hpcloud-tail-dev
+ ,golang-github-json-iterator-go-dev
+ ,golang-github-mrunalp-fileutils-dev
+ ,golang-github-opencontainers-go-digest-dev
+ ,golang-github-opencontainers-image-spec-dev
+ ,golang-github-opencontainers-runc-dev (>= 1.0.0~rc92~)
+ ,golang-github-opencontainers-runtime-tools-dev (>= 0.9.0~)
+ ,golang-github-opencontainers-selinux-dev (>= 1.2.2~)
+ ,golang-github-openshift-api-dev
+ ,golang-github-openshift-imagebuilder-dev
+ ,golang-github-pkg-errors-dev
+ ,golang-github-pkg-profile-dev
+ ,golang-github-rootless-containers-rootlesskit-dev
+ ,golang-github-seccomp-libseccomp-golang-dev
+ ,golang-github-sirupsen-logrus-dev
+ ,golang-github-stretchr-testify-dev
+ ,golang-github-uber-go-atomic-dev
+ ,golang-github-ulikunitz-xz-dev
+ ,golang-github-vbatts-tar-split-dev
+ ,golang-github-vishvananda-netlink-dev (>= 1.0.0+git20181030~)
+ ,golang-github-vividcortex-ewma-dev
+ ,golang-go-zfs-dev
+ ,golang-go.opencensus-dev
+ ,golang-golang-x-crypto-dev
+ ,golang-golang-x-sys-dev
+ ,golang-golang-x-text-dev
+ ,golang-golang-x-tools
+ ,golang-golang-x-xerrors-dev
+ ,golang-gomega-dev
+ ,golang-google-genproto-dev
+ ,golang-google-grpc-dev
+ ,golang-gopkg-inf.v0-dev
+ ,golang-gopkg-square-go-jose.v2-dev
+ ,golang-gopkg-yaml.v3-dev
+ ,golang-k8s-sigs-structured-merge-diff-dev (>> 4)
+ ,golang-k8s-sigs-yaml-dev
+ ,golang-toml-dev
+ ,libapparmor-dev
+ ,libbtrfs-dev
+ ,libdevmapper-dev
+ ,libglib2.0-dev
+ ,libostree-dev
+# sphinx docs:
+# ,python3-recommonmark
+Homepage: https://github.com/containers/podman
+Vcs-Browser: https://salsa.debian.org/debian/libpod
+Vcs-Git: https://salsa.debian.org/debian/libpod.git
+XS-Go-Import-Path: github.com/containers/podman
+Testsuite: autopkgtest-pkg-go
+
+Package: podman
+Architecture: any
+Built-Using: ${misc:Built-Using}
+Depends: ${misc:Depends}, ${shlibs:Depends}
+ ,conmon (>= 2.0.18~)
+ ,containernetworking-plugins (>= 0.8.7)
+ ,golang-github-containers-common
+ ,crun | runc (>= 1.0.0~rc92~)
+ ,iptables
+Breaks: buildah (<< 1.10.1-6), slirp4netns (<< 0.4.1), fuse-overlayfs (<< 0.7.1)
+Recommends: ${misc:Recommends}
+ ,buildah (>= 1.10.1-6~)
+ ,fuse-overlayfs (>= 1.0.0~)
+ ,slirp4netns (>= 0.4.1~)
+ ,catatonit | tini | dumb-init
+ ,uidmap
+ ,golang-github-containernetworking-plugin-dnsname
+Suggests: ${misc:Suggests}
+ ,containers-storage
+ ,docker-compose
+Description: engine to run OCI-based containers in Pods
+ Podman is an engine for running OCI-based containers in Pods.
+ Podman provides a CLI interface for managing Pods, Containers, and
+ Container Images.
+ .
+ At a high level, the scope of libpod and podman is the following:
+ * Support multiple image formats including the OCI and Docker image
+ formats.
+ * Support for multiple means to download images including trust & image
+ verification.
+ * Container image management (managing image layers, overlay filesystems,
+ etc).
+ * Full management of container lifecycle.
+ * Support for pods to manage groups of containers together.
+ * Resource isolation of containers and pods.
+ * Support for a Docker-compatible CLI interface through Podman.
+ .
+ Podman is a daemon-less alternative to Docker.
+
+Package: golang-github-containers-libpod-dev
+Architecture: all
+Depends: ${misc:Depends},
+ ,golang-dbus-dev (>= 5.0.2~)
+ ,golang-ginkgo-dev
+ ,golang-github-appc-cni-dev (>= 0.8)
+ ,golang-github-buger-goterm-dev
+ ,golang-github-checkpoint-restore-go-criu-dev
+ ,golang-github-containerd-cgroups-dev
+ ,golang-github-containernetworking-plugins-dev (>= 0.8.7)
+ ,golang-github-containers-buildah-dev (>= 1.19)
+ ,golang-github-containers-common-dev (>= 0.33.4+ds1-1+deb11u2)
+ ,golang-github-containers-image-dev (>= 5.10)
+ ,golang-github-containers-ocicrypt-dev
+ ,golang-github-containers-psgo-dev (>= 1.5.2-1+deb11u1)
+ ,golang-github-containers-storage-dev (>= 1.24.8+dfsg1-1+deb11u1)
+ ,golang-github-coreos-bbolt-dev (>= 1.3.3~)
+ ,golang-github-coreos-go-iptables-dev (>= 0.4.2~)
+ ,golang-github-coreos-go-systemd-dev (>= 20~)
+ ,golang-github-cyphar-filepath-securejoin-dev (>= 0.2.2~)
+ ,golang-github-docker-distribution-dev (>= 2.7.1~)
+ ,golang-github-docker-docker-dev (>= 20.10.0~)
+ ,golang-github-docker-go-connections-dev (>= 0.4.0~)
+ ,golang-github-docker-go-units-dev (>= 0.4.0~)
+ ,golang-github-docker-spdystream-dev
+ ,golang-github-fullsailor-pkcs7-dev
+ ,golang-github-ghodss-yaml-dev
+ ,golang-github-google-shlex-dev
+ ,golang-github-google-uuid-dev
+ ,golang-github-hashicorp-go-multierror-dev
+ ,golang-github-influxdata-tail-dev (>= 1.0.0+git20180327.c434825-2~) | golang-github-hpcloud-tail-dev
+ ,golang-github-json-iterator-go-dev
+ ,golang-github-mrunalp-fileutils-dev
+ ,golang-github-opencontainers-go-digest-dev
+ ,golang-github-opencontainers-image-spec-dev
+ ,golang-github-opencontainers-runc-dev (>= 1.0.0~rc92~)
+ ,golang-github-opencontainers-runtime-tools-dev (>= 0.9.0~)
+ ,golang-github-opencontainers-selinux-dev (>= 1.2.2~)
+ ,golang-github-openshift-api-dev
+ ,golang-github-openshift-imagebuilder-dev
+ ,golang-github-pkg-errors-dev
+ ,golang-github-pkg-profile-dev
+ ,golang-github-rootless-containers-rootlesskit-dev
+ ,golang-github-seccomp-containers-golang-dev
+ ,golang-github-seccomp-libseccomp-golang-dev
+ ,golang-github-sirupsen-logrus-dev
+ ,golang-github-stretchr-testify-dev
+ ,golang-github-uber-go-atomic-dev
+ ,golang-github-ulikunitz-xz-dev
+ ,golang-github-vbatts-tar-split-dev
+ ,golang-github-vishvananda-netlink-dev (>= 1.0.0+git20181030~)
+ ,golang-github-vividcortex-ewma-dev
+ ,golang-go-zfs-dev
+ ,golang-go.opencensus-dev
+ ,golang-golang-x-crypto-dev
+ ,golang-golang-x-sys-dev
+ ,golang-golang-x-text-dev
+ ,golang-golang-x-xerrors-dev
+ ,golang-gomega-dev
+ ,golang-google-genproto-dev
+ ,golang-google-grpc-dev
+ ,golang-gopkg-inf.v0-dev
+ ,golang-gopkg-square-go-jose.v2-dev
+ ,golang-gopkg-yaml.v3-dev
+ ,golang-k8s-sigs-structured-merge-diff-dev
+ ,golang-toml-dev
+Description: engine to run OCI-based containers in Pods (library)
+ Podman is an engine for running OCI-based containers in Pods.
+ Podman provides a CLI interface for managing Pods, Containers, and
+ Container Images.
+ .
+ At a high level, the scope of libpod and podman is the following:
+ * Support multiple image formats including the OCI and Docker image
+ formats.
+ * Support for multiple means to download images including trust & image
+ verification.
+ * Container image management (managing image layers, overlay filesystems,
+ etc).
+ * Full management of container lifecycle.
+ * Support for pods to manage groups of containers together.
+ * Resource isolation of containers and pods.
+ * Support for a Docker-compatible CLI interface through Podman.
+ .
+ Podman is a daemon-less alternative to Docker.
+ .
+ This package contains golang sources that other packages may require for
+ building.
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..b9129f4
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,522 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: libpod
+Source: https://github.com/containers/libpod
+Comment:
+ "~~" does not build with system library.
+ "~" not packaged or not available (e.g. removed).
+ .
+ Upstream "github.com/uber/*" libraries depend on forked prometheus so
+ using bundled/vendored ones make sense to avoid burden of non-reusable
+ packages with heavier dependencies than vendored subset of those libs.
+ .
+ Protobuf in debian is not ready yet, cf. #961814
+Files-Excluded:
+ vendor/github.com/Azure/go-ansiterm
+ vendor/github.com/BurntSushi/toml
+ vendor/github.com/Microsoft/go-winio
+ vendor/github.com/Microsoft/hcsshim
+ vendor/github.com/VividCortex/ewma
+ vendor/github.com/acarl005/stripansi
+ vendor/github.com/beorn7/perks
+ vendor/github.com/blang/semver
+ vendor/github.com/buger/goterm
+ vendor/github.com/checkpoint-restore/go-criu
+ vendor/github.com/chzyer
+ vendor/github.com/containerd/cgroups
+ vendor/github.com/containerd/containerd
+ vendor/github.com/containerd/continuity
+ vendor/github.com/containernetworking/cni
+ vendor/github.com/containernetworking/plugins
+ vendor/github.com/containers/buildah
+ vendor/github.com/containers/common
+ vendor/github.com/containers/image
+ vendor/github.com/containers/libtrust
+ vendor/github.com/containers/psgo
+ vendor/github.com/containers/storage
+ vendor/github.com/containers/ocicrypt
+ vendor/github.com/coreos/go-iptables
+ vendor/github.com/coreos/go-systemd
+ vendor/github.com/cyphar/filepath-securejoin
+ vendor/github.com/davecgh/go-spew
+ vendor/github.com/docker/distribution
+ vendor/github.com/docker/docker
+ vendor/github.com/docker/docker-credential-helpers
+ vendor/github.com/docker/go-connections
+ vendor/github.com/docker/go-metrics
+ vendor/github.com/docker/go-units
+ vendor/github.com/docker/libnetwork
+ vendor/github.com/docker/spdystream
+ vendor/github.com/fsnotify/fsnotify
+ vendor/github.com/fsouza/go-dockerclient
+ vendor/github.com/ghodss/yaml
+ vendor/github.com/godbus/dbus
+ vendor/github.com/gogo/protobuf
+ vendor/github.com/golang/protobuf
+ vendor/github.com/google/gofuzz
+ vendor/github.com/google/shlex
+ vendor/github.com/google/uuid
+ vendor/github.com/gorilla/mux
+ vendor/github.com/hashicorp/errwrap
+ vendor/github.com/hashicorp/go-multierror
+ vendor/github.com/hashicorp/golang-lru
+ vendor/github.com/hpcloud/tail
+ vendor/github.com/imdario/mergo
+ vendor/github.com/inconshreveable/mousetrap
+ vendor/github.com/ishidawataru/sctp
+ vendor/github.com/json-iterator/go
+ vendor/github.com/juju/ansiterm
+ vendor/github.com/klauspost/compress
+ vendor/github.com/klauspost/pgzip
+ vendor/github.com/lunixbochs
+ vendor/github.com/manifoldco
+ vendor/github.com/mattn/go-colorable
+ vendor/github.com/mattn/go-isatty
+ vendor/github.com/mattn/go-runewidth
+ vendor/github.com/mattn/go-shellwords
+ vendor/github.com/matttproud/golang_protobuf_extensions
+ vendor/github.com/mistifyio/go-zfs
+ vendor/github.com/modern-go/concurrent
+ vendor/github.com/modern-go/reflect2
+ vendor/github.com/morikuni/aec
+ vendor/github.com/mrunalp/fileutils
+ vendor/github.com/mtrmac/gpgme
+ vendor/github.com/onsi/ginkgo
+ vendor/github.com/onsi/gomega
+ vendor/github.com/opencontainers/go-digest
+ vendor/github.com/opencontainers/image-spec
+ vendor/github.com/opencontainers/runc
+ vendor/github.com/opencontainers/runtime-spec
+ vendor/github.com/opencontainers/runtime-tools
+ vendor/github.com/opencontainers/selinux
+ vendor/github.com/openshift/imagebuilder
+ vendor/github.com/opentracing/opentracing-go
+ vendor/github.com/ostreedev/ostree-go
+ vendor/github.com/pkg/errors
+ vendor/github.com/pmezard/go-difflib
+ vendor/github.com/pquerna/ffjson
+ vendor/github.com/prometheus/client_golang
+ vendor/github.com/prometheus/client_model
+ vendor/github.com/prometheus/common
+ vendor/github.com/prometheus/procfs
+ vendor/github.com/rootless-containers
+ vendor/github.com/safchain/ethtool
+ vendor/github.com/seccomp/libseccomp-golang
+ vendor/github.com/sirupsen/logrus
+ vendor/github.com/spf13/cobra
+ vendor/github.com/spf13/pflag
+ vendor/github.com/stretchr/testify
+ vendor/github.com/syndtr/gocapability
+ vendor/github.com/tchap/go-patricia
+ vendor/github.com/ulikunitz/xz
+ vendor/github.com/vbatts/tar-split
+ vendor/github.com/vbauerster/mpb
+ vendor/github.com/vishvananda/netlink
+ vendor/github.com/vishvananda/netns
+ vendor/github.com/xeipuuv/gojsonpointer
+ vendor/github.com/xeipuuv/gojsonreference
+ vendor/github.com/xeipuuv/gojsonschema
+ vendor/go.mozilla.org/pkcs7
+ vendor/go.opencensus.io
+ vendor/go.uber.org/atomic
+ vendor/golang.org
+ vendor/google.golang.org/appengine
+ vendor/google.golang.org/genproto
+ vendor/google.golang.org/grpc
+ ~vendor/google.golang.org/protobuf
+ vendor/gopkg.in/fsnotify.v1
+ vendor/gopkg.in/inf.v0
+ vendor/gopkg.in/square/go-jose.v2
+ vendor/gopkg.in/tomb.v1
+ vendor/gopkg.in/yaml.v2
+ vendor/gopkg.in/yaml.v3
+ vendor/sigs.k8s.io/structured-merge-diff
+ vendor/sigs.k8s.io/yaml
+ ~vendor/github.com/containers/conmon
+ ~vendor/github.com/cri-o/ocicni
+ ~vendor/github.com/fatih/camelcase
+ ~vendor/github.com/nxadm/tail
+ ~vendor/github.com/uber/jaeger-client-go
+ ~vendor/github.com/uber/jaeger-lib
+ ~~vendor/github.com/varlink/go
+
+Files: *
+Copyright:
+ 2016-2019 Red Hat, Inc.
+License: Apache-2.0
+
+Files: contrib/snapcraft/*
+Copyright:
+ 2017 Snapcrafters
+ 2017, Snapcrafters
+License: Expat
+
+Files: contrib/snapcraft/README.md
+Copyright:
+ 2017 Snapcrafters
+License: Expat
+
+Files: debian/*
+Copyright:
+ 2018-2019 Dmitry Smirnov <onlyjob@debian.org>
+License: Apache-2.0
+
+Files: pkg/cgroups/systemd.go
+Copyright: The containerd Authors.
+License: Apache-2.0
+
+Files: pkg/kubeutils/*
+Copyright: 2014-2020, The Kubernetes Authors.
+License: Apache-2.0
+
+Files: pkg/netns/*
+Copyright: 2018, CNI authors
+License: Apache-2.0
+
+Files: pkg/signal/signal_linux.go
+ pkg/signal/signal_linux_mipsx.go
+Copyright: 2013-2018, Docker, Inc.
+License: Apache-2.0
+
+Files: pkg/util/camelcase/*
+Copyright: 2015, Fatih Arslan
+License: Expat
+
+Files: vendor/github.com/docker/go-plugins-helpers/NOTICE
+Copyright: 2012-2015, Docker, Inc.
+License: Expat
+
+Files: vendor/github.com/go-logr/logr/logr.go
+Copyright: 2019, The logr Authors.
+License: Apache-2.0
+
+Files: vendor/github.com/gorilla/*
+Copyright: 2012, Rodrigo Moraes
+License: BSD-3-clause
+
+Files: vendor/github.com/gorilla/schema/*
+Copyright: 2012, Rodrigo Moraes
+License: BSD-3-clause
+
+Files: vendor/github.com/mattn/*
+Copyright:
+ 2016-2019 Red Hat, Inc.
+ 2016, Yasuhiro Matsumoto
+License: Apache-2.0 or Expat
+
+Files: vendor/github.com/moby/term/*
+Copyright: 2015, Docker, inc. Code released under the Apache 2.0 license. Docs released under Creative commons.
+License: Apache-2.0
+
+Files: vendor/github.com/moby/term/ascii.go
+ vendor/github.com/moby/term/go.mod
+ vendor/github.com/moby/term/proxy.go
+ vendor/github.com/moby/term/tc.go
+ vendor/github.com/moby/term/term.go
+ vendor/github.com/moby/term/term_windows.go
+ vendor/github.com/moby/term/termios.go
+ vendor/github.com/moby/term/termios_bsd.go
+ vendor/github.com/moby/term/termios_nonbsd.go
+ vendor/github.com/moby/term/winsize.go
+Copyright:
+ 2016-2019 Red Hat, Inc.
+License: Apache-2.0
+
+Files: vendor/github.com/moby/term/windows/*
+Copyright: 2016-2019, Red Hat, Inc.
+License: Apache-2.0
+
+Files: vendor/github.com/nxadm/*
+Copyright: 2015, Hewlett Packard Enterprise Development LP
+ 2013, 2014, ActiveState
+License: Expat
+
+Files: vendor/github.com/nxadm/tail/ratelimiter/*
+Copyright: 2013, 99designs
+License: Expat
+
+Files: vendor/github.com/uber/*
+Copyright: 2017, 2018, Uber Technologies, Inc.
+License: Apache-2.0
+
+Files: vendor/github.com/willf/*
+Copyright: 2014, Will Fitzgerald.
+License: BSD-3-clause
+
+Files: vendor/go.etcd.io/*
+Copyright: 2013, Ben Johnson
+License: Expat
+
+Files: vendor/google.golang.org/*
+Copyright: 2018, The Go Authors.
+License: BSD-3-clause
+
+Files: vendor/google.golang.org/protobuf/types/*
+Copyright: 2008, Google Inc.
+License: BSD-3-clause
+
+Files: vendor/k8s.io/*
+Copyright: 2014-2020, The Kubernetes Authors.
+License: Apache-2.0
+
+Files: vendor/k8s.io/api/*
+Copyright: The Kubernetes Authors.
+License: Apache-2.0
+
+Files: vendor/k8s.io/api/apps/v1/doc.go
+ vendor/k8s.io/api/apps/v1/register.go
+ vendor/k8s.io/api/apps/v1/types.go
+Copyright: 2014-2020, The Kubernetes Authors.
+License: Apache-2.0
+
+Files: vendor/k8s.io/api/core/*
+Copyright: 2014-2020, The Kubernetes Authors.
+License: Apache-2.0
+
+Files: vendor/k8s.io/api/core/v1/generated.pb.go
+ vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go
+ vendor/k8s.io/api/core/v1/zz_generated.deepcopy.go
+Copyright: The Kubernetes Authors.
+License: Apache-2.0
+
+Files: vendor/k8s.io/apimachinery/*
+Copyright: 2009, The Go Authors.
+License: BSD-3-Clause~Google
+
+Files: vendor/k8s.io/apimachinery/pkg/*
+Copyright: 2014-2020, The Kubernetes Authors.
+License: Apache-2.0
+
+Files: vendor/k8s.io/apimachinery/pkg/api/errors/OWNERS
+Copyright:
+ 2014-2019 The Kubernetes Authors.
+License: Apache-2.0
+
+Files: vendor/k8s.io/apimachinery/pkg/api/resource/OWNERS
+Copyright:
+ 2014-2019 The Kubernetes Authors.
+License: Apache-2.0
+
+Files: vendor/k8s.io/apimachinery/pkg/api/resource/generated.pb.go
+ vendor/k8s.io/apimachinery/pkg/api/resource/zz_generated.deepcopy.go
+Copyright: The Kubernetes Authors.
+License: Apache-2.0
+
+Files: vendor/k8s.io/apimachinery/pkg/apis/meta/v1/OWNERS
+Copyright:
+ 2014-2019 The Kubernetes Authors.
+License: Apache-2.0
+
+Files: vendor/k8s.io/apimachinery/pkg/apis/meta/v1/generated.pb.go
+ vendor/k8s.io/apimachinery/pkg/apis/meta/v1/types_swagger_doc_generated.go
+ vendor/k8s.io/apimachinery/pkg/apis/meta/v1/zz_generated.conversion.go
+ vendor/k8s.io/apimachinery/pkg/apis/meta/v1/zz_generated.deepcopy.go
+ vendor/k8s.io/apimachinery/pkg/apis/meta/v1/zz_generated.defaults.go
+Copyright: The Kubernetes Authors.
+License: Apache-2.0
+
+Files: vendor/k8s.io/apimachinery/pkg/apis/meta/v1/unstructured/zz_generated.deepcopy.go
+Copyright: The Kubernetes Authors.
+License: Apache-2.0
+
+Files: vendor/k8s.io/apimachinery/pkg/labels/zz_generated.deepcopy.go
+Copyright: The Kubernetes Authors.
+License: Apache-2.0
+
+Files: vendor/k8s.io/apimachinery/pkg/runtime/generated.pb.go
+ vendor/k8s.io/apimachinery/pkg/runtime/zz_generated.deepcopy.go
+Copyright: The Kubernetes Authors.
+License: Apache-2.0
+
+Files: vendor/k8s.io/apimachinery/pkg/runtime/schema/generated.pb.go
+Copyright: The Kubernetes Authors.
+License: Apache-2.0
+
+Files: vendor/k8s.io/apimachinery/pkg/util/intstr/generated.pb.go
+Copyright: The Kubernetes Authors.
+License: Apache-2.0
+
+Files: vendor/k8s.io/apimachinery/pkg/util/sets/*
+Copyright: The Kubernetes Authors.
+License: Apache-2.0
+
+Files: vendor/k8s.io/apimachinery/pkg/watch/zz_generated.deepcopy.go
+Copyright: The Kubernetes Authors.
+License: Apache-2.0
+
+Files: vendor/k8s.io/client-go/pkg/apis/clientauthentication/OWNERS
+Copyright:
+ 2014-2019 The Kubernetes Authors.
+License: Apache-2.0
+
+Files: vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/*
+Copyright: The Kubernetes Authors.
+License: Apache-2.0
+
+Files: vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/doc.go
+ vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/register.go
+ vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/types.go
+Copyright: 2014-2020, The Kubernetes Authors.
+License: Apache-2.0
+
+Files: vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/zz_generated.conversion.go
+ vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/zz_generated.deepcopy.go
+ vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/zz_generated.defaults.go
+Copyright: The Kubernetes Authors.
+License: Apache-2.0
+
+Files: vendor/k8s.io/client-go/pkg/apis/clientauthentication/zz_generated.deepcopy.go
+Copyright: The Kubernetes Authors.
+License: Apache-2.0
+
+Files: vendor/k8s.io/client-go/rest/OWNERS
+Copyright:
+ 2014-2019 The Kubernetes Authors.
+License: Apache-2.0
+
+Files: vendor/k8s.io/client-go/rest/zz_generated.deepcopy.go
+Copyright: The Kubernetes Authors.
+License: Apache-2.0
+
+Files: vendor/k8s.io/client-go/tools/clientcmd/api/zz_generated.deepcopy.go
+Copyright: The Kubernetes Authors.
+License: Apache-2.0
+
+Files: vendor/k8s.io/client-go/tools/metrics/*
+Copyright:
+ 2014-2019 The Kubernetes Authors.
+License: Apache-2.0
+
+Files: vendor/k8s.io/client-go/tools/metrics/metrics.go
+Copyright: 2014-2020, The Kubernetes Authors.
+License: Apache-2.0
+
+Files: vendor/k8s.io/client-go/transport/OWNERS
+Copyright:
+ 2014-2019 The Kubernetes Authors.
+License: Apache-2.0
+
+Files: vendor/k8s.io/client-go/util/cert/OWNERS
+Copyright:
+ 2014-2019 The Kubernetes Authors.
+License: Apache-2.0
+
+Files: vendor/k8s.io/client-go/util/keyutil/*
+Copyright:
+ 2014-2019 The Kubernetes Authors.
+License: Apache-2.0
+
+Files: vendor/k8s.io/client-go/util/keyutil/key.go
+Copyright: 2014-2020, The Kubernetes Authors.
+License: Apache-2.0
+
+Files: vendor/k8s.io/klog/*
+Copyright:
+ 2013 Google Inc
+License: Apache-2.0
+
+Files: vendor/k8s.io/klog/klog.go
+ vendor/k8s.io/klog/klog_file.go
+Copyright: 2013, Google Inc.
+License: Apache-2.0
+
+Files: vendor/k8s.io/klog/v2/klog.go
+ vendor/k8s.io/klog/v2/klog_file.go
+Copyright: 2013, Google Inc.
+License: Apache-2.0
+
+License: Apache-2.0
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+ http://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian systems, the complete text of the Apache version 2.0 license
+ can be found in "/usr/share/common-licenses/Apache-2.0".
+
+License: BSD-3-Clause~Google
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are
+ met:
+ .
+ * Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above
+ copyright notice, this list of conditions and the following disclaimer
+ in the documentation and/or other materials provided with the
+ distribution.
+ * Neither the name of Google Inc. nor the names of its
+ contributors may be used to endorse or promote products derived from
+ this software without specific prior written permission.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+License: BSD-3-clause
+ This software is Copyright (c) 2020 by X. Ample.
+ .
+ This is free software, licensed under:
+ .
+ The (three-clause) BSD License
+ .
+ The BSD License
+ .
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are
+ met:
+ .
+ * Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ .
+ * Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ .
+ * Neither the name of X. Ample nor the names of its
+ contributors may be used to endorse or promote products derived from
+ this software without specific prior written permission.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
+ CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+License: Expat
+ Permission is hereby granted, free of charge, to any person obtaining a copy of
+ this software and associated documentation files (the "Software"), to deal in
+ the Software without restriction, including without limitation the rights to
+ use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+ the Software, and to permit persons to whom the Software is furnished to do so,
+ subject to the following conditions:
+ .
+ The above copyright notice and this permission notice shall be included in all
+ copies or substantial portions of the Software.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+ FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+ COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+ IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/debian/etc/cni/net.d/87-podman-ptp.conflist b/debian/etc/cni/net.d/87-podman-ptp.conflist
new file mode 100644
index 0000000..f458b0c
--- /dev/null
+++ b/debian/etc/cni/net.d/87-podman-ptp.conflist
@@ -0,0 +1,31 @@
+{
+ "cniVersion": "0.4.0",
+ "name": "podman",
+ "plugins": [
+ {
+ "type": "ptp",
+ "Documentation": "/usr/share/doc/containernetworking-plugins/main_ptp.md",
+ "ipMasq": true,
+ "ipam": {
+ "type": "host-local",
+ "Documentation": "/usr/share/doc/containernetworking-plugins/ipam_host-local.md",
+ "subnet": "172.16.16.0/24",
+ "routes": [
+ { "dst": "0.0.0.0/0" }
+ ]
+ }
+ },
+
+ {
+ "type": "portmap",
+ "Documentation": "/usr/share/doc/containernetworking-plugins/meta_portmap.md",
+ "capabilities": { "portMappings": true }
+ },
+
+ {
+ "type": "firewall",
+ "Documentation": "/usr/share/doc/containernetworking-plugins/meta_firewall.md",
+ "backend": "iptables"
+ }
+ ]
+}
diff --git a/debian/etc/containers/libpod.conf b/debian/etc/containers/libpod.conf
new file mode 100644
index 0000000..17f7939
--- /dev/null
+++ b/debian/etc/containers/libpod.conf
@@ -0,0 +1,149 @@
+# libpod.conf(5) is the default configuration file for all tools using
+# libpod to manage containers
+
+# Default transport method for pulling and pushing for images
+image_default_transport = "docker://"
+
+# Paths to look for the conmon container manager binary.
+# If the paths are empty or no valid path was found, then the `$PATH`
+# environment variable will be used as the fallback.
+conmon_path = [
+ "/usr/bin/conmon",
+ "/usr/sbin/conmon",
+ "/usr/libexec/podman/conmon",
+ "/usr/local/libexec/crio/conmon",
+ "/usr/lib/podman/bin/conmon",
+ "/usr/libexec/crio/conmon",
+ "/usr/lib/crio/bin/conmon"
+]
+
+# Environment variables to pass into conmon
+conmon_env_vars = [
+ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+]
+
+# CGroup Manager - valid values are "systemd" and "cgroupfs"
+cgroup_manager = "systemd"
+
+# Container init binary
+#init_path = "/usr/bin/tini"
+#init_path = "/usr/bin/tini-static"
+#init_path = "/usr/bin/dumb-init"
+#init_path = "/usr/bin/catatonit"
+
+
+# Directory for persistent libpod files (database, etc)
+# By default, this will be configured relative to where containers/storage
+# stores containers
+# Uncomment to change location from this default
+#static_dir = "/var/lib/containers/storage/libpod"
+
+# Directory for temporary files. Must be tmpfs (wiped after reboot)
+tmp_dir = "/var/run/libpod"
+
+# Maximum size of log files (in bytes)
+# -1 is unlimited
+max_log_size = -1
+
+# Whether to use chroot instead of pivot_root in the runtime
+no_pivot_root = false
+
+# Directory containing CNI plugin configuration files
+cni_config_dir = "/etc/cni/net.d/"
+
+# Directories where the CNI plugin binaries may be located
+cni_plugin_dir = [
+ "/usr/lib/cni",
+ "/usr/local/lib/cni",
+ "/opt/cni/bin"
+]
+
+# Default CNI network for libpod.
+# If multiple CNI network configs are present, libpod will use the network with
+# the name given here for containers unless explicitly overridden.
+# The default here is set to the name we set in the
+# 87-podman-bridge.conflist included in the repository.
+# Not setting this, or setting it to the empty string, will use normal CNI
+# precedence rules for selecting between multiple networks.
+cni_default_network = "podman"
+
+# Default libpod namespace
+# If libpod is joined to a namespace, it will see only containers and pods
+# that were created in the same namespace, and will create new containers and
+# pods in that namespace.
+# The default namespace is "", which corresponds to no namespace. When no
+# namespace is set, all containers and pods are visible.
+#namespace = ""
+
+# Default infra (pause) image name for pod infra containers
+infra_image = "k8s.gcr.io/pause:3.1"
+
+# Default command to run the infra container
+infra_command = "/pause"
+
+# Determines whether libpod will reserve ports on the host when they are
+# forwarded to containers. When enabled, when ports are forwarded to containers,
+# they are held open by conmon as long as the container is running, ensuring that
+# they cannot be reused by other programs on the host. However, this can cause
+# significant memory usage if a container has many ports forwarded to it.
+# Disabling this can save memory.
+#enable_port_reservation = true
+
+# Default libpod support for container labeling
+# label=true
+
+# The locking mechanism to use
+lock_type = "shm"
+
+# Number of locks available for containers and pods.
+# If this is changed, a lock renumber must be performed (e.g. with the
+# 'podman system renumber' command).
+num_locks = 2048
+
+# Directory for libpod named volumes.
+# By default, this will be configured relative to where containers/storage
+# stores containers.
+# Uncomment to change location from this default.
+#volume_path = "/var/lib/containers/storage/volumes"
+
+# Selects which logging mechanism to use for Podman events. Valid values
+# are `journald` or `file`.
+# events_logger = "journald"
+
+# Specify the keys sequence used to detach a container.
+# Format is a single character [a-Z] or a comma separated sequence of
+# `ctrl-<value>`, where `<value>` is one of:
+# `a-z`, `@`, `^`, `[`, `\`, `]`, `^` or `_`
+#
+# detach_keys = "ctrl-p,ctrl-q"
+
+# Default OCI runtime
+runtime = "crun"
+#runtime = "runc"
+
+# List of the OCI runtimes that support --format=json. When json is supported
+# libpod will use it for reporting nicer errors.
+runtime_supports_json = ["crun", "runc"]
+
+# List of all the OCI runtimes that support --cgroup-manager=disable to disable
+# creation of CGroups for containers.
+runtime_supports_nocgroups = ["crun"]
+
+# Paths to look for a valid OCI runtime (runc, runv, etc)
+# If the paths are empty or no valid path was found, then the `$PATH`
+# environment variable will be used as the fallback.
+[runtimes]
+
+runc = [
+ "/usr/sbin/runc",
+]
+
+crun = [
+ "/usr/bin/crun"
+]
+
+# The [runtimes] table MUST be the last thing in this file.
+# (Unless another table is added)
+# TOML does not provide a way to end a table other than a further table being
+# defined, so every key hereafter will be part of [runtimes] and not the main
+# config.
diff --git a/debian/examples/cni/net.d/87-podman-bridge.conflist b/debian/examples/cni/net.d/87-podman-bridge.conflist
new file mode 100644
index 0000000..f65895a
--- /dev/null
+++ b/debian/examples/cni/net.d/87-podman-bridge.conflist
@@ -0,0 +1,37 @@
+{
+ "cniVersion": "0.4.0",
+ "name": "podman",
+ "plugins": [
+ {
+ "type": "bridge",
+ "Documentation": "/usr/share/doc/containernetworking-plugins/main_bridge.md",
+ "bridge": "cni-podman0",
+ "isGateway": true,
+ "ipMasq": true,
+ "ipam": {
+ "type": "host-local",
+ "Documentation": "/usr/share/doc/containernetworking-plugins/ipam_host-local.md",
+ "routes": [
+ { "dst": "0.0.0.0/0" }
+ ],
+ "ranges": [
+ [
+ { "subnet": "10.88.0.0/16", "gateway": "10.88.0.1" }
+ ]
+ ]
+ }
+ },
+
+ {
+ "type": "portmap",
+ "Documentation": "/usr/share/doc/containernetworking-plugins/meta_portmap.md",
+ "capabilities": { "portMappings": true }
+ },
+
+ {
+ "type": "firewall",
+ "Documentation": "/usr/share/doc/containernetworking-plugins/meta_firewall.md",
+ "backend": "iptables"
+ }
+ ]
+}
diff --git a/debian/examples/cni/net.d/87-podman-bridge_l2.conflist b/debian/examples/cni/net.d/87-podman-bridge_l2.conflist
new file mode 100644
index 0000000..fc09944
--- /dev/null
+++ b/debian/examples/cni/net.d/87-podman-bridge_l2.conflist
@@ -0,0 +1,24 @@
+{
+ "cniVersion": "0.4.0",
+ "name": "podman",
+ "plugins": [
+ {
+ "type": "bridge",
+ "Documentation": "/usr/share/doc/containernetworking-plugins/main_bridge.md",
+ "bridge": "br0",
+ "ipam": { }
+ },
+
+ {
+ "type": "portmap",
+ "Documentation": "/usr/share/doc/containernetworking-plugins/meta_portmap.md",
+ "capabilities": { "portMappings": true }
+ },
+
+ {
+ "type": "firewall",
+ "Documentation": "/usr/share/doc/containernetworking-plugins/meta_firewall.md",
+ "backend": "iptables"
+ }
+ ]
+}
diff --git a/debian/examples/cni/net.d/87-podman-ptp.conflist b/debian/examples/cni/net.d/87-podman-ptp.conflist
new file mode 100644
index 0000000..f458b0c
--- /dev/null
+++ b/debian/examples/cni/net.d/87-podman-ptp.conflist
@@ -0,0 +1,31 @@
+{
+ "cniVersion": "0.4.0",
+ "name": "podman",
+ "plugins": [
+ {
+ "type": "ptp",
+ "Documentation": "/usr/share/doc/containernetworking-plugins/main_ptp.md",
+ "ipMasq": true,
+ "ipam": {
+ "type": "host-local",
+ "Documentation": "/usr/share/doc/containernetworking-plugins/ipam_host-local.md",
+ "subnet": "172.16.16.0/24",
+ "routes": [
+ { "dst": "0.0.0.0/0" }
+ ]
+ }
+ },
+
+ {
+ "type": "portmap",
+ "Documentation": "/usr/share/doc/containernetworking-plugins/meta_portmap.md",
+ "capabilities": { "portMappings": true }
+ },
+
+ {
+ "type": "firewall",
+ "Documentation": "/usr/share/doc/containernetworking-plugins/meta_firewall.md",
+ "backend": "iptables"
+ }
+ ]
+}
diff --git a/debian/examples/registries.conf b/debian/examples/registries.conf
new file mode 100644
index 0000000..dc771ed
--- /dev/null
+++ b/debian/examples/registries.conf
@@ -0,0 +1,11 @@
+## containers-registries.conf(5): System Registry Configuration File
+
+[registries.search]
+registries = ['docker.io', 'registry.fedoraproject.org']
+
+[registries.insecure]
+registries = []
+
+#blocked (docker only)
+[registries.block]
+registries = []
diff --git a/debian/fill.copyright.blanks.yml b/debian/fill.copyright.blanks.yml
new file mode 100644
index 0000000..f6d7af0
--- /dev/null
+++ b/debian/fill.copyright.blanks.yml
@@ -0,0 +1,17 @@
+---
+vendor/github.com/nxadm/:
+ skip: 1
+
+vendor/github.com/uber/jaeger-client-go/:
+ license: Apache-2.0
+ 'override-copyright': 2017,2018 Uber Technologies, Inc.
+
+vendor/github.com/uber/jaeger-lib/metrics/histogram.go:
+ skip: 1
+
+vendor/google.golang.org/protobuf:
+ skip: 1
+
+vendor/github.com/gorilla/schema*:
+ 'override-copyright': 2012, Rodrigo Moraes
+ license: BSD-3-clause
diff --git a/debian/fix.scanned.copyright b/debian/fix.scanned.copyright
new file mode 100644
index 0000000..1b3f3f8
--- /dev/null
+++ b/debian/fix.scanned.copyright
@@ -0,0 +1,20 @@
+! Copyright License:"Expat"
+! Copyright License:"Apache-2.0"
+
+! Files:"pkg/util/camelcase/*"
+ Copyright="2015, Fatih Arslan"
+ License short_name=Expat
+ full_license~
+
+! Files:"vendor/github.com/gorilla/schema/*"
+ Copyright="2012, Rodrigo Moraes"
+ License short_name=BSD-3-clause
+
+! Files:"vendor/github.com/nxadm/*"
+ Copyright="2015, Hewlett Packard Enterprise Development LP
+2013, 2014, ActiveState"
+ License short_name=Expat
+
+! Files:"vendor/github.com/nxadm/tail/ratelimiter/*"
+ Copyright="2013, 99designs"
+ License short_name=Expat
diff --git a/debian/golang-github-containers-libpod-dev.docs b/debian/golang-github-containers-libpod-dev.docs
new file mode 100644
index 0000000..c6af190
--- /dev/null
+++ b/debian/golang-github-containers-libpod-dev.docs
@@ -0,0 +1,4 @@
+LICENSE
+README.md
+RELEASE_NOTES.md
+SECURITY.md
diff --git a/debian/golang-github-containers-libpod-dev.install b/debian/golang-github-containers-libpod-dev.install
new file mode 100644
index 0000000..a3da66d
--- /dev/null
+++ b/debian/golang-github-containers-libpod-dev.install
@@ -0,0 +1 @@
+usr/share/gocode
diff --git a/debian/patches/0001-do-not-set-the-inheritable-capabilities.patch b/debian/patches/0001-do-not-set-the-inheritable-capabilities.patch
new file mode 100644
index 0000000..3d7666b
--- /dev/null
+++ b/debian/patches/0001-do-not-set-the-inheritable-capabilities.patch
@@ -0,0 +1,109 @@
+From d2848c44440281ed94992c4b23c5899e36afc1af Mon Sep 17 00:00:00 2001
+From: Andre Moreira Magalhaes <andrunko@gmail.com>
+Date: Mon, 19 Sep 2022 11:03:21 -0300
+Subject: [PATCH] do not set the inheritable capabilities
+
+The kernel never sets the inheritable capabilities for a process, they
+are only set by userspace. Emulate the same behavior.
+
+Closes: CVE-2022-27649
+
+(backported from upstream commit 7b368768c2990b9781b2b6813e1c7f91c7e6cb13)
+---
+ libpod/oci_conmon_linux.go | 7 +++++--
+ pkg/specgen/generate/security.go | 7 +++++--
+ test/e2e/run_test.go | 6 +++---
+ 3 files changed, 13 insertions(+), 7 deletions(-)
+
+diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go
+index 38ffba7d2..b073feee1 100644
+--- a/libpod/oci_conmon_linux.go
++++ b/libpod/oci_conmon_linux.go
+@@ -1281,11 +1281,14 @@ func prepareProcessExec(c *Container, options *ExecOptions, env []string, sessio
+ } else {
+ pspec.Capabilities.Bounding = ctrSpec.Process.Capabilities.Bounding
+ }
++
++ // Always unset the inheritable capabilities similarly to what the Linux kernel does
++ // They are used only when using capabilities with uid != 0.
++ pspec.Capabilities.Inheritable = []string{}
++
+ if execUser.Uid == 0 {
+ pspec.Capabilities.Effective = pspec.Capabilities.Bounding
+- pspec.Capabilities.Inheritable = pspec.Capabilities.Bounding
+ pspec.Capabilities.Permitted = pspec.Capabilities.Bounding
+- pspec.Capabilities.Ambient = pspec.Capabilities.Bounding
+ } else {
+ if user == c.config.User {
+ pspec.Capabilities.Effective = ctrSpec.Process.Capabilities.Effective
+diff --git a/pkg/specgen/generate/security.go b/pkg/specgen/generate/security.go
+index fb45d87db..c18f83217 100644
+--- a/pkg/specgen/generate/security.go
++++ b/pkg/specgen/generate/security.go
+@@ -130,6 +130,10 @@ func securityConfigureGenerator(s *specgen.SpecGenerator, g *generate.Generator,
+
+ configSpec := g.Config
+ configSpec.Process.Capabilities.Ambient = []string{}
++
++ // Always unset the inheritable capabilities similarly to what the Linux kernel does
++ // They are used only when using capabilities with uid != 0.
++ configSpec.Process.Capabilities.Inheritable = []string{}
+ configSpec.Process.Capabilities.Bounding = caplist
+
+ user := strings.Split(s.User, ":")[0]
+@@ -137,7 +141,6 @@ func securityConfigureGenerator(s *specgen.SpecGenerator, g *generate.Generator,
+ if (user == "" && s.UserNS.NSMode != specgen.KeepID) || user == "root" || user == "0" {
+ configSpec.Process.Capabilities.Effective = caplist
+ configSpec.Process.Capabilities.Permitted = caplist
+- configSpec.Process.Capabilities.Inheritable = caplist
+ } else {
+ userCaps, err := capabilities.MergeCapabilities(nil, s.CapAdd, nil)
+ if err != nil {
+@@ -145,12 +148,12 @@ func securityConfigureGenerator(s *specgen.SpecGenerator, g *generate.Generator,
+ }
+ configSpec.Process.Capabilities.Effective = userCaps
+ configSpec.Process.Capabilities.Permitted = userCaps
+- configSpec.Process.Capabilities.Inheritable = userCaps
+
+ // Ambient capabilities were added to Linux 4.3. Set ambient
+ // capabilities only when the kernel supports them.
+ if supportAmbientCapabilities() {
+ configSpec.Process.Capabilities.Ambient = userCaps
++ configSpec.Process.Capabilities.Inheritable = userCaps
+ }
+ }
+
+diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go
+index bff3995df..17fea3b99 100644
+--- a/test/e2e/run_test.go
++++ b/test/e2e/run_test.go
+@@ -383,7 +383,7 @@ var _ = Describe("Podman run", func() {
+ session = podmanTest.Podman([]string{"run", "--rm", "--user", "root", ALPINE, "grep", "CapInh", "/proc/self/status"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+- Expect(session.OutputToString()).To(ContainSubstring("00000000a80425fb"))
++ Expect(session.OutputToString()).To(ContainSubstring("0000000000000000"))
+
+ session = podmanTest.Podman([]string{"run", "--rm", ALPINE, "grep", "CapBnd", "/proc/self/status"})
+ session.WaitWithDefaultTimeout()
+@@ -418,7 +418,7 @@ var _ = Describe("Podman run", func() {
+ session = podmanTest.Podman([]string{"run", "--user=0:0", "--cap-add=DAC_OVERRIDE", "--rm", ALPINE, "grep", "CapInh", "/proc/self/status"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+- Expect(session.OutputToString()).To(ContainSubstring("00000000a80425fb"))
++ Expect(session.OutputToString()).To(ContainSubstring("0000000000000000"))
+
+ if os.Geteuid() > 0 {
+ if os.Getenv("SKIP_USERNS") != "" {
+@@ -435,7 +435,7 @@ var _ = Describe("Podman run", func() {
+ session = podmanTest.Podman([]string{"run", "--userns=keep-id", "--privileged", "--rm", ALPINE, "grep", "CapInh", "/proc/self/status"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+- Expect(session.OutputToString()).To(ContainSubstring("0000000000000000"))
++ Expect(session.OutputToString()).To(ContainSubstring("0000000000000002"))
+
+ session = podmanTest.Podman([]string{"run", "--userns=keep-id", "--cap-add=DAC_OVERRIDE", "--rm", ALPINE, "grep", "CapInh", "/proc/self/status"})
+ session.WaitWithDefaultTimeout()
+--
+2.37.2
+
diff --git a/debian/patches/networking-lookup-child-IP-in-networks.patch b/debian/patches/networking-lookup-child-IP-in-networks.patch
new file mode 100644
index 0000000..d1444c0
--- /dev/null
+++ b/debian/patches/networking-lookup-child-IP-in-networks.patch
@@ -0,0 +1,83 @@
+commit 0ba1942f261158b9526310aac7ee5f183a109440
+Author: Giuseppe Scrivano <gscrivan@redhat.com>
+Date: Fri Jan 22 13:54:24 2021 +0100
+
+ networking: lookup child IP in networks
+
+ if a CNI network is added to the container, use the IP address in that
+ network instead of hard-coding the slirp4netns default.
+
+ commit 5e65f0ba30f3fca73f8c207825632afef08378c1 introduced this
+ regression.
+
+ Closes: https://github.com/containers/podman/issues/9065
+
+ Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
+
+--- a/libpod/networking_linux.go
++++ b/libpod/networking_linux.go
+@@ -559,13 +559,25 @@
+ }
+ }
+
++ childIP := slirp4netnsIP
++outer:
++ for _, r := range ctr.state.NetworkStatus {
++ for _, i := range r.IPs {
++ ipv4 := i.Address.IP.To4()
++ if ipv4 != nil {
++ childIP = ipv4.String()
++ break outer
++ }
++ }
++ }
++
+ cfg := rootlessport.Config{
+ Mappings: ctr.config.PortMappings,
+ NetNSPath: netnsPath,
+ ExitFD: 3,
+ ReadyFD: 4,
+ TmpDir: ctr.runtime.config.Engine.TmpDir,
+- ChildIP: slirp4netnsIP,
++ ChildIP: childIP,
+ }
+ cfgJSON, err := json.Marshal(cfg)
+ if err != nil {
+--- a/test/system/500-networking.bats
++++ b/test/system/500-networking.bats
+@@ -98,6 +98,7 @@
+ # "network create" now works rootless, with the help of a special container
+ @test "podman network create" {
+ skip_if_remote "FIXME: pending #7808"
++ myport=54322
+
+ local mynetname=testnet-$(random_string 10)
+ local mysubnet=$(random_rfc1918_subnet)
+@@ -115,6 +116,27 @@
+ is "$output" ".* inet ${mysubnet}\.2/24 brd ${mysubnet}\.255 " \
+ "sdfsdf"
+
++ run_podman run --rm -d --network $mynetname -p 127.0.0.1:$myport:$myport \
++ $IMAGE nc -l -n -v -p $myport
++ cid="$output"
++
++ # emit random string, and check it
++ teststring=$(random_string 30)
++ echo "$teststring" | nc 127.0.0.1 $myport
++
++ run_podman logs $cid
++ # Sigh. We can't check line-by-line, because 'nc' output order is
++ # unreliable. We usually get the 'connect to' line before the random
++ # string, but sometimes we get it after. So, just do substring checks.
++ is "$output" ".*listening on \[::\]:$myport .*" "nc -v shows right port"
++
++ # This is the truly important check: make sure the remote IP is
++ # in the 172.X range, not 127.X.
++ is "$output" \
++ ".*connect to \[::ffff:172\..*\]:$myport from \[::ffff:172\..*\]:.*" \
++ "nc -v shows remote IP address in 172.X space (not 127.0.0.1)"
++ is "$output" ".*${teststring}.*" "test string received on container"
++
+ # Cannot create network with the same name
+ run_podman 125 network create $mynetname
+ is "$output" "Error: the network name $mynetname is already used" \
diff --git a/debian/patches/rm-containers-mounts-5.patch b/debian/patches/rm-containers-mounts-5.patch
new file mode 100644
index 0000000..12b2e7f
--- /dev/null
+++ b/debian/patches/rm-containers-mounts-5.patch
@@ -0,0 +1,23 @@
+From: Reinhard Tartler <siretart@tauware.de>
+Description: Remove conflicting manpage
+Bug-Debian: https://bugs.debian.org/977502
+
+--- a/docs/source/markdown/containers-mounts.conf.5.md
++++ /dev/null
+@@ -1,16 +0,0 @@
+-% containers-mounts.conf(5)
+-
+-## NAME
+-containers-mounts.conf - configuration file for default mounts in containers
+-
+-## DESCRIPTION
+-The mounts.conf file specifies volume mount directories that are automatically mounted inside containers. Container processes can then use this content. Usually these directories are used for passing secrets or credentials required by the package software to access remote package repositories. Note that for security reasons, tools adhering to the mounts.conf are expected to copy the contents instead of bind mounting the paths from the host.
+-
+-## FORMAT
+-The format of the mounts.conf is the volume format `/SRC:/DEST`, one mount per line. For example, a mounts.conf with the line `/usr/share/secrets:/run/secrets` would cause the contents of the `/usr/share/secrets` directory on the host to be mounted on the `/run/secrets` directory inside the container. Setting mountpoints allows containers to use the files of the host, for instance, to use the host's subscription to some enterprise Linux distribution.
+-
+-## FILES
+-Some distributions may provide a `/usr/share/containers/mounts.conf` file to provide default mounts, but users can create a `/etc/containers/mounts.conf`, to specify their own special volumes to mount in the container. When Podman runs in rootless mode, the file `$HOME/.config/containers/mounts.conf` will override the default if it exists.
+-
+-## HISTORY
+-Aug 2018, Originally compiled by Valentin Rothberg <vrothberg@suse.com>
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..38f2e9f
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,5 @@
+test--skip-TestPostDeleteHooks.patch
+rm-containers-mounts-5.patch
+systemd-tweaks.patch
+networking-lookup-child-IP-in-networks.patch
+0001-do-not-set-the-inheritable-capabilities.patch
diff --git a/debian/patches/systemd-tweaks.patch b/debian/patches/systemd-tweaks.patch
new file mode 100644
index 0000000..963d2e3
--- /dev/null
+++ b/debian/patches/systemd-tweaks.patch
@@ -0,0 +1,13 @@
+From: Michael Biebl <biebl@debian.org>
+Subject: Please don't enable podman-auto-update.service in default.target
+Date: Tue, 26 Jan 2021 11:46:06 +0100
+Bugs-Debian: https://bugs.debian.org/981097
+
+--- a/contrib/systemd/auto-update/podman-auto-update.service
++++ b/contrib/systemd/auto-update/podman-auto-update.service
+@@ -9,4 +9,4 @@
+ ExecStart=/usr/bin/podman auto-update
+
+ [Install]
+-WantedBy=multi-user.target default.target
++WantedBy=multi-user.target
diff --git a/debian/patches/test--skip-TestPostDeleteHooks.patch b/debian/patches/test--skip-TestPostDeleteHooks.patch
new file mode 100644
index 0000000..999a00d
--- /dev/null
+++ b/debian/patches/test--skip-TestPostDeleteHooks.patch
@@ -0,0 +1,37 @@
+Last-Update: 2019-06-26
+Forwarded: not-needed
+Author: Dmitry Smirnov <onlyjob@debian.org>
+Description: disable failing test
+~~~~
+ FAIL: TestPostDeleteHooks (0.00s)
+ FAIL: TestPostDeleteHooks//tmp/libpod_test_150902934/state (0.00s)
+ container_internal_test.go:70:
+ Error Trace: container_internal_test.go:70
+ Error: Expect "{"ociVersion":"1.0.1","id":"123abc","status":"stopped","bundle":"/tmp/libpod_test_150902934","annotations":{"a":"b"}}" to match "{"ociVersion":"1\.0\.1-dev","id":"123abc","status":"stopped","bundle":"/tmp/libpod_test_[0-9]*","annotations":{"a":"b"}}"
+ Test: TestPostDeleteHooks//tmp/libpod_test_150902934/state
+ FAIL: TestPostDeleteHooks//tmp/libpod_test_150902934/copy (0.00s)
+ container_internal_test.go:70:
+ Error Trace: container_internal_test.go:70
+ Error: Expect "{"ociVersion":"1.0.1","id":"123abc","status":"stopped","bundle":"/tmp/libpod_test_150902934","annotations":{"a":"b"}}" to match "{"ociVersion":"1\.0\.1-dev","id":"123abc","status":"stopped","bundle":"/tmp/libpod_test_[0-9]*","annotations":{"a":"b"}}"
+ Test: TestPostDeleteHooks//tmp/libpod_test_150902934/copy
+ FAIL: TestMergeEmptyAndDefaultMemoryConfig (0.00s)
+ config_test.go:30:
+ Error Trace: config_test.go:30
+ Error: Expected value not to be nil.
+ Test: TestMergeEmptyAndDefaultMemoryConfig
+ config_test.go:31:
+ Error Trace: config_test.go:31
+ Error: Expected nil, but got: cannot mkdir /run/user/1000/libpod: mkdir /run/user/1000/libpod: no such file or directory
+ Test: TestMergeEmptyAndDefaultMemoryConfig
+~~~~
+
+--- a/libpod/container_internal_test.go
++++ b/libpod/container_internal_test.go
+@@ -18,6 +18,7 @@
+ var hookPath string
+
+ func TestPostDeleteHooks(t *testing.T) {
++t.Skip("DM-skipped")
+ ctx := context.Background()
+ dir, err := ioutil.TempDir("", "libpod_test_")
+ if err != nil {
diff --git a/debian/podman.bash-completion b/debian/podman.bash-completion
new file mode 120000
index 0000000..a821063
--- /dev/null
+++ b/debian/podman.bash-completion
@@ -0,0 +1 @@
+../completions/bash/podman
\ No newline at end of file
diff --git a/debian/podman.docs b/debian/podman.docs
new file mode 100644
index 0000000..f25071f
--- /dev/null
+++ b/debian/podman.docs
@@ -0,0 +1,11 @@
+CONTRIBUTING.md
+SECURITY.md
+README*
+RELEASE_NOTES*
+commands*.md
+rootless.md
+transfer.md
+troubleshooting.md
+docs/tutorials/*_tutorial*.md
+docs/tutorials/remote_client.md
+vendor/github.com/docker/go-plugins-helpers/NOTICE
diff --git a/debian/podman.examples b/debian/podman.examples
new file mode 100644
index 0000000..09636eb
--- /dev/null
+++ b/debian/podman.examples
@@ -0,0 +1,2 @@
+debian/examples/*
+test/policy.json
diff --git a/debian/podman.install b/debian/podman.install
new file mode 100644
index 0000000..7f680e0
--- /dev/null
+++ b/debian/podman.install
@@ -0,0 +1,3 @@
+debian/etc/cni/net.d/* /etc/cni/net.d/
+
+usr/bin/podman
diff --git a/debian/podman.lintian-overrides b/debian/podman.lintian-overrides
new file mode 100644
index 0000000..14729d0
--- /dev/null
+++ b/debian/podman.lintian-overrides
@@ -0,0 +1,2 @@
+## 'podman' sub-commands man pages:
+manpage-without-executable usr/share/man/man1/podman-*
diff --git a/debian/podman.maintscript b/debian/podman.maintscript
new file mode 100644
index 0000000..14358a4
--- /dev/null
+++ b/debian/podman.maintscript
@@ -0,0 +1,3 @@
+## dpkg-maintscript-helper(1)
+
+rm_conffile /etc/cni/net.d/87-podman-bridge.conflist 1.6.2+dfsg-3~
diff --git a/debian/podman.manpages b/debian/podman.manpages
new file mode 100644
index 0000000..95874d3
--- /dev/null
+++ b/debian/podman.manpages
@@ -0,0 +1,2 @@
+docs/build/man/*.1
+pkg/hooks/docs/*.5
diff --git a/debian/podman.podman-auto-update.service b/debian/podman.podman-auto-update.service
new file mode 120000
index 0000000..cce288d
--- /dev/null
+++ b/debian/podman.podman-auto-update.service
@@ -0,0 +1 @@
+../contrib/systemd/auto-update/podman-auto-update.service
\ No newline at end of file
diff --git a/debian/podman.podman-auto-update.timer b/debian/podman.podman-auto-update.timer
new file mode 120000
index 0000000..93790a0
--- /dev/null
+++ b/debian/podman.podman-auto-update.timer
@@ -0,0 +1 @@
+../contrib/systemd/auto-update/podman-auto-update.timer
\ No newline at end of file
diff --git a/debian/podman.postinst b/debian/podman.postinst
new file mode 100644
index 0000000..6ca8247
--- /dev/null
+++ b/debian/podman.postinst
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+set -e
+
+# summary of how this script can be called:
+# * <postinst> `configure' <most-recently-configured-version>
+# * <old-postinst> `abort-upgrade' <new version>
+# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+# <new-version>
+# * <postinst> `abort-remove'
+# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+# <failed-install-package> <version> `removing'
+# <conflicting-package> <version>
+# for details, see https://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+case "$1" in
+ configure)
+ # Podman 3.0 dropped the varlink interface, so we need to cleanup
+ # the related systemd service, cf. #981708
+ if dpkg --compare-versions "$2" le-nl '3.0.0~rc2+dfsg1-3'; then
+ deb-systemd-helper purge io.podman.service io.podman.socket >/dev/null || true
+ deb-systemd-helper unmask io.podman.service io.podman.socket >/dev/null || true
+ fi
+ ;;
+
+ *)
+ ;;
+esac
+
+#DEBHELPER#
diff --git a/debian/podman.service b/debian/podman.service
new file mode 120000
index 0000000..368f351
--- /dev/null
+++ b/debian/podman.service
@@ -0,0 +1 @@
+../contrib/systemd/system/podman.service
\ No newline at end of file
diff --git a/debian/podman.socket b/debian/podman.socket
new file mode 120000
index 0000000..583bc2a
--- /dev/null
+++ b/debian/podman.socket
@@ -0,0 +1 @@
+../contrib/systemd/system/podman.socket
\ No newline at end of file
diff --git a/debian/podman.user.service b/debian/podman.user.service
new file mode 120000
index 0000000..97af345
--- /dev/null
+++ b/debian/podman.user.service
@@ -0,0 +1 @@
+../contrib/systemd/user/podman.service
\ No newline at end of file
diff --git a/debian/podman.user.socket b/debian/podman.user.socket
new file mode 120000
index 0000000..9260137
--- /dev/null
+++ b/debian/podman.user.socket
@@ -0,0 +1 @@
+../contrib/systemd/user/podman.socket
\ No newline at end of file
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..7600b7c
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,64 @@
+#!/usr/bin/make -f
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+include /usr/share/dpkg/pkg-info.mk
+
+export GO111MODULE=off
+
+export DH_GOLANG_GO_GENERATE := 1
+
+export DH_GOLANG_INSTALL_EXTRA := $(wildcard libpod/*/testdata/*) $(wildcard hack/*)
+export DH_GOLANG_EXCLUDES := dependencies test/e2e contrib/perftest test/utils test/endpoint hack/podman-registry-go pkg/bindings/test
+
+export HOME=$(CURDIR)/debian/tmp
+
+## https://podman.io/getting-started/installation#build-tags
+BUILDTAGS := apparmor,ostree,seccomp,selinux,systemd
+# containers_image_openpgp
+
+%:
+ dh $@ --buildsystem=golang --with=golang,bash-completion --builddirectory=_output
+
+override_dh_clean:
+ dh_clean $(PB_GO_FILES)
+ ## Remove Files-Excluded (when built from checkout or non-DFSG tarball):
+ $(RM) -rv `perl -0nE 'say $$1 if m{^Files\-Excluded\:\s*(.*?)(?:\n\n|Files:|Comment:)}sm;' debian/copyright`
+ -find vendor -mindepth 1 -type d -empty -delete -printf 'removed %p\n'
+
+override_dh_auto_build:
+ $(MAKE) docs
+
+# LDFLAGS_PODMAN="-X main.gitCommit=$(GIT_COMMIT)"
+ dh_auto_build -v --builddirectory=_output -- -tags "$(BUILDTAGS)" \
+ -ldflags "-X main.buildInfo=$(DEB_VERSION)"
+
+override_dh_auto_test:
+ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
+ # make test binaries available where the tests expect them
+ ln -sv ../../../../bin _output/src/github.com/containers/podman/bin
+ mkdir -p -m700 $(CURDIR)/debian/tmp-home/.cache
+ mkdir -p -m700 $(CURDIR)/debian/tmp-home/.config
+ mkdir -p -m700 $(CURDIR)/debian/tmp-home/.local/share
+ mkdir -p -m700 $(CURDIR)/debian/tmp-home/run
+ env \
+ HOME=$(CURDIR)/debian/tmp-home/.cache \
+ XDG_CACHE_HOME=$(CURDIR)/debian/tmp-home/.cache \
+ XDG_CONFIG_HOME=$(CURDIR)/debian/tmp-home/.config \
+ XDG_DATA_HOME=$(CURDIR)/debian/tmp-home/.local/share \
+ XDG_RUNTIME_DIR=$(CURDIR)/debian/tmp-home/run \
+ PATH="$(CURDIR)/_output/bin:$$PATH" \
+ DH_GOLANG_EXCLUDES="$${DH_GOLANG_EXCLUDES} libpod/lock/file libpod/hack/podman-registry-go libpod/pkg/bindings/test" \
+ dh_auto_test -v --max-parallel=2 -- -tags "$(BUILDTAGS)"
+ rm -rf $(CURDIR)/debian/tmp-home
+endif
+
+override_dh_auto_install:
+ dh_auto_install --destdir=debian/tmp --buildsystem=golang --builddirectory=_output
+ # avoid exposing unnecessary vendor libraries
+ rm -rfv debian/tmp/usr/share/gocode/src/github.com/containers/libpod/vendor
+
+override_dh_installsystemd:
+ dh_installsystemd
+ dh_installsystemd --name=podman-auto-update
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..163aaf8
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
diff --git a/debian/upstream/metadata b/debian/upstream/metadata
new file mode 100644
index 0000000..81d09ad
--- /dev/null
+++ b/debian/upstream/metadata
@@ -0,0 +1,3 @@
+Homepage: https://github.com/containers/libpod
+Bug-Database: https://github.com/containers/libpod/issues
+Bug-Submit: https://github.com/containers/libpod/issues/new
diff --git a/debian/watch b/debian/watch
new file mode 100644
index 0000000..80c773f
--- /dev/null
+++ b/debian/watch
@@ -0,0 +1,12 @@
+# uscan(1) configuration file.
+version=4
+
+opts="\
+pgpmode=none,\
+repacksuffix=+dfsg1,\
+repack,compression=xz,\
+dirversionmangle=s/-rc/~rc/,\
+uversionmangle=s/-rc/~rc/,\
+dversionmangle=s{[+~]dfsg\d*}{},\
+" https://github.com/containers/libpod/releases \
+ .*/archive/v?(\d[-\w\d\.]+)\.tar\.gz
--
GitLab