app-containers/podman: add 4.7.0 & live

Major rewrite based on upstream's instructions. Introducing 3 more USE
flags - systemd, seccomp, wrapper (provides docker command)

Closes: https://github.com/gentoo/gentoo/pull/33070
Closes: https://bugs.gentoo.org/911537
Signed-off-by: Rahil Bhimjiani <rahil3108@gmail.com>
Signed-off-by: Zac Medico <zmedico@gentoo.org>

5 files changed, 264 insertions, 1 deletions

diff --git a/app-containers/podman/Manifest b/app-containers/podman/Manifest
index b41ed4569ea4..027ecbfb28a0 100644
--- a/app-containers/podman/Manifest
+++ b/app-containers/podman/Manifest
@@ -1 +1,2 @@
 DIST podman-4.5.0.tar.gz 17423692 BLAKE2B ba28e77626bb4bcdb85b20031e12cf93f2eb3174b678cb8e99557df13e2cdf377ea402eb373a51ea44302f878f8e1cdedda14a2f3ad8c9e88895754fc50c272e SHA512 8a699dc01fc3d7c4a9e5ef4f166170303fc30e0f6695c61f763944e1cb755e75896108e0c4166d184fe49e3a6859f045aa3883047ebba9290e851fc128d77cac
+DIST podman-4.7.0.tar.gz 20554573 BLAKE2B a98e52ec9fe48d5b70489ed6bd6961877cf67735048425ad30fe9de3e163f8266d6510c37b0c43effa90cc8ce1b39bdc46c5add90dabd8f78c79602824f132a6 SHA512 4cab8698a819cd42de4cb588978c94c91b0c85693db2476aa6d20d7f4e4a7674d417703f70bdbb5a0e94b678fd585ae03a95ff0e5b7eb2682d9f400b92915742
diff --git a/app-containers/podman/files/seccomp-toggle-4.7.0.patch b/app-containers/podman/files/seccomp-toggle-4.7.0.patch
new file mode 100644
index 000000000000..17a09b601369
--- /dev/null
+++ b/app-containers/podman/files/seccomp-toggle-4.7.0.patch
@@ -0,0 +1,15 @@
+--- a/Makefile
++++ b/Makefile
+@@ -57,7 +57,11 @@
+ 	$(shell hack/systemd_tag.sh) \
+ 	$(shell hack/libsubid_tag.sh) \
+ 	exclude_graphdriver_devicemapper \
+-	seccomp
++
++BUILD_SECCOMP ?= yes
++ifeq ($(BUILD_SECCOMP),yes)
++BUILDTAGS += seccomp
++endif
+ # N/B: This value is managed by Renovate, manual changes are
+ # possible, as long as they don't disturb the formatting
+ # (i.e. DO NOT ADD A 'v' prefix!)
diff --git a/app-containers/podman/metadata.xml b/app-containers/podman/metadata.xml
index 59685cf20a43..93c2b60cc389 100644
--- a/app-containers/podman/metadata.xml
+++ b/app-containers/podman/metadata.xml
@@ -28,7 +28,7 @@
 			necessary kernel flags.
 		</flag>
 		<flag name="cgroup-hybrid">
-			Default to hybrid (legacy) cgroup hierarchy instead of unified (modern).
+			Use legacy (hybrid) cgroups instead of modern (unified) cgroups
 		</flag>
 		<flag name="fuse">
 			Enables fuse dependencies (fuse-overlayfs is especially useful
@@ -40,6 +40,9 @@
 		<flag name="rootless">
 			Enables dependencies for running in rootless mode.
 		</flag>
+		<flag name="wrapper">
+			Install wrapper which lets use podman for command `docker`
+		</flag>
 	</use>
 	<upstream>
 		<remote-id type="github">containers/podman</remote-id>
diff --git a/app-containers/podman/podman-4.7.0.ebuild b/app-containers/podman/podman-4.7.0.ebuild
new file mode 100644
index 000000000000..2c7ededf36fd
--- /dev/null
+++ b/app-containers/podman/podman-4.7.0.ebuild
@@ -0,0 +1,122 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit go-module tmpfiles linux-info
+
+DESCRIPTION="A tool for managing OCI containers and pods with Docker-compatible CLI"
+HOMEPAGE="https://github.com/containers/podman/ https://podman.io/"
+if [[ ${PV} == *9999* ]]; then
+	inherit git-r3
+	EGIT_REPO_URI="https://github.com/containers/podman.git"
+else
+	SRC_URI="https://github.com/containers/podman/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+	KEYWORDS="~amd64 ~arm64 ~riscv"
+fi
+LICENSE="Apache-2.0 BSD BSD-2 CC-BY-SA-4.0 ISC MIT MPL-2.0"
+SLOT="0"
+IUSE="apparmor btrfs cgroup-hybrid wrapper +fuse +init +rootless +seccomp selinux systemd"
+RESTRICT="test"
+
+RDEPEND="
+	app-crypt/gpgme:=
+	>=app-containers/conmon-2.0.0
+	>=app-containers/containers-common-0.56.0
+	dev-libs/libassuan:=
+	dev-libs/libgpg-error:=
+	sys-apps/shadow:=
+
+	apparmor? ( sys-libs/libapparmor )
+	btrfs? ( sys-fs/btrfs-progs )
+	cgroup-hybrid? ( >=app-containers/runc-1.0.0_rc6  )
+	!cgroup-hybrid? ( app-containers/crun )
+	wrapper? ( !app-containers/docker-cli )
+	fuse? ( sys-fs/fuse-overlayfs )
+	init? ( app-containers/catatonit )
+	rootless? ( app-containers/slirp4netns )
+	seccomp? ( sys-libs/libseccomp:= )
+	selinux? ( sec-policy/selinux-podman sys-libs/libselinux:= )
+	systemd? ( sys-apps/systemd:= )
+"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	dev-go/go-md2man
+"
+
+PATCHES=(
+	"${FILESDIR}/seccomp-toggle-4.7.0.patch"
+)
+
+CONFIG_CHECK="
+	~USER_NS
+"
+
+pkg_setup() {
+	use btrfs && CONFIG_CHECK+=" ~BTRFS_FS"
+	linux-info_pkg_setup
+}
+
+src_prepare() {
+	default
+	local file
+	for file in apparmor_tag btrfs_installed_tag btrfs_tag selinux_tag systemd_tag; do
+		[[ -f hack/"${file}".sh ]] || die
+	done
+
+	local feature
+	for feature in apparmor selinux systemd; do
+		cat <<-EOF > hack/"${feature}"_tag.sh || die
+		#!/usr/bin/env bash
+		$(usex ${feature} "echo ${feature}" echo)
+EOF
+	done
+
+	echo -e "#!/usr/bin/env bash\n echo" > hack/btrfs_installed_tag.sh || die
+	cat <<-EOF > hack/btrfs_tag.sh || die
+	#!/usr/bin/env bash
+	$(usex btrfs echo 'echo exclude_graphdriver_btrfs btrfs_noversion')
+EOF
+}
+
+src_compile() {
+	export PREFIX="${EPREFIX}/usr"
+	emake BUILDFLAGS="-v -work -x" GOMD2MAN="go-md2man" BUILD_SECCOMP="$(usex seccomp)" all $(usev wrapper docker-docs)
+}
+
+src_install() {
+	emake DESTDIR="${D}" install install.completions $(usev wrapper install.docker-full)
+
+	insinto /etc/cni/net.d
+	doins cni/87-podman-bridge.conflist
+
+	newconfd "${FILESDIR}"/podman.confd podman
+	newinitd "${FILESDIR}"/podman.initd podman
+
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}/podman.logrotated" podman
+
+	keepdir /var/lib/containers
+}
+
+pkg_preinst() {
+	PODMAN_ROOTLESS_UPGRADE=false
+	if use rootless; then
+		has_version 'app-containers/podman[rootless]' || PODMAN_ROOTLESS_UPGRADE=true
+	fi
+}
+
+pkg_postinst() {
+	tmpfiles_process podman.conf $(usev wrapper podman-docker.conf)
+
+	local want_newline=false
+	if [[ ${PODMAN_ROOTLESS_UPGRADE} == true ]] ; then
+		${want_newline} && elog ""
+		elog "For rootless operation, you need to configure subuid/subgid"
+		elog "for user running podman. In case subuid/subgid has only been"
+		elog "configured for root, run:"
+		elog "usermod --add-subuids 1065536-1131071 <user>"
+		elog "usermod --add-subgids 1065536-1131071 <user>"
+		want_newline=true
+	fi
+}
diff --git a/app-containers/podman/podman-9999.ebuild b/app-containers/podman/podman-9999.ebuild
new file mode 100644
index 000000000000..2c7ededf36fd
--- /dev/null
+++ b/app-containers/podman/podman-9999.ebuild
@@ -0,0 +1,122 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit go-module tmpfiles linux-info
+
+DESCRIPTION="A tool for managing OCI containers and pods with Docker-compatible CLI"
+HOMEPAGE="https://github.com/containers/podman/ https://podman.io/"
+if [[ ${PV} == *9999* ]]; then
+	inherit git-r3
+	EGIT_REPO_URI="https://github.com/containers/podman.git"
+else
+	SRC_URI="https://github.com/containers/podman/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+	KEYWORDS="~amd64 ~arm64 ~riscv"
+fi
+LICENSE="Apache-2.0 BSD BSD-2 CC-BY-SA-4.0 ISC MIT MPL-2.0"
+SLOT="0"
+IUSE="apparmor btrfs cgroup-hybrid wrapper +fuse +init +rootless +seccomp selinux systemd"
+RESTRICT="test"
+
+RDEPEND="
+	app-crypt/gpgme:=
+	>=app-containers/conmon-2.0.0
+	>=app-containers/containers-common-0.56.0
+	dev-libs/libassuan:=
+	dev-libs/libgpg-error:=
+	sys-apps/shadow:=
+
+	apparmor? ( sys-libs/libapparmor )
+	btrfs? ( sys-fs/btrfs-progs )
+	cgroup-hybrid? ( >=app-containers/runc-1.0.0_rc6  )
+	!cgroup-hybrid? ( app-containers/crun )
+	wrapper? ( !app-containers/docker-cli )
+	fuse? ( sys-fs/fuse-overlayfs )
+	init? ( app-containers/catatonit )
+	rootless? ( app-containers/slirp4netns )
+	seccomp? ( sys-libs/libseccomp:= )
+	selinux? ( sec-policy/selinux-podman sys-libs/libselinux:= )
+	systemd? ( sys-apps/systemd:= )
+"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	dev-go/go-md2man
+"
+
+PATCHES=(
+	"${FILESDIR}/seccomp-toggle-4.7.0.patch"
+)
+
+CONFIG_CHECK="
+	~USER_NS
+"
+
+pkg_setup() {
+	use btrfs && CONFIG_CHECK+=" ~BTRFS_FS"
+	linux-info_pkg_setup
+}
+
+src_prepare() {
+	default
+	local file
+	for file in apparmor_tag btrfs_installed_tag btrfs_tag selinux_tag systemd_tag; do
+		[[ -f hack/"${file}".sh ]] || die
+	done
+
+	local feature
+	for feature in apparmor selinux systemd; do
+		cat <<-EOF > hack/"${feature}"_tag.sh || die
+		#!/usr/bin/env bash
+		$(usex ${feature} "echo ${feature}" echo)
+EOF
+	done
+
+	echo -e "#!/usr/bin/env bash\n echo" > hack/btrfs_installed_tag.sh || die
+	cat <<-EOF > hack/btrfs_tag.sh || die
+	#!/usr/bin/env bash
+	$(usex btrfs echo 'echo exclude_graphdriver_btrfs btrfs_noversion')
+EOF
+}
+
+src_compile() {
+	export PREFIX="${EPREFIX}/usr"
+	emake BUILDFLAGS="-v -work -x" GOMD2MAN="go-md2man" BUILD_SECCOMP="$(usex seccomp)" all $(usev wrapper docker-docs)
+}
+
+src_install() {
+	emake DESTDIR="${D}" install install.completions $(usev wrapper install.docker-full)
+
+	insinto /etc/cni/net.d
+	doins cni/87-podman-bridge.conflist
+
+	newconfd "${FILESDIR}"/podman.confd podman
+	newinitd "${FILESDIR}"/podman.initd podman
+
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}/podman.logrotated" podman
+
+	keepdir /var/lib/containers
+}
+
+pkg_preinst() {
+	PODMAN_ROOTLESS_UPGRADE=false
+	if use rootless; then
+		has_version 'app-containers/podman[rootless]' || PODMAN_ROOTLESS_UPGRADE=true
+	fi
+}
+
+pkg_postinst() {
+	tmpfiles_process podman.conf $(usev wrapper podman-docker.conf)
+
+	local want_newline=false
+	if [[ ${PODMAN_ROOTLESS_UPGRADE} == true ]] ; then
+		${want_newline} && elog ""
+		elog "For rootless operation, you need to configure subuid/subgid"
+		elog "for user running podman. In case subuid/subgid has only been"
+		elog "configured for root, run:"
+		elog "usermod --add-subuids 1065536-1131071 <user>"
+		elog "usermod --add-subgids 1065536-1131071 <user>"
+		want_newline=true
+	fi
+}