.cirrus.yml

@@ -233,6 +233,9 @@ cache_images_task:
         - <<: *cache_image
           env:
             PACKER_BUILDS: "fedora-netavark"
+        - <<: *cache_image
+          env:
+            PACKER_BUILDS: "fedora-podman-py"
         - <<: *cache_image
           env:
             PACKER_BUILDS: "fedora-aws"
@@ -337,6 +340,7 @@ test_imgts_task: &imgts
             fedora-c${IMG_SFX}
             prior-fedora-c${IMG_SFX}
             fedora-netavark-c${IMG_SFX}
+            fedora-podman-py-c${IMG_SFX}
             rawhide-c${IMG_SFX}
             debian-c${IMG_SFX}
             build-push-c${IMG_SFX}

IMG_SFX

@@ -1 +1 @@
-20250812t173301z-f42f41d13
+20250422t130822z-f42f41d13

Makefile

@@ -132,17 +132,17 @@ help: ## Default target, parses special in-line comments as documentation.
 # names and a max-length of 63.
 .PHONY: IMG_SFX
 IMG_SFX:  timebomb-check ## Generate a new date-based image suffix, store in the file IMG_SFX
-	@echo "$$(date -u +%Y%m%dt%H%M%Sz)-f$(FEDORA_RELEASE)f$(PRIOR_FEDORA_RELEASE)d$(subst .,,$(DEBIAN_RELEASE))" > "$@"
+	$(file >$@,$(shell date --utc +%Y%m%dt%H%M%Sz)-f$(FEDORA_RELEASE)f$(PRIOR_FEDORA_RELEASE)d$(subst .,,$(DEBIAN_RELEASE)))
-	@cat IMG_SFX
+	@echo "$(file <IMG_SFX)"
 
 # Prevent us from wasting CI time when we have expired timebombs
 .PHONY: timebomb-check
 timebomb-check:
-	@now=$$(date -u +%Y%m%d); \
+	@now=$$(date --utc +%Y%m%d); \
 	    found=; \
 	    while read -r bomb; do \
-	        when=$$(echo "$$bomb" | sed -E -e 's/^.*timebomb ([0-9]+).*/\1/'); \
+	        when=$$(echo "$$bomb" | sed -e 's/^.*timebomb \([0-9]\+\).*/\1/'); \
-	        if [ "$$when" -le "$$now" ]; then \
+	        if [ $$when -le $$now ]; then \
 	            echo "$$bomb"; \
 	            found=found; \
 	        fi; \

cache_images/cloud.yml

@@ -75,6 +75,9 @@ builders:
       source_image_family: 'fedora-base'
       labels: *fedora_gce_labels
 
+    - <<: *aux_fed_img
+      name: 'fedora-podman-py'
+
     - <<: *aux_fed_img
       name: 'fedora-netavark'
 

cache_images/fedora-podman-py_packaging.sh

@@ -0,0 +1,99 @@
+#!/bin/bash
+
+# This script is called from fedora_setup.sh and various Dockerfiles.
+# It's not intended to be used outside of those contexts.  It assumes the lib.sh
+# library has already been sourced, and that all "ground-up" package-related activity
+# needs to be done, including repository setup and initial update.
+
+set -e
+
+SCRIPT_FILEPATH=$(realpath "${BASH_SOURCE[0]}")
+SCRIPT_DIRPATH=$(dirname "$SCRIPT_FILEPATH")
+REPO_DIRPATH=$(realpath "$SCRIPT_DIRPATH/../")
+
+# shellcheck source=./lib.sh
+source "$REPO_DIRPATH/lib.sh"
+
+# shellcheck disable=SC2154
+warn "Enabling updates-testing repository for $PACKER_BUILD_NAME"
+lilto ooe.sh $SUDO dnf install -y 'dnf-command(config-manager)'
+lilto ooe.sh $SUDO dnf config-manager setopt updates-testing.enabled=1
+
+msg "Updating/Installing repos and packages for $OS_REL_VER"
+
+bigto ooe.sh $SUDO dnf update -y
+
+INSTALL_PACKAGES=(\
+    bash-completion
+    bridge-utils
+    buildah
+    bzip2
+    curl
+    findutils
+    fuse3
+    gcc
+    git
+    git-daemon
+    glib2-devel
+    glibc-devel
+    hostname
+    httpd-tools
+    iproute
+    iptables
+    jq
+    libtool
+    lsof
+    make
+    nmap-ncat
+    openssl
+    openssl-devel
+    pkgconfig
+    podman
+    policycoreutils
+    protobuf
+    protobuf-devel
+    python-pip-wheel
+    python-setuptools-wheel
+    python-toml
+    python-wheel-wheel
+    python3-PyYAML
+    python3-coverage
+    python3-dateutil
+    python3-docker
+    python3-fixtures
+    python3-libselinux
+    python3-libsemanage
+    python3-libvirt
+    python3-pip
+    python3-psutil
+    python3-pylint
+    python3-pytest
+    python3-requests
+    python3-requests-mock
+    python3-virtualenv
+    python3.6
+    python3.9
+    python3.10
+    python3.11
+    python3.12
+    redhat-rpm-config
+    rsync
+    sed
+    skopeo
+    socat
+    tar
+    time
+    tox
+    unzip
+    vim
+    wget
+    xz
+    zip
+    zstd
+)
+
+echo "Installing general build/test dependencies"
+bigto $SUDO dnf install -y "${INSTALL_PACKAGES[@]}"
+
+# It was observed in F33, dnf install doesn't always get you the latest/greatest
+lilto $SUDO dnf update -y

cache_images/fedora_packaging.sh

@@ -56,7 +56,6 @@ INSTALL_PACKAGES=(\
     curl
     device-mapper-devel
     dnsmasq
-    docker-distribution
     e2fsprogs-devel
     emacs-nox
     fakeroot
@@ -65,7 +64,6 @@ INSTALL_PACKAGES=(\
     fuse3
     fuse3-devel
     gcc
-    gh
     git
     git-daemon
     glib2-devel
@@ -174,11 +172,6 @@ if [[ "$PACKER_BUILD_NAME" =~ fedora ]]; then
         python3-requests
         python3-requests-mock
     )
-else # podman-sequoia is only available in Rawhide
-    timebomb 20251101 "Also install the package in future Fedora releases, and enable Sequoia support in users of the images."
-    INSTALL_PACKAGES+=( \
-        podman-sequoia
-    )
 fi
 
 # When installing during a container-build, having this present
@@ -223,6 +216,12 @@ DOWNLOAD_PACKAGES=(\
 msg "Installing general build/test dependencies"
 bigto $SUDO dnf install -y "${INSTALL_PACKAGES[@]}"
 
+# https://bodhi.fedoraproject.org/updates/FEDORA-2025-55ce2ca9f0
+timebomb 20250423 "criu-4.0 is broken, force 4.1 update from updates-testing"
+if [[ "$OS_RELEASE_VER" -eq 42 ]]; then
+    $SUDO dnf upgrade -y --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-d374d8ce17
+fi
+
 msg "Downloading packages for optional installation at runtime, as needed."
 $SUDO mkdir -p "$PACKAGE_DOWNLOAD_DIR"
 cd "$PACKAGE_DOWNLOAD_DIR"

cache_images/fedora_setup.sh

@@ -30,6 +30,8 @@ req_env_vars PACKER_BUILD_NAME
 # shellcheck disable=SC2154
 if [[ "$PACKER_BUILD_NAME" =~ "netavark" ]]; then
     bash $SCRIPT_DIRPATH/fedora-netavark_packaging.sh
+elif [[ "$PACKER_BUILD_NAME" =~ "podman-py" ]]; then
+    bash $SCRIPT_DIRPATH/fedora-podman-py_packaging.sh
 elif [[ "$PACKER_BUILD_NAME" =~ "build-push" ]]; then
     bash $SCRIPT_DIRPATH/build-push_packaging.sh
     # Registers qemu emulation for non-native execution

ccia/fake_manifests/fedora-podman-py Cache Image/manifest/cache_images/manifest.json

@@ -0,0 +1,17 @@
+{
+  "builds": [
+    {
+      "name": "fedora-podman-py",
+      "builder_type": "googlecompute",
+      "build_time": 1658176090,
+      "files": null,
+      "artifact_id": "fedora-podman-py-c5419329914142720",
+      "packer_run_uuid": "e5b1e6ab-37a5-a695-624d-47bf0060b272",
+      "custom_data": {
+        "IMG_SFX": "5419329914142720",
+        "STAGE": "cache"
+      }
+    }
+  ],
+  "last_run_uuid": "e5b1e6ab-37a5-a695-624d-47bf0060b272"
+}

gcpprojects.txt

@@ -8,6 +8,7 @@ containers-build-source-image
 libpod-218412
 netavark-2021
 oci-seccomp-bpf-hook
+podman-py
 skopeo
 storage-240716
 udica-247612

skopeo_cidev/Containerfile

@@ -12,6 +12,7 @@ RUN dnf -y update && \
     dnf clean all
 
 ENV REG_REPO="https://github.com/docker/distribution.git" \
+    REG_COMMIT="b5ca020cfbe998e5af3457fda087444cf5116496" \
     REG_COMMIT_SCHEMA1="ec87e9b6971d831f0eff752ddb54fb64693e51cd" \
     OSO_REPO="https://github.com/openshift/origin.git" \
     OSO_TAG="v1.5.0-alpha.3"

skopeo_cidev/setup.sh

@@ -9,6 +9,7 @@ set -e
 declare -a req_vars
 req_vars=(\
     REG_REPO
+    REG_COMMIT
     REG_COMMIT_SCHEMA1
     OSO_REPO
     OSO_TAG
@@ -42,6 +43,12 @@ cd "$REG_GOSRC"
 (
     # This is required to be set like this by the build system
     export GOPATH="$PWD/Godeps/_workspace:$GOPATH"
+    # This comes in from the Containerfile
+    # shellcheck disable=SC2154
+    git checkout -q "$REG_COMMIT"
+    go build -o /usr/local/bin/registry-v2 \
+        github.com/docker/distribution/cmd/registry
+
     # This comes in from the Containerfile
     # shellcheck disable=SC2154
     git checkout -q "$REG_COMMIT_SCHEMA1"