app-containers/podman: add 5.0.0_rc4 and goodies

1. rewrite podman.initd
2. Add cron job which executes daily mimicking podman-auto-update.{service,timer} along
with USE flag `cron`
3. Add podman-restart.initd which starts and stops all containers with
restart-policy set to always

Closes: https://github.com/gentoo/gentoo/pull/33621
Signed-off-by: Rahil Bhimjiani <me@rahil.rocks>
Signed-off-by: Zac Medico <zmedico@gentoo.org>

9 files changed, 232 insertions, 3 deletions

diff --git a/app-containers/podman/Manifest b/app-containers/podman/Manifest
index 8ed3e42e0a38..ed94bf2e2a23 100644
--- a/app-containers/podman/Manifest
+++ b/app-containers/podman/Manifest
@@ -4,3 +4,4 @@ DIST podman-4.9.2.tar.gz 21725053 BLAKE2B 8457b714198ba341d1bbceece492229d635c14
 DIST podman-4.9.3.tar.gz 21727849 BLAKE2B 9a67ba4266a8a0e20d165ba2bae00dcf146724ee976838d5e3310b094155ffa89bff526e8ae72864dc100d1e6878d5519d53581dc7e034982a4f2b364e4c8feb SHA512 395014bbe70923f1444d2f33440013a16e9c339b70be5e6a9c7026617a40795a1c0e410c08a52fba46b9f5e853d853ce4133db36167a3c5ace7d325f8b3a3327
 DIST podman-5.0.0_rc1.tar.gz 21755715 BLAKE2B 57d3bb01451625eec16f34bbe2d0868184af5572dbba1a17436b894b9b7e5a1358ec9b3bf9499eab8e2b8aea5cbdbea441c958d80644ad78f713cf5eb06ade99 SHA512 95452d5489b167cff24620b5a7504e1363d8276cf4e7c026d43ea2e9b24dde1c595b6e763a1065087d876e5ad56e62f7cda6e53838abdeac7eeb3deadcfd88ae
 DIST podman-5.0.0_rc3.tar.gz 21787041 BLAKE2B 238e60eb7ecb114efa4be71d51e78306e7ebd55c15f6d09165b26e1d2f523ec9cbf0c397aaf23c8bfa4e8bd18671d7f980e7288989b4321d73588785ce4ef7ad SHA512 d61e69bc98d7286b896ec9cb9ef4b9b2aec16637172aa1d11a25a6f6665d69eddb600534a5c4daf12d5ed622f20fdd05d7eb86ab67a5d08ac20205aebb427153
+DIST podman-5.0.0_rc4.tar.gz 21846225 BLAKE2B c0e5a032af624401e1a61309194417a47144ccc5fa10ae827b80ff06b5034c78c4a01c5b44de587c357ef1aa1bbe848ee517edde1f90396bc675a35f4c9cf8e7 SHA512 034b411dfde2e3219b9bbdf5c966f474c9ed1a48a83793494abd0f74d164617f1321c2723384eb43827813faaf5737b378893c1555816badcbd1c81904349944
diff --git a/app-containers/podman/files/podman-5.0.0_rc4.confd b/app-containers/podman/files/podman-5.0.0_rc4.confd
new file mode 100644
index 000000000000..eafaee7fddef
--- /dev/null
+++ b/app-containers/podman/files/podman-5.0.0_rc4.confd
@@ -0,0 +1,11 @@
+# Config file for /etc/init.d/podman
+
+# Sets the API service daemon log level
+# valid levels: debug, info, warn, error, fatal or panic
+#LOG_LEVEL="error"
+
+# Sets the API service daemon socket
+#SOCKET="unix:///run/podman/podman.sock"
+
+# Configure the user[:group] the API service daemon will run as
+#RUN_AS_USER="root:root"
diff --git a/app-containers/podman/files/podman-5.0.0_rc4.initd b/app-containers/podman/files/podman-5.0.0_rc4.initd
new file mode 100644
index 000000000000..53026a54176d
--- /dev/null
+++ b/app-containers/podman/files/podman-5.0.0_rc4.initd
@@ -0,0 +1,21 @@
+#!/sbin/openrc-run
+# Copyright 2015-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+description="Podman API Service"
+
+LOG_PATH="/var/log/${RC_SVCNAME}"
+output_log="${LOG_PATH}/${RC_SVCNAME}.log"
+error_log="${LOG_PATH}/${RC_SVCNAME}.log"
+RUN_PATH="/run/${RC_SVCNAME}"
+pidfile="${RUN_PATH}/${RC_SVCNAME}.pid"
+
+command_user="${RUN_AS_USER:=root:root}"
+command="/usr/bin/podman"
+command_args="--log-level ${LOG_LEVEL:-error} system service --time 0 ${SOCKET:-unix://${RUN_PATH}/${RC_SVCNAME}.sock}"
+command_background="true"
+
+start() {
+	checkpath -o "${RUN_AS_USER}" -d "${RUN_PATH}" "${LOG_PATH}"
+	default_start
+}
diff --git a/app-containers/podman/files/podman-auto-update-5.0.0_rc4.cron b/app-containers/podman/files/podman-auto-update-5.0.0_rc4.cron
new file mode 100644
index 000000000000..d0a0fb54b106
--- /dev/null
+++ b/app-containers/podman/files/podman-auto-update-5.0.0_rc4.cron
@@ -0,0 +1,7 @@
+#!/bin/sh
+set -e
+
+# mimicking behaviour of podman-auto-update.service
+if [ -x /usr/bin/podman ]; then
+   /usr/bin/podman auto-update && /usr/bin/podman image prune -f
+fi
diff --git a/app-containers/podman/files/podman-restart-5.0.0_rc4.confd b/app-containers/podman/files/podman-restart-5.0.0_rc4.confd
new file mode 100644
index 000000000000..4d63848cb16f
--- /dev/null
+++ b/app-containers/podman/files/podman-restart-5.0.0_rc4.confd
@@ -0,0 +1,9 @@
+# Config file for /etc/init.d/podman-restart
+
+# Sets the podman log level
+# valid levels: debug, info, warn, error, fatal or panic
+#LOG_LEVEL="info"
+
+# Configure the user[:group] the podman will run as
+# Can be useful to manage rootful or rootless containers
+#RUN_AS_USER="root:root"
diff --git a/app-containers/podman/files/podman-restart-5.0.0_rc4.initd b/app-containers/podman/files/podman-restart-5.0.0_rc4.initd
new file mode 100644
index 000000000000..d02bd64c6279
--- /dev/null
+++ b/app-containers/podman/files/podman-restart-5.0.0_rc4.initd
@@ -0,0 +1,22 @@
+#!/sbin/openrc-run
+# Copyright 2015-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+description="Start all containers with restart-policy set to always"
+
+command_user="${RUN_AS_USER:=root:root}"
+command="/usr/bin/podman"
+command_args="--log-level ${LOG_LEVEL:=info} start --all --filter restart-policy=always"
+
+depend() {
+	after net
+}
+
+stop() {
+	ebegin "Stopping all containers with restart-policy set to always"
+	${command} \
+		--log-level ${LOG_LEVEL} \
+		stop \
+		$(${command} container ls --filter restart-policy=always -q)
+	eend $? "Failed to stop containers with restart-policy set to always"
+}
diff --git a/app-containers/podman/metadata.xml b/app-containers/podman/metadata.xml
index 6ea88435af48..0ae6596fc7c4 100644
--- a/app-containers/podman/metadata.xml
+++ b/app-containers/podman/metadata.xml
@@ -30,6 +30,9 @@
 		<flag name="cgroup-hybrid">
 			Use legacy (hybrid) cgroups instead of modern (unified) cgroups
 		</flag>
+		<flag name="cron">
+			Runs `podman auto-update` daily. See podman-auto-update(1)
+		</flag>
 		<flag name="fuse">
 			Enables fuse dependencies (fuse-overlayfs is especially useful
 			for rootless mode).
diff --git a/app-containers/podman/podman-5.0.0_rc4.ebuild b/app-containers/podman/podman-5.0.0_rc4.ebuild
new file mode 100644
index 000000000000..031861e35e9e
--- /dev/null
+++ b/app-containers/podman/podman-5.0.0_rc4.ebuild
@@ -0,0 +1,148 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit go-module tmpfiles linux-info
+
+DESCRIPTION="A tool for managing OCI containers and pods with Docker-compatible CLI"
+HOMEPAGE="https://github.com/containers/podman/ https://podman.io/"
+
+if [[ ${PV} == 9999* ]]; then
+	inherit git-r3
+	EGIT_REPO_URI="https://github.com/containers/podman.git"
+else
+	SRC_URI="https://github.com/containers/podman/archive/v${PV/_rc/-rc}.tar.gz -> ${P}.tar.gz"
+	S="${WORKDIR}/${P/_rc/-rc}"
+	if [[ ${PV} != *rc* ]] ; then
+		KEYWORDS="~amd64 ~arm64 ~riscv"
+	fi
+fi
+
+# main pkg
+LICENSE="Apache-2.0"
+# deps
+LICENSE+=" BSD BSD-2 CC-BY-SA-4.0 ISC MIT MPL-2.0"
+SLOT="0"
+IUSE="apparmor btrfs cgroup-hybrid cron wrapper +fuse +init +rootless +seccomp selinux systemd"
+RESTRICT="test"
+
+RDEPEND="
+	app-crypt/gpgme:=
+	>=app-containers/conmon-2.0.0
+	>=app-containers/containers-common-0.56.0
+	dev-libs/libassuan:=
+	dev-libs/libgpg-error:=
+	sys-apps/shadow:=
+
+	apparmor? ( sys-libs/libapparmor )
+	btrfs? ( sys-fs/btrfs-progs )
+	cgroup-hybrid? ( >=app-containers/runc-1.0.0_rc6  )
+	!cgroup-hybrid? ( app-containers/crun )
+	cron? ( virtual/cron )
+	wrapper? ( !app-containers/docker-cli )
+	fuse? ( sys-fs/fuse-overlayfs )
+	init? ( app-containers/catatonit )
+	rootless? ( app-containers/slirp4netns )
+	seccomp? ( sys-libs/libseccomp:= )
+	selinux? ( sec-policy/selinux-podman sys-libs/libselinux:= )
+	systemd? ( sys-apps/systemd:= )
+"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	dev-go/go-md2man
+"
+
+PATCHES=(
+	"${FILESDIR}/seccomp-toggle-4.7.0.patch"
+)
+
+CONFIG_CHECK="
+	~USER_NS
+"
+
+pkg_setup() {
+	use btrfs && CONFIG_CHECK+=" ~BTRFS_FS"
+	linux-info_pkg_setup
+}
+
+src_prepare() {
+	default
+
+	# assure necessary files are present
+	local file
+	for file in apparmor_tag btrfs_installed_tag btrfs_tag systemd_tag; do
+		[[ -f hack/"${file}".sh ]] || die
+	done
+
+	local feature
+	for feature in apparmor systemd; do
+		cat <<-EOF > hack/"${feature}"_tag.sh || die
+		#!/usr/bin/env bash
+		$(usex ${feature} "echo ${feature}" echo)
+		EOF
+	done
+
+	echo -e "#!/usr/bin/env bash\n echo" > hack/btrfs_installed_tag.sh || die
+	cat <<-EOF > hack/btrfs_tag.sh || die
+	#!/usr/bin/env bash
+	$(usex btrfs echo 'echo exclude_graphdriver_btrfs btrfs_noversion')
+	EOF
+}
+
+src_compile() {
+	export PREFIX="${EPREFIX}/usr"
+
+	# bug 906073
+	use elibc_musl && export CGO_CFLAGS="-D_LARGEFILE64_SOURCE"
+
+	# For non-live versions, prevent git operations which causes sandbox violations
+	# https://github.com/gentoo/gentoo/pull/33531#issuecomment-1786107493
+	[[ ${PV} != 9999* ]] && export COMMIT_NO="" GIT_COMMIT=""
+
+	# BUILD_SECCOMP is used in the patch to toggle seccomp
+	emake BUILDFLAGS="-v -work -x" GOMD2MAN="go-md2man" BUILD_SECCOMP="$(usex seccomp)" all $(usev wrapper docker-docs)
+}
+
+src_install() {
+	emake DESTDIR="${D}" install install.completions $(usev wrapper install.docker-full)
+
+	insinto /etc/cni/net.d
+	doins cni/87-podman-bridge.conflist
+
+	newconfd "${FILESDIR}"/podman-5.0.0_rc4.confd podman
+	newinitd "${FILESDIR}"/podman-5.0.0_rc4.initd podman
+
+	newinitd "${FILESDIR}"/podman-restart-5.0.0_rc4.initd podman-restart
+	newconfd "${FILESDIR}"/podman-restart-5.0.0_rc4.confd podman-restart
+
+	use cron && \
+		{ exeinto /etc/cron.daily && newexe "${FILESDIR}"/podman-auto-update-5.0.0_rc4.cron podman-auto-update; }
+
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}/podman.logrotated" podman
+
+	keepdir /var/lib/containers
+}
+
+pkg_preinst() {
+	PODMAN_ROOTLESS_UPGRADE=false
+	if use rootless; then
+		has_version 'app-containers/podman[rootless]' || PODMAN_ROOTLESS_UPGRADE=true
+	fi
+}
+
+pkg_postinst() {
+	tmpfiles_process podman.conf $(usev wrapper podman-docker.conf)
+
+	local want_newline=false
+	if [[ ${PODMAN_ROOTLESS_UPGRADE} == true ]] ; then
+		${want_newline} && elog ""
+		elog "For rootless operation, you need to configure subuid/subgid"
+		elog "for user running podman. In case subuid/subgid has only been"
+		elog "configured for root, run:"
+		elog "usermod --add-subuids 1065536-1131071 <user>"
+		elog "usermod --add-subgids 1065536-1131071 <user>"
+		want_newline=true
+	fi
+}
diff --git a/app-containers/podman/podman-9999.ebuild b/app-containers/podman/podman-9999.ebuild
index dc3ca1b956ca..031861e35e9e 100644
--- a/app-containers/podman/podman-9999.ebuild
+++ b/app-containers/podman/podman-9999.ebuild
@@ -24,7 +24,7 @@ LICENSE="Apache-2.0"
 # deps
 LICENSE+=" BSD BSD-2 CC-BY-SA-4.0 ISC MIT MPL-2.0"
 SLOT="0"
-IUSE="apparmor btrfs cgroup-hybrid wrapper +fuse +init +rootless +seccomp selinux systemd"
+IUSE="apparmor btrfs cgroup-hybrid cron wrapper +fuse +init +rootless +seccomp selinux systemd"
 RESTRICT="test"
 
 RDEPEND="
@@ -39,6 +39,7 @@ RDEPEND="
 	btrfs? ( sys-fs/btrfs-progs )
 	cgroup-hybrid? ( >=app-containers/runc-1.0.0_rc6  )
 	!cgroup-hybrid? ( app-containers/crun )
+	cron? ( virtual/cron )
 	wrapper? ( !app-containers/docker-cli )
 	fuse? ( sys-fs/fuse-overlayfs )
 	init? ( app-containers/catatonit )
@@ -109,8 +110,14 @@ src_install() {
 	insinto /etc/cni/net.d
 	doins cni/87-podman-bridge.conflist
 
-	newconfd "${FILESDIR}"/podman.confd podman
-	newinitd "${FILESDIR}"/podman.initd podman
+	newconfd "${FILESDIR}"/podman-5.0.0_rc4.confd podman
+	newinitd "${FILESDIR}"/podman-5.0.0_rc4.initd podman
+
+	newinitd "${FILESDIR}"/podman-restart-5.0.0_rc4.initd podman-restart
+	newconfd "${FILESDIR}"/podman-restart-5.0.0_rc4.confd podman-restart
+
+	use cron && \
+		{ exeinto /etc/cron.daily && newexe "${FILESDIR}"/podman-auto-update-5.0.0_rc4.cron podman-auto-update; }
 
 	insinto /etc/logrotate.d
 	newins "${FILESDIR}/podman.logrotated" podman