app-containers/podman: update to 5.1.1

* add compatibility to python 3.13
* Use new upstream variable in Makefile to toggle seccomp USE

Signed-off-by: Rahil Bhimjiani <me@rahil.rocks>
From: https://github.com/gentoo/gentoo/pull/37135
Signed-off-by: Zac Medico <zmedico@gentoo.org>

3 files changed, 163 insertions, 4 deletions

diff --git a/app-containers/podman/Manifest b/app-containers/podman/Manifest
index 8b245d7b6949..14d764f5eb50 100644
--- a/app-containers/podman/Manifest
+++ b/app-containers/podman/Manifest
@@ -1,3 +1,4 @@
 DIST podman-4.9.4.tar.gz 21733620 BLAKE2B 17d099c0a13fbbb77556742313c39995127fc97b4086ef3c2d74a92cc0a4f825a6c729dd099c6d4f4cd3d2ebfd470494babdeaa85a5653b327ea1a16fb5ea993 SHA512 7b52555789a1c214fcf26b0826bdda6cf0ccca588f87c0f15ac5e8358ddac625e17cafbe6a43de07cad964e1418b5ee0d2e38a5cb5dc6f6d4e638399749a7f7b
 DIST podman-5.0.2.tar.gz 23811875 BLAKE2B e943eb36eb0b80332223afc5d971c0886f6eaffeb7133c634d28c0a38e9aae6a54266691067dbca7684882f8b6dad72c3d5de2287ec5a7e8fb4b1cfd96df0b4d SHA512 70dbac9fc81d66eb9b0a5174f5776b805397005cacca917674d2b001591fadd05a776c956e693bad932e9eefe591c35da5c566e8e9e01db8be42bc454cd03104
 DIST podman-5.0.3.tar.gz 23814179 BLAKE2B 46385710e4d24f8eca3a7c98c18a97b96ecd4691b3c965c5a5e7bc690d40d892a6d5fb71c1dd8ec56cc907a2167ab5ee795b4d2c2279c58cef3a5a1cece8b678 SHA512 c605a52cc5aba43d485796c4986f2d1be704e5c931473bf5ba1cf77f703cdb3d16f41d33da0b25287e8d001077f77caf117d3ea5dbd7c56a744274025d9ab07d
+DIST podman-5.1.1.tar.gz 23794366 BLAKE2B 0612a148972c96f532e96a8eb1ab388d80b32fe2ca7c5626e615748ef269a853407aeb39f34686d9eb75de239882e524cf5ee7c97152caccf5f77eb6ecfd54d8 SHA512 e896ee97980da4a522eb865d2eacb6876dd8bc5be1488aed8bd81a81af95faa1383b176b5d236d4af0f76bc30ddad5230df3e11c59ffc6f86e5b4cf3876ff184
diff --git a/app-containers/podman/podman-5.1.1.ebuild b/app-containers/podman/podman-5.1.1.ebuild
new file mode 100644
index 000000000000..95b806ea578e
--- /dev/null
+++ b/app-containers/podman/podman-5.1.1.ebuild
@@ -0,0 +1,146 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{11..13} )
+
+inherit go-module python-any-r1 tmpfiles toolchain-funcs linux-info
+
+DESCRIPTION="A tool for managing OCI containers and pods with Docker-compatible CLI"
+HOMEPAGE="https://github.com/containers/podman/ https://podman.io/"
+
+if [[ ${PV} == 9999* ]]; then
+	inherit git-r3
+	EGIT_REPO_URI="https://github.com/containers/podman.git"
+else
+	SRC_URI="https://github.com/containers/podman/archive/v${PV/_rc/-rc}.tar.gz -> ${P}.tar.gz"
+	S="${WORKDIR}/${P/_rc/-rc}"
+	[[ ${PV} != *rc* ]] && \
+		KEYWORDS="~amd64 ~arm64 ~riscv"
+fi
+
+# main pkg
+LICENSE="Apache-2.0"
+# deps
+LICENSE+=" BSD BSD-2 CC-BY-SA-4.0 ISC MIT MPL-2.0"
+SLOT="0"
+IUSE="apparmor btrfs +seccomp selinux systemd wrapper"
+RESTRICT="test"
+
+RDEPEND="
+	app-containers/catatonit
+	>=app-containers/conmon-2.1.10
+	>=app-containers/containers-common-0.58.0-r1
+	app-crypt/gpgme:=
+	dev-libs/libassuan:=
+	dev-libs/libgpg-error:=
+	sys-apps/shadow:=
+
+	apparmor? ( sys-libs/libapparmor )
+	btrfs? ( sys-fs/btrfs-progs )
+	wrapper? ( !app-containers/docker-cli )
+	seccomp? ( sys-libs/libseccomp:= )
+	selinux? ( sec-policy/selinux-podman sys-libs/libselinux:= )
+	systemd? ( sys-apps/systemd:= )
+"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	${PYTHON_DEPS}
+	dev-go/go-md2man
+"
+
+PATCHES=(
+	"${T}"/togglable-seccomp.patch
+)
+
+CONFIG_CHECK="
+	~USER_NS
+"
+
+pkg_setup() {
+	use btrfs && CONFIG_CHECK+=" ~BTRFS_FS"
+	linux-info_pkg_setup
+	python-any-r1_pkg_setup
+}
+
+src_prepare() {
+	cat <<'EOF' > "${T}"/togglable-seccomp.patch || die
+--- a/Makefile
++++ b/Makefile
+@@ -56,7 +56,6 @@ BUILDTAGS ?= \
+	$(shell hack/systemd_tag.sh) \
+	$(shell hack/libsubid_tag.sh) \
+	exclude_graphdriver_devicemapper \
+-	seccomp
+ # allow downstreams to easily add build tags while keeping our defaults
+ BUILDTAGS += ${EXTRA_BUILDTAGS}
+ # N/B: This value is managed by Renovate, manual changes are
+EOF
+
+	default
+
+	# assure necessary files are present
+	local file
+	for file in apparmor_tag btrfs_installed_tag btrfs_tag systemd_tag; do
+		[[ -f hack/"${file}".sh ]] || die
+	done
+
+	local feature
+	for feature in apparmor systemd; do
+		cat <<-EOF > hack/"${feature}"_tag.sh || die
+		#!/usr/bin/env bash
+		$(usex ${feature} "echo ${feature}" echo)
+		EOF
+	done
+
+	echo -e "#!/usr/bin/env bash\n echo" > hack/btrfs_installed_tag.sh || die
+	cat <<-EOF > hack/btrfs_tag.sh || die
+	#!/usr/bin/env bash
+	$(usex btrfs echo 'echo exclude_graphdriver_btrfs btrfs_noversion')
+	EOF
+}
+
+src_compile() {
+	export PREFIX="${EPREFIX}/usr"
+
+	# For non-live versions, prevent git operations which causes sandbox violations
+	# https://github.com/gentoo/gentoo/pull/33531#issuecomment-1786107493
+	[[ ${PV} != 9999* ]] && export COMMIT_NO="" GIT_COMMIT="" EPOCH_TEST_COMMIT=""
+
+	# Use proper pkg-config to get gpgme cflags and ldflags when
+	# cross-compiling, bug 930982.
+	if tc-is-cross-compiler; then
+		tc-export PKG_CONFIG
+	fi
+
+	emake BUILDFLAGS="-v -work -x" GOMD2MAN="go-md2man" EXTRA_BUILDTAGS="$(usev seccomp)" \
+		  all $(usev wrapper docker-docs)
+}
+
+src_install() {
+	emake DESTDIR="${D}" install install.completions $(usev wrapper install.docker-full)
+
+	if use !systemd; then
+		newconfd "${FILESDIR}"/podman-5.0.0_rc4.confd podman
+		newinitd "${FILESDIR}"/podman-5.0.0_rc4.initd podman
+
+		newinitd "${FILESDIR}"/podman-restart-5.0.0_rc4.initd podman-restart
+		newconfd "${FILESDIR}"/podman-restart-5.0.0_rc4.confd podman-restart
+
+		newinitd "${FILESDIR}"/podman-clean-transient-5.0.0_rc6.initd podman-clean-transient
+		newconfd "${FILESDIR}"/podman-clean-transient-5.0.0_rc6.confd podman-clean-transient
+
+		exeinto /etc/cron.daily
+		newexe "${FILESDIR}"/podman-auto-update-5.0.0.cron podman-auto-update
+
+		insinto /etc/logrotate.d
+		newins "${FILESDIR}/podman.logrotated" podman
+	fi
+
+	keepdir /var/lib/containers
+}
+
+pkg_postinst() {
+	tmpfiles_process podman.conf $(usev wrapper podman-docker.conf)
+}
diff --git a/app-containers/podman/podman-9999.ebuild b/app-containers/podman/podman-9999.ebuild
index 738613b007dc..95b806ea578e 100644
--- a/app-containers/podman/podman-9999.ebuild
+++ b/app-containers/podman/podman-9999.ebuild
@@ -3,7 +3,7 @@
 
 EAPI=8
 
-PYTHON_COMPAT=( python3_{11,12} )
+PYTHON_COMPAT=( python3_{11..13} )
 
 inherit go-module python-any-r1 tmpfiles toolchain-funcs linux-info
 
@@ -51,7 +51,7 @@ BDEPEND="
 "
 
 PATCHES=(
-	"${FILESDIR}/seccomp-toggle-4.7.0.patch"
+	"${T}"/togglable-seccomp.patch
 )
 
 CONFIG_CHECK="
@@ -65,6 +65,19 @@ pkg_setup() {
 }
 
 src_prepare() {
+	cat <<'EOF' > "${T}"/togglable-seccomp.patch || die
+--- a/Makefile
++++ b/Makefile
+@@ -56,7 +56,6 @@ BUILDTAGS ?= \
+	$(shell hack/systemd_tag.sh) \
+	$(shell hack/libsubid_tag.sh) \
+	exclude_graphdriver_devicemapper \
+-	seccomp
+ # allow downstreams to easily add build tags while keeping our defaults
+ BUILDTAGS += ${EXTRA_BUILDTAGS}
+ # N/B: This value is managed by Renovate, manual changes are
+EOF
+
 	default
 
 	# assure necessary files are present
@@ -101,8 +114,7 @@ src_compile() {
 		tc-export PKG_CONFIG
 	fi
 
-	# BUILD_SECCOMP is used in the patch to toggle seccomp
-	emake BUILDFLAGS="-v -work -x" GOMD2MAN="go-md2man" BUILD_SECCOMP="$(usex seccomp)" \
+	emake BUILDFLAGS="-v -work -x" GOMD2MAN="go-md2man" EXTRA_BUILDTAGS="$(usev seccomp)" \
 		  all $(usev wrapper docker-docs)
 }