From b0d5b8c2f322217ba1fad2e02be153da67868a6a Mon Sep 17 00:00:00 2001
From: Flatcar Buildbot <buildbot@flatcar-linux.org>
Date: Mon, 21 Jul 2025 07:10:10 +0000
Subject: [PATCH] app-containers/podman: Sync with Gentoo

It's from Gentoo commit a42b6320136a42592a7e872ed8179c93769a2533.

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
---
 .../app-containers/podman/Manifest            |  2 +-
 .../podman-5.5.2-togglable-seccomp.patch      | 11 +++++++++++
 ...odman-5.3.0.ebuild => podman-5.5.2.ebuild} | 19 ++++++++++++++-----
 .../app-containers/podman/podman-9999.ebuild  |  9 ++++-----
 4 files changed, 30 insertions(+), 11 deletions(-)
 create mode 100644 sdk_container/src/third_party/portage-stable/app-containers/podman/files/podman-5.5.2-togglable-seccomp.patch
 rename sdk_container/src/third_party/portage-stable/app-containers/podman/{podman-5.3.0.ebuild => podman-5.5.2.ebuild} (86%)

diff --git a/sdk_container/src/third_party/portage-stable/app-containers/podman/Manifest b/sdk_container/src/third_party/portage-stable/app-containers/podman/Manifest
index 05620cca44..eb1836b399 100644
--- a/sdk_container/src/third_party/portage-stable/app-containers/podman/Manifest
+++ b/sdk_container/src/third_party/portage-stable/app-containers/podman/Manifest
@@ -1,3 +1,3 @@
-DIST podman-5.3.0.tar.gz 24194165 BLAKE2B fb2da37e4f97d69997b9518425bb1ec74846e4e26855bf9ece0eeefb723f603051d4d4a1b3320cdba5c97595db12e1948f280776429819d10bfe83a57f349c78 SHA512 3f1ab7e792850e2e21823c59ca9e03d348e78267e3ec5344a04c38e51466159717944c318cf5e61ad9a785d9112b468b9fc37f3b60a40e8764d5cac9f58e7d16
 DIST podman-5.3.2.tar.gz 24207488 BLAKE2B 68f618b74be41bf489de97b009d335f3033634c5c065b1089cc9a6132e38e3a7f707b959d29d955ab0bd805721c14cda90c77fa60f6ba09327f38d4a8bc19112 SHA512 b7007278dd3f493bd0d0185ed4328570d5af527d4864c4435e7b330543d60ba87f04f36c94407d4e11e622a4af8b6467f66474e9b66cbeacb8eecb3088b4439e
 DIST podman-5.4.2.tar.gz 25465417 BLAKE2B f4f586bc99af625a5fa9a6915f101738d8c2abb505de96db6a41fde026baf5832047498b8bf1af6d80a84525a113a21680032886eee49458f92bd7321107bf47 SHA512 482fde529766ca1b509a08bab4beb59a5935ebc6b27bc886c33597183258631e8c8db03ebb521baefd7989305aa76fad14c1359e211a0fe75c855c14bbaca960
+DIST podman-5.5.2.tar.gz 21334872 BLAKE2B a3b458afe1dc17699b7a75517727bba0b989e4b605c51a867f5d076fc5bb2bbfe8a914d78c659670bb73ebf3905926259320f6159ad850a7b335fa920ebfe6d4 SHA512 c647e74c22053b95d09f81d9c594203492283bdb881245941fa2d7253946cbb4953d705313a0e57a0d6737cc07697381e8ba5ed388a74d440b74b5fe045821ec
diff --git a/sdk_container/src/third_party/portage-stable/app-containers/podman/files/podman-5.5.2-togglable-seccomp.patch b/sdk_container/src/third_party/portage-stable/app-containers/podman/files/podman-5.5.2-togglable-seccomp.patch
new file mode 100644
index 0000000000..43abe10797
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/app-containers/podman/files/podman-5.5.2-togglable-seccomp.patch
@@ -0,0 +1,11 @@
+don't add seccomp buildtag for all, instead only add it in ebuild if +seccomp
+--- a/Makefile
++++ b/Makefile
+@@ -64,7 +64,6 @@
+ 	$(shell hack/btrfs_tag.sh) \
+ 	$(shell hack/systemd_tag.sh) \
+ 	$(shell hack/libsubid_tag.sh) \
+-	$(if $(filter linux,$(GOOS)), seccomp,)
+ # allow downstreams to easily add build tags while keeping our defaults
+ BUILDTAGS += ${EXTRA_BUILDTAGS}
+ # N/B: This value is managed by Renovate, manual changes are
diff --git a/sdk_container/src/third_party/portage-stable/app-containers/podman/podman-5.3.0.ebuild b/sdk_container/src/third_party/portage-stable/app-containers/podman/podman-5.5.2.ebuild
similarity index 86%
rename from sdk_container/src/third_party/portage-stable/app-containers/podman/podman-5.3.0.ebuild
rename to sdk_container/src/third_party/portage-stable/app-containers/podman/podman-5.5.2.ebuild
index 0d75458d62..15d342e831 100644
--- a/sdk_container/src/third_party/portage-stable/app-containers/podman/podman-5.3.0.ebuild
+++ b/sdk_container/src/third_party/portage-stable/app-containers/podman/podman-5.5.2.ebuild
@@ -17,7 +17,7 @@ else
 	SRC_URI="https://github.com/containers/podman/archive/v${PV/_rc/-rc}.tar.gz -> ${P}.tar.gz"
 	S="${WORKDIR}/${P/_rc/-rc}"
 	[[ ${PV} != *rc* ]] && \
-		KEYWORDS="amd64 arm64 ~loong ~riscv"
+		KEYWORDS="~amd64 ~arm64 ~loong ~riscv"
 fi
 
 # main pkg
@@ -51,7 +51,7 @@ BDEPEND="
 "
 
 PATCHES=(
-	"${FILESDIR}"/${PN}-5.2.5-togglable-seccomp.patch
+	"${FILESDIR}"/${PN}-5.5.2-togglable-seccomp.patch
 )
 
 CONFIG_CHECK="
@@ -81,15 +81,18 @@ src_prepare() {
 		EOF
 	done
 
-	echo -e "#!/usr/bin/env bash\n echo" > hack/btrfs_installed_tag.sh || die
 	cat <<-EOF > hack/btrfs_tag.sh || die
 	#!/usr/bin/env bash
-	$(usex btrfs echo 'echo exclude_graphdriver_btrfs btrfs_noversion')
+	$(usex btrfs echo 'echo btrfs_noversion')
+	EOF
+	cat <<-EOF > hack/btrfs_installed_tag.sh || die
+	#!/usr/bin/env bash
+	$(usex btrfs echo 'echo exclude_graphdriver_btrfs')
 	EOF
 }
 
 src_compile() {
-	export PREFIX="${EPREFIX}/usr"
+	export PREFIX="${EPREFIX}/usr" BUILD_ORIGIN="Gentoo Portage"
 
 	# For non-live versions, prevent git operations which causes sandbox violations
 	# https://github.com/gentoo/gentoo/pull/33531#issuecomment-1786107493
@@ -123,6 +126,12 @@ src_install() {
 
 		insinto /etc/logrotate.d
 		newins "${FILESDIR}/podman.logrotated" podman
+
+		exeinto /etc/user/init.d
+		newexe "${FILESDIR}/podman-5.0.0_rc4.user.initd" podman
+
+		insinto /etc/user/conf.d
+		newins "${FILESDIR}/podman-5.0.0_rc4.user.confd" podman
 	fi
 
 	keepdir /var/lib/containers
diff --git a/sdk_container/src/third_party/portage-stable/app-containers/podman/podman-9999.ebuild b/sdk_container/src/third_party/portage-stable/app-containers/podman/podman-9999.ebuild
index 63b7045fe6..5cf064395c 100644
--- a/sdk_container/src/third_party/portage-stable/app-containers/podman/podman-9999.ebuild
+++ b/sdk_container/src/third_party/portage-stable/app-containers/podman/podman-9999.ebuild
@@ -51,7 +51,7 @@ BDEPEND="
 "
 
 PATCHES=(
-	"${FILESDIR}"/${PN}-5.2.5-togglable-seccomp.patch
+	"${FILESDIR}"/${PN}-5.5.2-togglable-seccomp.patch
 )
 
 CONFIG_CHECK="
@@ -69,7 +69,7 @@ src_prepare() {
 
 	# assure necessary files are present
 	local file
-	for file in apparmor_tag btrfs_installed_tag btrfs_tag systemd_tag; do
+	for file in apparmor_tag btrfs_installed_tag systemd_tag; do
 		[[ -f hack/"${file}".sh ]] || die
 	done
 
@@ -81,10 +81,9 @@ src_prepare() {
 		EOF
 	done
 
-	echo -e "#!/usr/bin/env bash\n echo" > hack/btrfs_installed_tag.sh || die
-	cat <<-EOF > hack/btrfs_tag.sh || die
+	cat <<-EOF > hack/btrfs_installed_tag.sh || die
 	#!/usr/bin/env bash
-	$(usex btrfs echo 'echo exclude_graphdriver_btrfs btrfs_noversion')
+	$(usex btrfs echo 'echo exclude_graphdriver_btrfs')
 	EOF
 }