app-containers/podman: add 4.9.1

Upstream changelog:

Features:
* The podman farm suite of commands for multi-architecture builds is now fully enabled and documented.
* Add a network recovery service to Podman Machine VMs using the QEMU backend to detect and recover from an inoperable host networking issues experienced by Mac users when running for long periods of time.

Bugfixes:
* Fixed a bug where the HyperV provider for podman machine did not forward the API socket to the host machine.
* Fixed a bug where improperly formatted annotations passed to podman kube play could cause Podman to panic.
* Fixed a bug where podman system reset could fail if non-Podman containers (e.g. containers created by Buildah) were present.

Misc:
* Containers run in podman machine VMs now default to a PID limit of unlimited, instead of 2048.

Signed-off-by: Rahil Bhimjiani <me@rahil.rocks>
Signed-off-by: Zac Medico <zmedico@gentoo.org>

3 files changed, 138 insertions, 1 deletions

diff --git a/app-containers/podman/Manifest b/app-containers/podman/Manifest
index f77ac91daf0a..3c4bd27e99ff 100644
--- a/app-containers/podman/Manifest
+++ b/app-containers/podman/Manifest
@@ -1 +1,2 @@
 DIST podman-4.8.3.tar.gz 21565162 BLAKE2B 13d2e5800dce96ba8c1671f251c2809dc0166198b807978d44b6f10b4dd2095e909678a12518fed84a0a1b5eee5a71e944170eb55350c3af945a63910f9c8082 SHA512 13ade866b888d32ada3b38130d7cc4677591136e25234e040b478c5d002d1b7907ed46731996d25cc41b992b98b75f109c6e6eea44251f4ad89162b20266976d
+DIST podman-4.9.1.tar.gz 21573896 BLAKE2B 5005c84b0c430b790d64401d9b7e45cf8057f16add0535042ee9cd5f7af608461a13e266099fbf74631996edced3869bd019186266a7d1af82237db6fb990923 SHA512 59cece9806df3b69e202b39e0a45d71b3f6fd77dbbbe1452bc046468d5504fc52c21ad3056a89bab7d3f9a86c86e22369902e0a2840ca43e0dd3a6c4c10affc2
diff --git a/app-containers/podman/podman-4.9.1.ebuild b/app-containers/podman/podman-4.9.1.ebuild
new file mode 100644
index 000000000000..3f6774cf6770
--- /dev/null
+++ b/app-containers/podman/podman-4.9.1.ebuild
@@ -0,0 +1,136 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit go-module tmpfiles linux-info
+
+DESCRIPTION="A tool for managing OCI containers and pods with Docker-compatible CLI"
+HOMEPAGE="https://github.com/containers/podman/ https://podman.io/"
+
+if [[ ${PV} == 9999* ]]; then
+	inherit git-r3
+	EGIT_REPO_URI="https://github.com/containers/podman.git"
+else
+	SRC_URI="https://github.com/containers/podman/archive/v${PV/_rc/-rc}.tar.gz -> ${P}.tar.gz"
+	S="${WORKDIR}/${P/_rc/-rc}"
+	KEYWORDS="~amd64 ~arm64 ~riscv"
+fi
+
+# main pkg
+LICENSE="Apache-2.0"
+# deps
+LICENSE+=" BSD BSD-2 CC-BY-SA-4.0 ISC MIT MPL-2.0"
+SLOT="0"
+IUSE="apparmor btrfs cgroup-hybrid wrapper +fuse +init +rootless +seccomp selinux systemd"
+RESTRICT="test"
+
+RDEPEND="
+	app-crypt/gpgme:=
+	>=app-containers/conmon-2.0.0
+	>=app-containers/containers-common-0.56.0
+	dev-libs/libassuan:=
+	dev-libs/libgpg-error:=
+	sys-apps/shadow:=
+
+	apparmor? ( sys-libs/libapparmor )
+	btrfs? ( sys-fs/btrfs-progs )
+	cgroup-hybrid? ( >=app-containers/runc-1.0.0_rc6  )
+	!cgroup-hybrid? ( app-containers/crun )
+	wrapper? ( !app-containers/docker-cli )
+	fuse? ( sys-fs/fuse-overlayfs )
+	init? ( app-containers/catatonit )
+	rootless? ( app-containers/slirp4netns )
+	seccomp? ( sys-libs/libseccomp:= )
+	selinux? ( sec-policy/selinux-podman sys-libs/libselinux:= )
+	systemd? ( sys-apps/systemd:= )
+"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	dev-go/go-md2man
+"
+
+PATCHES=(
+	"${FILESDIR}/seccomp-toggle-4.7.0.patch"
+)
+
+CONFIG_CHECK="
+	~USER_NS
+"
+
+pkg_setup() {
+	use btrfs && CONFIG_CHECK+=" ~BTRFS_FS"
+	linux-info_pkg_setup
+}
+
+src_prepare() {
+	default
+
+	# assure necessary files are present
+	local file
+	for file in apparmor_tag btrfs_installed_tag btrfs_tag systemd_tag; do
+		[[ -f hack/"${file}".sh ]] || die
+	done
+
+	local feature
+	for feature in apparmor systemd; do
+		cat <<-EOF > hack/"${feature}"_tag.sh || die
+		#!/usr/bin/env bash
+		$(usex ${feature} "echo ${feature}" echo)
+		EOF
+	done
+
+	echo -e "#!/usr/bin/env bash\n echo" > hack/btrfs_installed_tag.sh || die
+	cat <<-EOF > hack/btrfs_tag.sh || die
+	#!/usr/bin/env bash
+	$(usex btrfs echo 'echo exclude_graphdriver_btrfs btrfs_noversion')
+	EOF
+}
+
+src_compile() {
+	export PREFIX="${EPREFIX}/usr"
+
+	# For non-live versions, prevent git operations which causes sandbox violations
+	# https://github.com/gentoo/gentoo/pull/33531#issuecomment-1786107493
+	[[ ${PV} != 9999* ]] && export COMMIT_NO="" GIT_COMMIT=""
+
+	# BUILD_SECCOMP is used in the patch to toggle seccomp
+	emake BUILDFLAGS="-v -work -x" GOMD2MAN="go-md2man" BUILD_SECCOMP="$(usex seccomp)" all $(usev wrapper docker-docs)
+}
+
+src_install() {
+	emake DESTDIR="${D}" install install.completions $(usev wrapper install.docker-full)
+
+	insinto /etc/cni/net.d
+	doins cni/87-podman-bridge.conflist
+
+	newconfd "${FILESDIR}"/podman.confd podman
+	newinitd "${FILESDIR}"/podman.initd podman
+
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}/podman.logrotated" podman
+
+	keepdir /var/lib/containers
+}
+
+pkg_preinst() {
+	PODMAN_ROOTLESS_UPGRADE=false
+	if use rootless; then
+		has_version 'app-containers/podman[rootless]' || PODMAN_ROOTLESS_UPGRADE=true
+	fi
+}
+
+pkg_postinst() {
+	tmpfiles_process podman.conf $(usev wrapper podman-docker.conf)
+
+	local want_newline=false
+	if [[ ${PODMAN_ROOTLESS_UPGRADE} == true ]] ; then
+		${want_newline} && elog ""
+		elog "For rootless operation, you need to configure subuid/subgid"
+		elog "for user running podman. In case subuid/subgid has only been"
+		elog "configured for root, run:"
+		elog "usermod --add-subuids 1065536-1131071 <user>"
+		elog "usermod --add-subgids 1065536-1131071 <user>"
+		want_newline=true
+	fi
+}
diff --git a/app-containers/podman/podman-9999.ebuild b/app-containers/podman/podman-9999.ebuild
index e71d643e48de..3f6774cf6770 100644
--- a/app-containers/podman/podman-9999.ebuild
+++ b/app-containers/podman/podman-9999.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2023 Gentoo Authors
+# Copyright 1999-2024 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=8