From 5d99e6aed4a357913facd94a26d795be612eb2ac Mon Sep 17 00:00:00 2001
From: Paul Holzinger <pholzing@redhat.com>
Date: Mon, 5 Aug 2024 19:00:07 +0200
Subject: [PATCH 1/2] add bpftrace for CI debugging

I like to run a bpftrace based program in CI to collect better logs for
specific processes not observed in the normal testing such as the podman
container cleanup command.

Given you need to have full privs to run ebpf and the package pulls in
an entire toolchain which is almost 500MB in install size we do not add
it the the container images to not bloat them without reason.

https://github.com/containers/podman/pull/23487

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
---
 cache_images/debian_packaging.sh | 9 +++++++++
 cache_images/fedora_packaging.sh | 4 ++++
 2 files changed, 13 insertions(+)

diff --git a/cache_images/debian_packaging.sh b/cache_images/debian_packaging.sh
index c1912b9a..0f13a7be 100644
--- a/cache_images/debian_packaging.sh
+++ b/cache_images/debian_packaging.sh
@@ -116,6 +116,15 @@ INSTALL_PACKAGES=(\
     zstd
 )
 
+# bpftrace is only needed on the host as containers cannot run ebpf
+# programs anyway and it is very big so we should not bloat the container
+# images unnecessarily.
+if ! ((CONTAINER)); then
+    INSTALL_PACKAGES+=( \
+        bpftrace
+    )
+fi
+
 msg "Installing general build/testing dependencies"
 bigto $SUDO apt-get -q -y install "${INSTALL_PACKAGES[@]}"
 
diff --git a/cache_images/fedora_packaging.sh b/cache_images/fedora_packaging.sh
index 9384ed77..b5c9da6e 100644
--- a/cache_images/fedora_packaging.sh
+++ b/cache_images/fedora_packaging.sh
@@ -170,8 +170,12 @@ fi
 
 # When installing during a container-build, having this present
 # will seriously screw up future dnf operations in very non-obvious ways.
+# bpftrace is only needed on the host as containers cannot run ebpf
+# programs anyway and it is very big so we should not bloat the container
+# images unnecessarily.
 if ! ((CONTAINER)); then
     INSTALL_PACKAGES+=( \
+        bpftrace
         container-selinux
         libguestfs-tools
         selinux-policy-devel

From 13b68fe5aa703fed0b0e0a06ffcf5c0fba55ed65 Mon Sep 17 00:00:00 2001
From: Paul Holzinger <pholzing@redhat.com>
Date: Mon, 5 Aug 2024 19:32:30 +0200
Subject: [PATCH 2/2] new image IDs

Bump timebomb to Sep 1st, the podman issue is still not fixed and I
haven't looked at the debian bug but I assume it is also still not
fixed.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
---
 IMG_SFX                          | 2 +-
 base_images/debian_base-setup.sh | 2 +-
 cache_images/fedora_packaging.sh | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/IMG_SFX b/IMG_SFX
index 9d1c9e02..dbb7b394 100644
--- a/IMG_SFX
+++ b/IMG_SFX
@@ -1 +1 @@
-20240708t152000z-f40f39d13
+20240805t173227z-f40f39d13
diff --git a/base_images/debian_base-setup.sh b/base_images/debian_base-setup.sh
index 639da08e..640abd7c 100644
--- a/base_images/debian_base-setup.sh
+++ b/base_images/debian_base-setup.sh
@@ -49,7 +49,7 @@ source "$REPO_DIRPATH/lib.sh"
 #     https://bugzilla.redhat.com/show_bug.cgi?id=2230127
 # 2024-01-25 dfsg-3 also has the bug
 # 2024-05-01 trixy still has 1.35+dfsg-3
-timebomb 20240801 "prevent us from getting broken tar-1.35+dfsg-3"
+timebomb 20240901 "prevent us from getting broken tar-1.35+dfsg-3"
 $SUDO tee /etc/apt/preferences.d/$(date +%Y%m%d)-tar <<EOF
 Package: tar
 Pin: version 1.35+dfsg-[23]
diff --git a/cache_images/fedora_packaging.sh b/cache_images/fedora_packaging.sh
index b5c9da6e..4cdecd43 100644
--- a/cache_images/fedora_packaging.sh
+++ b/cache_images/fedora_packaging.sh
@@ -217,6 +217,6 @@ lilto $SUDO dnf update -y
 # which causes rootless podman pods to fail.
 # https://github.com/containers/podman/issues/18543
 if ! ((CONTAINER)); then
-    timebomb 20240710 "Temporary workaround for signed rpms (ima) in rawhide"
+    timebomb 20240901 "Temporary workaround for signed rpms (ima) in rawhide"
     $SUDO setfattr -x  security.ima /usr/libexec/catatonit/catatonit || true
 fi