From d3d9a8a7e792a6c594097d8d35312a9d1735afa5 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 19 2015 16:15:41 +0000 Subject: import criu-1.6.1-3.el7 --- diff --git a/.criu.metadata b/.criu.metadata new file mode 100644 index 0000000..32249b0 --- /dev/null +++ b/.criu.metadata @@ -0,0 +1 @@ +511205e8fb4b170e70e3e97073c7d886d382b088 SOURCES/criu-1.6.1.tar.bz2 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..9571d2a --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/criu-1.6.1.tar.bz2 diff --git a/README.md b/README.md deleted file mode 100644 index 98f42b4..0000000 --- a/README.md +++ /dev/null @@ -1,4 +0,0 @@ -The master branch has no content - -Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6 -If you find this file in a distro specific branch, it means that no content has been checked in yet diff --git a/SOURCES/98c8e44f749dd7ed0aa8c540f566bda54d7adfa1.patch b/SOURCES/98c8e44f749dd7ed0aa8c540f566bda54d7adfa1.patch new file mode 100644 index 0000000..2e976a1 --- /dev/null +++ b/SOURCES/98c8e44f749dd7ed0aa8c540f566bda54d7adfa1.patch @@ -0,0 +1,68 @@ +From 98c8e44f749dd7ed0aa8c540f566bda54d7adfa1 Mon Sep 17 00:00:00 2001 +From: Andrey Vagin +Date: Thu, 2 Jul 2015 12:47:07 +0300 +Subject: [PATCH] pipe: don't create a tranport descriptor for inhereted pipes + +Otherwise we can get an error like this: +1: \t\tCreate transport fd /crtools-fd-1-5 +... +1: Found id pipe:[122747] (fd 8) in inherit fd list +1: File pipe:[122747] will be restored from fd 9 duped from inherit + +1: Error (util.c:131): fd 5 already in use (called at files.c:872) +Signed-off-by: Andrey Vagin +Signed-off-by: Pavel Emelyanov +--- + files.c | 3 +++ + pipes.c | 20 ++++++++++++-------- + 2 files changed, 15 insertions(+), 8 deletions(-) + +diff --git a/files.c b/files.c +index 4eeb988..3e69be7 100644 +--- a/files.c ++++ b/files.c +@@ -1394,6 +1394,9 @@ bool inherited_fd(struct file_desc *d, int *fd_p) + if (i_fd < 0) + return false; + ++ if (fd_p == NULL) ++ return true; ++ + *fd_p = dup(i_fd); + if (*fd_p < 0) + pr_perror("Inherit fd DUP failed"); +diff --git a/pipes.c b/pipes.c +index 7590472..62f550c 100644 +--- a/pipes.c ++++ b/pipes.c +@@ -393,18 +393,22 @@ static int collect_one_pipe(void *o, ProtobufCMessage *base) + pr_info("Collected pipe entry ID %#x PIPE ID %#x\n", + pi->pe->id, pi->pe->pipe_id); + +- list_for_each_entry(tmp, &pipes, list) +- if (pi->pe->pipe_id == tmp->pe->pipe_id) +- break; ++ if (file_desc_add(&pi->d, pi->pe->id, &pipe_desc_ops)) ++ return -1; + +- if (&tmp->list == &pipes) +- INIT_LIST_HEAD(&pi->pipe_list); +- else +- list_add(&pi->pipe_list, &tmp->pipe_list); ++ INIT_LIST_HEAD(&pi->pipe_list); ++ if (!inherited_fd(&pi->d, NULL)) { ++ list_for_each_entry(tmp, &pipes, list) ++ if (pi->pe->pipe_id == tmp->pe->pipe_id) ++ break; ++ ++ if (&tmp->list != &pipes) ++ list_add(&pi->pipe_list, &tmp->pipe_list); ++ } + + list_add_tail(&pi->list, &pipes); +- return file_desc_add(&pi->d, pi->pe->id, &pipe_desc_ops); + ++ return 0; + } + + struct collect_image_info pipe_cinfo = { diff --git a/SOURCES/aio-fix.patch b/SOURCES/aio-fix.patch new file mode 100644 index 0000000..dbe63ed --- /dev/null +++ b/SOURCES/aio-fix.patch @@ -0,0 +1,11 @@ +--- a/aio.c 2015-07-01 11:02:50.360004543 -0400 ++++ b/aio.c 2015-07-01 11:03:33.099757812 -0400 +@@ -61,7 +61,7 @@ + * up back to the k_max_reqs. + */ + +- return (k_max_reqs - 2) / 2; ++ return (k_max_reqs - 2); + } + + unsigned long aio_rings_args_size(struct vm_area_list *vmas) diff --git a/SOURCES/criu-check-for-CLONE_NEWUSER-CLONE_NEWPID.patch b/SOURCES/criu-check-for-CLONE_NEWUSER-CLONE_NEWPID.patch new file mode 100644 index 0000000..736889d --- /dev/null +++ b/SOURCES/criu-check-for-CLONE_NEWUSER-CLONE_NEWPID.patch @@ -0,0 +1,65 @@ +check: try to call clone with CLONE_NEWPID and CLONE_PARENT + +This combination was forbidden in 3.12 +commit 40a0d32d1eaffe6aac7324ca92604b6b3977eb0e : +"fork: unify and tighten up CLONE_NEWUSER/CLONE_NEWPID checks" + +and then it was permited again in 3.13: +commit 1f7f4dde5c945f41a7abc2285be43d918029ecc5 +fork: Allow CLONE_PARENT after setns(CLONE_NEWPID) + +Cc: Adrian Reber +Signed-off-by: Andrey Vagin +--- + cr-check.c | 28 ++++++++++++++++++++++++++++ + 1 file changed, 28 insertions(+) + +diff --git a/cr-check.c b/cr-check.c +index 7cf796a..bf1b729 100644 +--- a/cr-check.c ++++ b/cr-check.c +@@ -688,6 +688,33 @@ static int check_fdinfo_lock(void) + return 0; + } + ++struct clone_arg { ++ /* ++ * Reserve some space for clone() to locate arguments ++ * and retcode in this place ++ */ ++ char stack[128] __attribute__((aligned (8))); ++ char stack_ptr[0]; ++}; ++ ++static int clone_cb(void *_arg) { ++ exit(0); ++} ++ ++static int check_clone_parent_vs_pid() ++{ ++ struct clone_arg ca; ++ pid_t pid; ++ ++ pid = clone(clone_cb, ca.stack_ptr, CLONE_NEWPID | CLONE_PARENT, &ca); ++ if (pid < 0) { ++ pr_err("CLONE_PARENT | CLONE_NEWPID don't work together\n"); ++ return -1; ++ } ++ ++ return 0; ++} ++ + static int (*chk_feature)(void); + + int cr_check(void) +@@ -741,6 +768,7 @@ int cr_check(void) + ret |= check_mnt_id(); + ret |= check_aio_remap(); + ret |= check_fdinfo_lock(); ++ ret |= check_clone_parent_vs_pid(); + + out: + if (!ret) +-- +2.1.0 + diff --git a/SOURCES/tech-preview-info-bz1243521.patch b/SOURCES/tech-preview-info-bz1243521.patch new file mode 100644 index 0000000..baaaefe --- /dev/null +++ b/SOURCES/tech-preview-info-bz1243521.patch @@ -0,0 +1,29 @@ +--- criu-1.6.1/crtools.c 2015-08-12 10:30:50.000000000 +0200 ++++ crtools.c 2015-08-28 15:22:08.231877095 +0200 +@@ -42,6 +42,8 @@ + + #include "setproctitle.h" + ++#include ++ + struct cr_options opts; + + void init_opts(void) +@@ -524,6 +526,17 @@ + if (log_init(opts.output)) + return 1; + ++ /* ++ * Mark criu as tech preview for RHEL7.2 ++ */ ++ pr_msg("TECH PREVIEW: criu may not be fully supported.\n"); ++ pr_msg("Please review provided documentation for limitations.\n\n"); ++ ++ openlog("criu", LOG_PID, LOG_USER); ++ syslog(LOG_NOTICE, "TECH PREVIEW: criu may not be fully supported."); ++ syslog(LOG_NOTICE, "Please review provided documentation for limitations."); ++ closelog(); ++ + if (!list_empty(&opts.inherit_fds)) { + if (strcmp(argv[optind], "restore")) { + pr_err("--inherit-fd is restore-only option\n"); diff --git a/SPECS/criu.spec b/SPECS/criu.spec new file mode 100644 index 0000000..6d06261 --- /dev/null +++ b/SPECS/criu.spec @@ -0,0 +1,261 @@ +Name: criu +Version: 1.6.1 +Release: 3%{?dist} +Provides: crtools = %{version}-%{release} +Obsoletes: crtools <= 1.0-2 +Summary: Tool for Checkpoint/Restore in User-space +Group: System Environment/Base +License: GPLv2 +URL: http://criu.org/ +Source0: http://download.openvz.org/criu/criu-%{version}.tar.bz2 +# The patch aio-fix.patch is needed as RHEL7 +# doesn't do "nr_events *= 2" in ioctx_alloc(). +Patch0: aio-fix.patch +# This patch fixes criu check to correctly detect if +# the kernel supports all required clone arguments. +Patch1: criu-check-for-CLONE_NEWUSER-CLONE_NEWPID.patch +# This patches prints to the console and syslog +# that criu is still a tech preview and unsupported. +# https://bugzilla.redhat.com/show_bug.cgi?id=1243521 +Patch2: tech-preview-info-bz1243521.patch +Patch3: 98c8e44f749dd7ed0aa8c540f566bda54d7adfa1.patch + +BuildRequires: systemd + +BuildRequires: protobuf-devel protobuf-c-devel python2-devel +%if 0%{?fedora} +BuildRequires: asciidoc xmlto +%endif + +# user-space and kernel changes are only available for x86_64 and ARM +# code is very architecture specific +# once imported in RCS it needs a bug openend explaining the ExclusiveArch +# https://bugzilla.redhat.com/show_bug.cgi?id=902875 +ExclusiveArch: x86_64 %{arm} + +%description +criu is the user-space part of Checkpoint/Restore in User-space +(CRIU), a project to implement checkpoint/restore functionality for +Linux in user-space. + +%if 0%{?fedora} +%package devel +Summary: Header files and libraries for %{name} +Group: Development/Libraries +Requires: %{name} = %{version}-%{release} + +%description devel +This package contains header files and libraries for %{name}. +%endif + +%package -n python-%{name} +Summary: Python bindings for %{name} +Group: Development/Languages +Requires: %{name} = %{version}-%{release} python-ipaddr protobuf-python + +%description -n python-%{name} +python-%{name} contains Python bindings for %{name}. + +%package -n crit +Summary: CRIU image tool +Requires: python-%{name} = %{version}-%{release} + +%description -n crit +crit is a tool designed to decode CRIU binary dump files and show +their content in human-readable form. + + +%prep +%setup -q -n criu-%{version} +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 + +%build +# %{?_smp_mflags} does not work +# -fstack-protector breaks build +CFLAGS+=`echo %{optflags} | sed -e 's,-fstack-protector\S*,,g'` make V=1 WERROR=0 PREFIX=%{_prefix} +%if 0%{?fedora} +make docs V=1 +%endif + + +%install +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d +%if 0%{?rhel} +# disable documentation as it requires asciidoc (which is not available on RHEL7) +sed -i -e 's,$(CRIU-LIB) install-man,$(CRIU-LIB),g' Makefile +%endif +make install DESTDIR=$RPM_BUILD_ROOT PREFIX=%{_prefix} LIBDIR=%{_libdir} LOGROTATEDIR=%{_sysconfdir}/logrotate.d + +%if 0%{?rhel} +# remove criu daemon related files +rm $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/criu-service +rm $RPM_BUILD_ROOT%{_unitdir}/criu.service +rm $RPM_BUILD_ROOT%{_unitdir}/criu.socket +# remove devel package +rm -rf $RPM_BUILD_ROOT%{_includedir}/criu +rm $RPM_BUILD_ROOT%{_libdir}/*.so* +rm -rf $RPM_BUILD_ROOT%{_libdir}/pkgconfig +%endif + +%if 0%{?fedora} +# upstream renamed to binary to criu +ln -s %{_sbindir}/criu $RPM_BUILD_ROOT%{_sbindir}/crtools +%endif + +%post -p /sbin/ldconfig +%postun -p /sbin/ldconfig + +%files +%{_sbindir}/%{name} +%if 0%{?fedora} +%{_sbindir}/crtools +%doc %{_mandir}/man8/criu.8* +%{_unitdir}/criu.service +%{_unitdir}/criu.socket +%{_sysconfdir}/logrotate.d/%{name}-service +%{_libdir}/*.so.* +%endif +%doc README.md COPYING + +%if 0%{?fedora} +%files devel +%{_includedir}/criu +%{_libdir}/*.so +%{_libdir}/pkgconfig/*.pc +%endif + +%files -n python-%{name} +%{python2_sitelib}/pycriu/* +%{python2_sitelib}/*egg-info + +%files -n crit +%{_bindir}/crit + + +%changelog +* Mon Aug 31 2015 Adrian Reber - 1.6.1-3 +- added patch to fix broken docker checkpoint/restore (#1258539) + +* Fri Aug 28 2015 Adrian Reber - 1.6.1-2 +- removed criu.service (CVE-2015-5228, CVE-2015-5231) +- removed devel sub-package (related to above CVEs) + +* Wed Aug 19 2015 Adrian Reber - 1.6.1-1.1 +- fix release version number + +* Thu Aug 13 2015 Adrian Reber - 1.6.1-1 +- Update to 1.6.1 +- Merge changes for RHEL packaging + +* Wed Jun 17 2015 Fedora Release Engineering - 1.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Tue Jun 09 2015 Adrian Reber - 1.6-1.1 +- adapt to RHEL7 + +* Mon Jun 01 2015 Andrew Vagin - 1.6-1 +- Update to 1.6 + +* Thu Apr 30 2015 Andrew Vagin - 1.5.2-2 +- Require protobuf-python and python-ipaddr for python-criu + +* Tue Apr 28 2015 Andrew Vagin - 1.5.2 +- Update to 1.5.2 + +* Sun Apr 19 2015 Nikita Spiridonov - 1.5.1-2 +- Create python-criu and crit subpackages + +* Tue Mar 31 2015 Andrew Vagin - 1.5.1 +- Update to 1.5.1 + +* Sat Dec 06 2014 Adrian Reber - 1.4-1 +- Update to 1.4 + +* Tue Sep 23 2014 Adrian Reber - 1.3.1-1 +- Update to 1.3.1 (#1142896) + +* Tue Sep 02 2014 Adrian Reber - 1.3-1 +- Update to 1.3 +- Dropped all upstreamed patches +- included pkgconfig file in -devel + +* Sat Aug 16 2014 Fedora Release Engineering - 1.2-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Thu Aug 07 2014 Andrew Vagin - 1.2-4 +- Include inttypes.h for PRI helpers + +* Thu Aug 07 2014 Andrew Vagin - 1.2-3 +- Rebuilt for https://bugzilla.redhat.com/show_bug.cgi?id=1126751 + +* Sat Jun 07 2014 Fedora Release Engineering - 1.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Fri Feb 28 2014 Adrian Reber - 1.2-1 +- Update to 1.2 +- Dropped all upstreamed patches + +* Tue Feb 04 2014 Adrian Reber - 1.1-4 +- Create -devel subpackage + +* Wed Dec 11 2013 Andrew Vagin - 1.0-3 +- Fix the epoch of crtools + +* Tue Dec 10 2013 Andrew Vagin - 1.0-2 +- Rename crtools to criu #1034677 + +* Wed Nov 27 2013 Andrew Vagin - 1.0-1 +- Update to 1.0 + +* Thu Oct 24 2013 Andrew Vagin - 0.8-1 +- Update to 0.8 + +* Tue Sep 10 2013 Andrew Vagin - 0.7-1 +- Update to 0.7 + +* Sat Aug 03 2013 Fedora Release Engineering - 0.6-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Wed Jul 24 2013 Andrew Vagin - 0.6-3 +- Delete all kind of -fstack-protector gcc options + +* Wed Jul 24 2013 Andrew Vagin - 0.6-3 +- Added arm macro to ExclusiveArch + +* Wed Jul 03 2013 Andrew Vagin - 0.6-2 +- fix building on ARM +- fix null pointer dereference + +* Tue Jul 02 2013 Adrian Reber - 0.6-1 +- updated to 0.6 +- upstream moved binaries to sbin +- using upstream's make install + +* Tue May 14 2013 Adrian Reber - 0.5-1 +- updated to 0.5 + +* Fri Feb 22 2013 Adrian Reber - 0.4-1 +- updated to 0.4 + +* Wed Feb 13 2013 Fedora Release Engineering - 0.3-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Tue Jan 22 2013 Adrian Reber - 0.3-3 +- added ExclusiveArch blocker bug + +* Fri Jan 18 2013 Adrian Reber - 0.3-2 +- improved Summary and Description + +* Mon Jan 14 2013 Adrian Reber - 0.3-1 +- updated to 0.3 +- fix building Documentation/ + +* Tue Aug 21 2012 Adrian Reber - 0.2-2 +- remove macros like %%{__mkdir_p} and %%{__install} +- add comment why it is only x86_64 + +* Tue Aug 21 2012 Adrian Reber - 0.2-1 +- initial release