diff --git a/SOURCES/0001-Fix-building-with-annobin.patch b/SOURCES/0001-Fix-building-with-annobin.patch new file mode 100644 index 0000000..9083f83 --- /dev/null +++ b/SOURCES/0001-Fix-building-with-annobin.patch @@ -0,0 +1,57 @@ +From 4878775c8e0f2ea6869aff139d219f6eb0c4006c Mon Sep 17 00:00:00 2001 +From: Adrian Reber +Date: Fri, 28 Jan 2022 15:10:31 +0000 +Subject: [PATCH] Fix building with annobin + +Annobin (used at least in Fedora and RHEL) injects annotation into the +compiled objects which break the parasite and restorer. + +This removes the annobin flags as used in Fedora and RHEL and makes CRIU +work on Fedora and RHEL with annobin enabled. + +Signed-off-by: Adrian Reber +--- + compel/plugins/Makefile | 2 +- + criu/pie/Makefile | 2 +- + criu/pie/Makefile.library | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/compel/plugins/Makefile b/compel/plugins/Makefile +index e5fa781ac..37630d438 100644 +--- a/compel/plugins/Makefile ++++ b/compel/plugins/Makefile +@@ -1,4 +1,4 @@ +-CFLAGS := $(filter-out -pg $(CFLAGS-GCOV) $(CFLAGS-ASAN),$(CFLAGS)) ++CFLAGS := $(filter-out -pg $(CFLAGS-GCOV) $(CFLAGS-ASAN) -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1,$(CFLAGS)) + CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 + CFLAGS += -Wp,-U_FORTIFY_SOURCE -Wp,-D_FORTIFY_SOURCE=0 + +diff --git a/criu/pie/Makefile b/criu/pie/Makefile +index 265dcf82b..386626334 100644 +--- a/criu/pie/Makefile ++++ b/criu/pie/Makefile +@@ -4,7 +4,7 @@ + + target := parasite restorer + +-CFLAGS := $(filter-out -pg $(CFLAGS-GCOV) $(CFLAGS-ASAN),$(CFLAGS)) ++CFLAGS := $(filter-out -pg $(CFLAGS-GCOV) $(CFLAGS-ASAN) -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1,$(CFLAGS)) + CFLAGS += $(CFLAGS_PIE) + ccflags-y += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 + ccflags-y += -Wp,-U_FORTIFY_SOURCE -Wp,-D_FORTIFY_SOURCE=0 +diff --git a/criu/pie/Makefile.library b/criu/pie/Makefile.library +index da2a2fab3..6247afe7e 100644 +--- a/criu/pie/Makefile.library ++++ b/criu/pie/Makefile.library +@@ -21,7 +21,7 @@ ifeq ($(ARCH),arm) + lib-y += ./$(ARCH_DIR)/pie-cacheflush.o + endif + +-CFLAGS := $(filter-out -pg $(CFLAGS-GCOV) $(CFLAGS-ASAN),$(CFLAGS)) ++CFLAGS := $(filter-out -pg $(CFLAGS-GCOV) $(CFLAGS-ASAN) -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1,$(CFLAGS)) + CFLAGS += $(CFLAGS_PIE) + + ifeq ($(ARCH),mips) +-- +2.34.1 + diff --git a/SOURCES/0001-util-make-page-server-IPv6-safe.patch b/SOURCES/0001-util-make-page-server-IPv6-safe.patch new file mode 100644 index 0000000..c4caf3b --- /dev/null +++ b/SOURCES/0001-util-make-page-server-IPv6-safe.patch @@ -0,0 +1,64 @@ +From b9ae48172fff77d41b5cf19d334ccbe002ac0686 Mon Sep 17 00:00:00 2001 +From: Adrian Reber +Date: Tue, 7 Dec 2021 09:10:14 +0000 +Subject: [PATCH] util: make page-server IPv6 safe + +The function run_tcp_server() was the last place CRIU was still using +the IPv4 only function inet_ntoa(). It was only used during a print, so +that it did not really break anything, but with this commit the output +is now no longer: + + Accepted connection from 0.0.0.0:58396 + +but correctly displaying the IPv6 address + + Accepted connection from ::1:58398 + +if connecting via IPv6. + +Signed-off-by: Adrian Reber +--- + criu/util.c | 15 +++++++++++---- + 1 file changed, 11 insertions(+), 4 deletions(-) + +diff --git a/criu/util.c b/criu/util.c +index 2917102fd..822822186 100644 +--- a/criu/util.c ++++ b/criu/util.c +@@ -1098,7 +1098,7 @@ out: + int run_tcp_server(bool daemon_mode, int *ask, int cfd, int sk) + { + int ret; +- struct sockaddr_in caddr; ++ struct sockaddr_storage caddr; + socklen_t clen = sizeof(caddr); + + if (daemon_mode) { +@@ -1126,14 +1126,20 @@ int run_tcp_server(bool daemon_mode, int *ask, int cfd, int sk) + return -1; + + if (sk >= 0) { ++ char port[6]; ++ char address[INET6_ADDRSTRLEN]; + *ask = accept(sk, (struct sockaddr *)&caddr, &clen); + if (*ask < 0) { + pr_perror("Can't accept connection to server"); + goto err; +- } else +- pr_info("Accepted connection from %s:%u\n", +- inet_ntoa(caddr.sin_addr), +- (int)ntohs(caddr.sin_port)); ++ } ++ ret = getnameinfo((struct sockaddr *)&caddr, clen, address, sizeof(address), port, sizeof(port), ++ NI_NUMERICHOST | NI_NUMERICSERV); ++ if (ret) { ++ pr_err("Failed converting address: %s\n", gai_strerror(ret)); ++ goto err; ++ } ++ pr_info("Accepted connection from %s:%s\n", address, port); + close(sk); + } + +-- +2.34.1 + diff --git a/SPECS/criu.spec b/SPECS/criu.spec index a5aa580..1679283 100644 --- a/SPECS/criu.spec +++ b/SPECS/criu.spec @@ -5,13 +5,9 @@ # that is fixed, disable LTO. %global _lto_cflags %%{nil} -# With annobin enabled, CRIU does not work anymore. It seems CRIU's -# parasite code breaks if annobin is enabled. -%undefine _annotated_build - Name: criu Version: 3.15 -Release: 12%{?dist} +Release: 13%{?dist} Provides: crtools = %{version}-%{release} Obsoletes: crtools <= 1.0-2 Summary: Tool for Checkpoint/Restore in User-space @@ -31,6 +27,9 @@ BuildRequires: make # Checkpointing containers with a tmpfs requires tar Recommends: tar +Patch0: 0001-util-make-page-server-IPv6-safe.patch +Patch1: 0001-Fix-building-with-annobin.patch + # user-space and kernel changes are only available for x86_64, arm, # ppc64le, aarch64 and s390x # https://bugzilla.redhat.com/show_bug.cgi?id=902875 @@ -74,6 +73,8 @@ their content in human-readable form. %prep %setup -q +%patch0 -p1 +%patch1 -p1 %build # %{?_smp_mflags} does not work @@ -118,6 +119,10 @@ rm -rf $RPM_BUILD_ROOT%{_libexecdir}/%{name} %doc %{_mandir}/man1/crit.1* %changelog +* Mon Jan 31 2022 Adrian Reber - 3.15-13 +- Apply patch to build with annobin enabled +- Apply patch to fix unsafe IPv6 handling + * Mon Sep 6 2021 Radostin Stoyanov - 3.15-12 - Increase release number from 11 to 12 - Disable podman test when crun doesn't support checkpoint/restore