diff --git a/.criu.metadata b/.criu.metadata new file mode 100644 index 0000000..52bb375 --- /dev/null +++ b/.criu.metadata @@ -0,0 +1 @@ +548d575d89e872c153a756c274e438995eb4e823 SOURCES/criu-3.14.tar.bz2 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1c6f0d3 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/criu-3.14.tar.bz2 diff --git a/SOURCES/criu-1838991.patch b/SOURCES/criu-1838991.patch new file mode 100644 index 0000000..f8c2a03 --- /dev/null +++ b/SOURCES/criu-1838991.patch @@ -0,0 +1,121 @@ +From ce733f4be5791911c009c57e803f3a08d3270a0c Mon Sep 17 00:00:00 2001 +From: Adrian Reber +Date: Wed, 20 May 2020 11:57:22 +0000 +Subject: [PATCH 1/3] coverity: fix RESOURCE_LEAK criu/timens.c: 67 + + 7. criu-3.14/criu/timens.c:67: leaked_storage: Variable "img" going out of scope leaks the storage it points to. + 65| if (id == 0 && empty_image(img)) { + 66| pr_warn("Clocks values have not been dumped\n"); + 67|-> return 0; + 68| } + +Signed-off-by: Adrian Reber +--- + criu/timens.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/criu/timens.c b/criu/timens.c +index 2a7e952845..f81808abf8 100644 +--- criu-3.14/criu/timens.c ++++ criu-3.14/criu/timens.c +@@ -64,6 +64,7 @@ int prepare_timens(int id) + + if (id == 0 && empty_image(img)) { + pr_warn("Clocks values have not been dumped\n"); ++ close_image(img); + return 0; + } + + +From e7e4e46cfebd69efe8681395380528826df0d529 Mon Sep 17 00:00:00 2001 +From: Adrian Reber +Date: Wed, 20 May 2020 12:19:36 +0000 +Subject: [PATCH 2/3] coverity: fix FORWARD_NULL in criu/proc_parse.c: 1481 + +8. criu-3.14/criu/proc_parse.c:1511: var_deref_model: Passing null pointer "f" to "fclose", which dereferences it. + 1509| exit_code = 0; + 1510| out: + 1511|-> fclose(f); + 1512| return exit_code; + 1513| } + +Signed-off-by: Adrian Reber +--- + criu/proc_parse.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/criu/proc_parse.c b/criu/proc_parse.c +index 4a22700aa3..d1ccd9281b 100644 +--- criu-3.14/criu/proc_parse.c ++++ criu-3.14/criu/proc_parse.c +@@ -1480,7 +1480,7 @@ int parse_timens_offsets(struct timespec *boff, struct timespec *moff) + f = fopen_proc(PROC_SELF, "timens_offsets"); + if (!f) { + pr_perror("Unable to open /proc/self/timens_offsets"); +- goto out; ++ return exit_code; + } + while (fgets(buf, BUF_SIZE, f)) { + int64_t sec, nsec; + +From 6b44ddf4587ecbda65c15d462a94708ac2f6f602 Mon Sep 17 00:00:00 2001 +From: Adrian Reber +Date: Wed, 20 May 2020 12:38:55 +0000 +Subject: [PATCH 3/3] clang: Branch condition evaluates to a garbage value + +criu-3.14/criu/namespaces.c:692:7: warning: Branch condition evaluates to a garbage value + +criu-3.14/criu/namespaces.c:690:3: note: 'supported' declared without an initial value + protobuf_c_boolean supported; + ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ +criu-3.14/criu/namespaces.c:691:8: note: Calling 'get_ns_id' + id = get_ns_id(pid, &time_for_children_ns_desc, &supported); + ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +criu-3.14/criu/namespaces.c:479:9: note: Calling '__get_ns_id' + return __get_ns_id(pid, nd, supported, NULL); + ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +criu-3.14/criu/namespaces.c:454:6: note: Assuming 'proc_dir' is < 0 + if (proc_dir < 0) + ^~~~~~~~~~~~ +criu-3.14/criu/namespaces.c:454:2: note: Taking true branch + if (proc_dir < 0) + ^ +criu-3.14/criu/namespaces.c:455:3: note: Returning without writing to '*supported' + return 0; + ^ +criu-3.14/criu/namespaces.c:479:9: note: Returning from '__get_ns_id' + return __get_ns_id(pid, nd, supported, NULL); + ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +criu-3.14/criu/namespaces.c:479:2: note: Returning without writing to '*supported' + return __get_ns_id(pid, nd, supported, NULL); + ^ +criu-3.14/criu/namespaces.c:691:8: note: Returning from 'get_ns_id' + id = get_ns_id(pid, &time_for_children_ns_desc, &supported); + ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +criu-3.14/criu/namespaces.c:692:7: note: Branch condition evaluates to a garbage value + if (!supported || !id) { + ^~~~~~~~~~ +690| protobuf_c_boolean supported; +691| id = get_ns_id(pid, &time_for_children_ns_desc, &supported); +692|-> if (!supported || !id) { +693| pr_err("Can't make timens id\n"); +694| + +Signed-off-by: Adrian Reber +--- + criu/namespaces.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/criu/namespaces.c b/criu/namespaces.c +index 89d97c7bce..04f242505d 100644 +--- criu-3.14/criu/namespaces.c ++++ criu-3.14/criu/namespaces.c +@@ -687,7 +687,7 @@ int dump_task_ns_ids(struct pstree_item *item) + } + if (ids->has_time_ns_id) { + unsigned int id; +- protobuf_c_boolean supported; ++ protobuf_c_boolean supported = false; + id = get_ns_id(pid, &time_for_children_ns_desc, &supported); + if (!supported || !id) { + pr_err("Can't make timens id\n"); diff --git a/SOURCES/criu-tmpfiles.conf b/SOURCES/criu-tmpfiles.conf new file mode 100644 index 0000000..66cc5bf --- /dev/null +++ b/SOURCES/criu-tmpfiles.conf @@ -0,0 +1 @@ +d /run/criu 0755 root root - diff --git a/SPECS/criu.spec b/SPECS/criu.spec new file mode 100644 index 0000000..488b899 --- /dev/null +++ b/SPECS/criu.spec @@ -0,0 +1,444 @@ +%global py_prefix python3 +%global py_binary %{py_prefix} + +# With annobin enabled, CRIU does not work anymore. It seems CRIU's +# parasite code breaks if annobin is enabled. +%undefine _annotated_build + +Name: criu +Version: 3.14 +Release: 2%{?dist} +Provides: crtools = %{version}-%{release} +Obsoletes: crtools <= 1.0-2 +Summary: Tool for Checkpoint/Restore in User-space +License: GPLv2 +URL: http://criu.org/ +Source0: http://download.openvz.org/criu/criu-%{version}.tar.bz2 +Source1: criu-tmpfiles.conf +# related bug: https://bugzilla.redhat.com/show_bug.cgi?id=1838991 +# patch: https://patch-diff.githubusercontent.com/raw/checkpoint-restore/criu/pull/1075.patch +Patch0: criu-1838991.patch +BuildRequires: gcc +BuildRequires: systemd +BuildRequires: libnet-devel +BuildRequires: protobuf-devel protobuf-c-devel %{py_prefix}-devel libnl3-devel libcap-devel +BuildRequires: asciidoc xmlto +BuildRequires: perl-interpreter +BuildRequires: libselinux-devel +# Checkpointing containers with a tmpfs requires tar +Recommends: tar + +# user-space and kernel changes are only available for x86_64, arm, +# ppc64le, aarch64 and s390x +# https://bugzilla.redhat.com/show_bug.cgi?id=902875 +ExclusiveArch: x86_64 %{arm} ppc64le aarch64 s390x + +%description +criu is the user-space part of Checkpoint/Restore in User-space +(CRIU), a project to implement checkpoint/restore functionality for +Linux in user-space. + +%package -n %{py_prefix}-%{name} +%{?python_provide:%python_provide %{py_prefix}-%{name}} +Summary: Python bindings for %{name} +Requires: %{py_prefix}-protobuf +Obsoletes: python2-criu < 3.10-1 + +%description -n %{py_prefix}-%{name} +%{py_prefix}-%{name} contains Python bindings for %{name}. + +%package -n crit +Summary: CRIU image tool +Requires: %{py_prefix}-%{name} = %{version}-%{release} + +%description -n crit +crit is a tool designed to decode CRIU binary dump files and show +their content in human-readable form. + +%prep +%autosetup -p1 + +%build +# %{?_smp_mflags} does not work +# -fstack-protector breaks build +CFLAGS+=`echo %{optflags} | sed -e 's,-fstack-protector\S*,,g'` make V=1 WERROR=0 PREFIX=%{_prefix} RUNDIR=/run/criu PYTHON=%{py_binary} +make docs V=1 + +%install +make install-criu DESTDIR=$RPM_BUILD_ROOT PREFIX=%{_prefix} LIBDIR=%{_libdir} +make install-lib DESTDIR=$RPM_BUILD_ROOT PREFIX=%{_prefix} LIBDIR=%{_libdir} PYTHON=%{py_binary} +make install-man DESTDIR=$RPM_BUILD_ROOT PREFIX=%{_prefix} LIBDIR=%{_libdir} +mkdir -p %{buildroot}%{_tmpfilesdir} +install -m 0644 %{SOURCE1} %{buildroot}%{_tmpfilesdir}/%{name}.conf +install -d -m 0755 %{buildroot}/run/%{name}/ + +# remove devel and libs packages +rm -rf $RPM_BUILD_ROOT%{_includedir}/criu +rm $RPM_BUILD_ROOT%{_libdir}/*.so* +rm $RPM_BUILD_ROOT%{_libdir}/*.a +rm $RPM_BUILD_ROOT%{_mandir}/man1/compel.1* +rm -rf $RPM_BUILD_ROOT%{_libdir}/pkgconfig +rm -rf $RPM_BUILD_ROOT%{_libexecdir}/%{name} + +%files +%{_sbindir}/%{name} +%{_mandir}/man8/criu.8* +%dir /run/%{name} +%{_tmpfilesdir}/%{name}.conf +%doc README.md COPYING + +%files -n %{py_prefix}-%{name} +%{python3_sitelib}/pycriu/* +%{python3_sitelib}/*egg-info + +%files -n crit +%{_bindir}/crit +%doc %{_mandir}/man1/crit.1* + +%changelog +* Mon May 25 2020 Jindrich Novy - 3.14-2 +- fix "Need to fix bugs found by coverity." +- Related: #1821193 + +* Tue May 12 2020 Jindrich Novy - 3.14-1 +- synchronize containter-tools 8.3.0 with 8.2.1 +- Related: #1821193 + +* Mon May 13 2019 Adrian Reber - 3.12-9 +- Added additional fixup patches for the socket labelling + +* Sat May 04 2019 Adrian Reber - 3.12-8 +- Patch for socket labelling has changed upstream + +* Mon Apr 29 2019 Adrian Reber - 3.12-4 +- Applied patch to correctly restore socket()s + +* Sat Apr 27 2019 Adrian Reber - 3.12-3 +- Correctly exclude libs and devel for RHEL + +* Thu Apr 25 2019 Adrian Reber - 3.12-2 +- Updated to official 3.12 + +* Tue Apr 23 2019 Adrian Reber - 3.12-0.1 +- Updated to 3.12 (pre-release) +- Create libs subpackage +- Build against SELinux (Fedora and RHEL8) +- Build against libbsd (Fedora) + +* Thu Feb 14 2019 Adrian Reber - 3.11-2 +- Updated to 3.11 +- Removed upstreamed patches +- Added patch for gcc-9 + +* Tue Dec 11 2018 Adrian Reber - 3.10-7 +- Fix 'criu check --feature link_nsid' with more than 10 interfaces (#1652442) + +* Tue Dec 11 2018 Adrian Reber - 3.10-6 +- Make sure no iptables rules are left after restore (#1652471) + +* Tue Oct 30 2018 Adrian Reber - 3.10-5 +- Added Recommends: tar + It is necessary when checkpointing containers with a tmpfs + +* Mon Jul 16 2018 Adrian Reber - 3.10-4 +- Add patch to fix errors with read-only runc + +* Thu Jul 12 2018 Fedora Release Engineering - 3.10-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Wed Jul 11 2018 Adrian Reber - 3.10-2 +- Disable annobin as it seems to break CRIU + +* Tue Jul 10 2018 Adrian Reber - 3.10-1 +- Update to 3.10 (#1599710) +- Switch to python3 + +* Wed Jun 06 2018 Adrian Reber - 3.9-2 +- Simplify ExclusiveArch now that there is no more F26 + +* Fri Jun 01 2018 Adrian Reber - 3.9-1 +- Update to 3.9 + +* Tue Apr 03 2018 Adrian Reber - 3.8.1-1 +- Update to 3.8.1 + +* Thu Mar 22 2018 Adrian Reber - 3.8-2 +- Bump release for COPR + +* Wed Mar 14 2018 Adrian Reber - 3.8-1 +- Update to 3.8 + +* Wed Feb 07 2018 Fedora Release Engineering - 3.7-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Sat Feb 03 2018 Igor Gnatenko - 3.7-4 +- Switch to %%ldconfig_scriptlets + +* Fri Jan 12 2018 Adrian Reber - 3.7-3 +- Fix python/python2 dependencies accross all branches + +* Wed Jan 03 2018 Merlin Mathesius - 3.7-2 +- Cleanup spec file conditionals + +* Sat Dec 30 2017 Adrian Reber - 3.7-1 +- Update to 3.7 + +* Fri Dec 15 2017 Iryna Shcherbina - 3.6-2 +- Update Python 2 dependency declarations to new packaging standards + (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) + +* Thu Oct 26 2017 Adrian Reber - 3.6-1 +- Update to 3.6 + +* Wed Oct 18 2017 Adrian Reber - 3.5-5 +- Added patch to fix build on Fedora rawhide aarch64 + +* Tue Oct 10 2017 Adrian Reber - 3.5-4 +- Upgrade imported manpages to 3.5 + +* Mon Oct 09 2017 Adrian Reber - 3.5-3 +- Fix ExclusiveArch on RHEL + +* Mon Oct 02 2017 Adrian Reber - 3.5-2 +- Merge RHEL and Fedora spec file + +* Thu Sep 28 2017 Adrian Reber - 3.5-1 +- Update to 3.5 (#1496614) + +* Sun Aug 27 2017 Adrian Reber - 3.4-1 +- Update to 3.4 (#1483774) +- Removed upstreamed patches +- Added s390x (#1475719) + +* Sat Aug 19 2017 Zbigniew Jędrzejewski-Szmek - 3.3-5 +- Python 2 binary package renamed to python2-criu + See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3 + +* Wed Aug 02 2017 Fedora Release Engineering - 3.3-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 3.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Thu Jul 20 2017 Adrian Reber - 3.3-2 +- Added patches to handle changes in glibc + +* Wed Jul 19 2017 Adrian Reber - 3.3-1 +- Update to 3.3 + +* Fri Jun 30 2017 Adrian Reber - 3.2.1-2 +- Added patches to handle unified hierarchy and new glibc + +* Wed Jun 28 2017 Adrian Reber - 3.2.1-1 +- Update to 3.2.1-1 + +* Tue Jun 13 2017 Orion Poplawski - 3.1-2 +- Rebuild for protobuf 3.3.1 + +* Mon May 22 2017 Adrian Reber - 3.1-1 +- Update to 3.1 + +* Tue Apr 25 2017 Adrian Reber - 3.0-1 +- Update to 3.0 + +* Thu Mar 09 2017 Adrian Reber - 2.12-1 +- Update to 2.12 + +* Fri Feb 17 2017 Adrian Reber - 2.11.1-1 +- Update to 2.11.1 + +* Thu Feb 16 2017 Adrian Reber - 2.11-1 +- Update to 2.11 + +* Mon Feb 13 2017 Adrian Reber - 2.10-4 +- Added patch to fix build on ppc64le + +* Fri Feb 10 2017 Fedora Release Engineering - 2.10-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Mon Jan 23 2017 Orion Poplawski - 2.10-2 +- Rebuild for protobuf 3.2.0 + +* Mon Jan 16 2017 Adrian Reber - 2.10-1 +- Update to 2.10 + +* Mon Dec 12 2016 Adrian Reber - 2.9-1 +- Update to 2.9 +- Added crit manpage to crit subpackage + +* Sat Nov 19 2016 Orion Poplawski - 2.8-2 +- Rebuild for protobuf 3.1.0 + +* Tue Nov 15 2016 Adrian Reber - 2.8-1 +- Update to 2.8 +- Dropped 'mount_resolve_path()' patch + +* Wed Oct 19 2016 Adrian Reber - 2.7-2 +- Added upstream patch to fix #1381351 + ("criu: mount_resolve_path(): criu killed by SIGSEGV") + +* Wed Oct 19 2016 Adrian Reber - 2.7-1 +- Update to 2.7 + +* Tue Sep 13 2016 Adrian Reber - 2.6-1 +- Update to 2.6 + +* Tue Aug 30 2016 Adrian Reber - 2.5-1 +- Update to 2.5 + +* Tue Jul 19 2016 Fedora Release Engineering - 2.4-2 +- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages + +* Tue Jul 12 2016 Adrian Reber - 2.4-1 +- Update to 2.4 + +* Tue Jun 14 2016 Adrian Reber - 2.3-1 +- Update to 2.3 +- Copy man-page from Fedora 24 for RHEL + +* Mon May 23 2016 Adrian Reber - 2.2-1 +- Update to 2.2 + +* Tue Apr 12 2016 Adrian Reber - 2.1-2 +- Remove crtools symbolic link + +* Mon Apr 11 2016 Adrian Reber - 2.1-1 +- Update to 2.1 + +* Wed Apr 06 2016 Adrian Reber - 2.0-2 +- Merge changes from Fedora + +* Thu Mar 10 2016 Andrey Vagin - 2.0-1 +- Update to 2.0 + +* Wed Feb 03 2016 Fedora Release Engineering - 1.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Mon Dec 07 2015 Adrian Reber - 1.8-1 +- Update to 1.8 + +* Mon Nov 02 2015 Adrian Reber - 1.7.2-1 +- Update to 1.7.2 + +* Mon Sep 7 2015 Andrey Vagin - 1.7-1 +- Update to 1.7 + +* Thu Sep 3 2015 Andrey Vagin - 1.6.1-3 +- Build only for power64le + +* Thu Sep 3 2015 Andrey Vagin - 1.6.1-2 +- Build for aarch64 and power64 + +* Thu Aug 13 2015 Adrian Reber - 1.6.1-1 +- Update to 1.6.1 +- Merge changes for RHEL packaging + +* Wed Jun 17 2015 Fedora Release Engineering - 1.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Tue Jun 09 2015 Adrian Reber - 1.6-1.1 +- adapt to RHEL7 + +* Mon Jun 01 2015 Andrew Vagin - 1.6-1 +- Update to 1.6 + +* Thu Apr 30 2015 Andrew Vagin - 1.5.2-2 +- Require protobuf-python and python-ipaddr for python-criu + +* Tue Apr 28 2015 Andrew Vagin - 1.5.2 +- Update to 1.5.2 + +* Sun Apr 19 2015 Nikita Spiridonov - 1.5.1-2 +- Create python-criu and crit subpackages + +* Tue Mar 31 2015 Andrew Vagin - 1.5.1 +- Update to 1.5.1 + +* Sat Dec 06 2014 Adrian Reber - 1.4-1 +- Update to 1.4 + +* Tue Sep 23 2014 Adrian Reber - 1.3.1-1 +- Update to 1.3.1 (#1142896) + +* Tue Sep 02 2014 Adrian Reber - 1.3-1 +- Update to 1.3 +- Dropped all upstreamed patches +- included pkgconfig file in -devel + +* Sat Aug 16 2014 Fedora Release Engineering - 1.2-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Thu Aug 07 2014 Andrew Vagin - 1.2-4 +- Include inttypes.h for PRI helpers + +* Thu Aug 07 2014 Andrew Vagin - 1.2-3 +- Rebuilt for https://bugzilla.redhat.com/show_bug.cgi?id=1126751 + +* Sat Jun 07 2014 Fedora Release Engineering - 1.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Fri Feb 28 2014 Adrian Reber - 1.2-1 +- Update to 1.2 +- Dropped all upstreamed patches + +* Tue Feb 04 2014 Adrian Reber - 1.1-4 +- Create -devel subpackage + +* Wed Dec 11 2013 Andrew Vagin - 1.0-3 +- Fix the epoch of crtools + +* Tue Dec 10 2013 Andrew Vagin - 1.0-2 +- Rename crtools to criu #1034677 + +* Wed Nov 27 2013 Andrew Vagin - 1.0-1 +- Update to 1.0 + +* Thu Oct 24 2013 Andrew Vagin - 0.8-1 +- Update to 0.8 + +* Tue Sep 10 2013 Andrew Vagin - 0.7-1 +- Update to 0.7 + +* Sat Aug 03 2013 Fedora Release Engineering - 0.6-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Wed Jul 24 2013 Andrew Vagin - 0.6-3 +- Delete all kind of -fstack-protector gcc options + +* Wed Jul 24 2013 Andrew Vagin - 0.6-3 +- Added arm macro to ExclusiveArch + +* Wed Jul 03 2013 Andrew Vagin - 0.6-2 +- fix building on ARM +- fix null pointer dereference + +* Tue Jul 02 2013 Adrian Reber - 0.6-1 +- updated to 0.6 +- upstream moved binaries to sbin +- using upstream's make install + +* Tue May 14 2013 Adrian Reber - 0.5-1 +- updated to 0.5 + +* Fri Feb 22 2013 Adrian Reber - 0.4-1 +- updated to 0.4 + +* Wed Feb 13 2013 Fedora Release Engineering - 0.3-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Tue Jan 22 2013 Adrian Reber - 0.3-3 +- added ExclusiveArch blocker bug + +* Fri Jan 18 2013 Adrian Reber - 0.3-2 +- improved Summary and Description + +* Mon Jan 14 2013 Adrian Reber - 0.3-1 +- updated to 0.3 +- fix building Documentation/ + +* Tue Aug 21 2012 Adrian Reber - 0.2-2 +- remove macros like %%{__mkdir_p} and %%{__install} +- add comment why it is only x86_64 + +* Tue Aug 21 2012 Adrian Reber - 0.2-1 +- initial release