|
 |
797c91 |
%global with_debug 1
|
|
|
797c91 |
%global with_bundled 1
|
|
|
797c91 |
%global with_check 0
|
|
|
797c91 |
|
|
|
797c91 |
%if 0%{?with_debug}
|
|
|
797c91 |
%global _find_debuginfo_dwz_opts %{nil}
|
|
|
797c91 |
%global _dwz_low_mem_die_limit 0
|
|
|
797c91 |
%else
|
|
|
797c91 |
%global debug_package %{nil}
|
|
|
797c91 |
%endif
|
|
|
797c91 |
|
|
|
797c91 |
%if 0%{?rhel} > 7 && ! 0%{?fedora}
|
|
|
797c91 |
%define gobuild(o:) \
|
|
|
797c91 |
go build -buildmode pie -compiler gc -tags="rpm_crashtraceback no_openssl ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v -x %{?**};
|
|
|
797c91 |
%endif
|
|
|
797c91 |
|
|
|
797c91 |
%global provider github
|
|
|
797c91 |
%global provider_tld com
|
|
|
797c91 |
%global project opencontainers
|
|
|
797c91 |
%global repo runc
|
|
|
797c91 |
# https://github.com/opencontainers/runc
|
|
|
797c91 |
%global import_path %{provider}.%{provider_tld}/%{project}/%{repo}
|
|
|
797c91 |
%global git0 https://%{import_path}
|
|
|
797c91 |
%global commit0 dc9208a3303feef5b3839f4323d9beb36df0a9dd
|
|
|
797c91 |
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
|
|
|
797c91 |
|
|
|
797c91 |
Name: %{repo}
|
|
|
797c91 |
Version: 1.0.0
|
|
|
129124 |
Release: 66.rc10%{?dist}
|
|
|
797c91 |
Summary: CLI for running Open Containers
|
|
|
797c91 |
ExcludeArch: %{ix86}
|
|
|
797c91 |
License: ASL 2.0
|
|
|
797c91 |
URL: %{git0}
|
|
|
797c91 |
Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
|
|
|
797c91 |
Patch0: 1807.patch
|
|
|
76e8ff |
Patch1: 0001-rootfs-add-mount-destination-validation.patch
|
|
|
797c91 |
BuildRequires: golang >= 1.12.12-4
|
|
|
797c91 |
BuildRequires: git
|
|
|
797c91 |
BuildRequires: go-md2man
|
|
|
797c91 |
BuildRequires: libseccomp-devel
|
|
|
797c91 |
Requires: criu
|
|
|
797c91 |
Requires(pre): container-selinux >= 2:2.2-2
|
|
|
797c91 |
|
|
|
797c91 |
%description
|
|
|
797c91 |
The runc command can be used to start containers which are packaged
|
|
|
797c91 |
in accordance with the Open Container Initiative's specifications,
|
|
|
797c91 |
and to manage containers running under runc.
|
|
|
797c91 |
|
|
|
797c91 |
%prep
|
|
|
797c91 |
%autosetup -Sgit -n %{repo}-%{commit0}
|
|
|
797c91 |
sed -i '/\#\!\/bin\/bash/d' contrib/completions/bash/%{name}
|
|
|
797c91 |
|
|
|
797c91 |
%build
|
|
|
797c91 |
mkdir -p GOPATH
|
|
|
797c91 |
pushd GOPATH
|
|
|
797c91 |
mkdir -p src/%{provider}.%{provider_tld}/%{project}
|
|
|
797c91 |
ln -s $(dirs +1 -l) src/%{import_path}
|
|
|
797c91 |
popd
|
|
|
797c91 |
|
|
|
797c91 |
pushd GOPATH/src/%{import_path}
|
|
|
129124 |
export GO111MODULE=off
|
|
|
797c91 |
export GOPATH=%{gopath}:$(pwd)/GOPATH
|
|
|
797c91 |
export BUILDTAGS="selinux seccomp"
|
|
|
797c91 |
%gobuild -o %{name} %{import_path}
|
|
|
797c91 |
|
|
|
797c91 |
pushd man
|
|
|
797c91 |
./md2man-all.sh
|
|
|
797c91 |
popd
|
|
|
797c91 |
|
|
|
797c91 |
%install
|
|
|
797c91 |
install -d -p %{buildroot}%{_bindir}
|
|
|
797c91 |
install -p -m 755 %{name} %{buildroot}%{_bindir}
|
|
|
797c91 |
|
|
|
797c91 |
# install man pages
|
|
|
797c91 |
install -d -p %{buildroot}%{_mandir}/man8
|
|
|
797c91 |
install -p -m 644 man/man8/* %{buildroot}%{_mandir}/man8
|
|
|
797c91 |
# install bash completion
|
|
|
797c91 |
install -d -p %{buildroot}%{_datadir}/bash-completion/completions
|
|
|
797c91 |
install -p -m 0644 contrib/completions/bash/%{name} %{buildroot}%{_datadir}/bash-completion/completions
|
|
|
797c91 |
|
|
|
797c91 |
%check
|
|
|
797c91 |
|
|
|
797c91 |
#define license tag if not already defined
|
|
|
797c91 |
%{!?_licensedir:%global license %doc}
|
|
|
797c91 |
|
|
|
797c91 |
%files
|
|
|
797c91 |
%license LICENSE
|
|
|
797c91 |
%doc MAINTAINERS_GUIDE.md PRINCIPLES.md README.md CONTRIBUTING.md
|
|
|
797c91 |
%{_bindir}/%{name}
|
|
|
797c91 |
%{_mandir}/man8/%{name}*
|
|
|
797c91 |
%{_datadir}/bash-completion/completions/%{name}
|
|
|
797c91 |
|
|
|
797c91 |
%changelog
|
|
|
129124 |
* Wed May 19 2021 Jindrich Novy <jnovy@redhat.com> - 1.0.0-66.rc10
|
|
|
129124 |
- set GO111MODULE=off to fix build
|
|
|
129124 |
- Related: #1955651
|
|
|
129124 |
|
|
|
76e8ff |
* Wed May 19 2021 Jindrich Novy <jnovy@redhat.com> - 1.0.0-65.rc10
|
|
|
76e8ff |
- fix CVE-2021-30465
|
|
|
129124 |
- Resolves: #1955651
|
|
|
76e8ff |
|
|
|
797c91 |
* Thu Feb 13 2020 Jindrich Novy <jnovy@redhat.com> - 1.0.0-64.rc10
|
|
|
797c91 |
- address CVE-2019-19921 by updating to rc10
|
|
|
797c91 |
- Resolves: #1801888
|
|
|
797c91 |
|
|
|
797c91 |
* Wed Dec 11 2019 Jindrich Novy <jnovy@redhat.com> - 1.0.0-63.rc9
|
|
|
797c91 |
- use no_openssl in BUILDTAGS (no vendored crypto in runc)
|
|
|
797c91 |
- Related: RHELPLAN-25139
|
|
|
797c91 |
|
|
|
797c91 |
* Mon Dec 09 2019 Jindrich Novy <jnovy@redhat.com> - 1.0.0-62.rc9
|
|
|
797c91 |
- be sure to use golang >= 1.12.12-4
|
|
|
797c91 |
- Related: RHELPLAN-25139
|
|
|
797c91 |
|
|
|
797c91 |
* Thu Nov 21 2019 Jindrich Novy <jnovy@redhat.com> - 1.0.0-61.rc9
|
|
|
797c91 |
- update to runc 1.0.0-rc9 release
|
|
|
797c91 |
- amend golang deps
|
|
|
797c91 |
- fixes CVE-2019-16884
|
|
|
797c91 |
- Resolves: #1759651
|
|
|
797c91 |
|
|
|
797c91 |
* Mon Jun 17 2019 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-60.rc8
|
|
|
797c91 |
- Resolves: #1721247 - enable fips mode
|
|
|
797c91 |
|
|
|
797c91 |
* Mon Jun 17 2019 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-59.rc8
|
|
|
797c91 |
- Resolves: #1720654 - rebase to v1.0.0-rc8
|
|
|
797c91 |
|
|
|
797c91 |
* Thu Apr 11 2019 Eduardo Santiago <santiago@redhat.com> - 1.0.0-57.rc5.dev.git2abd837
|
|
|
797c91 |
- Resolves: #1693424 - podman rootless: cannot specify gid= mount options
|
|
|
797c91 |
|
|
|
797c91 |
* Wed Feb 27 2019 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-56.rc5.dev.git2abd837
|
|
|
797c91 |
- change-default-root patch not needed as there's no docker on rhel8
|
|
|
797c91 |
|
|
|
797c91 |
* Tue Feb 12 2019 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-55.rc5.dev.git2abd837
|
|
|
797c91 |
- Resolves: CVE-2019-5736
|
|
|
797c91 |
|
|
|
797c91 |
* Tue Dec 18 2018 Frantisek Kluknavsky <fkluknav@redhat.com> - 1.0.0-54.rc5.dev.git2abd837
|
|
|
797c91 |
- re-enable debuginfo
|
|
|
797c91 |
|
|
|
797c91 |
* Mon Dec 17 2018 Frantisek Kluknavsky <fkluknav@redhat.com> - 1.0.0-53.rc5.dev.git2abd837
|
|
|
797c91 |
- go toolset not in scl anymore
|
|
|
797c91 |
|
|
|
797c91 |
* Wed Sep 26 2018 Frantisek Kluknavsky <fkluknav@redhat.com> - 1.0.0-52.rc5.dev.git2abd837
|
|
|
797c91 |
- rebase
|
|
|
797c91 |
|
|
|
797c91 |
* Fri Aug 31 2018 Dan Walsh <dwalsh@redhat.name> - 2:1.0.0-51.dev.gitfdd8055
|
|
|
797c91 |
- Fix handling of tmpcopyup
|
|
|
797c91 |
|
|
|
797c91 |
* Fri Aug 24 2018 Lokesh Mandvekar <lsm5@redhat.com> - 2:1.0.0-49.rc5.dev.gitb4e2ecb
|
|
|
797c91 |
- %%gobuild uses no_openssl
|
|
|
797c91 |
- remove unused devel and unit-test subpackages
|
|
|
797c91 |
|
|
|
797c91 |
* Tue Aug 07 2018 Lokesh Mandvekar <lsm5@redhat.com> - 2:1.0.0-48.rc5.dev.gitad0f525
|
|
|
797c91 |
- build with %%gobuild
|
|
|
797c91 |
- exlude i686 temporarily because of go-toolset issues
|
|
|
797c91 |
|
|
|
797c91 |
* Mon Jul 30 2018 Florian Weimer <fweimer@redhat.com> - 1.0.0-47.dev.gitb4e2ecb
|
|
|
797c91 |
- Rebuild with fixed binutils
|
|
|
797c91 |
|
|
|
797c91 |
* Fri Jul 27 2018 Dan Walsh <dwalsh@redhat.name> - 2:1.0.0-46.dev.gitb4e2ecb
|
|
|
797c91 |
- Add patch https://github.com/opencontainers/runc/pull/1807 to allow
|
|
|
797c91 |
- runc and podman to work with sd_notify
|
|
|
797c91 |
|
|
|
797c91 |
* Wed Jul 18 2018 Dan Walsh <dwalsh@redhat.com> - 2:1.0.0-40.rc5.dev.gitad0f525
|
|
|
797c91 |
- Remove sysclt handling, not needed in RHEL8
|
|
|
797c91 |
- Make sure package built with seccomp flags
|
|
|
797c91 |
- Remove rectty
|
|
|
797c91 |
- Add completions
|
|
|
797c91 |
|
|
|
797c91 |
* Fri Jun 15 2018 Dan Walsh <dwalsh@redhat.com> - 2:1.0.0-36.rc5.dev.gitad0f525
|
|
|
797c91 |
- Better handling of user namespace
|
|
|
797c91 |
|
|
|
797c91 |
* Tue May 1 2018 Dan Walsh <dwalsh@redhat.name> - 2:1.0.0-31.rc5.git0cbfd83
|
|
|
797c91 |
- Fix issues between SELinux and UserNamespace
|
|
|
797c91 |
|
|
|
797c91 |
* Tue Apr 17 2018 Frantisek Kluknavsky <fkluknav@redhat.com> - 1.0.0-27.rc5.dev.git4bb1fe4
|
|
|
797c91 |
- rebuilt, placed missing changelog entry back
|
|
|
797c91 |
|
|
|
797c91 |
* Tue Feb 27 2018 Dan Walsh <dwalsh@redhat.name> - 2:1.0.0-26.rc5.git4bb1fe4
|
|
|
797c91 |
- release v1.0.0~rc5
|
|
|
797c91 |
|
|
|
797c91 |
* Wed Jan 24 2018 Dan Walsh <dwalsh@redhat.name> - 1.0.0-26.rc4.git9f9c962
|
|
|
797c91 |
- Bump to the latest from upstream
|
|
|
797c91 |
|
|
|
797c91 |
* Mon Dec 18 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-25.rc4.gite6516b3
|
|
|
797c91 |
- built commit e6516b3
|
|
|
797c91 |
|
|
|
797c91 |
* Fri Dec 15 2017 Frantisek Kluknavsky <fkluknav@redhat.com> - 1.0.0-24.rc4.dev.gitc6e4a1e.1
|
|
|
797c91 |
- rebase to c6e4a1ebeb1a72b529c6f1b6ee2b1ae5b868b14f
|
|
|
797c91 |
- https://github.com/opencontainers/runc/pull/1651
|
|
|
797c91 |
|
|
|
797c91 |
* Tue Dec 12 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-23.rc4.git1d3ab6d
|
|
|
797c91 |
- Resolves: #1524654
|
|
|
797c91 |
|
|
|
797c91 |
* Sun Dec 10 2017 Dan Walsh <dwalsh@redhat.name> - 1.0.0-22.rc4.git1d3ab6d
|
|
|
797c91 |
- Many Stability fixes
|
|
|
797c91 |
- Many fixes for rootless containers
|
|
|
797c91 |
- Many fixes for static builds
|
|
|
797c91 |
|
|
|
797c91 |
* Thu Nov 09 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-21.rc4.dev.gitaea4f21
|
|
|
797c91 |
- enable debuginfo and include -buildmode=pie for go build
|
|
|
797c91 |
|
|
|
797c91 |
* Tue Nov 07 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-20.rc4.dev.gitaea4f21
|
|
|
797c91 |
- use Makefile
|
|
|
797c91 |
|
|
|
797c91 |
* Tue Nov 07 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-19.rc4.dev.gitaea4f21
|
|
|
797c91 |
- disable debuginfo temporarily
|
|
|
797c91 |
|
|
|
797c91 |
* Fri Nov 03 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-18.rc4.dev.gitaea4f21
|
|
|
797c91 |
- enable debuginfo
|
|
|
797c91 |
|
|
|
797c91 |
* Wed Oct 25 2017 Dan Walsh <dwalsh@redhat.name> - 1.0.0-17.rc4.gitaea4f21
|
|
|
797c91 |
- Add container-selinux prerequires to make sure runc is labeled correctly
|
|
|
797c91 |
|
|
|
797c91 |
* Thu Oct 19 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-16.rc4.dev.gitaea4f21
|
|
|
797c91 |
- correct the release tag "rc4dev" -> "rc4.dev" cause I'm OCD
|
|
|
797c91 |
|
|
|
797c91 |
* Mon Oct 16 2017 Dan Walsh <dwalsh@redhat.com> - 1.0.0-15.rc4dev.gitaea4f21
|
|
|
797c91 |
- Use the same checkout as Fedora for lates CRI-O
|
|
|
797c91 |
|
|
|
797c91 |
* Fri Sep 22 2017 Frantisek Kluknavsky <fkluknav@redhat.com> - 1.0.0-14.rc4dev.git84a082b
|
|
|
797c91 |
- rebase to 84a082bfef6f932de921437815355186db37aeb1
|
|
|
797c91 |
|
|
|
797c91 |
* Tue Jun 13 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-13.rc3.gitd40db12
|
|
|
797c91 |
- Resolves: #1479489
|
|
|
797c91 |
- built commit d40db12
|
|
|
797c91 |
|
|
|
797c91 |
* Tue Jun 13 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-12.1.gitf8ce01d
|
|
|
797c91 |
- disable s390x temporarily because of indefinite wait times on brew
|
|
|
797c91 |
|
|
|
797c91 |
* Tue Jun 13 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-11.1.gitf8ce01d
|
|
|
797c91 |
- correct previous bogus date :\
|
|
|
797c91 |
|
|
|
797c91 |
* Mon Jun 12 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-10.1.gitf8ce01d
|
|
|
797c91 |
- Resolves: #1441737 - run sysctl_apply for sysctl knob
|
|
|
797c91 |
|
|
|
797c91 |
* Tue May 09 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-9.1.gitf8ce01d
|
|
|
797c91 |
- Resolves: #1447078 - change default root path
|
|
|
797c91 |
- add commit e800860 from runc @projectatomic/change-root-path
|
|
|
797c91 |
|
|
|
797c91 |
* Fri May 05 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-8.1.gitf8ce01d
|
|
|
797c91 |
- Resolves: #1441737 - enable kernel sysctl knob /proc/sys/fs/may_detach_mounts
|
|
|
797c91 |
|
|
|
797c91 |
* Thu Apr 13 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-7.1.gitf8ce01d
|
|
|
797c91 |
- Resolves: #1429675
|
|
|
797c91 |
- built @opencontainers/master commit f8ce01d
|
|
|
797c91 |
|
|
|
797c91 |
* Thu Mar 16 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-4.1.gitee992e5
|
|
|
797c91 |
- built @projectatomic/master commit ee992e5
|
|
|
797c91 |
|
|
|
797c91 |
* Fri Feb 24 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-3.rc2
|
|
|
797c91 |
- Resolves: #1426674
|
|
|
797c91 |
- built projectatomic/runc_rhel_7 commit 5d93f81
|
|
|
797c91 |
|
|
|
797c91 |
* Mon Feb 06 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-2.rc2
|
|
|
797c91 |
- Resolves: #1419702 - rebase to latest upstream master
|
|
|
797c91 |
- built commit b263a43
|
|
|
797c91 |
|
|
|
797c91 |
* Wed Jan 11 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-1.rc2
|
|
|
797c91 |
- Resolves: #1412239 - *CVE-2016-9962* - set init processes as non-dumpable,
|
|
|
797c91 |
runc patch from Michael Crosby <crosbymichael@gmail.com>
|
|
|
797c91 |
|
|
|
797c91 |
* Wed Sep 07 2016 Lokesh Mandvekar <lsm5@redhat.com> - 0.1.1-6
|
|
|
797c91 |
- Resolves: #1373980 - rebuild for 7.3.0
|
|
|
797c91 |
|
|
|
797c91 |
* Sat Jun 25 2016 Lokesh Mandvekar <lsm5@redhat.com> - 0.1.1-5
|
|
|
797c91 |
- build with golang >= 1.6.2
|
|
|
797c91 |
|
|
|
797c91 |
* Tue May 31 2016 Lokesh Mandvekar <lsm5@redhat.com> - 0.1.1-4
|
|
|
797c91 |
- release tags were inconsistent in the previous build
|
|
|
797c91 |
|
|
|
797c91 |
* Tue May 31 2016 Lokesh Mandvekar <lsm5@redhat.com> - 0.1.1-1
|
|
|
797c91 |
- Resolves: #1341267 - rebase runc to v0.1.1
|
|
|
797c91 |
|
|
|
797c91 |
* Tue May 03 2016 Lokesh Mandvekar <lsm5@redhat.com> - 0.1.0-3
|
|
|
797c91 |
- add selinux build tag
|
|
|
797c91 |
- add BR: libseccomp-devel
|
|
|
797c91 |
|
|
|
797c91 |
* Tue May 03 2016 Lokesh Mandvekar <lsm5@redhat.com> - 0.1.0-2
|
|
|
797c91 |
- Resolves: #1328970 - add seccomp buildtag
|
|
|
797c91 |
|
|
|
797c91 |
* Tue Apr 19 2016 Lokesh Mandvekar <lsm5@redhat.com> - 0.1.0-1
|
|
|
797c91 |
- Resolves: rhbz#1328616 - rebase to v0.1.0
|
|
|
797c91 |
|
|
|
797c91 |
* Tue Mar 08 2016 Lokesh Mandvekar <lsm5@redhat.com> - 0.0.8-1.git4155b68
|
|
|
797c91 |
- Resolves: rhbz#1277245 - bump to 0.0.8
|
|
|
797c91 |
- Resolves: rhbz#1302363 - criu is a runtime dep
|
|
|
797c91 |
- Resolves: rhbz#1302348 - libseccomp-golang is bundled in Godeps
|
|
|
797c91 |
- manpages included
|
|
|
797c91 |
|
|
|
797c91 |
* Wed Nov 25 2015 jchaloup <jchaloup@redhat.com> - 1:0.0.5-0.1.git97bc9a7
|
|
|
797c91 |
- Update to 0.0.5, introduce Epoch for Fedora due to 0.2 version instead of 0.0.2
|
|
|
797c91 |
|
|
|
797c91 |
* Fri Aug 21 2015 Jan Chaloupka <jchaloup@redhat.com> - 0.2-0.2.git90e6d37
|
|
|
797c91 |
- First package for Fedora
|
|
|
797c91 |
resolves: #1255179
|