9fdf04
%global with_check 0
9fdf04
9fdf04
%global _find_debuginfo_dwz_opts %{nil}
9fdf04
%global _dwz_low_mem_die_limit 0
9fdf04
9fdf04
%if 0%{?rhel} > 7 && ! 0%{?fedora}
9fdf04
%define gobuild(o:) \
e44bd2
go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -linkmode=external -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v %{?**};
e44bd2
%else
e44bd2
%if ! 0%{?gobuild:1}
e44bd2
%define gobuild(o:) GO111MODULE=off go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -linkmode=external -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld '" -a -v %{?**};
e44bd2
%endif
6c2295
%endif
9fdf04
9fdf04
%global provider github
9fdf04
%global provider_tld com
9fdf04
%global project opencontainers
9fdf04
%global repo runc
9fdf04
# https://github.com/opencontainers/runc
deaaa5
%global import_path %{provider}.%{provider_tld}/%{project}/%{repo}
deaaa5
%global git0 https://%{import_path}
b5e13b
%global release_candidate rc92
9fdf04
9fdf04
Name: %{repo}
9fdf04
Version: 1.0.0
e44bd2
Release: 70.%{release_candidate}%{?dist}
9fdf04
Summary: CLI for running Open Containers
e44bd2
# https://fedoraproject.org/wiki/PackagingDrafts/Go#Go_Language_Architectures
e44bd2
#ExclusiveArch: %%{go_arches}
e44bd2
# still use arch exclude as the macro above still refers %%{ix86} in RHEL8.4:
e44bd2
# https://bugzilla.redhat.com/show_bug.cgi?id=1905383
9fdf04
ExcludeArch: %{ix86}
9fdf04
License: ASL 2.0
deaaa5
URL: %{git0}
b5e13b
Source0: %{git0}/archive/v1.0.0-%{release_candidate}.tar.gz
b5e13b
#Patch0: 1807.patch
e44bd2
Provides: oci-runtime = 1
6c2295
BuildRequires: golang >= 1.12.12-4
9fdf04
BuildRequires: git
9fdf04
BuildRequires: go-md2man
9fdf04
BuildRequires: libseccomp-devel
deaaa5
Requires: criu
9fdf04
9fdf04
%description
9fdf04
The runc command can be used to start containers which are packaged
9fdf04
in accordance with the Open Container Initiative's specifications,
9fdf04
and to manage containers running under runc.
9fdf04
9fdf04
%prep
b5e13b
%autosetup -Sgit -n %{repo}-%{version}-%{release_candidate}
9fdf04
sed -i '/\#\!\/bin\/bash/d' contrib/completions/bash/%{name}
9fdf04
9fdf04
%build
9fdf04
mkdir -p GOPATH
9fdf04
pushd GOPATH
9fdf04
    mkdir -p src/%{provider}.%{provider_tld}/%{project}
9fdf04
    ln -s $(dirs +1 -l) src/%{import_path}
9fdf04
popd
9fdf04
9fdf04
pushd GOPATH/src/%{import_path}
9fdf04
export GOPATH=%{gopath}:$(pwd)/GOPATH
b5e13b
export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64"
9fdf04
export BUILDTAGS="selinux seccomp"
6c2295
%gobuild -o %{name} %{import_path}
9fdf04
9fdf04
pushd man
9fdf04
./md2man-all.sh
9fdf04
popd
9fdf04
9fdf04
%install
9fdf04
install -d -p %{buildroot}%{_bindir}
9fdf04
install -p -m 755 %{name} %{buildroot}%{_bindir}
9fdf04
9fdf04
# install man pages
9fdf04
install -d -p %{buildroot}%{_mandir}/man8
9fdf04
install -p -m 644 man/man8/* %{buildroot}%{_mandir}/man8
9fdf04
# install bash completion
9fdf04
install -d -p %{buildroot}%{_datadir}/bash-completion/completions
9fdf04
install -p -m 0644 contrib/completions/bash/%{name} %{buildroot}%{_datadir}/bash-completion/completions
9fdf04
9fdf04
%check
9fdf04
9fdf04
#define license tag if not already defined
9fdf04
%{!?_licensedir:%global license %doc}
9fdf04
9fdf04
%files
9fdf04
%license LICENSE
9fdf04
%doc MAINTAINERS_GUIDE.md PRINCIPLES.md README.md CONTRIBUTING.md
9fdf04
%{_bindir}/%{name}
9fdf04
%{_mandir}/man8/%{name}*
9fdf04
%{_datadir}/bash-completion/completions/%{name}
9fdf04
9fdf04
%changelog
3e6581
* Fri Jan 29 2021 Jindrich Novy <jnovy@redhat.com> - 1.0.0-70.rc92
3e6581
- add missing Provides: oci-runtime = 1
3e6581
- Related: #1883490
e44bd2
e44bd2
* Tue Dec 08 2020 Jindrich Novy <jnovy@redhat.com> - 1.0.0-69.rc92
e44bd2
- still use ExcludeArch as go_arches macro is broken for 8.4
3e6581
- Related: #1883490
e44bd2
b5e13b
* Tue Aug 11 2020 Jindrich Novy <jnovy@redhat.com> - 1.0.0-68.rc92
b5e13b
- update to https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc92
b5e13b
- propagate proper CFLAGS to CGO_CFLAGS to assure code hardening and optimization
b5e13b
- Related: #1821193
b5e13b
b5e13b
* Thu Jul 02 2020 Jindrich Novy <jnovy@redhat.com> - 1.0.0-67.rc91
b5e13b
- update to https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc91
b5e13b
- Related: #1821193
b5e13b
b5e13b
* Tue May 12 2020 Jindrich Novy <jnovy@redhat.com> - 1.0.0-66.rc10
b5e13b
- synchronize containter-tools 8.3.0 with 8.2.1
b5e13b
- Related: #1821193
75750f
7dc2cc
* Wed Feb 12 2020 Jindrich Novy <jnovy@redhat.com> - 1.0.0-65.rc10
7dc2cc
- address CVE-2019-19921 by updating to rc10
7dc2cc
- Resolves: #1801887
7dc2cc
6c2295
* Wed Dec 11 2019 Jindrich Novy <jnovy@redhat.com> - 1.0.0-64.rc9
6c2295
- use no_openssl in BUILDTAGS (no vendored crypto in runc)
7dc2cc
- Related: RHELPLAN-25139
6c2295
6c2295
* Mon Dec 09 2019 Jindrich Novy <jnovy@redhat.com> - 1.0.0-63.rc9
6c2295
- be sure to use golang >= 1.12.12-4
7dc2cc
- Related: RHELPLAN-25139
6c2295
6c2295
* Thu Nov 28 2019 Jindrich Novy <jnovy@redhat.com> - 1.0.0-62.rc9
6c2295
- rebuild because of CVE-2019-9512 and CVE-2019-9514
7dc2cc
- Resolves: #1766331, #1766303
6c2295
6c2295
* Thu Nov 21 2019 Jindrich Novy <jnovy@redhat.com> - 1.0.0-61.rc9
6c2295
- update to runc 1.0.0-rc9 release
6c2295
- amend golang deps
6c2295
- fixes CVE-2019-16884
7dc2cc
- Resolves: #1759651
35e3b4
deaaa5
* Mon Jun 17 2019 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-60.rc8
deaaa5
- Resolves: #1721247 - enable fips mode
deaaa5
deaaa5
* Mon Jun 17 2019 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-59.rc8
deaaa5
- Resolves: #1720654 - rebase to v1.0.0-rc8
deaaa5
deaaa5
* Thu Apr 11 2019 Eduardo Santiago <santiago@redhat.com> - 1.0.0-57.rc5.dev.git2abd837
deaaa5
- Resolves: #1693424 - podman rootless: cannot specify gid= mount options
deaaa5
deaaa5
* Wed Feb 27 2019 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-56.rc5.dev.git2abd837
deaaa5
- change-default-root patch not needed as there's no docker on rhel8
f5ad69
b58745
* Tue Feb 12 2019 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-55.rc5.dev.git2abd837
b58745
- Resolves: CVE-2019-5736
b58745
9fdf04
* Tue Dec 18 2018 Frantisek Kluknavsky <fkluknav@redhat.com> - 1.0.0-54.rc5.dev.git2abd837
9fdf04
- re-enable debuginfo
9fdf04
9fdf04
* Mon Dec 17 2018 Frantisek Kluknavsky <fkluknav@redhat.com> - 1.0.0-53.rc5.dev.git2abd837
9fdf04
- go toolset not in scl anymore
9fdf04
9fdf04
* Wed Sep 26 2018 Frantisek Kluknavsky <fkluknav@redhat.com> - 1.0.0-52.rc5.dev.git2abd837
9fdf04
- rebase
9fdf04
9fdf04
* Fri Aug 31 2018 Dan Walsh <dwalsh@redhat.name> - 2:1.0.0-51.dev.gitfdd8055
9fdf04
- Fix handling of tmpcopyup
9fdf04
9fdf04
* Fri Aug 24 2018 Lokesh Mandvekar <lsm5@redhat.com> - 2:1.0.0-49.rc5.dev.gitb4e2ecb
9fdf04
- %%gobuild uses no_openssl
9fdf04
- remove unused devel and unit-test subpackages
9fdf04
9fdf04
* Tue Aug 07 2018 Lokesh Mandvekar <lsm5@redhat.com> - 2:1.0.0-48.rc5.dev.gitad0f525
9fdf04
- build with %%gobuild
9fdf04
- exlude i686 temporarily because of go-toolset issues
9fdf04
9fdf04
* Mon Jul 30 2018 Florian Weimer <fweimer@redhat.com> - 1.0.0-47.dev.gitb4e2ecb
9fdf04
- Rebuild with fixed binutils
9fdf04
9fdf04
* Fri Jul 27 2018 Dan Walsh <dwalsh@redhat.name> - 2:1.0.0-46.dev.gitb4e2ecb
9fdf04
- Add patch https://github.com/opencontainers/runc/pull/1807 to allow
9fdf04
- runc and podman to work with sd_notify
9fdf04
9fdf04
* Wed Jul 18 2018 Dan Walsh <dwalsh@redhat.com> - 2:1.0.0-40.rc5.dev.gitad0f525
9fdf04
- Remove sysclt handling, not needed in RHEL8
9fdf04
- Make sure package built with seccomp flags
9fdf04
- Remove rectty
9fdf04
- Add completions
9fdf04
9fdf04
* Fri Jun 15 2018 Dan Walsh <dwalsh@redhat.com> - 2:1.0.0-36.rc5.dev.gitad0f525
9fdf04
- Better handling of user namespace
9fdf04
9fdf04
* Tue May 1 2018 Dan Walsh <dwalsh@redhat.name> - 2:1.0.0-31.rc5.git0cbfd83
9fdf04
- Fix issues between SELinux and UserNamespace
9fdf04
9fdf04
* Tue Apr 17 2018 Frantisek Kluknavsky <fkluknav@redhat.com> - 1.0.0-27.rc5.dev.git4bb1fe4
9fdf04
- rebuilt, placed missing changelog entry back
9fdf04
9fdf04
* Tue Feb 27 2018 Dan Walsh <dwalsh@redhat.name> - 2:1.0.0-26.rc5.git4bb1fe4
9fdf04
- release v1.0.0~rc5
9fdf04
9fdf04
* Wed Jan 24 2018 Dan Walsh <dwalsh@redhat.name> - 1.0.0-26.rc4.git9f9c962
9fdf04
- Bump to the latest from upstream
9fdf04
9fdf04
* Mon Dec 18 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-25.rc4.gite6516b3
9fdf04
- built commit e6516b3
9fdf04
9fdf04
* Fri Dec 15 2017 Frantisek Kluknavsky <fkluknav@redhat.com> - 1.0.0-24.rc4.dev.gitc6e4a1e.1
9fdf04
- rebase to c6e4a1ebeb1a72b529c6f1b6ee2b1ae5b868b14f
9fdf04
- https://github.com/opencontainers/runc/pull/1651
9fdf04
9fdf04
* Tue Dec 12 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-23.rc4.git1d3ab6d
9fdf04
- Resolves: #1524654
9fdf04
9fdf04
* Sun Dec 10 2017 Dan Walsh <dwalsh@redhat.name> - 1.0.0-22.rc4.git1d3ab6d
9fdf04
- Many Stability fixes
9fdf04
- Many fixes for rootless containers
9fdf04
- Many fixes for static builds
9fdf04
9fdf04
* Thu Nov 09 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-21.rc4.dev.gitaea4f21
9fdf04
- enable debuginfo and include -buildmode=pie for go build
9fdf04
9fdf04
* Tue Nov 07 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-20.rc4.dev.gitaea4f21
9fdf04
- use Makefile
9fdf04
9fdf04
* Tue Nov 07 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-19.rc4.dev.gitaea4f21
9fdf04
- disable debuginfo temporarily
9fdf04
9fdf04
* Fri Nov 03 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-18.rc4.dev.gitaea4f21
9fdf04
- enable debuginfo
9fdf04
9fdf04
* Wed Oct 25 2017 Dan Walsh <dwalsh@redhat.name> - 1.0.0-17.rc4.gitaea4f21
9fdf04
- Add container-selinux prerequires to make sure runc is labeled correctly
9fdf04
9fdf04
* Thu Oct 19 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-16.rc4.dev.gitaea4f21
9fdf04
- correct the release tag "rc4dev" -> "rc4.dev" cause I'm OCD
9fdf04
9fdf04
* Mon Oct 16 2017 Dan Walsh <dwalsh@redhat.com> - 1.0.0-15.rc4dev.gitaea4f21
9fdf04
- Use the same checkout as Fedora for lates CRI-O
9fdf04
9fdf04
* Fri Sep 22 2017 Frantisek Kluknavsky <fkluknav@redhat.com> - 1.0.0-14.rc4dev.git84a082b
9fdf04
- rebase to 84a082bfef6f932de921437815355186db37aeb1
9fdf04
9fdf04
* Tue Jun 13 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-13.rc3.gitd40db12
9fdf04
- Resolves: #1479489
9fdf04
- built commit d40db12
9fdf04
9fdf04
* Tue Jun 13 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-12.1.gitf8ce01d
9fdf04
- disable s390x temporarily because of indefinite wait times on brew
9fdf04
9fdf04
* Tue Jun 13 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-11.1.gitf8ce01d
9fdf04
- correct previous bogus date :\
9fdf04
9fdf04
* Mon Jun 12 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-10.1.gitf8ce01d
9fdf04
- Resolves: #1441737 - run sysctl_apply for sysctl knob
9fdf04
9fdf04
* Tue May 09 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-9.1.gitf8ce01d
9fdf04
- Resolves: #1447078 - change default root path
9fdf04
- add commit e800860 from runc @projectatomic/change-root-path
9fdf04
9fdf04
* Fri May 05 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-8.1.gitf8ce01d
9fdf04
- Resolves: #1441737 - enable kernel sysctl knob /proc/sys/fs/may_detach_mounts
9fdf04
9fdf04
* Thu Apr 13 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-7.1.gitf8ce01d
9fdf04
- Resolves: #1429675
9fdf04
- built @opencontainers/master commit f8ce01d
9fdf04
9fdf04
* Thu Mar 16 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-4.1.gitee992e5
9fdf04
- built @projectatomic/master commit ee992e5
9fdf04
9fdf04
* Fri Feb 24 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-3.rc2
9fdf04
- Resolves: #1426674
9fdf04
- built projectatomic/runc_rhel_7 commit 5d93f81
9fdf04
9fdf04
* Mon Feb 06 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-2.rc2
9fdf04
- Resolves: #1419702 - rebase to latest upstream master
9fdf04
- built commit b263a43
9fdf04
9fdf04
* Wed Jan 11 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-1.rc2
9fdf04
- Resolves: #1412239 - *CVE-2016-9962* - set init processes as non-dumpable,
9fdf04
runc patch from Michael Crosby <crosbymichael@gmail.com>
9fdf04
9fdf04
* Wed Sep 07 2016 Lokesh Mandvekar <lsm5@redhat.com> - 0.1.1-6
9fdf04
- Resolves: #1373980 - rebuild for 7.3.0
9fdf04
9fdf04
* Sat Jun 25 2016 Lokesh Mandvekar <lsm5@redhat.com> - 0.1.1-5
9fdf04
- build with golang >= 1.6.2
9fdf04
9fdf04
* Tue May 31 2016 Lokesh Mandvekar <lsm5@redhat.com> - 0.1.1-4
9fdf04
- release tags were inconsistent in the previous build
9fdf04
9fdf04
* Tue May 31 2016 Lokesh Mandvekar <lsm5@redhat.com> - 0.1.1-1
9fdf04
- Resolves: #1341267 - rebase runc to v0.1.1
9fdf04
9fdf04
* Tue May 03 2016 Lokesh Mandvekar <lsm5@redhat.com> - 0.1.0-3
9fdf04
- add selinux build tag
9fdf04
- add BR: libseccomp-devel
9fdf04
9fdf04
* Tue May 03 2016 Lokesh Mandvekar <lsm5@redhat.com> - 0.1.0-2
9fdf04
- Resolves: #1328970 - add seccomp buildtag
9fdf04
9fdf04
* Tue Apr 19 2016 Lokesh Mandvekar <lsm5@redhat.com> - 0.1.0-1
9fdf04
- Resolves: rhbz#1328616 - rebase to v0.1.0
9fdf04
9fdf04
* Tue Mar 08 2016 Lokesh Mandvekar <lsm5@redhat.com> - 0.0.8-1.git4155b68
9fdf04
- Resolves: rhbz#1277245 - bump to 0.0.8
9fdf04
- Resolves: rhbz#1302363 - criu is a runtime dep
9fdf04
- Resolves: rhbz#1302348 - libseccomp-golang is bundled in Godeps
9fdf04
- manpages included
9fdf04
9fdf04
* Wed Nov 25 2015 jchaloup <jchaloup@redhat.com> - 1:0.0.5-0.1.git97bc9a7
9fdf04
- Update to 0.0.5, introduce Epoch for Fedora due to 0.2 version instead of 0.0.2
9fdf04
9fdf04
* Fri Aug 21 2015 Jan Chaloupka <jchaloup@redhat.com> - 0.2-0.2.git90e6d37
9fdf04
- First package for Fedora
9fdf04
  resolves: #1255179