66272c
%global with_debug 1
66272c
%global with_bundled 1
66272c
%global with_check 0
66272c
66272c
%if 0%{?with_debug}
66272c
%global _find_debuginfo_dwz_opts %{nil}
66272c
%global _dwz_low_mem_die_limit 0
66272c
%else
66272c
%global debug_package   %{nil}
66272c
%endif
66272c
66272c
%if 0%{?rhel} > 7 && ! 0%{?fedora}
66272c
%define gobuild(o:) \
66272c
go build -buildmode pie -compiler gc -tags="rpm_crashtraceback no_openssl ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v -x %{?**};
66272c
%endif # distro
66272c
66272c
%global provider github
66272c
%global provider_tld com
66272c
%global project opencontainers
66272c
%global repo runc
66272c
# https://github.com/opencontainers/runc
66272c
%global provider_prefix %{provider}.%{provider_tld}/%{project}/%{repo}
66272c
%global import_path %{provider_prefix}
66272c
%global git0 https://github.com/opencontainers/runc
66272c
%global commit0 2abd837c8c25b0102ac4ce14f17bc0bc7ddffba7
66272c
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
66272c
66272c
Name: %{repo}
66272c
Version: 1.0.0
66272c
Release: 56.rc5.dev.git%{shortcommit0}%{?dist}
66272c
Summary: CLI for running Open Containers
66272c
ExcludeArch: %{ix86}
66272c
License: ASL 2.0
66272c
URL: http//%{provider_prefix}
66272c
Source0: %{git0}/archive/%{commit0}/%{repo}-%{shortcommit0}.tar.gz
66272c
Source1: 99-containers.conf
66272c
Patch0: change-default-root.patch
66272c
Patch1: 0001-Revert-Apply-cgroups-earlier.patch
66272c
Patch2: 1807.patch
66272c
Patch3: 0001-nsenter-clone-proc-self-exe-to-avoid-exposing-host-b-runc.patch
66272c
Patch4: pivot-root.patch
66272c
Requires: criu
66272c
Requires(pre): container-selinux >= 2:2.2-2
66272c
66272c
# If go_compiler is not set to 1, there is no virtual provide. Use golang instead.
66272c
BuildRequires: %{?go_compiler:compiler(go-compiler)}%{!?go_compiler:golang} >= 1.6.2
66272c
BuildRequires: git
66272c
BuildRequires: go-md2man
66272c
BuildRequires: libseccomp-devel
66272c
66272c
%description
66272c
The runc command can be used to start containers which are packaged
66272c
in accordance with the Open Container Initiative's specifications,
66272c
and to manage containers running under runc.
66272c
66272c
%prep
66272c
%autosetup -Sgit -n %{repo}-%{commit0}
66272c
sed -i '/\#\!\/bin\/bash/d' contrib/completions/bash/%{name}
66272c
66272c
%build
66272c
mkdir -p GOPATH
66272c
pushd GOPATH
66272c
    mkdir -p src/%{provider}.%{provider_tld}/%{project}
66272c
    ln -s $(dirs +1 -l) src/%{import_path}
66272c
popd
66272c
66272c
pushd GOPATH/src/%{import_path}
66272c
export GOPATH=%{gopath}:$(pwd)/GOPATH
66272c
export BUILDTAGS="selinux seccomp"
66272c
%gobuild -o %{name} %{import_path} 
66272c
66272c
pushd man
66272c
./md2man-all.sh
66272c
popd
66272c
66272c
%install
66272c
install -d -p %{buildroot}%{_bindir}
66272c
install -p -m 755 %{name} %{buildroot}%{_bindir}
66272c
66272c
# install man pages
66272c
install -d -p %{buildroot}%{_mandir}/man8
66272c
install -p -m 644 man/man8/* %{buildroot}%{_mandir}/man8
66272c
# install bash completion
66272c
install -d -p %{buildroot}%{_datadir}/bash-completion/completions
66272c
install -p -m 0644 contrib/completions/bash/%{name} %{buildroot}%{_datadir}/bash-completion/completions
66272c
66272c
%check
66272c
66272c
#define license tag if not already defined
66272c
%{!?_licensedir:%global license %doc}
66272c
66272c
%files
66272c
%license LICENSE
66272c
%doc MAINTAINERS_GUIDE.md PRINCIPLES.md README.md CONTRIBUTING.md
66272c
%{_bindir}/%{name}
66272c
%{_mandir}/man8/%{name}*
66272c
%{_datadir}/bash-completion/completions/%{name}
66272c
66272c
%changelog
66272c
* Thu Nov 28 2019 Jindrich Novy <jnovy@redhat.com> - 1.0.0-56.rc5.dev.git2abd837
66272c
- rebuild because of CVE-2019-9512 and CVE-2019-9514
66272c
- Resolves: #1766328, #1766300
66272c
66272c
* Tue Feb 12 2019 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-55.rc5.dev.git2abd837
66272c
- Resolves: #1665770 - rootfs: umount all procfs and sysfs with --no-pivot
66272c
- Resolves: CVE-2019-5736
66272c
66272c
* Tue Dec 18 2018 Frantisek Kluknavsky <fkluknav@redhat.com> - 1.0.0-54.rc5.dev.git2abd837
66272c
- re-enable debuginfo
66272c
66272c
* Mon Dec 17 2018 Frantisek Kluknavsky <fkluknav@redhat.com> - 1.0.0-53.rc5.dev.git2abd837
66272c
- go toolset not in scl anymore
66272c
66272c
* Wed Sep 26 2018 Frantisek Kluknavsky <fkluknav@redhat.com> - 1.0.0-52.rc5.dev.git2abd837
66272c
- rebase
66272c
66272c
* Fri Aug 31 2018 Dan Walsh <dwalsh@redhat.name> - 2:1.0.0-51.dev.gitfdd8055
66272c
- Fix handling of tmpcopyup
66272c
66272c
* Fri Aug 24 2018 Lokesh Mandvekar <lsm5@redhat.com> - 2:1.0.0-49.rc5.dev.gitb4e2ecb
66272c
- %%gobuild uses no_openssl
66272c
- remove unused devel and unit-test subpackages
66272c
66272c
* Tue Aug 07 2018 Lokesh Mandvekar <lsm5@redhat.com> - 2:1.0.0-48.rc5.dev.gitad0f525
66272c
- build with %%gobuild
66272c
- exlude i686 temporarily because of go-toolset issues
66272c
66272c
* Mon Jul 30 2018 Florian Weimer <fweimer@redhat.com> - 1.0.0-47.dev.gitb4e2ecb
66272c
- Rebuild with fixed binutils
66272c
66272c
* Fri Jul 27 2018 Dan Walsh <dwalsh@redhat.name> - 2:1.0.0-46.dev.gitb4e2ecb
66272c
- Add patch https://github.com/opencontainers/runc/pull/1807 to allow
66272c
- runc and podman to work with sd_notify
66272c
66272c
* Wed Jul 18 2018 Dan Walsh <dwalsh@redhat.com> - 2:1.0.0-40.rc5.dev.gitad0f525
66272c
- Remove sysclt handling, not needed in RHEL8
66272c
- Make sure package built with seccomp flags
66272c
- Remove rectty
66272c
- Add completions
66272c
66272c
* Fri Jun 15 2018 Dan Walsh <dwalsh@redhat.com> - 2:1.0.0-36.rc5.dev.gitad0f525
66272c
- Better handling of user namespace
66272c
66272c
* Tue May 1 2018 Dan Walsh <dwalsh@redhat.name> - 2:1.0.0-31.rc5.git0cbfd83
66272c
- Fix issues between SELinux and UserNamespace
66272c
66272c
* Tue Apr 17 2018 Frantisek Kluknavsky <fkluknav@redhat.com> - 1.0.0-27.rc5.dev.git4bb1fe4
66272c
- rebuilt, placed missing changelog entry back
66272c
66272c
* Tue Feb 27 2018 Dan Walsh <dwalsh@redhat.name> - 2:1.0.0-26.rc5.git4bb1fe4
66272c
- release v1.0.0~rc5
66272c
66272c
* Wed Jan 24 2018 Dan Walsh <dwalsh@redhat.name> - 1.0.0-26.rc4.git9f9c962
66272c
- Bump to the latest from upstream
66272c
66272c
* Mon Dec 18 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-25.rc4.gite6516b3
66272c
- built commit e6516b3
66272c
66272c
* Fri Dec 15 2017 Frantisek Kluknavsky <fkluknav@redhat.com> - 1.0.0-24.rc4.dev.gitc6e4a1e.1
66272c
- rebase to c6e4a1ebeb1a72b529c6f1b6ee2b1ae5b868b14f
66272c
- https://github.com/opencontainers/runc/pull/1651
66272c
66272c
* Tue Dec 12 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-23.rc4.git1d3ab6d
66272c
- Resolves: #1524654
66272c
66272c
* Sun Dec 10 2017 Dan Walsh <dwalsh@redhat.name> - 1.0.0-22.rc4.git1d3ab6d
66272c
- Many Stability fixes
66272c
- Many fixes for rootless containers
66272c
- Many fixes for static builds
66272c
66272c
* Thu Nov 09 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-21.rc4.dev.gitaea4f21
66272c
- enable debuginfo and include -buildmode=pie for go build
66272c
66272c
* Tue Nov 07 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-20.rc4.dev.gitaea4f21
66272c
- use Makefile
66272c
66272c
* Tue Nov 07 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-19.rc4.dev.gitaea4f21
66272c
- disable debuginfo temporarily
66272c
66272c
* Fri Nov 03 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-18.rc4.dev.gitaea4f21
66272c
- enable debuginfo
66272c
66272c
* Wed Oct 25 2017 Dan Walsh <dwalsh@redhat.name> - 1.0.0-17.rc4.gitaea4f21
66272c
- Add container-selinux prerequires to make sure runc is labeled correctly
66272c
66272c
* Thu Oct 19 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-16.rc4.dev.gitaea4f21
66272c
- correct the release tag "rc4dev" -> "rc4.dev" cause I'm OCD
66272c
66272c
* Mon Oct 16 2017 Dan Walsh <dwalsh@redhat.com> - 1.0.0-15.rc4dev.gitaea4f21
66272c
- Use the same checkout as Fedora for lates CRI-O
66272c
66272c
* Fri Sep 22 2017 Frantisek Kluknavsky <fkluknav@redhat.com> - 1.0.0-14.rc4dev.git84a082b
66272c
- rebase to 84a082bfef6f932de921437815355186db37aeb1
66272c
66272c
* Tue Jun 13 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-13.rc3.gitd40db12
66272c
- Resolves: #1479489
66272c
- built commit d40db12
66272c
66272c
* Tue Jun 13 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-12.1.gitf8ce01d
66272c
- disable s390x temporarily because of indefinite wait times on brew
66272c
66272c
* Tue Jun 13 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-11.1.gitf8ce01d
66272c
- correct previous bogus date :\
66272c
66272c
* Mon Jun 12 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-10.1.gitf8ce01d
66272c
- Resolves: #1441737 - run sysctl_apply for sysctl knob
66272c
66272c
* Tue May 09 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-9.1.gitf8ce01d
66272c
- Resolves: #1447078 - change default root path
66272c
- add commit e800860 from runc @projectatomic/change-root-path
66272c
66272c
* Fri May 05 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-8.1.gitf8ce01d
66272c
- Resolves: #1441737 - enable kernel sysctl knob /proc/sys/fs/may_detach_mounts
66272c
66272c
* Thu Apr 13 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-7.1.gitf8ce01d
66272c
- Resolves: #1429675
66272c
- built @opencontainers/master commit f8ce01d
66272c
66272c
* Thu Mar 16 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-4.1.gitee992e5
66272c
- built @projectatomic/master commit ee992e5
66272c
66272c
* Fri Feb 24 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-3.rc2
66272c
- Resolves: #1426674
66272c
- built projectatomic/runc_rhel_7 commit 5d93f81
66272c
66272c
* Mon Feb 06 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-2.rc2
66272c
- Resolves: #1419702 - rebase to latest upstream master
66272c
- built commit b263a43
66272c
66272c
* Wed Jan 11 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-1.rc2
66272c
- Resolves: #1412239 - *CVE-2016-9962* - set init processes as non-dumpable,
66272c
runc patch from Michael Crosby <crosbymichael@gmail.com>
66272c
66272c
* Wed Sep 07 2016 Lokesh Mandvekar <lsm5@redhat.com> - 0.1.1-6
66272c
- Resolves: #1373980 - rebuild for 7.3.0
66272c
66272c
* Sat Jun 25 2016 Lokesh Mandvekar <lsm5@redhat.com> - 0.1.1-5
66272c
- build with golang >= 1.6.2
66272c
66272c
* Tue May 31 2016 Lokesh Mandvekar <lsm5@redhat.com> - 0.1.1-4
66272c
- release tags were inconsistent in the previous build
66272c
66272c
* Tue May 31 2016 Lokesh Mandvekar <lsm5@redhat.com> - 0.1.1-1
66272c
- Resolves: #1341267 - rebase runc to v0.1.1
66272c
66272c
* Tue May 03 2016 Lokesh Mandvekar <lsm5@redhat.com> - 0.1.0-3
66272c
- add selinux build tag
66272c
- add BR: libseccomp-devel
66272c
66272c
* Tue May 03 2016 Lokesh Mandvekar <lsm5@redhat.com> - 0.1.0-2
66272c
- Resolves: #1328970 - add seccomp buildtag
66272c
66272c
* Tue Apr 19 2016 Lokesh Mandvekar <lsm5@redhat.com> - 0.1.0-1
66272c
- Resolves: rhbz#1328616 - rebase to v0.1.0
66272c
66272c
* Tue Mar 08 2016 Lokesh Mandvekar <lsm5@redhat.com> - 0.0.8-1.git4155b68
66272c
- Resolves: rhbz#1277245 - bump to 0.0.8
66272c
- Resolves: rhbz#1302363 - criu is a runtime dep
66272c
- Resolves: rhbz#1302348 - libseccomp-golang is bundled in Godeps
66272c
- manpages included
66272c
66272c
* Wed Nov 25 2015 jchaloup <jchaloup@redhat.com> - 1:0.0.5-0.1.git97bc9a7
66272c
- Update to 0.0.5, introduce Epoch for Fedora due to 0.2 version instead of 0.0.2
66272c
66272c
* Fri Aug 21 2015 Jan Chaloupka <jchaloup@redhat.com> - 0.2-0.2.git90e6d37
66272c
- First package for Fedora
66272c
  resolves: #1255179