diff --git a/.gitignore b/.gitignore index aad1615..c8b3944 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/runc-bd013b6.tar.gz +SOURCES/v1.1.0.tar.gz diff --git a/.runc.metadata b/.runc.metadata index 411c8f3..3f0ddce 100644 --- a/.runc.metadata +++ b/.runc.metadata @@ -1 +1 @@ -ce28b449cb43d3eb16eac1c1a27195d98d537f22 SOURCES/runc-bd013b6.tar.gz +d4fa85406357bf801550e491d51fedbe482fd2e2 SOURCES/v1.1.0.tar.gz diff --git a/SOURCES/cgroups-v2.patch b/SOURCES/cgroups-v2.patch deleted file mode 100644 index 561b81a..0000000 --- a/SOURCES/cgroups-v2.patch +++ /dev/null @@ -1,103 +0,0 @@ -From 5fb0f19ec8c52ed0c9bbb3551deb0016992ecc52 Mon Sep 17 00:00:00 2001 -From: Giuseppe Scrivano -Date: Thu, 3 Oct 2019 15:58:39 +0200 -Subject: [PATCH] cgroups: raise an error on cgroups v2 - -Signed-off-by: Giuseppe Scrivano ---- - create.go | 8 ++++++++ - run.go | 8 ++++++++ - utils_linux.go | 14 ++++++++++++++ - 3 files changed, 30 insertions(+) - -diff --git a/create.go b/create.go -index 5f3ac609..91d17d07 100644 ---- a/create.go -+++ b/create.go -@@ -1,6 +1,7 @@ - package main - - import ( -+ "fmt" - "os" - - "github.com/urfave/cli" -@@ -52,6 +53,13 @@ command(s) that get executed on start, edit the args parameter of the spec. See - }, - }, - Action: func(context *cli.Context) error { -+ unified, err := IsCgroup2UnifiedMode() -+ if err != nil { -+ return err -+ } -+ if unified { -+ return fmt.Errorf("this version of runc doesn't work on cgroups v2") -+ } - if err := checkArgs(context, 1, exactArgs); err != nil { - return err - } -diff --git a/run.go b/run.go -index f8d63178..3f29737b 100644 ---- a/run.go -+++ b/run.go -@@ -3,6 +3,7 @@ - package main - - import ( -+ "fmt" - "os" - - "github.com/urfave/cli" -@@ -63,6 +64,13 @@ command(s) that get executed on start, edit the args parameter of the spec. See - }, - }, - Action: func(context *cli.Context) error { -+ unified, err := IsCgroup2UnifiedMode() -+ if err != nil { -+ return err -+ } -+ if unified { -+ return fmt.Errorf("this version of runc doesn't work on cgroups v2") -+ } - if err := checkArgs(context, 1, exactArgs); err != nil { - return err - } -diff --git a/utils_linux.go b/utils_linux.go -index 984e6b0f..a5a03de9 100644 ---- a/utils_linux.go -+++ b/utils_linux.go -@@ -9,6 +9,7 @@ import ( - "os/exec" - "path/filepath" - "strconv" -+ "syscall" - - "github.com/opencontainers/runc/libcontainer" - "github.com/opencontainers/runc/libcontainer/cgroups/systemd" -@@ -26,6 +27,10 @@ import ( - "golang.org/x/sys/unix" - ) - -+const ( -+ _cgroup2SuperMagic = 0x63677270 -+) -+ - var errEmptyID = errors.New("container id cannot be empty") - - // loadFactory returns the configured factory instance for execing containers. -@@ -451,3 +456,12 @@ func startContainer(context *cli.Context, spec *specs.Spec, action CtAct, criuOp - } - return r.run(spec.Process) - } -+ -+// IsCgroup2UnifiedMode returns whether we are running in cgroup 2 cgroup2 mode. -+func IsCgroup2UnifiedMode() (bool, error) { -+ var st syscall.Statfs_t -+ if err := syscall.Statfs("/sys/fs/cgroup", &st); err != nil { -+ return false, err -+ } -+ return st.Type == _cgroup2SuperMagic, nil -+} --- -2.21.0 - diff --git a/SPECS/runc.spec b/SPECS/runc.spec index 26cab7b..1740210 100644 --- a/SPECS/runc.spec +++ b/SPECS/runc.spec @@ -1,14 +1,15 @@ -%global with_devel 0 -%global with_bundled 1 %global with_check 0 -%global with_unit_test 0 -%global with_debug 1 -%if 0%{?with_debug} %global _find_debuginfo_dwz_opts %{nil} %global _dwz_low_mem_die_limit 0 + +%if 0%{?rhel} > 7 && ! 0%{?fedora} +%define gobuild(o:) \ +go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -linkmode=external -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v %{?**}; %else -%global debug_package %{nil} +%if ! 0%{?gobuild:1} +%define gobuild(o:) GO111MODULE=off go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -linkmode=external -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld '" -a -v %{?**}; +%endif %endif %global provider github @@ -16,152 +17,37 @@ %global project opencontainers %global repo runc # https://github.com/opencontainers/runc -%global provider_prefix %{provider}.%{provider_tld}/%{project}/%{repo} -%global import_path %{provider_prefix} -%global git0 https://github.com/opencontainers/runc -%global commit0 bd013b6e4d13e7c9fb75ab8060013da5f9ebb6cf -%global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) +%global import_path %{provider}.%{provider_tld}/%{project}/%{repo} +%global git0 https://%{import_path} +Epoch: 3 Name: %{repo} -Epoch: 2 -Version: 1.0.0 -Release: 332.dev.git%{shortcommit0}%{?dist} +Version: 1.1.0 +Release: 2%{?dist} Summary: CLI for running Open Containers +# https://fedoraproject.org/wiki/PackagingDrafts/Go#Go_Language_Architectures +#ExclusiveArch: %%{go_arches} +# still use arch exclude as the macro above still refers %%{ix86} in RHEL8.4: +# https://bugzilla.redhat.com/show_bug.cgi?id=1905383 +ExcludeArch: %{ix86} License: ASL 2.0 URL: %{git0} -Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz -Patch1: cgroups-v2.patch - -# https://fedoraproject.org/wiki/PackagingDrafts/Go#Go_Language_Architectures -ExclusiveArch: %{go_arches} -# If go_compiler is not set to 1, there is no virtual provide. Use golang instead. -BuildRequires: %{?go_compiler:compiler(go-compiler)}%{!?go_compiler:golang} -BuildRequires: pkgconfig(libseccomp) -BuildRequires: go-md2man -BuildRequires: make +Source0: %{git0}/archive/v%{version}.tar.gz +Provides: oci-runtime +BuildRequires: golang >= 1.12.12-4 BuildRequires: git - -%if ! 0%{?with_bundled} -BuildRequires: golang(github.com/Sirupsen/logrus) -BuildRequires: golang(github.com/codegangsta/cli) -BuildRequires: golang(github.com/coreos/go-systemd/activation) -BuildRequires: golang(github.com/coreos/go-systemd/dbus) -BuildRequires: golang(github.com/coreos/go-systemd/util) -BuildRequires: golang(github.com/docker/docker/pkg/mount) -BuildRequires: golang(github.com/docker/docker/pkg/symlink) -BuildRequires: golang(github.com/docker/docker/pkg/term) -BuildRequires: golang(github.com/docker/go-units) -BuildRequires: golang(github.com/godbus/dbus) -BuildRequires: golang(github.com/golang/protobuf/proto) -BuildRequires: golang(github.com/opencontainers/runtime-spec/specs-go) -BuildRequires: golang(github.com/opencontainers/specs/specs-go) -BuildRequires: golang(github.com/seccomp/libseccomp-golang) -BuildRequires: golang(github.com/syndtr/gocapability/capability) -BuildRequires: golang(github.com/vishvananda/netlink) -BuildRequires: golang(github.com/vishvananda/netlink/nl) -%endif -Recommends: container-selinux >= 2:2.85-1 - -%ifnarch s390x -Recommends: criu -%endif +BuildRequires: go-md2man +BuildRequires: libseccomp-devel +Requires: criu %description The runc command can be used to start containers which are packaged in accordance with the Open Container Initiative's specifications, and to manage containers running under runc. -%if 0%{?with_devel} -%package devel -Summary: %{summary} -BuildArch: noarch - -%if 0%{?with_check} -BuildRequires: golang(github.com/Sirupsen/logrus) -BuildRequires: golang(github.com/coreos/go-systemd/dbus) -BuildRequires: golang(github.com/coreos/go-systemd/util) -BuildRequires: golang(github.com/docker/docker/pkg/mount) -BuildRequires: golang(github.com/docker/docker/pkg/symlink) -BuildRequires: golang(github.com/docker/go-units) -BuildRequires: golang(github.com/godbus/dbus) -BuildRequires: golang(github.com/golang/protobuf/proto) -BuildRequires: golang(github.com/opencontainers/runtime-spec/specs-go) -BuildRequires: golang(github.com/seccomp/libseccomp-golang) -BuildRequires: golang(github.com/syndtr/gocapability/capability) -BuildRequires: golang(github.com/vishvananda/netlink) -BuildRequires: golang(github.com/vishvananda/netlink/nl) -%endif - -Requires: golang(github.com/Sirupsen/logrus) -Requires: golang(github.com/coreos/go-systemd/dbus) -Requires: golang(github.com/coreos/go-systemd/util) -Requires: golang(github.com/docker/docker/pkg/mount) -Requires: golang(github.com/docker/docker/pkg/symlink) -Requires: golang(github.com/docker/go-units) -Requires: golang(github.com/godbus/dbus) -Requires: golang(github.com/golang/protobuf/proto) -Requires: golang(github.com/opencontainers/runtime-spec/specs-go) -Requires: golang(github.com/seccomp/libseccomp-golang) -Requires: golang(github.com/syndtr/gocapability/capability) -Requires: golang(github.com/vishvananda/netlink) -Requires: golang(github.com/vishvananda/netlink/nl) - -Provides: oci-runtime = 1 -Provides: golang(%{import_path}/libcontainer) = %{version}-%{release} -Provides: golang(%{import_path}/libcontainer/apparmor) = %{version}-%{release} -Provides: golang(%{import_path}/libcontainer/cgroups) = %{version}-%{release} -Provides: golang(%{import_path}/libcontainer/cgroups/fs) = %{version}-%{release} -Provides: golang(%{import_path}/libcontainer/cgroups/systemd) = %{version}-%{release} -Provides: golang(%{import_path}/libcontainer/configs) = %{version}-%{release} -Provides: golang(%{import_path}/libcontainer/configs/validate) = %{version}-%{release} -Provides: golang(%{import_path}/libcontainer/criurpc) = %{version}-%{release} -Provides: golang(%{import_path}/libcontainer/devices) = %{version}-%{release} -Provides: golang(%{import_path}/libcontainer/integration) = %{version}-%{release} -Provides: golang(%{import_path}/libcontainer/keys) = %{version}-%{release} -Provides: golang(%{import_path}/libcontainer/nsenter) = %{version}-%{release} -Provides: golang(%{import_path}/libcontainer/seccomp) = %{version}-%{release} -Provides: golang(%{import_path}/libcontainer/specconv) = %{version}-%{release} -Provides: golang(%{import_path}/libcontainer/stacktrace) = %{version}-%{release} -Provides: golang(%{import_path}/libcontainer/system) = %{version}-%{release} -Provides: golang(%{import_path}/libcontainer/user) = %{version}-%{release} -Provides: golang(%{import_path}/libcontainer/utils) = %{version}-%{release} -Provides: golang(%{import_path}/libcontainer/xattr) = %{version}-%{release} - -%description devel -The runc command can be used to start containers which are packaged -in accordance with the Open Container Initiative's specifications, -and to manage containers running under runc. - -This package contains library source intended for -building other packages which use import path with -%{import_path} prefix. -%endif - -%if 0%{?with_unit_test} && 0%{?with_devel} -%package unit-test -Summary: Unit tests for %{name} package -# If go_compiler is not set to 1, there is no virtual provide. Use golang instead. -BuildRequires: %{?go_compiler:compiler(go-compiler)}%{!?go_compiler:golang} - -%if 0%{?with_check} -#Here comes all BuildRequires: PACKAGE the unit tests -#in %%check section need for running -%endif - -# test subpackage tests code from devel subpackage -Requires: %{name}-devel = %{epoch}:%{version}-%{release} - -%description unit-test -The runc command can be used to start containers which are packaged -in accordance with the Open Container Initiative's specifications, -and to manage containers running under runc. - -This package contains unit tests for project -providing packages with %{import_path} prefix. -%endif - %prep -%autosetup -Sgit -n %{name}-%{commit0} +%autosetup -Sgit +sed -i '/\#\!\/bin\/bash/d' contrib/completions/bash/%{name} %build mkdir -p GOPATH @@ -171,93 +57,21 @@ pushd GOPATH popd pushd GOPATH/src/%{import_path} +export GO111MODULE=off export GOPATH=%{gopath}:$(pwd)/GOPATH +export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64" +export BUILDTAGS="selinux seccomp" +export LDFLAGS="-X main.gitCommit= -X main.version=%{version}" +%gobuild -o %{name} %{import_path} -make BUILDTAGS="seccomp selinux" all - -sed -i '/\#\!\/bin\/bash/d' contrib/completions/bash/%{name} +pushd man +./md2man-all.sh +popd %install -install -d -p %{buildroot}%{_bindir} -install -p -m 755 %{name} %{buildroot}%{_bindir} - -# generate man pages -man/md2man-all.sh - -# install man pages -install -d -p %{buildroot}%{_mandir}/man8 -install -p -m 0644 man/man8/*.8 %{buildroot}%{_mandir}/man8/. -# install bash completion -install -d -p %{buildroot}%{_datadir}/bash-completion/completions -install -p -m 0644 contrib/completions/bash/%{name} %{buildroot}%{_datadir}/bash-completion/completions - -# source codes for building projects -%if 0%{?with_devel} -install -d -p %{buildroot}/%{gopath}/src/%{import_path}/ -# find all *.go but no *_test.go files and generate devel.file-list -for file in $(find . -iname "*.go" \! -iname "*_test.go" | grep -v "^./Godeps") ; do - echo "%%dir %%{gopath}/src/%%{import_path}/$(dirname $file)" >> devel.file-list - install -d -p %{buildroot}/%{gopath}/src/%{import_path}/$(dirname $file) - cp -pav $file %{buildroot}/%{gopath}/src/%{import_path}/$file - echo "%%{gopath}/src/%%{import_path}/$file" >> devel.file-list -done -for file in $(find . -iname "*.proto" | grep -v "^./Godeps") ; do - echo "%%dir %%{gopath}/src/%%{import_path}/$(dirname $file)" >> devel.file-list - install -d -p %{buildroot}/%{gopath}/src/%{import_path}/$(dirname $file) - cp -pav $file %{buildroot}/%{gopath}/src/%{import_path}/$file - echo "%%{gopath}/src/%%{import_path}/$file" >> devel.file-list -done -%endif - -# testing files for this project -%if 0%{?with_unit_test} && 0%{?with_devel} -install -d -p %{buildroot}/%{gopath}/src/%{import_path}/ -# find all *_test.go files and generate unit-test.file-list -for file in $(find . -iname "*_test.go" | grep -v "^./Godeps"); do - echo "%%dir %%{gopath}/src/%%{import_path}/$(dirname $file)" >> devel.file-list - install -d -p %{buildroot}/%{gopath}/src/%{import_path}/$(dirname $file) - cp -pav $file %{buildroot}/%{gopath}/src/%{import_path}/$file - echo "%%{gopath}/src/%%{import_path}/$file" >> unit-test.file-list -done -%endif - -%if 0%{?with_devel} -sort -u -o devel.file-list devel.file-list -%endif +make install install-man install-bash DESTDIR=$RPM_BUILD_ROOT PREFIX=%{_prefix} LIBDIR=%{_libdir} BINDIR=%{_bindir} %check -%if 0%{?with_check} && 0%{?with_unit_test} && 0%{?with_devel} -%if ! 0%{?with_bundled} -export GOPATH=%{buildroot}/%{gopath}:%{gopath} -%else -export GOPATH=%{buildroot}/%{gopath}:$(pwd)/Godeps/_workspace:%{gopath} -%endif - -%if ! 0%{?gotest:1} -%global gotest go test -%endif - -# FAIL: TestFactoryNewTmpfs (0.00s), factory_linux_test.go:59: operation not permitted -#%%gotest %%{import_path}/libcontainer -#%%gotest %%{import_path}/libcontainer/cgroups -# --- FAIL: TestInvalidCgroupPath (0.00s) -# apply_raw_test.go:16: couldn't get cgroup root: mountpoint for cgroup not found -# apply_raw_test.go:25: couldn't get cgroup data: mountpoint for cgroup not found -#%%gotest %%{import_path}/libcontainer/cgroups/fs -#%%gotest %%{import_path}/libcontainer/configs -#%%gotest %%{import_path}/libcontainer/devices -# undefined reference to `nsexec' -#%%gotest %%{import_path}/libcontainer/integration -# Unable to create tstEth link: operation not permitted -#%%gotest %%{import_path}/libcontainer/netlink -# undefined reference to `nsexec' -#%%gotest %%{import_path}/libcontainer/nsenter -#%%gotest %%{import_path}/libcontainer/stacktrace -#constant 2147483648 overflows int -#%%gotest %%{import_path}/libcontainer/user -#%%gotest %%{import_path}/libcontainer/utils -#%%gotest %%{import_path}/libcontainer/xattr -%endif #define license tag if not already defined %{!?_licensedir:%global license %doc} @@ -269,21 +83,66 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/Godeps/_workspace:%{gopath} %{_mandir}/man8/%{name}* %{_datadir}/bash-completion/completions/%{name} -%if 0%{?with_devel} -%files devel -f devel.file-list -%license LICENSE -%doc MAINTAINERS_GUIDE.md PRINCIPLES.md README.md CONTRIBUTING.md -%dir %{gopath}/src/%{provider}.%{provider_tld}/%{project} -%dir %{gopath}/src/%{import_path} -%endif +%changelog +* Wed Jan 26 2022 Jindrich Novy - 3:1.1.0-2 +- Epoch: 3 as the oldest runc build in RHEL9 has Epoch: 2 +- Related: #2000051 -%if 0%{?with_unit_test} && 0%{?with_devel} -%files unit-test -f unit-test.file-list -%license LICENSE -%doc MAINTAINERS_GUIDE.md PRINCIPLES.md README.md CONTRIBUTING.md -%endif +* Tue Jan 18 2022 Jindrich Novy - 1.1.0-1 +- update to https://github.com/opencontainers/runc/releases/tag/v1.1.0 +- Related: #2000051 + +* Mon Dec 06 2021 Jindrich Novy - 1.0.3-1 +- update to https://github.com/opencontainers/runc/releases/tag/v1.0.3 +- Related: #2000051 + +* Fri Oct 01 2021 Jindrich Novy - 1.0.2-3 +- perform only sanity/installability tests for now +- Related: #2000051 + +* Wed Sep 29 2021 Jindrich Novy - 1.0.2-2 +- add gating.yaml +- Related: #2000051 + +* Fri Sep 03 2021 Jindrich Novy - 1.0.2-1 +- update to https://github.com/opencontainers/runc/releases/tag/v1.0.2 +- Related: #2000051 + +* Tue Aug 10 2021 Mohan Boddu - 1.0.1-6 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Fri Aug 06 2021 Jindrich Novy - 1.0.1-5 +- do not use versioned provide +- Resolves: #1974950 + +* Thu Jul 29 2021 Jindrich Novy - 1.0.1-4 +- fix "unknown version" displayed by runc -v +- Related: #1970747 + +* Mon Jul 26 2021 Jindrich Novy - 1.0.1-3 +- be sure to compile runc binaries the right way +- Related: #1970747 + +* Mon Jul 26 2021 Jindrich Novy - 1.0.1-2 +- use Makefile +- Related: #1970747 + +* Mon Jul 19 2021 Jindrich Novy - 1.0.1-1 +- update to https://github.com/opencontainers/runc/releases/tag/v1.0.1 +- Related: #1970747 + +* Wed Jun 23 2021 Lokesh Mandvekar - 1.0.0-338.rc95 +- Resolves: #1974950 - versionless oci-runtime + +* Tue Jun 22 2021 Mohan Boddu - 1.0.0-337.rc95 +- Rebuilt for RHEL 9 BETA for openssl 3.0 + Related: rhbz#1971065 + +* Mon Jun 14 2021 Jindrich Novy - 1.0.0-336.rc95 +- add GO111MODULE=off +- Related: #1970747 -%changelog * Fri Apr 16 2021 Mohan Boddu - 2:1.0.0-332.dev.gitbd013b6 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937