diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..daead67 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/runc-aea4f21.tar.gz diff --git a/.runc.metadata b/.runc.metadata new file mode 100644 index 0000000..2300756 --- /dev/null +++ b/.runc.metadata @@ -0,0 +1 @@ +7de652a014b59b797b937e8540e53971add71cbc SOURCES/runc-aea4f21.tar.gz diff --git a/README.md b/README.md deleted file mode 100644 index 98f42b4..0000000 --- a/README.md +++ /dev/null @@ -1,4 +0,0 @@ -The master branch has no content - -Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6 -If you find this file in a distro specific branch, it means that no content has been checked in yet diff --git a/SOURCES/99-containers.conf b/SOURCES/99-containers.conf new file mode 100644 index 0000000..7e2d537 --- /dev/null +++ b/SOURCES/99-containers.conf @@ -0,0 +1 @@ +fs.may_detach_mounts=1 diff --git a/SOURCES/change-default-root.patch b/SOURCES/change-default-root.patch new file mode 100644 index 0000000..6ae9207 --- /dev/null +++ b/SOURCES/change-default-root.patch @@ -0,0 +1,66 @@ +From e8008604cb0a1921ab416302265ed50d504696f5 Mon Sep 17 00:00:00 2001 +From: Mrunal Patel +Date: Wed, 5 Apr 2017 07:46:28 -0700 +Subject: [PATCH] Change the default --root to /run/runc-ctrs + +This avoids the unmarshalling issues with older docker-runc +Signed-off-by: Mrunal Patel +--- + list.go | 2 +- + main.go | 2 +- + man/runc-list.8.md | 2 +- + man/runc.8.md | 2 +- + 4 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/list.go b/list.go +index c7550a2..75ee2fc 100644 +--- a/list.go ++++ b/list.go +@@ -46,7 +46,7 @@ var listCommand = cli.Command{ + ArgsUsage: ` + + Where the given root is specified via the global option "--root" +-(default: "/run/runc"). ++(default: "/run/runc-ctrs"). + + EXAMPLE 1: + To list containers created via the default "--root": +diff --git a/main.go b/main.go +index 1cb8f4d..0b34488 100644 +--- a/main.go ++++ b/main.go +@@ -77,7 +77,7 @@ func main() { + }, + cli.StringFlag{ + Name: "root", +- Value: "/run/runc", ++ Value: "/run/runc-ctrs", + Usage: "root directory for storage of container state (this should be located in tmpfs)", + }, + cli.StringFlag{ +diff --git a/man/runc-list.8.md b/man/runc-list.8.md +index f737424..107220e 100644 +--- a/man/runc-list.8.md ++++ b/man/runc-list.8.md +@@ -6,7 +6,7 @@ + + # EXAMPLE + Where the given root is specified via the global option "--root" +-(default: "/run/runc"). ++(default: "/run/runc-ctrs"). + + To list containers created via the default "--root": + # runc list +diff --git a/man/runc.8.md b/man/runc.8.md +index b5a8c54..c3a07fb 100644 +--- a/man/runc.8.md ++++ b/man/runc.8.md +@@ -50,7 +50,7 @@ value for "bundle" is the current directory. + --debug enable debug output for logging + --log value set the log file path where internal debug information is written (default: "/dev/null") + --log-format value set the format used by logs ('text' (default), or 'json') (default: "text") +- --root value root directory for storage of container state (this should be located in tmpfs) (default: "/run/runc") ++ --root value root directory for storage of container state (this should be located in tmpfs) (default: "/run/runc-ctrs") + --criu value path to the criu binary used for checkpoint and restore (default: "criu") + --systemd-cgroup enable systemd cgroup support, expects cgroupsPath to be of form "slice:prefix:name" for e.g. "system.slice:runc:434234" + --help, -h show help diff --git a/SPECS/runc.spec b/SPECS/runc.spec new file mode 100644 index 0000000..b884acf --- /dev/null +++ b/SPECS/runc.spec @@ -0,0 +1,384 @@ +%if 0%{?fedora} || 0%{?rhel} == 6 +%global with_devel 1 +%global with_bundled 0 +%global with_debug 1 +%global with_check 1 +%global with_unit_test 1 +%else +%global with_devel 0 +%global with_bundled 1 +%global with_debug 1 +%global with_check 0 +%global with_unit_test 0 +%endif + +%if 0%{?with_debug} +%global _dwz_low_mem_die_limit 0 +%else +%global debug_package %{nil} +%endif + +%if ! 0%{?gobuild:1} +%define gobuild(o:) go build -buildmode=pie -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n')" -tags "$BUILDTAGS" -a -v -x %{?**}; +%endif + +%global provider github +%global provider_tld com +%global project opencontainers +%global repo runc +# https://github.com/opencontainers/runc +%global provider_prefix %{provider}.%{provider_tld}/%{project}/%{repo} +%global import_path %{provider_prefix} +%global git0 https://github.com/opencontainers/runc +%global commit0 aea4f21eec795d9f5b7c7d514f568c08d58b8e58 +%global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) + +Name: %{repo} +Version: 1.0.0 +Release: 21.rc4.dev.git%{shortcommit0}%{?dist} +Summary: CLI for running Open Containers +License: ASL 2.0 +URL: http//%{provider_prefix} +Source0: %{git0}/archive/%{commit0}/%{repo}-%{shortcommit0}.tar.gz +Source1: 99-containers.conf +Patch0: change-default-root.patch +Requires: criu +Requires(pre): container-selinux >= 2:2.2-2 + +# If go_compiler is not set to 1, there is no virtual provide. Use golang instead. +BuildRequires: %{?go_compiler:compiler(go-compiler)}%{!?go_compiler:golang} >= 1.6.2 +BuildRequires: git +BuildRequires: go-md2man +BuildRequires: libseccomp-devel + +%if ! 0%{?with_bundled} +BuildRequires: golang(github.com/Sirupsen/logrus) +BuildRequires: golang(github.com/codegangsta/cli) +BuildRequires: golang(github.com/coreos/go-systemd/dbus) +BuildRequires: golang(github.com/coreos/go-systemd/util) +BuildRequires: golang(github.com/docker/docker/pkg/mount) +BuildRequires: golang(github.com/docker/docker/pkg/symlink) +BuildRequires: golang(github.com/docker/docker/pkg/term) +BuildRequires: golang(github.com/docker/docker/pkg/units) +BuildRequires: golang(github.com/godbus/dbus) +BuildRequires: golang(github.com/golang/protobuf/proto) +BuildRequires: golang(github.com/opencontainers/specs) +BuildRequires: golang(github.com/syndtr/gocapability/capability) +%endif + +%description +The runc command can be used to start containers which are packaged +in accordance with the Open Container Initiative's specifications, +and to manage containers running under runc. + +%if 0%{?with_devel} +%package devel +Summary: %{summary} +BuildArch: noarch + +%if 0%{?with_check} +BuildRequires: golang(github.com/Sirupsen/logrus) +BuildRequires: golang(github.com/codegangsta/cli) +BuildRequires: golang(github.com/coreos/go-systemd/dbus) +BuildRequires: golang(github.com/coreos/go-systemd/util) +BuildRequires: golang(github.com/docker/docker/pkg/mount) +BuildRequires: golang(github.com/docker/docker/pkg/symlink) +BuildRequires: golang(github.com/docker/docker/pkg/term) +BuildRequires: golang(github.com/docker/docker/pkg/units) +BuildRequires: golang(github.com/godbus/dbus) +BuildRequires: golang(github.com/golang/protobuf/proto) +BuildRequires: golang(github.com/opencontainers/specs) +BuildRequires: golang(github.com/seccomp/libseccomp-golang) +BuildRequires: golang(github.com/syndtr/gocapability/capability) +BuildRequires: golang(github.com/vishvananda/netlink) +%endif + +Requires: golang(github.com/Sirupsen/logrus) +Requires: golang(github.com/coreos/go-systemd/dbus) +Requires: golang(github.com/coreos/go-systemd/util) +Requires: golang(github.com/docker/docker/pkg/mount) +Requires: golang(github.com/docker/docker/pkg/symlink) +Requires: golang(github.com/docker/docker/pkg/units) +Requires: golang(github.com/godbus/dbus) +Requires: golang(github.com/golang/protobuf/proto) +Requires: golang(github.com/seccomp/libseccomp-golang) +Requires: golang(github.com/syndtr/gocapability/capability) +Requires: golang(github.com/vishvananda/netlink) + +Provides: golang(%{import_path}/libcontainer) = %{version}-%{release} +Provides: golang(%{import_path}/libcontainer/apparmor) = %{version}-%{release} +Provides: golang(%{import_path}/libcontainer/cgroups) = %{version}-%{release} +Provides: golang(%{import_path}/libcontainer/cgroups/fs) = %{version}-%{release} +Provides: golang(%{import_path}/libcontainer/cgroups/systemd) = %{version}-%{release} +Provides: golang(%{import_path}/libcontainer/configs) = %{version}-%{release} +Provides: golang(%{import_path}/libcontainer/configs/validate) = %{version}-%{release} +Provides: golang(%{import_path}/libcontainer/criurpc) = %{version}-%{release} +Provides: golang(%{import_path}/libcontainer/devices) = %{version}-%{release} +Provides: golang(%{import_path}/libcontainer/integration) = %{version}-%{release} +Provides: golang(%{import_path}/libcontainer/label) = %{version}-%{release} +Provides: golang(%{import_path}/libcontainer/nsenter) = %{version}-%{release} +Provides: golang(%{import_path}/libcontainer/seccomp) = %{version}-%{release} +Provides: golang(%{import_path}/libcontainer/selinux) = %{version}-%{release} +Provides: golang(%{import_path}/libcontainer/stacktrace) = %{version}-%{release} +Provides: golang(%{import_path}/libcontainer/system) = %{version}-%{release} +Provides: golang(%{import_path}/libcontainer/user) = %{version}-%{release} +Provides: golang(%{import_path}/libcontainer/utils) = %{version}-%{release} +Provides: golang(%{import_path}/libcontainer/xattr) = %{version}-%{release} + +%description devel +The runc command can be used to start containers which are packaged +in accordance with the Open Container Initiative's specifications, +and to manage containers running under runc. + +This package contains library source intended for +building other packages which use import path with +%{import_path} prefix. +%endif + +%if 0%{?with_unit_test} && 0%{?with_devel} +%package unit-test +Summary: Unit tests for %{name} package +# If go_compiler is not set to 1, there is no virtual provide. Use golang instead. +BuildRequires: %{?go_compiler:compiler(go-compiler)}%{!?go_compiler:golang} + +%if 0%{?with_check} +#Here comes all BuildRequires: PACKAGE the unit tests +#in %%check section need for running +%endif + +# test subpackage tests code from devel subpackage +Requires: %{name}-devel = %{version}-%{release} + +%description unit-test +The runc command can be used to start containers which are packaged +in accordance with the Open Container Initiative's specifications, +and to manage containers running under runc. + +This package contains unit tests for project +providing packages with %{import_path} prefix. +%endif + +%prep +%autosetup -Sgit -n %{repo}-%{commit0} + +%build +mkdir -p GOPATH +pushd GOPATH + mkdir -p src/%{provider}.%{provider_tld}/%{project} + ln -s $(dirs +1 -l) src/%{import_path} +popd + +pushd GOPATH/src/%{import_path} +export GOPATH=%{gopath}:$(pwd)/GOPATH +export BUILDTAGS='selinux seccomp' + +GOPATH=$GOPATH %gobuild -o %{name} %{import_path} +GOPATH=$GOPATH %gobuild -o recvtty %{import_path}/contrib/cmd/recvtty + +pushd man +./md2man-all.sh +popd + +%install +install -d -p %{buildroot}%{_bindir} +install -p -m 755 %{name} %{buildroot}%{_bindir} +install -p -m 755 recvtty %{buildroot}%{_bindir} + +install -d -p %{buildroot}%{_mandir}/man8 +install -p -m 644 man/man8/* %{buildroot}%{_mandir}/man8 + +install -d -p %{buildroot}%{_usr}/lib/sysctl.d +install -p -m 644 %{SOURCE1} %{buildroot}%{_usr}/lib/sysctl.d + +# source codes for building projects +%if 0%{?with_devel} +install -d -p %{buildroot}/%{gopath}/src/%{import_path}/ +# find all *.go but no *_test.go files and generate devel.file-list +for file in $(find . -iname "*.go" \! -iname "*_test.go" | grep -v "^./Godeps") ; do + echo "%%dir %%{gopath}/src/%%{import_path}/$(dirname $file)" >> devel.file-list + install -d -p %{buildroot}/%{gopath}/src/%{import_path}/$(dirname $file) + cp -pav $file %{buildroot}/%{gopath}/src/%{import_path}/$file + echo "%%{gopath}/src/%%{import_path}/$file" >> devel.file-list +done +for file in $(find . -iname "*.proto" | grep -v "^./Godeps") ; do + echo "%%dir %%{gopath}/src/%%{import_path}/$(dirname $file)" >> devel.file-list + install -d -p %{buildroot}/%{gopath}/src/%{import_path}/$(dirname $file) + cp -pav $file %{buildroot}/%{gopath}/src/%{import_path}/$file + echo "%%{gopath}/src/%%{import_path}/$file" >> devel.file-list +done +%endif + +# testing files for this project +%if 0%{?with_unit_test} && 0%{?with_devel} +install -d -p %{buildroot}/%{gopath}/src/%{import_path}/ +# find all *_test.go files and generate unit-test.file-list +for file in $(find . -iname "*_test.go" | grep -v "^./Godeps"); do + echo "%%dir %%{gopath}/src/%%{import_path}/$(dirname $file)" >> devel.file-list + install -d -p %{buildroot}/%{gopath}/src/%{import_path}/$(dirname $file) + cp -pav $file %{buildroot}/%{gopath}/src/%{import_path}/$file + echo "%%{gopath}/src/%%{import_path}/$file" >> unit-test.file-list +done +%endif + +%if 0%{?with_devel} +sort -u -o devel.file-list devel.file-list +%endif + +%check +%if 0%{?with_check} && 0%{?with_unit_test} && 0%{?with_devel} +%if ! 0%{?with_bundled} +export GOPATH=%{buildroot}/%{gopath}:%{gopath} +%else +export GOPATH=%{buildroot}/%{gopath}:$(pwd)/Godeps/_workspace:%{gopath} +%endif + +%if ! 0%{?gotest:1} +%global gotest go test +%endif + +# FAIL: TestFactoryNewTmpfs (0.00s), factory_linux_test.go:59: operation not permitted +#%%gotest %%{import_path}/libcontainer +%gotest %{import_path}/libcontainer/cgroups +%gotest %{import_path}/libcontainer/cgroups/fs +%gotest %{import_path}/libcontainer/configs +%gotest %{import_path}/libcontainer/devices +# undefined reference to `nsexec' +#%%gotest %%{import_path}/libcontainer/integration +%gotest %{import_path}/libcontainer/label +# Unable to create tstEth link: operation not permitted +#%%gotest %%{import_path}/libcontainer/netlink +# undefined reference to `nsexec' +#%%gotest %%{import_path}/libcontainer/nsenter +%gotest %{import_path}/libcontainer/selinux +%gotest %{import_path}/libcontainer/stacktrace +%gotest %{import_path}/libcontainer/user +%gotest %{import_path}/libcontainer/utils +%gotest %{import_path}/libcontainer/xattr +%endif + +#define license tag if not already defined +%{!?_licensedir:%global license %doc} + +%post +%sysctl_apply 99-containers.conf + +%files +%license LICENSE +%doc MAINTAINERS_GUIDE.md PRINCIPLES.md README.md CONTRIBUTING.md +%{_bindir}/%{name} +%{_bindir}/recvtty +%{_mandir}/man8/%{name}* +%{_usr}/lib/sysctl.d/99-containers.conf + +%if 0%{?with_devel} +%files devel -f devel.file-list +%license LICENSE +%doc MAINTAINERS_GUIDE.md PRINCIPLES.md README.md CONTRIBUTING.md +%dir %{gopath}/src/%{provider}.%{provider_tld}/%{project} +%dir %{gopath}/src/%{import_path} +%endif + +%if 0%{?with_unit_test} && 0%{?with_devel} +%files unit-test -f unit-test.file-list +%license LICENSE +%doc MAINTAINERS_GUIDE.md PRINCIPLES.md README.md CONTRIBUTING.md +%endif + +%changelog +* Thu Nov 09 2017 Lokesh Mandvekar - 1.0.0-21.rc4.dev.gitaea4f21 +- enable debuginfo and include -buildmode=pie for go build + +* Tue Nov 07 2017 Lokesh Mandvekar - 1.0.0-20.rc4.dev.gitaea4f21 +- use Makefile + +* Tue Nov 07 2017 Lokesh Mandvekar - 1.0.0-19.rc4.dev.gitaea4f21 +- disable debuginfo temporarily + +* Fri Nov 03 2017 Lokesh Mandvekar - 1.0.0-18.rc4.dev.gitaea4f21 +- enable debuginfo + +* Wed Oct 25 2017 Dan Walsh - 1.0.0-17.rc4.gitaea4f21 +- Add container-selinux prerequires to make sure runc is labeled correctly + +* Thu Oct 19 2017 Lokesh Mandvekar - 1.0.0-16.rc4.dev.gitaea4f21 +- correct the release tag "rc4dev" -> "rc4.dev" cause I'm OCD + +* Mon Oct 16 2017 Dan Walsh - 1.0.0-15.rc4dev.gitaea4f21 +- Use the same checkout as Fedora for lates CRI-O + +* Fri Sep 22 2017 Frantisek Kluknavsky - 1.0.0-14.rc4dev.git84a082b +- rebase to 84a082bfef6f932de921437815355186db37aeb1 + +* Tue Jun 13 2017 Lokesh Mandvekar - 1.0.0-13.rc3.gitd40db12 +- Resolves: #1479489 +- built commit d40db12 + +* Tue Jun 13 2017 Lokesh Mandvekar - 1.0.0-12.1.gitf8ce01d +- disable s390x temporarily because of indefinite wait times on brew + +* Tue Jun 13 2017 Lokesh Mandvekar - 1.0.0-11.1.gitf8ce01d +- correct previous bogus date :\ + +* Mon Jun 12 2017 Lokesh Mandvekar - 1.0.0-10.1.gitf8ce01d +- Resolves: #1441737 - run sysctl_apply for sysctl knob + +* Tue May 09 2017 Lokesh Mandvekar - 1.0.0-9.1.gitf8ce01d +- Resolves: #1447078 - change default root path +- add commit e800860 from runc @projectatomic/change-root-path + +* Fri May 05 2017 Lokesh Mandvekar - 1.0.0-8.1.gitf8ce01d +- Resolves: #1441737 - enable kernel sysctl knob /proc/sys/fs/may_detach_mounts + +* Thu Apr 13 2017 Lokesh Mandvekar - 1.0.0-7.1.gitf8ce01d +- Resolves: #1429675 +- built @opencontainers/master commit f8ce01d + +* Thu Mar 16 2017 Lokesh Mandvekar - 1.0.0-4.1.gitee992e5 +- built @projectatomic/master commit ee992e5 + +* Fri Feb 24 2017 Lokesh Mandvekar - 1.0.0-3.rc2 +- Resolves: #1426674 +- built projectatomic/runc_rhel_7 commit 5d93f81 + +* Mon Feb 06 2017 Lokesh Mandvekar - 1.0.0-2.rc2 +- Resolves: #1419702 - rebase to latest upstream master +- built commit b263a43 + +* Wed Jan 11 2017 Lokesh Mandvekar - 1.0.0-1.rc2 +- Resolves: #1412239 - *CVE-2016-9962* - set init processes as non-dumpable, +runc patch from Michael Crosby + +* Wed Sep 07 2016 Lokesh Mandvekar - 0.1.1-6 +- Resolves: #1373980 - rebuild for 7.3.0 + +* Sat Jun 25 2016 Lokesh Mandvekar - 0.1.1-5 +- build with golang >= 1.6.2 + +* Tue May 31 2016 Lokesh Mandvekar - 0.1.1-4 +- release tags were inconsistent in the previous build + +* Tue May 31 2016 Lokesh Mandvekar - 0.1.1-1 +- Resolves: #1341267 - rebase runc to v0.1.1 + +* Tue May 03 2016 Lokesh Mandvekar - 0.1.0-3 +- add selinux build tag +- add BR: libseccomp-devel + +* Tue May 03 2016 Lokesh Mandvekar - 0.1.0-2 +- Resolves: #1328970 - add seccomp buildtag + +* Tue Apr 19 2016 Lokesh Mandvekar - 0.1.0-1 +- Resolves: rhbz#1328616 - rebase to v0.1.0 + +* Tue Mar 08 2016 Lokesh Mandvekar - 0.0.8-1.git4155b68 +- Resolves: rhbz#1277245 - bump to 0.0.8 +- Resolves: rhbz#1302363 - criu is a runtime dep +- Resolves: rhbz#1302348 - libseccomp-golang is bundled in Godeps +- manpages included + +* Wed Nov 25 2015 jchaloup - 1:0.0.5-0.1.git97bc9a7 +- Update to 0.0.5, introduce Epoch for Fedora due to 0.2 version instead of 0.0.2 + +* Fri Aug 21 2015 Jan Chaloupka - 0.2-0.2.git90e6d37 +- First package for Fedora + resolves: #1255179