Compare commits

..

No commits in common. "c8-stream-1.0" and "stream-container-tools-2.0-rhel-8.10.0" have entirely different histories.

16 changed files with 226 additions and 1 deletions

View File

@ -1 +0,0 @@
b2ceaf9705aa8239915010136a59664d31044fe3 SOURCES/criu-3.12.tar.bz2

1
.gitignore vendored
View File

@ -1 +1,2 @@
SOURCES/criu-3.12.tar.bz2
/criu-3.12.tar.bz2

View File

@ -0,0 +1,57 @@
From 4878775c8e0f2ea6869aff139d219f6eb0c4006c Mon Sep 17 00:00:00 2001
From: Adrian Reber <areber@redhat.com>
Date: Fri, 28 Jan 2022 15:10:31 +0000
Subject: [PATCH] Fix building with annobin
Annobin (used at least in Fedora and RHEL) injects annotation into the
compiled objects which break the parasite and restorer.
This removes the annobin flags as used in Fedora and RHEL and makes CRIU
work on Fedora and RHEL with annobin enabled.
Signed-off-by: Adrian Reber <areber@redhat.com>
---
compel/plugins/Makefile | 2 +-
criu/pie/Makefile | 2 +-
criu/pie/Makefile.library | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/compel/plugins/Makefile b/compel/plugins/Makefile
index e5fa781ac..37630d438 100644
--- a/compel/plugins/Makefile
+++ b/compel/plugins/Makefile
@@ -1,4 +1,4 @@
-CFLAGS := $(filter-out -pg $(CFLAGS-GCOV) $(CFLAGS-ASAN),$(CFLAGS))
+CFLAGS := $(filter-out -pg $(CFLAGS-GCOV) $(CFLAGS-ASAN) -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1,$(CFLAGS))
CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0
CFLAGS += -Wp,-U_FORTIFY_SOURCE -Wp,-D_FORTIFY_SOURCE=0
diff --git a/criu/pie/Makefile b/criu/pie/Makefile
index 265dcf82b..386626334 100644
--- a/criu/pie/Makefile
+++ b/criu/pie/Makefile
@@ -4,7 +4,7 @@
target := parasite restorer
-CFLAGS := $(filter-out -pg $(CFLAGS-GCOV) $(CFLAGS-ASAN),$(CFLAGS))
+CFLAGS := $(filter-out -pg $(CFLAGS-GCOV) $(CFLAGS-ASAN) -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1,$(CFLAGS))
CFLAGS += $(CFLAGS_PIE)
ccflags-y += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0
ccflags-y += -Wp,-U_FORTIFY_SOURCE -Wp,-D_FORTIFY_SOURCE=0
diff --git a/criu/pie/Makefile.library b/criu/pie/Makefile.library
index da2a2fab3..6247afe7e 100644
--- a/criu/pie/Makefile.library
+++ b/criu/pie/Makefile.library
@@ -21,7 +21,7 @@ ifeq ($(ARCH),arm)
lib-y += ./$(ARCH_DIR)/pie-cacheflush.o
endif
-CFLAGS := $(filter-out -pg $(CFLAGS-GCOV) $(CFLAGS-ASAN),$(CFLAGS))
+CFLAGS := $(filter-out -pg $(CFLAGS-GCOV) $(CFLAGS-ASAN) -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1,$(CFLAGS))
CFLAGS += $(CFLAGS_PIE)
ifeq ($(ARCH),mips)
--
2.34.1

27
criu.pc.patch Normal file
View File

@ -0,0 +1,27 @@
From 341ef149ee259d9432ea4c01507eefab2ef8b83c Mon Sep 17 00:00:00 2001
From: Radostin Stoyanov <radostin@redhat.com>
Date: Thu, 14 Oct 2021 12:58:56 +0100
Subject: [PATCH] criu.pc: Add libprotobuf-c as a dependency
CRIU has a dependency on protobuf-c-devel. We express this dependency
in pkgconfig to be auto-detected when building a package.
Signed-off-by: Radostin Stoyanov <radostin@redhat.com>
---
lib/c/criu.pc.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/lib/c/criu.pc.in b/lib/c/criu.pc.in
index 33986d10d..bcced5033 100644
--- a/lib/c/criu.pc.in
+++ b/lib/c/criu.pc.in
@@ -4,5 +4,6 @@ includedir=@includedir@
Name: CRIU
Description: RPC library for userspace checkpoint and restore
Version: @version@
+Requires.private: libprotobuf-c
Libs: -L${libdir} -lcriu
Cflags: -I${includedir}
--
2.31.1

6
gating.yaml Normal file
View File

@ -0,0 +1,6 @@
--- !Policy
product_versions:
- rhel-9
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

4
rpminspect.yaml Normal file
View File

@ -0,0 +1,4 @@
---
annocheck:
jobs:
- hardened: --verbose --skip-pie --skip-bind-now --skip-stack-prot

1
sources Normal file
View File

@ -0,0 +1 @@
SHA512 (criu-3.12.tar.bz2) = bb810d42da6e6dfa47a6675f258ef528a5be02eec663dc85e73532f9a291a8594f1642b0df2fbb4683c9555cb62af23597603ae0007e1b3be79d7ad7b77a60f0

View File

@ -0,0 +1,32 @@
#!/bin/bash
set -eux
ls -la
if ! crun checkpoint --help; then
echo "crun doesn't support checkpoint/restore"
exit 0
fi
echo "Start container"
podman --log-level debug run -d quay.io/adrianreber/counter
echo "See which containers are running"
podman ps
echo "Connect to the container"
curl `podman inspect -l | jq -r '.[0].NetworkSettings.IPAddress'`:8088
echo "Checkpoint container"
podman --log-level debug container checkpoint -l
podman ps -a
echo "Restore container"
podman --log-level debug container restore -l
podman ps -a
echo "Check if we can connect to the restored container"
curl `podman inspect -l | jq -r '.[0].NetworkSettings.IPAddress'`:8088
ls -la

63
tests/run-zdtm.sh Executable file
View File

@ -0,0 +1,63 @@
#!/bin/bash
set -x
uname -a
# These zdtm tests are skipped because they fail only in CI system
EXCLUDES=" \
-x zdtm/static/socket-tcp-reseted \
-x zdtm/static/socket-tcp-closed \
-x zdtm/static/socket-tcp-closed-last-ack \
-x zdtm/static/socket-tcp6-closed \
-x zdtm/static/socket-tcp4v6-closed \
-x zdtm/static/maps01 \
-x zdtm/static/maps04 \
-x zdtm/static/cgroup04 \
-x zdtm/static/cgroup_ifpriomap \
-x zdtm/static/netns_sub \
-x zdtm/static/netns_sub_veth \
-x zdtm/static/file_locks01 \
-x zdtm/static/cgroup02 "
run_test() {
./zdtm.py run --criu-bin /usr/sbin/criu ${EXCLUDES} \
-a --ignore-taint --keep-going
RESULT=$?
}
RESULT=42
python -V
# this socket brakes CRIU's test cases
rm -f /var/lib/sss/pipes/nss
# Move away the nft binary to avoid confusions with CRIU.
# This is already fixed upstream.
[ -e /usr/sbin/nft ] && mv /usr/sbin/nft /usr/sbin/nft.away
cd source
echo "Build CRIU"
make
cd test
echo "Run the actual CRIU test suite"
run_test
if [ "$RESULT" -ne "0" ]; then
# Run tests a second time to make sure it is a real failure
echo "Something failed. Run the actual CRIU test suite a second time"
run_test
if [ "$RESULT" -ne "0" ]; then
echo "Still a test suite error. Something seems to be actually broken"
exit $RESULT
fi
fi
exit 0

35
tests/tests.yml Normal file
View File

@ -0,0 +1,35 @@
---
- hosts: localhost
roles:
- role: standard-test-source
tags:
- classic
- role: standard-test-basic
tags:
- classic
required_packages:
- podman
- curl
- jq
- checkpolicy
- policycoreutils
- make
- gcc
- python3
- libnet-devel
- protobuf-devel
- protobuf-c-devel
- python3-devel
- libnl3-devel
- libcap-devel
- libaio-devel
- python3-pyyaml
- python3-protobuf
- python-unversioned-command
tests:
- zdtm:
dir: .
run: ./run-zdtm.sh
- podman:
dir: .
run: ./run-podman-checkpoint-restore.sh