.crun.metadata

@@ -1 +0,0 @@
-c79a414d0b980611ba929a7526b7b4c30c2b3b1d SOURCES/crun-0.18.tar.gz

.gitignore

@@ -1 +1 @@
-SOURCES/crun-0.18.tar.gz
+/*.tar.*

.packit.yaml

@@ -0,0 +1,130 @@
+---
+# See the documentation for more information:
+# https://packit.dev/docs/configuration/
+
+downstream_package_name: crun
+
+packages:
+  crun-fedora:
+    pkg_tool: fedpkg
+    specfile_path: rpm/crun.spec
+  crun-centos:
+    pkg_tool: centpkg
+    specfile_path: rpm/crun.spec
+
+srpm_build_deps:
+  - git-archive-all
+  - make
+
+actions:
+  # This action runs only on copr build jobs
+  create-archive:
+    - "git-archive-all -v --force-submodules rpm/crun-HEAD.tar.xz"
+    - bash -c "ls -1 rpm/crun-HEAD.tar.xz"
+
+jobs:
+  - job: copr_build
+    trigger: pull_request
+    packages: [crun-fedora]
+    notifications: &copr_build_failure_notification
+      failure_comment:
+        message: "Ephemeral COPR build failed. @containers/packit-build please check."
+    targets:
+      - fedora-all-x86_64
+      - fedora-all-aarch64
+      - fedora-eln-x86_64
+      - fedora-eln-aarch64
+
+  - job: copr_build
+    trigger: pull_request
+    packages: [crun-centos]
+    notifications: *copr_build_failure_notification
+    targets:
+      - epel-9-x86_64
+      - epel-9-aarch64
+      - centos-stream-9-x86_64
+      - centos-stream-9-aarch64
+      - centos-stream-10-x86_64
+      - centos-stream-10-aarch64
+
+  # Run on commit to main branch
+  - job: copr_build
+    trigger: commit
+    notifications:
+      failure_comment:
+        message: "podman-next COPR build failed. @containers/packit-build please check."
+    branch: main
+    owner: rhcontainerbot
+    project: podman-next
+
+  # Podman system tests for Fedora and CentOS Stream
+  - job: tests
+    trigger: pull_request
+    packages: [crun-fedora]
+    notifications: &podman_system_test_fail_notification
+      failure_comment:
+        message: "podman system tests failed. @containers/packit-build please check."
+    targets:
+      - fedora-all-x86_64
+      - fedora-all-aarch64
+    identifier: podman_system_test_fedora
+    tmt_plan: "/plans/podman_system_test"
+
+  # Podman system tests for Fedora and CentOS Stream
+  - job: tests
+    trigger: pull_request
+    packages: [crun-centos]
+    notifications: *podman_system_test_fail_notification
+    targets:
+      - centos-stream-9-x86_64
+      - centos-stream-9-aarch64
+      # TODO: Enable cs10 tests after netavark has finished defaulting to
+      # nftables
+      #- centos-stream-10-x86_64
+      #- centos-stream-10-aarch64
+    identifier: podman_system_test_centos
+    tmt_plan: "/plans/podman_system_test"
+
+  # Podman system tests for RHEL
+  - job: tests
+    trigger: pull_request
+    packages: [crun-centos]
+    use_internal_tf: true
+    notifications: *podman_system_test_fail_notification
+    targets:
+      epel-9-x86_64:
+        distros: [RHEL-9.4.0-Nightly,RHEL-9-Nightly]
+      epel-9-aarch64:
+        distros: [RHEL-9.4.0-Nightly,RHEL-9-Nightly]
+      # TODO: Enable cs10 tests after netavark has finished defaulting to
+      # nftables
+      #centos-stream-10-x86_64:
+      #  distros: [RHEL-10-Beta-Nightly]
+      #centos-stream-10-aarch64:
+      #  distros: [RHEL-10-Beta-Nightly]
+    identifier: podman_system_test_internal
+    tmt_plan: "/plans/podman_system_test"
+
+  - job: propose_downstream
+    trigger: release
+    packages: [crun-fedora]
+    update_release: false
+    dist_git_branches:
+      - fedora-all
+
+  - job: propose_downstream
+    trigger: release
+    packages: [crun-centos]
+    update_release: false
+    dist_git_branches:
+      - c10s
+
+  - job: koji_build
+    trigger: commit
+    dist_git_branches:
+      - fedora-all
+
+  - job: bodhi_update
+    trigger: commit
+    dist_git_branches:
+      - fedora-branched # rawhide updates are created automatically

README.packit

@@ -0,0 +1,3 @@
+This repository is maintained by packit.
+https://packit.dev/
+The file was generated using packit 0.95.0.

SOURCES/0001-revert-tests-build-init-always-statically.patch

@@ -1,43 +0,0 @@
-From 320a7ec41342c95fd6bdc500cd207eb0ea5cda6a Mon Sep 17 00:00:00 2001
-From: Giuseppe Scrivano <gscrivan@redhat.com>
-Date: Fri, 19 Feb 2021 13:25:37 +0100
-Subject: [PATCH] Revert "tests: build init always statically"
-
-This reverts commit a0f322a49a10a014a447b505eda5923a8e6aff7c as it
-causes issues on RHEL 8.
-
-Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
----
- Makefile.am | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/Makefile.am b/Makefile.am
-index e39dc3b..2b8e18b 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -14,7 +14,7 @@ srpm: dist-gzip rpm/crun.spec
- 	$(MAKE) -C $(WD) dist-gzip
- 	rpmbuild -bs --define "_sourcedir $(WD)" --define "_specdir $(WD)" --define "_builddir $(WD)" --define "_srcrpmdir $(WD)" --define "_rpmdir $(WD)" --define "_buildrootdir $(WD)/.build" rpm/crun.spec
- 
--CLEANFILES = crun.spec tests/init
-+CLEANFILES = crun.spec
- 
- lib_LTLIBRARIES = libcrun.la
- 
-@@ -79,9 +79,9 @@ noinst_PROGRAMS = tests/init $(UNIT_TESTS)
- 
- TESTS_LDADD = libcrun_testing.a $(FOUND_LIBS)
- 
--tests/init: tests/init.c
--	$(CC) -static-libgcc --static -o $@ $<
--EXTRA_DIST += tests/init.c
-+tests_init_LDADD =
-+tests_init_LDFLAGS = -static-libgcc -all-static
-+tests_init_SOURCES = tests/init.c $(UNIT_TESTS)
- 
- tests_tests_libcrun_utils_CFLAGS = -I $(abs_top_builddir)/libocispec/src -I $(abs_top_srcdir)/libocispec/src -I $(abs_top_builddir)/src -I $(abs_top_srcdir)/src
- tests_tests_libcrun_utils_SOURCES = tests/tests_libcrun_utils.c
--- 
-2.29.2
-
-

SOURCES/0001-spec-do-not-set-inheritable-capabilities.patch

@@ -1,30 +0,0 @@
-From ed485db1465d67f0215c27529c57a76a1daf5135 Mon Sep 17 00:00:00 2001
-From: Giuseppe Scrivano <gscrivan@redhat.com>
-Date: Mon, 28 Feb 2022 11:05:18 +0100
-Subject: [PATCH 1/2] spec: do not set inheritable capabilities
-
-Closes: CVE-2022-27650
-
-Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
-(cherry picked from commit b847d146d496c9d7beba166fd595488e85488562)
----
- src/libcrun/container.c | 3 ---
- 1 file changed, 3 deletions(-)
-
-diff --git a/src/libcrun/container.c b/src/libcrun/container.c
-index d3fb017..1e3f3e6 100644
---- a/src/libcrun/container.c
-+++ b/src/libcrun/container.c
-@@ -128,9 +128,6 @@ static char spec_file[] = "\
- 				\"CAP_NET_BIND_SERVICE\"\n\
- 			],\n\
- 			\"inheritable\": [\n\
--				\"CAP_AUDIT_WRITE\",\n\
--				\"CAP_KILL\",\n\
--				\"CAP_NET_BIND_SERVICE\"\n\
- 			],\n\
- 			\"permitted\": [\n\
- 				\"CAP_AUDIT_WRITE\",\n\
--- 
-2.35.1
-

SOURCES/0002-exec-cap-do-not-set-inheritable-capabilities.patch

@@ -1,31 +0,0 @@
-From 21cb5a8c7bcc90c42743ffd15cd11a55bf66993d Mon Sep 17 00:00:00 2001
-From: Giuseppe Scrivano <gscrivan@redhat.com>
-Date: Mon, 28 Feb 2022 11:06:50 +0100
-Subject: [PATCH 2/2] exec: --cap do not set inheritable capabilities
-
-Closes: CVE-2022-27650
-
-Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
-(cherry picked from commit 1aeeed2e4fdeffb4875c0d0b439915894594c8c6)
----
- src/exec.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/exec.c b/src/exec.c
-index bf6c05f..8c9862d 100644
---- a/src/exec.c
-+++ b/src/exec.c
-@@ -250,8 +250,8 @@ crun_command_exec (struct crun_global_arguments *global_args, int argc, char **a
-           capabilities->effective = exec_options.cap;
-           capabilities->effective_len = exec_options.cap_size;
- 
--          capabilities->inheritable = dup_array (exec_options.cap, exec_options.cap_size);
--          capabilities->inheritable_len = exec_options.cap_size;
-+          capabilities->inheritable = NULL;
-+          capabilities->inheritable_len = 0;
- 
-           capabilities->bounding = dup_array (exec_options.cap, exec_options.cap_size);
-           capabilities->bounding_len = exec_options.cap_size;
--- 
-2.35.1
-

SPECS/crun.spec

@@ -1,101 +0,0 @@
-Summary: OCI runtime written in C
-Name: crun
-Version: 0.18
-Release: 3%{?dist}
-Source0: https://github.com/containers/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz
-Patch0: 0001-revert-tests-build-init-always-statically.patch
-Patch1: 0001-spec-do-not-set-inheritable-capabilities.patch
-Patch2: 0002-exec-cap-do-not-set-inheritable-capabilities.patch
-License: GPLv2+
-URL: https://github.com/containers/crun
-# https://fedoraproject.org/wiki/PackagingDrafts/Go#Go_Language_Architectures
-ExclusiveArch: %{go_arches}
-# We always run autogen.sh
-BuildRequires: autoconf
-BuildRequires: automake
-BuildRequires: gcc
-BuildRequires: python3
-BuildRequires: git
-BuildRequires: libcap-devel
-BuildRequires: systemd-devel
-BuildRequires: yajl-devel
-BuildRequires: libseccomp-devel
-BuildRequires: libselinux-devel
-BuildRequires: python3-libmount
-BuildRequires: libtool
-BuildRequires: go-md2man
-Provides: oci-runtime = 2
-
-%description
-crun is a runtime for running OCI containers
-
-%prep
-%autosetup -Sgit -n %{name}-%{version}
-
-%build
-export CFLAGS="%{optflags} -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64"
-./autogen.sh
-%configure --disable-silent-rules
-
-%make_build
-
-%install
-%make_install
-rm -rf $RPM_BUILD_ROOT/usr/lib*
-
-%files
-%license COPYING
-%{_bindir}/%{name}
-%{_mandir}/man1/*
-
-%changelog
-* Tue Apr 05 2022 Jindrich Novy <jnovy@redhat.com> - 0.18-3
-- fix CVE-2022-27650
-- Related: #2061390
-
-* Fri Feb 19 2021 Jindrich Novy <jnovy@redhat.com> - 0.18-2
-- allow to build without glibc-static (thanks to Giuseppe Scrivano)
-- Related: #1883490
-
-* Fri Feb 19 2021 Jindrich Novy <jnovy@redhat.com> - 0.18-1
-- update to https://github.com/containers/crun/releases/tag/0.18
-- Related: #1883490
-
-* Fri Jan 22 2021 Jindrich Novy <jnovy@redhat.com> - 0.17-1
-- update to https://github.com/containers/crun/releases/tag/0.17
-- Related: #1883490
-
-* Thu Dec 03 2020 Jindrich Novy <jnovy@redhat.com> - 0.16-2
-- exclude i686 because of build failures
-- Related: #1883490
-
-* Wed Nov 25 2020 Jindrich Novy <jnovy@redhat.com> - 0.16-1
-- update to https://github.com/containers/crun/releases/tag/0.16
-- Related: #1883490
-
-* Wed Nov 04 2020 Jindrich Novy <jnovy@redhat.com> - 0.15.1-1
-- update to https://github.com/containers/crun/releases/tag/0.15.1
-- Related: #1883490
-
-* Thu Oct 29 2020 Jindrich Novy <jnovy@redhat.com> - 0.15-2
-- synchronize with stream-container-tools-rhel8
-- Related: #1883490
-
-* Wed Oct 21 2020 Jindrich Novy <jnovy@redhat.com> - 0.15-1
-- synchronize with stream-container-tools-rhel8
-- Related: #1883490
-
-* Tue Aug 11 2020 Jindrich Novy <jnovy@redhat.com> - 0.14.1-2
-- use proper CFLAGS
-- Related: #1821193
-
-* Wed Jul 08 2020 Jindrich Novy <jnovy@redhat.com> - 0.14.1-1
-- update to https://github.com/containers/crun/releases/tag/v0.14.1
-- Related: #1821193
-
-* Thu Jul 02 2020 Jindrich Novy <jnovy@redhat.com> - 0.14-1
-- update to https://github.com/containers/crun/releases/tag/v0.14
-- Related: #1821193
-
-* Tue Jun 16 2020 Giuseppe Scrivano <gscrivan@redhat.com> - 0.13-1
-- initial import

crun.spec

@@ -0,0 +1,149 @@
+%global krun_opts %{nil}
+%global wasmedge_opts %{nil}
+%global yajl_opts %{nil}
+
+%if %{defined copr_username}
+%define copr_build 1
+%endif
+
+# krun and wasm support only on aarch64 and x86_64
+%ifarch aarch64 || x86_64
+
+# Disable wasmedge on rhel 10 until EPEL10 is in place, otherwise it causes
+# build issues on copr
+%if %{defined fedora} || (%{defined copr_build} && %{defined rhel} && 0%{?rhel} < 10)
+%global wasm_support 1
+%global wasmedge_support 1
+%global wasmedge_opts --with-wasmedge
+%endif
+
+# krun only exists on fedora
+%if %{defined fedora}
+%global krun_support 1
+%global krun_opts --with-libkrun
+%endif
+
+%endif
+
+%if %{defined fedora} || (%{defined rhel} && 0%{?rhel} < 10)
+%global system_yajl 1
+%else
+%global yajl_opts --enable-embedded-yajl
+%endif
+
+Summary: OCI runtime written in C
+Name: crun
+%if %{defined copr_build}
+Epoch: 102
+%endif
+# DO NOT TOUCH the Version string!
+# The TRUE source of this specfile is:
+# https://github.com/containers/crun/blob/main/rpm/crun.spec
+# If that's what you're reading, Version must be 0, and will be updated by Packit for
+# copr and koji builds.
+# If you're reading this on dist-git, the version is automatically filled in by Packit.
+Version: 1.19
+Release: 1%{?dist}
+URL: https://github.com/containers/%{name}
+Source0: %{url}/releases/download/%{version}/%{name}-%{version}.tar.zst
+License: GPL-2.0-only
+%if %{defined golang_arches_future}
+ExclusiveArch: %{golang_arches_future}
+%else
+ExclusiveArch: aarch64 ppc64le riscv64 s390x x86_64
+%endif
+BuildRequires: autoconf
+BuildRequires: automake
+BuildRequires: gcc
+BuildRequires: git-core
+BuildRequires: gperf
+BuildRequires: libcap-devel
+%if %{defined krun_support}
+BuildRequires: libkrun-devel
+%endif
+BuildRequires: systemd-devel
+%if %{defined system_yajl}
+BuildRequires: yajl-devel
+%endif
+BuildRequires: libseccomp-devel
+BuildRequires: python3-libmount
+BuildRequires: libtool
+BuildRequires: protobuf-c-devel
+%ifnarch riscv64
+BuildRequires: criu-devel >= 3.17.1-2
+Recommends: criu >= 3.17.1
+Recommends: criu-libs
+%endif
+%if %{defined wasmedge_support}
+BuildRequires: wasmedge-devel
+%endif
+BuildRequires: python
+Provides: oci-runtime
+
+%description
+%{name} is a OCI runtime
+
+%if %{defined krun_support}
+%package krun
+Summary: %{name} with libkrun support
+Requires: libkrun
+Requires: %{name} = %{?epoch:%{epoch}:}%{version}-%{release}
+Provides: krun = %{?epoch:%{epoch}:}%{version}-%{release}
+
+%description krun
+krun is a symlink to the %{name} binary, with libkrun as an additional dependency.
+%endif
+
+%if %{defined wasm_support}
+%package wasm
+Summary: %{name} with wasm support
+Requires: %{name} = %{?epoch:%{epoch}:}%{version}-%{release}
+# wasm packages are not present on RHEL yet and are currently a PITA to test
+# Best to only include wasmedge as weak dep on rhel
+%if %{defined fedora}
+Requires: wasm-library
+%endif
+Recommends: wasmedge
+
+%description wasm
+%{name}-wasm is a symlink to the %{name} binary, with wasm as an additional dependency.
+%endif
+
+%prep
+%autosetup -Sgit -n %{name}-%{version}
+
+%build
+./autogen.sh
+./configure --disable-silent-rules %{krun_opts} %{wasmedge_opts} %{yajl_opts}
+%make_build
+
+%install
+%make_install prefix=%{_prefix}
+rm -rf %{buildroot}%{_prefix}/lib*
+
+%files
+%license COPYING
+%{_bindir}/%{name}
+%{_mandir}/man1/%{name}.1.gz
+
+%if %{defined krun_support}
+%files krun
+%license COPYING
+%{_bindir}/krun
+%{_mandir}/man1/krun.1.gz
+%endif
+
+%if %{defined wasm_support}
+%files wasm
+%license COPYING
+%{_bindir}/%{name}-wasm
+%endif
+
+%changelog
+* Mon Dec 09 2024 Jindrich Novy <jnovy@redhat.com> - 1.19-1
+- update to https://github.com/containers/crun/releases/tag/1.19
+- Related: RHEL-58990
+
+* Mon Nov 25 2024 Jindrich Novy <jnovy@redhat.com> - 1.18.2-1
+- update to https://github.com/containers/crun/releases/tag/1.18.2
+- Related: RHEL-58992

gating.yaml

@@ -0,0 +1,6 @@
+# recipients: jnovy, lsm5, santiago
+--- !Policy
+product_versions:
+  - rhel-10
+decision_context: osci_compose_gate
+rules: []

sources

@@ -0,0 +1 @@
+SHA512 (crun-1.19.tar.zst) = 30988650f1f6ff396818a71f3d75e9cea5b98e2c247f16a9e445e47a558438916fa256b3e50c9853d8deb1f2f663129e2a9ceabd9b6b8b8db2f7ee4d3791f669