initial commit on c10s

Resolves: RHEL-139928

.gitignore

@@ -0,0 +1,2 @@
+/v1.17.4.tar.gz
+/libkrun-1.17.4-vendor.tar.xz

libkrun-bump-bzip-dep.diff

@@ -0,0 +1,13 @@
+diff --git a/src/vmm/Cargo.toml b/src/vmm/Cargo.toml
+index 35b6fdd..9f09774 100644
+--- a/src/vmm/Cargo.toml
++++ b/src/vmm/Cargo.toml
+@@ -43,7 +43,7 @@ bitfield = { version = "0.19.4", optional = true }
+ bitflags = { version = "2.10.0", optional = true }
+ 
+ [target.'cfg(target_arch = "x86_64")'.dependencies]
+-bzip2 = "0.5"
++bzip2 = "0.6"
+ cpuid = { path = "../cpuid" }
+ zstd = "0.13"
+ 

libkrun-remove-nitro-deps.diff

@@ -0,0 +1,21 @@
+diff --git a/src/libkrun/Cargo.toml b/src/libkrun/Cargo.toml
+index a840c75..37d415d 100644
+--- a/src/libkrun/Cargo.toml
++++ b/src/libkrun/Cargo.toml
+@@ -16,7 +16,6 @@ gpu = ["krun_display"]
+ snd = []
+ input = ["krun_input", "vmm/input", "devices/input"]
+ virgl_resource_map2 = []
+-aws-nitro = [ "dep:aws-nitro", "dep:nitro-enclaves" ]
+ 
+ [dependencies]
+ crossbeam-channel = ">=0.5.15"
+@@ -40,8 +39,6 @@ hvf = { path = "../hvf" }
+ [target.'cfg(target_os = "linux")'.dependencies]
+ kvm-bindings = { version = ">=0.11", features = ["fam-wrappers"] }
+ kvm-ioctls = ">=0.21"
+-aws-nitro = { path = "../aws_nitro", optional = true }
+-nitro-enclaves = { version = "0.5.0", optional = true }
+ vm-memory = { version = ">=0.13", features = ["backend-mmap"] }
+ 
+ [lib]

libkrun-remove-sev-deps.diff

@@ -0,0 +1,27 @@
+diff --git a/src/vmm/Cargo.toml b/src/vmm/Cargo.toml
+index 9f09774..b8bfe07 100644
+--- a/src/vmm/Cargo.toml
++++ b/src/vmm/Cargo.toml
+@@ -6,7 +6,6 @@ edition = "2021"
+ 
+ [features]
+ tee = []
+-amd-sev = [ "blk", "bitfield", "bitflags", "iocuddle", "tee", "kbs-types", "serde", "serde_json" ]
+ net = []
+ blk = []
+ efi = [ "blk", "net" ]
+@@ -34,14 +33,6 @@ kernel = { path = "../kernel" }
+ utils = { path = "../utils" }
+ polly = { path = "../polly" }
+ 
+-# Dependencies for amd-sev
+-kbs-types = { version = "0.13.0", optional = true }
+-serde = { version = "1.0.125", optional = true }
+-serde_json = { version = "1.0.64", optional = true }
+-iocuddle = { version = "0.1.1", optional = true }
+-bitfield = { version = "0.19.4", optional = true }
+-bitflags = { version = "2.10.0", optional = true }
+-
+ [target.'cfg(target_arch = "x86_64")'.dependencies]
+ bzip2 = "0.6"
+ cpuid = { path = "../cpuid" }

libkrun-remove-tdx-deps.diff

@@ -0,0 +1,40 @@
+diff --git a/src/arch/Cargo.toml b/src/arch/Cargo.toml
+index 4b6efd6..562f39d 100644
+--- a/src/arch/Cargo.toml
++++ b/src/arch/Cargo.toml
+@@ -7,7 +7,6 @@ edition = "2021"
+ [features]
+ tee = []
+ amd-sev = [ "tee" ]
+-tdx = [ "tee", "dep:tdx" ]
+ efi = []
+ 
+ [dependencies]
+@@ -22,7 +21,6 @@ utils = { path = "../utils" }
+ [target.'cfg(target_os = "linux")'.dependencies]
+ kvm-bindings = { version = ">=0.11", features = ["fam-wrappers"] }
+ kvm-ioctls = ">=0.21"
+-tdx = { version = "0.1.0", optional = true }
+ 
+ [dev-dependencies]
+ utils = { path = "../utils" }
+diff --git a/src/vmm/Cargo.toml b/src/vmm/Cargo.toml
+index 95deedb..35b6fdd 100644
+--- a/src/vmm/Cargo.toml
++++ b/src/vmm/Cargo.toml
+@@ -7,7 +7,6 @@ edition = "2021"
+ [features]
+ tee = []
+ amd-sev = [ "blk", "bitfield", "bitflags", "iocuddle", "tee", "kbs-types", "serde", "serde_json" ]
+-tdx = [ "blk", "tee", "kbs-types", "serde", "serde_json", "dep:tdx" ]
+ net = []
+ blk = []
+ efi = [ "blk", "net" ]
+@@ -49,7 +48,6 @@ cpuid = { path = "../cpuid" }
+ zstd = "0.13"
+ 
+ [target.'cfg(target_os = "linux")'.dependencies]
+-tdx = { version = "0.1.0", optional = true }
+ kvm-bindings = { version = ">=0.11", features = ["fam-wrappers"] }
+ kvm-ioctls = ">=0.21"
+ 

libkrun-remove-unused-deps.diff

@@ -0,0 +1,26 @@
+diff --git a/src/devices/Cargo.toml b/src/devices/Cargo.toml
+index 9ec04c1..5c276d0 100644
+--- a/src/devices/Cargo.toml
++++ b/src/devices/Cargo.toml
+@@ -42,7 +42,6 @@ imago = { version = "0.2.1", features = ["sync-wrappers", "vm-memory"] }
+ 
+ [target.'cfg(target_os = "macos")'.dependencies]
+ hvf = { path = "../hvf" }
+-lru = ">=0.9"
+ 
+ [target.'cfg(target_os = "linux")'.dependencies]
+ rutabaga_gfx = { path = "../rutabaga_gfx", features = ["x"], optional = true }
+diff --git a/src/rutabaga_gfx/Cargo.toml b/src/rutabaga_gfx/Cargo.toml
+index 6c8357b..bb2296c 100644
+--- a/src/rutabaga_gfx/Cargo.toml
++++ b/src/rutabaga_gfx/Cargo.toml
+@@ -31,9 +31,6 @@ vmm-sys-util = ">=0.14"
+ [target.'cfg(unix)'.dependencies]
+ nix = { version = "0.30.1", features = ["event", "feature", "fs", "mman", "socket", "uio", "ioctl"] }
+ 
+-[target.'cfg(windows)'.dependencies]
+-winapi = "0.3"
+-
+ # To build latest Vulkano, change version to git = "https:/github.com/vulkano-rs/vulkano.git"
+ # vulkano = { version = "0.31.0", optional = true }
+ 

libkrun.spec

@@ -0,0 +1,225 @@
+# libkrun tests require access to "/dev/kvm", which is usually not be available
+# on build sandboxes.
+%bcond_with check
+
+%if 0%{?rhel}
+%global bundled_rust_deps 1
+%else
+%global bundled_rust_deps 0
+%endif
+
+Name:           libkrun
+Version:        1.17.4
+Release:        1%{?dist}
+Summary:        Dynamic library providing Virtualization-based process isolation capabilities
+
+License:        Apache-2.0
+URL:            https://github.com/containers/libkrun
+Source:         https://github.com/containers/libkrun/archive/refs/tags/v%{version}.tar.gz
+%if 0%{?bundled_rust_deps}
+# Generated with:
+#  cargo vendor-filterer --platform=*-unknown-linux-gnu --features blk,net,gpu,snd,amd-sev
+Source1:        %{name}-%{version}-vendor.tar.xz
+%else
+# Remove references to unused deps so we don't need to install them for
+# building this package
+Patch0:         libkrun-remove-unused-deps.diff
+# Disable nitro until the dependencies are packaged.
+Patch1:         libkrun-remove-nitro-deps.diff
+# Disable TDX untile the dependencies are packaged.
+Patch2:         libkrun-remove-tdx-deps.diff
+# Bump bzip2 dependency to match the version packaged in Fedora.
+Patch3:         libkrun-bump-bzip-dep.diff
+# For aarch64, remove references to SEV and TDX deps which are only available on x86_64
+Patch4:         libkrun-remove-sev-deps.diff
+%endif
+
+# libkrun only supports x86_64 and aarch64
+ExclusiveArch:  x86_64 aarch64
+
+# While this project is composed mostly of Rust code, this is not a
+# conventional Rust crate. The root of the project is a workspace, there's a C
+# file that also needs to be compiled, and the resulting binary a dynamic
+# library providing a C-compatible ABI.
+#
+# As a result, we can't fully rely on rust-packaging for managing this package.
+# Instead, we use some of its tasks (cargo_prep and cargo_test) and combine
+# them with using the Makefile provided by the project. We also need to manage
+# BuildRequires manually, as rust-packaging gets confused trying to generate
+# them dynamically.
+BuildRequires:  rust-toolset
+BuildRequires:  clang
+BuildRequires:  llvm-devel
+BuildRequires:  libcap-ng-devel
+BuildRequires:  glibc-static
+BuildRequires:  binutils
+BuildRequires:  libepoxy-devel
+BuildRequires:  libdrm-devel
+BuildRequires:  pipewire-devel
+BuildRequires:  clang-devel
+BuildRequires:  openssl-devel
+BuildRequires:  libcurl-devel
+%ifarch aarch64
+BuildRequires:  libfdt-devel
+%endif
+
+%if ! 0%{?bundled_rust_deps}
+BuildRequires:  crate(libc/default) >= 0.2.39
+BuildRequires:  crate(vm-memory/backend-mmap) >= 0.16.0
+BuildRequires:  crate(vm-memory/default) >= 0.16.0
+BuildRequires:  crate(kvm-bindings/default) >= 0.13.0
+BuildRequires:  crate(kvm-bindings/fam-wrappers) >= 0.13.0
+BuildRequires:  crate(kvm-ioctls/default) >= 0.23.0
+BuildRequires:  crate(vmm-sys-util/default) >= 0.14.0
+BuildRequires:  crate(vm-fdt/default) >= 0.2.0
+BuildRequires:  (crate(virtio-bindings/default) >= 0.2.0 with crate(virtio-bindings/default) < 0.3.0~)
+BuildRequires:  (crate(bitflags/default) >= 1.2.0 with crate(bitflags/default) < 2.0.0~)
+BuildRequires:  (crate(env_logger/default) >= 0.11.0 with crate(env_logger/default) < 0.12.0~)
+BuildRequires:  (crate(log/default) >= 0.4.0 with crate(log/default) < 0.5.0~)
+BuildRequires:  (crate(nix/default) >= 0.30.1 with crate(nix/default) < 0.31.0~)
+BuildRequires:  (crate(memoffset/default) >= 0.9.1 with crate(memoffset/default) < 0.10.0~)
+BuildRequires:  (crate(rand/default) >= 0.8.5 with crate(rand/default) < 0.9.0~)
+BuildRequires:  (crate(rand/default) >= 0.9.2 with crate(rand/default) < 0.10.0~)
+BuildRequires:  (crate(once_cell/default) >= 1.4.1 with crate(once_cell/default) < 2.0.0~)
+BuildRequires:  (crate(crossbeam-channel/default) >= 0.5.0 with crate(crossbeam-channel/default) < 0.6.0~)
+BuildRequires:  (crate(pipewire/default) >= 0.8.0 with crate(pipewire/default) < 0.9.0~)
+BuildRequires:  (crate(zerocopy/default) >= 0.8.0 with crate(zerocopy/default) < 0.9.0~)
+BuildRequires:  (crate(remain/default) >= 0.2.0 with crate(remain/default) < 0.3.0~)
+BuildRequires:  (crate(caps/default) >= 0.5.0 with crate(caps/default) < 0.6.0~)
+BuildRequires:  (crate(imago/default) >= 0.2.1 with crate(imago/default) < 0.3.0~)
+BuildRequires:  (crate(linux-loader/default) >= 0.13.0 with crate(linux-loader/default) < 0.14.0~)
+BuildRequires:  (crate(bzip2/default) >= 0.6.0 with crate(bzip2/default) < 0.7.0~)
+BuildRequires:  (crate(zstd/default) >= 0.13.0 with crate(zstd/default) < 0.14.0~)
+BuildRequires:  (crate(flate2/default) >= 1.0.0 with crate(flate2/default) < 2.0.0~)
+BuildRequires:  (crate(static_assertions/default) >= 1.1.0 with crate(static_assertions/default) < 2.0.0~)
+BuildRequires:  (crate(thiserror/default) >= 2.0.0 with crate(thiserror/default) < 3.0.0~)
+BuildRequires:  (crate(capng/default) >= 0.2.3 with crate(capng/default) < 0.3.0~)
+
+%if 0%{?build_sev}
+# SEV variant dependencies
+BuildRequires:  (crate(kbs-types/default) >= 0.14.0 with crate(kbs-types/default) < 0.15.0~)
+BuildRequires:  (crate(codicon/default) >= 3.0.0 with crate(codicon/default) < 4.0.0~)
+BuildRequires:  (crate(curl/default) >= 0.4.0 with crate(curl/default) < 0.5.0~)
+BuildRequires:  (crate(procfs/default) >= 0.12.0 with crate(procfs/default) < 0.13.0~)
+BuildRequires:  (crate(sev/default) >= 6.0.0 with crate(sev/default) < 7.0.0~)
+BuildRequires:  (crate(sev/openssl) >= 6.0.0 with crate(sev/openssl) < 7.0.0~)
+BuildRequires:  (crate(serde/default) >= 1.0.0 with crate(serde/default) < 2.0.0~)
+BuildRequires:  (crate(serde/derive) >= 1.0.0 with crate(serde/derive) < 2.0.0~)
+BuildRequires:  (crate(serde_json/default) >= 1.0.0 with crate(serde_json/default) < 2.0.0~)
+%endif
+%endif
+
+%description
+%{summary}.
+
+%package devel
+Summary: Header files and libraries for libkrun development
+Requires:       %{name}%{?_isa} = %{version}-%{release}
+
+%description devel
+The libkrun-devel package containes the libraries and headers needed to
+develop programs that use libkrun Virtualization-based process isolation
+capabilities.
+
+# SEV is a feature provided by AMD EPYC processors, so only it's only
+# available on x86_64.
+%if 0%{?build_sev}
+%package sev
+Summary: Dynamic library providing Virtualization-based process isolation capabilities (SEV variant)
+Requires:  libkrunfw-sev >= 4.0.0
+
+%description sev
+Dynamic library providing Virtualization-based process isolation
+capabilities, with the ability to use AMD SEV to create a microVM-based
+Trusted Execution Environment (TEE).
+
+%package sev-devel
+Summary: Header files and libraries for libkrun development
+Requires:       %{name}-devel%{?_isa} = %{version}-%{release}
+Requires:       %{name}-sev%{?_isa} = %{version}-%{release}
+
+%description sev-devel
+The libkrun-sev-devel package containes the libraries and headers needed to
+develop programs that use libkrun-sev Virtualization-based process isolation
+capabilities.
+%endif
+
+%prep
+%if 0%{?bundled_rust_deps}
+%autosetup -n %{name}-%{version_no_tilde} -a1
+%cargo_prep -v vendor
+%else
+%setup -q -n %{name}-%{version_no_tilde}
+%patch -P 0 -p1
+%patch -P 1 -p1
+%patch -P 2 -p1
+%patch -P 3 -p1
+%if ! 0%{?build_sev}
+%patch -P 4 -p1
+%endif
+%cargo_prep
+%endif
+
+%build
+%make_build init/init
+%make_build libkrun.pc
+%make_build BLK=1 NET=1
+%if 0%{?build_sev}
+    rm init/init
+    %make_build SEV=1 init/init
+    %cargo_build -f amd-sev
+    mv target/release/libkrun.so target/release/libkrun-sev.so.%{version}
+%endif
+%if 0%{?bundled_rust_deps}
+%cargo_license_summary
+%{cargo_license} > LICENSE.dependencies
+%cargo_vendor_manifest
+%endif
+
+%install
+%make_install PREFIX=%{_prefix}
+%if 0%{?build_sev}
+    %make_install SEV=1 PREFIX=%{_prefix}
+%endif
+
+%files
+%license LICENSE
+%if 0%{?bundled_rust_deps}
+%license LICENSE.dependencies
+%license cargo-vendor.txt
+%endif
+%doc README.md
+%{_libdir}/libkrun.so.%{version}
+%{_libdir}/libkrun.so.1
+
+%files devel
+%{_libdir}/libkrun.so
+%{_libdir}/pkgconfig/libkrun.pc
+%{_includedir}/libkrun.h
+%{_includedir}/libkrun_display.h
+%{_includedir}/libkrun_input.h
+
+%if 0%{?build_sev}
+%files sev
+%license LICENSE
+%if 0%{?bundled_rust_deps}
+%license LICENSE.dependencies
+%license cargo-vendor.txt
+%endif
+%doc README.md
+%{_libdir}/libkrun-sev.so.%{version}
+%{_libdir}/libkrun-sev.so.1
+
+%files sev-devel
+%{_libdir}/libkrun-sev.so
+%endif
+
+%if %{with check}
+%check
+%cargo_test
+%endif
+
+%changelog
+* Mon Feb 23 2026 Jake Correnti <jcorrent@redhat.com> - 1.17.4-1
+- Initial commit on c10s
+- Resolves: RHEL-139928

sources

@@ -0,0 +1,2 @@
+SHA512 (v1.17.4.tar.gz) = 6cd83941a245480e97bdc59307af6737af98a92706db6faf6312ac60e54f7e5f8e2ca7268f14911bd9090954329c70f7f3693132af136323b3a3ae290e1fd673
+SHA512 (libkrun-1.17.4-vendor.tar.xz) = 0fe0c5b22dc9b545696d487365b6de957ebf792f5350ea057c518a23042431794b1354ac8629152e2398357dd9bfc31559a6d243134e7a177d55161a561ec1d7