diff --git a/.gitignore b/.gitignore index e69de29..e748d05 100644 --- a/.gitignore +++ b/.gitignore @@ -0,0 +1,2 @@ +/v1.17.4.tar.gz +/libkrun-1.17.4-vendor.tar.xz diff --git a/libkrun-bump-bzip-dep.diff b/libkrun-bump-bzip-dep.diff new file mode 100644 index 0000000..e5a6f97 --- /dev/null +++ b/libkrun-bump-bzip-dep.diff @@ -0,0 +1,13 @@ +diff --git a/src/vmm/Cargo.toml b/src/vmm/Cargo.toml +index 35b6fdd..9f09774 100644 +--- a/src/vmm/Cargo.toml ++++ b/src/vmm/Cargo.toml +@@ -43,7 +43,7 @@ bitfield = { version = "0.19.4", optional = true } + bitflags = { version = "2.10.0", optional = true } + + [target.'cfg(target_arch = "x86_64")'.dependencies] +-bzip2 = "0.5" ++bzip2 = "0.6" + cpuid = { path = "../cpuid" } + zstd = "0.13" + diff --git a/libkrun-remove-nitro-deps.diff b/libkrun-remove-nitro-deps.diff new file mode 100644 index 0000000..b374c5b --- /dev/null +++ b/libkrun-remove-nitro-deps.diff @@ -0,0 +1,21 @@ +diff --git a/src/libkrun/Cargo.toml b/src/libkrun/Cargo.toml +index a840c75..37d415d 100644 +--- a/src/libkrun/Cargo.toml ++++ b/src/libkrun/Cargo.toml +@@ -16,7 +16,6 @@ gpu = ["krun_display"] + snd = [] + input = ["krun_input", "vmm/input", "devices/input"] + virgl_resource_map2 = [] +-aws-nitro = [ "dep:aws-nitro", "dep:nitro-enclaves" ] + + [dependencies] + crossbeam-channel = ">=0.5.15" +@@ -40,8 +39,6 @@ hvf = { path = "../hvf" } + [target.'cfg(target_os = "linux")'.dependencies] + kvm-bindings = { version = ">=0.11", features = ["fam-wrappers"] } + kvm-ioctls = ">=0.21" +-aws-nitro = { path = "../aws_nitro", optional = true } +-nitro-enclaves = { version = "0.5.0", optional = true } + vm-memory = { version = ">=0.13", features = ["backend-mmap"] } + + [lib] diff --git a/libkrun-remove-sev-deps.diff b/libkrun-remove-sev-deps.diff new file mode 100644 index 0000000..34ea779 --- /dev/null +++ b/libkrun-remove-sev-deps.diff @@ -0,0 +1,27 @@ +diff --git a/src/vmm/Cargo.toml b/src/vmm/Cargo.toml +index 9f09774..b8bfe07 100644 +--- a/src/vmm/Cargo.toml ++++ b/src/vmm/Cargo.toml +@@ -6,7 +6,6 @@ edition = "2021" + + [features] + tee = [] +-amd-sev = [ "blk", "bitfield", "bitflags", "iocuddle", "tee", "kbs-types", "serde", "serde_json" ] + net = [] + blk = [] + efi = [ "blk", "net" ] +@@ -34,14 +33,6 @@ kernel = { path = "../kernel" } + utils = { path = "../utils" } + polly = { path = "../polly" } + +-# Dependencies for amd-sev +-kbs-types = { version = "0.13.0", optional = true } +-serde = { version = "1.0.125", optional = true } +-serde_json = { version = "1.0.64", optional = true } +-iocuddle = { version = "0.1.1", optional = true } +-bitfield = { version = "0.19.4", optional = true } +-bitflags = { version = "2.10.0", optional = true } +- + [target.'cfg(target_arch = "x86_64")'.dependencies] + bzip2 = "0.6" + cpuid = { path = "../cpuid" } diff --git a/libkrun-remove-tdx-deps.diff b/libkrun-remove-tdx-deps.diff new file mode 100644 index 0000000..1304948 --- /dev/null +++ b/libkrun-remove-tdx-deps.diff @@ -0,0 +1,40 @@ +diff --git a/src/arch/Cargo.toml b/src/arch/Cargo.toml +index 4b6efd6..562f39d 100644 +--- a/src/arch/Cargo.toml ++++ b/src/arch/Cargo.toml +@@ -7,7 +7,6 @@ edition = "2021" + [features] + tee = [] + amd-sev = [ "tee" ] +-tdx = [ "tee", "dep:tdx" ] + efi = [] + + [dependencies] +@@ -22,7 +21,6 @@ utils = { path = "../utils" } + [target.'cfg(target_os = "linux")'.dependencies] + kvm-bindings = { version = ">=0.11", features = ["fam-wrappers"] } + kvm-ioctls = ">=0.21" +-tdx = { version = "0.1.0", optional = true } + + [dev-dependencies] + utils = { path = "../utils" } +diff --git a/src/vmm/Cargo.toml b/src/vmm/Cargo.toml +index 95deedb..35b6fdd 100644 +--- a/src/vmm/Cargo.toml ++++ b/src/vmm/Cargo.toml +@@ -7,7 +7,6 @@ edition = "2021" + [features] + tee = [] + amd-sev = [ "blk", "bitfield", "bitflags", "iocuddle", "tee", "kbs-types", "serde", "serde_json" ] +-tdx = [ "blk", "tee", "kbs-types", "serde", "serde_json", "dep:tdx" ] + net = [] + blk = [] + efi = [ "blk", "net" ] +@@ -49,7 +48,6 @@ cpuid = { path = "../cpuid" } + zstd = "0.13" + + [target.'cfg(target_os = "linux")'.dependencies] +-tdx = { version = "0.1.0", optional = true } + kvm-bindings = { version = ">=0.11", features = ["fam-wrappers"] } + kvm-ioctls = ">=0.21" + diff --git a/libkrun-remove-unused-deps.diff b/libkrun-remove-unused-deps.diff new file mode 100644 index 0000000..15d11e3 --- /dev/null +++ b/libkrun-remove-unused-deps.diff @@ -0,0 +1,26 @@ +diff --git a/src/devices/Cargo.toml b/src/devices/Cargo.toml +index 9ec04c1..5c276d0 100644 +--- a/src/devices/Cargo.toml ++++ b/src/devices/Cargo.toml +@@ -42,7 +42,6 @@ imago = { version = "0.2.1", features = ["sync-wrappers", "vm-memory"] } + + [target.'cfg(target_os = "macos")'.dependencies] + hvf = { path = "../hvf" } +-lru = ">=0.9" + + [target.'cfg(target_os = "linux")'.dependencies] + rutabaga_gfx = { path = "../rutabaga_gfx", features = ["x"], optional = true } +diff --git a/src/rutabaga_gfx/Cargo.toml b/src/rutabaga_gfx/Cargo.toml +index 6c8357b..bb2296c 100644 +--- a/src/rutabaga_gfx/Cargo.toml ++++ b/src/rutabaga_gfx/Cargo.toml +@@ -31,9 +31,6 @@ vmm-sys-util = ">=0.14" + [target.'cfg(unix)'.dependencies] + nix = { version = "0.30.1", features = ["event", "feature", "fs", "mman", "socket", "uio", "ioctl"] } + +-[target.'cfg(windows)'.dependencies] +-winapi = "0.3" +- + # To build latest Vulkano, change version to git = "https:/github.com/vulkano-rs/vulkano.git" + # vulkano = { version = "0.31.0", optional = true } + diff --git a/libkrun.spec b/libkrun.spec new file mode 100644 index 0000000..8874ec4 --- /dev/null +++ b/libkrun.spec @@ -0,0 +1,225 @@ +# libkrun tests require access to "/dev/kvm", which is usually not be available +# on build sandboxes. +%bcond_with check + +%if 0%{?rhel} +%global bundled_rust_deps 1 +%else +%global bundled_rust_deps 0 +%endif + +Name: libkrun +Version: 1.17.4 +Release: 1%{?dist} +Summary: Dynamic library providing Virtualization-based process isolation capabilities + +License: Apache-2.0 +URL: https://github.com/containers/libkrun +Source: https://github.com/containers/libkrun/archive/refs/tags/v%{version}.tar.gz +%if 0%{?bundled_rust_deps} +# Generated with: +# cargo vendor-filterer --platform=*-unknown-linux-gnu --features blk,net,gpu,snd,amd-sev +Source1: %{name}-%{version}-vendor.tar.xz +%else +# Remove references to unused deps so we don't need to install them for +# building this package +Patch0: libkrun-remove-unused-deps.diff +# Disable nitro until the dependencies are packaged. +Patch1: libkrun-remove-nitro-deps.diff +# Disable TDX untile the dependencies are packaged. +Patch2: libkrun-remove-tdx-deps.diff +# Bump bzip2 dependency to match the version packaged in Fedora. +Patch3: libkrun-bump-bzip-dep.diff +# For aarch64, remove references to SEV and TDX deps which are only available on x86_64 +Patch4: libkrun-remove-sev-deps.diff +%endif + +# libkrun only supports x86_64 and aarch64 +ExclusiveArch: x86_64 aarch64 + +# While this project is composed mostly of Rust code, this is not a +# conventional Rust crate. The root of the project is a workspace, there's a C +# file that also needs to be compiled, and the resulting binary a dynamic +# library providing a C-compatible ABI. +# +# As a result, we can't fully rely on rust-packaging for managing this package. +# Instead, we use some of its tasks (cargo_prep and cargo_test) and combine +# them with using the Makefile provided by the project. We also need to manage +# BuildRequires manually, as rust-packaging gets confused trying to generate +# them dynamically. +BuildRequires: rust-toolset +BuildRequires: clang +BuildRequires: llvm-devel +BuildRequires: libcap-ng-devel +BuildRequires: glibc-static +BuildRequires: binutils +BuildRequires: libepoxy-devel +BuildRequires: libdrm-devel +BuildRequires: pipewire-devel +BuildRequires: clang-devel +BuildRequires: openssl-devel +BuildRequires: libcurl-devel +%ifarch aarch64 +BuildRequires: libfdt-devel +%endif + +%if ! 0%{?bundled_rust_deps} +BuildRequires: crate(libc/default) >= 0.2.39 +BuildRequires: crate(vm-memory/backend-mmap) >= 0.16.0 +BuildRequires: crate(vm-memory/default) >= 0.16.0 +BuildRequires: crate(kvm-bindings/default) >= 0.13.0 +BuildRequires: crate(kvm-bindings/fam-wrappers) >= 0.13.0 +BuildRequires: crate(kvm-ioctls/default) >= 0.23.0 +BuildRequires: crate(vmm-sys-util/default) >= 0.14.0 +BuildRequires: crate(vm-fdt/default) >= 0.2.0 +BuildRequires: (crate(virtio-bindings/default) >= 0.2.0 with crate(virtio-bindings/default) < 0.3.0~) +BuildRequires: (crate(bitflags/default) >= 1.2.0 with crate(bitflags/default) < 2.0.0~) +BuildRequires: (crate(env_logger/default) >= 0.11.0 with crate(env_logger/default) < 0.12.0~) +BuildRequires: (crate(log/default) >= 0.4.0 with crate(log/default) < 0.5.0~) +BuildRequires: (crate(nix/default) >= 0.30.1 with crate(nix/default) < 0.31.0~) +BuildRequires: (crate(memoffset/default) >= 0.9.1 with crate(memoffset/default) < 0.10.0~) +BuildRequires: (crate(rand/default) >= 0.8.5 with crate(rand/default) < 0.9.0~) +BuildRequires: (crate(rand/default) >= 0.9.2 with crate(rand/default) < 0.10.0~) +BuildRequires: (crate(once_cell/default) >= 1.4.1 with crate(once_cell/default) < 2.0.0~) +BuildRequires: (crate(crossbeam-channel/default) >= 0.5.0 with crate(crossbeam-channel/default) < 0.6.0~) +BuildRequires: (crate(pipewire/default) >= 0.8.0 with crate(pipewire/default) < 0.9.0~) +BuildRequires: (crate(zerocopy/default) >= 0.8.0 with crate(zerocopy/default) < 0.9.0~) +BuildRequires: (crate(remain/default) >= 0.2.0 with crate(remain/default) < 0.3.0~) +BuildRequires: (crate(caps/default) >= 0.5.0 with crate(caps/default) < 0.6.0~) +BuildRequires: (crate(imago/default) >= 0.2.1 with crate(imago/default) < 0.3.0~) +BuildRequires: (crate(linux-loader/default) >= 0.13.0 with crate(linux-loader/default) < 0.14.0~) +BuildRequires: (crate(bzip2/default) >= 0.6.0 with crate(bzip2/default) < 0.7.0~) +BuildRequires: (crate(zstd/default) >= 0.13.0 with crate(zstd/default) < 0.14.0~) +BuildRequires: (crate(flate2/default) >= 1.0.0 with crate(flate2/default) < 2.0.0~) +BuildRequires: (crate(static_assertions/default) >= 1.1.0 with crate(static_assertions/default) < 2.0.0~) +BuildRequires: (crate(thiserror/default) >= 2.0.0 with crate(thiserror/default) < 3.0.0~) +BuildRequires: (crate(capng/default) >= 0.2.3 with crate(capng/default) < 0.3.0~) + +%if 0%{?build_sev} +# SEV variant dependencies +BuildRequires: (crate(kbs-types/default) >= 0.14.0 with crate(kbs-types/default) < 0.15.0~) +BuildRequires: (crate(codicon/default) >= 3.0.0 with crate(codicon/default) < 4.0.0~) +BuildRequires: (crate(curl/default) >= 0.4.0 with crate(curl/default) < 0.5.0~) +BuildRequires: (crate(procfs/default) >= 0.12.0 with crate(procfs/default) < 0.13.0~) +BuildRequires: (crate(sev/default) >= 6.0.0 with crate(sev/default) < 7.0.0~) +BuildRequires: (crate(sev/openssl) >= 6.0.0 with crate(sev/openssl) < 7.0.0~) +BuildRequires: (crate(serde/default) >= 1.0.0 with crate(serde/default) < 2.0.0~) +BuildRequires: (crate(serde/derive) >= 1.0.0 with crate(serde/derive) < 2.0.0~) +BuildRequires: (crate(serde_json/default) >= 1.0.0 with crate(serde_json/default) < 2.0.0~) +%endif +%endif + +%description +%{summary}. + +%package devel +Summary: Header files and libraries for libkrun development +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description devel +The libkrun-devel package containes the libraries and headers needed to +develop programs that use libkrun Virtualization-based process isolation +capabilities. + +# SEV is a feature provided by AMD EPYC processors, so only it's only +# available on x86_64. +%if 0%{?build_sev} +%package sev +Summary: Dynamic library providing Virtualization-based process isolation capabilities (SEV variant) +Requires: libkrunfw-sev >= 4.0.0 + +%description sev +Dynamic library providing Virtualization-based process isolation +capabilities, with the ability to use AMD SEV to create a microVM-based +Trusted Execution Environment (TEE). + +%package sev-devel +Summary: Header files and libraries for libkrun development +Requires: %{name}-devel%{?_isa} = %{version}-%{release} +Requires: %{name}-sev%{?_isa} = %{version}-%{release} + +%description sev-devel +The libkrun-sev-devel package containes the libraries and headers needed to +develop programs that use libkrun-sev Virtualization-based process isolation +capabilities. +%endif + +%prep +%if 0%{?bundled_rust_deps} +%autosetup -n %{name}-%{version_no_tilde} -a1 +%cargo_prep -v vendor +%else +%setup -q -n %{name}-%{version_no_tilde} +%patch -P 0 -p1 +%patch -P 1 -p1 +%patch -P 2 -p1 +%patch -P 3 -p1 +%if ! 0%{?build_sev} +%patch -P 4 -p1 +%endif +%cargo_prep +%endif + +%build +%make_build init/init +%make_build libkrun.pc +%make_build BLK=1 NET=1 +%if 0%{?build_sev} + rm init/init + %make_build SEV=1 init/init + %cargo_build -f amd-sev + mv target/release/libkrun.so target/release/libkrun-sev.so.%{version} +%endif +%if 0%{?bundled_rust_deps} +%cargo_license_summary +%{cargo_license} > LICENSE.dependencies +%cargo_vendor_manifest +%endif + +%install +%make_install PREFIX=%{_prefix} +%if 0%{?build_sev} + %make_install SEV=1 PREFIX=%{_prefix} +%endif + +%files +%license LICENSE +%if 0%{?bundled_rust_deps} +%license LICENSE.dependencies +%license cargo-vendor.txt +%endif +%doc README.md +%{_libdir}/libkrun.so.%{version} +%{_libdir}/libkrun.so.1 + +%files devel +%{_libdir}/libkrun.so +%{_libdir}/pkgconfig/libkrun.pc +%{_includedir}/libkrun.h +%{_includedir}/libkrun_display.h +%{_includedir}/libkrun_input.h + +%if 0%{?build_sev} +%files sev +%license LICENSE +%if 0%{?bundled_rust_deps} +%license LICENSE.dependencies +%license cargo-vendor.txt +%endif +%doc README.md +%{_libdir}/libkrun-sev.so.%{version} +%{_libdir}/libkrun-sev.so.1 + +%files sev-devel +%{_libdir}/libkrun-sev.so +%endif + +%if %{with check} +%check +%cargo_test +%endif + +%changelog +* Mon Feb 23 2026 Jake Correnti - 1.17.4-1 +- Initial commit on c10s +- Resolves: RHEL-139928 diff --git a/sources b/sources new file mode 100644 index 0000000..e4e879c --- /dev/null +++ b/sources @@ -0,0 +1,2 @@ +SHA512 (v1.17.4.tar.gz) = 6cd83941a245480e97bdc59307af6737af98a92706db6faf6312ac60e54f7e5f8e2ca7268f14911bd9090954329c70f7f3693132af136323b3a3ae290e1fd673 +SHA512 (libkrun-1.17.4-vendor.tar.xz) = 0fe0c5b22dc9b545696d487365b6de957ebf792f5350ea057c518a23042431794b1354ac8629152e2398357dd9bfc31559a6d243134e7a177d55161a561ec1d7