rpms/runc
6
0
Fork 0
Code Issues Pull Requests Releases Activity

import runc-1.1.0-2.el9

Browse Source
This commit is contained in:
CentOS Sources 2022-03-01 05:16:31 -05:00 committed by Stepan Oksanichenko
parent a507abc583
commit 85414f36c6
4 changed files with 95 additions and 339 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/runc-bd013b6.tar.gz
SOURCES/v1.1.0.tar.gz

2
.runc.metadata
View File

@ -1 +1 @@
ce28b449cb43d3eb16eac1c1a27195d98d537f22 SOURCES/runc-bd013b6.tar.gz
d4fa85406357bf801550e491d51fedbe482fd2e2 SOURCES/v1.1.0.tar.gz

103
SOURCES/cgroups-v2.patch
View File

@ -1,103 +0,0 @@
From 5fb0f19ec8c52ed0c9bbb3551deb0016992ecc52 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Thu, 3 Oct 2019 15:58:39 +0200
Subject: [PATCH] cgroups: raise an error on cgroups v2
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
create.go | 8 ++++++++
run.go | 8 ++++++++
utils_linux.go | 14 ++++++++++++++
3 files changed, 30 insertions(+)
diff --git a/create.go b/create.go
index 5f3ac609..91d17d07 100644
--- a/create.go
+++ b/create.go
@@ -1,6 +1,7 @@
package main
import (
+ "fmt"
"os"
"github.com/urfave/cli"
@@ -52,6 +53,13 @@ command(s) that get executed on start, edit the args parameter of the spec. See
},
},
Action: func(context *cli.Context) error {
+ unified, err := IsCgroup2UnifiedMode()
+ if err != nil {
+ return err
+ }
+ if unified {
+ return fmt.Errorf("this version of runc doesn't work on cgroups v2")
+ }
if err := checkArgs(context, 1, exactArgs); err != nil {
return err
}
diff --git a/run.go b/run.go
index f8d63178..3f29737b 100644
--- a/run.go
+++ b/run.go
@@ -3,6 +3,7 @@
package main
import (
+ "fmt"
"os"
"github.com/urfave/cli"
@@ -63,6 +64,13 @@ command(s) that get executed on start, edit the args parameter of the spec. See
},
},
Action: func(context *cli.Context) error {
+ unified, err := IsCgroup2UnifiedMode()
+ if err != nil {
+ return err
+ }
+ if unified {
+ return fmt.Errorf("this version of runc doesn't work on cgroups v2")
+ }
if err := checkArgs(context, 1, exactArgs); err != nil {
return err
}
diff --git a/utils_linux.go b/utils_linux.go
index 984e6b0f..a5a03de9 100644
--- a/utils_linux.go
+++ b/utils_linux.go
@@ -9,6 +9,7 @@ import (
"os/exec"
"path/filepath"
"strconv"
+ "syscall"
"github.com/opencontainers/runc/libcontainer"
"github.com/opencontainers/runc/libcontainer/cgroups/systemd"
@@ -26,6 +27,10 @@ import (
"golang.org/x/sys/unix"
)
+const (
+ _cgroup2SuperMagic = 0x63677270
+)
+
var errEmptyID = errors.New("container id cannot be empty")
// loadFactory returns the configured factory instance for execing containers.
@@ -451,3 +456,12 @@ func startContainer(context *cli.Context, spec *specs.Spec, action CtAct, criuOp
}
return r.run(spec.Process)
}
+
+// IsCgroup2UnifiedMode returns whether we are running in cgroup 2 cgroup2 mode.
+func IsCgroup2UnifiedMode() (bool, error) {
+ var st syscall.Statfs_t
+ if err := syscall.Statfs("/sys/fs/cgroup", &st); err != nil {
+ return false, err
+ }
+ return st.Type == _cgroup2SuperMagic, nil
+}
--
2.21.0

327
SPECS/runc.spec
View File

@ -1,14 +1,15 @@
%global with_devel 0
%global with_bundled 1
%global with_check 0
%global with_unit_test 0
%global with_debug 1
%if 0%{?with_debug}
%global _find_debuginfo_dwz_opts %{nil}
%global _dwz_low_mem_die_limit 0
%if 0%{?rhel} > 7 && ! 0%{?fedora}
%define gobuild(o:) \
go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -linkmode=external -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v %{?**};
%else
%global debug_package %{nil}
%if ! 0%{?gobuild:1}
%define gobuild(o:) GO111MODULE=off go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -linkmode=external -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld '" -a -v %{?**};
%endif
%endif
%global provider github
@ -16,152 +17,37 @@
%global project opencontainers
%global repo runc
# https://github.com/opencontainers/runc
%global provider_prefix %{provider}.%{provider_tld}/%{project}/%{repo}
%global import_path %{provider_prefix}
%global git0 https://github.com/opencontainers/runc
%global commit0 bd013b6e4d13e7c9fb75ab8060013da5f9ebb6cf
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
%global import_path %{provider}.%{provider_tld}/%{project}/%{repo}
%global git0 https://%{import_path}
Epoch: 3
Name: %{repo}
Epoch: 2
Version: 1.0.0
Release: 332.dev.git%{shortcommit0}%{?dist}
Version: 1.1.0
Release: 2%{?dist}
Summary: CLI for running Open Containers
# https://fedoraproject.org/wiki/PackagingDrafts/Go#Go_Language_Architectures
#ExclusiveArch: %%{go_arches}
# still use arch exclude as the macro above still refers %%{ix86} in RHEL8.4:
# https://bugzilla.redhat.com/show_bug.cgi?id=1905383
ExcludeArch: %{ix86}
License: ASL 2.0
URL: %{git0}
Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
Patch1: cgroups-v2.patch
# https://fedoraproject.org/wiki/PackagingDrafts/Go#Go_Language_Architectures
ExclusiveArch: %{go_arches}
# If go_compiler is not set to 1, there is no virtual provide. Use golang instead.
BuildRequires: %{?go_compiler:compiler(go-compiler)}%{!?go_compiler:golang}
BuildRequires: pkgconfig(libseccomp)
BuildRequires: go-md2man
BuildRequires: make
Source0: %{git0}/archive/v%{version}.tar.gz
Provides: oci-runtime
BuildRequires: golang >= 1.12.12-4
BuildRequires: git
%if ! 0%{?with_bundled}
BuildRequires: golang(github.com/Sirupsen/logrus)
BuildRequires: golang(github.com/codegangsta/cli)
BuildRequires: golang(github.com/coreos/go-systemd/activation)
BuildRequires: golang(github.com/coreos/go-systemd/dbus)
BuildRequires: golang(github.com/coreos/go-systemd/util)
BuildRequires: golang(github.com/docker/docker/pkg/mount)
BuildRequires: golang(github.com/docker/docker/pkg/symlink)
BuildRequires: golang(github.com/docker/docker/pkg/term)
BuildRequires: golang(github.com/docker/go-units)
BuildRequires: golang(github.com/godbus/dbus)
BuildRequires: golang(github.com/golang/protobuf/proto)
BuildRequires: golang(github.com/opencontainers/runtime-spec/specs-go)
BuildRequires: golang(github.com/opencontainers/specs/specs-go)
BuildRequires: golang(github.com/seccomp/libseccomp-golang)
BuildRequires: golang(github.com/syndtr/gocapability/capability)
BuildRequires: golang(github.com/vishvananda/netlink)
BuildRequires: golang(github.com/vishvananda/netlink/nl)
%endif
Recommends: container-selinux >= 2:2.85-1
%ifnarch s390x
Recommends: criu
%endif
BuildRequires: go-md2man
BuildRequires: libseccomp-devel
Requires: criu
%description
The runc command can be used to start containers which are packaged
in accordance with the Open Container Initiative's specifications,
and to manage containers running under runc.
%if 0%{?with_devel}
%package devel
Summary: %{summary}
BuildArch: noarch
%if 0%{?with_check}
BuildRequires: golang(github.com/Sirupsen/logrus)
BuildRequires: golang(github.com/coreos/go-systemd/dbus)
BuildRequires: golang(github.com/coreos/go-systemd/util)
BuildRequires: golang(github.com/docker/docker/pkg/mount)
BuildRequires: golang(github.com/docker/docker/pkg/symlink)
BuildRequires: golang(github.com/docker/go-units)
BuildRequires: golang(github.com/godbus/dbus)
BuildRequires: golang(github.com/golang/protobuf/proto)
BuildRequires: golang(github.com/opencontainers/runtime-spec/specs-go)
BuildRequires: golang(github.com/seccomp/libseccomp-golang)
BuildRequires: golang(github.com/syndtr/gocapability/capability)
BuildRequires: golang(github.com/vishvananda/netlink)
BuildRequires: golang(github.com/vishvananda/netlink/nl)
%endif
Requires: golang(github.com/Sirupsen/logrus)
Requires: golang(github.com/coreos/go-systemd/dbus)
Requires: golang(github.com/coreos/go-systemd/util)
Requires: golang(github.com/docker/docker/pkg/mount)
Requires: golang(github.com/docker/docker/pkg/symlink)
Requires: golang(github.com/docker/go-units)
Requires: golang(github.com/godbus/dbus)
Requires: golang(github.com/golang/protobuf/proto)
Requires: golang(github.com/opencontainers/runtime-spec/specs-go)
Requires: golang(github.com/seccomp/libseccomp-golang)
Requires: golang(github.com/syndtr/gocapability/capability)
Requires: golang(github.com/vishvananda/netlink)
Requires: golang(github.com/vishvananda/netlink/nl)
Provides: oci-runtime = 1
Provides: golang(%{import_path}/libcontainer) = %{version}-%{release}
Provides: golang(%{import_path}/libcontainer/apparmor) = %{version}-%{release}
Provides: golang(%{import_path}/libcontainer/cgroups) = %{version}-%{release}
Provides: golang(%{import_path}/libcontainer/cgroups/fs) = %{version}-%{release}
Provides: golang(%{import_path}/libcontainer/cgroups/systemd) = %{version}-%{release}
Provides: golang(%{import_path}/libcontainer/configs) = %{version}-%{release}
Provides: golang(%{import_path}/libcontainer/configs/validate) = %{version}-%{release}
Provides: golang(%{import_path}/libcontainer/criurpc) = %{version}-%{release}
Provides: golang(%{import_path}/libcontainer/devices) = %{version}-%{release}
Provides: golang(%{import_path}/libcontainer/integration) = %{version}-%{release}
Provides: golang(%{import_path}/libcontainer/keys) = %{version}-%{release}
Provides: golang(%{import_path}/libcontainer/nsenter) = %{version}-%{release}
Provides: golang(%{import_path}/libcontainer/seccomp) = %{version}-%{release}
Provides: golang(%{import_path}/libcontainer/specconv) = %{version}-%{release}
Provides: golang(%{import_path}/libcontainer/stacktrace) = %{version}-%{release}
Provides: golang(%{import_path}/libcontainer/system) = %{version}-%{release}
Provides: golang(%{import_path}/libcontainer/user) = %{version}-%{release}
Provides: golang(%{import_path}/libcontainer/utils) = %{version}-%{release}
Provides: golang(%{import_path}/libcontainer/xattr) = %{version}-%{release}
%description devel
The runc command can be used to start containers which are packaged
in accordance with the Open Container Initiative's specifications,
and to manage containers running under runc.
This package contains library source intended for
building other packages which use import path with
%{import_path} prefix.
%endif
%if 0%{?with_unit_test} && 0%{?with_devel}
%package unit-test
Summary: Unit tests for %{name} package
# If go_compiler is not set to 1, there is no virtual provide. Use golang instead.
BuildRequires: %{?go_compiler:compiler(go-compiler)}%{!?go_compiler:golang}
%if 0%{?with_check}
#Here comes all BuildRequires: PACKAGE the unit tests
#in %%check section need for running
%endif
# test subpackage tests code from devel subpackage
Requires: %{name}-devel = %{epoch}:%{version}-%{release}
%description unit-test
The runc command can be used to start containers which are packaged
in accordance with the Open Container Initiative's specifications,
and to manage containers running under runc.
This package contains unit tests for project
providing packages with %{import_path} prefix.
%endif
%prep
%autosetup -Sgit -n %{name}-%{commit0}
%autosetup -Sgit
sed -i '/\#\!\/bin\/bash/d' contrib/completions/bash/%{name}
%build
mkdir -p GOPATH
@ -171,93 +57,21 @@ pushd GOPATH
popd
pushd GOPATH/src/%{import_path}
export GO111MODULE=off
export GOPATH=%{gopath}:$(pwd)/GOPATH
export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64"
export BUILDTAGS="selinux seccomp"
export LDFLAGS="-X main.gitCommit= -X main.version=%{version}"
%gobuild -o %{name} %{import_path}
make BUILDTAGS="seccomp selinux" all
sed -i '/\#\!\/bin\/bash/d' contrib/completions/bash/%{name}
pushd man
./md2man-all.sh
popd
%install
install -d -p %{buildroot}%{_bindir}
install -p -m 755 %{name} %{buildroot}%{_bindir}
# generate man pages
man/md2man-all.sh
# install man pages
install -d -p %{buildroot}%{_mandir}/man8
install -p -m 0644 man/man8/*.8 %{buildroot}%{_mandir}/man8/.
# install bash completion
install -d -p %{buildroot}%{_datadir}/bash-completion/completions
install -p -m 0644 contrib/completions/bash/%{name} %{buildroot}%{_datadir}/bash-completion/completions
# source codes for building projects
%if 0%{?with_devel}
install -d -p %{buildroot}/%{gopath}/src/%{import_path}/
# find all *.go but no *_test.go files and generate devel.file-list
for file in $(find . -iname "*.go" \! -iname "*_test.go" | grep -v "^./Godeps") ; do
echo "%%dir %%{gopath}/src/%%{import_path}/$(dirname $file)" >> devel.file-list
install -d -p %{buildroot}/%{gopath}/src/%{import_path}/$(dirname $file)
cp -pav $file %{buildroot}/%{gopath}/src/%{import_path}/$file
echo "%%{gopath}/src/%%{import_path}/$file" >> devel.file-list
done
for file in $(find . -iname "*.proto" | grep -v "^./Godeps") ; do
echo "%%dir %%{gopath}/src/%%{import_path}/$(dirname $file)" >> devel.file-list
install -d -p %{buildroot}/%{gopath}/src/%{import_path}/$(dirname $file)
cp -pav $file %{buildroot}/%{gopath}/src/%{import_path}/$file
echo "%%{gopath}/src/%%{import_path}/$file" >> devel.file-list
done
%endif
# testing files for this project
%if 0%{?with_unit_test} && 0%{?with_devel}
install -d -p %{buildroot}/%{gopath}/src/%{import_path}/
# find all *_test.go files and generate unit-test.file-list
for file in $(find . -iname "*_test.go" | grep -v "^./Godeps"); do
echo "%%dir %%{gopath}/src/%%{import_path}/$(dirname $file)" >> devel.file-list
install -d -p %{buildroot}/%{gopath}/src/%{import_path}/$(dirname $file)
cp -pav $file %{buildroot}/%{gopath}/src/%{import_path}/$file
echo "%%{gopath}/src/%%{import_path}/$file" >> unit-test.file-list
done
%endif
%if 0%{?with_devel}
sort -u -o devel.file-list devel.file-list
%endif
make install install-man install-bash DESTDIR=$RPM_BUILD_ROOT PREFIX=%{_prefix} LIBDIR=%{_libdir} BINDIR=%{_bindir}
%check
%if 0%{?with_check} && 0%{?with_unit_test} && 0%{?with_devel}
%if ! 0%{?with_bundled}
export GOPATH=%{buildroot}/%{gopath}:%{gopath}
%else
export GOPATH=%{buildroot}/%{gopath}:$(pwd)/Godeps/_workspace:%{gopath}
%endif
%if ! 0%{?gotest:1}
%global gotest go test
%endif
# FAIL: TestFactoryNewTmpfs (0.00s), factory_linux_test.go:59: operation not permitted
#%%gotest %%{import_path}/libcontainer
#%%gotest %%{import_path}/libcontainer/cgroups
# --- FAIL: TestInvalidCgroupPath (0.00s)
# apply_raw_test.go:16: couldn't get cgroup root: mountpoint for cgroup not found
# apply_raw_test.go:25: couldn't get cgroup data: mountpoint for cgroup not found
#%%gotest %%{import_path}/libcontainer/cgroups/fs
#%%gotest %%{import_path}/libcontainer/configs
#%%gotest %%{import_path}/libcontainer/devices
# undefined reference to `nsexec'
#%%gotest %%{import_path}/libcontainer/integration
# Unable to create tstEth link: operation not permitted
#%%gotest %%{import_path}/libcontainer/netlink
# undefined reference to `nsexec'
#%%gotest %%{import_path}/libcontainer/nsenter
#%%gotest %%{import_path}/libcontainer/stacktrace
#constant 2147483648 overflows int
#%%gotest %%{import_path}/libcontainer/user
#%%gotest %%{import_path}/libcontainer/utils
#%%gotest %%{import_path}/libcontainer/xattr
%endif
#define license tag if not already defined
%{!?_licensedir:%global license %doc}
@ -269,21 +83,66 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/Godeps/_workspace:%{gopath}
%{_mandir}/man8/%{name}*
%{_datadir}/bash-completion/completions/%{name}
%if 0%{?with_devel}
%files devel -f devel.file-list
%license LICENSE
%doc MAINTAINERS_GUIDE.md PRINCIPLES.md README.md CONTRIBUTING.md
%dir %{gopath}/src/%{provider}.%{provider_tld}/%{project}
%dir %{gopath}/src/%{import_path}
%endif
%if 0%{?with_unit_test} && 0%{?with_devel}
%files unit-test -f unit-test.file-list
%license LICENSE
%doc MAINTAINERS_GUIDE.md PRINCIPLES.md README.md CONTRIBUTING.md
%endif
%changelog
* Wed Jan 26 2022 Jindrich Novy <jnovy@redhat.com> - 3:1.1.0-2
- Epoch: 3 as the oldest runc build in RHEL9 has Epoch: 2
- Related: #2000051
* Tue Jan 18 2022 Jindrich Novy <jnovy@redhat.com> - 1.1.0-1
- update to https://github.com/opencontainers/runc/releases/tag/v1.1.0
- Related: #2000051
* Mon Dec 06 2021 Jindrich Novy <jnovy@redhat.com> - 1.0.3-1
- update to https://github.com/opencontainers/runc/releases/tag/v1.0.3
- Related: #2000051
* Fri Oct 01 2021 Jindrich Novy <jnovy@redhat.com> - 1.0.2-3
- perform only sanity/installability tests for now
- Related: #2000051
* Wed Sep 29 2021 Jindrich Novy <jnovy@redhat.com> - 1.0.2-2
- add gating.yaml
- Related: #2000051
* Fri Sep 03 2021 Jindrich Novy <jnovy@redhat.com> - 1.0.2-1
- update to https://github.com/opencontainers/runc/releases/tag/v1.0.2
- Related: #2000051
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1.0.1-6
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Fri Aug 06 2021 Jindrich Novy <jnovy@redhat.com> - 1.0.1-5
- do not use versioned provide
- Resolves: #1974950
* Thu Jul 29 2021 Jindrich Novy <jnovy@redhat.com> - 1.0.1-4
- fix "unknown version" displayed by runc -v
- Related: #1970747
* Mon Jul 26 2021 Jindrich Novy <jnovy@redhat.com> - 1.0.1-3
- be sure to compile runc binaries the right way
- Related: #1970747
* Mon Jul 26 2021 Jindrich Novy <jnovy@redhat.com> - 1.0.1-2
- use Makefile
- Related: #1970747
* Mon Jul 19 2021 Jindrich Novy <jnovy@redhat.com> - 1.0.1-1
- update to https://github.com/opencontainers/runc/releases/tag/v1.0.1
- Related: #1970747
* Wed Jun 23 2021 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-338.rc95
- Resolves: #1974950 - versionless oci-runtime
* Tue Jun 22 2021 Mohan Boddu <mboddu@redhat.com> - 1.0.0-337.rc95
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Mon Jun 14 2021 Jindrich Novy <jnovy@redhat.com> - 1.0.0-336.rc95
- add GO111MODULE=off
- Related: #1970747
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2:1.0.0-332.dev.gitbd013b6
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937