runc-2:1.1.1-1

- Bump to v1.1.1 - add hardening flags - remove unused packages - update license and bundled provides Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
2022-03-29 15:32:40 -04:00 · 2022-03-29 15:32:40 -04:00 · 89b8fedf17
commit 89b8fedf17
parent d608be655f
3 changed files with 42 additions and 201 deletions
--- a/.gitignore
+++ b/.gitignore
@ -356,3 +356,4 @@
 /v1.0.3.tar.gz
 /v1.1.0-rc.1.tar.gz
 /v1.1.0.tar.gz
+/v1.1.1.tar.gz
--- a/runc.spec
+++ b/runc.spec
@ -1,7 +1,3 @@
-%global with_devel 0
-%global with_bundled 1
-%global with_check 0
-%global with_unit_test 0
 %if 0%{?fedora}
 %global with_debug 0
 %else
@ -28,17 +24,16 @@
 %global import_path %{provider_prefix}
 %global git0 https://github.com/opencontainers/runc

-# Used for comparing with latest upstream tag
-# to decide whether to autobuild
-%global built_tag v1.1.0
+%global built_tag v1.1.1
 %global built_tag_strip %(b=%{built_tag}; echo ${b:1})
+%global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"})

 Name: %{repo}
 Epoch: 2
-Version: 1.1.0
-Release: 2%{?dist}
+Version: %{gen_version}
+Release: 1%{?dist}
 Summary: CLI for running Open Containers
-License: ASL 2.0
+License: ASL 2.0 and BSD and MIT
 URL: %{git0}
 Source0: %{git0}/archive/%{built_tag}.tar.gz

@ -56,26 +51,24 @@ BuildRequires: go-md2man
 BuildRequires: make
 BuildRequires: git
 Provides: oci-runtime
-
-%if ! 0%{?with_bundled}
-BuildRequires: golang(github.com/Sirupsen/logrus)
-BuildRequires: golang(github.com/codegangsta/cli)
-BuildRequires: golang(github.com/coreos/go-systemd/activation)
-BuildRequires: golang(github.com/coreos/go-systemd/dbus)
-BuildRequires: golang(github.com/coreos/go-systemd/util)
-BuildRequires: golang(github.com/docker/docker/pkg/mount)
-BuildRequires: golang(github.com/docker/docker/pkg/symlink)
-BuildRequires: golang(github.com/docker/docker/pkg/term)
-BuildRequires: golang(github.com/docker/go-units)
-BuildRequires: golang(github.com/godbus/dbus)
-BuildRequires: golang(github.com/golang/protobuf/proto)
-BuildRequires: golang(github.com/opencontainers/runtime-spec/specs-go)
-BuildRequires: golang(github.com/opencontainers/specs/specs-go)
-BuildRequires: golang(github.com/seccomp/libseccomp-golang)
-BuildRequires: golang(github.com/syndtr/gocapability/capability)
-BuildRequires: golang(github.com/vishvananda/netlink)
-BuildRequires: golang(github.com/vishvananda/netlink/nl)
-%endif
+# vendored libraries
+# awk '{print "Provides: bundled(golang("$1")) = "$2}' go.mod | sort | uniq | sed -e 's/-/_/g' -e '/bundled(golang())/d' -e '/bundled(golang(go\|module\|replace\|require))/d'
+Provides: bundled(golang(github.com/checkpoint_restore/go_criu/v5)) = v5.3.0
+Provides: bundled(golang(github.com/cilium/ebpf)) = v0.7.0
+Provides: bundled(golang(github.com/containerd/console)) = v1.0.3
+Provides: bundled(golang(github.com/coreos/go_systemd/v22)) = v22.3.2
+Provides: bundled(golang(github.com/cyphar/filepath_securejoin)) = v0.2.3
+Provides: bundled(golang(github.com/docker/go_units)) = v0.4.0
+Provides: bundled(golang(github.com/godbus/dbus/v5)) = v5.0.6
+Provides: bundled(golang(github.com/moby/sys/mountinfo)) = v0.5.0
+Provides: bundled(golang(github.com/mrunalp/fileutils)) = v0.5.0
+Provides: bundled(golang(github.com/opencontainers/runtime_spec)) = v1.0.3_0.20210326190908_1c3f411f0417
+Provides: bundled(golang(github.com/opencontainers/selinux)) = v1.10.0
+Provides: bundled(golang(github.com/seccomp/libseccomp_golang)) = v0.9.2_0.20210429002308_3879420cc921
+Provides: bundled(golang(github.com/sirupsen/logrus)) = v1.8.1
+Provides: bundled(golang(github.com/syndtr/gocapability)) = v0.0.0_20200815063812_42c35b437635
+Provides: bundled(golang(github.com/urfave/cli)) = v1.22.1
+Provides: bundled(golang(github.com/vishvananda/netlink)) = v1.1.0
 %if 0%{?centos} >= 8
 Recommends: container-selinux >= 2:2.85-1
 %else
@ -95,99 +88,22 @@ The runc command can be used to start containers which are packaged
 in accordance with the Open Container Initiative's specifications,
 and to manage containers running under runc.

-%if 0%{?with_devel}
-%package devel
-Summary: %{summary}
-BuildArch: noarch
-
-%if 0%{?with_check}
-BuildRequires: golang(github.com/Sirupsen/logrus)
-BuildRequires: golang(github.com/coreos/go-systemd/dbus)
-BuildRequires: golang(github.com/coreos/go-systemd/util)
-BuildRequires: golang(github.com/docker/docker/pkg/mount)
-BuildRequires: golang(github.com/docker/docker/pkg/symlink)
-BuildRequires: golang(github.com/docker/go-units)
-BuildRequires: golang(github.com/godbus/dbus)
-BuildRequires: golang(github.com/golang/protobuf/proto)
-BuildRequires: golang(github.com/opencontainers/runtime-spec/specs-go)
-BuildRequires: golang(github.com/seccomp/libseccomp-golang)
-BuildRequires: golang(github.com/syndtr/gocapability/capability)
-BuildRequires: golang(github.com/vishvananda/netlink)
-BuildRequires: golang(github.com/vishvananda/netlink/nl)
-%endif
-
-Requires: golang(github.com/Sirupsen/logrus)
-Requires: golang(github.com/coreos/go-systemd/dbus)
-Requires: golang(github.com/coreos/go-systemd/util)
-Requires: golang(github.com/docker/docker/pkg/mount)
-Requires: golang(github.com/docker/docker/pkg/symlink)
-Requires: golang(github.com/docker/go-units)
-Requires: golang(github.com/godbus/dbus)
-Requires: golang(github.com/golang/protobuf/proto)
-Requires: golang(github.com/opencontainers/runtime-spec/specs-go)
-Requires: golang(github.com/seccomp/libseccomp-golang)
-Requires: golang(github.com/syndtr/gocapability/capability)
-Requires: golang(github.com/vishvananda/netlink)
-Requires: golang(github.com/vishvananda/netlink/nl)
-
-Provides: golang(%{import_path}/libcontainer) = %{version}-%{release}
-Provides: golang(%{import_path}/libcontainer/apparmor) = %{version}-%{release}
-Provides: golang(%{import_path}/libcontainer/cgroups) = %{version}-%{release}
-Provides: golang(%{import_path}/libcontainer/cgroups/fs) = %{version}-%{release}
-Provides: golang(%{import_path}/libcontainer/cgroups/systemd) = %{version}-%{release}
-Provides: golang(%{import_path}/libcontainer/configs) = %{version}-%{release}
-Provides: golang(%{import_path}/libcontainer/configs/validate) = %{version}-%{release}
-Provides: golang(%{import_path}/libcontainer/criurpc) = %{version}-%{release}
-Provides: golang(%{import_path}/libcontainer/devices) = %{version}-%{release}
-Provides: golang(%{import_path}/libcontainer/integration) = %{version}-%{release}
-Provides: golang(%{import_path}/libcontainer/keys) = %{version}-%{release}
-Provides: golang(%{import_path}/libcontainer/nsenter) = %{version}-%{release}
-Provides: golang(%{import_path}/libcontainer/seccomp) = %{version}-%{release}
-Provides: golang(%{import_path}/libcontainer/specconv) = %{version}-%{release}
-Provides: golang(%{import_path}/libcontainer/stacktrace) = %{version}-%{release}
-Provides: golang(%{import_path}/libcontainer/system) = %{version}-%{release}
-Provides: golang(%{import_path}/libcontainer/user) = %{version}-%{release}
-Provides: golang(%{import_path}/libcontainer/utils) = %{version}-%{release}
-Provides: golang(%{import_path}/libcontainer/xattr) = %{version}-%{release}
-
-%description devel
-The runc command can be used to start containers which are packaged
-in accordance with the Open Container Initiative's specifications,
-and to manage containers running under runc.
-
-This package contains library source intended for
-building other packages which use import path with
-%{import_path} prefix.
-%endif
-
-%if 0%{?with_unit_test} && 0%{?with_devel}
-%package unit-test
-Summary: Unit tests for %{name} package
-# If go_compiler is not set to 1, there is no virtual provide. Use golang instead.
-BuildRequires: %{?go_compiler:compiler(go-compiler)}%{!?go_compiler:golang}
-
-%if 0%{?with_check}
-#Here comes all BuildRequires: PACKAGE the unit tests
-#in %%check section need for running
-%endif
-
-# test subpackage tests code from devel subpackage
-Requires: %{name}-devel = %{epoch}:%{version}-%{release}
-
-%description unit-test
-The runc command can be used to start containers which are packaged
-in accordance with the Open Container Initiative's specifications,
-and to manage containers running under runc.
-
-This package contains unit tests for project
-providing packages with %{import_path} prefix.
-%endif
-
 %prep
 %autosetup -Sgit -n %{name}-%{built_tag_strip}
 sed -i 's/ -trimpath//g' Makefile

 %build
+%set_build_flags
+export CGO_CFLAGS=$CFLAGS
+# These extra flags present in $CFLAGS have been skipped for now as they break the build
+CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-flto=auto//g')
+CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-Wp,D_GLIBCXX_ASSERTIONS//g')
+CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-specs=\/usr\/lib\/rpm\/redhat\/redhat-annobin-cc1//g')
+
+%ifarch x86_64
+export CGO_CFLAGS+=" -m64 -mtune=generic -fcf-protection=full"
+%endif
+
 mkdir -p GOPATH
 pushd GOPATH
    mkdir -p src/%{provider}.%{provider_tld}/%{project}
@ -215,74 +131,6 @@ install -p -m 0644 man/man8/*.8 %{buildroot}%{_mandir}/man8/.
 install -d -p %{buildroot}%{_datadir}/bash-completion/completions
 install -p -m 0644 contrib/completions/bash/%{name} %{buildroot}%{_datadir}/bash-completion/completions

-# source codes for building projects
-%if 0%{?with_devel}
-install -d -p %{buildroot}/%{gopath}/src/%{import_path}/
-# find all *.go but no *_test.go files and generate devel.file-list
-for file in $(find . -iname "*.go" \! -iname "*_test.go" | grep -v "^./Godeps") ; do
-    echo "%%dir %%{gopath}/src/%%{import_path}/$(dirname $file)" >> devel.file-list
-    install -d -p %{buildroot}/%{gopath}/src/%{import_path}/$(dirname $file)
-    cp -pav $file %{buildroot}/%{gopath}/src/%{import_path}/$file
-    echo "%%{gopath}/src/%%{import_path}/$file" >> devel.file-list
-done
-for file in $(find . -iname "*.proto" | grep -v "^./Godeps") ; do
-    echo "%%dir %%{gopath}/src/%%{import_path}/$(dirname $file)" >> devel.file-list
-    install -d -p %{buildroot}/%{gopath}/src/%{import_path}/$(dirname $file)
-    cp -pav $file %{buildroot}/%{gopath}/src/%{import_path}/$file
-    echo "%%{gopath}/src/%%{import_path}/$file" >> devel.file-list
-done
-%endif
-
-# testing files for this project
-%if 0%{?with_unit_test} && 0%{?with_devel}
-install -d -p %{buildroot}/%{gopath}/src/%{import_path}/
-# find all *_test.go files and generate unit-test.file-list
-for file in $(find . -iname "*_test.go" | grep -v "^./Godeps"); do
-    echo "%%dir %%{gopath}/src/%%{import_path}/$(dirname $file)" >> devel.file-list
-    install -d -p %{buildroot}/%{gopath}/src/%{import_path}/$(dirname $file)
-    cp -pav $file %{buildroot}/%{gopath}/src/%{import_path}/$file
-    echo "%%{gopath}/src/%%{import_path}/$file" >> unit-test.file-list
-done
-%endif
-
-%if 0%{?with_devel}
-sort -u -o devel.file-list devel.file-list
-%endif
-
-%check
-%if 0%{?with_check} && 0%{?with_unit_test} && 0%{?with_devel}
-%if ! 0%{?with_bundled}
-export GOPATH=%{buildroot}/%{gopath}:%{gopath}
-%else
-export GOPATH=%{buildroot}/%{gopath}:$(pwd)/Godeps/_workspace:%{gopath}
-%endif
-
-%if ! 0%{?gotest:1}
-%global gotest go test
-%endif
-
-# FAIL: TestFactoryNewTmpfs (0.00s), factory_linux_test.go:59: operation not permitted
-#%%gotest %%{import_path}/libcontainer
-#%%gotest %%{import_path}/libcontainer/cgroups
-# --- FAIL: TestInvalidCgroupPath (0.00s)
-#       apply_raw_test.go:16: couldn't get cgroup root: mountpoint for cgroup not found
-#       apply_raw_test.go:25: couldn't get cgroup data: mountpoint for cgroup not found
-#%%gotest %%{import_path}/libcontainer/cgroups/fs
-#%%gotest %%{import_path}/libcontainer/configs
-#%%gotest %%{import_path}/libcontainer/devices
-# undefined reference to `nsexec'
-#%%gotest %%{import_path}/libcontainer/integration
-# Unable to create tstEth link: operation not permitted
-#%%gotest %%{import_path}/libcontainer/netlink
-# undefined reference to `nsexec'
-#%%gotest %%{import_path}/libcontainer/nsenter
-#%%gotest %%{import_path}/libcontainer/stacktrace
-#constant 2147483648 overflows int
-#%%gotest %%{import_path}/libcontainer/user
-#%%gotest %%{import_path}/libcontainer/utils
-#%%gotest %%{import_path}/libcontainer/xattr
-%endif
-
 #define license tag if not already defined
 %{!?_licensedir:%global license %doc}

@ -293,21 +141,13 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/Godeps/_workspace:%{gopath}
 %{_mandir}/man8/%{name}*
 %{_datadir}/bash-completion/completions/%{name}

-%if 0%{?with_devel}
-%files devel -f devel.file-list
-%license LICENSE
-%doc MAINTAINERS_GUIDE.md PRINCIPLES.md README.md CONTRIBUTING.md
-%dir %{gopath}/src/%{provider}.%{provider_tld}/%{project}
-%dir %{gopath}/src/%{import_path}
-%endif
-
-%if 0%{?with_unit_test} && 0%{?with_devel}
-%files unit-test -f unit-test.file-list
-%license LICENSE
-%doc MAINTAINERS_GUIDE.md PRINCIPLES.md README.md CONTRIBUTING.md
-%endif
-
 %changelog
+* Tue Mar 29 2022 Lokesh Mandvekar <lsm5@fedoraproject.org> - 2:1.1.1-1
+- Bump to v1.1.1
+- add hardening flags
+- remove unused packages
+- update license and bundled provides
+
 * Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2:1.1.0-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild

--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (v1.1.0.tar.gz) = 542ea87c488fd120f2b77e53e2c197f09cd504fbe55dbe47008aaa5b0565aa300fc49f8cadc24ead796e45a4e95a30dfb08bfeefa58dc370145a218fd2869e41
+SHA512 (v1.1.1.tar.gz) = baf622e7edae9b68d2fa255f02359d770489c7578be3c6379a5d939b4f1dfa697ec9eb4ef7dce252e64ee5225f76c06e45182a9b92b68a952e21e3f5f91450d0