diff --git a/.fmf/version b/.fmf/version new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/.gitignore b/.gitignore index 342aad3..62eb9bc 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,104 @@ crun-0.1.1.tar.gz +/crun-0.6.tar.gz +/crun-0.7.tar.gz +/crun-0.8.tar.gz +/crun-0.9.tar.gz +/crun-6a2c111.tar.gz +/crun-0.9.1.tar.gz +/crun-0.10.tar.gz +/crun-0.10.1.tar.gz +/crun-0.10.2.tar.gz +/crun-0.10.3.tar.gz +/crun-0.10.4.tar.gz +/crun-0.10.5.tar.gz +/crun-0.10.6.tar.gz +/crun-0.11.tar.gz +/crun-0.12.tar.gz +/crun-0.12.1.tar.gz +/crun-0.12.2.tar.gz +/crun-0.12.2.1.tar.gz +/crun-0.13.tar.gz +/crun-0.14.tar.gz +/crun-0.14.1.tar.gz +/crun-0.15.tar.gz +/crun-0.15.1.tar.gz +/crun-0.16.tar.gz +/crun-0.17.tar.gz +/crun-0.18.tar.gz +/3e7fa1db14a3c4ad0605f1cb2851ec134f4ccc07.patch +/f642968ec5ae05b33f2545da6edf135c338b34d1.patch +/crun-0.19.tar.gz +/crun-0.19.1.tar.gz +/crun-0.19.1.7-3886.tar.xz +/crun-0.19.1.11-1dea.tar.xz +/crun-0.19.1.17-3f6a.tar.xz +/crun-0.19.1.19-b6c3.tar.xz +/crun-0.19.1.22-4e96.tar.xz +/crun-0.19.1.26-029e.tar.xz +/crun-0.19.1.31-b83e.tar.xz +/crun-0.19.1.36-2bad.tar.xz +/crun-0.19.1.41-f9c4.tar.xz +/crun-0.19.1.45-4cc7.tar.xz +/crun-0.19.1.50-1942.tar.xz +/crun-0.20.1-ffb7.tar.xz +/crun-0.20.3-8d6a.tar.xz +/crun-0.20.1.1-7adf.tar.xz +/crun-0.20.1.3-9dec.tar.xz +/crun-0.19.1.13-6340.tar.xz +/crun-0.20.1.7-7ef7.tar.xz +/crun-0.20.1.9-60de.tar.xz +/crun-0.21-dirty.tar.xz +/crun-0.21.tar.xz +/crun-1.0.tar.xz +/crun-1.1.tar.xz +/crun-1.2.tar.xz +/crun-1.3.tar.xz +/crun-1.4.tar.xz +/crun-1.4.1.tar.xz +/crun-1.4.2.tar.xz +/crun-1.4.3.tar.xz +/crun-1.4.4.tar.xz +/crun-1.4.5.tar.xz +/crun-1.5.tar.xz +/crun-1.6.tar.xz +/crun-1.7.tar.xz +/crun-1.7.1.tar.xz +/crun-1.7.2.tar.xz +/crun-1.8.tar.xz +/crun-1.8.1.tar.xz +/crun-1.8.2.tar.xz +/crun-1.8.3.tar.xz +/crun-1.8.4.tar.xz +/crun-1.8.5.tar.xz +/crun-1.8.6.tar.xz +/crun-1.8.7.tar.xz +/crun-1.9.tar.xz +/crun-1.9.1.tar.xz +/crun-1.9.2.tar.xz +/crun-1.10.tar.xz +/crun-1.11.tar.xz +/crun-1.11.1.tar.xz +/crun-1.11.2.tar.xz +/crun-1.12.tar.xz +/crun-1.13.tar.xz +/crun-1.14.tar.xz +/crun-1.14.1.tar.xz +/crun-1.14.2.tar.xz +/crun-1.14.3.tar.xz +/crun-1.14.4.tar.xz +/crun-1.15.tar.zst +/crun-1.17.tar.zst +/crun-1.18.tar.zst +/crun-1.18.1.tar.zst +/crun-1.18.2.tar.zst +/crun-1.19.tar.zst +/crun-1.19.1.tar.zst +/crun-1.20.tar.zst +/crun-1.21.tar.zst +/crun-1.22.tar.zst +/crun-1.23.tar.zst +/crun-1.23.1.tar.zst +/crun-1.24.tar.zst +/crun-1.25.tar.zst +/crun-1.25.1.tar.zst +/crun-1.26.tar.zst diff --git a/.packit.yaml b/.packit.yaml new file mode 100644 index 0000000..b7dc6ae --- /dev/null +++ b/.packit.yaml @@ -0,0 +1,140 @@ +--- +# See the documentation for more information: +# https://packit.dev/docs/configuration/ + +downstream_package_name: crun + +# Ref: https://packit.dev/docs/configuration#files_to_sync +files_to_sync: + - src: rpm/gating.yaml + dest: gating.yaml + - src: plans/ + dest: plans/ + delete: true + mkpath: true + - src: tests/tmt/ + dest: tests/tmt/ + delete: true + mkpath: true + - src: .fmf/ + dest: .fmf/ + delete: true + mkpath: true + - .packit.yaml + +packages: + crun-fedora: + pkg_tool: fedpkg + specfile_path: rpm/crun.spec + crun-centos: + pkg_tool: centpkg + specfile_path: rpm/crun.spec + crun-eln: + specfile_path: rpm/crun.spec + +srpm_build_deps: + - git-archive-all + - make + +actions: + # This action runs only on copr build jobs + create-archive: + - "git-archive-all -v --force-submodules rpm/crun-HEAD.tar.xz" + - bash -c "ls -1 rpm/crun-HEAD.tar.xz" + +jobs: + - job: copr_build + trigger: pull_request + packages: [crun-fedora] + notifications: &copr_build_failure_notification + failure_comment: + message: "Ephemeral COPR build failed. @containers/packit-build please check." + targets: &fedora_copr_targets + - fedora-all-x86_64 + - fedora-all-aarch64 + + - job: copr_build + trigger: pull_request + packages: [crun-eln] + notifications: *copr_build_failure_notification + targets: + - fedora-eln-x86_64 + - fedora-eln-aarch64 + + - job: copr_build + trigger: pull_request + packages: [crun-centos] + notifications: *copr_build_failure_notification + targets: ¢os_copr_targets + - centos-stream-9-x86_64 + - centos-stream-9-aarch64 + - centos-stream-10-x86_64 + - centos-stream-10-aarch64 + + # Run on commit to main branch + - job: copr_build + trigger: commit + packages: [crun-fedora] + notifications: + failure_comment: + message: "podman-next COPR build failed. @containers/packit-build please check." + branch: main + owner: rhcontainerbot + project: podman-next + + # Podman system tests for Fedora and CentOS Stream + - job: tests + trigger: pull_request + packages: [crun-fedora] + notifications: &test_failure_notification + failure_comment: + message: "TMT tests failed. @containers/packit-build please check." + targets: *fedora_copr_targets + tf_extra_params: + environments: + - artifacts: + - type: repository-file + id: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/repo/fedora-$releasever/rhcontainerbot-podman-next-fedora-$releasever.repo + + # Podman system tests for CentOS Stream + - job: tests + trigger: pull_request + packages: [crun-centos] + notifications: *test_failure_notification + # TODO: Re-enable centos-stream-10-x86_64 once criu issues are solved + # Ref: https://github.com/containers/crun/pull/1758#issuecomment-2901772392 + # Issue filed: https://github.com/containers/crun/issues/1759 + #targets: *centos_copr_targets + targets: + - centos-stream-9-x86_64 + - centos-stream-9-aarch64 + - centos-stream-10-aarch64 + tf_extra_params: + environments: + - artifacts: + - type: repository-file + id: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/repo/centos-stream-$releasever/rhcontainerbot-podman-next-centos-stream-$releasever.repo + + - job: propose_downstream + trigger: release + packages: [crun-fedora] + dist_git_branches: &fedora_targets + - fedora-all + + # Disabled until we're switching to Packit for CentOS Stream + - job: propose_downstream + trigger: ignore + packages: [crun-centos] + dist_git_branches: + - c10s + + - job: koji_build + trigger: commit + packages: [crun-fedora] + dist_git_branches: *fedora_targets + + - job: bodhi_update + trigger: commit + packages: [crun-fedora] + dist_git_branches: + - fedora-branched # rawhide updates are created automatically diff --git a/README.packit b/README.packit new file mode 100644 index 0000000..9bb65f0 --- /dev/null +++ b/README.packit @@ -0,0 +1,3 @@ +This repository is maintained by packit. +https://packit.dev/ +The file was generated using packit 1.13.0.post1.dev2+g84134016c. diff --git a/crun.spec b/crun.spec index d3d5ab2..5cfc631 100644 --- a/crun.spec +++ b/crun.spec @@ -1,38 +1,142 @@ -Name: crun -Version: 0.1.1 -Release: 1%{?dist} -Summary: Lightweight, easy to use, simpler cron-like tool +%global krun_opts %{nil} +%global wasmedge_opts %{nil} +%global yajl_opts %{nil} -Group: Applications/System -License: GPLv2+ -URL: http://code.google.com/p/koolkit/wiki/crun -Source0: http://koolkit.googlecode.com/files/%{name}-%{version}.tar.gz -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +%if %{defined copr_username} +%define copr_build 1 +%endif + +# krun and wasm support only on aarch64 and x86_64 +%ifarch aarch64 || x86_64 + +%if %{defined fedora} +# krun only exists on fedora +%global krun_support 1 +%global krun_opts --with-libkrun + +# Keep wasmedge enabled only on Fedora. It breaks a lot on EPEL. +%global wasm_support 1 +%global wasmedge_support 1 +%global wasmedge_opts --with-wasmedge +%endif + +%endif + +%if %{defined fedora} || (%{defined rhel} && 0%{?rhel} < 10) +%global system_yajl 1 +%else +%global yajl_opts --enable-embedded-yajl +%endif + +Summary: OCI runtime written in C +Name: crun +%if %{defined copr_build} +Epoch: 102 +%endif +# DO NOT TOUCH the Version string! +# The TRUE source of this specfile is: +# https://github.com/containers/crun/blob/main/rpm/crun.spec +# If that's what you're reading, Version must be 0, and will be updated by Packit for +# copr and koji builds. +# If you're reading this on dist-git, the version is automatically filled in by Packit. +Version: 1.26 +Release: %autorelease +URL: https://github.com/containers/%{name} +Source0: %{url}/releases/download/%{version}/%{name}-%{version}.tar.zst +License: GPL-2.0-only +%if %{defined golang_arches_future} +ExclusiveArch: %{golang_arches_future} +%else +ExclusiveArch: aarch64 ppc64le riscv64 s390x x86_64 +%endif +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: gcc +BuildRequires: git-core +BuildRequires: gperf +BuildRequires: libcap-devel +%if %{defined krun_support} +BuildRequires: libkrun-devel +%endif +BuildRequires: systemd-devel +%if %{defined system_yajl} +BuildRequires: yajl-devel +%endif +BuildRequires: libseccomp-devel +BuildRequires: python3-libmount +BuildRequires: libtool +BuildRequires: protobuf-c-devel +BuildRequires: criu-devel >= 3.17.1-2 +Recommends: criu >= 3.17.1 +Recommends: criu-libs +%if %{defined wasmedge_support} +BuildRequires: wasmedge-devel +%endif +BuildRequires: python +BuildRequires: glibc-static +Provides: oci-runtime %description -crun is a light weight, easy to use, simpler cron like tool. -It Executes a given program, a specified number of times, after a specified -time interval. +%{name} is a OCI runtime + +%if %{defined krun_support} +%package krun +Summary: %{name} with libkrun support +Requires: libkrun +Requires: %{name} = %{?epoch:%{epoch}:}%{version}-%{release} +Provides: krun = %{?epoch:%{epoch}:}%{version}-%{release} + +%description krun +krun is a symlink to the %{name} binary, with libkrun as an additional dependency. +%endif + +%if %{defined wasm_support} +%package wasm +Summary: %{name} with wasm support +Requires: %{name} = %{?epoch:%{epoch}:}%{version}-%{release} +# wasm packages are not present on RHEL yet and are currently a PITA to test +# Best to only include wasmedge as weak dep on rhel +%if %{defined fedora} +Requires: wasm-library +%endif +Recommends: wasmedge + +%description wasm +%{name}-wasm is a symlink to the %{name} binary, with wasm as an additional dependency. +%endif %prep -%setup -q +%autosetup -Sgit -n %{name}-%{version} %build -%configure -make %{?_smp_mflags} +./autogen.sh +./configure --disable-silent-rules %{krun_opts} %{wasmedge_opts} %{yajl_opts} +%make_build %install -rm -rf $RPM_BUILD_ROOT -make install DESTDIR=$RPM_BUILD_ROOT +%make_install prefix=%{_prefix} +rm -rf %{buildroot}%{_prefix}/lib* -%clean -rm -rf $RPM_BUILD_ROOT +# Placeholder check to silence rpmlint +%check %files -%defattr(-,root,root,-) -%doc AUTHORS ChangeLog COPYING NEWS README -%{_bindir}/crun +%license COPYING +%{_bindir}/%{name} +%{_mandir}/man1/%{name}.1.gz + +%if %{defined krun_support} +%files krun +%license COPYING +%{_bindir}/krun +%{_mandir}/man1/krun.1.gz +%endif + +%if %{defined wasm_support} +%files wasm +%license COPYING +%{_bindir}/%{name}-wasm +%endif %changelog -* Fri Dec 11 2009 Damien Durand 0.1.1-1 -- Initial release +%autochangelog diff --git a/gating.yaml b/gating.yaml new file mode 100644 index 0000000..f86de09 --- /dev/null +++ b/gating.yaml @@ -0,0 +1,15 @@ +--- !Policy +product_versions: + - fedora-* +decision_contexts: + - bodhi_update_push_stable + - bodhi_update_push_testing +rules: + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} + +--- !Policy +product_versions: + - rhel-* +decision_context: osci_compose_gate +rules: + - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional} diff --git a/plans/main.fmf b/plans/main.fmf new file mode 100644 index 0000000..7a4ae15 --- /dev/null +++ b/plans/main.fmf @@ -0,0 +1,40 @@ +discover: + how: fmf +execute: + how: tmt +prepare: + - when: distro == centos-stream or distro == rhel + how: shell + script: | + dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-$(rpm --eval '%{?rhel}').noarch.rpm + dnf -y config-manager --set-enabled epel + order: 10 + - when: initiator == packit + how: shell + script: | + COPR_REPO_FILE="/etc/yum.repos.d/*podman-next*.repo" + if compgen -G $COPR_REPO_FILE > /dev/null; then + sed -i -n '/^priority=/!p;$apriority=1' $COPR_REPO_FILE + fi + dnf -y upgrade --allowerasing + order: 20 + - how: install + package: + - bats + - crun + - podman-tests + +/shellcheck: + discover+: + filter: 'tag:shellcheck' + enabled: true + adjust: + enabled: false + when: distro == centos-stream-10 or distro == rhel-10 + prepare+: + - how: install + package: ShellCheck + +/tests: + discover+: + filter: 'tag:podman | tag:sanity' diff --git a/plans/tmt.fmf b/plans/tmt.fmf new file mode 100644 index 0000000..1941978 --- /dev/null +++ b/plans/tmt.fmf @@ -0,0 +1,9 @@ +/: + inherit: false + +summary: Run tmt's integration tests +plan: + import: + url: https://github.com/teemtee/tmt + path: /plans/friends + name: /podman diff --git a/sources b/sources index dfe7623..233ea40 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -0865cb80e85afc598cab2ec5b4820c15 crun-0.1.1.tar.gz +SHA512 (crun-1.26.tar.zst) = 0785af6095a26290f433c5739bea5d98a029c3f0e8efbeed420481849ebddd70acde6c1105133c392abf26bca90d232cced5e5994da7506d66a020a02c129fb3 diff --git a/tests/tmt/podman/system-test.fmf b/tests/tmt/podman/system-test.fmf new file mode 100644 index 0000000..8df55c2 --- /dev/null +++ b/tests/tmt/podman/system-test.fmf @@ -0,0 +1,7 @@ +adjust: + duration: 10m + when: arch == aarch64 + +summary: Run crun specific Podman tests +test: bash ./system-test.sh +tag: [ podman ] diff --git a/tests/tmt/podman/system-test.sh b/tests/tmt/podman/system-test.sh new file mode 100644 index 0000000..974f829 --- /dev/null +++ b/tests/tmt/podman/system-test.sh @@ -0,0 +1,17 @@ +#!/usr/bin/env bash + +set -exo pipefail + +if [[ "$(id -u)" -ne 0 ]];then + echo "Please run this script as superuser" + exit 1 +fi + +cat /etc/redhat-release +rpm -q conmon containers-common crun podman podman-tests + +# Run crun specific podman tests +bats -t /usr/share/podman/test/system/030-run.bats +bats -t /usr/share/podman/test/system/075-exec.bats +bats -t /usr/share/podman/test/system/280-update.bats +bats -t /usr/share/podman/test/system/520-checkpoint.bats diff --git a/tests/tmt/sanity/config.json b/tests/tmt/sanity/config.json new file mode 100644 index 0000000..3a1f225 --- /dev/null +++ b/tests/tmt/sanity/config.json @@ -0,0 +1,180 @@ +{ + "ociVersion": "1.0.0", + "process": { + "terminal": false, + "user": { + "uid": 0, + "gid": 0 + }, + "args": [ + "sleep", "10" + ], + "env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "TERM=xterm" + ], + "cwd": "/", + "capabilities": { + "bounding": [ + "CAP_AUDIT_WRITE", + "CAP_KILL", + "CAP_NET_BIND_SERVICE" + ], + "effective": [ + "CAP_AUDIT_WRITE", + "CAP_KILL", + "CAP_NET_BIND_SERVICE" + ], + "inheritable": [ + ], + "permitted": [ + "CAP_AUDIT_WRITE", + "CAP_KILL", + "CAP_NET_BIND_SERVICE" + ], + "ambient": [ + "CAP_AUDIT_WRITE", + "CAP_KILL", + "CAP_NET_BIND_SERVICE" + ] + }, + "rlimits": [ + { + "type": "RLIMIT_NOFILE", + "hard": 1024, + "soft": 1024 + } + ], + "noNewPrivileges": true + }, + "root": { + "path": "rootfs", + "readonly": true + }, + "hostname": "crun", + "mounts": [ + { + "destination": "/proc", + "type": "proc", + "source": "proc" + }, + { + "destination": "/dev", + "type": "tmpfs", + "source": "tmpfs", + "options": [ + "nosuid", + "strictatime", + "mode=755", + "size=65536k" + ] + }, + { + "destination": "/dev/pts", + "type": "devpts", + "source": "devpts", + "options": [ + "nosuid", + "noexec", + "newinstance", + "ptmxmode=0666", + "mode=0620", + "gid=5" + ] + }, + { + "destination": "/dev/shm", + "type": "tmpfs", + "source": "shm", + "options": [ + "nosuid", + "noexec", + "nodev", + "mode=1777", + "size=65536k" + ] + }, + { + "destination": "/dev/mqueue", + "type": "mqueue", + "source": "mqueue", + "options": [ + "nosuid", + "noexec", + "nodev" + ] + }, + { + "destination": "/sys", + "type": "sysfs", + "source": "sysfs", + "options": [ + "nosuid", + "noexec", + "nodev", + "ro" + ] + }, + { + "destination": "/sys/fs/cgroup", + "type": "cgroup", + "source": "cgroup", + "options": [ + "nosuid", + "noexec", + "nodev", + "relatime", + "ro" + ] + } + ], + "linux": { + "resources": { + "devices": [ + { + "allow": false, + "access": "rwm" + } + ] + }, + "namespaces": [ + { + "type": "pid" + }, + { + "type": "network" + }, + { + "type": "ipc" + }, + { + "type": "uts" + }, + { + "type": "cgroup" + }, + { + "type": "mount" + } + ], + "maskedPaths": [ + "/proc/acpi", + "/proc/asound", + "/proc/kcore", + "/proc/keys", + "/proc/latency_stats", + "/proc/timer_list", + "/proc/timer_stats", + "/proc/sched_debug", + "/sys/firmware", + "/proc/scsi" + ], + "readonlyPaths": [ + "/proc/bus", + "/proc/fs", + "/proc/irq", + "/proc/sys", + "/proc/sysrq-trigger" + ] + } +} diff --git a/tests/tmt/sanity/main.fmf b/tests/tmt/sanity/main.fmf new file mode 100644 index 0000000..ccfa4ca --- /dev/null +++ b/tests/tmt/sanity/main.fmf @@ -0,0 +1,4 @@ +summary: Sanity test for crun +test: bash ./runtest.sh +duration: 10m +tag: [ sanity ] diff --git a/tests/tmt/sanity/runtest.sh b/tests/tmt/sanity/runtest.sh new file mode 100644 index 0000000..3e13986 --- /dev/null +++ b/tests/tmt/sanity/runtest.sh @@ -0,0 +1,113 @@ +#!/usr/bin/env bash + +set -exo pipefail + +TEMPDIR=$(mktemp -d) +TESTIMG="quay.io/libpod/busybox" +CNAME="mycont-$RANDOM" + +cat /etc/redhat-release +uname -r +rpm -q crun criu + +if ! crun --version; then + exit 1 +fi + +if ! crun features; then + exit 1 +fi + +if ! crun list; then + exit 1 +fi + +# create the top most bundle and rootfs directory +mkdir -p "$TEMPDIR"/rootfs + +# export busybox via podman into the rootfs directory +if ! (podman export "$(podman create $TESTIMG)" | tar -C "$TEMPDIR"/rootfs -xvf -); then + exit 1 +fi + +# use existing spec +cp ./config.json "$TEMPDIR" +ls "$TEMPDIR" +cd "$TEMPDIR" + +if ! crun create $CNAME; then + exit 1 +fi + +if ! crun list; then + exit 1 +fi + +if ! crun start $CNAME; then + exit 1 +fi + +if ! crun list; then + exit 1 +fi + +if ! crun state $CNAME; then + exit 1 +fi + +if ! crun ps $CNAME; then + exit 1 +fi + +if ! ret=$(crun exec $CNAME pwd) || [[ "$ret" != '/' ]]; then + exit 1 +fi + +if ! crun pause $CNAME; then + exit 1 +fi + +if ! crun state $CNAME; then + exit 1 +fi + +if ! crun resume $CNAME; then + exit 1 +fi + +if ! crun state $CNAME; then + exit 1 +fi + +if ! ret=$(crun exec $CNAME pwd) || [[ "$ret" != '/' ]]; then + exit 1 +fi + +if ! crun delete --force $CNAME; then + exit 1 +fi + +if ! crun list; then + exit 1 +fi + +if ! (crun run $CNAME &); then + exit 1 +fi + +if ! crun list; then + exit 1 +fi + +# make sure the container is running state +sleep 2 + +if ! ret=$(crun exec $CNAME echo 'ok') || [[ "$ret" != 'ok' ]]; then + exit 1 +fi + +if ! crun kill $CNAME; then + exit 1 +fi + +exit 0 diff --git a/tests/tmt/shellcheck/main.fmf b/tests/tmt/shellcheck/main.fmf new file mode 100644 index 0000000..7d220b4 --- /dev/null +++ b/tests/tmt/shellcheck/main.fmf @@ -0,0 +1,4 @@ +summary: Shellcheck tests +test: find ../ -type f -name "*.sh" -exec shellcheck {} + +duration: 10m +tag: [ shellcheck ]