diff --git a/.fmf/version b/.fmf/version new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/.gitignore b/.gitignore index b10d346..2272c16 100644 --- a/.gitignore +++ b/.gitignore @@ -83,3 +83,14 @@ crun-0.1.1.tar.gz /crun-1.13.tar.xz /crun-1.14.tar.xz /crun-1.14.1.tar.xz +/crun-1.14.2.tar.xz +/crun-1.14.3.tar.xz +/crun-1.14.4.tar.xz +/crun-1.15.tar.zst +/crun-1.17.tar.zst +/crun-1.18.tar.zst +/crun-1.18.2.tar.zst +/crun-1.19.tar.zst +/crun-1.19.1.tar.zst +/crun-1.20.tar.zst +/crun-1.21.tar.zst diff --git a/.packit.yaml b/.packit.yaml index 2cb0456..ecb0014 100644 --- a/.packit.yaml +++ b/.packit.yaml @@ -2,12 +2,42 @@ # See the documentation for more information: # https://packit.dev/docs/configuration/ -specfile_path: rpm/crun.spec +downstream_package_name: crun + +# Ref: https://packit.dev/docs/configuration#files_to_sync +files_to_sync: + - src: rpm/gating.yaml + dest: gating.yaml + - src: plans/ + dest: plans/ + delete: true + mkpath: true + - src: tests/tmt/ + dest: tests/tmt/ + delete: true + mkpath: true + - src: .fmf/ + dest: .fmf/ + delete: true + mkpath: true + - .packit.yaml + +packages: + crun-fedora: + pkg_tool: fedpkg + specfile_path: rpm/crun.spec + crun-centos: + pkg_tool: centpkg + specfile_path: rpm/crun.spec + crun-eln: + specfile_path: rpm/crun.spec srpm_build_deps: - git-archive-all - make + actions: + # This action runs only on copr build jobs create-archive: - "git-archive-all -v --force-submodules rpm/crun-HEAD.tar.xz" - bash -c "ls -1 rpm/crun-HEAD.tar.xz" @@ -15,24 +45,42 @@ actions: jobs: - job: copr_build trigger: pull_request - notifications: + packages: [crun-fedora] + notifications: &copr_build_failure_notification failure_comment: message: "Ephemeral COPR build failed. @containers/packit-build please check." - targets: + targets: &fedora_copr_targets - fedora-all-x86_64 - fedora-all-aarch64 + + - job: copr_build + trigger: pull_request + packages: [crun-eln] + notifications: *copr_build_failure_notification + targets: - fedora-eln-x86_64 - fedora-eln-aarch64 - - centos-stream+epel-next-8-x86_64 - - centos-stream+epel-next-8-aarch64 - - centos-stream+epel-next-9-x86_64 - - centos-stream+epel-next-9-aarch64 - additional_repos: - - "copr://rhcontainerbot/podman-next" + + - job: copr_build + trigger: pull_request + packages: [crun-centos] + notifications: *copr_build_failure_notification + targets: ¢os_copr_targets + # Need epel9 repos to fetch wasmedge build dependency + centos-stream-9-x86_64: + additional_repos: + - https://dl.fedoraproject.org/pub/epel/9/Everything/x86_64/ + centos-stream-9-aarch64: + additional_repos: + - https://dl.fedoraproject.org/pub/epel/9/Everything/aarch64/ + # TODO: build on CS10 with wasmedge once epel-10 is available + centos-stream-10-x86_64: {} + centos-stream-10-aarch64: {} # Run on commit to main branch - job: copr_build trigger: commit + packages: [crun-fedora] notifications: failure_comment: message: "podman-next COPR build failed. @containers/packit-build please check." @@ -40,18 +88,51 @@ jobs: owner: rhcontainerbot project: podman-next + # Podman system tests for Fedora and CentOS Stream + - job: tests + trigger: pull_request + packages: [crun-fedora] + notifications: &podman_system_test_fail_notification + failure_comment: + message: "podman system tests failed. @containers/packit-build please check." + targets: *fedora_copr_targets + tf_extra_params: + environments: + - artifacts: + - type: repository-file + id: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/repo/fedora-$releasever/rhcontainerbot-podman-next-fedora-$releasever.repo + + # Podman system tests for CentOS Stream + - job: tests + trigger: pull_request + packages: [crun-centos] + notifications: *podman_system_test_fail_notification + targets: *centos_copr_targets + tf_extra_params: + environments: + - artifacts: + - type: repository-file + id: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/repo/centos-stream-$releasever/rhcontainerbot-podman-next-centos-stream-$releasever.repo + - job: propose_downstream trigger: release - update_release: false - dist_git_branches: + packages: [crun-fedora] + dist_git_branches: &fedora_targets - fedora-all + - job: propose_downstream + trigger: release + packages: [crun-centos] + dist_git_branches: + - c10s + - job: koji_build trigger: commit - dist_git_branches: - - fedora-all + packages: [crun-fedora] + dist_git_branches: *fedora_targets - job: bodhi_update trigger: commit + packages: [crun-fedora] dist_git_branches: - fedora-branched # rawhide updates are created automatically diff --git a/README.packit b/README.packit index 29cc7d8..ad2b8e5 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 0.90.0.post1.dev9+g1f0325d1. +The file was generated using packit 1.3.0.post1.dev4+gb85da743. diff --git a/crun.spec b/crun.spec index 69fe6d4..5acd520 100644 --- a/crun.spec +++ b/crun.spec @@ -1,13 +1,18 @@ %global krun_opts %{nil} %global wasmedge_opts %{nil} -%global wasmtime_opts %{nil} +%global yajl_opts %{nil} -# krun and wasm[edge,time] support only on aarch64 and x86_64 +%if %{defined copr_username} +%define copr_build 1 +%endif + +# krun and wasm support only on aarch64 and x86_64 %ifarch aarch64 || x86_64 -%global wasm_support 1 -# wasmedge not present on Fedora ELN environments -%if !0%{?eln} +# Disable wasmedge on rhel 10 until EPEL10 is in place, otherwise it causes +# build issues on copr +%if %{defined fedora} || (%{defined copr_build} && %{defined rhel} && 0%{?rhel} < 10) +%global wasm_support 1 %global wasmedge_support 1 %global wasmedge_opts --with-wasmedge %endif @@ -18,17 +23,17 @@ %global krun_opts --with-libkrun %endif -# wasmtime exists only on podman-next copr for now -%if %{defined copr_project} && "%{?copr_project}" == "podman-next" -%global wasmtime_support 1 -%global wasmtime_opts --with-wasmtime %endif +%if %{defined fedora} || (%{defined rhel} && 0%{?rhel} < 10) +%global system_yajl 1 +%else +%global yajl_opts --enable-embedded-yajl %endif Summary: OCI runtime written in C Name: crun -%if %{defined copr_username} +%if %{defined copr_build} Epoch: 102 %endif # DO NOT TOUCH the Version string! @@ -37,10 +42,10 @@ Epoch: 102 # If that's what you're reading, Version must be 0, and will be updated by Packit for # copr and koji builds. # If you're reading this on dist-git, the version is automatically filled in by Packit. -Version: 1.14.1 +Version: 1.21 Release: %autorelease URL: https://github.com/containers/%{name} -Source0: %{url}/releases/download/%{version}/%{name}-%{version}.tar.xz +Source0: %{url}/releases/download/%{version}/%{name}-%{version}.tar.zst License: GPL-2.0-only %if %{defined golang_arches_future} ExclusiveArch: %{golang_arches_future} @@ -57,25 +62,22 @@ BuildRequires: libcap-devel BuildRequires: libkrun-devel %endif BuildRequires: systemd-devel +%if %{defined system_yajl} BuildRequires: yajl-devel +%endif BuildRequires: libseccomp-devel BuildRequires: python3-libmount BuildRequires: libtool BuildRequires: protobuf-c-devel +%ifnarch riscv64 BuildRequires: criu-devel >= 3.17.1-2 Recommends: criu >= 3.17.1 Recommends: criu-libs +%endif %if %{defined wasmedge_support} BuildRequires: wasmedge-devel %endif -%if %{defined wasmtime_support} -BuildRequires: wasmtime-c-api-devel -%endif -%if %{defined rhel} && 0%{?rhel} == 8 -BuildRequires: python3 -%else BuildRequires: python -%endif Provides: oci-runtime %description @@ -96,7 +98,11 @@ krun is a symlink to the %{name} binary, with libkrun as an additional dependenc %package wasm Summary: %{name} with wasm support Requires: %{name} = %{?epoch:%{epoch}:}%{version}-%{release} +# wasm packages are not present on RHEL yet and are currently a PITA to test +# Best to only include wasmedge as weak dep on rhel +%if %{defined fedora} Requires: wasm-library +%endif Recommends: wasmedge %description wasm @@ -108,21 +114,13 @@ Recommends: wasmedge %build ./autogen.sh -./configure --disable-silent-rules %{krun_opts} %{wasmedge_opts} %{wasmtime_opts} +./configure --disable-silent-rules %{krun_opts} %{wasmedge_opts} %{yajl_opts} %make_build %install %make_install prefix=%{_prefix} rm -rf %{buildroot}%{_prefix}/lib* -%if %{defined krun_support} -ln -s %{_bindir}/%{name} %{buildroot}%{_bindir}/krun -%endif - -%if %{defined wasm_support} -ln -s %{_bindir}/%{name} %{buildroot}%{_bindir}/%{name}-wasm -%endif - %files %license COPYING %{_bindir}/%{name} diff --git a/gating.yaml b/gating.yaml new file mode 100644 index 0000000..f86de09 --- /dev/null +++ b/gating.yaml @@ -0,0 +1,15 @@ +--- !Policy +product_versions: + - fedora-* +decision_contexts: + - bodhi_update_push_stable + - bodhi_update_push_testing +rules: + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} + +--- !Policy +product_versions: + - rhel-* +decision_context: osci_compose_gate +rules: + - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional} diff --git a/plans/main.fmf b/plans/main.fmf new file mode 100644 index 0000000..1328f77 --- /dev/null +++ b/plans/main.fmf @@ -0,0 +1,41 @@ +discover: + how: fmf +execute: + how: tmt +prepare: + - when: distro == centos-stream or distro == rhel + how: shell + script: | + dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-$(rpm --eval '%{?rhel}').noarch.rpm + dnf -y config-manager --set-enabled epel + order: 10 + - when: initiator == packit + how: shell + script: | + COPR_REPO_FILE="/etc/yum.repos.d/*podman-next*.repo" + if compgen -G $COPR_REPO_FILE > /dev/null; then + sed -i -n '/^priority=/!p;$apriority=1' $COPR_REPO_FILE + fi + dnf -y upgrade --allowerasing + order: 20 + - how: install + package: + - bats + - crun + - podman-tests + +/upstream: + summary: Run crun specific Podman system tests on upstream PRs + discover+: + filter: tag:upstream + adjust+: + - enabled: false + when: initiator is not defined or initiator != packit + +/downstream: + summary: Run crun specific Podman system tests on bodhi / errata and dist-git PRs + discover+: + filter: tag:downstream + adjust+: + - enabled: false + when: initiator == packit diff --git a/sources b/sources index 21b134f..0bdcdb2 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (crun-1.14.1.tar.xz) = 4a45941e8257b5180e30bcd5b40837c632261187508693002c02c33764bc8e031a3c9345d8a5e5989a5427c7f237595c457f1eb8cdc7967867976cc4abe6bc5a +SHA512 (crun-1.21.tar.zst) = 022bb56dbf20eb7c479b76a92fc55c69b219e36233ee7e588eb883afd092fb4aaeca842e64d83e53bbb08bd09f635d582a86824950971842b73921d1ce134bd1 diff --git a/tests/tmt/podman/system-test.fmf b/tests/tmt/podman/system-test.fmf new file mode 100644 index 0000000..1032f07 --- /dev/null +++ b/tests/tmt/podman/system-test.fmf @@ -0,0 +1,8 @@ +adjust: + duration: 10m + when: arch == aarch64 + +/system_test: + tag: [ upstream, downstream ] + summary: Run crun specific Podman tests + test: bash ./system-test.sh diff --git a/tests/tmt/podman/system-test.sh b/tests/tmt/podman/system-test.sh new file mode 100644 index 0000000..4d04562 --- /dev/null +++ b/tests/tmt/podman/system-test.sh @@ -0,0 +1,16 @@ +#!/usr/bin/env bash + +set -exo pipefail + +if [[ "$(id -u)" -ne 0 ]];then + echo "Please run this script as superuser" + exit 1 +fi + +cat /etc/redhat-release +rpm -q conmon containers-common crun podman podman-tests + +# Run crun specific podman tests +bats -t /usr/share/podman/test/system/030-run.bats +bats -t /usr/share/podman/test/system/075-exec.bats +bats -t /usr/share/podman/test/system/280-update.bats diff --git a/tests/tmt/sanity/config.json b/tests/tmt/sanity/config.json new file mode 100644 index 0000000..3a1f225 --- /dev/null +++ b/tests/tmt/sanity/config.json @@ -0,0 +1,180 @@ +{ + "ociVersion": "1.0.0", + "process": { + "terminal": false, + "user": { + "uid": 0, + "gid": 0 + }, + "args": [ + "sleep", "10" + ], + "env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "TERM=xterm" + ], + "cwd": "/", + "capabilities": { + "bounding": [ + "CAP_AUDIT_WRITE", + "CAP_KILL", + "CAP_NET_BIND_SERVICE" + ], + "effective": [ + "CAP_AUDIT_WRITE", + "CAP_KILL", + "CAP_NET_BIND_SERVICE" + ], + "inheritable": [ + ], + "permitted": [ + "CAP_AUDIT_WRITE", + "CAP_KILL", + "CAP_NET_BIND_SERVICE" + ], + "ambient": [ + "CAP_AUDIT_WRITE", + "CAP_KILL", + "CAP_NET_BIND_SERVICE" + ] + }, + "rlimits": [ + { + "type": "RLIMIT_NOFILE", + "hard": 1024, + "soft": 1024 + } + ], + "noNewPrivileges": true + }, + "root": { + "path": "rootfs", + "readonly": true + }, + "hostname": "crun", + "mounts": [ + { + "destination": "/proc", + "type": "proc", + "source": "proc" + }, + { + "destination": "/dev", + "type": "tmpfs", + "source": "tmpfs", + "options": [ + "nosuid", + "strictatime", + "mode=755", + "size=65536k" + ] + }, + { + "destination": "/dev/pts", + "type": "devpts", + "source": "devpts", + "options": [ + "nosuid", + "noexec", + "newinstance", + "ptmxmode=0666", + "mode=0620", + "gid=5" + ] + }, + { + "destination": "/dev/shm", + "type": "tmpfs", + "source": "shm", + "options": [ + "nosuid", + "noexec", + "nodev", + "mode=1777", + "size=65536k" + ] + }, + { + "destination": "/dev/mqueue", + "type": "mqueue", + "source": "mqueue", + "options": [ + "nosuid", + "noexec", + "nodev" + ] + }, + { + "destination": "/sys", + "type": "sysfs", + "source": "sysfs", + "options": [ + "nosuid", + "noexec", + "nodev", + "ro" + ] + }, + { + "destination": "/sys/fs/cgroup", + "type": "cgroup", + "source": "cgroup", + "options": [ + "nosuid", + "noexec", + "nodev", + "relatime", + "ro" + ] + } + ], + "linux": { + "resources": { + "devices": [ + { + "allow": false, + "access": "rwm" + } + ] + }, + "namespaces": [ + { + "type": "pid" + }, + { + "type": "network" + }, + { + "type": "ipc" + }, + { + "type": "uts" + }, + { + "type": "cgroup" + }, + { + "type": "mount" + } + ], + "maskedPaths": [ + "/proc/acpi", + "/proc/asound", + "/proc/kcore", + "/proc/keys", + "/proc/latency_stats", + "/proc/timer_list", + "/proc/timer_stats", + "/proc/sched_debug", + "/sys/firmware", + "/proc/scsi" + ], + "readonlyPaths": [ + "/proc/bus", + "/proc/fs", + "/proc/irq", + "/proc/sys", + "/proc/sysrq-trigger" + ] + } +} diff --git a/tests/tmt/sanity/main.fmf b/tests/tmt/sanity/main.fmf new file mode 100644 index 0000000..6355ff6 --- /dev/null +++ b/tests/tmt/sanity/main.fmf @@ -0,0 +1,4 @@ +summary: Sanity test for crun +tag: ['upstream', 'downstream'] +test: bash ./runtest.sh +duration: 10m diff --git a/tests/tmt/sanity/runtest.sh b/tests/tmt/sanity/runtest.sh new file mode 100644 index 0000000..d1d453c --- /dev/null +++ b/tests/tmt/sanity/runtest.sh @@ -0,0 +1,91 @@ +#!/usr/bin/env bash + +set -exo pipefail + +TEMPDIR=$(mktemp -d) +TESTIMG="quay.io/libpod/busybox" +CNAME="mycont-$RANDOM" + +cat /etc/redhat-release +uname -r +rpm -q crun criu + +crun --version +[ $? -ne 0 ] && exit 1 + +crun features +[ $? -ne 0 ] && exit 1 + +crun list +[ $? -ne 0 ] && exit 1 + +# create the top most bundle and rootfs directory +mkdir -p $TEMPDIR/rootfs + +# export busybox via podman into the rootfs directory +podman export $(podman create $TESTIMG) | tar -C $TEMPDIR/rootfs -xvf - +[ $? -ne 0 ] && exit 1 + +# use existing spec +cp ./config.json $TEMPDIR +ls $TEMPDIR +cd $TEMPDIR + +crun create $CNAME +[ $? -ne 0 ] && exit 1 + +crun list +[ $? -ne 0 ] && exit 1 + +crun start $CNAME +[ $? -ne 0 ] && exit 1 + +crun list +[ $? -ne 0 ] && exit 1 + +crun state $CNAME +[ $? -ne 0 ] && exit 1 + +crun ps $CNAME +[ $? -ne 0 ] && exit 1 + +ret=$(crun exec $CNAME pwd) +[ $? -ne 0 ] || [ $ret != '/' ] && exit 1 + +crun pause $CNAME +[ $? -ne 0 ] && exit 1 + +crun state $CNAME +[ $? -ne 0 ] && exit 1 + +crun resume $CNAME +[ $? -ne 0 ] && exit 1 + +crun state $CNAME +[ $? -ne 0 ] && exit 1 + +ret=$(crun exec $CNAME pwd) +[ $? -ne 0 ] || [ $ret != '/' ] && exit 1 + +crun delete --force $CNAME +[ $? -ne 0 ] && exit 1 + +crun list +[ $? -ne 0 ] && exit 1 + +crun run $CNAME & +[ $? -ne 0 ] && exit 1 + +crun list +[ $? -ne 0 ] && exit 1 + +# make sure the container is running state +sleep 2 + +ret=$(crun exec $CNAME echo 'ok') +[ $? -ne 0 ] || [ $ret != 'ok' ] && exit 1 + +crun kill $CNAME +[ $? -ne 0 ] && exit 1 + +exit 0