diff --git a/.fmf/version b/.fmf/version new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/.gitignore b/.gitignore index 573ee2f..62eb9bc 100644 --- a/.gitignore +++ b/.gitignore @@ -87,3 +87,18 @@ crun-0.1.1.tar.gz /crun-1.14.3.tar.xz /crun-1.14.4.tar.xz /crun-1.15.tar.zst +/crun-1.17.tar.zst +/crun-1.18.tar.zst +/crun-1.18.1.tar.zst +/crun-1.18.2.tar.zst +/crun-1.19.tar.zst +/crun-1.19.1.tar.zst +/crun-1.20.tar.zst +/crun-1.21.tar.zst +/crun-1.22.tar.zst +/crun-1.23.tar.zst +/crun-1.23.1.tar.zst +/crun-1.24.tar.zst +/crun-1.25.tar.zst +/crun-1.25.1.tar.zst +/crun-1.26.tar.zst diff --git a/.packit.yaml b/.packit.yaml index 734d5a6..b7dc6ae 100644 --- a/.packit.yaml +++ b/.packit.yaml @@ -4,6 +4,24 @@ downstream_package_name: crun +# Ref: https://packit.dev/docs/configuration#files_to_sync +files_to_sync: + - src: rpm/gating.yaml + dest: gating.yaml + - src: plans/ + dest: plans/ + delete: true + mkpath: true + - src: tests/tmt/ + dest: tests/tmt/ + delete: true + mkpath: true + - src: .fmf/ + dest: .fmf/ + delete: true + mkpath: true + - .packit.yaml + packages: crun-fedora: pkg_tool: fedpkg @@ -11,6 +29,8 @@ packages: crun-centos: pkg_tool: centpkg specfile_path: rpm/crun.spec + crun-eln: + specfile_path: rpm/crun.spec srpm_build_deps: - git-archive-all @@ -29,9 +49,15 @@ jobs: notifications: &copr_build_failure_notification failure_comment: message: "Ephemeral COPR build failed. @containers/packit-build please check." - targets: + targets: &fedora_copr_targets - fedora-all-x86_64 - fedora-all-aarch64 + + - job: copr_build + trigger: pull_request + packages: [crun-eln] + notifications: *copr_build_failure_notification + targets: - fedora-eln-x86_64 - fedora-eln-aarch64 @@ -39,9 +65,7 @@ jobs: trigger: pull_request packages: [crun-centos] notifications: *copr_build_failure_notification - targets: - - epel-9-x86_64 - - epel-9-aarch64 + targets: ¢os_copr_targets - centos-stream-9-x86_64 - centos-stream-9-aarch64 - centos-stream-10-x86_64 @@ -50,6 +74,7 @@ jobs: # Run on commit to main branch - job: copr_build trigger: commit + packages: [crun-fedora] notifications: failure_comment: message: "podman-next COPR build failed. @containers/packit-build please check." @@ -61,70 +86,55 @@ jobs: - job: tests trigger: pull_request packages: [crun-fedora] - notifications: &podman_system_test_fail_notification + notifications: &test_failure_notification failure_comment: - message: "podman system tests failed. @containers/packit-build please check." - targets: - - fedora-all-x86_64 - - fedora-all-aarch64 - identifier: podman_system_test_fedora - tmt_plan: "/plans/podman_system_test" + message: "TMT tests failed. @containers/packit-build please check." + targets: *fedora_copr_targets + tf_extra_params: + environments: + - artifacts: + - type: repository-file + id: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/repo/fedora-$releasever/rhcontainerbot-podman-next-fedora-$releasever.repo - # Podman system tests for Fedora and CentOS Stream + # Podman system tests for CentOS Stream - job: tests trigger: pull_request packages: [crun-centos] - notifications: *podman_system_test_fail_notification + notifications: *test_failure_notification + # TODO: Re-enable centos-stream-10-x86_64 once criu issues are solved + # Ref: https://github.com/containers/crun/pull/1758#issuecomment-2901772392 + # Issue filed: https://github.com/containers/crun/issues/1759 + #targets: *centos_copr_targets targets: - centos-stream-9-x86_64 - centos-stream-9-aarch64 - # TODO: Enable cs10 tests after netavark has finished defaulting to - # nftables - #- centos-stream-10-x86_64 - #- centos-stream-10-aarch64 - identifier: podman_system_test_centos - tmt_plan: "/plans/podman_system_test" - - # Podman system tests for RHEL - - job: tests - trigger: pull_request - packages: [crun-centos] - use_internal_tf: true - notifications: *podman_system_test_fail_notification - targets: - epel-9-x86_64: - distros: [RHEL-9.4.0-Nightly,RHEL-9-Nightly] - epel-9-aarch64: - distros: [RHEL-9.4.0-Nightly,RHEL-9-Nightly] - # TODO: Enable cs10 tests after netavark has finished defaulting to - # nftables - #centos-stream-10-x86_64: - # distros: [RHEL-10-Beta-Nightly] - #centos-stream-10-aarch64: - # distros: [RHEL-10-Beta-Nightly] - identifier: podman_system_test_internal - tmt_plan: "/plans/podman_system_test" + - centos-stream-10-aarch64 + tf_extra_params: + environments: + - artifacts: + - type: repository-file + id: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/repo/centos-stream-$releasever/rhcontainerbot-podman-next-centos-stream-$releasever.repo - job: propose_downstream trigger: release packages: [crun-fedora] - update_release: false - dist_git_branches: + dist_git_branches: &fedora_targets - fedora-all + # Disabled until we're switching to Packit for CentOS Stream - job: propose_downstream - trigger: release + trigger: ignore packages: [crun-centos] - update_release: false dist_git_branches: - c10s - job: koji_build trigger: commit - dist_git_branches: - - fedora-all + packages: [crun-fedora] + dist_git_branches: *fedora_targets - job: bodhi_update trigger: commit + packages: [crun-fedora] dist_git_branches: - fedora-branched # rawhide updates are created automatically diff --git a/README.packit b/README.packit index 066b312..9bb65f0 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 0.95.0.post1.dev8+gce6bd577. +The file was generated using packit 1.13.0.post1.dev2+g84134016c. diff --git a/crun.spec b/crun.spec index f8f06c4..5cfc631 100644 --- a/crun.spec +++ b/crun.spec @@ -1,32 +1,31 @@ %global krun_opts %{nil} %global wasmedge_opts %{nil} -%global wasmtime_opts %{nil} +%global yajl_opts %{nil} -# krun and wasm[edge,time] support only on aarch64 and x86_64 -%ifarch aarch64 || x86_64 -%global wasm_support 1 - -%if %{defined copr_project} +%if %{defined copr_username} %define copr_build 1 %endif -%if %{defined fedora} || %{defined copr_build} +# krun and wasm support only on aarch64 and x86_64 +%ifarch aarch64 || x86_64 + +%if %{defined fedora} +# krun only exists on fedora +%global krun_support 1 +%global krun_opts --with-libkrun + +# Keep wasmedge enabled only on Fedora. It breaks a lot on EPEL. +%global wasm_support 1 %global wasmedge_support 1 %global wasmedge_opts --with-wasmedge %endif -# krun only exists on fedora -%if %{defined fedora} -%global krun_support 1 -%global krun_opts --with-libkrun -%endif - -# wasmtime exists only on podman-next copr for now -%if %{defined copr_project} && "%{?copr_project}" == "podman-next" -%global wasmtime_support 1 -%global wasmtime_opts --with-wasmtime %endif +%if %{defined fedora} || (%{defined rhel} && 0%{?rhel} < 10) +%global system_yajl 1 +%else +%global yajl_opts --enable-embedded-yajl %endif Summary: OCI runtime written in C @@ -40,7 +39,7 @@ Epoch: 102 # If that's what you're reading, Version must be 0, and will be updated by Packit for # copr and koji builds. # If you're reading this on dist-git, the version is automatically filled in by Packit. -Version: 1.15 +Version: 1.26 Release: %autorelease URL: https://github.com/containers/%{name} Source0: %{url}/releases/download/%{version}/%{name}-%{version}.tar.zst @@ -60,7 +59,9 @@ BuildRequires: libcap-devel BuildRequires: libkrun-devel %endif BuildRequires: systemd-devel +%if %{defined system_yajl} BuildRequires: yajl-devel +%endif BuildRequires: libseccomp-devel BuildRequires: python3-libmount BuildRequires: libtool @@ -71,10 +72,8 @@ Recommends: criu-libs %if %{defined wasmedge_support} BuildRequires: wasmedge-devel %endif -%if %{defined wasmtime_support} -BuildRequires: wasmtime-c-api-devel -%endif BuildRequires: python +BuildRequires: glibc-static Provides: oci-runtime %description @@ -95,12 +94,10 @@ krun is a symlink to the %{name} binary, with libkrun as an additional dependenc %package wasm Summary: %{name} with wasm support Requires: %{name} = %{?epoch:%{epoch}:}%{version}-%{release} -# The hard dep on wasm-library is causing trouble in internal testing farm -# with RHEL. +# wasm packages are not present on RHEL yet and are currently a PITA to test +# Best to only include wasmedge as weak dep on rhel %if %{defined fedora} Requires: wasm-library -%else -Recommends: wasm-library %endif Recommends: wasmedge @@ -113,20 +110,15 @@ Recommends: wasmedge %build ./autogen.sh -./configure --disable-silent-rules %{krun_opts} %{wasmedge_opts} %{wasmtime_opts} +./configure --disable-silent-rules %{krun_opts} %{wasmedge_opts} %{yajl_opts} %make_build %install %make_install prefix=%{_prefix} rm -rf %{buildroot}%{_prefix}/lib* -%if %{defined krun_support} -ln -s %{name} %{buildroot}%{_bindir}/krun -%endif - -%if %{defined wasm_support} -ln -s %{name} %{buildroot}%{_bindir}/%{name}-wasm -%endif +# Placeholder check to silence rpmlint +%check %files %license COPYING diff --git a/gating.yaml b/gating.yaml new file mode 100644 index 0000000..f86de09 --- /dev/null +++ b/gating.yaml @@ -0,0 +1,15 @@ +--- !Policy +product_versions: + - fedora-* +decision_contexts: + - bodhi_update_push_stable + - bodhi_update_push_testing +rules: + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} + +--- !Policy +product_versions: + - rhel-* +decision_context: osci_compose_gate +rules: + - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional} diff --git a/plans/main.fmf b/plans/main.fmf new file mode 100644 index 0000000..7a4ae15 --- /dev/null +++ b/plans/main.fmf @@ -0,0 +1,40 @@ +discover: + how: fmf +execute: + how: tmt +prepare: + - when: distro == centos-stream or distro == rhel + how: shell + script: | + dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-$(rpm --eval '%{?rhel}').noarch.rpm + dnf -y config-manager --set-enabled epel + order: 10 + - when: initiator == packit + how: shell + script: | + COPR_REPO_FILE="/etc/yum.repos.d/*podman-next*.repo" + if compgen -G $COPR_REPO_FILE > /dev/null; then + sed -i -n '/^priority=/!p;$apriority=1' $COPR_REPO_FILE + fi + dnf -y upgrade --allowerasing + order: 20 + - how: install + package: + - bats + - crun + - podman-tests + +/shellcheck: + discover+: + filter: 'tag:shellcheck' + enabled: true + adjust: + enabled: false + when: distro == centos-stream-10 or distro == rhel-10 + prepare+: + - how: install + package: ShellCheck + +/tests: + discover+: + filter: 'tag:podman | tag:sanity' diff --git a/plans/tmt.fmf b/plans/tmt.fmf new file mode 100644 index 0000000..1941978 --- /dev/null +++ b/plans/tmt.fmf @@ -0,0 +1,9 @@ +/: + inherit: false + +summary: Run tmt's integration tests +plan: + import: + url: https://github.com/teemtee/tmt + path: /plans/friends + name: /podman diff --git a/sources b/sources index 7bf880b..233ea40 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (crun-1.15.tar.zst) = a6e141f372817ed8ad1776c3ee272f68fa69680ef4d51b56643c0e4985016a5a6a415cc8623aa211c511916f2c61a417864c24c8d35fde594b624c666a9cca32 +SHA512 (crun-1.26.tar.zst) = 0785af6095a26290f433c5739bea5d98a029c3f0e8efbeed420481849ebddd70acde6c1105133c392abf26bca90d232cced5e5994da7506d66a020a02c129fb3 diff --git a/tests/tmt/podman/system-test.fmf b/tests/tmt/podman/system-test.fmf new file mode 100644 index 0000000..8df55c2 --- /dev/null +++ b/tests/tmt/podman/system-test.fmf @@ -0,0 +1,7 @@ +adjust: + duration: 10m + when: arch == aarch64 + +summary: Run crun specific Podman tests +test: bash ./system-test.sh +tag: [ podman ] diff --git a/tests/tmt/podman/system-test.sh b/tests/tmt/podman/system-test.sh new file mode 100644 index 0000000..974f829 --- /dev/null +++ b/tests/tmt/podman/system-test.sh @@ -0,0 +1,17 @@ +#!/usr/bin/env bash + +set -exo pipefail + +if [[ "$(id -u)" -ne 0 ]];then + echo "Please run this script as superuser" + exit 1 +fi + +cat /etc/redhat-release +rpm -q conmon containers-common crun podman podman-tests + +# Run crun specific podman tests +bats -t /usr/share/podman/test/system/030-run.bats +bats -t /usr/share/podman/test/system/075-exec.bats +bats -t /usr/share/podman/test/system/280-update.bats +bats -t /usr/share/podman/test/system/520-checkpoint.bats diff --git a/tests/tmt/sanity/config.json b/tests/tmt/sanity/config.json new file mode 100644 index 0000000..3a1f225 --- /dev/null +++ b/tests/tmt/sanity/config.json @@ -0,0 +1,180 @@ +{ + "ociVersion": "1.0.0", + "process": { + "terminal": false, + "user": { + "uid": 0, + "gid": 0 + }, + "args": [ + "sleep", "10" + ], + "env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "TERM=xterm" + ], + "cwd": "/", + "capabilities": { + "bounding": [ + "CAP_AUDIT_WRITE", + "CAP_KILL", + "CAP_NET_BIND_SERVICE" + ], + "effective": [ + "CAP_AUDIT_WRITE", + "CAP_KILL", + "CAP_NET_BIND_SERVICE" + ], + "inheritable": [ + ], + "permitted": [ + "CAP_AUDIT_WRITE", + "CAP_KILL", + "CAP_NET_BIND_SERVICE" + ], + "ambient": [ + "CAP_AUDIT_WRITE", + "CAP_KILL", + "CAP_NET_BIND_SERVICE" + ] + }, + "rlimits": [ + { + "type": "RLIMIT_NOFILE", + "hard": 1024, + "soft": 1024 + } + ], + "noNewPrivileges": true + }, + "root": { + "path": "rootfs", + "readonly": true + }, + "hostname": "crun", + "mounts": [ + { + "destination": "/proc", + "type": "proc", + "source": "proc" + }, + { + "destination": "/dev", + "type": "tmpfs", + "source": "tmpfs", + "options": [ + "nosuid", + "strictatime", + "mode=755", + "size=65536k" + ] + }, + { + "destination": "/dev/pts", + "type": "devpts", + "source": "devpts", + "options": [ + "nosuid", + "noexec", + "newinstance", + "ptmxmode=0666", + "mode=0620", + "gid=5" + ] + }, + { + "destination": "/dev/shm", + "type": "tmpfs", + "source": "shm", + "options": [ + "nosuid", + "noexec", + "nodev", + "mode=1777", + "size=65536k" + ] + }, + { + "destination": "/dev/mqueue", + "type": "mqueue", + "source": "mqueue", + "options": [ + "nosuid", + "noexec", + "nodev" + ] + }, + { + "destination": "/sys", + "type": "sysfs", + "source": "sysfs", + "options": [ + "nosuid", + "noexec", + "nodev", + "ro" + ] + }, + { + "destination": "/sys/fs/cgroup", + "type": "cgroup", + "source": "cgroup", + "options": [ + "nosuid", + "noexec", + "nodev", + "relatime", + "ro" + ] + } + ], + "linux": { + "resources": { + "devices": [ + { + "allow": false, + "access": "rwm" + } + ] + }, + "namespaces": [ + { + "type": "pid" + }, + { + "type": "network" + }, + { + "type": "ipc" + }, + { + "type": "uts" + }, + { + "type": "cgroup" + }, + { + "type": "mount" + } + ], + "maskedPaths": [ + "/proc/acpi", + "/proc/asound", + "/proc/kcore", + "/proc/keys", + "/proc/latency_stats", + "/proc/timer_list", + "/proc/timer_stats", + "/proc/sched_debug", + "/sys/firmware", + "/proc/scsi" + ], + "readonlyPaths": [ + "/proc/bus", + "/proc/fs", + "/proc/irq", + "/proc/sys", + "/proc/sysrq-trigger" + ] + } +} diff --git a/tests/tmt/sanity/main.fmf b/tests/tmt/sanity/main.fmf new file mode 100644 index 0000000..ccfa4ca --- /dev/null +++ b/tests/tmt/sanity/main.fmf @@ -0,0 +1,4 @@ +summary: Sanity test for crun +test: bash ./runtest.sh +duration: 10m +tag: [ sanity ] diff --git a/tests/tmt/sanity/runtest.sh b/tests/tmt/sanity/runtest.sh new file mode 100644 index 0000000..3e13986 --- /dev/null +++ b/tests/tmt/sanity/runtest.sh @@ -0,0 +1,113 @@ +#!/usr/bin/env bash + +set -exo pipefail + +TEMPDIR=$(mktemp -d) +TESTIMG="quay.io/libpod/busybox" +CNAME="mycont-$RANDOM" + +cat /etc/redhat-release +uname -r +rpm -q crun criu + +if ! crun --version; then + exit 1 +fi + +if ! crun features; then + exit 1 +fi + +if ! crun list; then + exit 1 +fi + +# create the top most bundle and rootfs directory +mkdir -p "$TEMPDIR"/rootfs + +# export busybox via podman into the rootfs directory +if ! (podman export "$(podman create $TESTIMG)" | tar -C "$TEMPDIR"/rootfs -xvf -); then + exit 1 +fi + +# use existing spec +cp ./config.json "$TEMPDIR" +ls "$TEMPDIR" +cd "$TEMPDIR" + +if ! crun create $CNAME; then + exit 1 +fi + +if ! crun list; then + exit 1 +fi + +if ! crun start $CNAME; then + exit 1 +fi + +if ! crun list; then + exit 1 +fi + +if ! crun state $CNAME; then + exit 1 +fi + +if ! crun ps $CNAME; then + exit 1 +fi + +if ! ret=$(crun exec $CNAME pwd) || [[ "$ret" != '/' ]]; then + exit 1 +fi + +if ! crun pause $CNAME; then + exit 1 +fi + +if ! crun state $CNAME; then + exit 1 +fi + +if ! crun resume $CNAME; then + exit 1 +fi + +if ! crun state $CNAME; then + exit 1 +fi + +if ! ret=$(crun exec $CNAME pwd) || [[ "$ret" != '/' ]]; then + exit 1 +fi + +if ! crun delete --force $CNAME; then + exit 1 +fi + +if ! crun list; then + exit 1 +fi + +if ! (crun run $CNAME &); then + exit 1 +fi + +if ! crun list; then + exit 1 +fi + +# make sure the container is running state +sleep 2 + +if ! ret=$(crun exec $CNAME echo 'ok') || [[ "$ret" != 'ok' ]]; then + exit 1 +fi + +if ! crun kill $CNAME; then + exit 1 +fi + +exit 0 diff --git a/tests/tmt/shellcheck/main.fmf b/tests/tmt/shellcheck/main.fmf new file mode 100644 index 0000000..7d220b4 --- /dev/null +++ b/tests/tmt/shellcheck/main.fmf @@ -0,0 +1,4 @@ +summary: Shellcheck tests +test: find ../ -type f -name "*.sh" -exec shellcheck {} + +duration: 10m +tag: [ shellcheck ]