From 99a966ec972762fb7df37043ddcdc2fcd806cfa5 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Thu, 5 Mar 2020 16:17:42 +0100 Subject: [PATCH 01/29] crun-0.13-1 Signed-off-by: Giuseppe Scrivano --- .gitignore | 1 + crun.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index d183969..1d9fdb6 100644 --- a/.gitignore +++ b/.gitignore @@ -17,3 +17,4 @@ crun-0.1.1.tar.gz /crun-0.12.1.tar.gz /crun-0.12.2.tar.gz /crun-0.12.2.1.tar.gz +/crun-0.13.tar.gz diff --git a/crun.spec b/crun.spec index 063c946..c9a269c 100644 --- a/crun.spec +++ b/crun.spec @@ -1,6 +1,6 @@ Summary: OCI runtime written in C Name: crun -Version: 0.12.2.1 +Version: 0.13 Release: 1%{?dist} Source0: https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.gz License: GPLv3+ @@ -44,6 +44,9 @@ rm -rf $RPM_BUILD_ROOT/usr/lib* %{_mandir}/man1/* %changelog +* Thu Mar 05 2020 Giuseppe Scrivano - 0.13-1 +- built version 0.13 + * Mon Feb 17 2020 Giuseppe Scrivano - 0.12.2.1-1 - built version 0.12.2.1 diff --git a/sources b/sources index b55823f..27ddfc5 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (crun-0.12.2.1.tar.gz) = aaae4c9cc9bd4b51f22dbe519a3d208be775d96ca0bff9e6ac5e69e8e775e466bbef785423858515854f4e3bd23735e48e2c7ae709097a070fc52c46631fd6e6 +SHA512 (crun-0.13.tar.gz) = 314612eaf3097160e9369b3400ac8a83e173ef1a53295191c925e96212ba00d032883db1e4615b8ba42ddb08f1e31ca5e5088ea583a469835ac3c27087a88d6e From 6f3c6f944abf28d5f4e42e6692a19049b8fbf3d6 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Thu, 9 Apr 2020 12:28:09 +0200 Subject: [PATCH 02/29] crun-0.13-2 Signed-off-by: Giuseppe Scrivano --- 0001-linux-do-not-mount-label-cgroup.patch | 65 ++++++++++++++++++++++ crun.spec | 9 ++- 2 files changed, 72 insertions(+), 2 deletions(-) create mode 100644 0001-linux-do-not-mount-label-cgroup.patch diff --git a/0001-linux-do-not-mount-label-cgroup.patch b/0001-linux-do-not-mount-label-cgroup.patch new file mode 100644 index 0000000..fbe1f09 --- /dev/null +++ b/0001-linux-do-not-mount-label-cgroup.patch @@ -0,0 +1,65 @@ +From ef38609ef628594da7b8adf94b6fcd5d14c88af7 Mon Sep 17 00:00:00 2001 +From: Giuseppe Scrivano +Date: Wed, 8 Apr 2020 16:47:22 +0200 +Subject: [PATCH] linux: do not mount label cgroup + +skip setting a context= option when mounting cgroup. At least Linux +5.6 fails with EINVAL if it set. + +Signed-off-by: Giuseppe Scrivano +--- + src/libcrun/linux.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/src/libcrun/linux.c b/src/libcrun/linux.c +index 6836326..92b2055 100644 +--- a/src/libcrun/linux.c ++++ b/src/libcrun/linux.c +@@ -602,7 +602,7 @@ do_mount_cgroup_v2 (libcrun_container_t *container, + { + crun_error_release (err); + +- ret = do_mount (container, "/sys/fs/cgroup", targetfd, target, NULL, MS_BIND | mountflags, NULL, 0, err); ++ ret = do_mount (container, "/sys/fs/cgroup", targetfd, target, NULL, MS_BIND | mountflags, NULL, 1, err); + } + return ret; + } +@@ -648,7 +648,7 @@ do_mount_cgroup_v1 (libcrun_container_t *container, + if (UNLIKELY (subsystems == NULL)) + return -1; + +- ret = do_mount (container, source, targetfd, target, "tmpfs", mountflags, "size=1024k", 0, err); ++ ret = do_mount (container, source, targetfd, target, "tmpfs", mountflags, "size=1024k", 1, err); + if (UNLIKELY (ret < 0)) + return ret; + +@@ -704,7 +704,7 @@ do_mount_cgroup_v1 (libcrun_container_t *container, + + if (has_cgroupns) + { +- ret = do_mount (container, source_path, subsystemfd, subsystem_path, "cgroup", mountflags, subsystem_fqn, 0, err); ++ ret = do_mount (container, source_path, subsystemfd, subsystem_path, "cgroup", mountflags, subsystem_fqn, 1, err); + if (UNLIKELY (ret < 0)) + { + if (crun_error_get_errno (err) == ENOENT || crun_error_get_errno (err) == ENODEV) +@@ -718,7 +718,7 @@ do_mount_cgroup_v1 (libcrun_container_t *container, + } + else + { +- ret = do_mount (container, source_path, subsystemfd, subsystem_path, NULL, MS_BIND | mountflags, NULL, 0, err); ++ ret = do_mount (container, source_path, subsystemfd, subsystem_path, NULL, MS_BIND | mountflags, NULL, 1, err); + if (UNLIKELY (ret < 0)) + { + if (crun_error_get_errno (err) != ENOENT) +@@ -727,7 +727,7 @@ do_mount_cgroup_v1 (libcrun_container_t *container, + crun_error_release (err); + + /* We might already be in a container. Mount the source subsystem. */ +- ret = do_mount (container, source_subsystem, subsystemfd, subsystem_path, NULL, MS_BIND | mountflags, NULL, 0, err); ++ ret = do_mount (container, source_subsystem, subsystemfd, subsystem_path, NULL, MS_BIND | mountflags, NULL, 1, err); + if (UNLIKELY (ret < 0)) + return ret; + } +-- +2.25.1 + diff --git a/crun.spec b/crun.spec index c9a269c..678bbd6 100644 --- a/crun.spec +++ b/crun.spec @@ -1,7 +1,7 @@ Summary: OCI runtime written in C Name: crun Version: 0.13 -Release: 1%{?dist} +Release: 2%{?dist} Source0: https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.gz License: GPLv3+ URL: https://github.com/containers/crun @@ -22,11 +22,13 @@ BuildRequires: libtool BuildRequires: go-md2man Provides: oci-runtime = 2 +Patch0: 0001-linux-do-not-mount-label-cgroup.patch + %description crun is a runtime for running OCI containers %prep -%autosetup -n %{name}-%{version} +%autosetup -p1 -n %{name}-%{version} %build ./autogen.sh @@ -44,6 +46,9 @@ rm -rf $RPM_BUILD_ROOT/usr/lib* %{_mandir}/man1/* %changelog +* Thu Apr 09 2020 Giuseppe Scrivano - 0.13-2 +- fix cgroup v1 mount on Linux 5.6 + * Thu Mar 05 2020 Giuseppe Scrivano - 0.13-1 - built version 0.13 From 2a858266c1b3cc11b5a8a1e85508b9a1e5002525 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Mon, 18 May 2020 09:13:53 +0000 Subject: [PATCH 03/29] crun-0.13-1 Signed-off-by: RH Container Bot --- crun.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/crun.spec b/crun.spec index 678bbd6..958c3a9 100644 --- a/crun.spec +++ b/crun.spec @@ -1,7 +1,7 @@ Summary: OCI runtime written in C Name: crun Version: 0.13 -Release: 2%{?dist} +Release: 1%{?dist} Source0: https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.gz License: GPLv3+ URL: https://github.com/containers/crun @@ -46,6 +46,9 @@ rm -rf $RPM_BUILD_ROOT/usr/lib* %{_mandir}/man1/* %changelog +* Mon May 18 2020 RH Container Bot - 0.13-1 +- autobuilt 0.13 + * Thu Apr 09 2020 Giuseppe Scrivano - 0.13-2 - fix cgroup v1 mount on Linux 5.6 From 0c02055b9518b6e8ab8506c95a64cea97bf79a92 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Thu, 2 Jul 2020 21:08:04 +0200 Subject: [PATCH 04/29] crun-0.14-1 Signed-off-by: Giuseppe Scrivano --- .gitignore | 1 + crun.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 1d9fdb6..1d2542e 100644 --- a/.gitignore +++ b/.gitignore @@ -18,3 +18,4 @@ crun-0.1.1.tar.gz /crun-0.12.2.tar.gz /crun-0.12.2.1.tar.gz /crun-0.13.tar.gz +/crun-0.14.tar.gz diff --git a/crun.spec b/crun.spec index 958c3a9..92ca860 100644 --- a/crun.spec +++ b/crun.spec @@ -1,6 +1,6 @@ Summary: OCI runtime written in C Name: crun -Version: 0.13 +Version: 0.14 Release: 1%{?dist} Source0: https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.gz License: GPLv3+ @@ -46,6 +46,9 @@ rm -rf $RPM_BUILD_ROOT/usr/lib* %{_mandir}/man1/* %changelog +* Thu Jul 02 2020 Giuseppe Scrivano - 0.14-1 +- built version 0.14 + * Mon May 18 2020 RH Container Bot - 0.13-1 - autobuilt 0.13 diff --git a/sources b/sources index 27ddfc5..e4f6d19 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (crun-0.13.tar.gz) = 314612eaf3097160e9369b3400ac8a83e173ef1a53295191c925e96212ba00d032883db1e4615b8ba42ddb08f1e31ca5e5088ea583a469835ac3c27087a88d6e +SHA512 (crun-0.14.tar.gz) = a62e95945f94eb20b283bfd7ae24779b7f9b132521224f2a6db705967b53b049132c11a89dfb3ac385a2d6c2a7d9314d4a4b7f7585a516f170872d87ec36a6c0 From 3ece1ca12b57c6f72ca985ce1f2ab40ca3fa4a31 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Thu, 2 Jul 2020 22:38:19 +0200 Subject: [PATCH 05/29] crun.spec: remove unused patch Signed-off-by: Giuseppe Scrivano --- 0001-linux-do-not-mount-label-cgroup.patch | 65 ---------------------- crun.spec | 2 - 2 files changed, 67 deletions(-) delete mode 100644 0001-linux-do-not-mount-label-cgroup.patch diff --git a/0001-linux-do-not-mount-label-cgroup.patch b/0001-linux-do-not-mount-label-cgroup.patch deleted file mode 100644 index fbe1f09..0000000 --- a/0001-linux-do-not-mount-label-cgroup.patch +++ /dev/null @@ -1,65 +0,0 @@ -From ef38609ef628594da7b8adf94b6fcd5d14c88af7 Mon Sep 17 00:00:00 2001 -From: Giuseppe Scrivano -Date: Wed, 8 Apr 2020 16:47:22 +0200 -Subject: [PATCH] linux: do not mount label cgroup - -skip setting a context= option when mounting cgroup. At least Linux -5.6 fails with EINVAL if it set. - -Signed-off-by: Giuseppe Scrivano ---- - src/libcrun/linux.c | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/src/libcrun/linux.c b/src/libcrun/linux.c -index 6836326..92b2055 100644 ---- a/src/libcrun/linux.c -+++ b/src/libcrun/linux.c -@@ -602,7 +602,7 @@ do_mount_cgroup_v2 (libcrun_container_t *container, - { - crun_error_release (err); - -- ret = do_mount (container, "/sys/fs/cgroup", targetfd, target, NULL, MS_BIND | mountflags, NULL, 0, err); -+ ret = do_mount (container, "/sys/fs/cgroup", targetfd, target, NULL, MS_BIND | mountflags, NULL, 1, err); - } - return ret; - } -@@ -648,7 +648,7 @@ do_mount_cgroup_v1 (libcrun_container_t *container, - if (UNLIKELY (subsystems == NULL)) - return -1; - -- ret = do_mount (container, source, targetfd, target, "tmpfs", mountflags, "size=1024k", 0, err); -+ ret = do_mount (container, source, targetfd, target, "tmpfs", mountflags, "size=1024k", 1, err); - if (UNLIKELY (ret < 0)) - return ret; - -@@ -704,7 +704,7 @@ do_mount_cgroup_v1 (libcrun_container_t *container, - - if (has_cgroupns) - { -- ret = do_mount (container, source_path, subsystemfd, subsystem_path, "cgroup", mountflags, subsystem_fqn, 0, err); -+ ret = do_mount (container, source_path, subsystemfd, subsystem_path, "cgroup", mountflags, subsystem_fqn, 1, err); - if (UNLIKELY (ret < 0)) - { - if (crun_error_get_errno (err) == ENOENT || crun_error_get_errno (err) == ENODEV) -@@ -718,7 +718,7 @@ do_mount_cgroup_v1 (libcrun_container_t *container, - } - else - { -- ret = do_mount (container, source_path, subsystemfd, subsystem_path, NULL, MS_BIND | mountflags, NULL, 0, err); -+ ret = do_mount (container, source_path, subsystemfd, subsystem_path, NULL, MS_BIND | mountflags, NULL, 1, err); - if (UNLIKELY (ret < 0)) - { - if (crun_error_get_errno (err) != ENOENT) -@@ -727,7 +727,7 @@ do_mount_cgroup_v1 (libcrun_container_t *container, - crun_error_release (err); - - /* We might already be in a container. Mount the source subsystem. */ -- ret = do_mount (container, source_subsystem, subsystemfd, subsystem_path, NULL, MS_BIND | mountflags, NULL, 0, err); -+ ret = do_mount (container, source_subsystem, subsystemfd, subsystem_path, NULL, MS_BIND | mountflags, NULL, 1, err); - if (UNLIKELY (ret < 0)) - return ret; - } --- -2.25.1 - diff --git a/crun.spec b/crun.spec index 92ca860..5636b06 100644 --- a/crun.spec +++ b/crun.spec @@ -22,8 +22,6 @@ BuildRequires: libtool BuildRequires: go-md2man Provides: oci-runtime = 2 -Patch0: 0001-linux-do-not-mount-label-cgroup.patch - %description crun is a runtime for running OCI containers From fdd288dc9a5129542382ab62c45de4e403351c27 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Thu, 2 Jul 2020 22:53:56 +0200 Subject: [PATCH 06/29] crun-0.14-2 Signed-off-by: Giuseppe Scrivano --- crun.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crun.spec b/crun.spec index 5636b06..455f4a1 100644 --- a/crun.spec +++ b/crun.spec @@ -1,7 +1,7 @@ Summary: OCI runtime written in C Name: crun Version: 0.14 -Release: 1%{?dist} +Release: 2%{?dist} Source0: https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.gz License: GPLv3+ URL: https://github.com/containers/crun From f9a202b71b9abc9ac1ba3c219fde633d35aac15f Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Tue, 7 Jul 2020 18:43:40 +0000 Subject: [PATCH 07/29] crun-0.14-1 Signed-off-by: RH Container Bot --- crun.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/crun.spec b/crun.spec index 455f4a1..8b73201 100644 --- a/crun.spec +++ b/crun.spec @@ -1,7 +1,7 @@ Summary: OCI runtime written in C Name: crun Version: 0.14 -Release: 2%{?dist} +Release: 1%{?dist} Source0: https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.gz License: GPLv3+ URL: https://github.com/containers/crun @@ -44,6 +44,9 @@ rm -rf $RPM_BUILD_ROOT/usr/lib* %{_mandir}/man1/* %changelog +* Tue Jul 07 2020 RH Container Bot - 0.14-1 +- autobuilt 0.14 + * Thu Jul 02 2020 Giuseppe Scrivano - 0.14-1 - built version 0.14 From 394f4b596dc7f378fcfbb0a99ec92405e353d6f5 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Wed, 8 Jul 2020 09:32:06 +0200 Subject: [PATCH 08/29] crun-0.14.1-1 Signed-off-by: Giuseppe Scrivano --- .gitignore | 1 + crun.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 1d2542e..ce20ab0 100644 --- a/.gitignore +++ b/.gitignore @@ -19,3 +19,4 @@ crun-0.1.1.tar.gz /crun-0.12.2.1.tar.gz /crun-0.13.tar.gz /crun-0.14.tar.gz +/crun-0.14.1.tar.gz diff --git a/crun.spec b/crun.spec index 8b73201..c49dbc7 100644 --- a/crun.spec +++ b/crun.spec @@ -1,6 +1,6 @@ Summary: OCI runtime written in C Name: crun -Version: 0.14 +Version: 0.14.1 Release: 1%{?dist} Source0: https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.gz License: GPLv3+ @@ -44,6 +44,9 @@ rm -rf $RPM_BUILD_ROOT/usr/lib* %{_mandir}/man1/* %changelog +* Wed Jul 08 2020 Giuseppe Scrivano - 0.14.1-1 +- built version 0.14.1 + * Tue Jul 07 2020 RH Container Bot - 0.14-1 - autobuilt 0.14 diff --git a/sources b/sources index e4f6d19..0d91064 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (crun-0.14.tar.gz) = a62e95945f94eb20b283bfd7ae24779b7f9b132521224f2a6db705967b53b049132c11a89dfb3ac385a2d6c2a7d9314d4a4b7f7585a516f170872d87ec36a6c0 +SHA512 (crun-0.14.1.tar.gz) = 420f1713653cbd17df83b2a63d163aaa41baf78115b093877a2241305e10b2ceeaf08ea6700658eca894729ff8a20cbc66f868d18d27fba3fbedf1a9993b122e From 9b4c9717b6c004fcaf248e240f0398a0b53ecad4 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Thu, 27 Aug 2020 13:53:39 +0200 Subject: [PATCH 09/29] crun-0.14.1-3 Signed-off-by: Giuseppe Scrivano --- ...x-race-condition-when-reading-cgroup.patch | 42 +++++++++++++++++++ crun.spec | 5 +++ 2 files changed, 47 insertions(+) create mode 100644 0001-state-fix-race-condition-when-reading-cgroup.patch diff --git a/0001-state-fix-race-condition-when-reading-cgroup.patch b/0001-state-fix-race-condition-when-reading-cgroup.patch new file mode 100644 index 0000000..cbdaf76 --- /dev/null +++ b/0001-state-fix-race-condition-when-reading-cgroup.patch @@ -0,0 +1,42 @@ +From 1a71c82ea9fd3561b16e2730bea9673219c15843 Mon Sep 17 00:00:00 2001 +From: Giuseppe Scrivano +Date: Thu, 27 Aug 2020 12:10:21 +0200 +Subject: [PATCH] state: fix race condition when reading cgroup + +by the time crun attempts to read from the cgroup, systemd might have +already cleaned it up. When using systemd, on ENOENT state reports +the container as "stopped" instead of an error. + +Closes: https://github.com/containers/podman/issues/7148 + +Signed-off-by: Giuseppe Scrivano +--- + src/libcrun/container.c | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +diff --git a/src/libcrun/container.c b/src/libcrun/container.c +index 3723300..289e551 100644 +--- a/src/libcrun/container.c ++++ b/src/libcrun/container.c +@@ -2112,7 +2112,17 @@ libcrun_get_container_state_string (const char *id, libcrun_container_status_t * + + ret = libcrun_cgroup_is_container_paused (status->cgroup_path, cgroup_mode, &paused, err); + if (UNLIKELY (ret < 0)) +- return ret; ++ { ++ /* The cgroup might have been cleaned up by systemd by the time we try to read it, so ignore ENOENT. */ ++ if (status->systemd_cgroup && crun_error_get_errno (err) == ENOENT) ++ { ++ crun_error_release (err); ++ *container_status = "stopped"; ++ return 0; ++ } ++ ++ return ret; ++ } + } + + if (! *running) +-- +2.26.2 + diff --git a/crun.spec b/crun.spec index c49dbc7..e183f04 100644 --- a/crun.spec +++ b/crun.spec @@ -22,6 +22,8 @@ BuildRequires: libtool BuildRequires: go-md2man Provides: oci-runtime = 2 +Patch0: 0001-state-fix-race-condition-when-reading-cgroup.patch + %description crun is a runtime for running OCI containers @@ -44,6 +46,9 @@ rm -rf $RPM_BUILD_ROOT/usr/lib* %{_mandir}/man1/* %changelog +* Thu Aug 27 2020 Giuseppe Scrivano - 0.14.1-3 +- backport ed9c3e6f466dfb6d2e79802060fabd5f4b66f78e + * Wed Jul 08 2020 Giuseppe Scrivano - 0.14.1-1 - built version 0.14.1 From 8a31496c5c5ace13e5be303ddb47af27d490753c Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Thu, 27 Aug 2020 14:00:03 +0200 Subject: [PATCH 10/29] fix-nvr Signed-off-by: Giuseppe Scrivano --- crun.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crun.spec b/crun.spec index e183f04..afb9b05 100644 --- a/crun.spec +++ b/crun.spec @@ -1,7 +1,7 @@ Summary: OCI runtime written in C Name: crun Version: 0.14.1 -Release: 1%{?dist} +Release: 3%{?dist} Source0: https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.gz License: GPLv3+ URL: https://github.com/containers/crun From 98b1ba02049d617b04ee74dd753e14248cb8ba6e Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 31 Aug 2020 14:47:08 -0400 Subject: [PATCH 11/29] crun-0.14.1-4 - rebuild Signed-off-by: Lokesh Mandvekar --- crun.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/crun.spec b/crun.spec index afb9b05..1f50a85 100644 --- a/crun.spec +++ b/crun.spec @@ -1,7 +1,7 @@ Summary: OCI runtime written in C Name: crun Version: 0.14.1 -Release: 3%{?dist} +Release: 4%{?dist} Source0: https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.gz License: GPLv3+ URL: https://github.com/containers/crun @@ -46,6 +46,9 @@ rm -rf $RPM_BUILD_ROOT/usr/lib* %{_mandir}/man1/* %changelog +* Mon Aug 31 2020 Lokesh Mandvekar - 0.14.1-4 +- rebuild + * Thu Aug 27 2020 Giuseppe Scrivano - 0.14.1-3 - backport ed9c3e6f466dfb6d2e79802060fabd5f4b66f78e From e0715480139cdb37b8491d621506c12098a635a9 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Wed, 2 Sep 2020 13:47:33 +0000 Subject: [PATCH 12/29] crun-0.14.1-1 Signed-off-by: RH Container Bot --- crun.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/crun.spec b/crun.spec index 1f50a85..3f465e9 100644 --- a/crun.spec +++ b/crun.spec @@ -1,7 +1,7 @@ Summary: OCI runtime written in C Name: crun Version: 0.14.1 -Release: 4%{?dist} +Release: 1%{?dist} Source0: https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.gz License: GPLv3+ URL: https://github.com/containers/crun @@ -46,6 +46,9 @@ rm -rf $RPM_BUILD_ROOT/usr/lib* %{_mandir}/man1/* %changelog +* Wed Sep 2 2020 RH Container Bot - 0.14.1-1 +- autobuilt 0.14.1 + * Mon Aug 31 2020 Lokesh Mandvekar - 0.14.1-4 - rebuild From 82b209abe5c018d453e4f6069934b1f6c4e2cd58 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Mon, 14 Sep 2020 12:05:15 +0200 Subject: [PATCH 13/29] crun-0.14.1-5 Signed-off-by: Giuseppe Scrivano --- ...apabilities-get-last_cap-dynamically.patch | 100 ++++++++++++++++++ crun.spec | 6 +- 2 files changed, 105 insertions(+), 1 deletion(-) create mode 100644 0001-Capabilities-get-last_cap-dynamically.patch diff --git a/0001-Capabilities-get-last_cap-dynamically.patch b/0001-Capabilities-get-last_cap-dynamically.patch new file mode 100644 index 0000000..4a4751f --- /dev/null +++ b/0001-Capabilities-get-last_cap-dynamically.patch @@ -0,0 +1,100 @@ +From 2dd22b2f1aa13edc704cf5a6e50793457076789e Mon Sep 17 00:00:00 2001 +From: Ed Santiago +Date: Mon, 31 Aug 2020 12:09:39 -0600 +Subject: [PATCH] Capabilities: get last_cap dynamically + +Determine the kernel capability set at run time, for +consistency with runc. + +Signed-off-by: Ed Santiago +(cherry picked from commit 4453af4c060e380051552ee589af5cad37f2ae82) +--- + src/libcrun/container.c | 4 ++++ + src/libcrun/linux.c | 29 +++++++++++++++++++++++++++-- + src/libcrun/linux.h | 1 + + 3 files changed, 32 insertions(+), 2 deletions(-) + +diff --git a/src/libcrun/container.c b/src/libcrun/container.c +index 3723300..0870cf2 100644 +--- a/src/libcrun/container.c ++++ b/src/libcrun/container.c +@@ -480,6 +480,10 @@ initialize_security (runtime_spec_schema_config_schema_process *proc, libcrun_er + if (UNLIKELY (ret < 0)) + return ret; + ++ ret = libcrun_init_caps (err); ++ if (UNLIKELY (ret < 0)) ++ return ret; ++ + return 0; + } + +diff --git a/src/libcrun/linux.c b/src/libcrun/linux.c +index fa87d82..316943d 100644 +--- a/src/libcrun/linux.c ++++ b/src/libcrun/linux.c +@@ -2291,6 +2291,28 @@ has_cap_on (int cap, long unsigned *caps) + return (CAP_TO_MASK_1 (cap) & caps[1]); + } + ++static unsigned long cap_last_cap; ++ ++int ++libcrun_init_caps (libcrun_error_t *err) ++{ ++ cleanup_close int fd = -1; ++ int ret; ++ char buffer[16]; ++ fd = open ("/proc/sys/kernel/cap_last_cap", O_RDONLY); ++ if (fd < 0) ++ return crun_make_error (err, errno, "open /proc/sys/kernel/cap_last_cap"); ++ ret = TEMP_FAILURE_RETRY (read (fd, buffer, sizeof (buffer))); ++ if (UNLIKELY (ret < 0)) ++ return crun_make_error (err, errno, "read from /proc/sys/kernel/cap_last_cap"); ++ ++ errno = 0; ++ cap_last_cap = strtoul (buffer, NULL, 10); ++ if (errno != 0) ++ return crun_make_error (err, errno, "strtoul() from /proc/sys/kernel/cap_last_cap"); ++ return 0; ++} ++ + static int + set_required_caps (struct all_caps_s *caps, uid_t uid, gid_t gid, int no_new_privs, libcrun_error_t *err) + { +@@ -2299,7 +2321,10 @@ set_required_caps (struct all_caps_s *caps, uid_t uid, gid_t gid, int no_new_pri + struct __user_cap_header_struct hdr = { _LINUX_CAPABILITY_VERSION_3, 0 }; + struct __user_cap_data_struct data[2] = { { 0 } }; + +- for (cap = 0; cap <= CAP_LAST_CAP; cap++) ++ if (cap_last_cap == 0) ++ return crun_make_error (err, 0, "internal error: max number of capabilities not initialized"); ++ ++ for (cap = 0; cap <= cap_last_cap; cap++) + if (! has_cap_on (cap, caps->bounding)) + { + ret = prctl (PR_CAPBSET_DROP, cap, 0, 0, 0); +@@ -2335,7 +2360,7 @@ set_required_caps (struct all_caps_s *caps, uid_t uid, gid_t gid, int no_new_pri + if (UNLIKELY (ret < 0 && !(errno == EINVAL || errno == EPERM))) + return crun_make_error (err, errno, "prctl reset ambient"); + +- for (cap = 0; cap <= CAP_LAST_CAP; cap++) ++ for (cap = 0; cap <= cap_last_cap; cap++) + if (has_cap_on (cap, caps->ambient)) + { + ret = prctl (PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, cap, 0, 0); +diff --git a/src/libcrun/linux.h b/src/libcrun/linux.h +index a92b5f1..fc70feb 100644 +--- a/src/libcrun/linux.h ++++ b/src/libcrun/linux.h +@@ -38,6 +38,7 @@ pid_t libcrun_run_linux_container (libcrun_container_t *container, + libcrun_error_t *err); + int get_notify_fd (libcrun_context_t *context, libcrun_container_t *container, int *notify_socket_out, libcrun_error_t *err); + int libcrun_set_mounts (libcrun_container_t *container, const char *rootfs, libcrun_error_t *err); ++int libcrun_init_caps (libcrun_error_t *err); + int libcrun_do_pivot_root (libcrun_container_t *container, bool no_pivot, const char *rootfs, libcrun_error_t *err); + int libcrun_reopen_dev_null (libcrun_error_t *err); + int libcrun_set_usernamespace (libcrun_container_t *container, pid_t pid, libcrun_error_t *err); +-- +2.26.2 + diff --git a/crun.spec b/crun.spec index 3f465e9..26f436c 100644 --- a/crun.spec +++ b/crun.spec @@ -1,7 +1,7 @@ Summary: OCI runtime written in C Name: crun Version: 0.14.1 -Release: 1%{?dist} +Release: 5%{?dist} Source0: https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.gz License: GPLv3+ URL: https://github.com/containers/crun @@ -23,6 +23,7 @@ BuildRequires: go-md2man Provides: oci-runtime = 2 Patch0: 0001-state-fix-race-condition-when-reading-cgroup.patch +Patch1: 0001-Capabilities-get-last_cap-dynamically.patch %description crun is a runtime for running OCI containers @@ -46,6 +47,9 @@ rm -rf $RPM_BUILD_ROOT/usr/lib* %{_mandir}/man1/* %changelog +* Mon Sep 14 2020 Giuseppe Scrivano - 0.14.1-5 +- backport 4453af4c060e380051552ee589af5cad37f2ae82 + * Wed Sep 2 2020 RH Container Bot - 0.14.1-1 - autobuilt 0.14.1 From 330bf26d5d9533dc9d5864e98003d5ec09e07deb Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Mon, 14 Sep 2020 11:13:08 +0000 Subject: [PATCH 14/29] crun-0.14.1-1 autobuilt 0.14.1 Signed-off-by: RH Container Bot --- crun.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/crun.spec b/crun.spec index 26f436c..f4a2afa 100644 --- a/crun.spec +++ b/crun.spec @@ -1,7 +1,7 @@ Summary: OCI runtime written in C Name: crun Version: 0.14.1 -Release: 5%{?dist} +Release: 1%{?dist} Source0: https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.gz License: GPLv3+ URL: https://github.com/containers/crun @@ -47,6 +47,9 @@ rm -rf $RPM_BUILD_ROOT/usr/lib* %{_mandir}/man1/* %changelog +* Mon Sep 14 2020 RH Container Bot - 0.14.1-1 +- autobuilt 0.14.1 + * Mon Sep 14 2020 Giuseppe Scrivano - 0.14.1-5 - backport 4453af4c060e380051552ee589af5cad37f2ae82 From ff57555ca26b09e9197ab9f4bd34b90de6628f49 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Wed, 23 Sep 2020 15:14:13 +0000 Subject: [PATCH 15/29] crun-0.15-1 autobuilt 0.15 Signed-off-by: RH Container Bot --- .gitignore | 1 + crun.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index ce20ab0..515f617 100644 --- a/.gitignore +++ b/.gitignore @@ -20,3 +20,4 @@ crun-0.1.1.tar.gz /crun-0.13.tar.gz /crun-0.14.tar.gz /crun-0.14.1.tar.gz +/crun-0.15.tar.gz diff --git a/crun.spec b/crun.spec index f4a2afa..677c721 100644 --- a/crun.spec +++ b/crun.spec @@ -1,6 +1,6 @@ Summary: OCI runtime written in C Name: crun -Version: 0.14.1 +Version: 0.15 Release: 1%{?dist} Source0: https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.gz License: GPLv3+ @@ -47,6 +47,9 @@ rm -rf $RPM_BUILD_ROOT/usr/lib* %{_mandir}/man1/* %changelog +* Wed Sep 23 2020 RH Container Bot - 0.15-1 +- autobuilt 0.15 + * Mon Sep 14 2020 RH Container Bot - 0.14.1-1 - autobuilt 0.14.1 diff --git a/sources b/sources index 0d91064..07332d6 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (crun-0.14.1.tar.gz) = 420f1713653cbd17df83b2a63d163aaa41baf78115b093877a2241305e10b2ceeaf08ea6700658eca894729ff8a20cbc66f868d18d27fba3fbedf1a9993b122e +SHA512 (crun-0.15.tar.gz) = f9a9e94b6a9c5cff01fe93b1c3d5876a0794e6288b802cf579556e11411ca5d6e63cae3859aaa4df4bb600e2d27aa131872a93a92784b9b48f7885411d86f325 From 52d48120c1fddf31e97022b58bb255b23cfe09b1 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Wed, 23 Sep 2020 17:23:06 +0200 Subject: [PATCH 16/29] remove old patches Signed-off-by: Giuseppe Scrivano --- ...apabilities-get-last_cap-dynamically.patch | 100 ------------------ ...x-race-condition-when-reading-cgroup.patch | 42 -------- crun.spec | 3 - 3 files changed, 145 deletions(-) delete mode 100644 0001-Capabilities-get-last_cap-dynamically.patch delete mode 100644 0001-state-fix-race-condition-when-reading-cgroup.patch diff --git a/0001-Capabilities-get-last_cap-dynamically.patch b/0001-Capabilities-get-last_cap-dynamically.patch deleted file mode 100644 index 4a4751f..0000000 --- a/0001-Capabilities-get-last_cap-dynamically.patch +++ /dev/null @@ -1,100 +0,0 @@ -From 2dd22b2f1aa13edc704cf5a6e50793457076789e Mon Sep 17 00:00:00 2001 -From: Ed Santiago -Date: Mon, 31 Aug 2020 12:09:39 -0600 -Subject: [PATCH] Capabilities: get last_cap dynamically - -Determine the kernel capability set at run time, for -consistency with runc. - -Signed-off-by: Ed Santiago -(cherry picked from commit 4453af4c060e380051552ee589af5cad37f2ae82) ---- - src/libcrun/container.c | 4 ++++ - src/libcrun/linux.c | 29 +++++++++++++++++++++++++++-- - src/libcrun/linux.h | 1 + - 3 files changed, 32 insertions(+), 2 deletions(-) - -diff --git a/src/libcrun/container.c b/src/libcrun/container.c -index 3723300..0870cf2 100644 ---- a/src/libcrun/container.c -+++ b/src/libcrun/container.c -@@ -480,6 +480,10 @@ initialize_security (runtime_spec_schema_config_schema_process *proc, libcrun_er - if (UNLIKELY (ret < 0)) - return ret; - -+ ret = libcrun_init_caps (err); -+ if (UNLIKELY (ret < 0)) -+ return ret; -+ - return 0; - } - -diff --git a/src/libcrun/linux.c b/src/libcrun/linux.c -index fa87d82..316943d 100644 ---- a/src/libcrun/linux.c -+++ b/src/libcrun/linux.c -@@ -2291,6 +2291,28 @@ has_cap_on (int cap, long unsigned *caps) - return (CAP_TO_MASK_1 (cap) & caps[1]); - } - -+static unsigned long cap_last_cap; -+ -+int -+libcrun_init_caps (libcrun_error_t *err) -+{ -+ cleanup_close int fd = -1; -+ int ret; -+ char buffer[16]; -+ fd = open ("/proc/sys/kernel/cap_last_cap", O_RDONLY); -+ if (fd < 0) -+ return crun_make_error (err, errno, "open /proc/sys/kernel/cap_last_cap"); -+ ret = TEMP_FAILURE_RETRY (read (fd, buffer, sizeof (buffer))); -+ if (UNLIKELY (ret < 0)) -+ return crun_make_error (err, errno, "read from /proc/sys/kernel/cap_last_cap"); -+ -+ errno = 0; -+ cap_last_cap = strtoul (buffer, NULL, 10); -+ if (errno != 0) -+ return crun_make_error (err, errno, "strtoul() from /proc/sys/kernel/cap_last_cap"); -+ return 0; -+} -+ - static int - set_required_caps (struct all_caps_s *caps, uid_t uid, gid_t gid, int no_new_privs, libcrun_error_t *err) - { -@@ -2299,7 +2321,10 @@ set_required_caps (struct all_caps_s *caps, uid_t uid, gid_t gid, int no_new_pri - struct __user_cap_header_struct hdr = { _LINUX_CAPABILITY_VERSION_3, 0 }; - struct __user_cap_data_struct data[2] = { { 0 } }; - -- for (cap = 0; cap <= CAP_LAST_CAP; cap++) -+ if (cap_last_cap == 0) -+ return crun_make_error (err, 0, "internal error: max number of capabilities not initialized"); -+ -+ for (cap = 0; cap <= cap_last_cap; cap++) - if (! has_cap_on (cap, caps->bounding)) - { - ret = prctl (PR_CAPBSET_DROP, cap, 0, 0, 0); -@@ -2335,7 +2360,7 @@ set_required_caps (struct all_caps_s *caps, uid_t uid, gid_t gid, int no_new_pri - if (UNLIKELY (ret < 0 && !(errno == EINVAL || errno == EPERM))) - return crun_make_error (err, errno, "prctl reset ambient"); - -- for (cap = 0; cap <= CAP_LAST_CAP; cap++) -+ for (cap = 0; cap <= cap_last_cap; cap++) - if (has_cap_on (cap, caps->ambient)) - { - ret = prctl (PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, cap, 0, 0); -diff --git a/src/libcrun/linux.h b/src/libcrun/linux.h -index a92b5f1..fc70feb 100644 ---- a/src/libcrun/linux.h -+++ b/src/libcrun/linux.h -@@ -38,6 +38,7 @@ pid_t libcrun_run_linux_container (libcrun_container_t *container, - libcrun_error_t *err); - int get_notify_fd (libcrun_context_t *context, libcrun_container_t *container, int *notify_socket_out, libcrun_error_t *err); - int libcrun_set_mounts (libcrun_container_t *container, const char *rootfs, libcrun_error_t *err); -+int libcrun_init_caps (libcrun_error_t *err); - int libcrun_do_pivot_root (libcrun_container_t *container, bool no_pivot, const char *rootfs, libcrun_error_t *err); - int libcrun_reopen_dev_null (libcrun_error_t *err); - int libcrun_set_usernamespace (libcrun_container_t *container, pid_t pid, libcrun_error_t *err); --- -2.26.2 - diff --git a/0001-state-fix-race-condition-when-reading-cgroup.patch b/0001-state-fix-race-condition-when-reading-cgroup.patch deleted file mode 100644 index cbdaf76..0000000 --- a/0001-state-fix-race-condition-when-reading-cgroup.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 1a71c82ea9fd3561b16e2730bea9673219c15843 Mon Sep 17 00:00:00 2001 -From: Giuseppe Scrivano -Date: Thu, 27 Aug 2020 12:10:21 +0200 -Subject: [PATCH] state: fix race condition when reading cgroup - -by the time crun attempts to read from the cgroup, systemd might have -already cleaned it up. When using systemd, on ENOENT state reports -the container as "stopped" instead of an error. - -Closes: https://github.com/containers/podman/issues/7148 - -Signed-off-by: Giuseppe Scrivano ---- - src/libcrun/container.c | 12 +++++++++++- - 1 file changed, 11 insertions(+), 1 deletion(-) - -diff --git a/src/libcrun/container.c b/src/libcrun/container.c -index 3723300..289e551 100644 ---- a/src/libcrun/container.c -+++ b/src/libcrun/container.c -@@ -2112,7 +2112,17 @@ libcrun_get_container_state_string (const char *id, libcrun_container_status_t * - - ret = libcrun_cgroup_is_container_paused (status->cgroup_path, cgroup_mode, &paused, err); - if (UNLIKELY (ret < 0)) -- return ret; -+ { -+ /* The cgroup might have been cleaned up by systemd by the time we try to read it, so ignore ENOENT. */ -+ if (status->systemd_cgroup && crun_error_get_errno (err) == ENOENT) -+ { -+ crun_error_release (err); -+ *container_status = "stopped"; -+ return 0; -+ } -+ -+ return ret; -+ } - } - - if (! *running) --- -2.26.2 - diff --git a/crun.spec b/crun.spec index 677c721..58aca2d 100644 --- a/crun.spec +++ b/crun.spec @@ -22,9 +22,6 @@ BuildRequires: libtool BuildRequires: go-md2man Provides: oci-runtime = 2 -Patch0: 0001-state-fix-race-condition-when-reading-cgroup.patch -Patch1: 0001-Capabilities-get-last_cap-dynamically.patch - %description crun is a runtime for running OCI containers From 72079788bb7826aa75c948866b208f0e748847f8 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Wed, 23 Sep 2020 17:27:34 +0200 Subject: [PATCH 17/29] rebuild Signed-off-by: Giuseppe Scrivano (cherry picked from commit 89169426ca4a015e5ca8af27d04bf2d6ab2097fa) --- crun.spec | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/crun.spec b/crun.spec index 58aca2d..f1c1ad2 100644 --- a/crun.spec +++ b/crun.spec @@ -1,7 +1,7 @@ Summary: OCI runtime written in C Name: crun Version: 0.15 -Release: 1%{?dist} +Release: 2%{?dist} Source0: https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.gz License: GPLv3+ URL: https://github.com/containers/crun @@ -44,12 +44,18 @@ rm -rf $RPM_BUILD_ROOT/usr/lib* %{_mandir}/man1/* %changelog +* Wed Sep 23 2020 Giuseppe Scrivano - 0.15-2 +- rebuild + * Wed Sep 23 2020 RH Container Bot - 0.15-1 - autobuilt 0.15 * Mon Sep 14 2020 RH Container Bot - 0.14.1-1 - autobuilt 0.14.1 +* Wed Sep 23 2020 Giuseppe Scrivano - 0.15-1 +- build version 0.15 + * Mon Sep 14 2020 Giuseppe Scrivano - 0.14.1-5 - backport 4453af4c060e380051552ee589af5cad37f2ae82 From 0328ac100d5e7fa367d5588d5770b28e8f605b8d Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Wed, 23 Sep 2020 16:12:51 +0000 Subject: [PATCH 18/29] crun-0.15-1 autobuilt 0.15 Signed-off-by: RH Container Bot --- crun.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/crun.spec b/crun.spec index f1c1ad2..b5867d9 100644 --- a/crun.spec +++ b/crun.spec @@ -1,7 +1,7 @@ Summary: OCI runtime written in C Name: crun Version: 0.15 -Release: 2%{?dist} +Release: 1%{?dist} Source0: https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.gz License: GPLv3+ URL: https://github.com/containers/crun @@ -44,6 +44,9 @@ rm -rf $RPM_BUILD_ROOT/usr/lib* %{_mandir}/man1/* %changelog +* Wed Sep 23 2020 RH Container Bot - 0.15-1 +- autobuilt 0.15 + * Wed Sep 23 2020 Giuseppe Scrivano - 0.15-2 - rebuild From 7d364e5562e0eeaceac135b78b932bdcabddf822 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Wed, 30 Sep 2020 14:33:23 +0200 Subject: [PATCH 19/29] crun-0.15-3 Signed-off-by: Giuseppe Scrivano --- 0001-exec-check-read-bytes-from-sync.patch | 35 ++++++++++++++++++++++ crun.spec | 7 ++++- 2 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 0001-exec-check-read-bytes-from-sync.patch diff --git a/0001-exec-check-read-bytes-from-sync.patch b/0001-exec-check-read-bytes-from-sync.patch new file mode 100644 index 0000000..fc41655 --- /dev/null +++ b/0001-exec-check-read-bytes-from-sync.patch @@ -0,0 +1,35 @@ +From 20c56beb3307b0ac07af0edbbbe49ec65819f559 Mon Sep 17 00:00:00 2001 +From: Giuseppe Scrivano +Date: Tue, 29 Sep 2020 16:52:02 +0200 +Subject: [PATCH] exec: check read bytes from sync + +when reading from the exec sync pipe, make sure it reads exactly one +byte otherwise return an error. + +Closes: https://github.com/containers/crun/issues/511 + +Signed-off-by: Giuseppe Scrivano +--- + src/libcrun/container.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/libcrun/container.c b/src/libcrun/container.c +index 927986a..0308992 100644 +--- a/src/libcrun/container.c ++++ b/src/libcrun/container.c +@@ -2595,10 +2595,10 @@ libcrun_container_exec (libcrun_context_t *context, const char *id, runtime_spec + } + } + +- TEMP_FAILURE_RETRY (read (pipefd0, &b, sizeof (b))); ++ ret = TEMP_FAILURE_RETRY (read (pipefd0, &b, sizeof (b))); + TEMP_FAILURE_RETRY (close (pipefd0)); + pipefd0 = -1; +- if (b != '0') ++ if (ret != 1 || b != '0') + ret = -1; + else + { +-- +2.26.2 + diff --git a/crun.spec b/crun.spec index b5867d9..b7e9092 100644 --- a/crun.spec +++ b/crun.spec @@ -1,7 +1,7 @@ Summary: OCI runtime written in C Name: crun Version: 0.15 -Release: 1%{?dist} +Release: 3%{?dist} Source0: https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.gz License: GPLv3+ URL: https://github.com/containers/crun @@ -22,6 +22,8 @@ BuildRequires: libtool BuildRequires: go-md2man Provides: oci-runtime = 2 +Patch0: 0001-exec-check-read-bytes-from-sync.patch + %description crun is a runtime for running OCI containers @@ -44,6 +46,9 @@ rm -rf $RPM_BUILD_ROOT/usr/lib* %{_mandir}/man1/* %changelog +* Wed Sep 30 2020 Giuseppe Scrivano - 0.15-3 +- backport "exec: check read bytes from sync" + * Wed Sep 23 2020 RH Container Bot - 0.15-1 - autobuilt 0.15 From 293f1d12b468f87779bd766a535b48073760e266 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 30 Sep 2020 11:49:43 -0400 Subject: [PATCH 20/29] crun-0.15-5 - rebuild to bump release tag ahead of older fedoras Signed-off-by: Lokesh Mandvekar (cherry picked from commit 2d611f8179de715143822e36d37d59d28d8c471b) Signed-off-by: Lokesh Mandvekar --- crun.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/crun.spec b/crun.spec index b7e9092..6769d22 100644 --- a/crun.spec +++ b/crun.spec @@ -1,7 +1,7 @@ Summary: OCI runtime written in C Name: crun Version: 0.15 -Release: 3%{?dist} +Release: 5%{?dist} Source0: https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.gz License: GPLv3+ URL: https://github.com/containers/crun @@ -46,6 +46,9 @@ rm -rf $RPM_BUILD_ROOT/usr/lib* %{_mandir}/man1/* %changelog +* Wed Sep 30 2020 Lokesh Mandvekar - 0.15-5 +- rebuild to bump release tag ahead of older fedoras + * Wed Sep 30 2020 Giuseppe Scrivano - 0.15-3 - backport "exec: check read bytes from sync" From 58464aaae9c2ed5bc16f359157491f8ab70b75cf Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Wed, 4 Nov 2020 09:48:37 +0100 Subject: [PATCH 21/29] crun-0.15.1-1 Signed-off-by: Giuseppe Scrivano (cherry picked from commit 428de5e45ad66e1415b450adb054b9ad4d87e3d3) --- .gitignore | 1 + 0001-exec-check-read-bytes-from-sync.patch | 35 ---------------------- crun.spec | 9 +++--- sources | 2 +- 4 files changed, 7 insertions(+), 40 deletions(-) delete mode 100644 0001-exec-check-read-bytes-from-sync.patch diff --git a/.gitignore b/.gitignore index 515f617..3630bec 100644 --- a/.gitignore +++ b/.gitignore @@ -21,3 +21,4 @@ crun-0.1.1.tar.gz /crun-0.14.tar.gz /crun-0.14.1.tar.gz /crun-0.15.tar.gz +/crun-0.15.1.tar.gz diff --git a/0001-exec-check-read-bytes-from-sync.patch b/0001-exec-check-read-bytes-from-sync.patch deleted file mode 100644 index fc41655..0000000 --- a/0001-exec-check-read-bytes-from-sync.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 20c56beb3307b0ac07af0edbbbe49ec65819f559 Mon Sep 17 00:00:00 2001 -From: Giuseppe Scrivano -Date: Tue, 29 Sep 2020 16:52:02 +0200 -Subject: [PATCH] exec: check read bytes from sync - -when reading from the exec sync pipe, make sure it reads exactly one -byte otherwise return an error. - -Closes: https://github.com/containers/crun/issues/511 - -Signed-off-by: Giuseppe Scrivano ---- - src/libcrun/container.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/libcrun/container.c b/src/libcrun/container.c -index 927986a..0308992 100644 ---- a/src/libcrun/container.c -+++ b/src/libcrun/container.c -@@ -2595,10 +2595,10 @@ libcrun_container_exec (libcrun_context_t *context, const char *id, runtime_spec - } - } - -- TEMP_FAILURE_RETRY (read (pipefd0, &b, sizeof (b))); -+ ret = TEMP_FAILURE_RETRY (read (pipefd0, &b, sizeof (b))); - TEMP_FAILURE_RETRY (close (pipefd0)); - pipefd0 = -1; -- if (b != '0') -+ if (ret != 1 || b != '0') - ret = -1; - else - { --- -2.26.2 - diff --git a/crun.spec b/crun.spec index 6769d22..f5de584 100644 --- a/crun.spec +++ b/crun.spec @@ -1,7 +1,7 @@ Summary: OCI runtime written in C Name: crun -Version: 0.15 -Release: 5%{?dist} +Version: 0.15.1 +Release: 1%{?dist} Source0: https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.gz License: GPLv3+ URL: https://github.com/containers/crun @@ -22,8 +22,6 @@ BuildRequires: libtool BuildRequires: go-md2man Provides: oci-runtime = 2 -Patch0: 0001-exec-check-read-bytes-from-sync.patch - %description crun is a runtime for running OCI containers @@ -46,6 +44,9 @@ rm -rf $RPM_BUILD_ROOT/usr/lib* %{_mandir}/man1/* %changelog +* Wed Nov 04 2020 Giuseppe Scrivano - 0.15.1-1 +- built version 0.15.1 + * Wed Sep 30 2020 Lokesh Mandvekar - 0.15-5 - rebuild to bump release tag ahead of older fedoras diff --git a/sources b/sources index 07332d6..f3a122c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (crun-0.15.tar.gz) = f9a9e94b6a9c5cff01fe93b1c3d5876a0794e6288b802cf579556e11411ca5d6e63cae3859aaa4df4bb600e2d27aa131872a93a92784b9b48f7885411d86f325 +SHA512 (crun-0.15.1.tar.gz) = 470d69c6be809ac20bcbe33c9225aa4b6193fd95f0c469fc87b0d3bdccc4fb92ff31b60915fa93617fd2f89adee799818c85617ddd9f9dc20af00edb6482724e From 4032c5c9d70fe1adbe94650c54e2745d986df88f Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Tue, 24 Nov 2020 10:03:57 +0100 Subject: [PATCH 22/29] crun-0.16-1 Signed-off-by: Giuseppe Scrivano --- .gitignore | 1 + crun.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 3630bec..1c1c0cb 100644 --- a/.gitignore +++ b/.gitignore @@ -22,3 +22,4 @@ crun-0.1.1.tar.gz /crun-0.14.1.tar.gz /crun-0.15.tar.gz /crun-0.15.1.tar.gz +/crun-0.16.tar.gz diff --git a/crun.spec b/crun.spec index f5de584..c92cb89 100644 --- a/crun.spec +++ b/crun.spec @@ -1,6 +1,6 @@ Summary: OCI runtime written in C Name: crun -Version: 0.15.1 +Version: 0.16 Release: 1%{?dist} Source0: https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.gz License: GPLv3+ @@ -44,6 +44,9 @@ rm -rf $RPM_BUILD_ROOT/usr/lib* %{_mandir}/man1/* %changelog +* Tue Nov 24 2020 Giuseppe Scrivano - 0.16-1 +- built version 0.16 + * Wed Nov 04 2020 Giuseppe Scrivano - 0.15.1-1 - built version 0.15.1 diff --git a/sources b/sources index f3a122c..5a02c82 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (crun-0.15.1.tar.gz) = 470d69c6be809ac20bcbe33c9225aa4b6193fd95f0c469fc87b0d3bdccc4fb92ff31b60915fa93617fd2f89adee799818c85617ddd9f9dc20af00edb6482724e +SHA512 (crun-0.16.tar.gz) = f5a0d19c037af55478ee5f83b63d74277c8640f715b81a8233d3f1acd4cdfdad491e5c1f5beda04d0d7aa16693e9a004b0bde71343b082aa514ae76e5907d029 From 05882d08b57d987571a24986517e0da75c9c50fb Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 9 Dec 2020 09:45:48 -0500 Subject: [PATCH 23/29] remove bad changelog entry Signed-off-by: Lokesh Mandvekar --- crun.spec | 3 --- 1 file changed, 3 deletions(-) diff --git a/crun.spec b/crun.spec index c92cb89..a7d3118 100644 --- a/crun.spec +++ b/crun.spec @@ -65,9 +65,6 @@ rm -rf $RPM_BUILD_ROOT/usr/lib* * Wed Sep 23 2020 RH Container Bot - 0.15-1 - autobuilt 0.15 -* Mon Sep 14 2020 RH Container Bot - 0.14.1-1 -- autobuilt 0.14.1 - * Wed Sep 23 2020 Giuseppe Scrivano - 0.15-1 - build version 0.15 From 1aec9da4dd26da5b1836775758b43dfc062f2756 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 9 Dec 2020 10:14:53 -0500 Subject: [PATCH 24/29] adjust python3 dependency for CentOS8 Signed-off-by: Lokesh Mandvekar --- crun.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/crun.spec b/crun.spec index a7d3118..2ffdb77 100644 --- a/crun.spec +++ b/crun.spec @@ -10,7 +10,11 @@ URL: https://github.com/containers/crun BuildRequires: autoconf BuildRequires: automake BuildRequires: gcc +%if 0%{?centos} >= 8 +BuildRequires: python3 +%else BuildRequires: python +%endif BuildRequires: git BuildRequires: libcap-devel BuildRequires: systemd-devel From 9880c9d0ffe4315a4d0eca0e5d95a2b44d430404 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 9 Dec 2020 10:59:19 -0500 Subject: [PATCH 25/29] python3-libmount only for fedora Signed-off-by: Lokesh Mandvekar --- crun.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crun.spec b/crun.spec index 2ffdb77..f1d260e 100644 --- a/crun.spec +++ b/crun.spec @@ -13,6 +13,7 @@ BuildRequires: gcc %if 0%{?centos} >= 8 BuildRequires: python3 %else +BuildRequires: python3-libmount BuildRequires: python %endif BuildRequires: git @@ -21,7 +22,6 @@ BuildRequires: systemd-devel BuildRequires: yajl-devel BuildRequires: libseccomp-devel BuildRequires: libselinux-devel -BuildRequires: python3-libmount BuildRequires: libtool BuildRequires: go-md2man Provides: oci-runtime = 2 From b5dd378606ed09e3e5912aeee0ca26d5e3bb54ad Mon Sep 17 00:00:00 2001 From: Jindrich Novy Date: Wed, 25 Nov 2020 09:11:53 +0100 Subject: [PATCH 26/29] crun-0.16-2.fc34 - fix license Signed-off-by: Jindrich Novy --- crun.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/crun.spec b/crun.spec index f1d260e..05a321f 100644 --- a/crun.spec +++ b/crun.spec @@ -1,9 +1,9 @@ Summary: OCI runtime written in C Name: crun Version: 0.16 -Release: 1%{?dist} +Release: 2%{?dist} Source0: https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.gz -License: GPLv3+ +License: GPLv2+ URL: https://github.com/containers/crun # We always run autogen.sh @@ -48,6 +48,9 @@ rm -rf $RPM_BUILD_ROOT/usr/lib* %{_mandir}/man1/* %changelog +* Wed Nov 25 2020 Jindrich Novy - 0.16-2 +- fix license + * Tue Nov 24 2020 Giuseppe Scrivano - 0.16-1 - built version 0.16 From 97dfdcb0d329a0e806f86ca378993f17fb298fb1 Mon Sep 17 00:00:00 2001 From: Tom Stellard Date: Thu, 17 Dec 2020 04:03:08 +0000 Subject: [PATCH 27/29] Add BuildRequires: make https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot --- crun.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/crun.spec b/crun.spec index 05a321f..8b22f27 100644 --- a/crun.spec +++ b/crun.spec @@ -24,6 +24,7 @@ BuildRequires: libseccomp-devel BuildRequires: libselinux-devel BuildRequires: libtool BuildRequires: go-md2man +BuildRequires: make Provides: oci-runtime = 2 %description From 19ec82011a3880010bb1f88edc94d7ced97d6d04 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Thu, 17 Dec 2020 14:57:56 +0100 Subject: [PATCH 28/29] crun-0.16-3.fc33 Signed-off-by: Giuseppe Scrivano --- crun.spec | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/crun.spec b/crun.spec index 8b22f27..79851e8 100644 --- a/crun.spec +++ b/crun.spec @@ -1,7 +1,7 @@ Summary: OCI runtime written in C Name: crun Version: 0.16 -Release: 2%{?dist} +Release: 3%{?dist} Source0: https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.gz License: GPLv2+ URL: https://github.com/containers/crun @@ -25,6 +25,9 @@ BuildRequires: libselinux-devel BuildRequires: libtool BuildRequires: go-md2man BuildRequires: make +%ifnarch %ix86 +BuildRequires: criu-devel >= 3.15 +%endif Provides: oci-runtime = 2 %description @@ -49,6 +52,9 @@ rm -rf $RPM_BUILD_ROOT/usr/lib* %{_mandir}/man1/* %changelog +* Thu Dec 17 2020 Giuseppe Scrivano - 0.16-3 +- build with CRIU + * Wed Nov 25 2020 Jindrich Novy - 0.16-2 - fix license From 0dcecb10e89efe808d37ad7cebf85e569dbf4385 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Thu, 21 Jan 2021 23:15:49 +0100 Subject: [PATCH 29/29] crun-0.17.1-1 Signed-off-by: Giuseppe Scrivano --- .gitignore | 1 + crun.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 1c1c0cb..c227741 100644 --- a/.gitignore +++ b/.gitignore @@ -23,3 +23,4 @@ crun-0.1.1.tar.gz /crun-0.15.tar.gz /crun-0.15.1.tar.gz /crun-0.16.tar.gz +/crun-0.17.tar.gz diff --git a/crun.spec b/crun.spec index 79851e8..c8f106e 100644 --- a/crun.spec +++ b/crun.spec @@ -1,7 +1,7 @@ Summary: OCI runtime written in C Name: crun -Version: 0.16 -Release: 3%{?dist} +Version: 0.17 +Release: 1%{?dist} Source0: https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.gz License: GPLv2+ URL: https://github.com/containers/crun @@ -52,6 +52,9 @@ rm -rf $RPM_BUILD_ROOT/usr/lib* %{_mandir}/man1/* %changelog +* Thu Jan 21 2021 Giuseppe Scrivano - 0.17-1 +- built version 0.17 + * Thu Dec 17 2020 Giuseppe Scrivano - 0.16-3 - build with CRIU diff --git a/sources b/sources index 5a02c82..8e3eccb 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (crun-0.16.tar.gz) = f5a0d19c037af55478ee5f83b63d74277c8640f715b81a8233d3f1acd4cdfdad491e5c1f5beda04d0d7aa16693e9a004b0bde71343b082aa514ae76e5907d029 +SHA512 (crun-0.17.tar.gz) = b095a3c4fca8ae683553805de468594e8dd891cc9911b56e8be7c429584e71fb40a364cf55a6a829950078a539d35308310f53f57b8fb40d483d394e91b20b01