Update to 1.21 upstream release

Upstream tag: 1.21
Upstream commit: 10269840

Commit authored by Packit automation (https://packit.dev/)

.fmf/version

@@ -0,0 +1 @@
+1

.gitignore

@@ -83,3 +83,14 @@ crun-0.1.1.tar.gz
 /crun-1.13.tar.xz
 /crun-1.14.tar.xz
 /crun-1.14.1.tar.xz
+/crun-1.14.2.tar.xz
+/crun-1.14.3.tar.xz
+/crun-1.14.4.tar.xz
+/crun-1.15.tar.zst
+/crun-1.17.tar.zst
+/crun-1.18.tar.zst
+/crun-1.18.2.tar.zst
+/crun-1.19.tar.zst
+/crun-1.19.1.tar.zst
+/crun-1.20.tar.zst
+/crun-1.21.tar.zst

.packit.yaml

@@ -2,12 +2,42 @@
 # See the documentation for more information:
 # https://packit.dev/docs/configuration/
 
-specfile_path: rpm/crun.spec
+downstream_package_name: crun
+
+# Ref: https://packit.dev/docs/configuration#files_to_sync
+files_to_sync:
+  - src: rpm/gating.yaml
+    dest: gating.yaml
+  - src: plans/
+    dest: plans/
+    delete: true
+    mkpath: true
+  - src: tests/tmt/
+    dest: tests/tmt/
+    delete: true
+    mkpath: true
+  - src: .fmf/
+    dest: .fmf/
+    delete: true
+    mkpath: true
+  - .packit.yaml
+
+packages:
+  crun-fedora:
+    pkg_tool: fedpkg
+    specfile_path: rpm/crun.spec
+  crun-centos:
+    pkg_tool: centpkg
+    specfile_path: rpm/crun.spec
+  crun-eln:
+    specfile_path: rpm/crun.spec
 
 srpm_build_deps:
   - git-archive-all
   - make
+
 actions:
+  # This action runs only on copr build jobs
   create-archive:
     - "git-archive-all -v --force-submodules rpm/crun-HEAD.tar.xz"
     - bash -c "ls -1 rpm/crun-HEAD.tar.xz"
@@ -15,24 +45,42 @@ actions:
 jobs:
   - job: copr_build
     trigger: pull_request
-    notifications:
+    packages: [crun-fedora]
+    notifications: &copr_build_failure_notification
       failure_comment:
         message: "Ephemeral COPR build failed. @containers/packit-build please check."
-    targets:
+    targets: &fedora_copr_targets
       - fedora-all-x86_64
       - fedora-all-aarch64
+
+  - job: copr_build
+    trigger: pull_request
+    packages: [crun-eln]
+    notifications: *copr_build_failure_notification
+    targets:
       - fedora-eln-x86_64
       - fedora-eln-aarch64
-      - centos-stream+epel-next-8-x86_64
-      - centos-stream+epel-next-8-aarch64
-      - centos-stream+epel-next-9-x86_64
-      - centos-stream+epel-next-9-aarch64
-    additional_repos:
-      - "copr://rhcontainerbot/podman-next"
+
+  - job: copr_build
+    trigger: pull_request
+    packages: [crun-centos]
+    notifications: *copr_build_failure_notification
+    targets: &centos_copr_targets
+      # Need epel9 repos to fetch wasmedge build dependency
+      centos-stream-9-x86_64:
+        additional_repos:
+          - https://dl.fedoraproject.org/pub/epel/9/Everything/x86_64/
+      centos-stream-9-aarch64:
+        additional_repos:
+          - https://dl.fedoraproject.org/pub/epel/9/Everything/aarch64/
+      # TODO: build on CS10 with wasmedge once epel-10 is available
+      centos-stream-10-x86_64: {}
+      centos-stream-10-aarch64: {}
 
   # Run on commit to main branch
   - job: copr_build
     trigger: commit
+    packages: [crun-fedora]
     notifications:
       failure_comment:
         message: "podman-next COPR build failed. @containers/packit-build please check."
@@ -40,18 +88,51 @@ jobs:
     owner: rhcontainerbot
     project: podman-next
 
+  # Podman system tests for Fedora and CentOS Stream
+  - job: tests
+    trigger: pull_request
+    packages: [crun-fedora]
+    notifications: &podman_system_test_fail_notification
+      failure_comment:
+        message: "podman system tests failed. @containers/packit-build please check."
+    targets: *fedora_copr_targets
+    tf_extra_params:
+      environments:
+        - artifacts:
+          - type: repository-file
+            id: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/repo/fedora-$releasever/rhcontainerbot-podman-next-fedora-$releasever.repo
+
+  # Podman system tests for CentOS Stream
+  - job: tests
+    trigger: pull_request
+    packages: [crun-centos]
+    notifications: *podman_system_test_fail_notification
+    targets: *centos_copr_targets
+    tf_extra_params:
+      environments:
+        - artifacts:
+          - type: repository-file
+            id: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/repo/centos-stream-$releasever/rhcontainerbot-podman-next-centos-stream-$releasever.repo
+
   - job: propose_downstream
     trigger: release
-    update_release: false
-    dist_git_branches:
+    packages: [crun-fedora]
+    dist_git_branches: &fedora_targets
       - fedora-all
 
+  - job: propose_downstream
+    trigger: release
+    packages: [crun-centos]
+    dist_git_branches:
+      - c10s
+
   - job: koji_build
     trigger: commit
-    dist_git_branches:
-      - fedora-all
+    packages: [crun-fedora]
+    dist_git_branches: *fedora_targets
 
   - job: bodhi_update
     trigger: commit
+    packages: [crun-fedora]
     dist_git_branches:
       - fedora-branched # rawhide updates are created automatically

README.packit

@@ -1,3 +1,3 @@
 This repository is maintained by packit.
 https://packit.dev/
-The file was generated using packit 0.90.0.post1.dev9+g1f0325d1.
+The file was generated using packit 1.3.0.post1.dev4+gb85da743.

crun.spec

@@ -1,13 +1,18 @@
 %global krun_opts %{nil}
 %global wasmedge_opts %{nil}
-%global wasmtime_opts %{nil}
+%global yajl_opts %{nil}
 
-# krun and wasm[edge,time] support only on aarch64 and x86_64
+%if %{defined copr_username}
+%define copr_build 1
+%endif
+
+# krun and wasm support only on aarch64 and x86_64
 %ifarch aarch64 || x86_64
-%global wasm_support 1
 
-# wasmedge not present on Fedora ELN environments
-%if !0%{?eln}
+# Disable wasmedge on rhel 10 until EPEL10 is in place, otherwise it causes
+# build issues on copr
+%if %{defined fedora} || (%{defined copr_build} && %{defined rhel} && 0%{?rhel} < 10)
+%global wasm_support 1
 %global wasmedge_support 1
 %global wasmedge_opts --with-wasmedge
 %endif
@@ -18,17 +23,17 @@
 %global krun_opts --with-libkrun
 %endif
 
-# wasmtime exists only on podman-next copr for now
-%if %{defined copr_project} && "%{?copr_project}" == "podman-next"
-%global wasmtime_support 1
-%global wasmtime_opts --with-wasmtime
 %endif
 
+%if %{defined fedora} || (%{defined rhel} && 0%{?rhel} < 10)
+%global system_yajl 1
+%else
+%global yajl_opts --enable-embedded-yajl
 %endif
 
 Summary: OCI runtime written in C
 Name: crun
-%if %{defined copr_username}
+%if %{defined copr_build}
 Epoch: 102
 %endif
 # DO NOT TOUCH the Version string!
@@ -37,10 +42,10 @@ Epoch: 102
 # If that's what you're reading, Version must be 0, and will be updated by Packit for
 # copr and koji builds.
 # If you're reading this on dist-git, the version is automatically filled in by Packit.
-Version: 1.14.1
+Version: 1.21
 Release: %autorelease
 URL: https://github.com/containers/%{name}
-Source0: %{url}/releases/download/%{version}/%{name}-%{version}.tar.xz
+Source0: %{url}/releases/download/%{version}/%{name}-%{version}.tar.zst
 License: GPL-2.0-only
 %if %{defined golang_arches_future}
 ExclusiveArch: %{golang_arches_future}
@@ -57,25 +62,22 @@ BuildRequires: libcap-devel
 BuildRequires: libkrun-devel
 %endif
 BuildRequires: systemd-devel
+%if %{defined system_yajl}
 BuildRequires: yajl-devel
+%endif
 BuildRequires: libseccomp-devel
 BuildRequires: python3-libmount
 BuildRequires: libtool
 BuildRequires: protobuf-c-devel
+%ifnarch riscv64
 BuildRequires: criu-devel >= 3.17.1-2
 Recommends: criu >= 3.17.1
 Recommends: criu-libs
+%endif
 %if %{defined wasmedge_support}
 BuildRequires: wasmedge-devel
 %endif
-%if %{defined wasmtime_support}
-BuildRequires: wasmtime-c-api-devel
-%endif
-%if %{defined rhel} && 0%{?rhel} == 8
-BuildRequires: python3
-%else
 BuildRequires: python
-%endif
 Provides: oci-runtime
 
 %description
@@ -96,7 +98,11 @@ krun is a symlink to the %{name} binary, with libkrun as an additional dependenc
 %package wasm
 Summary: %{name} with wasm support
 Requires: %{name} = %{?epoch:%{epoch}:}%{version}-%{release}
+# wasm packages are not present on RHEL yet and are currently a PITA to test
+# Best to only include wasmedge as weak dep on rhel
+%if %{defined fedora}
 Requires: wasm-library
+%endif
 Recommends: wasmedge
 
 %description wasm
@@ -108,21 +114,13 @@ Recommends: wasmedge
 
 %build
 ./autogen.sh
-./configure --disable-silent-rules %{krun_opts} %{wasmedge_opts} %{wasmtime_opts}
+./configure --disable-silent-rules %{krun_opts} %{wasmedge_opts} %{yajl_opts}
 %make_build
 
 %install
 %make_install prefix=%{_prefix}
 rm -rf %{buildroot}%{_prefix}/lib*
 
-%if %{defined krun_support}
-ln -s %{_bindir}/%{name} %{buildroot}%{_bindir}/krun
-%endif
-
-%if %{defined wasm_support}
-ln -s %{_bindir}/%{name} %{buildroot}%{_bindir}/%{name}-wasm
-%endif
-
 %files
 %license COPYING
 %{_bindir}/%{name}

gating.yaml

@@ -0,0 +1,15 @@
+--- !Policy
+product_versions:
+  - fedora-*
+decision_contexts:
+  - bodhi_update_push_stable
+  - bodhi_update_push_testing
+rules:
+  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
+
+--- !Policy
+product_versions:
+  - rhel-*
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

plans/main.fmf

@@ -0,0 +1,41 @@
+discover:
+    how: fmf
+execute:
+    how: tmt
+prepare:
+    - when: distro == centos-stream or distro == rhel
+      how: shell
+      script: |
+        dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-$(rpm --eval '%{?rhel}').noarch.rpm
+        dnf -y config-manager --set-enabled epel
+      order: 10
+    - when: initiator == packit
+      how: shell
+      script: |
+        COPR_REPO_FILE="/etc/yum.repos.d/*podman-next*.repo"
+        if compgen -G $COPR_REPO_FILE > /dev/null; then
+            sed -i -n '/^priority=/!p;$apriority=1' $COPR_REPO_FILE
+        fi
+        dnf -y upgrade --allowerasing
+      order: 20
+    - how: install
+      package:
+        - bats
+        - crun
+        - podman-tests
+
+/upstream:
+    summary: Run crun specific Podman system tests on upstream PRs
+    discover+:
+        filter: tag:upstream
+    adjust+:
+        - enabled: false
+          when: initiator is not defined or initiator != packit
+
+/downstream:
+    summary: Run crun specific Podman system tests on bodhi / errata and dist-git PRs
+    discover+:
+        filter: tag:downstream
+    adjust+:
+        - enabled: false
+          when: initiator == packit

sources

@@ -1 +1 @@
-SHA512 (crun-1.14.1.tar.xz) = 4a45941e8257b5180e30bcd5b40837c632261187508693002c02c33764bc8e031a3c9345d8a5e5989a5427c7f237595c457f1eb8cdc7967867976cc4abe6bc5a
+SHA512 (crun-1.21.tar.zst) = 022bb56dbf20eb7c479b76a92fc55c69b219e36233ee7e588eb883afd092fb4aaeca842e64d83e53bbb08bd09f635d582a86824950971842b73921d1ce134bd1

tests/tmt/podman/system-test.fmf

@@ -0,0 +1,8 @@
+adjust:
+    duration: 10m
+    when: arch == aarch64
+
+/system_test:
+    tag: [ upstream, downstream ]
+    summary: Run crun specific Podman tests
+    test: bash ./system-test.sh

tests/tmt/podman/system-test.sh

@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+
+set -exo pipefail
+
+if [[ "$(id -u)" -ne 0 ]];then
+    echo "Please run this script as superuser"
+    exit 1
+fi
+
+cat /etc/redhat-release
+rpm -q conmon containers-common crun podman podman-tests
+
+# Run crun specific podman tests
+bats -t /usr/share/podman/test/system/030-run.bats
+bats -t /usr/share/podman/test/system/075-exec.bats
+bats -t /usr/share/podman/test/system/280-update.bats

tests/tmt/sanity/config.json

@@ -0,0 +1,180 @@
+{
+	"ociVersion": "1.0.0",
+	"process": {
+		"terminal": false,
+		"user": {
+			"uid": 0,
+			"gid": 0
+		},
+		"args": [
+			"sleep", "10"
+		],
+		"env": [
+			"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+			"TERM=xterm"
+		],
+		"cwd": "/",
+		"capabilities": {
+			"bounding": [
+				"CAP_AUDIT_WRITE",
+				"CAP_KILL",
+				"CAP_NET_BIND_SERVICE"
+			],
+			"effective": [
+				"CAP_AUDIT_WRITE",
+				"CAP_KILL",
+				"CAP_NET_BIND_SERVICE"
+			],
+			"inheritable": [
+			],
+			"permitted": [
+				"CAP_AUDIT_WRITE",
+				"CAP_KILL",
+				"CAP_NET_BIND_SERVICE"
+			],
+			"ambient": [
+				"CAP_AUDIT_WRITE",
+				"CAP_KILL",
+				"CAP_NET_BIND_SERVICE"
+			]
+		},
+		"rlimits": [
+			{
+				"type": "RLIMIT_NOFILE",
+				"hard": 1024,
+				"soft": 1024
+			}
+		],
+		"noNewPrivileges": true
+	},
+	"root": {
+		"path": "rootfs",
+		"readonly": true
+	},
+	"hostname": "crun",
+	"mounts": [
+		{
+			"destination": "/proc",
+			"type": "proc",
+			"source": "proc"
+		},
+		{
+			"destination": "/dev",
+			"type": "tmpfs",
+			"source": "tmpfs",
+			"options": [
+				"nosuid",
+				"strictatime",
+				"mode=755",
+				"size=65536k"
+			]
+		},
+		{
+			"destination": "/dev/pts",
+			"type": "devpts",
+			"source": "devpts",
+			"options": [
+				"nosuid",
+				"noexec",
+				"newinstance",
+				"ptmxmode=0666",
+				"mode=0620",
+				"gid=5"
+			]
+		},
+		{
+			"destination": "/dev/shm",
+			"type": "tmpfs",
+			"source": "shm",
+			"options": [
+				"nosuid",
+				"noexec",
+				"nodev",
+				"mode=1777",
+				"size=65536k"
+			]
+		},
+		{
+			"destination": "/dev/mqueue",
+			"type": "mqueue",
+			"source": "mqueue",
+			"options": [
+				"nosuid",
+				"noexec",
+				"nodev"
+			]
+		},
+		{
+			"destination": "/sys",
+			"type": "sysfs",
+			"source": "sysfs",
+			"options": [
+				"nosuid",
+				"noexec",
+				"nodev",
+				"ro"
+			]
+		},
+		{
+			"destination": "/sys/fs/cgroup",
+			"type": "cgroup",
+			"source": "cgroup",
+			"options": [
+				"nosuid",
+				"noexec",
+				"nodev",
+				"relatime",
+				"ro"
+			]
+		}
+	],
+	"linux": {
+		"resources": {
+			"devices": [
+				{
+					"allow": false,
+					"access": "rwm"
+				}
+			]
+		},
+		"namespaces": [
+			{
+				"type": "pid"
+			},
+			{
+				"type": "network"
+			},
+			{
+				"type": "ipc"
+			},
+			{
+				"type": "uts"
+			},
+			{
+				"type": "cgroup"
+			},
+			{
+				"type": "mount"
+			}
+		],
+		"maskedPaths": [
+			"/proc/acpi",
+			"/proc/asound",
+			"/proc/kcore",
+			"/proc/keys",
+			"/proc/latency_stats",
+			"/proc/timer_list",
+			"/proc/timer_stats",
+			"/proc/sched_debug",
+			"/sys/firmware",
+			"/proc/scsi"
+		],
+		"readonlyPaths": [
+			"/proc/bus",
+			"/proc/fs",
+			"/proc/irq",
+			"/proc/sys",
+			"/proc/sysrq-trigger"
+		]
+	}
+}

tests/tmt/sanity/main.fmf

@@ -0,0 +1,4 @@
+summary: Sanity test for crun
+tag: ['upstream', 'downstream']
+test: bash ./runtest.sh
+duration: 10m

tests/tmt/sanity/runtest.sh

@@ -0,0 +1,91 @@
+#!/usr/bin/env bash
+
+set -exo pipefail
+
+TEMPDIR=$(mktemp -d)
+TESTIMG="quay.io/libpod/busybox"
+CNAME="mycont-$RANDOM"
+
+cat /etc/redhat-release
+uname -r
+rpm -q crun criu
+
+crun --version
+[ $? -ne 0 ] && exit 1
+
+crun features
+[ $? -ne 0 ] && exit 1
+
+crun list
+[ $? -ne 0 ] && exit 1
+
+# create the top most bundle and rootfs directory
+mkdir -p $TEMPDIR/rootfs
+
+# export busybox via podman into the rootfs directory
+podman export $(podman create $TESTIMG) | tar -C $TEMPDIR/rootfs -xvf -
+[ $? -ne 0 ] && exit 1
+
+# use existing spec
+cp ./config.json $TEMPDIR
+ls $TEMPDIR
+cd $TEMPDIR
+
+crun create $CNAME
+[ $? -ne 0 ] && exit 1
+
+crun list
+[ $? -ne 0 ] && exit 1
+
+crun start $CNAME
+[ $? -ne 0 ] && exit 1
+
+crun list
+[ $? -ne 0 ] && exit 1
+
+crun state $CNAME
+[ $? -ne 0 ] && exit 1
+
+crun ps $CNAME
+[ $? -ne 0 ] && exit 1
+
+ret=$(crun exec $CNAME pwd)
+[ $? -ne 0 ] || [ $ret != '/' ] && exit 1
+
+crun pause $CNAME
+[ $? -ne 0 ] && exit 1
+
+crun state $CNAME
+[ $? -ne 0 ] && exit 1
+
+crun resume $CNAME
+[ $? -ne 0 ] && exit 1
+
+crun state $CNAME
+[ $? -ne 0 ] && exit 1
+
+ret=$(crun exec $CNAME pwd)
+[ $? -ne 0 ] || [ $ret != '/' ] && exit 1
+
+crun delete --force $CNAME
+[ $? -ne 0 ] && exit 1
+
+crun list
+[ $? -ne 0 ] && exit 1
+
+crun run $CNAME &
+[ $? -ne 0 ] && exit 1
+
+crun list
+[ $? -ne 0 ] && exit 1
+
+# make sure the container is running state
+sleep 2
+
+ret=$(crun exec $CNAME echo 'ok')
+[ $? -ne 0 ] || [ $ret != 'ok' ] && exit 1
+
+crun kill $CNAME
+[ $? -ne 0 ] && exit 1
+
+exit 0