Update to 1.18 upstream release

Upstream tag: 1.18
Upstream commit: 8656b254

Commit authored by Packit automation (https://packit.dev/)

.gitignore

@@ -89,16 +89,3 @@ crun-0.1.1.tar.gz
 /crun-1.15.tar.zst
 /crun-1.17.tar.zst
 /crun-1.18.tar.zst
-/crun-1.18.1.tar.zst
-/crun-1.18.2.tar.zst
-/crun-1.19.tar.zst
-/crun-1.19.1.tar.zst
-/crun-1.20.tar.zst
-/crun-1.21.tar.zst
-/crun-1.22.tar.zst
-/crun-1.23.tar.zst
-/crun-1.23.1.tar.zst
-/crun-1.24.tar.zst
-/crun-1.25.tar.zst
-/crun-1.25.1.tar.zst
-/crun-1.26.tar.zst

.packit.yaml

@@ -29,6 +29,8 @@ packages:
   crun-centos:
     pkg_tool: centpkg
     specfile_path: rpm/crun.spec
+  crun-rhel:
+    specfile_path: rpm/crun.spec
   crun-eln:
     specfile_path: rpm/crun.spec
 
@@ -65,11 +67,25 @@ jobs:
     trigger: pull_request
     packages: [crun-centos]
     notifications: *copr_build_failure_notification
-    targets: &centos_copr_targets
-      - centos-stream-9-x86_64
-      - centos-stream-9-aarch64
-      - centos-stream-10-x86_64
-      - centos-stream-10-aarch64
+    targets: &centos_targets
+      # Need epel9 repos to fetch wasmedge build dependency
+      centos-stream-9-x86_64:
+        additional_repos:
+          - https://dl.fedoraproject.org/pub/epel/9/Everything/x86_64/
+      centos-stream-9-aarch64:
+        additional_repos:
+          - https://dl.fedoraproject.org/pub/epel/9/Everything/aarch64/
+      # TODO: build on CS10 with wasmedge once epel-10 is available
+      centos-stream-10-x86_64: {}
+      centos-stream-10-aarch64: {}
+
+  - job: copr_build
+    trigger: pull_request
+    packages: [crun-rhel]
+    notifications: *copr_build_failure_notification
+    targets:
+      - epel-9-x86_64
+      - epel-9-aarch64
 
   # Run on commit to main branch
   - job: copr_build
@@ -86,9 +102,9 @@ jobs:
   - job: tests
     trigger: pull_request
     packages: [crun-fedora]
-    notifications: &test_failure_notification
+    notifications: &podman_system_test_fail_notification
       failure_comment:
-        message: "TMT tests failed. @containers/packit-build please check."
+        message: "podman system tests failed. @containers/packit-build please check."
     targets: *fedora_copr_targets
     tf_extra_params:
       environments:
@@ -100,30 +116,42 @@ jobs:
   - job: tests
     trigger: pull_request
     packages: [crun-centos]
-    notifications: *test_failure_notification
-    # TODO: Re-enable centos-stream-10-x86_64 once criu issues are solved
-    # Ref: https://github.com/containers/crun/pull/1758#issuecomment-2901772392
-    # Issue filed: https://github.com/containers/crun/issues/1759
-    #targets: *centos_copr_targets
-    targets:
-      - centos-stream-9-x86_64
-      - centos-stream-9-aarch64
-      - centos-stream-10-aarch64
+    notifications: *podman_system_test_fail_notification
+    targets: *centos_targets
     tf_extra_params:
       environments:
         - artifacts:
           - type: repository-file
             id: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/repo/centos-stream-$releasever/rhcontainerbot-podman-next-centos-stream-$releasever.repo
 
+  # Podman system tests for RHEL
+  - job: tests
+    trigger: pull_request
+    packages: [crun-rhel]
+    use_internal_tf: true
+    notifications: *podman_system_test_fail_notification
+    targets:
+      epel-9-x86_64:
+        distros: [RHEL-9.4.0-Nightly,RHEL-9-Nightly]
+      epel-9-aarch64:
+        distros: [RHEL-9.4.0-Nightly,RHEL-9-Nightly]
+    #TODO: Enable RHEL10 targets once epel-10 copr target is available
+    tf_extra_params:
+      environments:
+        - artifacts:
+          - type: repository-file
+            id: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/repo/epel-$releasever/rhcontainerbot-podman-next-epel-$releasever.repo
+          - type: repository-file
+            id: https://src.fedoraproject.org/rpms/epel-release/raw/epel9/f/epel.repo
+
   - job: propose_downstream
     trigger: release
     packages: [crun-fedora]
     dist_git_branches: &fedora_targets
       - fedora-all
 
-  # Disabled until we're switching to Packit for CentOS Stream
   - job: propose_downstream
-    trigger: ignore
+    trigger: release
     packages: [crun-centos]
     dist_git_branches:
       - c10s

README.packit

@@ -1,3 +1,3 @@
 This repository is maintained by packit.
 https://packit.dev/
-The file was generated using packit 1.13.0.post1.dev2+g84134016c.
+The file was generated using packit 0.102.1.post1.dev6+g64f7460b.

crun.spec

@@ -9,17 +9,20 @@
 # krun and wasm support only on aarch64 and x86_64
 %ifarch aarch64 || x86_64
 
-%if %{defined fedora}
-# krun only exists on fedora
-%global krun_support 1
-%global krun_opts --with-libkrun
-
-# Keep wasmedge enabled only on Fedora. It breaks a lot on EPEL.
+# Disable wasmedge on rhel 10 until EPEL10 is in place, otherwise it causes
+# build issues on copr
+%if %{defined fedora} || (%{defined copr_build} && %{defined rhel} && 0%{?rhel} < 10)
 %global wasm_support 1
 %global wasmedge_support 1
 %global wasmedge_opts --with-wasmedge
 %endif
 
+# krun only exists on fedora
+%if %{defined fedora}
+%global krun_support 1
+%global krun_opts --with-libkrun
+%endif
+
 %endif
 
 %if %{defined fedora} || (%{defined rhel} && 0%{?rhel} < 10)
@@ -39,7 +42,7 @@ Epoch: 102
 # If that's what you're reading, Version must be 0, and will be updated by Packit for
 # copr and koji builds.
 # If you're reading this on dist-git, the version is automatically filled in by Packit.
-Version: 1.26
+Version: 1.18
 Release: %autorelease
 URL: https://github.com/containers/%{name}
 Source0: %{url}/releases/download/%{version}/%{name}-%{version}.tar.zst
@@ -66,14 +69,15 @@ BuildRequires: libseccomp-devel
 BuildRequires: python3-libmount
 BuildRequires: libtool
 BuildRequires: protobuf-c-devel
+%ifnarch riscv64
 BuildRequires: criu-devel >= 3.17.1-2
 Recommends: criu >= 3.17.1
 Recommends: criu-libs
+%endif
 %if %{defined wasmedge_support}
 BuildRequires: wasmedge-devel
 %endif
 BuildRequires: python
-BuildRequires: glibc-static
 Provides: oci-runtime
 
 %description
@@ -117,9 +121,6 @@ Recommends: wasmedge
 %make_install prefix=%{_prefix}
 rm -rf %{buildroot}%{_prefix}/lib*
 
-# Placeholder check to silence rpmlint
-%check
-
 %files
 %license COPYING
 %{_bindir}/%{name}

gating.yaml

@@ -1,9 +1,7 @@
 --- !Policy
 product_versions:
   - fedora-*
-decision_contexts:
-  - bodhi_update_push_stable
-  - bodhi_update_push_testing
+decision_context: bodhi_update_push_stable
 rules:
   - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
 
@@ -11,5 +9,4 @@ rules:
 product_versions:
   - rhel-*
 decision_context: osci_compose_gate
-rules:
-  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
+rules: []

plans/main.fmf

@@ -2,39 +2,19 @@ discover:
     how: fmf
 execute:
     how: tmt
-prepare:
-    - when: distro == centos-stream or distro == rhel
-      how: shell
-      script: |
-        dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-$(rpm --eval '%{?rhel}').noarch.rpm
-        dnf -y config-manager --set-enabled epel
-      order: 10
-    - when: initiator == packit
-      how: shell
-      script: |
-        COPR_REPO_FILE="/etc/yum.repos.d/*podman-next*.repo"
-        if compgen -G $COPR_REPO_FILE > /dev/null; then
-            sed -i -n '/^priority=/!p;$apriority=1' $COPR_REPO_FILE
-        fi
-        dnf -y upgrade --allowerasing
-      order: 20
-    - how: install
-      package:
-        - bats
-        - crun
-        - podman-tests
 
-/shellcheck:
+/upstream:
+    summary: Run crun specific Podman system tests on upstream PRs
     discover+:
-        filter: 'tag:shellcheck'
-    enabled: true
-    adjust:
+        filter: tag:upstream
+    adjust+:
         enabled: false
-        when: distro == centos-stream-10 or distro == rhel-10
-    prepare+:
-        - how: install
-          package: ShellCheck
+        when: initiator is not defined or initiator != packit
 
-/tests:
+/downstream:
+    summary: Run crun specific Podman system tests on bodhi / errata and dist-git PRs
     discover+:
-        filter: 'tag:podman | tag:sanity'
+        filter: tag:downstream
+    adjust+:
+        enabled: false
+        when: initiator == packit

plans/tmt.fmf

@@ -1,9 +0,0 @@
-/:
-  inherit: false
-
-summary: Run tmt's integration tests
-plan:
-  import:
-    url: https://github.com/teemtee/tmt
-    path: /plans/friends
-    name: /podman

sources

@@ -1 +1 @@
-SHA512 (crun-1.26.tar.zst) = 0785af6095a26290f433c5739bea5d98a029c3f0e8efbeed420481849ebddd70acde6c1105133c392abf26bca90d232cced5e5994da7506d66a020a02c129fb3
+SHA512 (crun-1.18.tar.zst) = a1a77a74163bcad18541c688e8006449c86ff490c98485c1294bdbf892840d1add1d5a25de75950a21255185aebdb6136490512d4c7562a53ac4052669924fad

tests/tmt/Makefile

@@ -0,0 +1,3 @@
+.PHONY: podman_system_test
+podman_system_test:
+	bash ./podman-tests.sh

tests/tmt/main.fmf

@@ -0,0 +1,13 @@
+# Only common dependencies that are NOT required to run podman-tests.sh are
+# specified here. Everything else is in podman-tests.sh.
+require:
+    - make
+
+adjust:
+    duration: 10m
+    when: arch == aarch64
+
+/podman_system_test:
+    tag: [ upstream, downstream ]
+    summary: Run crun specific Podman tests
+    test: make podman_system_test

tests/tmt/podman-tests.sh

@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+
+set -exo pipefail
+
+if [[ "$(id -u)" -ne 0 ]];then
+    echo "Please run this script as superuser"
+    exit 1
+fi
+
+# Remove testing-farm repos if they exist because they interfere with the
+# podman-next copr. The default distro repos will not be removed and can be
+# used wherever relevant.
+rm -f /etc/yum.repos.d/tag-repository.repo
+
+dnf -y install bats conmon podman podman-tests
+dnf -y update --allowerasing
+
+cat /etc/redhat-release
+rpm -q conmon containers-common crun podman podman-tests
+
+# Run crun specific podman tests
+bats /usr/share/podman/test/system/030-run.bats

tests/tmt/podman/system-test.fmf

@@ -1,7 +0,0 @@
-adjust:
-    duration: 10m
-    when: arch == aarch64
-
-summary: Run crun specific Podman tests
-test: bash ./system-test.sh
-tag: [ podman ]

tests/tmt/podman/system-test.sh

@@ -1,17 +0,0 @@
-#!/usr/bin/env bash
-
-set -exo pipefail
-
-if [[ "$(id -u)" -ne 0 ]];then
-    echo "Please run this script as superuser"
-    exit 1
-fi
-
-cat /etc/redhat-release
-rpm -q conmon containers-common crun podman podman-tests
-
-# Run crun specific podman tests
-bats -t /usr/share/podman/test/system/030-run.bats
-bats -t /usr/share/podman/test/system/075-exec.bats
-bats -t /usr/share/podman/test/system/280-update.bats
-bats -t /usr/share/podman/test/system/520-checkpoint.bats

tests/tmt/sanity/config.json

@@ -1,180 +0,0 @@
-{
-	"ociVersion": "1.0.0",
-	"process": {
-		"terminal": false,
-		"user": {
-			"uid": 0,
-			"gid": 0
-		},
-		"args": [
-			"sleep", "10"
-		],
-		"env": [
-			"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
-			"TERM=xterm"
-		],
-		"cwd": "/",
-		"capabilities": {
-			"bounding": [
-				"CAP_AUDIT_WRITE",
-				"CAP_KILL",
-				"CAP_NET_BIND_SERVICE"
-			],
-			"effective": [
-				"CAP_AUDIT_WRITE",
-				"CAP_KILL",
-				"CAP_NET_BIND_SERVICE"
-			],
-			"inheritable": [
-			],
-			"permitted": [
-				"CAP_AUDIT_WRITE",
-				"CAP_KILL",
-				"CAP_NET_BIND_SERVICE"
-			],
-			"ambient": [
-				"CAP_AUDIT_WRITE",
-				"CAP_KILL",
-				"CAP_NET_BIND_SERVICE"
-			]
-		},
-		"rlimits": [
-			{
-				"type": "RLIMIT_NOFILE",
-				"hard": 1024,
-				"soft": 1024
-			}
-		],
-		"noNewPrivileges": true
-	},
-	"root": {
-		"path": "rootfs",
-		"readonly": true
-	},
-	"hostname": "crun",
-	"mounts": [
-		{
-			"destination": "/proc",
-			"type": "proc",
-			"source": "proc"
-		},
-		{
-			"destination": "/dev",
-			"type": "tmpfs",
-			"source": "tmpfs",
-			"options": [
-				"nosuid",
-				"strictatime",
-				"mode=755",
-				"size=65536k"
-			]
-		},
-		{
-			"destination": "/dev/pts",
-			"type": "devpts",
-			"source": "devpts",
-			"options": [
-				"nosuid",
-				"noexec",
-				"newinstance",
-				"ptmxmode=0666",
-				"mode=0620",
-				"gid=5"
-			]
-		},
-		{
-			"destination": "/dev/shm",
-			"type": "tmpfs",
-			"source": "shm",
-			"options": [
-				"nosuid",
-				"noexec",
-				"nodev",
-				"mode=1777",
-				"size=65536k"
-			]
-		},
-		{
-			"destination": "/dev/mqueue",
-			"type": "mqueue",
-			"source": "mqueue",
-			"options": [
-				"nosuid",
-				"noexec",
-				"nodev"
-			]
-		},
-		{
-			"destination": "/sys",
-			"type": "sysfs",
-			"source": "sysfs",
-			"options": [
-				"nosuid",
-				"noexec",
-				"nodev",
-				"ro"
-			]
-		},
-		{
-			"destination": "/sys/fs/cgroup",
-			"type": "cgroup",
-			"source": "cgroup",
-			"options": [
-				"nosuid",
-				"noexec",
-				"nodev",
-				"relatime",
-				"ro"
-			]
-		}
-	],
-	"linux": {
-		"resources": {
-			"devices": [
-				{
-					"allow": false,
-					"access": "rwm"
-				}
-			]
-		},
-		"namespaces": [
-			{
-				"type": "pid"
-			},
-			{
-				"type": "network"
-			},
-			{
-				"type": "ipc"
-			},
-			{
-				"type": "uts"
-			},
-			{
-				"type": "cgroup"
-			},
-			{
-				"type": "mount"
-			}
-		],
-		"maskedPaths": [
-			"/proc/acpi",
-			"/proc/asound",
-			"/proc/kcore",
-			"/proc/keys",
-			"/proc/latency_stats",
-			"/proc/timer_list",
-			"/proc/timer_stats",
-			"/proc/sched_debug",
-			"/sys/firmware",
-			"/proc/scsi"
-		],
-		"readonlyPaths": [
-			"/proc/bus",
-			"/proc/fs",
-			"/proc/irq",
-			"/proc/sys",
-			"/proc/sysrq-trigger"
-		]
-	}
-}

tests/tmt/sanity/main.fmf

@@ -1,4 +0,0 @@
-summary: Sanity test for crun
-test: bash ./runtest.sh
-duration: 10m
-tag: [ sanity ]

tests/tmt/sanity/runtest.sh

@@ -1,113 +0,0 @@
-#!/usr/bin/env bash
-
-set -exo pipefail
-
-TEMPDIR=$(mktemp -d)
-TESTIMG="quay.io/libpod/busybox"
-CNAME="mycont-$RANDOM"
-
-cat /etc/redhat-release
-uname -r
-rpm -q crun criu
-
-if ! crun --version; then
-    exit 1
-fi
-
-if ! crun features; then
-    exit 1
-fi
-
-if ! crun list; then
-    exit 1
-fi
-
-# create the top most bundle and rootfs directory
-mkdir -p "$TEMPDIR"/rootfs
-
-# export busybox via podman into the rootfs directory
-if ! (podman export "$(podman create $TESTIMG)" | tar -C "$TEMPDIR"/rootfs -xvf -); then
-    exit 1
-fi
-
-# use existing spec
-cp ./config.json "$TEMPDIR"
-ls "$TEMPDIR"
-cd "$TEMPDIR"
-
-if ! crun create $CNAME; then
-    exit 1
-fi
-
-if ! crun list; then
-    exit 1
-fi
-
-if ! crun start $CNAME; then
-    exit 1
-fi
-
-if ! crun list; then
-    exit 1
-fi
-
-if ! crun state $CNAME; then
-    exit 1
-fi
-
-if ! crun ps $CNAME; then
-    exit 1
-fi
-
-if ! ret=$(crun exec $CNAME pwd) || [[ "$ret" != '/' ]]; then
-    exit 1
-fi
-
-if ! crun pause $CNAME; then
-    exit 1
-fi
-
-if ! crun state $CNAME; then
-    exit 1
-fi
-
-if ! crun resume $CNAME; then
-    exit 1
-fi
-
-if ! crun state $CNAME; then
-    exit 1
-fi
-
-if ! ret=$(crun exec $CNAME pwd) || [[ "$ret" != '/' ]]; then
-    exit 1
-fi
-
-if ! crun delete --force $CNAME; then
-    exit 1
-fi
-
-if ! crun list; then
-    exit 1
-fi
-
-if ! (crun run $CNAME &); then
-    exit 1
-fi
-
-if ! crun list; then
-    exit 1
-fi
-
-# make sure the container is running state
-sleep 2
-
-if ! ret=$(crun exec $CNAME echo 'ok') || [[ "$ret" != 'ok' ]]; then
-    exit 1
-fi
-
-if ! crun kill $CNAME; then
-    exit 1
-fi
-
-exit 0

tests/tmt/shellcheck/main.fmf

@@ -1,4 +0,0 @@
-summary: Shellcheck tests
-test: find ../ -type f -name "*.sh" -exec shellcheck {} + 
-duration: 10m
-tag: [ shellcheck ]