Accepting request 910492 from Virtualization:containers

OBS-URL: https://build.opensuse.org/request/show/910492 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/crun?expand=0&rev=2
2021-08-06 20:44:59 +00:00 · 2021-08-06 20:44:59 +00:00 · 734f0d2db1
commit 734f0d2db1
parent 7a0d8e1bfc f9395f9751
5 changed files with 101 additions and 30 deletions
--- a/crun-0.18.tar.gz
+++ b/crun-0.18.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:913191076ceaca7d8809f776894bb37be9271de82c06a810697d6a8f4746e241
-size 1394857
--- a/crun-0.21.tar.gz
+++ b/crun-0.21.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:018c805c88a15cbd8341d00badd00c92de256bc585c46336be78f1ff9a5a3cf2
+size 1878109
--- a/crun.changes
+++ b/crun.changes
@ -1,3 +1,52 @@
+-------------------------------------------------------------------
+Fri Aug  6 09:55:53 UTC 2021 - Frederic Crozat <fcrozat@suse.com>
+
+- Add libkrun-dlopen.patch: use soname when dlopening libkrun.
+
+-------------------------------------------------------------------
+Wed Jul 28 11:56:01 UTC 2021 - Paolo Stivanin <info@paolostivanin.com>
+
+- Update to 0.21
+  - honor memory swappiness set to 0
+  - status: add fields for owner and created timestamp
+  - cgroup: lookup pids controller as well when the memory controller
+    is not available
+  - when compiled with krun, automatically use it if the current
+    executable file is called "krun".
+  - container: ignore error when resetting the SELinux label for the
+    keyring.
+  - container: call prestart hooks before rootfs is RO.
+  - cgroup: added support cleaning custom controllers on cgroupv1.
+  - spec: add support for --bundle.
+  - exec: add --no-new-privs.
+  - exec: add --process-label and --apparmor to change SELinux and
+    AppArmor labels.
+  - cgroup: kill procs in cgroup on EBUSY.
+  - cgroup: ignore devices errors when running in a user namespace.
+  - seccomp: drop SECCOMP_FILTER_FLAG_LOG by default.
+  - seccomp: report correct action in error message.
+  - apply SELinux label to keyring.
+  - add custom annotation run.oci.delegate-cgroup.
+  - close_range fallbacks to close on EPERM.
+  - report error if the cgroup path was set and the cgroup could not be
+    joined.
+  - on exec, honor additional_gids from the process spec, not the
+    container definition.
+  - spec: add cgroup ns if on cgroup v2.
+  - systemd: support array of strings for cgroup annotation.
+  - join all the cgroup v1 controllers.
+  - raise a warning when newuidmap/newgidmap fail.
+  - handle eBPF access(dev_name, F_OK) call correctly.
+  - fix some memory leaks on errors when libcrun is used by a long
+    running process.
+  - fix the SELinux label for masked directories.
+  - support default seccomp errno value.
+  - fail if no default seccomp action specified.
+  - support OCI seccomp notify listener.
+  - improve OOM error messages.
+  - ignore unknown capabilities and raise a warning.
+  - always remount bind mounts to drop not requested mount flags.
+
 -------------------------------------------------------------------
 Tue Mar 23 17:52:10 UTC 2021 - Dario Faggioli <dfaggioli@suse.com>

--- a/crun.spec
+++ b/crun.spec
@ -15,41 +15,44 @@
 # Please submit bugfixes or comments via https://bugs.opensuse.org/
 #

-Summary:	OCI runtime written in C
-Name:		crun
-Version:	0.18
-Release:	0
-Source0:	https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.gz
-Source1:	crun-rpmlintrc
-License:	GPL-2.0-or-later
-URL:		https://github.com/containers/crun
-ExclusiveArch:	x86_64 aarch64
+
+Summary:        OCI runtime written in C
+License:        GPL-2.0-or-later
+Name:           crun
+Version:        0.21
+Release:        0
+Source0:        https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.gz
+Source1:        crun-rpmlintrc
+# PATCH-FIX-OPENSUSE libkrun-dlopen.patch fcrozat@suse.com -- use soname when dlopening libkrun
+Patch0:         libkrun-dlopen.patch
+URL:            https://github.com/containers/crun
+ExclusiveArch:  x86_64 aarch64
 # We always run autogen.sh
-BuildRequires:	autoconf
-BuildRequires:	automake
-BuildRequires:	gcc
-BuildRequires:	python
-BuildRequires:	git-core
-BuildRequires:	libcap-devel
-BuildRequires:	systemd-devel
-BuildRequires:	libyajl-devel
-BuildRequires:	libseccomp-devel
-BuildRequires:	libselinux-devel
-BuildRequires:	python3-libmount
-BuildRequires:	libtool
-BuildRequires:	go-md2man
-BuildRequires:	glibc-devel-static
-BuildRequires:	libkrun-devel >= 0.1.4	
+BuildRequires:  autoconf
+BuildRequires:  automake
+BuildRequires:  gcc
+BuildRequires:  git-core
+BuildRequires:  glibc-devel-static
+BuildRequires:  go-md2man
+BuildRequires:  libcap-devel
+BuildRequires:  libkrun-devel >= 0.1.4
+BuildRequires:  libseccomp-devel
+BuildRequires:  libselinux-devel
+BuildRequires:  libtool
+BuildRequires:  libyajl-devel
+BuildRequires:  python
+BuildRequires:  python3-libmount
+BuildRequires:  systemd-devel
 %ifnarch %ix86
-BuildRequires:	criu-devel >= 3.15
+BuildRequires:  criu-devel >= 3.15
 %endif
-Requires:	libkrun0 >= 0.1.4
+Requires:       libkrun0 >= 0.1.4

 %description
 crun is a runtime for running OCI containers. It is built with libkrun support

 %prep
-%autosetup
+%autosetup -p1

 %build
 ./autogen.sh
@ -59,6 +62,8 @@ crun is a runtime for running OCI containers. It is built with libkrun support
 %install
 %make_install
 rm -rf %{buildroot}/%{_libdir}/lib*
+# allow easy krun usage with podman
+ln -s %{_bindir}/crun %{buildroot}%{_bindir}/krun

 %files
 %defattr(-,root,root)
@ -66,6 +71,7 @@ rm -rf %{buildroot}/%{_libdir}/lib*
 %doc README.md
 %doc SECURITY.md
 %{_bindir}/%{name}
+%{_bindir}/krun
 %{_mandir}/man1/*

 %changelog
--- a/libkrun-dlopen.patch
+++ b/libkrun-dlopen.patch
@ -0,0 +1,16 @@
+Index: crun-0.18/src/libcrun/container.c
+===================================================================
+--- crun-0.18.orig/src/libcrun/container.c	2021-02-18 16:25:28.000000000 +0100
+++ crun-0.18/src/libcrun/container.c	2021-08-06 11:54:48.798850933 +0200
+@@ -712,9 +712,9 @@
+ #endif
+ 
+ #if HAVE_DLOPEN && HAVE_LIBKRUN
+-  handle = dlopen ("libkrun.so", RTLD_NOW);
+  handle = dlopen ("libkrun.so.0", RTLD_NOW);
+   if (handle == NULL)
+-    return crun_make_error (err, 0, "could not load `libkrun.so`: %s", dlerror ());
+    return crun_make_error (err, 0, "could not load `libkrun.so.0`: %s", dlerror ());
+ 
+   args->exec_func = libkrun_do_exec;
+   args->exec_func_arg = handle;