pool/crun
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
e4da896bdb
crun/crun.spec
Dario Faggioli e4da896bdb Accepting request 969577 from home:dfaggioli:Virtualization 
- It'd be nice to run the test suite with %check. It however, still
  does not work properly inside OBS workers. Add it commented (and
  explain it in a comment)
- switch to latest upstream version (1.4.4)
- big jump from 0.21! Here's a short summary, for details,
  see: https://github.com/containers/crun/releases
  * 1.4.4
    wasm, kubernetes: support wasm for kubernetes infrastructure with side-cars
    Resolve symlinks in bind mounts when creating a user namespace.
    Fix CVE-2022-27650: exec does not set inheritable capabilities.
  * 1.4.3
    cgroup: avoid potential infinite loop when deleting a cgroup.
    support additional options for idmap mounts.
    open the source for a bind mount in the host.
  * 1.4.2
    CRIU: add pre-dump support.
    Fix running with a read-only /dev.
    Ignore EROFS when chowning standard stream files.
    Add validation for sysctls before applying them.
  * 1.4.1
    Fix check for an invalid path.
    Allow deleting a container while in created state.
    cgroup: do not set cpu limits if number of shares is set to 0.
  * 1.4
    wasm: support for running on kubernetes with containerd.
    linux: add support for recursive mount options.
    add support for idmapped mounts through a new mount option "idmap".
    linux: improve detection of /dev target.
    now crun exec uses CLONE_INTO_CGROUP on supported kernels when using cgroup v2.
    retry the openat2 syscall if it fails with EAGAIN.
    cgroup: set the CPUWeight/CPUShares on the systemd scope cgroup.
    on new kernels, use setns with pidfd.
    attempt the chdir again with the specified user if it failed before changing credentials.
  * 1.3
    add support to natively build and run WebAssembly workload and WebAssembly containers.
    allow to specify sub-cgroup for exec.
    chown std streams if they are not a TTY.
    attach the correct streams if the container is suspended and restored multiple times.
    fix race condition when enabling controllers on cgroup v2.
  * 1.2
    exec: fix regression in 1.1 where containers are being wrongly reported as paused.
    criu: add support for external ipc, uts and time namespaces.
  * 1.1
    cgroup: use cgroup.kill when available.
    exec: refuse to exec in a paused container/cgroup.
    container: Set primary process to 1 via LISTEN_PID by default if user configuration is missing.
    criu: Add support for external PID namespace.
    criu: fix save of external descriptors.
    utils: retry openat2 on EAGAIN.
  * 1.0
    cgroup: chown the current container cgroup to root in the container.
    linux: treat pidfd_open failures EINVAL as ESRCH.
    cgroup: add support for setting memory.use_hierarchy on cgroup v1.
    Makefile.am: fix link error when using directly libcrun.
    Fix symlink target mangling for tmpcopyup targets.
- fix bsc#1197871, CVE-2022-27650 (as 1.4.4 contains the fixes itself)
- update and fixup dependencies

OBS-URL: https://build.opensuse.org/request/show/969577
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=11
2022-04-12 22:04:19 +00:00

91 lines
2.4 KiB
RPMSpec
Raw Blame History

#
# spec file for package crun
#
# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Summary: OCI runtime written in C
License: GPL-2.0-or-later
Name: crun
Version: 1.4.4
Release: 0
Source0: https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.gz
URL: https://github.com/containers/crun
# We always run autogen.sh
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: gcc
BuildRequires: gettext
BuildRequires: glibc-devel-static
BuildRequires: go-md2man
BuildRequires: libcap-devel
BuildRequires: libprotobuf-c-devel
BuildRequires: libseccomp-devel
BuildRequires: libtool
BuildRequires: libyajl-devel
BuildRequires: make
BuildRequires: python3
BuildRequires: python3-libmount
BuildRequires: systemd-devel
%ifnarch %ix86
BuildRequires: criu-devel >= 3.15
%endif
%ifarch x86_64 aarch64
BuildRequires: libkrun >= 0.1.4
Requires: libkrun >= 0.1.7
%endif
%description
crun is a runtime for running OCI containers. It is built with libkrun support
%prep
%autosetup -p1
%build
%ifarch x86_64 aarch64
export LIBKRUN="--with-libkrun"
%endif
./autogen.sh
%configure --disable-silent-rules $LIBKRUN CFLAGS='-I /usr/include/libseccomp'
%make_build
# TODO:
# - it would be nice to enable the test-suite, but seems to behave (and fail!)
# differently when run inside of an OBS worker, with respect to when it's
# run manually on the host... Need to investigate more.
#%check
#make test-suite.log
%install
%make_install
rm -rf %{buildroot}/%{_libdir}/lib*
%ifarch x86_64 aarch64
# allow easy krun usage with podman
ln -s %{_bindir}/crun %{buildroot}%{_bindir}/krun
%endif
%files
%defattr(-,root,root)
%license COPYING
%doc README.md
%doc SECURITY.md
%{_bindir}/%{name}
%ifarch x86_64 aarch64
%{_bindir}/krun
%endif
%{_mandir}/man1/*
%changelog
Reference in New Issue View Git Blame Copy Permalink