diff --git a/runc-1.0.3.tar.xz b/runc-1.0.3.tar.xz deleted file mode 100644 index 2850dd8..0000000 --- a/runc-1.0.3.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e9297b338f3b382cc3a40d4c4a3bfbe8ff8db9761028691a67ea68e612d21ab6 -size 1415820 diff --git a/runc-1.0.3.tar.xz.asc b/runc-1.0.3.tar.xz.asc deleted file mode 100644 index 0488024..0000000 --- a/runc-1.0.3.tar.xz.asc +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQJDBAABCAAtFiEEXzbGxhtUYBJKdfWmnhiqJn3bjbQFAmGtjaEPHGFzYXJhaUBz -dXNlLmRlAAoJEJ4YqiZ92420Wv8QALHxw0muAoTPwFNkh3KLbGtiCiniFEJsaWCq -+abTJKOURbRzM2GuTu78cu305PC7KJcy33jgUK7g9AeuJkGj08OqqqIZeQNHThIq -LQfZOBKjX6PoXSFGSAQzwEehp+Nx8zc09e4u6yspr3GqKgxAlag0aq+qgiwvay/I -7sfFu54ooEw2zom+EHfYOOuMpmRSP38zw77USpqR6OUQQAm/UX1fGJdEi15qqS2U -31oUiSRkxwttvJTxXXpcGf71oB8iBLfM4BhFCkHLX0+uQUFh22Nmr8D4d8JE3ur+ -xOJRXfF28o8lNV/ixQ+8c2YvxObF2hqine5ScZ1g8D0/d3oLZDKxuWb7lvSxXnRy -Ij1Jkw6Lg8RMjvPjjGn+P+l4N74fnPB1oUQIkpBg5YEufUph9NMiURdcbr28w4Is -alV37DgQno+QxGCou4os7XFlapeLUkc44FN3FNIlCUMew69X8e+QnBo3X4nkm1cl -rDr+HjmjgZi1vyry/klVfaYy8g8hMmplU0TKRI4wAwElNW0qQZZIvuh+EbLxbVfE -1Xi1xZM4P2P9vpIYsem9fBQtHexV9j9NnBoZQnF874rUgLFadYHg84IK1lmiEcTr -0JNUU1l+dLTXGzt9qpOFnVSzQy7fECagEXNLPWBOQzL0esdvZpu+dx3aosKyKDNv -eJJjGgZy -=jAoe ------END PGP SIGNATURE----- diff --git a/runc-1.1.0~rc1.tar.xz b/runc-1.1.0~rc1.tar.xz new file mode 100644 index 0000000..a015899 --- /dev/null +++ b/runc-1.1.0~rc1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b4e1cd313a7b72fd79f922de7126060d4a3dbd0f1039f0d129cd1b6f66e2e762 +size 1411376 diff --git a/runc-1.1.0~rc1.tar.xz.asc b/runc-1.1.0~rc1.tar.xz.asc new file mode 100644 index 0000000..f363827 --- /dev/null +++ b/runc-1.1.0~rc1.tar.xz.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- + +iQJDBAABCAAtFiEEXzbGxhtUYBJKdfWmnhiqJn3bjbQFAmG4EMgPHGFzYXJhaUBz +dXNlLmRlAAoJEJ4YqiZ92420wrsP/R6kQcEZgvTt9ArztN6KVI+sB0nikg5NHKQH +vs9/ETwph0Ur2AdCyjXaV/88Cvr5UB4QaSxyz2xEzXSdc2K7tUkn8VrR2mYzviR7 +4sM8cgGRDcHECTwPXJ1STJhSWbSUCIUqhS+u83RmUsoxUWpdm5fah5AzgN6V8qkD +gflRUz22kmmoDhnAPvdEtoq6KKL8Kcd/GYXCtmeND1FspYe7eTBeLRiHP+8fEh3U +keE+J2/mKnJFqL3K9TztTks/nLiiFsfWvfiloRed6FS+T0a85ITxJm+Lc7TBIKAP +krcb9Vg0V76GCkel+BTtbXdIXZEpT4zkqGALb457yD0f6gtSGarKRdHOPQCUYCWV +RiiihAKFX0ab9BrITLedj8K2QcwrE/m3KS5TRCYUkBrsR0LEfAEvLcO0Y/FGzjIw +zg93yWXFLlqPKZsdLjpxOwBHJlTSt45DcdAFjV7itQHnm7i6aXaCpFrJUB0cX+oz +BmgDFPNFw6cV4FcWioZGww66XzySus7Hxq2oE9sehAuybFUA2cETZ6TnsPRfFIEz +tV9rnzOjumafgBUml5ZcHVT0G85hgb5X0M7UzEHI97hrwfK1zjLXrvlqqq0Ct0Ch +ZsVGGGO6+rum97DjhgH5gSKd24nhDHC0r6WurF4i97/du5lfINEeoGaLp9TqH03s +5cKlVYVv +=orVI +-----END PGP SIGNATURE----- diff --git a/runc-rpmlintrc b/runc-rpmlintrc deleted file mode 100644 index ca46b2b..0000000 --- a/runc-rpmlintrc +++ /dev/null @@ -1,2 +0,0 @@ -# -test is something that is used internally and isn't actually shipped -- it's a pseudo-source package. -addFilter ("^runc(-kubic)?-test.*") diff --git a/runc.changes b/runc.changes index 40fdd75..f657465 100644 --- a/runc.changes +++ b/runc.changes @@ -1,3 +1,62 @@ +------------------------------------------------------------------- +Tue Dec 14 05:04:21 UTC 2021 - Aleksa Sarai + +- Update to runc v1.1.0~rc1. Upstream changelog is available from + https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1. + + + Add support for RDMA cgroup added in Linux 4.11. + * runc exec now produces exit code of 255 when the exec failed. + This may help in distinguishing between runc exec failures + (such as invalid options, non-running container or non-existent + binary etc.) and failures of the command being executed. + + runc run: new --keep option to skip removal exited containers artefacts. + This might be useful to check the state (e.g. of cgroup controllers) after + the container hasexited. + + seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD + (the latter is just an alias for SCMP_ACT_KILL). + + seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows + users to create sophisticated seccomp filters where syscalls can be + efficiently emulated by privileged processes on the host. + + checkpoint/restore: add an option (--lsm-mount-context) to set + a different LSM mount context on restore. + + intelrdt: support ClosID parameter. + + runc exec --cgroup: an option to specify a (non-top) in-container cgroup + to use for the process being executed. + + cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1 + machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc + run/exec now adds the container to the appropriate cgroup under it). + + sysctl: allow slashes in sysctl names, to better match sysctl(8)'s + behaviour. + + mounts: add support for bind-mounts which are inaccessible after switching + the user namespace. Note that this does not permit the container any + additional access to the host filesystem, it simply allows containers to + have bind-mounts configured for paths the user can access but have + restrictive access control settings for other users. + + Add support for recursive mount attributes using mount_setattr(2). These + have the same names as the proposed mount(8) options -- just prepend r + to the option name (such as rro). + + Add runc features subcommand to allow runc users to detect what features + runc has been built with. This includes critical information such as + supported mount flags, hook names, and so on. Note that the output of this + command is subject to change and will not be considered stable until runc + 1.2 at the earliest. The runtime-spec specification for this feature is + being developed in opencontainers/runtime-spec#1130. + * system: improve performance of /proc/$pid/stat parsing. + * cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change + the ownership of certain cgroup control files (as per + /sys/kernel/cgroup/delegate) to allow for proper deferral to the container + process. + * runc checkpoint/restore: fixed for containers with an external bind mount + which destination is a symlink. + * cgroup: improve openat2 handling for cgroup directory handle hardening. + runc delete -f now succeeds (rather than timing out) on a paused + container. + * runc run/start/exec now refuses a frozen cgroup (paused container in case of + exec). Users can disable this using --ignore-paused. +- Update version data embedded in binary to correctly include the git commit of + the release. +- Drop runc-rpmlintrc because we don't have runc-test anymore. + ------------------------------------------------------------------- Mon Dec 6 04:38:25 UTC 2021 - Aleksa Sarai diff --git a/runc.spec b/runc.spec index 3506213..29e82cc 100644 --- a/runc.spec +++ b/runc.spec @@ -18,24 +18,24 @@ # MANUAL: Make sure you update this each time you update runc. -%define git_version 4144b63817ebcc5b358fc2c8ef95f7cddd709aa7 +%define git_version 55df1fc4c8b048118cd30a17b50f96a15ab0f3ea +%define git_short 55df1fc4c8b0 # Package-wide golang version -%define go_version 1.16 +%define go_version 1.17 %define project github.com/opencontainers/runc Name: runc -Version: 1.0.3 -%define _version 1.0.3 +Version: 1.1.0~rc1 +%define _version 1.1.0-rc.1 Release: 0 Summary: Tool for spawning and running OCI containers License: Apache-2.0 Group: System/Management URL: https://github.com/opencontainers/runc -Source0: https://github.com/opencontainers/runc/releases/download/v%{_version}/runc.tar.xz#/runc-%{_version}.tar.xz -Source1: https://github.com/opencontainers/runc/releases/download/v%{_version}/runc.tar.xz.asc#/runc-%{_version}.tar.xz.asc +Source0: https://github.com/opencontainers/runc/releases/download/v%{_version}/runc.tar.xz#/runc-%{version}.tar.xz +Source1: https://github.com/opencontainers/runc/releases/download/v%{_version}/runc.tar.xz.asc#/runc-%{version}.tar.xz.asc Source2: runc.keyring -Source3: runc-rpmlintrc BuildRequires: fdupes BuildRequires: go-go-md2man # Due to a limitation in openSUSE's Go packaging we cannot have a BuildRequires @@ -56,6 +56,9 @@ Provides: docker-runc-kubic = %{version} Obsoletes: docker-runc = 0.1.1+gitr2819_50a19c6 Obsoletes: docker-runc_50a19c6 +# Construct "git describe --dirty --long --always". +%define git_describe v%{_version}-0-g%{git_short} + %description runc is a CLI tool for spawning and running containers according to the OCI specification. It is designed to be as minimal as possible, and is the workhorse @@ -67,7 +70,7 @@ and has grown to become a separate project entirely. %build # build runc -make BUILDTAGS="seccomp" COMMIT_NO="%{git_version}" runc +make BUILDTAGS="seccomp" COMMIT="%{git_describe}" runc # build man pages man/md2man-all.sh