Accepting request 940369 from Virtualization:containers

OBS-URL: https://build.opensuse.org/request/show/940369
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/runc?expand=0&rev=43

runc-1.0.3.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e9297b338f3b382cc3a40d4c4a3bfbe8ff8db9761028691a67ea68e612d21ab6
-size 1415820

runc-1.0.3.tar.xz.asc

@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQJDBAABCAAtFiEEXzbGxhtUYBJKdfWmnhiqJn3bjbQFAmGtjaEPHGFzYXJhaUBz
-dXNlLmRlAAoJEJ4YqiZ92420Wv8QALHxw0muAoTPwFNkh3KLbGtiCiniFEJsaWCq
-+abTJKOURbRzM2GuTu78cu305PC7KJcy33jgUK7g9AeuJkGj08OqqqIZeQNHThIq
-LQfZOBKjX6PoXSFGSAQzwEehp+Nx8zc09e4u6yspr3GqKgxAlag0aq+qgiwvay/I
-7sfFu54ooEw2zom+EHfYOOuMpmRSP38zw77USpqR6OUQQAm/UX1fGJdEi15qqS2U
-31oUiSRkxwttvJTxXXpcGf71oB8iBLfM4BhFCkHLX0+uQUFh22Nmr8D4d8JE3ur+
-xOJRXfF28o8lNV/ixQ+8c2YvxObF2hqine5ScZ1g8D0/d3oLZDKxuWb7lvSxXnRy
-Ij1Jkw6Lg8RMjvPjjGn+P+l4N74fnPB1oUQIkpBg5YEufUph9NMiURdcbr28w4Is
-alV37DgQno+QxGCou4os7XFlapeLUkc44FN3FNIlCUMew69X8e+QnBo3X4nkm1cl
-rDr+HjmjgZi1vyry/klVfaYy8g8hMmplU0TKRI4wAwElNW0qQZZIvuh+EbLxbVfE
-1Xi1xZM4P2P9vpIYsem9fBQtHexV9j9NnBoZQnF874rUgLFadYHg84IK1lmiEcTr
-0JNUU1l+dLTXGzt9qpOFnVSzQy7fECagEXNLPWBOQzL0esdvZpu+dx3aosKyKDNv
-eJJjGgZy
-=jAoe
------END PGP SIGNATURE-----

runc-1.1.0~rc1.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b4e1cd313a7b72fd79f922de7126060d4a3dbd0f1039f0d129cd1b6f66e2e762
+size 1411376

runc-1.1.0~rc1.tar.xz.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJDBAABCAAtFiEEXzbGxhtUYBJKdfWmnhiqJn3bjbQFAmG4EMgPHGFzYXJhaUBz
+dXNlLmRlAAoJEJ4YqiZ92420wrsP/R6kQcEZgvTt9ArztN6KVI+sB0nikg5NHKQH
+vs9/ETwph0Ur2AdCyjXaV/88Cvr5UB4QaSxyz2xEzXSdc2K7tUkn8VrR2mYzviR7
+4sM8cgGRDcHECTwPXJ1STJhSWbSUCIUqhS+u83RmUsoxUWpdm5fah5AzgN6V8qkD
+gflRUz22kmmoDhnAPvdEtoq6KKL8Kcd/GYXCtmeND1FspYe7eTBeLRiHP+8fEh3U
+keE+J2/mKnJFqL3K9TztTks/nLiiFsfWvfiloRed6FS+T0a85ITxJm+Lc7TBIKAP
+krcb9Vg0V76GCkel+BTtbXdIXZEpT4zkqGALb457yD0f6gtSGarKRdHOPQCUYCWV
+RiiihAKFX0ab9BrITLedj8K2QcwrE/m3KS5TRCYUkBrsR0LEfAEvLcO0Y/FGzjIw
+zg93yWXFLlqPKZsdLjpxOwBHJlTSt45DcdAFjV7itQHnm7i6aXaCpFrJUB0cX+oz
+BmgDFPNFw6cV4FcWioZGww66XzySus7Hxq2oE9sehAuybFUA2cETZ6TnsPRfFIEz
+tV9rnzOjumafgBUml5ZcHVT0G85hgb5X0M7UzEHI97hrwfK1zjLXrvlqqq0Ct0Ch
+ZsVGGGO6+rum97DjhgH5gSKd24nhDHC0r6WurF4i97/du5lfINEeoGaLp9TqH03s
+5cKlVYVv
+=orVI
+-----END PGP SIGNATURE-----

runc-rpmlintrc

@@ -1,2 +0,0 @@
-# -test is something that is used internally and isn't actually shipped -- it's a pseudo-source package.
-addFilter ("^runc(-kubic)?-test.*")

runc.changes

@@ -1,3 +1,62 @@
+-------------------------------------------------------------------
+Tue Dec 14 05:04:21 UTC 2021 - Aleksa Sarai <asarai@suse.com>
+
+- Update to runc v1.1.0~rc1. Upstream changelog is available from
+  https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1.
+
+  + Add support for RDMA cgroup added in Linux 4.11.
+  * runc exec now produces exit code of 255 when the exec failed.
+    This may help in distinguishing between runc exec failures
+    (such as invalid options, non-running container or non-existent
+    binary etc.) and failures of the command being executed.
+  + runc run: new --keep option to skip removal exited containers artefacts.
+    This might be useful to check the state (e.g. of cgroup controllers) after
+    the container hasexited.
+  + seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD
+    (the latter is just an alias for SCMP_ACT_KILL).
+  + seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows
+    users to create sophisticated seccomp filters where syscalls can be
+    efficiently emulated by privileged processes on the host.
+  + checkpoint/restore: add an option (--lsm-mount-context) to set
+    a different LSM mount context on restore.
+  + intelrdt: support ClosID parameter.
+  + runc exec --cgroup: an option to specify a (non-top) in-container cgroup
+    to use for the process being executed.
+  + cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1
+    machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc
+    run/exec now adds the container to the appropriate cgroup under it).
+  + sysctl: allow slashes in sysctl names, to better match sysctl(8)'s
+    behaviour.
+  + mounts: add support for bind-mounts which are inaccessible after switching
+    the user namespace. Note that this does not permit the container any
+    additional access to the host filesystem, it simply allows containers to
+    have bind-mounts configured for paths the user can access but have
+    restrictive access control settings for other users.
+  + Add support for recursive mount attributes using mount_setattr(2). These
+    have the same names as the proposed mount(8) options -- just prepend r
+    to the option name (such as rro).
+  + Add runc features subcommand to allow runc users to detect what features
+    runc has been built with. This includes critical information such as
+    supported mount flags, hook names, and so on. Note that the output of this
+    command is subject to change and will not be considered stable until runc
+    1.2 at the earliest. The runtime-spec specification for this feature is
+    being developed in opencontainers/runtime-spec#1130.
+  * system: improve performance of /proc/$pid/stat parsing.
+  * cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change
+    the ownership of certain cgroup control files (as per
+    /sys/kernel/cgroup/delegate) to allow for proper deferral to the container
+    process.
+  * runc checkpoint/restore: fixed for containers with an external bind mount
+    which destination is a symlink.
+  * cgroup: improve openat2 handling for cgroup directory handle hardening.
+    runc delete -f now succeeds (rather than timing out) on a paused
+    container.
+  * runc run/start/exec now refuses a frozen cgroup (paused container in case of
+    exec). Users can disable this using --ignore-paused.
+- Update version data embedded in binary to correctly include the git commit of
+  the release.
+- Drop runc-rpmlintrc because we don't have runc-test anymore.
+
 -------------------------------------------------------------------
 Mon Dec  6 04:38:25 UTC 2021 - Aleksa Sarai <asarai@suse.com>
 

runc.spec

@@ -18,24 +18,24 @@
 
 
 # MANUAL: Make sure you update this each time you update runc.
-%define git_version 4144b63817ebcc5b358fc2c8ef95f7cddd709aa7
+%define git_version 55df1fc4c8b048118cd30a17b50f96a15ab0f3ea
+%define git_short   55df1fc4c8b0
 
 # Package-wide golang version
-%define go_version 1.16
+%define go_version 1.17
 %define project github.com/opencontainers/runc
 
 Name:           runc
-Version:        1.0.3
+Version:        1.1.0~rc1
-%define _version 1.0.3
+%define _version 1.1.0-rc.1
 Release:        0
 Summary:        Tool for spawning and running OCI containers
 License:        Apache-2.0
 Group:          System/Management
 URL:            https://github.com/opencontainers/runc
-Source0:        https://github.com/opencontainers/runc/releases/download/v%{_version}/runc.tar.xz#/runc-%{_version}.tar.xz
+Source0:        https://github.com/opencontainers/runc/releases/download/v%{_version}/runc.tar.xz#/runc-%{version}.tar.xz
-Source1:        https://github.com/opencontainers/runc/releases/download/v%{_version}/runc.tar.xz.asc#/runc-%{_version}.tar.xz.asc
+Source1:        https://github.com/opencontainers/runc/releases/download/v%{_version}/runc.tar.xz.asc#/runc-%{version}.tar.xz.asc
 Source2:        runc.keyring
-Source3:        runc-rpmlintrc
 BuildRequires:  fdupes
 BuildRequires:  go-go-md2man
 # Due to a limitation in openSUSE's Go packaging we cannot have a BuildRequires
@@ -56,6 +56,9 @@ Provides:       docker-runc-kubic = %{version}
 Obsoletes:      docker-runc = 0.1.1+gitr2819_50a19c6
 Obsoletes:      docker-runc_50a19c6
 
+# Construct "git describe --dirty --long --always".
+%define git_describe v%{_version}-0-g%{git_short}
+
 %description
 runc is a CLI tool for spawning and running containers according to the OCI
 specification. It is designed to be as minimal as possible, and is the workhorse
@@ -67,7 +70,7 @@ and has grown to become a separate project entirely.
 
 %build
 # build runc
-make BUILDTAGS="seccomp" COMMIT_NO="%{git_version}" runc
+make BUILDTAGS="seccomp" COMMIT="%{git_describe}" runc
 # build man pages
 man/md2man-all.sh