From 89b8fedf172411f09184ca8a9d3c32df4e1cb0fe Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mar 29 2022 19:32:40 +0000 Subject: runc-2:1.1.1-1 - Bump to v1.1.1 - add hardening flags - remove unused packages - update license and bundled provides Signed-off-by: Lokesh Mandvekar --- diff --git a/.gitignore b/.gitignore index 4902055..ba3d7a5 100644 --- a/.gitignore +++ b/.gitignore @@ -356,3 +356,4 @@ /v1.0.3.tar.gz /v1.1.0-rc.1.tar.gz /v1.1.0.tar.gz +/v1.1.1.tar.gz diff --git a/runc.spec b/runc.spec index 8a2517f..c464e40 100644 --- a/runc.spec +++ b/runc.spec @@ -1,7 +1,3 @@ -%global with_devel 0 -%global with_bundled 1 -%global with_check 0 -%global with_unit_test 0 %if 0%{?fedora} %global with_debug 0 %else @@ -28,17 +24,16 @@ %global import_path %{provider_prefix} %global git0 https://github.com/opencontainers/runc -# Used for comparing with latest upstream tag -# to decide whether to autobuild -%global built_tag v1.1.0 +%global built_tag v1.1.1 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) +%global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"}) Name: %{repo} Epoch: 2 -Version: 1.1.0 -Release: 2%{?dist} +Version: %{gen_version} +Release: 1%{?dist} Summary: CLI for running Open Containers -License: ASL 2.0 +License: ASL 2.0 and BSD and MIT URL: %{git0} Source0: %{git0}/archive/%{built_tag}.tar.gz @@ -56,26 +51,24 @@ BuildRequires: go-md2man BuildRequires: make BuildRequires: git Provides: oci-runtime - -%if ! 0%{?with_bundled} -BuildRequires: golang(github.com/Sirupsen/logrus) -BuildRequires: golang(github.com/codegangsta/cli) -BuildRequires: golang(github.com/coreos/go-systemd/activation) -BuildRequires: golang(github.com/coreos/go-systemd/dbus) -BuildRequires: golang(github.com/coreos/go-systemd/util) -BuildRequires: golang(github.com/docker/docker/pkg/mount) -BuildRequires: golang(github.com/docker/docker/pkg/symlink) -BuildRequires: golang(github.com/docker/docker/pkg/term) -BuildRequires: golang(github.com/docker/go-units) -BuildRequires: golang(github.com/godbus/dbus) -BuildRequires: golang(github.com/golang/protobuf/proto) -BuildRequires: golang(github.com/opencontainers/runtime-spec/specs-go) -BuildRequires: golang(github.com/opencontainers/specs/specs-go) -BuildRequires: golang(github.com/seccomp/libseccomp-golang) -BuildRequires: golang(github.com/syndtr/gocapability/capability) -BuildRequires: golang(github.com/vishvananda/netlink) -BuildRequires: golang(github.com/vishvananda/netlink/nl) -%endif +# vendored libraries +# awk '{print "Provides: bundled(golang("$1")) = "$2}' go.mod | sort | uniq | sed -e 's/-/_/g' -e '/bundled(golang())/d' -e '/bundled(golang(go\|module\|replace\|require))/d' +Provides: bundled(golang(github.com/checkpoint_restore/go_criu/v5)) = v5.3.0 +Provides: bundled(golang(github.com/cilium/ebpf)) = v0.7.0 +Provides: bundled(golang(github.com/containerd/console)) = v1.0.3 +Provides: bundled(golang(github.com/coreos/go_systemd/v22)) = v22.3.2 +Provides: bundled(golang(github.com/cyphar/filepath_securejoin)) = v0.2.3 +Provides: bundled(golang(github.com/docker/go_units)) = v0.4.0 +Provides: bundled(golang(github.com/godbus/dbus/v5)) = v5.0.6 +Provides: bundled(golang(github.com/moby/sys/mountinfo)) = v0.5.0 +Provides: bundled(golang(github.com/mrunalp/fileutils)) = v0.5.0 +Provides: bundled(golang(github.com/opencontainers/runtime_spec)) = v1.0.3_0.20210326190908_1c3f411f0417 +Provides: bundled(golang(github.com/opencontainers/selinux)) = v1.10.0 +Provides: bundled(golang(github.com/seccomp/libseccomp_golang)) = v0.9.2_0.20210429002308_3879420cc921 +Provides: bundled(golang(github.com/sirupsen/logrus)) = v1.8.1 +Provides: bundled(golang(github.com/syndtr/gocapability)) = v0.0.0_20200815063812_42c35b437635 +Provides: bundled(golang(github.com/urfave/cli)) = v1.22.1 +Provides: bundled(golang(github.com/vishvananda/netlink)) = v1.1.0 %if 0%{?centos} >= 8 Recommends: container-selinux >= 2:2.85-1 %else @@ -95,99 +88,22 @@ The runc command can be used to start containers which are packaged in accordance with the Open Container Initiative's specifications, and to manage containers running under runc. -%if 0%{?with_devel} -%package devel -Summary: %{summary} -BuildArch: noarch - -%if 0%{?with_check} -BuildRequires: golang(github.com/Sirupsen/logrus) -BuildRequires: golang(github.com/coreos/go-systemd/dbus) -BuildRequires: golang(github.com/coreos/go-systemd/util) -BuildRequires: golang(github.com/docker/docker/pkg/mount) -BuildRequires: golang(github.com/docker/docker/pkg/symlink) -BuildRequires: golang(github.com/docker/go-units) -BuildRequires: golang(github.com/godbus/dbus) -BuildRequires: golang(github.com/golang/protobuf/proto) -BuildRequires: golang(github.com/opencontainers/runtime-spec/specs-go) -BuildRequires: golang(github.com/seccomp/libseccomp-golang) -BuildRequires: golang(github.com/syndtr/gocapability/capability) -BuildRequires: golang(github.com/vishvananda/netlink) -BuildRequires: golang(github.com/vishvananda/netlink/nl) -%endif - -Requires: golang(github.com/Sirupsen/logrus) -Requires: golang(github.com/coreos/go-systemd/dbus) -Requires: golang(github.com/coreos/go-systemd/util) -Requires: golang(github.com/docker/docker/pkg/mount) -Requires: golang(github.com/docker/docker/pkg/symlink) -Requires: golang(github.com/docker/go-units) -Requires: golang(github.com/godbus/dbus) -Requires: golang(github.com/golang/protobuf/proto) -Requires: golang(github.com/opencontainers/runtime-spec/specs-go) -Requires: golang(github.com/seccomp/libseccomp-golang) -Requires: golang(github.com/syndtr/gocapability/capability) -Requires: golang(github.com/vishvananda/netlink) -Requires: golang(github.com/vishvananda/netlink/nl) - -Provides: golang(%{import_path}/libcontainer) = %{version}-%{release} -Provides: golang(%{import_path}/libcontainer/apparmor) = %{version}-%{release} -Provides: golang(%{import_path}/libcontainer/cgroups) = %{version}-%{release} -Provides: golang(%{import_path}/libcontainer/cgroups/fs) = %{version}-%{release} -Provides: golang(%{import_path}/libcontainer/cgroups/systemd) = %{version}-%{release} -Provides: golang(%{import_path}/libcontainer/configs) = %{version}-%{release} -Provides: golang(%{import_path}/libcontainer/configs/validate) = %{version}-%{release} -Provides: golang(%{import_path}/libcontainer/criurpc) = %{version}-%{release} -Provides: golang(%{import_path}/libcontainer/devices) = %{version}-%{release} -Provides: golang(%{import_path}/libcontainer/integration) = %{version}-%{release} -Provides: golang(%{import_path}/libcontainer/keys) = %{version}-%{release} -Provides: golang(%{import_path}/libcontainer/nsenter) = %{version}-%{release} -Provides: golang(%{import_path}/libcontainer/seccomp) = %{version}-%{release} -Provides: golang(%{import_path}/libcontainer/specconv) = %{version}-%{release} -Provides: golang(%{import_path}/libcontainer/stacktrace) = %{version}-%{release} -Provides: golang(%{import_path}/libcontainer/system) = %{version}-%{release} -Provides: golang(%{import_path}/libcontainer/user) = %{version}-%{release} -Provides: golang(%{import_path}/libcontainer/utils) = %{version}-%{release} -Provides: golang(%{import_path}/libcontainer/xattr) = %{version}-%{release} - -%description devel -The runc command can be used to start containers which are packaged -in accordance with the Open Container Initiative's specifications, -and to manage containers running under runc. - -This package contains library source intended for -building other packages which use import path with -%{import_path} prefix. -%endif - -%if 0%{?with_unit_test} && 0%{?with_devel} -%package unit-test -Summary: Unit tests for %{name} package -# If go_compiler is not set to 1, there is no virtual provide. Use golang instead. -BuildRequires: %{?go_compiler:compiler(go-compiler)}%{!?go_compiler:golang} - -%if 0%{?with_check} -#Here comes all BuildRequires: PACKAGE the unit tests -#in %%check section need for running -%endif - -# test subpackage tests code from devel subpackage -Requires: %{name}-devel = %{epoch}:%{version}-%{release} - -%description unit-test -The runc command can be used to start containers which are packaged -in accordance with the Open Container Initiative's specifications, -and to manage containers running under runc. - -This package contains unit tests for project -providing packages with %{import_path} prefix. -%endif - %prep %autosetup -Sgit -n %{name}-%{built_tag_strip} sed -i 's/ -trimpath//g' Makefile %build +%set_build_flags +export CGO_CFLAGS=$CFLAGS +# These extra flags present in $CFLAGS have been skipped for now as they break the build +CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-flto=auto//g') +CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-Wp,D_GLIBCXX_ASSERTIONS//g') +CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-specs=\/usr\/lib\/rpm\/redhat\/redhat-annobin-cc1//g') + +%ifarch x86_64 +export CGO_CFLAGS+=" -m64 -mtune=generic -fcf-protection=full" +%endif + mkdir -p GOPATH pushd GOPATH mkdir -p src/%{provider}.%{provider_tld}/%{project} @@ -215,74 +131,6 @@ install -p -m 0644 man/man8/*.8 %{buildroot}%{_mandir}/man8/. install -d -p %{buildroot}%{_datadir}/bash-completion/completions install -p -m 0644 contrib/completions/bash/%{name} %{buildroot}%{_datadir}/bash-completion/completions -# source codes for building projects -%if 0%{?with_devel} -install -d -p %{buildroot}/%{gopath}/src/%{import_path}/ -# find all *.go but no *_test.go files and generate devel.file-list -for file in $(find . -iname "*.go" \! -iname "*_test.go" | grep -v "^./Godeps") ; do - echo "%%dir %%{gopath}/src/%%{import_path}/$(dirname $file)" >> devel.file-list - install -d -p %{buildroot}/%{gopath}/src/%{import_path}/$(dirname $file) - cp -pav $file %{buildroot}/%{gopath}/src/%{import_path}/$file - echo "%%{gopath}/src/%%{import_path}/$file" >> devel.file-list -done -for file in $(find . -iname "*.proto" | grep -v "^./Godeps") ; do - echo "%%dir %%{gopath}/src/%%{import_path}/$(dirname $file)" >> devel.file-list - install -d -p %{buildroot}/%{gopath}/src/%{import_path}/$(dirname $file) - cp -pav $file %{buildroot}/%{gopath}/src/%{import_path}/$file - echo "%%{gopath}/src/%%{import_path}/$file" >> devel.file-list -done -%endif - -# testing files for this project -%if 0%{?with_unit_test} && 0%{?with_devel} -install -d -p %{buildroot}/%{gopath}/src/%{import_path}/ -# find all *_test.go files and generate unit-test.file-list -for file in $(find . -iname "*_test.go" | grep -v "^./Godeps"); do - echo "%%dir %%{gopath}/src/%%{import_path}/$(dirname $file)" >> devel.file-list - install -d -p %{buildroot}/%{gopath}/src/%{import_path}/$(dirname $file) - cp -pav $file %{buildroot}/%{gopath}/src/%{import_path}/$file - echo "%%{gopath}/src/%%{import_path}/$file" >> unit-test.file-list -done -%endif - -%if 0%{?with_devel} -sort -u -o devel.file-list devel.file-list -%endif - -%check -%if 0%{?with_check} && 0%{?with_unit_test} && 0%{?with_devel} -%if ! 0%{?with_bundled} -export GOPATH=%{buildroot}/%{gopath}:%{gopath} -%else -export GOPATH=%{buildroot}/%{gopath}:$(pwd)/Godeps/_workspace:%{gopath} -%endif - -%if ! 0%{?gotest:1} -%global gotest go test -%endif - -# FAIL: TestFactoryNewTmpfs (0.00s), factory_linux_test.go:59: operation not permitted -#%%gotest %%{import_path}/libcontainer -#%%gotest %%{import_path}/libcontainer/cgroups -# --- FAIL: TestInvalidCgroupPath (0.00s) -# apply_raw_test.go:16: couldn't get cgroup root: mountpoint for cgroup not found -# apply_raw_test.go:25: couldn't get cgroup data: mountpoint for cgroup not found -#%%gotest %%{import_path}/libcontainer/cgroups/fs -#%%gotest %%{import_path}/libcontainer/configs -#%%gotest %%{import_path}/libcontainer/devices -# undefined reference to `nsexec' -#%%gotest %%{import_path}/libcontainer/integration -# Unable to create tstEth link: operation not permitted -#%%gotest %%{import_path}/libcontainer/netlink -# undefined reference to `nsexec' -#%%gotest %%{import_path}/libcontainer/nsenter -#%%gotest %%{import_path}/libcontainer/stacktrace -#constant 2147483648 overflows int -#%%gotest %%{import_path}/libcontainer/user -#%%gotest %%{import_path}/libcontainer/utils -#%%gotest %%{import_path}/libcontainer/xattr -%endif - #define license tag if not already defined %{!?_licensedir:%global license %doc} @@ -293,21 +141,13 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/Godeps/_workspace:%{gopath} %{_mandir}/man8/%{name}* %{_datadir}/bash-completion/completions/%{name} -%if 0%{?with_devel} -%files devel -f devel.file-list -%license LICENSE -%doc MAINTAINERS_GUIDE.md PRINCIPLES.md README.md CONTRIBUTING.md -%dir %{gopath}/src/%{provider}.%{provider_tld}/%{project} -%dir %{gopath}/src/%{import_path} -%endif - -%if 0%{?with_unit_test} && 0%{?with_devel} -%files unit-test -f unit-test.file-list -%license LICENSE -%doc MAINTAINERS_GUIDE.md PRINCIPLES.md README.md CONTRIBUTING.md -%endif - %changelog +* Tue Mar 29 2022 Lokesh Mandvekar - 2:1.1.1-1 +- Bump to v1.1.1 +- add hardening flags +- remove unused packages +- update license and bundled provides + * Fri Jan 21 2022 Fedora Release Engineering - 2:1.1.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild diff --git a/sources b/sources index ace1250..cde310f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v1.1.0.tar.gz) = 542ea87c488fd120f2b77e53e2c197f09cd504fbe55dbe47008aaa5b0565aa300fc49f8cadc24ead796e45a4e95a30dfb08bfeefa58dc370145a218fd2869e41 +SHA512 (v1.1.1.tar.gz) = baf622e7edae9b68d2fa255f02359d770489c7578be3c6379a5d939b4f1dfa697ec9eb4ef7dce252e64ee5225f76c06e45182a9b92b68a952e21e3f5f91450d0