From b41658e2dfc01c7e6cbad93de7d7eb7bdb6c84dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=90=D0=BB=D0=B5=D0=BA=D1=81=D0=B0=D0=BD=D0=B4=D1=80?= Date: Wed, 18 Mar 2020 06:03:01 +0000 Subject: [PATCH 1/7] update version 1.0.0-rc10 --- runc.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/runc.spec b/runc.spec index a28493f..0aa60ca 100644 --- a/runc.spec +++ b/runc.spec @@ -3,7 +3,7 @@ %define import_path github.com/opencontainers/runc %define commit0 d736ef14f0288d6993a1845745d6756cfc9ddd5a %define shortcommit0 %(c=%{commit0}; echo ${c:0:7}) -%define pre rc9 +%define pre rc10 Summary: CLI for running Open Containers Name: runc From 0660359ab4685857b564da640b9f8a945c77e9f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=90=D0=BB=D0=B5=D0=BA=D1=81=D0=B0=D0=BD=D0=B4=D1=80?= Date: Wed, 18 Mar 2020 06:04:20 +0000 Subject: [PATCH 2/7] Updat version 1.0.0-rc10 --- .abf.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.abf.yml b/.abf.yml index 1d1a0bd..780e4c0 100644 --- a/.abf.yml +++ b/.abf.yml @@ -1,2 +1,2 @@ sources: - runc-d736ef1.tar.gz: 812dbd873389db38f03438166784aee998146d30 + runc-1.0.0-rc10.tar.gz: 5adc714492dd7ba32ec8e3a6c9bb0148329afc6b From 66aabd4d24b073c35f719550758f3856f2a75761 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=90=D0=BB=D0=B5=D0=BA=D1=81=D0=B0=D0=BD=D0=B4=D1=80?= Date: Wed, 18 Mar 2020 06:24:34 +0000 Subject: [PATCH 3/7] update version --- runc.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/runc.spec b/runc.spec index 0aa60ca..d1afeed 100644 --- a/runc.spec +++ b/runc.spec @@ -13,7 +13,7 @@ Epoch: 1 License: ASL 2.0 Group: System/Kernel and hardware Url: https://github.com/opencontainers/runc -Source0: https://github.com/opencontainers/runc/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz +Source0: https://github.com/opencontainers/runc/archive/%{name}-%{shortcommit0}.tar.gz Patch0: 1807.patch BuildRequires: go-md2man From 45f509710dab32b23d9f1795f5042c5caa204bc8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=90=D0=BB=D0=B5=D0=BA=D1=81=D0=B0=D0=BD=D0=B4=D1=80?= Date: Wed, 18 Mar 2020 06:33:34 +0000 Subject: [PATCH 4/7] fix source name --- runc.spec | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/runc.spec b/runc.spec index d1afeed..5c2817b 100644 --- a/runc.spec +++ b/runc.spec @@ -1,8 +1,5 @@ %define debug_package %{nil} - %define import_path github.com/opencontainers/runc -%define commit0 d736ef14f0288d6993a1845745d6756cfc9ddd5a -%define shortcommit0 %(c=%{commit0}; echo ${c:0:7}) %define pre rc10 Summary: CLI for running Open Containers @@ -13,7 +10,7 @@ Epoch: 1 License: ASL 2.0 Group: System/Kernel and hardware Url: https://github.com/opencontainers/runc -Source0: https://github.com/opencontainers/runc/archive/%{name}-%{shortcommit0}.tar.gz +Source0: https://github.com/opencontainers/runc/archive/%{name}-%{version}-%{pre}.tar.gz Patch0: 1807.patch BuildRequires: go-md2man From e21d1859c1430f5fba07778b47921636b8a3cc84 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=90=D0=BB=D0=B5=D0=BA=D1=81=D0=B0=D0=BD=D0=B4=D1=80?= Date: Tue, 24 Mar 2020 23:37:18 +0000 Subject: [PATCH 5/7] fix name of directory for unpack --- runc.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/runc.spec b/runc.spec index 5c2817b..2317f8c 100644 --- a/runc.spec +++ b/runc.spec @@ -44,7 +44,7 @@ and to manage containers running under runc. #---------------------------------------------------------------- %prep -%setup -qn %{name}-%{commit0} +%setup -qn %{name}-%{version}-%{pre} %patch0 -p1 %build From 0e02dfc782cd24be0de1523e17c3ace327747a60 Mon Sep 17 00:00:00 2001 From: "survolog (Andrey Grigorev)" Date: Tue, 31 Aug 2021 16:49:47 +0300 Subject: [PATCH 6/7] Update to 1.0.2 --- .abf.yml | 2 +- 1807.patch | 275 ----------------------------------------------------- runc.spec | 20 ++-- 3 files changed, 9 insertions(+), 288 deletions(-) delete mode 100644 1807.patch diff --git a/.abf.yml b/.abf.yml index 780e4c0..2d7d8e2 100644 --- a/.abf.yml +++ b/.abf.yml @@ -1,2 +1,2 @@ sources: - runc-1.0.0-rc10.tar.gz: 5adc714492dd7ba32ec8e3a6c9bb0148329afc6b + runc-1.0.2.tar.gz: 3a0bb2a9506981b5a2204fb1591afc827ecaeb45 diff --git a/1807.patch b/1807.patch deleted file mode 100644 index 69dc019..0000000 --- a/1807.patch +++ /dev/null @@ -1,275 +0,0 @@ -From a52f7bfdea91550eee25ee5af1efed4bf1def869 Mon Sep 17 00:00:00 2001 -From: Giuseppe Scrivano -Date: Fri, 25 May 2018 18:04:06 +0200 -Subject: [PATCH] sd-notify: do not hang when NOTIFY_SOCKET is used with create - -if NOTIFY_SOCKET is used, do not block the main runc process waiting -for events on the notify socket. Bind mount the parent directory of -the notify socket, so that "start" can create the socket and it is -still accessible from the container. - -Signed-off-by: Giuseppe Scrivano ---- - notify_socket.go | 113 ++++++++++++++++++++++++++++++++++------------- - signals.go | 4 +- - start.go | 13 +++++- - utils_linux.go | 12 ++++- - 4 files changed, 106 insertions(+), 36 deletions(-) - -diff --git a/notify_socket.go b/notify_socket.go -index b890b5b1c..286ce1ddd 100644 ---- a/notify_socket.go -+++ b/notify_socket.go -@@ -7,11 +7,14 @@ - "fmt" - "net" - "os" -+ "path" - "path/filepath" -+ "strconv" -+ "time" - -+ "github.com/opencontainers/runc/libcontainer" - "github.com/opencontainers/runtime-spec/specs-go" - -- "github.com/sirupsen/logrus" - "github.com/urfave/cli" - ) - -@@ -26,12 +29,12 @@ func newNotifySocket(context *cli.Context, notifySocketHost string, id string) * - } - - root := filepath.Join(context.GlobalString("root"), id) -- path := filepath.Join(root, "notify.sock") -+ socketPath := filepath.Join(root, "notify", "notify.sock") - - notifySocket := ¬ifySocket{ - socket: nil, - host: notifySocketHost, -- socketPath: path, -+ socketPath: socketPath, - } - - return notifySocket -@@ -43,13 +46,19 @@ func (s *notifySocket) Close() error { - - // If systemd is supporting sd_notify protocol, this function will add support - // for sd_notify protocol from within the container. --func (s *notifySocket) setupSpec(context *cli.Context, spec *specs.Spec) { -- mount := specs.Mount{Destination: s.host, Source: s.socketPath, Options: []string{"bind"}} -+func (s *notifySocket) setupSpec(context *cli.Context, spec *specs.Spec) error { -+ pathInContainer := filepath.Join("/run/notify", path.Base(s.socketPath)) -+ mount := specs.Mount{ -+ Destination: path.Dir(pathInContainer), -+ Source: path.Dir(s.socketPath), -+ Options: []string{"bind", "nosuid", "noexec", "nodev", "ro"}, -+ } - spec.Mounts = append(spec.Mounts, mount) -- spec.Process.Env = append(spec.Process.Env, fmt.Sprintf("NOTIFY_SOCKET=%s", s.host)) -+ spec.Process.Env = append(spec.Process.Env, fmt.Sprintf("NOTIFY_SOCKET=%s", pathInContainer)) -+ return nil - } - --func (s *notifySocket) setupSocket() error { -+func (s *notifySocket) bindSocket() error { - addr := net.UnixAddr{ - Name: s.socketPath, - Net: "unixgram", -@@ -64,45 +73,89 @@ func (s *notifySocket) setupSocket() error { - return nil - } - --// pid1 must be set only with -d, as it is used to set the new process as the main process --// for the service in systemd --func (s *notifySocket) run(pid1 int) { -- buf := make([]byte, 512) -- notifySocketHostAddr := net.UnixAddr{Name: s.host, Net: "unixgram"} -+func (s *notifySocket) setupSocketDirectory() error { -+ return os.Mkdir(path.Dir(s.socketPath), 0755) -+} -+ -+func notifySocketStart(context *cli.Context, notifySocketHost, id string) (*notifySocket, error) { -+ notifySocket := newNotifySocket(context, notifySocketHost, id) -+ if notifySocket == nil { -+ return nil, nil -+ } -+ -+ if err := notifySocket.bindSocket(); err != nil { -+ return nil, err -+ } -+ return notifySocket, nil -+} -+ -+func (n *notifySocket) waitForContainer(container libcontainer.Container) error { -+ s, err := container.State() -+ if err != nil { -+ return err -+ } -+ return n.run(s.InitProcessPid) -+} -+ -+func (n *notifySocket) run(pid1 int) error { -+ if n.socket == nil { -+ return nil -+ } -+ notifySocketHostAddr := net.UnixAddr{Name: n.host, Net: "unixgram"} - client, err := net.DialUnix("unixgram", nil, ¬ifySocketHostAddr) - if err != nil { -- logrus.Error(err) -- return -+ return err - } -- for { -- r, err := s.socket.Read(buf) -- if err != nil { -- break -+ -+ ticker := time.NewTicker(time.Millisecond * 100) -+ defer ticker.Stop() -+ -+ fileChan := make(chan []byte) -+ go func() { -+ for { -+ buf := make([]byte, 512) -+ r, err := n.socket.Read(buf) -+ if err != nil { -+ return -+ } -+ got := buf[0:r] -+ if !bytes.HasPrefix(got, []byte("READY=")) { -+ continue -+ } -+ fileChan <- got -+ return - } -- var out bytes.Buffer -- for _, line := range bytes.Split(buf[0:r], []byte{'\n'}) { -- if bytes.HasPrefix(line, []byte("READY=")) { -+ }() -+ -+ for { -+ select { -+ case <-ticker.C: -+ _, err := os.Stat(filepath.Join("/proc", strconv.Itoa(pid1))) -+ if err != nil { -+ return nil -+ } -+ case b := <-fileChan: -+ for _, line := range bytes.Split(b, []byte{'\n'}) { -+ var out bytes.Buffer - _, err = out.Write(line) - if err != nil { -- return -+ return err - } - - _, err = out.Write([]byte{'\n'}) - if err != nil { -- return -+ return err - } - - _, err = client.Write(out.Bytes()) - if err != nil { -- return -+ return err - } - - // now we can inform systemd to use pid1 as the pid to monitor -- if pid1 > 0 { -- newPid := fmt.Sprintf("MAINPID=%d\n", pid1) -- client.Write([]byte(newPid)) -- } -- return -+ newPid := fmt.Sprintf("MAINPID=%d\n", pid1) -+ client.Write([]byte(newPid)) -+ return nil - } - } - } -diff --git a/signals.go b/signals.go -index b67f65a03..dd25e094c 100644 ---- a/signals.go -+++ b/signals.go -@@ -70,6 +70,7 @@ func (h *signalHandler) forward(process *libcontainer.Process, tty *tty, detach - h.notifySocket.run(pid1) - return 0, nil - } -+ h.notifySocket.run(os.Getpid()) - go h.notifySocket.run(0) - } - -@@ -97,9 +98,6 @@ func (h *signalHandler) forward(process *libcontainer.Process, tty *tty, detach - // status because we must ensure that any of the go specific process - // fun such as flushing pipes are complete before we return. - process.Wait() -- if h.notifySocket != nil { -- h.notifySocket.Close() -- } - return e.status, nil - } - } -diff --git a/start.go b/start.go -index 2bb698b20..3a1769a43 100644 ---- a/start.go -+++ b/start.go -@@ -3,6 +3,7 @@ package main - import ( - "errors" - "fmt" -+ "os" - - "github.com/opencontainers/runc/libcontainer" - "github.com/urfave/cli" -@@ -31,7 +32,17 @@ your host.`, - } - switch status { - case libcontainer.Created: -- return container.Exec() -+ notifySocket, err := notifySocketStart(context, os.Getenv("NOTIFY_SOCKET"), container.ID()) -+ if err != nil { -+ return err -+ } -+ if err := container.Exec(); err != nil { -+ return err -+ } -+ if notifySocket != nil { -+ return notifySocket.waitForContainer(container) -+ } -+ return nil - case libcontainer.Stopped: - return errors.New("cannot start a container that has stopped") - case libcontainer.Running: -diff --git a/utils_linux.go b/utils_linux.go -index a37b1c3df..4921bd94b 100644 ---- a/utils_linux.go -+++ b/utils_linux.go -@@ -401,7 +401,9 @@ func startContainer(context *cli.Context, spec *specs.Spec, action CtAct, criuOp - - notifySocket := newNotifySocket(context, os.Getenv("NOTIFY_SOCKET"), id) - if notifySocket != nil { -- notifySocket.setupSpec(context, spec) -+ if err := notifySocket.setupSpec(context, spec); err != nil { -+ return -1, err -+ } - } - - container, err := createContainer(context, id, spec) -@@ -410,10 +412,16 @@ func startContainer(context *cli.Context, spec *specs.Spec, action CtAct, criuOp - } - - if notifySocket != nil { -- err := notifySocket.setupSocket() -+ err := notifySocket.setupSocketDirectory() - if err != nil { - return -1, err - } -+ if action == CT_ACT_RUN { -+ err := notifySocket.bindSocket() -+ if err != nil { -+ return -1, err -+ } -+ } - } - - // Support on-demand socket activation by passing file descriptors into the container init process. diff --git a/runc.spec b/runc.spec index 2317f8c..e3ea6b3 100644 --- a/runc.spec +++ b/runc.spec @@ -1,18 +1,15 @@ %define debug_package %{nil} %define import_path github.com/opencontainers/runc -%define pre rc10 Summary: CLI for running Open Containers Name: runc -Version: 1.0.0 -Release: 0.%{pre}.1 +Version: 1.0.2 +Release: 1 Epoch: 1 License: ASL 2.0 Group: System/Kernel and hardware Url: https://github.com/opencontainers/runc -Source0: https://github.com/opencontainers/runc/archive/%{name}-%{version}-%{pre}.tar.gz -Patch0: 1807.patch - +Source0: https://github.com/opencontainers/runc/archive/refs/tags/v%{version}.tar.gz?/%{name}-%{version}.tar.gz BuildRequires: go-md2man BuildRequires: golang BuildRequires: git @@ -21,12 +18,12 @@ BuildRequires: pkgconfig(libseccomp) # need xz to work with ubuntu images # https://bugzilla.redhat.com/show_bug.cgi?id=1045220 -Requires: xz +Requires: xz # https://bugzilla.redhat.com/show_bug.cgi?id=1034919 # No longer needed in Fedora because of libcontainer -Requires: libcgroup -Requires: e2fsprogs -Requires: iptables +Requires: libcgroup +Requires: e2fsprogs +Requires: iptables %rename opencontainers-runc @@ -44,8 +41,7 @@ and to manage containers running under runc. #---------------------------------------------------------------- %prep -%setup -qn %{name}-%{version}-%{pre} -%patch0 -p1 +%setup -q %build mkdir -p GOPATH From 28c7ac69654f7ebc83c35d6d92e4baf8686eea91 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=90=D0=BB=D0=B5=D0=BA=D1=81=D0=B0=D0=BD=D0=B4=D1=80?= Date: Wed, 1 Dec 2021 05:02:32 +0000 Subject: [PATCH 7/7] fix requires --- runc.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/runc.spec b/runc.spec index e3ea6b3..9229fd1 100644 --- a/runc.spec +++ b/runc.spec @@ -4,7 +4,7 @@ Summary: CLI for running Open Containers Name: runc Version: 1.0.2 -Release: 1 +Release: 2 Epoch: 1 License: ASL 2.0 Group: System/Kernel and hardware @@ -21,7 +21,7 @@ BuildRequires: pkgconfig(libseccomp) Requires: xz # https://bugzilla.redhat.com/show_bug.cgi?id=1034919 # No longer needed in Fedora because of libcontainer -Requires: libcgroup +Requires: libcgroup-tools Requires: e2fsprogs Requires: iptables