diff options
| author |   Robert Günzler <r@gnzler.io> | 2023-09-27 10:03:50 +0200 |
|---|---|---|
| committer |   Joonas Niilola <juippis@gentoo.org> | 2023-11-10 08:59:07 +0200 |
| commit | 2ff5570821ad205d93e042152ceb972e68494f40 (patch) | |
| tree | 7610a88892b58ee99ff7e6230bac5f8ba402d17d /app-containers | |
| parent | net-misc/drive: treeclean (diff) | |
| download | gentoo-2ff5570821ad205d93e042152ceb972e68494f40.tar.gz gentoo-2ff5570821ad205d93e042152ceb972e68494f40.tar.bz2 gentoo-2ff5570821ad205d93e042152ceb972e68494f40.zip | |
app-containers/crun: bump to 1.11.2
also brings back some basic tests for libocispec & crun, that can run
under sandbox and at the very least can serve as some sanity checking
before pushing a version bump
adds an upstreamed patch to fix builds with USE=-caps
Signed-off-by: Robert Günzler <r@gnzler.io>
Closes: https://github.com/gentoo/gentoo/pull/33086
Signed-off-by: Joonas Niilola <juippis@gentoo.org>
Diffstat (limited to 'app-containers')
| -rw-r--r-- | app-containers/crun/Manifest | 1 | ||||
| -rw-r--r-- | app-containers/crun/crun-1.11.2.ebuild | 75 | ||||
| -rw-r--r-- | app-containers/crun/files/crun-1.11.2-caps.patch | 32 |
3 files changed, 108 insertions, 0 deletions
diff --git a/app-containers/crun/Manifest b/app-containers/crun/Manifest index 0ded84c3c024..802f2a2db4bd 100644 --- a/app-containers/crun/Manifest +++ b/app-containers/crun/Manifest @@ -1,2 +1,3 @@ +DIST crun-1.11.2.tar.xz 738176 BLAKE2B ef13475089c87599159ce00dd26fbb19c7f2bb9564352c1f8040925e521bb924cf28a8d1f37cc95ce7d1b2797b8654740e9ad08352e357c8c9e2d176466101e0 SHA512 ae35ffb9bd1c7acebfd7f6236fa6a7ad524593d8f2cea1203f0e89023e9791d2d5bbc5c5cfc32ee5f18ad80662a1659076ab5f4d5ff74c6026842f2dd12be977 DIST crun-1.8.1.tar.xz 692152 BLAKE2B b5dce1a454641221c591f50ac8519d4e9e9d892ea56232fa3fc9916934c19eba5853019238b1837cd5fb61f0dec5e0e6a11c02f628bece3b69c9c4f5750addae SHA512 6230b378f4746aff1d53f3ed797229b2056ece76e8e5b22d6f5f7b42e6042c6aff5294298f3cfd1293b4a87371dfa58cc69e57455e20948abd7269059ad39042 DIST crun-1.8.4.tar.xz 729552 BLAKE2B 8169518a0ddd8deb3820f7030d03dec6941d5d34fb73a036b82f15b0d8f2f702e117de00b829a16cb9976e118f5a5ca732b1cd572708f664cfeafc564f883824 SHA512 2ed80db2e7ddd1438bbe33e99ec2cdbcc55c4869504f719ff9302e834929752af09a59cd905accb37ee5f6cae3b9b16fd4f4c3fdab31db5fc38b007c1505bfa0 diff --git a/app-containers/crun/crun-1.11.2.ebuild b/app-containers/crun/crun-1.11.2.ebuild new file mode 100644 index 000000000000..91bb5534e6c3 --- /dev/null +++ b/app-containers/crun/crun-1.11.2.ebuild @@ -0,0 +1,75 @@ +# Copyright 2019-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..11} ) + +inherit python-any-r1 + +DESCRIPTION="A fast and low-memory footprint OCI Container Runtime fully written in C" +HOMEPAGE="https://github.com/containers/crun" +SRC_URI="https://github.com/containers/${PN}/releases/download/${PV}/${P}.tar.xz" + +LICENSE="GPL-2+ LGPL-2.1+" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv" +IUSE="+bpf +caps criu +seccomp selinux systemd static-libs" + +DEPEND=" + dev-libs/libgcrypt:= + dev-libs/yajl:= + sys-kernel/linux-headers + caps? ( sys-libs/libcap ) + criu? ( >=sys-process/criu-3.15 ) + seccomp? ( sys-libs/libseccomp ) + systemd? ( sys-apps/systemd:= ) +" +RDEPEND="${DEPEND} + selinux? ( sec-policy/selinux-container )" +BDEPEND=" + ${PYTHON_DEPS} + virtual/pkgconfig +" + +PATCHES=( + # merged upstream: https://github.com/containers/crun/pull/1345 + # drop when we get 1.11.3 + "${FILESDIR}/${P}-caps.patch" +) + +src_configure() { + local myeconfargs=( + $(use_enable bpf) + $(use_enable caps) + $(use_enable criu) + $(use_enable seccomp) + $(use_enable systemd) + $(usex static-libs '--enable-shared --enable-static' '--enable-shared --disable-static' '' '') + ) + + econf "${myeconfargs[@]}" +} + +src_compile() { + emake git-version.h + emake -C libocispec + emake crun +} + +src_install() { + emake "DESTDIR=${D}" install-exec + doman crun.1 + einstalldocs + + einfo "Cleaning up .la files" + find "${ED}" -name '*.la' -delete || die +} + +# the crun test suite is comprehensive to the extent that tests will fail +# within a sandbox environment, due to the nature of the privileges +# required to create linux "containers". +# due to this we disable most of the core test suite by unsetting PYTHON_TESTS +src_test() { + emake check PYTHON_TESTS= +} diff --git a/app-containers/crun/files/crun-1.11.2-caps.patch b/app-containers/crun/files/crun-1.11.2-caps.patch new file mode 100644 index 000000000000..d32a4dd1a8f8 --- /dev/null +++ b/app-containers/crun/files/crun-1.11.2-caps.patch @@ -0,0 +1,32 @@ +From 767ba88ef363115e80e077ce312f89f20488da01 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Robert=20G=C3=BCnzler?= <r@gnzler.io> +Date: Thu, 9 Nov 2023 14:16:08 +0100 +Subject: [PATCH] Fix build without libcap +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The work to support features introduced another point of dependency on +libcap that previously wasn't guarded by ifdefs + +Refs: https://github.com/containers/crun/pull/1237 +Signed-off-by: Robert Günzler <r@gnzler.io> +--- + src/libcrun/container.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/libcrun/container.c b/src/libcrun/container.c +index ed0fa29bb..7be1713ab 100644 +--- a/src/libcrun/container.c ++++ b/src/libcrun/container.c +@@ -3925,8 +3925,10 @@ libcrun_container_get_features (libcrun_context_t *context, struct features_info + // Populate namespaces + populate_array_field (&((*info)->linux.namespaces), namespaces, num_namspaces); + ++#ifdef HAVE_CAP + // Populate capabilities + populate_capabilities (*info, &capabilities, &num_capabilities); ++#endif + + // Hardcode the values for cgroup + (*info)->linux.cgroup.v1 = true; |