Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package crun for openSUSE:Factory checked in
at 2024-09-06 17:18:08
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/crun (Old)
and /work/SRC/openSUSE:Factory/.crun.new.10096 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "crun"
Fri Sep 6 17:18:08 2024 rev:23 rq:1199004 version:1.16.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/crun/crun.changes 2024-06-06
12:31:08.713250545 +0200
+++ /work/SRC/openSUSE:Factory/.crun.new.10096/crun.changes 2024-09-06
17:18:24.611555307 +0200
@@ -1,0 +2,20 @@
+Thu Sep 5 13:18:43 UTC 2024 - Dan Äermák <dcer...@suse.com>
+
+- new upstream release 1.16.1
+
+1.16.1:
+
+- fix a regression introduced by 1.16 where using 'rshared' rootfs mount
propagation and the rootfs itself is a mountpoint.
+- inherit user from original process on exec, if not overridden.
+
+1.16:
+
+- build: fix build for s390x.
+- linux: fix mount of special files with rro. Open the mount target with
O_PATH to prevent open(2) failures with special files like FIFOs or UNIX
sockets.
+- Fix sd-bus error handling for cpu quota and period props update.
+- container: use relative path for rootfs if possible. If the rootfs cannot
be resolved and it is below the current working directory, only use its
relative path.
+- wasmedge: access container environment variables for the WasmEdge
configuration.
+- cgroup, systemd: use MemoryMax instead of MemoryLimit. Fixes a warning for
using an old configuration name.
+- cgroup, systemd: improve checks for sd_bus_message_append errors
+
+-------------------------------------------------------------------
Old:
----
crun-1.15.tar.gz
crun-1.15.tar.gz.asc
New:
----
crun-1.16.1.tar.gz
crun-1.16.1.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ crun.spec ++++++
--- /var/tmp/diff_new_pack.3kkyxc/_old 2024-09-06 17:18:25.087575086 +0200
+++ /var/tmp/diff_new_pack.3kkyxc/_new 2024-09-06 17:18:25.087575086 +0200
@@ -23,7 +23,7 @@
%endif
Name: crun
-Version: 1.15
+Version: 1.16.1
Release: 0
Summary: OCI runtime written in C
License: GPL-2.0-or-later
@@ -86,10 +86,7 @@
%install
%make_install
rm -rf %{buildroot}/%{_libdir}/lib*
-%ifarch x86_64 aarch64
-# allow easy krun usage with podman
-ln -s %{_bindir}/crun %{buildroot}%{_bindir}/krun
-%endif
+
%if %with_wasmedge
# platform 'wasi/wasm' requires crun-wasm
ln -s %{_bindir}/crun %{buildroot}%{_bindir}/crun-wasm
++++++ crun-1.15.tar.gz -> crun-1.16.1.tar.gz ++++++
++++ 1761 lines of diff (skipped)
++++ retrying with extended exclude list
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/crun-1.15/.tarball-git-version.h new/crun-1.16.1/.tarball-git-version.h
--- old/crun-1.15/.tarball-git-version.h 2024-05-02 12:52:53.000000000
+0200
+++ new/crun-1.16.1/.tarball-git-version.h 2024-08-13 16:41:16.000000000
+0200
@@ -1,4 +1,4 @@
/* autogenerated. */
#ifndef GIT_VERSION
-# define GIT_VERSION "e6eacaf4034e84185fd8780ac9262bbf57082278"
+# define GIT_VERSION "afa829ca0122bd5e1d67f1f38e6cc348027e3c32"
#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/crun-1.15/.tarball-version new/crun-1.16.1/.tarball-version
--- old/crun-1.15/.tarball-version 2024-05-02 12:52:53.000000000 +0200
+++ new/crun-1.16.1/.tarball-version 2024-08-13 16:41:16.000000000 +0200
@@ -1 +1 @@
-1.15
+1.16.1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/crun-1.15/Makefile.am new/crun-1.16.1/Makefile.am
--- old/crun-1.15/Makefile.am 2024-01-24 17:31:10.000000000 +0100
+++ new/crun-1.16.1/Makefile.am 2024-08-07 11:59:00.000000000 +0200
@@ -271,6 +271,22 @@
$(MD2MAN) -in $(abs_srcdir)/krun.1.md -out krun.1
endif HAVE_MD2MAN
+install-exec-hook:
+if ENABLE_KRUN
+ $(LN_S) crun$(EXEEXT) $(DESTDIR)$(bindir)/krun$(EXEEXT)
+endif
+if ENABLE_WASM
+ $(LN_S) crun$(EXEEXT) $(DESTDIR)$(bindir)/crun-wasm$(EXEEXT)
+endif
+
+uninstall-hook:
+if ENABLE_KRUN
+ rm -f $(DESTDIR)$(bindir)/krun$(EXEEXT)
+endif
+if ENABLE_WASM
+ rm -f $(DESTDIR)$(bindir)/crun-wasm$(EXEEXT)
+endif
+
generate-man: crun.1 krun.1
sync:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/crun-1.15/NEWS new/crun-1.16.1/NEWS
--- old/crun-1.15/NEWS 2024-05-02 12:48:57.000000000 +0200
+++ new/crun-1.16.1/NEWS 2024-08-13 16:40:05.000000000 +0200
@@ -1,3 +1,25 @@
+* crun-1.16.1
+
+- fix a regression introduced by 1.16 where using 'rshared' rootfs
+ mount propagation and the rootfs itself is a mountpoint.
+- inherit user from original process on exec, if not overridden.
+
+* crun-1.16
+
+- build: fix build for s390x.
+- linux: fix mount of special files with rro. Open the mount target
+ with O_PATH to prevent open(2) failures with special files like
+ FIFOs or UNIX sockets.
+- Fix sd-bus error handling for cpu quota and period props update.
+- container: use relative path for rootfs if possible. If the rootfs
+ cannot be resolved and it is below the current working directory,
+ only use its relative path.
+- wasmedge: access container environment variables for the WasmEdge
+ configuration.
+- cgroup, systemd: use MemoryMax instead of MemoryLimit. Fixes a
+ warning for using an old configuration name.
+- cgroup, systemd: improve checks for sd_bus_message_append errors
+
* crun-1.15
- fix a mount point leak under /run/crun, add a retry mechanism to
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/crun-1.15/README.md new/crun-1.16.1/README.md
--- old/crun-1.15/README.md 2024-01-24 17:31:10.000000000 +0100
+++ new/crun-1.16.1/README.md 2024-08-07 11:59:00.000000000 +0200
@@ -45,13 +45,10 @@
# podman --runtime /usr/bin/runc run --rm --memory 4M fedora echo it works
Error: container_linux.go:346: starting container process caused
"process_linux.go:327: getting pipe fds for pid 13859 caused \"readlink
/proc/13859/fd/0: no such file or directory\"": OCI runtime command not found
error
-# podman --runtime /usr/bin/crun run --rm --memory 4M fedora echo it works
+# podman --runtime /usr/bin/crun run --rm --memory 512k fedora echo it works
it works
```
-crun could go much lower than that, and require \< 1M. The used 4MB is a
-hard limit set directly in Podman before calling the OCI runtime.
-
## Dependencies
These dependencies are required for the build:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/crun-1.15/configure.ac new/crun-1.16.1/configure.ac
--- old/crun-1.15/configure.ac 2024-01-24 17:31:10.000000000 +0100
+++ new/crun-1.16.1/configure.ac 2024-08-07 11:59:00.000000000 +0200
@@ -8,6 +8,8 @@
AC_REQUIRE_AUX_FILE([tap-driver.sh])
AC_CONFIG_SRCDIR([src/crun.c])
+AC_PROG_LN_S
+
LT_INIT([disable-shared])
AM_INIT_AUTOMAKE([1.11.2 -Wno-portability foreign tar-ustar no-dist-gzip
dist-xz subdir-objects])
@@ -128,6 +130,8 @@
AM_CONDITIONAL([ENABLE_KRUN], [test "x$with_libkrun" = xyes])
+AM_CONDITIONAL([ENABLE_WASM], [test "x$with_wasmer" = xyes && test
"x$with_wasmedge" = xyes && test "x$with_wasmtime" = xyes])
+
dnl include support for spin (EXPERIMENTAL)
AC_ARG_WITH([spin], AS_HELP_STRING([--with-spin], [build with spin support]))
AS_IF([test "x$with_spin" = "xyes"], AC_DEFINE([HAVE_SPIN], 1, [Define if spin
is available]))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/crun-1.15/libocispec/Makefile.am new/crun-1.16.1/libocispec/Makefile.am
--- old/crun-1.15/libocispec/Makefile.am 2023-04-13 21:08:30.000000000
+0200
+++ new/crun-1.16.1/libocispec/Makefile.am 2024-08-07 11:59:56.000000000
+0200
@@ -256,7 +256,8 @@
runtime-spec \
image-spec \
src/ocispec/json_common.h \
- src/ocispec/json_common.c
+ src/ocispec/json_common.c \
+ src/yajl
sync:
(cd image-spec; git pull https://github.com/opencontainers/image-spec)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/crun-1.15/libocispec/config.h.in new/crun-1.16.1/libocispec/config.h.in
--- old/crun-1.15/libocispec/config.h.in 2024-05-02 12:52:19.000000000
+0200
+++ new/crun-1.16.1/libocispec/config.h.in 2024-08-13 16:40:40.000000000
+0200
@@ -30,6 +30,9 @@
/* Define to 1 if you have the <unistd.h> header file. */
#undef HAVE_UNISTD_H
+/* Define if libyajl is available */
+#undef HAVE_YAJL
+
/* Define to the sub-directory where libtool stores uninstalled libraries. */
#undef LT_OBJDIR
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/crun-1.15/libocispec/configure.ac new/crun-1.16.1/libocispec/configure.ac
--- old/crun-1.15/libocispec/configure.ac 2022-11-07 11:11:00.000000000
+0100
+++ new/crun-1.16.1/libocispec/configure.ac 2024-08-07 11:59:56.000000000
+0200
@@ -25,7 +25,10 @@
esac],[embedded_yajl=false])
AM_CONDITIONAL([HAVE_EMBEDDED_YAJL], [test x"$embedded_yajl" = xtrue])
-AM_COND_IF([HAVE_EMBEDDED_YAJL], [], [PKG_CHECK_MODULES([YAJL], [yajl >=
2.1.0])])
+AM_COND_IF([HAVE_EMBEDDED_YAJL], [], [
+AC_SEARCH_LIBS(yajl_tree_get, [yajl], [AC_DEFINE([HAVE_YAJL], 1, [Define if
libyajl is available])], [AC_MSG_ERROR([*** libyajl headers not found])])
+PKG_CHECK_MODULES([YAJL], [yajl >= 2.0.0])
+])
# Optionally install the library.
AC_ARG_ENABLE(libocispec-install,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/crun-1.15/libocispec/src/yajl/yajl_common.h
new/crun-1.16.1/libocispec/src/yajl/yajl_common.h
--- old/crun-1.15/libocispec/src/yajl/yajl_common.h 1970-01-01
01:00:00.000000000 +0100
+++ new/crun-1.16.1/libocispec/src/yajl/yajl_common.h 2021-03-21
20:50:29.000000000 +0100
@@ -0,0 +1,75 @@
+/*
+ * Copyright (c) 2007-2014, Lloyd Hilaiel <m...@lloyd.io>
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef __YAJL_COMMON_H__
+#define __YAJL_COMMON_H__
+
+#include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define YAJL_MAX_DEPTH 128
+
+/* msft dll export gunk. To build a DLL on windows, you
+ * must define WIN32, YAJL_SHARED, and YAJL_BUILD. To use a shared
+ * DLL, you must define YAJL_SHARED and WIN32 */
+#if (defined(_WIN32) || defined(WIN32)) && defined(YAJL_SHARED)
+# ifdef YAJL_BUILD
+# define YAJL_API __declspec(dllexport)
+# else
+# define YAJL_API __declspec(dllimport)
+# endif
+#else
+# if defined(__GNUC__) && (__GNUC__ * 100 + __GNUC_MINOR__) >= 303
+# define YAJL_API __attribute__ ((visibility("default")))
+# else
+# define YAJL_API
+# endif
+#endif
+
+/** pointer to a malloc function, supporting client overriding memory
+ * allocation routines */
+typedef void * (*yajl_malloc_func)(void *ctx, size_t sz);
+
+/** pointer to a free function, supporting client overriding memory
+ * allocation routines */
+typedef void (*yajl_free_func)(void *ctx, void * ptr);
+
+/** pointer to a realloc function which can resize an allocation. */
+typedef void * (*yajl_realloc_func)(void *ctx, void * ptr, size_t sz);
+
+/** A structure which can be passed to yajl_*_alloc routines to allow the
+ * client to specify memory allocation functions to be used. */
+typedef struct
+{
+ /** pointer to a function that can allocate uninitialized memory */
+ yajl_malloc_func malloc;
+ /** pointer to a function that can resize memory allocations */
+ yajl_realloc_func realloc;
+ /** pointer to a function that can free memory allocated using
+ * reallocFunction or mallocFunction */
+ yajl_free_func free;
+ /** a context pointer that will be passed to above allocation routines */
+ void * ctx;
+} yajl_alloc_funcs;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/crun-1.15/libocispec/src/yajl/yajl_gen.h
new/crun-1.16.1/libocispec/src/yajl/yajl_gen.h
--- old/crun-1.15/libocispec/src/yajl/yajl_gen.h 1970-01-01
01:00:00.000000000 +0100
+++ new/crun-1.16.1/libocispec/src/yajl/yajl_gen.h 2021-03-21
20:50:29.000000000 +0100
@@ -0,0 +1,167 @@
+/*
+ * Copyright (c) 2007-2014, Lloyd Hilaiel <m...@lloyd.io>
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/**
+ * \file yajl_gen.h
+ * Interface to YAJL's JSON generation facilities.
+ */
+
+#include <yajl/yajl_common.h>
+
+#ifndef __YAJL_GEN_H__
+#define __YAJL_GEN_H__
+
+#include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+ /** generator status codes */
+ typedef enum {
+ /** no error */
+ yajl_gen_status_ok = 0,
+ /** at a point where a map key is generated, a function other than
+ * yajl_gen_string was called */
+ yajl_gen_keys_must_be_strings,
+ /** YAJL's maximum generation depth was exceeded. see
+ * YAJL_MAX_DEPTH */
+ yajl_max_depth_exceeded,
+ /** A generator function (yajl_gen_XXX) was called while in an error
+ * state */
+ yajl_gen_in_error_state,
+ /** A complete JSON document has been generated */
+ yajl_gen_generation_complete,
+ /** yajl_gen_double was passed an invalid floating point value
+ * (infinity or NaN). */
+ yajl_gen_invalid_number,
+ /** A print callback was passed in, so there is no internal
+ * buffer to get from */
+ yajl_gen_no_buf,
+ /** returned from yajl_gen_string() when the yajl_gen_validate_utf8
+ * option is enabled and an invalid was passed by client code.
+ */
+ yajl_gen_invalid_string
+ } yajl_gen_status;
+
+ /** an opaque handle to a generator */
+ typedef struct yajl_gen_t * yajl_gen;
+
+ /** a callback used for "printing" the results. */
+ typedef void (*yajl_print_t)(void * ctx,
+ const char * str,
+ size_t len);
+
+ /** configuration parameters for the parser, these may be passed to
+ * yajl_gen_config() along with option specific argument(s). In general,
+ * all configuration parameters default to *off*. */
+ typedef enum {
+ /** generate indented (beautiful) output */
+ yajl_gen_beautify = 0x01,
+ /**
+ * Set an indent string which is used when yajl_gen_beautify
+ * is enabled. Maybe something like \\t or some number of
+ * spaces. The default is four spaces ' '.
+ */
+ yajl_gen_indent_string = 0x02,
+ /**
+ * Set a function and context argument that should be used to
+ * output generated json. the function should conform to the
+ * yajl_print_t prototype while the context argument is a
+ * void * of your choosing.
+ *
+ * example:
+ * yajl_gen_config(g, yajl_gen_print_callback, myFunc, myVoidPtr);
+ */
+ yajl_gen_print_callback = 0x04,
+ /**
+ * Normally the generator does not validate that strings you
+ * pass to it via yajl_gen_string() are valid UTF8. Enabling
+ * this option will cause it to do so.
+ */
+ yajl_gen_validate_utf8 = 0x08,
+ /**
+ * the forward solidus (slash or '/' in human) is not required to be
+ * escaped in json text. By default, YAJL will not escape it in the
+ * iterest of saving bytes. Setting this flag will cause YAJL to
+ * always escape '/' in generated JSON strings.
+ */
+ yajl_gen_escape_solidus = 0x10
+ } yajl_gen_option;
+
+ /** allow the modification of generator options subsequent to handle
+ * allocation (via yajl_alloc)
+ * \returns zero in case of errors, non-zero otherwise
+ */
+ YAJL_API int yajl_gen_config(yajl_gen g, yajl_gen_option opt, ...);
+
+ /** allocate a generator handle
+ * \param allocFuncs an optional pointer to a structure which allows
+ * the client to overide the memory allocation
+ * used by yajl. May be NULL, in which case
+ * malloc/free/realloc will be used.
+ *
+ * \returns an allocated handle on success, NULL on failure (bad params)
+ */
+ YAJL_API yajl_gen yajl_gen_alloc(const yajl_alloc_funcs * allocFuncs);
+
+ /** free a generator handle */
+ YAJL_API void yajl_gen_free(yajl_gen handle);
+
+ YAJL_API yajl_gen_status yajl_gen_integer(yajl_gen hand, long long int
number);
+ /** generate a floating point number. number may not be infinity or
+ * NaN, as these have no representation in JSON. In these cases the
+ * generator will return 'yajl_gen_invalid_number' */
+ YAJL_API yajl_gen_status yajl_gen_double(yajl_gen hand, double number);
+ YAJL_API yajl_gen_status yajl_gen_number(yajl_gen hand,
+ const char * num,
+ size_t len);
+ YAJL_API yajl_gen_status yajl_gen_string(yajl_gen hand,
+ const unsigned char * str,
+ size_t len);
+ YAJL_API yajl_gen_status yajl_gen_null(yajl_gen hand);
+ YAJL_API yajl_gen_status yajl_gen_bool(yajl_gen hand, int boolean);
+ YAJL_API yajl_gen_status yajl_gen_map_open(yajl_gen hand);
+ YAJL_API yajl_gen_status yajl_gen_map_close(yajl_gen hand);
+ YAJL_API yajl_gen_status yajl_gen_array_open(yajl_gen hand);
+ YAJL_API yajl_gen_status yajl_gen_array_close(yajl_gen hand);
+
+ /** access the null terminated generator buffer. If incrementally
+ * outputing JSON, one should call yajl_gen_clear to clear the
+ * buffer. This allows stream generation. */
+ YAJL_API yajl_gen_status yajl_gen_get_buf(yajl_gen hand,
+ const unsigned char ** buf,
+ size_t * len);
+
+ /** clear yajl's output buffer, but maintain all internal generation
+ * state. This function will not "reset" the generator state, and is
+ * intended to enable incremental JSON outputing. */
+ YAJL_API void yajl_gen_clear(yajl_gen hand);
+
+ /** Reset the generator state. Allows a client to generate multiple
+ * json entities in a stream. The "sep" string will be inserted to
+ * separate the previously generated entity from the current,
+ * NULL means *no separation* of entites (clients beware, generating
+ * multiple JSON numbers without a separator, for instance, will result
in ambiguous output)
+ *
+ * Note: this call will not clear yajl's output buffer. This
+ * may be accomplished explicitly by calling yajl_gen_clear() */
+ YAJL_API void yajl_gen_reset(yajl_gen hand, const char * sep);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/crun-1.15/libocispec/src/yajl/yajl_parse.h
new/crun-1.16.1/libocispec/src/yajl/yajl_parse.h
--- old/crun-1.15/libocispec/src/yajl/yajl_parse.h 1970-01-01
01:00:00.000000000 +0100
+++ new/crun-1.16.1/libocispec/src/yajl/yajl_parse.h 2021-03-21
20:50:29.000000000 +0100
@@ -0,0 +1,226 @@
+/*
+ * Copyright (c) 2007-2014, Lloyd Hilaiel <m...@lloyd.io>
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/**
+ * \file yajl_parse.h
+ * Interface to YAJL's JSON stream parsing facilities.
+ */
+
+#include <yajl/yajl_common.h>
+
+#ifndef __YAJL_PARSE_H__
+#define __YAJL_PARSE_H__
+
+#include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+ /** error codes returned from this interface */
+ typedef enum {
+ /** no error was encountered */
+ yajl_status_ok,
+ /** a client callback returned zero, stopping the parse */
+ yajl_status_client_canceled,
+ /** An error occurred during the parse. Call yajl_get_error for
+ * more information about the encountered error */
+ yajl_status_error
+ } yajl_status;
+
+ /** attain a human readable, english, string for an error */
+ YAJL_API const char * yajl_status_to_string(yajl_status code);
+
+ /** an opaque handle to a parser */
+ typedef struct yajl_handle_t * yajl_handle;
+
+ /** yajl is an event driven parser. this means as json elements are
+ * parsed, you are called back to do something with the data. The
+ * functions in this table indicate the various events for which
+ * you will be called back. Each callback accepts a "context"
+ * pointer, this is a void * that is passed into the yajl_parse
+ * function which the client code may use to pass around context.
+ *
+ * All callbacks return an integer. If non-zero, the parse will
+ * continue. If zero, the parse will be canceled and
+ * yajl_status_client_canceled will be returned from the parse.
+ *
+ * \attention {
+ * A note about the handling of numbers:
+ *
+ * yajl will only convert numbers that can be represented in a
+ * double or a 64 bit (long long) int. All other numbers will
+ * be passed to the client in string form using the yajl_number
+ * callback. Furthermore, if yajl_number is not NULL, it will
+ * always be used to return numbers, that is yajl_integer and
+ * yajl_double will be ignored. If yajl_number is NULL but one
+ * of yajl_integer or yajl_double are defined, parsing of a
+ * number larger than is representable in a double or 64 bit
+ * integer will result in a parse error.
+ * }
+ */
+ typedef struct {
+ int (* yajl_null)(void * ctx);
+ int (* yajl_boolean)(void * ctx, int boolVal);
+ int (* yajl_integer)(void * ctx, long long integerVal);
+ int (* yajl_double)(void * ctx, double doubleVal);
+ /** A callback which passes the string representation of the number
+ * back to the client. Will be used for all numbers when present */
+ int (* yajl_number)(void * ctx, const char * numberVal,
+ size_t numberLen);
+
+ /** strings are returned as pointers into the JSON text when,
+ * possible, as a result, they are _not_ null padded */
+ int (* yajl_string)(void * ctx, const unsigned char * stringVal,
+ size_t stringLen);
+
+ int (* yajl_start_map)(void * ctx);
+ int (* yajl_map_key)(void * ctx, const unsigned char * key,
+ size_t stringLen);
+ int (* yajl_end_map)(void * ctx);
+
+ int (* yajl_start_array)(void * ctx);
+ int (* yajl_end_array)(void * ctx);
+ } yajl_callbacks;
+
+ /** allocate a parser handle
+ * \param callbacks a yajl callbacks structure specifying the
+ * functions to call when different JSON entities
+ * are encountered in the input text. May be NULL,
+ * which is only useful for validation.
+ * \param afs memory allocation functions, may be NULL for to use
+ * C runtime library routines (malloc and friends)
+ * \param ctx a context pointer that will be passed to callbacks.
+ */
+ YAJL_API yajl_handle yajl_alloc(const yajl_callbacks * callbacks,
+ yajl_alloc_funcs * afs,
+ void * ctx);
+
+
+ /** configuration parameters for the parser, these may be passed to
+ * yajl_config() along with option specific argument(s). In general,
+ * all configuration parameters default to *off*. */
+ typedef enum {
+ /** Ignore javascript style comments present in
+ * JSON input. Non-standard, but rather fun
+ * arguments: toggled off with integer zero, on otherwise.
+ *
+ * example:
+ * yajl_config(h, yajl_allow_comments, 1); // turn comment support
on
+ */
+ yajl_allow_comments = 0x01,
+ /**
+ * When set the parser will verify that all strings in JSON input are
+ * valid UTF8 and will emit a parse error if this is not so. When set,
+ * this option makes parsing slightly more expensive (~7% depending
+ * on processor and compiler in use)
+ *
+ * example:
+ * yajl_config(h, yajl_dont_validate_strings, 1); // disable utf8
checking
+ */
+ yajl_dont_validate_strings = 0x02,
+ /**
+ * By default, upon calls to yajl_complete_parse(), yajl will
+ * ensure the entire input text was consumed and will raise an error
+ * otherwise. Enabling this flag will cause yajl to disable this
+ * check. This can be useful when parsing json out of a that contains
more
+ * than a single JSON document.
+ */
+ yajl_allow_trailing_garbage = 0x04,
+ /**
+ * Allow multiple values to be parsed by a single handle. The
+ * entire text must be valid JSON, and values can be seperated
+ * by any kind of whitespace. This flag will change the
+ * behavior of the parser, and cause it continue parsing after
+ * a value is parsed, rather than transitioning into a
+ * complete state. This option can be useful when parsing multiple
+ * values from an input stream.
+ */
+ yajl_allow_multiple_values = 0x08,
+ /**
+ * When yajl_complete_parse() is called the parser will
+ * check that the top level value was completely consumed. I.E.,
+ * if called whilst in the middle of parsing a value
+ * yajl will enter an error state (premature EOF). Setting this
+ * flag suppresses that check and the corresponding error.
+ */
+ yajl_allow_partial_values = 0x10
+ } yajl_option;
+
+ /** allow the modification of parser options subsequent to handle
+ * allocation (via yajl_alloc)
+ * \returns zero in case of errors, non-zero otherwise
+ */
+ YAJL_API int yajl_config(yajl_handle h, yajl_option opt, ...);
+
+ /** free a parser handle */
+ YAJL_API void yajl_free(yajl_handle handle);
+
+ /** Parse some json!
+ * \param hand - a handle to the json parser allocated with yajl_alloc
+ * \param jsonText - a pointer to the UTF8 json text to be parsed
+ * \param jsonTextLength - the length, in bytes, of input text
+ */
+ YAJL_API yajl_status yajl_parse(yajl_handle hand,
+ const unsigned char * jsonText,
+ size_t jsonTextLength);
+
+ /** Parse any remaining buffered json.
+ * Since yajl is a stream-based parser, without an explicit end of
+ * input, yajl sometimes can't decide if content at the end of the
+ * stream is valid or not. For example, if "1" has been fed in,
+ * yajl can't know whether another digit is next or some character
+ * that would terminate the integer token.
+ *
+ * \param hand - a handle to the json parser allocated with yajl_alloc
+ */
+ YAJL_API yajl_status yajl_complete_parse(yajl_handle hand);
+
+ /** get an error string describing the state of the
+ * parse.
+ *
+ * If verbose is non-zero, the message will include the JSON
+ * text where the error occurred, along with an arrow pointing to
+ * the specific char.
+ *
+ * \returns A dynamically allocated string will be returned which should
+ * be freed with yajl_free_error
+ */
+ YAJL_API unsigned char * yajl_get_error(yajl_handle hand, int verbose,
+ const unsigned char * jsonText,
+ size_t jsonTextLength);
+
+ /**
+ * get the amount of data consumed from the last chunk passed to YAJL.
+ *
+ * In the case of a successful parse this can help you understand if
+ * the entire buffer was consumed (which will allow you to handle
+ * "junk at end of input").
+ *
+ * In the event an error is encountered during parsing, this function
+ * affords the client a way to get the offset into the most recent
+ * chunk where the error occurred. 0 will be returned if no error
+ * was encountered.
+ */
+ YAJL_API size_t yajl_get_bytes_consumed(yajl_handle hand);
+
+ /** free an error returned from yajl_get_error */
+ YAJL_API void yajl_free_error(yajl_handle hand, unsigned char * str);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/crun-1.15/libocispec/src/yajl/yajl_tree.h
new/crun-1.16.1/libocispec/src/yajl/yajl_tree.h
--- old/crun-1.15/libocispec/src/yajl/yajl_tree.h 1970-01-01
01:00:00.000000000 +0100
+++ new/crun-1.16.1/libocispec/src/yajl/yajl_tree.h 2021-03-21
20:50:29.000000000 +0100
@@ -0,0 +1,186 @@
+/*
+ * Copyright (c) 2010-2011 Florian Forster <ff at octo.it>
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/**
+ * \file yajl_tree.h
+ *
+ * Parses JSON data and returns the data in tree form.
+ *
+ * \author Florian Forster
+ * \date August 2010
+ *
+ * This interface makes quick parsing and extraction of
+ * smallish JSON docs trivial:
+ *
+ * \include example/parse_config.c
+ */
+
+#ifndef YAJL_TREE_H
+#define YAJL_TREE_H 1
+
+#include <yajl/yajl_common.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/** possible data types that a yajl_val_s can hold */
+typedef enum {
+ yajl_t_string = 1,
+ yajl_t_number = 2,
+ yajl_t_object = 3,
+ yajl_t_array = 4,
+ yajl_t_true = 5,
+ yajl_t_false = 6,
+ yajl_t_null = 7,
+ /** The any type isn't valid for yajl_val_s.type, but can be
+ * used as an argument to routines like yajl_tree_get().
+ */
+ yajl_t_any = 8
+} yajl_type;
+
+#define YAJL_NUMBER_INT_VALID 0x01
+#define YAJL_NUMBER_DOUBLE_VALID 0x02
+
+/** A pointer to a node in the parse tree */
+typedef struct yajl_val_s * yajl_val;
+
+/**
+ * A JSON value representation capable of holding one of the seven
+ * types above. For "string", "number", "object", and "array"
+ * additional data is available in the union. The "YAJL_IS_*"
+ * and "YAJL_GET_*" macros below allow type checking and convenient
+ * value extraction.
+ */
+struct yajl_val_s
+{
+ /** Type of the value contained. Use the "YAJL_IS_*" macros to check for a
+ * specific type. */
+ yajl_type type;
+ /** Type-specific data. You may use the "YAJL_GET_*" macros to access these
+ * members. */
+ union
+ {
+ char * string;
+ struct {
+ long long i; /*< integer value, if representable. */
+ double d; /*< double value, if representable. */
+ char *r; /*< unparsed number in string form. */
+ /** Signals whether the \em i and \em d members are
+ * valid. See \c YAJL_NUMBER_INT_VALID and
+ * \c YAJL_NUMBER_DOUBLE_VALID. */
+ unsigned int flags;
+ } number;
+ struct {
+ const char **keys; /*< Array of keys */
+ yajl_val *values; /*< Array of values. */
+ size_t len; /*< Number of key-value-pairs. */
+ } object;
+ struct {
+ yajl_val *values; /*< Array of elements. */
+ size_t len; /*< Number of elements. */
+ } array;
+ } u;
+};
+
+/**
+ * Parse a string.
+ *
+ * Parses an null-terminated string containing JSON data and returns a pointer
+ * to the top-level value (root of the parse tree).
+ *
+ * \param input Pointer to a null-terminated utf8 string
containing
+ * JSON data.
+ * \param error_buffer Pointer to a buffer in which an error message will
+ * be stored if \em yajl_tree_parse fails, or
+ * \c NULL. The buffer will be initialized before
+ * parsing, so its content will be destroyed even if
+ * \em yajl_tree_parse succeeds.
+ * \param error_buffer_size Size of the memory area pointed to by
+ * \em error_buffer_size. If \em error_buffer_size is
+ * \c NULL, this argument is ignored.
+ *
+ * \returns Pointer to the top-level value or \c NULL on error. The memory
+ * pointed to must be freed using \em yajl_tree_free. In case of an error, a
+ * null terminated message describing the error in more detail is stored in
+ * \em error_buffer if it is not \c NULL.
+ */
+YAJL_API yajl_val yajl_tree_parse (const char *input,
+ char *error_buffer, size_t
error_buffer_size);
+
+
+/**
+ * Free a parse tree returned by "yajl_tree_parse".
+ *
+ * \param v Pointer to a JSON value returned by "yajl_tree_parse". Passing NULL
+ * is valid and results in a no-op.
+ */
+YAJL_API void yajl_tree_free (yajl_val v);
+
+/**
+ * Access a nested value inside a tree.
+ *
+ * \param parent the node under which you'd like to extract values.
+ * \param path A null terminated array of strings, each the name of an object
key
+ * \param type the yajl_type of the object you seek, or yajl_t_any if any will
do.
+ *
+ * \returns a pointer to the found value, or NULL if we came up empty.
+ *
+ * Future Ideas: it'd be nice to move path to a string and implement support
for
+ * a teeny tiny micro language here, so you can extract array elements, do
things
+ * like .first and .last, even .length. Inspiration from JSONPath and css
selectors?
+ * No it wouldn't be fast, but that's not what this API is about.
+ */
+YAJL_API yajl_val yajl_tree_get(yajl_val parent, const char ** path, yajl_type
type);
+
+/* Various convenience macros to check the type of a `yajl_val` */
+#define YAJL_IS_STRING(v) (((v) != NULL) && ((v)->type == yajl_t_string))
+#define YAJL_IS_NUMBER(v) (((v) != NULL) && ((v)->type == yajl_t_number))
+#define YAJL_IS_INTEGER(v) (YAJL_IS_NUMBER(v) && ((v)->u.number.flags &
YAJL_NUMBER_INT_VALID))
+#define YAJL_IS_DOUBLE(v) (YAJL_IS_NUMBER(v) && ((v)->u.number.flags &
YAJL_NUMBER_DOUBLE_VALID))
+#define YAJL_IS_OBJECT(v) (((v) != NULL) && ((v)->type == yajl_t_object))
+#define YAJL_IS_ARRAY(v) (((v) != NULL) && ((v)->type == yajl_t_array ))
+#define YAJL_IS_TRUE(v) (((v) != NULL) && ((v)->type == yajl_t_true ))
+#define YAJL_IS_FALSE(v) (((v) != NULL) && ((v)->type == yajl_t_false ))
+#define YAJL_IS_NULL(v) (((v) != NULL) && ((v)->type == yajl_t_null ))
+
+/** Given a yajl_val_string return a ptr to the bare string it contains,
+ * or NULL if the value is not a string. */
+#define YAJL_GET_STRING(v) (YAJL_IS_STRING(v) ? (v)->u.string : NULL)
+
+/** Get the string representation of a number. You should check type first,
+ * perhaps using YAJL_IS_NUMBER */
+#define YAJL_GET_NUMBER(v) ((v)->u.number.r)
+
+/** Get the double representation of a number. You should check type first,
+ * perhaps using YAJL_IS_DOUBLE */
+#define YAJL_GET_DOUBLE(v) ((v)->u.number.d)
+
+/** Get the 64bit (long long) integer representation of a number. You should
+ * check type first, perhaps using YAJL_IS_INTEGER */
+#define YAJL_GET_INTEGER(v) ((v)->u.number.i)
+
+/** Get a pointer to a yajl_val_object or NULL if the value is not an object.
*/
+#define YAJL_GET_OBJECT(v) (YAJL_IS_OBJECT(v) ? &(v)->u.object : NULL)
+
+/** Get a pointer to a yajl_val_array or NULL if the value is not an object. */
+#define YAJL_GET_ARRAY(v) (YAJL_IS_ARRAY(v) ? &(v)->u.array : NULL)
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* YAJL_TREE_H */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/crun-1.15/libocispec/src/yajl/yajl_version.h.cmake
new/crun-1.16.1/libocispec/src/yajl/yajl_version.h.cmake
--- old/crun-1.15/libocispec/src/yajl/yajl_version.h.cmake 1970-01-01
01:00:00.000000000 +0100
+++ new/crun-1.16.1/libocispec/src/yajl/yajl_version.h.cmake 2021-03-21
20:50:29.000000000 +0100
@@ -0,0 +1,23 @@
+#ifndef YAJL_VERSION_H_
+#define YAJL_VERSION_H_
+
+#include <yajl/yajl_common.h>
+
+#define YAJL_MAJOR ${YAJL_MAJOR}
+#define YAJL_MINOR ${YAJL_MINOR}
+#define YAJL_MICRO ${YAJL_MICRO}
+
+#define YAJL_VERSION ((YAJL_MAJOR * 10000) + (YAJL_MINOR * 100) + YAJL_MICRO)
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern int YAJL_API yajl_version(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* YAJL_VERSION_H_ */
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/crun-1.15/rpm/crun.spec new/crun-1.16.1/rpm/crun.spec
--- old/crun-1.15/rpm/crun.spec 2024-05-02 12:48:57.000000000 +0200
+++ new/crun-1.16.1/rpm/crun.spec 2024-08-07 11:59:00.000000000 +0200
@@ -1,16 +1,17 @@
%global krun_opts %{nil}
%global wasmedge_opts %{nil}
-%global wasmtime_opts %{nil}
# krun and wasm[edge,time] support only on aarch64 and x86_64
%ifarch aarch64 || x86_64
%global wasm_support 1
-%if %{defined copr_project}
+%if %{defined copr_username}
%define copr_build 1
%endif
-%if %{defined fedora} || %{defined copr_build}
+# Disable wasmedge on rhel 10 until EPEL10 is in place, otherwise it causes
+# build issues on copr
+%if %{defined fedora} || (%{defined %copr_build} && %{defined rhel} &&
0%{?rhel} < 10)
%global wasmedge_support 1
%global wasmedge_opts --with-wasmedge
%endif
@@ -21,12 +22,6 @@
%global krun_opts --with-libkrun
%endif
-# wasmtime exists only on podman-next copr for now
-%if %{defined copr_project} && "%{?copr_project}" == "podman-next"
-%global wasmtime_support 1
-%global wasmtime_opts --with-wasmtime
-%endif
-
%endif
Summary: OCI runtime written in C
@@ -71,9 +66,6 @@
%if %{defined wasmedge_support}
BuildRequires: wasmedge-devel
%endif
-%if %{defined wasmtime_support}
-BuildRequires: wasmtime-c-api-devel
-%endif
BuildRequires: python
Provides: oci-runtime
@@ -113,17 +105,13 @@
%build
./autogen.sh
-./configure --disable-silent-rules %{krun_opts} %{wasmedge_opts}
%{wasmtime_opts}
+./configure --disable-silent-rules %{krun_opts} %{wasmedge_opts}
%make_build
%install
%make_install prefix=%{_prefix}
rm -rf %{buildroot}%{_prefix}/lib*
-%if %{defined krun_support}
-ln -s %{name} %{buildroot}%{_bindir}/krun
-%endif
-
%if %{defined wasm_support}
ln -s %{name} %{buildroot}%{_bindir}/%{name}-wasm
%endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/crun-1.15/src/libcrun/blake3/blake3.c
new/crun-1.16.1/src/libcrun/blake3/blake3.c
--- old/crun-1.15/src/libcrun/blake3/blake3.c 2024-01-24 17:31:10.000000000
+0100
+++ new/crun-1.16.1/src/libcrun/blake3/blake3.c 2024-08-07 11:59:00.000000000
+0200
@@ -174,7 +174,7 @@
assert(input_len <= MAX_SIMD_DEGREE * BLAKE3_CHUNK_LEN);
#endif
- const uint8_t *chunks_array[MAX_SIMD_DEGREE];
+ const uint8_t *chunks_array[MAX_SIMD_DEGREE] = {0, };
size_t input_position = 0;
size_t chunks_array_len = 0;
while (input_len - input_position >= BLAKE3_CHUNK_LEN) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/crun-1.15/src/libcrun/cgroup-systemd.c
new/crun-1.16.1/src/libcrun/cgroup-systemd.c
--- old/crun-1.15/src/libcrun/cgroup-systemd.c 2024-02-08 19:12:09.000000000
+0100
+++ new/crun-1.16.1/src/libcrun/cgroup-systemd.c 2024-08-13
16:40:05.000000000 +0200
@@ -871,14 +871,14 @@
return ret;
if (ret)
{
- sd_err = sd_bus_message_append (m, "(sv)", "MemoryLimit", "t",
memory_limit);
+ sd_err = sd_bus_message_append (m, "(sv)", "MemoryMax", "t",
memory_limit);
if (UNLIKELY (sd_err < 0))
- return crun_make_error (err, -sd_err, "sd-bus message append
MemoryLimit");
+ return crun_make_error (err, -sd_err, "sd-bus message append
MemoryMax");
}
if (resources->cpu)
{
- /* do not bother with systemd internal representation if both values are
not specified */
+ /* do not bother with systemd internal representation unless both values
are specified */
if (resources->cpu->quota && resources->cpu->period)
{
uint64_t quota = resources->cpu->quota;
@@ -889,12 +889,12 @@
quota = ((quota / 10000) + 1) * 10000;
sd_err = sd_bus_message_append (m, "(sv)", "CPUQuotaPerSecUSec",
"t", quota);
- if (UNLIKELY (ret < 0))
- return ret;
+ if (UNLIKELY (sd_err < 0))
+ return crun_make_error (err, -sd_err, "sd-bus message append
CPUQuotaPerSecUSec");
sd_err = sd_bus_message_append (m, "(sv)", "CPUQuotaPeriodUSec",
"t", resources->cpu->period);
- if (UNLIKELY (ret < 0))
- return ret;
+ if (UNLIKELY (sd_err < 0))
+ return crun_make_error (err, -sd_err, "sd-bus message append
CPUQuotaPeriodUSec");
}
}
@@ -1106,6 +1106,11 @@
}
sd_err = sd_bus_message_append (m, "(sv)", "DefaultDependencies", "b", 0);
+ if (UNLIKELY (sd_err < 0))
+ {
+ ret = crun_make_error (err, -sd_err, "sd-bus message append
DefaultDependencies");
+ goto exit;
+ }
for (i = 0; boolean_opts[i]; i++)
{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/crun-1.15/src/libcrun/cgroup-utils.c
new/crun-1.16.1/src/libcrun/cgroup-utils.c
--- old/crun-1.15/src/libcrun/cgroup-utils.c 2024-05-02 12:48:57.000000000
+0200
+++ new/crun-1.16.1/src/libcrun/cgroup-utils.c 2024-08-13 16:40:05.000000000
+0200
@@ -585,6 +585,8 @@
return ret;
dfd = open (cgroup_path, O_CLOEXEC | O_PATH);
+ if (UNLIKELY (dfd < 0))
+ return crun_make_error (err, errno, "open `%s`", cgroup_path);
ret = read_all_file ("/sys/kernel/cgroup/delegate", &delegate,
&delegate_size, err);
if (UNLIKELY (ret < 0))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/crun-1.15/src/libcrun/cgroup.c new/crun-1.16.1/src/libcrun/cgroup.c
--- old/crun-1.15/src/libcrun/cgroup.c 2023-09-27 22:33:35.000000000 +0200
+++ new/crun-1.16.1/src/libcrun/cgroup.c 2024-08-13 16:40:05.000000000
+0200
@@ -470,13 +470,12 @@
libcrun_cgroup_has_oom (struct libcrun_cgroup_status *status, libcrun_error_t
*err)
{
cleanup_free char *content = NULL;
- const char *path = NULL;
+ const char *path = status->path;
const char *prefix = NULL;
size_t content_size = 0;
int cgroup_mode;
char *it;
- path = status->path;
if (UNLIKELY (path == NULL || path[0] == '\0'))
return 0;
@@ -484,9 +483,6 @@
if (UNLIKELY (cgroup_mode < 0))
return cgroup_mode;
- if (path == NULL || path[0] == '\0')
- return 0;
-
switch (cgroup_mode)
{
case CGROUP_MODE_UNIFIED:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/crun-1.15/src/libcrun/container.c new/crun-1.16.1/src/libcrun/container.c
--- old/crun-1.15/src/libcrun/container.c 2024-05-02 12:48:57.000000000
+0200
+++ new/crun-1.16.1/src/libcrun/container.c 2024-08-13 16:40:05.000000000
+0200
@@ -1075,7 +1075,27 @@
if (UNLIKELY (rootfs == NULL))
{
/* If realpath failed for any reason, try the relative directory. */
- rootfs = xstrdup (def->root->path);
+ if (def->root->path[0] == '/')
+ {
+ cleanup_free char *cwd = NULL;
+ ssize_t len;
+
+ len = safe_readlinkat (AT_FDCWD, "/proc/self/cwd", &cwd, 0, err);
+ if (UNLIKELY (len < 0))
+ return len;
+
+ /* If the rootfs is under the current working directory, just
use its relative path. */
+ if (has_prefix (def->root->path, cwd) && def->root->path[len] ==
'/')
+ {
+ const char *it = consume_slashes (def->root->path + len);
+ if (*it)
+ rootfs = xstrdup (it);
+ }
+ }
+
+ /* If nothing else worked, just use the path as it is. */
+ if (rootfs == NULL)
+ rootfs = xstrdup (def->root->path);
}
}
@@ -2427,7 +2447,6 @@
cg.id = context->id;
cg.resources = def->linux ? def->linux->resources : NULL;
cg.annotations = def->annotations;
- cg.manager = cgroup_manager;
cg.root_uid = root_uid;
cg.root_gid = root_gid;
@@ -3590,7 +3609,7 @@
pipefd0 = container_ret_status[0];
pipefd1 = container_ret_status[1];
- /* If the new process block doesn't specify a SELinux label or AppArmor
profile, then
+ /* If the new process block doesn't specify a SELinux label, AppArmor
profile or user, then
use the configuration from the original config file. */
if (container->container_def->process)
{
@@ -3599,6 +3618,9 @@
if (process->apparmor_profile == NULL &&
container->container_def->process->apparmor_profile)
process->apparmor_profile = xstrdup
(container->container_def->process->apparmor_profile);
+
+ if (process->user == NULL && container->container_def->process->user)
+ process->user = container->container_def->process->user;
}
ret = initialize_security (process, err);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/crun-1.15/src/libcrun/custom-handler.c
new/crun-1.16.1/src/libcrun/custom-handler.c
--- old/crun-1.15/src/libcrun/custom-handler.c 2023-11-23 17:37:16.000000000
+0100
+++ new/crun-1.16.1/src/libcrun/custom-handler.c 2024-08-07
11:59:00.000000000 +0200
@@ -299,7 +299,7 @@
struct custom_handler_s *h;
if (manager == NULL)
- return crun_make_error (err, 0, "handler requested but no manager
configured: `%s`", context->handler);
+ return crun_make_error (err, 0, "handler requested but no manager
configured: `%s`", explicit_handler);
h = handler_by_name (manager, explicit_handler);
if (h)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/crun-1.15/src/libcrun/handlers/wasmedge.c
new/crun-1.16.1/src/libcrun/handlers/wasmedge.c
--- old/crun-1.15/src/libcrun/handlers/wasmedge.c 2024-05-02
12:48:57.000000000 +0200
+++ new/crun-1.16.1/src/libcrun/handlers/wasmedge.c 2024-08-07
11:59:00.000000000 +0200
@@ -174,7 +174,7 @@
return wasm_can_handle_container (container, err);
}
-// This works only when the plugin folder is present in /usr/lib/wasmedge
+// This works only when the plugin is present in /usr/lib/wasmedge
static int
libwasmedge_configure_container (void *cookie arg_unused, enum
handler_configure_phase phase,
libcrun_context_t *context arg_unused,
libcrun_container_t *container,
@@ -183,7 +183,18 @@
int ret;
runtime_spec_schema_config_schema *def = container->container_def;
- if (getenv ("WASMEDGE_PLUGIN_PATH") == NULL && getenv
("WASMEDGE_WASINN_PRELOAD") == NULL)
+ char **container_env = def->process->env;
+ bool has_plugin_path = false, has_preload = false;
+
+ for (char **env = container_env; env && *env; env++)
+ {
+ if (strncmp (*env, "WASMEDGE_PLUGIN_PATH=", 21) == 0)
+ has_plugin_path = true;
+ else if (strncmp (*env, "WASMEDGE_WASINN_PRELOAD=", 24) == 0)
+ has_preload = true;
+ }
+
+ if (! has_plugin_path && ! has_preload)
return 0;
if (phase != HANDLER_CONFIGURE_AFTER_MOUNTS)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/crun-1.15/src/libcrun/linux.c new/crun-1.16.1/src/libcrun/linux.c
--- old/crun-1.15/src/libcrun/linux.c 2024-05-02 12:48:57.000000000 +0200
+++ new/crun-1.16.1/src/libcrun/linux.c 2024-08-13 16:40:05.000000000 +0200
@@ -2279,7 +2279,7 @@
const bool is_dir = S_ISDIR (src_mode);
cleanup_close int dfd = -1;
- dfd = safe_openat (rootfsfd, rootfs, rootfs_len, target, O_CLOEXEC |
(is_dir ? O_DIRECTORY : 0), 0, err);
+ dfd = safe_openat (rootfsfd, rootfs, rootfs_len, target, O_RDONLY |
O_PATH | O_CLOEXEC | (is_dir ? O_DIRECTORY : 0), 0, err);
if (UNLIKELY (dfd < 0))
return crun_make_error (err, errno, "open mount target `/%s`",
target);
@@ -2546,37 +2546,46 @@
static int
make_parent_mount_private (const char *rootfs, libcrun_error_t *err)
{
- cleanup_free char *tmp = xstrdup (rootfs);
- char *it;
+ cleanup_close int rootfsfd = -1;
+ proc_fd_path_t proc_path;
+ size_t n_slashes = 1;
+ const char *it;
+
+ for (it = rootfs; *it; it++)
+ if (*it == '/')
+ n_slashes++;
+
+ /* rootfs could be a relative path. */
+ rootfsfd = open (rootfs, O_PATH | O_CLOEXEC);
+ if (UNLIKELY (rootfsfd < 0))
+ return crun_make_error (err, errno, "open `%s`", rootfs);
- for (;;)
+ /* prevent a potential infinite loop. */
+ while (n_slashes-- > 0)
{
int ret;
+ errno = 0;
+ cleanup_close int parentfd = -1;
- ret = mount (NULL, tmp, NULL, MS_PRIVATE, NULL);
+ get_proc_self_fd_path (proc_path, rootfsfd);
+ ret = mount (NULL, proc_path, NULL, MS_PRIVATE, NULL);
if (ret == 0)
return 0;
- if (errno == EINVAL)
+ parentfd = openat (rootfsfd, "..", O_PATH | O_CLOEXEC);
+ if (parentfd < 0)
{
- it = strrchr (tmp, '/');
- if (it == NULL)
- return 0;
- else if (it != tmp)
- {
- *it = '\0';
- continue;
- }
- else
- {
- ret = mount (NULL, "/", NULL, MS_PRIVATE, NULL);
- if (ret == 0)
- return 0;
- }
+ ret = faccessat (rootfsfd, "..", X_OK, AT_EACCESS);
+ if (ret != 0)
+ return crun_make_error (err, EACCES, "make `%s` private: a
component is not accessible", rootfs);
}
- return crun_make_error (err, errno, "make `%s` private", tmp);
+
+ close_and_reset (&rootfsfd);
+ rootfsfd = get_and_reset (&parentfd);
}
- return 0;
+
+ /* should never get this far. */
+ return crun_make_error (err, 0, "make `%s` private", rootfs);
}
int
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/crun-1.15/src/libcrun/utils.c new/crun-1.16.1/src/libcrun/utils.c
--- old/crun-1.15/src/libcrun/utils.c 2024-05-02 12:48:57.000000000 +0200
+++ new/crun-1.16.1/src/libcrun/utils.c 2024-08-13 16:40:05.000000000 +0200
@@ -144,16 +144,7 @@
int
write_file_with_flags (const char *name, int flags, const void *data, size_t
len, libcrun_error_t *err)
{
- cleanup_close int fd = open (name, O_CLOEXEC | O_WRONLY | flags, 0700);
- int ret;
- if (UNLIKELY (fd < 0))
- return crun_make_error (err, errno, "opening file `%s` for writing", name);
-
- ret = TEMP_FAILURE_RETRY (write (fd, data, len));
- if (UNLIKELY (ret < 0))
- return crun_make_error (err, errno, "writing file `%s`", name);
-
- return ret;
+ return write_file_at_with_flags (AT_FDCWD, flags, 0700, name, data, len,
err);
}
int
@@ -1037,7 +1028,7 @@
int
read_all_file_at (int dirfd, const char *path, char **out, size_t *len,
libcrun_error_t *err)
{
- cleanup_close int fd;
+ cleanup_close int fd = -1;
fd = TEMP_FAILURE_RETRY (openat (dirfd, path, O_RDONLY | O_CLOEXEC));
if (UNLIKELY (fd < 0))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/crun-1.15/src/restore.c new/crun-1.16.1/src/restore.c
--- old/crun-1.15/src/restore.c 2023-09-26 16:45:32.000000000 +0200
+++ new/crun-1.16.1/src/restore.c 2024-08-07 11:59:00.000000000 +0200
@@ -64,7 +64,7 @@
{ "detach", 'd', 0, 0, "detach from the container's process", 0 },
{ "pid-file", OPTION_PID_FILE, "FILE", 0, "where to write the PID of
the container", 0 },
{ "console-socket", OPTION_CONSOLE_SOCKET, "SOCKET", 0,
- "path to a socket that will receive the master end of the tty", 0 },
+ "path to a socket that will receive the ptmx end of the tty", 0 },
{ "file-locks", OPTION_FILE_LOCKS, 0, 0, "allow file locks", 0 },
{ "manage-cgroups-mode", OPTION_MANAGE_CGROUPS_MODE, "MODE", 0,
"cgroups mode: 'soft' (default), 'ignore', 'full' and 'strict'", 0 },
{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/crun-1.15/src/run.c new/crun-1.16.1/src/run.c
--- old/crun-1.15/src/run.c 2024-05-02 12:48:57.000000000 +0200
+++ new/crun-1.16.1/src/run.c 2024-08-07 11:59:00.000000000 +0200
@@ -56,7 +56,7 @@
{ "preserve-fds", OPTION_PRESERVE_FDS, "N", 0, "pass additional FDs to
the container", 0 },
{ "pid-file", OPTION_PID_FILE, "FILE", 0, "where to write the PID of
the container", 0 },
{ "keep", OPTION_KEEP, 0, 0, "do not delete the container after it
exits", 0 },
- { "no-subreaper", OPTION_NO_SUBREAPER, 0, 0, "do not create a
subreaper process", 0 },
+ { "no-subreaper", OPTION_NO_SUBREAPER, 0, 0, "do not create a
subreaper process (ignored)", 0 },
{ "no-new-keyring", OPTION_NO_NEW_KEYRING, 0, 0, "keep the same
session key", 0 },
{ "no-pivot", OPTION_NO_PIVOT, 0, 0, "do not use pivot_root", 0 },
{
@@ -133,8 +133,6 @@
crun_context.preserve_fds = 0;
crun_context.listen_fds = 0;
- /* Check if global handler is configured and pass it down to crun context */
- crun_context.handler = global_args->handler;
argp_parse (&run_argp, argc, argv, ARGP_IN_ORDER, &first_arg, &crun_context);
crun_assert_n_args (argc - first_arg, 1, 1);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/crun-1.15/tests/init.c new/crun-1.16.1/tests/init.c
--- old/crun-1.15/tests/init.c 2024-01-15 16:54:30.000000000 +0100
+++ new/crun-1.16.1/tests/init.c 2024-08-07 11:59:00.000000000 +0200
@@ -455,6 +455,51 @@
return 0;
}
+ if (strcmp (argv[1], "type") == 0)
+ {
+ struct stat st;
+
+ if (argc < 3)
+ error (EXIT_FAILURE, 0, "'type' requires two arguments");
+ if (stat (argv[2], &st) < 0)
+ error (EXIT_FAILURE, errno, "stat %s", argv[2]);
+
+ switch (st.st_mode & S_IFMT)
+ {
+ case S_IFBLK:
+ printf ("block device\n");
+ break;
+ case S_IFCHR:
+ printf ("character device\n");
+ break;
+
+ case S_IFDIR:
+ printf ("directory\n");
+ break;
+
+ case S_IFIFO:
+ printf ("FIFO/pipe\n");
+ break;
+
+ case S_IFLNK:
+ printf ("symlink\n");
+ break;
+
+ case S_IFREG:
+ printf ("regular file\n");
+ break;
+
+ case S_IFSOCK:
+ printf ("socket\n");
+ break;
+
+ default:
+ printf ("unknown?\n");
+ break;
+ }
+ return 0;
+ }
+
if (strcmp (argv[1], "owner") == 0)
{
struct stat st;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/crun-1.15/tests/test_mounts.py new/crun-1.16.1/tests/test_mounts.py
--- old/crun-1.15/tests/test_mounts.py 2024-02-29 16:27:13.000000000 +0100
+++ new/crun-1.16.1/tests/test_mounts.py 2024-08-07 11:59:00.000000000
+0200
@@ -17,6 +17,7 @@
import sys
import copy
+import socket
from tests_utils import *
import tempfile
@@ -63,6 +64,41 @@
return 0
return -1
+def test_mount_fifo():
+ conf = base_config()
+ conf['process']['args'] = ['/init', 'type', '/fifo']
+ add_all_namespaces(conf)
+
+ source_file = os.path.join(get_tests_root(), "a-fifo")
+
+ os.mkfifo(source_file)
+
+ for options in ([], ["ro"], ["rro"]):
+ mount_opt = {"destination": "/fifo", "type": "bind", "source":
source_file, "options": options + ["bind"]}
+ conf['mounts'].append(mount_opt)
+ out, _ = run_and_get_output(conf, hide_stderr=True)
+ if "FIFO" not in out:
+ return 1
+ return 0
+
+def test_mount_unix_socket():
+ conf = base_config()
+ conf['process']['args'] = ['/init', 'type', '/unix-socket']
+ add_all_namespaces(conf)
+
+ source_file = os.path.join(get_tests_root(), "unix-socket")
+
+ server = socket.socket(socket.AF_UNIX, socket.SOCK_DGRAM)
+ server.bind(source_file)
+
+ for options in ([], ["ro"], ["rro"]):
+ mount_opt = {"destination": "/unix-socket", "type": "bind", "source":
source_file, "options": options + ["bind"]}
+ conf['mounts'].append(mount_opt)
+ out, _ = run_and_get_output(conf, hide_stderr=True)
+ if "socket" not in out:
+ return 1
+ return 0
+
def test_mount_tmpfs_permissions():
def prepare_rootfs(rootfs):
path = os.path.join(rootfs, "tmp")
@@ -575,6 +611,8 @@
"mount-sync" : test_mount_sync,
"mount-dirsync" : test_mount_dirsync,
"mount-symlink" : test_mount_symlink,
+ "mount-fifo" : test_mount_fifo,
+ "mount-unix-socket" : test_mount_unix_socket,
"mount-symlink-not-existing" : test_mount_symlink_not_existing,
"mount-dev" : test_mount_dev,
"mount-nodev" : test_mount_nodev,
