This reverts commit 4d5fd84496 (package/crun: add libgcrypt optional
dependency, 2022-12-30).
Since bump to 1.15, libgcrypt is not an optional dependency anymore as
it has been droped in 1.14 with
8d96f0884b
Signed-off-by: TIAN Yuanhao <tianyuanhao3@163.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Now that we document _CPE_ID_VALID, and that it shall be used instead of
setting a default value to one of the other _CPE_ID_* variables, change
all of the existing packages to use it, to avoid any error when we later
extend check-package to validate the sanity ofthe _CPE_ID_* variables.
Mechanical change done within the reference container, running the new
check in check-package, to report the CPE_ID errors:
$ make check-package 2>/dev/null \
|awk '{
split($(1), a, ":"); fname = a[1]
split($(2), a, "'\''"); val = a[2]
new_var = $(8); gsub("_CPE_ID_.*", "_CPE_ID_VALID", new_var)
printf("%s %s %s %s\n", fname, $(8), val, new_var)
}' \
|while read fname var val new_var; do
sed -r -i -e "s/${var}[[:space:]]*=[[:space:]]*${val}/${new_var} = YES/" "${fname}"
done
$ git diff -I'CPE_ID_(VENDOR|VALID)'
[empty]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Changes:
https://github.com/containers/crun/releases/tag/1.12
Also add a patch to fix crun compile without libseccomp libcap issue
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix the following build failure with uclibc but without MMU raised since
commit 223596c75d:
/home/autobuild/autobuild/instance-6/output-1/host/riscv64-buildroot-linux-uclibc/bin/ld.real: ./.libs/libcrun.a(libcrun_la-container.o): in function `.L0 ':
container.c:(.text+0x4e7c): undefined reference to `fork'
Fixes:
- http://autobuild.buildroot.org/results/f19482753e9262ec806cf550619170467a144daf
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
uClibc now provides fexecve(), so crun can build just fine with
uClibc. However, argp-standalone is needed, just like it was needed
for musl.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Christian Stewart <christian@aperture.us>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Changes:
https://github.com/containers/crun/releases/tag/1.8.4
Also emoved 0001-src-crun.c-fix-build-without-dlfcn.h.patch, this
commit has already existed in the latest version release.
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
crun unconditionally uses atomic_bool when libgcrypt is found since
version 1.7.1 and
40f66c0a74
resulting in the following build failure with gcc 4.8 since commit
6987b92da5:
src/libcrun/seccomp.c: In function 'calculate_seccomp_checksum':
src/libcrun/seccomp.c:374:3: error: unknown type name 'atomic_bool'
static atomic_bool initialized = false;
^
Fixes:
- http://autobuild.buildroot.org/results/924806ffd6d83cd6d8226577c3877b0b8ca2722d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
crun is a drop-in replacement for runc, so we can use the former to
impersonate the latter when it is not enabled.
To do so, we create a runc symlink pointing to crun, when runc is not
enabled.
See: https://github.com/containerd/containerd/discussions/6162
Signed-off-by: TIAN Yuanhao <tianyuanhao3@163.com>
Reviewed-by: Christian Stewart <christian@paral.in>
[yann.morin.1998@free.fr: split into its own patch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
libgcrypt is an optional dependency which is enabled by default since
version 1.7 and
dd310aaf5a
Unfortunately, thetre are no associated --enable/disable flags; it all
depends on auto-detection.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Christian Stewart <christian@paral.in>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
crun unconditionally uses fexecve since its addition in commit
530d6f661e and
ce4dfbb97a:
resulting in the following uclibc build failure:
/tmp/instance-11/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arceb-snps-linux-uclibc/9.2.1/../../../../arceb-snps-linux-uclibc/bin/ld: src/libcrun/crun-cloned_binary.o: in function `ensure_cloned_binary':
cloned_binary.c:(.text+0x1006): undefined reference to `fexecve'
In 6e3f7fbc07 (package/runc: add upstream security fix for
CVE-2019-5736), we made runc unavailable for uclibc toolchains, and crun
uses fexecve for that same reason, to fix CVE-2019-5736.
So, also make crun unavailable for uclibc toolchains.
Fixes:
- http://autobuild.buildroot.org/results/e1f4ef2b392c0e7161390ba0f97d6eef3bd12e9c
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following static build failure raised since bump to version
1.7.2 in commit 6987b92da5 and
5837234e98:
src/crun.c:26:10: fatal error: dlfcn.h: No such file or directory
26 | #include <dlfcn.h>
| ^~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/a5f52a7ee757c92c9571261c0ed884d05caeaf2f
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: make it an actual backport now]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix the following musl and uclibc-ng build failures raised since the
addition of the package in commit
530d6f661e:
configure: error: *** argp functions not found - install libargp or argp_standalone
Fixes:
- http://autobuild.buildroot.org/results/55b283fa46a797253193fb752638ba88597a416b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
crun is a fast and low-memory OCI Container Runtime in C.
https://github.com/containers/crun
Signed-off-by: Christian Stewart <christian@paral.in>
Tested-by: TIAN Yuanhao <tianyuanhao3@163.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
