Bug 1804288 - Review Request: golang-gvisor - A container sandbox runtime focused on security, efficiency, and ease of use.
Summary: Review Request: golang-gvisor - A container sandbox runtime focused on securi...
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Robert-André Mauchin 🐧
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On: 1804289 1804292
Blocks: 1804353
TreeView+ depends on / blocked
 
Reported: 2020-02-18 15:55 UTC by Marc-Andre Lureau
Modified: 2021-01-29 02:29 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2020-08-06 15:30:16 UTC
Type: ---
Embargoed:
eclipseo: fedora-review+


Attachments (Terms of Use)

Description Marc-Andre Lureau 2020-02-18 15:55:59 UTC
Spec URL: https://elmarco.fedorapeople.org/golang-gvisor-dev-gvisor.spec
SRPM URL: https://elmarco.fedorapeople.org/golang-gvisor-20200211.0-1.20200218git384ed132b902ead9aae62430382d38ae9afdb95d.fc31.src.rpm
Description:
gVisor is an open-source, OCI-compatible sandbox runtime that provides
a virtualized container environment. It runs containers with a new
user-space kernel, delivering a low overhead container security
solution for high-density applications.

gVisor integrates with Docker, containerd and Kubernetes, making it
easier to improve the security isolation of your containers while
still using familiar tooling. Additionally, gVisor supports a variety
of underlying mechanisms for intercepting application calls, allowing
it to run in diverse host environments, including cloud-hosted virtual
machines.
Fedora Account System Username: elmarco

Comment 1 Marc-Andre Lureau 2020-02-18 16:19:46 UTC
fwiw, I wonder if the package/spec should be named "golang-gvisor" instead (that's the name&prefix of the resulting rpm).

Comment 2 Robert-André Mauchin 🐧 2020-02-19 02:26:33 UTC
 - Should be commit not tag:

# taken from the "go" branch (as bazel is not available in fedora)
%global commit          384ed132b902ead9aae62430382d38ae9afdb95d


 - Name should be golang-gvisor.spec

 - Please keep the forge URL above the goipath for ref (I use it for updates)


 - Ping me for a review later



# Generated by go2rpm 1
%bcond_without check

# https://github.com/google/gvisor
%global goipath         gvisor.dev/gvisor
%global forgeurl        https://github.com/google/gvisor
Version:                20200211.0
%global commit          384ed132b902ead9aae62430382d38ae9afdb95d

%gometa

%global common_description %{expand:
gVisor is an open-source, OCI-compatible sandbox runtime that provides
a virtualized container environment. It runs containers with a new
user-space kernel, delivering a low overhead container security
solution for high-density applications.

gVisor integrates with Docker, containerd and Kubernetes, making it
easier to improve the security isolation of your containers while
still using familiar tooling. Additionally, gVisor supports a variety
of underlying mechanisms for intercepting application calls, allowing
it to run in diverse host environments, including cloud-hosted virtual
machines.}

%global golicenses      LICENSE
%global godocs          AUTHORS README.md

Name:           %{goname}
Release:        1%{?dist}
Summary:        Container Runtime Sandbox

# Upstream license specification: Apache-2.0
License:        ASL 2.0
URL:            %{gourl}
Source0:        %{gosource}

BuildRequires:  golang(github.com/cenkalti/backoff)
BuildRequires:  golang(github.com/gofrs/flock)
BuildRequires:  golang(github.com/golang/protobuf/proto)
BuildRequires:  golang(github.com/golang/protobuf/ptypes)
BuildRequires:  golang(github.com/google/btree)
BuildRequires:  golang(github.com/google/subcommands)
BuildRequires:  golang(github.com/kr/pty)
BuildRequires:  golang(github.com/opencontainers/runtime-spec/specs-go)
BuildRequires:  golang(github.com/syndtr/gocapability/capability)
BuildRequires:  golang(github.com/vishvananda/netlink)
BuildRequires:  golang(golang.org/x/sys/unix)
BuildRequires:  golang(golang.org/x/time/rate)

%description
%{common_description}

%gopkg

%prep
%goprep

%build
for cmd in runsc; do
  %gobuild -o %{gobuilddir}/bin/$(basename $cmd) %{goipath}/$cmd
done

%install
%gopkginstall
install -m 0755 -vd                     %{buildroot}%{_bindir}
install -m 0755 -vp %{gobuilddir}/bin/* %{buildroot}%{_bindir}/

%if %{with check}
%check
%gocheck
%endif

%files
%license LICENSE
%doc AUTHORS README.md
%{_bindir}/*

%gopkgfiles

%changelog

Comment 4 Marc-Andre Lureau 2020-02-27 17:30:13 UTC
ping zebob.m ?

Comment 5 Robert-André Mauchin 🐧 2020-03-02 17:20:30 UTC
 - Remove dot at the end of summary

golang-gvisor-devel.noarch: W: summary-ended-with-dot C A container sandbox runtime focused on security, efficiency, and ease of use.

 - Fix changelog entry

golang-gvisor.x86_64: W: incoherent-version-in-changelog 20200211.0-1 ['20200211.0-1.20200220git384ed13.fc33', '20200211.0-1.20200220git384ed13']

* Tue Feb 18 11:13:58 CET 2020 Marc-André Lureau <marcandre.lureau> - 20200211.0-1.20200220git384ed13

(date should be the date you upload to dist-git)

 - License ok
 - Latest version packaged
 - Builds in mock
 - Tests are ok
 - Conforms to Packaging Guidelines

Package approved.

Comment 6 Gwyn Ciesla 2020-03-03 14:48:32 UTC
(fedscm-admin):  The Pagure repository was created at https://src.fedoraproject.org/rpms/golang-gvisor

Comment 7 Marc-Andre Lureau 2020-03-03 15:33:55 UTC
Argh, it builds only on x86_64...
https://koji.fedoraproject.org/koji/taskinfo?taskID=42147689

Is it ok to make it x86-64 only for now?
thanks

Comment 8 Robert-André Mauchin 🐧 2020-03-03 17:18:27 UTC
(In reply to Marc-Andre Lureau from comment #7)
> Argh, it builds only on x86_64...
> https://koji.fedoraproject.org/koji/taskinfo?taskID=42147689
> 
> Is it ok to make it x86-64 only for now?
> thanks

Yeah but report each issues to upstream (int overflows for 32 bits arch and other issues for others).
Search "# g" to find errors in the logs.

Comment 9 Marc-Andre Lureau 2020-03-03 18:18:53 UTC
(In reply to Robert-André Mauchin from comment #8)
> (In reply to Marc-Andre Lureau from comment #7)
> > Argh, it builds only on x86_64...
> > https://koji.fedoraproject.org/koji/taskinfo?taskID=42147689
> > 
> > Is it ok to make it x86-64 only for now?
> > thanks
> 
> Yeah but report each issues to upstream (int overflows for 32 bits arch and
> other issues for others).

Actually there are many errors.

Digging in the code, I think it is supposed to be amd64 & arm64 only at this point, with arm being less maintained apparently...

Annoying because I am mostly interested in netstack at this point (under pkg/tcpip) for bug 1804353. And that part is probably easier to fix for various archs.


Note You need to log in before you can comment on or make changes to this bug.