FS#72161 - [crun] include Python bindings to libcrun

Attached to Project: Community Packages
Opened by Patrick Reader (pxeger) - Friday, 17 September 2021, 16:07 GMT
Last edited by Morten Linderud (Foxboron) - Sunday, 13 March 2022, 23:27 GMT
Task Type Feature Request
Category Packages
Status Closed
Assigned To freswa (frederik)
Morten Linderud (Foxboron)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Description:

The crun package does not currently include crun's Python bindings (https://github.com/containers/crun/blob/main/python/crun_python.c). IIUC, it would be possible to do this by adding python as an optional dependency, but I'm not too familiar with Arch packaging, so maybe that can't happen.

It's probably undesirable to add Python as a hard dependency to the main crun package, so perhaps a second crun-python package should be created - using the same PKGBUILD as crun but with --with-python-bindings passed to configure - and that "provides: crun".
This task depends upon

Closed by  Morten Linderud (Foxboron)
Sunday, 13 March 2022, 23:27 GMT
Reason for closing:  Fixed
Comment by Morten Linderud (Foxboron) - Sunday, 19 September 2021, 09:41 GMT
We are just providing bindings. It carries no runtime dependency on python and we are fetching python as a build-time dependency anyway.

Fixed and pushed.
Comment by Patrick Reader (pxeger) - Tuesday, 02 November 2021, 10:14 GMT
  • Field changed: Percent Complete (100% → 0%)
This doesn't seem to have worked, because crun only builds static libraries, and Python can only import dynamic / shared libraries. I think the additional `--enable-shared` configure flag is required, unless you relink the library after building it.
Comment by Morten Linderud (Foxboron) - Sunday, 19 December 2021, 19:02 GMT
I added `--enable-shared` but I'm not really sure if the module is behaving correctly. It seems like importing python_crun re-execs the shell, and then I need to import again for it to work. It's strange. I'll try look at what other downstreams do for crun.
Comment by Patrick Reader (pxeger) - Monday, 20 December 2021, 04:31 GMT
This is an upstream issue; crun always requires a reexec as a mitigation for CVE-2019-5736 - see https://github.com/containers/crun/issues/695. It's not actually a big problem in practice; it works just fine outside the Python shell (try `python -c 'import python_crun; print(python_crun)'`).
Comment by Morten Linderud (Foxboron) - Monday, 20 December 2021, 07:17 GMT
Thanks! I'll push an updated package today then :)

Loading...