From 17468aba1f4bbc46a354a3cb7fe81ab09338ad1f Mon Sep 17 00:00:00 2001
From: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Date: Fri, 7 Nov 2025 09:48:02 +0100
Subject: [PATCH] app-containers/runc: sync with gentoo

from commit: https://github.com/gentoo/gentoo/commit/b4c450b220406a895ed093b19b92241746408a66

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
---
 .../app-containers/runc/Manifest              |  1 +
 .../app-containers/runc/runc-1.3.3.ebuild     | 71 +++++++++++++++++++
 2 files changed, 72 insertions(+)
 create mode 100644 sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.3.3.ebuild

diff --git a/sdk_container/src/third_party/portage-stable/app-containers/runc/Manifest b/sdk_container/src/third_party/portage-stable/app-containers/runc/Manifest
index 2c7cd812dc..33e2d1978a 100644
--- a/sdk_container/src/third_party/portage-stable/app-containers/runc/Manifest
+++ b/sdk_container/src/third_party/portage-stable/app-containers/runc/Manifest
@@ -5,3 +5,4 @@ DIST runc-1.2.0.tar.gz 2776027 BLAKE2B 743ea8641c0fabda5e32c1d3e044627241337bcdf
 DIST runc-1.2.1.tar.gz 2742512 BLAKE2B 06beda96edb4fa0796371d28f646b01760cd9b663104045407ae27f3ddd51e0318eddba8fc3dbe107629831a5f4051af0f50406418213485b7ee90cdf9a86085 SHA512 098ba9810d6a6704b11f97360cf403d0e5cccdf635a9b5c594b70e26c2c1554c328506265754f500e2faec1f08655839837036010c6a25265047a47c31f4defd
 DIST runc-1.2.2.tar.gz 2743483 BLAKE2B d1e59aff284dcacdc50a17c4efab09b4bdda5d93ce13822542ea73ec696d3642d4dcc715d2adad308622100b04ef62365d3848be6418db5a325ac574b66e314c SHA512 87066ff0fe7ff6dc0eefd61ba2b194fa96433a091a34e9035350123b7da7dccf7fcec6f52b377c72be853820b4a57154b42bcd58c872263f8b7a16bfc480e5d7
 DIST runc-1.2.3.tar.gz 2757883 BLAKE2B adc3b23ddc487d674a406de8e9e17c2d41d2335e4e18ed2a8a1f5add0909ec235a01fc9483e91e74fb2869950c572d0a22882034b8b5f80c4719d20790e3b38c SHA512 e422e469dbcd60fbc3bf9ca348ba04f8b27b2a43bca8f3ee4c9407539f5dec71373d53d192b47d42eaefa1d7ca2ac9e64839cbe4b82bf930b5a496f3028e5212
+DIST runc-1.3.3.tar.gz 2929410 BLAKE2B 1feddc154836eff606a685a0c0d606c1bbcd5a1a1ec8a288233581a88e0b3b6a95f446125688a8dca5efd5a275bf22931553cb9ab894f6aa0826d5a1274b6f91 SHA512 9ce0af1b79163c44913979c0483322247b154109871a113726163f64c6354141e7cefb5fb6e1225eaa4bb48a1e33ba9a6049cb45cb2af8793134647dad18c8dc
diff --git a/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.3.3.ebuild b/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.3.3.ebuild
new file mode 100644
index 0000000000..766ebb230c
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.3.3.ebuild
@@ -0,0 +1,71 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit go-module linux-info
+
+# update on bump, look for commit ID on release tag.
+# https://github.com/opencontainers/runc
+RUNC_COMMIT=d842d7719497cc3b774fd71620278ac9e17710e0
+
+CONFIG_CHECK="~USER_NS"
+
+DESCRIPTION="runc container cli tools"
+HOMEPAGE="https://github.com/opencontainers/runc/"
+MY_PV="${PV/_/-}"
+SRC_URI="https://github.com/opencontainers/${PN}/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz"
+S="${WORKDIR}/${PN}-${MY_PV}"
+
+LICENSE="Apache-2.0 BSD-2 BSD MIT"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86"
+IUSE="apparmor hardened +kmem +seccomp selinux test"
+
+COMMON_DEPEND="
+	apparmor? ( sys-libs/libapparmor )
+	seccomp? ( sys-libs/libseccomp )"
+DEPEND="${COMMON_DEPEND}"
+RDEPEND="${COMMON_DEPEND}
+	!app-emulation/docker-runc
+	selinux? ( sec-policy/selinux-container )"
+BDEPEND="
+	dev-go/go-md2man
+	test? ( "${RDEPEND}" )"
+
+# tests need busybox binary, and portage namespace
+# sandboxing disabled: mount-sandbox pid-sandbox ipc-sandbox
+# majority of tests pass
+RESTRICT+=" test"
+
+src_compile() {
+	# build up optional flags
+	local options=(
+		$(usev apparmor)
+		$(usev seccomp)
+		$(usex kmem '' 'nokmem')
+	)
+
+	myemakeargs=(
+		BUILDTAGS="${options[*]}"
+		COMMIT="${RUNC_COMMIT}"
+	)
+
+	emake "${myemakeargs[@]}" runc man
+}
+
+src_install() {
+	myemakeargs+=(
+		PREFIX="${ED}/usr"
+		BINDIR="${ED}/usr/bin"
+		MANDIR="${ED}/usr/share/man"
+	)
+	emake "${myemakeargs[@]}" install install-man install-bash
+
+	local DOCS=( README.md PRINCIPLES.md docs/. )
+	einstalldocs
+}
+
+src_test() {
+	emake "${myemakeargs[@]}" localunittest
+}