From 434b63483ffbbac04eb13484a3bb6bdbc29d43c3 Mon Sep 17 00:00:00 2001 From: Flatcar Buildbot Date: Mon, 2 Feb 2026 07:24:54 +0000 Subject: [PATCH] app-containers/runc: Sync with Gentoo It's from Gentoo commit 98bed121b8fc4f3becbb4b08397b9abce40d5bf4. Signed-off-by: Flatcar Buildbot --- .../app-containers/runc/Manifest | 1 + .../app-containers/runc/runc-1.3.3.ebuild | 87 +++++++++- .../app-containers/runc/runc-1.4.0-r1.ebuild | 154 ++++++++++++++++++ 3 files changed, 239 insertions(+), 3 deletions(-) create mode 100644 sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.4.0-r1.ebuild diff --git a/sdk_container/src/third_party/portage-stable/app-containers/runc/Manifest b/sdk_container/src/third_party/portage-stable/app-containers/runc/Manifest index 56040f2961..2d9f00e5cd 100644 --- a/sdk_container/src/third_party/portage-stable/app-containers/runc/Manifest +++ b/sdk_container/src/third_party/portage-stable/app-containers/runc/Manifest @@ -5,3 +5,4 @@ DIST runc-1.2.8.tar.gz 2834651 BLAKE2B 5f76e40ee8bda4668758dce318625af1dbb13c0d3 DIST runc-1.3.0.tar.gz 2858199 BLAKE2B c9402a074b816b9452763267a7ffdc69af6c0cd4cf54fbdfdc91ccbd8bbc5daa783259176775e90f6266fa6a02bf0bad7fbb8eb879b5764309f7f9cd2f246086 SHA512 63422501f6189d0d47f6b2f59565de572bc68b138a65c7dbcc8b5ad42dbc37245ee66e2683ab61971a84c076a15f54f484c37fde4a30815ee19edc9a0d97e9f4 DIST runc-1.3.1.tar.gz 2860795 BLAKE2B 5711881488dc3d52182377dc09690436aff142552d35728b10c221874a1dafc3b1fe78972891ebfc53e232465aec97eacc78318a453b030c052ca2218c61438d SHA512 0a3007d046fe9711541e29ca07fd72515f19b220c8c79b9df9164f7b88a6b9077ba7a11607593b641823b9e99c0f2e96500a57e2a16e11501bbb7c4690870183 DIST runc-1.3.3.tar.gz 2929410 BLAKE2B 1feddc154836eff606a685a0c0d606c1bbcd5a1a1ec8a288233581a88e0b3b6a95f446125688a8dca5efd5a275bf22931553cb9ab894f6aa0826d5a1274b6f91 SHA512 9ce0af1b79163c44913979c0483322247b154109871a113726163f64c6354141e7cefb5fb6e1225eaa4bb48a1e33ba9a6049cb45cb2af8793134647dad18c8dc +DIST runc-1.4.0.tar.gz 2958986 BLAKE2B 9a363986a05c2c19646373373b94944642bf9f74a2a9f10d201baff7d76d54e39e273d6ceb9f94449926246ec22c2b863812ca1e4e8910cb166294b7ea7c4068 SHA512 a5b52d8494a4210d9ff4caefd0513b94b80ef9dd16c6eb369761cde2fce30214f765eee01c3cbb2e0cfd933371362fd89b08656b434d76038ffe1f8a59dea215 diff --git a/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.3.3.ebuild b/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.3.3.ebuild index 19f660567b..626b23f604 100644 --- a/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.3.3.ebuild +++ b/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.3.3.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2025 Gentoo Authors +# Copyright 1999-2026 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -9,8 +9,6 @@ inherit go-module linux-info # https://github.com/opencontainers/runc RUNC_COMMIT=d842d7719497cc3b774fd71620278ac9e17710e0 -CONFIG_CHECK="~USER_NS" - DESCRIPTION="runc container cli tools" HOMEPAGE="https://github.com/opencontainers/runc/" MY_PV="${PV/_/-}" @@ -38,6 +36,89 @@ BDEPEND=" # majority of tests pass RESTRICT+=" test" +# Please refer: +# https://github.com/opencontainers/runc/blob/main/script/check-config.sh +pkg_setup() { + CONFIG_CHECK=" + ~NAMESPACES + ~NET_NS + ~PID_NS + ~IPC_NS + ~UTS_NS + ~CGROUPS + ~CGROUP_CPUACCT + ~CGROUP_DEVICE + ~CGROUP_FREEZER + ~CGROUP_SCHED + ~CPUSETS + ~MEMCG + ~KEYS + ~VETH + ~BRIDGE + ~BRIDGE_NETFILTER + ~IP_NF_FILTER + ~IP_NF_TARGET_MASQUERADE + ~NETFILTER_XT_MATCH_ADDRTYPE + ~NETFILTER_XT_MATCH_COMMENT + ~NETFILTER_XT_MATCH_CONNTRACK + ~NETFILTER_XT_MATCH_IPVS + ~IP_NF_NAT + ~NF_NAT + ~POSIX_MQUEUE + ~OVERLAY_FS + " + + CONFIG_CHECK+=" + ~USER_NS + " + + use seccomp && CONFIG_CHECK+=" + ~SECCOMP + ~SECCOMP_FILTER + " + WARNING_SECCOMP="CONFIG_SECCOMP is required as optional feature" + + CONFIG_CHECK+=" + ~CGROUP_PIDS + " + WARNING_CGROUP_PIDS="CONFIG_CGROUP_PIDS is required as optional feature" + + if kernel_is lt 6 1; then + CONFIG_CHECK+=" + ~MEMCG_SWAP + " + fi + + CONFIG_CHECK+=" + ~BLK_CGROUP + ~BLK_DEV_THROTTLING + ~CGROUP_PERF + ~CGROUP_HUGETLB + ~NET_CLS_CGROUP + ~CFS_BANDWIDTH + ~FAIR_GROUP_SCHED + ~RT_GROUP_SCHED + ~IP_NF_TARGET_REDIRECT + ~IP_VS + ~IP_VS_NFCT + ~IP_VS_PROTO_TCP + ~IP_VS_PROTO_UDP + ~IP_VS_RR + ~CHECKPOINT_RESTORE + ~CGROUP_NET_PRIO + " + + use selinux && CONFIG_CHECK+=" + ~SECURITY_SELINUX" + + use apparmor && CONFIG_CHECK+=" + ~SECURITY_APPARMOR" + + if [[ -n ${CONFIG_CHECK} ]]; then + linux-info_pkg_setup + fi +} + src_compile() { # build up optional flags local options=( diff --git a/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.4.0-r1.ebuild b/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.4.0-r1.ebuild new file mode 100644 index 0000000000..bbb7bfd89b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.4.0-r1.ebuild @@ -0,0 +1,154 @@ +# Copyright 1999-2026 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit go-module linux-info + +# update on bump, look for commit ID on release tag. +# https://github.com/opencontainers/runc +RUNC_COMMIT=8bd78a9977e604c4d5f67a7415d7b8b8c109cdc4 + +CONFIG_CHECK="~USER_NS" + +DESCRIPTION="runc container cli tools" +HOMEPAGE="https://github.com/opencontainers/runc/" +MY_PV="${PV/_/-}" +SRC_URI="https://github.com/opencontainers/${PN}/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz" +S="${WORKDIR}/${PN}-${MY_PV}" + +LICENSE="Apache-2.0 BSD-2 BSD MIT" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86" +IUSE="apparmor hardened +kmem +seccomp selinux test" + +COMMON_DEPEND=" + apparmor? ( sys-libs/libapparmor ) + seccomp? ( sys-libs/libseccomp )" +DEPEND="${COMMON_DEPEND}" +RDEPEND="${COMMON_DEPEND} + !app-emulation/docker-runc + selinux? ( sec-policy/selinux-container )" +BDEPEND=" + dev-go/go-md2man + test? ( "${RDEPEND}" )" + +# tests need busybox binary, and portage namespace +# sandboxing disabled: mount-sandbox pid-sandbox ipc-sandbox +# majority of tests pass +RESTRICT+=" test" + +# Please refer: +# https://github.com/opencontainers/runc/blob/main/script/check-config.sh +pkg_setup() { + CONFIG_CHECK=" + ~NAMESPACES + ~NET_NS + ~PID_NS + ~IPC_NS + ~UTS_NS + ~CGROUPS + ~CGROUP_CPUACCT + ~CGROUP_DEVICE + ~CGROUP_FREEZER + ~CGROUP_SCHED + ~CPUSETS + ~MEMCG + ~KEYS + ~VETH + ~BRIDGE + ~BRIDGE_NETFILTER + ~IP_NF_FILTER + ~IP_NF_TARGET_MASQUERADE + ~NETFILTER_XT_MATCH_ADDRTYPE + ~NETFILTER_XT_MATCH_COMMENT + ~NETFILTER_XT_MATCH_CONNTRACK + ~NETFILTER_XT_MATCH_IPVS + ~IP_NF_NAT + ~NF_NAT + ~POSIX_MQUEUE + ~OVERLAY_FS + " + + CONFIG_CHECK+=" + ~USER_NS + " + + use seccomp && CONFIG_CHECK+=" + ~SECCOMP + ~SECCOMP_FILTER + " + WARNING_SECCOMP="CONFIG_SECCOMP is required as optional feature" + + CONFIG_CHECK+=" + ~CGROUP_PIDS + " + WARNING_CGROUP_PIDS="CONFIG_CGROUP_PIDS is required as optional feature" + + if kernel_is lt 6 1; then + CONFIG_CHECK+=" + ~MEMCG_SWAP + " + fi + + CONFIG_CHECK+=" + ~BLK_CGROUP + ~BLK_DEV_THROTTLING + ~CGROUP_PERF + ~CGROUP_HUGETLB + ~NET_CLS_CGROUP + ~CFS_BANDWIDTH + ~FAIR_GROUP_SCHED + ~RT_GROUP_SCHED + ~IP_NF_TARGET_REDIRECT + ~IP_VS + ~IP_VS_NFCT + ~IP_VS_PROTO_TCP + ~IP_VS_PROTO_UDP + ~IP_VS_RR + ~CHECKPOINT_RESTORE + ~CGROUP_NET_PRIO + " + + use selinux && CONFIG_CHECK+=" + ~SECURITY_SELINUX" + + use apparmor && CONFIG_CHECK+=" + ~SECURITY_APPARMOR" + + if [[ -n ${CONFIG_CHECK} ]]; then + linux-info_pkg_setup + fi +} + +src_compile() { + # build up optional flags + local options=( + $(usev apparmor) + $(usev seccomp) + $(usex kmem '' 'nokmem') + ) + + myemakeargs=( + BUILDTAGS="${options[*]}" + COMMIT="${RUNC_COMMIT}" + ) + + emake "${myemakeargs[@]}" runc man +} + +src_install() { + myemakeargs+=( + PREFIX="${ED}/usr" + BINDIR="${ED}/usr/bin" + MANDIR="${ED}/usr/share/man" + ) + emake "${myemakeargs[@]}" install install-man install-bash + + local DOCS=( README.md PRINCIPLES.md docs/. ) + einstalldocs +} + +src_test() { + emake "${myemakeargs[@]}" localunittest +}