mirror of
https://github.com/flatcar/scripts.git
synced 2025-08-22 06:51:26 +02:00
app-emulation/docker-runc: Add an ebuild for Docker 17.03
This ebuild is a mix of the upstream ebuild and the existing one.
This commit is contained in:
parent
23db752fa9
commit
e5881026f6
@ -1 +1,2 @@
|
|||||||
|
DIST docker-runc-1.0.0_rc2_p136.tar.gz 561705 SHA256 2954cb6b468b3806a08c45656acc2019035bc9994c2a9b4249cfde4d9b3a7c93 SHA512 6052b95042082c3345caf25d3646f47b82c151ff3aca2ca4510dbf72ee80056d8c4077f2a1b48a9f4178c41185835ff51461e52ad47969534ea6febf7cac74f1 WHIRLPOOL ede821987006a54e7a87f88d9a5104d4a4ecc05a614e111fefa669f5ae436c11004debfe919bec0808194f2d96442775718a0208a1a374a9dd56a896f7dd8640
|
||||||
DIST docker-runc-1.0.0_rc4_p25.tar.gz 1094599 SHA256 d5820f1c655061be79441bd57efea4e5b60b25b6a451214b64172395b9fda383 SHA512 0cb0748812296294a87dda257dbf0947897a1ada2aa861ff3e65309a6bbecebbe798929845fca6f23b66fd0dc019bca0a032737c7192fe20618d8e1849866f3d WHIRLPOOL ed34894a3878c0cae50888c936eba1dad8d58da8d7042d5e421f06e4e98c1d7701a5c877baaba14a46d588b2ee3354e19d72bb141d5d8e7f6c0bed2d3a6b71b6
|
DIST docker-runc-1.0.0_rc4_p25.tar.gz 1094599 SHA256 d5820f1c655061be79441bd57efea4e5b60b25b6a451214b64172395b9fda383 SHA512 0cb0748812296294a87dda257dbf0947897a1ada2aa861ff3e65309a6bbecebbe798929845fca6f23b66fd0dc019bca0a032737c7192fe20618d8e1849866f3d WHIRLPOOL ed34894a3878c0cae50888c936eba1dad8d58da8d7042d5e421f06e4e98c1d7701a5c877baaba14a46d588b2ee3354e19d72bb141d5d8e7f6c0bed2d3a6b71b6
|
||||||
|
@ -0,0 +1,71 @@
|
|||||||
|
# Copyright 1999-2017 Gentoo Foundation
|
||||||
|
# Distributed under the terms of the GNU General Public License v2
|
||||||
|
|
||||||
|
EAPI=6
|
||||||
|
|
||||||
|
GITHUB_URI="github.com/docker/runc"
|
||||||
|
COREOS_GO_PACKAGE="${GITHUB_URI}"
|
||||||
|
COREOS_GO_VERSION="go1.7"
|
||||||
|
# the commit of runc that docker uses.
|
||||||
|
# see https://github.com/moby/moby/blob/v17.03.2-ce/hack/dockerfile/binaries-commits#L6
|
||||||
|
# Note: this commit is only really present in the `docker/runc` repository.
|
||||||
|
# Update the patch number when this commit is changed (i.e. the _p in the ebuild).
|
||||||
|
# The patch version is arbitrarily the number of commits since the tag version
|
||||||
|
# spcified in the ebuild name. For example:
|
||||||
|
# $ git log --oneline v1.0.0-rc2..${COMMIT_ID} | wc -l
|
||||||
|
COMMIT_ID="54296cf40ad8143b62dbcaa1d90e520a2136ddfe"
|
||||||
|
|
||||||
|
inherit eutils flag-o-matic coreos-go vcs-snapshot
|
||||||
|
|
||||||
|
SRC_URI="https://${GITHUB_URI}/archive/${COMMIT_ID}.tar.gz -> ${P}.tar.gz"
|
||||||
|
KEYWORDS="amd64 arm64"
|
||||||
|
|
||||||
|
DESCRIPTION="runc container cli tools (docker fork)"
|
||||||
|
HOMEPAGE="http://runc.io"
|
||||||
|
|
||||||
|
LICENSE="Apache-2.0"
|
||||||
|
SLOT="0"
|
||||||
|
IUSE="apparmor hardened +seccomp selinux"
|
||||||
|
|
||||||
|
RDEPEND="
|
||||||
|
apparmor? ( sys-libs/libapparmor )
|
||||||
|
seccomp? ( sys-libs/libseccomp )
|
||||||
|
!app-emulation/runc
|
||||||
|
"
|
||||||
|
|
||||||
|
S=${WORKDIR}/${P}/src/${COREOS_GO_PACKAGE}
|
||||||
|
|
||||||
|
RESTRICT="test"
|
||||||
|
|
||||||
|
src_unpack() {
|
||||||
|
mkdir -p "${S}"
|
||||||
|
tar --strip-components=1 -C "${S}" -xf "${DISTDIR}/${A}"
|
||||||
|
}
|
||||||
|
|
||||||
|
PATCHES=(
|
||||||
|
"${FILESDIR}/${PN}-1.0.0_rc2-mount-propagation.patch"
|
||||||
|
)
|
||||||
|
|
||||||
|
src_compile() {
|
||||||
|
# Taken from app-emulation/docker-1.7.0-r1
|
||||||
|
export CGO_CFLAGS="-I${ROOT}/usr/include"
|
||||||
|
export CGO_LDFLAGS="$(usex hardened '-fno-PIC ' '')
|
||||||
|
-L${ROOT}/usr/$(get_libdir)"
|
||||||
|
|
||||||
|
# build up optional flags
|
||||||
|
local options=(
|
||||||
|
$(usex apparmor 'apparmor')
|
||||||
|
$(usex seccomp 'seccomp')
|
||||||
|
$(usex selinux 'selinux')
|
||||||
|
)
|
||||||
|
|
||||||
|
# CoreOS: Don't try to install dependencies.
|
||||||
|
sed -i 's/go build -i /go build /' Makefile
|
||||||
|
|
||||||
|
emake BUILDTAGS="${options[*]}" \
|
||||||
|
COMMIT="${COMMIT_ID}"
|
||||||
|
}
|
||||||
|
|
||||||
|
src_install() {
|
||||||
|
dobin runc
|
||||||
|
}
|
@ -0,0 +1,41 @@
|
|||||||
|
From db55cd4f29298ae08b20f92b8953735723ee2167 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Euan Kemp <euan.kemp@coreos.com>
|
||||||
|
Date: Fri, 22 Sep 2017 02:31:17 -0700
|
||||||
|
Subject: [PATCH] libcontainer: default mount propagation correctly
|
||||||
|
|
||||||
|
The code in prepareRoot (https://github.com/opencontainers/runc/blob/e385f67a0e45fa1d8ef8154e2aea5128ea1d331b/libcontainer/rootfs_linux.go#L599-L605)
|
||||||
|
attempts to default the rootfs mount to `rslave`. However, since the spec
|
||||||
|
conversion has already defaulted it to `rprivate`, that code doesn't
|
||||||
|
actually ever do anything.
|
||||||
|
|
||||||
|
This changes the spec conversion code to accept "" and treat it as 0.
|
||||||
|
|
||||||
|
Implicitly, this makes rootfs propagation default to `rslave`, which is
|
||||||
|
a part of fixing the moby bug https://github.com/moby/moby/issues/34672
|
||||||
|
|
||||||
|
Alternate implementatoins include changing this defaulting to be
|
||||||
|
`rslave` and removing the defaulting code in prepareRoot, or skipping
|
||||||
|
the mapping entirely for "", but I think this change is the cleanest of
|
||||||
|
those options.
|
||||||
|
|
||||||
|
Signed-off-by: Euan Kemp <euan.kemp@coreos.com>
|
||||||
|
---
|
||||||
|
libcontainer/specconv/spec_linux.go | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go
|
||||||
|
index 1575ae03..8a2947f6 100644
|
||||||
|
--- a/libcontainer/specconv/spec_linux.go
|
||||||
|
+++ b/libcontainer/specconv/spec_linux.go
|
||||||
|
@@ -36,7 +36,7 @@ var mountPropagationMapping = map[string]int{
|
||||||
|
"slave": syscall.MS_SLAVE,
|
||||||
|
"rshared": syscall.MS_SHARED | syscall.MS_REC,
|
||||||
|
"shared": syscall.MS_SHARED,
|
||||||
|
- "": syscall.MS_PRIVATE | syscall.MS_REC,
|
||||||
|
+ "": 0,
|
||||||
|
}
|
||||||
|
|
||||||
|
var allowedDevices = []*configs.Device{
|
||||||
|
--
|
||||||
|
2.13.5
|
||||||
|
|
Loading…
x
Reference in New Issue
Block a user