app-emulation/docker-runc: Add an ebuild for Docker 17.03

This ebuild is a mix of the upstream ebuild and the existing one.
This commit is contained in:
David Michael 2017-09-28 19:13:16 -07:00
parent 23db752fa9
commit e5881026f6
3 changed files with 113 additions and 0 deletions

View File

@ -1 +1,2 @@
DIST docker-runc-1.0.0_rc2_p136.tar.gz 561705 SHA256 2954cb6b468b3806a08c45656acc2019035bc9994c2a9b4249cfde4d9b3a7c93 SHA512 6052b95042082c3345caf25d3646f47b82c151ff3aca2ca4510dbf72ee80056d8c4077f2a1b48a9f4178c41185835ff51461e52ad47969534ea6febf7cac74f1 WHIRLPOOL ede821987006a54e7a87f88d9a5104d4a4ecc05a614e111fefa669f5ae436c11004debfe919bec0808194f2d96442775718a0208a1a374a9dd56a896f7dd8640
DIST docker-runc-1.0.0_rc4_p25.tar.gz 1094599 SHA256 d5820f1c655061be79441bd57efea4e5b60b25b6a451214b64172395b9fda383 SHA512 0cb0748812296294a87dda257dbf0947897a1ada2aa861ff3e65309a6bbecebbe798929845fca6f23b66fd0dc019bca0a032737c7192fe20618d8e1849866f3d WHIRLPOOL ed34894a3878c0cae50888c936eba1dad8d58da8d7042d5e421f06e4e98c1d7701a5c877baaba14a46d588b2ee3354e19d72bb141d5d8e7f6c0bed2d3a6b71b6 DIST docker-runc-1.0.0_rc4_p25.tar.gz 1094599 SHA256 d5820f1c655061be79441bd57efea4e5b60b25b6a451214b64172395b9fda383 SHA512 0cb0748812296294a87dda257dbf0947897a1ada2aa861ff3e65309a6bbecebbe798929845fca6f23b66fd0dc019bca0a032737c7192fe20618d8e1849866f3d WHIRLPOOL ed34894a3878c0cae50888c936eba1dad8d58da8d7042d5e421f06e4e98c1d7701a5c877baaba14a46d588b2ee3354e19d72bb141d5d8e7f6c0bed2d3a6b71b6

View File

@ -0,0 +1,71 @@
# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
EAPI=6
GITHUB_URI="github.com/docker/runc"
COREOS_GO_PACKAGE="${GITHUB_URI}"
COREOS_GO_VERSION="go1.7"
# the commit of runc that docker uses.
# see https://github.com/moby/moby/blob/v17.03.2-ce/hack/dockerfile/binaries-commits#L6
# Note: this commit is only really present in the `docker/runc` repository.
# Update the patch number when this commit is changed (i.e. the _p in the ebuild).
# The patch version is arbitrarily the number of commits since the tag version
# spcified in the ebuild name. For example:
# $ git log --oneline v1.0.0-rc2..${COMMIT_ID} | wc -l
COMMIT_ID="54296cf40ad8143b62dbcaa1d90e520a2136ddfe"
inherit eutils flag-o-matic coreos-go vcs-snapshot
SRC_URI="https://${GITHUB_URI}/archive/${COMMIT_ID}.tar.gz -> ${P}.tar.gz"
KEYWORDS="amd64 arm64"
DESCRIPTION="runc container cli tools (docker fork)"
HOMEPAGE="http://runc.io"
LICENSE="Apache-2.0"
SLOT="0"
IUSE="apparmor hardened +seccomp selinux"
RDEPEND="
apparmor? ( sys-libs/libapparmor )
seccomp? ( sys-libs/libseccomp )
!app-emulation/runc
"
S=${WORKDIR}/${P}/src/${COREOS_GO_PACKAGE}
RESTRICT="test"
src_unpack() {
mkdir -p "${S}"
tar --strip-components=1 -C "${S}" -xf "${DISTDIR}/${A}"
}
PATCHES=(
"${FILESDIR}/${PN}-1.0.0_rc2-mount-propagation.patch"
)
src_compile() {
# Taken from app-emulation/docker-1.7.0-r1
export CGO_CFLAGS="-I${ROOT}/usr/include"
export CGO_LDFLAGS="$(usex hardened '-fno-PIC ' '')
-L${ROOT}/usr/$(get_libdir)"
# build up optional flags
local options=(
$(usex apparmor 'apparmor')
$(usex seccomp 'seccomp')
$(usex selinux 'selinux')
)
# CoreOS: Don't try to install dependencies.
sed -i 's/go build -i /go build /' Makefile
emake BUILDTAGS="${options[*]}" \
COMMIT="${COMMIT_ID}"
}
src_install() {
dobin runc
}

View File

@ -0,0 +1,41 @@
From db55cd4f29298ae08b20f92b8953735723ee2167 Mon Sep 17 00:00:00 2001
From: Euan Kemp <euan.kemp@coreos.com>
Date: Fri, 22 Sep 2017 02:31:17 -0700
Subject: [PATCH] libcontainer: default mount propagation correctly
The code in prepareRoot (https://github.com/opencontainers/runc/blob/e385f67a0e45fa1d8ef8154e2aea5128ea1d331b/libcontainer/rootfs_linux.go#L599-L605)
attempts to default the rootfs mount to `rslave`. However, since the spec
conversion has already defaulted it to `rprivate`, that code doesn't
actually ever do anything.
This changes the spec conversion code to accept "" and treat it as 0.
Implicitly, this makes rootfs propagation default to `rslave`, which is
a part of fixing the moby bug https://github.com/moby/moby/issues/34672
Alternate implementatoins include changing this defaulting to be
`rslave` and removing the defaulting code in prepareRoot, or skipping
the mapping entirely for "", but I think this change is the cleanest of
those options.
Signed-off-by: Euan Kemp <euan.kemp@coreos.com>
---
libcontainer/specconv/spec_linux.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go
index 1575ae03..8a2947f6 100644
--- a/libcontainer/specconv/spec_linux.go
+++ b/libcontainer/specconv/spec_linux.go
@@ -36,7 +36,7 @@ var mountPropagationMapping = map[string]int{
"slave": syscall.MS_SLAVE,
"rshared": syscall.MS_SHARED | syscall.MS_REC,
"shared": syscall.MS_SHARED,
- "": syscall.MS_PRIVATE | syscall.MS_REC,
+ "": 0,
}
var allowedDevices = []*configs.Device{
--
2.13.5