From c589d2412409fd40707c4c7458d0d5be93253a4825dc247e1dd0f72c0c0a824a Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.com>
Date: Tue, 2 Feb 2021 22:19:53 +0000
Subject: [PATCH 1/2] - Update to Docker 20.10.3-ce. See upstream changelog in
 the packaged   /usr/share/doc/packages/docker/CHANGELOG.md. CVE-2021-21285
 CVE-2021-21284 - Drop docker-runc, docker-test and docker-libnetwork
 packages. We now just use   the upstream runc package (it's stable enough and
 Docker no longer pins git   versions). docker-libnetwork is so unstable that
 it doesn't have any   versioning scheme and so it really doesn't make sense
 to maintain the project   as a separate package. bsc#1181641 bsc#1181677

OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=100
---
 runc.changes |   6 +++
 runc.spec    | 118 ++++++++++++---------------------------------------
 2 files changed, 33 insertions(+), 91 deletions(-)

diff --git a/runc.changes b/runc.changes
index de14bc6..4f30e26 100644
--- a/runc.changes
+++ b/runc.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Feb  2 05:53:17 UTC 2021 - Aleksa Sarai <asarai@suse.com>
+
+- Update to handle the docker-runc removal. bsc#1181677
+- Modernise go building for runc now that it has go.mod.
+
 -------------------------------------------------------------------
 Fri Aug 28 07:38:29 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
 
diff --git a/runc.spec b/runc.spec
index b35b047..da2d632 100644
--- a/runc.spec
+++ b/runc.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package runc
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,29 +17,14 @@
 # nodebuginfo
 
 
-# We don't include a git_version in the "upstream" runc package, because we
-# only package released versions (unlike docker-runc).
-%define git_version %{nil}
+# MANUAL: Make sure you update this each time you update runc.
+%define git_version ff819c7e9184c13b7c2607fe6c30ae19403a7aff
 
 # Package-wide golang version
 %define go_version 1.13
-%define go_tool go
 %define _version 1.0.0-rc92
 %define project github.com/opencontainers/runc
 
-# enable libseccomp for sle >= sle12sp2
-%if 0%{?sle_version} >= 120200
-%define with_libseccomp 1
-%endif
-# enable libseccomp for leap >= 42.2
-%if 0%{?leap_version} >= 420200
-%define with_libseccomp 1
-%endif
-# enable libseccomp for Factory
-%if 0%{?suse_version} > 1320
-%define with_libseccomp 1
-%endif
-
 Name:           runc
 Version:        1.0.0~rc92
 Release:        0
@@ -56,11 +41,25 @@ BuildRequires:  go-go-md2man
 # Due to a limitation in openSUSE's Go packaging we cannot have a BuildRequires
 # for 'golang(API) >= 1.x' here, so just require 1.x exactly. bsc#1172608
 BuildRequires:  go%{go_version}
-%if 0%{?with_libseccomp}
 BuildRequires:  libseccomp-devel
-%endif
 BuildRequires:  libselinux-devel
 Recommends:     criu
+# There used to be a docker-runc package which was specifically for Docker.
+# Since Docker now tracks upstream more consistently, we use the same package
+# but we need to obsolete the old one. bsc#1181677
+# NOTE: We can't use the package version here because docker-runc used a
+#       different versioning scheme by accident (1.0.0rc92 vs 1.0.0~rc92 -- and
+#       GNU sort considers the former to be newer than the latter, in fact
+#       1.0.0rc92 is newer than 1.0.0 according to GNU sort). So we invent a
+#       fake 1.0.0.1 version.
+Obsoletes:      docker-runc < 1.0.0.1
+Provides:       docker-runc = 1.0.0.1.%{version}
+# KUBIC-SPECIFIC: There used to be a kubic-specific docker-runc package, but
+#                 now it's been merged into the one package. bsc#1181677
+Obsoletes:      docker-runc-kubic < 1.0.0.1
+Provides:       docker-runc-kubic = 1.0.0.1.%{version}
+Obsoletes:      docker-runc = 0.1.1+gitr2819_50a19c6
+Obsoletes:      docker-runc_50a19c6
 
 %description
 runc is a CLI tool for spawning and running containers according to the OCI
@@ -68,85 +67,28 @@ specification. It is designed to be as minimal as possible, and is the workhorse
 of Docker. It was originally designed to be a replacement for LXC within Docker,
 and has grown to become a separate project entirely.
 
-%package test
-Summary:        Test package for runc
-Group:          System/Management
-BuildRequires:  go%{go_version}
-%if 0%{?with_libseccomp}
-BuildRequires:  libseccomp-devel
-%endif
-Requires:       go-go-md2man
-Requires:       libapparmor-devel
-Requires:       libselinux-devel
-Recommends:     criu
-BuildArch:      noarch
-
-%description test
-Test package for runc. It contains the source code and the tests.
-
 %prep
 %setup -q -n %{name}-%{_version}
 
 %build
-# Do not use symlinks. If you want to run the unit tests for this package at
-# some point during the build and you need to directly use go list directly it
-# will get confused by symlinks.
-export GOPATH=${HOME}/go
-mkdir -p $HOME/go/src/%project
-rm -rf $HOME/go/src/%project/*
-cp -a * $HOME/go/src/%project
-
-# Additionally enable seccomp.
-%if 0%{?with_libseccomp}
-export EXTRA_BUILDTAGS+="seccomp"
-export EXTRA_GCCFLAGS+="-lseccomp"
-%endif
-
-# Build all features.
-export BUILDTAGS="apparmor selinux $EXTRA_BUILDTAGS"
-export BUILDFLAGS="-buildmode=pie -gccgoflags='-Wl,--add-needed -Wl,--no-as-needed -static-libgo -ldl -lselinux -lapparmor $EXTRA_GCCFLAGS'"
-
-(cat <<EOF
-export GOPATH="$GOPATH"
-export BUILDTAGS="$BUILDTAGS"
-export BUILDFLAGS="$BUILDFLAGS"
-EOF
-) >./.runc_build_env
-source ./.runc_build_env
-
-# Build runc.
-make -C "$HOME/go/src/%project" EXTRA_FLAGS="$BUILDFLAGS" BUILDTAGS="$BUILDTAGS" COMMIT_NO="%{git_version}" runc
-mv "$HOME/go/src/%project/runc" %{name}-%{version}
-
-# Build man pages, this can only be done on arches where we can build go-md2man.
+# build runc
+make BUILDTAGS="apparmor selinux seccomp" COMMIT_NO="%{git_version}" runc
+# build man pages
 man/md2man-all.sh
 
-%check
-# We used to run 'go test' here, however we found that this actually didn't
-# catch any issues that were caught by smoke testing, and %check would
-# continually cause package builds to fail due to flaky tests. If you ever need
-# to know how the testing was done, you can always look in the package history.
-# boo#1095817
-
 %install
-source ./.runc_build_env
-
-# We install to /usr/sbin/runc as per upstream an create a symlink in /usr/bin
+# We install to /usr/sbin/runc as per upstream and create a symlink in /usr/bin
 # for rootless tools.
-install -D -m755 %{name}-%{version} %{buildroot}%{_sbindir}/%{name}
-install -m 755 -d %{buildroot}%{_bindir}
+install -D -m0755 %{name} %{buildroot}%{_sbindir}/%{name}
+install -m0755 -d %{buildroot}%{_bindir}
 ln -s  %{_sbindir}/%{name} %{buildroot}%{_bindir}/%{name}
-install -d -m755 %{buildroot}/usr/src/%{name}/
-cp -av $HOME/go/src/%{project}/* %{buildroot}/usr/src/%{name}/
 
 # Man pages.
-install -d -m755 %{buildroot}%{_mandir}/man8
-install -m644 man/man8/runc*.8 %{buildroot}%{_mandir}/man8
+install -d -m0755 %{buildroot}%{_mandir}/man8
+install -m0644 man/man8/runc*.8 %{buildroot}%{_mandir}/man8
 
 %fdupes %{buildroot}
 
-%post
-
 %files
 %defattr(-,root,root)
 %doc README.md
@@ -155,10 +97,4 @@ install -m644 man/man8/runc*.8 %{buildroot}%{_mandir}/man8
 %{_bindir}/%{name}
 %{_mandir}/man8/runc*.8.gz
 
-%files test
-%defattr(-,root,root)
-/usr/src/runc/
-%exclude /usr/src/runc/runc
-%exclude /usr/src/runc/runc/Godeps/_workspace/pkg
-
 %changelog

From f530b9f9ffba614e4fee06bb33afa80628662bb7388534ca631cf99dc7046940 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.com>
Date: Thu, 4 Feb 2021 00:26:20 +0000
Subject: [PATCH 2/2] Accepting request 869056 from home:cyphar:docker

runc 1.0.0-rc93 update.

OBS-URL: https://build.opensuse.org/request/show/869056
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=101
---
 runc-1.0.0-rc92.tar.xz     |  3 ---
 runc-1.0.0-rc92.tar.xz.asc | 17 -----------------
 runc-1.0.0-rc93.tar.xz     |  3 +++
 runc-1.0.0-rc93.tar.xz.asc | 16 ++++++++++++++++
 runc.changes               | 18 ++++++++++++++++--
 runc.spec                  |  8 ++++----
 6 files changed, 39 insertions(+), 26 deletions(-)
 delete mode 100644 runc-1.0.0-rc92.tar.xz
 delete mode 100644 runc-1.0.0-rc92.tar.xz.asc
 create mode 100644 runc-1.0.0-rc93.tar.xz
 create mode 100644 runc-1.0.0-rc93.tar.xz.asc

diff --git a/runc-1.0.0-rc92.tar.xz b/runc-1.0.0-rc92.tar.xz
deleted file mode 100644
index 1bd01e0..0000000
--- a/runc-1.0.0-rc92.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:2f76b623b550588db98e2be72e74aae426f5d4cf736bd92afb91dd5586816daf
-size 1218268
diff --git a/runc-1.0.0-rc92.tar.xz.asc b/runc-1.0.0-rc92.tar.xz.asc
deleted file mode 100644
index e719045..0000000
--- a/runc-1.0.0-rc92.tar.xz.asc
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQJDBAABCAAtFiEEXzbGxhtUYBJKdfWmnhiqJn3bjbQFAl8rkw4PHGFzYXJhaUBz
-dXNlLmRlAAoJEJ4YqiZ92420W5sQAJigDT1Nyeg8GphNz7wQe9oDekI3jaeLTaEo
-RbiDoD5KMZ9MLhRqClv9tv5GVDxMR9mlABhekC6rAH0AyM776c4Qh64Zm6AIoNuL
-T356w8fYjxo4NsT5q049AG+FOCI92/s03dVsou0bBwHyKS1YRmxRotDYEc/R2+UO
-hGjWWayXXW3TkmK2tW/CAhGWuScR4Z7c8An+SUnjK/a+ImPMjzUQ8E0QOskBymy5
-pCmzV2jjw2yoSXlnxscY4FYD4YH0z0QeyPafa0+qayh5sD+ECTJkxyU0JxF5fIKp
-zMJHQi5XX2f+k3A946iXJ6FdaKkFIuoCSbAbjAvSNV1pizcKUYjIo5U8gT0h37NY
-CuEuqTjyonzbfYw5w169DVkBJ417L8crYTkZ/cBoCEPFWq2ONT5bfPbTe9jn2Dtp
-zKZayoeYd7q+8MDKAbyKw6ATN3UvMrsAFvYgFJCPY9BIFjRBtIm6YDdpkbdyMtlt
-m9NKqdfWwnfafwVIWK422yNNbND995u+mYcOQHYSE/sVhbvT7s5BcmvFDYGGTzf+
-oswfKGeK4+7jYz8MffcypGw5sAzmwYXM43y0AOopR7dMSEbyOazxHQhS8J7IO9JY
-vy1XB5JJlWERba4Vg6EtaGBV+mv/se8fnOM2l81k6thsnl708dw/2vqyiuFPZaxQ
-ORIrr1ez
-=71sT
------END PGP SIGNATURE-----
diff --git a/runc-1.0.0-rc93.tar.xz b/runc-1.0.0-rc93.tar.xz
new file mode 100644
index 0000000..aabc5dd
--- /dev/null
+++ b/runc-1.0.0-rc93.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:70ee0fcf45b17f0da93dd4c4d174046a3584080dcc07c5468914d33d57c8202d
+size 1261676
diff --git a/runc-1.0.0-rc93.tar.xz.asc b/runc-1.0.0-rc93.tar.xz.asc
new file mode 100644
index 0000000..29add6b
--- /dev/null
+++ b/runc-1.0.0-rc93.tar.xz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEXzbGxhtUYBJKdfWmnhiqJn3bjbQFAmAaAVwACgkQnhiqJn3b
+jbRLSw/8DQEIlXTrCGYtB6qu/Aog3gU2JrwYWLDIRHJNl5e5QEemdgsm7JjcKU02
+cOTKjH4StQdXA164pHUaq4CYvZxzDZoACyD9G8x9dW3CP4thT9ySDE8ElV2wo5R7
+7JYoG4I7A/rmejVvA1H48U0YZdolUMJDvqEUoyY+NnIFAU3WFx/cJw5GOZ7KeGLg
+LzZxVRUQQHJdth5E9uE+DyF/7IMiMwEFXC+FG+uEOkK8uVbSu6yJyN9N8ef5aZE2
+BWmr6U9K9rq6cfQi6zGd2k5m0vRMB8qwqSDLiiVLMJYpE13Y9pxxzBasq+R4+8QS
+FACtmpmBmhVFM1RdYtoB0uoMS3ZE2xlMEWtauLXYxRwEybXeu75ZEnNAewAozY2m
+8xllZQrpSFvlqjgEslBhztWJcu7Ds7veT4SRhby/RflF087teMPvxDErh0QAPXpF
+mUZX8UahjPTMu1hv0nwrdfNe5EBkLoyOYtWIy29qgW3e+DmiAfAuOE2XI9ttn4ZB
++i7CQocy8hlyCeDHHVPgoyWTSAV7/jYizTDq1aj0FcvGC+WHI8ZrzYgfWKQZ+/ov
+b356RwhK1lZ9sZf107phf4gmPA/uvIGvERO0PdPvWQaJbIZ4TUTxx/IO8tO5PAHz
+7DJ/UGvyIMwiERuM1ul/4bgRsMXEoCYbirqQmqe0qBSiy2c+q1g=
+=+kc+
+-----END PGP SIGNATURE-----
diff --git a/runc.changes b/runc.changes
index 4f30e26..cd0a59d 100644
--- a/runc.changes
+++ b/runc.changes
@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Wed Feb  3 04:09:17 UTC 2021 - Aleksa Sarai <asarai@suse.com>
+
+- Update to runc v1.0.0~rc93. Upstream changelog is available from
+  https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc93
+
+  * Cgroupv2 support is no longer considered experimental.
+  * Mountinfo parsing code has been reworked significantly.
+  * Special ENOSYS handling for seccomp profiles to avoid making new
+	syscalls unusable for glibc.
+  * Various rootless containers improvements.
+  * The "selinux" and "apparmor" buildtags have been removed, and now all runc
+    builds will have SELinux and AppArmor support enabled.
+
 -------------------------------------------------------------------
 Tue Feb  2 05:53:17 UTC 2021 - Aleksa Sarai <asarai@suse.com>
 
@@ -7,8 +21,8 @@ Tue Feb  2 05:53:17 UTC 2021 - Aleksa Sarai <asarai@suse.com>
 -------------------------------------------------------------------
 Fri Aug 28 07:38:29 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
 
-- Upgrade to runc v1.0.0~rc92 (bsc#1175821). Upstream changelog is
-  available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc92
+- Upgrade to runc v1.0.0~rc92 (bsc#1175821). Upstream changelog is available
+  from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc92
 
   * Updates to CRIU support.
   * Improvements to cgroupfs performance and correctness.
diff --git a/runc.spec b/runc.spec
index da2d632..178326f 100644
--- a/runc.spec
+++ b/runc.spec
@@ -18,15 +18,15 @@
 
 
 # MANUAL: Make sure you update this each time you update runc.
-%define git_version ff819c7e9184c13b7c2607fe6c30ae19403a7aff
+%define git_version 12644e614e25b05da6fd08a38ffa0cfe1903fdec
 
 # Package-wide golang version
 %define go_version 1.13
-%define _version 1.0.0-rc92
+%define _version 1.0.0-rc93
 %define project github.com/opencontainers/runc
 
 Name:           runc
-Version:        1.0.0~rc92
+Version:        1.0.0~rc93
 Release:        0
 Summary:        Tool for spawning and running OCI containers
 License:        Apache-2.0
@@ -72,7 +72,7 @@ and has grown to become a separate project entirely.
 
 %build
 # build runc
-make BUILDTAGS="apparmor selinux seccomp" COMMIT_NO="%{git_version}" runc
+make BUILDTAGS="seccomp" COMMIT_NO="%{git_version}" runc
 # build man pages
 man/md2man-all.sh