Accepting request 324799 from Virtualization:containers

1

OBS-URL: https://build.opensuse.org/request/show/324799
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=22

docker.changes

@@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Fri Aug 21 08:46:30 UTC 2015 - normand@linux.vnet.ibm.com
+
+- new patch as per upstream issue
+  https://github.com/docker/docker/issues/14056#issuecomment-113680944
+  docker_rename_jump_amd64_as_jump_linux.patch
+
+-------------------------------------------------------------------
+Fri Aug 21 08:07:58 UTC 2015 - normand@linux.vnet.ibm.com
+
+- ignore-dockerinit-checksum.patch need -p1 in spec
+
 -------------------------------------------------------------------
 Thu Aug 13 09:00:25 UTC 2015 - jmassaguerpla@suse.com
 

docker.spec

@@ -49,6 +49,7 @@ Patch1:         libcontainer-apparmor-fixes.patch
 # to simply disable this check
 Patch100:       ignore-dockerinit-checksum.patch
 Patch101:       gcc-go-build-static-libgo.patch
+Patch102:       docker_rename_jump_amd64_as_jump_linux.patch
 BuildRequires:  bash-completion
 BuildRequires:  device-mapper-devel >= 1.2.68
 BuildRequires:  glibc-devel-static
@@ -141,17 +142,20 @@ Test package for docker. It contains the source code and the tests.
 %patch0 -p1
 %patch1 -p1
 %ifnarch %go_arches
-%patch100
-%patch101
+%patch100 -p1
+%patch101 -p0
+%patch102 -p1
 %endif
 cp %{SOURCE7} .
 find . -name ".gitignore" | xargs rm
 
 %build
 %ifnarch %go_arches
-mkdir /tmp/dirty-hack
-ln -s /usr/bin/go-5 /tmp/dirty-hack/go
-export PATH=/tmp/dirty-hack:$PATH
+tmphack=/tmp/dirty-hack
+[ -e $tmphack ] && rm -rf $tmphack
+mkdir $tmphack
+ln -s /usr/bin/go-5 $tmphack/go
+export PATH=$tmphack:$PATH
 %endif
 
 (cat <<EOF

docker_rename_jump_amd64_as_jump_linux.patch

@@ -0,0 +1,157 @@
+From: Michel Normand <normand@linux.vnet.ibm.com>
+Subject: docker rename jump amd64 as jump linux
+Date: Fri, 21 Aug 2015 10:42:37 +0200
+
+docker rename jump amd64 as jump linux
+based on https://github.com/docker/docker/issues/14056#issuecomment-113680944
+
+Signed-off-by: Michel Normand <normand@linux.vnet.ibm.com>
+---
+ vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/jump_amd64.go |   68 ----------
+ vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/jump_linux.go |   66 +++++++++
+ 2 files changed, 66 insertions(+), 68 deletions(-)
+
+Index: docker-1.8.1/vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/jump_amd64.go
+===================================================================
+--- docker-1.8.1.orig/vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/jump_amd64.go
++++ /dev/null
+@@ -1,68 +0,0 @@
+-// +build linux,amd64
+-
+-package seccomp
+-
+-// Using BPF filters
+-//
+-// ref: http://www.gsp.com/cgi-bin/man.cgi?topic=bpf
+-import "syscall"
+-
+-func jumpGreaterThan(f *filter, v uint, jt sockFilter) {
+-	lo := uint32(uint64(v) % 0x100000000)
+-	hi := uint32(uint64(v) / 0x100000000)
+-	*f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGT+syscall.BPF_K, (hi), 4, 0))
+-	*f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (hi), 0, 5))
+-	*f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
+-	*f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGE+syscall.BPF_K, (lo), 0, 2))
+-	*f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
+-	*f = append(*f, jt)
+-	*f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
+-}
+-
+-func jumpEqualTo(f *filter, v uint, jt sockFilter) {
+-	lo := uint32(uint64(v) % 0x100000000)
+-	hi := uint32(uint64(v) / 0x100000000)
+-	*f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (hi), 0, 5))
+-	*f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
+-	*f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (lo), 0, 2))
+-	*f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
+-	*f = append(*f, jt)
+-	*f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
+-}
+-
+-func jumpLessThan(f *filter, v uint, jt sockFilter) {
+-	lo := uint32(uint64(v) % 0x100000000)
+-	hi := uint32(uint64(v) / 0x100000000)
+-	*f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGT+syscall.BPF_K, (hi), 6, 0))
+-	*f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (hi), 0, 3))
+-	*f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
+-	*f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGT+syscall.BPF_K, (lo), 2, 0))
+-	*f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
+-	*f = append(*f, jt)
+-	*f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
+-}
+-
+-func jumpNotEqualTo(f *filter, v uint, jt sockFilter) {
+-	lo := uint32(uint64(v) % 0x100000000)
+-	hi := uint32(uint64(v) / 0x100000000)
+-	*f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, hi, 5, 0))
+-	*f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
+-	*f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, lo, 2, 0))
+-	*f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
+-	*f = append(*f, jt)
+-	*f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
+-}
+-
+-// this checks for a value inside a mask. The evalusation is equal to doing
+-// CLONE_NEWUSER & syscallMask == CLONE_NEWUSER
+-func jumpMaskEqualTo(f *filter, v uint, jt sockFilter) {
+-	lo := uint32(uint64(v) % 0x100000000)
+-	hi := uint32(uint64(v) / 0x100000000)
+-	*f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, hi, 0, 6))
+-	*f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
+-	*f = append(*f, scmpBpfStmt(syscall.BPF_ALU+syscall.BPF_AND, uint32(v)))
+-	*f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, lo, 0, 2))
+-	*f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
+-	*f = append(*f, jt)
+-	*f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
+-}
+Index: docker-1.8.1/vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/jump_linux.go
+===================================================================
+--- /dev/null
++++ docker-1.8.1/vendor/src/github.com/opencontainers/runc/libcontainer/seccomp/jump_linux.go
+@@ -0,0 +1,66 @@
++package seccomp
++
++// Using BPF filters
++//
++// ref: http://www.gsp.com/cgi-bin/man.cgi?topic=bpf
++import "syscall"
++
++func jumpGreaterThan(f *filter, v uint, jt sockFilter) {
++	lo := uint32(uint64(v) % 0x100000000)
++	hi := uint32(uint64(v) / 0x100000000)
++	*f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGT+syscall.BPF_K, (hi), 4, 0))
++	*f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (hi), 0, 5))
++	*f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
++	*f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGE+syscall.BPF_K, (lo), 0, 2))
++	*f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
++	*f = append(*f, jt)
++	*f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
++}
++
++func jumpEqualTo(f *filter, v uint, jt sockFilter) {
++	lo := uint32(uint64(v) % 0x100000000)
++	hi := uint32(uint64(v) / 0x100000000)
++	*f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (hi), 0, 5))
++	*f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
++	*f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (lo), 0, 2))
++	*f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
++	*f = append(*f, jt)
++	*f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
++}
++
++func jumpLessThan(f *filter, v uint, jt sockFilter) {
++	lo := uint32(uint64(v) % 0x100000000)
++	hi := uint32(uint64(v) / 0x100000000)
++	*f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGT+syscall.BPF_K, (hi), 6, 0))
++	*f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, (hi), 0, 3))
++	*f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
++	*f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JGT+syscall.BPF_K, (lo), 2, 0))
++	*f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
++	*f = append(*f, jt)
++	*f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
++}
++
++func jumpNotEqualTo(f *filter, v uint, jt sockFilter) {
++	lo := uint32(uint64(v) % 0x100000000)
++	hi := uint32(uint64(v) / 0x100000000)
++	*f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, hi, 5, 0))
++	*f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
++	*f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, lo, 2, 0))
++	*f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
++	*f = append(*f, jt)
++	*f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
++}
++
++// this checks for a value inside a mask. The evalusation is equal to doing
++// CLONE_NEWUSER & syscallMask == CLONE_NEWUSER
++func jumpMaskEqualTo(f *filter, v uint, jt sockFilter) {
++	lo := uint32(uint64(v) % 0x100000000)
++	hi := uint32(uint64(v) / 0x100000000)
++	*f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, hi, 0, 6))
++	*f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 0))
++	*f = append(*f, scmpBpfStmt(syscall.BPF_ALU+syscall.BPF_AND, uint32(v)))
++	*f = append(*f, scmpBpfJump(syscall.BPF_JMP+syscall.BPF_JEQ+syscall.BPF_K, lo, 0, 2))
++	*f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
++	*f = append(*f, jt)
++	*f = append(*f, scmpBpfStmt(syscall.BPF_LD+syscall.BPF_MEM, 1))
++}