From ce9552284766233eb3209275eb8c4325111e09cf7507c8adfce852373a05f2a5 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 11 Aug 2017 12:10:02 +0000 Subject: [PATCH 1/3] - Use -buildmode=pie for tests and binary build. bsc#1048046 bsc#1051429 This also includes some various improvements to the packaging of runc, containerd and docker-runc. OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=53 --- runc.changes | 19 ++++++++---- runc.spec | 84 ++++++++++++++++++++++++++++++++++------------------ 2 files changed, 68 insertions(+), 35 deletions(-) diff --git a/runc.changes b/runc.changes index 0d38a01..43e512d 100644 --- a/runc.changes +++ b/runc.changes @@ -1,19 +1,26 @@ +------------------------------------------------------------------- +Wed Aug 2 13:51:43 UTC 2017 - asarai@suse.com + +- Use -buildmode=pie for tests and binary build. bsc#1048046 bsc#1051429 +- Cleanup seccomp builds similar to bsc#1028638 +- Remove the usage of 'cp -r' to reduce noise in the build logs. + ------------------------------------------------------------------- Thu Jul 6 17:14:17 UTC 2017 - thipp@suse.de - switch to opencontainers/runc master branch -- remove CVE-2016-9962.patch +- remove CVE-2016-9962.patch - stop providing docker-runc ------------------------------------------------------------------- Thu May 4 19:04:49 UTC 2017 - jmassaguerpla@suse.com -- fix the golang requirement to 1.7 to the subpackages +- fix the golang requirement to 1.7 to the subpackages ------------------------------------------------------------------- Tue May 2 15:49:41 UTC 2017 - jmassaguerpla@suse.com -- fix golang requirement to 1.7 +- fix golang requirement to 1.7 ------------------------------------------------------------------- Fri Apr 28 16:16:00 UTC 2017 - jengelh@inai.de @@ -23,20 +30,20 @@ Fri Apr 28 16:16:00 UTC 2017 - jengelh@inai.de ------------------------------------------------------------------- Thu Apr 13 16:34:03 UTC 2017 - jmassaguerpla@suse.com -- update version to the one required by docker-17.04.0-ce (bsc#1034053) +- update version to the one required by docker-17.04.0-ce (bsc#1034053) remove ignore_cgroup2_mountpoint.patch . This is already included in the upstream source code. ------------------------------------------------------------------- Wed Apr 12 09:55:28 UTC 2017 - jmassaguerpla@suse.com -- Make sure this is being built with go 1.7 +- Make sure this is being built with go 1.7 ------------------------------------------------------------------- Tue Apr 11 15:37:36 UTC 2017 - jmassaguerpla@suse.com - remove the go_arches macro because we are using go1.7 which - is available in all archs + is available in all archs ------------------------------------------------------------------- Wed Mar 29 15:47:52 UTC 2017 - jmassaguerpla@suse.com diff --git a/runc.spec b/runc.spec index 5b9265e..a6b6d5d 100644 --- a/runc.spec +++ b/runc.spec @@ -18,6 +18,20 @@ %define go_tool go %define _version 1.0.0rc3+r133 +%define project github.com/opencontainers/runc + +# enable libseccomp for sle >= sle12sp2 +%if 0%{?sle_version} >= 120200 +%define with_libseccomp 1 +%endif +# enable libseccomp for leap >= 42.2 +%if 0%{?leap_version} >= 420200 +%define with_libseccomp 1 +%endif +# enable libseccomp for Factory +%if 0%{?suse_version} > 1320 +%define with_libseccomp 1 +%endif Name: runc Version: 1.0.0~rc3+r133 @@ -32,8 +46,7 @@ BuildRequires: fdupes BuildRequires: go-go-md2man BuildRequires: libapparmor-devel BuildRequires: golang(API) = 1.7 -# Seccomp isn't supported on aarch64. -%ifnarch aarch64 +%if 0%{?with_libseccomp} BuildRequires: libseccomp-devel %endif BuildRequires: libselinux-devel @@ -53,9 +66,8 @@ Group: System/Management BuildRequires: golang(API) = 1.7 Requires: go-go-md2man Requires: libapparmor-devel -# Seccomp isn't supported on aarch64. -%ifnarch aarch64 -Requires: libseccomp-devel +%if 0%{?with_libseccomp} +BuildRequires: libseccomp-devel %endif Requires: libselinux-devel Recommends: criu @@ -71,51 +83,66 @@ Test package for runc. It contains the source code and the tests. # Do not use symlinks. If you want to run the unit tests for this package at # some point during the build and you need to directly use go list directly it # will get confused by symlinks. -export GOPATH=${HOME}/go:${HOME}/go/src/github.com/opencontainers/runc/Godeps/_workspace -mkdir -pv $HOME/go/src/github.com/opencontainers/runc -rm -rf $HOME/go/src/github.com/opencontainers/runc/* -cp -avr * $HOME/go/src/github.com/opencontainers/runc +export GOPATH=${HOME}/go:${HOME}/go/src/%project/Godeps/_workspace +mkdir -pv $HOME/go/src/%project +rm -rf $HOME/go/src/%project/* +cp -av * $HOME/go/src/%project -export BUILDFLAGS="-gccgoflags=-Wl,--add-needed -Wl,--no-as-needed -static-libgo -ldl -lselinux -lapparmor" # Build all features. export BUILDTAGS="apparmor selinux" +export BUILDFLAGS="-gccgoflags=-Wl,--add-needed -Wl,--no-as-needed -static-libgo -ldl -lselinux -lapparmor" -# Seccomp isn't supported on aarch64. -%ifnarch aarch64 +# Additionally enable seccomp. +%if 0%{?with_libseccomp} export BUILDTAGS="$BUILDTAGS seccomp" export BUILDFLAGS="$BUILDFLAGS -lseccomp" %endif +(cat <./.runc_build_env +source ./.runc_build_env + # Build runc. -%go_tool build "$BUILDFLAGS" -tags "$BUILDTAGS" -x -o %{name}-%{version} github.com/opencontainers/%{name} +%go_tool build -buildmode=pie "$BUILDFLAGS" -tags "$BUILDTAGS" -x -o %{name}-%{version} %{project} # Build man pages, this can only be done on arches where we can build go-md2man. man/md2man-all.sh %check -export GOPATH=$HOME/go/src/github.com/opencontainers/runc/Godeps/_workspace:$GOPATH -cd $HOME/go/src/github.com/opencontainers/runc +source ./.runc_build_env +cd $HOME/go/src/%project + PKG_LIST=$(go list ./... \ - | grep -v 'github.com/opencontainers/runc/libcontainer/cgroups/fs$' \ - | grep -v 'github.com/opencontainers/runc/libcontainer$' \ - | grep -v 'github.com/opencontainers/runc/libcontainer/integration$' \ - | grep -v 'github.com/opencontainers/runc/libcontainer/nsenter$' \ - | grep -v 'github.com/opencontainers/runc/libcontainer/user$' \ - | grep -v 'github.com/opencontainers/runc/libcontainer/xattr$') -go test -timeout 3m -tags "$BUILDTAGS" -v $PKG_LIST + | grep -v '%{project}/libcontainer/cgroups/fs$' \ + | grep -v '%{project}/libcontainer$' \ + | grep -v '%{project}/libcontainer/integration$' \ + | grep -v '%{project}/libcontainer/nsenter$' \ + | grep -v '%{project}/libcontainer/user$' \ + | grep -v '%{project}/libcontainer/xattr$' \ +%if ! 0%{?with_libseccomp} + | grep -v '%{project}/libcontainer/seccomp$' \ + | grep -v 'github.com/seccomp/libseccomp-golang$' \ +%endif + ) +%go_tool test -buildmode=pie "$BUILDFLAGS" -tags "$BUILDTAGS" -timeout 3m -v $PKG_LIST %install +source ./.runc_build_env + +# We install to /usr/sbin/runc as per upstream. install -D -m755 %{name}-%{version} %{buildroot}%{_sbindir}/%{name} -install -d -m755 %{buildroot}/usr/src/runc/ -cp -avr $HOME/go/src/github.com/opencontainers/runc/* %{buildroot}/usr/src/runc/ - -# symlink runc as docker-runc. bsc#1015661 -install -d -m755 %{buildroot}/%{_bindir} +install -d -m755 %{buildroot}/usr/src/%{name}/ +cp -av $HOME/go/src/%{project}/* %{buildroot}/usr/src/%{name}/ +# Man pages. install -d -m755 %{buildroot}%{_mandir}/man8 install -m644 man/man8/runc*.8 %{buildroot}%{_mandir}/man8 -%fdupes %{buildroot}/%{_prefix} +%fdupes %{buildroot} %post @@ -123,7 +150,6 @@ install -m644 man/man8/runc*.8 %{buildroot}%{_mandir}/man8 %defattr(-,root,root) %doc README.md LICENSE %{_sbindir}/%{name} - %{_mandir}/man8/runc*.8.gz %files test From f50f0c9bebe664e94fe6345760b92c115472ed6a886b55f9660dbd4a33949524 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 11 Aug 2017 13:51:29 +0000 Subject: [PATCH 2/3] Accepting request 516116 from home:cyphar:containers:runc_update_rc4 - Update to runc v1.0.0-rc4. Upstream changelog: + runc now supports v1.0.0 of the OCI runtime specification. #1527 + Rootless containers support has been released. The current state of this feature is that it only supports single-{uid,gid} mappings as an unprivileged user, and cgroups are completely unsupported. Work is being done to improve this. #774 + Rather than relying on CRIU version nnumbers, actually check if the system supports pre-dumping. #1371 + Allow the PIDs cgroup limit to be updated. #1423 + Add support for checkpoint/restore of containers with orphaned PTYs (which is effectively all containers with terminal=true). #1355 + Permit prestart hooks to modify the cgroup configuration of a container. #1239 + Add support for a wide variety of mount options. #1460 + Expose memory.use_hierarchy in MemoryStats. #1378 * Fix incorrect handling of systems without the freezer cgroup. #1387 * Many, many changes to switch away from Go's "syscall" stdlib to "golang.org/x/sys/unix". #1394 #1398 #1442 #1464 #1467 #1470 #1474 #1478 #1491 #1482 #1504 #1519 #1530 * Set cgroup resources when restoring a container. #1399 * Switch back to using /sbin as the installation directory. #1406 * Remove the arbitrary container ID length restriction. #1435 * Make container force deletion ignore non-existent containers. #1451 * Improve handling of arbitrary cgroup mount locations when populating cpuset. #1372 * Make the SaneTerminal interface public. #1479 * Fix cases where runc would report a container to be in a "Running" state if the init was a zombie or dead. #1489 * Do not set supplementary groups for numeric users. #1450 * Fix various issues with the "owner" field in runc-list. #1516 * Many other miscellaneous fixes, some of which were made by first-time contributors. Thanks, and welcome to the project! #1406 #1400 #1365 #1396 #1402 #1414 #1412 #1408 #1418 #1425 #1428 #1436 #1433 #1438 #1410 #1447 #1388 #1484 #1481 #1496 #1245 #1524 #1534 #1526 #1533 - Remove any semblance of non-Linux support. #1502 - We no longer use shfmt for testing. #1510 OBS-URL: https://build.opensuse.org/request/show/516116 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=54 --- runc-v1.0.0rc3+r133.tar.xz | 3 --- runc-v1.0.0rc4.tar.xz | 3 +++ runc.changes | 40 ++++++++++++++++++++++++++++++++++++++ runc.spec | 4 ++-- 4 files changed, 45 insertions(+), 5 deletions(-) delete mode 100644 runc-v1.0.0rc3+r133.tar.xz create mode 100644 runc-v1.0.0rc4.tar.xz diff --git a/runc-v1.0.0rc3+r133.tar.xz b/runc-v1.0.0rc3+r133.tar.xz deleted file mode 100644 index f896cdc..0000000 --- a/runc-v1.0.0rc3+r133.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f557624b98ff2d38b84843d0fb70eb731ed14fd9d28613a8f317b1dc9ca1f073 -size 491904 diff --git a/runc-v1.0.0rc4.tar.xz b/runc-v1.0.0rc4.tar.xz new file mode 100644 index 0000000..be2c9c7 --- /dev/null +++ b/runc-v1.0.0rc4.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7704aa2959591136619067f678012a77329060907ccc7b4926b4b3299985d7d1 +size 486660 diff --git a/runc.changes b/runc.changes index 43e512d..96b1896 100644 --- a/runc.changes +++ b/runc.changes @@ -1,3 +1,43 @@ +------------------------------------------------------------------- +Thu Aug 10 17:14:02 UTC 2017 - asarai@suse.com + +- Update to runc v1.0.0-rc4. Upstream changelog: + + runc now supports v1.0.0 of the OCI runtime specification. #1527 + + Rootless containers support has been released. The current state of + this feature is that it only supports single-{uid,gid} mappings as an + unprivileged user, and cgroups are completely unsupported. Work is + being done to improve this. #774 + + Rather than relying on CRIU version nnumbers, actually check if the + system supports pre-dumping. #1371 + + Allow the PIDs cgroup limit to be updated. #1423 + + Add support for checkpoint/restore of containers with orphaned PTYs + (which is effectively all containers with terminal=true). #1355 + + Permit prestart hooks to modify the cgroup configuration of a + container. #1239 + + Add support for a wide variety of mount options. #1460 + + Expose memory.use_hierarchy in MemoryStats. #1378 + * Fix incorrect handling of systems without the freezer cgroup. #1387 + * Many, many changes to switch away from Go's "syscall" stdlib to + "golang.org/x/sys/unix". #1394 #1398 #1442 #1464 #1467 #1470 #1474 + #1478 #1491 #1482 #1504 #1519 #1530 + * Set cgroup resources when restoring a container. #1399 + * Switch back to using /sbin as the installation directory. #1406 + * Remove the arbitrary container ID length restriction. #1435 + * Make container force deletion ignore non-existent containers. #1451 + * Improve handling of arbitrary cgroup mount locations when populating + cpuset. #1372 + * Make the SaneTerminal interface public. #1479 + * Fix cases where runc would report a container to be in a "Running" + state if the init was a zombie or dead. #1489 + * Do not set supplementary groups for numeric users. #1450 + * Fix various issues with the "owner" field in runc-list. #1516 + * Many other miscellaneous fixes, some of which were made by first-time + contributors. Thanks, and welcome to the project! #1406 #1400 #1365 + #1396 #1402 #1414 #1412 #1408 #1418 #1425 #1428 #1436 #1433 #1438 + #1410 #1447 #1388 #1484 #1481 #1496 #1245 #1524 #1534 #1526 #1533 + - Remove any semblance of non-Linux support. #1502 + - We no longer use shfmt for testing. #1510 + ------------------------------------------------------------------- Wed Aug 2 13:51:43 UTC 2017 - asarai@suse.com diff --git a/runc.spec b/runc.spec index a6b6d5d..9bdb0db 100644 --- a/runc.spec +++ b/runc.spec @@ -17,7 +17,7 @@ %define go_tool go -%define _version 1.0.0rc3+r133 +%define _version 1.0.0rc4 %define project github.com/opencontainers/runc # enable libseccomp for sle >= sle12sp2 @@ -34,7 +34,7 @@ %endif Name: runc -Version: 1.0.0~rc3+r133 +Version: 1.0.0~rc4 Release: 0 Summary: Tool for spawning and running OCI containers License: Apache-2.0 From 9676cebf636bc1c057c4d107da6fceab1555d5096d45b3a9c16a94ae9a813fdd Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 16 Aug 2017 19:16:32 +0000 Subject: [PATCH 3/3] Accepting request 517264 from home:cyphar:containers:bsc1053532 - Use the upstream Makefile, to ensure that we always include the version and commit information in runc. This was confusing users (and Docker). bsc#1053532 - Add a backported patch to fix a Makefile bug. This also includes some other changes to make the docker-runc.spec mirror the newer runc. OBS-URL: https://build.opensuse.org/request/show/517264 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=55 --- ...-0001-makefile-drop-usage-of-install.patch | 101 ++++++++++++++++++ runc.changes | 9 ++ runc.spec | 28 +++-- 3 files changed, 129 insertions(+), 9 deletions(-) create mode 100644 bsc1053532-0001-makefile-drop-usage-of-install.patch diff --git a/bsc1053532-0001-makefile-drop-usage-of-install.patch b/bsc1053532-0001-makefile-drop-usage-of-install.patch new file mode 100644 index 0000000..1a7ae37 --- /dev/null +++ b/bsc1053532-0001-makefile-drop-usage-of-install.patch @@ -0,0 +1,101 @@ +From 6581d0f488b3bfa00760cc71c5f1fccfee302b0d Mon Sep 17 00:00:00 2001 +From: Aleksa Sarai +Date: Mon, 14 Aug 2017 00:10:28 +1000 +Subject: [PATCH] makefile: drop usage of --install + +The "go build -i" invocation may slightly help with incremental +recompilation, but it will cause builds to fail if $GOROOT is not +writeable by the current user. While this does appear to work sometimes, +it's a concern for external build systems where "-i" causes build errors +for no real gain. + +Given the size of the runc project, --install is not really giving us +much anyway. + +SUSE-Bug: https://bugzilla.opensuse.org/show_bug.cgi?id=1053532 +SUSE-Backport: https://github.com/opencontainers/runc/pull/1555 +Signed-off-by: Aleksa Sarai +--- + Makefile | 22 ++++++++++++---------- + 1 file changed, 12 insertions(+), 10 deletions(-) + +diff --git a/Makefile b/Makefile +index 6781ac74e8a0..dc13d2e5296e 100644 +--- a/Makefile ++++ b/Makefile +@@ -2,6 +2,8 @@ + localtest localunittest localintegration \ + test unittest integration + ++GO := go ++ + SOURCES := $(shell find . 2>&1 | grep -E '.*\.(c|h|go)$$') + PREFIX := $(DESTDIR)/usr/local + BINDIR := $(PREFIX)/sbin +@@ -27,18 +29,18 @@ SHELL := $(shell command -v bash 2>/dev/null) + .DEFAULT: runc + + runc: $(SOURCES) +- go build -i $(EXTRA_FLAGS) -ldflags "-X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -tags "$(BUILDTAGS)" -o runc . ++ $(GO) build $(EXTRA_FLAGS) -ldflags "-X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -tags "$(BUILDTAGS)" -o runc . + + all: runc recvtty + + recvtty: contrib/cmd/recvtty/recvtty + + contrib/cmd/recvtty/recvtty: $(SOURCES) +- go build -i $(EXTRA_FLAGS) -ldflags "-X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -tags "$(BUILDTAGS)" -o contrib/cmd/recvtty/recvtty ./contrib/cmd/recvtty ++ $(GO) build $(EXTRA_FLAGS) -ldflags "-X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -tags "$(BUILDTAGS)" -o contrib/cmd/recvtty/recvtty ./contrib/cmd/recvtty + + static: $(SOURCES) +- CGO_ENABLED=1 go build -i $(EXTRA_FLAGS) -tags "$(BUILDTAGS) cgo static_build" -ldflags "-w -extldflags -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -o runc . +- CGO_ENABLED=1 go build -i $(EXTRA_FLAGS) -tags "$(BUILDTAGS) cgo static_build" -ldflags "-w -extldflags -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -o contrib/cmd/recvtty/recvtty ./contrib/cmd/recvtty ++ CGO_ENABLED=1 $(GO) build $(EXTRA_FLAGS) -tags "$(BUILDTAGS) cgo static_build" -ldflags "-w -extldflags -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -o runc . ++ CGO_ENABLED=1 $(GO) build $(EXTRA_FLAGS) -tags "$(BUILDTAGS) cgo static_build" -ldflags "-w -extldflags -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -o contrib/cmd/recvtty/recvtty ./contrib/cmd/recvtty + + release: + @flag_list=(seccomp selinux apparmor static); \ +@@ -62,15 +64,15 @@ release: + CGO_ENABLED=1; \ + }; \ + echo "Building target: $$output"; \ +- go build -i $(EXTRA_FLAGS) -ldflags "$$ldflags $(EXTRA_LDFLAGS)" -tags "$$tags" -o "$$output" .; \ ++ $(GO) build $(EXTRA_FLAGS) -ldflags "$$ldflags $(EXTRA_LDFLAGS)" -tags "$$tags" -o "$$output" .; \ + done + + dbuild: runcimage + docker run --rm -v $(CURDIR):/go/src/$(PROJECT) --privileged $(RUNC_IMAGE) make clean all + + lint: +- go vet $(allpackages) +- go fmt $(allpackages) ++ $(GO) vet $(allpackages) ++ $(GO) fmt $(allpackages) + + man: + man/md2man-all.sh +@@ -88,7 +90,7 @@ unittest: runcimage + docker run -e TESTFLAGS -t --privileged --rm -v $(CURDIR):/go/src/$(PROJECT) $(RUNC_IMAGE) make localunittest + + localunittest: all +- go test -timeout 3m -tags "$(BUILDTAGS)" ${TESTFLAGS} -v $(allpackages) ++ $(GO) test -timeout 3m -tags "$(BUILDTAGS)" ${TESTFLAGS} -v $(allpackages) + + integration: runcimage + docker run -e TESTFLAGS -t --privileged --rm -v $(CURDIR):/go/src/$(PROJECT) $(RUNC_IMAGE) make localintegration +@@ -133,10 +135,10 @@ clean: + + validate: + script/validate-gofmt +- go vet $(allpackages) ++ $(GO) vet $(allpackages) + + ci: validate localtest + + # memoize allpackages, so that it's executed only once and only if used +-_allpackages = $(shell go list ./... | grep -v vendor) ++_allpackages = $(shell $(GO) list ./... | grep -v vendor) + allpackages = $(if $(__allpackages),,$(eval __allpackages := $$(_allpackages)))$(__allpackages) +-- +2.14.0 + diff --git a/runc.changes b/runc.changes index 96b1896..6b73fbb 100644 --- a/runc.changes +++ b/runc.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Sun Aug 13 14:25:32 UTC 2017 - asarai@suse.com + +- Use the upstream Makefile, to ensure that we always include the version + information in runc. This was confusing users (and Docker). bsc#1053532 +- Add a backported patch to fix a Makefile bug. + https://github.com/opencontainers/runc/pull/1555 + + bsc1053532-0001-makefile-drop-usage-of-install.patch + ------------------------------------------------------------------- Thu Aug 10 17:14:02 UTC 2017 - asarai@suse.com diff --git a/runc.spec b/runc.spec index 9bdb0db..c2da199 100644 --- a/runc.spec +++ b/runc.spec @@ -14,8 +14,13 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # +# nodebuginfo +# We don't include a git_version in the "upstream" runc package, because we +# only package released versions (unlike docker-runc). +%define git_version %{nil} + %define go_tool go %define _version 1.0.0rc4 %define project github.com/opencontainers/runc @@ -50,6 +55,8 @@ BuildRequires: golang(API) = 1.7 BuildRequires: libseccomp-devel %endif BuildRequires: libselinux-devel +# SUSE-FIX-UPSTREAM: Backport of https://github.com/opencontainers/runc/pull/1555. bsc#1053532 +Patch100: bsc1053532-0001-makefile-drop-usage-of-install.patch Recommends: criu BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -78,26 +85,28 @@ Test package for runc. It contains the source code and the tests. %prep %setup -q -n %{name}-v%{_version} +# bsc#1053532 +%patch100 -p1 %build # Do not use symlinks. If you want to run the unit tests for this package at # some point during the build and you need to directly use go list directly it # will get confused by symlinks. -export GOPATH=${HOME}/go:${HOME}/go/src/%project/Godeps/_workspace +export GOPATH=${HOME}/go mkdir -pv $HOME/go/src/%project rm -rf $HOME/go/src/%project/* cp -av * $HOME/go/src/%project -# Build all features. -export BUILDTAGS="apparmor selinux" -export BUILDFLAGS="-gccgoflags=-Wl,--add-needed -Wl,--no-as-needed -static-libgo -ldl -lselinux -lapparmor" - # Additionally enable seccomp. %if 0%{?with_libseccomp} -export BUILDTAGS="$BUILDTAGS seccomp" -export BUILDFLAGS="$BUILDFLAGS -lseccomp" +export EXTRA_BUILDTAGS+="seccomp" +export EXTRA_GCCFLAGS+="-lseccomp" %endif +# Build all features. +export BUILDTAGS="apparmor selinux $EXTRA_BUILDTAGS" +export BUILDFLAGS="-buildmode=pie -gccgoflags='-Wl,--add-needed -Wl,--no-as-needed -static-libgo -ldl -lselinux -lapparmor $EXTRA_GCCFLAGS'" + (cat <