Accepting request 517265 from Virtualization:containers

- Use the upstream Makefile, to ensure that we always include the version information in runc. This was confusing users (and Docker). bsc#1053532 - Add a backported patch to fix a Makefile bug. https://github.com/opencontainers/runc/pull/1555 + bsc1053532-0001-makefile-drop-usage-of-install.patch - Update to runc v1.0.0-rc4. - Use -buildmode=pie for tests and binary build. bsc#1048046 bsc#1051429 - Cleanup seccomp builds similar to bsc#1028638 OBS-URL: https://build.opensuse.org/request/show/517265 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/runc?expand=0&rev=14
2017-08-17 09:44:20 +00:00 · 2017-08-17 09:44:20 +00:00 · 7a344dfd11
commit 7a344dfd11
parent 95b584f280 9676cebf63
5 changed files with 238 additions and 45 deletions
--- a/bsc1053532-0001-makefile-drop-usage-of-install.patch
+++ b/bsc1053532-0001-makefile-drop-usage-of-install.patch
@ -0,0 +1,101 @@
+From 6581d0f488b3bfa00760cc71c5f1fccfee302b0d Mon Sep 17 00:00:00 2001
+From: Aleksa Sarai <asarai@suse.de>
+Date: Mon, 14 Aug 2017 00:10:28 +1000
+Subject: [PATCH] makefile: drop usage of --install
+
+The "go build -i" invocation may slightly help with incremental
+recompilation, but it will cause builds to fail if $GOROOT is not
+writeable by the current user. While this does appear to work sometimes,
+it's a concern for external build systems where "-i" causes build errors
+for no real gain.
+
+Given the size of the runc project, --install is not really giving us
+much anyway.
+
+SUSE-Bug: https://bugzilla.opensuse.org/show_bug.cgi?id=1053532
+SUSE-Backport: https://github.com/opencontainers/runc/pull/1555
+Signed-off-by: Aleksa Sarai <asarai@suse.de>
+---
+ Makefile | 22 ++++++++++++----------
+ 1 file changed, 12 insertions(+), 10 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 6781ac74e8a0..dc13d2e5296e 100644
+--- a/Makefile
+++ b/Makefile
+@@ -2,6 +2,8 @@
+ 	    localtest localunittest localintegration \
+ 	    test unittest integration
+ 
+GO := go
+
+ SOURCES := $(shell find . 2>&1 | grep -E '.*\.(c|h|go)$$')
+ PREFIX := $(DESTDIR)/usr/local
+ BINDIR := $(PREFIX)/sbin
+@@ -27,18 +29,18 @@ SHELL := $(shell command -v bash 2>/dev/null)
+ .DEFAULT: runc
+ 
+ runc: $(SOURCES)
+-	go build -i $(EXTRA_FLAGS) -ldflags "-X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -tags "$(BUILDTAGS)" -o runc .
+	$(GO) build $(EXTRA_FLAGS) -ldflags "-X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -tags "$(BUILDTAGS)" -o runc .
+ 
+ all: runc recvtty
+ 
+ recvtty: contrib/cmd/recvtty/recvtty
+ 
+ contrib/cmd/recvtty/recvtty: $(SOURCES)
+-	go build -i $(EXTRA_FLAGS) -ldflags "-X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -tags "$(BUILDTAGS)" -o contrib/cmd/recvtty/recvtty ./contrib/cmd/recvtty
+	$(GO) build $(EXTRA_FLAGS) -ldflags "-X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -tags "$(BUILDTAGS)" -o contrib/cmd/recvtty/recvtty ./contrib/cmd/recvtty
+ 
+ static: $(SOURCES)
+-	CGO_ENABLED=1 go build -i $(EXTRA_FLAGS) -tags "$(BUILDTAGS) cgo static_build" -ldflags "-w -extldflags -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -o runc .
+-	CGO_ENABLED=1 go build -i $(EXTRA_FLAGS) -tags "$(BUILDTAGS) cgo static_build" -ldflags "-w -extldflags -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -o contrib/cmd/recvtty/recvtty ./contrib/cmd/recvtty
+	CGO_ENABLED=1 $(GO) build $(EXTRA_FLAGS) -tags "$(BUILDTAGS) cgo static_build" -ldflags "-w -extldflags -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -o runc .
+	CGO_ENABLED=1 $(GO) build $(EXTRA_FLAGS) -tags "$(BUILDTAGS) cgo static_build" -ldflags "-w -extldflags -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -o contrib/cmd/recvtty/recvtty ./contrib/cmd/recvtty
+ 
+ release:
+ 	@flag_list=(seccomp selinux apparmor static); \
+@@ -62,15 +64,15 @@ release:
+ 			CGO_ENABLED=1; \
+ 		}; \
+ 		echo "Building target: $$output"; \
+-		go build -i $(EXTRA_FLAGS) -ldflags "$$ldflags $(EXTRA_LDFLAGS)" -tags "$$tags" -o "$$output" .; \
+		$(GO) build $(EXTRA_FLAGS) -ldflags "$$ldflags $(EXTRA_LDFLAGS)" -tags "$$tags" -o "$$output" .; \
+ 	done
+ 
+ dbuild: runcimage
+ 	docker run --rm -v $(CURDIR):/go/src/$(PROJECT) --privileged $(RUNC_IMAGE) make clean all
+ 
+ lint:
+-	go vet $(allpackages)
+-	go fmt $(allpackages)
+	$(GO) vet $(allpackages)
+	$(GO) fmt $(allpackages)
+ 
+ man:
+ 	man/md2man-all.sh
+@@ -88,7 +90,7 @@ unittest: runcimage
+ 	docker run -e TESTFLAGS -t --privileged --rm -v $(CURDIR):/go/src/$(PROJECT) $(RUNC_IMAGE) make localunittest
+ 
+ localunittest: all
+-	go test -timeout 3m -tags "$(BUILDTAGS)" ${TESTFLAGS} -v $(allpackages)
+	$(GO) test -timeout 3m -tags "$(BUILDTAGS)" ${TESTFLAGS} -v $(allpackages)
+ 
+ integration: runcimage
+ 	docker run -e TESTFLAGS -t --privileged --rm -v $(CURDIR):/go/src/$(PROJECT) $(RUNC_IMAGE) make localintegration
+@@ -133,10 +135,10 @@ clean:
+ 
+ validate:
+ 	script/validate-gofmt
+-	go vet $(allpackages)
+	$(GO) vet $(allpackages)
+ 
+ ci: validate localtest
+ 
+ # memoize allpackages, so that it's executed only once and only if used
+-_allpackages = $(shell go list ./... | grep -v vendor)
+_allpackages = $(shell $(GO) list ./... | grep -v vendor)
+ allpackages = $(if $(__allpackages),,$(eval __allpackages := $$(_allpackages)))$(__allpackages)
+-- 
+2.14.0
+
--- a/runc-v1.0.0rc3+r133.tar.xz
+++ b/runc-v1.0.0rc3+r133.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f557624b98ff2d38b84843d0fb70eb731ed14fd9d28613a8f317b1dc9ca1f073
-size 491904
--- a/runc-v1.0.0rc4.tar.xz
+++ b/runc-v1.0.0rc4.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7704aa2959591136619067f678012a77329060907ccc7b4926b4b3299985d7d1
+size 486660
--- a/runc.changes
+++ b/runc.changes
@ -1,3 +1,59 @@
+-------------------------------------------------------------------
+Sun Aug 13 14:25:32 UTC 2017 - asarai@suse.com
+
+- Use the upstream Makefile, to ensure that we always include the version
+  information in runc. This was confusing users (and Docker). bsc#1053532
+- Add a backported patch to fix a Makefile bug.
+  https://github.com/opencontainers/runc/pull/1555
+  + bsc1053532-0001-makefile-drop-usage-of-install.patch
+
+-------------------------------------------------------------------
+Thu Aug 10 17:14:02 UTC 2017 - asarai@suse.com
+
+- Update to runc v1.0.0-rc4. Upstream changelog:
+	+ runc now supports v1.0.0 of the OCI runtime specification. #1527
+	+ Rootless containers support has been released. The current state of
+	  this feature is that it only supports single-{uid,gid} mappings as an
+	  unprivileged user, and cgroups are completely unsupported. Work is
+	  being done to improve this. #774
+	+ Rather than relying on CRIU version nnumbers, actually check if the
+	  system supports pre-dumping. #1371
+	+ Allow the PIDs cgroup limit to be updated. #1423
+	+ Add support for checkpoint/restore of containers with orphaned PTYs
+	  (which is effectively all containers with terminal=true). #1355
+	+ Permit prestart hooks to modify the cgroup configuration of a
+	  container. #1239
+	+ Add support for a wide variety of mount options. #1460
+	+ Expose memory.use_hierarchy in MemoryStats. #1378
+	* Fix incorrect handling of systems without the freezer cgroup. #1387
+	* Many, many changes to switch away from Go's "syscall" stdlib to
+	  "golang.org/x/sys/unix". #1394 #1398 #1442 #1464 #1467 #1470 #1474
+	  #1478 #1491 #1482 #1504 #1519 #1530
+	* Set cgroup resources when restoring a container. #1399
+	* Switch back to using /sbin as the installation directory. #1406
+	* Remove the arbitrary container ID length restriction. #1435
+	* Make container force deletion ignore non-existent containers. #1451
+	* Improve handling of arbitrary cgroup mount locations when populating
+	  cpuset. #1372
+	* Make the SaneTerminal interface public. #1479
+	* Fix cases where runc would report a container to be in a "Running"
+	  state if the init was a zombie or dead. #1489
+	* Do not set supplementary groups for numeric users. #1450
+	* Fix various issues with the "owner" field in runc-list. #1516
+	* Many other miscellaneous fixes, some of which were made by first-time
+	  contributors. Thanks, and welcome to the project! #1406 #1400 #1365
+	  #1396 #1402 #1414 #1412 #1408 #1418 #1425 #1428 #1436 #1433 #1438
+	  #1410 #1447 #1388 #1484 #1481 #1496 #1245 #1524 #1534 #1526 #1533
+	- Remove any semblance of non-Linux support. #1502
+	- We no longer use shfmt for testing. #1510
+
+-------------------------------------------------------------------
+Wed Aug  2 13:51:43 UTC 2017 - asarai@suse.com
+
+- Use -buildmode=pie for tests and binary build. bsc#1048046 bsc#1051429
+- Cleanup seccomp builds similar to bsc#1028638
+- Remove the usage of 'cp -r' to reduce noise in the build logs.
+
 -------------------------------------------------------------------
 Thu Jul  6 17:14:17 UTC 2017 - thipp@suse.de

--- a/runc.spec
+++ b/runc.spec
@ -14,13 +14,32 @@

 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
+# nodebuginfo


+# We don't include a git_version in the "upstream" runc package, because we
+# only package released versions (unlike docker-runc).
+%define git_version %{nil}
+
 %define go_tool go
-%define _version 1.0.0rc3+r133
+%define _version 1.0.0rc4
+%define project github.com/opencontainers/runc
+
+# enable libseccomp for sle >= sle12sp2
+%if 0%{?sle_version} >= 120200
+%define with_libseccomp 1
+%endif
+# enable libseccomp for leap >= 42.2
+%if 0%{?leap_version} >= 420200
+%define with_libseccomp 1
+%endif
+# enable libseccomp for Factory
+%if 0%{?suse_version} > 1320
+%define with_libseccomp 1
+%endif

 Name:           runc
-Version:        1.0.0~rc3+r133
+Version:        1.0.0~rc4
 Release:        0
 Summary:        Tool for spawning and running OCI containers
 License:        Apache-2.0
@ -32,11 +51,12 @@ BuildRequires:  fdupes
 BuildRequires:  go-go-md2man
 BuildRequires:  libapparmor-devel
 BuildRequires:  golang(API) = 1.7
-# Seccomp isn't supported on aarch64.
-%ifnarch aarch64
+%if 0%{?with_libseccomp}
 BuildRequires:  libseccomp-devel
 %endif
 BuildRequires:  libselinux-devel
+# SUSE-FIX-UPSTREAM: Backport of https://github.com/opencontainers/runc/pull/1555. bsc#1053532
+Patch100:       bsc1053532-0001-makefile-drop-usage-of-install.patch
 Recommends:     criu
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

@ -53,9 +73,8 @@ Group:          System/Management
 BuildRequires:  golang(API) = 1.7
 Requires:       go-go-md2man
 Requires:       libapparmor-devel
-# Seccomp isn't supported on aarch64.
-%ifnarch aarch64
-Requires:       libseccomp-devel
+%if 0%{?with_libseccomp}
+BuildRequires:  libseccomp-devel
 %endif
 Requires:       libselinux-devel
 Recommends:     criu
@ -66,56 +85,74 @@ Test package for runc. It contains the source code and the tests.

 %prep
 %setup -q -n %{name}-v%{_version}
+# bsc#1053532
+%patch100 -p1

 %build
 # Do not use symlinks. If you want to run the unit tests for this package at
 # some point during the build and you need to directly use go list directly it
 # will get confused by symlinks.
-export GOPATH=${HOME}/go:${HOME}/go/src/github.com/opencontainers/runc/Godeps/_workspace
-mkdir -pv $HOME/go/src/github.com/opencontainers/runc
-rm -rf $HOME/go/src/github.com/opencontainers/runc/*
-cp -avr * $HOME/go/src/github.com/opencontainers/runc
+export GOPATH=${HOME}/go
+mkdir -pv $HOME/go/src/%project
+rm -rf $HOME/go/src/%project/*
+cp -av * $HOME/go/src/%project

-export BUILDFLAGS="-gccgoflags=-Wl,--add-needed -Wl,--no-as-needed -static-libgo -ldl -lselinux -lapparmor"
-# Build all features.
-export BUILDTAGS="apparmor selinux"
-
-# Seccomp isn't supported on aarch64.
-%ifnarch aarch64
-export BUILDTAGS="$BUILDTAGS seccomp"
-export BUILDFLAGS="$BUILDFLAGS -lseccomp"
+# Additionally enable seccomp.
+%if 0%{?with_libseccomp}
+export EXTRA_BUILDTAGS+="seccomp"
+export EXTRA_GCCFLAGS+="-lseccomp"
 %endif

+# Build all features.
+export BUILDTAGS="apparmor selinux $EXTRA_BUILDTAGS"
+export BUILDFLAGS="-buildmode=pie -gccgoflags='-Wl,--add-needed -Wl,--no-as-needed -static-libgo -ldl -lselinux -lapparmor $EXTRA_GCCFLAGS'"
+
+(cat <<EOF
+export GOPATH="$GOPATH"
+export BUILDTAGS="$BUILDTAGS"
+export BUILDFLAGS="$BUILDFLAGS"
+EOF
+) >./.runc_build_env
+source ./.runc_build_env
+
 # Build runc.
-%go_tool build "$BUILDFLAGS" -tags "$BUILDTAGS" -x -o %{name}-%{version} github.com/opencontainers/%{name}
+make -C "$HOME/go/src/%project" EXTRA_FLAGS="-x $BUILDFLAGS" BUILDTAGS="$BUILDTAGS" COMMIT_NO="%{git_version}" runc
+mv "$HOME/go/src/%project/runc" %{name}-%{version}

 # Build man pages, this can only be done on arches where we can build go-md2man.
 man/md2man-all.sh

 %check
-export GOPATH=$HOME/go/src/github.com/opencontainers/runc/Godeps/_workspace:$GOPATH
-cd $HOME/go/src/github.com/opencontainers/runc
+source ./.runc_build_env
+cd $HOME/go/src/%project
+
 PKG_LIST=$(go list ./... \
-		| grep -v 'github.com/opencontainers/runc/libcontainer/cgroups/fs$' \
-		| grep -v 'github.com/opencontainers/runc/libcontainer$' \
-		| grep -v 'github.com/opencontainers/runc/libcontainer/integration$' \
-		| grep -v 'github.com/opencontainers/runc/libcontainer/nsenter$' \
-		| grep -v 'github.com/opencontainers/runc/libcontainer/user$' \
-		| grep -v 'github.com/opencontainers/runc/libcontainer/xattr$')
-go test -timeout 3m -tags "$BUILDTAGS" -v $PKG_LIST
+		| grep -v '%{project}/libcontainer/cgroups/fs$' \
+		| grep -v '%{project}/libcontainer$' \
+		| grep -v '%{project}/libcontainer/integration$' \
+		| grep -v '%{project}/libcontainer/nsenter$' \
+		| grep -v '%{project}/libcontainer/user$' \
+		| grep -v '%{project}/libcontainer/xattr$' \
+%if ! 0%{?with_libseccomp}
+		| grep -v '%{project}/libcontainer/seccomp$' \
+		| grep -v 'github.com/seccomp/libseccomp-golang$' \
+%endif
+		)
+%go_tool test -buildmode=pie -tags "$BUILDTAGS" -timeout 3m -v $PKG_LIST

 %install
+source ./.runc_build_env
+
+# We install to /usr/sbin/runc as per upstream.
 install -D -m755 %{name}-%{version} %{buildroot}%{_sbindir}/%{name}
-install -d -m755 %{buildroot}/usr/src/runc/
-cp -avr $HOME/go/src/github.com/opencontainers/runc/* %{buildroot}/usr/src/runc/
-
-# symlink runc as docker-runc. bsc#1015661
-install -d -m755 %{buildroot}/%{_bindir}
+install -d -m755 %{buildroot}/usr/src/%{name}/
+cp -av $HOME/go/src/%{project}/* %{buildroot}/usr/src/%{name}/

+# Man pages.
 install -d -m755 %{buildroot}%{_mandir}/man8
 install -m644 man/man8/runc*.8 %{buildroot}%{_mandir}/man8

-%fdupes %{buildroot}/%{_prefix}
+%fdupes %{buildroot}

 %post

@ -123,7 +160,6 @@ install -m644 man/man8/runc*.8 %{buildroot}%{_mandir}/man8
 %defattr(-,root,root)
 %doc README.md LICENSE
 %{_sbindir}/%{name}
-
 %{_mandir}/man8/runc*.8.gz

 %files test