From ce9552284766233eb3209275eb8c4325111e09cf7507c8adfce852373a05f2a5 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 11 Aug 2017 12:10:02 +0000 Subject: [PATCH] - Use -buildmode=pie for tests and binary build. bsc#1048046 bsc#1051429 This also includes some various improvements to the packaging of runc, containerd and docker-runc. OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=53 --- runc.changes | 19 ++++++++---- runc.spec | 84 ++++++++++++++++++++++++++++++++++------------------ 2 files changed, 68 insertions(+), 35 deletions(-) diff --git a/runc.changes b/runc.changes index 0d38a01..43e512d 100644 --- a/runc.changes +++ b/runc.changes @@ -1,19 +1,26 @@ +------------------------------------------------------------------- +Wed Aug 2 13:51:43 UTC 2017 - asarai@suse.com + +- Use -buildmode=pie for tests and binary build. bsc#1048046 bsc#1051429 +- Cleanup seccomp builds similar to bsc#1028638 +- Remove the usage of 'cp -r' to reduce noise in the build logs. + ------------------------------------------------------------------- Thu Jul 6 17:14:17 UTC 2017 - thipp@suse.de - switch to opencontainers/runc master branch -- remove CVE-2016-9962.patch +- remove CVE-2016-9962.patch - stop providing docker-runc ------------------------------------------------------------------- Thu May 4 19:04:49 UTC 2017 - jmassaguerpla@suse.com -- fix the golang requirement to 1.7 to the subpackages +- fix the golang requirement to 1.7 to the subpackages ------------------------------------------------------------------- Tue May 2 15:49:41 UTC 2017 - jmassaguerpla@suse.com -- fix golang requirement to 1.7 +- fix golang requirement to 1.7 ------------------------------------------------------------------- Fri Apr 28 16:16:00 UTC 2017 - jengelh@inai.de @@ -23,20 +30,20 @@ Fri Apr 28 16:16:00 UTC 2017 - jengelh@inai.de ------------------------------------------------------------------- Thu Apr 13 16:34:03 UTC 2017 - jmassaguerpla@suse.com -- update version to the one required by docker-17.04.0-ce (bsc#1034053) +- update version to the one required by docker-17.04.0-ce (bsc#1034053) remove ignore_cgroup2_mountpoint.patch . This is already included in the upstream source code. ------------------------------------------------------------------- Wed Apr 12 09:55:28 UTC 2017 - jmassaguerpla@suse.com -- Make sure this is being built with go 1.7 +- Make sure this is being built with go 1.7 ------------------------------------------------------------------- Tue Apr 11 15:37:36 UTC 2017 - jmassaguerpla@suse.com - remove the go_arches macro because we are using go1.7 which - is available in all archs + is available in all archs ------------------------------------------------------------------- Wed Mar 29 15:47:52 UTC 2017 - jmassaguerpla@suse.com diff --git a/runc.spec b/runc.spec index 5b9265e..a6b6d5d 100644 --- a/runc.spec +++ b/runc.spec @@ -18,6 +18,20 @@ %define go_tool go %define _version 1.0.0rc3+r133 +%define project github.com/opencontainers/runc + +# enable libseccomp for sle >= sle12sp2 +%if 0%{?sle_version} >= 120200 +%define with_libseccomp 1 +%endif +# enable libseccomp for leap >= 42.2 +%if 0%{?leap_version} >= 420200 +%define with_libseccomp 1 +%endif +# enable libseccomp for Factory +%if 0%{?suse_version} > 1320 +%define with_libseccomp 1 +%endif Name: runc Version: 1.0.0~rc3+r133 @@ -32,8 +46,7 @@ BuildRequires: fdupes BuildRequires: go-go-md2man BuildRequires: libapparmor-devel BuildRequires: golang(API) = 1.7 -# Seccomp isn't supported on aarch64. -%ifnarch aarch64 +%if 0%{?with_libseccomp} BuildRequires: libseccomp-devel %endif BuildRequires: libselinux-devel @@ -53,9 +66,8 @@ Group: System/Management BuildRequires: golang(API) = 1.7 Requires: go-go-md2man Requires: libapparmor-devel -# Seccomp isn't supported on aarch64. -%ifnarch aarch64 -Requires: libseccomp-devel +%if 0%{?with_libseccomp} +BuildRequires: libseccomp-devel %endif Requires: libselinux-devel Recommends: criu @@ -71,51 +83,66 @@ Test package for runc. It contains the source code and the tests. # Do not use symlinks. If you want to run the unit tests for this package at # some point during the build and you need to directly use go list directly it # will get confused by symlinks. -export GOPATH=${HOME}/go:${HOME}/go/src/github.com/opencontainers/runc/Godeps/_workspace -mkdir -pv $HOME/go/src/github.com/opencontainers/runc -rm -rf $HOME/go/src/github.com/opencontainers/runc/* -cp -avr * $HOME/go/src/github.com/opencontainers/runc +export GOPATH=${HOME}/go:${HOME}/go/src/%project/Godeps/_workspace +mkdir -pv $HOME/go/src/%project +rm -rf $HOME/go/src/%project/* +cp -av * $HOME/go/src/%project -export BUILDFLAGS="-gccgoflags=-Wl,--add-needed -Wl,--no-as-needed -static-libgo -ldl -lselinux -lapparmor" # Build all features. export BUILDTAGS="apparmor selinux" +export BUILDFLAGS="-gccgoflags=-Wl,--add-needed -Wl,--no-as-needed -static-libgo -ldl -lselinux -lapparmor" -# Seccomp isn't supported on aarch64. -%ifnarch aarch64 +# Additionally enable seccomp. +%if 0%{?with_libseccomp} export BUILDTAGS="$BUILDTAGS seccomp" export BUILDFLAGS="$BUILDFLAGS -lseccomp" %endif +(cat <./.runc_build_env +source ./.runc_build_env + # Build runc. -%go_tool build "$BUILDFLAGS" -tags "$BUILDTAGS" -x -o %{name}-%{version} github.com/opencontainers/%{name} +%go_tool build -buildmode=pie "$BUILDFLAGS" -tags "$BUILDTAGS" -x -o %{name}-%{version} %{project} # Build man pages, this can only be done on arches where we can build go-md2man. man/md2man-all.sh %check -export GOPATH=$HOME/go/src/github.com/opencontainers/runc/Godeps/_workspace:$GOPATH -cd $HOME/go/src/github.com/opencontainers/runc +source ./.runc_build_env +cd $HOME/go/src/%project + PKG_LIST=$(go list ./... \ - | grep -v 'github.com/opencontainers/runc/libcontainer/cgroups/fs$' \ - | grep -v 'github.com/opencontainers/runc/libcontainer$' \ - | grep -v 'github.com/opencontainers/runc/libcontainer/integration$' \ - | grep -v 'github.com/opencontainers/runc/libcontainer/nsenter$' \ - | grep -v 'github.com/opencontainers/runc/libcontainer/user$' \ - | grep -v 'github.com/opencontainers/runc/libcontainer/xattr$') -go test -timeout 3m -tags "$BUILDTAGS" -v $PKG_LIST + | grep -v '%{project}/libcontainer/cgroups/fs$' \ + | grep -v '%{project}/libcontainer$' \ + | grep -v '%{project}/libcontainer/integration$' \ + | grep -v '%{project}/libcontainer/nsenter$' \ + | grep -v '%{project}/libcontainer/user$' \ + | grep -v '%{project}/libcontainer/xattr$' \ +%if ! 0%{?with_libseccomp} + | grep -v '%{project}/libcontainer/seccomp$' \ + | grep -v 'github.com/seccomp/libseccomp-golang$' \ +%endif + ) +%go_tool test -buildmode=pie "$BUILDFLAGS" -tags "$BUILDTAGS" -timeout 3m -v $PKG_LIST %install +source ./.runc_build_env + +# We install to /usr/sbin/runc as per upstream. install -D -m755 %{name}-%{version} %{buildroot}%{_sbindir}/%{name} -install -d -m755 %{buildroot}/usr/src/runc/ -cp -avr $HOME/go/src/github.com/opencontainers/runc/* %{buildroot}/usr/src/runc/ - -# symlink runc as docker-runc. bsc#1015661 -install -d -m755 %{buildroot}/%{_bindir} +install -d -m755 %{buildroot}/usr/src/%{name}/ +cp -av $HOME/go/src/%{project}/* %{buildroot}/usr/src/%{name}/ +# Man pages. install -d -m755 %{buildroot}%{_mandir}/man8 install -m644 man/man8/runc*.8 %{buildroot}%{_mandir}/man8 -%fdupes %{buildroot}/%{_prefix} +%fdupes %{buildroot} %post @@ -123,7 +150,6 @@ install -m644 man/man8/runc*.8 %{buildroot}%{_mandir}/man8 %defattr(-,root,root) %doc README.md LICENSE %{_sbindir}/%{name} - %{_mandir}/man8/runc*.8.gz %files test