Accepting request 892389 from home:cyphar:docker

- Update to runc v1.0.0~rc94. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94 Breaking Changes: * cgroupv1: kernel memory limits are now always ignored, as kmemcg has been effectively deprecated by the kernel. Users should make use of regular memory cgroup controls. Regression Fixes: * seccomp: fix 32-bit compilation errors * runc init: fix a hang caused by deadlock in seccomp/ebpf loading code * runc start: fix "chdir to cwd: permission denied" for some setups - Remove upstreamed patches: - 0001-cloned_binary-switch-from-error-to-warning-for-SYS_m.patch OBS-URL: https://build.opensuse.org/request/show/892389 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=109
2021-05-12 08:08:56 +00:00 · 2021-05-12 08:08:56 +00:00 · e359b5cff1
commit e359b5cff1
parent 88d4373f4e
7 changed files with 39 additions and 66 deletions
--- a/0001-cloned_binary-switch-from-error-to-warning-for-SYS_m.patch
+++ b/0001-cloned_binary-switch-from-error-to-warning-for-SYS_m.patch
@ -1,38 +0,0 @@
 From dd7444d3bba4ae2e461b41026f5f37416d7ee158 Mon Sep 17 00:00:00 2001
 From: Aleksa Sarai <asarai@suse.de>
 Date: Mon, 26 Apr 2021 17:41:29 +1000
 Subject: [PATCH] cloned_binary: switch from #error to #warning for
 SYS_memfd_create hardcode
 We shouldn't refuse to build on architectures just because we don't know
 what the syscall number of memfd_create(2) is. In addition, use the
 correct defined(...) macros for ppc64 (these are the ones glibc uses).
 Fixes: 3aead32ea246 ("nsenter: hard-code memfd_create(2) syscall numbers")
 Signed-off-by: Aleksa Sarai <asarai@suse.de>
 ---
 libcontainer/nsenter/cloned_binary.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/libcontainer/nsenter/cloned_binary.c b/libcontainer/nsenter/cloned_binary.c
 index 2667cd65c293..b78000fec317 100644
 --- a/libcontainer/nsenter/cloned_binary.c
 +++ b/libcontainer/nsenter/cloned_binary.c
@@ -75,12 +75,12 @@
 #      define SYS_memfd_create 385
 #    elif defined(__aarch64__) // arm64
 #      define SYS_memfd_create 279
 -#    elif defined(__ppc__) || defined(__ppc64__) // ppc + ppc64
 +#    elif defined(__ppc__) || defined(__PPC64__) || defined(__powerpc64__) // ppc + ppc64
 #      define SYS_memfd_create 360
 #    elif defined(__s390__) || defined(__s390x__) // s390(x)
 #      define SYS_memfd_create 350
 #    else
 -#      error "unknown architecture -- cannot hard-code SYS_memfd_create"
 +#      warning "unknown architecture -- cannot hard-code SYS_memfd_create"
 #    endif
 #  endif
 #endif
 -- 
 2.31.1
--- a/runc-1.0.0-rc93.tar.xz
+++ b/runc-1.0.0-rc93.tar.xz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:70ee0fcf45b17f0da93dd4c4d174046a3584080dcc07c5468914d33d57c8202d
 size 1261676
--- a/runc-1.0.0-rc93.tar.xz.asc
+++ b/runc-1.0.0-rc93.tar.xz.asc
@ -1,16 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCAAdFiEEXzbGxhtUYBJKdfWmnhiqJn3bjbQFAmAaAVwACgkQnhiqJn3b
 jbRLSw/8DQEIlXTrCGYtB6qu/Aog3gU2JrwYWLDIRHJNl5e5QEemdgsm7JjcKU02
 cOTKjH4StQdXA164pHUaq4CYvZxzDZoACyD9G8x9dW3CP4thT9ySDE8ElV2wo5R7
 7JYoG4I7A/rmejVvA1H48U0YZdolUMJDvqEUoyY+NnIFAU3WFx/cJw5GOZ7KeGLg
 LzZxVRUQQHJdth5E9uE+DyF/7IMiMwEFXC+FG+uEOkK8uVbSu6yJyN9N8ef5aZE2
 BWmr6U9K9rq6cfQi6zGd2k5m0vRMB8qwqSDLiiVLMJYpE13Y9pxxzBasq+R4+8QS
 FACtmpmBmhVFM1RdYtoB0uoMS3ZE2xlMEWtauLXYxRwEybXeu75ZEnNAewAozY2m
 8xllZQrpSFvlqjgEslBhztWJcu7Ds7veT4SRhby/RflF087teMPvxDErh0QAPXpF
 mUZX8UahjPTMu1hv0nwrdfNe5EBkLoyOYtWIy29qgW3e+DmiAfAuOE2XI9ttn4ZB
 +i7CQocy8hlyCeDHHVPgoyWTSAV7/jYizTDq1aj0FcvGC+WHI8ZrzYgfWKQZ+/ov
 b356RwhK1lZ9sZf107phf4gmPA/uvIGvERO0PdPvWQaJbIZ4TUTxx/IO8tO5PAHz
 7DJ/UGvyIMwiERuM1ul/4bgRsMXEoCYbirqQmqe0qBSiy2c+q1g=
 =+kc+
 -----END PGP SIGNATURE-----
--- a/runc-1.0.0-rc94.tar.xz
+++ b/runc-1.0.0-rc94.tar.xz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:87daf369dcac7f1895e72bc0ee22ba9e29d4678d6d0dd795f336e35c222a801a
 size 1364032
--- a/runc-1.0.0-rc94.tar.xz.asc
+++ b/runc-1.0.0-rc94.tar.xz.asc
@ -0,0 +1,17 @@
 -----BEGIN PGP SIGNATURE-----
 iQJDBAABCAAtFiEEXzbGxhtUYBJKdfWmnhiqJn3bjbQFAmCZRxgPHGFzYXJhaUBz
 dXNlLmRlAAoJEJ4YqiZ92420WWUP/08JwOzo18rLbVsFHKcsrEQdNjzzFSE+8QNA
 plajgGEyjb7iaqhHL/j2Cv0U+rM5IcDKwLGL1Oj0n9FD9f3mst9LZubDGYK7xBnc
 rJ8J3vkVZ5vxi4qzGs0csTefkt9OOqsK3emrV9Tpqxqi2mwoGLHMWOlqziZEhZ1b
 n5aktmd/Qrdc6E1Seb1Er0O57xWDenK0w7aTHWbr7ug20Lv6T4BBiSPWsk/m8Sgm
 hkKJq4bN8ZSzRjC3AuP7TSeuneMjCwdSsKdqPXqQB9iO+cwpEdA2IjzUlQkJxCub
 4NtwmIZ9Ik7x2oLxFwV5l3NFRo7YM2SYePHVfYLFJuSq/SMQ6SVESwDC8lnTpZPd
 6/ZQFuSYGxHee7lf2HHGFmLTB1kJ27jKxqEvSMzOz+CBAvkeiNLStNAAyq4AWuzo
 ia9cJY8fEEn4nY2+pbZAS8vxrAcUzs6vNMUIv9ECyQ/XzsrhRwtC3QXkm8J1eih9
 O6hlBpajHen/JjGaDhrWWPdRwC83kIVRIqeB1x/g1hGR21HAOlFltxGgmkyy/Cz6
 MxgHoJ/GMnhdW88SR/ToTQKCTedj4nCmMSsIFcNR/YRtaeMVvzWUyYDu4wnZXJua
 U11+iwsL3e3KgObzvSSNJ4eq6N6r5BxRnbKpC3xDQ5jautzQgUrEKjA6PBdF/Bsx
 e/zmslTf
 =Uunz
 -----END PGP SIGNATURE-----
--- a/runc.changes
+++ b/runc.changes
@ -1,3 +1,19 @@
 -------------------------------------------------------------------
 Wed May 12 08:03:58 UTC 2021 - Aleksa Sarai <asarai@suse.com>
 - Update to runc v1.0.0~rc94. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94
  Breaking Changes:
  * cgroupv1: kernel memory limits are now always ignored, as kmemcg has
    been effectively deprecated by the kernel. Users should make use of regular
    memory cgroup controls.
  Regression Fixes:
  * seccomp: fix 32-bit compilation errors
  * runc init: fix a hang caused by deadlock in seccomp/ebpf loading code
  * runc start: fix "chdir to cwd: permission denied" for some setups
 - Remove upstreamed patches:
  - 0001-cloned_binary-switch-from-error-to-warning-for-SYS_m.patch
 -------------------------------------------------------------------
 Mon Apr 26 07:54:54 UTC 2021 - Aleksa Sarai <asarai@suse.com>
@ -14,7 +30,7 @@ Wed Feb  3 04:09:17 UTC 2021 - Aleksa Sarai <asarai@suse.com>
  * Cgroupv2 support is no longer considered experimental.
  * Mountinfo parsing code has been reworked significantly.
  * Special ENOSYS handling for seccomp profiles to avoid making new
-	syscalls unusable for glibc.
+    syscalls unusable for glibc.
  * Various rootless containers improvements.
  * The "selinux" and "apparmor" buildtags have been removed, and now all runc
    builds will have SELinux and AppArmor support enabled.
--- a/runc.spec
+++ b/runc.spec
@ -22,11 +22,11 @@
 # Package-wide golang version
 %define go_version 1.13
 %define _version 1.0.0-rc93
 %define project github.com/opencontainers/runc
 Name:           runc
-Version:        1.0.0~rc93
+Version:        1.0.0~rc94
 %define _version 1.0.0-rc94
 Release:        0
 Summary:        Tool for spawning and running OCI containers
 License:        Apache-2.0
@ -36,10 +36,6 @@ Source0:        https://github.com/opencontainers/runc/releases/download/v%{_ver
 Source1:        https://github.com/opencontainers/runc/releases/download/v%{_version}/runc.tar.xz.asc#/runc-%{_version}.tar.xz.asc
 Source2:        runc.keyring
 Source3:        runc-rpmlintrc
 # SUSE-FIX: SLE-12 has too old a glibc for memfd_create(2) and __ppc64__
 #           doesn't appear to match ppc64le for some reason. This is a backport
 #           of <https://github.com/opencontainers/runc/pull/2919>.
 Patch1:         0001-cloned_binary-switch-from-error-to-warning-for-SYS_m.patch
 BuildRequires:  fdupes
 BuildRequires:  go-go-md2man
 # Due to a limitation in openSUSE's Go packaging we cannot have a BuildRequires
@ -73,8 +69,6 @@ and has grown to become a separate project entirely.
 %prep
 %setup -q -n %{name}-%{_version}
 # fix build on SLE-12 ppc64le
 %patch1 -p1
 %build
 # build runc