Hello community, here is the log from the commit of package docker-runc for openSUSE:Factory checked in at 2017-08-17 11:44:29 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/docker-runc (Old) and /work/SRC/openSUSE:Factory/.docker-runc.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "docker-runc" Thu Aug 17 11:44:29 2017 rev:2 rq:517266 version:0.1.1+gitr2947_9c2d8d1 Changes: -------- --- /work/SRC/openSUSE:Factory/docker-runc/docker-runc.changes 2017-07-19 12:21:31.923931100 +0200 +++ /work/SRC/openSUSE:Factory/.docker-runc.new/docker-runc.changes 2017-08-17 11:44:32.446173063 +0200 @@ -1,0 +2,19 @@ +Sun Aug 13 14:25:32 UTC 2017 - [email protected] + +- Use the upstream Makefile, to ensure that we always include the version and + commit information in runc. This was confusing users (and Docker). + bsc#1053532 +- Add a backported patch to fix a Makefile bug. This also includes some other + changes to make the docker-runc.spec mirror the newer runc.spec (which + required additional patching to the Makefile). + https://github.com/opencontainers/runc/pull/1555 + + bsc1053532-0001-makefile-drop-usage-of-install.patch + +------------------------------------------------------------------- +Wed Aug 2 13:51:43 UTC 2017 - [email protected] + +- Use -buildmode=pie for tests and binary build. bsc#1048046 bsc#1051429 +- Cleanup seccomp builds similar to bsc#1028638 +- Remove the usage of 'cp -r' to reduce noise in the build logs. + +------------------------------------------------------------------- Old: ---- docker-runc-git.9c2d8d1.tar.xz New: ---- bsc1053532-0001-makefile-drop-usage-of-install.patch docker-runc-git.9c2d8d184e5da67c95d601382adf14862e4f2228.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ docker-runc.spec ++++++ --- /var/tmp/diff_new_pack.q7d133/_old 2017-08-17 11:44:33.857973806 +0200 +++ /var/tmp/diff_new_pack.q7d133/_new 2017-08-17 11:44:33.861973242 +0200 @@ -1,5 +1,5 @@ # -# spec file for package runc +# spec file for package docker-runc # # Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # @@ -14,41 +14,54 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # +# nodebuginfo -%define go_tool go - -# MANUAL: Update the git_version and git_revision -# FIX-OPENSUSE: This will be removed as soon as we move Docker's runC fork into -# a separate package. This whole versioning mess is caused by -# Docker vendoring non-releases of runC. -%define git_version 9c2d8d1 +# MANUAL: Update the git_version, git_short, and git_revision +%define git_version 9c2d8d184e5da67c95d601382adf14862e4f2228 +%define git_short 9c2d8d1 # How to get the git_revision # git clone ${url}.git runc-upstream # cd runc-upstream # git checkout $git_version # git_revision=r$(git rev-list HEAD | wc -l) %define git_revision r2947 -%define version_unconverted %{git_version} +%define go_tool go %define _name runc +%define project github.com/opencontainers/%{_name} + +# enable libseccomp for sle >= sle12sp2 +%if 0%{?sle_version} >= 120200 +%define with_libseccomp 1 +%endif +# enable libseccomp for leap >= 42.2 +%if 0%{?leap_version} >= 420200 +%define with_libseccomp 1 +%endif +# enable libseccomp for Factory +%if 0%{?suse_version} > 1320 +%define with_libseccomp 1 +%endif Name: docker-runc -Version: 0.1.1+git%{git_revision}_%{git_version} +Version: 0.1.1+git%{git_revision}_%{git_short} Release: 0 Summary: Tool for spawning and running OCI containers License: Apache-2.0 Group: System/Management Url: https://github.com/opencontainers/runc Source: %{name}-git.%{git_version}.tar.xz +# SUSE-FIX-UPSTREAM: Backport of CVE-2016-9962 fix. bsc#1012568 Patch0: CVE-2016-9962.patch +# SUSE-FIX-UPSTREAM: Backport of https://github.com/opencontainers/runc/pull/1555. bsc#1053532 +Patch100: bsc1053532-0001-makefile-drop-usage-of-install.patch BuildRequires: fdupes # Make sure we require go 1.7 BuildRequires: go-go-md2man BuildRequires: libapparmor-devel BuildRequires: golang(API) = 1.7 -# Seccomp isn't supported on aarch64. -%ifnarch aarch64 +%if 0%{?with_libseccomp} BuildRequires: libseccomp-devel %endif BuildRequires: libselinux-devel @@ -69,80 +82,98 @@ BuildRequires: golang(API) = 1.7 Requires: go-go-md2man Requires: libapparmor-devel -# Seccomp isn't supported on aarch64. -%ifnarch aarch64 -Requires: libseccomp-devel +%if 0%{?with_libseccomp} +BuildRequires: libseccomp-devel %endif Requires: libselinux-devel Recommends: criu BuildArch: noarch -Obsoletes: runc <= 1.0 +Obsoletes: runc-test <= 1.0 %description test Test package for runc. It contains the source code and the tests. %prep %setup -q -n %{name}-git.%{git_version} +# bsc#1012568 %patch0 -p1 +# bsc#1053532 +%patch100 -p1 %build # Do not use symlinks. If you want to run the unit tests for this package at # some point during the build and you need to directly use go list directly it # will get confused by symlinks. -export GOPATH=${HOME}/go:${HOME}/go/src/github.com/opencontainers/runc/Godeps/_workspace -mkdir -pv $HOME/go/src/github.com/opencontainers/runc -rm -rf $HOME/go/src/github.com/opencontainers/runc/* -cp -avr * $HOME/go/src/github.com/opencontainers/runc +export GOPATH=${HOME}/go:${HOME}/go/src/%project/Godeps/_workspace +mkdir -pv $HOME/go/src/%project +rm -rf $HOME/go/src/%project/* +cp -av * $HOME/go/src/%project + +# Additionally enable seccomp. +%if 0%{?with_libseccomp} +export EXTRA_BUILDTAGS+="seccomp" +export EXTRA_GCCFLAGS+="-lseccomp" +%endif -export BUILDFLAGS="-gccgoflags=-Wl,--add-needed -Wl,--no-as-needed -static-libgo -ldl -lselinux -lapparmor" # Build all features. -export BUILDTAGS="apparmor selinux" +export BUILDTAGS="apparmor selinux $EXTRA_BUILDTAGS" +export BUILDFLAGS="-buildmode=pie -gccgoflags='-Wl,--add-needed -Wl,--no-as-needed -static-libgo -ldl -lselinux -lapparmor $EXTRA_GCCFLAGS'" -# Seccomp isn't supported on aarch64. -%ifnarch aarch64 -export BUILDTAGS="$BUILDTAGS seccomp" -export BUILDFLAGS="$BUILDFLAGS -lseccomp" -%endif +(cat <<EOF +export GOPATH="$GOPATH" +export BUILDTAGS="$BUILDTAGS" +export BUILDFLAGS="$BUILDFLAGS" +EOF +) >./.runc_build_env +source ./.runc_build_env # Build runc. -%go_tool build "$BUILDFLAGS" -tags "$BUILDTAGS" -x -o %{name}-%{version} github.com/opencontainers/%{_name} +make -C "$HOME/go/src/%project" EXTRA_FLAGS="-x $BUILDFLAGS" BUILDTAGS="$BUILDTAGS" COMMIT_NO="%{git_version}" runc +mv "$HOME/go/src/%project/runc" %{name}-%{version} # Build man pages, this can only be done on arches where we can build go-md2man. man/md2man-all.sh %check -export GOPATH=$HOME/go/src/github.com/opencontainers/runc/Godeps/_workspace:$GOPATH -cd $HOME/go/src/github.com/opencontainers/runc +source ./.runc_build_env +cd $HOME/go/src/%project + PKG_LIST=$(go list ./... \ - | grep -v 'github.com/opencontainers/runc/libcontainer/cgroups/fs$' \ - | grep -v 'github.com/opencontainers/runc/libcontainer$' \ - | grep -v 'github.com/opencontainers/runc/libcontainer/integration$' \ - | grep -v 'github.com/opencontainers/runc/libcontainer/nsenter$' \ - | grep -v 'github.com/opencontainers/runc/libcontainer/user$' \ - | grep -v 'github.com/opencontainers/runc/libcontainer/xattr$') -go test -timeout 3m -tags "$BUILDTAGS" -v $PKG_LIST + | grep -v '%{project}/libcontainer/cgroups/fs$' \ + | grep -v '%{project}/libcontainer$' \ + | grep -v '%{project}/libcontainer/integration$' \ + | grep -v '%{project}/libcontainer/label$' \ + | grep -v '%{project}/libcontainer/nsenter$' \ + | grep -v '%{project}/libcontainer/user$' \ + | grep -v '%{project}/libcontainer/xattr$' \ +%if ! 0%{?with_libseccomp} + | grep -v '%{project}/libcontainer/seccomp$' \ + | grep -v 'github.com/seccomp/libseccomp-golang$' \ +%endif + ) +%go_tool test -buildmode=pie -tags "$BUILDTAGS" -timeout 3m -v $PKG_LIST %install -install -D -m755 %{name}-%{version} %{buildroot}%{_sbindir}/%{_name} -install -d -m755 %{buildroot}/usr/src/docker-runc/ -cp -avr $HOME/go/src/github.com/opencontainers/runc/* %{buildroot}/usr/src/docker-runc/ +source ./.runc_build_env -install -d -m755 %{buildroot}/%{_bindir} -mv %{buildroot}/%{_sbindir}/{,docker-}runc +# Make sure we install in /usr/sbin/docker-runc +install -D -m755 %{name}-%{version} %{buildroot}%{_sbindir}/%{name} +install -d -m755 %{buildroot}/usr/src/%{name}/ +cp -av $HOME/go/src/%{project}/* %{buildroot}/usr/src/%{name}/ +# We have to rename the man pages to docker-runc. install -d -m755 %{buildroot}%{_mandir}/man8 cd man/man8 for mp in $(ls runc*.8); do install -m644 ${mp} %{buildroot}%{_mandir}/man8/docker-${mp} done -%fdupes %{buildroot}/%{_prefix} +%fdupes %{buildroot} %files %defattr(-,root,root) %doc README.md LICENSE %{_sbindir}/docker-runc - %{_mandir}/man8/docker-runc*.8.gz %files test ++++++ _service ++++++ --- /var/tmp/diff_new_pack.q7d133/_old 2017-08-17 11:44:34.077942760 +0200 +++ /var/tmp/diff_new_pack.q7d133/_new 2017-08-17 11:44:34.089941067 +0200 @@ -1,13 +1,9 @@ <services> <service name="tar_scm" mode="disabled"> - <!-- FIXME: This will (very soon) be split into a separate runC package, - because we shouldn't be pinning it to Docker's release and vendoring - schedule. Docker is a very peculiar user of runC and we should be - providing runC as a separate package so that users can use it. --> <param name="url">https://github.com/docker/runc.git</param> <param name="scm">git</param> <param name="filename">docker-runc</param> - <param name="versionformat">git.%h</param> + <param name="versionformat">git.%H</param> <param name="revision">9c2d8d184e5da67c95d601382adf14862e4f2228</param> <param name="exclude">.git</param> </service> ++++++ bsc1053532-0001-makefile-drop-usage-of-install.patch ++++++ >From 678f31ecf967c4d859e47b76ec93d6f124d58266 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai <[email protected]> Date: Mon, 14 Aug 2017 00:10:28 +1000 Subject: [PATCH] makefile: drop usage of --install The "go build -i" invocation may slightly help with incremental recompilation, but it will cause builds to fail if $GOROOT is not writeable by the current user. While this does appear to work sometimes, it's a concern for external build systems where "-i" causes build errors for no real gain. Given the size of the runc project, --install is not really giving us much anyway. SUSE-Bug: https://bugzilla.opensuse.org/show_bug.cgi?id=1053532 SUSE-Backport: https://github.com/opencontainers/runc/pull/1555 Signed-off-by: Aleksa Sarai <[email protected]> --- Makefile | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/Makefile b/Makefile index 779be925546f..c4bbdd3291d2 100644 --- a/Makefile +++ b/Makefile @@ -2,6 +2,8 @@ localtest localunittest localintegration \ test unittest integration +GO := go + PREFIX := $(DESTDIR)/usr/local BINDIR := $(PREFIX)/sbin GIT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD 2>/dev/null) @@ -27,10 +29,10 @@ VERSION := ${shell cat ./VERSION} SHELL := $(shell command -v bash 2>/dev/null) -all: $(RUNC_LINK) - go build -i -ldflags "-X main.gitCommit=${COMMIT} -X main.version=${VERSION}" -tags "$(BUILDTAGS)" -o runc . +runc: $(RUNC_LINK) + $(GO) build $(EXTRA_FLAGS) -ldflags "-X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -tags "$(BUILDTAGS)" -o runc . static: $(RUNC_LINK) - CGO_ENABLED=1 go build -i -tags "$(BUILDTAGS) cgo static_build" -ldflags "-w -extldflags -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION}" -o runc . + CGO_ENABLED=1 $(GO) build $(EXTRA_FLAGS) -tags "$(BUILDTAGS) cgo static_build" -ldflags "-w -extldflags -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -o runc . release: $(RUNC_LINK) @flag_list=(seccomp selinux apparmor static ambient); \ @@ -54,8 +56,7 @@ release: $(RUNC_LINK) CGO_ENABLED=1; \ }; \ echo "Building target: $$output"; \ - rm -rf "${GOPATH}/pkg"; \ - go build -i -ldflags "$$ldflags" -tags "$$tags" -o "$$output" .; \ + $(GO) build $(EXTRA_FLAGS) -ldflags "$$ldflags $(EXTRA_LDFLAGS)" -tags "$$tags" -o "$$output" .; \ done $(RUNC_LINK): @@ -65,8 +66,8 @@ dbuild: runcimage docker run --rm -v $(CURDIR):/go/src/$(PROJECT) --privileged $(RUNC_IMAGE) make lint: - go vet ./... - go fmt ./... + $(GO) vet ./... + $(GO) fmt ./... man: man/md2man-all.sh @@ -84,7 +85,7 @@ unittest: runcimage docker run -e TESTFLAGS -ti --privileged --rm -v $(CURDIR):/go/src/$(PROJECT) $(RUNC_IMAGE) make localunittest localunittest: all - go test -timeout 3m -tags "$(BUILDTAGS)" ${TESTFLAGS} -v ./... + $(GO) test -timeout 3m -tags "$(BUILDTAGS)" ${TESTFLAGS} -v ./... integration: runcimage docker run -e TESTFLAGS -t --privileged --rm -v $(CURDIR):/go/src/$(PROJECT) $(RUNC_IMAGE) make localintegration @@ -119,6 +120,6 @@ clean: validate: script/validate-gofmt - go vet ./... + $(GO) vet ./... ci: validate localtest -- 2.14.0 ++++++ docker-runc-git.9c2d8d1.tar.xz -> docker-runc-git.9c2d8d184e5da67c95d601382adf14862e4f2228.tar.xz ++++++
