Hello community,
here is the log from the commit of package docker-runc for openSUSE:Factory checked in at 2017-08-17 11:44:29
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/docker-runc (Old)
and /work/SRC/openSUSE:Factory/.docker-runc.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "docker-runc"
Thu Aug 17 11:44:29 2017 rev:2 rq:517266 version:0.1.1+gitr2947_9c2d8d1
Changes:
--------
--- /work/SRC/openSUSE:Factory/docker-runc/docker-runc.changes 2017-07-19 12:21:31.923931100 +0200
+++ /work/SRC/openSUSE:Factory/.docker-runc.new/docker-runc.changes 2017-08-17 11:44:32.446173063 +0200
@@ -1,0 +2,19 @@
+Sun Aug 13 14:25:32 UTC 2017 - asarai@suse.com
+
+- Use the upstream Makefile, to ensure that we always include the version and
+ commit information in runc. This was confusing users (and Docker).
+ bsc#1053532
+- Add a backported patch to fix a Makefile bug. This also includes some other
+ changes to make the docker-runc.spec mirror the newer runc.spec (which
+ required additional patching to the Makefile).
+ https://github.com/opencontainers/runc/pull/1555
+ + bsc1053532-0001-makefile-drop-usage-of-install.patch
+
+-------------------------------------------------------------------
+Wed Aug 2 13:51:43 UTC 2017 - asarai@suse.com
+
+- Use -buildmode=pie for tests and binary build. bsc#1048046 bsc#1051429
+- Cleanup seccomp builds similar to bsc#1028638
+- Remove the usage of 'cp -r' to reduce noise in the build logs.
+
+-------------------------------------------------------------------
Old:
----
docker-runc-git.9c2d8d1.tar.xz
New:
----
bsc1053532-0001-makefile-drop-usage-of-install.patch
docker-runc-git.9c2d8d184e5da67c95d601382adf14862e4f2228.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ docker-runc.spec ++++++
--- /var/tmp/diff_new_pack.q7d133/_old 2017-08-17 11:44:33.857973806 +0200
+++ /var/tmp/diff_new_pack.q7d133/_new 2017-08-17 11:44:33.861973242 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package runc
+# spec file for package docker-runc
#
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
@@ -14,41 +14,54 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
+# nodebuginfo
-%define go_tool go
-
-# MANUAL: Update the git_version and git_revision
-# FIX-OPENSUSE: This will be removed as soon as we move Docker's runC fork into
-# a separate package. This whole versioning mess is caused by
-# Docker vendoring non-releases of runC.
-%define git_version 9c2d8d1
+# MANUAL: Update the git_version, git_short, and git_revision
+%define git_version 9c2d8d184e5da67c95d601382adf14862e4f2228
+%define git_short 9c2d8d1
# How to get the git_revision
# git clone ${url}.git runc-upstream
# cd runc-upstream
# git checkout $git_version
# git_revision=r$(git rev-list HEAD | wc -l)
%define git_revision r2947
-%define version_unconverted %{git_version}
+%define go_tool go
%define _name runc
+%define project github.com/opencontainers/%{_name}
+
+# enable libseccomp for sle >= sle12sp2
+%if 0%{?sle_version} >= 120200
+%define with_libseccomp 1
+%endif
+# enable libseccomp for leap >= 42.2
+%if 0%{?leap_version} >= 420200
+%define with_libseccomp 1
+%endif
+# enable libseccomp for Factory
+%if 0%{?suse_version} > 1320
+%define with_libseccomp 1
+%endif
Name: docker-runc
-Version: 0.1.1+git%{git_revision}_%{git_version}
+Version: 0.1.1+git%{git_revision}_%{git_short}
Release: 0
Summary: Tool for spawning and running OCI containers
License: Apache-2.0
Group: System/Management
Url: https://github.com/opencontainers/runc
Source: %{name}-git.%{git_version}.tar.xz
+# SUSE-FIX-UPSTREAM: Backport of CVE-2016-9962 fix. bsc#1012568
Patch0: CVE-2016-9962.patch
+# SUSE-FIX-UPSTREAM: Backport of https://github.com/opencontainers/runc/pull/1555. bsc#1053532
+Patch100: bsc1053532-0001-makefile-drop-usage-of-install.patch
BuildRequires: fdupes
# Make sure we require go 1.7
BuildRequires: go-go-md2man
BuildRequires: libapparmor-devel
BuildRequires: golang(API) = 1.7
-# Seccomp isn't supported on aarch64.
-%ifnarch aarch64
+%if 0%{?with_libseccomp}
BuildRequires: libseccomp-devel
%endif
BuildRequires: libselinux-devel
@@ -69,80 +82,98 @@
BuildRequires: golang(API) = 1.7
Requires: go-go-md2man
Requires: libapparmor-devel
-# Seccomp isn't supported on aarch64.
-%ifnarch aarch64
-Requires: libseccomp-devel
+%if 0%{?with_libseccomp}
+BuildRequires: libseccomp-devel
%endif
Requires: libselinux-devel
Recommends: criu
BuildArch: noarch
-Obsoletes: runc <= 1.0
+Obsoletes: runc-test <= 1.0
%description test
Test package for runc. It contains the source code and the tests.
%prep
%setup -q -n %{name}-git.%{git_version}
+# bsc#1012568
%patch0 -p1
+# bsc#1053532
+%patch100 -p1
%build
# Do not use symlinks. If you want to run the unit tests for this package at
# some point during the build and you need to directly use go list directly it
# will get confused by symlinks.
-export GOPATH=${HOME}/go:${HOME}/go/src/github.com/opencontainers/runc/Godeps/_workspace
-mkdir -pv $HOME/go/src/github.com/opencontainers/runc
-rm -rf $HOME/go/src/github.com/opencontainers/runc/*
-cp -avr * $HOME/go/src/github.com/opencontainers/runc
+export GOPATH=${HOME}/go:${HOME}/go/src/%project/Godeps/_workspace
+mkdir -pv $HOME/go/src/%project
+rm -rf $HOME/go/src/%project/*
+cp -av * $HOME/go/src/%project
+
+# Additionally enable seccomp.
+%if 0%{?with_libseccomp}
+export EXTRA_BUILDTAGS+="seccomp"
+export EXTRA_GCCFLAGS+="-lseccomp"
+%endif
-export BUILDFLAGS="-gccgoflags=-Wl,--add-needed -Wl,--no-as-needed -static-libgo -ldl -lselinux -lapparmor"
# Build all features.
-export BUILDTAGS="apparmor selinux"
+export BUILDTAGS="apparmor selinux $EXTRA_BUILDTAGS"
+export BUILDFLAGS="-buildmode=pie -gccgoflags='-Wl,--add-needed -Wl,--no-as-needed -static-libgo -ldl -lselinux -lapparmor $EXTRA_GCCFLAGS'"
-# Seccomp isn't supported on aarch64.
-%ifnarch aarch64
-export BUILDTAGS="$BUILDTAGS seccomp"
-export BUILDFLAGS="$BUILDFLAGS -lseccomp"
-%endif
+(cat <
From 678f31ecf967c4d859e47b76ec93d6f124d58266 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai
Date: Mon, 14 Aug 2017 00:10:28 +1000 Subject: [PATCH] makefile: drop usage of --install
The "go build -i" invocation may slightly help with incremental
recompilation, but it will cause builds to fail if $GOROOT is not
writeable by the current user. While this does appear to work sometimes,
it's a concern for external build systems where "-i" causes build errors
for no real gain.
Given the size of the runc project, --install is not really giving us
much anyway.
SUSE-Bug: https://bugzilla.opensuse.org/show_bug.cgi?id=1053532
SUSE-Backport: https://github.com/opencontainers/runc/pull/1555
Signed-off-by: Aleksa Sarai