Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Manuel Rüger" <mrueg@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: app-emulation/runc/, app-emulation/runc/files/
Date: Thu, 04 Jul 2019 15:34:14
Message-Id: 1562254428.7a5c6cc21e5f943c2ed2f7fb1214cbb6d98f00cd.mrueg@gentoo
1 commit: 7a5c6cc21e5f943c2ed2f7fb1214cbb6d98f00cd
2 Author: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
3 AuthorDate: Thu Jul 4 15:33:48 2019 +0000
4 Commit: Manuel Rüger <mrueg <AT> gentoo <DOT> org>
5 CommitDate: Thu Jul 4 15:33:48 2019 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7a5c6cc2
7
8 app-emulation/runc: Remove old and unmaintained live
9
10 Package-Manager: Portage-2.3.68, Repoman-2.3.16
11 Signed-off-by: Manuel Rüger <mrueg <AT> gentoo.org>
12
13 app-emulation/runc/Manifest | 4 -
14 app-emulation/runc/files/runc-fix-cve.patch | 334 ---------------------
15 .../runc/runc-1.0.0_rc5_p20180509-r1.ebuild | 62 ----
16 .../runc/runc-1.0.0_rc6_p20181203-r1.ebuild | 65 ----
17 app-emulation/runc/runc-1.0.0_rc6_p20190216.ebuild | 63 ----
18 app-emulation/runc/runc-1.0.0_rc7.ebuild | 63 ----
19 app-emulation/runc/runc-9999.ebuild | 48 ---
20 7 files changed, 639 deletions(-)
21
22 diff --git a/app-emulation/runc/Manifest b/app-emulation/runc/Manifest
23 index 287936a5ed5..c96feb04e9c 100644
24 --- a/app-emulation/runc/Manifest
25 +++ b/app-emulation/runc/Manifest
26 @@ -1,5 +1 @@
27 -DIST runc-1.0.0_rc5_p20180509.tar.gz 1185576 BLAKE2B b56f9c185c061f51a1fd81c19d378b06c71d06c6eddcbc1c946b234814eb469ea4af37bf42ef3889e4d37bc430e69d0a563281b13055f855f1bc15935531fe28 SHA512 9a55bdb8e39830f46cceff48970b7688139927552e3d268b9ef4a6e640ffc3d95164b99c5b05d07d295bedc2ea22daf6062fd520df1548d78b1d481fd928f1e3
28 -DIST runc-1.0.0_rc6_p20181203.tar.gz 1202869 BLAKE2B 5b5808fc65f3725e5cc22794c5ff6c5eba6016110358b0f60dd3378df2e5b64afb5631e5652f45e9721838dd02745b8c5a88abfcd244de202196ac16bfccd5a7 SHA512 ec3d3fec773f2f9df714b0813efb110e21e328634e0b4ae77f323a892d0327aea5d4b6f9ae2a549aa06fda5b27431f4514fd663c7033dc170ca1a03627931f9d
29 -DIST runc-1.0.0_rc6_p20190216.tar.gz 1663903 BLAKE2B d6094e85f1d35e1dcc7aed94adffe384f651953568345a9f6edb7ef17b24e25d8572ba84a23326c134c2dae28e1d62d0715a8bd6d949d7ef5cbc4cbc6af2f635 SHA512 e3d61506b44f05dfbad2e07d917c8408edea54c87a472ceb109e2ba2a1685b26f1407c2fe7660d416b60fc2583414af09567bcb8b3c95bc14f725d120373337c
30 -DIST runc-1.0.0_rc7.tar.gz 1665891 BLAKE2B eea7fa8f37d788d3e4ba97161ba2369cbdd660218f136bfb57430bf4080709707ed2bf10209f6eadaffe281e5222ccf2c085407fb2c4799c81266504750e24da SHA512 3c5cf70985f080afc633b79d7d5a045d1f5300398e2cc91770653a0f4b2dd38ac2b4ed25c199e92bc7399f9a711c28ed3fb6262fc4a8700527b3e45356d6f723
31 DIST runc-1.0.0_rc8.tar.gz 1665924 BLAKE2B 542cbdefaaa1ef89d2abf8e31ca8116f26cddbfc3fb94dc8c7e94c51750b179ed557bee857ec80ede7280856c66c01c7961a26dc7e6202276baca46c691a3903 SHA512 f213b6a7fa96597d2ba1068f77752bccc0a1d62e0aac02ec8d2a2552dc3c1140fd4e52b2daeb0ac8fc09c48abe4521834450baae01ad4165308813eee7654a2b
32
33 diff --git a/app-emulation/runc/files/runc-fix-cve.patch b/app-emulation/runc/files/runc-fix-cve.patch
34 deleted file mode 100644
35 index fa85cb0444f..00000000000
36 --- a/app-emulation/runc/files/runc-fix-cve.patch
37 +++ /dev/null
38 @@ -1,334 +0,0 @@
39 -From 0a8e4117e7f715d5fbeef398405813ce8e88558b Mon Sep 17 00:00:00 2001
40 -From: Aleksa Sarai <asarai@××××.de>
41 -Date: Wed, 9 Jan 2019 13:40:01 +1100
42 -Subject: [PATCH] nsenter: clone /proc/self/exe to avoid exposing host binary
43 - to container
44 -
45 -There are quite a few circumstances where /proc/self/exe pointing to a
46 -pretty important container binary is a _bad_ thing, so to avoid this we
47 -have to make a copy (preferably doing self-clean-up and not being
48 -writeable).
49 -
50 -We require memfd_create(2) -- though there is an O_TMPFILE fallback --
51 -but we can always extend this to use a scratch MNT_DETACH overlayfs or
52 -tmpfs. The main downside to this approach is no page-cache sharing for
53 -the runc binary (which overlayfs would give us) but this is far less
54 -complicated.
55 -
56 -This is only done during nsenter so that it happens transparently to the
57 -Go code, and any libcontainer users benefit from it. This also makes
58 -ExtraFiles and --preserve-fds handling trivial (because we don't need to
59 -worry about it).
60 -
61 -Fixes: CVE-2019-5736
62 -Co-developed-by: Christian Brauner <christian.brauner@××××××.com>
63 -Signed-off-by: Aleksa Sarai <asarai@××××.de>
64 ----
65 - libcontainer/nsenter/cloned_binary.c | 268 +++++++++++++++++++++++++++
66 - libcontainer/nsenter/nsexec.c | 11 ++
67 - 2 files changed, 279 insertions(+)
68 - create mode 100644 libcontainer/nsenter/cloned_binary.c
69 -
70 -diff --git a/libcontainer/nsenter/cloned_binary.c b/libcontainer/nsenter/cloned_binary.c
71 -new file mode 100644
72 -index 000000000..c8a42c23f
73 ---- /dev/null
74 -+++ b/libcontainer/nsenter/cloned_binary.c
75 -@@ -0,0 +1,268 @@
76 -+/*
77 -+ * Copyright (C) 2019 Aleksa Sarai <cyphar@××××××.com>
78 -+ * Copyright (C) 2019 SUSE LLC
79 -+ *
80 -+ * Licensed under the Apache License, Version 2.0 (the "License");
81 -+ * you may not use this file except in compliance with the License.
82 -+ * You may obtain a copy of the License at
83 -+ *
84 -+ * http://www.apache.org/licenses/LICENSE-2.0
85 -+ *
86 -+ * Unless required by applicable law or agreed to in writing, software
87 -+ * distributed under the License is distributed on an "AS IS" BASIS,
88 -+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
89 -+ * See the License for the specific language governing permissions and
90 -+ * limitations under the License.
91 -+ */
92 -+
93 -+#define _GNU_SOURCE
94 -+#include <unistd.h>
95 -+#include <stdio.h>
96 -+#include <stdlib.h>
97 -+#include <stdbool.h>
98 -+#include <string.h>
99 -+#include <limits.h>
100 -+#include <fcntl.h>
101 -+#include <errno.h>
102 -+
103 -+#include <sys/types.h>
104 -+#include <sys/stat.h>
105 -+#include <sys/vfs.h>
106 -+#include <sys/mman.h>
107 -+#include <sys/sendfile.h>
108 -+#include <sys/syscall.h>
109 -+
110 -+/* Use our own wrapper for memfd_create. */
111 -+#if !defined(SYS_memfd_create) && defined(__NR_memfd_create)
112 -+# define SYS_memfd_create __NR_memfd_create
113 -+#endif
114 -+#ifdef SYS_memfd_create
115 -+# define HAVE_MEMFD_CREATE
116 -+/* memfd_create(2) flags -- copied from <linux/memfd.h>. */
117 -+# ifndef MFD_CLOEXEC
118 -+# define MFD_CLOEXEC 0x0001U
119 -+# define MFD_ALLOW_SEALING 0x0002U
120 -+# endif
121 -+int memfd_create(const char *name, unsigned int flags)
122 -+{
123 -+ return syscall(SYS_memfd_create, name, flags);
124 -+}
125 -+#endif
126 -+
127 -+/* This comes directly from <linux/fcntl.h>. */
128 -+#ifndef F_LINUX_SPECIFIC_BASE
129 -+# define F_LINUX_SPECIFIC_BASE 1024
130 -+#endif
131 -+#ifndef F_ADD_SEALS
132 -+# define F_ADD_SEALS (F_LINUX_SPECIFIC_BASE + 9)
133 -+# define F_GET_SEALS (F_LINUX_SPECIFIC_BASE + 10)
134 -+#endif
135 -+#ifndef F_SEAL_SEAL
136 -+# define F_SEAL_SEAL 0x0001 /* prevent further seals from being set */
137 -+# define F_SEAL_SHRINK 0x0002 /* prevent file from shrinking */
138 -+# define F_SEAL_GROW 0x0004 /* prevent file from growing */
139 -+# define F_SEAL_WRITE 0x0008 /* prevent writes */
140 -+#endif
141 -+
142 -+#define RUNC_SENDFILE_MAX 0x7FFFF000 /* sendfile(2) is limited to 2GB. */
143 -+#ifdef HAVE_MEMFD_CREATE
144 -+# define RUNC_MEMFD_COMMENT "runc_cloned:/proc/self/exe"
145 -+# define RUNC_MEMFD_SEALS \
146 -+ (F_SEAL_SEAL | F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE)
147 -+#endif
148 -+
149 -+static void *must_realloc(void *ptr, size_t size)
150 -+{
151 -+ void *old = ptr;
152 -+ do {
153 -+ ptr = realloc(old, size);
154 -+ } while(!ptr);
155 -+ return ptr;
156 -+}
157 -+
158 -+/*
159 -+ * Verify whether we are currently in a self-cloned program (namely, is
160 -+ * /proc/self/exe a memfd). F_GET_SEALS will only succeed for memfds (or rather
161 -+ * for shmem files), and we want to be sure it's actually sealed.
162 -+ */
163 -+static int is_self_cloned(void)
164 -+{
165 -+ int fd, ret, is_cloned = 0;
166 -+
167 -+ fd = open("/proc/self/exe", O_RDONLY|O_CLOEXEC);
168 -+ if (fd < 0)
169 -+ return -ENOTRECOVERABLE;
170 -+
171 -+#ifdef HAVE_MEMFD_CREATE
172 -+ ret = fcntl(fd, F_GET_SEALS);
173 -+ is_cloned = (ret == RUNC_MEMFD_SEALS);
174 -+#else
175 -+ struct stat statbuf = {0};
176 -+ ret = fstat(fd, &statbuf);
177 -+ if (ret >= 0)
178 -+ is_cloned = (statbuf.st_nlink == 0);
179 -+#endif
180 -+ close(fd);
181 -+ return is_cloned;
182 -+}
183 -+
184 -+/*
185 -+ * Basic wrapper around mmap(2) that gives you the file length so you can
186 -+ * safely treat it as an ordinary buffer. Only gives you read access.
187 -+ */
188 -+static char *read_file(char *path, size_t *length)
189 -+{
190 -+ int fd;
191 -+ char buf[4096], *copy = NULL;
192 -+
193 -+ if (!length)
194 -+ return NULL;
195 -+
196 -+ fd = open(path, O_RDONLY | O_CLOEXEC);
197 -+ if (fd < 0)
198 -+ return NULL;
199 -+
200 -+ *length = 0;
201 -+ for (;;) {
202 -+ int n;
203 -+
204 -+ n = read(fd, buf, sizeof(buf));
205 -+ if (n < 0)
206 -+ goto error;
207 -+ if (!n)
208 -+ break;
209 -+
210 -+ copy = must_realloc(copy, (*length + n) * sizeof(*copy));
211 -+ memcpy(copy + *length, buf, n);
212 -+ *length += n;
213 -+ }
214 -+ close(fd);
215 -+ return copy;
216 -+
217 -+error:
218 -+ close(fd);
219 -+ free(copy);
220 -+ return NULL;
221 -+}
222 -+
223 -+/*
224 -+ * A poor-man's version of "xargs -0". Basically parses a given block of
225 -+ * NUL-delimited data, within the given length and adds a pointer to each entry
226 -+ * to the array of pointers.
227 -+ */
228 -+static int parse_xargs(char *data, int data_length, char ***output)
229 -+{
230 -+ int num = 0;
231 -+ char *cur = data;
232 -+
233 -+ if (!data || *output != NULL)
234 -+ return -1;
235 -+
236 -+ while (cur < data + data_length) {
237 -+ num++;
238 -+ *output = must_realloc(*output, (num + 1) * sizeof(**output));
239 -+ (*output)[num - 1] = cur;
240 -+ cur += strlen(cur) + 1;
241 -+ }
242 -+ (*output)[num] = NULL;
243 -+ return num;
244 -+}
245 -+
246 -+/*
247 -+ * "Parse" out argv and envp from /proc/self/cmdline and /proc/self/environ.
248 -+ * This is necessary because we are running in a context where we don't have a
249 -+ * main() that we can just get the arguments from.
250 -+ */
251 -+static int fetchve(char ***argv, char ***envp)
252 -+{
253 -+ char *cmdline = NULL, *environ = NULL;
254 -+ size_t cmdline_size, environ_size;
255 -+
256 -+ cmdline = read_file("/proc/self/cmdline", &cmdline_size);
257 -+ if (!cmdline)
258 -+ goto error;
259 -+ environ = read_file("/proc/self/environ", &environ_size);
260 -+ if (!environ)
261 -+ goto error;
262 -+
263 -+ if (parse_xargs(cmdline, cmdline_size, argv) <= 0)
264 -+ goto error;
265 -+ if (parse_xargs(environ, environ_size, envp) <= 0)
266 -+ goto error;
267 -+
268 -+ return 0;
269 -+
270 -+error:
271 -+ free(environ);
272 -+ free(cmdline);
273 -+ return -EINVAL;
274 -+}
275 -+
276 -+static int clone_binary(void)
277 -+{
278 -+ int binfd, memfd;
279 -+ ssize_t sent = 0;
280 -+
281 -+#ifdef HAVE_MEMFD_CREATE
282 -+ memfd = memfd_create(RUNC_MEMFD_COMMENT, MFD_CLOEXEC | MFD_ALLOW_SEALING);
283 -+#else
284 -+ memfd = open("/tmp", O_TMPFILE | O_EXCL | O_RDWR | O_CLOEXEC, 0711);
285 -+#endif
286 -+ if (memfd < 0)
287 -+ return -ENOTRECOVERABLE;
288 -+
289 -+ binfd = open("/proc/self/exe", O_RDONLY | O_CLOEXEC);
290 -+ if (binfd < 0)
291 -+ goto error;
292 -+
293 -+ sent = sendfile(memfd, binfd, NULL, RUNC_SENDFILE_MAX);
294 -+ close(binfd);
295 -+ if (sent < 0)
296 -+ goto error;
297 -+
298 -+#ifdef HAVE_MEMFD_CREATE
299 -+ int err = fcntl(memfd, F_ADD_SEALS, RUNC_MEMFD_SEALS);
300 -+ if (err < 0)
301 -+ goto error;
302 -+#else
303 -+ /* Need to re-open "memfd" as read-only to avoid execve(2) giving -EXTBUSY. */
304 -+ int newfd;
305 -+ char *fdpath = NULL;
306 -+
307 -+ if (asprintf(&fdpath, "/proc/self/fd/%d", memfd) < 0)
308 -+ goto error;
309 -+ newfd = open(fdpath, O_RDONLY | O_CLOEXEC);
310 -+ free(fdpath);
311 -+ if (newfd < 0)
312 -+ goto error;
313 -+
314 -+ close(memfd);
315 -+ memfd = newfd;
316 -+#endif
317 -+ return memfd;
318 -+
319 -+error:
320 -+ close(memfd);
321 -+ return -EIO;
322 -+}
323 -+
324 -+int ensure_cloned_binary(void)
325 -+{
326 -+ int execfd;
327 -+ char **argv = NULL, **envp = NULL;
328 -+
329 -+ /* Check that we're not self-cloned, and if we are then bail. */
330 -+ int cloned = is_self_cloned();
331 -+ if (cloned > 0 || cloned == -ENOTRECOVERABLE)
332 -+ return cloned;
333 -+
334 -+ if (fetchve(&argv, &envp) < 0)
335 -+ return -EINVAL;
336 -+
337 -+ execfd = clone_binary();
338 -+ if (execfd < 0)
339 -+ return -EIO;
340 -+
341 -+ fexecve(execfd, argv, envp);
342 -+ return -ENOEXEC;
343 -+}
344 -diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c
345 -index 28269dfc0..7750af35e 100644
346 ---- a/libcontainer/nsenter/nsexec.c
347 -+++ b/libcontainer/nsenter/nsexec.c
348 -@@ -534,6 +534,9 @@ void join_namespaces(char *nslist)
349 - free(namespaces);
350 - }
351 -
352 -+/* Defined in cloned_binary.c. */
353 -+extern int ensure_cloned_binary(void);
354 -+
355 - void nsexec(void)
356 - {
357 - int pipenum;
358 -@@ -549,6 +552,14 @@ void nsexec(void)
359 - if (pipenum == -1)
360 - return;
361 -
362 -+ /*
363 -+ * We need to re-exec if we are not in a cloned binary. This is necessary
364 -+ * to ensure that containers won't be able to access the host binary
365 -+ * through /proc/self/exe. See CVE-2019-5736.
366 -+ */
367 -+ if (ensure_cloned_binary() < 0)
368 -+ bail("could not ensure we are a cloned binary");
369 -+
370 - /* Parse all of the netlink configuration. */
371 - nl_parse(pipenum, &config);
372 -
373
374 diff --git a/app-emulation/runc/runc-1.0.0_rc5_p20180509-r1.ebuild b/app-emulation/runc/runc-1.0.0_rc5_p20180509-r1.ebuild
375 deleted file mode 100644
376 index 992fdf609d6..00000000000
377 --- a/app-emulation/runc/runc-1.0.0_rc5_p20180509-r1.ebuild
378 +++ /dev/null
379 @@ -1,62 +0,0 @@
380 -# Copyright 1999-2019 Gentoo Authors
381 -# Distributed under the terms of the GNU General Public License v2
382 -
383 -EAPI=6
384 -EGO_PN="github.com/opencontainers/${PN}"
385 -
386 -if [[ ${PV} == *9999 ]]; then
387 - inherit golang-build golang-vcs
388 -else
389 - MY_PV="${PV/_/-}"
390 - EGIT_COMMIT="v${MY_PV}"
391 - RUNC_COMMIT="69663f0bd4b60df09991c08812a60108003fa340" # Change this when you update the ebuild
392 - SRC_URI="https://${EGO_PN}/archive/${RUNC_COMMIT}.tar.gz -> ${P}.tar.gz"
393 - KEYWORDS="amd64 ~arm ~arm64 ~ppc64"
394 - inherit golang-build golang-vcs-snapshot
395 -fi
396 -
397 -DESCRIPTION="runc container cli tools"
398 -HOMEPAGE="http://runc.io"
399 -
400 -LICENSE="Apache-2.0"
401 -SLOT="0"
402 -IUSE="+ambient apparmor hardened +seccomp"
403 -
404 -RDEPEND="
405 - apparmor? ( sys-libs/libapparmor )
406 - seccomp? ( sys-libs/libseccomp )
407 - !app-emulation/docker-runc
408 -"
409 -
410 -PATCHES=( "${FILESDIR}"/runc-fix-cve.patch )
411 -
412 -src_prepare() {
413 - pushd src/${EGO_PN} || die
414 - default
415 - popd || die
416 -}
417 -
418 -src_compile() {
419 - # Taken from app-emulation/docker-1.7.0-r1
420 - export CGO_CFLAGS="-I${ROOT}/usr/include"
421 - export CGO_LDFLAGS="$(usex hardened '-fno-PIC ' '')
422 - -L${ROOT}/usr/$(get_libdir)"
423 -
424 - # build up optional flags
425 - local options=(
426 - $(usex ambient 'ambient')
427 - $(usex apparmor 'apparmor')
428 - $(usex seccomp 'seccomp')
429 - )
430 -
431 - GOPATH="${S}"\
432 - emake BUILDTAGS="${options[*]}" \
433 - COMMIT="${RUNC_COMMIT}" -C src/${EGO_PN}
434 -}
435 -
436 -src_install() {
437 - pushd src/${EGO_PN} || die
438 - dobin runc
439 - dodoc README.md PRINCIPLES.md
440 - popd || die
441 -}
442
443 diff --git a/app-emulation/runc/runc-1.0.0_rc6_p20181203-r1.ebuild b/app-emulation/runc/runc-1.0.0_rc6_p20181203-r1.ebuild
444 deleted file mode 100644
445 index 893c249793a..00000000000
446 --- a/app-emulation/runc/runc-1.0.0_rc6_p20181203-r1.ebuild
447 +++ /dev/null
448 @@ -1,65 +0,0 @@
449 -# Copyright 1999-2019 Gentoo Authors
450 -# Distributed under the terms of the GNU General Public License v2
451 -
452 -EAPI=6
453 -EGO_PN="github.com/opencontainers/${PN}"
454 -
455 -if [[ ${PV} == *9999 ]]; then
456 - inherit golang-build golang-vcs
457 -else
458 - MY_PV="${PV/_/-}"
459 - RUNC_COMMIT="96ec2177ae841256168fcf76954f7177af9446eb" # Change this when you update the ebuild
460 - SRC_URI="https://${EGO_PN}/archive/${RUNC_COMMIT}.tar.gz -> ${P}.tar.gz"
461 - KEYWORDS="amd64 ~arm ~arm64 ~ppc64"
462 - inherit golang-build golang-vcs-snapshot
463 -fi
464 -
465 -DESCRIPTION="runc container cli tools"
466 -HOMEPAGE="http://runc.io"
467 -
468 -LICENSE="Apache-2.0"
469 -SLOT="0"
470 -IUSE="+ambient apparmor hardened +kmem +seccomp"
471 -
472 -RDEPEND="
473 - apparmor? ( sys-libs/libapparmor )
474 - seccomp? ( sys-libs/libseccomp )
475 - !app-emulation/docker-runc
476 -"
477 -
478 -PATCHES=( "${FILESDIR}/${PN}-fix-cve.patch" )
479 -
480 -src_prepare() {
481 - pushd src/${EGO_PN}
482 - default
483 - sed -i -e "/^GIT_BRANCH/d"\
484 - -e "/^GIT_BRANCH_CLEAN/d"\
485 - -e "/^COMMIT_NO/d"\
486 - -e "s/COMMIT :=.*/COMMIT := ${RUNC_COMMIT}/"\
487 - Makefile || die
488 - popd || die
489 -}
490 -
491 -src_compile() {
492 - # Taken from app-emulation/docker-1.7.0-r1
493 - export CGO_CFLAGS="-I${ROOT}/usr/include"
494 - export CGO_LDFLAGS="$(usex hardened '-fno-PIC ' '')
495 - -L${ROOT}/usr/$(get_libdir)"
496 -
497 - # build up optional flags
498 - local options=(
499 - $(usex ambient 'ambient' '')
500 - $(usex apparmor 'apparmor' '')
501 - $(usex seccomp 'seccomp' '')
502 - $(usex kmem '' 'nokmem')
503 - )
504 -
505 - GOPATH="${S}" emake BUILDTAGS="${options[*]}" -C src/${EGO_PN}
506 -}
507 -
508 -src_install() {
509 - pushd src/${EGO_PN} || die
510 - dobin runc
511 - dodoc README.md PRINCIPLES.md
512 - popd || die
513 -}
514
515 diff --git a/app-emulation/runc/runc-1.0.0_rc6_p20190216.ebuild b/app-emulation/runc/runc-1.0.0_rc6_p20190216.ebuild
516 deleted file mode 100644
517 index d1e688e0dd6..00000000000
518 --- a/app-emulation/runc/runc-1.0.0_rc6_p20190216.ebuild
519 +++ /dev/null
520 @@ -1,63 +0,0 @@
521 -# Copyright 1999-2019 Gentoo Authors
522 -# Distributed under the terms of the GNU General Public License v2
523 -
524 -EAPI=6
525 -EGO_PN="github.com/opencontainers/${PN}"
526 -
527 -if [[ ${PV} == *9999 ]]; then
528 - inherit golang-build golang-vcs
529 -else
530 - MY_PV="${PV/_/-}"
531 - RUNC_COMMIT="2b18fe1d885ee5083ef9f0838fee39b62d653e30" # Change this when you update the ebuild
532 - SRC_URI="https://${EGO_PN}/archive/${RUNC_COMMIT}.tar.gz -> ${P}.tar.gz"
533 - KEYWORDS="amd64 ~arm ~arm64 ~ppc64"
534 - inherit golang-build golang-vcs-snapshot
535 -fi
536 -
537 -DESCRIPTION="runc container cli tools"
538 -HOMEPAGE="http://runc.io"
539 -
540 -LICENSE="Apache-2.0"
541 -SLOT="0"
542 -IUSE="+ambient apparmor hardened +kmem +seccomp"
543 -
544 -RDEPEND="
545 - apparmor? ( sys-libs/libapparmor )
546 - seccomp? ( sys-libs/libseccomp )
547 - !app-emulation/docker-runc
548 -"
549 -
550 -src_prepare() {
551 - pushd src/${EGO_PN}
552 - default
553 - sed -i -e "/^GIT_BRANCH/d"\
554 - -e "/^GIT_BRANCH_CLEAN/d"\
555 - -e "/^COMMIT_NO/d"\
556 - -e "s/COMMIT :=.*/COMMIT := ${RUNC_COMMIT}/"\
557 - Makefile || die
558 - popd || die
559 -}
560 -
561 -src_compile() {
562 - # Taken from app-emulation/docker-1.7.0-r1
563 - export CGO_CFLAGS="-I${ROOT}/usr/include"
564 - export CGO_LDFLAGS="$(usex hardened '-fno-PIC ' '')
565 - -L${ROOT}/usr/$(get_libdir)"
566 -
567 - # build up optional flags
568 - local options=(
569 - $(usex ambient 'ambient' '')
570 - $(usex apparmor 'apparmor' '')
571 - $(usex seccomp 'seccomp' '')
572 - $(usex kmem '' 'nokmem')
573 - )
574 -
575 - GOPATH="${S}" emake BUILDTAGS="${options[*]}" -C src/${EGO_PN}
576 -}
577 -
578 -src_install() {
579 - pushd src/${EGO_PN} || die
580 - dobin runc
581 - dodoc README.md PRINCIPLES.md
582 - popd || die
583 -}
584
585 diff --git a/app-emulation/runc/runc-1.0.0_rc7.ebuild b/app-emulation/runc/runc-1.0.0_rc7.ebuild
586 deleted file mode 100644
587 index 9a9686fa4af..00000000000
588 --- a/app-emulation/runc/runc-1.0.0_rc7.ebuild
589 +++ /dev/null
590 @@ -1,63 +0,0 @@
591 -# Copyright 1999-2019 Gentoo Authors
592 -# Distributed under the terms of the GNU General Public License v2
593 -
594 -EAPI=6
595 -EGO_PN="github.com/opencontainers/${PN}"
596 -
597 -if [[ ${PV} == *9999 ]]; then
598 - inherit golang-build golang-vcs
599 -else
600 - MY_PV="${PV/_/-}"
601 - RUNC_COMMIT="69ae5da6afdcaaf38285a10b36f362e41cb298d6" # Change this when you update the ebuild
602 - SRC_URI="https://${EGO_PN}/archive/${RUNC_COMMIT}.tar.gz -> ${P}.tar.gz"
603 - KEYWORDS="amd64 ~arm ~arm64 ~ppc64"
604 - inherit golang-build golang-vcs-snapshot
605 -fi
606 -
607 -DESCRIPTION="runc container cli tools"
608 -HOMEPAGE="http://runc.io"
609 -
610 -LICENSE="Apache-2.0"
611 -SLOT="0"
612 -IUSE="+ambient apparmor hardened +kmem +seccomp"
613 -
614 -RDEPEND="
615 - apparmor? ( sys-libs/libapparmor )
616 - seccomp? ( sys-libs/libseccomp )
617 - !app-emulation/docker-runc
618 -"
619 -
620 -src_prepare() {
621 - pushd src/${EGO_PN}
622 - default
623 - sed -i -e "/^GIT_BRANCH/d"\
624 - -e "/^GIT_BRANCH_CLEAN/d"\
625 - -e "/^COMMIT_NO/d"\
626 - -e "s/COMMIT :=.*/COMMIT := ${RUNC_COMMIT}/"\
627 - Makefile || die
628 - popd || die
629 -}
630 -
631 -src_compile() {
632 - # Taken from app-emulation/docker-1.7.0-r1
633 - export CGO_CFLAGS="-I${ROOT}/usr/include"
634 - export CGO_LDFLAGS="$(usex hardened '-fno-PIC ' '')
635 - -L${ROOT}/usr/$(get_libdir)"
636 -
637 - # build up optional flags
638 - local options=(
639 - $(usex ambient 'ambient' '')
640 - $(usex apparmor 'apparmor' '')
641 - $(usex seccomp 'seccomp' '')
642 - $(usex kmem '' 'nokmem')
643 - )
644 -
645 - GOPATH="${S}" emake BUILDTAGS="${options[*]}" -C src/${EGO_PN}
646 -}
647 -
648 -src_install() {
649 - pushd src/${EGO_PN} || die
650 - dobin runc
651 - dodoc README.md PRINCIPLES.md
652 - popd || die
653 -}
654
655 diff --git a/app-emulation/runc/runc-9999.ebuild b/app-emulation/runc/runc-9999.ebuild
656 deleted file mode 100644
657 index 8973c749125..00000000000
658 --- a/app-emulation/runc/runc-9999.ebuild
659 +++ /dev/null
660 @@ -1,48 +0,0 @@
661 -# Copyright 1999-2017 Gentoo Foundation
662 -# Distributed under the terms of the GNU General Public License v2
663 -
664 -EAPI=6
665 -
666 -inherit eutils multilib
667 -
668 -DESCRIPTION="runc container cli tools"
669 -HOMEPAGE="http://runc.io"
670 -
671 -GITHUB_URI="github.com/opencontainers/runc"
672 -
673 -if [[ ${PV} == *9999* ]]; then
674 - EGIT_REPO_URI="git://${GITHUB_URI}.git"
675 - inherit git-r3
676 -else
677 - SRC_URI="https://${GITHUB_URI}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
678 - KEYWORDS="~amd64 ~ppc64"
679 -fi
680 -
681 -LICENSE="Apache-2.0"
682 -SLOT="0"
683 -IUSE="+seccomp"
684 -
685 -DEPEND=">=dev-lang/go-1.4:="
686 -RDEPEND="seccomp? ( sys-libs/libseccomp )
687 - !app-emulation/docker-runc"
688 -
689 -src_compile() {
690 - # Taken from app-emulation/docker-1.7.0-r1
691 - export CGO_CFLAGS="-I${ROOT}/usr/include"
692 - export CGO_LDFLAGS="-L${ROOT}/usr/$(get_libdir)"
693 -
694 - # Setup GOPATH so things build
695 - rm -rf .gopath
696 - mkdir -p .gopath/src/"$(dirname "${GITHUB_URI}")"
697 - ln -sf ../../../.. .gopath/src/"${GITHUB_URI}"
698 - export GOPATH="${PWD}/.gopath:${PWD}/vendor"
699 -
700 - # build up optional flags
701 - local options=( $(usex seccomp "seccomp") )
702 -
703 - emake BUILDTAGS="${options[@]}"
704 -}
705 -
706 -src_install() {
707 - dobin runc
708 -}
Report Message
Find on MARC Find on Google Groups