1 |
commit: 7a5c6cc21e5f943c2ed2f7fb1214cbb6d98f00cd |
2 |
Author: Manuel Rüger <mrueg <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Jul 4 15:33:48 2019 +0000 |
4 |
Commit: Manuel Rüger <mrueg <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Jul 4 15:33:48 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7a5c6cc2 |
7 |
|
8 |
app-emulation/runc: Remove old and unmaintained live |
9 |
|
10 |
Package-Manager: Portage-2.3.68, Repoman-2.3.16 |
11 |
Signed-off-by: Manuel Rüger <mrueg <AT> gentoo.org> |
12 |
|
13 |
app-emulation/runc/Manifest | 4 - |
14 |
app-emulation/runc/files/runc-fix-cve.patch | 334 --------------------- |
15 |
.../runc/runc-1.0.0_rc5_p20180509-r1.ebuild | 62 ---- |
16 |
.../runc/runc-1.0.0_rc6_p20181203-r1.ebuild | 65 ---- |
17 |
app-emulation/runc/runc-1.0.0_rc6_p20190216.ebuild | 63 ---- |
18 |
app-emulation/runc/runc-1.0.0_rc7.ebuild | 63 ---- |
19 |
app-emulation/runc/runc-9999.ebuild | 48 --- |
20 |
7 files changed, 639 deletions(-) |
21 |
|
22 |
diff --git a/app-emulation/runc/Manifest b/app-emulation/runc/Manifest |
23 |
index 287936a5ed5..c96feb04e9c 100644 |
24 |
--- a/app-emulation/runc/Manifest |
25 |
+++ b/app-emulation/runc/Manifest |
26 |
@@ -1,5 +1 @@ |
27 |
-DIST runc-1.0.0_rc5_p20180509.tar.gz 1185576 BLAKE2B b56f9c185c061f51a1fd81c19d378b06c71d06c6eddcbc1c946b234814eb469ea4af37bf42ef3889e4d37bc430e69d0a563281b13055f855f1bc15935531fe28 SHA512 9a55bdb8e39830f46cceff48970b7688139927552e3d268b9ef4a6e640ffc3d95164b99c5b05d07d295bedc2ea22daf6062fd520df1548d78b1d481fd928f1e3 |
28 |
-DIST runc-1.0.0_rc6_p20181203.tar.gz 1202869 BLAKE2B 5b5808fc65f3725e5cc22794c5ff6c5eba6016110358b0f60dd3378df2e5b64afb5631e5652f45e9721838dd02745b8c5a88abfcd244de202196ac16bfccd5a7 SHA512 ec3d3fec773f2f9df714b0813efb110e21e328634e0b4ae77f323a892d0327aea5d4b6f9ae2a549aa06fda5b27431f4514fd663c7033dc170ca1a03627931f9d |
29 |
-DIST runc-1.0.0_rc6_p20190216.tar.gz 1663903 BLAKE2B d6094e85f1d35e1dcc7aed94adffe384f651953568345a9f6edb7ef17b24e25d8572ba84a23326c134c2dae28e1d62d0715a8bd6d949d7ef5cbc4cbc6af2f635 SHA512 e3d61506b44f05dfbad2e07d917c8408edea54c87a472ceb109e2ba2a1685b26f1407c2fe7660d416b60fc2583414af09567bcb8b3c95bc14f725d120373337c |
30 |
-DIST runc-1.0.0_rc7.tar.gz 1665891 BLAKE2B eea7fa8f37d788d3e4ba97161ba2369cbdd660218f136bfb57430bf4080709707ed2bf10209f6eadaffe281e5222ccf2c085407fb2c4799c81266504750e24da SHA512 3c5cf70985f080afc633b79d7d5a045d1f5300398e2cc91770653a0f4b2dd38ac2b4ed25c199e92bc7399f9a711c28ed3fb6262fc4a8700527b3e45356d6f723 |
31 |
DIST runc-1.0.0_rc8.tar.gz 1665924 BLAKE2B 542cbdefaaa1ef89d2abf8e31ca8116f26cddbfc3fb94dc8c7e94c51750b179ed557bee857ec80ede7280856c66c01c7961a26dc7e6202276baca46c691a3903 SHA512 f213b6a7fa96597d2ba1068f77752bccc0a1d62e0aac02ec8d2a2552dc3c1140fd4e52b2daeb0ac8fc09c48abe4521834450baae01ad4165308813eee7654a2b |
32 |
|
33 |
diff --git a/app-emulation/runc/files/runc-fix-cve.patch b/app-emulation/runc/files/runc-fix-cve.patch |
34 |
deleted file mode 100644 |
35 |
index fa85cb0444f..00000000000 |
36 |
--- a/app-emulation/runc/files/runc-fix-cve.patch |
37 |
+++ /dev/null |
38 |
@@ -1,334 +0,0 @@ |
39 |
-From 0a8e4117e7f715d5fbeef398405813ce8e88558b Mon Sep 17 00:00:00 2001 |
40 |
-From: Aleksa Sarai <asarai@××××.de> |
41 |
-Date: Wed, 9 Jan 2019 13:40:01 +1100 |
42 |
-Subject: [PATCH] nsenter: clone /proc/self/exe to avoid exposing host binary |
43 |
- to container |
44 |
- |
45 |
-There are quite a few circumstances where /proc/self/exe pointing to a |
46 |
-pretty important container binary is a _bad_ thing, so to avoid this we |
47 |
-have to make a copy (preferably doing self-clean-up and not being |
48 |
-writeable). |
49 |
- |
50 |
-We require memfd_create(2) -- though there is an O_TMPFILE fallback -- |
51 |
-but we can always extend this to use a scratch MNT_DETACH overlayfs or |
52 |
-tmpfs. The main downside to this approach is no page-cache sharing for |
53 |
-the runc binary (which overlayfs would give us) but this is far less |
54 |
-complicated. |
55 |
- |
56 |
-This is only done during nsenter so that it happens transparently to the |
57 |
-Go code, and any libcontainer users benefit from it. This also makes |
58 |
-ExtraFiles and --preserve-fds handling trivial (because we don't need to |
59 |
-worry about it). |
60 |
- |
61 |
-Fixes: CVE-2019-5736 |
62 |
-Co-developed-by: Christian Brauner <christian.brauner@××××××.com> |
63 |
-Signed-off-by: Aleksa Sarai <asarai@××××.de> |
64 |
---- |
65 |
- libcontainer/nsenter/cloned_binary.c | 268 +++++++++++++++++++++++++++ |
66 |
- libcontainer/nsenter/nsexec.c | 11 ++ |
67 |
- 2 files changed, 279 insertions(+) |
68 |
- create mode 100644 libcontainer/nsenter/cloned_binary.c |
69 |
- |
70 |
-diff --git a/libcontainer/nsenter/cloned_binary.c b/libcontainer/nsenter/cloned_binary.c |
71 |
-new file mode 100644 |
72 |
-index 000000000..c8a42c23f |
73 |
---- /dev/null |
74 |
-+++ b/libcontainer/nsenter/cloned_binary.c |
75 |
-@@ -0,0 +1,268 @@ |
76 |
-+/* |
77 |
-+ * Copyright (C) 2019 Aleksa Sarai <cyphar@××××××.com> |
78 |
-+ * Copyright (C) 2019 SUSE LLC |
79 |
-+ * |
80 |
-+ * Licensed under the Apache License, Version 2.0 (the "License"); |
81 |
-+ * you may not use this file except in compliance with the License. |
82 |
-+ * You may obtain a copy of the License at |
83 |
-+ * |
84 |
-+ * http://www.apache.org/licenses/LICENSE-2.0 |
85 |
-+ * |
86 |
-+ * Unless required by applicable law or agreed to in writing, software |
87 |
-+ * distributed under the License is distributed on an "AS IS" BASIS, |
88 |
-+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
89 |
-+ * See the License for the specific language governing permissions and |
90 |
-+ * limitations under the License. |
91 |
-+ */ |
92 |
-+ |
93 |
-+#define _GNU_SOURCE |
94 |
-+#include <unistd.h> |
95 |
-+#include <stdio.h> |
96 |
-+#include <stdlib.h> |
97 |
-+#include <stdbool.h> |
98 |
-+#include <string.h> |
99 |
-+#include <limits.h> |
100 |
-+#include <fcntl.h> |
101 |
-+#include <errno.h> |
102 |
-+ |
103 |
-+#include <sys/types.h> |
104 |
-+#include <sys/stat.h> |
105 |
-+#include <sys/vfs.h> |
106 |
-+#include <sys/mman.h> |
107 |
-+#include <sys/sendfile.h> |
108 |
-+#include <sys/syscall.h> |
109 |
-+ |
110 |
-+/* Use our own wrapper for memfd_create. */ |
111 |
-+#if !defined(SYS_memfd_create) && defined(__NR_memfd_create) |
112 |
-+# define SYS_memfd_create __NR_memfd_create |
113 |
-+#endif |
114 |
-+#ifdef SYS_memfd_create |
115 |
-+# define HAVE_MEMFD_CREATE |
116 |
-+/* memfd_create(2) flags -- copied from <linux/memfd.h>. */ |
117 |
-+# ifndef MFD_CLOEXEC |
118 |
-+# define MFD_CLOEXEC 0x0001U |
119 |
-+# define MFD_ALLOW_SEALING 0x0002U |
120 |
-+# endif |
121 |
-+int memfd_create(const char *name, unsigned int flags) |
122 |
-+{ |
123 |
-+ return syscall(SYS_memfd_create, name, flags); |
124 |
-+} |
125 |
-+#endif |
126 |
-+ |
127 |
-+/* This comes directly from <linux/fcntl.h>. */ |
128 |
-+#ifndef F_LINUX_SPECIFIC_BASE |
129 |
-+# define F_LINUX_SPECIFIC_BASE 1024 |
130 |
-+#endif |
131 |
-+#ifndef F_ADD_SEALS |
132 |
-+# define F_ADD_SEALS (F_LINUX_SPECIFIC_BASE + 9) |
133 |
-+# define F_GET_SEALS (F_LINUX_SPECIFIC_BASE + 10) |
134 |
-+#endif |
135 |
-+#ifndef F_SEAL_SEAL |
136 |
-+# define F_SEAL_SEAL 0x0001 /* prevent further seals from being set */ |
137 |
-+# define F_SEAL_SHRINK 0x0002 /* prevent file from shrinking */ |
138 |
-+# define F_SEAL_GROW 0x0004 /* prevent file from growing */ |
139 |
-+# define F_SEAL_WRITE 0x0008 /* prevent writes */ |
140 |
-+#endif |
141 |
-+ |
142 |
-+#define RUNC_SENDFILE_MAX 0x7FFFF000 /* sendfile(2) is limited to 2GB. */ |
143 |
-+#ifdef HAVE_MEMFD_CREATE |
144 |
-+# define RUNC_MEMFD_COMMENT "runc_cloned:/proc/self/exe" |
145 |
-+# define RUNC_MEMFD_SEALS \ |
146 |
-+ (F_SEAL_SEAL | F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE) |
147 |
-+#endif |
148 |
-+ |
149 |
-+static void *must_realloc(void *ptr, size_t size) |
150 |
-+{ |
151 |
-+ void *old = ptr; |
152 |
-+ do { |
153 |
-+ ptr = realloc(old, size); |
154 |
-+ } while(!ptr); |
155 |
-+ return ptr; |
156 |
-+} |
157 |
-+ |
158 |
-+/* |
159 |
-+ * Verify whether we are currently in a self-cloned program (namely, is |
160 |
-+ * /proc/self/exe a memfd). F_GET_SEALS will only succeed for memfds (or rather |
161 |
-+ * for shmem files), and we want to be sure it's actually sealed. |
162 |
-+ */ |
163 |
-+static int is_self_cloned(void) |
164 |
-+{ |
165 |
-+ int fd, ret, is_cloned = 0; |
166 |
-+ |
167 |
-+ fd = open("/proc/self/exe", O_RDONLY|O_CLOEXEC); |
168 |
-+ if (fd < 0) |
169 |
-+ return -ENOTRECOVERABLE; |
170 |
-+ |
171 |
-+#ifdef HAVE_MEMFD_CREATE |
172 |
-+ ret = fcntl(fd, F_GET_SEALS); |
173 |
-+ is_cloned = (ret == RUNC_MEMFD_SEALS); |
174 |
-+#else |
175 |
-+ struct stat statbuf = {0}; |
176 |
-+ ret = fstat(fd, &statbuf); |
177 |
-+ if (ret >= 0) |
178 |
-+ is_cloned = (statbuf.st_nlink == 0); |
179 |
-+#endif |
180 |
-+ close(fd); |
181 |
-+ return is_cloned; |
182 |
-+} |
183 |
-+ |
184 |
-+/* |
185 |
-+ * Basic wrapper around mmap(2) that gives you the file length so you can |
186 |
-+ * safely treat it as an ordinary buffer. Only gives you read access. |
187 |
-+ */ |
188 |
-+static char *read_file(char *path, size_t *length) |
189 |
-+{ |
190 |
-+ int fd; |
191 |
-+ char buf[4096], *copy = NULL; |
192 |
-+ |
193 |
-+ if (!length) |
194 |
-+ return NULL; |
195 |
-+ |
196 |
-+ fd = open(path, O_RDONLY | O_CLOEXEC); |
197 |
-+ if (fd < 0) |
198 |
-+ return NULL; |
199 |
-+ |
200 |
-+ *length = 0; |
201 |
-+ for (;;) { |
202 |
-+ int n; |
203 |
-+ |
204 |
-+ n = read(fd, buf, sizeof(buf)); |
205 |
-+ if (n < 0) |
206 |
-+ goto error; |
207 |
-+ if (!n) |
208 |
-+ break; |
209 |
-+ |
210 |
-+ copy = must_realloc(copy, (*length + n) * sizeof(*copy)); |
211 |
-+ memcpy(copy + *length, buf, n); |
212 |
-+ *length += n; |
213 |
-+ } |
214 |
-+ close(fd); |
215 |
-+ return copy; |
216 |
-+ |
217 |
-+error: |
218 |
-+ close(fd); |
219 |
-+ free(copy); |
220 |
-+ return NULL; |
221 |
-+} |
222 |
-+ |
223 |
-+/* |
224 |
-+ * A poor-man's version of "xargs -0". Basically parses a given block of |
225 |
-+ * NUL-delimited data, within the given length and adds a pointer to each entry |
226 |
-+ * to the array of pointers. |
227 |
-+ */ |
228 |
-+static int parse_xargs(char *data, int data_length, char ***output) |
229 |
-+{ |
230 |
-+ int num = 0; |
231 |
-+ char *cur = data; |
232 |
-+ |
233 |
-+ if (!data || *output != NULL) |
234 |
-+ return -1; |
235 |
-+ |
236 |
-+ while (cur < data + data_length) { |
237 |
-+ num++; |
238 |
-+ *output = must_realloc(*output, (num + 1) * sizeof(**output)); |
239 |
-+ (*output)[num - 1] = cur; |
240 |
-+ cur += strlen(cur) + 1; |
241 |
-+ } |
242 |
-+ (*output)[num] = NULL; |
243 |
-+ return num; |
244 |
-+} |
245 |
-+ |
246 |
-+/* |
247 |
-+ * "Parse" out argv and envp from /proc/self/cmdline and /proc/self/environ. |
248 |
-+ * This is necessary because we are running in a context where we don't have a |
249 |
-+ * main() that we can just get the arguments from. |
250 |
-+ */ |
251 |
-+static int fetchve(char ***argv, char ***envp) |
252 |
-+{ |
253 |
-+ char *cmdline = NULL, *environ = NULL; |
254 |
-+ size_t cmdline_size, environ_size; |
255 |
-+ |
256 |
-+ cmdline = read_file("/proc/self/cmdline", &cmdline_size); |
257 |
-+ if (!cmdline) |
258 |
-+ goto error; |
259 |
-+ environ = read_file("/proc/self/environ", &environ_size); |
260 |
-+ if (!environ) |
261 |
-+ goto error; |
262 |
-+ |
263 |
-+ if (parse_xargs(cmdline, cmdline_size, argv) <= 0) |
264 |
-+ goto error; |
265 |
-+ if (parse_xargs(environ, environ_size, envp) <= 0) |
266 |
-+ goto error; |
267 |
-+ |
268 |
-+ return 0; |
269 |
-+ |
270 |
-+error: |
271 |
-+ free(environ); |
272 |
-+ free(cmdline); |
273 |
-+ return -EINVAL; |
274 |
-+} |
275 |
-+ |
276 |
-+static int clone_binary(void) |
277 |
-+{ |
278 |
-+ int binfd, memfd; |
279 |
-+ ssize_t sent = 0; |
280 |
-+ |
281 |
-+#ifdef HAVE_MEMFD_CREATE |
282 |
-+ memfd = memfd_create(RUNC_MEMFD_COMMENT, MFD_CLOEXEC | MFD_ALLOW_SEALING); |
283 |
-+#else |
284 |
-+ memfd = open("/tmp", O_TMPFILE | O_EXCL | O_RDWR | O_CLOEXEC, 0711); |
285 |
-+#endif |
286 |
-+ if (memfd < 0) |
287 |
-+ return -ENOTRECOVERABLE; |
288 |
-+ |
289 |
-+ binfd = open("/proc/self/exe", O_RDONLY | O_CLOEXEC); |
290 |
-+ if (binfd < 0) |
291 |
-+ goto error; |
292 |
-+ |
293 |
-+ sent = sendfile(memfd, binfd, NULL, RUNC_SENDFILE_MAX); |
294 |
-+ close(binfd); |
295 |
-+ if (sent < 0) |
296 |
-+ goto error; |
297 |
-+ |
298 |
-+#ifdef HAVE_MEMFD_CREATE |
299 |
-+ int err = fcntl(memfd, F_ADD_SEALS, RUNC_MEMFD_SEALS); |
300 |
-+ if (err < 0) |
301 |
-+ goto error; |
302 |
-+#else |
303 |
-+ /* Need to re-open "memfd" as read-only to avoid execve(2) giving -EXTBUSY. */ |
304 |
-+ int newfd; |
305 |
-+ char *fdpath = NULL; |
306 |
-+ |
307 |
-+ if (asprintf(&fdpath, "/proc/self/fd/%d", memfd) < 0) |
308 |
-+ goto error; |
309 |
-+ newfd = open(fdpath, O_RDONLY | O_CLOEXEC); |
310 |
-+ free(fdpath); |
311 |
-+ if (newfd < 0) |
312 |
-+ goto error; |
313 |
-+ |
314 |
-+ close(memfd); |
315 |
-+ memfd = newfd; |
316 |
-+#endif |
317 |
-+ return memfd; |
318 |
-+ |
319 |
-+error: |
320 |
-+ close(memfd); |
321 |
-+ return -EIO; |
322 |
-+} |
323 |
-+ |
324 |
-+int ensure_cloned_binary(void) |
325 |
-+{ |
326 |
-+ int execfd; |
327 |
-+ char **argv = NULL, **envp = NULL; |
328 |
-+ |
329 |
-+ /* Check that we're not self-cloned, and if we are then bail. */ |
330 |
-+ int cloned = is_self_cloned(); |
331 |
-+ if (cloned > 0 || cloned == -ENOTRECOVERABLE) |
332 |
-+ return cloned; |
333 |
-+ |
334 |
-+ if (fetchve(&argv, &envp) < 0) |
335 |
-+ return -EINVAL; |
336 |
-+ |
337 |
-+ execfd = clone_binary(); |
338 |
-+ if (execfd < 0) |
339 |
-+ return -EIO; |
340 |
-+ |
341 |
-+ fexecve(execfd, argv, envp); |
342 |
-+ return -ENOEXEC; |
343 |
-+} |
344 |
-diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c |
345 |
-index 28269dfc0..7750af35e 100644 |
346 |
---- a/libcontainer/nsenter/nsexec.c |
347 |
-+++ b/libcontainer/nsenter/nsexec.c |
348 |
-@@ -534,6 +534,9 @@ void join_namespaces(char *nslist) |
349 |
- free(namespaces); |
350 |
- } |
351 |
- |
352 |
-+/* Defined in cloned_binary.c. */ |
353 |
-+extern int ensure_cloned_binary(void); |
354 |
-+ |
355 |
- void nsexec(void) |
356 |
- { |
357 |
- int pipenum; |
358 |
-@@ -549,6 +552,14 @@ void nsexec(void) |
359 |
- if (pipenum == -1) |
360 |
- return; |
361 |
- |
362 |
-+ /* |
363 |
-+ * We need to re-exec if we are not in a cloned binary. This is necessary |
364 |
-+ * to ensure that containers won't be able to access the host binary |
365 |
-+ * through /proc/self/exe. See CVE-2019-5736. |
366 |
-+ */ |
367 |
-+ if (ensure_cloned_binary() < 0) |
368 |
-+ bail("could not ensure we are a cloned binary"); |
369 |
-+ |
370 |
- /* Parse all of the netlink configuration. */ |
371 |
- nl_parse(pipenum, &config); |
372 |
- |
373 |
|
374 |
diff --git a/app-emulation/runc/runc-1.0.0_rc5_p20180509-r1.ebuild b/app-emulation/runc/runc-1.0.0_rc5_p20180509-r1.ebuild |
375 |
deleted file mode 100644 |
376 |
index 992fdf609d6..00000000000 |
377 |
--- a/app-emulation/runc/runc-1.0.0_rc5_p20180509-r1.ebuild |
378 |
+++ /dev/null |
379 |
@@ -1,62 +0,0 @@ |
380 |
-# Copyright 1999-2019 Gentoo Authors |
381 |
-# Distributed under the terms of the GNU General Public License v2 |
382 |
- |
383 |
-EAPI=6 |
384 |
-EGO_PN="github.com/opencontainers/${PN}" |
385 |
- |
386 |
-if [[ ${PV} == *9999 ]]; then |
387 |
- inherit golang-build golang-vcs |
388 |
-else |
389 |
- MY_PV="${PV/_/-}" |
390 |
- EGIT_COMMIT="v${MY_PV}" |
391 |
- RUNC_COMMIT="69663f0bd4b60df09991c08812a60108003fa340" # Change this when you update the ebuild |
392 |
- SRC_URI="https://${EGO_PN}/archive/${RUNC_COMMIT}.tar.gz -> ${P}.tar.gz" |
393 |
- KEYWORDS="amd64 ~arm ~arm64 ~ppc64" |
394 |
- inherit golang-build golang-vcs-snapshot |
395 |
-fi |
396 |
- |
397 |
-DESCRIPTION="runc container cli tools" |
398 |
-HOMEPAGE="http://runc.io" |
399 |
- |
400 |
-LICENSE="Apache-2.0" |
401 |
-SLOT="0" |
402 |
-IUSE="+ambient apparmor hardened +seccomp" |
403 |
- |
404 |
-RDEPEND=" |
405 |
- apparmor? ( sys-libs/libapparmor ) |
406 |
- seccomp? ( sys-libs/libseccomp ) |
407 |
- !app-emulation/docker-runc |
408 |
-" |
409 |
- |
410 |
-PATCHES=( "${FILESDIR}"/runc-fix-cve.patch ) |
411 |
- |
412 |
-src_prepare() { |
413 |
- pushd src/${EGO_PN} || die |
414 |
- default |
415 |
- popd || die |
416 |
-} |
417 |
- |
418 |
-src_compile() { |
419 |
- # Taken from app-emulation/docker-1.7.0-r1 |
420 |
- export CGO_CFLAGS="-I${ROOT}/usr/include" |
421 |
- export CGO_LDFLAGS="$(usex hardened '-fno-PIC ' '') |
422 |
- -L${ROOT}/usr/$(get_libdir)" |
423 |
- |
424 |
- # build up optional flags |
425 |
- local options=( |
426 |
- $(usex ambient 'ambient') |
427 |
- $(usex apparmor 'apparmor') |
428 |
- $(usex seccomp 'seccomp') |
429 |
- ) |
430 |
- |
431 |
- GOPATH="${S}"\ |
432 |
- emake BUILDTAGS="${options[*]}" \ |
433 |
- COMMIT="${RUNC_COMMIT}" -C src/${EGO_PN} |
434 |
-} |
435 |
- |
436 |
-src_install() { |
437 |
- pushd src/${EGO_PN} || die |
438 |
- dobin runc |
439 |
- dodoc README.md PRINCIPLES.md |
440 |
- popd || die |
441 |
-} |
442 |
|
443 |
diff --git a/app-emulation/runc/runc-1.0.0_rc6_p20181203-r1.ebuild b/app-emulation/runc/runc-1.0.0_rc6_p20181203-r1.ebuild |
444 |
deleted file mode 100644 |
445 |
index 893c249793a..00000000000 |
446 |
--- a/app-emulation/runc/runc-1.0.0_rc6_p20181203-r1.ebuild |
447 |
+++ /dev/null |
448 |
@@ -1,65 +0,0 @@ |
449 |
-# Copyright 1999-2019 Gentoo Authors |
450 |
-# Distributed under the terms of the GNU General Public License v2 |
451 |
- |
452 |
-EAPI=6 |
453 |
-EGO_PN="github.com/opencontainers/${PN}" |
454 |
- |
455 |
-if [[ ${PV} == *9999 ]]; then |
456 |
- inherit golang-build golang-vcs |
457 |
-else |
458 |
- MY_PV="${PV/_/-}" |
459 |
- RUNC_COMMIT="96ec2177ae841256168fcf76954f7177af9446eb" # Change this when you update the ebuild |
460 |
- SRC_URI="https://${EGO_PN}/archive/${RUNC_COMMIT}.tar.gz -> ${P}.tar.gz" |
461 |
- KEYWORDS="amd64 ~arm ~arm64 ~ppc64" |
462 |
- inherit golang-build golang-vcs-snapshot |
463 |
-fi |
464 |
- |
465 |
-DESCRIPTION="runc container cli tools" |
466 |
-HOMEPAGE="http://runc.io" |
467 |
- |
468 |
-LICENSE="Apache-2.0" |
469 |
-SLOT="0" |
470 |
-IUSE="+ambient apparmor hardened +kmem +seccomp" |
471 |
- |
472 |
-RDEPEND=" |
473 |
- apparmor? ( sys-libs/libapparmor ) |
474 |
- seccomp? ( sys-libs/libseccomp ) |
475 |
- !app-emulation/docker-runc |
476 |
-" |
477 |
- |
478 |
-PATCHES=( "${FILESDIR}/${PN}-fix-cve.patch" ) |
479 |
- |
480 |
-src_prepare() { |
481 |
- pushd src/${EGO_PN} |
482 |
- default |
483 |
- sed -i -e "/^GIT_BRANCH/d"\ |
484 |
- -e "/^GIT_BRANCH_CLEAN/d"\ |
485 |
- -e "/^COMMIT_NO/d"\ |
486 |
- -e "s/COMMIT :=.*/COMMIT := ${RUNC_COMMIT}/"\ |
487 |
- Makefile || die |
488 |
- popd || die |
489 |
-} |
490 |
- |
491 |
-src_compile() { |
492 |
- # Taken from app-emulation/docker-1.7.0-r1 |
493 |
- export CGO_CFLAGS="-I${ROOT}/usr/include" |
494 |
- export CGO_LDFLAGS="$(usex hardened '-fno-PIC ' '') |
495 |
- -L${ROOT}/usr/$(get_libdir)" |
496 |
- |
497 |
- # build up optional flags |
498 |
- local options=( |
499 |
- $(usex ambient 'ambient' '') |
500 |
- $(usex apparmor 'apparmor' '') |
501 |
- $(usex seccomp 'seccomp' '') |
502 |
- $(usex kmem '' 'nokmem') |
503 |
- ) |
504 |
- |
505 |
- GOPATH="${S}" emake BUILDTAGS="${options[*]}" -C src/${EGO_PN} |
506 |
-} |
507 |
- |
508 |
-src_install() { |
509 |
- pushd src/${EGO_PN} || die |
510 |
- dobin runc |
511 |
- dodoc README.md PRINCIPLES.md |
512 |
- popd || die |
513 |
-} |
514 |
|
515 |
diff --git a/app-emulation/runc/runc-1.0.0_rc6_p20190216.ebuild b/app-emulation/runc/runc-1.0.0_rc6_p20190216.ebuild |
516 |
deleted file mode 100644 |
517 |
index d1e688e0dd6..00000000000 |
518 |
--- a/app-emulation/runc/runc-1.0.0_rc6_p20190216.ebuild |
519 |
+++ /dev/null |
520 |
@@ -1,63 +0,0 @@ |
521 |
-# Copyright 1999-2019 Gentoo Authors |
522 |
-# Distributed under the terms of the GNU General Public License v2 |
523 |
- |
524 |
-EAPI=6 |
525 |
-EGO_PN="github.com/opencontainers/${PN}" |
526 |
- |
527 |
-if [[ ${PV} == *9999 ]]; then |
528 |
- inherit golang-build golang-vcs |
529 |
-else |
530 |
- MY_PV="${PV/_/-}" |
531 |
- RUNC_COMMIT="2b18fe1d885ee5083ef9f0838fee39b62d653e30" # Change this when you update the ebuild |
532 |
- SRC_URI="https://${EGO_PN}/archive/${RUNC_COMMIT}.tar.gz -> ${P}.tar.gz" |
533 |
- KEYWORDS="amd64 ~arm ~arm64 ~ppc64" |
534 |
- inherit golang-build golang-vcs-snapshot |
535 |
-fi |
536 |
- |
537 |
-DESCRIPTION="runc container cli tools" |
538 |
-HOMEPAGE="http://runc.io" |
539 |
- |
540 |
-LICENSE="Apache-2.0" |
541 |
-SLOT="0" |
542 |
-IUSE="+ambient apparmor hardened +kmem +seccomp" |
543 |
- |
544 |
-RDEPEND=" |
545 |
- apparmor? ( sys-libs/libapparmor ) |
546 |
- seccomp? ( sys-libs/libseccomp ) |
547 |
- !app-emulation/docker-runc |
548 |
-" |
549 |
- |
550 |
-src_prepare() { |
551 |
- pushd src/${EGO_PN} |
552 |
- default |
553 |
- sed -i -e "/^GIT_BRANCH/d"\ |
554 |
- -e "/^GIT_BRANCH_CLEAN/d"\ |
555 |
- -e "/^COMMIT_NO/d"\ |
556 |
- -e "s/COMMIT :=.*/COMMIT := ${RUNC_COMMIT}/"\ |
557 |
- Makefile || die |
558 |
- popd || die |
559 |
-} |
560 |
- |
561 |
-src_compile() { |
562 |
- # Taken from app-emulation/docker-1.7.0-r1 |
563 |
- export CGO_CFLAGS="-I${ROOT}/usr/include" |
564 |
- export CGO_LDFLAGS="$(usex hardened '-fno-PIC ' '') |
565 |
- -L${ROOT}/usr/$(get_libdir)" |
566 |
- |
567 |
- # build up optional flags |
568 |
- local options=( |
569 |
- $(usex ambient 'ambient' '') |
570 |
- $(usex apparmor 'apparmor' '') |
571 |
- $(usex seccomp 'seccomp' '') |
572 |
- $(usex kmem '' 'nokmem') |
573 |
- ) |
574 |
- |
575 |
- GOPATH="${S}" emake BUILDTAGS="${options[*]}" -C src/${EGO_PN} |
576 |
-} |
577 |
- |
578 |
-src_install() { |
579 |
- pushd src/${EGO_PN} || die |
580 |
- dobin runc |
581 |
- dodoc README.md PRINCIPLES.md |
582 |
- popd || die |
583 |
-} |
584 |
|
585 |
diff --git a/app-emulation/runc/runc-1.0.0_rc7.ebuild b/app-emulation/runc/runc-1.0.0_rc7.ebuild |
586 |
deleted file mode 100644 |
587 |
index 9a9686fa4af..00000000000 |
588 |
--- a/app-emulation/runc/runc-1.0.0_rc7.ebuild |
589 |
+++ /dev/null |
590 |
@@ -1,63 +0,0 @@ |
591 |
-# Copyright 1999-2019 Gentoo Authors |
592 |
-# Distributed under the terms of the GNU General Public License v2 |
593 |
- |
594 |
-EAPI=6 |
595 |
-EGO_PN="github.com/opencontainers/${PN}" |
596 |
- |
597 |
-if [[ ${PV} == *9999 ]]; then |
598 |
- inherit golang-build golang-vcs |
599 |
-else |
600 |
- MY_PV="${PV/_/-}" |
601 |
- RUNC_COMMIT="69ae5da6afdcaaf38285a10b36f362e41cb298d6" # Change this when you update the ebuild |
602 |
- SRC_URI="https://${EGO_PN}/archive/${RUNC_COMMIT}.tar.gz -> ${P}.tar.gz" |
603 |
- KEYWORDS="amd64 ~arm ~arm64 ~ppc64" |
604 |
- inherit golang-build golang-vcs-snapshot |
605 |
-fi |
606 |
- |
607 |
-DESCRIPTION="runc container cli tools" |
608 |
-HOMEPAGE="http://runc.io" |
609 |
- |
610 |
-LICENSE="Apache-2.0" |
611 |
-SLOT="0" |
612 |
-IUSE="+ambient apparmor hardened +kmem +seccomp" |
613 |
- |
614 |
-RDEPEND=" |
615 |
- apparmor? ( sys-libs/libapparmor ) |
616 |
- seccomp? ( sys-libs/libseccomp ) |
617 |
- !app-emulation/docker-runc |
618 |
-" |
619 |
- |
620 |
-src_prepare() { |
621 |
- pushd src/${EGO_PN} |
622 |
- default |
623 |
- sed -i -e "/^GIT_BRANCH/d"\ |
624 |
- -e "/^GIT_BRANCH_CLEAN/d"\ |
625 |
- -e "/^COMMIT_NO/d"\ |
626 |
- -e "s/COMMIT :=.*/COMMIT := ${RUNC_COMMIT}/"\ |
627 |
- Makefile || die |
628 |
- popd || die |
629 |
-} |
630 |
- |
631 |
-src_compile() { |
632 |
- # Taken from app-emulation/docker-1.7.0-r1 |
633 |
- export CGO_CFLAGS="-I${ROOT}/usr/include" |
634 |
- export CGO_LDFLAGS="$(usex hardened '-fno-PIC ' '') |
635 |
- -L${ROOT}/usr/$(get_libdir)" |
636 |
- |
637 |
- # build up optional flags |
638 |
- local options=( |
639 |
- $(usex ambient 'ambient' '') |
640 |
- $(usex apparmor 'apparmor' '') |
641 |
- $(usex seccomp 'seccomp' '') |
642 |
- $(usex kmem '' 'nokmem') |
643 |
- ) |
644 |
- |
645 |
- GOPATH="${S}" emake BUILDTAGS="${options[*]}" -C src/${EGO_PN} |
646 |
-} |
647 |
- |
648 |
-src_install() { |
649 |
- pushd src/${EGO_PN} || die |
650 |
- dobin runc |
651 |
- dodoc README.md PRINCIPLES.md |
652 |
- popd || die |
653 |
-} |
654 |
|
655 |
diff --git a/app-emulation/runc/runc-9999.ebuild b/app-emulation/runc/runc-9999.ebuild |
656 |
deleted file mode 100644 |
657 |
index 8973c749125..00000000000 |
658 |
--- a/app-emulation/runc/runc-9999.ebuild |
659 |
+++ /dev/null |
660 |
@@ -1,48 +0,0 @@ |
661 |
-# Copyright 1999-2017 Gentoo Foundation |
662 |
-# Distributed under the terms of the GNU General Public License v2 |
663 |
- |
664 |
-EAPI=6 |
665 |
- |
666 |
-inherit eutils multilib |
667 |
- |
668 |
-DESCRIPTION="runc container cli tools" |
669 |
-HOMEPAGE="http://runc.io" |
670 |
- |
671 |
-GITHUB_URI="github.com/opencontainers/runc" |
672 |
- |
673 |
-if [[ ${PV} == *9999* ]]; then |
674 |
- EGIT_REPO_URI="git://${GITHUB_URI}.git" |
675 |
- inherit git-r3 |
676 |
-else |
677 |
- SRC_URI="https://${GITHUB_URI}/archive/v${PV}.tar.gz -> ${P}.tar.gz" |
678 |
- KEYWORDS="~amd64 ~ppc64" |
679 |
-fi |
680 |
- |
681 |
-LICENSE="Apache-2.0" |
682 |
-SLOT="0" |
683 |
-IUSE="+seccomp" |
684 |
- |
685 |
-DEPEND=">=dev-lang/go-1.4:=" |
686 |
-RDEPEND="seccomp? ( sys-libs/libseccomp ) |
687 |
- !app-emulation/docker-runc" |
688 |
- |
689 |
-src_compile() { |
690 |
- # Taken from app-emulation/docker-1.7.0-r1 |
691 |
- export CGO_CFLAGS="-I${ROOT}/usr/include" |
692 |
- export CGO_LDFLAGS="-L${ROOT}/usr/$(get_libdir)" |
693 |
- |
694 |
- # Setup GOPATH so things build |
695 |
- rm -rf .gopath |
696 |
- mkdir -p .gopath/src/"$(dirname "${GITHUB_URI}")" |
697 |
- ln -sf ../../../.. .gopath/src/"${GITHUB_URI}" |
698 |
- export GOPATH="${PWD}/.gopath:${PWD}/vendor" |
699 |
- |
700 |
- # build up optional flags |
701 |
- local options=( $(usex seccomp "seccomp") ) |
702 |
- |
703 |
- emake BUILDTAGS="${options[@]}" |
704 |
-} |
705 |
- |
706 |
-src_install() { |
707 |
- dobin runc |
708 |
-} |