Import Debian changes 1.0.0~rc10-ok1

runc (1.0.0~rc10-ok1) yangtze; urgency=medium

  * Build for openKylin.

debian/changelog

@@ -0,0 +1,5 @@
+runc (1.0.0~rc10-ok1) yangtze; urgency=medium
+
+  * Build for openKylin.
+
+ -- openKylinBot <openKylinBot@openkylin.com>  Mon, 25 Apr 2022 22:03:04 +0800

debian/clean

@@ -0,0 +1,17 @@
+## Remove generated man pages:
+man/man8/*
+
+## Drop hanging test (introduced in 0.0.9).
+## https://github.com/opencontainers/runc/issues/692
+libcontainer/nsenter/nsenter_test.go
+
+## Failing tests:
+
+## Privileged tests:
+### couldn't get cgroup root: mountpoint for cgroup not found
+libcontainer/cgroups/fs/apply_raw_test.go
+
+### FAIL: TestXattr (0.00s)
+###     xattr_test.go:26: Success
+###     xattr_test.go:30: failed
+libcontainer/xattr/xattr_test.go

debian/compat

@@ -0,0 +1 @@
+10

debian/control

@@ -0,0 +1,43 @@
+Source: runc
+Section: devel
+Priority: optional
+Maintainer: Openkylin Developers <packaging@lists.openkylin.top>
+XSBC-Original-Maintainer: Debian Go Packaging Team <pkg-go-maintainers@lists.alioth.debian.org>
+Uploaders: Alexandre Viau <aviau@debian.org>,
+           Dmitry Smirnov <onlyjob@debian.org>,
+           Tim Potter <tpot@hpe.com>
+Build-Depends: debhelper (>= 11~),
+               dh-golang,
+               go-md2man,
+               golang-any,
+               libapparmor-dev,
+               libseccomp-dev,
+               pkg-config,
+               protobuf-compiler
+Standards-Version: 4.1.4
+Homepage: https://github.com/opencontainers/runc
+Vcs-Git: https://salsa.debian.org/go-team/packages/runc.git
+Vcs-Browser: https://salsa.debian.org/go-team/packages/runc
+XS-Go-Import-Path: github.com/opencontainers/runc
+
+Package: runc
+Architecture: any
+Depends: ${misc:Depends}, ${shlibs:Depends}
+Breaks: docker.io (<= 1.13.1~ds1-0)
+Built-Using: ${misc:Built-Using}
+Description: Open Container Project - runtime
+ "runc" is a command line client for running applications packaged according
+ to the Open Container Format (OCF) and is a compliant implementation of
+ the Open Container Project specification.
+
+Package: golang-github-opencontainers-runc-dev
+Architecture: all
+Depends: ${misc:Depends}
+Description: Open Container Project - development files
+ "runc" is a command line client for running applications packaged according
+ to the Open Container Format (OCF) and is a compliant implementation of
+ the Open Container Project specification.
+ .
+ This package provides development files formerly known as
+ "github.com/docker/libcontainer".
+

debian/copyright

@@ -0,0 +1,82 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: runc
+Source: https://github.com/opencontainers/runc
+
+Files: *
+Copyright: 2012-2015 Docker, Inc.
+License: Apache-2.0
+
+Files:
+    vendor/github.com/cyphar/filepath-securejoin/*
+Copyright:
+    2014-2015 Docker Inc & Go Authors. All rights reserved.
+    2017      SUSE LLC. All rights reserved.
+License: BSD-3-Clause~Google
+
+Files: debian/*
+Copyright:
+    2015      Alexandre Viau <alexandre@alexandreviau.net>
+    2015-2016 Dmitry Smirnov <onlyjob@debian.org>
+License: GPL-3+
+
+Files: debian/patches/*
+Copyright: 2015 Dmitry Smirnov <onlyjob@debian.org>
+License: GPL-3+ or Apache-2.0
+Comment: patches can be licensed under the same terms as upstream.
+
+License: Apache-2.0
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+ http://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ The complete text of the Apache version 2.0 license
+ can be found in "/usr/share/common-licenses/Apache-2.0".
+
+License: GPL-3+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+ ․
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+ ․
+ The complete text of the GNU General Public License version 3
+ can be found in "/usr/share/common-licenses/GPL-3".
+
+License: BSD-3-Clause~Google
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are
+ met:
+ .
+   * Redistributions of source code must retain the above copyright
+     notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+     copyright notice, this list of conditions and the following disclaimer
+     in the documentation and/or other materials provided with the
+     distribution.
+   * Neither the name of Google Inc. nor the names of its
+     contributors may be used to endorse or promote products derived from
+     this software without specific prior written permission.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

debian/gbp.conf

@@ -0,0 +1,11 @@
+[buildpackage]
+overlay = True
+export-dir = ../build-area/
+tarball-dir = ../
+
+[dch]
+id-length    = 0
+
+[import-orig]
+pristine-tar = True
+merge        = False

debian/gitlab-ci.yml

@@ -0,0 +1,28 @@
+
+# auto-generated, DO NOT MODIFY.
+# The authoritative copy of this file lives at:
+# https://salsa.debian.org/go-team/ci/blob/master/cmd/ci/gitlabciyml.go
+
+# TODO: publish under debian-go-team/ci
+image: stapelberg/ci2
+
+test_the_archive:
+  artifacts:
+    paths:
+    - before-applying-commit.json
+    - after-applying-commit.json
+  script:
+    # Create an overlay to discard writes to /srv/gopath/src after the build:
+    - "rm -rf /cache/overlay/{upper,work}"
+    - "mkdir -p /cache/overlay/{upper,work}"
+    - "mount -t overlay overlay -o lowerdir=/srv/gopath/src,upperdir=/cache/overlay/upper,workdir=/cache/overlay/work /srv/gopath/src"
+    - "export GOPATH=/srv/gopath"
+    - "export GOCACHE=/cache/go"
+    # Build the world as-is:
+    - "ci-build -exemptions=/var/lib/ci-build/exemptions.json > before-applying-commit.json"
+    # Copy this package into the overlay:
+    - "GBP_CONF_FILES=:debian/gbp.conf gbp buildpackage --git-no-pristine-tar --git-ignore-branch --git-ignore-new --git-export-dir=/tmp/export --git-no-overlay --git-tarball-dir=/nonexistant --git-cleaner=/bin/true --git-builder='dpkg-buildpackage -S -d --no-sign'"
+    - "pgt-gopath -dsc /tmp/export/*.dsc"
+    # Rebuild the world:
+    - "ci-build -exemptions=/var/lib/ci-build/exemptions.json > after-applying-commit.json"
+    - "ci-diff before-applying-commit.json after-applying-commit.json"

debian/golang-github-opencontainers-runc-dev.install

@@ -0,0 +1 @@
+usr/share/gocode/src

debian/patches/series

@@ -0,0 +1,3 @@
+test--fix_TestGetAdditionalGroups.patch
+test--skip-Hugetlb.patch
+test--skip_TestFactoryNewTmpfs.patch

debian/patches/test--fix_TestGetAdditionalGroups.patch

@@ -0,0 +1,33 @@
+Last-Update: 2018-06-16
+Forwarded: https://github.com/opencontainers/runc/pull/1821
+Bug-Upstream: https://github.com/opencontainers/runc/issues/941
+Author: Dmitry Smirnov <onlyjob@debian.org>
+Description: fix FTBFS on i686
+ src/github.com/opencontainers/runc/libcontainer/user/user_test.go:448:36: constant 2147483648 overflows int
+
+--- a/libcontainer/user/user_test.go
++++ b/libcontainer/user/user_test.go
+@@ -444,9 +444,9 @@
+ 
+ 	if utils.GetIntSize() > 4 {
+ 		tests = append(tests, foo{
+ 			// groups with too large id
+-			groups:   []string{strconv.Itoa(1 << 31)},
++			groups:   []string{strconv.Itoa( 1<<31 -1 )},
+ 			expected: nil,
+ 			hasError: true,
+ 		})
+ 	}
+--- a/libcontainer/user/user.go
++++ b/libcontainer/user/user.go
+@@ -413,9 +413,9 @@
+ 			if err != nil {
+ 				return nil, fmt.Errorf("Unable to find group %s", ag)
+ 			}
+ 			// Ensure gid is inside gid range.
+-			if gid < minId || gid > maxId {
++			if gid < minId || gid >= maxId {
+ 				return nil, ErrRange
+ 			}
+ 			gidMap[gid] = struct{}{}
+ 		}

debian/patches/test--skip-Hugetlb.patch

@@ -0,0 +1,48 @@
+Last-Update: 2018-09-27
+Forwarded: not-needed
+Bug-Upstream: https://github.com/opencontainers/runc/issues/1822
+Author: Dmitry Smirnov <onlyjob@debian.org>
+Description: disabled unreliable tests due to random failures on [ppc64el, s390x].
+
+--- a/libcontainer/cgroups/fs/hugetlb_test.go
++++ b/libcontainer/cgroups/fs/hugetlb_test.go
+@@ -87,8 +87,9 @@
+ 	}
+ }
+ 
+ func TestHugetlbStatsNoUsageFile(t *testing.T) {
++t.Skip("Disabled unreliable test")
+ 	helper := NewCgroupTestUtil("hugetlb", t)
+ 	defer helper.cleanup()
+ 	helper.writeFileContents(map[string]string{
+ 		maxUsage: hugetlbMaxUsageContents,
+@@ -102,8 +103,9 @@
+ 	}
+ }
+ 
+ func TestHugetlbStatsNoMaxUsageFile(t *testing.T) {
++t.Skip("Disabled unreliable test")
+ 	helper := NewCgroupTestUtil("hugetlb", t)
+ 	defer helper.cleanup()
+ 	for _, pageSize := range HugePageSizes {
+ 		helper.writeFileContents(map[string]string{
+@@ -119,8 +121,9 @@
+ 	}
+ }
+ 
+ func TestHugetlbStatsBadUsageFile(t *testing.T) {
++t.Skip("Disabled unreliable test")
+ 	helper := NewCgroupTestUtil("hugetlb", t)
+ 	defer helper.cleanup()
+ 	for _, pageSize := range HugePageSizes {
+ 		helper.writeFileContents(map[string]string{
+@@ -137,8 +140,9 @@
+ 	}
+ }
+ 
+ func TestHugetlbStatsBadMaxUsageFile(t *testing.T) {
++t.Skip("Disabled unreliable test")
+ 	helper := NewCgroupTestUtil("hugetlb", t)
+ 	defer helper.cleanup()
+ 	helper.writeFileContents(map[string]string{
+ 		usage:    hugetlbUsageContents,

debian/patches/test--skip_TestFactoryNewTmpfs.patch

@@ -0,0 +1,17 @@
+Last-Update: 2018-06-15
+Forwarded: not-needed
+Author: Dmitry Smirnov <onlyjob@debian.org>
+Description: disable test (requires root)
+
+--- a/libcontainer/factory_linux_test.go
++++ b/libcontainer/factory_linux_test.go
+@@ -76,8 +76,9 @@
+ 	}
+ }
+ 
+ func TestFactoryNewTmpfs(t *testing.T) {
++t.Skip("DM - skipping privileged test")
+ 	root, rerr := newTestRoot()
+ 	if rerr != nil {
+ 		t.Fatal(rerr)
+ 	}

debian/rules

@@ -0,0 +1,26 @@
+#!/usr/bin/make -f
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+export DH_GOPKG := github.com/opencontainers/runc
+export DH_GOLANG_INSTALL_EXTRA := libcontainer/seccomp/fixtures libcontainer/criurpc
+TAGS=apparmor seccomp selinux ambient
+
+%:
+	dh $@ --buildsystem=golang --with=golang --builddirectory=_build
+
+override_dh_auto_configure:
+	cd man && ./md2man-all.sh
+	dh_auto_configure
+	## Remove extra license files:
+	$(RM) -v \
+            _build/src/$(DH_GOPKG)/vendor/github.com/docker/docker/*/*/LICENSE* \
+        ;
+
+override_dh_auto_build:
+	dh_auto_build -- -tags "$(TAGS)"
+
+override_dh_auto_test:
+	DH_GOLANG_EXCLUDES="libcontainer/integration" \
+        dh_auto_test -- -tags "$(TAGS)"

debian/runc.docs

@@ -0,0 +1,2 @@
+NOTICE
+README*

debian/runc.install

@@ -0,0 +1 @@
+usr/bin/*    /usr/sbin/

debian/runc.lintian-overrides

@@ -0,0 +1 @@
+runc: spelling-error-in-binary

debian/runc.manpages

@@ -0,0 +1 @@
+man/man8/*.8

debian/source/format

@@ -0,0 +1 @@
+3.0 (quilt)

debian/source/lintian-overrides

@@ -0,0 +1,2 @@
+# Result of Files-Excluded:
+source-contains-empty-directory vendor/*

debian/tests/basic-smoke

@@ -0,0 +1,34 @@
+#!/bin/bash
+set -Eeuo pipefail
+set -x
+
+runc --version
+
+tempDir="$(mktemp -d)"
+trap 'rm -rf "$tempDir"' EXIT
+
+# build up rootfs with busybox
+busybox="$(which busybox)" # from busybox-static
+mkdir "$tempDir/rootfs"
+cp -a "$busybox" "$tempDir/rootfs/"
+
+# rough "rootfs" smoke test (makes sure "busybox" is actually static)
+chroot "$tempDir/rootfs" /busybox true
+
+# make a config.json file for our "bundle"
+runc spec --bundle "$tempDir"
+
+# edit the default command to something we can actually run with our rootfs
+grep '"sh"' "$tempDir/config.json"
+sed -i 's@"sh"@"/busybox","echo","success"@g' "$tempDir/config.json"
+grep '"/busybox","echo","success"' "$tempDir/config.json"
+# and disable the TTY
+grep '"terminal": true,' "$tempDir/config.json"
+sed -i 's/"terminal": true,/"terminal": false,/g' "$tempDir/config.json"
+grep '"terminal": false,' "$tempDir/config.json"
+
+# run it and capture the output
+output="$(runc run --bundle "$tempDir" "test-$$-$RANDOM")"
+
+# ensure the output was exactly what we expected
+[ "$output" = 'success' ]

debian/tests/control

@@ -0,0 +1,7 @@
+Tests: basic-smoke
+Depends: busybox-static, @
+Restrictions: allow-stderr, isolation-machine, needs-root
+
+Test-Command: /usr/bin/dh_golang_autopkgtest
+Depends: @, @builddeps@, dh-golang
+Restrictions: allow-stderr, isolation-machine

debian/watch

@@ -0,0 +1,9 @@
+version=3
+
+opts=\
+repack,\
+repacksuffix=+dfsg1,\
+uversionmangle=s/-rc/~rc/,\
+dversionmangle=s/[~+]dfsg\d*$// \
+ https://github.com/opencontainers/runc/releases \
+ .*archive/v?(\d\.\d\.\d.*)\.tar\.gz