diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..fa80aa1 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,5 @@ +runc (1.0.0~rc10-ok1) yangtze; urgency=medium + + * Build for openKylin. + + -- openKylinBot Mon, 25 Apr 2022 22:03:04 +0800 diff --git a/debian/clean b/debian/clean new file mode 100644 index 0000000..8142861 --- /dev/null +++ b/debian/clean @@ -0,0 +1,17 @@ +## Remove generated man pages: +man/man8/* + +## Drop hanging test (introduced in 0.0.9). +## https://github.com/opencontainers/runc/issues/692 +libcontainer/nsenter/nsenter_test.go + +## Failing tests: + +## Privileged tests: +### couldn't get cgroup root: mountpoint for cgroup not found +libcontainer/cgroups/fs/apply_raw_test.go + +### FAIL: TestXattr (0.00s) +### xattr_test.go:26: Success +### xattr_test.go:30: failed +libcontainer/xattr/xattr_test.go diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..f599e28 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +10 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..e950c62 --- /dev/null +++ b/debian/control @@ -0,0 +1,43 @@ +Source: runc +Section: devel +Priority: optional +Maintainer: Openkylin Developers +XSBC-Original-Maintainer: Debian Go Packaging Team +Uploaders: Alexandre Viau , + Dmitry Smirnov , + Tim Potter +Build-Depends: debhelper (>= 11~), + dh-golang, + go-md2man, + golang-any, + libapparmor-dev, + libseccomp-dev, + pkg-config, + protobuf-compiler +Standards-Version: 4.1.4 +Homepage: https://github.com/opencontainers/runc +Vcs-Git: https://salsa.debian.org/go-team/packages/runc.git +Vcs-Browser: https://salsa.debian.org/go-team/packages/runc +XS-Go-Import-Path: github.com/opencontainers/runc + +Package: runc +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Breaks: docker.io (<= 1.13.1~ds1-0) +Built-Using: ${misc:Built-Using} +Description: Open Container Project - runtime + "runc" is a command line client for running applications packaged according + to the Open Container Format (OCF) and is a compliant implementation of + the Open Container Project specification. + +Package: golang-github-opencontainers-runc-dev +Architecture: all +Depends: ${misc:Depends} +Description: Open Container Project - development files + "runc" is a command line client for running applications packaged according + to the Open Container Format (OCF) and is a compliant implementation of + the Open Container Project specification. + . + This package provides development files formerly known as + "github.com/docker/libcontainer". + diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..4d5375a --- /dev/null +++ b/debian/copyright @@ -0,0 +1,82 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: runc +Source: https://github.com/opencontainers/runc + +Files: * +Copyright: 2012-2015 Docker, Inc. +License: Apache-2.0 + +Files: + vendor/github.com/cyphar/filepath-securejoin/* +Copyright: + 2014-2015 Docker Inc & Go Authors. All rights reserved. + 2017 SUSE LLC. All rights reserved. +License: BSD-3-Clause~Google + +Files: debian/* +Copyright: + 2015 Alexandre Viau + 2015-2016 Dmitry Smirnov +License: GPL-3+ + +Files: debian/patches/* +Copyright: 2015 Dmitry Smirnov +License: GPL-3+ or Apache-2.0 +Comment: patches can be licensed under the same terms as upstream. + +License: Apache-2.0 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + http://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + The complete text of the Apache version 2.0 license + can be found in "/usr/share/common-licenses/Apache-2.0". + +License: GPL-3+ + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + ․ + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + ․ + The complete text of the GNU General Public License version 3 + can be found in "/usr/share/common-licenses/GPL-3". + +License: BSD-3-Clause~Google + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are + met: + . + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following disclaimer + in the documentation and/or other materials provided with the + distribution. + * Neither the name of Google Inc. nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/debian/gbp.conf b/debian/gbp.conf new file mode 100644 index 0000000..433de42 --- /dev/null +++ b/debian/gbp.conf @@ -0,0 +1,11 @@ +[buildpackage] +overlay = True +export-dir = ../build-area/ +tarball-dir = ../ + +[dch] +id-length = 0 + +[import-orig] +pristine-tar = True +merge = False diff --git a/debian/gitlab-ci.yml b/debian/gitlab-ci.yml new file mode 100644 index 0000000..5c8c31b --- /dev/null +++ b/debian/gitlab-ci.yml @@ -0,0 +1,28 @@ + +# auto-generated, DO NOT MODIFY. +# The authoritative copy of this file lives at: +# https://salsa.debian.org/go-team/ci/blob/master/cmd/ci/gitlabciyml.go + +# TODO: publish under debian-go-team/ci +image: stapelberg/ci2 + +test_the_archive: + artifacts: + paths: + - before-applying-commit.json + - after-applying-commit.json + script: + # Create an overlay to discard writes to /srv/gopath/src after the build: + - "rm -rf /cache/overlay/{upper,work}" + - "mkdir -p /cache/overlay/{upper,work}" + - "mount -t overlay overlay -o lowerdir=/srv/gopath/src,upperdir=/cache/overlay/upper,workdir=/cache/overlay/work /srv/gopath/src" + - "export GOPATH=/srv/gopath" + - "export GOCACHE=/cache/go" + # Build the world as-is: + - "ci-build -exemptions=/var/lib/ci-build/exemptions.json > before-applying-commit.json" + # Copy this package into the overlay: + - "GBP_CONF_FILES=:debian/gbp.conf gbp buildpackage --git-no-pristine-tar --git-ignore-branch --git-ignore-new --git-export-dir=/tmp/export --git-no-overlay --git-tarball-dir=/nonexistant --git-cleaner=/bin/true --git-builder='dpkg-buildpackage -S -d --no-sign'" + - "pgt-gopath -dsc /tmp/export/*.dsc" + # Rebuild the world: + - "ci-build -exemptions=/var/lib/ci-build/exemptions.json > after-applying-commit.json" + - "ci-diff before-applying-commit.json after-applying-commit.json" diff --git a/debian/golang-github-opencontainers-runc-dev.install b/debian/golang-github-opencontainers-runc-dev.install new file mode 100644 index 0000000..3e409b1 --- /dev/null +++ b/debian/golang-github-opencontainers-runc-dev.install @@ -0,0 +1 @@ +usr/share/gocode/src diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..a674b36 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,3 @@ +test--fix_TestGetAdditionalGroups.patch +test--skip-Hugetlb.patch +test--skip_TestFactoryNewTmpfs.patch diff --git a/debian/patches/test--fix_TestGetAdditionalGroups.patch b/debian/patches/test--fix_TestGetAdditionalGroups.patch new file mode 100644 index 0000000..f1cf6fb --- /dev/null +++ b/debian/patches/test--fix_TestGetAdditionalGroups.patch @@ -0,0 +1,33 @@ +Last-Update: 2018-06-16 +Forwarded: https://github.com/opencontainers/runc/pull/1821 +Bug-Upstream: https://github.com/opencontainers/runc/issues/941 +Author: Dmitry Smirnov +Description: fix FTBFS on i686 + src/github.com/opencontainers/runc/libcontainer/user/user_test.go:448:36: constant 2147483648 overflows int + +--- a/libcontainer/user/user_test.go ++++ b/libcontainer/user/user_test.go +@@ -444,9 +444,9 @@ + + if utils.GetIntSize() > 4 { + tests = append(tests, foo{ + // groups with too large id +- groups: []string{strconv.Itoa(1 << 31)}, ++ groups: []string{strconv.Itoa( 1<<31 -1 )}, + expected: nil, + hasError: true, + }) + } +--- a/libcontainer/user/user.go ++++ b/libcontainer/user/user.go +@@ -413,9 +413,9 @@ + if err != nil { + return nil, fmt.Errorf("Unable to find group %s", ag) + } + // Ensure gid is inside gid range. +- if gid < minId || gid > maxId { ++ if gid < minId || gid >= maxId { + return nil, ErrRange + } + gidMap[gid] = struct{}{} + } diff --git a/debian/patches/test--skip-Hugetlb.patch b/debian/patches/test--skip-Hugetlb.patch new file mode 100644 index 0000000..7f672fc --- /dev/null +++ b/debian/patches/test--skip-Hugetlb.patch @@ -0,0 +1,48 @@ +Last-Update: 2018-09-27 +Forwarded: not-needed +Bug-Upstream: https://github.com/opencontainers/runc/issues/1822 +Author: Dmitry Smirnov +Description: disabled unreliable tests due to random failures on [ppc64el, s390x]. + +--- a/libcontainer/cgroups/fs/hugetlb_test.go ++++ b/libcontainer/cgroups/fs/hugetlb_test.go +@@ -87,8 +87,9 @@ + } + } + + func TestHugetlbStatsNoUsageFile(t *testing.T) { ++t.Skip("Disabled unreliable test") + helper := NewCgroupTestUtil("hugetlb", t) + defer helper.cleanup() + helper.writeFileContents(map[string]string{ + maxUsage: hugetlbMaxUsageContents, +@@ -102,8 +103,9 @@ + } + } + + func TestHugetlbStatsNoMaxUsageFile(t *testing.T) { ++t.Skip("Disabled unreliable test") + helper := NewCgroupTestUtil("hugetlb", t) + defer helper.cleanup() + for _, pageSize := range HugePageSizes { + helper.writeFileContents(map[string]string{ +@@ -119,8 +121,9 @@ + } + } + + func TestHugetlbStatsBadUsageFile(t *testing.T) { ++t.Skip("Disabled unreliable test") + helper := NewCgroupTestUtil("hugetlb", t) + defer helper.cleanup() + for _, pageSize := range HugePageSizes { + helper.writeFileContents(map[string]string{ +@@ -137,8 +140,9 @@ + } + } + + func TestHugetlbStatsBadMaxUsageFile(t *testing.T) { ++t.Skip("Disabled unreliable test") + helper := NewCgroupTestUtil("hugetlb", t) + defer helper.cleanup() + helper.writeFileContents(map[string]string{ + usage: hugetlbUsageContents, diff --git a/debian/patches/test--skip_TestFactoryNewTmpfs.patch b/debian/patches/test--skip_TestFactoryNewTmpfs.patch new file mode 100644 index 0000000..35c05e3 --- /dev/null +++ b/debian/patches/test--skip_TestFactoryNewTmpfs.patch @@ -0,0 +1,17 @@ +Last-Update: 2018-06-15 +Forwarded: not-needed +Author: Dmitry Smirnov +Description: disable test (requires root) + +--- a/libcontainer/factory_linux_test.go ++++ b/libcontainer/factory_linux_test.go +@@ -76,8 +76,9 @@ + } + } + + func TestFactoryNewTmpfs(t *testing.T) { ++t.Skip("DM - skipping privileged test") + root, rerr := newTestRoot() + if rerr != nil { + t.Fatal(rerr) + } diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..4ced272 --- /dev/null +++ b/debian/rules @@ -0,0 +1,26 @@ +#!/usr/bin/make -f + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +export DH_GOPKG := github.com/opencontainers/runc +export DH_GOLANG_INSTALL_EXTRA := libcontainer/seccomp/fixtures libcontainer/criurpc +TAGS=apparmor seccomp selinux ambient + +%: + dh $@ --buildsystem=golang --with=golang --builddirectory=_build + +override_dh_auto_configure: + cd man && ./md2man-all.sh + dh_auto_configure + ## Remove extra license files: + $(RM) -v \ + _build/src/$(DH_GOPKG)/vendor/github.com/docker/docker/*/*/LICENSE* \ + ; + +override_dh_auto_build: + dh_auto_build -- -tags "$(TAGS)" + +override_dh_auto_test: + DH_GOLANG_EXCLUDES="libcontainer/integration" \ + dh_auto_test -- -tags "$(TAGS)" diff --git a/debian/runc.docs b/debian/runc.docs new file mode 100644 index 0000000..dfda5a8 --- /dev/null +++ b/debian/runc.docs @@ -0,0 +1,2 @@ +NOTICE +README* diff --git a/debian/runc.install b/debian/runc.install new file mode 100644 index 0000000..9456224 --- /dev/null +++ b/debian/runc.install @@ -0,0 +1 @@ +usr/bin/* /usr/sbin/ diff --git a/debian/runc.lintian-overrides b/debian/runc.lintian-overrides new file mode 100644 index 0000000..eaa0b29 --- /dev/null +++ b/debian/runc.lintian-overrides @@ -0,0 +1 @@ +runc: spelling-error-in-binary diff --git a/debian/runc.manpages b/debian/runc.manpages new file mode 100644 index 0000000..99cddbc --- /dev/null +++ b/debian/runc.manpages @@ -0,0 +1 @@ +man/man8/*.8 diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/source/lintian-overrides b/debian/source/lintian-overrides new file mode 100644 index 0000000..81ccd6d --- /dev/null +++ b/debian/source/lintian-overrides @@ -0,0 +1,2 @@ +# Result of Files-Excluded: +source-contains-empty-directory vendor/* diff --git a/debian/tests/basic-smoke b/debian/tests/basic-smoke new file mode 100755 index 0000000..0c6ea1e --- /dev/null +++ b/debian/tests/basic-smoke @@ -0,0 +1,34 @@ +#!/bin/bash +set -Eeuo pipefail +set -x + +runc --version + +tempDir="$(mktemp -d)" +trap 'rm -rf "$tempDir"' EXIT + +# build up rootfs with busybox +busybox="$(which busybox)" # from busybox-static +mkdir "$tempDir/rootfs" +cp -a "$busybox" "$tempDir/rootfs/" + +# rough "rootfs" smoke test (makes sure "busybox" is actually static) +chroot "$tempDir/rootfs" /busybox true + +# make a config.json file for our "bundle" +runc spec --bundle "$tempDir" + +# edit the default command to something we can actually run with our rootfs +grep '"sh"' "$tempDir/config.json" +sed -i 's@"sh"@"/busybox","echo","success"@g' "$tempDir/config.json" +grep '"/busybox","echo","success"' "$tempDir/config.json" +# and disable the TTY +grep '"terminal": true,' "$tempDir/config.json" +sed -i 's/"terminal": true,/"terminal": false,/g' "$tempDir/config.json" +grep '"terminal": false,' "$tempDir/config.json" + +# run it and capture the output +output="$(runc run --bundle "$tempDir" "test-$$-$RANDOM")" + +# ensure the output was exactly what we expected +[ "$output" = 'success' ] diff --git a/debian/tests/control b/debian/tests/control new file mode 100644 index 0000000..6211245 --- /dev/null +++ b/debian/tests/control @@ -0,0 +1,7 @@ +Tests: basic-smoke +Depends: busybox-static, @ +Restrictions: allow-stderr, isolation-machine, needs-root + +Test-Command: /usr/bin/dh_golang_autopkgtest +Depends: @, @builddeps@, dh-golang +Restrictions: allow-stderr, isolation-machine diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..ec26c94 --- /dev/null +++ b/debian/watch @@ -0,0 +1,9 @@ +version=3 + +opts=\ +repack,\ +repacksuffix=+dfsg1,\ +uversionmangle=s/-rc/~rc/,\ +dversionmangle=s/[~+]dfsg\d*$// \ + https://github.com/opencontainers/runc/releases \ + .*archive/v?(\d\.\d\.\d.*)\.tar\.gz