blob: 9662021075249d7be63528c606ec8c8a9ef5b2d4 [file] [log] [blame]
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
inherit go-module linux-info
# update on bump, look for https://github.com/docker\
# docker-ce/blob/<docker ver OR branch>/components/engine/hack/dockerfile/install/runc.installer
RUNC_COMMIT=f46b6ba2c9314cfc8caae24a32ec5fe9ef1059fe
CONFIG_CHECK="~USER_NS"
DESCRIPTION="runc container cli tools"
HOMEPAGE="http://runc.io"
MY_PV="${PV/_/-}"
SRC_URI="https://github.com/opencontainers/${PN}/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz"
LICENSE="Apache-2.0 BSD-2 BSD MIT"
SLOT="0"
KEYWORDS="*"
IUSE="apparmor hardened +kmem +seccomp test"
DEPEND="seccomp? ( sys-libs/libseccomp )"
RDEPEND="
${DEPEND}
!app-emulation/docker-runc
apparmor? ( sys-libs/libapparmor )
"
BDEPEND="
dev-go/go-md2man
test? ( "${RDEPEND}" )
"
# tests need busybox binary, and portage namespace
# sandboxing disabled: mount-sandbox pid-sandbox ipc-sandbox
# majority of tests pass
RESTRICT+=" test"
S="${WORKDIR}/${PN}-${MY_PV}"
PATCHES="
${FILESDIR}/1.0.0-runc-do-not-set-inheritable-capabilities.patch
${FILESDIR}/1.1.4-fix-CVE-2023-27561.patch
"
src_compile() {
# Taken from app-emulation/docker-1.7.0-r1
export CGO_CFLAGS="-I${ESYSROOT}/usr/include"
export CGO_LDFLAGS="$(usex hardened '-fno-PIC ' '')
-L${ESYSROOT}/usr/$(get_libdir)"
# build up optional flags
local options=(
$(usev apparmor)
$(usev seccomp)
$(usex kmem '' 'nokmem')
)
myemakeargs=(
BUILDTAGS="${options[*]}"
COMMIT="${RUNC_COMMIT}"
# lakitu: use the Go cross-compiler
GO="$(tc-getGO)"
)
# lakitu: cause Go panics to segfault, resulting in core dump collection of
# the process.
export GOTRACEBACK="crash"
emake "${myemakeargs[@]}" runc man
}
src_install() {
myemakeargs+=(
PREFIX="${ED}/usr"
BINDIR="${ED}/usr/bin"
MANDIR="${ED}/usr/share/man"
)
emake "${myemakeargs[@]}" install install-man install-bash
local DOCS=( README.md PRINCIPLES.md docs/. )
einstalldocs
}
src_test() {
emake "${myemakeargs[@]}" localunittest
}