| # Copyright 1999-2021 Gentoo Authors |
| # Distributed under the terms of the GNU General Public License v2 |
| |
| EAPI=7 |
| |
| inherit go-module linux-info |
| |
| # update on bump, look for https://github.com/docker\ |
| # docker-ce/blob/<docker ver OR branch>/components/engine/hack/dockerfile/install/runc.installer |
| RUNC_COMMIT=f46b6ba2c9314cfc8caae24a32ec5fe9ef1059fe |
| CONFIG_CHECK="~USER_NS" |
| |
| DESCRIPTION="runc container cli tools" |
| HOMEPAGE="http://runc.io" |
| MY_PV="${PV/_/-}" |
| SRC_URI="https://github.com/opencontainers/${PN}/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz" |
| |
| LICENSE="Apache-2.0 BSD-2 BSD MIT" |
| SLOT="0" |
| KEYWORDS="*" |
| IUSE="apparmor hardened +kmem +seccomp test" |
| |
| DEPEND="seccomp? ( sys-libs/libseccomp )" |
| |
| RDEPEND=" |
| ${DEPEND} |
| !app-emulation/docker-runc |
| apparmor? ( sys-libs/libapparmor ) |
| " |
| |
| BDEPEND=" |
| dev-go/go-md2man |
| test? ( "${RDEPEND}" ) |
| " |
| |
| # tests need busybox binary, and portage namespace |
| # sandboxing disabled: mount-sandbox pid-sandbox ipc-sandbox |
| # majority of tests pass |
| RESTRICT+=" test" |
| |
| S="${WORKDIR}/${PN}-${MY_PV}" |
| |
| PATCHES=" |
| ${FILESDIR}/1.0.0-runc-do-not-set-inheritable-capabilities.patch |
| ${FILESDIR}/1.1.4-fix-CVE-2023-27561.patch |
| " |
| |
| src_compile() { |
| # Taken from app-emulation/docker-1.7.0-r1 |
| export CGO_CFLAGS="-I${ESYSROOT}/usr/include" |
| export CGO_LDFLAGS="$(usex hardened '-fno-PIC ' '') |
| -L${ESYSROOT}/usr/$(get_libdir)" |
| |
| # build up optional flags |
| local options=( |
| $(usev apparmor) |
| $(usev seccomp) |
| $(usex kmem '' 'nokmem') |
| ) |
| |
| myemakeargs=( |
| BUILDTAGS="${options[*]}" |
| COMMIT="${RUNC_COMMIT}" |
| # lakitu: use the Go cross-compiler |
| GO="$(tc-getGO)" |
| ) |
| |
| # lakitu: cause Go panics to segfault, resulting in core dump collection of |
| # the process. |
| export GOTRACEBACK="crash" |
| emake "${myemakeargs[@]}" runc man |
| } |
| |
| src_install() { |
| myemakeargs+=( |
| PREFIX="${ED}/usr" |
| BINDIR="${ED}/usr/bin" |
| MANDIR="${ED}/usr/share/man" |
| ) |
| emake "${myemakeargs[@]}" install install-man install-bash |
| |
| local DOCS=( README.md PRINCIPLES.md docs/. ) |
| einstalldocs |
| } |
| |
| src_test() { |
| emake "${myemakeargs[@]}" localunittest |
| } |