From 03271050eb94d53fa9f6043adb016cc5a9318ed9 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 27 Mar 2024 18:41:27 -0700 Subject: [PATCH 1/5] ci/gha/cross-i386: pin Go to 1.21 Signed-off-by: Kir Kolyshkin --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 53feeece8f4..88f3a572af3 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -121,7 +121,7 @@ jobs: - name: install go uses: actions/setup-go@v4 with: - go-version: 1.x # Latest stable + go-version: 1.21 - name: unit test run: sudo -E PATH="$PATH" -- make GOARCH=386 localunittest From 82a8b979ef1a41541238b4c5f7ded7b580c17a69 Mon Sep 17 00:00:00 2001 From: lfbzhm Date: Thu, 8 Feb 2024 04:52:17 +0000 Subject: [PATCH 2/5] update go version to 1.21 in cirrus ci Signed-off-by: lfbzhm (cherry picked from commit a596a0551082ad2b5792a97a8b259a9a68091f84) Signed-off-by: Kir Kolyshkin --- .cirrus.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.cirrus.yml b/.cirrus.yml index cfd238f154e..76a6a00cc22 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -77,7 +77,7 @@ task: env: HOME: /root CIRRUS_WORKING_DIR: /home/runc - GO_VERSION: "1.20" + GO_VERSION: "1.21" BATS_VERSION: "v1.9.0" RPMS: gcc git iptables jq glibc-static libseccomp-devel make criu fuse-sshfs # yamllint disable rule:key-duplicates From aae41a4b79d3cb9673592e7ec7f6b2d31e11cd92 Mon Sep 17 00:00:00 2001 From: TTFISH Date: Sun, 25 Jun 2023 17:32:23 +0800 Subject: [PATCH 3/5] Fix integration tests failure when calling "ip" Signed-off-by: TTFISH (cherry picked from commit eb55472ee1254269296e021284045cea21d6a9e6) Signed-off-by: Kir Kolyshkin --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index d24756bc1fc..9fd29a59371 100644 --- a/Dockerfile +++ b/Dockerfile @@ -31,6 +31,7 @@ RUN KEYFILE=/usr/share/keyrings/criu-repo-keyring.gpg; \ sshfs \ sudo \ uidmap \ + iproute2 \ && apt-get clean \ && rm -rf /var/cache/apt /var/lib/apt/lists/* /etc/apt/sources.list.d/*.list From 3fada6eca4e6d5f643b34748406c43e1b13170f9 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 25 Oct 2023 18:56:53 -0700 Subject: [PATCH 4/5] tests/int: fix flaky "runc run with tmpfs perm" Apparently, sometimes a short-lived "runc run" produces result with \r and sometimes without. As a result, we have an occasional failure of "runc run with tmpfs perms" test. The solution (to the flaky test) is to use the first line of the output (like many other tests do). Signed-off-by: Kir Kolyshkin (cherry picked from commit 6d27922005cb1b6d3bae325d28dd6a877b6375d4) Signed-off-by: Kir Kolyshkin --- tests/integration/run.bats | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/integration/run.bats b/tests/integration/run.bats index 88540c763d1..3669f521cfa 100644 --- a/tests/integration/run.bats +++ b/tests/integration/run.bats @@ -72,7 +72,7 @@ function teardown() { runc run test_tmpfs [ "$status" -eq 0 ] - [ "$output" = "$mode" ] + [ "${lines[0]}" = "$mode" ] } @test "runc run with tmpfs perms" { @@ -83,13 +83,13 @@ function teardown() { # Directory is to be created by runc. runc run test_tmpfs [ "$status" -eq 0 ] - [ "$output" = "444" ] + [ "${lines[0]}" = "444" ] # Run a 2nd time with the pre-existing directory. # Ref: https://github.com/opencontainers/runc/issues/3911 runc run test_tmpfs [ "$status" -eq 0 ] - [ "$output" = "444" ] + [ "${lines[0]}" = "444" ] # Existing directory, custom perms, no mode on the mount, # so it should use the directory's perms. @@ -98,7 +98,7 @@ function teardown() { # shellcheck disable=SC2016 runc run test_tmpfs [ "$status" -eq 0 ] - [ "$output" = "710" ] + [ "${lines[0]}" = "710" ] # Add back the mode on the mount, and it should use that instead. # Just for fun, use different perms than was used earlier. @@ -106,7 +106,7 @@ function teardown() { update_config '.mounts[-1].options = ["mode=0410"]' runc run test_tmpfs [ "$status" -eq 0 ] - [ "$output" = "410" ] + [ "${lines[0]}" = "410" ] } @test "runc run [joining existing container namespaces]" { From 452bf88ebf5b22fa1e52f66e3ab26e59cbb4008b Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 15 Mar 2024 17:33:11 +1100 Subject: [PATCH 5/5] build: update libseccomp to v2.5.5 This adds support for syscalls up to Linux 6.7-rc3. Signed-off-by: Aleksa Sarai (cherry picked from commit cdccf6d615ac94ac2a3897392b29327e77720502) Signed-off-by: Kir Kolyshkin --- Dockerfile | 2 +- script/release_build.sh | 2 +- script/seccomp.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9fd29a59371..240ca180f28 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ ARG GO_VERSION=1.20 ARG BATS_VERSION=v1.9.0 -ARG LIBSECCOMP_VERSION=2.5.4 +ARG LIBSECCOMP_VERSION=2.5.5 FROM golang:${GO_VERSION}-bullseye ARG DEBIAN_FRONTEND=noninteractive diff --git a/script/release_build.sh b/script/release_build.sh index af238628cbd..06b52dadc31 100755 --- a/script/release_build.sh +++ b/script/release_build.sh @@ -19,7 +19,7 @@ set -e ## ---> # Project-specific options and functions. In *theory* you shouldn't need to # touch anything else in this script in order to use this elsewhere. -: "${LIBSECCOMP_VERSION:=2.5.4}" +: "${LIBSECCOMP_VERSION:=2.5.5}" project="runc" root="$(readlink -f "$(dirname "${BASH_SOURCE[0]}")/..")" diff --git a/script/seccomp.sh b/script/seccomp.sh index beea612ac83..7060ed67806 100755 --- a/script/seccomp.sh +++ b/script/seccomp.sh @@ -7,7 +7,7 @@ source "$(dirname "${BASH_SOURCE[0]}")/lib.sh" # sha256 checksums for seccomp release tarballs. declare -A SECCOMP_SHA256=( - ["2.5.4"]=d82902400405cf0068574ef3dc1fe5f5926207543ba1ae6f8e7a1576351dcbdb + ["2.5.5"]=248a2c8a4d9b9858aa6baf52712c34afefcf9c9e94b76dce02c1c9aa25fb3375 ) # Due to libseccomp being LGPL we must include its sources,