| #!/bin/sh |
| |
| # When updating RUNC_COMMIT, also update runc in vendor.conf accordingly |
| # The version of runc should match the version that is used by the containerd |
| # version that is used. If you need to update runc, open a pull request in |
| # the containerd project first, and update both after that is merged. |
| RUNC_COMMIT=96ec2177ae841256168fcf76954f7177af9446eb |
| RUNC_OVERRIDE_COMMIT=09c8266bf2fcf9519a651b04ae54c967b9ab86ec |
| RUNC_BUNDLE=/go/src/github.com/docker/docker/git-bundles/CVE-2019-5736.bundle |
| |
| install_runc() { |
| # If using RHEL7 kernels (3.10.0 el7), disable kmem accounting/limiting |
| if uname -r | grep -q '^3\.10\.0.*\.el7\.'; then |
| : ${RUNC_NOKMEM='nokmem'} |
| fi |
| |
| # Do not build with ambient capabilities support |
| RUNC_BUILDTAGS="${RUNC_BUILDTAGS:-"seccomp apparmor selinux $RUNC_NOKMEM"}" |
| |
| echo "Install runc version $RUNC_COMMIT (build tags: $RUNC_BUILDTAGS)" |
| git clone https://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" |
| cd "$GOPATH/src/github.com/opencontainers/runc" |
| git checkout -q "$RUNC_COMMIT" |
| |
| if [ -f "$RUNC_BUNDLE" ];then |
| git bundle unbundle "$RUNC_BUNDLE" |
| git checkout -q "$RUNC_OVERRIDE_COMMIT" |
| if [ "$(git rev-parse HEAD)" != "$RUNC_OVERRIDE_COMMIT" ]; then |
| echo "ERROR: Commit with bundle does not match override commit" |
| echo " $(git rev-parse HEAD) != '$RUNC_OVERRIDE_COMMIT'" |
| exit 1 |
| fi |
| RUNC_COMMIT=$RUNC_OVERRIDE_COMMIT |
| fi |
| |
| if [ -z "$1" ]; then |
| target=static |
| else |
| target="$1" |
| fi |
| OVERRIDE_VERSION="1.0.0-rc6+dev.docker-18.09" |
| make BUILDTAGS="$RUNC_BUILDTAGS" COMMIT="$RUNC_COMMIT" VERSION="$OVERRIDE_VERSION" "$target" |
| mkdir -p ${PREFIX} |
| cp runc ${PREFIX}/runc |
| } |
