Re: Bug#909644: Bug #909644: docker.io: dockerd warning: failed to retrieve docker-runc version: unknown output format: runc version spec: 1.0.1
On 3/6/19 10:03 AM, Shengjing Zhu wrote:
> I think the runc should be fixed.
>
> But I don't like the patch you suggested. It's confused to user. If
> you set the git commit to the upstream one, like
> ccb5efd37fb7c86364786e9137e22948751de7ed for 1.0.0-rc6, the user would
> think it's 1.0.0-rc6 indeed, but apparently it's not, it's 1.0.0-rc6
> with CVE-2019-5736 patch.
Indeed, you're right.
> So I would suggest to use the debian package version in the commit
> field. More specifically:
>
> diff --git a/debian/rules b/debian/rules
> index 81df53b..0087b6b 100755
> --- a/debian/rules
> +++ b/debian/rules
> @@ -5,7 +5,11 @@
>
> export DH_GOPKG := github.com/opencontainers/runc
> export DH_GOLANG_INSTALL_EXTRA := libcontainer/seccomp/fixtures
> +
> +include /usr/share/dpkg/pkg-info.mk
> +
> TAGS=apparmor seccomp selinux ambient
> +LDFLAGS := -X main.version=$(DEB_VERSION_UPSTREAM) -X
> main.gitCommit=$(DEB_VERSION)
>
> %:
> dh $@ --buildsystem=golang --with=golang --builddirectory=_build
> @@ -33,7 +37,7 @@ override_dh_auto_configure:
> # ln -svrf vendor/github.com/opencontainers/specs
> _build/src/github.com/opencontainers/
>
> override_dh_auto_build:
> - dh_auto_build -- -tags "$(TAGS)"
> + dh_auto_build -- -tags "$(TAGS)" -ldflags "$(LDFLAGS)"
>
> override_dh_auto_test:
> DH_GOLANG_EXCLUDES="libcontainer/integration" \
Thanks for the patch, I applied it and force-pushed it to wip/909644.
Feel free to merge if you like it.
> And we're late to fix this before hard freeze. If we want this fix
> included in buster, we should ask release team to unblock.
Ok, I will do that if you upload the package then.
Reply to: