Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

upgrade Go, Runc, Docker and Containerd #2317

Merged
merged 9 commits into from
Oct 2, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions build_library/sysext_mangle_docker-flatcar
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,9 @@ rootfs="${1}"
# Remove debug and contrib
echo ">>> NOTICE: $0: removing '/usr/lib/debug/', '/usr/share/docker/contrib' from sysext"
rm -rf "${rootfs}/usr/lib/debug/" "${rootfs}/usr/share/docker/contrib/"
# For Docker 27.2.1, two files are symlinked to /usr/share/docker/contrib
# There were previously shipped directly in /usr/share/docker/contrib folder
rm -f "${rootfs}/usr/bin/dockerd-rootless-setuptool.sh" "${rootfs}/usr/bin/dockerd-rootless.sh"

script_root="$(cd "$(dirname "$0")/../"; pwd)"
files_dir="${script_root}/sdk_container/src/third_party/coreos-overlay/coreos/sysext/docker"
Expand Down
3 changes: 3 additions & 0 deletions changelog/security/2024-09-27-docker-go.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
- docker ([CVE-2024-41110](https://nvd.nist.gov/vuln/detail/CVE-2024-41110))
- Go ([CVE-2024-34155](https://nvd.nist.gov/vuln/detail/CVE-2024-34155), [CVE-2024-34156](https://nvd.nist.gov/vuln/detail/CVE-2024-34156), [CVE-2024-34158](https://nvd.nist.gov/vuln/detail/CVE-2024-34158))
- runc ([CVE-2024-45310](https://nvd.nist.gov/vuln/detail/CVE-2024-45310))
4 changes: 4 additions & 0 deletions changelog/updates/2024-09-27-containerd-docker-go-runc.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
- containerd ([1.7.22](https://github.com/containerd/containerd/releases/tag/v1.7.22))
- docker ([27.2.1](https://docs.docker.com/engine/release-notes/27/#2721), includes changes from [26.1.0](https://docs.docker.com/engine/release-notes/26.1/#2610)))
- Go ([1.22.7](https://go.dev/doc/devel/release#go1.22.7))
- runc ([1.1.14](https://github.com/opencontainers/runc/releases/tag/v1.1.14))
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
DIST containerd-1.7.1.tar.gz 9682254 BLAKE2B f168070caf2b76f0be350a98f41bfdbfe6d78344d68821fb92a29f839a6e847d795e5b79436e36f985aa88028ff1c3f44f134cf6bd502ddac22453a457bd952b SHA512 e9b00ba8f4dd1b5b1088060d3822f684611d43b367ddfeb1bee1660140af85f31e9c9bfc600a67e8fc8645a625dc4e1919d9af7291bdeaa607bff7065a4fc945
DIST containerd-1.7.2.tar.gz 9688701 BLAKE2B d31cd0e96bb2675390cc63d06114e37d532b7c666b3ffc5b0087dfcef8de23559471f08bf8a52b164c5f645faf1b8102ab2ccdd8ec417a1c74336097f0c3a899 SHA512 c0d4c02991b7e9fc341c4ef3df2d93097f5854a51b99596ed95436a79f7a586820bb8bb7c17fc43b5f38d97ea942e59490fbbf6c9710391ef9caae3d34627bc5
DIST containerd-1.7.21.tar.gz 10188737 BLAKE2B 0a3eef5bd97b4249963d6e6b80652e2abef0ac7ece726d15efc3b1d364b3525ac7602afecfde3d376bdbec7d5ca39636e09dd8d2a96c420012ef4232afc2a6dd SHA512 fba998c8d7f2907b3e5fb09c3947c3272661ec33379c611c5110ca0151812adcd70ff6b837e97a5d4228d685902276eeb98cd82bb4c46149686e169e81943c75
DIST containerd-1.7.22.tar.gz 10189969 BLAKE2B b1fac9764a8bac0b883849786bd20c9a8e64d764186c6362978faec5ba360636caccc6c1a7c51c6781aa51f96a4e713968d1e86b54b6fe2fa9e3dfcc07727e64 SHA512 9572f2b0f49365cc3888999a0c0b7d29694922f0cbefb33e1fbbfc71781cde402537da3a23e36fd3a600a1d819bcef9acbeee423df2699fa9e3f07cfde7f9128
DIST containerd-1.7.6.tar.gz 9714550 BLAKE2B 863df1a8ab0f0fe6ec62893ed64824763c1b5230fe830fa268820ce0d6254c79e1ac62ab1261a74785b86b01dff83ea9109a899857fa47a48f2cf2eaf298fea8 SHA512 8b7e13c6ea544754ba7d53092d143f3fd2224b9bc874a33d8a00b781e719927f1b22ad5cd1e35b7b95e4890e630f4b92308549a970587ccdf9dbb8eb470e2703
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

EAPI=8
inherit go-module systemd
GIT_REVISION=174e0d1785eeda18dc2beba45e1d5a188771636b
GIT_REVISION=b2ce781edcbd6cb758f172ecab61c79d607cc41d

DESCRIPTION="A daemon to control runC"
HOMEPAGE="https://containerd.io/"
Expand All @@ -22,7 +22,7 @@ DEPEND="
# recommended version of runc is found in script/setup/runc-version
RDEPEND="
${DEPEND}
~app-containers/runc-1.1.13[apparmor?,seccomp?]
~app-containers/runc-1.1.14[apparmor?,seccomp?]
"

BDEPEND="
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ RDEPEND="${RDEPEND}
app-text/xmlto
dev-build/gtk-doc-am
dev-lang/go-bootstrap
dev-lang/go:1.21
dev-lang/go:1.22
dev-lang/nasm
=dev-lang/python-3*
dev-lang/swig
Expand Down
Original file line number Diff line number Diff line change
@@ -1 +1 @@
DIST go1.21.13.src.tar.gz 26997630 BLAKE2B 41098fcd889b0501b2580933b144b317e28f86aee30352f32fafdc66f7607677a62927104b10702f01464fe3eff3ed2999c9913756ed8526df49f523c8a6f945 SHA512 f316984154ead8256d9ec0613e3cfef5699553387d87c24bb2a96265f986bf4450838e6451841def3713d65ebaa9bf55e36ff39c5690d79522e1c1ba7655be2f
DIST go1.22.7.src.tar.gz 27562038 BLAKE2B c4dd868ac6966029fd72e61d9c82ac26162f4eb26f77a3a6a7e8bc609223069c004786066ca66f24f4d595de1da4f4ee18b368f80ac94e832c8bd9edde407094 SHA512 60b37916e31c3482e8395580a29757971df5e1783dc13a9914261007e07aa8b1b9c1a0b874883e297903e16c7831117b8f814aeff0a0d4398948c97c9d73b73a
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
# @CODE
# COREOS_GO_VERSION=go1.20
# @CODE
export COREOS_GO_VERSION="${COREOS_GO_VERSION:-go1.21}"
export COREOS_GO_VERSION="${COREOS_GO_VERSION:-go1.22}"

case "${EAPI:-0}" in
5|6) DEPEND="dev-lang/go:${COREOS_GO_VERSION#go}=" ;;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
# (the following packages are "unstable" upstream; we're stabilising these)

# Handled by automation
=app-containers/containerd-1.7.21 ~amd64 ~arm64 # DO NOT EDIT THIS LINE. Added by containerd-apply-patch.sh on 2024-08-30 08:19:45
=app-containers/containerd-1.7.22 ~amd64 ~arm64 # DO NOT EDIT THIS LINE. Added by containerd-apply-patch.sh on 2024-09-13 08:19:35

# Keep versions on both arches in sync.
=app-containers/cri-tools-1.27.0 ~arm64
Expand All @@ -20,7 +20,7 @@
# modifications made to the ebuilds were clobbered, so these are here
# to keep using the same version. Can be dropped when these or newer
# get stabilized in Gentoo.
=app-containers/runc-1.1.13 ~amd64 ~arm64
=app-containers/runc-1.1.14 ~amd64 ~arm64

# Seems to be the only available ebuild in portage-stable right now.
=app-crypt/adcli-0.9.2 ~arm64
Expand Down Expand Up @@ -109,3 +109,7 @@ dev-util/catalyst ~amd64 ~arm64
=virtual/perl-Exporter-5.780.0 ~arm64
=virtual/perl-File-Spec-3.900.0 ~arm64
=virtual/perl-IO-1.550.0 ~arm64

# Accept unstable for Docker and its CLI.
=app-containers/docker-27.2.1 ~amd64 ~arm64
=app-containers/docker-cli-27.2.1 ~amd64 ~arm64
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,4 @@ DIST docker-cli-26.1.0-man.tar.xz 79004 BLAKE2B 36dcf969c6567680990420d6d177101b
DIST docker-cli-26.1.0.tar.gz 7213165 BLAKE2B 302236467f2b6f3f46b0f0c75e89c2cef0cd251d36e12f78a67c906cfb85b842b998fd3b07f4a2dfc0a04825a9b105d90f11d176055ded397f2d4e9145639d5d SHA512 1a1e9af1a836765ffa91f7f2e1b27911e2b6b373c308a7db332a7cd1825459ab1c04a93d03c9947b631bead0af21d9f03e06c3a60855cc56ca7039e50e38ba87
DIST docker-cli-27.2.0-man.tar.xz 79052 BLAKE2B 019299b8cd0adbb1a3749f9aa37b1e38bf212b2c13eee81ae49f843bcc56ff3f41413e1021bebf5c88b4406d7928c2c40de026df861195aa2df79d9c724f8b87 SHA512 d61d6f9f9139f2d22268932d795a50e7b9b1ff993699ba87ca9353cb9908ac18c103a34ee9a486f3537988d6ba7317b05588cd84ff8327b86826ab7ed5023947
DIST docker-cli-27.2.0.tar.gz 7236608 BLAKE2B 828f002d83de47efad370e28df2f5e50f75da7952bf4fcbe30d3d66c9bc281ee99fab820f7bca002c8eb13fa29b7518e951974b62008e213662c1d384a286c0d SHA512 5dce9e974a96b2518a73d50a9421d12feeb9cc792bb89000f26e04a91fdddade2648dea39aa721e48c9b07bfc18f7a6676fb7e286ae779556753886ec45e86c3
DIST docker-cli-27.2.1.tar.gz 7235741 BLAKE2B 461d177ff05cf27cf271e355cb6ce65a908e6263e10042bb1ae3963e376461d18a93ed79119b3551350a513ce065af3dbbcc9c82d0c7a68b366b3f012a9563f8 SHA512 2e89062fc906eec6879787b21a76d291159fb5e22c6a30c78d915c7a1c76ae03fca0cb7e4fc7f78e1747120fb64b652dbc9ca925a77c41ec9df44136bb2a83fa
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2

EAPI=7

GIT_COMMIT=9e34c9bb39efd8bf96d4ec044de454ef1f24c668

EGO_PN="github.com/docker/cli"
MY_PV=${PV/_/-}
inherit bash-completion-r1 golang-vcs-snapshot

DESCRIPTION="the command line binary for docker"
HOMEPAGE="https://www.docker.com/"
SRC_URI="https://github.com/docker/cli/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz"
# SRC_URI+=" https://dev.gentoo.org/~williamh/dist/${P}-man.tar.xz"

LICENSE="Apache-2.0"
SLOT="0"
KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc64 ~riscv ~x86"
IUSE="hardened selinux"

RDEPEND="!<app-containers/docker-20.10.1
selinux? ( sec-policy/selinux-docker )"
BDEPEND="
>=dev-lang/go-1.16.6"

RESTRICT="installsources strip test"

S="${WORKDIR}/${P}/src/${EGO_PN}"

src_unpack() {
golang-vcs-snapshot_src_unpack
set -- ${A}
# Flatcar: skip unpacking temporarily
# unpack ${2}
}

src_prepare() {
default
sed -i 's@dockerd\?\.exe@@g' contrib/completion/bash/docker || die
}

src_compile() {
export DISABLE_WARN_OUTSIDE_CONTAINER=1
export GOPATH="${WORKDIR}/${P}"
# setup CFLAGS and LDFLAGS for separate build target
# see https://github.com/tianon/docker-overlay/pull/10
CGO_CFLAGS+=" -I${ESYSROOT}/usr/include"
CGO_LDFLAGS+=" -L${ESYSROOT}/usr/$(get_libdir)"
emake \
LDFLAGS="$(usex hardened '-extldflags -fno-PIC' '')" \
VERSION="${PV}" \
GITCOMMIT="${GIT_COMMIT}" \
dynbinary
}

src_install() {
dobin build/docker
# Flatcar: skip installing manpages temporarily
# doman "${WORKDIR}"/man/man?/*
dobashcomp contrib/completion/bash/*
bashcomp_alias docker dockerd
insinto /usr/share/fish/vendor_completions.d/
doins contrib/completion/fish/docker.fish
insinto /usr/share/zsh/site-functions
doins contrib/completion/zsh/_*
}

pkg_postinst() {
has_version "app-containers/docker-buildx" && return
ewarn "the 'docker build' command is deprecated and will be removed in a"
ewarn "future release. If you need this functionality, install"
ewarn "app-containers/docker-buildx."
}
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
DIST docker-26.1.0.tar.gz 16390376 BLAKE2B 6703e9b153c430bc28aed2e7de7bada0203353d61f0a2ce3d49ddbd017eab196a685dd1ab1e719a6b287813eb5fa4f2c612e2cf1ab95789d6e79ebe5dac7ace3 SHA512 47b6b9af9947016884614b6bc25977e1db281da95c9b8b34c753c21c664a737a893f9fa65d92cbb897735aae3893567e106e6bababb5507e069b1e0981e48d50
DIST docker-27.2.0.tar.gz 16689537 BLAKE2B faf0bae9f7da127d5b65b9989acd82dc726bc3f09ace502df151b9f03a84b6f1ec2a946d905263aaa7d2e7d7a3cd4ad1a09291dcfc6691e73cc9a8738f150d55 SHA512 97abaf56d2249c1514beacf17fc9096848b960846e064f1a9bd800a59762a1f1888b32e83b3e8289e23656496ca0293fea65931210d68faaa8a713aab6e48b65
DIST docker-27.2.1.tar.gz 16769375 BLAKE2B a2a33d76702f5a208b22cbb12202f4fd69dfce79a6a8ed3c3fe0df161696c922ab764a1796cd265a0cba0737894daf759baf21ecff364f3caea5fd440831dcb9 SHA512 2ca29e53074c1ff7b527f709ae542daa2754cfc35c70ae92bd71b4c7d5d54cd6d373ab078c811900dc694347cb149387681f6cf26634c81651a8e91e31790de7
Loading
Loading