commit docker-runc-kubic for openSUSE:Factory
Hello community,
here is the log from the commit of package docker-runc-kubic for
openSUSE:Factory checked in at 2018-06-20 15:27:02
Comparing /work/SRC/openSUSE:Factory/docker-runc-kubic (Old)
and /work/SRC/openSUSE:Factory/.docker-runc-kubic.new (New)
Package is "docker-runc-kubic"
Wed Jun 20 15:27:02 2018 rev:5 rq:617459 version:1.0.0rc4+gitr3338_3f2f8b84a77f
Changes:
--- /work/SRC/openSUSE:Factory/docker-runc-kubic/docker-runc-kubic.changes
2018-06-05 12:56:53.064907022 +0200
+++ /work/SRC/openSUSE:Factory/.docker-runc-kubic.new/docker-runc-kubic.changes
2018-06-20 15:27:10.851166420 +0200
@@ -1,0 +2,7 @@
+Thu Jun 7 06:42:21 UTC 2018 - asa...@suse.com
+
+- Backport of https://github.com/opencontainers/runc/pull/1698 to help fix
+ bsc#1094680, which is caused by the race described in the upstream issue.
+ * bsc1094680-0001-Avoid-race-when-opening-exec-fifo.patch
+
+---
New:
bsc1094680-0001-Avoid-race-when-opening-exec-fifo.patch
Other differences:
--
++ docker-runc-kubic.spec ++
--- /var/tmp/diff_new_pack.KQ3XdF/_old 2018-06-20 15:27:11.543141318 +0200
+++ /var/tmp/diff_new_pack.KQ3XdF/_new 2018-06-20 15:27:11.547141173 +0200
@@ -56,6 +56,8 @@
Source: %{name}-git.%{git_version}.tar.xz
# SUSE-FIX-UPSTREAM: Backport of
https://github.com/opencontainers/runc/pull/1555. bsc#1053532
Patch100: bsc1053532-0001-makefile-drop-usage-of-install.patch
+# SUSE-FIX-UPSTREAM: Backport of
https://github.com/opencontainers/runc/pull/1698. bsc#1094680
+Patch101: bsc1094680-0001-Avoid-race-when-opening-exec-fifo.patch
BuildRequires: fdupes
BuildRequires: go-go-md2man
BuildRequires: libapparmor-devel
@@ -106,6 +108,8 @@
%setup -q -n %{name}-git.%{git_version}
# bsc#1053532
%patch100 -p1
+# bsc#1094680
+%patch101 -p1
%build
# Do not use symlinks. If you want to run the unit tests for this package at
++ bsc1094680-0001-Avoid-race-when-opening-exec-fifo.patch ++
>From 331f9819f515be7d8a1bdd7a68d9dac0c87f3015 Mon Sep 17 00:00:00 2001
From: Will Martin
Date: Mon, 22 Jan 2018 17:03:02 +
Subject: [PATCH] Avoid race when opening exec fifo
When starting a container with `runc start` or `runc run`, the stub
process (runc[2:INIT]) opens a fifo for writing. Its parent runc process
will open the same fifo for reading. In this way, they synchronize.
If the stub process exits at the wrong time, the parent runc process
will block forever.
This can happen when racing 2 runc operations against each other: `runc
run/start`, and `runc delete`. It could also happen for other reasons,
e.g. the kernel's OOM killer may select the stub process.
This commit resolves this race by racing the opening of the exec fifo
from the runc parent process against the stub process exiting. If the
stub process exits before we open the fifo, we return an error.
Another solution is to wait on the stub process. However, it seems it
would require more refactoring to avoid calling wait multiple times on
the same process, which is an error.
SUSE-Bugs: bsc#1094680
Signed-off-by: Craig Furman
Signed-off-by: Aleksa Sarai
---
libcontainer/container_linux.go | 70 +++--
1 file changed, 61 insertions(+), 9 deletions(-)
diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go
index d7e7516e5493..1ffbff70ba5a 100644
--- a/libcontainer/container_linux.go
+++ b/libcontainer/container_linux.go
@@ -5,6 +5,7 @@ package libcontainer
import (
"bytes"
"encoding/json"
+ "errors"
"fmt"
"io"
"io/ioutil"
@@ -236,20 +237,71 @@ func (c *linuxContainer) Exec() error {
func (c *linuxContainer) exec() error {
path := filepath.Join(c.root, execFifoFilename)
- f, err := os.OpenFile(path, os.O_RDONLY, 0)
- if err != nil {
- return newSystemErrorWithCause(err, "open exec fifo for
reading")
+
+ fifoOpen := make(chan struct{})
+ select {
+ case <-awaitProcessExit(c.initProcess.pid(), fifoOpen):
+ return errors.New("container process is already dead")
+ case result := <-awaitFifoOpen(path):
+ close(fifoOpen)
+ if result.err != nil {
+ return result.err
+ }
+ f := result.file
+ defer f.Close()
+ if err := readFromExecFifo(f); err != nil {
+ return err
+ }
+ return os.Remove(path)
}
- defer f.Close()
- data, err := ioutil.ReadAll(f)
+}
+
+func readFromExecFifo(execFifo io.Reader) error {
+ data, err := ioutil.ReadAll(execFifo)
if err
commit docker-runc-kubic for openSUSE:Factory
Hello community,
here is the log from the commit of package docker-runc-kubic for
openSUSE:Factory checked in at 2018-06-05 12:56:51
Comparing /work/SRC/openSUSE:Factory/docker-runc-kubic (Old)
and /work/SRC/openSUSE:Factory/.docker-runc-kubic.new (New)
Package is "docker-runc-kubic"
Tue Jun 5 12:56:51 2018 rev:4 rq:614189 version:1.0.0rc4+gitr3338_3f2f8b84a77f
Changes:
--- /work/SRC/openSUSE:Factory/docker-runc-kubic/docker-runc-kubic.changes
2018-05-16 18:44:55.340076236 +0200
+++ /work/SRC/openSUSE:Factory/.docker-runc-kubic.new/docker-runc-kubic.changes
2018-06-05 12:56:53.064907022 +0200
@@ -1,0 +2,12 @@
+Tue Jun 5 08:46:09 UTC 2018 - dcass...@suse.com
+
+- Make use of %license macro
+
+---
+Tue Jun 5 06:38:40 UTC 2018 - asa...@suse.com
+
+- Remove 'go test' from %check section, as it has only ever caused us problems
+ and hasn't (as far as I remember) ever caught a release-blocking issue. Smoke
+ testing has been far more useful. boo#1095817
+
+---
Other differences:
--
++ docker-runc-kubic.spec ++
--- /var/tmp/diff_new_pack.mfHqt7/_old 2018-06-05 12:56:53.796880211 +0200
+++ /var/tmp/diff_new_pack.mfHqt7/_new 2018-06-05 12:56:53.800880064 +0200
@@ -143,23 +143,11 @@
man/md2man-all.sh
%check
-source ./.runc_build_env
-cd $HOME/go/src/%project
-
-PKG_LIST=$(go list ./... \
- | grep -v '%{project}/libcontainer/cgroups/fs$' \
- | grep -v '%{project}/libcontainer$' \
- | grep -v '%{project}/libcontainer/integration$' \
- | grep -v '%{project}/libcontainer/label$' \
- | grep -v '%{project}/libcontainer/nsenter$' \
- | grep -v '%{project}/libcontainer/user$' \
- | grep -v '%{project}/libcontainer/xattr$' \
-%if ! 0%{?with_libseccomp}
- | grep -v '%{project}/libcontainer/seccomp$' \
- | grep -v 'github.com/seccomp/libseccomp-golang$' \
-%endif
- )
-%go_tool test -buildmode=pie -tags "$BUILDTAGS" -timeout 3m -v $PKG_LIST
+# We used to run 'go test' here, however we found that this actually didn't
+# catch any issues that were caught by smoke testing, and %check would
+# continually cause package builds to fail due to flaky tests. If you ever need
+# to know how the testing was done, you can always look in the package history.
+# boo#1095817
%install
source ./.runc_build_env
@@ -181,7 +169,8 @@
%files
%defattr(-,root,root)
-%doc README.md LICENSE
+%doc README.md
+%license LICENSE
%{_sbindir}/docker-runc
%{_mandir}/man8/docker-runc*.8.gz
commit docker-runc-kubic for openSUSE:Factory
Hello community,
here is the log from the commit of package docker-runc-kubic for
openSUSE:Factory checked in at 2018-05-16 18:43:34
Comparing /work/SRC/openSUSE:Factory/docker-runc-kubic (Old)
and /work/SRC/openSUSE:Factory/.docker-runc-kubic.new (New)
Package is "docker-runc-kubic"
Wed May 16 18:43:34 2018 rev:3 rq:609106 version:1.0.0rc4+gitr3338_3f2f8b84a77f
Changes:
--- /work/SRC/openSUSE:Factory/docker-runc-kubic/docker-runc-kubic.changes
2018-02-12 14:46:18.096352049 +0100
+++ /work/SRC/openSUSE:Factory/.docker-runc-kubic.new/docker-runc-kubic.changes
2018-05-16 18:44:55.340076236 +0200
@@ -1,0 +2,5 @@
+Wed May 16 09:32:26 UTC 2018 - jmassaguer...@suse.com
+
+- Fix Obsoletes to fix bsc#1080978
+
+---
Other differences:
--
++ docker-runc-kubic.spec ++
--- /var/tmp/diff_new_pack.Dl5bmN/_old 2018-05-16 18:44:56.064050073 +0200
+++ /var/tmp/diff_new_pack.Dl5bmN/_new 2018-05-16 18:44:56.064050073 +0200
@@ -67,6 +67,7 @@
Recommends: criu
BuildRoot: %{_tmppath}/%{name}-%{version}-build
# Obsolete older package without -kubic suffix: v2 -> v3
+Obsoletes: runc = 0.1.1+gitr2819_50a19c6
Obsoletes: runc_50a19c6
# Conflict with non-kubic package, and provide equivalent
Conflicts: docker-runc
commit docker-runc-kubic for openSUSE:Factory
Hello community,
here is the log from the commit of package docker-runc-kubic for
openSUSE:Factory checked in at 2018-02-12 14:46:16
Comparing /work/SRC/openSUSE:Factory/docker-runc-kubic (Old)
and /work/SRC/openSUSE:Factory/.docker-runc-kubic.new (New)
Package is "docker-runc-kubic"
Mon Feb 12 14:46:16 2018 rev:2 rq:575611 version:1.0.0rc4+gitr3338_3f2f8b84a77f
Changes:
--- /work/SRC/openSUSE:Factory/docker-runc-kubic/docker-runc-kubic.changes
2018-02-01 21:28:35.183323858 +0100
+++ /work/SRC/openSUSE:Factory/.docker-runc-kubic.new/docker-runc-kubic.changes
2018-02-12 14:46:18.096352049 +0100
@@ -1,0 +2,10 @@
+Mon Feb 12 10:52:27 UTC 2018 - rbr...@suse.com
+
+- Add ${version} to equivalent non-kubic package provides
+
+---
+Thu Feb 8 12:35:05 UTC 2018 - rbr...@suse.com
+
+- Add Provides for equivalent non-kubic packages
+
+---
Other differences:
--
++ docker-runc-kubic.spec ++
--- /var/tmp/diff_new_pack.cai2Lp/_old 2018-02-12 14:46:18.720329555 +0100
+++ /var/tmp/diff_new_pack.cai2Lp/_new 2018-02-12 14:46:18.724329410 +0100
@@ -68,8 +68,9 @@
BuildRoot: %{_tmppath}/%{name}-%{version}-build
# Obsolete older package without -kubic suffix: v2 -> v3
Obsoletes: runc_50a19c6
-# Conflict with non-kubic package
+# Conflict with non-kubic package, and provide equivalent
Conflicts: docker-runc
+Provides: docker-runc = %{version}
# We provide a git revision so that Docker can require it properly.
Provides: %{name}-git = %{git_version}
@@ -93,8 +94,9 @@
BuildArch: noarch
# Obsolete older package without -kubic suffix: v2 -> v3
Obsoletes: runc-test = 0.1.1+gitr2819_50a19c6
-# Conflict with non-kubic package
+# Conflict with non-kubic package, and provide equivalent
Conflicts: docker-runc-test
+Provides: docker-runc-test = %{version}
%description test
Test package for runc. It contains the source code and the tests.
