Containerd is no longer maintained under the docker github project and now
has an official website, so refer to that in the help text.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This reverts commit 905e976a6a.
With the bump to 1.0.0-rc7, runc no longer needs O_TMPFILE.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This reverts commit ce76a98902.
With the bump to 1.0.0-rc7, runc no longer needs O_TMPFILE.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The hidden Config.in option BR2_PACKAGE_HOST_GO_ARCH_SUPPORTS name is
not very clear as to whether it says whether Go is available for the
target architecture or the host architecture.
Until now, this was fine since there was support for host Go
packages. But as we are about to introduce support for building host
Go packages, we need to clarify the meaning of
BR2_PACKAGE_HOST_GO_ARCH_SUPPORTS. Since it says whether the target
architecture has support for Go or not, we rename it to
BR2_PACKAGE_HOST_GO_TARGET_ARCH_SUPPORTS.
And since BR2_PACKAGE_HOST_GO_CGO_LINKING_SUPPORTS is tightly related,
we rename it to BR2_PACKAGE_HOST_GO_TARGET_CGO_LINKING_SUPPORTS.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Tested-by: Adam Duskett <aduskett@gmail.com>
[Thomas: entirely rewrite commit log]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes:
http://autobuild.buildroot.net/results/63e9d88ae5177541be463f1e2aafec59aa410479
Add dependency on headers >= 3.11 for O_TMPFILE, used by runc after the
fix for CVE-2019-5736 and propagate to the reverse dependencies of runc.
Notice that C library support for O_TMPFILE is also needed, which was added
in glibc 2.19 and musl 0.9.15.
Signed-off-by: Christian Stewart <christian@paral.in>
[Peter: squash series, extend commit message, mention C library dependency,
fix indentation]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 6e3f7fbc07 ("package/runc: add
upstream security fix for CVE-2019-5736") added a dependency of
docker-containerd to uclibc (inherited from runc), but the depends on
has a typo that makes it ineffective. Due to this, docker-containerd
can still be selected in uClibc configurations, causing runc to be
build, and failing to build due fexecve() being missing in uClibc.
Fixes:
http://autobuild.buildroot.net/results/64ecdb1e007106fdb05979b10b42b90591255504/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The vulnerability allows a malicious container to (with minimal user
interaction) overwrite the host runc binary and thus gain root-level
code execution on the host. The level of user interaction is being able
to run any command (it doesn't matter if the command is not
attacker-controlled) as root within a container in either of these
contexts:
* Creating a new container using an attacker-controlled image.
* Attaching (docker exec) into an existing container which the
attacker had previous write access to.
For more details, see the advisory:
https://www.openwall.com/lists/oss-security/2019/02/11/2
The fix for this issue uses fexecve(3), which isn't available on uClibc, so
add a dependency on !uclibc to runc and propagate to the reverse
dependencies (containerd/docker-engine).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit bumps docker-containerd to v1.1.3.
This is a requisite bump for the upgrade of docker-engine to 2018.06.
The license file was renamed from LICENSE.code to LICENSE, so we take
this opportunity to add the hash for the license file. The only change
between LICENSE.code and LICENSE is:
- Copyright 2013-2016 Docker, Inc.
+ Copyright The containerd Authors
Signed-off-by: Christian Stewart <christian@paral.in>
[Thomas: fix legal info, add hash for license file.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit 006a328ad6 ("util-linux: fix build with ncurses") removed
dependency on BR2_USE_WCHAR, but failed to update the reverse
dependencies of util-linux.
This commit fixes all such reverse dependencies by removing dependency
on BR2_USE_WCHAR as it is not required by package itself.
Fixes: 006a328ad6 ("util-linux: fix build with ncurses")
Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
docker-containerd is a daemon and API for controlling and managing runC
containers.
https://containerd.tools/
Signed-off-by: Christian Stewart <christian@paral.in>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
[Thomas:
- simplify a bit the comments about the runtime dependencies
- add missing comment on wchar, and take into account the BR2_USE_MMU
dependency in the comment
- factorize the build step with a foreach loop.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
