[arch-commits] Commit in containers-common/trunk (2 files)
David Runge
dvzrv at archlinux.org
Wed Nov 25 18:43:10 UTC 2020
Date: Wednesday, November 25, 2020 @ 18:43:10
Author: dvzrv
Revision: 761203
upgpkg: containers-common 0.29.0-3: Rebuild to comment broken upstream defaults.
The default_capabilities and default_sysctls are too strict and
upstream uncommented them with common-0.29.0 (which breaks on Arch).
Fixes FS#68742 and FS#68743.
Added:
containers-common/trunk/containers-common-0.29.0-comment_defaults.patch
Modified:
containers-common/trunk/PKGBUILD
-------------------------------------------------+
PKGBUILD | 17 ++++++-
containers-common-0.29.0-comment_defaults.patch | 48 ++++++++++++++++++++++
2 files changed, 62 insertions(+), 3 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2020-11-25 18:42:40 UTC (rev 761202)
+++ PKGBUILD 2020-11-25 18:43:10 UTC (rev 761203)
@@ -6,7 +6,7 @@
_podman_pkgver=2.1.1
_skopeo_pkgver=1.2.0
_storage_pkgver=1.24.1
-pkgrel=2
+pkgrel=3
pkgdesc="Configuration files and manpages for containers"
arch=('any')
url="https://github.com/containers"
@@ -28,6 +28,7 @@
"skopeo-${_skopeo_pkgver}.tar.gz::https://github.com/containers/skopeo/archive/v${_skopeo_pkgver}.tar.gz"
"storage-${_storage_pkgver}.tar.gz::https://github.com/containers/storage/archive/v${_storage_pkgver}.tar.gz"
'mounts.conf'
+ "${pkgname}-0.29.0-comment_defaults.patch"
)
sha512sums=('16273332342689ae3f06ebb5bf35b07422c7fdb3635760a7e126b7a7b1fe495527b18ffb05019070eb72639855224d3c2e139e14ac6dff7bdd05ffd8e5f627e0'
'5eb77cd2270eb90d77ba5057e57d704f5a4b7d8a13dc1621cc761029a55fbe32a9db2d68252ad04ca6966560d5ad2e64857cd1cf714f4808cbed5798b796e42e'
@@ -34,13 +35,15 @@
'94096aca1816bb1726b74c71a3c3cd50c4c783110c79dd00e851e6292438ccae7b933b6028177039a7d7d96373afcb783f4bc0449a62c18ae97d73767ee3fa26'
'630f4209eb6e45c7e99731f98e32705cc7e8f476a5b288f74d7596dd449e0e30e7cebb64c1ecd2562fb1516d91b8ce0e8a41a479a7b1e337d16f8b1fa5b29f9e'
'2f1244a270c756f7a135e6e5cda25029d6e487fc5b6b4315c3961e2be2e6a96e4c297da101bf7386c087d67af8f8c30938881dcc15d08e8adcffd3780b161fe7'
- '11fa515bbb0686d2b49c4fd2ab35348cb19f9c6780d6eb951a33b07ed7b7c72a676627f36e8c74e1a2d15e306d4537178f0e127fd3490f6131d078e56b46d5e1')
+ '11fa515bbb0686d2b49c4fd2ab35348cb19f9c6780d6eb951a33b07ed7b7c72a676627f36e8c74e1a2d15e306d4537178f0e127fd3490f6131d078e56b46d5e1'
+ 'e3079aff83f6f0e881d488d69eeceba248d8a6e8e682ce7ad6d2368d14088e2251c0acdf0f4d504242b9ba2d961415d0fe26e4ee22d0a205cadc1250e52f0955')
b2sums=('a7099556d893067dea30971cff1d73ce1e6a0b9c7fdb9873433d9f0058e4bfb5a7556a741aa44b11172f3fec008a72d1b4a10fde32a166c3848423961c3c9c79'
'c9351576bfd8a3e82479b1f567685b71379be64f8475cdaafc0fb70f990ee3cf217e575e1a01e38f9d02ab23de5d5fc9224b9464b83f6dfe38972455c91af41e'
'48e72cc436395b33bef04bf7a95106c5e13cb4fc57e1f7ee04576afc9c86b418373286f368193026206e0f74b39e3fce1b62d7bc794d6e504119db8b0726203d'
'0c5c0b5e35e278913efef316835c105f49fc0552a1a21159591cc11ec201a306d392c2e8af81c2636b86c7cc52b60f986658516034836128f17265b0f0f2edc6'
'7caacf5d2e0b952c27c4b82a9e824ce5f79e714ce227a375e06686c0744b63a6416b04639b1d903e89aac494c03f7490d2f91934f9bd534355175718c92a89c8'
- '2f4b0af3271103362a898e7fcc3ec05f06755902ad664ac3107bb8debb8b2ac0d50de311d5fc651279a817a56e3ff05864a7e77c0d8fc628ff7411bfb98c9b69')
+ '2f4b0af3271103362a898e7fcc3ec05f06755902ad664ac3107bb8debb8b2ac0d50de311d5fc651279a817a56e3ff05864a7e77c0d8fc628ff7411bfb98c9b69'
+ '716f66af2bc76b08ed767732618bb5e74dd8d2c518cd3d1a94f78f493df00a4a0ee1c83d54fb92756e10649a0a5c1d51eb702a43b205b20debbcd0ebebed05c3')
prepare() {
(
@@ -47,6 +50,14 @@
cd "storage-${_storage_pkgver}"
sed -r 's/(GOMD2MAN = ).*/\1 go-md2man/' -i docs/Makefile
)
+ (
+ cd "common-${pkgver}"
+ # comment default_capabilities and default_sysctls
+ # https://bugs.archlinux.org/task/68742
+ # https://bugs.archlinux.org/task/68743
+ patch -Np1 -i ../"${pkgname}-0.29.0-comment_defaults.patch"
+ )
+
}
build() {
Added: containers-common-0.29.0-comment_defaults.patch
===================================================================
--- containers-common-0.29.0-comment_defaults.patch (rev 0)
+++ containers-common-0.29.0-comment_defaults.patch 2020-11-25 18:43:10 UTC (rev 761203)
@@ -0,0 +1,48 @@
+diff -ruN a/pkg/config/containers.conf b/pkg/config/containers.conf
+--- a/pkg/config/containers.conf 2020-11-20 21:33:14.000000000 +0100
++++ b/pkg/config/containers.conf 2020-11-25 19:27:56.224267486 +0100
+@@ -59,28 +59,28 @@
+ # List of default capabilities for containers. If it is empty or commented out,
+ # the default capabilities defined in the container engine will be added.
+ #
+-default_capabilities = [
+- "CHOWN",
+- "DAC_OVERRIDE",
+- "FOWNER",
+- "FSETID",
+- "KILL",
+- "NET_BIND_SERVICE",
+- "SETFCAP",
+- "SETGID",
+- "SETPCAP",
+- "SETUID",
+- "SYS_CHROOT"
+-]
++# default_capabilities = [
++# "CHOWN",
++# "DAC_OVERRIDE",
++# "FOWNER",
++# "FSETID",
++# "KILL",
++# "NET_BIND_SERVICE",
++# "SETFCAP",
++# "SETGID",
++# "SETPCAP",
++# "SETUID",
++# "SYS_CHROOT"
++# ]
+
+
+ # A list of sysctls to be set in containers by default,
+ # specified as "name=value",
+ # for example:"net.ipv4.ping_group_range = 0 0".
+ #
+-default_sysctls = [
+- "net.ipv4.ping_group_range=0 0",
+-]
++# default_sysctls = [
++# "net.ipv4.ping_group_range=0 0",
++# ]
+
+ # A list of ulimits to be set in containers by default, specified as
+ # "<ulimit name>=<soft limit>:<hard limit>", for example:
More information about the arch-commits
mailing list