[arch-commits] Commit in containers-common/trunk (2 files)

David Runge dvzrv at archlinux.org
Wed Nov 25 18:43:10 UTC 2020


    Date: Wednesday, November 25, 2020 @ 18:43:10
  Author: dvzrv
Revision: 761203

upgpkg: containers-common 0.29.0-3: Rebuild to comment broken upstream defaults.

The default_capabilities and default_sysctls are too strict and
upstream uncommented them with common-0.29.0 (which breaks on Arch).

Fixes FS#68742 and FS#68743.

Added:
  containers-common/trunk/containers-common-0.29.0-comment_defaults.patch
Modified:
  containers-common/trunk/PKGBUILD

-------------------------------------------------+
 PKGBUILD                                        |   17 ++++++-
 containers-common-0.29.0-comment_defaults.patch |   48 ++++++++++++++++++++++
 2 files changed, 62 insertions(+), 3 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2020-11-25 18:42:40 UTC (rev 761202)
+++ PKGBUILD	2020-11-25 18:43:10 UTC (rev 761203)
@@ -6,7 +6,7 @@
 _podman_pkgver=2.1.1
 _skopeo_pkgver=1.2.0
 _storage_pkgver=1.24.1
-pkgrel=2
+pkgrel=3
 pkgdesc="Configuration files and manpages for containers"
 arch=('any')
 url="https://github.com/containers"
@@ -28,6 +28,7 @@
         "skopeo-${_skopeo_pkgver}.tar.gz::https://github.com/containers/skopeo/archive/v${_skopeo_pkgver}.tar.gz"
         "storage-${_storage_pkgver}.tar.gz::https://github.com/containers/storage/archive/v${_storage_pkgver}.tar.gz"
         'mounts.conf'
+        "${pkgname}-0.29.0-comment_defaults.patch"
 )
 sha512sums=('16273332342689ae3f06ebb5bf35b07422c7fdb3635760a7e126b7a7b1fe495527b18ffb05019070eb72639855224d3c2e139e14ac6dff7bdd05ffd8e5f627e0'
             '5eb77cd2270eb90d77ba5057e57d704f5a4b7d8a13dc1621cc761029a55fbe32a9db2d68252ad04ca6966560d5ad2e64857cd1cf714f4808cbed5798b796e42e'
@@ -34,13 +35,15 @@
             '94096aca1816bb1726b74c71a3c3cd50c4c783110c79dd00e851e6292438ccae7b933b6028177039a7d7d96373afcb783f4bc0449a62c18ae97d73767ee3fa26'
             '630f4209eb6e45c7e99731f98e32705cc7e8f476a5b288f74d7596dd449e0e30e7cebb64c1ecd2562fb1516d91b8ce0e8a41a479a7b1e337d16f8b1fa5b29f9e'
             '2f1244a270c756f7a135e6e5cda25029d6e487fc5b6b4315c3961e2be2e6a96e4c297da101bf7386c087d67af8f8c30938881dcc15d08e8adcffd3780b161fe7'
-            '11fa515bbb0686d2b49c4fd2ab35348cb19f9c6780d6eb951a33b07ed7b7c72a676627f36e8c74e1a2d15e306d4537178f0e127fd3490f6131d078e56b46d5e1')
+            '11fa515bbb0686d2b49c4fd2ab35348cb19f9c6780d6eb951a33b07ed7b7c72a676627f36e8c74e1a2d15e306d4537178f0e127fd3490f6131d078e56b46d5e1'
+            'e3079aff83f6f0e881d488d69eeceba248d8a6e8e682ce7ad6d2368d14088e2251c0acdf0f4d504242b9ba2d961415d0fe26e4ee22d0a205cadc1250e52f0955')
 b2sums=('a7099556d893067dea30971cff1d73ce1e6a0b9c7fdb9873433d9f0058e4bfb5a7556a741aa44b11172f3fec008a72d1b4a10fde32a166c3848423961c3c9c79'
         'c9351576bfd8a3e82479b1f567685b71379be64f8475cdaafc0fb70f990ee3cf217e575e1a01e38f9d02ab23de5d5fc9224b9464b83f6dfe38972455c91af41e'
         '48e72cc436395b33bef04bf7a95106c5e13cb4fc57e1f7ee04576afc9c86b418373286f368193026206e0f74b39e3fce1b62d7bc794d6e504119db8b0726203d'
         '0c5c0b5e35e278913efef316835c105f49fc0552a1a21159591cc11ec201a306d392c2e8af81c2636b86c7cc52b60f986658516034836128f17265b0f0f2edc6'
         '7caacf5d2e0b952c27c4b82a9e824ce5f79e714ce227a375e06686c0744b63a6416b04639b1d903e89aac494c03f7490d2f91934f9bd534355175718c92a89c8'
-        '2f4b0af3271103362a898e7fcc3ec05f06755902ad664ac3107bb8debb8b2ac0d50de311d5fc651279a817a56e3ff05864a7e77c0d8fc628ff7411bfb98c9b69')
+        '2f4b0af3271103362a898e7fcc3ec05f06755902ad664ac3107bb8debb8b2ac0d50de311d5fc651279a817a56e3ff05864a7e77c0d8fc628ff7411bfb98c9b69'
+        '716f66af2bc76b08ed767732618bb5e74dd8d2c518cd3d1a94f78f493df00a4a0ee1c83d54fb92756e10649a0a5c1d51eb702a43b205b20debbcd0ebebed05c3')
 
 prepare() {
   (
@@ -47,6 +50,14 @@
     cd "storage-${_storage_pkgver}"
     sed -r 's/(GOMD2MAN = ).*/\1 go-md2man/' -i docs/Makefile
   )
+  (
+    cd "common-${pkgver}"
+    # comment default_capabilities and default_sysctls
+    # https://bugs.archlinux.org/task/68742
+    # https://bugs.archlinux.org/task/68743
+    patch -Np1 -i ../"${pkgname}-0.29.0-comment_defaults.patch"
+  )
+
 }
 
 build() {

Added: containers-common-0.29.0-comment_defaults.patch
===================================================================
--- containers-common-0.29.0-comment_defaults.patch	                        (rev 0)
+++ containers-common-0.29.0-comment_defaults.patch	2020-11-25 18:43:10 UTC (rev 761203)
@@ -0,0 +1,48 @@
+diff -ruN a/pkg/config/containers.conf b/pkg/config/containers.conf
+--- a/pkg/config/containers.conf	2020-11-20 21:33:14.000000000 +0100
++++ b/pkg/config/containers.conf	2020-11-25 19:27:56.224267486 +0100
+@@ -59,28 +59,28 @@
+ # List of default capabilities for containers. If it is empty or commented out,
+ # the default capabilities defined in the container engine will be added.
+ #
+-default_capabilities = [
+-    "CHOWN",
+-    "DAC_OVERRIDE",
+-    "FOWNER",
+-    "FSETID",
+-    "KILL",
+-    "NET_BIND_SERVICE",
+-    "SETFCAP",
+-    "SETGID",
+-    "SETPCAP",
+-    "SETUID",
+-    "SYS_CHROOT"
+-]
++# default_capabilities = [
++#     "CHOWN",
++#     "DAC_OVERRIDE",
++#     "FOWNER",
++#     "FSETID",
++#     "KILL",
++#     "NET_BIND_SERVICE",
++#     "SETFCAP",
++#     "SETGID",
++#     "SETPCAP",
++#     "SETUID",
++#     "SYS_CHROOT"
++# ]
+ 
+ 
+ # A list of sysctls to be set in containers by default,
+ # specified as "name=value",
+ # for example:"net.ipv4.ping_group_range = 0 0".
+ #
+-default_sysctls = [
+- "net.ipv4.ping_group_range=0 0",
+-]
++# default_sysctls = [
++#  "net.ipv4.ping_group_range=0 0",
++# ]
+ 
+ # A list of ulimits to be set in containers by default, specified as
+ # "<ulimit name>=<soft limit>:<hard limit>", for example:


More information about the arch-commits mailing list