Commit graph

570 commits

Author SHA1 Message Date
Tianon Gravi
c9e19a2aa1 Remove "seccomp" build tag
Similar to the (now removed) `apparmor` build tag, this build-time toggle existed for users who needed to build without the `libseccomp` library.  That's no longer necessary, and given the importance of seccomp to the overall default security profile of Docker containers, it makes sense that any binary built for Linux should support (and use by default) seccomp if the underlying host does.

Signed-off-by: Tianon Gravi <admwiggin@gmail.com>
2022-05-12 14:48:35 -07:00
Sebastiaan van Stijn
d294078dd0
update golang to 1.18.2
go1.18.2 (released 2022-05-10) includes security fixes to the syscall package,
as well as bug fixes to the compiler, runtime, the go command, and the crypto/x509,
go/types, net/http/httptest, reflect, and sync/atomic packages. See the Go 1.18.2
milestone on the issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.18.2+label%3ACherryPickApproved

Full diff: http://github.com/golang/go/compare/go1.18.1...go1.18.2

Includes fixes for:

- CVE-2022-29526 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526);
  (description at https://go.dev/issue/52313).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-05-11 13:08:25 +02:00
Sebastiaan van Stijn
219374e2cd
Merge pull request #43275 from kponichtera/43274-delve-debugger
Added Delve debugger to the development container
2022-05-10 18:34:45 +02:00
Konrad Ponichtera
7d328ea1d6
Added Delve debugger to the development container (including instructions in the contribution guide).
Signed-off-by: Konrad Ponichtera <konpon96@gmail.com>
2022-04-26 20:14:06 +02:00
Sebastiaan van Stijn
86ce946945
Merge pull request #43431 from crazy-max/goversioninfo
Switch to go-winres to create Windows resources
2022-04-20 16:34:48 +02:00
Sebastiaan van Stijn
ef64db5021
update golang to 1.18.1
go1.18.1 (released 2022-04-12) includes security fixes to the crypto/elliptic,
crypto/x509, and encoding/pem packages, as well as bug fixes to the compiler,
linker, runtime, the go command, vet, and the bytes, crypto/x509, and go/types
packages. See the Go 1.18.1 milestone on the issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.18.1+label%3ACherryPickApproved

Includes fixes for:

- CVE-2022-24675 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24675)
- CVE-2022-27536 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27536)
- CVE-2022-28327 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28327)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-19 09:14:18 +02:00
CrazyMax
fd2143e0b0
use go-winres for cross to create Windows resources
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-04-14 19:52:35 +02:00
Sebastiaan van Stijn
590e34eaf4
update golang to 1.18.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-16 12:14:56 +01:00
Sebastiaan van Stijn
e781cf5f64
update to go 1.17.8 to address CVE-2022-24921
Addresses [CVE-2022-24921](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24921)

go1.17.8 (released 2022-03-03) includes a security fix to the regexp/syntax package,
as well as bug fixes to the compiler, runtime, the go command, and the crypto/x509,
and net packages. See the Go 1.17.8 milestone on the issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.17.8+label%3ACherryPickApproved

full diff: https://github.com/golang/go/compare/go1.17.7...go1.17.8

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-04 16:36:56 +01:00
cuishuang
9efa8b3500 all: fix typos
Signed-off-by: cuishuang <imcusg@gmail.com>
2022-03-01 14:26:35 +08:00
Cory Snider
e9bbc41dd1 Remove local fork of archive/tar package
A copy of Go's archive/tar packge was vendored with a patch applied to
mitigate CVE-2019-14271. Vendoring standard library packages is not
supported by Go in module-aware mode, which is getting in the way of
maintenance. A different approach to mitigate the vulnerability is
needed which does not involve vendoring parts of the standard library.

glibc implements name service lookups such as users, groups and DNS
using a scheme known as Name Service Switch. The services are
implemented as modules, shared libraries which glibc dynamically links
into the process the first time a function requiring the module is
called. This is the crux of the vulnerability: if a process linked
against glibc chroots, then calls one of the functions implemented with
NSS for the first time, glibc may load NSS modules out of the chrooted
filesystem.

The API underlying the `docker cp` command is implemented by forking a
new process which chroots into the container's rootfs and writes a tar
stream of files from the container over standard output. It utilizes the
Go standard library's archive/tar package to write the tar stream. It
makes use of the tar.FileInfoHeader function to construct a tar.Header
value from an fs.FileInfo value. In modern versions of Go on *nix
platforms, FileInfoHeader will attempt to resolve the file's UID and GID
to their respective user and group names by calling the os/user
functions LookupId and LookupGroupId. The cgo implementation of os/user
on *nix performs lookups by calling the corresponding libc functions. So
when linked against glibc, calls to tar.FileInfoHeader after the
process has chrooted into the container's rootfs can have the side
effect of loading NSS modules from the container! Without any
mitigations, a malicious container image author can trivially get
arbitrary code execution by leveraging this vulnerability and escape the
chroot (which is not a sandbox) into the host.

Mitigate the vulnerability without patching or forking archive/tar by
hiding the OS-dependent file info from tar.FileInfoHeader which it needs
to perform the lookups. Without that information available it falls back
to populating the tar.Header with only the information obtainable
directly from the FileInfo value without making any calls into os/user.

Fixes #42402

Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-02-18 13:40:19 -05:00
Sebastiaan van Stijn
cad6c8f7f1
Update Go to 1.17.7
Includes security fixes for crypto/elliptic (CVE-2022-23806), math/big (CVE-2022-23772),
and cmd/go (CVE-2022-23773).

go1.17.7 (released 2022-02-10) includes security fixes to the crypto/elliptic,
math/big packages and to the go command, as well as bug fixes to the compiler,
linker, runtime, the go command, and the debug/macho, debug/pe, and net/http/httptest
packages. See the Go 1.17.7 milestone on our issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.17.7+label%3ACherryPickApproved

full diff: https://github.com/golang/go/compare/go1.17.6...go1.17.7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-15 16:17:43 +01:00
Sebastiaan van Stijn
646ace6ee3
Dockerfile: update golangci-lint v1.44.0
Looks like this may be needed for Go 1.18

Also updating the golangci-lint configuration to account for updated
exclusion rules.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-08 09:43:30 +01:00
Sebastiaan van Stijn
860db4f4e3
Merge pull request #43101 from thaJeztah/go_mod_rebase
vendor: use go mod (rebase after removal of deprecated host-discovery)
2022-01-20 09:21:49 +01:00
Ilya Dmitrichenko
a46f968229
vendor: replace vndr with go mod vendor
- use `vendor.mod` instead of `go.mod` to avoid issues to do with
  use of CalVer, not SemVer
- ensure most of the dependency versions do not change
  - only zookeeper client has to change (via docker/libkv#218) as
    previously used version is no longer maintained and has missing
    dependencies

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-18 15:46:00 +01:00
Sebastiaan van Stijn
f85ae526f0
Update Go to 1.17.6
go1.17.6 (released 2022-01-06) includes fixes to the compiler, linker, runtime,
and the crypto/x509, net/http, and reflect packages. See the Go 1.17.6 milestone
on our issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.17.6+label%3ACherryPickApproved

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-13 16:39:34 +01:00
Sebastiaan van Stijn
d620cb6afc
Update Go to 1.17.5
go1.17.5 (released 2021-12-09) includes security fixes to the syscall and net/http
packages. See the Go 1.17.5 milestone on the issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.17.5+label%3ACherryPickApproved

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-12-12 01:13:39 +01:00
Sebastiaan van Stijn
6bb3891c60
Update Go to 1.17.4
go1.17.4 (released 2021-12-02) includes fixes to the compiler, linker, runtime,
and the go/types, net/http, and time packages. See the Go 1.17.4 milestone on
the issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.17.4+label%3ACherryPickApproved

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-12-06 10:13:39 +01:00
Sebastiaan van Stijn
ce668d6c1e
Update Go to 1.17.3
go1.17.3 (released 2021-11-04) includes security fixes to the archive/zip and
debug/macho packages, as well as bug fixes to the compiler, linker, runtime, the
go command, the misc/wasm directory, and to the net/http and syscall packages.
See the Go 1.17.3 milestone on our issue tracker for details.

From the announcement e-mail:

[security] Go 1.17.3 and Go 1.16.10 are released

We have just released Go versions 1.17.3 and 1.16.10, minor point releases.
These minor releases include two security fixes following the security policy:

- archive/zip: don't panic on (*Reader).Open
  Reader.Open (the API implementing io/fs.FS introduced in Go 1.16) can be made
  to panic by an attacker providing either a crafted ZIP archive containing
  completely invalid names or an empty filename argument.
  Thank you to Colin Arnott, SiteHost and Noah Santschi-Cooney, Sourcegraph Code
  Intelligence Team for reporting this issue. This is CVE-2021-41772 and Go issue
  golang.org/issue/48085.
- debug/macho: invalid dynamic symbol table command can cause panic
  Malformed binaries parsed using Open or OpenFat can cause a panic when calling
  ImportedSymbols, due to an out-of-bounds slice operation.
  Thanks to Burak Çarıkçı - Yunus Yıldırım (CT-Zer0 Crypttech) for reporting this
  issue. This is CVE-2021-41771 and Go issue golang.org/issue/48990.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-11-05 10:55:40 +01:00
Sebastiaan van Stijn
1c7a47f709
Dockerfile: switch CRIU install to Debian 11 "bullseye" packages
There's a package repository for Debian 11 "bullseye" now.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-15 10:43:15 +02:00
Sebastiaan van Stijn
13adcfafde
Revert "Dockerfile: CRIU: disable GPG validation, due to expired signing key"
This reverts commit 089a33e7c5.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-14 21:13:06 +02:00
Sebastiaan van Stijn
1d8c3c3cfb
Merge pull request #42922 from thaJeztah/bump_go_1.17.2
Update Go to 1.17.2
2021-10-14 20:48:36 +02:00
Sebastiaan van Stijn
089a33e7c5
Dockerfile: CRIU: disable GPG validation, due to expired signing key
This is a horrible thing to do, but CRIU installed here is only used as
part of our CI / integration tests. We should of course remove this
hack ASAP once the opensuse packagers have set up a new key, but at
least this allows us to unblock CI, which is currently completely
broken:

    ADD --chmod=0644 https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_10/Release.key /etc/apt/trusted.gpg.d/criu.gpg.asc
    RUN --mount=type=cache,sharing=locked,id=moby-criu-aptlib,target=/var/lib/apt \
        --mount=type=cache,sharing=locked,id=moby-criu-aptcache,target=/var/cache/apt \
             echo 'deb https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_10/ /' > /etc/apt/sources.list.d/criu.list \
             && apt-get update \
             && apt-get install -y --no-install-recommends criu \
             && install -D /usr/sbin/criu /build/criu

    Hit:1 http://cdn-fastly.deb.debian.org/debian bullseye InRelease
    Hit:2 http://cdn-fastly.deb.debian.org/debian-security bullseye-security InRelease
    Hit:3 http://cdn-fastly.deb.debian.org/debian bullseye-updates InRelease
    Get:4 https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_10  InRelease [1540 B]
    Err:4 https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_10  InRelease
      The following signatures were invalid: EXPKEYSIG 30A8343A498D5A23 devel:tools OBS Project <devel:tools@build.opensuse.org>
    Reading package lists...
    W: GPG error: https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_10  InRelease: The following signatures were invalid: EXPKEYSIG 30A8343A498D5A23 devel:tools OBS Project <devel:tools@build.opensuse.org>
    E: The repository 'https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_10  InRelease' is not signed.

And, checking the signing key (with `apt-key list`):

    /etc/apt/trusted.gpg.d/criu.gpg.asc
    -----------------------------------
    pub   rsa2048 2015-05-03 [SC] [expired: 2021-10-13]
          428E 4E34 8405 CE79 00DB  99C2 30A8 343A 498D 5A23
    uid           [ expired] devel:tools OBS Project <devel:tools@build.opensuse.org>

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-14 18:25:22 +02:00
Sebastiaan van Stijn
e7fb0c8201
Update Go to 1.17.2
go1.17.2 (released 2021-10-07) includes a security fix to the linker and misc/wasm
directory, as well as bug fixes to the compiler, the runtime, the go command, and
to the time and text/template packages. See the Go 1.17.2 milestone on our issue
tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.17.2+label%3ACherryPickApproved

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-08 15:12:36 +02:00
Sebastiaan van Stijn
ce715505bd
Dockerfile: update test-registries to released versions
- using v2.1.0 for the "v1" registry (last release with only v1)
- using v2.3.0 as "current" version (was v2.3.0-rc.0)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-09-24 18:23:07 +02:00
Sebastiaan van Stijn
b954e4793b
Dockerfile: move installers into Dockerfile
This moves installers that are only used during CI into the Dockerfile. Some
installers are still used in the release-pipeline, so keeping thos for now.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-09-24 16:43:59 +02:00
Akihiro Suda
6014c1e29d
Merge pull request #41759 from giuseppe/zstd-compression
compression: add support for the zstd algorithm
2021-09-17 17:01:45 +09:00
Giuseppe Scrivano
e187eb2bb5
compression: add support for the zstd algorithm
zstd is a compression algorithm that has a very fast decoder, while
providing also good compression ratios.  The fast decoder makes it
suitable for container images, as decompressing the tarballs is a very
expensive operation.

https://github.com/opencontainers/image-spec/pull/788 added support
for zstd to the OCI image specs.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2021-09-16 17:03:47 +02:00
Sebastiaan van Stijn
0050ddd43b
Update Go to 1.17.1
This includes additional fixes for CVE-2021-39293.

go1.17.1 (released 2021-09-09) includes a security fix to the archive/zip package,
as well as bug fixes to the compiler, linker, the go command, and to the crypto/rand,
embed, go/types, html/template, and net/http packages. See the Go 1.17.1 milestone
on the issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.17.1+label%3ACherryPickApproved

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-09-15 13:34:59 +02:00
Sebastiaan van Stijn
a7a7c732c0
Dockerfile: use version for some utilities instead of commit-sha
The golangci-lint, gotestsum, shfmt, and vndr utilities should generally
be ok to be pinned by version instead of a specific sha. Also rename
the corresponding env-vars / build-args accordingly:

- GOLANGCI_LINT_COMMIT -> GOLANGCI_LINT_VERSION
- GOTESTSUM_COMMIT -> GOTESTSUM_VERSION
- SHFMT_COMMIT -> SHFMT_VERSION
- VNDR_COMMIT -> VNDR_VERSION
- CONTAINERD_COMMIT -> CONTAINERD_VERSION
- RUNC_COMMIT -> RUNC_VERSION
- ROOTLESS_COMMIT -> ROOTLESS_VERSION

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-09-02 21:23:20 +02:00
Sebastiaan van Stijn
686be57d0a
Update to Go 1.17.0, and gofmt with Go 1.17
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-24 23:33:27 +02:00
Sebastiaan van Stijn
f68260ba22
Dockerfile: frozen images: update to bullseye, remove buildpack-dep
Update the frozen images to also be based on Debian bullseye. Using the "slim"
variant (which looks to have all we're currently using),  and remove the
buildpack-dep frozen image.

The buildpack-dep image is quite large, and it looks like we only use it to
compile some C binaries, which should work fine on a regular debian image;

    docker build -t debian:bullseye-slim-gcc -<<EOF
    FROM debian:bullseye-slim
    RUN apt-get update && apt-get install -y gcc libc6-dev --no-install-recommends
    EOF

    docker image ls

    REPOSITORY        TAG                 IMAGE ID       CREATED          SIZE
    debian            bullseye-slim-gcc   1851750242af   About a minute ago   255MB
    buildpack-deps    bullseye            fe8fece98de2   2 days ago           834MB

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-20 18:23:06 +02:00
Sebastiaan van Stijn
1effe7435a
Dockerfile: add back libseccomp-dev to cross-compile runc
commit 7168d98c43 removed these, but
we overlooked that the same stage is used to build runc as well, so
we likely need these.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-20 18:23:04 +02:00
Sebastiaan van Stijn
43c6a3d359
Dockerfile: update to debian bullseye
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-20 18:22:57 +02:00
Sebastiaan van Stijn
3ab8decad7
Dockerfile: remove aufs-tools, as it's not available on bullseye
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-20 13:33:11 +02:00
Sebastiaan van Stijn
882fd19f39
Dockerfile: update to docker/dockerfile:1.3, and remove temporary fix
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-20 13:33:09 +02:00
Sebastiaan van Stijn
b1f7ffea9f
Update Go to 1.16.7
go1.16.7 (released 2021-08-05) includes a security fix to the net/http/httputil
package, as well as bug fixes to the compiler, the linker, the runtime, the go
command, and the net/http package. See the Go 1.16.7 milestone on the issue
tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.16.7+label%3ACherryPickApproved

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-07 18:14:58 +02:00
Sebastiaan van Stijn
fe6f1a4067
Bump go 1.16.6 (addresses CVE-2021-34558)
This addresses CVE-2021-34558: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558

go1.16.6 (released 2021-07-12) includes a security fix to the crypto/tls package,
as well as bug fixes to the compiler, and the net and net/http packages. See the
Go 1.16.6 milestone on the issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.16.6+label%3ACherryPickApproved

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-13 12:42:59 +02:00
Sebastiaan van Stijn
42d2048b9d
Dockerfile: update go-swagger to fix validation on Go1.16
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-02 22:17:59 +02:00
Frédéric Dalleau
e93132e273 Add s390x to cross platforms target
Update build script and buid environment for supporting s390x
Signed-off-by: Frédéric Dalleau <frederic.dalleau@docker.com>
2021-06-24 18:52:55 +02:00
Frédéric Dalleau
3a208c0ff9 Add ppc64le to cross platforms target
debian uses ppc64el
go uses ppc64le
the cross compiler is powerpc64le
Signed-off-by: Frédéric Dalleau <frederic.dalleau@docker.com>
2021-06-24 18:51:49 +02:00
Frédéric Dalleau
7168d98c43 Remove libseccomp dependency in runtime-dev-cross-true image
It turns out libseccomp is not used for building docker at all.
It is only used for building runc (and needs libseccomp > 2.4)

Signed-off-by: Frédéric Dalleau <frederic.dalleau@docker.com>
2021-06-22 22:18:03 +02:00
Sebastiaan van Stijn
ae5ddd257c
Bump go 1.16.5
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-10 13:04:45 +02:00
Brian Goff
a77317882d
Merge pull request #42262 from cpuguy83/move_libnetwork
Move libnetwork
2021-06-03 12:06:31 -07:00
Brian Goff
86c8b8f1a0 Move proxy build into hack/make
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2021-06-01 22:14:06 +00:00
Kir Kolyshkin
c8e6ad1adc
Dockerfile: install criu from binary repo
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-01 14:38:20 +02:00
moby
31b2c3bbd9
hack/vendor: add check for vendored archive/tar
Also allow re-vendoring using `./hack/vendor.sh archive/tar`

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-05-20 18:57:52 +02:00
Sebastiaan van Stijn
c35cefb489
Dockerfile: update yamllint to v1.26.1 to fix build
Installation of yamllint started failing, on non-amd64 builds, which could
be if the version we were using wasn't specific enough about a dependency
to install.

    copying Cython/Utility/CppSupport.cpp -> build/lib.linux-aarch64-3.7/Cython/Utility
    running build_ext
    building 'Cython.Plex.Scanners' extension
    creating build/temp.linux-aarch64-3.7
    creating build/temp.linux-aarch64-3.7/tmp
    creating build/temp.linux-aarch64-3.7/tmp/pip-install-jasgbmp7
    creating build/temp.linux-aarch64-3.7/tmp/pip-install-jasgbmp7/Cython
    creating build/temp.linux-aarch64-3.7/tmp/pip-install-jasgbmp7/Cython/Cython
    creating build/temp.linux-aarch64-3.7/tmp/pip-install-jasgbmp7/Cython/Cython/Plex
    aarch64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -I/usr/include/python3.7m -c /tmp/pip-install-jasgbmp7/Cython/Cython/Plex/Scanners.c -o build/temp.linux-aarch64-3.7/tmp/pip-install-jasgbmp7/Cython/Cython/Plex/Scanners.o
         /tmp/pip-install-jasgbmp7/Cython/Cython/Plex/Scanners.c:21:10: fatal error: Python.h: No such file or directory
          #include "Python.h"
                   ^~~~~~~~~~
         compilation terminated.
         error: command 'aarch64-linux-gnu-gcc' failed with exit status 1

         ----------------------------------------
     Command "/usr/bin/python3 -u -c "import setuptools, tokenize;__file__='/tmp/pip-install-jasgbmp7/Cython/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" install --record /tmp/pip-record-if5qclwe/install-record.txt --single-version-externally-managed --prefix /tmp/pip-build-env-_dtiuyfw --compile" failed with error code 1 in /tmp/pip-install-jasgbmp7/Cython/

      ----------------------------------------
    Command "/usr/bin/python3 -m pip install --ignore-installed --no-user --prefix /tmp/pip-build-env-_dtiuyfw --no-warn-script-location --no-binary :none: --only-binary :none: -i https://pypi.org/simple -- setuptools wheel Cython" failed with error code 1 in None
    #22 ERROR: executor failed running [/bin/sh -c pip3 install yamllint==1.16.0]: exit code: 1

Trying if updating to the latest version fixes this.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-04-15 21:30:10 +02:00
Sebastiaan van Stijn
1d4a273487
validate/toml: switch to github.com/pelletier/go-toml
The github.com/BurntSushi/toml project is no longer maintained,
and containerd is switching to this project instead, so start
moving our code as well.

This patch only changes the binary used during validation (tbh,
we could probably remove this validation step, but leaving that
for now).

I manually verified that the hack/verify/toml still works by adding a commit
that makes the MAINTAINERS file invalid;

        diff --git a/MAINTAINERS b/MAINTAINERS
        index b739e7e20c..81ababd8de 100644
        --- a/MAINTAINERS
        +++ b/MAINTAINERS
        @@ -23,7 +23,7 @@
                # a subsystem, they are responsible for doing so and holding the
                # subsystem maintainers accountable. If ownership is unclear, they are the de facto owners.

        -               people = [
        +               people =
                                "akihirosuda",
                                "anusha",
                                "coolljt0725",

Running `hack/verify/toml` was able to detect the broken format;

        hack/validate/toml
        (27, 4): keys cannot contain , characterThese files are not valid TOML:
         - MAINTAINERS

        Please reformat the above files as valid TOML

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-04-02 16:08:17 +02:00
Akihiro Suda
4735a0c84f
Merge pull request #42054 from jhuntwork/41704-update-libseccomp 2021-03-15 05:54:43 +09:00