homedir: add cgo or osusergo buildtag constraints for unix#39994
Merged
thaJeztah merged 1 commit intomoby:masterfrom Sep 30, 2019
Merged
homedir: add cgo or osusergo buildtag constraints for unix#39994thaJeztah merged 1 commit intomoby:masterfrom
thaJeztah merged 1 commit intomoby:masterfrom
Conversation
This is to ensure that users of the homedir package cannot compile statically (CGO_ENABLED=0) without also setting the osusergo build tag. Signed-off-by: Tibor Vass <tibor@docker.com>
9690cab to
023b072
Compare
Member
|
ping @kolyshkin @tonistiigi PTAL |
Member
|
SGTM |
Member
|
all green; let's merge |
thaJeztah
added a commit
to thaJeztah/cli
that referenced
this pull request
Oct 23, 2019
full diff: moby/moby@b6684a4...a30990b relevant changes: - moby/moby#39995 Update containerd binary to v1.2.10 - moby/moby#40001 Update runc to v1.0.0-rc8-92-g84373aaa (CVE-2019-16884) - moby/moby#39999 bump golang 1.13.1 (CVE-2019-16276) - moby/moby#40102 bump golang 1.13.3 (CVE-2019-17596) - moby/moby#39994 homedir: add cgo or osusergo buildtag constraints for unix. This is to ensure that users of the homedir package cannot compile statically (`CGO_ENABLED=0`) without also setting the `osusergo` build tag. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
4 tasks
thaJeztah
added a commit
to thaJeztah/cli
that referenced
this pull request
Oct 24, 2019
full diff: moby/moby@b6684a4...a30990b relevant changes: - moby/moby#39995 Update containerd binary to v1.2.10 - moby/moby#40001 Update runc to v1.0.0-rc8-92-g84373aaa (CVE-2019-16884) - moby/moby#39999 bump golang 1.13.1 (CVE-2019-16276) - moby/moby#40102 bump golang 1.13.3 (CVE-2019-17596) - moby/moby#39994 homedir: add cgo or osusergo buildtag constraints for unix. This is to ensure that users of the homedir package cannot compile statically (`CGO_ENABLED=0`) without also setting the `osusergo` build tag. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
3 tasks
thaJeztah
added a commit
to thaJeztah/cli
that referenced
this pull request
Oct 24, 2019
full diff: moby/moby@b6684a4...a30990b relevant changes: - moby/moby#39995 Update containerd binary to v1.2.10 - moby/moby#40001 Update runc to v1.0.0-rc8-92-g84373aaa (CVE-2019-16884) - moby/moby#39999 bump golang 1.13.1 (CVE-2019-16276) - moby/moby#40102 bump golang 1.13.3 (CVE-2019-17596) - moby/moby#39994 homedir: add cgo or osusergo buildtag constraints for unix. This is to ensure that users of the homedir package cannot compile statically (`CGO_ENABLED=0`) without also setting the `osusergo` build tag. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
thaJeztah
added a commit
to thaJeztah/cli
that referenced
this pull request
Oct 24, 2019
full diff: moby/moby@b6684a4...a30990b relevant changes: - moby/moby#39995 Update containerd binary to v1.2.10 - moby/moby#40001 Update runc to v1.0.0-rc8-92-g84373aaa (CVE-2019-16884) - moby/moby#39999 bump golang 1.13.1 (CVE-2019-16276) - moby/moby#40102 bump golang 1.13.3 (CVE-2019-17596) - moby/moby#39994 homedir: add cgo or osusergo buildtag constraints for unix. This is to ensure that users of the homedir package cannot compile statically (`CGO_ENABLED=0`) without also setting the `osusergo` build tag. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
thaJeztah
added a commit
to thaJeztah/cli
that referenced
this pull request
Oct 24, 2019
full diff: moby/moby@b6684a4...a30990b relevant changes: - moby/moby#39995 Update containerd binary to v1.2.10 - moby/moby#40001 Update runc to v1.0.0-rc8-92-g84373aaa (CVE-2019-16884) - moby/moby#39999 bump golang 1.13.1 (CVE-2019-16276) - moby/moby#40102 bump golang 1.13.3 (CVE-2019-17596) - moby/moby#39994 homedir: add cgo or osusergo buildtag constraints for unix. This is to ensure that users of the homedir package cannot compile statically (`CGO_ENABLED=0`) without also setting the `osusergo` build tag. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
thaJeztah
added a commit
to thaJeztah/cli
that referenced
this pull request
Oct 24, 2019
full diff: moby/moby@b6684a4...a30990b relevant changes: - moby/moby#39995 Update containerd binary to v1.2.10 - moby/moby#40001 Update runc to v1.0.0-rc8-92-g84373aaa (CVE-2019-16884) - moby/moby#39999 bump golang 1.13.1 (CVE-2019-16276) - moby/moby#40102 bump golang 1.13.3 (CVE-2019-17596) - moby/moby#39994 homedir: add cgo or osusergo buildtag constraints for unix. This is to ensure that users of the homedir package cannot compile statically (`CGO_ENABLED=0`) without also setting the `osusergo` build tag. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
thaJeztah
added a commit
to thaJeztah/cli
that referenced
this pull request
Oct 24, 2019
full diff: moby/moby@b6684a4...a30990b relevant changes: - moby/moby#39995 Update containerd binary to v1.2.10 - moby/moby#40001 Update runc to v1.0.0-rc8-92-g84373aaa (CVE-2019-16884) - moby/moby#39999 bump golang 1.13.1 (CVE-2019-16276) - moby/moby#40102 bump golang 1.13.3 (CVE-2019-17596) - moby/moby#39994 homedir: add cgo or osusergo buildtag constraints for unix. This is to ensure that users of the homedir package cannot compile statically (`CGO_ENABLED=0`) without also setting the `osusergo` build tag. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
thaJeztah
added a commit
to thaJeztah/cli
that referenced
this pull request
Oct 24, 2019
full diff: moby/moby@b6684a4...a30990b relevant changes: - moby/moby#39995 Update containerd binary to v1.2.10 - moby/moby#40001 Update runc to v1.0.0-rc8-92-g84373aaa (CVE-2019-16884) - moby/moby#39999 bump golang 1.13.1 (CVE-2019-16276) - moby/moby#40102 bump golang 1.13.3 (CVE-2019-17596) - moby/moby#39994 homedir: add cgo or osusergo buildtag constraints for unix. This is to ensure that users of the homedir package cannot compile statically (`CGO_ENABLED=0`) without also setting the `osusergo` build tag. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
thaJeztah
added a commit
to thaJeztah/cli
that referenced
this pull request
Oct 24, 2019
full diff: moby/moby@b6684a4...a30990b relevant changes: - moby/moby#39995 Update containerd binary to v1.2.10 - moby/moby#40001 Update runc to v1.0.0-rc8-92-g84373aaa (CVE-2019-16884) - moby/moby#39999 bump golang 1.13.1 (CVE-2019-16276) - moby/moby#40102 bump golang 1.13.3 (CVE-2019-17596) - moby/moby#39994 homedir: add cgo or osusergo buildtag constraints for unix. This is to ensure that users of the homedir package cannot compile statically (`CGO_ENABLED=0`) without also setting the `osusergo` build tag. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
thaJeztah
added a commit
to thaJeztah/cli
that referenced
this pull request
Oct 24, 2019
full diff: moby/moby@b6684a4...a30990b relevant changes: - moby/moby#39995 Update containerd binary to v1.2.10 - moby/moby#40001 Update runc to v1.0.0-rc8-92-g84373aaa (CVE-2019-16884) - moby/moby#39999 bump golang 1.13.1 (CVE-2019-16276) - moby/moby#40102 bump golang 1.13.3 (CVE-2019-17596) - moby/moby#39994 homedir: add cgo or osusergo buildtag constraints for unix. This is to ensure that users of the homedir package cannot compile statically (`CGO_ENABLED=0`) without also setting the `osusergo` build tag. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
thaJeztah
added a commit
to thaJeztah/cli
that referenced
this pull request
Oct 24, 2019
full diff: moby/moby@b6684a4...a30990b relevant changes: - moby/moby#39995 Update containerd binary to v1.2.10 - moby/moby#40001 Update runc to v1.0.0-rc8-92-g84373aaa (CVE-2019-16884) - moby/moby#39999 bump golang 1.13.1 (CVE-2019-16276) - moby/moby#40102 bump golang 1.13.3 (CVE-2019-17596) - moby/moby#39994 homedir: add cgo or osusergo buildtag constraints for unix. This is to ensure that users of the homedir package cannot compile statically (`CGO_ENABLED=0`) without also setting the `osusergo` build tag. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
thaJeztah
added a commit
to thaJeztah/cli
that referenced
this pull request
Oct 24, 2019
full diff: moby/moby@b6684a4...a30990b relevant changes: - moby/moby#39995 Update containerd binary to v1.2.10 - moby/moby#40001 Update runc to v1.0.0-rc8-92-g84373aaa (CVE-2019-16884) - moby/moby#39999 bump golang 1.13.1 (CVE-2019-16276) - moby/moby#40102 bump golang 1.13.3 (CVE-2019-17596) - moby/moby#39994 homedir: add cgo or osusergo buildtag constraints for unix. This is to ensure that users of the homedir package cannot compile statically (`CGO_ENABLED=0`) without also setting the `osusergo` build tag. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
thaJeztah
added a commit
to thaJeztah/cli
that referenced
this pull request
Oct 24, 2019
full diff: moby/moby@b6684a4...a30990b relevant changes: - moby/moby#39995 Update containerd binary to v1.2.10 - moby/moby#40001 Update runc to v1.0.0-rc8-92-g84373aaa (CVE-2019-16884) - moby/moby#39999 bump golang 1.13.1 (CVE-2019-16276) - moby/moby#40102 bump golang 1.13.3 (CVE-2019-17596) - moby/moby#39994 homedir: add cgo or osusergo buildtag constraints for unix. This is to ensure that users of the homedir package cannot compile statically (`CGO_ENABLED=0`) without also setting the `osusergo` build tag. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
thaJeztah
added a commit
to thaJeztah/cli
that referenced
this pull request
Oct 24, 2019
When building a static binary, the osusergo build-tag should be used so that a pure go implementation of the `os/user` package is used. relates to: - golang/go#23265 os/user: add build tags to select cgo-vs-go implementation, like net package - golang/go@62f0127 - golang/go#24787 os/user: LookupId panics on Linux+glibc static build - golang/go#26492 cmd/go: build: add -static flag - golang/go#12058 cmd/go: #cgo pkg-config: add conditional --static flag to pkg-config - moby/moby#39994 homedir: add cgo or osusergo buildtag constraints for unix Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
thaJeztah
added a commit
to thaJeztah/cli
that referenced
this pull request
Oct 24, 2019
When building a static binary, the osusergo build-tag should be used so that a pure go implementation of the `os/user` package is used. relates to: - golang/go#23265 os/user: add build tags to select cgo-vs-go implementation, like net package - golang/go@62f0127 - golang/go#24787 os/user: LookupId panics on Linux+glibc static build - golang/go#26492 cmd/go: build: add -static flag - golang/go#12058 cmd/go: #cgo pkg-config: add conditional --static flag to pkg-config - moby/moby#39994 homedir: add cgo or osusergo buildtag constraints for unix Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
thaJeztah
added a commit
to thaJeztah/cli
that referenced
this pull request
Oct 24, 2019
full diff: moby/moby@b6684a4...a30990b relevant changes: - moby/moby#39995 Update containerd binary to v1.2.10 - moby/moby#40001 Update runc to v1.0.0-rc8-92-g84373aaa (CVE-2019-16884) - moby/moby#39999 bump golang 1.13.1 (CVE-2019-16276) - moby/moby#40102 bump golang 1.13.3 (CVE-2019-17596) - moby/moby#39994 homedir: add cgo or osusergo buildtag constraints for unix. This is to ensure that users of the homedir package cannot compile statically (`CGO_ENABLED=0`) without also setting the `osusergo` build tag. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
thaJeztah
added a commit
to thaJeztah/cli
that referenced
this pull request
Oct 25, 2019
full diff: moby/moby@b6684a4...a30990b relevant changes: - moby/moby#39995 Update containerd binary to v1.2.10 - moby/moby#40001 Update runc to v1.0.0-rc8-92-g84373aaa (CVE-2019-16884) - moby/moby#39999 bump golang 1.13.1 (CVE-2019-16276) - moby/moby#40102 bump golang 1.13.3 (CVE-2019-17596) - moby/moby#39994 homedir: add cgo or osusergo buildtag constraints for unix. This is to ensure that users of the homedir package cannot compile statically (`CGO_ENABLED=0`) without also setting the `osusergo` build tag. - moby/moby#39983 builder: remove legacy build's session handling This feature was used by docker build --stream and it was kept experimental. Users of this endpoint should enable BuildKit anyway by setting Version to BuilderBuildKit. - Related: docker#2105 build: remove --stream (was experimental) - moby/moby #40045 Bump logrus 1.4.2, go-shellwords, mergo, flock, creack/pty, golang/gddo, gorilla/mux - moby/moby#39713 bump containerd and dependencies to v1.3.0 - moby/moby#39987 Add ability to handle index acknowledgment with splunk log driver - moby/moby#40070 Use ocischema package instead of custom handler - relates to moby/moby#39727 Docker 19.03 doesn't support OCI image - relates to docker/hub-feedback#1871 - relates to distribution/distribution#3024 - moby/moby#39231 Add support for sending down service Running and Desired task counts - moby/moby#39822 daemon: Use short libnetwork ID in exec-root Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
thaJeztah
added a commit
to thaJeztah/cli
that referenced
this pull request
Oct 26, 2019
full diff: moby/moby@b6684a4...a09e6e3 relevant changes: - moby/moby#39995 Update containerd binary to v1.2.10 - moby/moby#40001 Update runc to v1.0.0-rc8-92-g84373aaa (CVE-2019-16884) - moby/moby#39999 bump golang 1.13.1 (CVE-2019-16276) - moby/moby#40102 bump golang 1.13.3 (CVE-2019-17596) - moby/moby#40134 Revert "homedir: add cgo or osusergo buildtag constraints for unix" - reverts moby/moby#39994 homedir: add cgo or osusergo buildtag constraints for unix, in favor of documenting when to set the `osusergo` build tag. The `osusergo` build-flag must be used when compiling a static binary with `cgo` enabled, and linking against `glibc`. - moby/moby#39983 builder: remove legacy build's session handling This feature was used by docker build --stream and it was kept experimental. Users of this endpoint should enable BuildKit anyway by setting Version to BuilderBuildKit. - Related: docker#2105 build: remove --stream (was experimental) - moby/moby #40045 Bump logrus 1.4.2, go-shellwords, mergo, flock, creack/pty, golang/gddo, gorilla/mux - moby/moby#39713 bump containerd and dependencies to v1.3.0 - moby/moby#39987 Add ability to handle index acknowledgment with splunk log driver - moby/moby#40070 Use ocischema package instead of custom handler - relates to moby/moby#39727 Docker 19.03 doesn't support OCI image - relates to docker/hub-feedback#1871 - relates to distribution/distribution#3024 - moby/moby#39231 Add support for sending down service Running and Desired task counts - moby/moby#39822 daemon: Use short libnetwork ID in exec-root - moby/moby#39100 Use Microsoft/hcsshim constants and deprecate pkg/system.GetOsVersion() - updates/requires Microsoft/hscshim@2226e083fc390003ae5aa8325c3c92789afa0e7a Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
thaJeztah
added a commit
to thaJeztah/cli
that referenced
this pull request
Oct 26, 2019
full diff: moby/moby@b6684a4...a09e6e3 relevant changes: - moby/moby#39995 Update containerd binary to v1.2.10 - moby/moby#40001 Update runc to v1.0.0-rc8-92-g84373aaa (CVE-2019-16884) - moby/moby#39999 bump golang 1.13.1 (CVE-2019-16276) - moby/moby#40102 bump golang 1.13.3 (CVE-2019-17596) - moby/moby#40134 Revert "homedir: add cgo or osusergo buildtag constraints for unix" - reverts moby/moby#39994 homedir: add cgo or osusergo buildtag constraints for unix, in favor of documenting when to set the `osusergo` build tag. The `osusergo` build-flag must be used when compiling a static binary with `cgo` enabled, and linking against `glibc`. - moby/moby#39983 builder: remove legacy build's session handling This feature was used by docker build --stream and it was kept experimental. Users of this endpoint should enable BuildKit anyway by setting Version to BuilderBuildKit. - Related: docker#2105 build: remove --stream (was experimental) - moby/moby #40045 Bump logrus 1.4.2, go-shellwords, mergo, flock, creack/pty, golang/gddo, gorilla/mux - moby/moby#39713 bump containerd and dependencies to v1.3.0 - moby/moby#39987 Add ability to handle index acknowledgment with splunk log driver - moby/moby#40070 Use ocischema package instead of custom handler - relates to moby/moby#39727 Docker 19.03 doesn't support OCI image - relates to docker/hub-feedback#1871 - relates to distribution/distribution#3024 - moby/moby#39231 Add support for sending down service Running and Desired task counts - moby/moby#39822 daemon: Use short libnetwork ID in exec-root - moby/moby#39100 Use Microsoft/hcsshim constants and deprecate pkg/system.GetOsVersion() - updates/requires Microsoft/hscshim@2226e083fc390003ae5aa8325c3c92789afa0e7a Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
docker-jenkins
pushed a commit
to docker-archive/docker-ce
that referenced
this pull request
Oct 28, 2019
full diff: moby/moby@b6684a4...a09e6e3 relevant changes: - moby/moby#39995 Update containerd binary to v1.2.10 - moby/moby#40001 Update runc to v1.0.0-rc8-92-g84373aaa (CVE-2019-16884) - moby/moby#39999 bump golang 1.13.1 (CVE-2019-16276) - moby/moby#40102 bump golang 1.13.3 (CVE-2019-17596) - moby/moby#40134 Revert "homedir: add cgo or osusergo buildtag constraints for unix" - reverts moby/moby#39994 homedir: add cgo or osusergo buildtag constraints for unix, in favor of documenting when to set the `osusergo` build tag. The `osusergo` build-flag must be used when compiling a static binary with `cgo` enabled, and linking against `glibc`. - moby/moby#39983 builder: remove legacy build's session handling This feature was used by docker build --stream and it was kept experimental. Users of this endpoint should enable BuildKit anyway by setting Version to BuilderBuildKit. - Related: #2105 build: remove --stream (was experimental) - moby/moby #40045 Bump logrus 1.4.2, go-shellwords, mergo, flock, creack/pty, golang/gddo, gorilla/mux - moby/moby#39713 bump containerd and dependencies to v1.3.0 - moby/moby#39987 Add ability to handle index acknowledgment with splunk log driver - moby/moby#40070 Use ocischema package instead of custom handler - relates to moby/moby#39727 Docker 19.03 doesn't support OCI image - relates to docker/hub-feedback#1871 - relates to distribution/distribution#3024 - moby/moby#39231 Add support for sending down service Running and Desired task counts - moby/moby#39822 daemon: Use short libnetwork ID in exec-root - moby/moby#39100 Use Microsoft/hcsshim constants and deprecate pkg/system.GetOsVersion() - updates/requires Microsoft/hscshim@2226e083fc390003ae5aa8325c3c92789afa0e7a Signed-off-by: Sebastiaan van Stijn <github@gone.nl> Upstream-commit: 7f6cd64335dc631efaa8204c01f92aa40939073a Component: cli
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is to ensure that users of the homedir package cannot
compile statically (CGO_ENABLED=0) without also setting the osusergo
build tag.
Signed-off-by: Tibor Vass tibor@docker.com