mirror of
https://github.com/opencontainers/runc.git
synced 2026-07-10 21:53:57 +08:00
ed6b1693b8
Due to the sensitive nature of these fixes, it was not possible to submit these upstream and vendor the upstream library. Instead, this patch uses a fork of github.com/opencontainers/selinux, branched at commit opencontainers/selinux@879a755db5. In order to permit downstreams to build with this patched version, a snapshot of the forked version has been included in internal/third_party/selinux. Note that since we use "go mod vendor", the patched code is usable even without being "go get"-able. Once the embargo for this issue is lifted we can submit the patches upstream and switch back to a proper upstream go.mod entry. Also, this requires us to temporarily disable the CI job we have that disallows "replace" directives. Fixes: GHSA-cgrx-mc8f-2prm CVE-2025-52881 Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
38 lines
636 B
Makefile
38 lines
636 B
Makefile
GO ?= go
|
|
|
|
all: build build-cross
|
|
|
|
define go-build
|
|
GOOS=$(1) GOARCH=$(2) $(GO) build ${BUILDFLAGS} ./...
|
|
endef
|
|
|
|
.PHONY: build
|
|
build:
|
|
$(call go-build,linux,amd64)
|
|
|
|
.PHONY: build-cross
|
|
build-cross:
|
|
$(call go-build,linux,386)
|
|
$(call go-build,linux,arm)
|
|
$(call go-build,linux,arm64)
|
|
$(call go-build,linux,ppc64le)
|
|
$(call go-build,linux,s390x)
|
|
$(call go-build,linux,mips64le)
|
|
$(call go-build,linux,riscv64)
|
|
$(call go-build,windows,amd64)
|
|
$(call go-build,windows,386)
|
|
|
|
|
|
.PHONY: test
|
|
test:
|
|
$(GO) test -timeout 3m ${TESTFLAGS} -v ./...
|
|
|
|
.PHONY: lint
|
|
lint:
|
|
golangci-lint run
|
|
|
|
.PHONY: vendor
|
|
vendor:
|
|
$(GO) mod tidy
|
|
$(GO) mod verify
|