seccomp support for debian jessie

Based on jessie-backports. Signed-off-by: Boris Pruessmann <boris@pruessmann.org>
moby · Mar 8, 2017 · fcadb77 · fcadb77
1 parent 2ca57fe
commit fcadb77
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 12 deletions.
diff --git a/contrib/builder/deb/aarch64/debian-jessie/Dockerfile b/contrib/builder/deb/aarch64/debian-jessie/Dockerfile
@@ -5,7 +5,7 @@
 FROM aarch64/debian:jessie
 
 RUN echo deb http://ftp.debian.org/debian jessie-backports main > /etc/apt/sources.list.d/backports.list
-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev pkg-config vim-common libsystemd-journal-dev golang-1.6-go --no-install-recommends && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev pkg-config vim-common libsystemd-journal-dev golang-1.6-go libseccomp-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
 
 RUN update-alternatives --install /usr/bin/go go /usr/lib/go-1.6/bin/go 100
 
@@ -21,5 +21,5 @@ ENV PATH /usr/src/go/bin:$PATH
 
 ENV AUTO_GOPATH 1
 
-ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux
-ENV RUNC_BUILDTAGS apparmor selinux
+ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux seccomp
+ENV RUNC_BUILDTAGS apparmor selinux seccomp
diff --git a/contrib/builder/deb/aarch64/generate.sh b/contrib/builder/deb/aarch64/generate.sh
@@ -61,17 +61,28 @@ for version in "${versions[@]}"; do
 	)
 
 	case "$suite" in
-		jessie|trusty)
+		trusty)
 			packages+=( libsystemd-journal-dev )
 			# aarch64 doesn't have an official downloadable binary for go.
 			# And gccgo for trusty only includes Go 1.2 implementation which
 			# is too old to build current go source, fortunately trusty has
 			# golang-1.6-go package can be used as bootstrap.
 			packages+=( golang-1.6-go )
 			;;
+		jessie)
+			packages+=( libsystemd-journal-dev )
+			# aarch64 doesn't have an official downloadable binary for go.
+			# And gccgo for jessie only includes Go 1.2 implementation which
+			# is too old to build current go source, fortunately jessie backports
+			# has golang-1.6-go package can be used as bootstrap.
+			packages+=( golang-1.6-go libseccomp-dev )
+
+			dockerBuildTags="$dockerBuildTags seccomp"
+			runcBuildTags="$runcBuildTags seccomp"
+			;;
 		stretch|xenial)
 			packages+=( libsystemd-dev )
-			packages+=( golang-go libseccomp-dev)
+			packages+=( golang-go libseccomp-dev )
 
 			dockerBuildTags="$dockerBuildTags seccomp"
 			runcBuildTags="$runcBuildTags seccomp"
@@ -83,13 +94,13 @@ for version in "${versions[@]}"; do
 			;;
 	esac
 
-    case "$suite" in
-        jessie)
-            echo 'RUN echo deb http://ftp.debian.org/debian jessie-backports main > /etc/apt/sources.list.d/backports.list' >> "$version/Dockerfile"
-            ;;
-        *)
-            ;;
-    esac
+	case "$suite" in
+		jessie)
+			echo 'RUN echo deb http://ftp.debian.org/debian jessie-backports main > /etc/apt/sources.list.d/backports.list' >> "$version/Dockerfile"
+			;;
+		*)
+			;;
+	esac
 
 	# update and install packages
 	echo "RUN apt-get update && apt-get install -y ${packages[*]} --no-install-recommends && rm -rf /var/lib/apt/lists/*" >> "$version/Dockerfile"