Yocto 2.5

Move OpenBMC to Yocto 2.5(sumo)

Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Change-Id: I5c5ad6904a16e14c1c397f0baf10c9d465594a78
diff --git a/import-layers/meta-virtualization/recipes-containers/containerd/containerd-opencontainers_git.bb b/import-layers/meta-virtualization/recipes-containers/containerd/containerd-opencontainers_git.bb
index 37f8547..c6b4f5e 100644
--- a/import-layers/meta-virtualization/recipes-containers/containerd/containerd-opencontainers_git.bb
+++ b/import-layers/meta-virtualization/recipes-containers/containerd/containerd-opencontainers_git.bb
@@ -1,9 +1,11 @@
+SRCREV = "cfd04396dc68220d1cecbe686a6cc3aa5ce3667c"
+SRC_URI = "git://github.com/containerd/containerd;nobranch=1 \
+           file://0001-build-use-oe-provided-GO-and-flags.patch \
+          "
+
 include containerd.inc
 
-SRCREV = "0ac3cd1be170d180b2baed755e8f0da547ceb267"
-SRC_URI = "git://github.com/docker/containerd.git;nobranch=1 \
-          "
-CONTAINERD_VERSION = "0.2.2"
+CONTAINERD_VERSION = "v1.0.2"
 
 PROVIDES += "virtual/containerd"
 RPROVIDES_${PN} = "virtual/containerd"
diff --git a/import-layers/meta-virtualization/recipes-containers/containerd/containerd.inc b/import-layers/meta-virtualization/recipes-containers/containerd/containerd.inc
index e7a3719..eb47cc9 100644
--- a/import-layers/meta-virtualization/recipes-containers/containerd/containerd.inc
+++ b/import-layers/meta-virtualization/recipes-containers/containerd/containerd.inc
@@ -6,7 +6,7 @@
 
 # Apache-2.0 for containerd
 LICENSE = "Apache-2.0"
-LIC_FILES_CHKSUM = "file://LICENSE.code;md5=aadc30f9c14d876ded7bedc0afd2d3d7"
+LIC_FILES_CHKSUM = "file://src/import/LICENSE.code;md5=aadc30f9c14d876ded7bedc0afd2d3d7"
 
 SRC_URI += "file://containerd.service"
 
@@ -17,6 +17,8 @@
 inherit go
 inherit goarch
 
+GO_IMPORT = "import"
+
 RRECOMMENDS_${PN} = "lxc docker"
 CONTAINERD_PKG="github.com/containerd/containerd"
 
@@ -25,30 +27,37 @@
 do_configure[noexec] = "1"
 
 do_compile() {
-	# Set GOPATH. See 'PACKAGERS.md'. Don't rely on
-	# docker to download its dependencies but rather
-	# use dependencies packaged independently.
-	cd ${S}
-	rm -rf .gopath
-	mkdir -p .gopath/src/"$(dirname "${CONTAINERD_PKG}")"
-	ln -sf ../../../.. .gopath/src/"${CONTAINERD_PKG}"
+    export GOARCH="${TARGET_GOARCH}"
 
-        export GOPATH="${WORKDIR}/git/"
-        export GOROOT="${STAGING_LIBDIR_NATIVE}/${TARGET_SYS}/go"
+    # link fixups for compilation
+    rm -f ${S}/src/import/vendor/src
+    ln -sf ./ ${S}/src/import/vendor/src
 
-	# Pass the needed cflags/ldflags so that cgo
-	# can find the needed headers files and libraries
-	export GOARCH="${TARGET_GOARCH}"
-	export CGO_ENABLED="1"
-	export CFLAGS=""
-	export LDFLAGS=""
-	export CGO_CFLAGS="${BUILDSDK_CFLAGS} --sysroot=${STAGING_DIR_TARGET}"
-	export CGO_LDFLAGS="${BUILDSDK_LDFLAGS} --sysroot=${STAGING_DIR_TARGET}"
-        export GO_GCFLAGS=""
-	export CC_FOR_TARGET="${TARGET_PREFIX}gcc ${TARGET_CC_ARCH} --sysroot=${STAGING_DIR_TARGET}"
-	export CXX_FOR_TARGET="${TARGET_PREFIX}g++ ${TARGET_CC_ARCH} --sysroot=${STAGING_DIR_TARGET}"
+    mkdir -p ${S}/src/import/vendor/src/github.com/containerd/containerd/
+    # without this, the stress test parts of the build fail
+    cp ${S}/src/import/*.go ${S}/src/import/vendor/src/github.com/containerd/containerd
 
-        oe_runmake static
+    for c in content errdefs fs images mount snapshots linux api runtimes defaults progress \
+		     protobuf reference diff platforms runtime remotes version archive dialer gc metadata \
+		     metrics filters identifiers labels leases plugin server services \
+		     cmd cio containers namespaces oci events log reaper sys rootfs; do
+	ln -sfn ${S}/src/import/${c} ${S}/src/import/vendor/github.com/containerd/containerd/${c}
+    done
+
+    export GOPATH="${S}/src/import/.gopath:${S}/src/import/vendor:${STAGING_DIR_TARGET}/${prefix}/local/go"
+    export GOROOT="${STAGING_DIR_NATIVE}/${nonarch_libdir}/${HOST_SYS}/go"
+
+    # Pass the needed cflags/ldflags so that cgo
+    # can find the needed headers files and libraries
+    export CGO_ENABLED="1"
+    export CGO_CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_TARGET}"
+    export CGO_LDFLAGS="${LDFLAGS} --sysroot=${STAGING_DIR_TARGET}"
+    export BUILDTAGS="no_btrfs static_build netgo"
+    export CFLAGS="${CFLAGS}"
+    export LDFLAGS="${LDFLAGS}"
+
+    cd ${S}/src/import
+    oe_runmake binaries
 }
 
 # Note: disabled for now, since docker is launching containerd
@@ -59,9 +68,9 @@
 do_install() {
 	mkdir -p ${D}/${bindir}
 
-	cp ${S}/bin/containerd ${D}/${bindir}/containerd
-	cp ${S}/bin/containerd-shim ${D}/${bindir}/containerd-shim
-        cp ${S}/bin/ctr ${D}/${bindir}/containerd-ctr
+	cp ${S}/src/import/bin/containerd ${D}/${bindir}/containerd
+	cp ${S}/src/import/bin/containerd-shim ${D}/${bindir}/containerd-shim
+	cp ${S}/src/import/bin/ctr ${D}/${bindir}/containerd-ctr
 	
 	ln -sf containerd ${D}/${bindir}/docker-containerd
 	ln -sf containerd-shim ${D}/${bindir}/docker-containerd-shim
@@ -78,3 +87,4 @@
 FILES_${PN} += "${systemd_system_unitdir}/*"
 
 INHIBIT_PACKAGE_STRIP = "1"
+INSANE_SKIP_${PN} += "ldflags already-stripped"
diff --git a/import-layers/meta-virtualization/recipes-containers/containerd/files/0001-build-use-oe-provided-GO-and-flags.patch b/import-layers/meta-virtualization/recipes-containers/containerd/files/0001-build-use-oe-provided-GO-and-flags.patch
new file mode 100644
index 0000000..75a984b
--- /dev/null
+++ b/import-layers/meta-virtualization/recipes-containers/containerd/files/0001-build-use-oe-provided-GO-and-flags.patch
@@ -0,0 +1,26 @@
+From e31acef290181434efaf47e70db7ad0d92dbe300 Mon Sep 17 00:00:00 2001
+From: Bruce Ashfield <bruce.ashfield@windriver.com>
+Date: Thu, 19 Apr 2018 17:09:51 -0400
+Subject: [PATCH] build: use oe provided GO and flags
+
+Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
+---
+ Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/import/Makefile b/src/import/Makefile
+index 9d8cf8a18fbc..492d033fe2a7 100644
+--- a/src/import/Makefile
++++ b/src/import/Makefile
+@@ -134,7 +134,7 @@ bin/%: cmd/% FORCE
+ 
+ bin/containerd-shim: cmd/containerd-shim FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220
+ 	@echo "$(WHALE) bin/containerd-shim"
+-	@CGO_ENABLED=0 go build -o bin/containerd-shim ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim
++	@$(GO) build -o bin/containerd-shim ${SHIM_GO_LDFLAGS} $(GOBUILDFLAGS) ${GO_TAGS} ./cmd/containerd-shim
+ 
+ binaries: $(BINARIES) ## build binaries
+ 	@echo "$(WHALE) $@"
+-- 
+2.4.0.53.g8440f74
+
diff --git a/import-layers/meta-virtualization/recipes-containers/criu/criu_git.bb b/import-layers/meta-virtualization/recipes-containers/criu/criu_git.bb
index 3a02103..7d62f35 100644
--- a/import-layers/meta-virtualization/recipes-containers/criu/criu_git.bb
+++ b/import-layers/meta-virtualization/recipes-containers/criu/criu_git.bb
@@ -21,6 +21,7 @@
            file://0002-criu-Skip-documentation-install.patch \
            file://0001-criu-Change-libraries-install-directory.patch \
            file://lib-Makefile-overwrite-install-lib-to-allow-multiarc.patch \
+           file://fix-building-on-newest-glibc-and-kernel.patch \
           "
 
 COMPATIBLE_HOST = "(x86_64|arm|aarch64).*-linux"
@@ -57,6 +58,8 @@
 PACKAGECONFIG ??= ""
 PACKAGECONFIG[selinux] = ",,libselinux"
 
+CLEANBROKEN = "1"
+
 do_compile_prepend() {
     rm -rf ${S}/images/google/protobuf/descriptor.proto
     ln -s  ${PKG_CONFIG_SYSROOT_DIR}/usr/include/google/protobuf/descriptor.proto ${S}/images/google/protobuf/descriptor.proto
diff --git a/import-layers/meta-virtualization/recipes-containers/criu/files/0001-criu-Change-libraries-install-directory.patch b/import-layers/meta-virtualization/recipes-containers/criu/files/0001-criu-Change-libraries-install-directory.patch
index 4908e47..afb1332 100644
--- a/import-layers/meta-virtualization/recipes-containers/criu/files/0001-criu-Change-libraries-install-directory.patch
+++ b/import-layers/meta-virtualization/recipes-containers/criu/files/0001-criu-Change-libraries-install-directory.patch
@@ -1,4 +1,4 @@
-From 78390305829316633acee2ca5607331b0e37a104 Mon Sep 17 00:00:00 2001
+From f64fbca70e6049dad3c404d871f2383d97725d2d Mon Sep 17 00:00:00 2001
 From: Mark Asselstine <mark.asselstine@windriver.com>
 Date: Fri, 8 Sep 2017 15:11:31 -0400
 Subject: [PATCH] criu: Change libraries install directory
@@ -7,12 +7,13 @@
 
 Signed-off-by: Jianchuan Wang <jianchuan.wang@windriver.com>
 Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
+
 ---
  Makefile.install | 13 -------------
  1 file changed, 13 deletions(-)
 
 diff --git a/Makefile.install b/Makefile.install
-index 3987bcc..73d98a4 100644
+index 1def3cf..d020eef 100644
 --- a/Makefile.install
 +++ b/Makefile.install
 @@ -9,19 +9,6 @@ LIBEXECDIR	?= $(PREFIX)/libexec
@@ -35,6 +36,3 @@
  # LIBDIR falls back to the standard path.
  LIBDIR ?= $(PREFIX)/lib
  
--- 
-2.7.4
-
diff --git a/import-layers/meta-virtualization/recipes-containers/criu/files/0001-criu-Fix-toolchain-hardcode.patch b/import-layers/meta-virtualization/recipes-containers/criu/files/0001-criu-Fix-toolchain-hardcode.patch
index dc5b897..d1f136c 100644
--- a/import-layers/meta-virtualization/recipes-containers/criu/files/0001-criu-Fix-toolchain-hardcode.patch
+++ b/import-layers/meta-virtualization/recipes-containers/criu/files/0001-criu-Fix-toolchain-hardcode.patch
@@ -1,4 +1,4 @@
-From af679853a45fe63f680c99e70416c8ac620d23b8 Mon Sep 17 00:00:00 2001
+From c005b7a4874f55df687ff22bc425551775581421 Mon Sep 17 00:00:00 2001
 From: Mark Asselstine <mark.asselstine@windriver.com>
 Date: Fri, 8 Sep 2017 15:02:14 -0400
 Subject: [PATCH] criu: Fix toolchain hardcode
@@ -9,6 +9,7 @@
 Signed-off-by: Yang Shi <yang.shi@windriver.com>
 Signed-off-by: Jianchuan Wang <jianchuan.wang@windriver.com>
 Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
+
 ---
  Makefile                       |  2 +-
  scripts/nmk/scripts/include.mk |  2 +-
@@ -96,6 +97,3 @@
  
  export RM HOSTLD LD HOSTCC CC CPP AS AR STRIP OBJCOPY OBJDUMP
  export NM SH MAKE MKDIR AWK PERL PYTHON SH CSCOPE
--- 
-2.7.4
-
diff --git a/import-layers/meta-virtualization/recipes-containers/criu/files/0002-criu-Skip-documentation-install.patch b/import-layers/meta-virtualization/recipes-containers/criu/files/0002-criu-Skip-documentation-install.patch
index ba414d9..af45db7 100644
--- a/import-layers/meta-virtualization/recipes-containers/criu/files/0002-criu-Skip-documentation-install.patch
+++ b/import-layers/meta-virtualization/recipes-containers/criu/files/0002-criu-Skip-documentation-install.patch
@@ -1,21 +1,22 @@
-From 07d9b3d0c372e45127dd51781d9564e8bee90dbe Mon Sep 17 00:00:00 2001
+From 45d74ae8a314c481398ba91a3697ffbd074cd98b Mon Sep 17 00:00:00 2001
 From: Jianchuan Wang <jianchuan.wang@windriver.com>
 Date: Tue, 16 Aug 2016 09:42:24 +0800
-Subject: [PATCH 2/2] criu: Skip documentation install
+Subject: [PATCH] criu: Skip documentation install
 
 asciidoc is needed to generate CRIU documentation, so skip it in install.
 
 Signed-off-by: Jianchuan Wang <jianchuan.wang@windriver.com>
+
 ---
  Makefile.install | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/Makefile.install b/Makefile.install
-index a30dc96..33143fb 100644
+index 3987bcc..1def3cf 100644
 --- a/Makefile.install
 +++ b/Makefile.install
-@@ -22,7 +22,7 @@ install-tree:
- .PHONY: install-tree
+@@ -29,7 +29,7 @@ export PREFIX BINDIR SBINDIR MANDIR RUNDIR
+ export LIBDIR INCLUDEDIR LIBEXECDIR
  
  install-man:
 -	$(Q) $(MAKE) -C Documentation install
@@ -23,6 +24,3 @@
  .PHONY: install-man
  
  install-lib: lib
--- 
-2.7.4
-
diff --git a/import-layers/meta-virtualization/recipes-containers/criu/files/fix-building-on-newest-glibc-and-kernel.patch b/import-layers/meta-virtualization/recipes-containers/criu/files/fix-building-on-newest-glibc-and-kernel.patch
new file mode 100644
index 0000000..9361adc
--- /dev/null
+++ b/import-layers/meta-virtualization/recipes-containers/criu/files/fix-building-on-newest-glibc-and-kernel.patch
@@ -0,0 +1,45 @@
+From b59947007362b53e9f41f1e5a33071dedf1c59ac Mon Sep 17 00:00:00 2001
+From: Adrian Reber <areber@redhat.com>
+Date: Thu, 28 Sep 2017 09:13:33 +0000
+Subject: [PATCH] fix building on newest glibc and kernel
+
+On Fedora rawhide with kernel-headers-4.14.0-0.rc2.git0.1.fc28.x86_64
+glibc-devel-2.26.90-15.fc28.x86_64 criu does not build any more:
+
+In file included from /usr/include/linux/aio_abi.h:31:0,
+                 from criu/cr-check.c:24:
+/usr/include/sys/mount.h:35:3: error: expected identifier before numeric constant
+   MS_RDONLY = 1,  /* Mount read-only.  */
+   ^
+make[2]: *** [/builddir/build/BUILD/criu-3.5/scripts/nmk/scripts/build.mk:111: criu/cr-check.o] Error 1
+make[1]: *** [criu/Makefile:73: criu/built-in.o] Error 2
+make: *** [Makefile:233: criu] Error 2
+
+This simple re-ordering of includes fixes it for me.
+
+Signed-off-by: Adrian Reber <areber@redhat.com>
+Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
+
+Upstream-Status: Backport
+[https://github.com/checkpoint-restore/criu/commit/f41e386d4d40e3e26b0cfdc85a812b7edb337f1d#diff-cc847b1cc975358c6582595be92d48db]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+
+---
+ criu/cr-check.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/criu/cr-check.c b/criu/cr-check.c
+index 1dd887a..93df2ab 100644
+--- a/criu/cr-check.c
++++ b/criu/cr-check.c
+@@ -21,8 +21,8 @@
+ #include <netinet/in.h>
+ #include <sys/prctl.h>
+ #include <sched.h>
+-#include <linux/aio_abi.h>
+ #include <sys/mount.h>
++#include <linux/aio_abi.h>
+ 
+ #include "../soccr/soccr.h"
+ 
diff --git a/import-layers/meta-virtualization/recipes-containers/criu/files/lib-Makefile-overwrite-install-lib-to-allow-multiarc.patch b/import-layers/meta-virtualization/recipes-containers/criu/files/lib-Makefile-overwrite-install-lib-to-allow-multiarc.patch
index c2512a0..59e7bcb 100644
--- a/import-layers/meta-virtualization/recipes-containers/criu/files/lib-Makefile-overwrite-install-lib-to-allow-multiarc.patch
+++ b/import-layers/meta-virtualization/recipes-containers/criu/files/lib-Makefile-overwrite-install-lib-to-allow-multiarc.patch
@@ -1,4 +1,4 @@
-From 89f9b87904bd312b817ffaa7d83abfd5e84d723d Mon Sep 17 00:00:00 2001
+From 6caf90592d61c8c45b32cb7ff76709f9326030e2 Mon Sep 17 00:00:00 2001
 From: Mark Asselstine <mark.asselstine@windriver.com>
 Date: Fri, 8 Sep 2017 15:40:49 -0400
 Subject: [PATCH] lib/Makefile: overwrite install-lib, to allow multiarch
@@ -8,6 +8,7 @@
 INSTALL_LIB.
 
 Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
+
 ---
  lib/Makefile | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
@@ -25,6 +26,3 @@
  .PHONY: install
  
  uninstall:
--- 
-2.7.4
-
diff --git a/import-layers/meta-virtualization/recipes-containers/docker-compose/python3-docker-compose_1.16.1.bb b/import-layers/meta-virtualization/recipes-containers/docker-compose/python3-docker-compose_1.16.1.bb
index 4e761d0..851c251 100644
--- a/import-layers/meta-virtualization/recipes-containers/docker-compose/python3-docker-compose_1.16.1.bb
+++ b/import-layers/meta-virtualization/recipes-containers/docker-compose/python3-docker-compose_1.16.1.bb
@@ -19,7 +19,6 @@
   ${PYTHON_PN}-docker-pycreds \
   ${PYTHON_PN}-dockerpty \
   ${PYTHON_PN}-docopt \
-  ${PYTHON_PN}-enum \
   ${PYTHON_PN}-idna \
   ${PYTHON_PN}-jsonschema \
   ${PYTHON_PN}-pyyaml \
diff --git a/import-layers/meta-virtualization/recipes-containers/docker/docker-ce_git.bb b/import-layers/meta-virtualization/recipes-containers/docker/docker-ce_git.bb
new file mode 100644
index 0000000..0dfda5f
--- /dev/null
+++ b/import-layers/meta-virtualization/recipes-containers/docker/docker-ce_git.bb
@@ -0,0 +1,172 @@
+HOMEPAGE = "http://www.docker.com"
+SUMMARY = "Linux container runtime"
+DESCRIPTION = "Linux container runtime \
+ Docker complements kernel namespacing with a high-level API which \
+ operates at the process level. It runs unix processes with strong \
+ guarantees of isolation and repeatability across servers. \
+ . \
+ Docker is a great building block for automating distributed systems: \
+ large-scale web deployments, database clusters, continuous deployment \
+ systems, private PaaS, service-oriented architectures, etc. \
+ . \
+ This package contains the daemon and client. Using docker.io is \
+ officially supported on x86_64 and arm (32-bit) hosts. \
+ Other architectures are considered experimental. \
+ . \
+ Also, note that kernel version 3.10 or above is required for proper \
+ operation of the daemon process, and that any lower versions may have \
+ subtle and/or glaring issues. \
+ "
+
+SRCREV_docker = "0520e243029d1361649afb0706a1c5d9a1c012b8"
+SRCREV_libnetwork = "4cb38c2987c236dce03c868d99b57b1e28a4b81c"
+SRCREV_cli = "0f1bb353423e45e02315e985bd9ddebe6da18457"
+SRC_URI = "\
+	git://github.com/docker/docker-ce.git;nobranch=1;name=docker \
+	git://github.com/docker/libnetwork.git;branch=master;name=libnetwork;destsuffix=libnetwork \
+	git://github.com/docker/cli;branch=master;name=cli;destsuffix=cli \
+	file://docker.init \
+	file://hi.Dockerfile \
+	"
+
+# Apache-2.0 for docker
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://src/import/components/engine/LICENSE;md5=9740d093a080530b5c5c6573df9af45a"
+
+GO_IMPORT = "import"
+
+S = "${WORKDIR}/git"
+
+DOCKER_VERSION = "18.03.0-ce"
+PV = "${DOCKER_VERSION}+git${SRCREV_docker}"
+
+DEPENDS = " \
+    go-cli \
+    go-pty \
+    go-context \
+    go-mux \
+    go-patricia \
+    go-logrus \
+    go-fsnotify \
+    go-dbus \
+    go-capability \
+    go-systemd \
+    btrfs-tools \
+    sqlite3 \
+    go-distribution \
+    compose-file \
+    go-connections \
+    notary \
+    grpc-go \
+    libtool-native \
+    libtool \
+    "
+
+PACKAGES =+ "${PN}-contrib"
+
+DEPENDS_append_class-target = " lvm2"
+RDEPENDS_${PN} = "util-linux iptables \
+                  ${@bb.utils.contains('DISTRO_FEATURES', 'aufs', 'aufs-util', '', d)} \
+                  ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'cgroup-lite', d)} \
+                 "
+RDEPENDS_${PN} += "virtual/containerd virtual/runc"
+
+RRECOMMENDS_${PN} = "kernel-module-dm-thin-pool kernel-module-nf-nat"
+RSUGGESTS_${PN} = "lxc rt-tests"
+DOCKER_PKG="github.com/docker/docker"
+
+inherit systemd update-rc.d
+inherit go
+inherit goarch
+inherit pkgconfig
+
+do_configure[noexec] = "1"
+
+do_compile() {
+	# Set GOPATH. See 'PACKAGERS.md'. Don't rely on
+	# docker to download its dependencies but rather
+	# use dependencies packaged independently.
+	cd ${S}/src/import
+	rm -rf .gopath
+	mkdir -p .gopath/src/"$(dirname "${DOCKER_PKG}")"
+	ln -sf ../../../../components/engine/ .gopath/src/"${DOCKER_PKG}"
+
+	mkdir -p .gopath/src/github.com/docker
+	ln -sf ${WORKDIR}/libnetwork .gopath/src/github.com/docker/libnetwork
+	ln -sf ${WORKDIR}/cli .gopath/src/github.com/docker/cli
+
+	export GOPATH="${S}/src/import/.gopath:${S}/src/import/vendor:${STAGING_DIR_TARGET}/${prefix}/local/go"
+	export GOROOT="${STAGING_DIR_NATIVE}/${nonarch_libdir}/${HOST_SYS}/go"
+
+	# Pass the needed cflags/ldflags so that cgo
+	# can find the needed headers files and libraries
+	export GOARCH=${TARGET_GOARCH}
+	export CGO_ENABLED="1"
+	export CGO_CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_TARGET}"
+	export CGO_LDFLAGS="${LDFLAGS} --sysroot=${STAGING_DIR_TARGET}"
+	# in order to exclude devicemapper and btrfs - https://github.com/docker/docker/issues/14056
+	export DOCKER_BUILDTAGS='exclude_graphdriver_btrfs exclude_graphdriver_devicemapper'
+
+	export DISABLE_WARN_OUTSIDE_CONTAINER=1
+
+	cd ${S}/src/import/components/engine
+
+	# this is the unsupported built structure
+	# that doesn't rely on an existing docker
+	# to build this:
+	VERSION="${DOCKER_VERSION}" DOCKER_GITCOMMIT="${SRCREV_docker}" ./hack/make.sh dynbinary
+
+	# build the proxy
+	go build -o ${S}/src/import/docker-proxy github.com/docker/libnetwork/cmd/proxy
+
+        # build the cli
+	##go build -o ${S}/src/import/bundles/latest/dynbinary-client/docker github.com/docker/cli/cmd/docker
+	cd ${S}/src/import/.gopath/src/github.com/docker/cli
+	export CFLAGS=""
+	export LDFLAGS=""
+	export DOCKER_VERSION=${DOCKER_VERSION}
+	VERSION="${DOCKER_VERSION}" DOCKER_GITCOMMIT="${SRCREV_docker}" make dynbinary
+}
+
+SYSTEMD_PACKAGES = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${PN}','',d)}"
+SYSTEMD_SERVICE_${PN} = "${@bb.utils.contains('DISTRO_FEATURES','systemd','docker.service','',d)}"
+
+SYSTEMD_AUTO_ENABLE_${PN} = "enable"
+
+INITSCRIPT_PACKAGES += "${@bb.utils.contains('DISTRO_FEATURES','sysvinit','${PN}','',d)}"
+INITSCRIPT_NAME_${PN} = "${@bb.utils.contains('DISTRO_FEATURES','sysvinit','docker.init','',d)}"
+INITSCRIPT_PARAMS_${PN} = "defaults"
+
+do_install() {
+	mkdir -p ${D}/${bindir}
+	cp ${WORKDIR}/cli/build/docker ${D}/${bindir}/docker
+	cp ${S}/src/import/components/engine/bundles/latest/dynbinary-daemon/dockerd ${D}/${bindir}/dockerd
+	cp ${S}/src/import/docker-proxy ${D}/${bindir}/docker-proxy
+
+	if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
+		install -d ${D}${systemd_unitdir}/system
+		install -m 644 ${S}/src/import/components/engine/contrib/init/systemd/docker.* ${D}/${systemd_unitdir}/system
+		# replaces one copied from above with one that uses the local registry for a mirror
+		install -m 644 ${S}/src/import/components/engine/contrib/init/systemd/docker.service ${D}/${systemd_unitdir}/system
+	else
+		install -d ${D}${sysconfdir}/init.d
+		install -m 0755 ${WORKDIR}/docker.init ${D}${sysconfdir}/init.d/docker.init
+	fi
+
+	mkdir -p ${D}${datadir}/docker/
+	cp ${WORKDIR}/hi.Dockerfile ${D}${datadir}/docker/
+	install -m 0755 ${S}/src/import/components/engine/contrib/check-config.sh ${D}${datadir}/docker/
+}
+
+inherit useradd
+USERADD_PACKAGES = "${PN}"
+GROUPADD_PARAM_${PN} = "-r docker"
+
+FILES_${PN} += "${systemd_unitdir}/system/*"
+
+FILES_${PN}-contrib += "${datadir}/docker/check-config.sh"
+RDEPENDS_${PN}-contrib += "bash"
+
+# DO NOT STRIP docker
+INHIBIT_PACKAGE_STRIP = "1"
+INSANE_SKIP_${PN} += "ldflags"
diff --git a/import-layers/meta-virtualization/recipes-containers/docker/docker_git.bb b/import-layers/meta-virtualization/recipes-containers/docker/docker_git.bb
index 4ba5e81..e055a4f 100644
--- a/import-layers/meta-virtualization/recipes-containers/docker/docker_git.bb
+++ b/import-layers/meta-virtualization/recipes-containers/docker/docker_git.bb
@@ -18,16 +18,16 @@
  subtle and/or glaring issues. \
  "
 
-SRCREV_docker = "e639a70fbe999d96354a5bcf560231b7b8aa935c"
-SRCREV_libnetwork = "26addf43a5d925ff79d262dbbdb5344bc2b6e198"
-SRCREV_cli = "a765218f1988e85b68aa3977f34893ec7b059a60"
+SRCREV_docker = "708b068d3095c6a6be939eb2da78c921d2e945e2"
+SRCREV_libnetwork = "4cb38c2987c236dce03c868d99b57b1e28a4b81c"
+SRCREV_cli = "0f1bb353423e45e02315e985bd9ddebe6da18457"
 SRC_URI = "\
 	git://github.com/moby/moby.git;nobranch=1;name=docker \
-	git://github.com/docker/libnetwork.git;branch=master;name=libnetwork;destsuffix=libnetwork \
-	git://github.com/docker/cli;branch=master;name=cli;destsuffix=cli \
+	git://github.com/docker/libnetwork.git;branch=master;name=libnetwork;destsuffix=git/libnetwork \
+	git://github.com/docker/cli;branch=master;name=cli;destsuffix=git/cli \
 	file://docker.init \
 	file://hi.Dockerfile \
-	file://context-use-golang.org-x-net-pkg-until-we-move-to-go.patch \
+        file://0001-libnetwork-use-GO-instead-of-go.patch \
 	"
 
 # Apache-2.0 for docker
@@ -38,7 +38,7 @@
 
 S = "${WORKDIR}/git"
 
-DOCKER_VERSION = "17.06.0"
+DOCKER_VERSION = "18.03.0"
 PV = "${DOCKER_VERSION}+git${SRCREV_docker}"
 
 DEPENDS = " \
@@ -59,13 +59,15 @@
     go-connections \
     notary \
     grpc-go \
+    libtool \
     "
 
 PACKAGES =+ "${PN}-contrib"
 
 DEPENDS_append_class-target = " lvm2"
-RDEPENDS_${PN} = "curl aufs-util git util-linux iptables \
-                  ${@bb.utils.contains('DISTRO_FEATURES','systemd','','cgroup-lite',d)} \
+RDEPENDS_${PN} = "util-linux iptables \
+                  ${@bb.utils.contains('DISTRO_FEATURES', 'aufs', 'aufs-util', '', d)} \
+                  ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'cgroup-lite', d)} \
                  "
 RDEPENDS_${PN} += "virtual/containerd virtual/runc"
 
@@ -76,6 +78,7 @@
 inherit systemd update-rc.d
 inherit go
 inherit goarch
+inherit pkgconfig
 
 do_configure[noexec] = "1"
 
@@ -89,8 +92,8 @@
 	ln -sf ../../../.. .gopath/src/"${DOCKER_PKG}"
 
 	mkdir -p .gopath/src/github.com/docker
-	ln -sf ${WORKDIR}/libnetwork .gopath/src/github.com/docker/libnetwork
-	ln -sf ${WORKDIR}/cli .gopath/src/github.com/docker/cli
+	ln -sf ${WORKDIR}/git/libnetwork .gopath/src/github.com/docker/libnetwork
+	ln -sf ${WORKDIR}/git/cli .gopath/src/github.com/docker/cli
 
 	export GOPATH="${S}/src/import/.gopath:${S}/src/import/vendor:${STAGING_DIR_TARGET}/${prefix}/local/go"
 	export GOROOT="${STAGING_DIR_NATIVE}/${nonarch_libdir}/${HOST_SYS}/go"
@@ -104,17 +107,25 @@
 	# in order to exclude devicemapper and btrfs - https://github.com/docker/docker/issues/14056
 	export DOCKER_BUILDTAGS='exclude_graphdriver_btrfs exclude_graphdriver_devicemapper'
 
+	export DISABLE_WARN_OUTSIDE_CONTAINER=1
+
+	cd ${S}/src/import/
+
 	# this is the unsupported built structure
 	# that doesn't rely on an existing docker
 	# to build this:
-	DOCKER_GITCOMMIT="${SRCREV}" \
-	  ./hack/make.sh dynbinary
-
-	# build the proxy
-	go build -o ${S}/src/import/docker-proxy github.com/docker/libnetwork/cmd/proxy
+	VERSION="${DOCKER_VERSION}" DOCKER_GITCOMMIT="${SRCREV_docker}" ./hack/make.sh dynbinary
 
         # build the cli
-	go build -o ${S}/src/import/bundles/latest/dynbinary-client/docker github.com/docker/cli/cmd/docker
+	cd ${S}/src/import/.gopath/src/github.com/docker/cli
+	export CFLAGS=""
+	export LDFLAGS=""
+	export DOCKER_VERSION=${DOCKER_VERSION}
+	VERSION="${DOCKER_VERSION}" DOCKER_GITCOMMIT="${SRCREV_docker}" make dynbinary
+
+	# build the proxy
+	cd ${S}/src/import/.gopath/src/github.com/docker/libnetwork
+	oe_runmake cross-local
 }
 
 SYSTEMD_PACKAGES = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${PN}','',d)}"
@@ -128,9 +139,9 @@
 
 do_install() {
 	mkdir -p ${D}/${bindir}
-	cp ${S}/src/import/bundles/latest/dynbinary-client/docker ${D}/${bindir}/docker
+	cp ${WORKDIR}/git/cli/build/docker ${D}/${bindir}/docker
 	cp ${S}/src/import/bundles/latest/dynbinary-daemon/dockerd ${D}/${bindir}/dockerd
-	cp ${S}/src/import/docker-proxy ${D}/${bindir}/docker-proxy
+	cp ${WORKDIR}/git/libnetwork/bin/docker-proxy* ${D}/${bindir}/docker-proxy
 
 	if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
 		install -d ${D}${systemd_unitdir}/system
diff --git a/import-layers/meta-virtualization/recipes-containers/docker/files/0001-libnetwork-use-GO-instead-of-go.patch b/import-layers/meta-virtualization/recipes-containers/docker/files/0001-libnetwork-use-GO-instead-of-go.patch
new file mode 100644
index 0000000..61ddd26
--- /dev/null
+++ b/import-layers/meta-virtualization/recipes-containers/docker/files/0001-libnetwork-use-GO-instead-of-go.patch
@@ -0,0 +1,62 @@
+From 04c07804930faad708218a3134c81de06a9c742a Mon Sep 17 00:00:00 2001
+From: Bruce Ashfield <bruce.ashfield@windriver.com>
+Date: Fri, 6 Apr 2018 23:58:22 -0400
+Subject: [PATCH] libnetwork: use $(GO) instead of go
+
+Ensure that the libnetwork makefile uses the go cross flags and
+utilities.
+
+Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
+---
+ Makefile | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/libnetwork/Makefile b/libnetwork/Makefile
+index 17060bc212c7..90cc7a72ef45 100644
+--- a/libnetwork/Makefile
++++ b/libnetwork/Makefile
+@@ -26,9 +26,9 @@ build: ${build_image}.created
+ build-local:
+ 	@echo "🐳 $@"
+ 	@mkdir -p "bin"
+-	go build -tags experimental -o "bin/dnet" ./cmd/dnet
+-	go build -o "bin/docker-proxy" ./cmd/proxy
+-	GOOS=linux go build -o "./cmd/diagnostic/diagnosticClient" ./cmd/diagnostic
++	$(GO) build -tags experimental -o "bin/dnet" ./cmd/dnet
++	$(GO) build -o "bin/proxy" ./cmd/proxy
++	GOOS=linux $(GO) build -o "./cmd/diagnostic/diagnosticClient" ./cmd/diagnostic
+ 
+ clean:
+ 	@echo "🐳 $@"
+@@ -51,8 +51,8 @@ cross: ${build_image}.created
+ 
+ cross-local:
+ 	@echo "🐳 $@"
+-	go build -o "bin/dnet-$$GOOS-$$GOARCH" ./cmd/dnet
+-	go build -o "bin/docker-proxy-$$GOOS-$$GOARCH" ./cmd/proxy
++	@$(GO) build -linkshared $(GOBUILDFLAGS) -o "bin/docker-proxy-$$GOOS-$$GOARCH" ./cmd/proxy
++	@$(GO) build -linkshared $(GOBUILDFLAGS) -o "bin/dnet-$$GOOS-$$GOARCH" ./cmd/dnet
+ 
+ check: ${build_image}.created
+ 	@${docker} ./wrapmake.sh check-local
+@@ -68,7 +68,7 @@ run-tests:
+ 	if ls $$dir/*.go &> /dev/null; then \
+ 		pushd . &> /dev/null ; \
+ 		cd $$dir ; \
+-		go test ${INSIDECONTAINER} -test.parallel 5 -test.v -covermode=count -coverprofile=./profile.tmp ; \
++		$(GO) test ${INSIDECONTAINER} -test.parallel 5 -test.v -covermode=count -coverprofile=./profile.tmp ; \
+ 		ret=$$? ;\
+ 		if [ $$ret -ne 0 ]; then exit $$ret; fi ;\
+ 		popd &> /dev/null; \
+@@ -94,7 +94,7 @@ coveralls:
+ # Depends on binaries because vet will silently fail if it can not load compiled imports
+ vet: ## run go vet
+ 	@echo "🐳 $@"
+-	@test -z "$$(go vet ${PACKAGES} 2>&1 | grep -v 'constant [0-9]* not a string in call to Errorf' | egrep -v '(timestamp_test.go|duration_test.go|exit status 1)' | tee /dev/stderr)"
++	@test -z "$$($(GO) vet ${PACKAGES} 2>&1 | grep -v 'constant [0-9]* not a string in call to Errorf' | egrep -v '(timestamp_test.go|duration_test.go|exit status 1)' | tee /dev/stderr)"
+ 
+ misspell:
+ 	@echo "🐳 $@"
+-- 
+2.4.0.53.g8440f74
+
diff --git a/import-layers/meta-virtualization/recipes-containers/docker/files/context-use-golang.org-x-net-pkg-until-we-move-to-go.patch b/import-layers/meta-virtualization/recipes-containers/docker/files/context-use-golang.org-x-net-pkg-until-we-move-to-go.patch
deleted file mode 100644
index 7ed606f..0000000
--- a/import-layers/meta-virtualization/recipes-containers/docker/files/context-use-golang.org-x-net-pkg-until-we-move-to-go.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-From de69555afaf05efcdeea7b7c20c6f7b12f3e1bac Mon Sep 17 00:00:00 2001
-From: Mark Asselstine <mark.asselstine@windriver.com>
-Date: Fri, 20 Jan 2017 11:58:44 -0500
-Subject: [PATCH] context: use golang.org/x/net pkg until we move to go 1.7
-
-In go 1.6 the context.go is not yet integrated and as such we will get
-build errors like:
-
-walwrap.go:4:2: cannot find package "context" in any of:
-...
-
-Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
----
- client/README.md                                  |    2 +-
- client/client.go                                  |    2 +-
- daemon/info_unix.go                               |    2 +-
- integration-cli/docker_api_attach_test.go         |    2 +-
- integration-cli/docker_cli_save_load_unix_test.go |    2 +-
- 5 files changed, 5 insertions(+), 5 deletions(-)
-
---- a/src/import/client/README.md
-+++ b/src/import/client/README.md
-@@ -8,7 +8,7 @@ For example, to list running containers
- package main
- 
- import (
--	"context"
-+	"golang.org/x/net/context"
- 	"fmt"
- 
- 	"github.com/docker/docker/api/types"
---- a/src/import/client/client.go
-+++ b/src/import/client/client.go
-@@ -19,7 +19,7 @@ For example, to list running containers
- 	package main
- 
- 	import (
--		"context"
-+		"golang.org/x/net/context"
- 		"fmt"
- 
- 		"github.com/docker/docker/api/types"
---- a/src/import/daemon/info_unix.go
-+++ b/src/import/daemon/info_unix.go
-@@ -3,7 +3,7 @@
- package daemon
- 
- import (
--	"context"
-+	"golang.org/x/net/context"
- 	"os/exec"
- 	"strings"
- 
---- a/src/import/integration-cli/docker_api_attach_test.go
-+++ b/src/import/integration-cli/docker_api_attach_test.go
-@@ -3,7 +3,7 @@ package main
- import (
- 	"bufio"
- 	"bytes"
--	"context"
-+	"golang.org/x/net/context"
- 	"io"
- 	"net"
- 	"net/http"
---- a/src/import/integration-cli/docker_cli_save_load_unix_test.go
-+++ b/src/import/integration-cli/docker_cli_save_load_unix_test.go
-@@ -3,7 +3,7 @@
- package main
- 
- import (
--	"context"
-+	"golang.org/x/net/context"
- 	"fmt"
- 	"io/ioutil"
- 	"os"
diff --git a/import-layers/meta-virtualization/recipes-containers/kubernetes/kubernetes_git.bb b/import-layers/meta-virtualization/recipes-containers/kubernetes/kubernetes_git.bb
index 2c7161e..1677ff4 100644
--- a/import-layers/meta-virtualization/recipes-containers/kubernetes/kubernetes_git.bb
+++ b/import-layers/meta-virtualization/recipes-containers/kubernetes/kubernetes_git.bb
@@ -5,7 +5,7 @@
 maintenance, and scaling of applications. \
 "
 
-SRCREV_kubernetes = "4b839465f84e7faf876c51703aaf49b37fd10d9c"
+SRCREV_kubernetes = "fc32d2f3698e36b93322a3465f63a14e9f0eaead"
 SRC_URI = "git://github.com/kubernetes/kubernetes.git;nobranch=1;name=kubernetes \
           "
 
@@ -16,6 +16,7 @@
 PACKAGES =+ "kubeadm"
 PACKAGES =+ "kubectl"
 PACKAGES =+ "kubelet"
+PACKAGES =+ "kube-proxy"
 
 ALLOW_EMPTY_${PN} = "1"
 
@@ -27,14 +28,14 @@
                    cni"
 
 RDEPENDS_kubeadm = "kubelet kubectl"
-RDEPENDS_kubelet = "iptables socat util-linux ethtool iproute2 ebtables"
+RDEPENDS_kubelet = "iptables socat util-linux ethtool iproute2 ebtables iproute2-tc"
 
 LICENSE = "Apache-2.0"
 LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
 
 GO_IMPORT = "import"
 
-PV = "1.9.0-alpha.1+git${SRCREV_kubernetes}"
+PV = "1.10.0+git${SRCREV_kubernetes}"
 
 inherit systemd
 inherit go
@@ -90,6 +91,7 @@
 
 FILES_kubeadm = "${bindir}/kubeadm ${systemd_unitdir}/system/kubelet.service.d/*"
 FILES_kubectl = "${bindir}/kubectl"
+FILES_kube-proxy = "${bindir}/kube-proxy"
 FILES_kubelet = "${bindir}/kubelet ${systemd_unitdir}/system/kubelet.service ${sysconfdir}/kubernetes/manifests/"
 
 INHIBIT_PACKAGE_STRIP = "1"
diff --git a/import-layers/meta-virtualization/recipes-containers/lxc/files/dnsmasq.conf b/import-layers/meta-virtualization/recipes-containers/lxc/files/dnsmasq.conf
new file mode 100644
index 0000000..124f7eb
--- /dev/null
+++ b/import-layers/meta-virtualization/recipes-containers/lxc/files/dnsmasq.conf
@@ -0,0 +1,2 @@
+bind-interfaces
+except-interface=lxcbr0
diff --git a/import-layers/meta-virtualization/recipes-containers/lxc/lxc_2.0.8.bb b/import-layers/meta-virtualization/recipes-containers/lxc/lxc_2.0.8.bb
index 93d5a10..c87b875 100644
--- a/import-layers/meta-virtualization/recipes-containers/lxc/lxc_2.0.8.bb
+++ b/import-layers/meta-virtualization/recipes-containers/lxc/lxc_2.0.8.bb
@@ -6,6 +6,8 @@
 RDEPENDS_${PN} = " \
 		rsync \
 		gzip \
+		xz \
+		tar \
 		libcap-bin \
 		bridge-utils \
 		dnsmasq \
@@ -22,6 +24,9 @@
 		gnutls \
 		nettle \
 "
+
+RDEPENDS_${PN}_append_libc-glibc = " glibc-utils"
+
 RDEPENDS_${PN}-ptest += "file make gmp nettle gnutls bash"
 
 SRC_URI = "http://linuxcontainers.org/downloads/${BPN}-${PV}.tar.gz \
@@ -33,6 +38,7 @@
 	file://lxc-doc-upgrade-to-use-docbook-3.1-DTD.patch \
 	file://logs-optionally-use-base-filenames-to-report-src-fil.patch \
 	file://cgroups-work-around-issue-in-gcc-7.patch \
+	file://dnsmasq.conf \
 	"
 
 SRC_URI[md5sum] = "7bfd95280522d7936c0979dfea92cdb5"
@@ -54,14 +60,16 @@
 CFLAGS_append = " -Wno-error=deprecated-declarations"
 
 PACKAGECONFIG ??= "templates \
+    ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)} \
     ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)} \
 "
 PACKAGECONFIG[doc] = "--enable-doc --enable-api-docs,--disable-doc --disable-api-docs,,"
 PACKAGECONFIG[rpath] = "--enable-rpath,--disable-rpath,,"
-PACKAGECONFIG[apparmour] = "--enable-apparmor,--disable-apparmor,apparmor,apparmor"
+PACKAGECONFIG[apparmor] = "--enable-apparmor,--disable-apparmor,apparmor,apparmor"
 PACKAGECONFIG[templates] = ",,, ${PN}-templates"
 PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux,libselinux"
 PACKAGECONFIG[seccomp] ="--enable-seccomp,--disable-seccomp,libseccomp,libseccomp"
+PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_unitdir}/system/,--without-systemdsystemunitdir,systemd,"
 PACKAGECONFIG[python] = "--enable-python,--disable-python,python3,python3-core"
 PACKAGECONFIG[lua] = "--enable-lua,--disable-lua,lua,lua"
 
@@ -131,6 +139,11 @@
 	    if [ -d ${D}${exec_prefix}/lib/python* ]; then mv ${D}${exec_prefix}/lib/python* ${D}${libdir}/; fi
 	    rmdir --ignore-fail-on-non-empty ${D}${exec_prefix}/lib
 	fi
+
+	# Force the main dnsmasq instance to bind only to specified interfaces and
+	# to not bind to virbr0. Libvirt will run its own instance on this interface.
+	install -d ${D}/${sysconfdir}/dnsmasq.d
+	install -m 644 ${WORKDIR}/dnsmasq.conf ${D}/${sysconfdir}/dnsmasq.d/lxc
 }
 
 EXTRA_OEMAKE += "TEST_DIR=${D}${PTEST_PATH}/src/tests"
diff --git a/import-layers/meta-virtualization/recipes-containers/oci-image-tools/files/0001-config-make-Config.User-mapping-errors-a-warning.patch b/import-layers/meta-virtualization/recipes-containers/oci-image-tools/files/0001-config-make-Config.User-mapping-errors-a-warning.patch
new file mode 100644
index 0000000..78d2b9d
--- /dev/null
+++ b/import-layers/meta-virtualization/recipes-containers/oci-image-tools/files/0001-config-make-Config.User-mapping-errors-a-warning.patch
@@ -0,0 +1,30 @@
+From fbd62eff9ff2f447c2eb4634398110609fbf9d59 Mon Sep 17 00:00:00 2001
+From: Bruce Ashfield <bruce.ashfield@windriver.com>
+Date: Thu, 16 Nov 2017 23:40:17 -0500
+Subject: [PATCH] config: make Config.User mapping errors a warning
+
+Rather than throwing an error if we can't map a user to a uid,
+output a warning. We aren't actually running the code, but are
+just extracting it .. so the user not existing isn't an issue.
+
+Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
+---
+ image/config.go | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/import/image/config.go b/src/import/image/config.go
+index d28b1bc4fe5f..37dfd1f14ef7 100644
+--- a/src/import/image/config.go
++++ b/src/import/image/config.go
+@@ -106,7 +106,7 @@ func (c *config) runtimeSpec(rootfs string) (*specs.Spec, error) {
+ 		s.Process.User.UID = uint32(uid)
+ 		s.Process.User.GID = uint32(gid)
+ 	} else if c.Config.User != "" {
+-		return nil, errors.New("config.User: unsupported format")
++		fmt.Println("Warning: could not map UID for user:", c.Config.User)
+ 	}
+ 
+ 	s.Linux = &specs.Linux{}
+-- 
+2.4.0.53.g8440f74
+
diff --git a/import-layers/meta-virtualization/recipes-containers/oci-image-tools/oci-image-tools_git.bb b/import-layers/meta-virtualization/recipes-containers/oci-image-tools/oci-image-tools_git.bb
index 68d73c3..807ee26 100644
--- a/import-layers/meta-virtualization/recipes-containers/oci-image-tools/oci-image-tools_git.bb
+++ b/import-layers/meta-virtualization/recipes-containers/oci-image-tools/oci-image-tools_git.bb
@@ -14,7 +14,8 @@
 
 SRC_URI = "git://github.com/opencontainers/image-tools.git \
            file://0001-image-manifest-Recursively-remove-pre-existing-entri.patch \
-           file://0002-image-manifest-Split-unpackLayerEntry-into-its-own-f.patch"
+           file://0002-image-manifest-Split-unpackLayerEntry-into-its-own-f.patch \
+           file://0001-config-make-Config.User-mapping-errors-a-warning.patch"
 
 SRCREV = "4abe1a166f9be97e8e71b1bb4d7599cc29323011"
 PV = "0.2.0-dev+git${SRCPV}"
diff --git a/import-layers/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch b/import-layers/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch
new file mode 100644
index 0000000..753a77d
--- /dev/null
+++ b/import-layers/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch
@@ -0,0 +1,76 @@
+From f59cddcedd6535e0b809ec9b4e95672d34b41a16 Mon Sep 17 00:00:00 2001
+From: Jason Wessel <jason.wessel@windriver.com>
+Date: Tue, 14 Nov 2017 07:41:41 -0800
+Subject: [PATCH] Add additional cgroup mounts from root NS automatically
+
+Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
+---
+ src/systemdhook.c | 45 +++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 45 insertions(+)
+
+diff --git a/src/systemdhook.c b/src/systemdhook.c
+index 78575ef..f735484 100644
+--- a/src/systemdhook.c
++++ b/src/systemdhook.c
+@@ -238,6 +238,11 @@ static char *get_process_cgroup_subsystem_path(int pid, const char *subsystem) {
+ static int mount_cgroup(const char *rootfs, const char *options, char *systemd_path)
+ {
+ 	_cleanup_free_ char *cgroup_path = NULL;
++	char *spath, *dpath;
++	DIR *dir;
++	struct dirent *d;
++	char link[80];
++	int got;
+ 
+ 	if (asprintf(&cgroup_path, "%s/%s", rootfs, CGROUP_ROOT) < 0) {
+ 		pr_perror("Failed to create path for %s", CGROUP_ROOT);
+@@ -256,6 +261,46 @@ static int mount_cgroup(const char *rootfs, const char *options, char *systemd_p
+ 		pr_perror("Failed to mkdir new dest: %s", systemd_path);
+ 		return -1;
+ 	}
++	/* Create all additional cgroup mounts which are in the root namespace */
++	dir = opendir(CGROUP_ROOT);
++	if (!dir) {
++		pr_perror("Failed to open %s", CGROUP_ROOT);
++		return -1;
++	}
++	/* Skip "." and ".." */
++	readdir(dir);
++	readdir(dir);
++	while ((d = readdir(dir))) {
++		/* Systemd is already handled above */
++		if (strcmp(d->d_name, "systemd") == 0) {
++			continue;
++		}
++		if (asprintf(&spath, "%s/%s", CGROUP_ROOT, d->d_name) < 0) {
++			pr_perror("Failed to create path for %s", d->d_name);
++			return -1;
++		}
++		if (asprintf(&dpath, "%s%s/%s", rootfs, CGROUP_ROOT, d->d_name) < 0) {
++			pr_perror("Failed to create path for %s", d->d_name);
++			return -1;
++		}
++		got = readlink(spath, link, sizeof(link) - 1);
++		if (got > 0) {
++			link[got] = '\0';
++			symlink(link, dpath);
++		} else {
++			if ((makepath(dpath, 0755) == -1) && (errno != EEXIST)) {
++				pr_perror("Failed to mkdir new dest: %s", dpath);
++				return -1;
++			}
++			if (bind_mount(spath, dpath, false)) {
++				pr_perror("Failed to bind mount %s on %s", spath, dpath);
++				return -1;
++			}
++		}
++		free(spath);
++		free(dpath);
++	}
++	closedir(dir);
+ 	if (mount(cgroup_path, cgroup_path, "bind", MS_REMOUNT|MS_BIND|MS_RDONLY, "") == -1) {
+ 		pr_perror("Failed to remount %s readonly", cgroup_path);
+ 		return -1;
+-- 
+2.11.0
+
diff --git a/import-layers/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook_git.bb b/import-layers/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook_git.bb
index fc88905..e07b741 100644
--- a/import-layers/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook_git.bb
+++ b/import-layers/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook_git.bb
@@ -10,6 +10,7 @@
 SRC_URI = "git://github.com/projectatomic/oci-systemd-hook \
            file://0001-selinux-drop-selinux-support.patch \
            file://0001-configure-drop-selinux-support.patch \
+           file://0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch \
 "
 
 PV = "0.0.1+git${SRCPV}"
diff --git a/import-layers/meta-virtualization/recipes-containers/runc/runc-docker/0001-Disable-building-recvtty.patch b/import-layers/meta-virtualization/recipes-containers/runc/runc-docker/0001-Disable-building-recvtty.patch
deleted file mode 100644
index fa1f695..0000000
--- a/import-layers/meta-virtualization/recipes-containers/runc/runc-docker/0001-Disable-building-recvtty.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From aa2fc7b0eacba61175f083cc8d8adc233bcd0575 Mon Sep 17 00:00:00 2001
-From: Paul Barker <pbarker@toganlabs.com>
-Date: Thu, 12 Oct 2017 11:34:24 +0000
-Subject: [PATCH] Disable building recvtty
-
-Signed-off-by: Paul Barker <pbarker@toganlabs.com>
-Upstream-status: Inappropriate
----
- Makefile | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/Makefile b/Makefile
-index 0fcf508..24f47dc 100644
---- a/src/import/Makefile
-+++ b/src/import/Makefile
-@@ -38,7 +38,6 @@ contrib/cmd/recvtty/recvtty: $(SOURCES)
- 
- static: $(SOURCES)
- 	CGO_ENABLED=1 $(GO) build -i $(EXTRA_FLAGS) -tags "$(BUILDTAGS) cgo static_build" -ldflags "-w -extldflags -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -o runc .
--	CGO_ENABLED=1 $(GO) build -i $(EXTRA_FLAGS) -tags "$(BUILDTAGS) cgo static_build" -ldflags "-w -extldflags -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -o contrib/cmd/recvtty/recvtty ./contrib/cmd/recvtty
- 
- release:
- 	@flag_list=(seccomp selinux apparmor static); \
--- 
-2.7.4
-
diff --git a/import-layers/meta-virtualization/recipes-containers/runc/runc-docker/0001-Update-to-runtime-spec-198f23f827eea397d4331d7eb048d.patch b/import-layers/meta-virtualization/recipes-containers/runc/runc-docker/0001-Update-to-runtime-spec-198f23f827eea397d4331d7eb048d.patch
deleted file mode 100644
index bcc76fc..0000000
--- a/import-layers/meta-virtualization/recipes-containers/runc/runc-docker/0001-Update-to-runtime-spec-198f23f827eea397d4331d7eb048d.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-From e8ef6025a4f48620baf91737cd37eb5e6a40f48c Mon Sep 17 00:00:00 2001
-From: Justin Cormack <justin.cormack@docker.com>
-Date: Fri, 23 Jun 2017 17:14:59 -0700
-Subject: [PATCH 1/3] Update to runtime spec
- 198f23f827eea397d4331d7eb048d9d4c7ff7bee
-
-Updates memory limits to be int64, and removes Platform from spec.
-
-Signed-off-by: Justin Cormack <justin.cormack@docker.com>
----
- vendor.conf                                        |  2 +-
- .../opencontainers/runtime-spec/specs-go/config.go | 23 ++++++----------------
- 2 files changed, 7 insertions(+), 18 deletions(-)
-
-diff --git a/vendor.conf b/vendor.conf
-index e23e7ea7..09a8a924 100644
---- a/src/import/vendor.conf
-+++ b/src/import/vendor.conf
-@@ -1,7 +1,7 @@
- # OCI runtime-spec. When updating this, make sure you use a version tag rather
- # than a commit ID so it's much more obvious what version of the spec we are
- # using.
--github.com/opencontainers/runtime-spec 239c4e44f2a612ed85f6db9c66247aa33f437e91
-+github.com/opencontainers/runtime-spec 198f23f827eea397d4331d7eb048d9d4c7ff7bee
- # Core libcontainer functionality.
- github.com/mrunalp/fileutils ed869b029674c0e9ce4c0dfa781405c2d9946d08
- github.com/opencontainers/selinux v1.0.0-rc1
-diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
-index 8bf8d924..68ab112e 100644
---- a/src/import/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
-+++ b/src/import/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
-@@ -6,8 +6,6 @@ import "os"
- type Spec struct {
- 	// Version of the Open Container Runtime Specification with which the bundle complies.
- 	Version string `json:"ociVersion"`
--	// Platform specifies the configuration's target platform.
--	Platform Platform `json:"platform"`
- 	// Process configures the container process.
- 	Process *Process `json:"process,omitempty"`
- 	// Root configures the container's root filesystem.
-@@ -101,15 +99,6 @@ type Root struct {
- 	Readonly bool `json:"readonly,omitempty"`
- }
- 
--// Platform specifies OS and arch information for the host system that the container
--// is created for.
--type Platform struct {
--	// OS is the operating system.
--	OS string `json:"os"`
--	// Arch is the architecture
--	Arch string `json:"arch"`
--}
--
- // Mount specifies a mount for a container.
- type Mount struct {
- 	// Destination is the absolute path where the mount will be placed in the container.
-@@ -284,15 +273,15 @@ type LinuxBlockIO struct {
- // LinuxMemory for Linux cgroup 'memory' resource management
- type LinuxMemory struct {
- 	// Memory limit (in bytes).
--	Limit *uint64 `json:"limit,omitempty"`
-+	Limit *int64 `json:"limit,omitempty"`
- 	// Memory reservation or soft_limit (in bytes).
--	Reservation *uint64 `json:"reservation,omitempty"`
-+	Reservation *int64 `json:"reservation,omitempty"`
- 	// Total memory limit (memory + swap).
--	Swap *uint64 `json:"swap,omitempty"`
-+	Swap *int64 `json:"swap,omitempty"`
- 	// Kernel memory limit (in bytes).
--	Kernel *uint64 `json:"kernel,omitempty"`
-+	Kernel *int64 `json:"kernel,omitempty"`
- 	// Kernel memory limit for tcp (in bytes)
--	KernelTCP *uint64 `json:"kernelTCP,omitempty"`
-+	KernelTCP *int64 `json:"kernelTCP,omitempty"`
- 	// How aggressive the kernel will swap memory pages.
- 	Swappiness *uint64 `json:"swappiness,omitempty"`
- }
-@@ -486,7 +475,7 @@ type WindowsNetwork struct {
- 	EndpointList []string `json:"endpointList,omitempty"`
- 	// Specifies if unqualified DNS name resolution is allowed.
- 	AllowUnqualifiedDNSQuery bool `json:"allowUnqualifiedDNSQuery,omitempty"`
--	// Comma seperated list of DNS suffixes to use for name resolution.
-+	// Comma separated list of DNS suffixes to use for name resolution.
- 	DNSSearchList []string `json:"DNSSearchList,omitempty"`
- 	// Name (ID) of the container that we will share with the network stack.
- 	NetworkSharedContainerName string `json:"networkSharedContainerName,omitempty"`
--- 
-2.11.0
-
diff --git a/import-layers/meta-virtualization/recipes-containers/runc/runc-docker/0001-Use-correct-go-cross-compiler.patch b/import-layers/meta-virtualization/recipes-containers/runc/runc-docker/0001-Use-correct-go-cross-compiler.patch
deleted file mode 100644
index 8f5171a..0000000
--- a/import-layers/meta-virtualization/recipes-containers/runc/runc-docker/0001-Use-correct-go-cross-compiler.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-From 037c20b3b3ef5e9ead0282aa64f9b88c0c18934d Mon Sep 17 00:00:00 2001
-From: Paul Barker <pbarker@toganlabs.com>
-Date: Thu, 5 Oct 2017 13:14:40 +0000
-Subject: [PATCH] Use correct go cross-compiler
-
-We need to use '${GO}' as set by OpenEmbedded instead of just 'go'. Just using
-'go' will invoke go-native.
-
-Signed-off-by: Paul Barker <pbarker@toganlabs.com>
-Upstream-status: Inappropriate
----
- Makefile | 20 ++++++++++----------
- 1 file changed, 10 insertions(+), 10 deletions(-)
-
-diff --git a/Makefile b/Makefile
-index 8117892..0fcf508 100644
---- a/src/import/Makefile
-+++ b/src/import/Makefile
-@@ -27,18 +27,18 @@ SHELL := $(shell command -v bash 2>/dev/null)
- .DEFAULT: runc
- 
- runc: $(SOURCES)
--	go build -i $(EXTRA_FLAGS) -ldflags "-X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -tags "$(BUILDTAGS)" -o runc .
-+	$(GO) build -i $(EXTRA_FLAGS) -ldflags "-X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -tags "$(BUILDTAGS)" -o runc .
- 
- all: runc recvtty
- 
- recvtty: contrib/cmd/recvtty/recvtty
- 
- contrib/cmd/recvtty/recvtty: $(SOURCES)
--	go build -i $(EXTRA_FLAGS) -ldflags "-X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -tags "$(BUILDTAGS)" -o contrib/cmd/recvtty/recvtty ./contrib/cmd/recvtty
-+	$(GO) build -i $(EXTRA_FLAGS) -ldflags "-X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -tags "$(BUILDTAGS)" -o contrib/cmd/recvtty/recvtty ./contrib/cmd/recvtty
- 
- static: $(SOURCES)
--	CGO_ENABLED=1 go build -i $(EXTRA_FLAGS) -tags "$(BUILDTAGS) cgo static_build" -ldflags "-w -extldflags -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -o runc .
--	CGO_ENABLED=1 go build -i $(EXTRA_FLAGS) -tags "$(BUILDTAGS) cgo static_build" -ldflags "-w -extldflags -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -o contrib/cmd/recvtty/recvtty ./contrib/cmd/recvtty
-+	CGO_ENABLED=1 $(GO) build -i $(EXTRA_FLAGS) -tags "$(BUILDTAGS) cgo static_build" -ldflags "-w -extldflags -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -o runc .
-+	CGO_ENABLED=1 $(GO) build -i $(EXTRA_FLAGS) -tags "$(BUILDTAGS) cgo static_build" -ldflags "-w -extldflags -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -o contrib/cmd/recvtty/recvtty ./contrib/cmd/recvtty
- 
- release:
- 	@flag_list=(seccomp selinux apparmor static); \
-@@ -62,15 +62,15 @@ release:
- 			CGO_ENABLED=1; \
- 		}; \
- 		echo "Building target: $$output"; \
--		go build -i $(EXTRA_FLAGS) -ldflags "$$ldflags $(EXTRA_LDFLAGS)" -tags "$$tags" -o "$$output" .; \
-+		$(GO) build -i $(EXTRA_FLAGS) -ldflags "$$ldflags $(EXTRA_LDFLAGS)" -tags "$$tags" -o "$$output" .; \
- 	done
- 
- dbuild: runcimage
- 	docker run --rm -v $(CURDIR):/go/src/$(PROJECT) --privileged $(RUNC_IMAGE) make clean all
- 
- lint:
--	go vet $(allpackages)
--	go fmt $(allpackages)
-+	$(GO) vet $(allpackages)
-+	$(GO) fmt $(allpackages)
- 
- man:
- 	man/md2man-all.sh
-@@ -88,7 +88,7 @@ unittest: runcimage
- 	docker run -e TESTFLAGS -t --privileged --rm -v $(CURDIR):/go/src/$(PROJECT) $(RUNC_IMAGE) make localunittest
- 
- localunittest: all
--	go test -timeout 3m -tags "$(BUILDTAGS)" ${TESTFLAGS} -v $(allpackages)
-+	$(GO) test -timeout 3m -tags "$(BUILDTAGS)" ${TESTFLAGS} -v $(allpackages)
- 
- integration: runcimage
- 	docker run -e TESTFLAGS -t --privileged --rm -v $(CURDIR):/go/src/$(PROJECT) $(RUNC_IMAGE) make localintegration
-@@ -134,10 +134,10 @@ clean:
- validate:
- 	script/validate-gofmt
- 	script/validate-shfmt
--	go vet $(allpackages)
-+	$(GO) vet $(allpackages)
- 
- ci: validate localtest
- 
- # memoize allpackages, so that it's executed only once and only if used
--_allpackages = $(shell go list ./... | grep -v vendor)
-+_allpackages = $(shell $(GO) list ./... | grep -v vendor)
- allpackages = $(if $(__allpackages),,$(eval __allpackages := $$(_allpackages)))$(__allpackages)
--- 
-2.7.4
-
diff --git a/import-layers/meta-virtualization/recipes-containers/runc/runc-docker/0001-build-drop-recvtty-and-use-GOBUILDFLAGS.patch b/import-layers/meta-virtualization/recipes-containers/runc/runc-docker/0001-build-drop-recvtty-and-use-GOBUILDFLAGS.patch
new file mode 100644
index 0000000..f885aaf
--- /dev/null
+++ b/import-layers/meta-virtualization/recipes-containers/runc/runc-docker/0001-build-drop-recvtty-and-use-GOBUILDFLAGS.patch
@@ -0,0 +1,27 @@
+From a9a2b9e72027d0b2357f6dfe8b154762aaa8dd02 Mon Sep 17 00:00:00 2001
+From: Bruce Ashfield <bruce.ashfield@windriver.com>
+Date: Thu, 19 Apr 2018 16:39:41 -0400
+Subject: [PATCH] build: drop recvtty and use GOBUILDFLAGS
+
+Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
+---
+ Makefile | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/src/import/Makefile b/src/import/Makefile
+index c6de11d..0e9bddb 100644
+--- a/src/import/Makefile
++++ b/src/import/Makefile
+@@ -39,8 +39,7 @@ contrib/cmd/recvtty/recvtty: $(SOURCES)
+ 	$(GO) build -buildmode=pie $(EXTRA_FLAGS) -ldflags "-X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -tags "$(BUILDTAGS)" -o contrib/cmd/recvtty/recvtty ./contrib/cmd/recvtty
+ 
+ static: $(SOURCES)
+-	CGO_ENABLED=1 $(GO) build $(EXTRA_FLAGS) -tags "$(BUILDTAGS) netgo cgo static_build" -installsuffix netgo -ldflags "-w -extldflags -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -o runc .
+-	CGO_ENABLED=1 $(GO) build $(EXTRA_FLAGS) -tags "$(BUILDTAGS) netgo cgo static_build" -installsuffix netgo -ldflags "-w -extldflags -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -o contrib/cmd/recvtty/recvtty ./contrib/cmd/recvtty
++	CGO_ENABLED=1 $(GO) build -tags "$(BUILDTAGS) netgo cgo static_build" -installsuffix netgo -ldflags "-w -extldflags -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" $(GOBUILDFLAGS) -o runc .
+ 
+ release:
+ 	script/release.sh -r release/$(VERSION) -v $(VERSION)
+-- 
+2.7.4
+
diff --git a/import-layers/meta-virtualization/recipes-containers/runc/runc-docker/0001-runc-docker-SIGUSR1-daemonize.patch b/import-layers/meta-virtualization/recipes-containers/runc/runc-docker/0001-runc-docker-SIGUSR1-daemonize.patch
new file mode 100644
index 0000000..9ccbccb
--- /dev/null
+++ b/import-layers/meta-virtualization/recipes-containers/runc/runc-docker/0001-runc-docker-SIGUSR1-daemonize.patch
@@ -0,0 +1,129 @@
+From cd7d76a6d1ecb1856f6ed666fb5c30dc105aa94e Mon Sep 17 00:00:00 2001
+From: Jason Wessel <jason.wessel@windriver.com>
+Date: Tue, 5 Dec 2017 18:28:28 -0800
+Subject: [PATCH] runc-docker: Allow "run start ..." to daemonize with $SIGUSR1_PARENT_PID
+
+The runc-docker has all the code in it to properly run a stop hook if
+you use it in the foreground.  It doesn't work in the back ground
+because there is no way for a golang application to fork a child exit
+out of the parent process because all the golang threads stay with the
+parent.
+
+This patch has three parts that happen ONLY when $SIGUSR1_PARENT_PID
+is set.
+
+1) The code was copied which performs the normal the signal handling
+   block which is used for the foreground operation of runc.
+
+2) At the point where runc start would normally exit, it closes
+   stdin/stdout/stderr so it would be possible to daemonize "runc start ...".
+
+3) The code to send a SIGUSR1 to the parent process was added.  The
+   idea being that a parent process would simply exit at that point
+   because it was blocking until runc performed everything it was
+   required to perform.
+
+Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
+---
+ signals.go     | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++----
+ utils_linux.go |  2 +-
+ 2 files changed, 51 insertions(+), 5 deletions(-)
+
+Index: git/src/import/signals.go
+===================================================================
+--- git.orig/src/import/signals.go
++++ git/src/import/signals.go
+@@ -6,6 +6,7 @@
+ 	"os"
+ 	"os/signal"
+ 	"syscall" // only for Signal
++	"strconv"
+ 
+ 	"github.com/opencontainers/runc/libcontainer"
+ 	"github.com/opencontainers/runc/libcontainer/system"
+@@ -56,9 +57,6 @@
+ func (h *signalHandler) forward(process *libcontainer.Process, tty *tty, detach bool) (int, error) {
+ 	// make sure we know the pid of our main process so that we can return
+ 	// after it dies.
+-	if detach && h.notifySocket == nil {
+-		return 0, nil
+-	}
+ 
+ 	pid1, err := process.Pid()
+ 	if err != nil {
+@@ -68,12 +66,61 @@
+ 	if h.notifySocket != nil {
+ 		if detach {
+ 			h.notifySocket.run(pid1)
+-			return 0, nil
+ 		} else {
+ 			go h.notifySocket.run(0)
+ 		}
+ 	}
+ 
++	if (detach) {
++		// This allows the parent process to daemonize this process
++		// so long as stdin/stderr/stdout are closed
++		if envVal := os.Getenv("SIGUSR1_PARENT_PID"); envVal != "" {
++			// Close stdin/stdout/stderr
++			os.Stdin.Close()
++			os.Stdout.Close()
++			os.Stderr.Close()
++			// Notify parent to detach
++			i, err := strconv.Atoi(envVal)
++			if (err != nil) {
++				return 0, nil
++			}
++			unix.Kill(i, unix.SIGUSR1)
++			// Loop waiting on the child to signal or exit,
++			// after which all stop hooks will be run
++			for s := range h.signals {
++				switch s {
++				case unix.SIGCHLD:
++					exits, err := h.reap()
++					if err != nil {
++						logrus.Error(err)
++					}
++					for _, e := range exits {
++						logrus.WithFields(logrus.Fields{
++							"pid":    e.pid,
++							"status": e.status,
++						}).Debug("process exited")
++						if e.pid == pid1 {
++							// call Wait() on the process even though we already have the exit
++							// status because we must ensure that any of the go specific process
++							// fun such as flushing pipes are complete before we return.
++							process.Wait()
++							if h.notifySocket != nil {
++								h.notifySocket.Close()
++							}
++							return e.status, nil
++						}
++					}
++				default:
++					logrus.Debugf("sending signal to process %s", s)
++					if err := unix.Kill(pid1, s.(syscall.Signal)); err != nil {
++						logrus.Error(err)
++					}
++				}
++			}
++		}
++		return 0, nil
++	}
++
+ 	// Perform the initial tty resize. Always ignore errors resizing because
+ 	// stdout might have disappeared (due to races with when SIGHUP is sent).
+ 	_ = tty.resize()
+Index: git/src/import/utils_linux.go
+===================================================================
+--- git.orig/src/import/utils_linux.go
++++ git/src/import/utils_linux.go
+@@ -338,7 +338,7 @@
+ 	if err != nil {
+ 		r.terminate(process)
+ 	}
+-	if detach {
++	if (detach && os.Getenv("SIGUSR1_PARENT_PID") == "") {
+ 		return 0, nil
+ 	}
+ 	r.destroy()
diff --git a/import-layers/meta-virtualization/recipes-containers/runc/runc-docker/0002-Remove-Platform-as-no-longer-in-OCI-spec.patch b/import-layers/meta-virtualization/recipes-containers/runc/runc-docker/0002-Remove-Platform-as-no-longer-in-OCI-spec.patch
deleted file mode 100644
index 7970dec..0000000
--- a/import-layers/meta-virtualization/recipes-containers/runc/runc-docker/0002-Remove-Platform-as-no-longer-in-OCI-spec.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-From e1146182a8cebb5a6133a9e298a5e4acf99652e9 Mon Sep 17 00:00:00 2001
-From: Justin Cormack <justin.cormack@docker.com>
-Date: Fri, 23 Jun 2017 17:16:08 -0700
-Subject: [PATCH 2/3] Remove Platform as no longer in OCI spec
-
-This was never used, just validated, so was removed from spec.
-
-Signed-off-by: Justin Cormack <justin.cormack@docker.com>
----
- libcontainer/specconv/example.go |  5 -----
- spec.go                          | 14 --------------
- 2 files changed, 19 deletions(-)
-
-diff --git a/libcontainer/specconv/example.go b/libcontainer/specconv/example.go
-index 33134116..d6621194 100644
---- a/src/import/libcontainer/specconv/example.go
-+++ b/src/import/libcontainer/specconv/example.go
-@@ -2,7 +2,6 @@ package specconv
- 
- import (
- 	"os"
--	"runtime"
- 	"strings"
- 
- 	"github.com/opencontainers/runtime-spec/specs-go"
-@@ -15,10 +14,6 @@ func sPtr(s string) *string { return &s }
- func Example() *specs.Spec {
- 	return &specs.Spec{
- 		Version: specs.Version,
--		Platform: specs.Platform{
--			OS:   runtime.GOOS,
--			Arch: runtime.GOARCH,
--		},
- 		Root: specs.Root{
- 			Path:     "rootfs",
- 			Readonly: true,
-diff --git a/spec.go b/spec.go
-index 92d38f57..876937d2 100644
---- a/src/import/spec.go
-+++ b/src/import/spec.go
-@@ -7,7 +7,6 @@ import (
- 	"fmt"
- 	"io/ioutil"
- 	"os"
--	"runtime"
- 
- 	"github.com/opencontainers/runc/libcontainer/configs"
- 	"github.com/opencontainers/runc/libcontainer/specconv"
-@@ -131,9 +130,6 @@ func loadSpec(cPath string) (spec *specs.Spec, err error) {
- 	if err = json.NewDecoder(cf).Decode(&spec); err != nil {
- 		return nil, err
- 	}
--	if err = validatePlatform(&spec.Platform); err != nil {
--		return nil, err
--	}
- 	return spec, validateProcessSpec(spec.Process)
- }
- 
-@@ -148,13 +144,3 @@ func createLibContainerRlimit(rlimit specs.LinuxRlimit) (configs.Rlimit, error)
- 		Soft: rlimit.Soft,
- 	}, nil
- }
--
--func validatePlatform(platform *specs.Platform) error {
--	if platform.OS != runtime.GOOS {
--		return fmt.Errorf("target os %s mismatch with current os %s", platform.OS, runtime.GOOS)
--	}
--	if platform.Arch != runtime.GOARCH {
--		return fmt.Errorf("target arch %s mismatch with current arch %s", platform.Arch, runtime.GOARCH)
--	}
--	return nil
--}
--- 
-2.11.0
-
diff --git a/import-layers/meta-virtualization/recipes-containers/runc/runc-docker/0003-Update-memory-specs-to-use-int64-not-uint64.patch b/import-layers/meta-virtualization/recipes-containers/runc/runc-docker/0003-Update-memory-specs-to-use-int64-not-uint64.patch
deleted file mode 100644
index 50a9b7f..0000000
--- a/import-layers/meta-virtualization/recipes-containers/runc/runc-docker/0003-Update-memory-specs-to-use-int64-not-uint64.patch
+++ /dev/null
@@ -1,194 +0,0 @@
-From 3d9074ead33a5c27dc20bb49457c69c6d2ae6b57 Mon Sep 17 00:00:00 2001
-From: Justin Cormack <justin.cormack@docker.com>
-Date: Fri, 23 Jun 2017 17:17:00 -0700
-Subject: [PATCH 3/3] Update memory specs to use int64 not uint64
-
-replace #1492 #1494
-fix #1422
-
-Since https://github.com/opencontainers/runtime-spec/pull/876 the memory
-specifications are now `int64`, as that better matches the visible interface where
-`-1` is a valid value. Otherwise finding the correct value was difficult as it
-was kernel dependent.
-
-Signed-off-by: Justin Cormack <justin.cormack@docker.com>
----
- libcontainer/cgroups/fs/memory.go    | 36 +++++++++++++++++-------------------
- libcontainer/configs/cgroup_linux.go | 10 +++++-----
- update.go                            | 14 +++++++-------
- 3 files changed, 29 insertions(+), 31 deletions(-)
-
-diff --git a/libcontainer/cgroups/fs/memory.go b/libcontainer/cgroups/fs/memory.go
-index da2cc9f8..b739c631 100644
---- a/src/import/libcontainer/cgroups/fs/memory.go
-+++ b/src/import/libcontainer/cgroups/fs/memory.go
-@@ -73,14 +73,14 @@ func EnableKernelMemoryAccounting(path string) error {
- 	// until a limit is set on the cgroup and limit cannot be set once the
- 	// cgroup has children, or if there are already tasks in the cgroup.
- 	for _, i := range []int64{1, -1} {
--		if err := setKernelMemory(path, uint64(i)); err != nil {
-+		if err := setKernelMemory(path, i); err != nil {
- 			return err
- 		}
- 	}
- 	return nil
- }
- 
--func setKernelMemory(path string, kernelMemoryLimit uint64) error {
-+func setKernelMemory(path string, kernelMemoryLimit int64) error {
- 	if path == "" {
- 		return fmt.Errorf("no such directory for %s", cgroupKernelMemoryLimit)
- 	}
-@@ -88,7 +88,7 @@ func setKernelMemory(path string, kernelMemoryLimit uint64) error {
- 		// kernel memory is not enabled on the system so we should do nothing
- 		return nil
- 	}
--	if err := ioutil.WriteFile(filepath.Join(path, cgroupKernelMemoryLimit), []byte(strconv.FormatUint(kernelMemoryLimit, 10)), 0700); err != nil {
-+	if err := ioutil.WriteFile(filepath.Join(path, cgroupKernelMemoryLimit), []byte(strconv.FormatInt(kernelMemoryLimit, 10)), 0700); err != nil {
- 		// Check if the error number returned by the syscall is "EBUSY"
- 		// The EBUSY signal is returned on attempts to write to the
- 		// memory.kmem.limit_in_bytes file if the cgroup has children or
-@@ -106,14 +106,12 @@ func setKernelMemory(path string, kernelMemoryLimit uint64) error {
- }
- 
- func setMemoryAndSwap(path string, cgroup *configs.Cgroup) error {
--	ulimited := -1
--
--	// If the memory update is set to uint64(-1) we should also
--	// set swap to uint64(-1), it means unlimited memory.
--	if cgroup.Resources.Memory == uint64(ulimited) {
--		// Only set swap if it's enbled in kernel
-+	// If the memory update is set to -1 we should also
-+	// set swap to -1, it means unlimited memory.
-+	if cgroup.Resources.Memory == -1 {
-+		// Only set swap if it's enabled in kernel
- 		if cgroups.PathExists(filepath.Join(path, cgroupMemorySwapLimit)) {
--			cgroup.Resources.MemorySwap = uint64(ulimited)
-+			cgroup.Resources.MemorySwap = -1
- 		}
- 	}
- 
-@@ -128,29 +126,29 @@ func setMemoryAndSwap(path string, cgroup *configs.Cgroup) error {
- 		// When update memory limit, we should adapt the write sequence
- 		// for memory and swap memory, so it won't fail because the new
- 		// value and the old value don't fit kernel's validation.
--		if cgroup.Resources.MemorySwap == uint64(ulimited) || memoryUsage.Limit < cgroup.Resources.MemorySwap {
--			if err := writeFile(path, cgroupMemorySwapLimit, strconv.FormatUint(cgroup.Resources.MemorySwap, 10)); err != nil {
-+		if cgroup.Resources.MemorySwap == -1 || memoryUsage.Limit < uint64(cgroup.Resources.MemorySwap) {
-+			if err := writeFile(path, cgroupMemorySwapLimit, strconv.FormatInt(cgroup.Resources.MemorySwap, 10)); err != nil {
- 				return err
- 			}
--			if err := writeFile(path, cgroupMemoryLimit, strconv.FormatUint(cgroup.Resources.Memory, 10)); err != nil {
-+			if err := writeFile(path, cgroupMemoryLimit, strconv.FormatInt(cgroup.Resources.Memory, 10)); err != nil {
- 				return err
- 			}
- 		} else {
--			if err := writeFile(path, cgroupMemoryLimit, strconv.FormatUint(cgroup.Resources.Memory, 10)); err != nil {
-+			if err := writeFile(path, cgroupMemoryLimit, strconv.FormatInt(cgroup.Resources.Memory, 10)); err != nil {
- 				return err
- 			}
--			if err := writeFile(path, cgroupMemorySwapLimit, strconv.FormatUint(cgroup.Resources.MemorySwap, 10)); err != nil {
-+			if err := writeFile(path, cgroupMemorySwapLimit, strconv.FormatInt(cgroup.Resources.MemorySwap, 10)); err != nil {
- 				return err
- 			}
- 		}
- 	} else {
- 		if cgroup.Resources.Memory != 0 {
--			if err := writeFile(path, cgroupMemoryLimit, strconv.FormatUint(cgroup.Resources.Memory, 10)); err != nil {
-+			if err := writeFile(path, cgroupMemoryLimit, strconv.FormatInt(cgroup.Resources.Memory, 10)); err != nil {
- 				return err
- 			}
- 		}
- 		if cgroup.Resources.MemorySwap != 0 {
--			if err := writeFile(path, cgroupMemorySwapLimit, strconv.FormatUint(cgroup.Resources.MemorySwap, 10)); err != nil {
-+			if err := writeFile(path, cgroupMemorySwapLimit, strconv.FormatInt(cgroup.Resources.MemorySwap, 10)); err != nil {
- 				return err
- 			}
- 		}
-@@ -171,13 +169,13 @@ func (s *MemoryGroup) Set(path string, cgroup *configs.Cgroup) error {
- 	}
- 
- 	if cgroup.Resources.MemoryReservation != 0 {
--		if err := writeFile(path, "memory.soft_limit_in_bytes", strconv.FormatUint(cgroup.Resources.MemoryReservation, 10)); err != nil {
-+		if err := writeFile(path, "memory.soft_limit_in_bytes", strconv.FormatInt(cgroup.Resources.MemoryReservation, 10)); err != nil {
- 			return err
- 		}
- 	}
- 
- 	if cgroup.Resources.KernelMemoryTCP != 0 {
--		if err := writeFile(path, "memory.kmem.tcp.limit_in_bytes", strconv.FormatUint(cgroup.Resources.KernelMemoryTCP, 10)); err != nil {
-+		if err := writeFile(path, "memory.kmem.tcp.limit_in_bytes", strconv.FormatInt(cgroup.Resources.KernelMemoryTCP, 10)); err != nil {
- 			return err
- 		}
- 	}
-diff --git a/libcontainer/configs/cgroup_linux.go b/libcontainer/configs/cgroup_linux.go
-index 3e0509de..e15a662f 100644
---- a/src/import/libcontainer/configs/cgroup_linux.go
-+++ b/src/import/libcontainer/configs/cgroup_linux.go
-@@ -43,19 +43,19 @@ type Resources struct {
- 	Devices []*Device `json:"devices"`
- 
- 	// Memory limit (in bytes)
--	Memory uint64 `json:"memory"`
-+	Memory int64 `json:"memory"`
- 
- 	// Memory reservation or soft_limit (in bytes)
--	MemoryReservation uint64 `json:"memory_reservation"`
-+	MemoryReservation int64 `json:"memory_reservation"`
- 
- 	// Total memory usage (memory + swap); set `-1` to enable unlimited swap
--	MemorySwap uint64 `json:"memory_swap"`
-+	MemorySwap int64 `json:"memory_swap"`
- 
- 	// Kernel memory limit (in bytes)
--	KernelMemory uint64 `json:"kernel_memory"`
-+	KernelMemory int64 `json:"kernel_memory"`
- 
- 	// Kernel memory limit for TCP use (in bytes)
--	KernelMemoryTCP uint64 `json:"kernel_memory_tcp"`
-+	KernelMemoryTCP int64 `json:"kernel_memory_tcp"`
- 
- 	// CPU shares (relative weight vs. other containers)
- 	CpuShares uint64 `json:"cpu_shares"`
-diff --git a/update.go b/update.go
-index 0ea90d60..133be999 100644
---- a/src/import/update.go
-+++ b/src/import/update.go
-@@ -124,11 +124,11 @@ other options are ignored.
- 
- 		r := specs.LinuxResources{
- 			Memory: &specs.LinuxMemory{
--				Limit:       u64Ptr(0),
--				Reservation: u64Ptr(0),
--				Swap:        u64Ptr(0),
--				Kernel:      u64Ptr(0),
--				KernelTCP:   u64Ptr(0),
-+				Limit:       i64Ptr(0),
-+				Reservation: i64Ptr(0),
-+				Swap:        i64Ptr(0),
-+				Kernel:      i64Ptr(0),
-+				KernelTCP:   i64Ptr(0),
- 			},
- 			CPU: &specs.LinuxCPU{
- 				Shares:          u64Ptr(0),
-@@ -213,7 +213,7 @@ other options are ignored.
- 			}
- 			for _, pair := range []struct {
- 				opt  string
--				dest *uint64
-+				dest *int64
- 			}{
- 				{"memory", r.Memory.Limit},
- 				{"memory-swap", r.Memory.Swap},
-@@ -232,7 +232,7 @@ other options are ignored.
- 					} else {
- 						v = -1
- 					}
--					*pair.dest = uint64(v)
-+					*pair.dest = v
- 				}
- 			}
- 			r.Pids.Limit = int64(context.Int("pids-limit"))
--- 
-2.11.0
-
diff --git a/import-layers/meta-virtualization/recipes-containers/runc/runc-docker_git.bb b/import-layers/meta-virtualization/recipes-containers/runc/runc-docker_git.bb
index 9db48ee..81e5a5d 100644
--- a/import-layers/meta-virtualization/recipes-containers/runc/runc-docker_git.bb
+++ b/import-layers/meta-virtualization/recipes-containers/runc/runc-docker_git.bb
@@ -2,14 +2,11 @@
 
 # Note: this rev is before the required protocol field, update when all components
 #       have been updated to match.
-SRCREV_runc-docker = "9d6821d1b53908e249487741eccd567249ca1d99"
-SRC_URI = "git://github.com/docker/runc.git;nobranch=1;name=runc-docker \
-           file://0001-Update-to-runtime-spec-198f23f827eea397d4331d7eb048d.patch \
-           file://0002-Remove-Platform-as-no-longer-in-OCI-spec.patch \
-           file://0003-Update-memory-specs-to-use-int64-not-uint64.patch \
+SRCREV_runc-docker = "4fc53a81fb7c994640722ac585fa9ca548971871"
+SRC_URI = "git://github.com/opencontainers/runc;nobranch=1;name=runc-docker \
            file://0001-runc-Add-console-socket-dev-null.patch \
-           file://0001-Use-correct-go-cross-compiler.patch \
-           file://0001-Disable-building-recvtty.patch \
+           file://0001-build-drop-recvtty-and-use-GOBUILDFLAGS.patch \
+           file://0001-runc-docker-SIGUSR1-daemonize.patch \
           "
 
-RUNC_VERSION = "1.0.0-rc3"
+RUNC_VERSION = "1.0.0-rc5"
diff --git a/import-layers/meta-virtualization/recipes-containers/runc/runc-opencontainers/0001-Use-correct-go-cross-compiler.patch b/import-layers/meta-virtualization/recipes-containers/runc/runc-opencontainers/0001-Use-correct-go-cross-compiler.patch
deleted file mode 100644
index 67d7014..0000000
--- a/import-layers/meta-virtualization/recipes-containers/runc/runc-opencontainers/0001-Use-correct-go-cross-compiler.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-From 621e5e9a196daaaf5eb430a413fe51218cf42c89 Mon Sep 17 00:00:00 2001
-From: Paul Barker <pbarker@toganlabs.com>
-Date: Wed, 4 Oct 2017 15:45:27 +0000
-Subject: [PATCH] Use correct go cross-compiler
-
-We need to use '${GO}' as set by OpenEmbedded instead of just 'go'. Just using
-'go' will invoke go-native.
-
-Signed-off-by: Paul Barker <pbarker@toganlabs.com>
-Upstream-status: Inappropriate
----
- Makefile | 20 ++++++++++----------
- 1 file changed, 10 insertions(+), 10 deletions(-)
-
-diff --git a/Makefile b/Makefile
-index 6781ac7..74e551d 100644
---- a/src/import/Makefile
-+++ b/src/import/Makefile
-@@ -27,18 +27,18 @@ SHELL := $(shell command -v bash 2>/dev/null)
- .DEFAULT: runc
- 
- runc: $(SOURCES)
--	go build -i $(EXTRA_FLAGS) -ldflags "-X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -tags "$(BUILDTAGS)" -o runc .
-+	$(GO) build -i $(EXTRA_FLAGS) -ldflags "-X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -tags "$(BUILDTAGS)" -o runc .
- 
- all: runc recvtty
- 
- recvtty: contrib/cmd/recvtty/recvtty
- 
- contrib/cmd/recvtty/recvtty: $(SOURCES)
--	go build -i $(EXTRA_FLAGS) -ldflags "-X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -tags "$(BUILDTAGS)" -o contrib/cmd/recvtty/recvtty ./contrib/cmd/recvtty
-+	$(GO) build -i $(EXTRA_FLAGS) -ldflags "-X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -tags "$(BUILDTAGS)" -o contrib/cmd/recvtty/recvtty ./contrib/cmd/recvtty
- 
- static: $(SOURCES)
--	CGO_ENABLED=1 go build -i $(EXTRA_FLAGS) -tags "$(BUILDTAGS) cgo static_build" -ldflags "-w -extldflags -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -o runc .
--	CGO_ENABLED=1 go build -i $(EXTRA_FLAGS) -tags "$(BUILDTAGS) cgo static_build" -ldflags "-w -extldflags -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -o contrib/cmd/recvtty/recvtty ./contrib/cmd/recvtty
-+	CGO_ENABLED=1 $(GO) build -i $(EXTRA_FLAGS) -tags "$(BUILDTAGS) cgo static_build" -ldflags "-w -extldflags -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -o runc .
-+	CGO_ENABLED=1 $(GO) build -i $(EXTRA_FLAGS) -tags "$(BUILDTAGS) cgo static_build" -ldflags "-w -extldflags -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -o contrib/cmd/recvtty/recvtty ./contrib/cmd/recvtty
- 
- release:
- 	@flag_list=(seccomp selinux apparmor static); \
-@@ -62,15 +62,15 @@ release:
- 			CGO_ENABLED=1; \
- 		}; \
- 		echo "Building target: $$output"; \
--		go build -i $(EXTRA_FLAGS) -ldflags "$$ldflags $(EXTRA_LDFLAGS)" -tags "$$tags" -o "$$output" .; \
-+		$(GO) build -i $(EXTRA_FLAGS) -ldflags "$$ldflags $(EXTRA_LDFLAGS)" -tags "$$tags" -o "$$output" .; \
- 	done
- 
- dbuild: runcimage
- 	docker run --rm -v $(CURDIR):/go/src/$(PROJECT) --privileged $(RUNC_IMAGE) make clean all
- 
- lint:
--	go vet $(allpackages)
--	go fmt $(allpackages)
-+	$(GO) vet $(allpackages)
-+	$(GO) fmt $(allpackages)
- 
- man:
- 	man/md2man-all.sh
-@@ -88,7 +88,7 @@ unittest: runcimage
- 	docker run -e TESTFLAGS -t --privileged --rm -v $(CURDIR):/go/src/$(PROJECT) $(RUNC_IMAGE) make localunittest
- 
- localunittest: all
--	go test -timeout 3m -tags "$(BUILDTAGS)" ${TESTFLAGS} -v $(allpackages)
-+	$(GO) test -timeout 3m -tags "$(BUILDTAGS)" ${TESTFLAGS} -v $(allpackages)
- 
- integration: runcimage
- 	docker run -e TESTFLAGS -t --privileged --rm -v $(CURDIR):/go/src/$(PROJECT) $(RUNC_IMAGE) make localintegration
-@@ -133,10 +133,10 @@ clean:
- 
- validate:
- 	script/validate-gofmt
--	go vet $(allpackages)
-+	$(GO) vet $(allpackages)
- 
- ci: validate localtest
- 
- # memoize allpackages, so that it's executed only once and only if used
--_allpackages = $(shell go list ./... | grep -v vendor)
-+_allpackages = $(shell $(GO) list ./... | grep -v vendor)
- allpackages = $(if $(__allpackages),,$(eval __allpackages := $$(_allpackages)))$(__allpackages)
--- 
-2.7.4
-
diff --git a/import-layers/meta-virtualization/recipes-containers/runc/runc-opencontainers_git.bb b/import-layers/meta-virtualization/recipes-containers/runc/runc-opencontainers_git.bb
index a97676b..ed48abf 100644
--- a/import-layers/meta-virtualization/recipes-containers/runc/runc-opencontainers_git.bb
+++ b/import-layers/meta-virtualization/recipes-containers/runc/runc-opencontainers_git.bb
@@ -1,8 +1,7 @@
 include runc.inc
 
-SRCREV = "2e7cfe036e2c6dc51ccca6eb7fa3ee6b63976dcd"
+SRCREV = "58415b4b12650291f435db8770cea48207b78afe"
 SRC_URI = " \
     git://github.com/opencontainers/runc;branch=master \
-    file://0001-Use-correct-go-cross-compiler.patch \
     "
-RUNC_VERSION = "1.0.0-rc4"
+RUNC_VERSION = "1.0.0-rc5"
diff --git a/import-layers/meta-virtualization/recipes-containers/runc/runc.inc b/import-layers/meta-virtualization/recipes-containers/runc/runc.inc
index 0179103..9199cef 100644
--- a/import-layers/meta-virtualization/recipes-containers/runc/runc.inc
+++ b/import-layers/meta-virtualization/recipes-containers/runc/runc.inc
@@ -11,6 +11,8 @@
 PV = "${RUNC_VERSION}+git${SRCPV}"
 
 inherit go
+inherit goarch
+
 RRECOMMENDS_${PN} = "lxc docker"
 PROVIDES += "virtual/runc"
 RPROVIDES_${PN} = "virtual/runc"
@@ -20,7 +22,7 @@
 LIBCONTAINER_PACKAGE="github.com/opencontainers/runc/libcontainer"
 
 do_configure[noexec] = "1"
-EXTRA_OEMAKE="BUILDTAGS=''"
+EXTRA_OEMAKE="BUILDTAGS='' GO=${GO}"
 
 do_compile() {
 	# Set GOPATH. See 'PACKAGERS.md'. Don't rely on
@@ -44,10 +46,12 @@
 	export CGO_ENABLED="1"
 	export CGO_CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_TARGET}"
 	export CGO_LDFLAGS="${LDFLAGS} --sysroot=${STAGING_DIR_TARGET}"
+	export GO=${GO}
+
 	export CFLAGS=""
 	export LDFLAGS=""
 
-        oe_runmake static
+	oe_runmake static
 }
 
 do_install() {