From fcadb77b97b2a305ce83798f11e977d8925748c0 Mon Sep 17 00:00:00 2001
From: Boris Pruessmann <boris@pruessmann.org>
Date: Sat, 4 Mar 2017 08:27:35 +0100
Subject: [PATCH] seccomp support for debian jessie

Based on jessie-backports.

Signed-off-by: Boris Pruessmann <boris@pruessmann.org>
---
 .../deb/aarch64/debian-jessie/Dockerfile      |  6 ++--
 contrib/builder/deb/aarch64/generate.sh       | 29 +++++++++++++------
 2 files changed, 23 insertions(+), 12 deletions(-)

diff --git a/contrib/builder/deb/aarch64/debian-jessie/Dockerfile b/contrib/builder/deb/aarch64/debian-jessie/Dockerfile
index b86c9dffe1..e165da4978 100644
--- a/contrib/builder/deb/aarch64/debian-jessie/Dockerfile
+++ b/contrib/builder/deb/aarch64/debian-jessie/Dockerfile
@@ -5,7 +5,7 @@
 FROM aarch64/debian:jessie
 
 RUN echo deb http://ftp.debian.org/debian jessie-backports main > /etc/apt/sources.list.d/backports.list
-RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev pkg-config vim-common libsystemd-journal-dev golang-1.6-go --no-install-recommends && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev pkg-config vim-common libsystemd-journal-dev golang-1.6-go libseccomp-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
 
 RUN update-alternatives --install /usr/bin/go go /usr/lib/go-1.6/bin/go 100
 
@@ -21,5 +21,5 @@ ENV PATH /usr/src/go/bin:$PATH
 
 ENV AUTO_GOPATH 1
 
-ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux
-ENV RUNC_BUILDTAGS apparmor selinux
+ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux seccomp
+ENV RUNC_BUILDTAGS apparmor selinux seccomp
diff --git a/contrib/builder/deb/aarch64/generate.sh b/contrib/builder/deb/aarch64/generate.sh
index 0ef5a03506..647bf8fc28 100755
--- a/contrib/builder/deb/aarch64/generate.sh
+++ b/contrib/builder/deb/aarch64/generate.sh
@@ -61,7 +61,7 @@ for version in "${versions[@]}"; do
 	)
 
 	case "$suite" in
-		jessie|trusty)
+		trusty)
 			packages+=( libsystemd-journal-dev )
 			# aarch64 doesn't have an official downloadable binary for go.
 			# And gccgo for trusty only includes Go 1.2 implementation which
@@ -69,9 +69,20 @@ for version in "${versions[@]}"; do
 			# golang-1.6-go package can be used as bootstrap.
 			packages+=( golang-1.6-go )
 			;;
+		jessie)
+			packages+=( libsystemd-journal-dev )
+			# aarch64 doesn't have an official downloadable binary for go.
+			# And gccgo for jessie only includes Go 1.2 implementation which
+			# is too old to build current go source, fortunately jessie backports
+			# has golang-1.6-go package can be used as bootstrap.
+			packages+=( golang-1.6-go libseccomp-dev )
+
+			dockerBuildTags="$dockerBuildTags seccomp"
+			runcBuildTags="$runcBuildTags seccomp"
+			;;
 		stretch|xenial)
 			packages+=( libsystemd-dev )
-			packages+=( golang-go libseccomp-dev)
+			packages+=( golang-go libseccomp-dev )
 
 			dockerBuildTags="$dockerBuildTags seccomp"
 			runcBuildTags="$runcBuildTags seccomp"
@@ -83,13 +94,13 @@ for version in "${versions[@]}"; do
 			;;
 	esac
 
-    case "$suite" in
-        jessie)
-            echo 'RUN echo deb http://ftp.debian.org/debian jessie-backports main > /etc/apt/sources.list.d/backports.list' >> "$version/Dockerfile"
-            ;;
-        *)
-            ;;
-    esac
+	case "$suite" in
+		jessie)
+			echo 'RUN echo deb http://ftp.debian.org/debian jessie-backports main > /etc/apt/sources.list.d/backports.list' >> "$version/Dockerfile"
+			;;
+		*)
+			;;
+	esac
 
 	# update and install packages
 	echo "RUN apt-get update && apt-get install -y ${packages[*]} --no-install-recommends && rm -rf /var/lib/apt/lists/*" >> "$version/Dockerfile"