From cb9f693ca8cdfec381d8df356560c106eefb56c0 Mon Sep 17 00:00:00 2001
From: Jessica Frazelle <acidburn@docker.com>
Date: Mon, 8 Feb 2016 10:52:53 -0800
Subject: [PATCH] add validation for generating default secccomp profile

Signed-off-by: Jessica Frazelle <acidburn@docker.com>
Upstream-commit: 9bc771af9d09026111916191394eb2896608eb59
Component: engine
---
 components/engine/Makefile                    |  2 +-
 components/engine/hack/make.sh                |  1 +
 .../engine/hack/make/validate-default-seccomp | 27 +++++++++++++++++++
 .../engine/profiles/seccomp/generate.go       |  2 +-
 4 files changed, 30 insertions(+), 2 deletions(-)
 create mode 100644 components/engine/hack/make/validate-default-seccomp

diff --git a/components/engine/Makefile b/components/engine/Makefile
index 5200206924..ba45c4664e 100644
--- a/components/engine/Makefile
+++ b/components/engine/Makefile
@@ -116,4 +116,4 @@ test-unit: build
 	$(DOCKER_RUN_DOCKER) hack/make.sh test-unit
 
 validate: build
-	$(DOCKER_RUN_DOCKER) hack/make.sh validate-dco validate-gofmt validate-pkg validate-lint validate-test validate-toml validate-vet validate-vendor
+	$(DOCKER_RUN_DOCKER) hack/make.sh validate-dco validate-default-seccomp validate-gofmt validate-pkg validate-lint validate-test validate-toml validate-vet validate-vendor
diff --git a/components/engine/hack/make.sh b/components/engine/hack/make.sh
index b858799778..16b59c4584 100755
--- a/components/engine/hack/make.sh
+++ b/components/engine/hack/make.sh
@@ -56,6 +56,7 @@ echo
 # List of bundles to create when no argument is passed
 DEFAULT_BUNDLES=(
 	validate-dco
+	validate-default-seccomp
 	validate-gofmt
 	validate-lint
 	validate-pkg
diff --git a/components/engine/hack/make/validate-default-seccomp b/components/engine/hack/make/validate-default-seccomp
new file mode 100644
index 0000000000..4facec743d
--- /dev/null
+++ b/components/engine/hack/make/validate-default-seccomp
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+source "${MAKEDIR}/.validate"
+
+IFS=$'\n'
+files=( $(validate_diff --diff-filter=ACMR --name-only -- 'profiles/seccomp' || true) )
+unset IFS
+
+if [ ${#files[@]} -gt 0 ]; then
+	# We run vendor.sh to and see if we have a diff afterwards
+	go generate ./profiles/seccomp/ >/dev/null
+	# Let see if the working directory is clean
+	diffs="$(git status --porcelain -- profiles/seccomp 2>/dev/null)"
+	if [ "$diffs" ]; then
+		{
+			echo 'The result of go generate ./profiles/seccomp/ differs'
+			echo
+			echo "$diffs"
+			echo
+			echo 'Please re-run go generate ./profiles/seccomp/'
+			echo
+		} >&2
+		false
+	else
+		echo 'Congratulations! Seccomp profile generation is done correctly.'
+	fi
+fi
diff --git a/components/engine/profiles/seccomp/generate.go b/components/engine/profiles/seccomp/generate.go
index b522cf1f51..8654ec028a 100644
--- a/components/engine/profiles/seccomp/generate.go
+++ b/components/engine/profiles/seccomp/generate.go
@@ -29,7 +29,7 @@ func main() {
 		panic(err)
 	}
 
-	if err := ioutil.WriteFile(f, b, 0755); err != nil {
+	if err := ioutil.WriteFile(f, b, 0644); err != nil {
 		panic(err)
 	}
 }