docker/docker.changes

4228 lines
202 KiB
Plaintext
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

-------------------------------------------------------------------
Wed Dec 11 10:14:56 UTC 2024 - Aleksa Sarai <asarai@suse.com>
- Update docker-buildx to v0.19.2. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.19.2>.
Some notable changelogs from the last update:
* <https://github.com/docker/buildx/releases/tag/v0.19.0>
* <https://github.com/docker/buildx/releases/tag/v0.18.0>
- Update to Go 1.22.
-------------------------------------------------------------------
Wed Dec 11 05:39:42 UTC 2024 - Aleksa Sarai <asarai@suse.com>
- Add a new toggle file /etc/docker/suse-secrets-enable which allows users to
disable the SUSEConnect integration with Docker (which creates special mounts
in /run/secrets to allow container-suseconnect to authenticate containers
with registries on registered hosts). bsc#1231348 bsc#1232999
In order to disable these mounts, just do
echo 0 > /etc/docker/suse-secrets-enable
and restart Docker. In order to re-enable them, just do
echo 1 > /etc/docker/suse-secrets-enable
and restart Docker. Docker will output information on startup to tell you
whether the SUSE secrets feature is enabled or not.
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
-------------------------------------------------------------------
Wed Nov 27 12:10:42 UTC 2024 - Aleksa Sarai <asarai@suse.com>
- Disable docker-buildx builds for SLES. It turns out that build containers
with docker-buildx don't currently get the SUSE secrets mounts applied,
meaning that container-suseconnect doesn't work when building images.
bsc#1233819
-------------------------------------------------------------------
Wed Nov 20 05:34:38 UTC 2024 - Aleksa Sarai <asarai@suse.com>
- Add docker-integration-tests-devel subpackage for building and running the
upstream Docker integration tests on machines to test that Docker works
properly. Users should not install this package.
- docker-rpmlintrc updated to include allow-list for all of the integration
tests package, since it contains a bunch of stuff that wouldn't normally be
allowed.
-------------------------------------------------------------------
Tue Nov 12 06:34:28 UTC 2024 - Aleksa Sarai <asarai@suse.com>
- Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from
sysconfig a long time ago, and apparently this causes issues with systemd in
some cases.
-------------------------------------------------------------------
Wed Oct 16 22:24:52 UTC 2024 - Aleksa Sarai <asarai@suse.com>
- Further merge docker and docker-stable specfiles to minimise the differences.
The main thing is that we now include both halves of the
Conflicts/Provides/Obsoletes dance in both specfiles.
-------------------------------------------------------------------
Wed Oct 16 05:37:14 UTC 2024 - Aleksa Sarai <asarai@suse.com>
- Update to docker-buildx v0.17.1 to match standalone docker-buildx package we
are replacing. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.17.1>
-------------------------------------------------------------------
Wed Sep 18 13:47:45 UTC 2024 - Ana Guerrero <ana.guerrero@suse.com>
- Add %{_sysconfdir}/audit/rules.d to filelist.
-------------------------------------------------------------------
Sat Sep 7 06:07:50 UTC 2024 - Aleksa Sarai <asarai@suse.com>
- Mark docker-buildx as required since classic "docker build" has been
deprecated since Docker 23.0. bsc#1230331
- Import docker-buildx v0.16.2 as a subpackage. Previously this was a separate
package, but with docker-stable it will be necessary to maintain the packages
together and it makes more sense to have them live in the same OBS package.
bsc#1230333
- Make some minor name macro updates to help with the docker-stable package
fork.
-------------------------------------------------------------------
Wed Jul 31 05:28:09 UTC 2024 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 26.1.5-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2615>
bsc#1230294
- This update includes fixes for:
* CVE-2024-41110. bsc#1228324
* CVE-2023-47108. bsc#1217070
* CVE-2023-45142. bsc#1228553
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* 0006-bsc1221916-update-to-patched-buildkit-version-to-fix.patch
* 0007-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch
* cli-0001-docs-include-required-tools-in-source-tree.patch
-------------------------------------------------------------------
Wed Jul 31 04:58:15 UTC 2024 - Aleksa Sarai <asarai@suse.com>
[NOTE: This update was only ever released in SLES and Leap.]
- Update to Docker 25.0.6-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/25.0/#2506>
- This update includes fixes for:
* CVE-2024-41110. bsc#1228324
* CVE-2023-47108. bsc#1217070 bsc#1229806
* CVE-2023-45142. bsc#1228553 bsc#1229806
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* 0006-bsc1221916-update-to-patched-buildkit-version-to-fix.patch
* 0007-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch
-------------------------------------------------------------------
Mon Jun 24 08:15:24 UTC 2024 - Aleksa Sarai <asarai@suse.com>
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Fix BuildKit's symlink resolution logic to correctly handle non-lexical
symlinks. Backport of <https://github.com/moby/buildkit/pull/4896> and
<https://github.com/moby/buildkit/pull/5060>. bsc#1221916
+ 0006-bsc1221916-update-to-patched-buildkit-version-to-fix.patch
- Write volume options atomically so sudden system crashes won't result in
future Docker starts failing due to empty files. Backport of
<https://github.com/moby/moby/pull/48034>. bsc#1214855
+ 0007-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch
-------------------------------------------------------------------
Thu Jun 6 04:17:23 UTC 2024 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 26.1.4-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2614>
- Rebase patches:
* cli-0001-docs-include-required-tools-in-source-tree.patch
-------------------------------------------------------------------
Wed Apr 24 13:43:30 UTC 2024 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 26.1.0-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2610>
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* cli-0001-docs-include-required-tools-in-source-tree.patch
-------------------------------------------------------------------
Thu Apr 18 07:46:18 UTC 2024 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 26.0.1-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.0/#2601>
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* cli-0001-docs-include-required-tools-in-source-tree.patch
- Update --add-runtime to point to correct binary path.
-------------------------------------------------------------------
Mon Mar 25 12:34:56 UTC 2024 - Aleksa Sarai <asarai@suse.com>
[NOTE: This update was only ever released in SLES and Leap.]
- Update to Docker 25.0.5-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/25.0/#2505> bsc#1223409
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* cli-0001-docs-include-required-tools-in-source-tree.patch
- Remove upstreamed patches:
- 0007-daemon-overlay2-remove-world-writable-permission-fro.patch
- Update --add-runtime to point to correct binary path.
-------------------------------------------------------------------
Fri Mar 8 07:46:11 UTC 2024 - Dan Čermák <dcermak@suse.com>
[NOTE: This update was only ever released in SLES and Leap.]
- Add patch to fix bsc#1220339
* 0007-daemon-overlay2-remove-world-writable-permission-fro.patch
- rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* 0006-Vendor-in-latest-buildkit-v0.11-branch-including-CVE.patch
-------------------------------------------------------------------
Thu Feb 22 14:13:42 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
- Allow to disable apparmor support (ALP supports only SELinux)
-------------------------------------------------------------------
Wed Feb 17 12:56:22 UTC 2024 - Danish Prakash <danish.prakash@suse.com>
- Update to Docker 25.0.3-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/25.0/#2503>
- Fixes:
* bsc#1219267 - CVE-2024-23651
* bsc#1219268 - CVE-2024-23652
* bsc#1219438 - CVE-2024-23653
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* cli-0001-docs-include-required-tools-in-source-tree.patch
- Remove upstreamed patches:
- 0006-Vendor-in-latest-buildkit-v0.11-branch-including-CVE.patch
-------------------------------------------------------------------
Wed Feb 14 08:40:36 UTC 2024 - Dan Čermák <dcermak@suse.com>
- Vendor latest buildkit v0.11:
Add patch 0006-Vendor-in-latest-buildkit-v0.11-branch-including-CVE.patch that
vendors in the latest v0.11 buildkit branch including bugfixes for the following:
* bsc#1219438: CVE-2024-23653
* bsc#1219268: CVE-2024-23652
* bsc#1219267: CVE-2024-23651
- rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- switch from %patchN to %patch -PN syntax
- remove unused rpmlint filters and add filters to silence pointless bash & zsh
completion warnings
-------------------------------------------------------------------
Fri Oct 27 21:14:37 UTC 2023 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 24.0.7-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/24.0/#2407>. bsc#1217513
* Deny containers access to /sys/devices/virtual/powercap by default.
- CVE-2020-8694 bsc#1170415
- CVE-2020-8695 bsc#1170446
- CVE-2020-12912 bsc#1178760
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* cli-0001-docs-include-required-tools-in-source-tree.patch
-------------------------------------------------------------------
Wed Oct 11 10:32:43 UTC 2023 - Aleksa Sarai <asarai@suse.com>
- Add a patch to fix apparmor on SLE-12, reverting the upstream removal of
version-specific templating for the default apparmor profile. bsc#1213500
+ 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
-------------------------------------------------------------------
Thu Sep 14 01:46:30 UTC 2023 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 24.0.6-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/24.0/#2406>. bsc#1215323
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* cli-0001-docs-include-required-tools-in-source-tree.patch
- Switch from disabledrun to manualrun in _service.
- Add a docker.socket unit file, but with socket activation effectively
disabled to ensure that Docker will always run even if you start the socket
individually. Users should probably just ignore this unit file. bsc#1210141
-------------------------------------------------------------------
Tue Jul 25 19:40:25 UTC 2023 - Dirk Müller <dmueller@suse.com>
- Update to Docker 24.0.5-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/24.0/#2405>. bsc#1213229
-------------------------------------------------------------------
Fri Jul 7 21:29:05 UTC 2023 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 24.0.4-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/24.0/#2404>. bsc#1213500
-------------------------------------------------------------------
Fri Jul 7 02:35:02 UTC 2023 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 24.0.3-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/24.0/#2403>. bsc#1213120
- Rebase patches:
* cli-0001-docs-include-required-tools-in-source-tree.patch
-------------------------------------------------------------------
Thu Jun 29 10:07:13 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
- Recommend docker-rootless-extras instead of Require(ing) it, given
it's an additional functionality and not inherently required for
docker to function.
-------------------------------------------------------------------
Tue Jun 20 15:28:13 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
- Add docker-rootless-extras subpackage
(https://docs.docker.com/engine/security/rootless)
-------------------------------------------------------------------
Wed Jun 14 13:02:01 UTC 2023 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 24.0.2-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/24.0/#2402>. bsc#1212368
* Includes the upstreamed fix for the mount table pollution issue.
bsc#1210797
- Add Recommends for docker-buildx, and add /usr/lib/docker/cli-plugins as
being provided by this package.
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* cli-0001-docs-include-required-tools-in-source-tree.patch
-------------------------------------------------------------------
Sun May 21 02:31:35 UTC 2023 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 23.0.6-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/23.0/#2306>. bsc#1211578
- Rebase patches:
* cli-0001-docs-include-required-tools-in-source-tree.patch
- Re-unify packaging for SLE-12 and SLE-15.
- Add patch to fix build on SLE-12 by switching back to libbtrfs-devel headers
(the uapi headers in SLE-12 are too old).
+ 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
- Re-numbered patches:
- 0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
+ 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch`
-------------------------------------------------------------------
Thu Apr 27 14:09:05 UTC 2023 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 23.0.5-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/23.0/#2305>.
- Rebase patches:
* cli-0001-docs-include-required-tools-in-source-tree.patch
-------------------------------------------------------------------
Wed Apr 26 00:31:54 UTC 2023 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 23.0.4-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/23.0/#2304>. bsc#1208074
- Fixes:
* bsc#1214107 - CVE-2023-28840
* bsc#1214108 - CVE-2023-28841
* bsc#1214109 - CVE-2023-28842
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Renumbered patches:
- 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Remove upstreamed patches:
- 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
- 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
- 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
- Backport <https://github.com/docker/cli/pull/4228> to allow man pages to be
built without internet access in OBS.
+ cli-0001-docs-include-required-tools-in-source-tree.patch
-------------------------------------------------------------------
Wed Feb 1 14:33:19 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 20.10.23-ce.
* see upstream changelog at https://docs.docker.com/engine/release-notes/#201023
- drop kubic flavor as kubic is EOL. this removes:
kubelet.env docker-kubic-service.conf 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
-------------------------------------------------------------------
Tue Dec 6 11:49:32 UTC 2022 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 20.10.21-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#201021>. bsc#1206065
bsc#1205375 CVE-2022-36109
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
* 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
* 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
- The PRIVATE-REGISTRY patch will now output a warning if it is being used (in
preparation for removing the feature). This feature was never meant to be
used by users directly (and is only available in the -kubic/CaaSP version of
the package anyway) and thus should not affect any users.
-------------------------------------------------------------------
Mon Oct 24 09:45:20 UTC 2022 - Dan Čermák <dcermak@suse.com>
- Fix wrong After: in docker.service, fixes bsc#1188447
-------------------------------------------------------------------
Thu Sep 29 08:40:35 UTC 2022 - Aleksa Sarai <asarai@suse.com>
- Add apparmor-parser as a Recommends to make sure that most users will end up
with it installed even if they are primarily running SELinux.
-------------------------------------------------------------------
Thu Sep 29 07:27:03 UTC 2022 - Fabian Vogt <fvogt@suse.com>
- Fix syntax of boolean dependency
-------------------------------------------------------------------
Thu Jul 28 07:42:33 UTC 2022 - Frederic Crozat <fcrozat@suse.com>
- Allow to install container-selinux instead of apparmor-parser.
-------------------------------------------------------------------
Sun Jul 17 17:06:01 UTC 2022 - Callum Farmer <gmbr3@opensuse.org>
- Change to using systemd-sysusers
-------------------------------------------------------------------
Wed Jun 29 12:19:55 UTC 2022 - Aleksa Sarai <asarai@suse.com>
- Backport <https://github.com/containerd/fifo/pull/32> to fix a crash-on-start
issue with dockerd. bsc#1200022
+ 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
-------------------------------------------------------------------
Tue Jun 7 07:18:41 UTC 2022 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 20.10.17-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#201017>. bsc#1200145
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
* 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
-------------------------------------------------------------------
Fri Apr 29 02:51:43 UTC 2022 - Aleksa Sarai <asarai@suse.com>
- Add patch to update golang.org/x/crypto for CVE-2021-43565 and CVE-2022-27191.
bsc#1193930 bsc#1197284
* 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
-------------------------------------------------------------------
Thu Apr 14 04:09:58 UTC 2022 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 20.10.14-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#201014>. bsc#1197517
CVE-2022-24769
-------------------------------------------------------------------
Mon Jan 17 07:23:01 UTC 2022 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 20.10.12-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#201012>.
- Remove CHANGELOG.md. It hasn't been maintained since 2017, and all of the
changelogs are currently only available online.
-------------------------------------------------------------------
Thu Nov 18 08:35:37 UTC 2021 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 20.10.11-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#201011>. bsc#1192814
bsc#1193273 CVE-2021-41190
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
- Remove upstreamed patches:
- 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch
-------------------------------------------------------------------
Wed Oct 6 02:51:16 UTC 2021 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 20.10.9-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#20109>. bsc#1191355
CVE-2021-41089 bsc#1191015 CVE-2021-41091 bsc#1191434
CVE-2021-41092 bsc#1191334 CVE-2021-41103 bsc#1191121
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
* 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch
- Switch to Go 1.16.x compiler, in line with upstream.
-------------------------------------------------------------------
Mon Sep 20 23:59:05 UTC 2021 - Aleksa Sarai <asarai@suse.com>
- Add patch to return ENOSYS for clone3 to avoid breaking glibc again.
bsc#1190670
+ 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch
-------------------------------------------------------------------
Mon May 3 13:24:55 UTC 2021 - Aleksa Sarai <asarai@suse.com>
- Add shell requires for the *-completion subpackages.
-------------------------------------------------------------------
Thu Apr 15 05:23:20 UTC 2021 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 20.10.6-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#20106>. bsc#1184768
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Backport upstream fix <https://github.com/moby/moby/pull/42273> for btrfs
quotas being removed by Docker regularly. bsc#1183855 bsc#1175081
+ 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
-------------------------------------------------------------------
Wed Mar 3 00:49:58 UTC 2021 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 20.10.5-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#20105>. bsc#1182947
- Update runc dependency to 1.0.0~rc93.
- Remove upstreamed patches:
- cli-0001-Rename-bin-md2man-to-bin-go-md2man.patch
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Switch version to use -ce suffix rather than _ce to avoid confusing other
tools. boo#1182476
-------------------------------------------------------------------
Sun Feb 14 06:33:16 UTC 2021 - Aleksa Sarai <asarai@suse.com>
[NOTE: This update was only ever released in SLES and Leap.]
- It turns out the boo#1178801 libnetwork patch is also broken on Leap, so drop
the patch entirely. bsc#1180401 bsc#1182168
- boo1178801-0001-Add-docker-interfaces-to-firewalld-docker-zone.patch
-------------------------------------------------------------------
Wed Feb 10 07:40:36 UTC 2021 - Aleksa Sarai <asarai@suse.com>
- Fix incorrect cast in SUSE secrets patches causing warnings on SLES.
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
-------------------------------------------------------------------
Sat Feb 6 12:36:42 UTC 2021 - Aleksa Sarai <asarai@suse.com>
[NOTE: This update was only ever released in SLES and Leap.]
- Update Docker to 19.03.15-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. This update includes fixes for
bsc#1181732 (CVE-2021-21284) and bsc#1181730 (CVE-2021-21285).
- Rebase patches:
* bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
- Only apply the boo#1178801 libnetwork patch to handle firewalld on openSUSE.
It appears that SLES doesn't like the patch. bsc#1180401
-------------------------------------------------------------------
Tue Feb 2 13:06:17 UTC 2021 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 20.10.3-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. Fixes bsc#1181732
(CVE-2021-21284) and bsc#1181730 (CVE-2021-21285).
- Rebase patches on top of 20.10.3-ce.
- 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
+ 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
- 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
+ 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
- 0004-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
+ 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
- 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
+ 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
-------------------------------------------------------------------
Tue Feb 2 05:28:01 UTC 2021 - Aleksa Sarai <asarai@suse.com>
- Drop docker-runc, docker-test and docker-libnetwork packages. We now just use
the upstream runc package (it's stable enough and Docker no longer pins git
versions). docker-libnetwork is so unstable that it doesn't have any
versioning scheme and so it really doesn't make sense to maintain the project
as a separate package. bsc#1181641 bsc#1181677
- Remove no-longer-needed patch for packaging now that we've dropped
docker-runc and docker-libnetwork.
- 0001-PACKAGING-revert-Remove-docker-prefix-for-containerd.patch
-------------------------------------------------------------------
Fri Jan 29 22:55:48 UTC 2021 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 20.10.2-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1181594
- Remove upstreamed patches:
- bsc1122469-0001-apparmor-allow-readby-and-tracedby.patch
- boo1178801-0001-Add-docker-interfaces-to-firewalld-docker-zone.patch
- Add patches to fix build:
+ cli-0001-Rename-bin-md2man-to-bin-go-md2man.patch
- Since upstream has changed their source repo (again) we have to rebase all of
our patches. While doing this, I've collapsed all patches into one branch
per-release and thus all the patches are now just one series:
- packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
+ 0001-PACKAGING-revert-Remove-docker-prefix-for-containerd.patch
- secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
+ 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
- secrets-0002-SUSE-implement-SUSE-container-secrets.patch
+ 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
- private-registry-0001-Add-private-registry-mirror-support.patch
+ 0004-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
- bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
+ 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
-------------------------------------------------------------------
Fri Jan 29 11:54:53 UTC 2021 - Aleksa Sarai <asarai@suse.com>
- Re-apply secrets fix for bsc#1065609 which appears to have been lost after it
was fixed.
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
-------------------------------------------------------------------
Wed Dec 23 06:40:46 UTC 2020 - Aleksa Sarai <asarai@suse.com>
- Add Conflicts and Provides for kubic flavour of docker-fish-completion.
-------------------------------------------------------------------
Mon Dec 21 07:06:53 UTC 2020 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 19.03.14-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. CVE-2020-15257 bsc#1180243
https://github.com/docker/docker-ce/releases/tag/v19.03.14
-------------------------------------------------------------------
Mon Dec 14 13:45:56 UTC 2020 - Robert Munteanu <rombert@apache.org>
- Enable fish-completion
-------------------------------------------------------------------
Thu Nov 12 18:36:26 UTC 2020 - Michał Rostecki <mrostecki@suse.com>
- Add a patch which makes Docker compatible with firewalld with
nftables backend. Backport of https://github.com/moby/libnetwork/pull/2548
(boo#1178801, SLE-16460)
* boo1178801-0001-Add-docker-interfaces-to-firewalld-docker-zone.patch
-------------------------------------------------------------------
Fri Sep 18 08:20:04 UTC 2020 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 19.03.13-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1176708
-------------------------------------------------------------------
Mon Aug 3 16:58:07 UTC 2020 - Callum Farmer <callumjfarmer13@gmail.com>
- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)
-------------------------------------------------------------------
Tue Jun 30 23:00:00 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
- Emergency fix: %requires_eq does not work with provide symbols,
only effective package names. Convert back to regular Requires.
-------------------------------------------------------------------
Thu Jun 25 21:54:46 UTC 2020 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 19.03.12-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md.
- Use Go 1.13 instead of Go 1.14 because Go 1.14 can cause all sorts of
spurrious errors due to Go returning -EINTR from I/O syscalls much more often
(due to Go 1.14's pre-emptive goroutine support).
- bsc1172377-0001-unexport-testcase.Cleanup-to-fix-Go-1.14.patch
- Add BuildRequires for all -git dependencies so that we catch missing
dependencies much more quickly.
-------------------------------------------------------------------
Tue Jun 2 08:37:06 UTC 2020 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 19.03.11-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1172377 CVE-2020-13401
- Backport https://github.com/gotestyourself/gotest.tools/pull/169 so that we
can build Docker with Go 1.14 (upstream uses Go 1.13).
+ bsc1172377-0001-unexport-testcase.Cleanup-to-fix-Go-1.14.patch
-------------------------------------------------------------------
Thu Dec 19 15:42:26 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>
- BuildRequire pkgconfig(libsystemd) instead of systemd-devel:
Allow OBS to shortcut through the -mini flavors.
-------------------------------------------------------------------
Thu Dec 12 13:27:21 UTC 2019 - Aleksa Sarai <asarai@suse.com>
- Add backport of https://github.com/docker/docker/pull/39121. bsc#1122469
+ bsc1122469-0001-apparmor-allow-readby-and-tracedby.patch
-------------------------------------------------------------------
Wed Dec 11 23:55:40 UTC 2019 - Aleksa Sarai <asarai@suse.com>
- Support older SLE systems which don't have "usermod -w -v".
-------------------------------------------------------------------
Mon Nov 18 04:46:31 UTC 2019 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 19.03.5-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1158590 bsc#1157330
-------------------------------------------------------------------
Sat Oct 19 11:21:03 UTC 2019 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 19.03.4-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md.
-------------------------------------------------------------------
Tue Oct 8 21:47:56 UTC 2019 - Aleksa Sarai <asarai@suse.com>
- Drop containerd.service workaround (we've released enough versions without
containerd.service -- there's no need to support package upgrades that old).
- Update to Docker 19.03.3-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1153367
-------------------------------------------------------------------
Tue Oct 1 23:54:25 UTC 2019 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 19.03.2-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1150397
-------------------------------------------------------------------
Sun Sep 22 17:41:56 UTC 2019 - Chris Coutinho <chrisbcoutinho@gmail.com>
- Fix zsh-completion (docker -> _docker)
-------------------------------------------------------------------
Tue Jul 30 05:14:44 UTC 2019 - Aleksa Sarai <asarai@suse.com>
- Fix default installation such that --userns-remap=default works properly
(this appears to be an upstream regression, where --userns-remap=default
doesn't auto-create the group and results in an error on-start). boo#1143349
-------------------------------------------------------------------
Fri Jul 26 12:49:18 UTC 2019 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 19.03.1-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. CVE-2019-14271
-------------------------------------------------------------------
Mon Jul 22 22:13:30 UTC 2019 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 19.03.0-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1142413
- Remove upstreamed patches:
- bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch
- bsc1001161-0002-cli-add-a-separate-domainname-flag.patch
- bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
- bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch
- Rebase pacthes:
* bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
* packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
* private-registry-0001-Add-private-registry-mirror-support.patch
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
-------------------------------------------------------------------
Wed Jul 17 23:15:33 UTC 2019 - Aleksa Sarai <asarai@suse.com>
- Move bash-completion to correct location.
- Update to Docker 18.09.8-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md.
* Includes fixes for CVE-2019-13509 bsc#1142160.
-------------------------------------------------------------------
Fri Jun 28 01:21:19 UTC 2019 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 18.09.7-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1139649
- Remove upstreamed patches:
- CVE-2018-15664.patch
-------------------------------------------------------------------
Thu Jun 27 07:12:57 UTC 2019 - Aleksa Sarai <asarai@suse.com>
- Use %config(noreplace) for /etc/docker/daemon.json. bsc#1138920
-------------------------------------------------------------------
Fri Jun 7 08:36:17 UTC 2019 - Aleksa Sarai <asarai@suse.com>
- Add patch for CVE-2018-15664. bsc#1096726
+ CVE-2018-15664.patch
-------------------------------------------------------------------
Mon May 6 18:25:14 UTC 2019 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 18.09.6-ce see upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md.
- Rebase patches:
* bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch
-------------------------------------------------------------------
Fri May 3 14:02:46 UTC 2019 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 18.09.5-ce see upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1128376 boo#1134068
- Rebase patches:
* bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch
* bsc1001161-0002-cli-add-a-separate-domainname-flag.patch
* bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
* bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch
* packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
* private-registry-0001-Add-private-registry-mirror-support.patch
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Updated patch name:
+ bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
- bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch
-------------------------------------------------------------------
Fri Mar 22 09:19:28 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
- Update to Docker 18.09.3-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md.
-------------------------------------------------------------------
Sun Mar 10 21:12:09 UTC 2019 - Aleksa Sarai <asarai@suse.com>
- docker-test: improvements to test packaging (we don't need to ship around the
entire source tree, and we also need to build the born-again integration/
tests which contain a suite-per-directory). We also need a new patch which
fixes the handling of *-test images. bsc#1128746
+ bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch
-------------------------------------------------------------------
Tue Feb 26 09:39:57 UTC 2019 - Michal Jura <mjura@suse.com>
- Move daemon.json file to /etc/docker directory, bsc#1114832
-------------------------------------------------------------------
Sat Feb 9 13:54:03 UTC 2019 - Aleksa Sarai <asarai@suse.com>
- Update shell completion to use Group: System/Shells.
-------------------------------------------------------------------
Wed Feb 6 14:37:43 UTC 2019 - Michal Jura <mjura@suse.com>
- Add daemon.json file with rotation logs cofiguration, bsc#1114832
-------------------------------------------------------------------
Tue Feb 5 11:24:02 UTC 2019 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 18.09.1-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1124308
* Includes fix for CVE-2018-10892 bsc#1100331.
* Includes fix for CVE-2018-20699 bsc#1121768.
- Remove upstreamed patches.
- bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
-------------------------------------------------------------------
Fri Jan 11 09:57:32 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
- Disable leap based builds for kubic flavor. bsc#1121412
-------------------------------------------------------------------
Wed Dec 19 19:28:47 UTC 2018 - clee@suse.com
- Update go requirements to >= go1.10.6 to fix
* bsc#1118897 CVE-2018-16873
go#29230 cmd/go: remote command execution during "go get -u"
* bsc#1118898 CVE-2018-16874
go#29231 cmd/go: directory traversal in "go get" via curly braces in import paths
* bsc#1118899 CVE-2018-16875
go#29233 crypto/x509: CPU denial of service
-------------------------------------------------------------------
Tue Dec 18 10:10:06 UTC 2018 - Aleksa Sarai <asarai@suse.com>
- Handle build breakage due to missing 'export GOPATH' (caused by resolution of
boo#1119634). I believe Docker is one of the only packages with this problem.
-------------------------------------------------------------------
Mon Dec 3 16:14:22 UTC 2018 - Aleksa Sarai <asarai@suse.com>
- Add backports of https://github.com/docker/docker/pull/37302 and
https://github.com/docker/cli/pull/1130, which allow for users to explicitly
specify the NIS domainname of a container. bsc#1001161
+ bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch
+ bsc1001161-0002-cli-add-a-separate-domainname-flag.patch
-------------------------------------------------------------------
Thu Nov 29 09:41:11 UTC 2018 - Aleksa Sarai <asarai@suse.com>
- Update docker.service to match upstream and avoid rlimit problems.
bsc#1112980
- Upgrade to Docker 18.09.0-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. boo#1115464 bsc#1118990
- Add revert of an upstream patch to fix docker-* handling.
+ packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
- Rebase patches:
* bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
* bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
* bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch
* private-registry-0001-Add-private-registry-mirror-support.patch
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Remove upstreamed patches:
- bsc1100727-0001-build-add-buildmode-pie.patch
-------------------------------------------------------------------
Mon Oct 8 06:41:21 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
- Reduce the disk footprint by recommending git-core instead of
hard requiring it.
bsc#1108038
-------------------------------------------------------------------
Tue Sep 4 08:32:43 UTC 2018 - rbrown@suse.com
- ExcludeArch i586 for entire docker-kubic flavour
-------------------------------------------------------------------
Tue Sep 4 07:32:47 UTC 2018 - rbrown@suse.com
- ExcludeArch i586 for docker-kubic-kubeadm-criconfig subpackage
-------------------------------------------------------------------
Fri Aug 24 08:17:41 UTC 2018 - asarai@suse.com
- Add patch to make package reproducible, which is a backport of
https://github.com/docker/cli/pull/1306. boo#1047218
+ bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
-------------------------------------------------------------------
Wed Aug 22 09:54:57 UTC 2018 - asarai@suse.com
- Upgrade to docker-ce v18.06.1-ce. bsc#1102522 bsc#1113313
Upstream changelog:
https://github.com/docker/docker-ce/releases/tag/v18.06.1-ce
- Remove patches that were merged upstream:
- bsc1102522-0001-18.06-disable-containerd-CRI-plugin.patch
-------------------------------------------------------------------
Tue Aug 21 09:50:01 UTC 2018 - asarai@suse.com
- Add a backport of https://github.com/docker/engine/pull/29 for the 18.06.0-ce
upgrade. This is a potential security issue (the CRI plugin was enabled by
default, which listens on a TCP port bound to 0.0.0.0) that will be fixed
upstream in the 18.06.1-ce upgrade. bsc#1102522
+ bsc1102522-0001-18.06-disable-containerd-CRI-plugin.patch
-------------------------------------------------------------------
Tue Aug 21 09:39:57 UTC 2018 - rbrown@suse.com
- Kubic: Make crio default, docker as alternative runtime
(boo#1104821)
- Provide kubernetes CRI config with docker-kubic-kubeadm-criconfig
subpackage
-------------------------------------------------------------------
Thu Aug 16 02:00:31 UTC 2018 - asarai@suse.com
- Merge -kubic packages back into the main Virtualization:containers packages.
This is done using _multibuild to add a "kubic" flavour, which is then used
to conditionally compile patches and other kubic-specific features.
bsc#1105000
- Rework docker-rpmlintrc with the new _multibuild setup.
-------------------------------------------------------------------
Wed Aug 1 09:40:59 UTC 2018 - asarai@suse.com
- Enable seccomp support on SLE12, since libseccomp is now a new enough vintage
to work with Docker and containerd. fate#325877
-------------------------------------------------------------------
Tue Jul 31 09:48:16 UTC 2018 - asarai@suse.com
- Upgrade to docker-ce v18.06.0-ce. bsc#1102522
- Remove systemd-service dependency on containerd, which is now being started
by dockerd to align with upstream defaults.
- Removed the following patches as they are merged upstream:
- bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch
- bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch
- Rebased the following patches:
* bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
* bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch
* bsc1100727-0001-build-add-buildmode-pie.patch
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
-------------------------------------------------------------------
Mon Jul 30 09:44:47 UTC 2018 - asarai@suse.com
- Build the client binary with -buildmode=pie to fix issues on POWER.
bsc#1100727
+ bsc1100727-0001-build-add-buildmode-pie.patch
-------------------------------------------------------------------
Fri Jun 29 08:35:56 UTC 2018 - asarai@suse.com
- Update the AppArmor patchset again to fix a separate issue where changed
AppArmor profiles don't actually get applied on Docker daemon reboot.
bsc#1099277
* bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
+ bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch
-------------------------------------------------------------------
Tue Jun 5 11:24:35 UTC 2018 - asarai@suse.com
- Update to AppArmor patch so that signal mediation also works for signals
between in-container processes. bsc#1073877
* bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
-------------------------------------------------------------------
Tue Jun 5 08:41:07 UTC 2018 - dcassany@suse.com
- Make use of %license macro
-------------------------------------------------------------------
Tue Jun 5 06:38:40 UTC 2018 - asarai@suse.com
- Remove 'go test' from %check section, as it has only ever caused us problems
and hasn't (as far as I remember) ever caught a release-blocking issue. Smoke
testing has been far more useful. boo#1095817
-------------------------------------------------------------------
Tue May 29 08:10:48 UTC 2018 - asarai@suse.com
- Update secrets patch to not log incorrect warnings when attempting to inject
non-existent host files. bsc#1065609
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
-------------------------------------------------------------------
Wed May 16 10:12:56 UTC 2018 - jmassaguerpla@suse.com
- Review Obsoletes to fix bsc#1080978
-------------------------------------------------------------------
Thu Apr 12 12:49:25 UTC 2018 - fcastelli@suse.com
- Put docker under the podruntime slice. This the recommended
deployment to allow fine resource control on Kubernetes.
bsc#1086185
-------------------------------------------------------------------
Tue Apr 10 09:25:43 UTC 2018 - mmeister@suse.com
- Add patch to handle AppArmor changes that make 'docker kill' stop working.
bsc#1073877 boo#1089732
+ bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
-------------------------------------------------------------------
Fri Apr 6 04:21:28 UTC 2018 - asarai@suse.com
- Fix manpage generation breaking ppc64le builds due to a missing
-buildemode=pie.
-------------------------------------------------------------------
Wed Apr 4 12:27:29 UTC 2018 - vrothberg@suse.com
- Compile and install all manpages.
bsc#1085117
-------------------------------------------------------------------
Tue Mar 27 10:13:41 UTC 2018 - asarai@suse.com
- Add requirement for catatonit, which provides a docker-init implementation.
fate#324652 bsc#1085380
-------------------------------------------------------------------
Thu Mar 8 13:14:54 UTC 2018 - vrothberg@suse.com
- Fix private-registry-0001-Add-private-registry-mirror-support.patch to
deal corretly with TLS configs of 3rd party registries.
fix bsc#1084533
-------------------------------------------------------------------
Tue Feb 13 10:45:58 UTC 2018 - asarai@suse.com
- Update patches to be sourced from https://github.com/suse/docker-ce (which
are based on the upstream docker/docker-ce repo). The reason for this change
(though it is functionally identical to the old patches) is so that public
patch maintenance is much simpler.
* bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch
* bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch
* private-registry-0001-Add-private-registry-mirror-support.patch
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
-------------------------------------------------------------------
Mon Feb 12 10:52:33 UTC 2018 - rbrown@suse.com
- Add ${version} to equivalent non-kubic package provides
-------------------------------------------------------------------
Thu Feb 8 12:34:51 UTC 2018 - rbrown@suse.com
- Add Provides for equivalent non-kubic packages
-------------------------------------------------------------------
Tue Jan 30 12:27:44 UTC 2018 - vrothberg@suse.com
- Disable all tests for docker/client and docker/pkg/discovery. The unit tests
of those packages broke reproducibly the builds in IBS.
-------------------------------------------------------------------
Mon Jan 29 14:39:02 UTC 2018 - vrothberg@suse.com
- Disable flaky tests github.com/docker/docker/pkg/discovery/kv.
-------------------------------------------------------------------
Fri Jan 26 07:15:53 UTC 2018 - vrothberg@suse.com
- Add patch to support mirroring of private/non-upstream registries. As soon as
the upstream PR (https://github.com/moby/moby/pull/34319) is merged, this
patch will be replaced by the backported one from upstream.
+ private-registry-0001-Add-private-registry-mirror-support.patch
fix bsc#1074971
-------------------------------------------------------------------
Fri Jan 19 14:12:32 UTC 2018 - asarai@suse.com
- Add Obsoletes: docker-image-migrator, as the tool is no longer needed and
we've pretty much removed it from everywhere except the containers module.
bsc#1069758
-------------------------------------------------------------------
Fri Jan 19 07:48:10 UTC 2018 - vrothberg@suse.com
- Remove requirement on bridge-utils, which has been replaced by libnetwork in
Docker. bsc#1072798
-------------------------------------------------------------------
Mon Dec 18 12:32:35 UTC 2017 - asarai@suse.com
- Update to Docker v17.09.1_ce (bsc#1069758). Upstream changelog:
https://github.com/docker/docker-ce/releases/tag/v17.09.1-ce
- Removed patches (merged upstream):
- bsc1045628-0001-devicemapper-remove-container-rootfs-mountPath-after.patch
- bsc1066210-0001-vendor-update-to-github.com-vbatts-tar-split-v0.10.2.patch
- bsc1066801-0001-oci-add-proc-scsi-to-masked-paths.patch
-------------------------------------------------------------------
Mon Dec 18 12:32:35 UTC 2017 - asarai@suse.com
- Update to Docker v17.09.0_ce. Upstream changelog:
https://github.com/docker/docker-ce/releases/tag/v17.09.0-ce
- Rebased patches:
* bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch
* bsc1045628-0001-devicemapper-remove-container-rootfs-mountPath-after.patch
* bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Removed patches (merged upstream):
- bsc1064781-0001-Allow-to-override-build-date.patch
-------------------------------------------------------------------
Tue Dec 5 10:58:07 UTC 2017 - asarai@suse.com
- Add a patch to dynamically probe whether libdevmapper supports
dm_task_deferred_remove. This is necessary because we build the containers
module on a SLE12 base, but later SLE versions have libdevmapper support.
This should not affect openSUSE, as all openSUSE versions have a new enough
libdevmapper. Backport of https://github.com/moby/moby/pull/35518.
bsc#1021227 bsc#1029320 bsc#1058173
+ bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch
-------------------------------------------------------------------
Mon Dec 4 12:22:29 UTC 2017 - asarai@suse.com
- Fix up the ordering of tests in docker.spec. This is to keep things easier to
backport into the SLE package.
-------------------------------------------------------------------
Thu Nov 30 10:15:20 UTC 2017 - asarai@suse.com
- Include secrets fix to handle "old" containers that have orphaned secret
data. It's not clear why Docker caches these secrets, but fix the problem by
trashing the references manually. bsc#1057743
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
-------------------------------------------------------------------
Thu Nov 23 13:48:08 UTC 2017 - rbrown@suse.com
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
-------------------------------------------------------------------
Tue Nov 14 22:39:56 UTC 2017 - asarai@suse.com
- Remove migration code for the v1.9.x -> v1.10.x migration. This has been
around for a while, and we no longer support migrating from such an old
version "nicely". Docker still has migration code that will run on
first-boot, we are merely removing all of the "nice" warnings which tell
users how to avoid issues during an upgrade that ocurred more than a year
ago.
- Drop un-needed files:
- docker-plugin-message.txt
- docker-update-message.txt
-------------------------------------------------------------------
Tue Nov 7 16:47:01 UTC 2017 - asarai@suse.com
- Add a backport of https://github.com/moby/moby/pull/35424, which fixes a
security issue where a maliciously crafted image could be used to crash a
Docker daemon. bsc#1066210 CVE-2017-14992
+ bsc1066210-0001-vendor-update-to-github.com-vbatts-tar-split-v0.10.2.patch
-------------------------------------------------------------------
Tue Nov 7 09:00:31 UTC 2017 - asarai@suse.com
- Add a backport of https://github.com/moby/moby/pull/35399, which fixes a
security issue where a Docker container (with a disabled AppArmor profile)
could write to /proc/scsi/... and subsequently DoS the host. bsc#1066801
CVE-2017-16539
+ bsc1066801-0001-oci-add-proc-scsi-to-masked-paths.patch
-------------------------------------------------------------------
Tue Oct 24 06:50:29 UTC 2017 - asarai@suse.com
- Correctly set `docker version` information, including the version, git
commit, and SOURCE_DATE_EPOCH (requires a backport). This should
*effectively* make Docker builds reproducible, with minimal cost. boo#1064781
+ bsc1064781-0001-Allow-to-override-build-date.patch
-------------------------------------------------------------------
Mon Oct 16 11:06:22 UTC 2017 - asarai@suse.com
- Add backport of https://github.com/moby/moby/pull/35205. This used to be
fixed in docker-runc, but we're moving it here after upstream discussion.
bsc#1055676
+ bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch
-------------------------------------------------------------------
Mon Oct 9 11:36:59 UTC 2017 - asarai@suse.com
- Update to Docker v17.07.0_ce. Upstream changelog:
https://github.com/docker/docker-ce/releases/tag/v17.06.0-ce
https://github.com/docker/docker-ce/releases/tag/v17.07.0-ce
- Removed no-longer needed patches.
- bsc1037436-0001-client-check-tty-before-creating-exec-job.patch
- bsc1037607-0001-apparmor-make-pkg-aaparser-work-on-read-only-root.patch
- integration-cli-fix-TestInfoEnsureSucceeds.patch
- Added backport of https://github.com/moby/moby/pull/34573. bsc#1045628
+ bsc1045628-0001-devicemapper-remove-container-rootfs-mountPath-after.patch
- Rewrite secrets patches to correctly handle directories in a way that doesn't
cause errors when starting new containers.
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
-------------------------------------------------------------------
Mon Oct 2 08:12:17 UTC 2017 - vrothberg@suse.com
- Fix bsc#1059011
The systemd service helper script used a timeout of 60 seconds to
start the daemon, which is insufficient in cases where the daemon
takes longer to start. Instead, set the service type from 'simple' to
'notify' and remove the now superfluous helper script.
-------------------------------------------------------------------
Wed Sep 27 15:04:19 UTC 2017 - jmassaguerpla@suse.com
- fix bsc#1057743: Add a Requires: fix_bsc_1057743 which is provided by the
newer version of docker-libnetwork. This is necessary because of a versioning
bug we found in bsc#1057743.
-------------------------------------------------------------------
Fri Sep 15 15:32:49 UTC 2017 - jmassaguerpla@suse.com
- fix /var/adm/update-message/docker file name to be
/var/adm/update-message/docker-%{version}-%{release}
-------------------------------------------------------------------
Wed Sep 6 11:42:31 UTC 2017 - asarai@suse.com
- devicemapper: add patch to make the dm storage driver remove a container's
rootfs mountpoint before attempting to do libdm operations on it. This helps
avoid complications when live mounts will leak into containers. Backport of
https://github.com/moby/moby/pull/34573. bsc#1045628
+ bsc1045628-0001-devicemapper-remove-container-rootfs-mountPath-after.patch
-------------------------------------------------------------------
Wed Aug 30 14:58:52 UTC 2017 - asarai@suse.com
- Fix a regression in our SUSE secrets patches, which caused the copied files
to not carry the correct {uid,gid} mapping when using user namespaces. This
would not cause any bugs (SUSEConnect does the right thing anyway) but it's
possible some programs would not treat the files correctly. This is
tangentially related to bsc#1055676.
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
-------------------------------------------------------------------
Wed Aug 2 13:37:16 UTC 2017 - asarai@suse.com
- Use -buildmode=pie for tests and binary build. bsc#1048046 bsc#1051429
-------------------------------------------------------------------
Wed Jul 19 18:12:26 UTC 2017 - jmassaguerpla@suse.com
- enable deferred removal for sle12sp2 and newer (and openSUSE
equivalent. fix bsc#1021227
-------------------------------------------------------------------
Wed Jul 19 17:17:04 UTC 2017 - jmassaguerpla@suse.com
- enable libseccomp on sle12sp2 and newer, 42.2 and newer
fix bsc#1028638 - docker: conditional filtering not supported on
libseccomp for sle12
-------------------------------------------------------------------
Tue Jul 11 10:50:12 UTC 2017 - jmassaguerpla@suse.com
- add SuSEfirewall2.service to the After clause in docker.service
in order to fix bsc#1046024
-------------------------------------------------------------------
Fri Jul 7 14:53:59 UTC 2017 - thipp@suse.de
- fix path to docker-runc in systemd service file
-------------------------------------------------------------------
Thu Jul 6 14:18:29 UTC 2017 - thipp@suse.de
- change dependency to docker-runc
-------------------------------------------------------------------
Mon Jun 19 10:54:36 UTC 2017 - jmassaguerpla@suse.com
- Fix bsc#1029630: docker does not wait for lvm on system startup
I added "lvm2-monitor.service" as an "After dependency" of the docker systemd
unit.
-------------------------------------------------------------------
Tue May 30 11:29:45 UTC 2017 - jmassaguerpla@suse.com
- Fix bsc#1032287: missing docker systemd configuration
-------------------------------------------------------------------
Mon May 29 11:08:44 UTC 2017 - asarai@suse.com
- Update SUSE secrets patch to correctly handle restarting of containers.
+ secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
+ secrets-0002-SUSE-implement-SUSE-container-secrets.patch
-------------------------------------------------------------------
Wed May 17 14:41:29 UTC 2017 - asarai@suse.com
- Fix bsc#1037607 which was causing read-only issues on Kubic, this is a
backport of https://github.com/moby/moby/pull/33250.
+ bsc1037607-0001-apparmor-make-pkg-aaparser-work-on-read-only-root.patch
-------------------------------------------------------------------
Thu May 11 07:36:32 UTC 2017 - tchvatal@suse.com
- Fix bsc#1038476 warning about non-executable docker
* Simply verify we have binary prior using it, might happen if
someone had docker installed and then did remove it and install
from scratch again
-------------------------------------------------------------------
Wed May 10 13:54:44 UTC 2017 - asarai@suse.com
- Add a partial fix for boo#1038493.
- Fixed bsc#1037436 where execids were being leaked due to bad error handling.
This is a backport of https://github.com/docker/cli/pull/52.
+ bsc1037436-0001-client-check-tty-before-creating-exec-job.patch
-------------------------------------------------------------------
Thu May 4 19:03:40 UTC 2017 - jmassaguerpla@suse.com
- Fix golang requirements in the subpackages
-------------------------------------------------------------------
Mon May 1 07:57:35 UTC 2017 - fcastelli@suse.com
- Update golang build requirements to use golang(API) symbol: this is
needed to solve a conflict between multiple versions of Go being available
-------------------------------------------------------------------
Tue Apr 18 15:38:11 UTC 2017 - jmassaguerpla@suse.com
- Fix secrets-0002-SUSE-implement-SUSE-container-secrets.patch:
substitute docker/distribution/digest by opencontainers/digest
-------------------------------------------------------------------
Thu Apr 13 14:34:35 UTC 2017 - jmassaguerpla@suse.com
- Update to version 17.04.0-ce (fix bsc#1034053 )
- Patches removed because have been merged into this version:
* pr31549-cmd-docker-fix-TestDaemonCommand.patch
* pr31773-daemon-also-ensureDefaultApparmorProfile-in-exec-pat.patch
- Patches rebased:
* integration-cli-fix-TestInfoEnsureSucceeds.patch
- Build man pages for all archs (bsc#953182)
- Containers cannot resolve DNS if docker host uses 127.0.0.1 as resolver (bsc#1034063)
see /usr/share/doc/packages/docker/CHANGELOG.md
-------------------------------------------------------------------
Wed Apr 12 09:54:18 UTC 2017 - jmassaguerpla@suse.com
- Make sure this is being built with go 1.7
-------------------------------------------------------------------
Wed Apr 12 09:14:35 UTC 2017 - jmassaguerpla@suse.com
- remove the go_arches macro because we are using go1.7 which
is available in all archs
- remove gcc specific patches
* gcc-go-patches.patch
* netlink_netns_powerpc.patch
* boltdb_bolt_add_brokenUnaligned.patch
-------------------------------------------------------------------
Wed Apr 12 07:58:08 UTC 2017 - asarai@suse.com
- Enable Delegate=yes, since systemd will safely ignore lvalues it doesn't
understand.
-------------------------------------------------------------------
Tue Apr 11 11:49:05 UTC 2017 - asarai@suse.com
- Update SUSE secrets patch to handle boo#1030702.
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
-------------------------------------------------------------------
Tue Apr 11 08:28:33 UTC 2017 - mmeister@suse.com
- Fix (bsc#1032644)
Change lvm2 from Requires to Recommends
Docker usually uses a default storage driver, when it's not configured
explicitly. This default driver then depends on the underlying
system and gets chosen during installation.
-------------------------------------------------------------------
Mon Mar 20 08:12:01 UTC 2017 - jmassaguerpla@suse.com
- Disable libseccomp for leap 42.1, sle12sp1 and sle12, because
docker needs a higher version. Otherwise, we get the error
"conditional filtering requires libseccomp version >= 2.2.1
(bsc#1028639 and bsc#1028638)
-------------------------------------------------------------------
Fri Mar 17 11:08:03 UTC 2017 - asarai@suse.com
- Add a backport of fix to AppArmor lazy loading docker-exec case.
https://github.com/docker/docker/pull/31773
+ pr31773-daemon-also-ensureDefaultApparmorProfile-in-exec-pat.patch
-------------------------------------------------------------------
Wed Mar 8 00:48:46 UTC 2017 - asarai@suse.com
- Clean up docker-mount-secrets.patch to use the new swarm secrets internals of
Docker 1.13.0, which removes the need to implement any secret handling
ourselves. This resulted in a split up of the patch.
- docker-mount-secrets.patch
+ secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
+ secrets-0002-SUSE-implement-SUSE-container-secrets.patch
-------------------------------------------------------------------
Mon Mar 6 15:31:02 UTC 2017 - jmassaguerpla@suse.com
- Remove old plugins.json to prevent docker-1.13 to fail to start
-------------------------------------------------------------------
Mon Mar 6 12:52:14 UTC 2017 - jmassaguerpla@suse.com
- Fix bsc#1026827: systemd TasksMax default throttles docker
-------------------------------------------------------------------
Mon Mar 6 10:09:14 UTC 2017 - jmassaguerpla@suse.com
- Fix post section by adding shadow as a package requirement
Otherwise the groupadd instruction fails
-------------------------------------------------------------------
Sun Mar 5 04:54:52 UTC 2017 - asarai@suse.com
- Add patch to fix TestDaemonCommand failure in %check. This is an upstream
bug, and has an upstream PR to fix it https://github.com/docker/docker/pull/31549.
+ pr31549-cmd-docker-fix-TestDaemonCommand.patch
-------------------------------------------------------------------
Wed Feb 1 15:59:40 UTC 2017 - jmassaguerpla@suse.com
- update docker to 1.13.0
see details in https://github.com/docker/docker/releases/tag/v1.13.0
- use the same buildflags for building docker and for building the
tests.
- enable pkcs11:
https://github.com/docker/docker/commit/37fa75b3447007bb8ea311f02610bb383b0db77f
-------------------------------------------------------------------
Fri Jan 27 12:30:18 UTC 2017 - bg@suse.com
- enable architecture s390x for openSUSE
-------------------------------------------------------------------
Thu Jan 26 15:43:38 UTC 2017 - jmassaguerpla@suse.com
- provide the oci runtime so that containers which were using an old
runtime option, when started on the new docker version, the runtime
is changed to the new one. fix bsc#1020806 bsc#1016992
-------------------------------------------------------------------
Fri Jan 13 13:56:15 UTC 2017 - jmassaguerpla@suse.com
- fix CVE-2016-9962 bsc#1012568 . Fix it by updating to 1.12.6
plus an extra commit to fix liverestore:
https://github.com/docker/docker/commit/97cd32a6a9076306baa637a29bba84c3f1f3d218
-------------------------------------------------------------------
Wed Jan 11 12:47:16 UTC 2017 - jmassaguerpla@suse.com
- add "a wait" when starting docker service to fix
bsc#1019251
-------------------------------------------------------------------
Tue Dec 20 12:41:33 UTC 2016 - normand@linux.vnet.ibm.com
- remove netlink_gcc_go.patch after integration of PR
https://github.com/golang/go/issues/11707
- new boltdb_bolt_add_brokenUnaligned.patch for ppc64
waiting for https://github.com/boltdb/bolt/pull/635
-------------------------------------------------------------------
Tue Dec 20 05:08:54 UTC 2016 - asarai@suse.com
- Remove old flags from dockerd's command-line, to be more inline with
upstream (now that docker-runc is provided by the runc package). -H is
dropped because upstream dropped it due to concerns with socket
activation.
- Remove socket activation entirely.
-------------------------------------------------------------------
Mon Dec 19 12:41:13 UTC 2016 - jmassaguerpla@suse.com
- update docker to 1.12.5 (bsc#1016307).
This fixes bsc#1015661
-------------------------------------------------------------------
Mon Dec 5 14:52:02 UTC 2016 - jmassaguerpla@suse.com
- fix bash-completion
-------------------------------------------------------------------
Tue Nov 29 21:57:08 UTC 2016 - jimmy@boombatower.com
- Add packageand(docker:bash) to bash-completion to match zsh-completion.
-------------------------------------------------------------------
Thu Nov 24 16:09:52 UTC 2016 - jmassaguerpla@suse.com
- fix runc and containerd revisions
fix bsc#1009961
-------------------------------------------------------------------
Thu Oct 27 11:13:56 UTC 2016 - jmassaguerpla@suse.com
- update docker to 1.12.3
- fix bsc#1007249 - CVE-2016-8867: Fix ambient capability usage in containers
- other fixes:
https://github.com/docker/docker/releases/tag/v1.12.3
-------------------------------------------------------------------
Thu Oct 13 11:15:17 UTC 2016 - jmassaguerpla@suse.com
- update docker to 1.12.2 (bsc#1004490). See changelog
https://github.com/docker/docker/blob/v1.12.2/CHANGELOG.md
- update docker-mount-secrets.patch to 1.12.2 code
-------------------------------------------------------------------
Tue Oct 11 09:36:23 UTC 2016 - asarai@suse.com
- docker-mount-secrets.patch: change the internal mountpoint name to not use
":" as that character can be considered a special character by other tools.
bsc#999582
-------------------------------------------------------------------
Mon Sep 19 11:56:15 UTC 2016 - jmassaguerpla@suse.com
- fix go_arches definition: use global instead of define, otherwise
it fails to build
-------------------------------------------------------------------
Wed Sep 14 09:41:57 UTC 2016 - asarai@suse.com
- Add dockerd(8) man page.
-------------------------------------------------------------------
Fri Sep 9 12:42:24 UTC 2016 - thipp@suse.de
- add missing patch to changelog
-------------------------------------------------------------------
Wed Sep 7 16:33:59 UTC 2016 - thipp@suse.de
- fix integration test case
- add integration-cli-fix-TestInfoEnsureSucceeds.patch
-------------------------------------------------------------------
Tue Sep 6 13:28:38 UTC 2016 - thipp@suse.de
- update rpmlintrc
-------------------------------------------------------------------
Fri Sep 2 12:02:23 UTC 2016 - thipp@suse.de
- make test timeout configurable
-------------------------------------------------------------------
Fri Sep 2 10:25:27 UTC 2016 - asarai@suse.com
- Remove noarch from docker-test, which was causing lots of fun issues when
trying to run them.
-------------------------------------------------------------------
Tue Aug 30 09:07:19 UTC 2016 - jmassaguerpla@suse.com
- Fix build for ppc64le: use static libgo for dockerd and docker-proxy
as in docker build.
-------------------------------------------------------------------
Mon Aug 29 12:11:21 UTC 2016 - jmassaguerpla@suse.com
- Update docker to 1.12.1 (bsc#996015)
see changelog in https://github.com/docker/docker/releases/tag/v1.12.1
-------------------------------------------------------------------
Fri Aug 26 12:02:35 UTC 2016 - cbrauner@suse.de
- Add asaurin@suse.com's test.sh test script.
- Add integration test binary in docker.spec file. This is work done by
asaurin@suse.com.
-------------------------------------------------------------------
Fri Aug 26 10:43:38 UTC 2016 - asarai@suse.com
- Package docker-proxy (which was split out of the docker binary in 1.12).
boo#995620
-------------------------------------------------------------------
Fri Aug 26 10:00:36 UTC 2016 - jmassaguerpla@suse.com
- fix bsc#995102 - Docker "migrator" prevents installing "docker",
if docker 1.9 was installed before but there were no images
-------------------------------------------------------------------
Fri Aug 26 08:49:15 UTC 2016 - asarai@suse.com
- Update docker.service file with several changes.
* Reapply fix for bsc#983015 (Limit*=infinity).
* Specify an "OCI" runtime for our runc package explicitly. bsc#978260
-------------------------------------------------------------------
Thu Aug 25 14:02:04 UTC 2016 - jmassaguerpla@suse.com
- remove disable-pprof-trace.patch: We can remove this patch because
we use go 1.6, either gcc6-go or gc-go. This patch was for gcc5-go
-------------------------------------------------------------------
Wed Aug 24 12:31:23 UTC 2016 - jmassaguerpla@suse.com
- add go_arches in project configuration: this way, we can use the
same spec file but decide in the project configuration if to
use gc-go or gcc-go for some archs.
-------------------------------------------------------------------
Tue Aug 23 11:35:09 UTC 2016 - jmassaguerpla@suse.com
- use gcc6-go instead of gcc5-go (bsc#988408)
- build ppc64le with gc-go because this version builds with gc-go 1.6
- remove bnc964673-boltdb-metadata-recovery.patch because it has already
been merged
-------------------------------------------------------------------
Tue Aug 23 11:34:09 UTC 2016 - cbrauner@suse.com
- update to v1.12.0 (bsc#995058)
see detailed changelog at
https://github.com/docker/docker/releases/tag/v1.12.0
- disable test that fail in obs build context
- only run unit tests on architectures that provide the go list and go test
tools
- disable dockerd, parser, integration test, and devicemapper related tests
on versions below SLE12 and openSUSE_13.2
- bump test timeout to 10m (for aarch64)
- run unit tests during the build
- Adapt docker.service file.
- adapt install sections for gccgo builds: gccgo build are not built in separate
folders for client and daemon. They both reside in dyngccgo.
- gcc-go-patch: link against systemd when compiling the daemon.
- Add disable-pprof-trace.patch
pprof.Trace() is not available in go version <= 1.4 which we use to build SLES
packages. This patch comments out the pprof.Trace() section.
- update gcc-go-patch and docker-mount-secrets.patch
-------------------------------------------------------------------
Tue Aug 23 11:34:09 UTC 2016 - tboerger@suse.com
- Fixed binary split, install both required binaries correctly
-------------------------------------------------------------------
Tue Aug 16 09:39:11 UTC 2016 - asarai@suse.com
* Explicitly state the version dependencies for runC and containerd, to
avoid potential issues with incompatible component versions. These
must be updated *each time we do a release*. bsc#993847
-------------------------------------------------------------------
Mon Jul 25 05:34:50 UTC 2016 - sflees@suse.de
- Don't exit mid install, add the ability to not restart the docker
service during certain updates with long migration phases
bsc#980555
-------------------------------------------------------------------
Tue Jul 19 17:03:32 UTC 2016 - jmassaguerpla@suse.com
- remove kernel dependency (bsc#987198)
-------------------------------------------------------------------
Wed Jul 13 13:41:33 UTC 2016 - cbrauner@suse.de
- remove sysconfig.docker.ppc64le patch
setting iptables option on ppc64le works now (bsc#988707)
-------------------------------------------------------------------
Tue Jul 5 17:52:58 UTC 2016 - jmassaguerpla@suse.com
- fix bsc#984942: audit.rules in docker-1.9.1-58.1.x86_64.rpm has a
syntax error
-------------------------------------------------------------------
Tue Jul 5 14:26:45 UTC 2016 - asarai@suse.com
* Update docker.service to include changes from upstream, including the
soon-to-be-merged patch https://github.com/docker/docker/pull/24307,
which fixes bnc#983015.
-------------------------------------------------------------------
Fri Jun 24 00:23:57 UTC 2016 - dmueller@suse.com
- readd dropped declaration for patch200
-------------------------------------------------------------------
Wed Jun 8 14:42:08 UTC 2016 - asarai@suse.de
* Removed patches:
- cve-2016-3697-numeric-uid.patch (merged upstream in gh@docker/docker#22998).
* Update Docker to 1.11.2. (bsc#989566) Changelog from upstream:
* Networking
* Fix a stale endpoint issue on overlay networks during ungraceful restart
(#23015)
* Fix an issue where the wrong port could be reported by docker
inspect/ps/port (#22997)
* Runtime
* Fix a potential panic when running docker build (#23032)
* Fix interpretation of --user parameter (#22998)
* Fix a bug preventing container statistics to be correctly reported (#22955)
* Fix an issue preventing container to be restarted after daemon restart
(#22947)
* Fix issues when running 32 bit binaries on Ubuntu 16.04 (#22922)
* Fix a possible deadlock on image deletion and container attach (#22918)
* Fix an issue where containers fail to start after a daemon restart if they
depend on a containerized cluster store (#22561)
* Fix an issue causing docker ps to hang on CentOS when using devicemapper
(#22168, #23067)
* Fix a bug preventing to docker exec into a container when using
devicemapper (#22168, #23067)
-------------------------------------------------------------------
Fri May 20 10:26:39 UTC 2016 - jmassaguerpla@suse.com
- Fix udev files ownership
-------------------------------------------------------------------
Thu May 19 13:43:44 UTC 2016 - tchvatal@suse.com
- Pass over with spec-cleaner, no factual changes
-------------------------------------------------------------------
Wed May 18 14:21:09 UTC 2016 - asarai@suse.de
* Make sure we *always* build unstripped Go binaries.
-------------------------------------------------------------------
Mon May 16 13:55:07 UTC 2016 - asarai@suse.de
* Add a patch to fix database soft corruption issues if the Docker dameon dies
in a bad state. There is a PR upstream to vendor Docker to have this fix as
well, but it probably won't get in until 1.11.2. bnc#964673
(https://github.com/docker/docker/pull/22765)
+ bnc964673-boltdb-metadata-recovery.patch
-------------------------------------------------------------------
Mon May 2 07:40:22 UTC 2016 - asarai@suse.de
* Remove conditional Patch directive for SUSE secrets, since conditionally
including patches results in incompatible .src.rpms. The patch is still
applied conditionally.
-------------------------------------------------------------------
Fri Apr 29 09:04:54 UTC 2016 - asarai@suse.de
* Update to Docker 1.11.1. Changelog from upstream:
* Distribution
- Fix schema2 manifest media type to be of type `application/vnd.docker.container.image.v1+json` ([#21949](https://github.com/docker/docker/pull/21949))
* Documentation
+ Add missing API documentation for changes introduced with 1.11.0 ([#22048](https://github.com/docker/docker/pull/22048))
* Builder
* Append label passed to `docker build` as arguments as an implicit `LABEL` command at the end of the processed `Dockerfile` ([#22184](https://github.com/docker/docker/pull/22184))
* Networking
- Fix a panic that would occur when forwarding DNS query ([#22261](https://github.com/docker/docker/pull/22261))
- Fix an issue where OS threads could end up within an incorrect network namespace when using user defined networks ([#22261](https://github.com/docker/docker/pull/22261))
* Runtime
- Fix a bug preventing labels configuration to be reloaded via the config file ([#22299](https://github.com/docker/docker/pull/22299))
- Fix a regression where container mounting `/var/run` would prevent other containers from being removed ([#22256](https://github.com/docker/docker/pull/22256))
- Fix an issue where it would be impossible to update both `memory-swap` and `memory` value together ([#22255](https://github.com/docker/docker/pull/22255))
- Fix a regression from 1.11.0 where the `/auth` endpoint would not initialize `serveraddress` if it is not provided ([#22254](https://github.com/docker/docker/pull/22254))
- Add missing cleanup of container temporary files when cancelling a schedule restart ([#22237](https://github.com/docker/docker/pull/22237))
- Removed scary error message when no restart policy is specified ([#21993](https://github.com/docker/docker/pull/21993))
- Fix a panic that would occur when the plugins were activated via the json spec ([#22191](https://github.com/docker/docker/pull/22191))
- Fix restart backoff logic to correctly reset delay if container ran for at least 10secs ([#22125](https://github.com/docker/docker/pull/22125))
- Remove error message when a container restart get cancelled ([#22123](https://github.com/docker/docker/pull/22123))
- Fix an issue where `docker` would not correcly clean up after `docker exec` ([#22121](https://github.com/docker/docker/pull/22121))
- Fix a panic that could occur when servicing concurrent `docker stats` commands ([#22120](https://github.com/docker/docker/pull/22120))`
- Revert deprecation of non-existing host directories auto-creation ([#22065](https://github.com/docker/docker/pull/22065))
- Hide misleading rpc error on daemon shutdown ([#22058](https://github.com/docker/docker/pull/22058))
-------------------------------------------------------------------
Wed Apr 27 10:29:47 UTC 2016 - jmassaguerpla@suse.com
- Fix go version to 1.5 (bsc#977394)
-------------------------------------------------------------------
Fri Apr 22 10:43:37 UTC 2016 - asarai@suse.de
- Add patch to fix vulnerability in Docker <= 1.11.0. This patch is upstream,
but was merged after the 1.11.0 merge window. CVE-2016-3697. bsc#976777.
+ cve-2016-3697-numeric-uid.patch
The upstream PR is here[1] and was vendored into Docker here[2].
[1]: https://github.com/opencontainers/runc/pull/708
[2]: https://github.com/docker/docker/pull/21665
-------------------------------------------------------------------
Mon Apr 18 19:33:56 UTC 2016 - mpluskal@suse.com
- Supplemnent zsh from zsh-completion
* zsh-completion will be automatically installed if zsh and
docker are installed
-------------------------------------------------------------------
Mon Apr 18 15:44:11 UTC 2016 - jmassaguerpla@suse.com
- Remove gcc5_socker_workaround.patch: This patch is not needed anymore
since gcc5 has been updated in all platforms
-------------------------------------------------------------------
Mon Apr 18 06:19:18 UTC 2016 - asarai@suse.de
* Removed patches that have been fixed upstream and in gcc-go:
- boltdb_bolt_powerpc.patch
- fix-apparmor.patch
- fix-btrfs-ioctl-structure.patch
- fix-docker-init.patch
- libnetwork_drivers_bridge_powerpc.patch
- ignore-dockerinit-checksum.patch
* Require containerd, as it is the only currently supported Docker execdriver.
* Update docker.socket to require containerd.socket and use --containerd in
docker.service so that the services are self-contained.
* Update to Docker 1.11.0. Changelog from upstream:
* Builder
- Fix a bug where Docker would not used the correct uid/gid when processing the `WORKDIR` command ([#21033](https://github.com/docker/docker/pull/21033))
- Fix a bug where copy operations with userns would not use the proper uid/gid ([#20782](https://github.com/docker/docker/pull/20782), [#21162](https://github.com/docker/docker/pull/21162))
* Client
* Usage of the `:` separator for security option has been deprecated. `=` should be used instead ([#21232](https://github.com/docker/docker/pull/21232))
+ The client user agent is now passed to the registry on `pull`, `build`, `push`, `login` and `search` operations ([#21306](https://github.com/docker/docker/pull/21306), [#21373](https://github.com/docker/docker/pull/21373))
* Allow setting the Domainname and Hostname separately through the API ([#20200](https://github.com/docker/docker/pull/20200))
* Docker info will now warn users if it can not detect the kernel version or the operating system ([#21128](https://github.com/docker/docker/pull/21128))
- Fix an issue where `docker stats --no-stream` output could be all 0s ([#20803](https://github.com/docker/docker/pull/20803))
- Fix a bug where some newly started container would not appear in a running `docker stats` command ([#20792](https://github.com/docker/docker/pull/20792))
* Post processing is no longer enabled for linux-cgo terminals ([#20587](https://github.com/docker/docker/pull/20587))
- Values to `--hostname` are now refused if they do not comply with [RFC1123](https://tools.ietf.org/html/rfc1123) ([#20566](https://github.com/docker/docker/pull/20566))
+ Docker learned how to use a SOCKS proxy ([#20366](https://github.com/docker/docker/pull/20366), [#18373](https://github.com/docker/docker/pull/18373))
+ Docker now supports external credential stores ([#20107](https://github.com/docker/docker/pull/20107))
* `docker ps` now supports displaying the list of volumes mounted inside a container ([#20017](https://github.com/docker/docker/pull/20017))
* `docker info` now also report Docker's root directory location ([#19986](https://github.com/docker/docker/pull/19986))
- Docker now prohibits login in with an empty username (spaces are trimmed) ([#19806](https://github.com/docker/docker/pull/19806))
* Docker events attributes are now sorted by key ([#19761](https://github.com/docker/docker/pull/19761))
* `docker ps` no longer show exported port for stopped containers ([#19483](https://github.com/docker/docker/pull/19483))
- Docker now cleans after itself if a save/export command fails ([#17849](https://github.com/docker/docker/pull/17849))
* Docker load learned how to display a progress bar ([#17329](https://github.com/docker/docker/pull/17329), [#120078](https://github.com/docker/docker/pull/20078))
* Distribution
- Fix a panic that occurred when pulling an images with 0 layers ([#21222](https://github.com/docker/docker/pull/21222))
- Fix a panic that could occur on error while pushing to a registry with a misconfigured token service ([#21212](https://github.com/docker/docker/pull/21212))
+ All first-level delegation roles are now signed when doing a trusted push ([#21046](https://github.com/docker/docker/pull/21046))
+ OAuth support for registries was added ([#20970](https://github.com/docker/docker/pull/20970))
* `docker login` now handles token using the implementation found in [docker/distribution](https://github.com/docker/distribution) ([#20832](https://github.com/docker/docker/pull/20832))
* `docker login` will no longer prompt for an email ([#20565](https://github.com/docker/docker/pull/20565))
* Docker will now fallback to registry V1 if no basic auth credentials are available ([#20241](https://github.com/docker/docker/pull/20241))
* Docker will now try to resume layer download where it left off after a network error/timeout ([#19840](https://github.com/docker/docker/pull/19840))
- Fix generated manifest mediaType when pushing cross-repository ([#19509](https://github.com/docker/docker/pull/19509))
- Fix docker requesting additional push credentials when pulling an image if Content Trust is enabled ([#20382](https://github.com/docker/docker/pull/20382))
* Logging
- Fix a race in the journald log driver ([#21311](https://github.com/docker/docker/pull/21311))
* Docker syslog driver now uses the RFC-5424 format when emitting logs ([#20121](https://github.com/docker/docker/pull/20121))
* Docker GELF log driver now allows to specify the compression algorithm and level via the `gelf-compression-type` and `gelf-compression-level` options ([#19831](https://github.com/docker/docker/pull/19831))
* Docker daemon learned to output uncolorized logs via the `--raw-logs` options ([#19794](https://github.com/docker/docker/pull/19794))
+ Docker, on Windows platform, now includes an ETW (Event Tracing in Windows) logging driver named `etwlogs` ([#19689](https://github.com/docker/docker/pull/19689))
* Journald log driver learned how to handle tags ([#19564](https://github.com/docker/docker/pull/19564))
+ The fluentd log driver learned the following options: `fluentd-address`, `fluentd-buffer-limit`, `fluentd-retry-wait`, `fluentd-max-retries` and `fluentd-async-connect` ([#19439](https://github.com/docker/docker/pull/19439))
+ Docker learned to send log to Google Cloud via the new `gcplogs` logging driver. ([#18766](https://github.com/docker/docker/pull/18766))
* Misc
+ When saving linked images together with `docker save` a subsequent `docker load` will correctly restore their parent/child relationship ([#21385](https://github.com/docker/docker/pull/c))
+ Support for building the Docker cli for OpenBSD was added ([#21325](https://github.com/docker/docker/pull/21325))
+ Labels can now be applied at network, volume and image creation ([#21270](https://github.com/docker/docker/pull/21270))
* The `dockremap` is now created as a system user ([#21266](https://github.com/docker/docker/pull/21266))
- Fix a few response body leaks ([#21258](https://github.com/docker/docker/pull/21258))
- Docker, when run as a service with systemd, will now properly manage its processes cgroups ([#20633](https://github.com/docker/docker/pull/20633))
* Docker info now reports the value of cgroup KernelMemory or emits a warning if it is not supported ([#20863](https://github.com/docker/docker/pull/20863))
* Docker info now also reports the cgroup driver in use ([#20388](https://github.com/docker/docker/pull/20388))
* Docker completion is now available on PowerShell ([#19894](https://github.com/docker/docker/pull/19894))
* `dockerinit` is no more ([#19490](https://github.com/docker/docker/pull/19490),[#19851](https://github.com/docker/docker/pull/19851))
+ Support for building Docker on arm64 was added ([#19013](https://github.com/docker/docker/pull/19013))
+ Experimental support for building docker.exe in a native Windows Docker installation ([#18348](https://github.com/docker/docker/pull/18348))
* Networking
- Fix panic if a node is forcibly removed from the cluster ([#21671](https://github.com/docker/docker/pull/21671))
- Fix "error creating vxlan interface" when starting a container in a Swarm cluster ([#21671](https://github.com/docker/docker/pull/21671))
* `docker network inspect` will now report all endpoints whether they have an active container or not ([#21160](https://github.com/docker/docker/pull/21160))
+ Experimental support for the MacVlan and IPVlan network drivers have been added ([#21122](https://github.com/docker/docker/pull/21122))
* Output of `docker network ls` is now sorted by network name ([#20383](https://github.com/docker/docker/pull/20383))
- Fix a bug where Docker would allow a network to be created with the reserved `default` name ([#19431](https://github.com/docker/docker/pull/19431))
* `docker network inspect` returns whether a network is internal or not ([#19357](https://github.com/docker/docker/pull/19357))
+ Control IPv6 via explicit option when creating a network (`docker network create --ipv6`). This shows up as a new `EnableIPv6` field in `docker network inspect` ([#17513](https://github.com/docker/docker/pull/17513))
* Support for AAAA Records (aka IPv6 Service Discovery) in embedded DNS Server ([#21396](https://github.com/docker/docker/pull/21396))
- Fix to not forward docker domain IPv6 queries to external servers ([#21396](https://github.com/docker/docker/pull/21396))
* Multiple A/AAAA records from embedded DNS Server for DNS Round robin ([#21019](https://github.com/docker/docker/pull/21019))
- Fix endpoint count inconsistency after an ungraceful dameon restart ([#21261](https://github.com/docker/docker/pull/21261))
- Move the ownership of exposed ports and port-mapping options from Endpoint to Sandbox ([#21019](https://github.com/docker/docker/pull/21019))
- Fixed a bug which prevents docker reload when host is configured with ipv6.disable=1 ([#21019](https://github.com/docker/docker/pull/21019))
- Added inbuilt nil IPAM driver ([#21019](https://github.com/docker/docker/pull/21019))
- Fixed bug in iptables.Exists() logic [#21019](https://github.com/docker/docker/pull/21019)
- Fixed a Veth interface leak when using overlay network ([#21019](https://github.com/docker/docker/pull/21019))
- Fixed a bug which prevents docker reload after a network delete during shutdown ([#20214](https://github.com/docker/docker/pull/20214))
- Make sure iptables chains are recreated on firewalld reload ([#20419](https://github.com/docker/docker/pull/20419))
- Allow to pass global datastore during config reload ([#20419](https://github.com/docker/docker/pull/20419))
- For anonymous containers use the alias name for IP to name mapping, ie:DNS PTR record ([#21019](https://github.com/docker/docker/pull/21019))
- Fix a panic when deleting an entry from /etc/hosts file ([#21019](https://github.com/docker/docker/pull/21019))
- Source the forwarded DNS queries from the container net namespace ([#21019](https://github.com/docker/docker/pull/21019))
- Fix to retain the network internal mode config for bridge networks on daemon reload ([#21780] (https://github.com/docker/docker/pull/21780))
- Fix to retain IPAM driver option configs on daemon reload ([#21914] (https://github.com/docker/docker/pull/21914))
* Plugins
- Fix a file descriptor leak that would occur every time plugins were enumerated ([#20686](https://github.com/docker/docker/pull/20686))
- Fix an issue where Authz plugin would corrupt the payload body when faced with a large amount of data ([#20602](https://github.com/docker/docker/pull/20602))
* Runtime
- Fix a panic that could occur when cleanup after a container started with invalid parameters ([#21716](https://github.com/docker/docker/pull/21716))
- Fix a race with event timers stopping early ([#21692](https://github.com/docker/docker/pull/21692))
- Fix race conditions in the layer store, potentially corrupting the map and crashing the process ([#21677](https://github.com/docker/docker/pull/21677))
- Un-deprecate auto-creation of host directories for mounts. This feature was marked deprecated in ([#21666](https://github.com/docker/docker/pull/21666))
Docker 1.9, but was decided to be too much of an backward-incompatible change, so it was decided to keep the feature.
+ It is now possible for containers to share the NET and IPC namespaces when `userns` is enabled ([#21383](https://github.com/docker/docker/pull/21383))
+ `docker inspect <image-id>` will now expose the rootfs layers ([#21370](https://github.com/docker/docker/pull/21370))
+ Docker Windows gained a minimal `top` implementation ([#21354](https://github.com/docker/docker/pull/21354))
* Docker learned to report the faulty exe when a container cannot be started due to its condition ([#21345](https://github.com/docker/docker/pull/21345))
* Docker with device mapper will now refuse to run if `udev sync` is not available ([#21097](https://github.com/docker/docker/pull/21097))
- Fix a bug where Docker would not validate the config file upon configuration reload ([#21089](https://github.com/docker/docker/pull/21089))
- Fix a hang that would happen on attach if initial start was to fail ([#21048](https://github.com/docker/docker/pull/21048))
- Fix an issue where registry service options in the daemon configuration file were not properly taken into account ([#21045](https://github.com/docker/docker/pull/21045))
- Fix a race between the exec and resize operations ([#21022](https://github.com/docker/docker/pull/21022))
- Fix an issue where nanoseconds were not correctly taken in account when filtering Docker events ([#21013](https://github.com/docker/docker/pull/21013))
- Fix the handling of Docker command when passed a 64 bytes id ([#21002](https://github.com/docker/docker/pull/21002))
* Docker will now return a `204` (i.e http.StatusNoContent) code when it successfully deleted a network ([#20977](https://github.com/docker/docker/pull/20977))
- Fix a bug where the daemon would wait indefinitely in case the process it was about to killed had already exited on its own ([#20967](https://github.com/docker/docker/pull/20967)
* The devmapper driver learned the `dm.min_free_space` option. If the mapped device free space reaches the passed value, new device creation will be prohibited. ([#20786](https://github.com/docker/docker/pull/20786))
+ Docker can now prevent processes in container to gain new privileges via the `--security-opt=no-new-privileges` flag ([#20727](https://github.com/docker/docker/pull/20727))
- Starting a container with the `--device` option will now correctly resolves symlinks ([#20684](https://github.com/docker/docker/pull/20684))
+ Docker now relies on [`containerd`](https://github.com/docker/containerd) and [`runc`](https://github.com/opencontainers/runc) to spawn containers. ([#20662](https://github.com/docker/docker/pull/20662))
- Fix docker configuration reloading to only alter value present in the given config file ([#20604](https://github.com/docker/docker/pull/20604))
+ Docker now allows setting a container hostname via the `--hostname` flag when `--net=host` ([#20177](https://github.com/docker/docker/pull/20177))
+ Docker now allows executing privileged container while running with `--userns-remap` if both `--privileged` and the new `--userns=host` flag are specified ([#20111](https://github.com/docker/docker/pull/20111))
- Fix Docker not cleaning up correctly old containers upon restarting after a crash ([#19679](https://github.com/docker/docker/pull/19679))
* Docker will now error out if it doesn't recognize a configuration key within the config file ([#19517](https://github.com/docker/docker/pull/19517))
- Fix container loading, on daemon startup, when they depends on a plugin running within a container ([#19500](https://github.com/docker/docker/pull/19500))
* `docker update` learned how to change a container restart policy ([#19116](https://github.com/docker/docker/pull/19116))
* `docker inspect` now also returns a new `State` field containing the container state in a human readable way (i.e. one of `created`, `restarting`, `running`, `paused`, `exited` or `dead`)([#18966](https://github.com/docker/docker/pull/18966))
+ Docker learned to limit the number of active pids (i.e. processes) within the container via the `pids-limit` flags. NOTE: This requires `CGROUP_PIDS=y` to be in the kernel configuration. ([#18697](https://github.com/docker/docker/pull/18697))
- `docker load` now has a `--quiet` option to suppress the load output ([#20078](https://github.com/docker/docker/pull/20078))
- Fix a bug in neighbor discovery for IPv6 peers ([#20842](https://github.com/docker/docker/pull/20842))
- Fix a panic during cleanup if a container was started with invalid options ([#21802](https://github.com/docker/docker/pull/21802))
- Fix a situation where a container cannot be stopped if the terminal is closed ([#21840](https://github.com/docker/docker/pull/21840))
* Security
* Object with the `pcp_pmcd_t` selinux type were given management access to `/var/lib/docker(/.*)?` ([#21370](https://github.com/docker/docker/pull/21370))
* `restart_syscall`, `copy_file_range`, `mlock2` joined the list of allowed calls in the default seccomp profile ([#21117](https://github.com/docker/docker/pull/21117), [#21262](https://github.com/docker/docker/pull/21262))
* `send`, `recv` and `x32` were added to the list of allowed syscalls and arch in the default seccomp profile ([#19432](https://github.com/docker/docker/pull/19432))
* Docker Content Trust now requests the server to perform snapshot signing ([#21046](https://github.com/docker/docker/pull/21046))
* Support for using YubiKeys for Content Trust signing has been moved out of experimental ([#21591](https://github.com/docker/docker/pull/21591))
* Volumes
* Output of `docker volume ls` is now sorted by volume name ([#20389](https://github.com/docker/docker/pull/20389))
* Local volumes can now accepts options similar to the unix `mount` tool ([#20262](https://github.com/docker/docker/pull/20262))
- Fix an issue where one letter directory name could not be used as source for volumes ([#21106](https://github.com/docker/docker/pull/21106))
+ `docker run -v` now accepts a new flag `nocopy`. This tell the runtime not to copy the container path content into the volume (which is the default behavior) ([#21223](https://github.com/docker/docker/pull/21223))
-------------------------------------------------------------------
Wed Apr 13 11:16:51 UTC 2016 - jmassaguerpla@suse.com
- docker.spec: apply gcc5 socket patch also for sle12 and leap
because gcc5 has been updated there as well.
- docker.spec: add a "is_opensuse" check for the mount-secrets patch.
This way we can use this same package for opensuse.
-------------------------------------------------------------------
Fri Apr 8 13:27:55 UTC 2016 - dmueller@suse.com
- use go-lang for aarch64:
- drop fix_platform_type_arm.patch (works around a gcc-go bug, so
unnecessary)
-------------------------------------------------------------------
Thu Apr 7 09:35:40 UTC 2016 - asarai@suse.de
- Add patch from upstream (https://github.com/docker/docker/pull/21723) to fix
compilation on Factory and Tumbleweed (which have btrfsprogs >= 4.5).
+ fix-btrfs-ioctl-structure.patch bnc#974208
-------------------------------------------------------------------
Tue Mar 22 15:27:26 UTC 2016 - fcastelli@suse.com
- Changed systemd unit file and default sysconfig file to include network options,
this is needed to get SDN like flannel to work
-------------------------------------------------------------------
Tue Mar 15 09:16:55 UTC 2016 - asarai@suse.de
- docker.spec: update warning to mention that /etc/sysconfig/docker is sourced
by the migration script.
-------------------------------------------------------------------
Mon Mar 14 10:20:19 UTC 2016 - asarai@suse.de
- docker.spec: only Reccomends: the docker-image-migrator package as it is no
longer required for our ugly systemctl hacks.
- docker.spec: fix up documentation to refer to the script you need to run in
the migrator package.
- docker.spec: print a warning if you force the DOCKER_FORCE_INSTALL option.
-------------------------------------------------------------------
Fri Mar 11 08:44:46 UTC 2016 - asarai@suse.de
- spec: switch to new done file name from docker-image-migrator
-------------------------------------------------------------------
Fri Mar 11 08:41:49 UTC 2016 - jmassaguerpla@suse.com
- update to docker 1.10.3 (bnc#970637)
Runtime
Fix Docker client exiting with an "Unrecognized input header" error #20706
Fix Docker exiting if Exec is started with both AttachStdin and Detach #20647
Distribution
Fix a crash when pushing multiple images sharing the same layers to the same repository in parallel #20831
Fix a panic when pushing images to a registry which uses a misconfigured token service #21030
Plugin system
Fix issue preventing volume plugins to start when SELinux is enabled #20834
Prevent Docker from exiting if a volume plugin returns a null response for Get requests #20682
Fix plugin system leaking file descriptors if a plugin has an error #20680
Security
Fix linux32 emulation to fail during docker build #20672 It was due to the personality syscall being blocked by the default seccomp profile.
Fix Oracle XE 10g failing to start in a container #20981 It was due to the ipc syscall being blocked by the default seccomp profile.
Fix user namespaces not working on Linux From Scratch #20685
Fix issue preventing daemon to start if userns is enabled and the subuid or subgid files contain comments #20725
More at https://github.com/docker/docker/releases/tag/v1.10.3
-------------------------------------------------------------------
Thu Mar 10 13:52:54 UTC 2016 - asarai@suse.de
- spec: improve file-based migration checks to make sure that it doesn't cause
errors if running on a /var/lib/docker without /var/lib/docker/graph.
-------------------------------------------------------------------
Wed Mar 9 13:45:14 UTC 2016 - asarai@suse.de
- spec: implement file-based migration checks. The migrator will be updated to
match the warning message's instructions. This looks like it works with my
testing.
-------------------------------------------------------------------
Mon Mar 7 14:09:17 UTC 2016 - normand@linux.vnet.ibm.com
- more patches to build on ppc64 architecture
update netlink_gcc_go.patch
new netlink_netns_powerpc.patch
new boltdb_bolt_powerpc.patch
new libnetwork_drivers_bridge_powerpc.patch to replace
deleted fix-ppc64le.patch
-------------------------------------------------------------------
Tue Mar 1 17:54:41 UTC 2016 - jmassaguerpla@suse.com
- fix bsc#968972 - let docker manage the cgroups of the processes
that it launches without systemd
-------------------------------------------------------------------
Tue Mar 1 15:28:56 UTC 2016 - jmassaguerpla@suse.com
- Require docker-image-migrator (bnc#968933)
-------------------------------------------------------------------
Tue Feb 23 08:55:17 UTC 2016 - jmassaguerpla@suse.com
Update to version 1.10.2 (bnc#968933)
- Runtime
Prevent systemd from deleting containers' cgroups when its configuration is reloaded #20518
Fix SELinux issues by disregarding --read-only when mounting /dev/mqueue #20333
Fix chown permissions used during docker cp when userns is used #20446
Fix configuration loading issue with all booleans defaulting to true #20471
Fix occasional panic with docker logs -f #20522
- Distribution
Keep layer reference if deletion failed to avoid a badly inconsistent state #20513
Handle gracefully a corner case when canceling migration #20372
Fix docker import on compressed data #20367
Fix tar-split files corruption during migration that later cause docker push and docker save to fail #20458
- Networking
Fix daemon crash if embedded DNS is sent garbage #20510
- Volumes
Fix issue with multiple volume references with same name #20381
- Security
Fix potential cache corruption and delegation conflict issues #20523
link to changelog:
https://github.com/docker/docker/blob/v1.10.2/CHANGELOG.md
-------------------------------------------------------------------
Mon Feb 15 09:48:41 UTC 2016 - asarai@suse.com
- fix-apparmor.patch: switch to a backported version of docker/docker#20305,
which also fixes several potential issues if the major version of apparmor
changes.
-------------------------------------------------------------------
Mon Feb 15 08:35:43 UTC 2016 - asarai@suse.com
- Remove 1.10.0 tarball.
-------------------------------------------------------------------
Fri Feb 12 16:04:19 UTC 2016 - jmassaguerpla@suse.com
- Update to docker 1.10.1
It includes some fixes to 1.10.0, see detailed changelog in
https://github.com/docker/docker/blob/v1.10.1/CHANGELOG.md
-------------------------------------------------------------------
Tue Feb 9 17:24:46 UTC 2016 - jmassaguerpla@suse.com
- Update docker to 1.10.0 (bnc#965918)
Add usernamespace support
Add support for custom seccomp profiles
Improvements in network and volume management
detailed changelog in
https://github.com/docker/docker/blob/590d5108bbdaabb05af590f76c9757daceb6d02e/CHANGELOG.md
- removed patches, because code has been merged in 1.10.0 release:
libcontainer-apparmor-fixes.patch: see: https://github.com/docker/docker/blob/release/v1.10/contrib/apparmor/template.go
fix_bnc_958255.patch: see https://github.com/docker/docker/commit/2b4f64e59018c21aacbf311d5c774dd5521b5352
use_fs_cgroups_by_default.patch
fix_cgroup.parent_path_sanitisation.patch
add_bolt_ppc64.patch
add_bolt_arm64.patch
add_bolt_s390x.patch
- remove gcc-go-build-static-libgo.patch: This has been replace by gcc-go-patches.patch
- removed patches, because arm and ppc are not build using the dynbinary target, but the dyngccgo one:
docker_remove_journald_to_fix_dynbinary_build_on_arm.patch
docker_remove_journald_to_fix_dynbinary_build_on_powerpc.patch
docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch
- added patches:
fix_platform_type_arm.patch: fix build for arm64 and aarch64: set utsname as uint8 for arm64 and aarch64
gcc5_socket_workaround.patch: gcc5-go in Tumbleweed includes this commit
https://github.com/golang/gofrontend/commit/a850225433a66a58613c22185c3b09626f5545eb
Which "fixes" the data type for RawSockaddr.Data
However, docker now expects the "wrong" data type, since docker had a workaround
for that issue.
Thus, we need to workaround the workaround in tumbleweed
netlink_gcc_go.patch: add constants for syscalls TUNSETIFF and TUNSETPERSIST to fix a gcc issue.
This is a workaround for bnc#964468: gcc-go can no longer compile Docker.
fix-apparmor.patch: fix https://github.com/docker/docker/issues/20269 . It affects SLE12 which has apparmor
version 2.8 and not openSUSE which has version 2.9.
fix-ppc64le.patch: Build netlink driver using int8 and not uint8 for the data structure
- reviewed patches:
ignore-dockerinit-checksum.patch: review context in patch
fix-docker-init.patch: review patch because build method has been changed in spec file for gcc-go
gcc-go-patches.patch: review context in patch
- Build requires go >= 1.5: For version 1.9, we could use Go 1.4.3
see GO_VERSION https://github.com/docker/docker/blob/release/v1.9/Dockerfile
However, for version 1.10, we need go 1.5.3
see GO_VERSION https://github.com/docker/docker/blob/release/v1.10/Dockerfile
- fix bnc#965600 - SLES12 SP1 - Static shared memory limit in container
-------------------------------------------------------------------
Tue Feb 9 13:24:34 UTC 2016 - asarai@suse.com
- docker-mount-secrets.patch: fix up this patch to work on Docker 1.10
-------------------------------------------------------------------
Wed Jan 27 11:57:59 UTC 2016 - asarai@suse.com
- docker-mount-secrets.patch: properly register /run/secrets as a
mountpoint, so that it is unmounted properly when the container
is removed and thus container removal works. (bnc#963142)
- docker-mount-secrets.patch: in addition, add some extra debugging
information to the secrets patch.
-------------------------------------------------------------------
Wed Jan 27 09:42:59 UTC 2016 - asarai@suse.com
- fix_json_econnreset_bug.patch: fix JSON bug that causes containers to not start
in weird circumstances. https://github.com/docker/docker/issues/14203
-------------------------------------------------------------------
Wed Dec 23 11:10:54 UTC 2015 - fcastelli@suse.com jmassaguerpla@suse.com
- fix_bnc_958255.patch: fix Docker creates strange apparmor profile
(bnc#958255)
- use_fs_cgroups_by_default.patch: Use fs cgroups by default:
https://github.com/docker/docker/commit/419fd7449fe1a984f582731fcd4d9455000846b0
- fix_cgroup.parent_path_sanitisation.patch: fix cgroup.Parent path
sanitisation:
https://github.com/opencontainers/runc/commit/bf899fef451956be4abd63de6d6141d9f9096a02
- Add rules for auditd. This is required to fix bnc#959405
- Remove 7 patches, add 6 and modify 1, after 1.9.1 upgrade
* Removed:
- docker_missing_ppc64le_netlink_linux_files.patch: the code that this
bug refers to has benn removed upstream
- docker_rename_jump_amd64_as_jump_linux.patch: the code that this bug
refers to has been removed upstream
- Remove fix_15279.patch: code has been merged upstream
- Remove add_missing_syscall_for_s390x.patch: code has been merged upstream
- Remove fix_incompatible_assignment_error_bnc_950931.patch: code has been
merged upstream
- Remove fix_libsecomp_error_bnc_950931.patch: the code that this bug refers to
has been removed upstream
- Remove gcc5_socket_workaround.patch: Code has been fixed. Building with
this patch is giving the error we were trying to fix, implying that the
code has been fixed somewhere else.
* Added:
- add_bolt_ppc64.patch
- add_bolt_arm64.patch
- docker_remove_journald_to_fix_dynbinary_build_on_arm.patch
- docker_remove_journald_to_fix_dynbinary_build_on_powerpc.patch
- docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch
- gcc-go-build-static-libgo.patch: enable static linking of libgo in ggc-go
In order to do this, we had to work-around an issue from gcc-go:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69357
* Modify:
- Upgrade to 1.9.1(bnc#956434)
* Runtime:
- Do not prevent daemon from booting if images could not be restored
(#17695)
- Force IPC mount to unmount on daemon shutdown/init (#17539)
- Turn IPC unmount errors into warnings (#17554)
- Fix `docker stats` performance regression (#17638)
- Clarify cryptic error message upon `docker logs` if `--log-driver=none`
(#17767)
- Fix seldom panics (#17639, #17634, #17703)
- Fix opq whiteouts problems for files with dot prefix (#17819)
- devicemapper: try defaulting to xfs instead of ext4 for performance
reasons (#17903, #17918)
- devicemapper: fix displayed fs in docker info (#17974)
- selinux: only relabel if user requested so with the `z` option
(#17450, #17834)
- Do not make network calls when normalizing names (#18014)
*Client:
- Fix `docker login` on windows (#17738)
- Fix bug with `docker inspect` output when not connected to daemon
(#17715)
- Fix `docker inspect -f {{.HostConfig.Dns}} somecontainer` (#17680)
* Builder:
- Fix regression with symlink behavior in ADD/COPY (#17710)
* Networking:
- Allow passing a network ID as an argument for `--net` (#17558)
- Fix connect to host and prevent disconnect from host for `host` network
(#17476)
- Fix `--fixed-cidr` issue when gateway ip falls in ip-range and ip-range
is not the first block in the network (#17853)
- Restore deterministic `IPv6` generation from `MAC` address on default
`bridge` network (#17890)
- Allow port-mapping only for endpoints created on docker run (#17858)
- Fixed an endpoint delete issue with a possible stale sbox (#18102)
* Distribution:
- Correct parent chain in v2 push when v1Compatibility files on the disk
are inconsistent (#18047)
- Update to version 1.9.0 (bnc#954812):
* Runtime:
- `docker stats` now returns block IO metrics (#15005)
- `docker stats` now details network stats per interface (#15786)
- Add `ancestor=<image>` filter to `docker ps --filter` flag to filter
containers based on their ancestor images (#14570)
- Add `label=<somelabel>` filter to `docker ps --filter` to filter
containers based on label (#16530)
- Add `--kernel-memory` flag to `docker run` (#14006)
- Add `--message` flag to `docker import` allowing to specify an optional
message (#15711)
- Add `--privileged` flag to `docker exec` (#14113)
- Add `--stop-signal` flag to `docker run` allowing to replace the
container process stopping signal (#15307)
- Add a new `unless-stopped` restart policy (#15348)
- Inspecting an image now returns tags (#13185)
- Add container size information to `docker inspect` (#15796)
- Add `RepoTags` and `RepoDigests` field to `/images/{name:.*}/json`
(#17275)
- Remove the deprecated `/container/ps` endpoint from the API (#15972)
- Send and document correct HTTP codes for `/exec/<name>/start` (#16250)
- Share shm and mqueue between containers sharing IPC namespace (#15862)
- Event stream now shows OOM status when `--oom-kill-disable` is
set (#16235)
- Ensure special network files (/etc/hosts etc.) are read-only if
bind-mounted
with `ro` option (#14965)
- Improve `rmi` performance (#16890)
- Do not update /etc/hosts for the default bridge network, except for links
(#17325)
- Fix conflict with duplicate container names (#17389)
- Fix an issue with incorrect template execution in `docker inspect`
(#17284)
- DEPRECATE `-c` short flag variant for `--cpu-shares` in docker run
(#16271)
* Client:
- Allow `docker import` to import from local files (#11907)
* Builder:
- Add a `STOPSIGNAL` Dockerfile instruction allowing to set a different
stop-signal for the container process (#15307)
- Add an `ARG` Dockerfile instruction and a `--build-arg` flag to
`docker build`
that allows to add build-time environment variables (#15182)
- Improve cache miss performance (#16890)
* Storage:
- devicemapper: Implement deferred deletion capability (#16381)
* Networking:
- `docker network` exits experimental and is part of standard release
(#16645)
- New network top-level concept, with associated subcommands and API
(#16645)
WARNING: the API is different from the experimental API
- Support for multiple isolated/micro-segmented networks (#16645)
- Built-in multihost networking using VXLAN based overlay driver (#14071)
- Support for third-party network plugins (#13424)
- Ability to dynamically connect containers to multiple networks (#16645)
- Support for user-defined IP address management via pluggable IPAM drivers
(#16910)
- Add daemon flags `--cluster-store` and `--cluster-advertise` for built-in
nodes discovery (#16229)
- Add `--cluster-store-opt` for setting up TLS settings (#16644)
- Add `--dns-opt` to the daemon (#16031)
- DEPRECATE following container `NetworkSettings` fields in API v1.21:
`EndpointID`, `Gateway`, `GlobalIPv6Address`, `GlobalIPv6PrefixLen`,
`IPAddress`, `IPPrefixLen`, `IPv6Gateway` and `MacAddress`.
Those are now specific to the `bridge` network. Use
`NetworkSettings.Networks` to inspect
the networking settings of a container per network.
* Volumes:
- New top-level `volume` subcommand and API (#14242)
- Move API volume driver settings to host-specific config (#15798)
- Print an error message if volume name is not unique (#16009)
- Ensure volumes created from Dockerfiles always use the local volume driver
(#15507)
- DEPRECATE auto-creating missing host paths for bind mounts (#16349)
* Logging:
- Add `awslogs` logging driver for Amazon CloudWatch (#15495)
- Add generic `tag` log option to allow customizing container/image
information passed to driver (e.g. show container names) (#15384)
- Implement the `docker logs` endpoint for the journald driver (#13707)
- DEPRECATE driver-specific log tags (e.g. `syslog-tag`, etc.) (#15384)
* Distribution:
- `docker search` now works with partial names (#16509)
- Push optimization: avoid buffering to file (#15493)
- The daemon will display progress for images that were already being
pulled by another client (#15489)
- Only permissions required for the current action being performed are
requested (#)
- Renaming trust keys (and respective environment variables) from `offline`
to `root` and `tagging` to `repository` (#16894)
- DEPRECATE trust key environment variables
`DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE` and
`DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE` (#16894)
* Security:
- Add SELinux profiles to the rpm package (#15832)
- Fix various issues with AppArmor profiles provided in the deb package
(#14609)
- Add AppArmor policy that prevents writing to /proc (#15571)
- Change systemd unit file to no longer use the deprecated "-d" option
(bnc#954737)
-------------------------------------------------------------------
Tue Nov 24 16:34:52 UTC 2015 - fcastelli@suse.com
- Changed docker-mount-secrets.patch: allow removal of containers
even when the entry point failed. bnc#954797
-------------------------------------------------------------------
Tue Nov 3 12:36:25 UTC 2015 - msabate@suse.com
- Fixed the format of the fix_libsecomp_error_bnc_950931 patch.
-------------------------------------------------------------------
Tue Nov 3 12:30:22 UTC 2015 - msabate@suse.com
- Merged the fix_libsecomp_error_bnc_950931.patch and the
fix_x86_build_removing_empty_file_jump_amd_64.patch patches.
-------------------------------------------------------------------
Tue Nov 3 10:39:27 UTC 2015 - jmassaguerpla@suse.com
- Fix build for x86_64. Patch fix_libsecomp_error_bnc_950931.patch
had created and empty file jump_amd64.go instead of removing it.
This broke the build for x86_64.
This commit fixes it by removing that empty file.
fix_x86_build_removing_empty_file_jump_amd_64.patch: patch that
removes empty file jump_amd64.go
-------------------------------------------------------------------
Mon Nov 2 15:49:48 UTC 2015 - msabate@suse.com
- Added patch that fixes a known gcc-go for ppc64xe in the syscall.RawSockAddr
type.
gcc5_socket_workaround.patch
-------------------------------------------------------------------
Thu Oct 29 14:17:32 UTC 2015 - jmassaguerpla@suse.com
- Add patches for fixing ppc64le build (bnc#950931)
fix_libsecomp_error_bnc_950931.patch
fix_incompatible_assignment_error_bnc_950931.patch
docker_missing_ppc64le_netlink_linux_files.patch
- Remove docker_rename_jump_amd64_as_jump_linux.patch because it clashes
with the previous patches.
-------------------------------------------------------------------
Thu Oct 22 12:11:14 UTC 2015 - jmassaguerpla@suse.com
- Exclude libgo as a requirement. The auto requires script was adding
libgo as a requirement when building with gcc-go which was wrong.
-------------------------------------------------------------------
Fri Oct 16 15:43:46 UTC 2015 - jmassaguerpla@suse.com
- Add patch for missing systemcall for s390x. See
https://github.com/docker/docker/commit/eecf6cd48cf7c48f00aa8261cf431c87084161ae
add_missing_syscall_for_s390x.patch: contains the patch
- Exclude s390x for sle12 because it hangs when running go. It works for sle12sp1
thus we don't want to exclude sle12sp1 but only sle12.
-------------------------------------------------------------------
Mon Oct 12 20:10:00 UTC 2015 - fcastelli@suse.com
- Update docker to 1.8.3 version:
* Fix layer IDs lead to local graph poisoning (CVE-2014-8178) (bnc#949660)
* Fix manifest validation and parsing logic errors allow pull-by-digest validation bypass (CVE-2014-8179)
* Add `--disable-legacy-registry` to prevent a daemon from using a v1 registry
-------------------------------------------------------------------
Tue Sep 22 13:20:49 UTC 2015 - jmassaguerpla@suse.com
- Update docker to 1.8.2 version
see detailed changelog in
https://github.com/docker/docker/releases/tag/v1.8.2
fix bsc#946653 update do docker 1.8.2
- devicemapper: fix zero-sized field access
Fix issue #15279: does not build with Go 1.5 tip
Due to golang/go@7904946
the devices field is dropped.
This solution works on go1.4 and go1.5
See more in https://github.com/docker/docker/pull/15404
This fix was not included in v1.8.2. See previous link
on why.
fix_15279.patch: contains the patch for issue#15279
-------------------------------------------------------------------
Fri Aug 21 08:46:30 UTC 2015 - normand@linux.vnet.ibm.com
- new patch as per upstream issue
https://github.com/docker/docker/issues/14056#issuecomment-113680944
docker_rename_jump_amd64_as_jump_linux.patch
-------------------------------------------------------------------
Fri Aug 21 08:07:58 UTC 2015 - normand@linux.vnet.ibm.com
- ignore-dockerinit-checksum.patch need -p1 in spec
-------------------------------------------------------------------
Thu Aug 13 09:38:03 UTC 2015 - jmassaguerpla@suse.com
- Update to docker 1.8.1(bsc#942369 and bsc#942370):
- Fix a bug where pushing multiple tags would result in invalid images
- Update to docker 1.8.0:
see detailed changelog in
https://github.com/docker/docker/releases/tag/v1.8.0
- remove docker-netns-aarch64.patch: This patch was adding
vendor/src/github.com/vishvananda/netns/netns_linux_arm64.go
which is now included upstream, so we don't need this patch anymore
-------------------------------------------------------------------
Fri Jul 24 14:41:21 UTC 2015 - jmassaguerpla@suse.com
- Remove 0002-Stripped-dockerinit-binary.patch because we do not
use it anymore (we got rid of that when updating to 1.7.1)
-------------------------------------------------------------------
Fri Jul 24 14:14:38 UTC 2015 - jmassaguerpla@suse.com
- Exclude archs where docker does not build. Otherwise it gets into
and infinite loop when building.
We'll fix that later if we want to release for those archs.
-------------------------------------------------------------------
Wed Jul 15 08:11:11 UTC 2015 - jmassaguerpla@suse.com
- Update to 1.7.1 (2015-07-14) (bnc#938156)
* Runtime
- Fix default user spawning exec process with docker exec
- Make --bridge=none not to configure the network bridge
- Publish networking stats properly
- Fix implicit devicemapper selection with static binaries
- Fix socket connections that hung intermittently
- Fix bridge interface creation on CentOS/RHEL 6.6
- Fix local dns lookups added to resolv.conf
- Fix copy command mounting volumes
- Fix read/write privileges in volumes mounted with --volumes-from
* Remote API
- Fix unmarshalling of Command and Entrypoint
- Set limit for minimum client version supported
- Validate port specification
- Return proper errors when attach/reattach fail
* Distribution
- Fix pulling private images
- Fix fallback between registry V2 and V1
-------------------------------------------------------------------
Fri Jul 10 11:22:00 UTC 2015 - jmassaguerpla@suse.com
- Exclude init scripts other than systemd from the test-package
-------------------------------------------------------------------
Wed Jul 1 12:38:50 UTC 2015 - jmassaguerpla@suse.com
- Exclude intel 32 bits arch. Docker does not built on that. Let's
make it explicit.
-------------------------------------------------------------------
Thu Jun 25 16:49:59 UTC 2015 - dmueller@suse.com
- rediff ignore-dockerinit-checksum.patch, gcc-go-build-static-libgo.patch
to make them apply again.
- introduce go_arches for architectures that use the go compiler
instead of gcc-go
- add docker-netns-aarch64.patch: Add support for AArch64
- enable build for aarch64
-------------------------------------------------------------------
Wed Jun 24 09:02:03 UTC 2015 - fcastelli@suse.com
- Build man pages only on platforms where gc compiler is available.
-------------------------------------------------------------------
Mon Jun 22 08:48:11 UTC 2015 - fcastelli@suse.com
- Updated to 1.7.0 (2015-06-16) - bnc#935570
* Runtime
- Experimental feature: support for out-of-process volume plugins
- The userland proxy can be disabled in favor of hairpin NAT using the daemons `--userland-proxy=false` flag
- The `exec` command supports the `-u|--user` flag to specify the new process owner
- Default gateway for containers can be specified daemon-wide using the `--default-gateway` and `--default-gateway-v6` flags
- The CPU CFS (Completely Fair Scheduler) quota can be set in `docker run` using `--cpu-quota`
- Container block IO can be controlled in `docker run` using`--blkio-weight`
- ZFS support
- The `docker logs` command supports a `--since` argument
- UTS namespace can be shared with the host with `docker run --uts=host`
* Quality
- Networking stack was entirely rewritten as part of the libnetwork effort
- Engine internals refactoring
- Volumes code was entirely rewritten to support the plugins effort
- Sending SIGUSR1 to a daemon will dump all goroutines stacks without exiting
* Build
- Support ${variable:-value} and ${variable:+value} syntax for environment variables
- Support resource management flags `--cgroup-parent`, `--cpu-period`, `--cpu-quota`, `--cpuset-cpus`, `--cpuset-mems`
- git context changes with branches and directories
- The .dockerignore file support exclusion rules
* Distribution
- Client support for v2 mirroring support for the official registry
* Bugfixes
- Firewalld is now supported and will automatically be used when available
- mounting --device recursively
- Patch 0002-Stripped-dockerinit-binary.patch renamed to fix-docker-init.patch
and fixed to build with latest version of docker
-------------------------------------------------------------------
Tue Jun 9 16:35:46 UTC 2015 - jmassaguerpla@suse.com
- Add test subpackage and fix line numbers in patches
-------------------------------------------------------------------
Fri Jun 5 15:29:45 UTC 2015 - fcastelli@suse.com
- Fixed ppc64le name inside of spec file
-------------------------------------------------------------------
Fri Jun 5 15:23:47 UTC 2015 - fcastelli@suse.com
- Build docker on PPC and S390x using gcc-go provided by gcc5
* added sysconfig.docker.ppc64le: make docker daemon start on ppc64le
despite some iptables issues. To be removed soon
* ignore-dockerinit-checksum.patch: applied only when building with
gcc-go. Required to workaround a limitation of gcc-go
* gcc-go-build-static-libgo.patch: used only when building with gcc-go,
link libgo statically into docker itself.
-------------------------------------------------------------------
Mon Jun 1 15:47:59 UTC 2015 - fcastelli@suse.com
- Remove set-SCC_URL-env-variable.patch, the SCC_URL is now read
from SUSEConnect by the container service
-------------------------------------------------------------------
Mon Jun 1 13:03:24 UTC 2015 - fcastelli@suse.com
- Automatically set SCC_URL environment variable inside of the
containers by parsing the /etc/SUSEConnect.example file
* Add set-SCC_URL-env-variable.patch
-------------------------------------------------------------------
Mon Jun 1 10:00:55 UTC 2015 - fcastelli@suse.com
- Place SCC machine credentials inside of /run/secrets/credentials.d
* Edit docker-mount-scc-credentials.patch¬
-------------------------------------------------------------------
Thu May 28 15:10:09 UTC 2015 - dmacvicar@suse.de
- pass the SCC machine credentials to the container
* Add docker-mount-scc-credentials.patch
-------------------------------------------------------------------
Wed May 27 10:02:51 UTC 2015 - dmacvicar@suse.de
- build and install man pages
-------------------------------------------------------------------
Mon May 18 15:08:59 UTC 2015 - fcastelli@suse.com
- Update to version 1.6.2 (2015-05-13) [bnc#931301]
* Revert change prohibiting mounting into /sys
-------------------------------------------------------------------
Fri May 8 15:00:38 UTC 2015 - fcastelli@suse.com
Updated to version 1.6.1 (2015-05-07) [bnc#930235]
* Security
- Fix read/write /proc paths (CVE-2015-3630)
- Prohibit VOLUME /proc and VOLUME / (CVE-2015-3631)
- Fix opening of file-descriptor 1 (CVE-2015-3627)
- Fix symlink traversal on container respawn allowing local privilege escalation (CVE-2015-3629)
- Prohibit mount of /sys
* Runtime
- Update Apparmor policy to not allow mounts
- Updated libcontainer-apparmor-fixes.patch: adapt patch to reflect
changes introduced by docker 1.6.1
-------------------------------------------------------------------
Thu May 7 13:33:03 UTC 2015 - develop7@develop7.info
- Get rid of SocketUser and SocketGroup workarounds for docker.socket
-------------------------------------------------------------------
Fri Apr 17 14:02:13 UTC 2015 - fcastelli@suse.com
- Updated to version 1.6.0 (2015-04-07) [bnc#908033]
* Builder:
+ Building images from an image ID
+ build containers with resource constraints, ie `docker build --cpu-shares=100 --memory=1024m...`
+ `commit --change` to apply specified Dockerfile instructions while committing the image
+ `import --change` to apply specified Dockerfile instructions while importing the image
+ basic build cancellation
* Client:
+ Windows Support
* Runtime:
+ Container and image Labels
+ `--cgroup-parent` for specifying a parent cgroup to place container cgroup within
+ Logging drivers, `json-file`, `syslog`, or `none`
+ Pulling images by ID
+ `--ulimit` to set the ulimit on a container
+ `--default-ulimit` option on the daemon which applies to all created containers (and overwritten by `--ulimit` on run)
- Updated '0002-Stripped-dockerinit-binary.patch' to reflect changes inside of
the latest version of Docker.
- bnc#908033: support of Docker Registry API v2.
-------------------------------------------------------------------
Fri Apr 3 19:57:38 UTC 2015 - dmueller@suse.com
- enable build for armv7l
-------------------------------------------------------------------
Fri Apr 3 14:59:35 UTC 2015 - fcastelli@suse.com
- Updated docker.spec to fixed building with the latest version of our
Go pacakge.
- Updated 0002-Stripped-dockerinit-binary.patch to fix check made by
the docker daemon against the dockerinit binary.
-------------------------------------------------------------------
Fri Mar 27 10:29:35 UTC 2015 - fcastelli@suse.com
- Updated systemd service and socket units to fix socket activation
and to align with best practices recommended by upstram. Moreover
socket activation fixes bnc#920645.
-------------------------------------------------------------------
Wed Feb 11 13:59:01 UTC 2015 - fcastelli@suse.com
- Updated to 1.5.0 (2015-02-10):
* Builder:
- Dockerfile to use for a given `docker build` can be specified with
the `-f` flag
- Dockerfile and .dockerignore files can be themselves excluded as part
of the .dockerignore file, thus preventing modifications to these files
invalidating ADD or COPY instructions cache
- ADD and COPY instructions accept relative paths
- Dockerfile `FROM scratch` instruction is now interpreted as a no-base
specifier
- Improve performance when exposing a large number of ports
* Hack:
- Allow client-side only integration tests for Windows
- Include docker-py integration tests against Docker daemon as part of our
test suites
* Packaging:
- Support for the new version of the registry HTTP API
- Speed up `docker push` for images with a majority of already existing
layers
- Fixed contacting a private registry through a proxy
* Remote API:
- A new endpoint will stream live container resource metrics and can be
accessed with the `docker stats` command
- Containers can be renamed using the new `rename` endpoint and the
associated `docker rename` command
- Container `inspect` endpoint show the ID of `exec` commands running in
this container
- Container `inspect` endpoint show the number of times Docker
auto-restarted the container
- New types of event can be streamed by the `events` endpoint: OOM
(container died with out of memory), exec_create, and exec_start'
- Fixed returned string fields which hold numeric characters incorrectly
omitting surrounding double quotes
* Runtime:
- Docker daemon has full IPv6 support
- The `docker run` command can take the `--pid=host` flag to use the host
PID namespace, which makes it possible for example to debug host processes
using containerized debugging tools
- The `docker run` command can take the `--read-only` flag to make the
containers root filesystem mounted as readonly, which can be used in
combination with volumes to force a containers processes to only write to
locations that will be persisted
- Container total memory usage can be limited for `docker run` using the
`—memory-swap` flag
- Major stability improvements for devicemapper storage driver
- Better integration with host system: containers will reflect changes
to the host's `/etc/resolv.conf` file when restarted
- Better integration with host system: per-container iptable rules are moved
to the DOCKER chain
- Fixed container exiting on out of memory to return an invalid exit code
* Other:
- The HTTP_PROXY, HTTPS_PROXY, and NO_PROXY environment variables are
properly taken into account by the client when connecting to the
Docker daemon
-------------------------------------------------------------------
Thu Jan 15 10:00:07 UTC 2015 - fcastelli@suse.com
- Updated to 1.4.1 (2014-12-15):
* Runtime:
- Fix issue with volumes-from and bind mounts not being honored after
create (fixes bnc#913213)
-------------------------------------------------------------------
Thu Jan 15 09:41:20 UTC 2015 - fcastelli@suse.com
- Added e2fsprogs as runtime dependency, this is required when the
devicemapper driver is used. (bnc#913211).
- Fixed owner & group for docker.socket (thanks to Andrei Dziahel and
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752555#5)
-------------------------------------------------------------------
Fri Dec 12 16:13:30 UTC 2014 - fcastelli@suse.com
- Updated to 1.4.0 (2014-12-11):
* Notable Features since 1.3.0:
- Set key=value labels to the daemon (displayed in `docker info`), applied with
new `-label` daemon flag
- Add support for `ENV` in Dockerfile of the form:
`ENV name=value name2=value2...`
- New Overlayfs Storage Driver
- `docker info` now returns an `ID` and `Name` field
- Filter events by event name, container, or image
- `docker cp` now supports copying from container volumes
- Fixed `docker tag`, so it honors `--force` when overriding a tag for existing
image.
- Changes introduced by 1.3.3 (2014-12-11):
* Security:
- Fix path traversal vulnerability in processing of absolute symbolic links (CVE-2014-9356) - (bnc#909709)
- Fix decompression of xz image archives, preventing privilege escalation (CVE-2014-9357) - (bnc#909710)
- Validate image IDs (CVE-2014-9358) - (bnc#909712)
* Runtime:
- Fix an issue when image archives are being read slowly
* Client:
- Fix a regression related to stdin redirection
- Fix a regression with `docker cp` when destination is the current directory
-------------------------------------------------------------------
Wed Nov 26 11:27:06 UTC 2014 - fcastelli@suse.com
- Updated to 1.3.2 (2014-11-20) - fixes bnc#907012 (CVE-2014-6407) and
bnc#907014 (CVE-2014-6408)
* Security:
- Fix tar breakout vulnerability
- Extractions are now sandboxed chroot
- Security options are no longer committed to images
* Runtime:
- Fix deadlock in `docker ps -f exited=1`
- Fix a bug when `--volumes-from` references a container that failed to start
* Registry:
- `--insecure-registry` now accepts CIDR notation such as 10.1.0.0/16
- Private registries whose IPs fall in the 127.0.0.0/8 range do no need
the `--insecure-registry` flag
- Skip the experimental registry v2 API when mirroring is enabled
- Fixed minor packaging issues.
-------------------------------------------------------------------
Fri Oct 31 08:54:47 UTC 2014 - fcastelli@suse.com
- Updated to version 1.3.1 2014-10-28)
* Security:
- Prevent fallback to SSL protocols < TLS 1.0 for client, daemon and
registry [CVE-2014-5277]
- Secure HTTPS connection to registries with certificate verification and
without HTTP fallback unless `--insecure-registry` is specified
* Runtime:
- Fix issue where volumes would not be shared
* Client:
- Fix issue with `--iptables=false` not automatically
setting `--ip-masq=false`
- Fix docker run output to non-TTY stdout
* Builder:
- Fix escaping `$` for environment variables
- Fix issue with lowercase `onbuild` Dockerfile instruction
- Restrict envrionment variable expansion to `ENV`, `ADD`, `COPY`,
`WORKDIR`, `EXPOSE`, `VOLUME` and `USER`
-------------------------------------------------------------------
Mon Oct 20 08:38:30 UTC 2014 - fcastelli@suse.com
- Upgraded to version 1.3.0 (2014-10-14)
* docker `exec` allows you to run additional processes inside existing containers
* docker `create` gives you the ability to create a container via the cli without executing a process
* `--security-opts` options to allow user to customize container labels and apparmor profiles
* docker `ps` filters
* wildcard support to copy/add
* move production urls to get.docker.com from get.docker.io
* allocate ip address on the bridge inside a valid cidr
* use drone.io for pr and ci testing
* ability to setup an official registry mirror
* Ability to save multiple images with docker `save`
-------------------------------------------------------------------
Fri Sep 12 13:21:40 UTC 2014 - cbosdonnat@suse.com
- Generated AppArmor profile used mount rules which aren't supported
in our version of AppArmor. libcontainer-apparmor-fixes.patch
-------------------------------------------------------------------
Thu Sep 4 15:41:39 UTC 2014 - fcastelli@suse.com
- Updates to SUSE's readme file.
-------------------------------------------------------------------
Mon Aug 25 07:49:48 UTC 2014 - fcastelli@suse.com
- Upgraded to version 1.2.0:
* Runtime:
- Make /etc/hosts /etc/resolv.conf and /etc/hostname editable at runtime
- Auto-restart containers using policies
- Use /var/lib/docker/tmp for large temporary files
- `--cap-add` and `--cap-drop` to tweak what linux capability you want
- `--device` to use devices in containers
* Client:
- `docker search` on private registries
- Add `exited` filter to `docker ps --filter`
- `docker rm -f` now kills instead of stop
- Support for IPv6 addresses in `--dns` flag
* Proxy:
- Proxy instances in separate processes
- Small bug fix on UDP proxy
-------------------------------------------------------------------
Fri Aug 8 15:31:41 UTC 2014 - fcastelli@suse.com
- Final changes to README_SUSE.md
-------------------------------------------------------------------
Fri Aug 8 10:28:48 UTC 2014 - fcastelli@suse.com
- Added other small fixes to README_SUSE.md
-------------------------------------------------------------------
Thu Aug 7 14:06:30 UTC 2014 - fcastelli@suse.com
- Small improvements to README_SUSE.md
-------------------------------------------------------------------
Thu Aug 7 13:29:30 UTC 2014 - fcastelli@suse.com
- Removed useless sysctl rule.
- Added README_SUSE.md
-------------------------------------------------------------------
Fri Jul 25 06:17:04 UTC 2014 - fcastelli@suse.com
- Updated to 1.1.2:
* Runtime:
- Fix port allocation for existing containers
- Fix containers restart on daemon restart
- Updated conflict condition with LXC package.
-------------------------------------------------------------------
Fri Jul 18 09:38:47 UTC 2014 - fcastelli@suse.com
- Add apparmor-parser runtime dependency
-------------------------------------------------------------------
Fri Jul 18 08:44:29 UTC 2014 - fcastelli@suse.com
- Build with AppArmor and SELinux support
-------------------------------------------------------------------
Wed Jul 16 13:37:23 UTC 2014 - fcastelli@suse.com
- Ensure docker can be built only on x86_64
-------------------------------------------------------------------
Wed Jul 16 09:07:45 UTC 2014 - fcastelli@suse.com
- Added docker-rpmlintrc to list of source files
-------------------------------------------------------------------
Mon Jul 14 09:39:40 UTC 2014 - fcastelli@suse.com
- Updated to 1.1.1, notables features since 1.0.0:
* Add `.dockerignore` support
* Pause containers during `docker commit`
* Add `--tail` to `docker logs`
* Enhance security for the LXC driver
- Builder
* Fix issue with ADD
* Allow a tar file as context for `docker build`
* Fix issue with white-spaces and multi-lines in `Dockerfiles`
* Fix `ONBUILD` instruction passed to grandchildren
- Runtime
* Overall performance improvements
* Allow `/` as source of `docker run -v`
* Fix port allocation
* Fix bug in `docker save`
* Add links information to `docker inspect`
* Fix events subscription
* Fix /etc/hostname file with host networking
* Allow `-h` and `--net=none`
* Fix issue with hotplug devices in `--privileged`
- Client
* Improve command line parsing for `docker commit`
* Fix artifacts with events
* Fix a panic with empty flags
- Remote API
* Improve status code for the `start` and `stop` endpoints
- Miscellaneous
* Fix several races
-------------------------------------------------------------------
Mon Jul 14 09:03:23 UTC 2014 - fcastelli@suse.com
- Fix CVE-2014-3499: systemd socket activation results in privilege escalation [bnc#885209]
-------------------------------------------------------------------
Tue Jun 10 15:58:24 UTC 2014 - fcastelli@suse.com
- add exclusivearch to reduce to architectures with a working "go" package
(patch submitted by Rudy).
-------------------------------------------------------------------
Mon Jun 9 21:09:28 UTC 2014 - fcastelli@suse.com
- Updated to 1.0.0, Notable features since 0.12.0
* Production support
-------------------------------------------------------------------
Mon Jun 9 14:58:12 UTC 2014 - fcastelli@suse.com
- Upgraded to 0.12.0:
* New `COPY` Dockerfile instruction to allow copying a local file from the context into the container without ever extracting if the file is a tar file
* Inherit file permissions from the host on `ADD`
* New `pause` and `unpause` commands to allow pausing and unpausing of containers using cgroup freezer
* The `images` command has a `-f`/`--filter` option to filter the list of images
* Add `--force-rm` to clean up after a failed build
* Standardize JSON keys in Remote API to CamelCase
* Pull from a docker run now assumes `latest` tag if not specified
* Enhance security on Linux capabilities and device nodes
-------------------------------------------------------------------
Wed May 21 15:24:11 UTC 2014 - fcastelli@suse.com
- Do not require ca-certificates-cert package at runtime, it's not needed.
-------------------------------------------------------------------
Wed May 21 14:22:47 UTC 2014 - fcastelli@suse.com
- Disabled AUFS backend at build time, we are never going to support that.
- Updated rpmlint to ignore missing man page of docker.
-------------------------------------------------------------------
Wed May 21 08:10:48 UTC 2014 - smoioli@suse.com
- Fixes a merge issue with TTYs: https://github.com/dotcloud/docker/pull/4882
-------------------------------------------------------------------
Thu May 15 15:04:51 UTC 2014 - fcastelli@suse.com
- Ensure /etc/sysconfig/docker file is created upon package installation.
-------------------------------------------------------------------
Thu May 15 14:35:39 UTC 2014 - fcastelli@suse.com
- Updated rpmlintrc
-------------------------------------------------------------------
Thu May 15 13:45:03 UTC 2014 - fcastelli@suse.com
- Do not specify a custon DOCKERINIT_PATH at build time.
-------------------------------------------------------------------
Thu May 15 13:21:44 UTC 2014 - fcastelli@suse.com
- Removed 0001-Allowed-installation-of-dockerinit-into-usr-lib64.patch, leave
dockerinit installed inside of /usr/lib/docker.
-------------------------------------------------------------------
Thu May 15 13:05:20 UTC 2014 - fcastelli@suse.com
- Added sysconfig file to handle docker environment file.
-------------------------------------------------------------------
Thu May 8 08:09:17 UTC 2014 - fcastelli@suse.com
- Update to 0.11.1:
* Registry:
- Fix push and pull to private registry
- 0.11.0 changes:
* SELinux support for mount and process labels
* Linked containers can be accessed by hostname
* Use the net `--net` flag to allow advanced network configuration such as host networking so that containers can use the host's network interfaces
* Add a ping endpoint to the Remote API to do healthchecks of your docker daemon
* Logs can now be returned with an optional timestamp
* Docker now works with registries that support SHA-512
* Multiple registry endpoints are supported to allow registry mirrors
-------------------------------------------------------------------
Wed Apr 9 07:28:35 UTC 2014 - fcastelli@suse.com
- Updated to version 0.10.0:
* Builder:
- Fix printing multiple messages on a single line. Fixes broken output during builds.
- Follow symlinks inside container's root for ADD build instructions.
- Fix EXPOSE caching.
* Contrib:
- Add variable for DOCKER_LOGFILE to sysvinit and use append instead of overwrite in opening the logfile.
- Fix init script cgroup mounting workarounds to be more similar to cgroupfs-mount and thus work properly.
- Remove inotifywait hack from the upstart host-integration example because it's not necessary any more.
- Add check-config script to contrib.
- Fix fish shell completion.
* Remote API:
- Add TLS auth support for API.
- Move git clone from daemon to client.
- Fix content-type detection in docker cp.
- Split API into 2 go packages.
* Runtime:
- Support hairpin NAT without going through Docker server.
- devicemapper: succeed immediately when removing non-existing devices.
- devicemapper: improve handling of devicemapper devices (add per device lock, increase sleep time and unlock while sleeping).
- devicemapper: increase timeout in waitClose to 10 seconds.
- devicemapper: ensure we shut down thin pool cleanly.
- devicemapper: pass info, rather than hash to activateDeviceIfNeeded, deactivateDevice, setInitialized, deleteDevice.
- devicemapper: avoid AB-BA deadlock.
- devicemapper: make shutdown better/faster.
- improve alpha sorting in mflag.
- Remove manual http cookie management because the cookiejar is being used.
- Use BSD raw mode on Darwin. Fixes nano, tmux and others.
- Add FreeBSD support for the client.
- Merge auth package into registry.
- Add deprecation warning for -t on `docker pull`.
- Remove goroutine leak on error.
- Update parseLxcInfo to comply with new lxc1.0 format.
- Fix attach exit on darwin.
- Improve deprecation message.
- Retry to retrieve the layer metadata up to 5 times for `docker pull`.
- Only unshare the mount namespace for execin.
- Merge existing config when committing.
- Disable daemon startup timeout.
- Fix issue #4681: add loopback interface when networking is disabled.
- Add failing test case for issue #4681.
- Send SIGTERM to child, instead of SIGKILL.
- Show the driver and the kernel version in `docker info` even when not in debug mode.
- Always symlink /dev/ptmx for libcontainer. This fixes console related problems.
- Fix issue caused by the absence of /etc/apparmor.d.
- Don't leave empty cidFile behind when failing to create the container.
- Mount cgroups automatically if they're not mounted already.
- Use mock for search tests.
- Update to double-dash everywhere.
- Move .dockerenv parsing to lxc driver.
- Move all bind-mounts in the container inside the namespace.
- Don't use separate bind mount for container.
- Always symlink /dev/ptmx for libcontainer.
- Don't kill by pid for other drivers.
- Add initial logging to libcontainer.
- Sort by port in `docker ps`.
- Move networking drivers into runtime top level package.
- Add --no-prune to `docker rmi`.
- Add time since exit in `docker ps`.
- graphdriver: add build tags.
- Prevent allocation of previously allocated ports & prevent improve port allocation.
- Add support for --since/--before in `docker ps`.
- Clean up container stop.
- Add support for configurable dns search domains.
- Add support for relative WORKDIR instructions.
- Add --output flag for docker save.
- Remove duplication of DNS entries in config merging.
- Add cpuset.cpus to cgroups and native driver options.
- Remove docker-ci.
- Promote btrfs. btrfs is no longer considered experimental.
- Add --input flag to `docker load`.
- Return error when existing bridge doesn't match IP address.
- Strip comments before parsing line continuations to avoid interpreting instructions as comments.
- Fix TestOnlyLoopbackExistsWhenUsingDisableNetworkOption to ignore "DOWN" interfaces.
- Add systemd implementation of cgroups and make containers show up as systemd units.
- Fix commit and import when no repository is specified.
- Remount /var/lib/docker as --private to fix scaling issue.
- Use the environment's proxy when pinging the remote registry.
- Reduce error level from harmless errors.
- Allow --volumes-from to be individual files.
- Fix expanding buffer in StdCopy.
- Set error regardless of attach or stdin. This fixes #3364.
- Add support for --env-file to load environment variables from files.
- Symlink /etc/mtab and /proc/mounts.
- Allow pushing a single tag.
- Shut down containers cleanly at shutdown and wait forever for the containers to shut down. This makes container shutdown on daemon shutdown work properly via SIGTERM.
- Don't throw error when starting an already running container.
- Fix dynamic port allocation limit.
- remove setupDev from libcontainer.
- Add API version to `docker version`.
- Return correct exit code when receiving signal and make SIGQUIT quit without cleanup.
- Fix --volumes-from mount failure.
- Allow non-privileged containers to create device nodes.
- Skip login tests because of external dependency on a hosted service.
- Deprecate `docker images --tree` and `docker images --viz`.
- Deprecate `docker insert`.
- Include base abstraction for apparmor. This fixes some apparmor related problems on Ubuntu 14.04.
- Add specific error message when hitting 401 over HTTP on push.
- Fix absolute volume check.
- Remove volumes-from from the config.
- Move DNS options to hostconfig.
- Update the apparmor profile for libcontainer.
- Add deprecation notice for `docker commit -run`.
-------------------------------------------------------------------
Wed Mar 26 16:47:03 UTC 2014 - fcastelli@suse.com
- Updated to 0.9.1:
* Builder:
- Fix printing multiple messages on a single line. Fixes broken output during builds.
* Remote API:
- Fix content-type detection in `docker cp`.
* Runtime:
- Use BSD raw mode on Darwin. Fixes nano, tmux and others.
- Only unshare the mount namespace for execin.
- Retry to retrieve the layer metadata up to 5 times for `docker pull`.
- Merge existing config when committing.
- Fix panic in monitor.
- Disable daemon startup timeout.
- Fix issue #4681: add loopback interface when networking is disabled.
- Add failing test case for issue #4681.
- Send SIGTERM to child, instead of SIGKILL.
- Show the driver and the kernel version in `docker info` even when not in debug mode.
- Always symlink /dev/ptmx for libcontainer. This fixes console related problems.
- Fix issue caused by the absence of /etc/apparmor.d.
- Don't leave empty cidFile behind when failing to create the container.
- Improve deprecation message.
- Fix attach exit on darwin.
- devicemapper: improve handling of devicemapper devices (add per device lock, increase sleep time, unlock while sleeping).
- devicemapper: succeed immediately when removing non-existing devices.
- devicemapper: increase timeout in waitClose to 10 seconds.
- Remove goroutine leak on error.
- Update parseLxcInfo to comply with new lxc1.0 format.
-------------------------------------------------------------------
Tue Mar 25 21:06:35 UTC 2014 - fcastelli@suse.com
- Updated to docker 0.9.0:
* Builder:
- Avoid extra mount/unmount during build. This fixes mount/unmount related errors during build.
- Add error to docker build --rm. This adds missing error handling.
- Forbid chained onbuild, `onbuild from` and `onbuild maintainer` triggers.
- Make `--rm` the default for `docker build`.
* Remote API:
- Move code specific to the API to the api package.
- Fix header content type for the API. Makes all endpoints use proper content type.
- Fix registry auth & remove ping calls from CmdPush and CmdPull.
- Add newlines to the JSON stream functions.
* Runtime:
- Do not ping the registry from the CLI. All requests to registres flow through the daemon.
- Check for nil information return in the lxc driver. This fixes panics with older lxc versions.
- Devicemapper: cleanups and fix for unmount. Fixes two problems which were causing unmount to fail intermittently.
- Devicemapper: remove directory when removing device. Directories don't get left behind when removing the device.
- Devicemapper: enable skip_block_zeroing. Improves performance by not zeroing blocks.
- Devicemapper: fix shutdown warnings. Fixes shutdown warnings concerning pool device removal.
- Ensure docker cp stream is closed properly. Fixes problems with files not being copied by `docker cp`.
- Stop making `tcp://` default to `127.0.0.1:4243` and remove the default port for tcp.
- Fix `--run` in `docker commit`. This makes `docker commit --run` work again.
- Fix custom bridge related options. This makes custom bridges work again.
- Mount-bind the PTY as container console. This allows tmux/screen to run.
- Add the pure Go libcontainer library to make it possible to run containers using only features of the Linux kernel.
- Add native exec driver which uses libcontainer and make it the default exec driver.
- Add support for handling extended attributes in archives.
- Set the container MTU to be the same as the host MTU.
- Add simple sha256 checksums for layers to speed up `docker push`.
- Improve kernel version parsing.
- Allow flag grouping (`docker run -it`).
- Remove chroot exec driver.
- Fix divide by zero to fix panic.
- Rewrite `docker rmi`.
- Fix docker info with lxc 1.0.0.
- Fix fedora tty with apparmor.
- Don't always append env vars, replace defaults with vars from config.
- Fix a goroutine leak.
- Switch to Go 1.2.1.
- Fix unique constraint error checks.
- Handle symlinks for Docker's data directory and for TMPDIR.
- Add deprecation warnings for flags (-flag is deprecated in favor of --flag)
- Add apparmor profile for the native execution driver.
- Move system specific code from archive to pkg/system.
- Fix duplicate signal for `docker run -i -t` (issue #3336).
- Return correct process pid for lxc.
- Add a -G option to specify the group which unix sockets belong to.
- Add `-f` flag to `docker rm` to force removal of running containers.
- Kill ghost containers and restart all ghost containers when the docker daemon restarts.
- Add `DOCKER_RAMDISK` environment variable to make Docker work when the root is on a ramdisk.
- Updated requirements according to 0.9.0 release notes.
-------------------------------------------------------------------
Wed Feb 19 08:35:27 UTC 2014 - fcastelli@suse.com
- updated to Docker 0.8.1
* Builder:
- Avoid extra mount/unmount during build. This removes an unneeded
mount/unmount operation which was causing problems with devicemapper
- Fix regression with ADD of tar files. This stops Docker from
decompressing tarballs added via ADD from the local file system
- Add error to `docker build --rm`. This adds a missing error check to
ensure failures to remove containers are detected and reported
* Remote API:
- Fix broken images API for version less than 1.7
- Use the right encoding for all API endpoints which return JSON
- Move remote api client to api/
- Queue calls to the API using generic socket wait
* Runtime:
- Fix the use of custom settings for bridges and custom bridges
- Refactor the devicemapper code to avoid many mount/unmount race
conditions and failures
- Remove two panics which could make Docker crash in some situations
- Don't ping registry from the CLI client
- Enable skip_block_zeroing for devicemapper. This stops devicemapper from
always zeroing entire blocks
- Fix --run in `docker commit`. This makes docker commit store `--run`
in the image configuration
- Remove directory when removing devicemapper device. This cleans up
leftover mount directories
- Drop NET_ADMIN capability for non-privileged containers. Unprivileged
containers can't change their network configuration
- Ensure `docker cp` stream is closed properly
- Avoid extra mount/unmount during container registration. This removes
an unneeded mount/unmount operation which was causing problems with
devicemapper
- Stop allowing tcp:// as a default tcp bin address which binds to
127.0.0.1:4243 and remove the default port
- Mount-bind the PTY as container console. This allows tmux and screen to
run in a container
- Clean up archive closing. This fixes and improves archive handling
- Fix engine tests on systems where temp directories are symlinked
- Add test methods for save and load
- Avoid temporarily unmounting the container when restarting it. This
fixes a race for devicemapper during restart
- Support submodules when building from a GitHub repository
- Quote volume path to allow spaces
- Fix remote tar ADD behavior. This fixes a regression which was
causing Docker to extract tarballs
-------------------------------------------------------------------
Thu Feb 13 09:07:39 UTC 2014 - fcastelli@suse.com
- Ensure lxc >= 1.0 is not installed on the system, this version is
not compatible with docker yet.
-------------------------------------------------------------------
Thu Feb 6 08:48:22 UTC 2014 - fcastelli@suse.com
- updated to docker 0.8.0:
* Images and containers can be removed much faster
* Building an image from source with docker build is now much faster
* The Docker daemon starts and stops much faster
* The memory footprint of many common operations has been reduced, by
streaming files instead of buffering them in memory, fixing memory leaks,
and fixing various suboptimal memory allocations
* Several race conditions were fixed, making Docker more stable under very
high concurrency load. This makes Docker more stable and less likely to
crash and reduces the memory footprint of many common operations
* All packaging operations are now built on the Go languages standard tar
implementation, which is bundled with Docker itself. This makes packaging
more portable across host distributions, and solves several issues caused
by quirks and incompatibilities between different distributions of tar
* Docker can now create, remove and modify larger numbers of containers and
images graciously thanks to more aggressive releasing of system resources.
For example the storage driver API now allows Docker to do reference
counting on mounts created by the drivers. With the ongoing changes to the
networking and execution subsystems of docker testing these areas have been
a focus of the refactoring. By moving these subsystems into separate
packages we can test, analyze, and monitor coverage and quality of these
packages
* The Docker daemon supports systemd socket activation
* Docker now ships with an experimental storage driver which uses the BTRFS
filesystem for copy-on-write
* The ADD instruction now supports caching, which avoids unnecessarily
re-uploading the same source content again and again when it hasnt changed
* The new ONBUILD instruction adds to your image a “trigger” instruction to be
executed at a later time, when the image is used as the base for another
build
* Many components have been separated into smaller sub-packages, each with a
dedicated test suite. As a result the code is better-tested, more readable
and easier to change
* Docker is officially supported on Mac OSX
-------------------------------------------------------------------
Fri Jan 31 18:14:09 UTC 2014 - f_koch@gmx.de
- Fix udev file name
-------------------------------------------------------------------
Sat Jan 25 14:04:50 UTC 2014 - fcastelli@suse.com
- Added again the patch which forces the docker binary to look for the
dockerinit file into the right location. Docker's official build system
is still bugged.
-------------------------------------------------------------------
Sat Jan 25 11:05:42 UTC 2014 - fcastelli@suse.com
- updated to 0.7.6:
* Builder:
- Do not follow symlink outside of build context
* Runtime:
- Remount bind mounts when ro is specified
- Use https for fetching docker version
* Other:
- Inline the test.docker.io fingerprint
- Add ca-certificates to packaging documentation
- rpm changes:
* remove patch which forced docker to loook for the dockerinit binary into
/usr/lib64/docker. Docker's build system now accepts an environment
variable to address this issue.
* install udev rules inside of /usr/lib/udev as requested by rpmlint.
-------------------------------------------------------------------
Fri Jan 10 10:44:23 UTC 2014 - fcastelli@suse.com
- updated to 0.7.5:
* Builder:
- Disable compression for build. More space usage but a much faster upload
- Fix ADD caching for certain paths
- Do not compress archive from git build
* Documentation:
* Fix error in GROUP add example
* Make sure the GPG fingerprint is inline in the documentation
* Give more specific advice on setting up signing of commits for DCO
* Runtime:
* Fix misspelled container names
* Do not add hostname when networking is disabled
* Return most recent image from the cache by date
* Return all errors from docker wait
* Add Content-Type Header "application/json" to GET /version and /info responses
* Other:
- Update DCO to version 1.1
- Update Makefile to use "docker:GIT_BRANCH" as the generated image name
- Update Travis to check for new 1.1 DCO version
- 0.7.4 changes:
* Builder:
- Fix ADD caching issue with . prefixed path
- Fix docker build on devicemapper by reverting sparse file tar option
- Fix issue with file caching and prevent wrong cache hit
- Use same error handling while unmarshalling CMD and ENTRYPOINT
* Documentation:
- Simplify and streamline Amazon Quickstart
- Install instructions use unprefixed fedora image
- Update instructions for mtu flag for Docker on GCE
- Add Ubuntu Saucy to installation
- Fix for wrong version warning on master instead of latest
* Runtime:
- Only get the image's rootfs when we need to calculate the image size
- Correctly handle unmapping UDP ports
- Make CopyFileWithTar use a pipe instead of a buffer to save memory on docker build
- Fix login message to say pull instead of push
- Fix "docker load" help by removing "SOURCE" prompt and mentioning STDIN
- Make blank -H option default to the same as no -H was sent
- Extract cgroups utilities to own submodule
* Other:
- Add Travis CI configuration to validate DCO and gofmt requirements
- Add Developer Certificate of Origin Text
- Upgrade VBox Guest Additions
- Check standalone header when pinging a registry server
-------------------------------------------------------------------
Tue Jan 7 12:48:30 UTC 2014 - fcastelli@suse.com
- Spec file cleanup: removed useless SUSE versions checks around bash and zsh
completion sub packages.
- Updated runtime dependencies according to what reported by the official
documentation.
-------------------------------------------------------------------
Tue Jan 7 08:26:37 UTC 2014 - fcastelli@suse.com
- Updated to 0.7.3:
* Builder:
- Update ADD to use the image cache, based on a hash of the added content
- Add error message for empty Dockerfile
* Documentation:
- Fix outdated link to the "Introduction" on www.docker.io
- Update the docs to get wider when the screen does
- Add information about needing to install LXC when using raw binaries
- Update Fedora documentation to disentangle the docker and docker.io conflict
- Add a note about using the new `-mtu` flag in several GCE zones
- Add FrugalWare installation instructions
- Add a more complete example of `docker run`
- Fix API documentation for creating and starting Privileged containers
- Add missing "name" parameter documentation on "/containers/create"
- Add a mention of `lxc-checkconfig` as a way to check for some of the necessary kernel configuration
- Update the 1.8 API documentation with some additions that were added to the docs for 1.7
* Hack:
- Add missing libdevmapper dependency to the packagers documentation
- Update minimum Go requirement to a hard line at Go 1.2+
- Many minor improvements to the Vagrantfile
- Add ability to customize dockerinit search locations when compiling (to be used very sparingly only by packagers of platforms who require a nonstandard location)
- Add coverprofile generation reporting
- Add `-a` to our Go build flags, removing the need for recompiling the stdlib manually
- Update Dockerfile to be more canonical and have less spurious warnings during build
- Fix some miscellaneous `docker pull` progress bar display issues
- Migrate more miscellaneous packages under the "pkg" folder
- Update TextMate highlighting to automatically be enabled for files named "Dockerfile"
- Reorganize syntax highlighting files under a common "contrib/syntax" directory
- Update install.sh script (https://get.docker.io/) to not fail if busybox fails to download or run at the end of the Ubuntu/Debian installation
- Add support for container names in bash completion
* Packaging:
- Add an official Docker client binary for Darwin (Mac OS X)
- Remove empty "Vendor" string and added "License" on deb package
- Add a stubbed version of "/etc/default/docker" in the deb package
* Runtime:
- Update layer application to extract tars in place, avoiding file churn while handling whiteouts
- Fix permissiveness of mtime comparisons in tar handling (since GNU tar and Go tar do not yet support sub-second mtime precision)
- Reimplement `docker top` in pure Go to work more consistently, and even inside Docker-in-Docker (thus removing the shell injection vulnerability present in some versions of `lxc-ps`)
- Update `-H unix://` to work similarly to `-H tcp://` by inserting the default values for missing portions
- Fix more edge cases regarding dockerinit and deleted or replaced docker or dockerinit files
- Update container name validation to include '.'
- Fix use of a symlink or non-absolute path as the argument to `-g` to work as expected
- Update to handle external mounts outside of LXC, fixing many small mounting quirks and making future execution backends and other features simpler
- Update to use proper box-drawing characters everywhere in `docker images -tree`
- Move MTU setting from LXC configuration to directly use netlink
- Add `-S` option to external tar invocation for more efficient spare file handling
- Add arch/os info to User-Agent string, especially for registry requests
- Add `-mtu` option to Docker daemon for configuring MTU
- Fix `docker build` to exit with a non-zero exit code on error
- Add `DOCKER_HOST` environment variable to configure the client `-H` flag without specifying it manually for every invocation
-------------------------------------------------------------------
Wed Dec 18 08:35:14 UTC 2013 - fcastelli@suse.com
- Removed docker.init file from OBS, it's no longer needed since we
moved to systemd.
-------------------------------------------------------------------
Tue Dec 17 17:25:47 UTC 2013 - fcastelli@suse.com
- Required git-core rather than the full package chain.
-------------------------------------------------------------------
Tue Dec 17 10:59:08 UTC 2013 - fcastelli@suse.com
- Fixed openSUSE 12.3 package by adding explicit requirement of
systemd-devel package at build time.
-------------------------------------------------------------------
Tue Dec 17 10:09:04 UTC 2013 - fcastelli@suse.com
- Updated to docker 0.7.2:
* Runtime:
- Validate container names on creation with standard regex
- Increase maximum image depth to 127 from 42
- Continue to move api endpoints to the job api
- Add -bip flag to allow specification of dynamic bridge IP via CIDR
- Allow bridge creation when ipv6 is not enabled on certain systems
- Set hostname and IP address from within dockerinit
- Drop capabilities from within dockerinit
- Fix volumes on host when symlink is present the image
- Prevent deletion of image if ANY container is depending on it even if the container is not running
- Update docker push to use new progress display
- Use os.Lstat to allow mounting unix sockets when inspecting volumes
- Adjusted handling of inactive user login
- Add missing defines in devicemapper for older kernels
- Allow untag operations with no container validation
- Add auth config to docker build
* Documentation:
- Add more information about Docker logging
- Add RHEL documentation
- Add a direct example for changing the CMD that is run in a container
- Update Arch installation documentation
- Add section on Trusted Builds
- Add Network documentation page
* Other:
- Add new cover bundle for providing code coverage reporting
- Separate integration tests in bundles
- Make Tianon the hack maintainer
- Update mkimage-debootstrap with more tweaks for keeping images small
- Use https to get the install script
- Remove vendored dotcloud/tar now that Go 1.2 has been released
- Marked /etc/sysctl.d/200-docker.conf as configuration file within the spec file.
- Added 'ca-certificates-cacert' as runtime dependency, this is required to pull
containers from docker's official repository.
-------------------------------------------------------------------
Thu Dec 12 08:41:30 UTC 2013 - fcastelli@suse.com
- Removed dnsmasq dependency
- Added GNU tar as an explicit dependency
- Moved to systemd
- Updated to docker 0.7.1:
* Add @SvenDowideit as documentation maintainer
* Add links example
* Add documentation regarding ambassador pattern
* Add Google Cloud Platform docs
* Add dockerfile best practices
* Update doc for RHEL
* Update doc for registry
* Update Postgres examples
* Update doc for Ubuntu install
* Improve remote api doc
- modified patches:
* 0001-Allowed-installation-of-dockerinit-into-usr-lib64.patch: changed
to apply against the updated codebase.
-------------------------------------------------------------------
Thu Nov 28 10:18:12 UTC 2013 - fcastelli@suse.com
- Updated runtime dependencies according to docker's official guidelines.
-------------------------------------------------------------------
Thu Nov 28 09:25:05 UTC 2013 - fcastelli@suse.com
- Fixed packaging errors:
* dockerinit binary was not built, causing docker to be unusable.
* added custom rpmlint rules.
-------------------------------------------------------------------
Tue Nov 26 15:59:38 UTC 2013 - fcastelli@suse.com
* rpm changes:
* do no longer require a AUFS cable kernel at runtime.
* build docker using intree dependencies provided by upstream.
* created zsh completion sub-package.
* 0.7.0 (2013-11-25)
- Storage drivers: choose from aufs, device mapper, vfs or btrfs.
- Standard Linux support: docker now runs on unmodified linux kernels and all major distributions.
- Links: compose complex software stacks by connecting containers to each other.
- Container naming: organize your containers by giving them memorable names.
- Advanced port redirects: specify port redirects per interface, or keep sensitive ports private.
- Offline transfer: push and pull images to the filesystem without losing information.
- Quality: numerous bugfixes and small usability improvements. Significant increase in test coverage.
* 0.6.7 (2013-11-21)
- Improved stability, fixes some race conditons
- Skip the volumes mounted when deleting the volumes of container.
- Fix layer size computation: handle hard links correctly
- Use the work Path for docker cp CONTAINER:PATH
- Fix tmp dir never cleanup
- Speedup docker ps
- More informative error message on name collisions
- Fix nameserver regex
- Always return long id's
- Fix container restart race condition
- Keep published ports on docker stop;docker start
- Fix container networking on Fedora
- Correctly express "any address" to iptables
- Fix network setup when reconnecting to ghost container
- Prevent deletion if image is used by a running container
- Lock around read operations in graph
- remote API: return full ID on docker rmi
- client:
- Add -tree option to images
- Offline image transfer
- Exit with status 2 on usage error and display usage on stderr
- Do not forward SIGCHLD to container
- Use string timestamp for docker events -since
* 0.6.6 (2013-11-06)
- Ensure container name on register
- Fix regression in /etc/hosts
- Add lock around write operations in graph
- Check if port is valid
- Fix restart runtime error with ghost container networking
- Added some more colors and animals to increase the pool of generated names
- Fix issues in docker inspect
- Escape apparmor confinement
- Set environment variables using a file.
- Prevent docker insert to erase something
- Prevent DNS server conflicts in CreateBridgeIface
- Validate bind mounts on the server side
- Use parent image config in docker build
- Fix regression in /etc/hosts
- Client:
* Add -P flag to publish all exposed ports
* Add -notrunc and -q flags to docker history
* Fix docker commit, tag and import usage
* Add stars, trusted builds and library flags in docker search
* Fix docker logs with tty
- RemoteAPI:
* Make /events API send headers immediately
* Do not split last column docker top
+ Add size to history
* 0.6.5 (2013-10-29)
- Containers can now be named
- Containers can now be linked together for service discovery
- 'run -a', 'start -a' and 'attach' can forward signals to the container for better integration with process supervisors
- Automatically start crashed containers after a reboot
- Expose IP, port, and proto as separate environment vars for container links
- Allow ports to be published to specific ips
- Prohibit inter-container communication by default
- Ignore ErrClosedPipe for stdin in Container.Attach
- Remove unused field kernelVersion
- Fix issue when mounting subdirectories of /mnt in container
- Fix untag during removal of images
- Check return value of syscall.Chdir when changing working directory inside dockerinit
- Client:
- Only pass stdin to hijack when needed to avoid closed pipe errors
- Use less reflection in command-line method invocation
- Monitor the tty size after starting the container, not prior
- Remove useless os.Exit() calls after log.Fatal
- Documentation: Fix the flags for nc in example
- Testing: Remove warnings and prevent mount issues
- Testing: Change logic for tty resize to avoid warning in tests
- Builder: Fix race condition in docker build with verbose output
- Registry: Fix content-type for PushImageJSONIndex method
- Contrib: Improve helper tools to generate debian and Arch linux server images
* 0.6.4 (2013-10-16)
- Add cleanup of container when Start() fails
- Add better comments to utils/stdcopy.go
- Add utils.Errorf for error logging
- Add -rm to docker run for removing a container on exit
- Remove error messages which are not actually errors
- Fix `docker rm` with volumes
- Fix some error cases where a HTTP body might not be closed
- Fix panic with wrong dockercfg file
- Fix the attach behavior with -i
- Record termination time in state.
- Use empty string so TempDir uses the OS's temp dir automatically
- Make sure to close the network allocators
- Autorestart containers by default
- Bump vendor kr/pty to commit 3b1f6487b `(syscall.O_NOCTTY)`
- lxc: Allow set_file_cap capability in container
- Move run -rm to the cli only
- Split stdout stderr
- Always create a new session for the container
- Builder: Abort build if mergeConfig returns an error and fix duplicate error message
- Packaging: Remove deprecated packaging directory
- Registry: Use correct auth config when logging in.
- Registry: Fix the error message so it is the same as the regex
-------------------------------------------------------------------
Wed Oct 2 12:04:09 UTC 2013 - fcastelli@suse.com
* 0.6.3 (2013-09-23)
- Client: Fix detach issue
- Runtime: Only copy and change permissions on non-bindmount volumes
- Registry: Update regular expression to match index
* Runtime: Allow multiple volumes-from
* Packaging: Download apt key over HTTPS
* Documentation: Update section on extracting the docker binary after build
* Documentation: Update development environment docs for new build process
* Documentation: Remove 'base' image from documentation
* Packaging: Add 'docker' group on install for ubuntu package
- Runtime: Fix HTTP imports from STDIN
-------------------------------------------------------------------
Thu Sep 26 10:33:21 UTC 2013 - fcastelli@suse.com
- Fixed build on SLE_11_SP3
-------------------------------------------------------------------
Mon Sep 23 10:17:17 UTC 2013 - fcastelli@suse.com
- Fixed git commit version: the wrong version was showed by 'docker version'.
-------------------------------------------------------------------
Mon Sep 23 09:56:42 UTC 2013 - fcastelli@suse.com
* 0.6.2 (2013-09-17)
Hack: Vendor all dependencies
Builder: Add -rm option in order to remove intermediate containers
Runtime: Add domainname support
Runtime: Implement image filtering with path.Match
Builder: Allow multiline for the RUN instruction
Runtime: Remove unnecesasry warnings
Runtime: Only mount the hostname file when the config exists
Runtime: Handle signals within the docker login command
Runtime: Remove os/user dependency
Registry: Implement login with private registry
Remote API: Bump to v1.5
Packaging: Break down hack/make.sh into small scripts, one per 'bundle': test, binary, ubuntu etc.
Documentation: General improvments
Runtime: UID and GID are now also applied to volumes
Runtime: docker start set error code upon error
Runtime: docker run set the same error code as the process started
Registry: Fix push issues
-------------------------------------------------------------------
Mon Aug 26 14:22:34 UTC 2013 - fcastelli@suse.com
* 0.6.1 (2013-08-23)
Registry: Pass "meta" headers in API calls to the registry
Packaging: Use correct upstart script with new build tool
Packaging: Use libffi-dev, don't build it from sources
Packaging: Removed duplicate mercurial install command
* 0.6.0 (2013-08-22)
Runtime: Load authConfig only when needed and fix useless WARNING
Runtime: Add lxc-conf flag to allow custom lxc options
Runtime: Fix race conditions in parallel pull
Runtime: Improve CMD, ENTRYPOINT, and attach docs.
Documentation: Small fix to docs regarding adding docker groups
Documentation: Add MongoDB image example
Builder: Add USER instruction do Dockerfile
Documentation: updated default -H docs
Remote API: Sort Images by most recent creation date.
Builder: Add workdir support for the Buildfile
Runtime: Add an option to set the working directory
Runtime: Show tag used when image is missing
Documentation: Update readme with dependencies for building
Documentation: Add instructions for creating and using the docker group
Remote API: Reworking opaque requests in registry module
Runtime: Fix Graph ByParent() to generate list of child images per parent image.
Runtime: Add Image name to LogEvent tests
Documentation: Add sudo to examples and installation to documentation
Hack: Bash Completion: Limit commands to containers of a relevant state
Remote API: Add image name in /events
Runtime: Apply volumes-from before creating volumes
Runtime: Make docker run handle SIGINT/SIGTERM
Runtime: Prevent crash when .dockercfg not readable
Hack: Add docker dependencies coverage testing into docker-ci
Runtime: Add -privileged flag and relevant tests, docs, and examples
Packaging: Docker-brew 0.5.2 support and memory footprint reduction
Runtime: Install script should be fetched over https, not http.
Packaging: Add new docker dependencies into docker-ci
Runtime: Use Go 1.1.2 for dockerbuilder
Registry: Improve auth push
Runtime: API, issue 1471: Use groups for socket permissions
Documentation: PostgreSQL service example in documentation
Contrib: bash completion script
Tests: Improve TestKillDifferentUser to prevent timeout on buildbot
Documentation: Fix typo in docs for docker run -dns
Documentation: Adding a reference to ps -a
Runtime: Correctly detect IPv4 forwarding
Packaging: Revert "docker.upstart: avoid spawning a sh process"
Runtime: Use ranged for loop on channels
Runtime: Fix typo: fmt.Sprint -> fmt.Sprintf
Tests: Fix typo in TestBindMounts (runContainer called without image)
Runtime: add websocket support to /container//attach/ws
Runtime: Mount /dev/shm as a tmpfs
Builder: Only count known instructions as build steps
Builder: Fix docker build and docker events output
Runtime: switch from http to https for get.docker.io
Tests: Improve TestGetContainersTop so it does not rely on sleep
Packaging: Docker-brew and Docker standard library
Testing: Add some tests in server and utils
Packaging: Release docker with docker
Builder: Make sure ENV instruction within build perform a commit each time
Packaging: Fix the upstart script generated by get.docker.io
Runtime: fix small \n error un docker build
Runtime: Let userland proxy handle container-bound traffic
Runtime: Updated the Docker CLI to specify a value for the "Host" header.
Runtime: Add warning when net.ipv4.ip_forwarding = 0
Registry: Registry unit tests + mock registry
Runtime: fixed #910. print user name to docker info output
Builder: Forbid certain paths within docker build ADD
Runtime: change network range to avoid conflict with EC2 DNS
Tests: Relax the lo interface test to allow iface index != 1
Documentation: Suggest installing linux-headers by default.
Documentation: Change the twitter handle
Client: Add docker cp command and copy api endpoint to copy container files/folders to the host
Remote API: Use mime pkg to parse Content-Type
Runtime: Reduce connect and read timeout when pinging the registry
Documentation: Update amazon.rst to explain that Vagrant is not necessary for running Docker on ec2
Packaging: Enabled the docs to generate manpages.
Runtime: Parallel pull
Runtime: Handle ip route showing mask-less IP addresses
Documentation: Clarify Amazon EC2 installation
Documentation: 'Base' image is deprecated and should no longer be referenced in the docs.
Runtime: Fix to "Inject dockerinit at /.dockerinit"
Runtime: Allow ENTRYPOINT without CMD
Runtime: Always consider localhost as a domain name when parsing the FQN repos name
Remote API: 650 http utils and user agent field
Documentation: fix a typo in the ubuntu installation guide
Builder: Repository name (and optionally a tag) in build usage
Documentation: Move note about officially supported kernel
Packaging: Revert "Bind daemon to 0.0.0.0 in Vagrant.
Builder: Add no cache for docker build
Runtime: Add hostname to environment
Runtime: Add last stable version in docker version
Builder: Make sure ADD will create everything in 0755
Documentation: Add ufw doc
Tests: Add registry functional test to docker-ci
Documentation: Solved the logo being squished in Safari
Runtime: Use utils.ParseRepositoryTag instead of strings.Split(name, ":") in server.ImageDelete
Runtime: Refactor checksum
Runtime: Improve connect message with socket error
Documentation: Added information about Docker's high level tools over LXC.
Don't read from stdout when only attached to stdin
-------------------------------------------------------------------
Wed Aug 7 15:11:23 UTC 2013 - fcastelli@suse.com
* added commits required to get docker working with a private registry.
* 0.5.1 (2013-07-30)
API: Docker client now sets useragent (RFC 2616)
Runtime: Add ps args to docker top
Runtime: Add support for container ID files (pidfile like)
Runtime: Add container=lxc in default env
Runtime: Support networkless containers with docker run -n and docker -d -b=none
API: Add /events endpoint
Builder: ADD command now understands URLs
Builder: CmdAdd and CmdEnv now respect Dockerfile-set ENV variables
Hack: Simplify unit tests with helpers
Hack: Improve docker.upstart event
Hack: Add coverage testing into docker-ci
Runtime: Stdout/stderr logs are now stored in the same file as JSON
Runtime: Allocate a /16 IP range by default, with fallback to /24. Try 12 ranges instead of 3.
Runtime: Change .dockercfg format to json and support multiple auth remote
Runtime: Do not override volumes from config
Runtime: Fix issue with EXPOSE override
Builder: Create directories with 755 instead of 700 within ADD instruction
-------------------------------------------------------------------
Thu Jul 25 09:43:48 UTC 2013 - fcastelli@suse.com
0.5.0 (2013-07-17)
Runtime: List all processes running inside a container with 'docker top'
Runtime: Host directories can be mounted as volumes with 'docker run -v'
Runtime: Containers can expose public UDP ports (eg, '-p 123/udp')
Runtime: Optionally specify an exact public port (eg. '-p 80:4500')
Registry: New image naming scheme inspired by Go packaging convention allows arbitrary combinations of registries
Builder: ENTRYPOINT instruction sets a default binary entry point to a container
Builder: VOLUME instruction marks a part of the container as persistent data
Builder: 'docker build' displays the full output of a build by default
Runtime: 'docker login' supports additional options
Runtime: Dont save a container's hostname when committing an image.
Registry: Fix issues when uploading images to a private registry
0.4.8 (2013-07-01)
Builder: New build operation ENTRYPOINT adds an executable entry point to the container.
Runtime: Fix a bug which caused 'docker run -d' to no longer print the container ID.
Tests: Fix issues in the test suite
0.4.7 (2013-06-28)
Registry: easier push/pull to a custom registry
Remote API: the progress bar updates faster when downloading and uploading large files
Remote API: fix a bug in the optional unix socket transport
Runtime: improve detection of kernel version
Runtime: host directories can be mounted as volumes with 'docker run -b'
Runtime: fix an issue when only attaching to stdin
Runtime: use 'tar --numeric-owner' to avoid uid mismatch across multiple hosts
Hack: improve test suite and dev environment
Hack: remove dependency on unit tests on 'os/user'
Documentation: add terminology section
0.4.6 (2013-06-22)
Runtime: fix a bug which caused creation of empty images (and volumes) to crash.
0.4.5 (2013-06-21)
Builder: 'docker build git://URL' fetches and builds a remote git repository
Runtime: 'docker ps -s' optionally prints container size
Tests: Improved and simplified
Runtime: fix a regression introduced in 0.4.3 which caused the logs command to fail.
Builder: fix a regression when using ADD with single regular file.
0.4.4 (2013-06-19)
Builder: fix a regression introduced in 0.4.3 which caused builds to fail on new clients.
0.4.3 (2013-06-19)
Builder: ADD of a local file will detect tar archives and unpack them
Runtime: Remove bsdtar dependency
Runtime: Add unix socket and multiple -H support
Runtime: Prevent rm of running containers
Runtime: Use go1.1 cookiejar
Builder: ADD improvements: use tar for copy + automatically unpack local archives
Builder: ADD uses tar/untar for copies instead of calling 'cp -ar'
Builder: nicer output for 'docker build'
Builder: fixed the behavior of ADD to be (mostly) reverse-compatible, predictable and well-documented.
Client: HumanReadable ProgressBar sizes in pull
Client: Fix docker version's git commit output
API: Send all tags on History API call
API: Add tag lookup to history command. Fixes #882
Runtime: Fix issue detaching from running TTY container
Runtime: Forbid parralel push/pull for a single image/repo. Fixes #311
Runtime: Fix race condition within Run command when attaching.
Builder: fix a bug which caused builds to fail if ADD was the first command
Documentation: fix missing command in irc bouncer example
0.4.2 (2013-06-17)
Packaging: Bumped version to work around an Ubuntu bug
0.4.1 (2013-06-17)
Remote Api: Add flag to enable cross domain requests
Remote Api/Client: Add images and containers sizes in docker ps and docker images
Runtime: Configure dns configuration host-wide with 'docker -d -dns'
Runtime: Detect faulty DNS configuration and replace it with a public default
Runtime: allow docker run :
Runtime: you can now specify public port (ex: -p 80:4500)
Client: allow multiple params in inspect
Client: Print the container id before the hijack in docker run
Registry: add regexp check on repo's name
Registry: Move auth to the client
Runtime: improved image removal to garbage-collect unreferenced parents
Vagrantfile: Add the rest api port to vagrantfile's port_forward
Upgrade to Go 1.1
Builder: don't ignore last line in Dockerfile when it doesn't end with \n
Registry: Remove login check on pull
0.4.0 (2013-06-03)
Introducing Builder: 'docker build' builds a container, layer by layer, from a source repository containing a Dockerfile
Introducing Remote API: control Docker programmatically using a simple HTTP/json API
Runtime: various reliability and usability improvements
0.3.4 (2013-05-30)
Builder: 'docker build' builds a container, layer by layer, from a source repository containing a Dockerfile
Builder: 'docker build -t FOO' applies the tag FOO to the newly built container.
Runtime: interactive TTYs correctly handle window resize
Runtime: fix how configuration is merged between layers
Remote API: split stdout and stderr on 'docker run'
Remote API: optionally listen on a different IP and port (use at your own risk)
Documentation: improved install instructions.
0.3.3 (2013-05-23)
Registry: Fix push regression
Various bugfixes
0.3.2 (2013-05-09)
Runtime: Store the actual archive on commit
Registry: Improve the checksum process
Registry: Use the size to have a good progress bar while pushing
Registry: Use the actual archive if it exists in order to speed up the push
Registry: Fix error 400 on push
0.3.1 (2013-05-08)
Builder: Implement the autorun capability within docker builder
Builder: Add caching to docker builder
Builder: Add support for docker builder with native API as top level command
Runtime: Add go version to debug infos
Builder: Implement ENV within docker builder
Registry: Add docker search top level command in order to search a repository
Images: output graph of images to dot (graphviz)
Documentation: new introduction and high-level overview
Documentation: Add the documentation for docker builder
Website: new high-level overview
Makefile: Swap "go get" for "go get -d", especially to compile on go1.1rc
Images: fix ByParent function
Builder: Check the command existance prior create and add Unit tests for the case
Registry: Fix pull for official images with specific tag
Registry: Fix issue when login in with a different user and trying to push
Documentation: CSS fix for docker documentation to make REST API docs look better.
Documentation: Fixed CouchDB example page header mistake
Documentation: fixed README formatting
Registry: Improve checksum - async calculation
Runtime: kernel version - don't show the dash if flavor is empty
Documentation: updated www.docker.io website.
Builder: use any whitespaces instead of tabs
Packaging: packaging ubuntu; issue #510: Use goland-stable PPA package to build docker
-------------------------------------------------------------------
Tue May 7 09:09:34 UTC 2013 - fcastelli@suse.com
* Update to 0.3.0 (2013-05-06)
- Registry: Implement the new registry
- Documentation: new example: sharing data between 2 couchdb databases
- Runtime: Fix the command existance check
- Runtime: strings.Split may return an empty string on no match
- Runtime: Fix an index out of range crash if cgroup memory is not
- Documentation: Various improvments
- Vagrant: Use only one deb line in /etc/apt
-------------------------------------------------------------------
Mon May 6 16:00:00 UTC 2013 - fcastelli@suse.com
- Update to version 0.2.2
* 0.2.2 (2013-05-03)
- Support for data volumes ('docker run -v=PATH')
- Share data volumes between containers ('docker run -volumes-from')
- Improved documentation
- Upgrade to Go 1.0.3
- Various upgrades to the dev environment for contributors
* 0.2.1 (2013-05-01)
- 'docker commit -run' bundles a layer with default runtime options: command, ports etc.
- Improve install process on Vagrant
- New Dockerfile operation: "maintainer"
- New Dockerfile operation: "expose"
- New Dockerfile operation: "cmd"
- Contrib script to build a Debian base layer
- 'docker -d -r': restart crashed containers at daemon startup
- Runtime: improve test coverage
* 0.2.0 (2013-04-23)
- Runtime: ghost containers can be killed and waited for
- Documentation: update install intructions
- Packaging: fix Vagrantfile
- Development: automate releasing binaries and ubuntu packages
- Add a changelog
- Various bugfixes
* 0.1.8 (2013-04-22)
- Dynamically detect cgroup capabilities
- Issue stability warning on kernels <3.8
- 'docker push' buffers on disk instead of memory
- Fix 'docker diff' for removed files
- Fix 'docker stop' for ghost containers
- Fix handling of pidfile
- Various bugfixes and stability improvements
* 0.1.7 (2013-04-18)
- Container ports are available on localhost
- 'docker ps' shows allocated TCP ports
- Contributors can run 'make hack' to start a continuous integration VM
- Streamline ubuntu packaging & uploading
- Various bugfixes and stability improvements
* 0.1.6 (2013-04-17)
- Record the author an image with 'docker commit -author'
* 0.1.5 (2013-04-17)
- Disable standalone mode
- Use a custom DNS resolver with 'docker -d -dns'
- Detect ghost containers
- Improve diagnosis of missing system capabilities
- Allow disabling memory limits at compile time
- Add debian packaging
- Documentation: installing on Arch Linux
- Documentation: running Redis on docker
- Fixed lxc 0.9 compatibility
- Automatically load aufs module
- Various bugfixes and stability improvements
* 0.1.4 (2013-04-09):
- Full support for TTY emulation
- Detach from a TTY session with the escape sequence C-p C-q
- Various bugfixes and stability improvements
- Minor UI improvements
- Automatically create our own bridge interface 'docker0'
-------------------------------------------------------------------
Wed Apr 10 10:31:11 UTC 2013 - fcastelli@suse.com
- Apply patch that creates pidfile.
- Update the init script to look for the pidfile under the right location.
- Update the init script to acknowledge the code taken from Ubuntu's lxc-net script.
-------------------------------------------------------------------
Tue Apr 9 08:24:33 UTC 2013 - fcastelli@suse.com
- create initial package using version 0.1.3 from git commit 0767916adedb01