of whether the daemon was built with SUSEConnect support. Not doing this
causes containers from SUSEConnect-enabled daemons to fail to start when
running with SUSEConnect-disabled (i.e. upstream) daemons.
This was a long-standing issue with our secrets support but until recently
this would've required migrating from SLE packages to openSUSE packages
(which wasn't supported). However, as SLE Micro 6.x and SLES 16 will move
away from in-built SUSEConnect support, this is now a practical issue users
will run into. bsc#1244035
+ 0001-SECRETS-SUSE-always-clear-our-internal-secrets.patch
- Rearrange patches:
- 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
+ 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
- 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
+ 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
- 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
+ 0004-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
- 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
+ 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
+ 0006-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- 0006-CVE-2024-2365x-update-buildkit-to-include-CVE-patche.patch
+ 0007-CVE-2024-2365x-update-buildkit-to-include-CVE-patche.patch
- 0007-bsc1221916-update-to-patched-buildkit-version-to-fix.patch
+ 0008-bsc1221916-update-to-patched-buildkit-version-to-fix.patch
- 0008-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch
+ 0009-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch
- 0009-CVE-2024-41110-AuthZ-plugin-securty-fixes.patch
+ 0010-CVE-2024-41110-AuthZ-plugin-securty-fixes.patch
- 0010-CVE-2024-29018-libnet-Don-t-forward-to-upstream-reso.patch
+ 0011-CVE-2024-29018-libnet-Don-t-forward-to-upstream-reso.patch
- 0011-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch
+ 0012-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch
- 0012-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch
+ 0013-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch
- 0013-TESTS-backport-fixes-for-integration-tests.patch
+ 0014-TESTS-backport-fixes-for-integration-tests.patch
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker-stable?expand=0&rev=25
<https://github.com/docker/buildx/releases/tag/v0.22.0>
* Includes fixes for CVE-2025-0495. bsc#1239765
- Disable transparent SUSEConnect support for SLE-16. PED-12534
When this patchset was first added in 2013 (and rewritten over the years),
there was no upstream way to easily provide SLE customers with a way to build
container images based on SLE using the host subscription. However, with
docker-buildx you can now define secrets for builds (this is not entirely
transparent, but we can easily document this new requirement for SLE-16).
Users should use
RUN --mount=type=secret,id=SCCcredentials zypper -n ...
in their Dockerfiles, and
docker buildx build --secret id=SCCcredentials,src=/etc/zypp/credentials.d/SCCcredentials,type=file .
when doing their builds.
- Now that the only blocker for docker-buildx support was removed for SLE-16,
enable docker-buildx for SLE-16 as well. PED-8905
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker-stable?expand=0&rev=23
<https://github.com/docker/buildx/releases/tag/v0.19.2>.
Some notable changelogs from the last update:
* <https://github.com/docker/buildx/releases/tag/v0.19.0>
* <https://github.com/docker/buildx/releases/tag/v0.18.0>
- Update to Go 1.22.
- Add a new toggle file /etc/docker/suse-secrets-enable which allows users to
disable the SUSEConnect integration with Docker (which creates special mounts
in /run/secrets to allow container-suseconnect to authenticate containers
with registries on registered hosts). bsc#1231348 bsc#1232999
In order to disable these mounts, just do
echo 0 > /etc/docker/suse-secrets-enable
and restart Docker. In order to re-enable them, just do
echo 1 > /etc/docker/suse-secrets-enable
and restart Docker. Docker will output information on startup to tell you
whether the SUSE secrets feature is enabled or not.
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
- Add docker-integration-tests-devel subpackage for building and running the
upstream Docker integration tests on machines to test that Docker works
properly. Users should not install this package.
- docker-rpmlintrc updated to include allow-list for all of the integration
tests package, since it contains a bunch of stuff that wouldn't normally be
allowed.
- Added patches:
+ 0010-TESTS-backport-fixes-for-integration-tests.patch
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker-stable?expand=0&rev=11
