docker-stable

pool/docker-stable

SHA256

Fork 0

Commit Graph

Author	SHA256	Message	Date
Aleksa Sarai	03ac02867b	docker-stable: sync with Factory - Remove git-core recommends on SLE. Most SLE systems have installRecommends=yes by default and thus end up installing git with Docker. bsc#1250508 This feature is mostly intended for developers ("docker build git://") so most users already have the dependency installed, and the error when git is missing is fairly straightforward (so they can easily figure out what they need to install). - Include historical changelog data from before the docker-stable fork. The initial changelog entry did technically provide all the necessary information, but our CVE tracking tools do not understand how the package is forked and so it seems that this package does not include fixes for ~12 years of updates. So, include a copy of the original package's changelog up until the fork point. bsc#1250596 - Backport <https://github.com/moby/moby/pull/48517>. bsc#1247362 + 0015-bsc1247362-release-container-layer-on-export.patch - Update to docker-buildx v0.25.0. Upstream changelog: <https://github.com/docker/buildx/releases/tag/v0.25.0> - Update to Go 1.23 for building now that upstream has switched their 23.0.x LTSS to use Go 1.23. - Do not try to inject SUSEConnect secrets when in Rootless Docker mode, as Docker does not have permission to access the host zypper credentials in this mode (and unprivileged users cannot disable the feature using /etc/docker/suse-secrets-enable.) bsc#1240150 * 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>	2025-10-22 15:46:05 +11:00
Aleksa Sarai	47dc4f48fa	- Update to docker-buildx v0.22.0. Upstream changelog: <https://github.com/docker/buildx/releases/tag/v0.22.0> * Includes fixes for CVE-2025-0495. bsc#1239765 - Disable transparent SUSEConnect support for SLE-16. PED-12534 When this patchset was first added in 2013 (and rewritten over the years), there was no upstream way to easily provide SLE customers with a way to build container images based on SLE using the host subscription. However, with docker-buildx you can now define secrets for builds (this is not entirely transparent, but we can easily document this new requirement for SLE-16). Users should use RUN --mount=type=secret,id=SCCcredentials zypper -n ... in their Dockerfiles, and docker buildx build --secret id=SCCcredentials,src=/etc/zypp/credentials.d/SCCcredentials,type=file . when doing their builds. - Now that the only blocker for docker-buildx support was removed for SLE-16, enable docker-buildx for SLE-16 as well. PED-8905 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker-stable?expand=0&rev=23	2025-04-10 03:37:04 +00:00
Aleksa Sarai	3b21671934	Accepting request 1256097 from home:cyphar:docker - Don't use the new container-selinux conditional requires on SLE-12, as the RPM version there doesn't support it. Arguably the change itself is a bit suspect but we can fix that later. bsc#1237367 - Make container-selinux requirement conditional on selinux-policy (bsc#1237367) OBS-URL: https://build.opensuse.org/request/show/1256097 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker-stable?expand=0&rev=22	2025-03-26 02:43:22 +00:00

Author

SHA256

Message

Date

Aleksa Sarai

03ac02867b

docker-stable: sync with Factory

- Remove git-core recommends on SLE. Most SLE systems have
  installRecommends=yes by default and thus end up installing git with Docker.
  bsc#1250508
  This feature is mostly intended for developers ("docker build git://") so
  most users already have the dependency installed, and the error when git is
  missing is fairly straightforward (so they can easily figure out what they
  need to install).
- Include historical changelog data from before the docker-stable fork. The
  initial changelog entry did technically provide all the necessary
  information, but our CVE tracking tools do not understand how the package is
  forked and so it seems that this package does not include fixes for ~12 years
  of updates. So, include a copy of the original package's changelog up until
  the fork point. bsc#1250596
- Backport <https://github.com/moby/moby/pull/48517>. bsc#1247362
  + 0015-bsc1247362-release-container-layer-on-export.patch
- Update to docker-buildx v0.25.0. Upstream changelog:
  <https://github.com/docker/buildx/releases/tag/v0.25.0>
- Update to Go 1.23 for building now that upstream has switched their 23.0.x
  LTSS to use Go 1.23.
- Do not try to inject SUSEConnect secrets when in Rootless Docker mode, as
  Docker does not have permission to access the host zypper credentials in this
  mode (and unprivileged users cannot disable the feature using
  /etc/docker/suse-secrets-enable.) bsc#1240150
  * 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>

2025-10-22 15:46:05 +11:00

Aleksa Sarai

47dc4f48fa

- Update to docker-buildx v0.22.0. Upstream changelog:

<https://github.com/docker/buildx/releases/tag/v0.22.0>
  * Includes fixes for CVE-2025-0495. bsc#1239765
- Disable transparent SUSEConnect support for SLE-16. PED-12534
  When this patchset was first added in 2013 (and rewritten over the years),
  there was no upstream way to easily provide SLE customers with a way to build
  container images based on SLE using the host subscription. However, with
  docker-buildx you can now define secrets for builds (this is not entirely
  transparent, but we can easily document this new requirement for SLE-16).
  Users should use
    RUN --mount=type=secret,id=SCCcredentials zypper -n ...
  in their Dockerfiles, and
    docker buildx build --secret id=SCCcredentials,src=/etc/zypp/credentials.d/SCCcredentials,type=file .
  when doing their builds.
- Now that the only blocker for docker-buildx support was removed for SLE-16,
  enable docker-buildx for SLE-16 as well. PED-8905

OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker-stable?expand=0&rev=23

2025-04-10 03:37:04 +00:00

Aleksa Sarai

3b21671934

Accepting request 1256097 from home:cyphar:docker

- Don't use the new container-selinux conditional requires on SLE-12, as the
  RPM version there doesn't support it. Arguably the change itself is a bit
  suspect but we can fix that later. bsc#1237367
- Make container-selinux requirement conditional on selinux-policy
  (bsc#1237367)

OBS-URL: https://build.opensuse.org/request/show/1256097
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker-stable?expand=0&rev=22

2025-03-26 02:43:22 +00:00

3 Commits