pool/docker-stable
SHA256
17
0
Fork 0
Code Issues Pull Requests Activity

Commit Graph

  • 8611c5bdce Accepting request 1314275 from Virtualization:containers factory Ana Guerrero 2025-10-29 20:07:17 +00:00
  • cf42812621 - Enable SELinux in default daemon.json config (--selinux-enabled). This has no practical impact on non-SELinux systems. bsc#1252290 Aleksa Sarai 2025-10-29 07:18:57 +00:00
  • 03ac02867b docker-stable: sync with Factory slfo-main Aleksa Sarai 2025-10-22 15:46:05 +11:00
  • 63299d6cec Accepting request 1307635 from Virtualization:containers Ana Guerrero 2025-09-30 15:40:32 +00:00
  • 5b4d97ced4 - Remove git-core recommends on SLE. Most SLE systems have installRecommends=yes by default and thus end up installing git with Docker. bsc#1250508 Aleksa Sarai 2025-09-29 05:43:47 +00:00
  • c4952f9b7f Accepting request 1297601 from Virtualization:containers Dominique Leuenberger 2025-08-05 12:21:50 +00:00
  • dcfb1c4083 - Backport <https://github.com/moby/moby/pull/48517>. bsc#1247362 + 0015-bsc1247362-release-container-layer-on-export.patch Aleksa Sarai 2025-08-05 05:31:04 +00:00
  • f4a3ff2dbe Accepting request 1293988 from Virtualization:containers Ana Guerrero 2025-07-17 15:18:56 +00:00
  • ae31662aab - Update to docker-buildx v0.25.0. Upstream changelog: <https://github.com/docker/buildx/releases/tag/v0.25.0> - Update to Go 1.23 for building now that upstream has switched their 23.0.x LTSS to use Go 1.23. Aleksa Sarai 2025-07-17 04:31:09 +00:00
  • 451c8ce3cb Accepting request 1284722 from Virtualization:containers Ana Guerrero 2025-07-01 09:34:07 +00:00
  • 84dfc0f999 Accepting request 1284721 from home:cyphar:docker Aleksa Sarai 2025-06-11 08:30:48 +00:00
  • a5826f5486 Accepting request 1283417 from Virtualization:containers Ana Guerrero 2025-06-06 20:41:49 +00:00
  • bd8116a690 - Do not try to inject SUSEConnect secrets when in Rootless Docker mode, as Docker does not have permission to access the host zypper credentials in this mode (and unprivileged users cannot disable the feature using /etc/docker/suse-secrets-enable.) bsc#1240150 Aleksa Sarai 2025-06-05 16:35:01 +00:00
  • 8461728396 Accepting request 1282505 from Virtualization:containers slfo-1.2 Dominique Leuenberger 2025-06-04 18:28:15 +00:00
  • bb577e6225 - Always clear SUSEConnect suse_* secrets when starting containers regardless of whether the daemon was built with SUSEConnect support. Not doing this causes containers from SUSEConnect-enabled daemons to fail to start when running with SUSEConnect-disabled (i.e. upstream) daemons. This was a long-standing issue with our secrets support but until recently this would've required migrating from SLE packages to openSUSE packages (which wasn't supported). However, as SLE Micro 6.x and SLES 16 will move away from in-built SUSEConnect support, this is now a practical issue users will run into. bsc#1244035 + 0001-SECRETS-SUSE-always-clear-our-internal-secrets.patch - Rearrange patches: - 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch + 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch - 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch + 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch - 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch + 0004-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch - 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch + 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch - 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch + 0006-SLE12-revert-apparmor-remove-version-conditionals-fr.patch - 0006-CVE-2024-2365x-update-buildkit-to-include-CVE-patche.patch + 0007-CVE-2024-2365x-update-buildkit-to-include-CVE-patche.patch - 0007-bsc1221916-update-to-patched-buildkit-version-to-fix.patch + 0008-bsc1221916-update-to-patched-buildkit-version-to-fix.patch - 0008-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch + 0009-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch - 0009-CVE-2024-41110-AuthZ-plugin-securty-fixes.patch + 0010-CVE-2024-41110-AuthZ-plugin-securty-fixes.patch - 0010-CVE-2024-29018-libnet-Don-t-forward-to-upstream-reso.patch + 0011-CVE-2024-29018-libnet-Don-t-forward-to-upstream-reso.patch - 0011-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch + 0012-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch - 0012-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch + 0013-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch - 0013-TESTS-backport-fixes-for-integration-tests.patch + 0014-TESTS-backport-fixes-for-integration-tests.patch Aleksa Sarai 2025-06-04 06:14:16 +00:00
  • bdfa56d393 Accepting request 1268265 from Virtualization:containers Ana Guerrero 2025-04-10 19:59:20 +00:00
  • 47dc4f48fa - Update to docker-buildx v0.22.0. Upstream changelog: <https://github.com/docker/buildx/releases/tag/v0.22.0> * Includes fixes for CVE-2025-0495. bsc#1239765 - Disable transparent SUSEConnect support for SLE-16. PED-12534 When this patchset was first added in 2013 (and rewritten over the years), there was no upstream way to easily provide SLE customers with a way to build container images based on SLE using the host subscription. However, with docker-buildx you can now define secrets for builds (this is not entirely transparent, but we can easily document this new requirement for SLE-16). Users should use RUN --mount=type=secret,id=SCCcredentials zypper -n ... in their Dockerfiles, and docker buildx build --secret id=SCCcredentials,src=/etc/zypp/credentials.d/SCCcredentials,type=file . when doing their builds. - Now that the only blocker for docker-buildx support was removed for SLE-16, enable docker-buildx for SLE-16 as well. PED-8905 Aleksa Sarai 2025-04-10 03:37:04 +00:00
  • 3b21671934 Accepting request 1256097 from home:cyphar:docker Aleksa Sarai 2025-03-26 02:43:22 +00:00
  • 87bc6e5edc Accepting request 1255774 from Virtualization:containers Ana Guerrero 2025-03-25 21:11:17 +00:00
  • 9e69e34cc5 - Add backport for golang.org/x/oauth2 CVE-2025-22868 fix. bsc#1239185 + 0011-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch - Add backport for golang.org/x/crypto CVE-2025-22869 fix. bsc#1239322 + 0012-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch - Refresh patches: * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch * 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch * 0006-CVE-2024-2365x-update-buildkit-to-include-CVE-patche.patch * 0007-bsc1221916-update-to-patched-buildkit-version-to-fix.patch * 0008-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch * 0009-CVE-2024-41110-AuthZ-plugin-securty-fixes.patch * 0010-CVE-2024-29018-libnet-Don-t-forward-to-upstream-reso.patch - Move test-related patch to the end of the patch stack: - 0011-TESTS-backport-fixes-for-integration-tests.patch + 0013-TESTS-backport-fixes-for-integration-tests.patch Aleksa Sarai 2025-03-25 04:02:47 +00:00
  • 9c336ff601 Accepting request 1237207 from Virtualization:containers Ana Guerrero 2025-01-13 16:50:43 +00:00
  • 1d00d6bb91 Fix changelog. Aleksa Sarai 2025-01-13 01:29:23 +00:00
  • 2a6e8f4c54 Accepting request 1231782 from Virtualization:containers Ana Guerrero 2024-12-18 19:09:45 +00:00
  • c393080e52 - Add backport for CVE-2024-29018 fix. bsc#1234089 + 0010-CVE-2024-29018-libnet-Don-t-forward-to-upstream-reso.patch - Add backport for CVE-2024-23650 fix. bsc#1219437 - 0006-CVE-2024-23653-update-buildkit-to-include-CVE-patche.patch + 0006-CVE-2024-2365x-update-buildkit-to-include-CVE-patche.patch - Reorder and rebase patches: * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch * 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch * 0007-bsc1221916-update-to-patched-buildkit-version-to-fix.patch * 0008-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch * 0009-CVE-2024-41110-AuthZ-plugin-securty-fixes.patch - 0010-TESTS-backport-fixes-for-integration-tests.patch + 0011-TESTS-backport-fixes-for-integration-tests.patch Aleksa Sarai 2024-12-18 06:26:49 +00:00
  • c27b8c2d8f Accepting request 1231697 from Virtualization:containers Ana Guerrero 2024-12-17 18:25:20 +00:00
  • 0380cf68a8 Accepting request 1231695 from home:cyphar:docker Aleksa Sarai 2024-12-17 13:26:31 +00:00
  • 0b754a6ceb Accepting request 1230150 from Virtualization:containers Ana Guerrero 2024-12-12 20:17:51 +00:00
  • ff3bcb3eda Remove DOCKER_SUSE_SECRETS_ENABLE changelog entry. Aleksa Sarai 2024-12-11 15:36:10 +00:00
  • f61acbec84 - Update docker-buildx to v0.19.2. See upstream changelog online at <https://github.com/docker/buildx/releases/tag/v0.19.2>. Some notable changelogs from the last update: * <https://github.com/docker/buildx/releases/tag/v0.19.0> * <https://github.com/docker/buildx/releases/tag/v0.18.0> - Update to Go 1.22. Aleksa Sarai 2024-12-11 10:51:10 +00:00
  • 6baeb55273 Accepting request 1228306 from Virtualization:containers Ana Guerrero 2024-12-05 16:08:47 +00:00
  • 1a4287f660 - Disable docker-buildx builds for SLES. It turns out that build containers with docker-buildx don't currently get the SUSE secrets mounts applied, meaning that container-suseconnect doesn't work when building images. bsc#1233819 Aleksa Sarai 2024-11-27 12:52:23 +00:00
  • 1d2100e493 Accepting request 1224329 from Virtualization:containers Ana Guerrero 2024-11-15 14:43:32 +00:00
  • 310b0df6c4 Re-add comment removed by auto-format. Aleksa Sarai 2024-11-15 00:49:44 +00:00
  • a8cee429ef - Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from sysconfig a long time ago, and apparently this causes issues with systemd in some cases. - Update --add-runtime to point to correct binary path. Aleksa Sarai 2024-11-15 00:13:41 +00:00
  • 9e516b4cdf Accepting request 1219925 from Virtualization:containers Dominique Leuenberger 2024-11-01 20:04:47 +00:00
  • 1931d76a2c Apply patches properly. Aleksa Sarai 2024-10-31 17:47:03 +00:00
  • de974cbb79 docker.spec -> docker-stable.spec Aleksa Sarai 2024-10-30 14:42:40 +00:00
  • 0bcaef05f2 docker.changes -> docker-stable.changes Aleksa Sarai 2024-10-30 14:24:16 +00:00
  • d3d431381b Add docker-stable package. Aleksa Sarai 2024-10-18 00:35:19 +00:00