docker/secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch

From 0c4cf4fac76f2a5272a808665985a2e0df6af0db Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Wed, 8 Mar 2017 12:41:54 +1100
Subject: [PATCH 1/2] daemon: allow directory creation in /run/secrets

Since FileMode can have the directory bit set, allow a SecretStore
implementation to return secrets that are actually directories. This is
useful for creating directories and subdirectories of secrets.

Backport: https://github.com/docker/docker/pull/31632
Signed-off-by: Aleksa Sarai <asarai@suse.de>
---
 daemon/container_operations_unix.go | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/daemon/container_operations_unix.go b/daemon/container_operations_unix.go
index 2296045765d4..8527a7907373 100644
--- a/daemon/container_operations_unix.go
+++ b/daemon/container_operations_unix.go
@@ -195,8 +195,14 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
 		if secret == nil {
 			return fmt.Errorf("unable to get secret from secret store")
 		}
-		if err := ioutil.WriteFile(fPath, secret.Spec.Data, s.File.Mode); err != nil {
-			return errors.Wrap(err, "error injecting secret")
+		if s.File.Mode.IsDir() {
+			if err := os.Mkdir(fPath, s.File.Mode); err != nil {
+				return errors.Wrap(err, "error injecting secret dir")
+			}
+		} else {
+			if err := ioutil.WriteFile(fPath, secret.Spec.Data, s.File.Mode); err != nil {
+				return errors.Wrap(err, "error injecting secret")
+			}
 		}
 
 		uid, err := strconv.Atoi(s.File.UID)
-- 
2.12.0
Accepting request 477670 from home:cyphar:containers This massively cleans up the docker mount secrets patch we have to use the new Docker Swarm framework for /run/secrets (which doesn't require swarm mode with these patches). OBS-URL: https://build.opensuse.org/request/show/477670 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=172 2017-03-08 10:03:15 +01:00			`From 0c4cf4fac76f2a5272a808665985a2e0df6af0db Mon Sep 17 00:00:00 2001`
			`From: Aleksa Sarai <asarai@suse.de>`
			`Date: Wed, 8 Mar 2017 12:41:54 +1100`
			`Subject: [PATCH 1/2] daemon: allow directory creation in /run/secrets`

			`Since FileMode can have the directory bit set, allow a SecretStore`
			`implementation to return secrets that are actually directories. This is`
			`useful for creating directories and subdirectories of secrets.`

			`Backport: https://github.com/docker/docker/pull/31632`
			`Signed-off-by: Aleksa Sarai <asarai@suse.de>`
			`---`
			`daemon/container_operations_unix.go \| 10 ++++++++--`
			`1 file changed, 8 insertions(+), 2 deletions(-)`

			`diff --git a/daemon/container_operations_unix.go b/daemon/container_operations_unix.go`
			`index 2296045765d4..8527a7907373 100644`
			`--- a/daemon/container_operations_unix.go`
			`+++ b/daemon/container_operations_unix.go`
			`@@ -195,8 +195,14 @@ func (daemon Daemon) setupSecretDir(c container.Container) (setupErr error) {`
			`if secret == nil {`
			`return fmt.Errorf("unable to get secret from secret store")`
			`}`
			`- if err := ioutil.WriteFile(fPath, secret.Spec.Data, s.File.Mode); err != nil {`
			`- return errors.Wrap(err, "error injecting secret")`
			`+ if s.File.Mode.IsDir() {`
			`+ if err := os.Mkdir(fPath, s.File.Mode); err != nil {`
			`+ return errors.Wrap(err, "error injecting secret dir")`
			`+ }`
			`+ } else {`
			`+ if err := ioutil.WriteFile(fPath, secret.Spec.Data, s.File.Mode); err != nil {`
			`+ return errors.Wrap(err, "error injecting secret")`
			`+ }`
			`}`

			`uid, err := strconv.Atoi(s.File.UID)`
			`--`
			`2.12.0`