pool/docker
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 717727 from Virtualization:containers

Browse Source 
Docker v19.03.0-ce update.

OBS-URL: https://build.opensuse.org/request/show/717727
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=92
This commit is contained in:
Dominique Leuenberger 2019-07-28 08:16:44 +00:00 committed by Git OBS Bridge
commit 06d25ab841
14 changed files with 100 additions and 640 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
_service
View File

@ -3,8 +3,8 @@
<param name="url">https://github.com/docker/docker-ce.git</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
<param name="versionformat">18.09.7_ce_%h</param>
<param name="revision">v18.09.7</param>
<param name="versionformat">19.03.0_ce_%h</param>
<param name="revision">v19.03.0</param>
<param name="filename">docker</param>
</service>
<service name="recompress" mode="disabled">

66
bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch
View File

@ -1,66 +0,0 @@
From a3e63ddd20b7f52ff5e81bdb1beb867d28a1c9c8 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Sun, 17 Jun 2018 17:05:54 +1000
Subject: [PATCH 1/2] oci: include the domainname in "kernel.domainname"
The OCI doesn't have a specific field for an NIS domainname[1] (mainly
because FreeBSD and Solaris appear to have a similar concept but it is
configured entirely differently).
However, on Linux, the NIS domainname can be configured through both the
setdomainname(2) syscall but also through the "kernel.domainname"
sysctl. Since the OCI has a way of injecting sysctls this means we don't
need to have any OCI changes to support NIS domainnames (and we can
always switch if the OCI picks up such support in the future).
It should be noted that because we have to generate this each spec
creation we also have to make sure that it's not clobbered by the
HostConfig. I'm pretty sure making this change generic (so that
HostConfig will not clobber any pre-set sysctls) will not cause other
issues to crop up.
[1]: https://github.com/opencontainers/runtime-spec/issues/592
SUSE-Bugs: bsc#1001161
Signed-off-by: Aleksa Sarai <asarai@suse.de>
---
components/engine/daemon/oci_linux.go | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/components/engine/daemon/oci_linux.go b/components/engine/daemon/oci_linux.go
index 7611fc054d13..d5838623528e 100644
--- a/components/engine/daemon/oci_linux.go
+++ b/components/engine/daemon/oci_linux.go
@@ -679,7 +679,15 @@ func (daemon *Daemon) populateCommonSpec(s *specs.Spec, c *container.Container)
s.Process.Cwd = cwd
s.Process.Env = c.CreateDaemonEnvironment(c.Config.Tty, linkedEnv)
s.Process.Terminal = c.Config.Tty
- s.Hostname = c.FullHostname()
+
+ s.Hostname = c.Config.Hostname
+ // There isn't a field in the OCI for the NIS domainname, but luckily there
+ // is a sysctl which has an identical effect to setdomainname(2) so there's
+ // no explicit need for runtime support.
+ s.Linux.Sysctl = make(map[string]string)
+ if c.Config.Domainname != "" {
+ s.Linux.Sysctl["kernel.domainname"] = c.Config.Domainname
+ }
return nil
}
@@ -715,7 +723,11 @@ func (daemon *Daemon) createSpec(c *container.Container) (retSpec *specs.Spec, e
if err := setResources(&s, c.HostConfig.Resources); err != nil {
return nil, fmt.Errorf("linux runtime spec resources: %v", err)
}
- s.Linux.Sysctl = c.HostConfig.Sysctls
+ // We merge the sysctls injected above with the HostConfig (latter takes
+ // precedence for backwards-compatibility reasons).
+ for k, v := range c.HostConfig.Sysctls {
+ s.Linux.Sysctl[k] = v
+ }
p := s.Linux.CgroupsPath
if useSystemd {
--
2.21.0

216
bsc1001161-0002-cli-add-a-separate-domainname-flag.patch
View File

@ -1,216 +0,0 @@
From 1b4f9787461d00dceea94d51af8db80f0b6aa906 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Mon, 18 Jun 2018 21:58:23 +1000
Subject: [PATCH 2/2] cli: add a separate --domainname flag
A while ago, Docker split the "Domainname" field out from the "Hostname"
field for the container configuration. There was no real user-visible
change associated with this (and under the hood "Domainname" was mostly
left unused from the command-line point of view). We now add this flag
in order to match other proposed changes to allow for setting the NIS
domainname of a container.
This also includes a fix for the --hostname parsing tests (they would
not error out if only one of .Hostname and .Domainname were incorrectly
set -- which is not correct).
SUSE-Bugs: bsc#1001161
Signed-off-by: Aleksa Sarai <asarai@suse.de>
---
components/cli/cli/command/container/opts.go | 3 ++
.../cli/cli/command/container/opts_test.go | 31 ++++++++++++++++---
components/cli/contrib/completion/bash/docker | 1 +
components/cli/contrib/completion/zsh/_docker | 1 +
.../cli/docs/reference/commandline/create.md | 1 +
.../cli/docs/reference/commandline/run.md | 1 +
.../reference/commandline/service_create.md | 2 +-
components/cli/docs/reference/run.md | 6 ++--
components/cli/man/docker-run.1.md | 7 +++++
9 files changed, 44 insertions(+), 9 deletions(-)
diff --git a/components/cli/cli/command/container/opts.go b/components/cli/cli/command/container/opts.go
index 97906b672252..7cd9ce998c8b 100644
--- a/components/cli/cli/command/container/opts.go
+++ b/components/cli/cli/command/container/opts.go
@@ -74,6 +74,7 @@ type containerOptions struct {
containerIDFile string
entrypoint string
hostname string
+ domainname string
memory opts.MemBytes
memoryReservation opts.MemBytes
memorySwap opts.MemSwapBytes
@@ -169,6 +170,7 @@ func addFlags(flags *pflag.FlagSet) *containerOptions {
flags.StringVar(&copts.entrypoint, "entrypoint", "", "Overwrite the default ENTRYPOINT of the image")
flags.Var(&copts.groupAdd, "group-add", "Add additional groups to join")
flags.StringVarP(&copts.hostname, "hostname", "h", "", "Container host name")
+ flags.StringVar(&copts.domainname, "domainname", "", "Container NIS domain name")
flags.BoolVarP(&copts.stdin, "interactive", "i", false, "Keep STDIN open even if not attached")
flags.VarP(&copts.labels, "label", "l", "Set meta data on a container")
flags.Var(&copts.labelsFile, "label-file", "Read in a line delimited file of labels")
@@ -546,6 +548,7 @@ func parse(flags *pflag.FlagSet, copts *containerOptions) (*containerConfig, err
config := &container.Config{
Hostname: copts.hostname,
+ Domainname: copts.domainname,
ExposedPorts: ports,
User: copts.user,
Tty: copts.tty,
diff --git a/components/cli/cli/command/container/opts_test.go b/components/cli/cli/command/container/opts_test.go
index 6d7c95a5ddb8..70bedc661751 100644
--- a/components/cli/cli/command/container/opts_test.go
+++ b/components/cli/cli/command/container/opts_test.go
@@ -265,14 +265,35 @@ func TestParseHostname(t *testing.T) {
hostnameWithDomainTld := "--hostname=hostname.domainname.tld"
for hostname, expectedHostname := range validHostnames {
if config, _ := mustParse(t, fmt.Sprintf("--hostname=%s", hostname)); config.Hostname != expectedHostname {
- t.Fatalf("Expected the config to have 'hostname' as hostname, got '%v'", config.Hostname)
+ t.Fatalf("Expected the config to have 'hostname' as %q, got %q", expectedHostname, config.Hostname)
}
}
- if config, _ := mustParse(t, hostnameWithDomain); config.Hostname != "hostname.domainname" && config.Domainname != "" {
- t.Fatalf("Expected the config to have 'hostname' as hostname.domainname, got '%v'", config.Hostname)
+ if config, _ := mustParse(t, hostnameWithDomain); config.Hostname != "hostname.domainname" || config.Domainname != "" {
+ t.Fatalf("Expected the config to have 'hostname' as hostname.domainname, got %q", config.Hostname)
}
- if config, _ := mustParse(t, hostnameWithDomainTld); config.Hostname != "hostname.domainname.tld" && config.Domainname != "" {
- t.Fatalf("Expected the config to have 'hostname' as hostname.domainname.tld, got '%v'", config.Hostname)
+ if config, _ := mustParse(t, hostnameWithDomainTld); config.Hostname != "hostname.domainname.tld" || config.Domainname != "" {
+ t.Fatalf("Expected the config to have 'hostname' as hostname.domainname.tld, got %q", config.Hostname)
+ }
+}
+
+func TestParseHostnameDomainname(t *testing.T) {
+ validDomainnames := map[string]string{
+ "domainname": "domainname",
+ "domain-name": "domain-name",
+ "domainname123": "domainname123",
+ "123domainname": "123domainname",
+ "domainname-63-bytes-long-should-be-valid-and-without-any-errors": "domainname-63-bytes-long-should-be-valid-and-without-any-errors",
+ }
+ for domainname, expectedDomainname := range validDomainnames {
+ if config, _ := mustParse(t, "--domainname="+domainname); config.Domainname != expectedDomainname {
+ t.Fatalf("Expected the config to have 'domainname' as %q, got %q", expectedDomainname, config.Domainname)
+ }
+ }
+ if config, _ := mustParse(t, "--hostname=some.prefix --domainname=domainname"); config.Hostname != "some.prefix" || config.Domainname != "domainname" {
+ t.Fatalf("Expected the config to have 'hostname' as 'some.prefix' and 'domainname' as 'domainname', got %q and %q", config.Hostname, config.Domainname)
+ }
+ if config, _ := mustParse(t, "--hostname=another-prefix --domainname=domainname.tld"); config.Hostname != "another-prefix" || config.Domainname != "domainname.tld" {
+ t.Fatalf("Expected the config to have 'hostname' as 'another-prefix' and 'domainname' as 'domainname.tld', got %q and %q", config.Hostname, config.Domainname)
}
}
diff --git a/components/cli/contrib/completion/bash/docker b/components/cli/contrib/completion/bash/docker
index 92d57408617e..a0d4878ee311 100644
--- a/components/cli/contrib/completion/bash/docker
+++ b/components/cli/contrib/completion/bash/docker
@@ -1809,6 +1809,7 @@ _docker_container_run_and_create() {
--dns
--dns-option
--dns-search
+ --domainname
--entrypoint
--env -e
--env-file
diff --git a/components/cli/contrib/completion/zsh/_docker b/components/cli/contrib/completion/zsh/_docker
index 94f042204dfb..9a502db0886f 100644
--- a/components/cli/contrib/completion/zsh/_docker
+++ b/components/cli/contrib/completion/zsh/_docker
@@ -617,6 +617,7 @@ __docker_container_subcommand() {
"($help)*--dns=[Custom DNS servers]:DNS server: "
"($help)*--dns-option=[Custom DNS options]:DNS option: "
"($help)*--dns-search=[Custom DNS search domains]:DNS domains: "
+ "($help)*--domainname=[Container NIS domain name]:domainname:_hosts"
"($help)*"{-e=,--env=}"[Environment variables]:environment variable: "
"($help)--entrypoint=[Overwrite the default entrypoint of the image]:entry point: "
"($help)*--env-file=[Read environment variables from a file]:environment file:_files"
diff --git a/components/cli/docs/reference/commandline/create.md b/components/cli/docs/reference/commandline/create.md
index d585da40ae1e..c829dbb3e5b9 100644
--- a/components/cli/docs/reference/commandline/create.md
+++ b/components/cli/docs/reference/commandline/create.md
@@ -53,6 +53,7 @@ Options:
--dns value Set custom DNS servers (default [])
--dns-option value Set DNS options (default [])
--dns-search value Set custom DNS search domains (default [])
+ --domainname string Container NIS domain name
--entrypoint string Overwrite the default ENTRYPOINT of the image
-e, --env value Set environment variables (default [])
--env-file value Read in a file of environment variables (default [])
diff --git a/components/cli/docs/reference/commandline/run.md b/components/cli/docs/reference/commandline/run.md
index 6a2630bd1978..a4721e4a7761 100644
--- a/components/cli/docs/reference/commandline/run.md
+++ b/components/cli/docs/reference/commandline/run.md
@@ -57,6 +57,7 @@ Options:
--dns value Set custom DNS servers (default [])
--dns-option value Set DNS options (default [])
--dns-search value Set custom DNS search domains (default [])
+ --domainname string Container NIS domain name
--entrypoint string Overwrite the default ENTRYPOINT of the image
-e, --env value Set environment variables (default [])
--env-file value Read in a file of environment variables (default [])
diff --git a/components/cli/docs/reference/commandline/service_create.md b/components/cli/docs/reference/commandline/service_create.md
index bc68128d0cf9..b395a0bda064 100644
--- a/components/cli/docs/reference/commandline/service_create.md
+++ b/components/cli/docs/reference/commandline/service_create.md
@@ -755,7 +755,7 @@ The swarm extends my-network to each node running the service.
Containers on the same network can access each other using
[service discovery](https://docs.docker.com/engine/swarm/networking/#use-swarm-mode-service-discovery).
-Long form syntax of `--network` allows to specify list of aliases and driver options:
+Long form syntax of `--network` allows to specify list of aliases and driver options:
`--network name=my-network,alias=web1,driver-opt=field1=value1`
### Publish service ports externally to the swarm (-p, --publish)
diff --git a/components/cli/docs/reference/run.md b/components/cli/docs/reference/run.md
index a59a30525554..695974fe533c 100644
--- a/components/cli/docs/reference/run.md
+++ b/components/cli/docs/reference/run.md
@@ -256,7 +256,7 @@ The UTS namespace is for setting the hostname and the domain that is visible
to running processes in that namespace. By default, all containers, including
those with `--network=host`, have their own UTS namespace. The `host` setting will
result in the container using the same UTS namespace as the host. Note that
-`--hostname` is invalid in `host` UTS mode.
+`--hostname` and `--domainname` are invalid in `host` UTS mode.
You may wish to share the UTS namespace with the host if you would like the
hostname of the container to change as the hostname of the host changes. A
@@ -396,8 +396,8 @@ network stack and all interfaces from the host will be available to the
container. The container's hostname will match the hostname on the host
system. Note that `--mac-address` is invalid in `host` netmode. Even in `host`
network mode a container has its own UTS namespace by default. As such
-`--hostname` is allowed in `host` network mode and will only change the
-hostname inside the container.
+`--hostname` and `--domainname` are allowed in `host` network mode and will
+only change the hostname and domain name inside the container.
Similar to `--hostname`, the `--add-host`, `--dns`, `--dns-search`, and
`--dns-option` options can be used in `host` network mode. These options update
`/etc/hosts` or `/etc/resolv.conf` inside the container. No change are made to
diff --git a/components/cli/man/docker-run.1.md b/components/cli/man/docker-run.1.md
index e03377001d4e..4a1464a74200 100644
--- a/components/cli/man/docker-run.1.md
+++ b/components/cli/man/docker-run.1.md
@@ -35,6 +35,7 @@ docker-run - Run a command in a new container
[**--dns**[=*[]*]]
[**--dns-option**[=*[]*]]
[**--dns-search**[=*[]*]]
+[**--domainname**[=*DOMAINNAME*]]
[**-e**|**--env**[=*[]*]]
[**--entrypoint**[=*ENTRYPOINT*]]
[**--env-file**[=*[]*]]
@@ -285,6 +286,12 @@ configuration passed to the container. Typically this is necessary when the
host DNS configuration is invalid for the container (e.g., 127.0.0.1). When this
is the case the **--dns** flags is necessary for every run.
+**--domainname**=""
+ Container NIS domain name
+
+ Sets the container's NIS domain name (see also **setdomainname(2)**) that is
+ available inside the container.
+
**-e**, **--env**=[]
Set environment variables
--
2.21.0

58
bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
View File

@ -1,58 +0,0 @@
From 64f1dfcbe4313bccacbe603dcb444da82d9136d7 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Thu, 23 Aug 2018 19:53:55 +1000
Subject: [PATCH] man: obey SOURCE_DATE_EPOCH when generating man pages
Previously our man pages included the current time each time they were
generated. This causes an issue for reproducible builds, since each
re-build of a package that includes the man pages will have different
times listed in the man pages.
To fix this, add support for SOURCE_DATE_EPOCH (which is a standardised
packaging environment variable, designed to be used specifically for
this purpose[1]). spf13/cobra doesn't support this natively yet (though
I will push a patch for that as well), but it's simpler to fix it
directly in docker/cli.
[1]: https://reproducible-builds.org/specs/source-date-epoch/
SUSE-Bugs: boo#1047218
Signed-off-by: Aleksa Sarai <asarai@suse.de>
---
components/cli/man/generate.go | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/components/cli/man/generate.go b/components/cli/man/generate.go
index 2d940e31fd10..e5e480be3f32 100644
--- a/components/cli/man/generate.go
+++ b/components/cli/man/generate.go
@@ -6,6 +6,8 @@ import (
"log"
"os"
"path/filepath"
+ "strconv"
+ "time"
"github.com/docker/cli/cli/command"
"github.com/docker/cli/cli/command/commands"
@@ -24,6 +26,17 @@ func generateManPages(opts *options) error {
Source: "Docker Community",
}
+ // If SOURCE_DATE_EPOCH is set, in order to allow reproducible package
+ // builds, we explicitly set the build time to SOURCE_DATE_EPOCH.
+ if epoch := os.Getenv("SOURCE_DATE_EPOCH"); epoch != "" {
+ unixEpoch, err := strconv.ParseInt(epoch, 10, 64)
+ if err != nil {
+ return fmt.Errorf("invalid SOURCE_DATE_EPOCH: %v", err)
+ }
+ now := time.Unix(unixEpoch, 0)
+ header.Date = &now
+ }
+
stdin, stdout, stderr := term.StdStreams()
dockerCli := command.NewDockerCli(stdin, stdout, stderr, false, nil)
cmd := &cobra.Command{Use: "docker"}
--
2.21.0

13
bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
View File

@ -1,4 +1,4 @@
From 66a84fc12ea9c9a4a9805550b3cd2055862ef1c6 Mon Sep 17 00:00:00 2001
From a67925f5d977db2b5a1b0162149cbd0de2b20598 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Fri, 29 Jun 2018 17:59:30 +1000
Subject: [PATCH] apparmor: clobber docker-default profile on start
@ -17,8 +17,8 @@ Signed-off-by: Aleksa Sarai <asarai@suse.de>
---
components/engine/daemon/apparmor_default.go | 14 ++++++++++----
.../engine/daemon/apparmor_default_unsupported.go | 4 ++++
components/engine/daemon/daemon.go | 4 +++-
3 files changed, 17 insertions(+), 5 deletions(-)
components/engine/daemon/daemon.go | 5 +++--
3 files changed, 17 insertions(+), 6 deletions(-)
diff --git a/components/engine/daemon/apparmor_default.go b/components/engine/daemon/apparmor_default.go
index 461f5c7f96b2..8f21c5c0c566 100644
@ -68,13 +68,14 @@ index 51f9c526b350..97d7758442ee 100644
return nil
}
diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index a307863017ab..67cd286002bf 100644
index f049b0d2a41f..7bd89e76b32f 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
@@ -735,7 +735,9 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
@@ -807,8 +807,9 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
logrus.Warnf("Failed to configure golang's threads limit: %v", err)
}
- // ensureDefaultAppArmorProfile does nothing if apparmor is disabled
- if err := ensureDefaultAppArmorProfile(); err != nil {
+ // Make sure we clobber any pre-existing docker-default profile to ensure
+ // that upgrades to the profile actually work smoothly.
@ -83,5 +84,5 @@ index a307863017ab..67cd286002bf 100644
}
--
2.21.0
2.22.0

121
bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch
View File

@ -1,121 +0,0 @@
From c2e035cbcb9a9fb7f89f729bef5b3354891fcdad Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Tue, 12 Mar 2019 18:37:31 +1100
Subject: [PATCH] integration-cli: don't build -test images if they already
exist
There's no need to try to re-build the test images if they already
exist. This change makes basically no difference to the upstream
integration test-suite running, but for users who want to run the
integration-cli suite on a host machine (such as distributions doing
tests) this change allows images to be pre-loaded such that compilers
aren't needed on the test machine.
However, this does remove the accidental re-compilation of nnp-test, as
well as handling errors far more cleanly (previously if an error
occurred during a test build, further tests won't attempt to rebuild
it).
SUSE-Bugs: bsc#1128746
Signed-off-by: Aleksa Sarai <asarai@suse.de>
---
.../fixtures_linux_daemon_test.go | 21 +++++++++--------
.../internal/test/environment/environment.go | 23 +++++++++++++++++++
2 files changed, 35 insertions(+), 9 deletions(-)
diff --git a/components/engine/integration-cli/fixtures_linux_daemon_test.go b/components/engine/integration-cli/fixtures_linux_daemon_test.go
index 5c874ec14b0c..ab152f4a9988 100644
--- a/components/engine/integration-cli/fixtures_linux_daemon_test.go
+++ b/components/engine/integration-cli/fixtures_linux_daemon_test.go
@@ -8,7 +8,6 @@ import (
"path/filepath"
"runtime"
"strings"
- "sync"
"github.com/docker/docker/internal/test/fixtures/load"
"github.com/go-check/check"
@@ -24,17 +23,13 @@ type logT interface {
Logf(string, ...interface{})
}
-var ensureSyscallTestOnce sync.Once
-
func ensureSyscallTest(c *check.C) {
- var doIt bool
- ensureSyscallTestOnce.Do(func() {
- doIt = true
- })
- if !doIt {
+ defer testEnv.ProtectImage(c, "syscall-test:latest")
+
+ // If the image already exists, there's nothing left to do.
+ if testEnv.HasExistingImage(c, "syscall-test:latest") {
return
}
- defer testEnv.ProtectImage(c, "syscall-test:latest")
// if no match, must build in docker, which is significantly slower
// (slower mostly because of the vfs graphdriver)
@@ -93,6 +88,14 @@ func ensureSyscallTestBuild(c *check.C) {
func ensureNNPTest(c *check.C) {
defer testEnv.ProtectImage(c, "nnp-test:latest")
+
+ // If the image already exists, there's nothing left to do.
+ if testEnv.HasExistingImage(c, "nnp-test:latest") {
+ return
+ }
+
+ // if no match, must build in docker, which is significantly slower
+ // (slower mostly because of the vfs graphdriver)
if testEnv.OSType != runtime.GOOS {
ensureNNPTestBuild(c)
return
diff --git a/components/engine/internal/test/environment/environment.go b/components/engine/internal/test/environment/environment.go
index 5538d2097e9b..763c08ba4845 100644
--- a/components/engine/internal/test/environment/environment.go
+++ b/components/engine/internal/test/environment/environment.go
@@ -8,9 +8,12 @@ import (
"strings"
"github.com/docker/docker/api/types"
+ "github.com/docker/docker/api/types/filters"
"github.com/docker/docker/client"
+ "github.com/docker/docker/internal/test"
"github.com/docker/docker/internal/test/fixtures/load"
"github.com/pkg/errors"
+ "gotest.tools/assert"
)
// Execution contains information about the current test execution and daemon
@@ -151,6 +154,26 @@ func (e *Execution) IsUserNamespace() bool {
return root != ""
}
+// HasExistingImage checks whether there is an image with the given reference.
+// Note that this is done by filtering and then checking whether there were any
+// results -- so ambiguous references might result in false-positives.
+func (e *Execution) HasExistingImage(t testingT, reference string) bool {
+ if ht, ok := t.(test.HelperT); ok {
+ ht.Helper()
+ }
+ client := e.APIClient()
+ filter := filters.NewArgs()
+ filter.Add("dangling", "false")
+ filter.Add("reference", reference)
+ imageList, err := client.ImageList(context.Background(), types.ImageListOptions{
+ All: true,
+ Filters: filter,
+ })
+ assert.NilError(t, err, "failed to list images")
+
+ return len(imageList) > 0
+}
+
// EnsureFrozenImagesLinux loads frozen test images into the daemon
// if they aren't already loaded
func EnsureFrozenImagesLinux(testEnv *Execution) error {
--
2.21.0

3
docker-18.09.7_ce_2d0083d657f8.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a84e46e28a2f23f7303146f650649e6ff18b3dbb96a842d538b6458f63d8a3ce
size 9343716

3
docker-19.03.0_ce_aeac9490dc54.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:8987d5663c875fe4dde2e367099fd737902b95c80a8d712d14723bea44e335d8
size 9978876

24
docker.changes
View File

@ -1,3 +1,27 @@
-------------------------------------------------------------------
Mon Jul 22 22:13:30 UTC 2019 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 19.03.0-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1142413
- Remove upstreamed patches:
- bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch
- bsc1001161-0002-cli-add-a-separate-domainname-flag.patch
- bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
- bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch
- Rebase pacthes:
* bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
* packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
* private-registry-0001-Add-private-registry-mirror-support.patch
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
-------------------------------------------------------------------
Wed Jul 17 23:15:33 UTC 2019 - Aleksa Sarai <asarai@suse.com>
- Move bash-completion to correct location.
- Update to Docker 18.09.8-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1142160 CVE-2019-13509
-------------------------------------------------------------------
Fri Jun 28 01:21:19 UTC 2019 - Aleksa Sarai <asarai@suse.com>

36
docker.spec
View File

@ -42,17 +42,17 @@
# helpfully injects into our build environment from the changelog). If you want
# to generate a new git_commit_epoch, use this:
# $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s'
%define git_version 2d0083d657f8
%define git_commit_epoch 1561655613
%define git_version aeac9490dc54
%define git_commit_epoch 1563384968
# These are the git commits required. We verify them against the source to make
# sure we didn't miss anything important when doing upgrades.
%define required_containerd 894b81a4b802e4eb2a91d1ce216b8817763c29fb
%define required_dockerrunc 425e105d5a03fabd737a126ad93d62a9eeede87f
%define required_libnetwork e7933d41e7b206756115aa9df5e0599fc5169742
%define required_libnetwork fc5a7d91d54cc98f64fc28f9e288b46a0bee756c
Name: %{realname}%{name_suffix}
Version: 18.09.7_ce
Version: 19.03.0_ce
Release: 0
Summary: The Moby-project Linux container runtime
License: Apache-2.0
@ -79,19 +79,11 @@ Patch200: secrets-0001-daemon-allow-directory-creation-in-run-secrets.patc
Patch201: secrets-0002-SUSE-implement-SUSE-container-secrets.patch
# SUSE-BACKPORT: Backport of https://github.com/docker/docker/pull/37353. bsc#1099277
Patch401: bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
# SUSE-BACKPORT: Backport of https://github.com/docker/cli/pull/1306. boo#1047218
Patch402: bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
# SUSE-ISSUE: Revert of https://github.com/docker/docker/pull/37907.
Patch403: packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
# SUSE-BACKPORT: Backport of https://github.com/docker/docker/pull/37302. bsc#1001161
Patch404: bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch
# SUSE-BACKPORT: Backport of https://github.com/docker/cli/pull/1130. bsc#1001161
Patch405: bsc1001161-0002-cli-add-a-separate-domainname-flag.patch
Patch402: packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
# SUSE-FEATURE: Add support to mirror inofficial/private registries
# (https://github.com/docker/docker/pull/34319)
Patch500: private-registry-0001-Add-private-registry-mirror-support.patch
# SUSE-BACKPORT: Backport of test-only patch https://github.com/moby/moby/pull/38853. bsc1128746
Patch900: bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch
BuildRequires: audit
BuildRequires: bash-completion
BuildRequires: ca-certificates
@ -141,9 +133,8 @@ Recommends: lvm2 >= 2.2.89
Recommends: git-core >= 1.7
Conflicts: lxc < 1.0
ExcludeArch: s390 ppc
# Make sure we build with go 1.10
BuildRequires: go-go-md2man
BuildRequires: golang(API) = 1.10
BuildRequires: golang(API) >= 1.12
# KUBIC-SPECIFIC: This was required when upgrading from the original kubic
# packaging, when everything was renamed to -kubic. It also is
# used to ensure that nothing complains too much when using
@ -266,19 +257,12 @@ docker container runtime configuration for kubeadm
%endif
# bsc#1099277
%patch401 -p1
# boo#1047218
%patch402 -p1
# revert upstream
%patch403 -p1
# bsc#1001161
%patch404 -p1
%patch405 -p1
%patch402 -p1
%if "%flavour" == "kubic"
# PATCH-SUSE: Mirror patch.
%patch500 -p1
%endif
# bsc#1128746
%patch900 -p1
cp %{SOURCE7} .
@ -374,7 +358,7 @@ install -Dd -m 0755 \
%{buildroot}%{_sysconfdir}/init.d \
%{buildroot}%{_sbindir}
install -D -m0644 components/cli/contrib/completion/bash/docker "%{buildroot}%{_sysconfdir}/bash_completion.d/%{realname}"
install -D -m0644 components/cli/contrib/completion/bash/docker "%{buildroot}%{_datarootdir}/bash-completion/completions/%{realname}"
install -D -m0644 components/cli/contrib/completion/zsh/_docker "%{buildroot}%{_sysconfdir}/zsh_completion.d/%{realname}"
#
@ -487,11 +471,11 @@ getent group docker >/dev/null || groupadd -r docker
%files bash-completion
%defattr(-,root,root)
%config %{_sysconfdir}/bash_completion.d/%{realname}
%{_datarootdir}/bash-completion/completions/%{realname}
%files zsh-completion
%defattr(-,root,root)
%config %{_sysconfdir}/zsh_completion.d/%{realname}
%{_sysconfdir}/zsh_completion.d/%{realname}
%files test
%defattr(-,root,root)

97
packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
View File

@ -1,4 +1,4 @@
From 6d022d4e08225c2fda686fc0d5febecee2efa864 Mon Sep 17 00:00:00 2001
From 33d18d20a806e2541292acb55338dea2065d2501 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Thu, 29 Nov 2018 20:53:16 +1100
Subject: [PATCH] revert "Remove 'docker-' prefix for containerd and runc
@ -11,20 +11,19 @@ up-to-date one available for Podman).
Signed-off-by: Aleksa Sarai <asarai@suse.de>
---
components/engine/api/swagger.yaml | 4 +--
.../builder/builder-next/executor_unix.go | 2 +-
components/engine/cmd/dockerd/daemon.go | 36 +++++++------------
components/engine/daemon/daemon_unix.go | 6 ++--
.../libcontainerd/supervisor/remote_daemon.go | 4 +--
.../supervisor/remote_daemon_linux.go | 4 +--
.../supervisor/remote_daemon_windows.go | 4 +--
7 files changed, 25 insertions(+), 35 deletions(-)
components/engine/api/swagger.yaml | 4 ++--
components/engine/builder/builder-next/executor_unix.go | 2 +-
components/engine/daemon/daemon_unix.go | 6 +++---
components/engine/libcontainerd/supervisor/remote_daemon.go | 4 ++--
.../engine/libcontainerd/supervisor/remote_daemon_linux.go | 4 ++--
.../libcontainerd/supervisor/remote_daemon_windows.go | 4 ++--
6 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/components/engine/api/swagger.yaml b/components/engine/api/swagger.yaml
index ca9d29e021de..082e5783ff1f 100644
index 6e0bc25b52d6..58f860d22a49 100644
--- a/components/engine/api/swagger.yaml
+++ b/components/engine/api/swagger.yaml
@@ -3866,10 +3866,10 @@ definitions:
@@ -3980,10 +3980,10 @@ definitions:
$ref: "#/definitions/Runtime"
default:
runc:
@ -38,80 +37,20 @@ index ca9d29e021de..082e5783ff1f 100644
path: "/go/bin/runc"
custom:
diff --git a/components/engine/builder/builder-next/executor_unix.go b/components/engine/builder/builder-next/executor_unix.go
index 3a11f8588144..ce4d2d937f9f 100644
index 620ffb401de7..dd63779a27d2 100644
--- a/components/engine/builder/builder-next/executor_unix.go
+++ b/components/engine/builder/builder-next/executor_unix.go
@@ -28,7 +28,7 @@ func newExecutor(root, cgroupParent string, net libnetwork.NetworkController) (e
@@ -28,7 +28,7 @@ func newExecutor(root, cgroupParent string, net libnetwork.NetworkController, ro
}
return runcexecutor.New(runcexecutor.Opt{
Root: filepath.Join(root, "executor"),
- CommandCandidates: []string{"runc"},
+ CommandCandidates: []string{"docker-runc", "runc"},
DefaultCgroupParent: cgroupParent,
}, networkProviders)
}
diff --git a/components/engine/cmd/dockerd/daemon.go b/components/engine/cmd/dockerd/daemon.go
index 839537316af4..05922e6418d0 100644
--- a/components/engine/cmd/dockerd/daemon.go
+++ b/components/engine/cmd/dockerd/daemon.go
@@ -10,7 +10,6 @@ import (
"strings"
"time"
- containerddefaults "github.com/containerd/containerd/defaults"
"github.com/docker/distribution/uuid"
"github.com/docker/docker/api"
apiserver "github.com/docker/docker/api/server"
@@ -141,25 +140,21 @@ func (cli *DaemonCli) start(opts *daemonOptions) (err error) {
ctx, cancel := context.WithCancel(context.Background())
if cli.Config.ContainerdAddr == "" && runtime.GOOS != "windows" {
- if !systemContainerdRunning() {
- opts, err := cli.getContainerdDaemonOpts()
- if err != nil {
- cancel()
- return fmt.Errorf("Failed to generate containerd options: %v", err)
- }
-
- r, err := supervisor.Start(ctx, filepath.Join(cli.Config.Root, "containerd"), filepath.Join(cli.Config.ExecRoot, "containerd"), opts...)
- if err != nil {
- cancel()
- return fmt.Errorf("Failed to start containerd: %v", err)
- }
- cli.Config.ContainerdAddr = r.Address()
+ opts, err := cli.getContainerdDaemonOpts()
+ if err != nil {
+ cancel()
+ return fmt.Errorf("Failed to generate containerd options: %v", err)
+ }
- // Try to wait for containerd to shutdown
- defer r.WaitTimeout(10 * time.Second)
- } else {
- cli.Config.ContainerdAddr = containerddefaults.DefaultAddress
+ r, err := supervisor.Start(ctx, filepath.Join(cli.Config.Root, "containerd"), filepath.Join(cli.Config.ExecRoot, "containerd"), opts...)
+ if err != nil {
+ cancel()
+ return fmt.Errorf("Failed to start containerd: %v", err)
}
+ cli.Config.ContainerdAddr = r.Address()
+
+ // Try to wait for containerd to shutdown
+ defer r.WaitTimeout(10 * time.Second)
}
defer cancel()
@@ -665,8 +660,3 @@ func validateAuthzPlugins(requestedPlugins []string, pg plugingetter.PluginGette
}
return nil
}
-
-func systemContainerdRunning() bool {
- _, err := os.Lstat(containerddefaults.DefaultAddress)
- return err == nil
-}
Rootless: rootless,
NoPivot: os.Getenv("DOCKER_RAMDISK") != "",
diff --git a/components/engine/daemon/daemon_unix.go b/components/engine/daemon/daemon_unix.go
index 5234201c828f..c40d11bc85c2 100644
index df64de6edf13..fa9bfb528414 100644
--- a/components/engine/daemon/daemon_unix.go
+++ b/components/engine/daemon/daemon_unix.go
@@ -54,11 +54,11 @@ import (
@ -128,7 +67,7 @@ index 5234201c828f..c40d11bc85c2 100644
// See https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/tree/kernel/sched/sched.h?id=8cd9234c64c584432f6992fe944ca9e46ca8ea76#n269
linuxMinCPUShares = 2
@@ -76,7 +76,7 @@ const (
@@ -77,7 +77,7 @@ const (
// DefaultRuntimeName is the default runtime to be used by
// containerd if none is specified
@ -138,7 +77,7 @@ index 5234201c828f..c40d11bc85c2 100644
type containerGetter interface {
diff --git a/components/engine/libcontainerd/supervisor/remote_daemon.go b/components/engine/libcontainerd/supervisor/remote_daemon.go
index eb9a2bdd8198..309f50f26bb2 100644
index 31b93f11f0b1..5fba7f29eff9 100644
--- a/components/engine/libcontainerd/supervisor/remote_daemon.go
+++ b/components/engine/libcontainerd/supervisor/remote_daemon.go
@@ -27,8 +27,8 @@ const (
@ -183,5 +122,5 @@ index 9b254ef58a0a..bcdc9529e0f7 100644
func (r *remote) setDefaults() {
--
2.21.0
2.22.0

87
private-registry-0001-Add-private-registry-mirror-support.patch
View File

@ -1,4 +1,4 @@
From 2a00f998e1e081a9f72f0ba81403dceea252c6a1 Mon Sep 17 00:00:00 2001
From 69d43a9550cdedf86b0d4b29e9d737af90221109 Mon Sep 17 00:00:00 2001
From: Valentin Rothberg <vrothberg@suse.com>
Date: Mon, 2 Jul 2018 13:37:34 +0200
Subject: [PATCH] Add private-registry mirror support
@ -72,12 +72,12 @@ Signed-off-by: Aleksa Sarai <asarai@suse.de>
components/engine/distribution/pull.go | 2 +-
components/engine/distribution/pull_v2.go | 2 +-
components/engine/distribution/push.go | 2 +-
components/engine/registry/config.go | 120 ++++++++++++++-
components/engine/registry/config.go | 124 ++++++++++++++-
components/engine/registry/config_test.go | 136 +++++++++++++++++
components/engine/registry/registry_test.go | 91 ++++++++++-
components/engine/registry/service.go | 56 ++++---
components/engine/registry/service.go | 45 ++++--
components/engine/registry/service_v2.go | 66 +++++---
12 files changed, 705 insertions(+), 46 deletions(-)
12 files changed, 697 insertions(+), 47 deletions(-)
diff --git a/components/engine/api/types/registry/registry.go b/components/engine/api/types/registry/registry.go
index 8789ad3b3210..c663fec7d881 100644
@ -243,10 +243,10 @@ index 8789ad3b3210..c663fec7d881 100644
// NetIPNet is the net.IPNet type, which can be marshalled and
diff --git a/components/engine/daemon/config/config.go b/components/engine/daemon/config/config.go
index 8b2c844a579f..e61940661c70 100644
index 80ecbbd9550d..8ce69714d9bf 100644
--- a/components/engine/daemon/config/config.go
+++ b/components/engine/daemon/config/config.go
@@ -470,6 +470,10 @@ func findConfigurationConflicts(config map[string]interface{}, flags *pflag.Flag
@@ -467,6 +467,10 @@ func findConfigurationConflicts(config map[string]interface{}, flags *pflag.Flag
// 1. Search keys from the file that we don't recognize as flags.
unknownKeys := make(map[string]interface{})
for key, value := range config {
@ -258,7 +258,7 @@ index 8b2c844a579f..e61940661c70 100644
unknownKeys[key] = value
}
diff --git a/components/engine/daemon/reload.go b/components/engine/daemon/reload.go
index 026d7dd517f7..924c3982cd2a 100644
index a31dd0cb87c1..99cc4a65a79d 100644
--- a/components/engine/daemon/reload.go
+++ b/components/engine/daemon/reload.go
@@ -21,8 +21,14 @@ import (
@ -286,7 +286,7 @@ index 026d7dd517f7..924c3982cd2a 100644
return daemon.reloadNetworkDiagnosticPort(conf, attributes)
}
@@ -294,6 +303,30 @@ func (daemon *Daemon) reloadRegistryMirrors(conf *config.Config, attributes map[
@@ -295,6 +304,30 @@ func (daemon *Daemon) reloadRegistryMirrors(conf *config.Config, attributes map[
return nil
}
@ -314,7 +314,7 @@ index 026d7dd517f7..924c3982cd2a 100644
+ return nil
+}
+
// reloadLiveRestore updates configuration with live retore option
// reloadLiveRestore updates configuration with live restore option
// and updates the passed attributes
func (daemon *Daemon) reloadLiveRestore(conf *config.Config, attributes map[string]string) error {
diff --git a/components/engine/daemon/reload_test.go b/components/engine/daemon/reload_test.go
@ -431,10 +431,10 @@ index ffad297f71b7..21733c3f1e33 100644
daemon := &Daemon{
imageService: images.NewImageService(images.ImageServiceConfig{}),
diff --git a/components/engine/distribution/pull.go b/components/engine/distribution/pull.go
index 5de73ae99ac3..8e78c49273dd 100644
index be366ce4a99b..49e0d0352778 100644
--- a/components/engine/distribution/pull.go
+++ b/components/engine/distribution/pull.go
@@ -63,7 +63,7 @@ func Pull(ctx context.Context, ref reference.Named, imagePullConfig *ImagePullCo
@@ -58,7 +58,7 @@ func Pull(ctx context.Context, ref reference.Named, imagePullConfig *ImagePullCo
return err
}
@ -444,7 +444,7 @@ index 5de73ae99ac3..8e78c49273dd 100644
return err
}
diff --git a/components/engine/distribution/pull_v2.go b/components/engine/distribution/pull_v2.go
index 8f05cfa0b289..a562477ea6cd 100644
index dd91ff2157b1..2640f6134e5d 100644
--- a/components/engine/distribution/pull_v2.go
+++ b/components/engine/distribution/pull_v2.go
@@ -379,7 +379,7 @@ func (p *v2Puller) pullV2Tag(ctx context.Context, ref reference.Named, platform
@ -457,10 +457,10 @@ index 8f05cfa0b289..a562477ea6cd 100644
var (
diff --git a/components/engine/distribution/push.go b/components/engine/distribution/push.go
index eb3bc5597462..a4624dee9482 100644
index 5617a4c95f49..0a24aebed968 100644
--- a/components/engine/distribution/push.go
+++ b/components/engine/distribution/push.go
@@ -64,7 +64,7 @@ func Push(ctx context.Context, ref reference.Named, imagePushConfig *ImagePushCo
@@ -58,7 +58,7 @@ func Push(ctx context.Context, ref reference.Named, imagePushConfig *ImagePushCo
return err
}
@ -470,29 +470,27 @@ index eb3bc5597462..a4624dee9482 100644
return err
}
diff --git a/components/engine/registry/config.go b/components/engine/registry/config.go
index de5a526b694d..cf90abb8be04 100644
index 6bb9258c9b6f..f1945237d235 100644
--- a/components/engine/registry/config.go
+++ b/components/engine/registry/config.go
@@ -14,7 +14,7 @@ import (
@@ -14,11 +14,12 @@ import (
"github.com/sirupsen/logrus"
)
-// ServiceOptions holds command line options.
+// ServiceOptions holds the user-specified configuration options.
type ServiceOptions struct {
AllowNondistributableArtifacts []string `json:"allow-nondistributable-artifacts,omitempty"`
Mirrors []string `json:"registry-mirrors,omitempty"`
@@ -23,6 +23,9 @@ type ServiceOptions struct {
// V2Only controls access to legacy registries. If it is set to true via the
// command line flag the daemon will not attempt to contact v1 legacy registries
V2Only bool `json:"disable-legacy-registry,omitempty"`
+
+ // Registries holds information associated with the specified registries.
+ Registries []registrytypes.Registry `json:"registries,omitempty"`
- AllowNondistributableArtifacts []string `json:"allow-nondistributable-artifacts,omitempty"`
- Mirrors []string `json:"registry-mirrors,omitempty"`
- InsecureRegistries []string `json:"insecure-registries,omitempty"`
+ AllowNondistributableArtifacts []string `json:"allow-nondistributable-artifacts,omitempty"`
+ Mirrors []string `json:"registry-mirrors,omitempty"`
+ InsecureRegistries []string `json:"insecure-registries,omitempty"`
+ Registries []registrytypes.Registry `json:"registries,omitempty"`
}
// serviceConfig holds daemon configuration for the registry service.
@@ -67,8 +70,21 @@ var (
@@ -62,8 +63,21 @@ var (
// for mocking in unit tests
var lookupIP = net.LookupIP
@ -514,7 +512,7 @@ index de5a526b694d..cf90abb8be04 100644
config := &serviceConfig{
ServiceConfig: registrytypes.ServiceConfig{
InsecureRegistryCIDRs: make([]*registrytypes.NetIPNet, 0),
@@ -87,10 +103,104 @@ func newServiceConfig(options ServiceOptions) (*serviceConfig, error) {
@@ -81,10 +95,104 @@ func newServiceConfig(options ServiceOptions) (*serviceConfig, error) {
if err := config.LoadInsecureRegistries(options.InsecureRegistries); err != nil {
return nil, err
}
@ -619,7 +617,7 @@ index de5a526b694d..cf90abb8be04 100644
// LoadAllowNondistributableArtifacts loads allow-nondistributable-artifacts registries into config.
func (config *serviceConfig) LoadAllowNondistributableArtifacts(registries []string) error {
cidrs := map[string]*registrytypes.NetIPNet{}
@@ -131,6 +241,10 @@ func (config *serviceConfig) LoadAllowNondistributableArtifacts(registries []str
@@ -125,6 +233,10 @@ func (config *serviceConfig) LoadAllowNondistributableArtifacts(registries []str
// LoadMirrors loads mirrors to config, after removing duplicates.
// Returns an error if mirrors contains an invalid mirror.
func (config *serviceConfig) LoadMirrors(mirrors []string) error {
@ -630,7 +628,7 @@ index de5a526b694d..cf90abb8be04 100644
mMap := map[string]struct{}{}
unique := []string{}
@@ -160,6 +274,10 @@ func (config *serviceConfig) LoadMirrors(mirrors []string) error {
@@ -154,6 +266,10 @@ func (config *serviceConfig) LoadMirrors(mirrors []string) error {
// LoadInsecureRegistries loads insecure registries to config
func (config *serviceConfig) LoadInsecureRegistries(registries []string) error {
@ -921,7 +919,7 @@ index b7459471b3f6..1e0d53e7dc21 100644
func TestPushRegistryTag(t *testing.T) {
diff --git a/components/engine/registry/service.go b/components/engine/registry/service.go
index b441970ff170..b3c1ee21f383 100644
index 08f5c7a4e12c..ee0c97a8a21b 100644
--- a/components/engine/registry/service.go
+++ b/components/engine/registry/service.go
@@ -8,7 +8,7 @@ import (
@ -1031,33 +1029,8 @@ index b441970ff170..b3c1ee21f383 100644
if err == nil {
for _, endpoint := range allEndpoints {
if !endpoint.Mirror {
@@ -308,8 +323,8 @@ func (s *DefaultService) LookupPushEndpoints(hostname string) (endpoints []APIEn
return endpoints, err
}
-func (s *DefaultService) lookupEndpoints(hostname string) (endpoints []APIEndpoint, err error) {
- endpoints, err = s.lookupV2Endpoints(hostname)
+func (s *DefaultService) lookupEndpoints(reference string) (endpoints []APIEndpoint, err error) {
+ endpoints, err = s.lookupV2Endpoints(reference)
if err != nil {
return nil, err
}
@@ -318,6 +333,13 @@ func (s *DefaultService) lookupEndpoints(hostname string) (endpoints []APIEndpoi
return endpoints, nil
}
+ // When falling back to V1 endpoints, switch to the hostname
+ ref, err := dref.ParseNamed(reference)
+ if err != nil {
+ return nil, err
+ }
+ hostname := dref.Domain(ref)
+
legacyEndpoints, err := s.lookupV1Endpoints(hostname)
if err != nil {
return nil, err
diff --git a/components/engine/registry/service_v2.go b/components/engine/registry/service_v2.go
index 3a56dc91145a..9de221cf2aa0 100644
index 1a4c9e310547..efebb4f41486 100644
--- a/components/engine/registry/service_v2.go
+++ b/components/engine/registry/service_v2.go
@@ -1,30 +1,51 @@
@ -1160,5 +1133,5 @@ index 3a56dc91145a..9de221cf2aa0 100644
endpoints = []APIEndpoint{
--
2.21.0
2.22.0

6
secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
View File

@ -1,4 +1,4 @@
From 6603582112f42cd00b84d62a5412f2380e55d7e3 Mon Sep 17 00:00:00 2001
From 47b241f184e61474957c4ffb8a3dcbaa543eadb9 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Wed, 8 Mar 2017 12:41:54 +1100
Subject: [PATCH 1/2] daemon: allow directory creation in /run/secrets
@ -14,7 +14,7 @@ Signed-off-by: Aleksa Sarai <asarai@suse.de>
1 file changed, 21 insertions(+), 3 deletions(-)
diff --git a/components/engine/daemon/container_operations_unix.go b/components/engine/daemon/container_operations_unix.go
index c0aab7234269..8d8b13d26cff 100644
index 3fcdc1913bed..4920def81a7e 100644
--- a/components/engine/daemon/container_operations_unix.go
+++ b/components/engine/daemon/container_operations_unix.go
@@ -3,6 +3,7 @@
@ -70,5 +70,5 @@ index c0aab7234269..8d8b13d26cff 100644
return errors.Wrap(err, "error setting ownership for secret")
}
--
2.21.0
2.22.0

6
secrets-0002-SUSE-implement-SUSE-container-secrets.patch
View File

@ -1,4 +1,4 @@
From 3eabc382912eeb475013b5514412968dfa300d63 Mon Sep 17 00:00:00 2001
From 80072183953f8cf6fcef6b5e65e609e833dd9fb8 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Wed, 8 Mar 2017 11:43:29 +1100
Subject: [PATCH 2/2] SUSE: implement SUSE container secrets
@ -19,7 +19,7 @@ Signed-off-by: Aleksa Sarai <asarai@suse.de>
create mode 100644 components/engine/daemon/suse_secrets.go
diff --git a/components/engine/daemon/start.go b/components/engine/daemon/start.go
index e2265a4faeca..31b60e5621c6 100644
index 57a7267b7cbb..46c3a603554f 100644
--- a/components/engine/daemon/start.go
+++ b/components/engine/daemon/start.go
@@ -151,6 +151,11 @@ func (daemon *Daemon) containerStart(container *container.Container, checkpoint
@ -437,5 +437,5 @@ index 000000000000..087c877015a7
+ return nil
+}
--
2.21.0
2.22.0