Accepting request 717727 from Virtualization:containers
Docker v19.03.0-ce update. OBS-URL: https://build.opensuse.org/request/show/717727 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=92
This commit is contained in:
commit
06d25ab841
4
_service
4
_service
@ -3,8 +3,8 @@
|
||||
<param name="url">https://github.com/docker/docker-ce.git</param>
|
||||
<param name="scm">git</param>
|
||||
<param name="exclude">.git</param>
|
||||
<param name="versionformat">18.09.7_ce_%h</param>
|
||||
<param name="revision">v18.09.7</param>
|
||||
<param name="versionformat">19.03.0_ce_%h</param>
|
||||
<param name="revision">v19.03.0</param>
|
||||
<param name="filename">docker</param>
|
||||
</service>
|
||||
<service name="recompress" mode="disabled">
|
||||
|
@ -1,66 +0,0 @@
|
||||
From a3e63ddd20b7f52ff5e81bdb1beb867d28a1c9c8 Mon Sep 17 00:00:00 2001
|
||||
From: Aleksa Sarai <asarai@suse.de>
|
||||
Date: Sun, 17 Jun 2018 17:05:54 +1000
|
||||
Subject: [PATCH 1/2] oci: include the domainname in "kernel.domainname"
|
||||
|
||||
The OCI doesn't have a specific field for an NIS domainname[1] (mainly
|
||||
because FreeBSD and Solaris appear to have a similar concept but it is
|
||||
configured entirely differently).
|
||||
|
||||
However, on Linux, the NIS domainname can be configured through both the
|
||||
setdomainname(2) syscall but also through the "kernel.domainname"
|
||||
sysctl. Since the OCI has a way of injecting sysctls this means we don't
|
||||
need to have any OCI changes to support NIS domainnames (and we can
|
||||
always switch if the OCI picks up such support in the future).
|
||||
|
||||
It should be noted that because we have to generate this each spec
|
||||
creation we also have to make sure that it's not clobbered by the
|
||||
HostConfig. I'm pretty sure making this change generic (so that
|
||||
HostConfig will not clobber any pre-set sysctls) will not cause other
|
||||
issues to crop up.
|
||||
|
||||
[1]: https://github.com/opencontainers/runtime-spec/issues/592
|
||||
|
||||
SUSE-Bugs: bsc#1001161
|
||||
Signed-off-by: Aleksa Sarai <asarai@suse.de>
|
||||
---
|
||||
components/engine/daemon/oci_linux.go | 16 ++++++++++++++--
|
||||
1 file changed, 14 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/components/engine/daemon/oci_linux.go b/components/engine/daemon/oci_linux.go
|
||||
index 7611fc054d13..d5838623528e 100644
|
||||
--- a/components/engine/daemon/oci_linux.go
|
||||
+++ b/components/engine/daemon/oci_linux.go
|
||||
@@ -679,7 +679,15 @@ func (daemon *Daemon) populateCommonSpec(s *specs.Spec, c *container.Container)
|
||||
s.Process.Cwd = cwd
|
||||
s.Process.Env = c.CreateDaemonEnvironment(c.Config.Tty, linkedEnv)
|
||||
s.Process.Terminal = c.Config.Tty
|
||||
- s.Hostname = c.FullHostname()
|
||||
+
|
||||
+ s.Hostname = c.Config.Hostname
|
||||
+ // There isn't a field in the OCI for the NIS domainname, but luckily there
|
||||
+ // is a sysctl which has an identical effect to setdomainname(2) so there's
|
||||
+ // no explicit need for runtime support.
|
||||
+ s.Linux.Sysctl = make(map[string]string)
|
||||
+ if c.Config.Domainname != "" {
|
||||
+ s.Linux.Sysctl["kernel.domainname"] = c.Config.Domainname
|
||||
+ }
|
||||
|
||||
return nil
|
||||
}
|
||||
@@ -715,7 +723,11 @@ func (daemon *Daemon) createSpec(c *container.Container) (retSpec *specs.Spec, e
|
||||
if err := setResources(&s, c.HostConfig.Resources); err != nil {
|
||||
return nil, fmt.Errorf("linux runtime spec resources: %v", err)
|
||||
}
|
||||
- s.Linux.Sysctl = c.HostConfig.Sysctls
|
||||
+ // We merge the sysctls injected above with the HostConfig (latter takes
|
||||
+ // precedence for backwards-compatibility reasons).
|
||||
+ for k, v := range c.HostConfig.Sysctls {
|
||||
+ s.Linux.Sysctl[k] = v
|
||||
+ }
|
||||
|
||||
p := s.Linux.CgroupsPath
|
||||
if useSystemd {
|
||||
--
|
||||
2.21.0
|
||||
|
@ -1,216 +0,0 @@
|
||||
From 1b4f9787461d00dceea94d51af8db80f0b6aa906 Mon Sep 17 00:00:00 2001
|
||||
From: Aleksa Sarai <asarai@suse.de>
|
||||
Date: Mon, 18 Jun 2018 21:58:23 +1000
|
||||
Subject: [PATCH 2/2] cli: add a separate --domainname flag
|
||||
|
||||
A while ago, Docker split the "Domainname" field out from the "Hostname"
|
||||
field for the container configuration. There was no real user-visible
|
||||
change associated with this (and under the hood "Domainname" was mostly
|
||||
left unused from the command-line point of view). We now add this flag
|
||||
in order to match other proposed changes to allow for setting the NIS
|
||||
domainname of a container.
|
||||
|
||||
This also includes a fix for the --hostname parsing tests (they would
|
||||
not error out if only one of .Hostname and .Domainname were incorrectly
|
||||
set -- which is not correct).
|
||||
|
||||
SUSE-Bugs: bsc#1001161
|
||||
Signed-off-by: Aleksa Sarai <asarai@suse.de>
|
||||
---
|
||||
components/cli/cli/command/container/opts.go | 3 ++
|
||||
.../cli/cli/command/container/opts_test.go | 31 ++++++++++++++++---
|
||||
components/cli/contrib/completion/bash/docker | 1 +
|
||||
components/cli/contrib/completion/zsh/_docker | 1 +
|
||||
.../cli/docs/reference/commandline/create.md | 1 +
|
||||
.../cli/docs/reference/commandline/run.md | 1 +
|
||||
.../reference/commandline/service_create.md | 2 +-
|
||||
components/cli/docs/reference/run.md | 6 ++--
|
||||
components/cli/man/docker-run.1.md | 7 +++++
|
||||
9 files changed, 44 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/components/cli/cli/command/container/opts.go b/components/cli/cli/command/container/opts.go
|
||||
index 97906b672252..7cd9ce998c8b 100644
|
||||
--- a/components/cli/cli/command/container/opts.go
|
||||
+++ b/components/cli/cli/command/container/opts.go
|
||||
@@ -74,6 +74,7 @@ type containerOptions struct {
|
||||
containerIDFile string
|
||||
entrypoint string
|
||||
hostname string
|
||||
+ domainname string
|
||||
memory opts.MemBytes
|
||||
memoryReservation opts.MemBytes
|
||||
memorySwap opts.MemSwapBytes
|
||||
@@ -169,6 +170,7 @@ func addFlags(flags *pflag.FlagSet) *containerOptions {
|
||||
flags.StringVar(&copts.entrypoint, "entrypoint", "", "Overwrite the default ENTRYPOINT of the image")
|
||||
flags.Var(&copts.groupAdd, "group-add", "Add additional groups to join")
|
||||
flags.StringVarP(&copts.hostname, "hostname", "h", "", "Container host name")
|
||||
+ flags.StringVar(&copts.domainname, "domainname", "", "Container NIS domain name")
|
||||
flags.BoolVarP(&copts.stdin, "interactive", "i", false, "Keep STDIN open even if not attached")
|
||||
flags.VarP(&copts.labels, "label", "l", "Set meta data on a container")
|
||||
flags.Var(&copts.labelsFile, "label-file", "Read in a line delimited file of labels")
|
||||
@@ -546,6 +548,7 @@ func parse(flags *pflag.FlagSet, copts *containerOptions) (*containerConfig, err
|
||||
|
||||
config := &container.Config{
|
||||
Hostname: copts.hostname,
|
||||
+ Domainname: copts.domainname,
|
||||
ExposedPorts: ports,
|
||||
User: copts.user,
|
||||
Tty: copts.tty,
|
||||
diff --git a/components/cli/cli/command/container/opts_test.go b/components/cli/cli/command/container/opts_test.go
|
||||
index 6d7c95a5ddb8..70bedc661751 100644
|
||||
--- a/components/cli/cli/command/container/opts_test.go
|
||||
+++ b/components/cli/cli/command/container/opts_test.go
|
||||
@@ -265,14 +265,35 @@ func TestParseHostname(t *testing.T) {
|
||||
hostnameWithDomainTld := "--hostname=hostname.domainname.tld"
|
||||
for hostname, expectedHostname := range validHostnames {
|
||||
if config, _ := mustParse(t, fmt.Sprintf("--hostname=%s", hostname)); config.Hostname != expectedHostname {
|
||||
- t.Fatalf("Expected the config to have 'hostname' as hostname, got '%v'", config.Hostname)
|
||||
+ t.Fatalf("Expected the config to have 'hostname' as %q, got %q", expectedHostname, config.Hostname)
|
||||
}
|
||||
}
|
||||
- if config, _ := mustParse(t, hostnameWithDomain); config.Hostname != "hostname.domainname" && config.Domainname != "" {
|
||||
- t.Fatalf("Expected the config to have 'hostname' as hostname.domainname, got '%v'", config.Hostname)
|
||||
+ if config, _ := mustParse(t, hostnameWithDomain); config.Hostname != "hostname.domainname" || config.Domainname != "" {
|
||||
+ t.Fatalf("Expected the config to have 'hostname' as hostname.domainname, got %q", config.Hostname)
|
||||
}
|
||||
- if config, _ := mustParse(t, hostnameWithDomainTld); config.Hostname != "hostname.domainname.tld" && config.Domainname != "" {
|
||||
- t.Fatalf("Expected the config to have 'hostname' as hostname.domainname.tld, got '%v'", config.Hostname)
|
||||
+ if config, _ := mustParse(t, hostnameWithDomainTld); config.Hostname != "hostname.domainname.tld" || config.Domainname != "" {
|
||||
+ t.Fatalf("Expected the config to have 'hostname' as hostname.domainname.tld, got %q", config.Hostname)
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+func TestParseHostnameDomainname(t *testing.T) {
|
||||
+ validDomainnames := map[string]string{
|
||||
+ "domainname": "domainname",
|
||||
+ "domain-name": "domain-name",
|
||||
+ "domainname123": "domainname123",
|
||||
+ "123domainname": "123domainname",
|
||||
+ "domainname-63-bytes-long-should-be-valid-and-without-any-errors": "domainname-63-bytes-long-should-be-valid-and-without-any-errors",
|
||||
+ }
|
||||
+ for domainname, expectedDomainname := range validDomainnames {
|
||||
+ if config, _ := mustParse(t, "--domainname="+domainname); config.Domainname != expectedDomainname {
|
||||
+ t.Fatalf("Expected the config to have 'domainname' as %q, got %q", expectedDomainname, config.Domainname)
|
||||
+ }
|
||||
+ }
|
||||
+ if config, _ := mustParse(t, "--hostname=some.prefix --domainname=domainname"); config.Hostname != "some.prefix" || config.Domainname != "domainname" {
|
||||
+ t.Fatalf("Expected the config to have 'hostname' as 'some.prefix' and 'domainname' as 'domainname', got %q and %q", config.Hostname, config.Domainname)
|
||||
+ }
|
||||
+ if config, _ := mustParse(t, "--hostname=another-prefix --domainname=domainname.tld"); config.Hostname != "another-prefix" || config.Domainname != "domainname.tld" {
|
||||
+ t.Fatalf("Expected the config to have 'hostname' as 'another-prefix' and 'domainname' as 'domainname.tld', got %q and %q", config.Hostname, config.Domainname)
|
||||
}
|
||||
}
|
||||
|
||||
diff --git a/components/cli/contrib/completion/bash/docker b/components/cli/contrib/completion/bash/docker
|
||||
index 92d57408617e..a0d4878ee311 100644
|
||||
--- a/components/cli/contrib/completion/bash/docker
|
||||
+++ b/components/cli/contrib/completion/bash/docker
|
||||
@@ -1809,6 +1809,7 @@ _docker_container_run_and_create() {
|
||||
--dns
|
||||
--dns-option
|
||||
--dns-search
|
||||
+ --domainname
|
||||
--entrypoint
|
||||
--env -e
|
||||
--env-file
|
||||
diff --git a/components/cli/contrib/completion/zsh/_docker b/components/cli/contrib/completion/zsh/_docker
|
||||
index 94f042204dfb..9a502db0886f 100644
|
||||
--- a/components/cli/contrib/completion/zsh/_docker
|
||||
+++ b/components/cli/contrib/completion/zsh/_docker
|
||||
@@ -617,6 +617,7 @@ __docker_container_subcommand() {
|
||||
"($help)*--dns=[Custom DNS servers]:DNS server: "
|
||||
"($help)*--dns-option=[Custom DNS options]:DNS option: "
|
||||
"($help)*--dns-search=[Custom DNS search domains]:DNS domains: "
|
||||
+ "($help)*--domainname=[Container NIS domain name]:domainname:_hosts"
|
||||
"($help)*"{-e=,--env=}"[Environment variables]:environment variable: "
|
||||
"($help)--entrypoint=[Overwrite the default entrypoint of the image]:entry point: "
|
||||
"($help)*--env-file=[Read environment variables from a file]:environment file:_files"
|
||||
diff --git a/components/cli/docs/reference/commandline/create.md b/components/cli/docs/reference/commandline/create.md
|
||||
index d585da40ae1e..c829dbb3e5b9 100644
|
||||
--- a/components/cli/docs/reference/commandline/create.md
|
||||
+++ b/components/cli/docs/reference/commandline/create.md
|
||||
@@ -53,6 +53,7 @@ Options:
|
||||
--dns value Set custom DNS servers (default [])
|
||||
--dns-option value Set DNS options (default [])
|
||||
--dns-search value Set custom DNS search domains (default [])
|
||||
+ --domainname string Container NIS domain name
|
||||
--entrypoint string Overwrite the default ENTRYPOINT of the image
|
||||
-e, --env value Set environment variables (default [])
|
||||
--env-file value Read in a file of environment variables (default [])
|
||||
diff --git a/components/cli/docs/reference/commandline/run.md b/components/cli/docs/reference/commandline/run.md
|
||||
index 6a2630bd1978..a4721e4a7761 100644
|
||||
--- a/components/cli/docs/reference/commandline/run.md
|
||||
+++ b/components/cli/docs/reference/commandline/run.md
|
||||
@@ -57,6 +57,7 @@ Options:
|
||||
--dns value Set custom DNS servers (default [])
|
||||
--dns-option value Set DNS options (default [])
|
||||
--dns-search value Set custom DNS search domains (default [])
|
||||
+ --domainname string Container NIS domain name
|
||||
--entrypoint string Overwrite the default ENTRYPOINT of the image
|
||||
-e, --env value Set environment variables (default [])
|
||||
--env-file value Read in a file of environment variables (default [])
|
||||
diff --git a/components/cli/docs/reference/commandline/service_create.md b/components/cli/docs/reference/commandline/service_create.md
|
||||
index bc68128d0cf9..b395a0bda064 100644
|
||||
--- a/components/cli/docs/reference/commandline/service_create.md
|
||||
+++ b/components/cli/docs/reference/commandline/service_create.md
|
||||
@@ -755,7 +755,7 @@ The swarm extends my-network to each node running the service.
|
||||
Containers on the same network can access each other using
|
||||
[service discovery](https://docs.docker.com/engine/swarm/networking/#use-swarm-mode-service-discovery).
|
||||
|
||||
-Long form syntax of `--network` allows to specify list of aliases and driver options:
|
||||
+Long form syntax of `--network` allows to specify list of aliases and driver options:
|
||||
`--network name=my-network,alias=web1,driver-opt=field1=value1`
|
||||
|
||||
### Publish service ports externally to the swarm (-p, --publish)
|
||||
diff --git a/components/cli/docs/reference/run.md b/components/cli/docs/reference/run.md
|
||||
index a59a30525554..695974fe533c 100644
|
||||
--- a/components/cli/docs/reference/run.md
|
||||
+++ b/components/cli/docs/reference/run.md
|
||||
@@ -256,7 +256,7 @@ The UTS namespace is for setting the hostname and the domain that is visible
|
||||
to running processes in that namespace. By default, all containers, including
|
||||
those with `--network=host`, have their own UTS namespace. The `host` setting will
|
||||
result in the container using the same UTS namespace as the host. Note that
|
||||
-`--hostname` is invalid in `host` UTS mode.
|
||||
+`--hostname` and `--domainname` are invalid in `host` UTS mode.
|
||||
|
||||
You may wish to share the UTS namespace with the host if you would like the
|
||||
hostname of the container to change as the hostname of the host changes. A
|
||||
@@ -396,8 +396,8 @@ network stack and all interfaces from the host will be available to the
|
||||
container. The container's hostname will match the hostname on the host
|
||||
system. Note that `--mac-address` is invalid in `host` netmode. Even in `host`
|
||||
network mode a container has its own UTS namespace by default. As such
|
||||
-`--hostname` is allowed in `host` network mode and will only change the
|
||||
-hostname inside the container.
|
||||
+`--hostname` and `--domainname` are allowed in `host` network mode and will
|
||||
+only change the hostname and domain name inside the container.
|
||||
Similar to `--hostname`, the `--add-host`, `--dns`, `--dns-search`, and
|
||||
`--dns-option` options can be used in `host` network mode. These options update
|
||||
`/etc/hosts` or `/etc/resolv.conf` inside the container. No change are made to
|
||||
diff --git a/components/cli/man/docker-run.1.md b/components/cli/man/docker-run.1.md
|
||||
index e03377001d4e..4a1464a74200 100644
|
||||
--- a/components/cli/man/docker-run.1.md
|
||||
+++ b/components/cli/man/docker-run.1.md
|
||||
@@ -35,6 +35,7 @@ docker-run - Run a command in a new container
|
||||
[**--dns**[=*[]*]]
|
||||
[**--dns-option**[=*[]*]]
|
||||
[**--dns-search**[=*[]*]]
|
||||
+[**--domainname**[=*DOMAINNAME*]]
|
||||
[**-e**|**--env**[=*[]*]]
|
||||
[**--entrypoint**[=*ENTRYPOINT*]]
|
||||
[**--env-file**[=*[]*]]
|
||||
@@ -285,6 +286,12 @@ configuration passed to the container. Typically this is necessary when the
|
||||
host DNS configuration is invalid for the container (e.g., 127.0.0.1). When this
|
||||
is the case the **--dns** flags is necessary for every run.
|
||||
|
||||
+**--domainname**=""
|
||||
+ Container NIS domain name
|
||||
+
|
||||
+ Sets the container's NIS domain name (see also **setdomainname(2)**) that is
|
||||
+ available inside the container.
|
||||
+
|
||||
**-e**, **--env**=[]
|
||||
Set environment variables
|
||||
|
||||
--
|
||||
2.21.0
|
||||
|
@ -1,58 +0,0 @@
|
||||
From 64f1dfcbe4313bccacbe603dcb444da82d9136d7 Mon Sep 17 00:00:00 2001
|
||||
From: Aleksa Sarai <asarai@suse.de>
|
||||
Date: Thu, 23 Aug 2018 19:53:55 +1000
|
||||
Subject: [PATCH] man: obey SOURCE_DATE_EPOCH when generating man pages
|
||||
|
||||
Previously our man pages included the current time each time they were
|
||||
generated. This causes an issue for reproducible builds, since each
|
||||
re-build of a package that includes the man pages will have different
|
||||
times listed in the man pages.
|
||||
|
||||
To fix this, add support for SOURCE_DATE_EPOCH (which is a standardised
|
||||
packaging environment variable, designed to be used specifically for
|
||||
this purpose[1]). spf13/cobra doesn't support this natively yet (though
|
||||
I will push a patch for that as well), but it's simpler to fix it
|
||||
directly in docker/cli.
|
||||
|
||||
[1]: https://reproducible-builds.org/specs/source-date-epoch/
|
||||
|
||||
SUSE-Bugs: boo#1047218
|
||||
Signed-off-by: Aleksa Sarai <asarai@suse.de>
|
||||
---
|
||||
components/cli/man/generate.go | 13 +++++++++++++
|
||||
1 file changed, 13 insertions(+)
|
||||
|
||||
diff --git a/components/cli/man/generate.go b/components/cli/man/generate.go
|
||||
index 2d940e31fd10..e5e480be3f32 100644
|
||||
--- a/components/cli/man/generate.go
|
||||
+++ b/components/cli/man/generate.go
|
||||
@@ -6,6 +6,8 @@ import (
|
||||
"log"
|
||||
"os"
|
||||
"path/filepath"
|
||||
+ "strconv"
|
||||
+ "time"
|
||||
|
||||
"github.com/docker/cli/cli/command"
|
||||
"github.com/docker/cli/cli/command/commands"
|
||||
@@ -24,6 +26,17 @@ func generateManPages(opts *options) error {
|
||||
Source: "Docker Community",
|
||||
}
|
||||
|
||||
+ // If SOURCE_DATE_EPOCH is set, in order to allow reproducible package
|
||||
+ // builds, we explicitly set the build time to SOURCE_DATE_EPOCH.
|
||||
+ if epoch := os.Getenv("SOURCE_DATE_EPOCH"); epoch != "" {
|
||||
+ unixEpoch, err := strconv.ParseInt(epoch, 10, 64)
|
||||
+ if err != nil {
|
||||
+ return fmt.Errorf("invalid SOURCE_DATE_EPOCH: %v", err)
|
||||
+ }
|
||||
+ now := time.Unix(unixEpoch, 0)
|
||||
+ header.Date = &now
|
||||
+ }
|
||||
+
|
||||
stdin, stdout, stderr := term.StdStreams()
|
||||
dockerCli := command.NewDockerCli(stdin, stdout, stderr, false, nil)
|
||||
cmd := &cobra.Command{Use: "docker"}
|
||||
--
|
||||
2.21.0
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 66a84fc12ea9c9a4a9805550b3cd2055862ef1c6 Mon Sep 17 00:00:00 2001
|
||||
From a67925f5d977db2b5a1b0162149cbd0de2b20598 Mon Sep 17 00:00:00 2001
|
||||
From: Aleksa Sarai <asarai@suse.de>
|
||||
Date: Fri, 29 Jun 2018 17:59:30 +1000
|
||||
Subject: [PATCH] apparmor: clobber docker-default profile on start
|
||||
@ -17,8 +17,8 @@ Signed-off-by: Aleksa Sarai <asarai@suse.de>
|
||||
---
|
||||
components/engine/daemon/apparmor_default.go | 14 ++++++++++----
|
||||
.../engine/daemon/apparmor_default_unsupported.go | 4 ++++
|
||||
components/engine/daemon/daemon.go | 4 +++-
|
||||
3 files changed, 17 insertions(+), 5 deletions(-)
|
||||
components/engine/daemon/daemon.go | 5 +++--
|
||||
3 files changed, 17 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/components/engine/daemon/apparmor_default.go b/components/engine/daemon/apparmor_default.go
|
||||
index 461f5c7f96b2..8f21c5c0c566 100644
|
||||
@ -68,13 +68,14 @@ index 51f9c526b350..97d7758442ee 100644
|
||||
return nil
|
||||
}
|
||||
diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
|
||||
index a307863017ab..67cd286002bf 100644
|
||||
index f049b0d2a41f..7bd89e76b32f 100644
|
||||
--- a/components/engine/daemon/daemon.go
|
||||
+++ b/components/engine/daemon/daemon.go
|
||||
@@ -735,7 +735,9 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
|
||||
@@ -807,8 +807,9 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
|
||||
logrus.Warnf("Failed to configure golang's threads limit: %v", err)
|
||||
}
|
||||
|
||||
- // ensureDefaultAppArmorProfile does nothing if apparmor is disabled
|
||||
- if err := ensureDefaultAppArmorProfile(); err != nil {
|
||||
+ // Make sure we clobber any pre-existing docker-default profile to ensure
|
||||
+ // that upgrades to the profile actually work smoothly.
|
||||
@ -83,5 +84,5 @@ index a307863017ab..67cd286002bf 100644
|
||||
}
|
||||
|
||||
--
|
||||
2.21.0
|
||||
2.22.0
|
||||
|
||||
|
@ -1,121 +0,0 @@
|
||||
From c2e035cbcb9a9fb7f89f729bef5b3354891fcdad Mon Sep 17 00:00:00 2001
|
||||
From: Aleksa Sarai <asarai@suse.de>
|
||||
Date: Tue, 12 Mar 2019 18:37:31 +1100
|
||||
Subject: [PATCH] integration-cli: don't build -test images if they already
|
||||
exist
|
||||
|
||||
There's no need to try to re-build the test images if they already
|
||||
exist. This change makes basically no difference to the upstream
|
||||
integration test-suite running, but for users who want to run the
|
||||
integration-cli suite on a host machine (such as distributions doing
|
||||
tests) this change allows images to be pre-loaded such that compilers
|
||||
aren't needed on the test machine.
|
||||
|
||||
However, this does remove the accidental re-compilation of nnp-test, as
|
||||
well as handling errors far more cleanly (previously if an error
|
||||
occurred during a test build, further tests won't attempt to rebuild
|
||||
it).
|
||||
|
||||
SUSE-Bugs: bsc#1128746
|
||||
Signed-off-by: Aleksa Sarai <asarai@suse.de>
|
||||
---
|
||||
.../fixtures_linux_daemon_test.go | 21 +++++++++--------
|
||||
.../internal/test/environment/environment.go | 23 +++++++++++++++++++
|
||||
2 files changed, 35 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/components/engine/integration-cli/fixtures_linux_daemon_test.go b/components/engine/integration-cli/fixtures_linux_daemon_test.go
|
||||
index 5c874ec14b0c..ab152f4a9988 100644
|
||||
--- a/components/engine/integration-cli/fixtures_linux_daemon_test.go
|
||||
+++ b/components/engine/integration-cli/fixtures_linux_daemon_test.go
|
||||
@@ -8,7 +8,6 @@ import (
|
||||
"path/filepath"
|
||||
"runtime"
|
||||
"strings"
|
||||
- "sync"
|
||||
|
||||
"github.com/docker/docker/internal/test/fixtures/load"
|
||||
"github.com/go-check/check"
|
||||
@@ -24,17 +23,13 @@ type logT interface {
|
||||
Logf(string, ...interface{})
|
||||
}
|
||||
|
||||
-var ensureSyscallTestOnce sync.Once
|
||||
-
|
||||
func ensureSyscallTest(c *check.C) {
|
||||
- var doIt bool
|
||||
- ensureSyscallTestOnce.Do(func() {
|
||||
- doIt = true
|
||||
- })
|
||||
- if !doIt {
|
||||
+ defer testEnv.ProtectImage(c, "syscall-test:latest")
|
||||
+
|
||||
+ // If the image already exists, there's nothing left to do.
|
||||
+ if testEnv.HasExistingImage(c, "syscall-test:latest") {
|
||||
return
|
||||
}
|
||||
- defer testEnv.ProtectImage(c, "syscall-test:latest")
|
||||
|
||||
// if no match, must build in docker, which is significantly slower
|
||||
// (slower mostly because of the vfs graphdriver)
|
||||
@@ -93,6 +88,14 @@ func ensureSyscallTestBuild(c *check.C) {
|
||||
|
||||
func ensureNNPTest(c *check.C) {
|
||||
defer testEnv.ProtectImage(c, "nnp-test:latest")
|
||||
+
|
||||
+ // If the image already exists, there's nothing left to do.
|
||||
+ if testEnv.HasExistingImage(c, "nnp-test:latest") {
|
||||
+ return
|
||||
+ }
|
||||
+
|
||||
+ // if no match, must build in docker, which is significantly slower
|
||||
+ // (slower mostly because of the vfs graphdriver)
|
||||
if testEnv.OSType != runtime.GOOS {
|
||||
ensureNNPTestBuild(c)
|
||||
return
|
||||
diff --git a/components/engine/internal/test/environment/environment.go b/components/engine/internal/test/environment/environment.go
|
||||
index 5538d2097e9b..763c08ba4845 100644
|
||||
--- a/components/engine/internal/test/environment/environment.go
|
||||
+++ b/components/engine/internal/test/environment/environment.go
|
||||
@@ -8,9 +8,12 @@ import (
|
||||
"strings"
|
||||
|
||||
"github.com/docker/docker/api/types"
|
||||
+ "github.com/docker/docker/api/types/filters"
|
||||
"github.com/docker/docker/client"
|
||||
+ "github.com/docker/docker/internal/test"
|
||||
"github.com/docker/docker/internal/test/fixtures/load"
|
||||
"github.com/pkg/errors"
|
||||
+ "gotest.tools/assert"
|
||||
)
|
||||
|
||||
// Execution contains information about the current test execution and daemon
|
||||
@@ -151,6 +154,26 @@ func (e *Execution) IsUserNamespace() bool {
|
||||
return root != ""
|
||||
}
|
||||
|
||||
+// HasExistingImage checks whether there is an image with the given reference.
|
||||
+// Note that this is done by filtering and then checking whether there were any
|
||||
+// results -- so ambiguous references might result in false-positives.
|
||||
+func (e *Execution) HasExistingImage(t testingT, reference string) bool {
|
||||
+ if ht, ok := t.(test.HelperT); ok {
|
||||
+ ht.Helper()
|
||||
+ }
|
||||
+ client := e.APIClient()
|
||||
+ filter := filters.NewArgs()
|
||||
+ filter.Add("dangling", "false")
|
||||
+ filter.Add("reference", reference)
|
||||
+ imageList, err := client.ImageList(context.Background(), types.ImageListOptions{
|
||||
+ All: true,
|
||||
+ Filters: filter,
|
||||
+ })
|
||||
+ assert.NilError(t, err, "failed to list images")
|
||||
+
|
||||
+ return len(imageList) > 0
|
||||
+}
|
||||
+
|
||||
// EnsureFrozenImagesLinux loads frozen test images into the daemon
|
||||
// if they aren't already loaded
|
||||
func EnsureFrozenImagesLinux(testEnv *Execution) error {
|
||||
--
|
||||
2.21.0
|
||||
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:a84e46e28a2f23f7303146f650649e6ff18b3dbb96a842d538b6458f63d8a3ce
|
||||
size 9343716
|
3
docker-19.03.0_ce_aeac9490dc54.tar.xz
Normal file
3
docker-19.03.0_ce_aeac9490dc54.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:8987d5663c875fe4dde2e367099fd737902b95c80a8d712d14723bea44e335d8
|
||||
size 9978876
|
@ -1,3 +1,27 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Jul 22 22:13:30 UTC 2019 - Aleksa Sarai <asarai@suse.com>
|
||||
|
||||
- Update to Docker 19.03.0-ce. See upstream changelog in the packaged
|
||||
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1142413
|
||||
- Remove upstreamed patches:
|
||||
- bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch
|
||||
- bsc1001161-0002-cli-add-a-separate-domainname-flag.patch
|
||||
- bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
|
||||
- bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch
|
||||
- Rebase pacthes:
|
||||
* bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
|
||||
* packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
|
||||
* private-registry-0001-Add-private-registry-mirror-support.patch
|
||||
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
|
||||
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jul 17 23:15:33 UTC 2019 - Aleksa Sarai <asarai@suse.com>
|
||||
|
||||
- Move bash-completion to correct location.
|
||||
- Update to Docker 18.09.8-ce. See upstream changelog in the packaged
|
||||
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1142160 CVE-2019-13509
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jun 28 01:21:19 UTC 2019 - Aleksa Sarai <asarai@suse.com>
|
||||
|
||||
|
36
docker.spec
36
docker.spec
@ -42,17 +42,17 @@
|
||||
# helpfully injects into our build environment from the changelog). If you want
|
||||
# to generate a new git_commit_epoch, use this:
|
||||
# $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s'
|
||||
%define git_version 2d0083d657f8
|
||||
%define git_commit_epoch 1561655613
|
||||
%define git_version aeac9490dc54
|
||||
%define git_commit_epoch 1563384968
|
||||
|
||||
# These are the git commits required. We verify them against the source to make
|
||||
# sure we didn't miss anything important when doing upgrades.
|
||||
%define required_containerd 894b81a4b802e4eb2a91d1ce216b8817763c29fb
|
||||
%define required_dockerrunc 425e105d5a03fabd737a126ad93d62a9eeede87f
|
||||
%define required_libnetwork e7933d41e7b206756115aa9df5e0599fc5169742
|
||||
%define required_libnetwork fc5a7d91d54cc98f64fc28f9e288b46a0bee756c
|
||||
|
||||
Name: %{realname}%{name_suffix}
|
||||
Version: 18.09.7_ce
|
||||
Version: 19.03.0_ce
|
||||
Release: 0
|
||||
Summary: The Moby-project Linux container runtime
|
||||
License: Apache-2.0
|
||||
@ -79,19 +79,11 @@ Patch200: secrets-0001-daemon-allow-directory-creation-in-run-secrets.patc
|
||||
Patch201: secrets-0002-SUSE-implement-SUSE-container-secrets.patch
|
||||
# SUSE-BACKPORT: Backport of https://github.com/docker/docker/pull/37353. bsc#1099277
|
||||
Patch401: bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
|
||||
# SUSE-BACKPORT: Backport of https://github.com/docker/cli/pull/1306. boo#1047218
|
||||
Patch402: bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
|
||||
# SUSE-ISSUE: Revert of https://github.com/docker/docker/pull/37907.
|
||||
Patch403: packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
|
||||
# SUSE-BACKPORT: Backport of https://github.com/docker/docker/pull/37302. bsc#1001161
|
||||
Patch404: bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch
|
||||
# SUSE-BACKPORT: Backport of https://github.com/docker/cli/pull/1130. bsc#1001161
|
||||
Patch405: bsc1001161-0002-cli-add-a-separate-domainname-flag.patch
|
||||
Patch402: packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
|
||||
# SUSE-FEATURE: Add support to mirror inofficial/private registries
|
||||
# (https://github.com/docker/docker/pull/34319)
|
||||
Patch500: private-registry-0001-Add-private-registry-mirror-support.patch
|
||||
# SUSE-BACKPORT: Backport of test-only patch https://github.com/moby/moby/pull/38853. bsc1128746
|
||||
Patch900: bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch
|
||||
BuildRequires: audit
|
||||
BuildRequires: bash-completion
|
||||
BuildRequires: ca-certificates
|
||||
@ -141,9 +133,8 @@ Recommends: lvm2 >= 2.2.89
|
||||
Recommends: git-core >= 1.7
|
||||
Conflicts: lxc < 1.0
|
||||
ExcludeArch: s390 ppc
|
||||
# Make sure we build with go 1.10
|
||||
BuildRequires: go-go-md2man
|
||||
BuildRequires: golang(API) = 1.10
|
||||
BuildRequires: golang(API) >= 1.12
|
||||
# KUBIC-SPECIFIC: This was required when upgrading from the original kubic
|
||||
# packaging, when everything was renamed to -kubic. It also is
|
||||
# used to ensure that nothing complains too much when using
|
||||
@ -266,19 +257,12 @@ docker container runtime configuration for kubeadm
|
||||
%endif
|
||||
# bsc#1099277
|
||||
%patch401 -p1
|
||||
# boo#1047218
|
||||
%patch402 -p1
|
||||
# revert upstream
|
||||
%patch403 -p1
|
||||
# bsc#1001161
|
||||
%patch404 -p1
|
||||
%patch405 -p1
|
||||
%patch402 -p1
|
||||
%if "%flavour" == "kubic"
|
||||
# PATCH-SUSE: Mirror patch.
|
||||
%patch500 -p1
|
||||
%endif
|
||||
# bsc#1128746
|
||||
%patch900 -p1
|
||||
|
||||
cp %{SOURCE7} .
|
||||
|
||||
@ -374,7 +358,7 @@ install -Dd -m 0755 \
|
||||
%{buildroot}%{_sysconfdir}/init.d \
|
||||
%{buildroot}%{_sbindir}
|
||||
|
||||
install -D -m0644 components/cli/contrib/completion/bash/docker "%{buildroot}%{_sysconfdir}/bash_completion.d/%{realname}"
|
||||
install -D -m0644 components/cli/contrib/completion/bash/docker "%{buildroot}%{_datarootdir}/bash-completion/completions/%{realname}"
|
||||
install -D -m0644 components/cli/contrib/completion/zsh/_docker "%{buildroot}%{_sysconfdir}/zsh_completion.d/%{realname}"
|
||||
|
||||
#
|
||||
@ -487,11 +471,11 @@ getent group docker >/dev/null || groupadd -r docker
|
||||
|
||||
%files bash-completion
|
||||
%defattr(-,root,root)
|
||||
%config %{_sysconfdir}/bash_completion.d/%{realname}
|
||||
%{_datarootdir}/bash-completion/completions/%{realname}
|
||||
|
||||
%files zsh-completion
|
||||
%defattr(-,root,root)
|
||||
%config %{_sysconfdir}/zsh_completion.d/%{realname}
|
||||
%{_sysconfdir}/zsh_completion.d/%{realname}
|
||||
|
||||
%files test
|
||||
%defattr(-,root,root)
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 6d022d4e08225c2fda686fc0d5febecee2efa864 Mon Sep 17 00:00:00 2001
|
||||
From 33d18d20a806e2541292acb55338dea2065d2501 Mon Sep 17 00:00:00 2001
|
||||
From: Aleksa Sarai <asarai@suse.de>
|
||||
Date: Thu, 29 Nov 2018 20:53:16 +1100
|
||||
Subject: [PATCH] revert "Remove 'docker-' prefix for containerd and runc
|
||||
@ -11,20 +11,19 @@ up-to-date one available for Podman).
|
||||
|
||||
Signed-off-by: Aleksa Sarai <asarai@suse.de>
|
||||
---
|
||||
components/engine/api/swagger.yaml | 4 +--
|
||||
.../builder/builder-next/executor_unix.go | 2 +-
|
||||
components/engine/cmd/dockerd/daemon.go | 36 +++++++------------
|
||||
components/engine/daemon/daemon_unix.go | 6 ++--
|
||||
.../libcontainerd/supervisor/remote_daemon.go | 4 +--
|
||||
.../supervisor/remote_daemon_linux.go | 4 +--
|
||||
.../supervisor/remote_daemon_windows.go | 4 +--
|
||||
7 files changed, 25 insertions(+), 35 deletions(-)
|
||||
components/engine/api/swagger.yaml | 4 ++--
|
||||
components/engine/builder/builder-next/executor_unix.go | 2 +-
|
||||
components/engine/daemon/daemon_unix.go | 6 +++---
|
||||
components/engine/libcontainerd/supervisor/remote_daemon.go | 4 ++--
|
||||
.../engine/libcontainerd/supervisor/remote_daemon_linux.go | 4 ++--
|
||||
.../libcontainerd/supervisor/remote_daemon_windows.go | 4 ++--
|
||||
6 files changed, 12 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/components/engine/api/swagger.yaml b/components/engine/api/swagger.yaml
|
||||
index ca9d29e021de..082e5783ff1f 100644
|
||||
index 6e0bc25b52d6..58f860d22a49 100644
|
||||
--- a/components/engine/api/swagger.yaml
|
||||
+++ b/components/engine/api/swagger.yaml
|
||||
@@ -3866,10 +3866,10 @@ definitions:
|
||||
@@ -3980,10 +3980,10 @@ definitions:
|
||||
$ref: "#/definitions/Runtime"
|
||||
default:
|
||||
runc:
|
||||
@ -38,80 +37,20 @@ index ca9d29e021de..082e5783ff1f 100644
|
||||
path: "/go/bin/runc"
|
||||
custom:
|
||||
diff --git a/components/engine/builder/builder-next/executor_unix.go b/components/engine/builder/builder-next/executor_unix.go
|
||||
index 3a11f8588144..ce4d2d937f9f 100644
|
||||
index 620ffb401de7..dd63779a27d2 100644
|
||||
--- a/components/engine/builder/builder-next/executor_unix.go
|
||||
+++ b/components/engine/builder/builder-next/executor_unix.go
|
||||
@@ -28,7 +28,7 @@ func newExecutor(root, cgroupParent string, net libnetwork.NetworkController) (e
|
||||
@@ -28,7 +28,7 @@ func newExecutor(root, cgroupParent string, net libnetwork.NetworkController, ro
|
||||
}
|
||||
return runcexecutor.New(runcexecutor.Opt{
|
||||
Root: filepath.Join(root, "executor"),
|
||||
- CommandCandidates: []string{"runc"},
|
||||
+ CommandCandidates: []string{"docker-runc", "runc"},
|
||||
DefaultCgroupParent: cgroupParent,
|
||||
}, networkProviders)
|
||||
}
|
||||
diff --git a/components/engine/cmd/dockerd/daemon.go b/components/engine/cmd/dockerd/daemon.go
|
||||
index 839537316af4..05922e6418d0 100644
|
||||
--- a/components/engine/cmd/dockerd/daemon.go
|
||||
+++ b/components/engine/cmd/dockerd/daemon.go
|
||||
@@ -10,7 +10,6 @@ import (
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
- containerddefaults "github.com/containerd/containerd/defaults"
|
||||
"github.com/docker/distribution/uuid"
|
||||
"github.com/docker/docker/api"
|
||||
apiserver "github.com/docker/docker/api/server"
|
||||
@@ -141,25 +140,21 @@ func (cli *DaemonCli) start(opts *daemonOptions) (err error) {
|
||||
|
||||
ctx, cancel := context.WithCancel(context.Background())
|
||||
if cli.Config.ContainerdAddr == "" && runtime.GOOS != "windows" {
|
||||
- if !systemContainerdRunning() {
|
||||
- opts, err := cli.getContainerdDaemonOpts()
|
||||
- if err != nil {
|
||||
- cancel()
|
||||
- return fmt.Errorf("Failed to generate containerd options: %v", err)
|
||||
- }
|
||||
-
|
||||
- r, err := supervisor.Start(ctx, filepath.Join(cli.Config.Root, "containerd"), filepath.Join(cli.Config.ExecRoot, "containerd"), opts...)
|
||||
- if err != nil {
|
||||
- cancel()
|
||||
- return fmt.Errorf("Failed to start containerd: %v", err)
|
||||
- }
|
||||
- cli.Config.ContainerdAddr = r.Address()
|
||||
+ opts, err := cli.getContainerdDaemonOpts()
|
||||
+ if err != nil {
|
||||
+ cancel()
|
||||
+ return fmt.Errorf("Failed to generate containerd options: %v", err)
|
||||
+ }
|
||||
|
||||
- // Try to wait for containerd to shutdown
|
||||
- defer r.WaitTimeout(10 * time.Second)
|
||||
- } else {
|
||||
- cli.Config.ContainerdAddr = containerddefaults.DefaultAddress
|
||||
+ r, err := supervisor.Start(ctx, filepath.Join(cli.Config.Root, "containerd"), filepath.Join(cli.Config.ExecRoot, "containerd"), opts...)
|
||||
+ if err != nil {
|
||||
+ cancel()
|
||||
+ return fmt.Errorf("Failed to start containerd: %v", err)
|
||||
}
|
||||
+ cli.Config.ContainerdAddr = r.Address()
|
||||
+
|
||||
+ // Try to wait for containerd to shutdown
|
||||
+ defer r.WaitTimeout(10 * time.Second)
|
||||
}
|
||||
defer cancel()
|
||||
|
||||
@@ -665,8 +660,3 @@ func validateAuthzPlugins(requestedPlugins []string, pg plugingetter.PluginGette
|
||||
}
|
||||
return nil
|
||||
}
|
||||
-
|
||||
-func systemContainerdRunning() bool {
|
||||
- _, err := os.Lstat(containerddefaults.DefaultAddress)
|
||||
- return err == nil
|
||||
-}
|
||||
Rootless: rootless,
|
||||
NoPivot: os.Getenv("DOCKER_RAMDISK") != "",
|
||||
diff --git a/components/engine/daemon/daemon_unix.go b/components/engine/daemon/daemon_unix.go
|
||||
index 5234201c828f..c40d11bc85c2 100644
|
||||
index df64de6edf13..fa9bfb528414 100644
|
||||
--- a/components/engine/daemon/daemon_unix.go
|
||||
+++ b/components/engine/daemon/daemon_unix.go
|
||||
@@ -54,11 +54,11 @@ import (
|
||||
@ -128,7 +67,7 @@ index 5234201c828f..c40d11bc85c2 100644
|
||||
|
||||
// See https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/tree/kernel/sched/sched.h?id=8cd9234c64c584432f6992fe944ca9e46ca8ea76#n269
|
||||
linuxMinCPUShares = 2
|
||||
@@ -76,7 +76,7 @@ const (
|
||||
@@ -77,7 +77,7 @@ const (
|
||||
|
||||
// DefaultRuntimeName is the default runtime to be used by
|
||||
// containerd if none is specified
|
||||
@ -138,7 +77,7 @@ index 5234201c828f..c40d11bc85c2 100644
|
||||
|
||||
type containerGetter interface {
|
||||
diff --git a/components/engine/libcontainerd/supervisor/remote_daemon.go b/components/engine/libcontainerd/supervisor/remote_daemon.go
|
||||
index eb9a2bdd8198..309f50f26bb2 100644
|
||||
index 31b93f11f0b1..5fba7f29eff9 100644
|
||||
--- a/components/engine/libcontainerd/supervisor/remote_daemon.go
|
||||
+++ b/components/engine/libcontainerd/supervisor/remote_daemon.go
|
||||
@@ -27,8 +27,8 @@ const (
|
||||
@ -183,5 +122,5 @@ index 9b254ef58a0a..bcdc9529e0f7 100644
|
||||
|
||||
func (r *remote) setDefaults() {
|
||||
--
|
||||
2.21.0
|
||||
2.22.0
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 2a00f998e1e081a9f72f0ba81403dceea252c6a1 Mon Sep 17 00:00:00 2001
|
||||
From 69d43a9550cdedf86b0d4b29e9d737af90221109 Mon Sep 17 00:00:00 2001
|
||||
From: Valentin Rothberg <vrothberg@suse.com>
|
||||
Date: Mon, 2 Jul 2018 13:37:34 +0200
|
||||
Subject: [PATCH] Add private-registry mirror support
|
||||
@ -72,12 +72,12 @@ Signed-off-by: Aleksa Sarai <asarai@suse.de>
|
||||
components/engine/distribution/pull.go | 2 +-
|
||||
components/engine/distribution/pull_v2.go | 2 +-
|
||||
components/engine/distribution/push.go | 2 +-
|
||||
components/engine/registry/config.go | 120 ++++++++++++++-
|
||||
components/engine/registry/config.go | 124 ++++++++++++++-
|
||||
components/engine/registry/config_test.go | 136 +++++++++++++++++
|
||||
components/engine/registry/registry_test.go | 91 ++++++++++-
|
||||
components/engine/registry/service.go | 56 ++++---
|
||||
components/engine/registry/service.go | 45 ++++--
|
||||
components/engine/registry/service_v2.go | 66 +++++---
|
||||
12 files changed, 705 insertions(+), 46 deletions(-)
|
||||
12 files changed, 697 insertions(+), 47 deletions(-)
|
||||
|
||||
diff --git a/components/engine/api/types/registry/registry.go b/components/engine/api/types/registry/registry.go
|
||||
index 8789ad3b3210..c663fec7d881 100644
|
||||
@ -243,10 +243,10 @@ index 8789ad3b3210..c663fec7d881 100644
|
||||
|
||||
// NetIPNet is the net.IPNet type, which can be marshalled and
|
||||
diff --git a/components/engine/daemon/config/config.go b/components/engine/daemon/config/config.go
|
||||
index 8b2c844a579f..e61940661c70 100644
|
||||
index 80ecbbd9550d..8ce69714d9bf 100644
|
||||
--- a/components/engine/daemon/config/config.go
|
||||
+++ b/components/engine/daemon/config/config.go
|
||||
@@ -470,6 +470,10 @@ func findConfigurationConflicts(config map[string]interface{}, flags *pflag.Flag
|
||||
@@ -467,6 +467,10 @@ func findConfigurationConflicts(config map[string]interface{}, flags *pflag.Flag
|
||||
// 1. Search keys from the file that we don't recognize as flags.
|
||||
unknownKeys := make(map[string]interface{})
|
||||
for key, value := range config {
|
||||
@ -258,7 +258,7 @@ index 8b2c844a579f..e61940661c70 100644
|
||||
unknownKeys[key] = value
|
||||
}
|
||||
diff --git a/components/engine/daemon/reload.go b/components/engine/daemon/reload.go
|
||||
index 026d7dd517f7..924c3982cd2a 100644
|
||||
index a31dd0cb87c1..99cc4a65a79d 100644
|
||||
--- a/components/engine/daemon/reload.go
|
||||
+++ b/components/engine/daemon/reload.go
|
||||
@@ -21,8 +21,14 @@ import (
|
||||
@ -286,7 +286,7 @@ index 026d7dd517f7..924c3982cd2a 100644
|
||||
return daemon.reloadNetworkDiagnosticPort(conf, attributes)
|
||||
}
|
||||
|
||||
@@ -294,6 +303,30 @@ func (daemon *Daemon) reloadRegistryMirrors(conf *config.Config, attributes map[
|
||||
@@ -295,6 +304,30 @@ func (daemon *Daemon) reloadRegistryMirrors(conf *config.Config, attributes map[
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -314,7 +314,7 @@ index 026d7dd517f7..924c3982cd2a 100644
|
||||
+ return nil
|
||||
+}
|
||||
+
|
||||
// reloadLiveRestore updates configuration with live retore option
|
||||
// reloadLiveRestore updates configuration with live restore option
|
||||
// and updates the passed attributes
|
||||
func (daemon *Daemon) reloadLiveRestore(conf *config.Config, attributes map[string]string) error {
|
||||
diff --git a/components/engine/daemon/reload_test.go b/components/engine/daemon/reload_test.go
|
||||
@ -431,10 +431,10 @@ index ffad297f71b7..21733c3f1e33 100644
|
||||
daemon := &Daemon{
|
||||
imageService: images.NewImageService(images.ImageServiceConfig{}),
|
||||
diff --git a/components/engine/distribution/pull.go b/components/engine/distribution/pull.go
|
||||
index 5de73ae99ac3..8e78c49273dd 100644
|
||||
index be366ce4a99b..49e0d0352778 100644
|
||||
--- a/components/engine/distribution/pull.go
|
||||
+++ b/components/engine/distribution/pull.go
|
||||
@@ -63,7 +63,7 @@ func Pull(ctx context.Context, ref reference.Named, imagePullConfig *ImagePullCo
|
||||
@@ -58,7 +58,7 @@ func Pull(ctx context.Context, ref reference.Named, imagePullConfig *ImagePullCo
|
||||
return err
|
||||
}
|
||||
|
||||
@ -444,7 +444,7 @@ index 5de73ae99ac3..8e78c49273dd 100644
|
||||
return err
|
||||
}
|
||||
diff --git a/components/engine/distribution/pull_v2.go b/components/engine/distribution/pull_v2.go
|
||||
index 8f05cfa0b289..a562477ea6cd 100644
|
||||
index dd91ff2157b1..2640f6134e5d 100644
|
||||
--- a/components/engine/distribution/pull_v2.go
|
||||
+++ b/components/engine/distribution/pull_v2.go
|
||||
@@ -379,7 +379,7 @@ func (p *v2Puller) pullV2Tag(ctx context.Context, ref reference.Named, platform
|
||||
@ -457,10 +457,10 @@ index 8f05cfa0b289..a562477ea6cd 100644
|
||||
|
||||
var (
|
||||
diff --git a/components/engine/distribution/push.go b/components/engine/distribution/push.go
|
||||
index eb3bc5597462..a4624dee9482 100644
|
||||
index 5617a4c95f49..0a24aebed968 100644
|
||||
--- a/components/engine/distribution/push.go
|
||||
+++ b/components/engine/distribution/push.go
|
||||
@@ -64,7 +64,7 @@ func Push(ctx context.Context, ref reference.Named, imagePushConfig *ImagePushCo
|
||||
@@ -58,7 +58,7 @@ func Push(ctx context.Context, ref reference.Named, imagePushConfig *ImagePushCo
|
||||
return err
|
||||
}
|
||||
|
||||
@ -470,29 +470,27 @@ index eb3bc5597462..a4624dee9482 100644
|
||||
return err
|
||||
}
|
||||
diff --git a/components/engine/registry/config.go b/components/engine/registry/config.go
|
||||
index de5a526b694d..cf90abb8be04 100644
|
||||
index 6bb9258c9b6f..f1945237d235 100644
|
||||
--- a/components/engine/registry/config.go
|
||||
+++ b/components/engine/registry/config.go
|
||||
@@ -14,7 +14,7 @@ import (
|
||||
@@ -14,11 +14,12 @@ import (
|
||||
"github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
-// ServiceOptions holds command line options.
|
||||
+// ServiceOptions holds the user-specified configuration options.
|
||||
type ServiceOptions struct {
|
||||
AllowNondistributableArtifacts []string `json:"allow-nondistributable-artifacts,omitempty"`
|
||||
Mirrors []string `json:"registry-mirrors,omitempty"`
|
||||
@@ -23,6 +23,9 @@ type ServiceOptions struct {
|
||||
// V2Only controls access to legacy registries. If it is set to true via the
|
||||
// command line flag the daemon will not attempt to contact v1 legacy registries
|
||||
V2Only bool `json:"disable-legacy-registry,omitempty"`
|
||||
+
|
||||
+ // Registries holds information associated with the specified registries.
|
||||
+ Registries []registrytypes.Registry `json:"registries,omitempty"`
|
||||
- AllowNondistributableArtifacts []string `json:"allow-nondistributable-artifacts,omitempty"`
|
||||
- Mirrors []string `json:"registry-mirrors,omitempty"`
|
||||
- InsecureRegistries []string `json:"insecure-registries,omitempty"`
|
||||
+ AllowNondistributableArtifacts []string `json:"allow-nondistributable-artifacts,omitempty"`
|
||||
+ Mirrors []string `json:"registry-mirrors,omitempty"`
|
||||
+ InsecureRegistries []string `json:"insecure-registries,omitempty"`
|
||||
+ Registries []registrytypes.Registry `json:"registries,omitempty"`
|
||||
}
|
||||
|
||||
// serviceConfig holds daemon configuration for the registry service.
|
||||
@@ -67,8 +70,21 @@ var (
|
||||
@@ -62,8 +63,21 @@ var (
|
||||
// for mocking in unit tests
|
||||
var lookupIP = net.LookupIP
|
||||
|
||||
@ -514,7 +512,7 @@ index de5a526b694d..cf90abb8be04 100644
|
||||
config := &serviceConfig{
|
||||
ServiceConfig: registrytypes.ServiceConfig{
|
||||
InsecureRegistryCIDRs: make([]*registrytypes.NetIPNet, 0),
|
||||
@@ -87,10 +103,104 @@ func newServiceConfig(options ServiceOptions) (*serviceConfig, error) {
|
||||
@@ -81,10 +95,104 @@ func newServiceConfig(options ServiceOptions) (*serviceConfig, error) {
|
||||
if err := config.LoadInsecureRegistries(options.InsecureRegistries); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -619,7 +617,7 @@ index de5a526b694d..cf90abb8be04 100644
|
||||
// LoadAllowNondistributableArtifacts loads allow-nondistributable-artifacts registries into config.
|
||||
func (config *serviceConfig) LoadAllowNondistributableArtifacts(registries []string) error {
|
||||
cidrs := map[string]*registrytypes.NetIPNet{}
|
||||
@@ -131,6 +241,10 @@ func (config *serviceConfig) LoadAllowNondistributableArtifacts(registries []str
|
||||
@@ -125,6 +233,10 @@ func (config *serviceConfig) LoadAllowNondistributableArtifacts(registries []str
|
||||
// LoadMirrors loads mirrors to config, after removing duplicates.
|
||||
// Returns an error if mirrors contains an invalid mirror.
|
||||
func (config *serviceConfig) LoadMirrors(mirrors []string) error {
|
||||
@ -630,7 +628,7 @@ index de5a526b694d..cf90abb8be04 100644
|
||||
mMap := map[string]struct{}{}
|
||||
unique := []string{}
|
||||
|
||||
@@ -160,6 +274,10 @@ func (config *serviceConfig) LoadMirrors(mirrors []string) error {
|
||||
@@ -154,6 +266,10 @@ func (config *serviceConfig) LoadMirrors(mirrors []string) error {
|
||||
|
||||
// LoadInsecureRegistries loads insecure registries to config
|
||||
func (config *serviceConfig) LoadInsecureRegistries(registries []string) error {
|
||||
@ -921,7 +919,7 @@ index b7459471b3f6..1e0d53e7dc21 100644
|
||||
|
||||
func TestPushRegistryTag(t *testing.T) {
|
||||
diff --git a/components/engine/registry/service.go b/components/engine/registry/service.go
|
||||
index b441970ff170..b3c1ee21f383 100644
|
||||
index 08f5c7a4e12c..ee0c97a8a21b 100644
|
||||
--- a/components/engine/registry/service.go
|
||||
+++ b/components/engine/registry/service.go
|
||||
@@ -8,7 +8,7 @@ import (
|
||||
@ -1031,33 +1029,8 @@ index b441970ff170..b3c1ee21f383 100644
|
||||
if err == nil {
|
||||
for _, endpoint := range allEndpoints {
|
||||
if !endpoint.Mirror {
|
||||
@@ -308,8 +323,8 @@ func (s *DefaultService) LookupPushEndpoints(hostname string) (endpoints []APIEn
|
||||
return endpoints, err
|
||||
}
|
||||
|
||||
-func (s *DefaultService) lookupEndpoints(hostname string) (endpoints []APIEndpoint, err error) {
|
||||
- endpoints, err = s.lookupV2Endpoints(hostname)
|
||||
+func (s *DefaultService) lookupEndpoints(reference string) (endpoints []APIEndpoint, err error) {
|
||||
+ endpoints, err = s.lookupV2Endpoints(reference)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -318,6 +333,13 @@ func (s *DefaultService) lookupEndpoints(hostname string) (endpoints []APIEndpoi
|
||||
return endpoints, nil
|
||||
}
|
||||
|
||||
+ // When falling back to V1 endpoints, switch to the hostname
|
||||
+ ref, err := dref.ParseNamed(reference)
|
||||
+ if err != nil {
|
||||
+ return nil, err
|
||||
+ }
|
||||
+ hostname := dref.Domain(ref)
|
||||
+
|
||||
legacyEndpoints, err := s.lookupV1Endpoints(hostname)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
diff --git a/components/engine/registry/service_v2.go b/components/engine/registry/service_v2.go
|
||||
index 3a56dc91145a..9de221cf2aa0 100644
|
||||
index 1a4c9e310547..efebb4f41486 100644
|
||||
--- a/components/engine/registry/service_v2.go
|
||||
+++ b/components/engine/registry/service_v2.go
|
||||
@@ -1,30 +1,51 @@
|
||||
@ -1160,5 +1133,5 @@ index 3a56dc91145a..9de221cf2aa0 100644
|
||||
|
||||
endpoints = []APIEndpoint{
|
||||
--
|
||||
2.21.0
|
||||
2.22.0
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 6603582112f42cd00b84d62a5412f2380e55d7e3 Mon Sep 17 00:00:00 2001
|
||||
From 47b241f184e61474957c4ffb8a3dcbaa543eadb9 Mon Sep 17 00:00:00 2001
|
||||
From: Aleksa Sarai <asarai@suse.de>
|
||||
Date: Wed, 8 Mar 2017 12:41:54 +1100
|
||||
Subject: [PATCH 1/2] daemon: allow directory creation in /run/secrets
|
||||
@ -14,7 +14,7 @@ Signed-off-by: Aleksa Sarai <asarai@suse.de>
|
||||
1 file changed, 21 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/components/engine/daemon/container_operations_unix.go b/components/engine/daemon/container_operations_unix.go
|
||||
index c0aab7234269..8d8b13d26cff 100644
|
||||
index 3fcdc1913bed..4920def81a7e 100644
|
||||
--- a/components/engine/daemon/container_operations_unix.go
|
||||
+++ b/components/engine/daemon/container_operations_unix.go
|
||||
@@ -3,6 +3,7 @@
|
||||
@ -70,5 +70,5 @@ index c0aab7234269..8d8b13d26cff 100644
|
||||
return errors.Wrap(err, "error setting ownership for secret")
|
||||
}
|
||||
--
|
||||
2.21.0
|
||||
2.22.0
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 3eabc382912eeb475013b5514412968dfa300d63 Mon Sep 17 00:00:00 2001
|
||||
From 80072183953f8cf6fcef6b5e65e609e833dd9fb8 Mon Sep 17 00:00:00 2001
|
||||
From: Aleksa Sarai <asarai@suse.de>
|
||||
Date: Wed, 8 Mar 2017 11:43:29 +1100
|
||||
Subject: [PATCH 2/2] SUSE: implement SUSE container secrets
|
||||
@ -19,7 +19,7 @@ Signed-off-by: Aleksa Sarai <asarai@suse.de>
|
||||
create mode 100644 components/engine/daemon/suse_secrets.go
|
||||
|
||||
diff --git a/components/engine/daemon/start.go b/components/engine/daemon/start.go
|
||||
index e2265a4faeca..31b60e5621c6 100644
|
||||
index 57a7267b7cbb..46c3a603554f 100644
|
||||
--- a/components/engine/daemon/start.go
|
||||
+++ b/components/engine/daemon/start.go
|
||||
@@ -151,6 +151,11 @@ func (daemon *Daemon) containerStart(container *container.Container, checkpoint
|
||||
@ -437,5 +437,5 @@ index 000000000000..087c877015a7
|
||||
+ return nil
|
||||
+}
|
||||
--
|
||||
2.21.0
|
||||
2.22.0
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user