Accepting request 867701 from home:cyphar:docker:bsc1065609

- Re-apply secrets fix for bsc#1065609 which appears to have been lost after it
  was fixed.
  * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
  * secrets-0002-SUSE-implement-SUSE-container-secrets.patch

OBS-URL: https://build.opensuse.org/request/show/867701
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=351
This commit is contained in:
Aleksa Sarai 2021-01-29 12:20:18 +00:00 committed by Git OBS Bridge
parent 0bc9ef6865
commit 1d083259ee
3 changed files with 30 additions and 12 deletions

View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Fri Jan 29 11:54:53 UTC 2021 - Aleksa Sarai <asarai@suse.com>
- Re-apply secrets fix for bsc#1065609 which appears to have been lost after it
was fixed.
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
-------------------------------------------------------------------
Wed Dec 23 06:40:46 UTC 2020 - Aleksa Sarai <asarai@suse.com>

View File

@ -70,5 +70,5 @@ index 3fcdc1913bed..4920def81a7e 100644
return errors.Wrap(err, "error setting ownership for secret")
}
--
2.22.0
2.30.0

View File

@ -1,4 +1,4 @@
From 80072183953f8cf6fcef6b5e65e609e833dd9fb8 Mon Sep 17 00:00:00 2001
From 3b3a583ef0704d1a83d172c8a996b1d536e2839b Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Wed, 8 Mar 2017 11:43:29 +1100
Subject: [PATCH 2/2] SUSE: implement SUSE container secrets
@ -10,12 +10,12 @@ THIS PATCH IS NOT TO BE UPSTREAMED, DUE TO THE FACT THAT IT IS
SUSE-SPECIFIC, AND UPSTREAM DOES NOT APPROVE OF THIS CONCEPT BECAUSE IT
MAKES BUILDS NOT ENTIRELY REPRODUCIBLE.
SUSE-Bugs: bsc#1057743 bsc#1055676 bsc#1030702
SUSE-Bugs: bsc#1065609 bsc#1057743 bsc#1055676 bsc#1030702
Signed-off-by: Aleksa Sarai <asarai@suse.de>
---
components/engine/daemon/start.go | 5 +
components/engine/daemon/suse_secrets.go | 396 +++++++++++++++++++++++
2 files changed, 401 insertions(+)
components/engine/daemon/suse_secrets.go | 406 +++++++++++++++++++++++
2 files changed, 411 insertions(+)
create mode 100644 components/engine/daemon/suse_secrets.go
diff --git a/components/engine/daemon/start.go b/components/engine/daemon/start.go
@ -36,10 +36,10 @@ index 57a7267b7cbb..46c3a603554f 100644
return errdefs.System(err)
diff --git a/components/engine/daemon/suse_secrets.go b/components/engine/daemon/suse_secrets.go
new file mode 100644
index 000000000000..087c877015a7
index 000000000000..e8de931cb7ca
--- /dev/null
+++ b/components/engine/daemon/suse_secrets.go
@@ -0,0 +1,396 @@
@@ -0,0 +1,406 @@
+/*
+ * suse-secrets: patch for Docker to implement SUSE secrets
+ * Copyright (C) 2017 SUSE LLC.
@ -145,9 +145,14 @@ index 000000000000..087c877015a7
+ path := filepath.Join(prefix, dir)
+ fi, err := os.Stat(path)
+ if err != nil {
+ // Ignore dangling symlinks.
+ // Ignore missing files.
+ if os.IsNotExist(err) {
+ logrus.Warnf("SUSE:secrets :: dangling symlink: %s", path)
+ // If the path itself exists it was a dangling symlink so give a
+ // warning about the dangling symlink.
+ _, err2 := os.Lstat(path)
+ if !os.IsNotExist(err2) {
+ logrus.Warnf("SUSE:secrets :: ignoring dangling symlink: %s", path)
+ }
+ return nil, nil
+ }
+ return nil, err
@ -261,9 +266,14 @@ index 000000000000..087c877015a7
+ path := filepath.Join(prefix, file)
+ fi, err := os.Stat(path)
+ if err != nil {
+ // Ignore dangling symlinks.
+ // Ignore missing files.
+ if os.IsNotExist(err) {
+ logrus.Warnf("SUSE:secrets :: dangling symlink: %s", path)
+ // If the path itself exists it was a dangling symlink so give a
+ // warning about the dangling symlink.
+ _, err2 := os.Lstat(path)
+ if !os.IsNotExist(err2) {
+ logrus.Warnf("SUSE:secrets :: ignoring dangling symlink: %s", path)
+ }
+ return nil, nil
+ }
+ return nil, err
@ -437,5 +447,5 @@ index 000000000000..087c877015a7
+ return nil
+}
--
2.22.0
2.30.0