Accepting request 396998 from Virtualization:containers

- Fix udev files ownership (forwarded request 396996 from jordimassaguerpla)

OBS-URL: https://build.opensuse.org/request/show/396998
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=34

bnc964673-boltdb-metadata-recovery.patch

@@ -0,0 +1,95 @@
+From 8f0e47cee034cdc08ca515d98a6733130908fc26 Mon Sep 17 00:00:00 2001
+From: Aleksa Sarai <asarai@suse.de>
+Date: Mon, 16 May 2016 23:53:46 +1000
+Subject: [PATCH] db: fix recovery from unsynced metadata
+
+Bolt stores the two latest transactions' metadata, but previously did
+not recover from validation failures in the latest by using the second
+latest. Fix this by correctly handling validation failures in db.go, as
+well as returning the metadata with highest txid which is also valid in
+DB.meta().
+
+Signed-off-by: Aleksa Sarai <asarai@suse.de>
+---
+ vendor/src/github.com/boltdb/bolt/db.go | 49 +++++++++++++++++++++++++--------
+ 1 file changed, 38 insertions(+), 11 deletions(-)
+
+diff --git a/vendor/src/github.com/boltdb/bolt/db.go b/vendor/src/github.com/boltdb/bolt/db.go
+index 501d36aac24a..f713485ffab6 100644
+--- a/vendor/src/github.com/boltdb/bolt/db.go
++++ b/vendor/src/github.com/boltdb/bolt/db.go
+@@ -200,9 +200,15 @@ func Open(path string, mode os.FileMode, options *Options) (*DB, error) {
+ 		if _, err := db.file.ReadAt(buf[:], 0); err == nil {
+ 			m := db.pageInBuffer(buf[:], 0).meta()
+ 			if err := m.validate(); err != nil {
+-				return nil, err
++				// If we can't read the page size, we can assume it's the same
++				// as the OS -- since that's how the page size was chosen in the
++				// first place.
++				// XXX: Does this cause issues with opening a database on a
++				//      different OS than the one it was created on?
++				db.pageSize = os.Getpagesize()
++			} else {
++				db.pageSize = int(m.pageSize)
+ 			}
+-			db.pageSize = int(m.pageSize)
+ 		}
+ 	}
+ 
+@@ -262,12 +268,13 @@ func (db *DB) mmap(minsz int) error {
+ 	db.meta0 = db.page(0).meta()
+ 	db.meta1 = db.page(1).meta()
+ 
+-	// Validate the meta pages.
+-	if err := db.meta0.validate(); err != nil {
+-		return err
+-	}
+-	if err := db.meta1.validate(); err != nil {
+-		return err
++	// Validate the meta pages. We only return an error if both meta pages fail
++	// validation, since meta0 failing validation means that it wasn't saved
++	// properly -- but we can recover using meta1. And vice-versa.
++	err0 := db.meta0.validate()
++	err1 := db.meta1.validate()
++	if err0 != nil && err1 != nil {
++		return fmt.Errorf("meta0(%v) meta1(%v)", err0, err1)
+ 	}
+ 
+ 	return nil
+@@ -778,10 +785,30 @@ func (db *DB) pageInBuffer(b []byte, id pgid) *page {
+ 
+ // meta retrieves the current meta page reference.
+ func (db *DB) meta() *meta {
+-	if db.meta0.txid > db.meta1.txid {
+-		return db.meta0
++	// We have to return the meta with the highest txid which doesn't fail
++	// validation. Otherwise, we can cause errors when in fact the database is
++	// in a consistent state. metaA is the one with the higher txid.
++	metaA := db.meta0
++	metaB := db.meta1
++	if db.meta1.txid > db.meta0.txid {
++		metaA = db.meta1
++		metaB = db.meta0
+ 	}
+-	return db.meta1
++
++	errA := metaA.validate()
++	errB := metaB.validate()
++
++	if errA == nil {
++		return metaA
++	}
++
++	if errB == nil {
++		return metaB
++	}
++
++	// This should never be reached, because both meta1 and meta0 were validated
++	// on mmap() and we do fsync() on every write.
++	panic("both meta0 and meta1 could not be validated in DB.meta()!")
+ }
+ 
+ // allocate returns a contiguous block of memory starting at a given page.
+-- 
+2.8.2
+

docker.changes

@@ -1,3 +1,23 @@
+-------------------------------------------------------------------
+Fri May 20 10:26:39 UTC 2016 - jmassaguerpla@suse.com
+
+- Fix udev files ownership 
+
+-------------------------------------------------------------------
+Wed May 18 14:21:09 UTC 2016 - asarai@suse.de
+
+* Make sure we *always* build unstripped Go binaries.
+
+-------------------------------------------------------------------
+Mon May 16 13:55:07 UTC 2016 - asarai@suse.de
+
+* Add a patch to fix database soft corruption issues if the Docker dameon dies
+  in a bad state. There is a PR upstream to vendor Docker to have this fix as
+  well, but it probably won't get in until 1.11.2. bnc#964673
+  (https://github.com/docker/docker/pull/22765)
+
+  + bnc964673-boltdb-metadata-recovery.patch
+
 -------------------------------------------------------------------
 Mon May  2 07:40:22 UTC 2016 - asarai@suse.de
 

docker.spec

@@ -57,6 +57,11 @@ Patch103:       netlink_netns_powerpc.patch
 # This fixes bsc#976777. While the fix is upstream, it isn't in Docker 1.10.3 or
 # Docker 1.11.0. This patch was squashed and cherry-picked from runc#708.
 Patch301:       cve-2016-3697-numeric-uid.patch
+# This fixes bnc#964673. This fix is in boltdb upstream, but has yet to be
+# merged into Docker (in a vendor commit). This patch was cherry-picked from
+# bolt#555.
+Patch302:       bnc964673-boltdb-metadata-recovery.patch
+Requires(post): udev
 BuildRequires:  audit
 BuildRequires:  bash-completion
 BuildRequires:  device-mapper-devel >= 1.2.68
@@ -100,6 +105,13 @@ ExcludeArch:    s390x
 %endif
 ExcludeArch:    ppc
 
+# It's a bad idea to strip Go binaries (apart from making debugging impossible,
+# it also is known to cause some interesting runtime bugs). However, rpmbuild
+# will strip your binaries if it is creating debuginfo packages (as well as
+# doing it by default). So we have to manually disable both of these things.
+%undefine _build_create_debug
+%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
+
 %description
 Docker complements LXC with a high-level API which operates at the process
 level. It runs unix processes with strong guarantees of isolation and
@@ -167,6 +179,8 @@ Test package for docker. It contains the source code and the tests.
 %endif
 # bsc#976777
 %patch301 -p1
+# bnc#964673
+%patch302 -p1
 cp %{SOURCE7} .
 
 %build