Accepting request 396998 from Virtualization:containers

- Fix udev files ownership (forwarded request 396996 from jordimassaguerpla)

OBS-URL: https://build.opensuse.org/request/show/396998
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=34
This commit is contained in:
Dominique Leuenberger 2016-05-23 14:39:11 +00:00 committed by Git OBS Bridge
commit 2175f52e62
3 changed files with 129 additions and 0 deletions

View File

@ -0,0 +1,95 @@
From 8f0e47cee034cdc08ca515d98a6733130908fc26 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Mon, 16 May 2016 23:53:46 +1000
Subject: [PATCH] db: fix recovery from unsynced metadata
Bolt stores the two latest transactions' metadata, but previously did
not recover from validation failures in the latest by using the second
latest. Fix this by correctly handling validation failures in db.go, as
well as returning the metadata with highest txid which is also valid in
DB.meta().
Signed-off-by: Aleksa Sarai <asarai@suse.de>
---
vendor/src/github.com/boltdb/bolt/db.go | 49 +++++++++++++++++++++++++--------
1 file changed, 38 insertions(+), 11 deletions(-)
diff --git a/vendor/src/github.com/boltdb/bolt/db.go b/vendor/src/github.com/boltdb/bolt/db.go
index 501d36aac24a..f713485ffab6 100644
--- a/vendor/src/github.com/boltdb/bolt/db.go
+++ b/vendor/src/github.com/boltdb/bolt/db.go
@@ -200,9 +200,15 @@ func Open(path string, mode os.FileMode, options *Options) (*DB, error) {
if _, err := db.file.ReadAt(buf[:], 0); err == nil {
m := db.pageInBuffer(buf[:], 0).meta()
if err := m.validate(); err != nil {
- return nil, err
+ // If we can't read the page size, we can assume it's the same
+ // as the OS -- since that's how the page size was chosen in the
+ // first place.
+ // XXX: Does this cause issues with opening a database on a
+ // different OS than the one it was created on?
+ db.pageSize = os.Getpagesize()
+ } else {
+ db.pageSize = int(m.pageSize)
}
- db.pageSize = int(m.pageSize)
}
}
@@ -262,12 +268,13 @@ func (db *DB) mmap(minsz int) error {
db.meta0 = db.page(0).meta()
db.meta1 = db.page(1).meta()
- // Validate the meta pages.
- if err := db.meta0.validate(); err != nil {
- return err
- }
- if err := db.meta1.validate(); err != nil {
- return err
+ // Validate the meta pages. We only return an error if both meta pages fail
+ // validation, since meta0 failing validation means that it wasn't saved
+ // properly -- but we can recover using meta1. And vice-versa.
+ err0 := db.meta0.validate()
+ err1 := db.meta1.validate()
+ if err0 != nil && err1 != nil {
+ return fmt.Errorf("meta0(%v) meta1(%v)", err0, err1)
}
return nil
@@ -778,10 +785,30 @@ func (db *DB) pageInBuffer(b []byte, id pgid) *page {
// meta retrieves the current meta page reference.
func (db *DB) meta() *meta {
- if db.meta0.txid > db.meta1.txid {
- return db.meta0
+ // We have to return the meta with the highest txid which doesn't fail
+ // validation. Otherwise, we can cause errors when in fact the database is
+ // in a consistent state. metaA is the one with the higher txid.
+ metaA := db.meta0
+ metaB := db.meta1
+ if db.meta1.txid > db.meta0.txid {
+ metaA = db.meta1
+ metaB = db.meta0
}
- return db.meta1
+
+ errA := metaA.validate()
+ errB := metaB.validate()
+
+ if errA == nil {
+ return metaA
+ }
+
+ if errB == nil {
+ return metaB
+ }
+
+ // This should never be reached, because both meta1 and meta0 were validated
+ // on mmap() and we do fsync() on every write.
+ panic("both meta0 and meta1 could not be validated in DB.meta()!")
}
// allocate returns a contiguous block of memory starting at a given page.
--
2.8.2

View File

@ -1,3 +1,23 @@
-------------------------------------------------------------------
Fri May 20 10:26:39 UTC 2016 - jmassaguerpla@suse.com
- Fix udev files ownership
-------------------------------------------------------------------
Wed May 18 14:21:09 UTC 2016 - asarai@suse.de
* Make sure we *always* build unstripped Go binaries.
-------------------------------------------------------------------
Mon May 16 13:55:07 UTC 2016 - asarai@suse.de
* Add a patch to fix database soft corruption issues if the Docker dameon dies
in a bad state. There is a PR upstream to vendor Docker to have this fix as
well, but it probably won't get in until 1.11.2. bnc#964673
(https://github.com/docker/docker/pull/22765)
+ bnc964673-boltdb-metadata-recovery.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Mon May 2 07:40:22 UTC 2016 - asarai@suse.de Mon May 2 07:40:22 UTC 2016 - asarai@suse.de

View File

@ -57,6 +57,11 @@ Patch103: netlink_netns_powerpc.patch
# This fixes bsc#976777. While the fix is upstream, it isn't in Docker 1.10.3 or # This fixes bsc#976777. While the fix is upstream, it isn't in Docker 1.10.3 or
# Docker 1.11.0. This patch was squashed and cherry-picked from runc#708. # Docker 1.11.0. This patch was squashed and cherry-picked from runc#708.
Patch301: cve-2016-3697-numeric-uid.patch Patch301: cve-2016-3697-numeric-uid.patch
# This fixes bnc#964673. This fix is in boltdb upstream, but has yet to be
# merged into Docker (in a vendor commit). This patch was cherry-picked from
# bolt#555.
Patch302: bnc964673-boltdb-metadata-recovery.patch
Requires(post): udev
BuildRequires: audit BuildRequires: audit
BuildRequires: bash-completion BuildRequires: bash-completion
BuildRequires: device-mapper-devel >= 1.2.68 BuildRequires: device-mapper-devel >= 1.2.68
@ -100,6 +105,13 @@ ExcludeArch: s390x
%endif %endif
ExcludeArch: ppc ExcludeArch: ppc
# It's a bad idea to strip Go binaries (apart from making debugging impossible,
# it also is known to cause some interesting runtime bugs). However, rpmbuild
# will strip your binaries if it is creating debuginfo packages (as well as
# doing it by default). So we have to manually disable both of these things.
%undefine _build_create_debug
%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
%description %description
Docker complements LXC with a high-level API which operates at the process Docker complements LXC with a high-level API which operates at the process
level. It runs unix processes with strong guarantees of isolation and level. It runs unix processes with strong guarantees of isolation and
@ -167,6 +179,8 @@ Test package for docker. It contains the source code and the tests.
%endif %endif
# bsc#976777 # bsc#976777
%patch301 -p1 %patch301 -p1
# bnc#964673
%patch302 -p1
cp %{SOURCE7} . cp %{SOURCE7} .
%build %build