Accepting request 396998 from Virtualization:containers
- Fix udev files ownership (forwarded request 396996 from jordimassaguerpla) OBS-URL: https://build.opensuse.org/request/show/396998 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=34
This commit is contained in:
commit
2175f52e62
95
bnc964673-boltdb-metadata-recovery.patch
Normal file
95
bnc964673-boltdb-metadata-recovery.patch
Normal file
@ -0,0 +1,95 @@
|
|||||||
|
From 8f0e47cee034cdc08ca515d98a6733130908fc26 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Aleksa Sarai <asarai@suse.de>
|
||||||
|
Date: Mon, 16 May 2016 23:53:46 +1000
|
||||||
|
Subject: [PATCH] db: fix recovery from unsynced metadata
|
||||||
|
|
||||||
|
Bolt stores the two latest transactions' metadata, but previously did
|
||||||
|
not recover from validation failures in the latest by using the second
|
||||||
|
latest. Fix this by correctly handling validation failures in db.go, as
|
||||||
|
well as returning the metadata with highest txid which is also valid in
|
||||||
|
DB.meta().
|
||||||
|
|
||||||
|
Signed-off-by: Aleksa Sarai <asarai@suse.de>
|
||||||
|
---
|
||||||
|
vendor/src/github.com/boltdb/bolt/db.go | 49 +++++++++++++++++++++++++--------
|
||||||
|
1 file changed, 38 insertions(+), 11 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/vendor/src/github.com/boltdb/bolt/db.go b/vendor/src/github.com/boltdb/bolt/db.go
|
||||||
|
index 501d36aac24a..f713485ffab6 100644
|
||||||
|
--- a/vendor/src/github.com/boltdb/bolt/db.go
|
||||||
|
+++ b/vendor/src/github.com/boltdb/bolt/db.go
|
||||||
|
@@ -200,9 +200,15 @@ func Open(path string, mode os.FileMode, options *Options) (*DB, error) {
|
||||||
|
if _, err := db.file.ReadAt(buf[:], 0); err == nil {
|
||||||
|
m := db.pageInBuffer(buf[:], 0).meta()
|
||||||
|
if err := m.validate(); err != nil {
|
||||||
|
- return nil, err
|
||||||
|
+ // If we can't read the page size, we can assume it's the same
|
||||||
|
+ // as the OS -- since that's how the page size was chosen in the
|
||||||
|
+ // first place.
|
||||||
|
+ // XXX: Does this cause issues with opening a database on a
|
||||||
|
+ // different OS than the one it was created on?
|
||||||
|
+ db.pageSize = os.Getpagesize()
|
||||||
|
+ } else {
|
||||||
|
+ db.pageSize = int(m.pageSize)
|
||||||
|
}
|
||||||
|
- db.pageSize = int(m.pageSize)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -262,12 +268,13 @@ func (db *DB) mmap(minsz int) error {
|
||||||
|
db.meta0 = db.page(0).meta()
|
||||||
|
db.meta1 = db.page(1).meta()
|
||||||
|
|
||||||
|
- // Validate the meta pages.
|
||||||
|
- if err := db.meta0.validate(); err != nil {
|
||||||
|
- return err
|
||||||
|
- }
|
||||||
|
- if err := db.meta1.validate(); err != nil {
|
||||||
|
- return err
|
||||||
|
+ // Validate the meta pages. We only return an error if both meta pages fail
|
||||||
|
+ // validation, since meta0 failing validation means that it wasn't saved
|
||||||
|
+ // properly -- but we can recover using meta1. And vice-versa.
|
||||||
|
+ err0 := db.meta0.validate()
|
||||||
|
+ err1 := db.meta1.validate()
|
||||||
|
+ if err0 != nil && err1 != nil {
|
||||||
|
+ return fmt.Errorf("meta0(%v) meta1(%v)", err0, err1)
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
@@ -778,10 +785,30 @@ func (db *DB) pageInBuffer(b []byte, id pgid) *page {
|
||||||
|
|
||||||
|
// meta retrieves the current meta page reference.
|
||||||
|
func (db *DB) meta() *meta {
|
||||||
|
- if db.meta0.txid > db.meta1.txid {
|
||||||
|
- return db.meta0
|
||||||
|
+ // We have to return the meta with the highest txid which doesn't fail
|
||||||
|
+ // validation. Otherwise, we can cause errors when in fact the database is
|
||||||
|
+ // in a consistent state. metaA is the one with the higher txid.
|
||||||
|
+ metaA := db.meta0
|
||||||
|
+ metaB := db.meta1
|
||||||
|
+ if db.meta1.txid > db.meta0.txid {
|
||||||
|
+ metaA = db.meta1
|
||||||
|
+ metaB = db.meta0
|
||||||
|
}
|
||||||
|
- return db.meta1
|
||||||
|
+
|
||||||
|
+ errA := metaA.validate()
|
||||||
|
+ errB := metaB.validate()
|
||||||
|
+
|
||||||
|
+ if errA == nil {
|
||||||
|
+ return metaA
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if errB == nil {
|
||||||
|
+ return metaB
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ // This should never be reached, because both meta1 and meta0 were validated
|
||||||
|
+ // on mmap() and we do fsync() on every write.
|
||||||
|
+ panic("both meta0 and meta1 could not be validated in DB.meta()!")
|
||||||
|
}
|
||||||
|
|
||||||
|
// allocate returns a contiguous block of memory starting at a given page.
|
||||||
|
--
|
||||||
|
2.8.2
|
||||||
|
|
@ -1,3 +1,23 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri May 20 10:26:39 UTC 2016 - jmassaguerpla@suse.com
|
||||||
|
|
||||||
|
- Fix udev files ownership
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed May 18 14:21:09 UTC 2016 - asarai@suse.de
|
||||||
|
|
||||||
|
* Make sure we *always* build unstripped Go binaries.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon May 16 13:55:07 UTC 2016 - asarai@suse.de
|
||||||
|
|
||||||
|
* Add a patch to fix database soft corruption issues if the Docker dameon dies
|
||||||
|
in a bad state. There is a PR upstream to vendor Docker to have this fix as
|
||||||
|
well, but it probably won't get in until 1.11.2. bnc#964673
|
||||||
|
(https://github.com/docker/docker/pull/22765)
|
||||||
|
|
||||||
|
+ bnc964673-boltdb-metadata-recovery.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon May 2 07:40:22 UTC 2016 - asarai@suse.de
|
Mon May 2 07:40:22 UTC 2016 - asarai@suse.de
|
||||||
|
|
||||||
|
14
docker.spec
14
docker.spec
@ -57,6 +57,11 @@ Patch103: netlink_netns_powerpc.patch
|
|||||||
# This fixes bsc#976777. While the fix is upstream, it isn't in Docker 1.10.3 or
|
# This fixes bsc#976777. While the fix is upstream, it isn't in Docker 1.10.3 or
|
||||||
# Docker 1.11.0. This patch was squashed and cherry-picked from runc#708.
|
# Docker 1.11.0. This patch was squashed and cherry-picked from runc#708.
|
||||||
Patch301: cve-2016-3697-numeric-uid.patch
|
Patch301: cve-2016-3697-numeric-uid.patch
|
||||||
|
# This fixes bnc#964673. This fix is in boltdb upstream, but has yet to be
|
||||||
|
# merged into Docker (in a vendor commit). This patch was cherry-picked from
|
||||||
|
# bolt#555.
|
||||||
|
Patch302: bnc964673-boltdb-metadata-recovery.patch
|
||||||
|
Requires(post): udev
|
||||||
BuildRequires: audit
|
BuildRequires: audit
|
||||||
BuildRequires: bash-completion
|
BuildRequires: bash-completion
|
||||||
BuildRequires: device-mapper-devel >= 1.2.68
|
BuildRequires: device-mapper-devel >= 1.2.68
|
||||||
@ -100,6 +105,13 @@ ExcludeArch: s390x
|
|||||||
%endif
|
%endif
|
||||||
ExcludeArch: ppc
|
ExcludeArch: ppc
|
||||||
|
|
||||||
|
# It's a bad idea to strip Go binaries (apart from making debugging impossible,
|
||||||
|
# it also is known to cause some interesting runtime bugs). However, rpmbuild
|
||||||
|
# will strip your binaries if it is creating debuginfo packages (as well as
|
||||||
|
# doing it by default). So we have to manually disable both of these things.
|
||||||
|
%undefine _build_create_debug
|
||||||
|
%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Docker complements LXC with a high-level API which operates at the process
|
Docker complements LXC with a high-level API which operates at the process
|
||||||
level. It runs unix processes with strong guarantees of isolation and
|
level. It runs unix processes with strong guarantees of isolation and
|
||||||
@ -167,6 +179,8 @@ Test package for docker. It contains the source code and the tests.
|
|||||||
%endif
|
%endif
|
||||||
# bsc#976777
|
# bsc#976777
|
||||||
%patch301 -p1
|
%patch301 -p1
|
||||||
|
# bnc#964673
|
||||||
|
%patch302 -p1
|
||||||
cp %{SOURCE7} .
|
cp %{SOURCE7} .
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
Loading…
Reference in New Issue
Block a user