Accepting request 1111025 from Virtualization:containers

- Update to Docker 24.0.6-ce. See upstream changelong online at
  <https://docs.docker.com/engine/release-notes/24.0/#2406>. bsc#1215323
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * cli-0001-docs-include-required-tools-in-source-tree.patch
- Switch from disabledrun to manualrun in _service.
- Add a docker.socket unit file, but with socket activation effectively
  disabled to ensure that Docker will always run even if you start the socket
  individually. Users should probably just ignore this unit file. bsc#1210141

OBS-URL: https://build.opensuse.org/request/show/1111025
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=138
This commit is contained in:
Ana Guerrero 2023-09-14 14:25:08 +00:00 committed by Git OBS Bridge
commit 335d5bc74a
14 changed files with 409 additions and 287 deletions

View File

@ -1,4 +1,4 @@
From 2e2fdee74ce8572ff90f213a444ece63248fa01c Mon Sep 17 00:00:00 2001 From 2dedd52de834525fa533aba7854b91fdc783d821 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de> From: Aleksa Sarai <asarai@suse.de>
Date: Wed, 8 Mar 2017 12:41:54 +1100 Date: Wed, 8 Mar 2017 12:41:54 +1100
Subject: [PATCH 1/4] SECRETS: daemon: allow directory creation in /run/secrets Subject: [PATCH 1/4] SECRETS: daemon: allow directory creation in /run/secrets
@ -69,5 +69,5 @@ index 290ec59a34a7..b7013fb89c83 100644
return errors.Wrap(err, "error setting ownership for secret") return errors.Wrap(err, "error setting ownership for secret")
} }
-- --
2.40.1 2.42.0

View File

@ -1,4 +1,4 @@
From bc80631658b8b9b94ca7cf7fc6b8234e6547e947 Mon Sep 17 00:00:00 2001 From bd4c072521bdee906febc98d81ac092fcad8fc3b Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de> From: Aleksa Sarai <asarai@suse.de>
Date: Wed, 8 Mar 2017 11:43:29 +1100 Date: Wed, 8 Mar 2017 11:43:29 +1100
Subject: [PATCH 2/4] SECRETS: SUSE: implement SUSE container secrets Subject: [PATCH 2/4] SECRETS: SUSE: implement SUSE container secrets
@ -19,10 +19,10 @@ Signed-off-by: Aleksa Sarai <asarai@suse.de>
create mode 100644 daemon/suse_secrets.go create mode 100644 daemon/suse_secrets.go
diff --git a/daemon/start.go b/daemon/start.go diff --git a/daemon/start.go b/daemon/start.go
index 0b4eb6d67bcc..0bcecba31386 100644 index 2e0b9e6be847..dca04486888f 100644
--- a/daemon/start.go --- a/daemon/start.go
+++ b/daemon/start.go +++ b/daemon/start.go
@@ -152,6 +152,11 @@ func (daemon *Daemon) containerStart(ctx context.Context, container *container.C @@ -151,6 +151,11 @@ func (daemon *Daemon) containerStart(ctx context.Context, container *container.C
return err return err
} }
@ -456,5 +456,5 @@ index 000000000000..32b0ece91b59
+ return nil + return nil
+} +}
-- --
2.40.1 2.42.0

View File

@ -1,4 +1,4 @@
From 16b520570514380a706fc13363b5e5c64f9fa4e7 Mon Sep 17 00:00:00 2001 From fd0172ba27352f397ce7ff05d5dd1ec6c80054e5 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de> From: Aleksa Sarai <asarai@suse.de>
Date: Mon, 22 May 2023 15:44:54 +1000 Date: Mon, 22 May 2023 15:44:54 +1000
Subject: [PATCH 3/4] BUILD: SLE12: revert "graphdriver/btrfs: use kernel UAPI Subject: [PATCH 3/4] BUILD: SLE12: revert "graphdriver/btrfs: use kernel UAPI
@ -42,5 +42,5 @@ index d88efc4be2bb..4e976aa689cd 100644
static void set_name_btrfs_ioctl_vol_args_v2(struct btrfs_ioctl_vol_args_v2* btrfs_struct, const char* value) { static void set_name_btrfs_ioctl_vol_args_v2(struct btrfs_ioctl_vol_args_v2* btrfs_struct, const char* value) {
snprintf(btrfs_struct->name, BTRFS_SUBVOL_NAME_MAX, "%s", value); snprintf(btrfs_struct->name, BTRFS_SUBVOL_NAME_MAX, "%s", value);
-- --
2.40.1 2.42.0

View File

@ -1,4 +1,4 @@
From 45cbecbd3ee7b4f21ce32c16979631b6d87b6cf6 Mon Sep 17 00:00:00 2001 From c19fad9e09248bf390fe9b2cd38f351104f186b8 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de> From: Aleksa Sarai <asarai@suse.de>
Date: Fri, 29 Jun 2018 17:59:30 +1000 Date: Fri, 29 Jun 2018 17:59:30 +1000
Subject: [PATCH 4/4] bsc1073877: apparmor: clobber docker-default profile on Subject: [PATCH 4/4] bsc1073877: apparmor: clobber docker-default profile on
@ -69,10 +69,10 @@ index e3dc18b32b5e..9c7723056268 100644
return nil return nil
} }
diff --git a/daemon/daemon.go b/daemon/daemon.go diff --git a/daemon/daemon.go b/daemon/daemon.go
index 9be2f289696a..25fa052310e2 100644 index 4d76c5798888..15c95b50c4eb 100644
--- a/daemon/daemon.go --- a/daemon/daemon.go
+++ b/daemon/daemon.go +++ b/daemon/daemon.go
@@ -836,8 +836,9 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S @@ -839,8 +839,9 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
logrus.Warnf("Failed to configure golang's threads limit: %v", err) logrus.Warnf("Failed to configure golang's threads limit: %v", err)
} }
@ -85,5 +85,5 @@ index 9be2f289696a..25fa052310e2 100644
} }
-- --
2.40.1 2.42.0

View File

@ -1,21 +1,21 @@
<services> <services>
<service name="tar_scm" mode="disabled"> <service name="tar_scm" mode="manual">
<param name="url">https://github.com/moby/moby.git</param> <param name="url">https://github.com/moby/moby.git</param>
<param name="scm">git</param> <param name="scm">git</param>
<param name="exclude">.git</param> <param name="exclude">.git</param>
<param name="versionformat">24.0.5_ce_%h</param> <param name="versionformat">24.0.6_ce_%h</param>
<param name="revision">v24.0.5</param> <param name="revision">v24.0.6</param>
<param name="filename">docker</param> <param name="filename">docker</param>
</service> </service>
<service name="tar_scm" mode="disabled"> <service name="tar_scm" mode="manual">
<param name="url">https://github.com/docker/cli.git</param> <param name="url">https://github.com/docker/cli.git</param>
<param name="scm">git</param> <param name="scm">git</param>
<param name="exclude">.git</param> <param name="exclude">.git</param>
<param name="versionformat">24.0.5_ce</param> <param name="versionformat">24.0.6_ce</param>
<param name="revision">v24.0.5</param> <param name="revision">v24.0.6</param>
<param name="filename">docker-cli</param> <param name="filename">docker-cli</param>
</service> </service>
<service name="recompress" mode="disabled"> <service name="recompress" mode="manual">
<param name="file">docker-*.tar</param> <param name="file">docker-*.tar</param>
<param name="compression">xz</param> <param name="compression">xz</param>
</service> </service>

File diff suppressed because it is too large Load Diff

BIN
docker-24.0.5_ce_a61e2b4c9.tar.xz (Stored with Git LFS)

Binary file not shown.

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:565f1ae195dcbcae8bb0b966d053d7beb5dfafb883f79a699a12bba65a2a3e48
size 8793164

BIN
docker-cli-24.0.5_ce.tar.xz (Stored with Git LFS)

Binary file not shown.

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ad3917307bb3e4446ab625679921ee7dc7e555dfdd48f0bb7d72d59d69880265
size 3516364

View File

@ -1,8 +1,24 @@
-------------------------------------------------------------------
Thu Sep 14 01:46:30 UTC 2023 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 24.0.6-ce. See upstream changelong online at
<https://docs.docker.com/engine/release-notes/24.0/#2406>. bsc#1215323
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* cli-0001-docs-include-required-tools-in-source-tree.patch
- Switch from disabledrun to manualrun in _service.
- Add a docker.socket unit file, but with socket activation effectively
disabled to ensure that Docker will always run even if you start the socket
individually. Users should probably just ignore this unit file. bsc#1210141
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jul 25 19:40:25 UTC 2023 - Dirk Müller <dmueller@suse.com> Tue Jul 25 19:40:25 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to Docker 24.0.5-ce. See upstream changelong online at - Update to Docker 24.0.5-ce. See upstream changelong online at
<https://docs.docker.com/engine/release-notes/24.0/#2405>. bsc#1213229 <https://docs.docker.com/engine/release-notes/24.0/#2405>. bsc#1213229
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Jul 7 21:29:05 UTC 2023 - Aleksa Sarai <asarai@suse.com> Fri Jul 7 21:29:05 UTC 2023 - Aleksa Sarai <asarai@suse.com>

View File

@ -2,6 +2,12 @@
Description=Docker Application Container Engine Description=Docker Application Container Engine
Documentation=http://docs.docker.com Documentation=http://docs.docker.com
After=network.target lvm2-monitor.service firewalld.service After=network.target lvm2-monitor.service firewalld.service
# We don't use the docker socket activation, but doing this ensures that the
# docker.socket unit is alive while Docker is (docker.socket has BindsTo, so we
# only need a weak requirement to make sure starting docker.service also
# "starts" the socket service). Forcefully stopping docker.socket will not
# cause docker to die, but there's no nice workaround for that.
Wants=docker.socket
[Service] [Service]
EnvironmentFile=/etc/sysconfig/docker EnvironmentFile=/etc/sysconfig/docker

18
docker.socket Normal file
View File

@ -0,0 +1,18 @@
[Unit]
Description=Docker Socket for the API
# We use BindsTo in order to make sure that you cannot use socket-activation
# with Docker (Docker must always start at boot if enabled, otherwise
# containers will not run until some administrator interacts with Docker).
BindsTo=docker.service
[Socket]
# If /var/run is not implemented as a symlink to /run, you may need to
# specify ListenStream=/var/run/docker.sock instead.
ListenStream=/run/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
[Install]
WantedBy=sockets.target

View File

@ -31,9 +31,9 @@
# helpfully injects into our build environment from the changelog). If you want # helpfully injects into our build environment from the changelog). If you want
# to generate a new git_commit_epoch, use this: # to generate a new git_commit_epoch, use this:
# $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s' # $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s'
%define real_version 24.0.5 %define real_version 24.0.6
%define git_version a61e2b4c9 %define git_version 1a7969545d73
%define git_commit_epoch 1689962786 %define git_commit_epoch 1693336457
Name: docker Name: docker
Version: %{real_version}_ce Version: %{real_version}_ce
@ -50,12 +50,13 @@ Source1: %{name}-cli-%{version}.tar.xz
Source3: docker-rpmlintrc Source3: docker-rpmlintrc
# TODO: Move these source files to somewhere nicer. # TODO: Move these source files to somewhere nicer.
Source100: docker.service Source100: docker.service
Source101: 80-docker.rules Source101: docker.socket
Source102: sysconfig.docker Source110: 80-docker.rules
Source103: README_SUSE.md Source120: sysconfig.docker
Source104: docker-audit.rules Source130: README_SUSE.md
Source105: docker-daemon.json Source140: docker-audit.rules
Source106: docker.sysusers Source150: docker-daemon.json
Source160: docker.sysusers
# NOTE: All of these patches are maintained in <https://github.com/suse/docker> # NOTE: All of these patches are maintained in <https://github.com/suse/docker>
# in the suse-v<version> branch. Make sure you update the patches in that # in the suse-v<version> branch. Make sure you update the patches in that
# branch and then git-format-patch the patch here. # branch and then git-format-patch the patch here.
@ -107,8 +108,8 @@ Obsoletes: docker-libnetwork < 0.7.0.2
Provides: docker-libnetwork = 0.7.0.2.%{version} Provides: docker-libnetwork = 0.7.0.2.%{version}
# Required to actually run containers. We require the minimum version that is # Required to actually run containers. We require the minimum version that is
# pinned by Docker, but in order to avoid headaches we allow for updates. # pinned by Docker, but in order to avoid headaches we allow for updates.
Requires: runc >= 1.1.7 Requires: runc >= 1.1.9
Requires: containerd >= 1.6.21 Requires: containerd >= 1.7.3
# Needed for --init support. We don't use "tini", we use our own implementation # Needed for --init support. We don't use "tini", we use our own implementation
# which handles edge-cases better. # which handles edge-cases better.
Requires: catatonit Requires: catatonit
@ -202,7 +203,7 @@ Fish command line completion support for %{name}.
%setup -q -n %{name}-%{version}_%{git_version} %setup -q -n %{name}-%{version}_%{git_version}
[ "%{docker_builddir}" = "$PWD" ] [ "%{docker_builddir}" = "$PWD" ]
# README_SUSE.md for documentation. # README_SUSE.md for documentation.
cp %{SOURCE103} . cp %{SOURCE130} .
%if 0%{?is_opensuse} == 0 %if 0%{?is_opensuse} == 0
# PATCH-SUSE: Secrets patches. # PATCH-SUSE: Secrets patches.
@ -217,7 +218,7 @@ cp %{SOURCE103} .
%patch300 -p1 %patch300 -p1
%build %build
%sysusers_generate_pre %{SOURCE106} %{name} %{name}.conf %sysusers_generate_pre %{SOURCE160} %{name} %{name}.conf
BUILDTAGS="exclude_graphdriver_aufs apparmor selinux seccomp pkcs11" BUILDTAGS="exclude_graphdriver_aufs apparmor selinux seccomp pkcs11"
%if 0%{?sle_version} == 120000 %if 0%{?sle_version} == 120000
@ -279,7 +280,7 @@ install -d %{buildroot}/usr/lib/docker/cli-plugins
# /var/lib/docker # /var/lib/docker
install -d %{buildroot}/%{_localstatedir}/lib/docker install -d %{buildroot}/%{_localstatedir}/lib/docker
# daemon.json config file # daemon.json config file
install -D -m0644 %{SOURCE105} %{buildroot}%{_sysconfdir}/docker/daemon.json install -D -m0644 %{SOURCE150} %{buildroot}%{_sysconfdir}/docker/daemon.json
# docker cli # docker cli
install -D -m0755 %{cli_builddir}/build/docker %{buildroot}/%{_bindir}/docker install -D -m0755 %{cli_builddir}/build/docker %{buildroot}/%{_bindir}/docker
@ -289,17 +290,18 @@ install -D -m0644 %{cli_builddir}/contrib/completion/fish/docker.fish "%{buildro
# systemd service # systemd service
install -D -m0644 %{SOURCE100} %{buildroot}%{_unitdir}/%{name}.service install -D -m0644 %{SOURCE100} %{buildroot}%{_unitdir}/%{name}.service
install -D -m0644 %{SOURCE101} %{buildroot}%{_unitdir}/%{name}.socket
ln -sf service %{buildroot}%{_sbindir}/rcdocker ln -sf service %{buildroot}%{_sbindir}/rcdocker
# udev rules that prevents dolphin to show all docker devices and slows down # udev rules that prevents dolphin to show all docker devices and slows down
# upstream report https://bugs.kde.org/show_bug.cgi?id=329930 # upstream report https://bugs.kde.org/show_bug.cgi?id=329930
install -D -m0644 %{SOURCE101} %{buildroot}%{_udevrulesdir}/80-%{name}.rules install -D -m0644 %{SOURCE110} %{buildroot}%{_udevrulesdir}/80-%{name}.rules
# audit rules # audit rules
install -D -m0640 %{SOURCE104} %{buildroot}%{_sysconfdir}/audit/rules.d/%{name}.rules install -D -m0640 %{SOURCE140} %{buildroot}%{_sysconfdir}/audit/rules.d/%{name}.rules
# sysconfig file # sysconfig file
install -D -m0644 %{SOURCE102} %{buildroot}%{_fillupdir}/sysconfig.docker install -D -m0644 %{SOURCE120} %{buildroot}%{_fillupdir}/sysconfig.docker
# install manpages (using the ones from the engine) # install manpages (using the ones from the engine)
install -d %{buildroot}%{_mandir}/man1 install -d %{buildroot}%{_mandir}/man1
@ -310,7 +312,7 @@ install -d %{buildroot}%{_mandir}/man8
install -p -m0644 %{cli_builddir}/man/man8/*.8 %{buildroot}%{_mandir}/man8 install -p -m0644 %{cli_builddir}/man/man8/*.8 %{buildroot}%{_mandir}/man8
# sysusers.d # sysusers.d
install -D -m0644 %{SOURCE106} %{buildroot}%{_sysusersdir}/%{name}.conf install -D -m0644 %{SOURCE160} %{buildroot}%{_sysusersdir}/%{name}.conf
# rootless extras # rootless extras
install -D -p -m 0755 contrib/dockerd-rootless.sh %{buildroot}/%{_bindir}/dockerd-rootless.sh install -D -p -m 0755 contrib/dockerd-rootless.sh %{buildroot}/%{_bindir}/dockerd-rootless.sh
@ -334,17 +336,17 @@ grep -q '^dockremap:' /etc/subgid || \
usermod -w 100000000-200000000 dockremap &>/dev/null || \ usermod -w 100000000-200000000 dockremap &>/dev/null || \
echo "dockremap:100000000:100000001" >>/etc/subgid ||: echo "dockremap:100000000:100000001" >>/etc/subgid ||:
%service_add_pre %{name}.service %service_add_pre %{name}.service %{name}.socket
%post %post
%service_add_post %{name}.service %service_add_post %{name}.service %{name}.socket
%{fillup_only -n docker} %{fillup_only -n docker}
%preun %preun
%service_del_preun %{name}.service %service_del_preun %{name}.service %{name}.socket
%postun %postun
%service_del_postun %{name}.service %service_del_postun %{name}.service %{name}.socket
%files %files
%defattr(-,root,root) %defattr(-,root,root)
@ -360,6 +362,7 @@ grep -q '^dockremap:' /etc/subgid || \
%dir /usr/lib/docker/cli-plugins %dir /usr/lib/docker/cli-plugins
%{_unitdir}/%{name}.service %{_unitdir}/%{name}.service
%{_unitdir}/%{name}.socket
%{_sysusersdir}/%{name}.conf %{_sysusersdir}/%{name}.conf
%dir %{_sysconfdir}/docker %dir %{_sysconfdir}/docker