- Update to Docker 20.10.2-ce. See upstream changelog in the packaged

/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1181594

OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=352
This commit is contained in:
Aleksa Sarai 2021-01-30 01:14:10 +00:00 committed by Git OBS Bridge
parent 1d083259ee
commit 39b2909083
15 changed files with 497 additions and 668 deletions

View File

@ -0,0 +1,110 @@
From 9961826453fee3b52244ba920359b9e2f9ad137c Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Thu, 29 Nov 2018 20:53:16 +1100
Subject: [PATCH 1/5] PACKAGING: revert "Remove 'docker-' prefix for containerd
and runc binaries"
This reverts commit 34eede0296bce6a9c335cb429f10728ae3f4252d, as it
would significantly break openSUSE's packaging (as well as causing
conflicts between the very-outdated runc that Docker uses and the more
up-to-date one available for Podman).
Signed-off-by: Aleksa Sarai <asarai@suse.de>
---
builder/builder-next/executor_unix.go | 2 +-
daemon/daemon_unix.go | 8 ++++++--
libcontainerd/supervisor/remote_daemon.go | 4 ++--
libcontainerd/supervisor/remote_daemon_linux.go | 4 ++--
libcontainerd/supervisor/remote_daemon_windows.go | 4 ++--
5 files changed, 13 insertions(+), 9 deletions(-)
diff --git a/builder/builder-next/executor_unix.go b/builder/builder-next/executor_unix.go
index c052ec707fec..d1caf53f5023 100644
--- a/builder/builder-next/executor_unix.go
+++ b/builder/builder-next/executor_unix.go
@@ -32,7 +32,7 @@ func newExecutor(root, cgroupParent string, net libnetwork.NetworkController, dn
}
return runcexecutor.New(runcexecutor.Opt{
Root: filepath.Join(root, "executor"),
- CommandCandidates: []string{"runc"},
+ CommandCandidates: []string{"docker-runc", "runc"},
DefaultCgroupParent: cgroupParent,
Rootless: rootless,
NoPivot: os.Getenv("DOCKER_RAMDISK") != "",
diff --git a/daemon/daemon_unix.go b/daemon/daemon_unix.go
index 5fa688dff4c7..f610fdb01d27 100644
--- a/daemon/daemon_unix.go
+++ b/daemon/daemon_unix.go
@@ -58,11 +58,11 @@ const (
// DefaultShimBinary is the default shim to be used by containerd if none
// is specified
- DefaultShimBinary = "containerd-shim"
+ DefaultShimBinary = "docker-containerd-shim"
// DefaultRuntimeBinary is the default runtime to be used by
// containerd if none is specified
- DefaultRuntimeBinary = "runc"
+ DefaultRuntimeBinary = "docker-runc"
// See https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/tree/kernel/sched/sched.h?id=8cd9234c64c584432f6992fe944ca9e46ca8ea76#n269
linuxMinCPUShares = 2
@@ -78,6 +78,10 @@ const (
cgroupFsDriver = "cgroupfs"
cgroupSystemdDriver = "systemd"
cgroupNoneDriver = "none"
+
+ // DefaultRuntimeName is the default runtime to be used by
+ // containerd if none is specified
+ DefaultRuntimeName = "docker-runc"
)
type containerGetter interface {
diff --git a/libcontainerd/supervisor/remote_daemon.go b/libcontainerd/supervisor/remote_daemon.go
index 3538612246f4..f17868a7e1f8 100644
--- a/libcontainerd/supervisor/remote_daemon.go
+++ b/libcontainerd/supervisor/remote_daemon.go
@@ -27,8 +27,8 @@ const (
shutdownTimeout = 15 * time.Second
startupTimeout = 15 * time.Second
configFile = "containerd.toml"
- binaryName = "containerd"
- pidFile = "containerd.pid"
+ binaryName = "docker-containerd"
+ pidFile = "docker-containerd.pid"
)
type pluginConfigs struct {
diff --git a/libcontainerd/supervisor/remote_daemon_linux.go b/libcontainerd/supervisor/remote_daemon_linux.go
index d229881a62b3..da93fc45371d 100644
--- a/libcontainerd/supervisor/remote_daemon_linux.go
+++ b/libcontainerd/supervisor/remote_daemon_linux.go
@@ -11,8 +11,8 @@ import (
)
const (
- sockFile = "containerd.sock"
- debugSockFile = "containerd-debug.sock"
+ sockFile = "docker-containerd.sock"
+ debugSockFile = "docker-containerd-debug.sock"
)
func (r *remote) setDefaults() {
diff --git a/libcontainerd/supervisor/remote_daemon_windows.go b/libcontainerd/supervisor/remote_daemon_windows.go
index 9b254ef58a0a..bcdc9529e0f7 100644
--- a/libcontainerd/supervisor/remote_daemon_windows.go
+++ b/libcontainerd/supervisor/remote_daemon_windows.go
@@ -7,8 +7,8 @@ import (
)
const (
- grpcPipeName = `\\.\pipe\containerd-containerd`
- debugPipeName = `\\.\pipe\containerd-debug`
+ grpcPipeName = `\\.\pipe\docker-containerd-containerd`
+ debugPipeName = `\\.\pipe\docker-containerd-debug`
)
func (r *remote) setDefaults() {
--
2.30.0

View File

@ -1,7 +1,7 @@
From 47b241f184e61474957c4ffb8a3dcbaa543eadb9 Mon Sep 17 00:00:00 2001 From e24062ca12b575bc417fea2f46544ccd18e5f1eb Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de> From: Aleksa Sarai <asarai@suse.de>
Date: Wed, 8 Mar 2017 12:41:54 +1100 Date: Wed, 8 Mar 2017 12:41:54 +1100
Subject: [PATCH 1/2] daemon: allow directory creation in /run/secrets Subject: [PATCH 2/5] SECRETS: daemon: allow directory creation in /run/secrets
Since FileMode can have the directory bit set, allow a SecretStore Since FileMode can have the directory bit set, allow a SecretStore
implementation to return secrets that are actually directories. This is implementation to return secrets that are actually directories. This is
@ -10,13 +10,13 @@ useful for creating directories and subdirectories of secrets.
Signed-off-by: Antonio Murdaca <runcom@redhat.com> Signed-off-by: Antonio Murdaca <runcom@redhat.com>
Signed-off-by: Aleksa Sarai <asarai@suse.de> Signed-off-by: Aleksa Sarai <asarai@suse.de>
--- ---
.../daemon/container_operations_unix.go | 24 ++++++++++++++++--- daemon/container_operations_unix.go | 24 +++++++++++++++++++++---
1 file changed, 21 insertions(+), 3 deletions(-) 1 file changed, 21 insertions(+), 3 deletions(-)
diff --git a/components/engine/daemon/container_operations_unix.go b/components/engine/daemon/container_operations_unix.go diff --git a/daemon/container_operations_unix.go b/daemon/container_operations_unix.go
index 3fcdc1913bed..4920def81a7e 100644 index f4f1bd2c0b6a..f18f522485ee 100644
--- a/components/engine/daemon/container_operations_unix.go --- a/daemon/container_operations_unix.go
+++ b/components/engine/daemon/container_operations_unix.go +++ b/daemon/container_operations_unix.go
@@ -3,6 +3,7 @@ @@ -3,6 +3,7 @@
package daemon // import "github.com/docker/docker/daemon" package daemon // import "github.com/docker/docker/daemon"
@ -31,9 +31,9 @@ index 3fcdc1913bed..4920def81a7e 100644
"github.com/docker/docker/errdefs" "github.com/docker/docker/errdefs"
+ "github.com/docker/docker/pkg/archive" + "github.com/docker/docker/pkg/archive"
"github.com/docker/docker/pkg/idtools" "github.com/docker/docker/pkg/idtools"
"github.com/docker/docker/pkg/mount"
"github.com/docker/docker/pkg/stringid" "github.com/docker/docker/pkg/stringid"
@@ -206,9 +208,6 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) { "github.com/docker/docker/pkg/system"
@@ -207,9 +209,6 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
if err != nil { if err != nil {
return errors.Wrap(err, "unable to get secret from secret store") return errors.Wrap(err, "unable to get secret from secret store")
} }
@ -43,7 +43,7 @@ index 3fcdc1913bed..4920def81a7e 100644
uid, err := strconv.Atoi(s.File.UID) uid, err := strconv.Atoi(s.File.UID)
if err != nil { if err != nil {
@@ -219,6 +218,25 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) { @@ -220,6 +219,25 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
return err return err
} }

View File

@ -1,7 +1,7 @@
From 3b3a583ef0704d1a83d172c8a996b1d536e2839b Mon Sep 17 00:00:00 2001 From 3469fd3b7da0477ba781d95b02bd698c770916f6 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de> From: Aleksa Sarai <asarai@suse.de>
Date: Wed, 8 Mar 2017 11:43:29 +1100 Date: Wed, 8 Mar 2017 11:43:29 +1100
Subject: [PATCH 2/2] SUSE: implement SUSE container secrets Subject: [PATCH 3/5] SECRETS: SUSE: implement SUSE container secrets
This allows for us to pass in host credentials to a container, allowing This allows for us to pass in host credentials to a container, allowing
for SUSEConnect to work with containers. for SUSEConnect to work with containers.
@ -13,16 +13,16 @@ MAKES BUILDS NOT ENTIRELY REPRODUCIBLE.
SUSE-Bugs: bsc#1065609 bsc#1057743 bsc#1055676 bsc#1030702 SUSE-Bugs: bsc#1065609 bsc#1057743 bsc#1055676 bsc#1030702
Signed-off-by: Aleksa Sarai <asarai@suse.de> Signed-off-by: Aleksa Sarai <asarai@suse.de>
--- ---
components/engine/daemon/start.go | 5 + daemon/start.go | 5 +
components/engine/daemon/suse_secrets.go | 406 +++++++++++++++++++++++ daemon/suse_secrets.go | 410 +++++++++++++++++++++++++++++++++++++++++
2 files changed, 411 insertions(+) 2 files changed, 415 insertions(+)
create mode 100644 components/engine/daemon/suse_secrets.go create mode 100644 daemon/suse_secrets.go
diff --git a/components/engine/daemon/start.go b/components/engine/daemon/start.go diff --git a/daemon/start.go b/daemon/start.go
index 57a7267b7cbb..46c3a603554f 100644 index d9bc082b1078..091dae2ae65e 100644
--- a/components/engine/daemon/start.go --- a/daemon/start.go
+++ b/components/engine/daemon/start.go +++ b/daemon/start.go
@@ -151,6 +151,11 @@ func (daemon *Daemon) containerStart(container *container.Container, checkpoint @@ -150,6 +150,11 @@ func (daemon *Daemon) containerStart(container *container.Container, checkpoint
return err return err
} }
@ -34,15 +34,15 @@ index 57a7267b7cbb..46c3a603554f 100644
spec, err := daemon.createSpec(container) spec, err := daemon.createSpec(container)
if err != nil { if err != nil {
return errdefs.System(err) return errdefs.System(err)
diff --git a/components/engine/daemon/suse_secrets.go b/components/engine/daemon/suse_secrets.go diff --git a/daemon/suse_secrets.go b/daemon/suse_secrets.go
new file mode 100644 new file mode 100644
index 000000000000..e8de931cb7ca index 000000000000..177efcb22295
--- /dev/null --- /dev/null
+++ b/components/engine/daemon/suse_secrets.go +++ b/daemon/suse_secrets.go
@@ -0,0 +1,406 @@ @@ -0,0 +1,410 @@
+/* +/*
+ * suse-secrets: patch for Docker to implement SUSE secrets + * suse-secrets: patch for Docker to implement SUSE secrets
+ * Copyright (C) 2017 SUSE LLC. + * Copyright (C) 2017-2021 SUSE LLC.
+ * + *
+ * Licensed under the Apache License, Version 2.0 (the "License"); + * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License. + * you may not use this file except in compliance with the License.
@ -68,17 +68,18 @@ index 000000000000..e8de931cb7ca
+ "os" + "os"
+ "path/filepath" + "path/filepath"
+ "strings" + "strings"
+ "syscall"
+ +
+ "github.com/docker/docker/container" + "github.com/docker/docker/container"
+ "github.com/docker/docker/pkg/archive" + "github.com/docker/docker/pkg/archive"
+ "github.com/docker/docker/pkg/idtools" + "github.com/docker/docker/pkg/idtools"
+ "github.com/opencontainers/go-digest"
+ "github.com/sirupsen/logrus"
+ +
+ swarmtypes "github.com/docker/docker/api/types/swarm" + swarmtypes "github.com/docker/docker/api/types/swarm"
+ swarmexec "github.com/docker/swarmkit/agent/exec" + swarmexec "github.com/docker/swarmkit/agent/exec"
+ swarmapi "github.com/docker/swarmkit/api" + swarmapi "github.com/docker/swarmkit/api"
+
+ "github.com/opencontainers/go-digest"
+ "github.com/sirupsen/logrus"
+ "golang.org/x/sys/unix"
+) +)
+ +
+func init() { +func init() {
@ -148,7 +149,7 @@ index 000000000000..e8de931cb7ca
+ // Ignore missing files. + // Ignore missing files.
+ if os.IsNotExist(err) { + if os.IsNotExist(err) {
+ // If the path itself exists it was a dangling symlink so give a + // If the path itself exists it was a dangling symlink so give a
+ // warning about the dangling symlink. + // warning about the symlink dangling.
+ _, err2 := os.Lstat(path) + _, err2 := os.Lstat(path)
+ if !os.IsNotExist(err2) { + if !os.IsNotExist(err2) {
+ logrus.Warnf("SUSE:secrets :: ignoring dangling symlink: %s", path) + logrus.Warnf("SUSE:secrets :: ignoring dangling symlink: %s", path)
@ -158,7 +159,7 @@ index 000000000000..e8de931cb7ca
+ return nil, err + return nil, err
+ } else if !fi.IsDir() { + } else if !fi.IsDir() {
+ // Just to be safe. + // Just to be safe.
+ logrus.Warnf("SUSE:secrets :: expected %q to be a directory, but was a file", path) + logrus.Infof("SUSE:secrets :: expected %q to be a directory, but was a file", path)
+ return readFile(prefix, dir) + return readFile(prefix, dir)
+ } + }
+ path, err = filepath.EvalSymlinks(path) + path, err = filepath.EvalSymlinks(path)
@ -269,7 +270,7 @@ index 000000000000..e8de931cb7ca
+ // Ignore missing files. + // Ignore missing files.
+ if os.IsNotExist(err) { + if os.IsNotExist(err) {
+ // If the path itself exists it was a dangling symlink so give a + // If the path itself exists it was a dangling symlink so give a
+ // warning about the dangling symlink. + // warning about the symlink dangling.
+ _, err2 := os.Lstat(path) + _, err2 := os.Lstat(path)
+ if !os.IsNotExist(err2) { + if !os.IsNotExist(err2) {
+ logrus.Warnf("SUSE:secrets :: ignoring dangling symlink: %s", path) + logrus.Warnf("SUSE:secrets :: ignoring dangling symlink: %s", path)
@ -279,13 +280,16 @@ index 000000000000..e8de931cb7ca
+ return nil, err + return nil, err
+ } else if fi.IsDir() { + } else if fi.IsDir() {
+ // Just to be safe. + // Just to be safe.
+ logrus.Warnf("SUSE:secrets :: expected %q to be a file, but was a directory", path) + logrus.Infof("SUSE:secrets :: expected %q to be a file, but was a directory", path)
+ return readDir(prefix, file) + return readDir(prefix, file)
+ } + }
+ +
+ stat, ok := fi.Sys().(*syscall.Stat_t) + var uid, gid int
+ if !ok { + if stat, ok := fi.Sys().(*unix.Stat_t); ok {
+ uid, gid = int(stat.Uid), int(stat.Gid)
+ } else {
+ logrus.Warnf("SUSE:secrets :: failed to cast file stat_t: defaulting to owned by root:root: %s", path) + logrus.Warnf("SUSE:secrets :: failed to cast file stat_t: defaulting to owned by root:root: %s", path)
+ uid, gid = 0, 0
+ } + }
+ +
+ bytes, err := ioutil.ReadFile(path) + bytes, err := ioutil.ReadFile(path)
@ -296,8 +300,8 @@ index 000000000000..e8de931cb7ca
+ var suseFiles []*SuseFakeFile + var suseFiles []*SuseFakeFile
+ suseFiles = append(suseFiles, &SuseFakeFile{ + suseFiles = append(suseFiles, &SuseFakeFile{
+ Path: file, + Path: file,
+ Uid: int(stat.Uid), + Uid: uid,
+ Gid: int(stat.Gid), + Gid: gid,
+ Mode: fi.Mode(), + Mode: fi.Mode(),
+ Data: bytes, + Data: bytes,
+ }) + })

View File

@ -1,11 +1,11 @@
From 69d43a9550cdedf86b0d4b29e9d737af90221109 Mon Sep 17 00:00:00 2001 From 3e63781e1bf40affdb884ddd83b82fc51c54d88a Mon Sep 17 00:00:00 2001
From: Valentin Rothberg <vrothberg@suse.com> From: Valentin Rothberg <vrothberg@suse.com>
Date: Mon, 2 Jul 2018 13:37:34 +0200 Date: Mon, 2 Jul 2018 13:37:34 +0200
Subject: [PATCH] Add private-registry mirror support Subject: [PATCH 4/5] PRIVATE-REGISTRY: add private-registry mirror support
NOTE: This is a backport/downstream patch of the upstream pull-request NOTE: This is a backport/downstream patch of the upstream pull-request
for Moby, which is still subject to changes. Please visit for Moby, which is still subject to changes. Please visit
https://github.com/moby/moby/pull/34319 for the current status. <https://github.com/moby/moby/pull/34319> for the current status.
Add support for mirroring private registries. The daemon.json config Add support for mirroring private registries. The daemon.json config
can now be configured as exemplified below: can now be configured as exemplified below:
@ -65,24 +65,24 @@ Signed-off-by: Flavio Castelli <fcastelli@suse.com>
Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Signed-off-by: Aleksa Sarai <asarai@suse.de> Signed-off-by: Aleksa Sarai <asarai@suse.de>
--- ---
.../engine/api/types/registry/registry.go | 144 ++++++++++++++++++ api/types/registry/registry.go | 144 +++++++++++++++++++++++++++++++++
components/engine/daemon/config/config.go | 4 + daemon/config/config.go | 4 +
components/engine/daemon/reload.go | 33 ++++ daemon/reload.go | 33 ++++++++
components/engine/daemon/reload_test.go | 95 ++++++++++++ daemon/reload_test.go | 95 ++++++++++++++++++++++
components/engine/distribution/pull.go | 2 +- distribution/pull.go | 2 +-
components/engine/distribution/pull_v2.go | 2 +- distribution/pull_v2.go | 2 +-
components/engine/distribution/push.go | 2 +- distribution/push.go | 2 +-
components/engine/registry/config.go | 124 ++++++++++++++- registry/config.go | 126 ++++++++++++++++++++++++++++-
components/engine/registry/config_test.go | 136 +++++++++++++++++ registry/config_test.go | 142 ++++++++++++++++++++++++++++++++
components/engine/registry/registry_test.go | 91 ++++++++++- registry/registry_test.go | 99 ++++++++++++++++++++---
components/engine/registry/service.go | 45 ++++-- registry/service.go | 43 +++++++---
components/engine/registry/service_v2.go | 66 +++++--- registry/service_v2.go | 64 +++++++++++----
12 files changed, 697 insertions(+), 47 deletions(-) 12 files changed, 710 insertions(+), 46 deletions(-)
diff --git a/components/engine/api/types/registry/registry.go b/components/engine/api/types/registry/registry.go diff --git a/api/types/registry/registry.go b/api/types/registry/registry.go
index 8789ad3b3210..c663fec7d881 100644 index 53e47084c8d5..b4bb9ef805d3 100644
--- a/components/engine/api/types/registry/registry.go --- a/api/types/registry/registry.go
+++ b/components/engine/api/types/registry/registry.go +++ b/api/types/registry/registry.go
@@ -2,7 +2,10 @@ package registry // import "github.com/docker/docker/api/types/registry" @@ -2,7 +2,10 @@ package registry // import "github.com/docker/docker/api/types/registry"
import ( import (
@ -92,7 +92,7 @@ index 8789ad3b3210..c663fec7d881 100644
+ "net/url" + "net/url"
+ "strings" + "strings"
"github.com/opencontainers/image-spec/specs-go/v1" v1 "github.com/opencontainers/image-spec/specs-go/v1"
) )
@@ -14,6 +17,147 @@ type ServiceConfig struct { @@ -14,6 +17,147 @@ type ServiceConfig struct {
InsecureRegistryCIDRs []*NetIPNet `json:"InsecureRegistryCIDRs"` InsecureRegistryCIDRs []*NetIPNet `json:"InsecureRegistryCIDRs"`
@ -242,11 +242,11 @@ index 8789ad3b3210..c663fec7d881 100644
} }
// NetIPNet is the net.IPNet type, which can be marshalled and // NetIPNet is the net.IPNet type, which can be marshalled and
diff --git a/components/engine/daemon/config/config.go b/components/engine/daemon/config/config.go diff --git a/daemon/config/config.go b/daemon/config/config.go
index 80ecbbd9550d..8ce69714d9bf 100644 index 4990727597c9..f3a53c692d73 100644
--- a/components/engine/daemon/config/config.go --- a/daemon/config/config.go
+++ b/components/engine/daemon/config/config.go +++ b/daemon/config/config.go
@@ -467,6 +467,10 @@ func findConfigurationConflicts(config map[string]interface{}, flags *pflag.Flag @@ -482,6 +482,10 @@ func findConfigurationConflicts(config map[string]interface{}, flags *pflag.Flag
// 1. Search keys from the file that we don't recognize as flags. // 1. Search keys from the file that we don't recognize as flags.
unknownKeys := make(map[string]interface{}) unknownKeys := make(map[string]interface{})
for key, value := range config { for key, value := range config {
@ -257,11 +257,11 @@ index 80ecbbd9550d..8ce69714d9bf 100644
if flag := flags.Lookup(key); flag == nil && !skipValidateOptions[key] { if flag := flags.Lookup(key); flag == nil && !skipValidateOptions[key] {
unknownKeys[key] = value unknownKeys[key] = value
} }
diff --git a/components/engine/daemon/reload.go b/components/engine/daemon/reload.go diff --git a/daemon/reload.go b/daemon/reload.go
index a31dd0cb87c1..99cc4a65a79d 100644 index 72379c054ef6..1e4afe9b3b03 100644
--- a/components/engine/daemon/reload.go --- a/daemon/reload.go
+++ b/components/engine/daemon/reload.go +++ b/daemon/reload.go
@@ -21,8 +21,14 @@ import ( @@ -22,8 +22,14 @@ import (
// - Daemon labels // - Daemon labels
// - Insecure registries // - Insecure registries
// - Registry mirrors // - Registry mirrors
@ -276,7 +276,7 @@ index a31dd0cb87c1..99cc4a65a79d 100644
daemon.configStore.Lock() daemon.configStore.Lock()
attributes := map[string]string{} attributes := map[string]string{}
@@ -65,6 +71,9 @@ func (daemon *Daemon) Reload(conf *config.Config) (err error) { @@ -69,6 +75,9 @@ func (daemon *Daemon) Reload(conf *config.Config) (err error) {
if err := daemon.reloadLiveRestore(conf, attributes); err != nil { if err := daemon.reloadLiveRestore(conf, attributes); err != nil {
return err return err
} }
@ -286,7 +286,7 @@ index a31dd0cb87c1..99cc4a65a79d 100644
return daemon.reloadNetworkDiagnosticPort(conf, attributes) return daemon.reloadNetworkDiagnosticPort(conf, attributes)
} }
@@ -295,6 +304,30 @@ func (daemon *Daemon) reloadRegistryMirrors(conf *config.Config, attributes map[ @@ -320,6 +329,30 @@ func (daemon *Daemon) reloadRegistryMirrors(conf *config.Config, attributes map[
return nil return nil
} }
@ -317,10 +317,10 @@ index a31dd0cb87c1..99cc4a65a79d 100644
// reloadLiveRestore updates configuration with live restore option // reloadLiveRestore updates configuration with live restore option
// and updates the passed attributes // and updates the passed attributes
func (daemon *Daemon) reloadLiveRestore(conf *config.Config, attributes map[string]string) error { func (daemon *Daemon) reloadLiveRestore(conf *config.Config, attributes map[string]string) error {
diff --git a/components/engine/daemon/reload_test.go b/components/engine/daemon/reload_test.go diff --git a/daemon/reload_test.go b/daemon/reload_test.go
index ffad297f71b7..21733c3f1e33 100644 index 4a8466616dee..46664f4b1eda 100644
--- a/components/engine/daemon/reload_test.go --- a/daemon/reload_test.go
+++ b/components/engine/daemon/reload_test.go +++ b/daemon/reload_test.go
@@ -7,6 +7,7 @@ import ( @@ -7,6 +7,7 @@ import (
"testing" "testing"
"time" "time"
@ -329,7 +329,7 @@ index ffad297f71b7..21733c3f1e33 100644
"github.com/docker/docker/daemon/config" "github.com/docker/docker/daemon/config"
"github.com/docker/docker/daemon/images" "github.com/docker/docker/daemon/images"
"github.com/docker/docker/pkg/discovery" "github.com/docker/docker/pkg/discovery"
@@ -201,6 +202,100 @@ func TestDaemonReloadMirrors(t *testing.T) { @@ -211,6 +212,100 @@ func TestDaemonReloadMirrors(t *testing.T) {
} }
} }
@ -430,11 +430,11 @@ index ffad297f71b7..21733c3f1e33 100644
func TestDaemonReloadInsecureRegistries(t *testing.T) { func TestDaemonReloadInsecureRegistries(t *testing.T) {
daemon := &Daemon{ daemon := &Daemon{
imageService: images.NewImageService(images.ImageServiceConfig{}), imageService: images.NewImageService(images.ImageServiceConfig{}),
diff --git a/components/engine/distribution/pull.go b/components/engine/distribution/pull.go diff --git a/distribution/pull.go b/distribution/pull.go
index be366ce4a99b..49e0d0352778 100644 index c8ddd4c5cfcd..b17e9d25d6c2 100644
--- a/components/engine/distribution/pull.go --- a/distribution/pull.go
+++ b/components/engine/distribution/pull.go +++ b/distribution/pull.go
@@ -58,7 +58,7 @@ func Pull(ctx context.Context, ref reference.Named, imagePullConfig *ImagePullCo @@ -61,7 +61,7 @@ func Pull(ctx context.Context, ref reference.Named, imagePullConfig *ImagePullCo
return err return err
} }
@ -443,11 +443,11 @@ index be366ce4a99b..49e0d0352778 100644
if err != nil { if err != nil {
return err return err
} }
diff --git a/components/engine/distribution/pull_v2.go b/components/engine/distribution/pull_v2.go diff --git a/distribution/pull_v2.go b/distribution/pull_v2.go
index dd91ff2157b1..2640f6134e5d 100644 index 12497ea890e7..926e02f851fd 100644
--- a/components/engine/distribution/pull_v2.go --- a/distribution/pull_v2.go
+++ b/components/engine/distribution/pull_v2.go +++ b/distribution/pull_v2.go
@@ -379,7 +379,7 @@ func (p *v2Puller) pullV2Tag(ctx context.Context, ref reference.Named, platform @@ -431,7 +431,7 @@ func (p *v2Puller) pullV2Tag(ctx context.Context, ref reference.Named, platform
// the other side speaks the v2 protocol. // the other side speaks the v2 protocol.
p.confirmedV2 = true p.confirmedV2 = true
@ -456,10 +456,10 @@ index dd91ff2157b1..2640f6134e5d 100644
progress.Message(p.config.ProgressOutput, tagOrDigest, "Pulling from "+reference.FamiliarName(p.repo.Named())) progress.Message(p.config.ProgressOutput, tagOrDigest, "Pulling from "+reference.FamiliarName(p.repo.Named()))
var ( var (
diff --git a/components/engine/distribution/push.go b/components/engine/distribution/push.go diff --git a/distribution/push.go b/distribution/push.go
index 5617a4c95f49..0a24aebed968 100644 index 5617a4c95f49..0a24aebed968 100644
--- a/components/engine/distribution/push.go --- a/distribution/push.go
+++ b/components/engine/distribution/push.go +++ b/distribution/push.go
@@ -58,7 +58,7 @@ func Push(ctx context.Context, ref reference.Named, imagePushConfig *ImagePushCo @@ -58,7 +58,7 @@ func Push(ctx context.Context, ref reference.Named, imagePushConfig *ImagePushCo
return err return err
} }
@ -469,10 +469,10 @@ index 5617a4c95f49..0a24aebed968 100644
if err != nil { if err != nil {
return err return err
} }
diff --git a/components/engine/registry/config.go b/components/engine/registry/config.go diff --git a/registry/config.go b/registry/config.go
index 6bb9258c9b6f..f1945237d235 100644 index 54b83fa40aab..e1ba24b83bdd 100644
--- a/components/engine/registry/config.go --- a/registry/config.go
+++ b/components/engine/registry/config.go +++ b/registry/config.go
@@ -14,11 +14,12 @@ import ( @@ -14,11 +14,12 @@ import (
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
) )
@ -490,9 +490,9 @@ index 6bb9258c9b6f..f1945237d235 100644
} }
// serviceConfig holds daemon configuration for the registry service. // serviceConfig holds daemon configuration for the registry service.
@@ -62,8 +63,21 @@ var ( @@ -59,8 +60,21 @@ var (
// for mocking in unit tests lookupIP = net.LookupIP
var lookupIP = net.LookupIP )
+// CompatCheck performs some compatibility checks among the config options and +// CompatCheck performs some compatibility checks among the config options and
+// returns an error in case of conflicts. +// returns an error in case of conflicts.
@ -512,7 +512,7 @@ index 6bb9258c9b6f..f1945237d235 100644
config := &serviceConfig{ config := &serviceConfig{
ServiceConfig: registrytypes.ServiceConfig{ ServiceConfig: registrytypes.ServiceConfig{
InsecureRegistryCIDRs: make([]*registrytypes.NetIPNet, 0), InsecureRegistryCIDRs: make([]*registrytypes.NetIPNet, 0),
@@ -81,10 +95,104 @@ func newServiceConfig(options ServiceOptions) (*serviceConfig, error) { @@ -78,10 +92,106 @@ func newServiceConfig(options ServiceOptions) (*serviceConfig, error) {
if err := config.LoadInsecureRegistries(options.InsecureRegistries); err != nil { if err := config.LoadInsecureRegistries(options.InsecureRegistries); err != nil {
return nil, err return nil, err
} }
@ -546,7 +546,9 @@ index 6bb9258c9b6f..f1945237d235 100644
+ inUse[mirror.URL.Host()] = reg.URL.Host() + inUse[mirror.URL.Host()] = reg.URL.Host()
+ // also warnf if seucurity levels differ + // also warnf if seucurity levels differ
+ if reg.URL.IsSecure() != mirror.URL.IsSecure() { + if reg.URL.IsSecure() != mirror.URL.IsSecure() {
+ logrus.Warnf("registry '%s' and mirror '%s' have different security levels", reg.URL.URL(), mirror.URL.URL()) + regURL := reg.URL.URL()
+ mirrorURL := mirror.URL.URL()
+ logrus.Warnf("registry '%s' and mirror '%s' have different security levels", &regURL, &mirrorURL)
+ } + }
+ } + }
+ if reg.URL.IsSecure() && len(reg.Mirrors) == 0 { + if reg.URL.IsSecure() && len(reg.Mirrors) == 0 {
@ -617,7 +619,7 @@ index 6bb9258c9b6f..f1945237d235 100644
// LoadAllowNondistributableArtifacts loads allow-nondistributable-artifacts registries into config. // LoadAllowNondistributableArtifacts loads allow-nondistributable-artifacts registries into config.
func (config *serviceConfig) LoadAllowNondistributableArtifacts(registries []string) error { func (config *serviceConfig) LoadAllowNondistributableArtifacts(registries []string) error {
cidrs := map[string]*registrytypes.NetIPNet{} cidrs := map[string]*registrytypes.NetIPNet{}
@@ -125,6 +233,10 @@ func (config *serviceConfig) LoadAllowNondistributableArtifacts(registries []str @@ -122,6 +232,10 @@ func (config *serviceConfig) LoadAllowNondistributableArtifacts(registries []str
// LoadMirrors loads mirrors to config, after removing duplicates. // LoadMirrors loads mirrors to config, after removing duplicates.
// Returns an error if mirrors contains an invalid mirror. // Returns an error if mirrors contains an invalid mirror.
func (config *serviceConfig) LoadMirrors(mirrors []string) error { func (config *serviceConfig) LoadMirrors(mirrors []string) error {
@ -628,7 +630,7 @@ index 6bb9258c9b6f..f1945237d235 100644
mMap := map[string]struct{}{} mMap := map[string]struct{}{}
unique := []string{} unique := []string{}
@@ -154,6 +266,10 @@ func (config *serviceConfig) LoadMirrors(mirrors []string) error { @@ -151,6 +265,10 @@ func (config *serviceConfig) LoadMirrors(mirrors []string) error {
// LoadInsecureRegistries loads insecure registries to config // LoadInsecureRegistries loads insecure registries to config
func (config *serviceConfig) LoadInsecureRegistries(registries []string) error { func (config *serviceConfig) LoadInsecureRegistries(registries []string) error {
@ -639,17 +641,17 @@ index 6bb9258c9b6f..f1945237d235 100644
// Localhost is by default considered as an insecure registry // Localhost is by default considered as an insecure registry
// This is a stop-gap for people who are running a private registry on localhost (especially on Boot2docker). // This is a stop-gap for people who are running a private registry on localhost (especially on Boot2docker).
// //
diff --git a/components/engine/registry/config_test.go b/components/engine/registry/config_test.go diff --git a/registry/config_test.go b/registry/config_test.go
index 30a257e32556..78a4fadd733f 100644 index ae8cb23f94b6..7f31b1eb2bf4 100644
--- a/components/engine/registry/config_test.go --- a/registry/config_test.go
+++ b/components/engine/registry/config_test.go +++ b/registry/config_test.go
@@ -6,10 +6,146 @@ import ( @@ -6,10 +6,152 @@ import (
"strings" "strings"
"testing" "testing"
+ registrytypes "github.com/docker/docker/api/types/registry" + registrytypes "github.com/docker/docker/api/types/registry"
"gotest.tools/assert" "gotest.tools/v3/assert"
is "gotest.tools/assert/cmp" is "gotest.tools/v3/assert/cmp"
) )
+func TestLoadValidRegistries(t *testing.T) { +func TestLoadValidRegistries(t *testing.T) {
@ -682,11 +684,14 @@ index 30a257e32556..78a4fadd733f 100644
+ officialMirrors := []string{"https://official.mirror1.com", "https://official.mirror2.com"} + officialMirrors := []string{"https://official.mirror1.com", "https://official.mirror2.com"}
+ +
+ // create serciveConfig + // create serciveConfig
+ config = newServiceConfig( + config, err = newServiceConfig(
+ ServiceOptions{ + ServiceOptions{
+ Mirrors: officialMirrors, + Mirrors: officialMirrors,
+ Registries: []registrytypes.Registry{secReg, insecReg}, + Registries: []registrytypes.Registry{secReg, insecReg},
+ }) + })
+ if err != nil {
+ t.Fatal(err)
+ }
+ +
+ // now test if the config looks as expected + // now test if the config looks as expected
+ getMirrors := func(reg registrytypes.Registry) []string { + getMirrors := func(reg registrytypes.Registry) []string {
@ -760,53 +765,56 @@ index 30a257e32556..78a4fadd733f 100644
+ } + }
+ +
+ // create serciveConfig + // create serciveConfig
+ config = newServiceConfig( + config, err = newServiceConfig(
+ ServiceOptions{ + ServiceOptions{
+ Registries: []registrytypes.Registry{regA, regB}, + Registries: []registrytypes.Registry{regA, regB},
+ }) + })
+ if err != nil {
+ t.Fatal(err)
+ }
+ +
+ // no match -> nil + // no match -> nil
+ reg := config.FindRegistry("foo") + reg := config.FindRegistry("foo")
+ assert.Nil(t, reg) + assert.Assert(t, is.Nil(reg))
+ +
+ // prefix match -> registry + // prefix match -> registry
+ reg = config.FindRegistry("registry-a.com/my-prefix/image:latest") + reg = config.FindRegistry("registry-a.com/my-prefix/image:latest")
+ assert.NotNil(t, reg) + assert.Assert(t, reg != nil)
+ assert.Equal(t, "registry-a.com", reg.URL.Host()) + assert.Equal(t, "registry-a.com", reg.URL.Host())
+ // no prefix match -> nil + // no prefix match -> nil
+ reg = config.FindRegistry("registry-a.com/not-my-prefix/image:42") + reg = config.FindRegistry("registry-a.com/not-my-prefix/image:42")
+ assert.Nil(t, reg) + assert.Assert(t, is.Nil(reg))
+ +
+ // prefix match -> registry + // prefix match -> registry
+ reg = config.FindRegistry("registry-b.com/image:latest") + reg = config.FindRegistry("registry-b.com/image:latest")
+ assert.NotNil(t, reg) + assert.Assert(t, reg != nil)
+ assert.Equal(t, "registry-b.com", reg.URL.Host()) + assert.Equal(t, "registry-b.com", reg.URL.Host())
+ // prefix match -> registry + // prefix match -> registry
+ reg = config.FindRegistry("registry-b.com/also-in-namespaces/image:latest") + reg = config.FindRegistry("registry-b.com/also-in-namespaces/image:latest")
+ assert.NotNil(t, reg) + assert.Assert(t, reg != nil)
+ assert.Equal(t, "registry-b.com", reg.URL.Host()) + assert.Equal(t, "registry-b.com", reg.URL.Host())
+} +}
+ +
func TestLoadAllowNondistributableArtifacts(t *testing.T) { func TestLoadAllowNondistributableArtifacts(t *testing.T) {
testCases := []struct { testCases := []struct {
registries []string registries []string
diff --git a/components/engine/registry/registry_test.go b/components/engine/registry/registry_test.go diff --git a/registry/registry_test.go b/registry/registry_test.go
index b7459471b3f6..1e0d53e7dc21 100644 index 417c9574bc5d..b3a978474ec1 100644
--- a/components/engine/registry/registry_test.go --- a/registry/registry_test.go
+++ b/components/engine/registry/registry_test.go +++ b/registry/registry_test.go
@@ -665,7 +665,32 @@ func TestNewIndexInfo(t *testing.T) { @@ -507,40 +507,119 @@ func TestNewIndexInfo(t *testing.T) {
} }
func TestMirrorEndpointLookup(t *testing.T) { func TestMirrorEndpointLookup(t *testing.T) {
- skip.If(t, os.Getuid() != 0, "skipping test that requires root")
- containsMirror := func(endpoints []APIEndpoint) bool {
+ var ( + var (
+ registries []registrytypes.Registry
+ secReg registrytypes.Registry + secReg registrytypes.Registry
+ config *serviceConfig
+ pushAPIEndpoints []APIEndpoint + pushAPIEndpoints []APIEndpoint
+ pullAPIEndpoints []APIEndpoint + pullAPIEndpoints []APIEndpoint
+ err error + err error
+ ) + )
+
skip.If(t, os.Getuid() != 0, "skipping test that requires root")
+ +
+ // secure with mirrors + // secure with mirrors
+ secReg, err = registrytypes.NewRegistry("https://secure.registry.com/test-prefix/") + secReg, err = registrytypes.NewRegistry("https://secure.registry.com/test-prefix/")
@ -820,19 +828,25 @@ index b7459471b3f6..1e0d53e7dc21 100644
+ if err := secReg.AddMirror(secMirrors[1]); err != nil { + if err := secReg.AddMirror(secMirrors[1]); err != nil {
+ t.Fatal(err) + t.Fatal(err)
+ } + }
+ registries = append(registries, secReg)
+ +
+ // docker.io mirrors to test backwards compatibility + // docker.io mirrors to test backwards compatibility
+ officialMirrors := []string{"https://official.mirror1.com/", "https://official.mirror2.com/"} + officialMirrors := []string{"https://official.mirror1.com/", "https://official.mirror2.com/"}
+ +
containsMirror := func(endpoints []APIEndpoint) bool { + containsMirror := func(needle string, endpoints []APIEndpoint) bool {
for _, pe := range endpoints { for _, pe := range endpoints {
if pe.URL.Host == "my.mirror" { - if pe.URL.Host == "my.mirror" {
@@ -674,31 +699,83 @@ func TestMirrorEndpointLookup(t *testing.T) { + if pe.URL.String() == needle {
return true
}
} }
return false return false
} }
- cfg, err := makeServiceConfig([]string{"https://my.mirror"}, nil) - cfg, err := makeServiceConfig([]string{"https://my.mirror"}, nil)
+ cfg, err := makeServiceConfig(officialMirrors, nil) + cfg, err := newServiceConfig(ServiceOptions{
+ Mirrors: officialMirrors,
+ Registries: registries,
+ })
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
} }
@ -848,20 +862,19 @@ index b7459471b3f6..1e0d53e7dc21 100644
+ } + }
+ if containsMirror(officialMirrors[0], pushAPIEndpoints) { + if containsMirror(officialMirrors[0], pushAPIEndpoints) {
+ t.Fatal("Push endpoint should not contain mirror") + t.Fatal("Push endpoint should not contain mirror")
} + }
- pushAPIEndpoints, err := s.LookupPushEndpoints(reference.Domain(imageName))
+ if containsMirror(officialMirrors[1], pushAPIEndpoints) { + if containsMirror(officialMirrors[1], pushAPIEndpoints) {
+ t.Fatal("Push endpoint should not contain mirror") + t.Fatal("Push endpoint should not contain mirror")
+ } + }
+ +
+ pullAPIEndpoints, err = s.LookupPullEndpoints(officialRef) + pullAPIEndpoints, err = s.LookupPullEndpoints(officialRef)
if err != nil { + if err != nil {
t.Fatal(err) + t.Fatal(err)
} + }
- if containsMirror(pushAPIEndpoints) {
+ if !containsMirror(officialMirrors[0], pullAPIEndpoints) { + if !containsMirror(officialMirrors[0], pullAPIEndpoints) {
+ t.Fatal("Pull endpoint should contain mirror") + t.Fatal("Pull endpoint should contain mirror")
+ } }
- pushAPIEndpoints, err := s.LookupPushEndpoints(reference.Domain(imageName))
+ if !containsMirror(officialMirrors[1], pullAPIEndpoints) { + if !containsMirror(officialMirrors[1], pullAPIEndpoints) {
+ t.Fatal("Pull endpoint should contain mirror") + t.Fatal("Pull endpoint should contain mirror")
+ } + }
@ -869,9 +882,10 @@ index b7459471b3f6..1e0d53e7dc21 100644
+ // prefix lookups + // prefix lookups
+ prefixRef := "secure.registry.com/test-prefix/foo:latest" + prefixRef := "secure.registry.com/test-prefix/foo:latest"
+ pushAPIEndpoints, err = s.LookupPushEndpoints(prefixRef) + pushAPIEndpoints, err = s.LookupPushEndpoints(prefixRef)
+ if err != nil { if err != nil {
+ t.Fatal(err) t.Fatal(err)
+ } }
- if containsMirror(pushAPIEndpoints) {
+ if containsMirror(secMirrors[0], pushAPIEndpoints) { + if containsMirror(secMirrors[0], pushAPIEndpoints) {
+ t.Fatal("Push endpoint should not contain mirror") + t.Fatal("Push endpoint should not contain mirror")
+ } + }
@ -917,11 +931,11 @@ index b7459471b3f6..1e0d53e7dc21 100644
+ } + }
} }
func TestPushRegistryTag(t *testing.T) { func TestSearchRepositories(t *testing.T) {
diff --git a/components/engine/registry/service.go b/components/engine/registry/service.go diff --git a/registry/service.go b/registry/service.go
index 08f5c7a4e12c..ee0c97a8a21b 100644 index 3b08e39da2c2..62556ba1ba70 100644
--- a/components/engine/registry/service.go --- a/registry/service.go
+++ b/components/engine/registry/service.go +++ b/registry/service.go
@@ -8,7 +8,7 @@ import ( @@ -8,7 +8,7 @@ import (
"strings" "strings"
"sync" "sync"
@ -984,7 +998,7 @@ index 08f5c7a4e12c..ee0c97a8a21b 100644
// Auth contacts the public registry with the provided credentials, // Auth contacts the public registry with the provided credentials,
// and returns OK if authentication was successful. // and returns OK if authentication was successful.
// It can be used to verify the validity of a client's credentials. // It can be used to verify the validity of a client's credentials.
@@ -241,7 +255,7 @@ func (s *DefaultService) Search(ctx context.Context, term string, limit int, aut @@ -230,7 +244,7 @@ func (s *DefaultService) Search(ctx context.Context, term string, limit int, aut
// ResolveRepository splits a repository name into its components // ResolveRepository splits a repository name into its components
// and configuration of the associated registry. // and configuration of the associated registry.
@ -993,13 +1007,12 @@ index 08f5c7a4e12c..ee0c97a8a21b 100644
s.mu.Lock() s.mu.Lock()
defer s.mu.Unlock() defer s.mu.Unlock()
return newRepositoryInfo(s.config, name) return newRepositoryInfo(s.config, name)
@@ -280,24 +294,25 @@ func (s *DefaultService) tlsConfigForMirror(mirrorURL *url.URL) (*tls.Config, er @@ -270,22 +284,25 @@ func (s *DefaultService) tlsConfigForMirror(mirrorURL *url.URL) (*tls.Config, er
return s.tlsConfig(mirrorURL.Host) return s.tlsConfig(mirrorURL.Host)
} }
-// LookupPullEndpoints creates a list of endpoints to try to pull from, in order of preference. -// LookupPullEndpoints creates a list of v2 endpoints to try to pull from, in order of preference.
-// It gives preference to v2 endpoints over v1, mirrors over the actual -// It gives preference to mirrors over the actual registry, and HTTPS over plain HTTP.
-// registry, and HTTPS over plain HTTP.
-func (s *DefaultService) LookupPullEndpoints(hostname string) (endpoints []APIEndpoint, err error) { -func (s *DefaultService) LookupPullEndpoints(hostname string) (endpoints []APIEndpoint, err error) {
+// LookupPullEndpoints creates a list of endpoints based on the provided +// LookupPullEndpoints creates a list of endpoints based on the provided
+// reference to try to pull from, in order of preference. It gives preference +// reference to try to pull from, in order of preference. It gives preference
@ -1009,13 +1022,12 @@ index 08f5c7a4e12c..ee0c97a8a21b 100644
s.mu.Lock() s.mu.Lock()
defer s.mu.Unlock() defer s.mu.Unlock()
- return s.lookupEndpoints(hostname) - return s.lookupV2Endpoints(hostname)
+ return s.lookupEndpoints(reference) + return s.lookupV2Endpoints(reference)
} }
-// LookupPushEndpoints creates a list of endpoints to try to push to, in order of preference. -// LookupPushEndpoints creates a list of v2 endpoints to try to push to, in order of preference.
-// It gives preference to v2 endpoints over v1, and HTTPS over plain HTTP. -// It gives preference to HTTPS over plain HTTP. Mirrors are not included.
-// Mirrors are not included.
-func (s *DefaultService) LookupPushEndpoints(hostname string) (endpoints []APIEndpoint, err error) { -func (s *DefaultService) LookupPushEndpoints(hostname string) (endpoints []APIEndpoint, err error) {
+// LookupPushEndpoints creates a list of endpoints based on the provided +// LookupPushEndpoints creates a list of endpoints based on the provided
+// reference to try to push to, in order of preference. It gives preference to +// reference to try to push to, in order of preference. It gives preference to
@ -1024,16 +1036,16 @@ index 08f5c7a4e12c..ee0c97a8a21b 100644
s.mu.Lock() s.mu.Lock()
defer s.mu.Unlock() defer s.mu.Unlock()
- allEndpoints, err := s.lookupEndpoints(hostname) - allEndpoints, err := s.lookupV2Endpoints(hostname)
+ allEndpoints, err := s.lookupEndpoints(reference) + allEndpoints, err := s.lookupV2Endpoints(reference)
if err == nil { if err == nil {
for _, endpoint := range allEndpoints { for _, endpoint := range allEndpoints {
if !endpoint.Mirror { if !endpoint.Mirror {
diff --git a/components/engine/registry/service_v2.go b/components/engine/registry/service_v2.go diff --git a/registry/service_v2.go b/registry/service_v2.go
index 1a4c9e310547..efebb4f41486 100644 index 3e3a5b41ffbd..451a6f874bc1 100644
--- a/components/engine/registry/service_v2.go --- a/registry/service_v2.go
+++ b/components/engine/registry/service_v2.go +++ b/registry/service_v2.go
@@ -1,30 +1,51 @@ @@ -1,39 +1,71 @@
package registry // import "github.com/docker/docker/registry" package registry // import "github.com/docker/docker/registry"
import ( import (
@ -1049,7 +1061,6 @@ index 1a4c9e310547..efebb4f41486 100644
+func (s *DefaultService) lookupV2Endpoints(reference string) (endpoints []APIEndpoint, err error) { +func (s *DefaultService) lookupV2Endpoints(reference string) (endpoints []APIEndpoint, err error) {
tlsConfig := tlsconfig.ServerDefault() tlsConfig := tlsconfig.ServerDefault()
- if hostname == DefaultNamespace || hostname == IndexHostname { - if hostname == DefaultNamespace || hostname == IndexHostname {
- // v2 mirrors
- for _, mirror := range s.config.Mirrors { - for _, mirror := range s.config.Mirrors {
- if !strings.HasPrefix(mirror, "http://") && !strings.HasPrefix(mirror, "https://") { - if !strings.HasPrefix(mirror, "http://") && !strings.HasPrefix(mirror, "https://") {
- mirror = "https://" + mirror - mirror = "https://" + mirror
@ -1094,16 +1105,14 @@ index 1a4c9e310547..efebb4f41486 100644
+ return nil, fmt.Errorf("SUSE PATCH [lookupV2Endpoints]: %s", err) + return nil, fmt.Errorf("SUSE PATCH [lookupV2Endpoints]: %s", err)
} }
endpoints = append(endpoints, APIEndpoint{ endpoints = append(endpoints, APIEndpoint{
- URL: mirrorURL, - URL: mirrorURL,
+ URL: &mURL, + URL: &mURL,
// guess mirrors are v2
Version: APIVersion2, Version: APIVersion2,
Mirror: true, Mirror: true,
@@ -32,11 +53,20 @@ func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp TrimHostname: true,
TLSConfig: mirrorTLSConfig, TLSConfig: mirrorTLSConfig,
}) })
} }
- // v2 registry
+ // add the registry + // add the registry
+ var endpointURL *url.URL + var endpointURL *url.URL
+ if official { + if official {
@ -1123,7 +1132,7 @@ index 1a4c9e310547..efebb4f41486 100644
TrimHostname: true, TrimHostname: true,
TLSConfig: tlsConfig, TLSConfig: tlsConfig,
}) })
@@ -48,7 +78,7 @@ func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp @@ -45,7 +77,7 @@ func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp
tlsConfig, err = s.tlsConfig(hostname) tlsConfig, err = s.tlsConfig(hostname)
if err != nil { if err != nil {
@ -1133,5 +1142,5 @@ index 1a4c9e310547..efebb4f41486 100644
endpoints = []APIEndpoint{ endpoints = []APIEndpoint{
-- --
2.22.0 2.30.0

View File

@ -1,7 +1,8 @@
From a67925f5d977db2b5a1b0162149cbd0de2b20598 Mon Sep 17 00:00:00 2001 From 4d134a69323ba490b1f8976394cdd9fe0c278b3d Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de> From: Aleksa Sarai <asarai@suse.de>
Date: Fri, 29 Jun 2018 17:59:30 +1000 Date: Fri, 29 Jun 2018 17:59:30 +1000
Subject: [PATCH] apparmor: clobber docker-default profile on start Subject: [PATCH 5/5] bsc1073877: apparmor: clobber docker-default profile on
start
In the process of making docker-default reloading far less expensive, In the process of making docker-default reloading far less expensive,
567ef8e7858c ("daemon: switch to 'ensure' workflow for AppArmor 567ef8e7858c ("daemon: switch to 'ensure' workflow for AppArmor
@ -15,23 +16,23 @@ Fixes: 567ef8e7858c ("daemon: switch to 'ensure' workflow for AppArmor profiles"
SUSE-Bugs: bsc#1099277 SUSE-Bugs: bsc#1099277
Signed-off-by: Aleksa Sarai <asarai@suse.de> Signed-off-by: Aleksa Sarai <asarai@suse.de>
--- ---
components/engine/daemon/apparmor_default.go | 14 ++++++++++---- daemon/apparmor_default.go | 14 ++++++++++----
.../engine/daemon/apparmor_default_unsupported.go | 4 ++++ daemon/apparmor_default_unsupported.go | 4 ++++
components/engine/daemon/daemon.go | 5 +++-- daemon/daemon.go | 5 +++--
3 files changed, 17 insertions(+), 6 deletions(-) 3 files changed, 17 insertions(+), 6 deletions(-)
diff --git a/components/engine/daemon/apparmor_default.go b/components/engine/daemon/apparmor_default.go diff --git a/daemon/apparmor_default.go b/daemon/apparmor_default.go
index 461f5c7f96b2..8f21c5c0c566 100644 index 2045412a7966..0c1fd0f0c940 100644
--- a/components/engine/daemon/apparmor_default.go --- a/daemon/apparmor_default.go
+++ b/components/engine/daemon/apparmor_default.go +++ b/daemon/apparmor_default.go
@@ -14,6 +14,15 @@ const ( @@ -15,6 +15,15 @@ const (
defaultApparmorProfile = "docker-default" defaultAppArmorProfile = "docker-default"
) )
+func clobberDefaultAppArmorProfile() error { +func clobberDefaultAppArmorProfile() error {
+ if apparmor.IsEnabled() { + if apparmor.IsEnabled() {
+ if err := aaprofile.InstallDefault(defaultApparmorProfile); err != nil { + if err := aaprofile.InstallDefault(defaultAppArmorProfile); err != nil {
+ return fmt.Errorf("AppArmor enabled on system but the %s profile could not be loaded: %s", defaultApparmorProfile, err) + return fmt.Errorf("AppArmor enabled on system but the %s profile could not be loaded: %s", defaultAppArmorProfile, err)
+ } + }
+ } + }
+ return nil + return nil
@ -39,23 +40,23 @@ index 461f5c7f96b2..8f21c5c0c566 100644
+ +
func ensureDefaultAppArmorProfile() error { func ensureDefaultAppArmorProfile() error {
if apparmor.IsEnabled() { if apparmor.IsEnabled() {
loaded, err := aaprofile.IsLoaded(defaultApparmorProfile) loaded, err := aaprofile.IsLoaded(defaultAppArmorProfile)
@@ -27,10 +36,7 @@ func ensureDefaultAppArmorProfile() error { @@ -28,10 +37,7 @@ func ensureDefaultAppArmorProfile() error {
} }
// Load the profile. // Load the profile.
- if err := aaprofile.InstallDefault(defaultApparmorProfile); err != nil { - if err := aaprofile.InstallDefault(defaultAppArmorProfile); err != nil {
- return fmt.Errorf("AppArmor enabled on system but the %s profile could not be loaded: %s", defaultApparmorProfile, err) - return fmt.Errorf("AppArmor enabled on system but the %s profile could not be loaded: %s", defaultAppArmorProfile, err)
- } - }
+ return clobberDefaultAppArmorProfile() + return clobberDefaultAppArmorProfile()
} }
- -
return nil return nil
} }
diff --git a/components/engine/daemon/apparmor_default_unsupported.go b/components/engine/daemon/apparmor_default_unsupported.go diff --git a/daemon/apparmor_default_unsupported.go b/daemon/apparmor_default_unsupported.go
index 51f9c526b350..97d7758442ee 100644 index 51f9c526b350..97d7758442ee 100644
--- a/components/engine/daemon/apparmor_default_unsupported.go --- a/daemon/apparmor_default_unsupported.go
+++ b/components/engine/daemon/apparmor_default_unsupported.go +++ b/daemon/apparmor_default_unsupported.go
@@ -2,6 +2,10 @@ @@ -2,6 +2,10 @@
package daemon // import "github.com/docker/docker/daemon" package daemon // import "github.com/docker/docker/daemon"
@ -67,11 +68,11 @@ index 51f9c526b350..97d7758442ee 100644
func ensureDefaultAppArmorProfile() error { func ensureDefaultAppArmorProfile() error {
return nil return nil
} }
diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go diff --git a/daemon/daemon.go b/daemon/daemon.go
index f049b0d2a41f..7bd89e76b32f 100644 index 3e86ab5c8721..4a574da030da 100644
--- a/components/engine/daemon/daemon.go --- a/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go +++ b/daemon/daemon.go
@@ -807,8 +807,9 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S @@ -855,8 +855,9 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
logrus.Warnf("Failed to configure golang's threads limit: %v", err) logrus.Warnf("Failed to configure golang's threads limit: %v", err)
} }
@ -84,5 +85,5 @@ index f049b0d2a41f..7bd89e76b32f 100644
} }
-- --
2.22.0 2.30.0

View File

@ -1,12 +1,20 @@
<services> <services>
<service name="tar_scm" mode="disabled"> <service name="tar_scm" mode="disabled">
<param name="url">https://github.com/docker/docker-ce.git</param> <param name="url">https://github.com/docker/docker.git</param>
<param name="scm">git</param> <param name="scm">git</param>
<param name="exclude">.git</param> <param name="exclude">.git</param>
<param name="versionformat">19.03.14_ce_%h</param> <param name="versionformat">20.10.2_ce_%h</param>
<param name="revision">v19.03.14</param> <param name="revision">v20.10.2</param>
<param name="filename">docker</param> <param name="filename">docker</param>
</service> </service>
<service name="tar_scm" mode="disabled">
<param name="url">https://github.com/docker/cli.git</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
<param name="versionformat">20.10.2_ce</param>
<param name="revision">v20.10.2</param>
<param name="filename">docker-cli</param>
</service>
<service name="recompress" mode="disabled"> <service name="recompress" mode="disabled">
<param name="file">docker-*.tar</param> <param name="file">docker-*.tar</param>
<param name="compression">xz</param> <param name="compression">xz</param>

View File

@ -1,230 +0,0 @@
From ea920fbc29225a71c9e07ffeeba00bc71423d839 Mon Sep 17 00:00:00 2001
From: Arko Dasgupta <arko.dasgupta@docker.com>
Date: Mon, 4 May 2020 13:51:42 -0700
Subject: [PATCH] Add docker interfaces to firewalld docker zone
If firewalld is running, create a new docker zone and
add the docker interfaces to the docker zone to allow
container networking for distros with firewalld enabled
Fixes: https://github.com/moby/libnetwork/issues/2496
Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com>
(cherry picked from commit 7a7209221542dc99b316748c97608dfc276c40f6)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---
.../docker/libnetwork/iptables/firewalld.go | 136 ++++++++++++++++--
.../docker/libnetwork/iptables/iptables.go | 13 ++
2 files changed, 139 insertions(+), 10 deletions(-)
diff --git a/components/engine/vendor/github.com/docker/libnetwork/iptables/firewalld.go b/components/engine/vendor/github.com/docker/libnetwork/iptables/firewalld.go
index 8f13c86448..33eb749ab0 100644
--- a/components/engine/vendor/github.com/docker/libnetwork/iptables/firewalld.go
+++ b/components/engine/vendor/github.com/docker/libnetwork/iptables/firewalld.go
@@ -19,20 +19,46 @@ const (
// Ebtables point to bridge table
Ebtables IPV = "eb"
)
+
const (
- dbusInterface = "org.fedoraproject.FirewallD1"
- dbusPath = "/org/fedoraproject/FirewallD1"
+ dbusInterface = "org.fedoraproject.FirewallD1"
+ dbusPath = "/org/fedoraproject/FirewallD1"
+ dbusConfigPath = "/org/fedoraproject/FirewallD1/config"
+ dockerZone = "docker"
)
// Conn is a connection to firewalld dbus endpoint.
type Conn struct {
- sysconn *dbus.Conn
- sysobj dbus.BusObject
- signal chan *dbus.Signal
+ sysconn *dbus.Conn
+ sysObj dbus.BusObject
+ sysConfObj dbus.BusObject
+ signal chan *dbus.Signal
+}
+
+// ZoneSettings holds the firewalld zone settings, documented in
+// https://firewalld.org/documentation/man-pages/firewalld.dbus.html
+type ZoneSettings struct {
+ version string
+ name string
+ description string
+ unused bool
+ target string
+ services []string
+ ports [][]interface{}
+ icmpBlocks []string
+ masquerade bool
+ forwardPorts [][]interface{}
+ interfaces []string
+ sourceAddresses []string
+ richRules []string
+ protocols []string
+ sourcePorts [][]interface{}
+ icmpBlockInversion bool
}
var (
- connection *Conn
+ connection *Conn
+
firewalldRunning bool // is Firewalld service running
onReloaded []*func() // callbacks when Firewalld has been reloaded
)
@@ -51,6 +77,9 @@ func FirewalldInit() error {
}
if connection != nil {
go signalHandler()
+ if err := setupDockerZone(); err != nil {
+ return err
+ }
}
return nil
@@ -76,8 +105,8 @@ func (c *Conn) initConnection() error {
}
// This never fails, even if the service is not running atm.
- c.sysobj = c.sysconn.Object(dbusInterface, dbus.ObjectPath(dbusPath))
-
+ c.sysObj = c.sysconn.Object(dbusInterface, dbus.ObjectPath(dbusPath))
+ c.sysConfObj = c.sysconn.Object(dbusInterface, dbus.ObjectPath(dbusConfigPath))
rule := fmt.Sprintf("type='signal',path='%s',interface='%s',sender='%s',member='Reloaded'",
dbusPath, dbusInterface, dbusInterface)
c.sysconn.BusObject().Call("org.freedesktop.DBus.AddMatch", 0, rule)
@@ -150,7 +179,7 @@ func checkRunning() bool {
var err error
if connection != nil {
- err = connection.sysobj.Call(dbusInterface+".getDefaultZone", 0).Store(&zone)
+ err = connection.sysObj.Call(dbusInterface+".getDefaultZone", 0).Store(&zone)
return err == nil
}
return false
@@ -160,8 +189,95 @@ func checkRunning() bool {
func Passthrough(ipv IPV, args ...string) ([]byte, error) {
var output string
logrus.Debugf("Firewalld passthrough: %s, %s", ipv, args)
- if err := connection.sysobj.Call(dbusInterface+".direct.passthrough", 0, ipv, args).Store(&output); err != nil {
+ if err := connection.sysObj.Call(dbusInterface+".direct.passthrough", 0, ipv, args).Store(&output); err != nil {
return nil, err
}
return []byte(output), nil
}
+
+// getDockerZoneSettings converts the ZoneSettings struct into a interface slice
+func getDockerZoneSettings() map[string]string {
+ return map[string]string{
+ "version": "1.0",
+ "name": dockerZone,
+ "description": "zone for docker bridge network interfaces",
+ "target": "ACCEPT",
+ }
+}
+
+// setupDockerZone creates a zone called docker in firewalld which includes docker interfaces to allow
+// container networking
+func setupDockerZone() error {
+ var zones []string
+ // Check if zone exists
+ if err := connection.sysObj.Call(dbusInterface+".zone.getZones", 0).Store(&zones); err != nil {
+ return err
+ }
+ if contains(zones, dockerZone) {
+ logrus.Infof("Firewalld: %s zone already exists, returning", dockerZone)
+ return nil
+ }
+ logrus.Debugf("Firewalld: creating %s zone", dockerZone)
+
+ settings := getDockerZoneSettings()
+ // Permanent
+ if err := connection.sysConfObj.Call(dbusInterface+".config.addZone", 0, dockerZone, settings).Err; err != nil {
+ return err
+ }
+ // Reload for change to take effect
+ if err := connection.sysObj.Call(dbusInterface+".reload", 0).Err; err != nil {
+ return err
+ }
+
+ return nil
+}
+
+// AddInterfaceFirewalld adds the interface to the trusted zone
+func AddInterfaceFirewalld(intf string) error {
+ var intfs []string
+ // Check if interface is already added to the zone
+ if err := connection.sysObj.Call(dbusInterface+".zone.getInterfaces", 0, dockerZone).Store(&intfs); err != nil {
+ return err
+ }
+ // Return if interface is already part of the zone
+ if contains(intfs, intf) {
+ logrus.Infof("Firewalld: interface %s already part of %s zone, returning", intf, dockerZone)
+ return nil
+ }
+
+ logrus.Debugf("Firewalld: adding %s interface to %s zone", intf, dockerZone)
+ // Runtime
+ if err := connection.sysObj.Call(dbusInterface+".zone.addInterface", 0, dockerZone, intf).Err; err != nil {
+ return err
+ }
+ return nil
+}
+
+// DelInterfaceFirewalld removes the interface from the trusted zone
+func DelInterfaceFirewalld(intf string) error {
+ var intfs []string
+ // Check if interface is part of the zone
+ if err := connection.sysObj.Call(dbusInterface+".zone.getInterfaces", 0, dockerZone).Store(&intfs); err != nil {
+ return err
+ }
+ // Remove interface if it exists
+ if !contains(intfs, intf) {
+ return fmt.Errorf("Firewalld: unable to find interface %s in %s zone", intf, dockerZone)
+ }
+
+ logrus.Debugf("Firewalld: removing %s interface from %s zone", intf, dockerZone)
+ // Runtime
+ if err := connection.sysObj.Call(dbusInterface+".zone.removeInterface", 0, dockerZone, intf).Err; err != nil {
+ return err
+ }
+ return nil
+}
+
+func contains(list []string, val string) bool {
+ for _, v := range list {
+ if v == val {
+ return true
+ }
+ }
+ return false
+}
diff --git a/components/engine/vendor/github.com/docker/libnetwork/iptables/iptables.go b/components/engine/vendor/github.com/docker/libnetwork/iptables/iptables.go
index 5523c4858c..bd262eb86c 100644
--- a/components/engine/vendor/github.com/docker/libnetwork/iptables/iptables.go
+++ b/components/engine/vendor/github.com/docker/libnetwork/iptables/iptables.go
@@ -146,6 +146,19 @@ func ProgramChain(c *ChainInfo, bridgeName string, hairpinMode, enable bool) err
return errors.New("Could not program chain, missing chain name")
}
+ // Either add or remove the interface from the firewalld zone
+ if firewalldRunning {
+ if enable {
+ if err := AddInterfaceFirewalld(bridgeName); err != nil {
+ return err
+ }
+ } else {
+ if err := DelInterfaceFirewalld(bridgeName); err != nil {
+ return err
+ }
+ }
+ }
+
switch c.Table {
case Nat:
preroute := []string{
--
2.29.2

View File

@ -1,40 +0,0 @@
From cb676052272ed4f6f3b901dbc21510fabf742860 Mon Sep 17 00:00:00 2001
From: Goldwyn Rodrigues <rgoldwyn@suse.com>
Date: Mon, 22 Apr 2019 09:08:28 -0500
Subject: [PATCH] apparmor: allow readby and tracedby
Fixes audit errors such as:
type=AVC msg=audit(1550236803.810:143):
apparmor="DENIED" operation="ptrace" profile="docker-default"
pid=3181 comm="ps" requested_mask="readby" denied_mask="readby"
peer="docker-default"
audit(1550236375.918:3): apparmor="DENIED" operation="ptrace"
profile="docker-default" pid=2267 comm="ps"
requested_mask="tracedby" denied_mask="tracedby"
peer="docker-default"
SUSE-Bugs: bsc#1122469
Signed-off-by: Goldwyn Rodrigues <rgoldwyn@suse.com>
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
---
components/engine/profiles/apparmor/template.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/components/engine/profiles/apparmor/template.go b/components/engine/profiles/apparmor/template.go
index 400b3bd50a11..d8db0ee2fb36 100644
--- a/components/engine/profiles/apparmor/template.go
+++ b/components/engine/profiles/apparmor/template.go
@@ -44,7 +44,7 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) {
{{if ge .Version 208095}}
# suppress ptrace denials when using 'docker ps' or using 'ps' inside a container
- ptrace (trace,read) peer={{.Name}},
+ ptrace (trace,read,tracedby,readby) peer={{.Name}},
{{end}}
}
`
--
2.24.0

View File

@ -0,0 +1,59 @@
From 6e2607c6a68ecf1a7378133f22cb7192e2eb9d5b Mon Sep 17 00:00:00 2001
From: Arnaud Rebillout <elboulangero@gmail.com>
Date: Wed, 16 Dec 2020 10:19:43 +0700
Subject: [PATCH] Rename bin/md2man to bin/go-md2man
In the recent PR !2877, some code was added to check if md2man is
already installed in the build environment. This is to cater to the
needs of Linux distributions.
However it turns out that Linux distributions install md2man as
bin/go-md2man instead of bin/md2man, hence the PR !2877 doesn't help
much.
This commit fixes it by settling on using the binary name go-md2man.
For reference, here the file list of the package go-md2man in several
distributions:
- Debian: <https://packages.debian.org/sid/amd64/go-md2man/filelist>
- Ubuntu: <https://packages.ubuntu.com/hirsute/amd64/go-md2man/filelist>
- Fedora: <https://fedora.pkgs.org/31/fedora-x86_64/golang-github-cpuguy83-md2man-2.0.0-0.4.20190624gitf79a8a8.fc31.x86_64.rpm.html>
- ArchLinux: <https://www.archlinux.org/packages/community/x86_64/go-md2man/>
Signed-off-by: Arnaud Rebillout <elboulangero@gmail.com>
---
man/md2man-all.sh | 2 +-
scripts/docs/generate-man.sh | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/man/md2man-all.sh b/man/md2man-all.sh
index eb0bc6366a27..46c7b8f08eae 100755
--- a/man/md2man-all.sh
+++ b/man/md2man-all.sh
@@ -18,5 +18,5 @@ for FILE in *.md; do
continue
fi
mkdir -p "./man${num}"
- md2man -in "$FILE" -out "./man${num}/${name}"
+ go-md2man -in "$FILE" -out "./man${num}/${name}"
done
diff --git a/scripts/docs/generate-man.sh b/scripts/docs/generate-man.sh
index 136ed1e00094..e312c87dd321 100755
--- a/scripts/docs/generate-man.sh
+++ b/scripts/docs/generate-man.sh
@@ -4,9 +4,9 @@ set -eu -o pipefail
mkdir -p ./man/man1
-if ! command -v md2man &> /dev/null; then
+if ! command -v go-md2man &> /dev/null; then
# yay, go install creates a binary named "v2" ¯\_(ツ)_/¯
- go build -o "/go/bin/md2man" ./vendor/github.com/cpuguy83/go-md2man/v2
+ go build -o "/go/bin/go-md2man" ./vendor/github.com/cpuguy83/go-md2man/v2
fi
# Generate man pages from cobra commands
--
2.30.0

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:5bf99fd416c9a282dc97ac3568da541d378ea1c003a5680c07f11f91115d984d
size 10421676

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:8f38527e3b117ca42b0b702a3a8a2a3d73cb629d170730d7d741115e72da8171
size 6463700

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:83f9812b3d0fda73d6645d82577b0e3c7d603c042be6ee80119d0d5a48d73866
size 4432320

View File

@ -1,3 +1,27 @@
-------------------------------------------------------------------
Fri Jan 29 22:55:48 UTC 2021 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 20.10.2-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1181594
- Remove upstreamed patches:
- bsc1122469-0001-apparmor-allow-readby-and-tracedby.patch
- boo1178801-0001-Add-docker-interfaces-to-firewalld-docker-zone.patch
- Add patches to fix build:
+ cli-0001-Rename-bin-md2man-to-bin-go-md2man.patch
- Since upstream has changed their source repo (again) we have to rebase all of
our patches. While doing this, I've collapsed all patches into one branch
per-release and thus all the patches are now just one series:
- packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
+ 0001-PACKAGING-revert-Remove-docker-prefix-for-containerd.patch
- secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
+ 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
- secrets-0002-SUSE-implement-SUSE-container-secrets.patch
+ 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
- private-registry-0001-Add-private-registry-mirror-support.patch
+ 0004-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
- bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
+ 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Jan 29 11:54:53 UTC 2021 - Aleksa Sarai <asarai@suse.com> Fri Jan 29 11:54:53 UTC 2021 - Aleksa Sarai <asarai@suse.com>

View File

@ -1,7 +1,7 @@
# #
# spec file for package docker # spec file for package docker
# #
# Copyright (c) 2020 SUSE LLC # Copyright (c) 2021 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -42,52 +42,55 @@
# helpfully injects into our build environment from the changelog). If you want # helpfully injects into our build environment from the changelog). If you want
# to generate a new git_commit_epoch, use this: # to generate a new git_commit_epoch, use this:
# $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s' # $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s'
%define git_version 5eb3275d4006 %define git_version 8891c58a433a
%define git_commit_epoch 1606849828 %define git_commit_epoch 1608908869
# These are the git commits required. We verify them against the source to make # These are the git commits required. We verify them against the source to make
# sure we didn't miss anything important when doing upgrades. # sure we didn't miss anything important when doing upgrades.
%define required_containerd ea765aba0d05254012b0b9e595e995c09186427f %define required_containerd 269548fa27e0089a8b8278fc4fc781d7f65a939b
%define required_dockerrunc dc9208a3303feef5b3839f4323d9beb36df0a9dd %define required_dockerrunc ff819c7e9184c13b7c2607fe6c30ae19403a7aff
%define required_libnetwork 55e924b8a84231a065879156c0de95aefc5f5435 %define required_libnetwork fa125a3512ee0f6187721c88582bf8c4378bd4d7
Name: %{realname}%{name_suffix} Name: %{realname}%{name_suffix}
Version: 19.03.14_ce Version: 20.10.2_ce
Release: 0 Release: 0
Summary: The Moby-project Linux container runtime Summary: The Moby-project Linux container runtime
License: Apache-2.0 License: Apache-2.0
Group: System/Management Group: System/Management
URL: http://www.docker.io URL: http://www.docker.io
# TODO(VR): check those SOURCE files below
Source: %{realname}-%{version}_%{git_version}.tar.xz Source: %{realname}-%{version}_%{git_version}.tar.xz
Source1: docker.service Source1: %{realname}-cli-%{version}.tar.xz
Source2: docker-rpmlintrc
# TODO: Move these source files to somewhere nicer.
Source100: docker.service
Source101: 80-docker.rules
Source102: sysconfig.docker
Source103: README_SUSE.md
Source104: docker-audit.rules
Source105: tests.sh
Source106: docker-daemon.json
# Kubelet-specific sources.
# bsc#1086185 -- but we only apply this on Kubic. # bsc#1086185 -- but we only apply this on Kubic.
Source2: docker-kubic-service.conf Source900: docker-kubic-service.conf
Source3: 80-docker.rules Source901: kubelet.env
Source4: sysconfig.docker # NOTE: All of these patches are maintained in <https://github.com/suse/docker>
Source5: kubelet.env # in the suse-<version> branch. Make sure you update the patches in that
Source6: docker-rpmlintrc # branch and then git-format-patch the patch here.
Source7: README_SUSE.md
Source8: docker-audit.rules
Source9: tests.sh
Source10: docker-daemon.json
# SUSE-FEATURE: Adds the /run/secrets mountpoint inside all Docker containers # SUSE-FEATURE: Adds the /run/secrets mountpoint inside all Docker containers
# which is not snapshotted when images are committed. Note that if you modify # which is not snapshotted when images are committed. Note that if you modify
# this patch, please also modify the patch in the suse-secrets-v<version> # this patch, please also modify the patch in the suse-secrets-v<version>
# branch in http://github.com/suse/docker.mirror. # branch in <http://github.com/suse/docker>.
Patch200: secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch Patch100: 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
Patch201: secrets-0002-SUSE-implement-SUSE-container-secrets.patch Patch101: 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
# SUSE-ISSUE: Revert of https://github.com/docker/docker/pull/37907.
Patch300: packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
# SUSE-BACKPORT: Backport of https://github.com/docker/docker/pull/37353. bsc#1099277
Patch401: bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
# SUSE-BACKPORT: Backport of https://github.com/docker/docker/pull/39121. bsc#1122469
Patch402: bsc1122469-0001-apparmor-allow-readby-and-tracedby.patch
# SUSE-BACKPORT: Backport of https://github.com/moby/libnetwork/pull/2548. boo#1178801, SLE-16460
Patch403: boo1178801-0001-Add-docker-interfaces-to-firewalld-docker-zone.patch
# SUSE-FEATURE: Add support to mirror inofficial/private registries # SUSE-FEATURE: Add support to mirror inofficial/private registries
# (https://github.com/docker/docker/pull/34319) # <https://github.com/docker/docker/pull/34319>.
Patch500: private-registry-0001-Add-private-registry-mirror-support.patch Patch200: 0004-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
# SUSE-ISSUE: Revert of <https://github.com/docker/docker/pull/37907>.
Patch300: 0001-PACKAGING-revert-Remove-docker-prefix-for-containerd.patch
# SUSE-BACKPORT: Backport of https://github.com/docker/docker/pull/37353. bsc#1073877 bsc#1099277
Patch301: 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
# SUSE-BACKPORT: Backport of https://github.com/docker/cli/pull/2888.
Patch302: cli-0001-Rename-bin-md2man-to-bin-go-md2man.patch
BuildRequires: audit BuildRequires: audit
BuildRequires: bash-completion BuildRequires: bash-completion
BuildRequires: ca-certificates BuildRequires: ca-certificates
@ -273,34 +276,41 @@ docker container runtime configuration for kubeadm
%prep %prep
%setup -q -n %{realname}-%{version}_%{git_version} %setup -q -n %{realname}-%{version}_%{git_version}
%if 0%{?is_opensuse} %if 0%{?is_opensuse}
# nothing # nothing
%else %else
# PATCH-SUSE: Secrets patches. # PATCH-SUSE: Secrets patches.
%patch200 -p1 %patch100 -p1
%patch201 -p1 %patch101 -p1
%endif %endif
# revert upstream
%patch300 -p1
# bsc#1099277
%patch401 -p1
# bsc#1122469
%patch402 -p1
# boo#1178801, SLE-16460
%patch403 -p1
%if "%flavour" == "kubic" %if "%flavour" == "kubic"
# PATCH-SUSE: Mirror patch. # PATCH-SUSE: Mirror patch.
%patch500 -p1 %patch200 -p1
%endif %endif
# packaging
%patch300 -p1
# bsc#1099277
%patch301 -p1
cp %{SOURCE7} . # README_SUSE.md for documentation.
cp %{SOURCE103} .
# Fill the CLI sources in a subdir.
mkdir -p dist-suse/cli
pushd dist-suse/cli/
xz -dc %{SOURCE1} | tar -xof - --strip-components=1
# https://github.com/docker/cli/pull/2888
%patch302 -p1
popd
%build %build
BUILDTAGS="exclude_graphdriver_aufs apparmor selinux seccomp pkcs11" BUILDTAGS="exclude_graphdriver_aufs apparmor selinux seccomp pkcs11"
%if 0%{?sle_version} == 120000 %if 0%{?sle_version} == 120000
# Provided by patch406, to allow us to build with older distros but still # Allow us to build with older distros but still have deferred removal
# have deferred removal support at runtime. We only use this when building # support at runtime. We only use this when building on SLE12, because
# on SLE12. # later openSUSE/SLE versions have a new enough libdevicemapper to not
# require the runtime checking.
BUILDTAGS="libdm_dlsym_deferred_remove $BUILDTAGS" BUILDTAGS="libdm_dlsym_deferred_remove $BUILDTAGS"
%endif %endif
@ -326,14 +336,13 @@ EOF
# Preparing GOPATH so that the client is visible to the compiler # Preparing GOPATH so that the client is visible to the compiler
mkdir -p src/github.com/docker/ mkdir -p src/github.com/docker/
ln -s $(pwd)/components/cli $(pwd)/src/github.com/docker/cli ln -s $(pwd)/dist-suse/cli $(pwd)/src/github.com/docker/cli
export GOPATH=$GOPATH:$(pwd) export GOPATH=$GOPATH:$(pwd)
################### ###################
## DOCKER ENGINE ## ## DOCKER ENGINE ##
################### ###################
pushd components/engine/
# Ignore the warning that we compile outside a Docker container. # Ignore the warning that we compile outside a Docker container.
./hack/make.sh dynbinary ./hack/make.sh dynbinary
@ -343,18 +352,17 @@ pushd components/engine/
for testdir in {integration-cli,integration/*/} for testdir in {integration-cli,integration/*/}
do do
( find "$testdir" -name '*_test.go' | grep -q '.' ) || continue ( find "$testdir" -name '*_test.go' | grep -q '.' ) || continue
GOPATH=$(pwd)/vendor:$(pwd)/.gopath/ go test \ GOPATH=$(pwd)/vendor:$(pwd)/.gopath/ go test -c \
-buildmode=pie \ -o "$testdir/tests.main" -buildmode=pie \
-tags "$DOCKER_BUILDTAGS daemon autogen" \ -tags "$DOCKER_BUILDTAGS daemon" \
-c "github.com/docker/docker/$testdir" -o "$testdir/tests.main" "github.com/docker/docker/$testdir"
done done
popd
################### ###################
## DOCKER CLIENT ## ## DOCKER CLIENT ##
################### ###################
pushd components/cli/ pushd dist-suse/cli/
./scripts/build/dynbinary ./scripts/build/dynbinary
mkdir -p ./man/man1 mkdir -p ./man/man1
@ -373,30 +381,29 @@ popd
# We verify that all of our -git requires are correct, and match the contents # We verify that all of our -git requires are correct, and match the contents
# of the upstream vendoring scripts. This is done on-build to make sure that # of the upstream vendoring scripts. This is done on-build to make sure that
# someone doing an update didn't miss anything. # someone doing an update didn't miss anything.
cd components/engine
grep 'RUNC_COMMIT:=%{required_dockerrunc}' hack/dockerfile/install/runc.installer grep 'RUNC_COMMIT:=%{required_dockerrunc}' hack/dockerfile/install/runc.installer
grep 'CONTAINERD_COMMIT:=%{required_containerd}' hack/dockerfile/install/containerd.installer grep 'CONTAINERD_COMMIT:=%{required_containerd}' hack/dockerfile/install/containerd.installer
grep 'LIBNETWORK_COMMIT:=%{required_libnetwork}' hack/dockerfile/install/proxy.installer grep 'LIBNETWORK_COMMIT:=%{required_libnetwork}' hack/dockerfile/install/proxy.installer
%install %install
install -d %{buildroot}%{_bindir} install -d %{buildroot}%{_bindir}
install -D -m755 components/cli/build/docker %{buildroot}/%{_bindir}/docker install -D -m755 dist-suse/cli/build/docker %{buildroot}/%{_bindir}/docker
install -D -m755 components/engine/bundles/dynbinary-daemon/dockerd %{buildroot}/%{_bindir}/dockerd install -D -m755 bundles/dynbinary-daemon/dockerd %{buildroot}/%{_bindir}/dockerd
install -d %{buildroot}/%{_localstatedir}/lib/docker install -d %{buildroot}/%{_localstatedir}/lib/docker
install -Dd -m 0755 \ install -Dd -m 0755 \
%{buildroot}%{_sysconfdir}/init.d \ %{buildroot}%{_sysconfdir}/init.d \
%{buildroot}%{_sbindir} %{buildroot}%{_sbindir}
install -D -m0644 components/cli/contrib/completion/bash/docker "%{buildroot}%{_datarootdir}/bash-completion/completions/%{realname}" install -D -m0644 dist-suse/cli/contrib/completion/bash/docker "%{buildroot}%{_datarootdir}/bash-completion/completions/%{realname}"
install -D -m0644 components/cli/contrib/completion/zsh/_docker "%{buildroot}%{_sysconfdir}/zsh_completion.d/_%{realname}" install -D -m0644 dist-suse/cli/contrib/completion/zsh/_docker "%{buildroot}%{_sysconfdir}/zsh_completion.d/_%{realname}"
install -D -m0644 components/cli/contrib/completion/fish/docker.fish "%{buildroot}/%{_datadir}/fish/vendor_completions.d/%{realname}.fish" install -D -m0644 dist-suse/cli/contrib/completion/fish/docker.fish "%{buildroot}/%{_datadir}/fish/vendor_completions.d/%{realname}.fish"
# #
# systemd service # systemd service
# #
install -D -m0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{realname}.service install -D -m0644 %{SOURCE100} %{buildroot}%{_unitdir}/%{realname}.service
%if "%flavour" == "kubic" %if "%flavour" == "kubic"
install -D -m0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{realname}.service.d/90-kubic.conf install -D -m0644 %{SOURCE900} %{buildroot}%{_unitdir}/%{realname}.service.d/90-kubic.conf
%endif %endif
ln -sf service %{buildroot}%{_sbindir}/rcdocker ln -sf service %{buildroot}%{_sbindir}/rcdocker
@ -404,30 +411,30 @@ ln -sf service %{buildroot}%{_sbindir}/rcdocker
# udev rules that prevents dolphin to show all docker devices and slows down # udev rules that prevents dolphin to show all docker devices and slows down
# upstream report https://bugs.kde.org/show_bug.cgi?id=329930 # upstream report https://bugs.kde.org/show_bug.cgi?id=329930
# #
install -D -m 0644 %{SOURCE3} %{buildroot}%{_udevrulesdir}/80-%{realname}.rules install -D -m 0644 %{SOURCE101} %{buildroot}%{_udevrulesdir}/80-%{realname}.rules
# audit rules # audit rules
install -D -m 0640 %{SOURCE8} %{buildroot}%{_sysconfdir}/audit/rules.d/%{realname}.rules install -D -m 0640 %{SOURCE104} %{buildroot}%{_sysconfdir}/audit/rules.d/%{realname}.rules
# sysconfig file # sysconfig file
install -D -m 644 %{SOURCE4} %{buildroot}%{_fillupdir}/sysconfig.docker install -D -m 644 %{SOURCE102} %{buildroot}%{_fillupdir}/sysconfig.docker
# install docker config file # install docker config file
install -D -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}/docker/daemon.json install -D -m 644 %{SOURCE106} %{buildroot}%{_sysconfdir}/docker/daemon.json
# install manpages (using the ones from the engine) # install manpages (using the ones from the engine)
install -d %{buildroot}%{_mandir}/man1 install -d %{buildroot}%{_mandir}/man1
install -p -m 644 components/cli/man/man1/*.1 %{buildroot}%{_mandir}/man1 install -p -m 644 dist-suse/cli/man/man1/*.1 %{buildroot}%{_mandir}/man1
install -d %{buildroot}%{_mandir}/man5 install -d %{buildroot}%{_mandir}/man5
install -p -m 644 components/cli/man/man5/Dockerfile.5 %{buildroot}%{_mandir}/man5 install -p -m 644 dist-suse/cli/man/man5/Dockerfile.5 %{buildroot}%{_mandir}/man5
install -d %{buildroot}%{_mandir}/man8 install -d %{buildroot}%{_mandir}/man8
install -p -m 644 components/cli/man/man8/*.8 %{buildroot}%{_mandir}/man8 install -p -m 644 dist-suse/cli/man/man8/*.8 %{buildroot}%{_mandir}/man8
# install docker-test files -- we want to avoid installing the entire source tree. # install docker-test files -- we want to avoid installing the entire source tree.
install -d %{buildroot}%{_prefix}/src/docker/ install -d %{buildroot}%{_prefix}/src/docker/
install -D -m0755 %{SOURCE9} %{buildroot}%{_prefix}/src/docker/tests.sh install -D -m0755 %{SOURCE105} %{buildroot}%{_prefix}/src/docker/tests.sh
# We need hack/, contrib/, profiles/, and the integration*/ trees. # We need hack/, contrib/, profiles/, and the integration*/ trees.
cp -a components/engine/{hack,contrib,profiles,integration{,-cli}} %{buildroot}%{_prefix}/src/docker/ cp -a {hack,contrib,profiles,integration{,-cli}} %{buildroot}%{_prefix}/src/docker/
echo "%{version}" > %{buildroot}%{_prefix}/src/docker/VERSION echo "%{version}" > %{buildroot}%{_prefix}/src/docker/VERSION
# And now we can remove all *_test.go files -- since we already have test # And now we can remove all *_test.go files -- since we already have test
# binaries. Due to a lot of hacks within the Docker integration tests, we can't # binaries. Due to a lot of hacks within the Docker integration tests, we can't
@ -437,8 +444,8 @@ find %{buildroot}%{_prefix}/src/docker \
%if "%flavour" == "kubic" %if "%flavour" == "kubic"
# place kubelet.env in fillupdir (for kubeadm-criconfig) # place kubelet.env in fillupdir (for kubeadm-criconfig)
sed -e 's-@LIBEXECDIR@-%{_libexecdir}-g' -i %{SOURCE5} sed -e 's-@LIBEXECDIR@-%{_libexecdir}-g' -i %{SOURCE901}
install -D -m 0644 %{SOURCE5} %{buildroot}%{_fillupdir}/sysconfig.kubelet install -D -m 0644 %{SOURCE901} %{buildroot}%{_fillupdir}/sysconfig.kubelet
%endif %endif
%fdupes %{buildroot} %fdupes %{buildroot}
@ -485,8 +492,8 @@ grep -q '^dockremap:' /etc/subgid || \
%files %files
%defattr(-,root,root) %defattr(-,root,root)
%doc components/engine/README.md README_SUSE.md CHANGELOG.md %doc README.md README_SUSE.md CHANGELOG.md
%license components/engine/LICENSE %license LICENSE
%{_bindir}/docker %{_bindir}/docker
%{_bindir}/dockerd %{_bindir}/dockerd
%{_sbindir}/rcdocker %{_sbindir}/rcdocker

View File

@ -1,126 +0,0 @@
From 33d18d20a806e2541292acb55338dea2065d2501 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Thu, 29 Nov 2018 20:53:16 +1100
Subject: [PATCH] revert "Remove 'docker-' prefix for containerd and runc
binaries"
This reverts commit 34eede0296bce6a9c335cb429f10728ae3f4252d, as it
would significantly break openSUSE's packaging (as well as causing
conflicts between the very-outdated runc that Docker uses and the more
up-to-date one available for Podman).
Signed-off-by: Aleksa Sarai <asarai@suse.de>
---
components/engine/api/swagger.yaml | 4 ++--
components/engine/builder/builder-next/executor_unix.go | 2 +-
components/engine/daemon/daemon_unix.go | 6 +++---
components/engine/libcontainerd/supervisor/remote_daemon.go | 4 ++--
.../engine/libcontainerd/supervisor/remote_daemon_linux.go | 4 ++--
.../libcontainerd/supervisor/remote_daemon_windows.go | 4 ++--
6 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/components/engine/api/swagger.yaml b/components/engine/api/swagger.yaml
index 6e0bc25b52d6..58f860d22a49 100644
--- a/components/engine/api/swagger.yaml
+++ b/components/engine/api/swagger.yaml
@@ -3980,10 +3980,10 @@ definitions:
$ref: "#/definitions/Runtime"
default:
runc:
- path: "runc"
+ path: "docker-runc"
example:
runc:
- path: "runc"
+ path: "docker-runc"
runc-master:
path: "/go/bin/runc"
custom:
diff --git a/components/engine/builder/builder-next/executor_unix.go b/components/engine/builder/builder-next/executor_unix.go
index 620ffb401de7..dd63779a27d2 100644
--- a/components/engine/builder/builder-next/executor_unix.go
+++ b/components/engine/builder/builder-next/executor_unix.go
@@ -28,7 +28,7 @@ func newExecutor(root, cgroupParent string, net libnetwork.NetworkController, ro
}
return runcexecutor.New(runcexecutor.Opt{
Root: filepath.Join(root, "executor"),
- CommandCandidates: []string{"runc"},
+ CommandCandidates: []string{"docker-runc", "runc"},
DefaultCgroupParent: cgroupParent,
Rootless: rootless,
NoPivot: os.Getenv("DOCKER_RAMDISK") != "",
diff --git a/components/engine/daemon/daemon_unix.go b/components/engine/daemon/daemon_unix.go
index df64de6edf13..fa9bfb528414 100644
--- a/components/engine/daemon/daemon_unix.go
+++ b/components/engine/daemon/daemon_unix.go
@@ -54,11 +54,11 @@ import (
const (
// DefaultShimBinary is the default shim to be used by containerd if none
// is specified
- DefaultShimBinary = "containerd-shim"
+ DefaultShimBinary = "docker-containerd-shim"
// DefaultRuntimeBinary is the default runtime to be used by
// containerd if none is specified
- DefaultRuntimeBinary = "runc"
+ DefaultRuntimeBinary = "docker-runc"
// See https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/tree/kernel/sched/sched.h?id=8cd9234c64c584432f6992fe944ca9e46ca8ea76#n269
linuxMinCPUShares = 2
@@ -77,7 +77,7 @@ const (
// DefaultRuntimeName is the default runtime to be used by
// containerd if none is specified
- DefaultRuntimeName = "runc"
+ DefaultRuntimeName = "docker-runc"
)
type containerGetter interface {
diff --git a/components/engine/libcontainerd/supervisor/remote_daemon.go b/components/engine/libcontainerd/supervisor/remote_daemon.go
index 31b93f11f0b1..5fba7f29eff9 100644
--- a/components/engine/libcontainerd/supervisor/remote_daemon.go
+++ b/components/engine/libcontainerd/supervisor/remote_daemon.go
@@ -27,8 +27,8 @@ const (
shutdownTimeout = 15 * time.Second
startupTimeout = 15 * time.Second
configFile = "containerd.toml"
- binaryName = "containerd"
- pidFile = "containerd.pid"
+ binaryName = "docker-containerd"
+ pidFile = "docker-containerd.pid"
)
type pluginConfigs struct {
diff --git a/components/engine/libcontainerd/supervisor/remote_daemon_linux.go b/components/engine/libcontainerd/supervisor/remote_daemon_linux.go
index 799399c07bc5..1ea91d2b5d0b 100644
--- a/components/engine/libcontainerd/supervisor/remote_daemon_linux.go
+++ b/components/engine/libcontainerd/supervisor/remote_daemon_linux.go
@@ -11,8 +11,8 @@ import (
)
const (
- sockFile = "containerd.sock"
- debugSockFile = "containerd-debug.sock"
+ sockFile = "docker-containerd.sock"
+ debugSockFile = "docker-containerd-debug.sock"
)
func (r *remote) setDefaults() {
diff --git a/components/engine/libcontainerd/supervisor/remote_daemon_windows.go b/components/engine/libcontainerd/supervisor/remote_daemon_windows.go
index 9b254ef58a0a..bcdc9529e0f7 100644
--- a/components/engine/libcontainerd/supervisor/remote_daemon_windows.go
+++ b/components/engine/libcontainerd/supervisor/remote_daemon_windows.go
@@ -7,8 +7,8 @@ import (
)
const (
- grpcPipeName = `\\.\pipe\containerd-containerd`
- debugPipeName = `\\.\pipe\containerd-debug`
+ grpcPipeName = `\\.\pipe\docker-containerd-containerd`
+ debugPipeName = `\\.\pipe\docker-containerd-debug`
)
func (r *remote) setDefaults() {
--
2.22.0