- Update to Docker 20.10.2-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1181594 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=352
This commit is contained in:
parent
1d083259ee
commit
39b2909083
110
0001-PACKAGING-revert-Remove-docker-prefix-for-containerd.patch
Normal file
110
0001-PACKAGING-revert-Remove-docker-prefix-for-containerd.patch
Normal file
@ -0,0 +1,110 @@
|
||||
From 9961826453fee3b52244ba920359b9e2f9ad137c Mon Sep 17 00:00:00 2001
|
||||
From: Aleksa Sarai <asarai@suse.de>
|
||||
Date: Thu, 29 Nov 2018 20:53:16 +1100
|
||||
Subject: [PATCH 1/5] PACKAGING: revert "Remove 'docker-' prefix for containerd
|
||||
and runc binaries"
|
||||
|
||||
This reverts commit 34eede0296bce6a9c335cb429f10728ae3f4252d, as it
|
||||
would significantly break openSUSE's packaging (as well as causing
|
||||
conflicts between the very-outdated runc that Docker uses and the more
|
||||
up-to-date one available for Podman).
|
||||
|
||||
Signed-off-by: Aleksa Sarai <asarai@suse.de>
|
||||
---
|
||||
builder/builder-next/executor_unix.go | 2 +-
|
||||
daemon/daemon_unix.go | 8 ++++++--
|
||||
libcontainerd/supervisor/remote_daemon.go | 4 ++--
|
||||
libcontainerd/supervisor/remote_daemon_linux.go | 4 ++--
|
||||
libcontainerd/supervisor/remote_daemon_windows.go | 4 ++--
|
||||
5 files changed, 13 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/builder/builder-next/executor_unix.go b/builder/builder-next/executor_unix.go
|
||||
index c052ec707fec..d1caf53f5023 100644
|
||||
--- a/builder/builder-next/executor_unix.go
|
||||
+++ b/builder/builder-next/executor_unix.go
|
||||
@@ -32,7 +32,7 @@ func newExecutor(root, cgroupParent string, net libnetwork.NetworkController, dn
|
||||
}
|
||||
return runcexecutor.New(runcexecutor.Opt{
|
||||
Root: filepath.Join(root, "executor"),
|
||||
- CommandCandidates: []string{"runc"},
|
||||
+ CommandCandidates: []string{"docker-runc", "runc"},
|
||||
DefaultCgroupParent: cgroupParent,
|
||||
Rootless: rootless,
|
||||
NoPivot: os.Getenv("DOCKER_RAMDISK") != "",
|
||||
diff --git a/daemon/daemon_unix.go b/daemon/daemon_unix.go
|
||||
index 5fa688dff4c7..f610fdb01d27 100644
|
||||
--- a/daemon/daemon_unix.go
|
||||
+++ b/daemon/daemon_unix.go
|
||||
@@ -58,11 +58,11 @@ const (
|
||||
|
||||
// DefaultShimBinary is the default shim to be used by containerd if none
|
||||
// is specified
|
||||
- DefaultShimBinary = "containerd-shim"
|
||||
+ DefaultShimBinary = "docker-containerd-shim"
|
||||
|
||||
// DefaultRuntimeBinary is the default runtime to be used by
|
||||
// containerd if none is specified
|
||||
- DefaultRuntimeBinary = "runc"
|
||||
+ DefaultRuntimeBinary = "docker-runc"
|
||||
|
||||
// See https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/tree/kernel/sched/sched.h?id=8cd9234c64c584432f6992fe944ca9e46ca8ea76#n269
|
||||
linuxMinCPUShares = 2
|
||||
@@ -78,6 +78,10 @@ const (
|
||||
cgroupFsDriver = "cgroupfs"
|
||||
cgroupSystemdDriver = "systemd"
|
||||
cgroupNoneDriver = "none"
|
||||
+
|
||||
+ // DefaultRuntimeName is the default runtime to be used by
|
||||
+ // containerd if none is specified
|
||||
+ DefaultRuntimeName = "docker-runc"
|
||||
)
|
||||
|
||||
type containerGetter interface {
|
||||
diff --git a/libcontainerd/supervisor/remote_daemon.go b/libcontainerd/supervisor/remote_daemon.go
|
||||
index 3538612246f4..f17868a7e1f8 100644
|
||||
--- a/libcontainerd/supervisor/remote_daemon.go
|
||||
+++ b/libcontainerd/supervisor/remote_daemon.go
|
||||
@@ -27,8 +27,8 @@ const (
|
||||
shutdownTimeout = 15 * time.Second
|
||||
startupTimeout = 15 * time.Second
|
||||
configFile = "containerd.toml"
|
||||
- binaryName = "containerd"
|
||||
- pidFile = "containerd.pid"
|
||||
+ binaryName = "docker-containerd"
|
||||
+ pidFile = "docker-containerd.pid"
|
||||
)
|
||||
|
||||
type pluginConfigs struct {
|
||||
diff --git a/libcontainerd/supervisor/remote_daemon_linux.go b/libcontainerd/supervisor/remote_daemon_linux.go
|
||||
index d229881a62b3..da93fc45371d 100644
|
||||
--- a/libcontainerd/supervisor/remote_daemon_linux.go
|
||||
+++ b/libcontainerd/supervisor/remote_daemon_linux.go
|
||||
@@ -11,8 +11,8 @@ import (
|
||||
)
|
||||
|
||||
const (
|
||||
- sockFile = "containerd.sock"
|
||||
- debugSockFile = "containerd-debug.sock"
|
||||
+ sockFile = "docker-containerd.sock"
|
||||
+ debugSockFile = "docker-containerd-debug.sock"
|
||||
)
|
||||
|
||||
func (r *remote) setDefaults() {
|
||||
diff --git a/libcontainerd/supervisor/remote_daemon_windows.go b/libcontainerd/supervisor/remote_daemon_windows.go
|
||||
index 9b254ef58a0a..bcdc9529e0f7 100644
|
||||
--- a/libcontainerd/supervisor/remote_daemon_windows.go
|
||||
+++ b/libcontainerd/supervisor/remote_daemon_windows.go
|
||||
@@ -7,8 +7,8 @@ import (
|
||||
)
|
||||
|
||||
const (
|
||||
- grpcPipeName = `\\.\pipe\containerd-containerd`
|
||||
- debugPipeName = `\\.\pipe\containerd-debug`
|
||||
+ grpcPipeName = `\\.\pipe\docker-containerd-containerd`
|
||||
+ debugPipeName = `\\.\pipe\docker-containerd-debug`
|
||||
)
|
||||
|
||||
func (r *remote) setDefaults() {
|
||||
--
|
||||
2.30.0
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 47b241f184e61474957c4ffb8a3dcbaa543eadb9 Mon Sep 17 00:00:00 2001
|
||||
From e24062ca12b575bc417fea2f46544ccd18e5f1eb Mon Sep 17 00:00:00 2001
|
||||
From: Aleksa Sarai <asarai@suse.de>
|
||||
Date: Wed, 8 Mar 2017 12:41:54 +1100
|
||||
Subject: [PATCH 1/2] daemon: allow directory creation in /run/secrets
|
||||
Subject: [PATCH 2/5] SECRETS: daemon: allow directory creation in /run/secrets
|
||||
|
||||
Since FileMode can have the directory bit set, allow a SecretStore
|
||||
implementation to return secrets that are actually directories. This is
|
||||
@ -10,13 +10,13 @@ useful for creating directories and subdirectories of secrets.
|
||||
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
|
||||
Signed-off-by: Aleksa Sarai <asarai@suse.de>
|
||||
---
|
||||
.../daemon/container_operations_unix.go | 24 ++++++++++++++++---
|
||||
daemon/container_operations_unix.go | 24 +++++++++++++++++++++---
|
||||
1 file changed, 21 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/components/engine/daemon/container_operations_unix.go b/components/engine/daemon/container_operations_unix.go
|
||||
index 3fcdc1913bed..4920def81a7e 100644
|
||||
--- a/components/engine/daemon/container_operations_unix.go
|
||||
+++ b/components/engine/daemon/container_operations_unix.go
|
||||
diff --git a/daemon/container_operations_unix.go b/daemon/container_operations_unix.go
|
||||
index f4f1bd2c0b6a..f18f522485ee 100644
|
||||
--- a/daemon/container_operations_unix.go
|
||||
+++ b/daemon/container_operations_unix.go
|
||||
@@ -3,6 +3,7 @@
|
||||
package daemon // import "github.com/docker/docker/daemon"
|
||||
|
||||
@ -31,9 +31,9 @@ index 3fcdc1913bed..4920def81a7e 100644
|
||||
"github.com/docker/docker/errdefs"
|
||||
+ "github.com/docker/docker/pkg/archive"
|
||||
"github.com/docker/docker/pkg/idtools"
|
||||
"github.com/docker/docker/pkg/mount"
|
||||
"github.com/docker/docker/pkg/stringid"
|
||||
@@ -206,9 +208,6 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
|
||||
"github.com/docker/docker/pkg/system"
|
||||
@@ -207,9 +209,6 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "unable to get secret from secret store")
|
||||
}
|
||||
@ -43,7 +43,7 @@ index 3fcdc1913bed..4920def81a7e 100644
|
||||
|
||||
uid, err := strconv.Atoi(s.File.UID)
|
||||
if err != nil {
|
||||
@@ -219,6 +218,25 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
|
||||
@@ -220,6 +219,25 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
|
||||
return err
|
||||
}
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 3b3a583ef0704d1a83d172c8a996b1d536e2839b Mon Sep 17 00:00:00 2001
|
||||
From 3469fd3b7da0477ba781d95b02bd698c770916f6 Mon Sep 17 00:00:00 2001
|
||||
From: Aleksa Sarai <asarai@suse.de>
|
||||
Date: Wed, 8 Mar 2017 11:43:29 +1100
|
||||
Subject: [PATCH 2/2] SUSE: implement SUSE container secrets
|
||||
Subject: [PATCH 3/5] SECRETS: SUSE: implement SUSE container secrets
|
||||
|
||||
This allows for us to pass in host credentials to a container, allowing
|
||||
for SUSEConnect to work with containers.
|
||||
@ -13,16 +13,16 @@ MAKES BUILDS NOT ENTIRELY REPRODUCIBLE.
|
||||
SUSE-Bugs: bsc#1065609 bsc#1057743 bsc#1055676 bsc#1030702
|
||||
Signed-off-by: Aleksa Sarai <asarai@suse.de>
|
||||
---
|
||||
components/engine/daemon/start.go | 5 +
|
||||
components/engine/daemon/suse_secrets.go | 406 +++++++++++++++++++++++
|
||||
2 files changed, 411 insertions(+)
|
||||
create mode 100644 components/engine/daemon/suse_secrets.go
|
||||
daemon/start.go | 5 +
|
||||
daemon/suse_secrets.go | 410 +++++++++++++++++++++++++++++++++++++++++
|
||||
2 files changed, 415 insertions(+)
|
||||
create mode 100644 daemon/suse_secrets.go
|
||||
|
||||
diff --git a/components/engine/daemon/start.go b/components/engine/daemon/start.go
|
||||
index 57a7267b7cbb..46c3a603554f 100644
|
||||
--- a/components/engine/daemon/start.go
|
||||
+++ b/components/engine/daemon/start.go
|
||||
@@ -151,6 +151,11 @@ func (daemon *Daemon) containerStart(container *container.Container, checkpoint
|
||||
diff --git a/daemon/start.go b/daemon/start.go
|
||||
index d9bc082b1078..091dae2ae65e 100644
|
||||
--- a/daemon/start.go
|
||||
+++ b/daemon/start.go
|
||||
@@ -150,6 +150,11 @@ func (daemon *Daemon) containerStart(container *container.Container, checkpoint
|
||||
return err
|
||||
}
|
||||
|
||||
@ -34,15 +34,15 @@ index 57a7267b7cbb..46c3a603554f 100644
|
||||
spec, err := daemon.createSpec(container)
|
||||
if err != nil {
|
||||
return errdefs.System(err)
|
||||
diff --git a/components/engine/daemon/suse_secrets.go b/components/engine/daemon/suse_secrets.go
|
||||
diff --git a/daemon/suse_secrets.go b/daemon/suse_secrets.go
|
||||
new file mode 100644
|
||||
index 000000000000..e8de931cb7ca
|
||||
index 000000000000..177efcb22295
|
||||
--- /dev/null
|
||||
+++ b/components/engine/daemon/suse_secrets.go
|
||||
@@ -0,0 +1,406 @@
|
||||
+++ b/daemon/suse_secrets.go
|
||||
@@ -0,0 +1,410 @@
|
||||
+/*
|
||||
+ * suse-secrets: patch for Docker to implement SUSE secrets
|
||||
+ * Copyright (C) 2017 SUSE LLC.
|
||||
+ * Copyright (C) 2017-2021 SUSE LLC.
|
||||
+ *
|
||||
+ * Licensed under the Apache License, Version 2.0 (the "License");
|
||||
+ * you may not use this file except in compliance with the License.
|
||||
@ -68,17 +68,18 @@ index 000000000000..e8de931cb7ca
|
||||
+ "os"
|
||||
+ "path/filepath"
|
||||
+ "strings"
|
||||
+ "syscall"
|
||||
+
|
||||
+ "github.com/docker/docker/container"
|
||||
+ "github.com/docker/docker/pkg/archive"
|
||||
+ "github.com/docker/docker/pkg/idtools"
|
||||
+ "github.com/opencontainers/go-digest"
|
||||
+ "github.com/sirupsen/logrus"
|
||||
+
|
||||
+ swarmtypes "github.com/docker/docker/api/types/swarm"
|
||||
+ swarmexec "github.com/docker/swarmkit/agent/exec"
|
||||
+ swarmapi "github.com/docker/swarmkit/api"
|
||||
+
|
||||
+ "github.com/opencontainers/go-digest"
|
||||
+ "github.com/sirupsen/logrus"
|
||||
+ "golang.org/x/sys/unix"
|
||||
+)
|
||||
+
|
||||
+func init() {
|
||||
@ -148,7 +149,7 @@ index 000000000000..e8de931cb7ca
|
||||
+ // Ignore missing files.
|
||||
+ if os.IsNotExist(err) {
|
||||
+ // If the path itself exists it was a dangling symlink so give a
|
||||
+ // warning about the dangling symlink.
|
||||
+ // warning about the symlink dangling.
|
||||
+ _, err2 := os.Lstat(path)
|
||||
+ if !os.IsNotExist(err2) {
|
||||
+ logrus.Warnf("SUSE:secrets :: ignoring dangling symlink: %s", path)
|
||||
@ -158,7 +159,7 @@ index 000000000000..e8de931cb7ca
|
||||
+ return nil, err
|
||||
+ } else if !fi.IsDir() {
|
||||
+ // Just to be safe.
|
||||
+ logrus.Warnf("SUSE:secrets :: expected %q to be a directory, but was a file", path)
|
||||
+ logrus.Infof("SUSE:secrets :: expected %q to be a directory, but was a file", path)
|
||||
+ return readFile(prefix, dir)
|
||||
+ }
|
||||
+ path, err = filepath.EvalSymlinks(path)
|
||||
@ -269,7 +270,7 @@ index 000000000000..e8de931cb7ca
|
||||
+ // Ignore missing files.
|
||||
+ if os.IsNotExist(err) {
|
||||
+ // If the path itself exists it was a dangling symlink so give a
|
||||
+ // warning about the dangling symlink.
|
||||
+ // warning about the symlink dangling.
|
||||
+ _, err2 := os.Lstat(path)
|
||||
+ if !os.IsNotExist(err2) {
|
||||
+ logrus.Warnf("SUSE:secrets :: ignoring dangling symlink: %s", path)
|
||||
@ -279,13 +280,16 @@ index 000000000000..e8de931cb7ca
|
||||
+ return nil, err
|
||||
+ } else if fi.IsDir() {
|
||||
+ // Just to be safe.
|
||||
+ logrus.Warnf("SUSE:secrets :: expected %q to be a file, but was a directory", path)
|
||||
+ logrus.Infof("SUSE:secrets :: expected %q to be a file, but was a directory", path)
|
||||
+ return readDir(prefix, file)
|
||||
+ }
|
||||
+
|
||||
+ stat, ok := fi.Sys().(*syscall.Stat_t)
|
||||
+ if !ok {
|
||||
+ var uid, gid int
|
||||
+ if stat, ok := fi.Sys().(*unix.Stat_t); ok {
|
||||
+ uid, gid = int(stat.Uid), int(stat.Gid)
|
||||
+ } else {
|
||||
+ logrus.Warnf("SUSE:secrets :: failed to cast file stat_t: defaulting to owned by root:root: %s", path)
|
||||
+ uid, gid = 0, 0
|
||||
+ }
|
||||
+
|
||||
+ bytes, err := ioutil.ReadFile(path)
|
||||
@ -296,8 +300,8 @@ index 000000000000..e8de931cb7ca
|
||||
+ var suseFiles []*SuseFakeFile
|
||||
+ suseFiles = append(suseFiles, &SuseFakeFile{
|
||||
+ Path: file,
|
||||
+ Uid: int(stat.Uid),
|
||||
+ Gid: int(stat.Gid),
|
||||
+ Uid: uid,
|
||||
+ Gid: gid,
|
||||
+ Mode: fi.Mode(),
|
||||
+ Data: bytes,
|
||||
+ })
|
@ -1,11 +1,11 @@
|
||||
From 69d43a9550cdedf86b0d4b29e9d737af90221109 Mon Sep 17 00:00:00 2001
|
||||
From 3e63781e1bf40affdb884ddd83b82fc51c54d88a Mon Sep 17 00:00:00 2001
|
||||
From: Valentin Rothberg <vrothberg@suse.com>
|
||||
Date: Mon, 2 Jul 2018 13:37:34 +0200
|
||||
Subject: [PATCH] Add private-registry mirror support
|
||||
Subject: [PATCH 4/5] PRIVATE-REGISTRY: add private-registry mirror support
|
||||
|
||||
NOTE: This is a backport/downstream patch of the upstream pull-request
|
||||
for Moby, which is still subject to changes. Please visit
|
||||
https://github.com/moby/moby/pull/34319 for the current status.
|
||||
<https://github.com/moby/moby/pull/34319> for the current status.
|
||||
|
||||
Add support for mirroring private registries. The daemon.json config
|
||||
can now be configured as exemplified below:
|
||||
@ -65,24 +65,24 @@ Signed-off-by: Flavio Castelli <fcastelli@suse.com>
|
||||
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
|
||||
Signed-off-by: Aleksa Sarai <asarai@suse.de>
|
||||
---
|
||||
.../engine/api/types/registry/registry.go | 144 ++++++++++++++++++
|
||||
components/engine/daemon/config/config.go | 4 +
|
||||
components/engine/daemon/reload.go | 33 ++++
|
||||
components/engine/daemon/reload_test.go | 95 ++++++++++++
|
||||
components/engine/distribution/pull.go | 2 +-
|
||||
components/engine/distribution/pull_v2.go | 2 +-
|
||||
components/engine/distribution/push.go | 2 +-
|
||||
components/engine/registry/config.go | 124 ++++++++++++++-
|
||||
components/engine/registry/config_test.go | 136 +++++++++++++++++
|
||||
components/engine/registry/registry_test.go | 91 ++++++++++-
|
||||
components/engine/registry/service.go | 45 ++++--
|
||||
components/engine/registry/service_v2.go | 66 +++++---
|
||||
12 files changed, 697 insertions(+), 47 deletions(-)
|
||||
api/types/registry/registry.go | 144 +++++++++++++++++++++++++++++++++
|
||||
daemon/config/config.go | 4 +
|
||||
daemon/reload.go | 33 ++++++++
|
||||
daemon/reload_test.go | 95 ++++++++++++++++++++++
|
||||
distribution/pull.go | 2 +-
|
||||
distribution/pull_v2.go | 2 +-
|
||||
distribution/push.go | 2 +-
|
||||
registry/config.go | 126 ++++++++++++++++++++++++++++-
|
||||
registry/config_test.go | 142 ++++++++++++++++++++++++++++++++
|
||||
registry/registry_test.go | 99 ++++++++++++++++++++---
|
||||
registry/service.go | 43 +++++++---
|
||||
registry/service_v2.go | 64 +++++++++++----
|
||||
12 files changed, 710 insertions(+), 46 deletions(-)
|
||||
|
||||
diff --git a/components/engine/api/types/registry/registry.go b/components/engine/api/types/registry/registry.go
|
||||
index 8789ad3b3210..c663fec7d881 100644
|
||||
--- a/components/engine/api/types/registry/registry.go
|
||||
+++ b/components/engine/api/types/registry/registry.go
|
||||
diff --git a/api/types/registry/registry.go b/api/types/registry/registry.go
|
||||
index 53e47084c8d5..b4bb9ef805d3 100644
|
||||
--- a/api/types/registry/registry.go
|
||||
+++ b/api/types/registry/registry.go
|
||||
@@ -2,7 +2,10 @@ package registry // import "github.com/docker/docker/api/types/registry"
|
||||
|
||||
import (
|
||||
@ -92,7 +92,7 @@ index 8789ad3b3210..c663fec7d881 100644
|
||||
+ "net/url"
|
||||
+ "strings"
|
||||
|
||||
"github.com/opencontainers/image-spec/specs-go/v1"
|
||||
v1 "github.com/opencontainers/image-spec/specs-go/v1"
|
||||
)
|
||||
@@ -14,6 +17,147 @@ type ServiceConfig struct {
|
||||
InsecureRegistryCIDRs []*NetIPNet `json:"InsecureRegistryCIDRs"`
|
||||
@ -242,11 +242,11 @@ index 8789ad3b3210..c663fec7d881 100644
|
||||
}
|
||||
|
||||
// NetIPNet is the net.IPNet type, which can be marshalled and
|
||||
diff --git a/components/engine/daemon/config/config.go b/components/engine/daemon/config/config.go
|
||||
index 80ecbbd9550d..8ce69714d9bf 100644
|
||||
--- a/components/engine/daemon/config/config.go
|
||||
+++ b/components/engine/daemon/config/config.go
|
||||
@@ -467,6 +467,10 @@ func findConfigurationConflicts(config map[string]interface{}, flags *pflag.Flag
|
||||
diff --git a/daemon/config/config.go b/daemon/config/config.go
|
||||
index 4990727597c9..f3a53c692d73 100644
|
||||
--- a/daemon/config/config.go
|
||||
+++ b/daemon/config/config.go
|
||||
@@ -482,6 +482,10 @@ func findConfigurationConflicts(config map[string]interface{}, flags *pflag.Flag
|
||||
// 1. Search keys from the file that we don't recognize as flags.
|
||||
unknownKeys := make(map[string]interface{})
|
||||
for key, value := range config {
|
||||
@ -257,11 +257,11 @@ index 80ecbbd9550d..8ce69714d9bf 100644
|
||||
if flag := flags.Lookup(key); flag == nil && !skipValidateOptions[key] {
|
||||
unknownKeys[key] = value
|
||||
}
|
||||
diff --git a/components/engine/daemon/reload.go b/components/engine/daemon/reload.go
|
||||
index a31dd0cb87c1..99cc4a65a79d 100644
|
||||
--- a/components/engine/daemon/reload.go
|
||||
+++ b/components/engine/daemon/reload.go
|
||||
@@ -21,8 +21,14 @@ import (
|
||||
diff --git a/daemon/reload.go b/daemon/reload.go
|
||||
index 72379c054ef6..1e4afe9b3b03 100644
|
||||
--- a/daemon/reload.go
|
||||
+++ b/daemon/reload.go
|
||||
@@ -22,8 +22,14 @@ import (
|
||||
// - Daemon labels
|
||||
// - Insecure registries
|
||||
// - Registry mirrors
|
||||
@ -276,7 +276,7 @@ index a31dd0cb87c1..99cc4a65a79d 100644
|
||||
daemon.configStore.Lock()
|
||||
attributes := map[string]string{}
|
||||
|
||||
@@ -65,6 +71,9 @@ func (daemon *Daemon) Reload(conf *config.Config) (err error) {
|
||||
@@ -69,6 +75,9 @@ func (daemon *Daemon) Reload(conf *config.Config) (err error) {
|
||||
if err := daemon.reloadLiveRestore(conf, attributes); err != nil {
|
||||
return err
|
||||
}
|
||||
@ -286,7 +286,7 @@ index a31dd0cb87c1..99cc4a65a79d 100644
|
||||
return daemon.reloadNetworkDiagnosticPort(conf, attributes)
|
||||
}
|
||||
|
||||
@@ -295,6 +304,30 @@ func (daemon *Daemon) reloadRegistryMirrors(conf *config.Config, attributes map[
|
||||
@@ -320,6 +329,30 @@ func (daemon *Daemon) reloadRegistryMirrors(conf *config.Config, attributes map[
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -317,10 +317,10 @@ index a31dd0cb87c1..99cc4a65a79d 100644
|
||||
// reloadLiveRestore updates configuration with live restore option
|
||||
// and updates the passed attributes
|
||||
func (daemon *Daemon) reloadLiveRestore(conf *config.Config, attributes map[string]string) error {
|
||||
diff --git a/components/engine/daemon/reload_test.go b/components/engine/daemon/reload_test.go
|
||||
index ffad297f71b7..21733c3f1e33 100644
|
||||
--- a/components/engine/daemon/reload_test.go
|
||||
+++ b/components/engine/daemon/reload_test.go
|
||||
diff --git a/daemon/reload_test.go b/daemon/reload_test.go
|
||||
index 4a8466616dee..46664f4b1eda 100644
|
||||
--- a/daemon/reload_test.go
|
||||
+++ b/daemon/reload_test.go
|
||||
@@ -7,6 +7,7 @@ import (
|
||||
"testing"
|
||||
"time"
|
||||
@ -329,7 +329,7 @@ index ffad297f71b7..21733c3f1e33 100644
|
||||
"github.com/docker/docker/daemon/config"
|
||||
"github.com/docker/docker/daemon/images"
|
||||
"github.com/docker/docker/pkg/discovery"
|
||||
@@ -201,6 +202,100 @@ func TestDaemonReloadMirrors(t *testing.T) {
|
||||
@@ -211,6 +212,100 @@ func TestDaemonReloadMirrors(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
@ -430,11 +430,11 @@ index ffad297f71b7..21733c3f1e33 100644
|
||||
func TestDaemonReloadInsecureRegistries(t *testing.T) {
|
||||
daemon := &Daemon{
|
||||
imageService: images.NewImageService(images.ImageServiceConfig{}),
|
||||
diff --git a/components/engine/distribution/pull.go b/components/engine/distribution/pull.go
|
||||
index be366ce4a99b..49e0d0352778 100644
|
||||
--- a/components/engine/distribution/pull.go
|
||||
+++ b/components/engine/distribution/pull.go
|
||||
@@ -58,7 +58,7 @@ func Pull(ctx context.Context, ref reference.Named, imagePullConfig *ImagePullCo
|
||||
diff --git a/distribution/pull.go b/distribution/pull.go
|
||||
index c8ddd4c5cfcd..b17e9d25d6c2 100644
|
||||
--- a/distribution/pull.go
|
||||
+++ b/distribution/pull.go
|
||||
@@ -61,7 +61,7 @@ func Pull(ctx context.Context, ref reference.Named, imagePullConfig *ImagePullCo
|
||||
return err
|
||||
}
|
||||
|
||||
@ -443,11 +443,11 @@ index be366ce4a99b..49e0d0352778 100644
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
diff --git a/components/engine/distribution/pull_v2.go b/components/engine/distribution/pull_v2.go
|
||||
index dd91ff2157b1..2640f6134e5d 100644
|
||||
--- a/components/engine/distribution/pull_v2.go
|
||||
+++ b/components/engine/distribution/pull_v2.go
|
||||
@@ -379,7 +379,7 @@ func (p *v2Puller) pullV2Tag(ctx context.Context, ref reference.Named, platform
|
||||
diff --git a/distribution/pull_v2.go b/distribution/pull_v2.go
|
||||
index 12497ea890e7..926e02f851fd 100644
|
||||
--- a/distribution/pull_v2.go
|
||||
+++ b/distribution/pull_v2.go
|
||||
@@ -431,7 +431,7 @@ func (p *v2Puller) pullV2Tag(ctx context.Context, ref reference.Named, platform
|
||||
// the other side speaks the v2 protocol.
|
||||
p.confirmedV2 = true
|
||||
|
||||
@ -456,10 +456,10 @@ index dd91ff2157b1..2640f6134e5d 100644
|
||||
progress.Message(p.config.ProgressOutput, tagOrDigest, "Pulling from "+reference.FamiliarName(p.repo.Named()))
|
||||
|
||||
var (
|
||||
diff --git a/components/engine/distribution/push.go b/components/engine/distribution/push.go
|
||||
diff --git a/distribution/push.go b/distribution/push.go
|
||||
index 5617a4c95f49..0a24aebed968 100644
|
||||
--- a/components/engine/distribution/push.go
|
||||
+++ b/components/engine/distribution/push.go
|
||||
--- a/distribution/push.go
|
||||
+++ b/distribution/push.go
|
||||
@@ -58,7 +58,7 @@ func Push(ctx context.Context, ref reference.Named, imagePushConfig *ImagePushCo
|
||||
return err
|
||||
}
|
||||
@ -469,10 +469,10 @@ index 5617a4c95f49..0a24aebed968 100644
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
diff --git a/components/engine/registry/config.go b/components/engine/registry/config.go
|
||||
index 6bb9258c9b6f..f1945237d235 100644
|
||||
--- a/components/engine/registry/config.go
|
||||
+++ b/components/engine/registry/config.go
|
||||
diff --git a/registry/config.go b/registry/config.go
|
||||
index 54b83fa40aab..e1ba24b83bdd 100644
|
||||
--- a/registry/config.go
|
||||
+++ b/registry/config.go
|
||||
@@ -14,11 +14,12 @@ import (
|
||||
"github.com/sirupsen/logrus"
|
||||
)
|
||||
@ -490,9 +490,9 @@ index 6bb9258c9b6f..f1945237d235 100644
|
||||
}
|
||||
|
||||
// serviceConfig holds daemon configuration for the registry service.
|
||||
@@ -62,8 +63,21 @@ var (
|
||||
// for mocking in unit tests
|
||||
var lookupIP = net.LookupIP
|
||||
@@ -59,8 +60,21 @@ var (
|
||||
lookupIP = net.LookupIP
|
||||
)
|
||||
|
||||
+// CompatCheck performs some compatibility checks among the config options and
|
||||
+// returns an error in case of conflicts.
|
||||
@ -512,7 +512,7 @@ index 6bb9258c9b6f..f1945237d235 100644
|
||||
config := &serviceConfig{
|
||||
ServiceConfig: registrytypes.ServiceConfig{
|
||||
InsecureRegistryCIDRs: make([]*registrytypes.NetIPNet, 0),
|
||||
@@ -81,10 +95,104 @@ func newServiceConfig(options ServiceOptions) (*serviceConfig, error) {
|
||||
@@ -78,10 +92,106 @@ func newServiceConfig(options ServiceOptions) (*serviceConfig, error) {
|
||||
if err := config.LoadInsecureRegistries(options.InsecureRegistries); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -546,7 +546,9 @@ index 6bb9258c9b6f..f1945237d235 100644
|
||||
+ inUse[mirror.URL.Host()] = reg.URL.Host()
|
||||
+ // also warnf if seucurity levels differ
|
||||
+ if reg.URL.IsSecure() != mirror.URL.IsSecure() {
|
||||
+ logrus.Warnf("registry '%s' and mirror '%s' have different security levels", reg.URL.URL(), mirror.URL.URL())
|
||||
+ regURL := reg.URL.URL()
|
||||
+ mirrorURL := mirror.URL.URL()
|
||||
+ logrus.Warnf("registry '%s' and mirror '%s' have different security levels", ®URL, &mirrorURL)
|
||||
+ }
|
||||
+ }
|
||||
+ if reg.URL.IsSecure() && len(reg.Mirrors) == 0 {
|
||||
@ -617,7 +619,7 @@ index 6bb9258c9b6f..f1945237d235 100644
|
||||
// LoadAllowNondistributableArtifacts loads allow-nondistributable-artifacts registries into config.
|
||||
func (config *serviceConfig) LoadAllowNondistributableArtifacts(registries []string) error {
|
||||
cidrs := map[string]*registrytypes.NetIPNet{}
|
||||
@@ -125,6 +233,10 @@ func (config *serviceConfig) LoadAllowNondistributableArtifacts(registries []str
|
||||
@@ -122,6 +232,10 @@ func (config *serviceConfig) LoadAllowNondistributableArtifacts(registries []str
|
||||
// LoadMirrors loads mirrors to config, after removing duplicates.
|
||||
// Returns an error if mirrors contains an invalid mirror.
|
||||
func (config *serviceConfig) LoadMirrors(mirrors []string) error {
|
||||
@ -628,7 +630,7 @@ index 6bb9258c9b6f..f1945237d235 100644
|
||||
mMap := map[string]struct{}{}
|
||||
unique := []string{}
|
||||
|
||||
@@ -154,6 +266,10 @@ func (config *serviceConfig) LoadMirrors(mirrors []string) error {
|
||||
@@ -151,6 +265,10 @@ func (config *serviceConfig) LoadMirrors(mirrors []string) error {
|
||||
|
||||
// LoadInsecureRegistries loads insecure registries to config
|
||||
func (config *serviceConfig) LoadInsecureRegistries(registries []string) error {
|
||||
@ -639,17 +641,17 @@ index 6bb9258c9b6f..f1945237d235 100644
|
||||
// Localhost is by default considered as an insecure registry
|
||||
// This is a stop-gap for people who are running a private registry on localhost (especially on Boot2docker).
|
||||
//
|
||||
diff --git a/components/engine/registry/config_test.go b/components/engine/registry/config_test.go
|
||||
index 30a257e32556..78a4fadd733f 100644
|
||||
--- a/components/engine/registry/config_test.go
|
||||
+++ b/components/engine/registry/config_test.go
|
||||
@@ -6,10 +6,146 @@ import (
|
||||
diff --git a/registry/config_test.go b/registry/config_test.go
|
||||
index ae8cb23f94b6..7f31b1eb2bf4 100644
|
||||
--- a/registry/config_test.go
|
||||
+++ b/registry/config_test.go
|
||||
@@ -6,10 +6,152 @@ import (
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
+ registrytypes "github.com/docker/docker/api/types/registry"
|
||||
"gotest.tools/assert"
|
||||
is "gotest.tools/assert/cmp"
|
||||
"gotest.tools/v3/assert"
|
||||
is "gotest.tools/v3/assert/cmp"
|
||||
)
|
||||
|
||||
+func TestLoadValidRegistries(t *testing.T) {
|
||||
@ -682,11 +684,14 @@ index 30a257e32556..78a4fadd733f 100644
|
||||
+ officialMirrors := []string{"https://official.mirror1.com", "https://official.mirror2.com"}
|
||||
+
|
||||
+ // create serciveConfig
|
||||
+ config = newServiceConfig(
|
||||
+ config, err = newServiceConfig(
|
||||
+ ServiceOptions{
|
||||
+ Mirrors: officialMirrors,
|
||||
+ Registries: []registrytypes.Registry{secReg, insecReg},
|
||||
+ })
|
||||
+ if err != nil {
|
||||
+ t.Fatal(err)
|
||||
+ }
|
||||
+
|
||||
+ // now test if the config looks as expected
|
||||
+ getMirrors := func(reg registrytypes.Registry) []string {
|
||||
@ -760,53 +765,56 @@ index 30a257e32556..78a4fadd733f 100644
|
||||
+ }
|
||||
+
|
||||
+ // create serciveConfig
|
||||
+ config = newServiceConfig(
|
||||
+ config, err = newServiceConfig(
|
||||
+ ServiceOptions{
|
||||
+ Registries: []registrytypes.Registry{regA, regB},
|
||||
+ })
|
||||
+ if err != nil {
|
||||
+ t.Fatal(err)
|
||||
+ }
|
||||
+
|
||||
+ // no match -> nil
|
||||
+ reg := config.FindRegistry("foo")
|
||||
+ assert.Nil(t, reg)
|
||||
+ assert.Assert(t, is.Nil(reg))
|
||||
+
|
||||
+ // prefix match -> registry
|
||||
+ reg = config.FindRegistry("registry-a.com/my-prefix/image:latest")
|
||||
+ assert.NotNil(t, reg)
|
||||
+ assert.Assert(t, reg != nil)
|
||||
+ assert.Equal(t, "registry-a.com", reg.URL.Host())
|
||||
+ // no prefix match -> nil
|
||||
+ reg = config.FindRegistry("registry-a.com/not-my-prefix/image:42")
|
||||
+ assert.Nil(t, reg)
|
||||
+ assert.Assert(t, is.Nil(reg))
|
||||
+
|
||||
+ // prefix match -> registry
|
||||
+ reg = config.FindRegistry("registry-b.com/image:latest")
|
||||
+ assert.NotNil(t, reg)
|
||||
+ assert.Assert(t, reg != nil)
|
||||
+ assert.Equal(t, "registry-b.com", reg.URL.Host())
|
||||
+ // prefix match -> registry
|
||||
+ reg = config.FindRegistry("registry-b.com/also-in-namespaces/image:latest")
|
||||
+ assert.NotNil(t, reg)
|
||||
+ assert.Assert(t, reg != nil)
|
||||
+ assert.Equal(t, "registry-b.com", reg.URL.Host())
|
||||
+}
|
||||
+
|
||||
func TestLoadAllowNondistributableArtifacts(t *testing.T) {
|
||||
testCases := []struct {
|
||||
registries []string
|
||||
diff --git a/components/engine/registry/registry_test.go b/components/engine/registry/registry_test.go
|
||||
index b7459471b3f6..1e0d53e7dc21 100644
|
||||
--- a/components/engine/registry/registry_test.go
|
||||
+++ b/components/engine/registry/registry_test.go
|
||||
@@ -665,7 +665,32 @@ func TestNewIndexInfo(t *testing.T) {
|
||||
diff --git a/registry/registry_test.go b/registry/registry_test.go
|
||||
index 417c9574bc5d..b3a978474ec1 100644
|
||||
--- a/registry/registry_test.go
|
||||
+++ b/registry/registry_test.go
|
||||
@@ -507,40 +507,119 @@ func TestNewIndexInfo(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestMirrorEndpointLookup(t *testing.T) {
|
||||
- skip.If(t, os.Getuid() != 0, "skipping test that requires root")
|
||||
- containsMirror := func(endpoints []APIEndpoint) bool {
|
||||
+ var (
|
||||
+ registries []registrytypes.Registry
|
||||
+ secReg registrytypes.Registry
|
||||
+ config *serviceConfig
|
||||
+ pushAPIEndpoints []APIEndpoint
|
||||
+ pullAPIEndpoints []APIEndpoint
|
||||
+ err error
|
||||
+ )
|
||||
+
|
||||
skip.If(t, os.Getuid() != 0, "skipping test that requires root")
|
||||
+
|
||||
+ // secure with mirrors
|
||||
+ secReg, err = registrytypes.NewRegistry("https://secure.registry.com/test-prefix/")
|
||||
@ -820,19 +828,25 @@ index b7459471b3f6..1e0d53e7dc21 100644
|
||||
+ if err := secReg.AddMirror(secMirrors[1]); err != nil {
|
||||
+ t.Fatal(err)
|
||||
+ }
|
||||
+ registries = append(registries, secReg)
|
||||
+
|
||||
+ // docker.io mirrors to test backwards compatibility
|
||||
+ officialMirrors := []string{"https://official.mirror1.com/", "https://official.mirror2.com/"}
|
||||
+
|
||||
containsMirror := func(endpoints []APIEndpoint) bool {
|
||||
+ containsMirror := func(needle string, endpoints []APIEndpoint) bool {
|
||||
for _, pe := range endpoints {
|
||||
if pe.URL.Host == "my.mirror" {
|
||||
@@ -674,31 +699,83 @@ func TestMirrorEndpointLookup(t *testing.T) {
|
||||
- if pe.URL.Host == "my.mirror" {
|
||||
+ if pe.URL.String() == needle {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
- cfg, err := makeServiceConfig([]string{"https://my.mirror"}, nil)
|
||||
+ cfg, err := makeServiceConfig(officialMirrors, nil)
|
||||
+ cfg, err := newServiceConfig(ServiceOptions{
|
||||
+ Mirrors: officialMirrors,
|
||||
+ Registries: registries,
|
||||
+ })
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
@ -848,20 +862,19 @@ index b7459471b3f6..1e0d53e7dc21 100644
|
||||
+ }
|
||||
+ if containsMirror(officialMirrors[0], pushAPIEndpoints) {
|
||||
+ t.Fatal("Push endpoint should not contain mirror")
|
||||
}
|
||||
- pushAPIEndpoints, err := s.LookupPushEndpoints(reference.Domain(imageName))
|
||||
+ }
|
||||
+ if containsMirror(officialMirrors[1], pushAPIEndpoints) {
|
||||
+ t.Fatal("Push endpoint should not contain mirror")
|
||||
+ }
|
||||
+
|
||||
+ pullAPIEndpoints, err = s.LookupPullEndpoints(officialRef)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
- if containsMirror(pushAPIEndpoints) {
|
||||
+ if err != nil {
|
||||
+ t.Fatal(err)
|
||||
+ }
|
||||
+ if !containsMirror(officialMirrors[0], pullAPIEndpoints) {
|
||||
+ t.Fatal("Pull endpoint should contain mirror")
|
||||
+ }
|
||||
}
|
||||
- pushAPIEndpoints, err := s.LookupPushEndpoints(reference.Domain(imageName))
|
||||
+ if !containsMirror(officialMirrors[1], pullAPIEndpoints) {
|
||||
+ t.Fatal("Pull endpoint should contain mirror")
|
||||
+ }
|
||||
@ -869,9 +882,10 @@ index b7459471b3f6..1e0d53e7dc21 100644
|
||||
+ // prefix lookups
|
||||
+ prefixRef := "secure.registry.com/test-prefix/foo:latest"
|
||||
+ pushAPIEndpoints, err = s.LookupPushEndpoints(prefixRef)
|
||||
+ if err != nil {
|
||||
+ t.Fatal(err)
|
||||
+ }
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
- if containsMirror(pushAPIEndpoints) {
|
||||
+ if containsMirror(secMirrors[0], pushAPIEndpoints) {
|
||||
+ t.Fatal("Push endpoint should not contain mirror")
|
||||
+ }
|
||||
@ -917,11 +931,11 @@ index b7459471b3f6..1e0d53e7dc21 100644
|
||||
+ }
|
||||
}
|
||||
|
||||
func TestPushRegistryTag(t *testing.T) {
|
||||
diff --git a/components/engine/registry/service.go b/components/engine/registry/service.go
|
||||
index 08f5c7a4e12c..ee0c97a8a21b 100644
|
||||
--- a/components/engine/registry/service.go
|
||||
+++ b/components/engine/registry/service.go
|
||||
func TestSearchRepositories(t *testing.T) {
|
||||
diff --git a/registry/service.go b/registry/service.go
|
||||
index 3b08e39da2c2..62556ba1ba70 100644
|
||||
--- a/registry/service.go
|
||||
+++ b/registry/service.go
|
||||
@@ -8,7 +8,7 @@ import (
|
||||
"strings"
|
||||
"sync"
|
||||
@ -984,7 +998,7 @@ index 08f5c7a4e12c..ee0c97a8a21b 100644
|
||||
// Auth contacts the public registry with the provided credentials,
|
||||
// and returns OK if authentication was successful.
|
||||
// It can be used to verify the validity of a client's credentials.
|
||||
@@ -241,7 +255,7 @@ func (s *DefaultService) Search(ctx context.Context, term string, limit int, aut
|
||||
@@ -230,7 +244,7 @@ func (s *DefaultService) Search(ctx context.Context, term string, limit int, aut
|
||||
|
||||
// ResolveRepository splits a repository name into its components
|
||||
// and configuration of the associated registry.
|
||||
@ -993,13 +1007,12 @@ index 08f5c7a4e12c..ee0c97a8a21b 100644
|
||||
s.mu.Lock()
|
||||
defer s.mu.Unlock()
|
||||
return newRepositoryInfo(s.config, name)
|
||||
@@ -280,24 +294,25 @@ func (s *DefaultService) tlsConfigForMirror(mirrorURL *url.URL) (*tls.Config, er
|
||||
@@ -270,22 +284,25 @@ func (s *DefaultService) tlsConfigForMirror(mirrorURL *url.URL) (*tls.Config, er
|
||||
return s.tlsConfig(mirrorURL.Host)
|
||||
}
|
||||
|
||||
-// LookupPullEndpoints creates a list of endpoints to try to pull from, in order of preference.
|
||||
-// It gives preference to v2 endpoints over v1, mirrors over the actual
|
||||
-// registry, and HTTPS over plain HTTP.
|
||||
-// LookupPullEndpoints creates a list of v2 endpoints to try to pull from, in order of preference.
|
||||
-// It gives preference to mirrors over the actual registry, and HTTPS over plain HTTP.
|
||||
-func (s *DefaultService) LookupPullEndpoints(hostname string) (endpoints []APIEndpoint, err error) {
|
||||
+// LookupPullEndpoints creates a list of endpoints based on the provided
|
||||
+// reference to try to pull from, in order of preference. It gives preference
|
||||
@ -1009,13 +1022,12 @@ index 08f5c7a4e12c..ee0c97a8a21b 100644
|
||||
s.mu.Lock()
|
||||
defer s.mu.Unlock()
|
||||
|
||||
- return s.lookupEndpoints(hostname)
|
||||
+ return s.lookupEndpoints(reference)
|
||||
- return s.lookupV2Endpoints(hostname)
|
||||
+ return s.lookupV2Endpoints(reference)
|
||||
}
|
||||
|
||||
-// LookupPushEndpoints creates a list of endpoints to try to push to, in order of preference.
|
||||
-// It gives preference to v2 endpoints over v1, and HTTPS over plain HTTP.
|
||||
-// Mirrors are not included.
|
||||
-// LookupPushEndpoints creates a list of v2 endpoints to try to push to, in order of preference.
|
||||
-// It gives preference to HTTPS over plain HTTP. Mirrors are not included.
|
||||
-func (s *DefaultService) LookupPushEndpoints(hostname string) (endpoints []APIEndpoint, err error) {
|
||||
+// LookupPushEndpoints creates a list of endpoints based on the provided
|
||||
+// reference to try to push to, in order of preference. It gives preference to
|
||||
@ -1024,16 +1036,16 @@ index 08f5c7a4e12c..ee0c97a8a21b 100644
|
||||
s.mu.Lock()
|
||||
defer s.mu.Unlock()
|
||||
|
||||
- allEndpoints, err := s.lookupEndpoints(hostname)
|
||||
+ allEndpoints, err := s.lookupEndpoints(reference)
|
||||
- allEndpoints, err := s.lookupV2Endpoints(hostname)
|
||||
+ allEndpoints, err := s.lookupV2Endpoints(reference)
|
||||
if err == nil {
|
||||
for _, endpoint := range allEndpoints {
|
||||
if !endpoint.Mirror {
|
||||
diff --git a/components/engine/registry/service_v2.go b/components/engine/registry/service_v2.go
|
||||
index 1a4c9e310547..efebb4f41486 100644
|
||||
--- a/components/engine/registry/service_v2.go
|
||||
+++ b/components/engine/registry/service_v2.go
|
||||
@@ -1,30 +1,51 @@
|
||||
diff --git a/registry/service_v2.go b/registry/service_v2.go
|
||||
index 3e3a5b41ffbd..451a6f874bc1 100644
|
||||
--- a/registry/service_v2.go
|
||||
+++ b/registry/service_v2.go
|
||||
@@ -1,39 +1,71 @@
|
||||
package registry // import "github.com/docker/docker/registry"
|
||||
|
||||
import (
|
||||
@ -1049,7 +1061,6 @@ index 1a4c9e310547..efebb4f41486 100644
|
||||
+func (s *DefaultService) lookupV2Endpoints(reference string) (endpoints []APIEndpoint, err error) {
|
||||
tlsConfig := tlsconfig.ServerDefault()
|
||||
- if hostname == DefaultNamespace || hostname == IndexHostname {
|
||||
- // v2 mirrors
|
||||
- for _, mirror := range s.config.Mirrors {
|
||||
- if !strings.HasPrefix(mirror, "http://") && !strings.HasPrefix(mirror, "https://") {
|
||||
- mirror = "https://" + mirror
|
||||
@ -1094,16 +1105,14 @@ index 1a4c9e310547..efebb4f41486 100644
|
||||
+ return nil, fmt.Errorf("SUSE PATCH [lookupV2Endpoints]: %s", err)
|
||||
}
|
||||
endpoints = append(endpoints, APIEndpoint{
|
||||
- URL: mirrorURL,
|
||||
+ URL: &mURL,
|
||||
// guess mirrors are v2
|
||||
- URL: mirrorURL,
|
||||
+ URL: &mURL,
|
||||
Version: APIVersion2,
|
||||
Mirror: true,
|
||||
@@ -32,11 +53,20 @@ func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp
|
||||
TrimHostname: true,
|
||||
TLSConfig: mirrorTLSConfig,
|
||||
})
|
||||
}
|
||||
- // v2 registry
|
||||
+ // add the registry
|
||||
+ var endpointURL *url.URL
|
||||
+ if official {
|
||||
@ -1123,7 +1132,7 @@ index 1a4c9e310547..efebb4f41486 100644
|
||||
TrimHostname: true,
|
||||
TLSConfig: tlsConfig,
|
||||
})
|
||||
@@ -48,7 +78,7 @@ func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp
|
||||
@@ -45,7 +77,7 @@ func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp
|
||||
|
||||
tlsConfig, err = s.tlsConfig(hostname)
|
||||
if err != nil {
|
||||
@ -1133,5 +1142,5 @@ index 1a4c9e310547..efebb4f41486 100644
|
||||
|
||||
endpoints = []APIEndpoint{
|
||||
--
|
||||
2.22.0
|
||||
2.30.0
|
||||
|
@ -1,7 +1,8 @@
|
||||
From a67925f5d977db2b5a1b0162149cbd0de2b20598 Mon Sep 17 00:00:00 2001
|
||||
From 4d134a69323ba490b1f8976394cdd9fe0c278b3d Mon Sep 17 00:00:00 2001
|
||||
From: Aleksa Sarai <asarai@suse.de>
|
||||
Date: Fri, 29 Jun 2018 17:59:30 +1000
|
||||
Subject: [PATCH] apparmor: clobber docker-default profile on start
|
||||
Subject: [PATCH 5/5] bsc1073877: apparmor: clobber docker-default profile on
|
||||
start
|
||||
|
||||
In the process of making docker-default reloading far less expensive,
|
||||
567ef8e7858c ("daemon: switch to 'ensure' workflow for AppArmor
|
||||
@ -15,23 +16,23 @@ Fixes: 567ef8e7858c ("daemon: switch to 'ensure' workflow for AppArmor profiles"
|
||||
SUSE-Bugs: bsc#1099277
|
||||
Signed-off-by: Aleksa Sarai <asarai@suse.de>
|
||||
---
|
||||
components/engine/daemon/apparmor_default.go | 14 ++++++++++----
|
||||
.../engine/daemon/apparmor_default_unsupported.go | 4 ++++
|
||||
components/engine/daemon/daemon.go | 5 +++--
|
||||
daemon/apparmor_default.go | 14 ++++++++++----
|
||||
daemon/apparmor_default_unsupported.go | 4 ++++
|
||||
daemon/daemon.go | 5 +++--
|
||||
3 files changed, 17 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/components/engine/daemon/apparmor_default.go b/components/engine/daemon/apparmor_default.go
|
||||
index 461f5c7f96b2..8f21c5c0c566 100644
|
||||
--- a/components/engine/daemon/apparmor_default.go
|
||||
+++ b/components/engine/daemon/apparmor_default.go
|
||||
@@ -14,6 +14,15 @@ const (
|
||||
defaultApparmorProfile = "docker-default"
|
||||
diff --git a/daemon/apparmor_default.go b/daemon/apparmor_default.go
|
||||
index 2045412a7966..0c1fd0f0c940 100644
|
||||
--- a/daemon/apparmor_default.go
|
||||
+++ b/daemon/apparmor_default.go
|
||||
@@ -15,6 +15,15 @@ const (
|
||||
defaultAppArmorProfile = "docker-default"
|
||||
)
|
||||
|
||||
+func clobberDefaultAppArmorProfile() error {
|
||||
+ if apparmor.IsEnabled() {
|
||||
+ if err := aaprofile.InstallDefault(defaultApparmorProfile); err != nil {
|
||||
+ return fmt.Errorf("AppArmor enabled on system but the %s profile could not be loaded: %s", defaultApparmorProfile, err)
|
||||
+ if err := aaprofile.InstallDefault(defaultAppArmorProfile); err != nil {
|
||||
+ return fmt.Errorf("AppArmor enabled on system but the %s profile could not be loaded: %s", defaultAppArmorProfile, err)
|
||||
+ }
|
||||
+ }
|
||||
+ return nil
|
||||
@ -39,23 +40,23 @@ index 461f5c7f96b2..8f21c5c0c566 100644
|
||||
+
|
||||
func ensureDefaultAppArmorProfile() error {
|
||||
if apparmor.IsEnabled() {
|
||||
loaded, err := aaprofile.IsLoaded(defaultApparmorProfile)
|
||||
@@ -27,10 +36,7 @@ func ensureDefaultAppArmorProfile() error {
|
||||
loaded, err := aaprofile.IsLoaded(defaultAppArmorProfile)
|
||||
@@ -28,10 +37,7 @@ func ensureDefaultAppArmorProfile() error {
|
||||
}
|
||||
|
||||
// Load the profile.
|
||||
- if err := aaprofile.InstallDefault(defaultApparmorProfile); err != nil {
|
||||
- return fmt.Errorf("AppArmor enabled on system but the %s profile could not be loaded: %s", defaultApparmorProfile, err)
|
||||
- if err := aaprofile.InstallDefault(defaultAppArmorProfile); err != nil {
|
||||
- return fmt.Errorf("AppArmor enabled on system but the %s profile could not be loaded: %s", defaultAppArmorProfile, err)
|
||||
- }
|
||||
+ return clobberDefaultAppArmorProfile()
|
||||
}
|
||||
-
|
||||
return nil
|
||||
}
|
||||
diff --git a/components/engine/daemon/apparmor_default_unsupported.go b/components/engine/daemon/apparmor_default_unsupported.go
|
||||
diff --git a/daemon/apparmor_default_unsupported.go b/daemon/apparmor_default_unsupported.go
|
||||
index 51f9c526b350..97d7758442ee 100644
|
||||
--- a/components/engine/daemon/apparmor_default_unsupported.go
|
||||
+++ b/components/engine/daemon/apparmor_default_unsupported.go
|
||||
--- a/daemon/apparmor_default_unsupported.go
|
||||
+++ b/daemon/apparmor_default_unsupported.go
|
||||
@@ -2,6 +2,10 @@
|
||||
|
||||
package daemon // import "github.com/docker/docker/daemon"
|
||||
@ -67,11 +68,11 @@ index 51f9c526b350..97d7758442ee 100644
|
||||
func ensureDefaultAppArmorProfile() error {
|
||||
return nil
|
||||
}
|
||||
diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
|
||||
index f049b0d2a41f..7bd89e76b32f 100644
|
||||
--- a/components/engine/daemon/daemon.go
|
||||
+++ b/components/engine/daemon/daemon.go
|
||||
@@ -807,8 +807,9 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
|
||||
diff --git a/daemon/daemon.go b/daemon/daemon.go
|
||||
index 3e86ab5c8721..4a574da030da 100644
|
||||
--- a/daemon/daemon.go
|
||||
+++ b/daemon/daemon.go
|
||||
@@ -855,8 +855,9 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
|
||||
logrus.Warnf("Failed to configure golang's threads limit: %v", err)
|
||||
}
|
||||
|
||||
@ -84,5 +85,5 @@ index f049b0d2a41f..7bd89e76b32f 100644
|
||||
}
|
||||
|
||||
--
|
||||
2.22.0
|
||||
2.30.0
|
||||
|
14
_service
14
_service
@ -1,12 +1,20 @@
|
||||
<services>
|
||||
<service name="tar_scm" mode="disabled">
|
||||
<param name="url">https://github.com/docker/docker-ce.git</param>
|
||||
<param name="url">https://github.com/docker/docker.git</param>
|
||||
<param name="scm">git</param>
|
||||
<param name="exclude">.git</param>
|
||||
<param name="versionformat">19.03.14_ce_%h</param>
|
||||
<param name="revision">v19.03.14</param>
|
||||
<param name="versionformat">20.10.2_ce_%h</param>
|
||||
<param name="revision">v20.10.2</param>
|
||||
<param name="filename">docker</param>
|
||||
</service>
|
||||
<service name="tar_scm" mode="disabled">
|
||||
<param name="url">https://github.com/docker/cli.git</param>
|
||||
<param name="scm">git</param>
|
||||
<param name="exclude">.git</param>
|
||||
<param name="versionformat">20.10.2_ce</param>
|
||||
<param name="revision">v20.10.2</param>
|
||||
<param name="filename">docker-cli</param>
|
||||
</service>
|
||||
<service name="recompress" mode="disabled">
|
||||
<param name="file">docker-*.tar</param>
|
||||
<param name="compression">xz</param>
|
||||
|
@ -1,230 +0,0 @@
|
||||
From ea920fbc29225a71c9e07ffeeba00bc71423d839 Mon Sep 17 00:00:00 2001
|
||||
From: Arko Dasgupta <arko.dasgupta@docker.com>
|
||||
Date: Mon, 4 May 2020 13:51:42 -0700
|
||||
Subject: [PATCH] Add docker interfaces to firewalld docker zone
|
||||
|
||||
If firewalld is running, create a new docker zone and
|
||||
add the docker interfaces to the docker zone to allow
|
||||
container networking for distros with firewalld enabled
|
||||
|
||||
Fixes: https://github.com/moby/libnetwork/issues/2496
|
||||
|
||||
Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com>
|
||||
(cherry picked from commit 7a7209221542dc99b316748c97608dfc276c40f6)
|
||||
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
|
||||
---
|
||||
.../docker/libnetwork/iptables/firewalld.go | 136 ++++++++++++++++--
|
||||
.../docker/libnetwork/iptables/iptables.go | 13 ++
|
||||
2 files changed, 139 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/components/engine/vendor/github.com/docker/libnetwork/iptables/firewalld.go b/components/engine/vendor/github.com/docker/libnetwork/iptables/firewalld.go
|
||||
index 8f13c86448..33eb749ab0 100644
|
||||
--- a/components/engine/vendor/github.com/docker/libnetwork/iptables/firewalld.go
|
||||
+++ b/components/engine/vendor/github.com/docker/libnetwork/iptables/firewalld.go
|
||||
@@ -19,20 +19,46 @@ const (
|
||||
// Ebtables point to bridge table
|
||||
Ebtables IPV = "eb"
|
||||
)
|
||||
+
|
||||
const (
|
||||
- dbusInterface = "org.fedoraproject.FirewallD1"
|
||||
- dbusPath = "/org/fedoraproject/FirewallD1"
|
||||
+ dbusInterface = "org.fedoraproject.FirewallD1"
|
||||
+ dbusPath = "/org/fedoraproject/FirewallD1"
|
||||
+ dbusConfigPath = "/org/fedoraproject/FirewallD1/config"
|
||||
+ dockerZone = "docker"
|
||||
)
|
||||
|
||||
// Conn is a connection to firewalld dbus endpoint.
|
||||
type Conn struct {
|
||||
- sysconn *dbus.Conn
|
||||
- sysobj dbus.BusObject
|
||||
- signal chan *dbus.Signal
|
||||
+ sysconn *dbus.Conn
|
||||
+ sysObj dbus.BusObject
|
||||
+ sysConfObj dbus.BusObject
|
||||
+ signal chan *dbus.Signal
|
||||
+}
|
||||
+
|
||||
+// ZoneSettings holds the firewalld zone settings, documented in
|
||||
+// https://firewalld.org/documentation/man-pages/firewalld.dbus.html
|
||||
+type ZoneSettings struct {
|
||||
+ version string
|
||||
+ name string
|
||||
+ description string
|
||||
+ unused bool
|
||||
+ target string
|
||||
+ services []string
|
||||
+ ports [][]interface{}
|
||||
+ icmpBlocks []string
|
||||
+ masquerade bool
|
||||
+ forwardPorts [][]interface{}
|
||||
+ interfaces []string
|
||||
+ sourceAddresses []string
|
||||
+ richRules []string
|
||||
+ protocols []string
|
||||
+ sourcePorts [][]interface{}
|
||||
+ icmpBlockInversion bool
|
||||
}
|
||||
|
||||
var (
|
||||
- connection *Conn
|
||||
+ connection *Conn
|
||||
+
|
||||
firewalldRunning bool // is Firewalld service running
|
||||
onReloaded []*func() // callbacks when Firewalld has been reloaded
|
||||
)
|
||||
@@ -51,6 +77,9 @@ func FirewalldInit() error {
|
||||
}
|
||||
if connection != nil {
|
||||
go signalHandler()
|
||||
+ if err := setupDockerZone(); err != nil {
|
||||
+ return err
|
||||
+ }
|
||||
}
|
||||
|
||||
return nil
|
||||
@@ -76,8 +105,8 @@ func (c *Conn) initConnection() error {
|
||||
}
|
||||
|
||||
// This never fails, even if the service is not running atm.
|
||||
- c.sysobj = c.sysconn.Object(dbusInterface, dbus.ObjectPath(dbusPath))
|
||||
-
|
||||
+ c.sysObj = c.sysconn.Object(dbusInterface, dbus.ObjectPath(dbusPath))
|
||||
+ c.sysConfObj = c.sysconn.Object(dbusInterface, dbus.ObjectPath(dbusConfigPath))
|
||||
rule := fmt.Sprintf("type='signal',path='%s',interface='%s',sender='%s',member='Reloaded'",
|
||||
dbusPath, dbusInterface, dbusInterface)
|
||||
c.sysconn.BusObject().Call("org.freedesktop.DBus.AddMatch", 0, rule)
|
||||
@@ -150,7 +179,7 @@ func checkRunning() bool {
|
||||
var err error
|
||||
|
||||
if connection != nil {
|
||||
- err = connection.sysobj.Call(dbusInterface+".getDefaultZone", 0).Store(&zone)
|
||||
+ err = connection.sysObj.Call(dbusInterface+".getDefaultZone", 0).Store(&zone)
|
||||
return err == nil
|
||||
}
|
||||
return false
|
||||
@@ -160,8 +189,95 @@ func checkRunning() bool {
|
||||
func Passthrough(ipv IPV, args ...string) ([]byte, error) {
|
||||
var output string
|
||||
logrus.Debugf("Firewalld passthrough: %s, %s", ipv, args)
|
||||
- if err := connection.sysobj.Call(dbusInterface+".direct.passthrough", 0, ipv, args).Store(&output); err != nil {
|
||||
+ if err := connection.sysObj.Call(dbusInterface+".direct.passthrough", 0, ipv, args).Store(&output); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return []byte(output), nil
|
||||
}
|
||||
+
|
||||
+// getDockerZoneSettings converts the ZoneSettings struct into a interface slice
|
||||
+func getDockerZoneSettings() map[string]string {
|
||||
+ return map[string]string{
|
||||
+ "version": "1.0",
|
||||
+ "name": dockerZone,
|
||||
+ "description": "zone for docker bridge network interfaces",
|
||||
+ "target": "ACCEPT",
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+// setupDockerZone creates a zone called docker in firewalld which includes docker interfaces to allow
|
||||
+// container networking
|
||||
+func setupDockerZone() error {
|
||||
+ var zones []string
|
||||
+ // Check if zone exists
|
||||
+ if err := connection.sysObj.Call(dbusInterface+".zone.getZones", 0).Store(&zones); err != nil {
|
||||
+ return err
|
||||
+ }
|
||||
+ if contains(zones, dockerZone) {
|
||||
+ logrus.Infof("Firewalld: %s zone already exists, returning", dockerZone)
|
||||
+ return nil
|
||||
+ }
|
||||
+ logrus.Debugf("Firewalld: creating %s zone", dockerZone)
|
||||
+
|
||||
+ settings := getDockerZoneSettings()
|
||||
+ // Permanent
|
||||
+ if err := connection.sysConfObj.Call(dbusInterface+".config.addZone", 0, dockerZone, settings).Err; err != nil {
|
||||
+ return err
|
||||
+ }
|
||||
+ // Reload for change to take effect
|
||||
+ if err := connection.sysObj.Call(dbusInterface+".reload", 0).Err; err != nil {
|
||||
+ return err
|
||||
+ }
|
||||
+
|
||||
+ return nil
|
||||
+}
|
||||
+
|
||||
+// AddInterfaceFirewalld adds the interface to the trusted zone
|
||||
+func AddInterfaceFirewalld(intf string) error {
|
||||
+ var intfs []string
|
||||
+ // Check if interface is already added to the zone
|
||||
+ if err := connection.sysObj.Call(dbusInterface+".zone.getInterfaces", 0, dockerZone).Store(&intfs); err != nil {
|
||||
+ return err
|
||||
+ }
|
||||
+ // Return if interface is already part of the zone
|
||||
+ if contains(intfs, intf) {
|
||||
+ logrus.Infof("Firewalld: interface %s already part of %s zone, returning", intf, dockerZone)
|
||||
+ return nil
|
||||
+ }
|
||||
+
|
||||
+ logrus.Debugf("Firewalld: adding %s interface to %s zone", intf, dockerZone)
|
||||
+ // Runtime
|
||||
+ if err := connection.sysObj.Call(dbusInterface+".zone.addInterface", 0, dockerZone, intf).Err; err != nil {
|
||||
+ return err
|
||||
+ }
|
||||
+ return nil
|
||||
+}
|
||||
+
|
||||
+// DelInterfaceFirewalld removes the interface from the trusted zone
|
||||
+func DelInterfaceFirewalld(intf string) error {
|
||||
+ var intfs []string
|
||||
+ // Check if interface is part of the zone
|
||||
+ if err := connection.sysObj.Call(dbusInterface+".zone.getInterfaces", 0, dockerZone).Store(&intfs); err != nil {
|
||||
+ return err
|
||||
+ }
|
||||
+ // Remove interface if it exists
|
||||
+ if !contains(intfs, intf) {
|
||||
+ return fmt.Errorf("Firewalld: unable to find interface %s in %s zone", intf, dockerZone)
|
||||
+ }
|
||||
+
|
||||
+ logrus.Debugf("Firewalld: removing %s interface from %s zone", intf, dockerZone)
|
||||
+ // Runtime
|
||||
+ if err := connection.sysObj.Call(dbusInterface+".zone.removeInterface", 0, dockerZone, intf).Err; err != nil {
|
||||
+ return err
|
||||
+ }
|
||||
+ return nil
|
||||
+}
|
||||
+
|
||||
+func contains(list []string, val string) bool {
|
||||
+ for _, v := range list {
|
||||
+ if v == val {
|
||||
+ return true
|
||||
+ }
|
||||
+ }
|
||||
+ return false
|
||||
+}
|
||||
diff --git a/components/engine/vendor/github.com/docker/libnetwork/iptables/iptables.go b/components/engine/vendor/github.com/docker/libnetwork/iptables/iptables.go
|
||||
index 5523c4858c..bd262eb86c 100644
|
||||
--- a/components/engine/vendor/github.com/docker/libnetwork/iptables/iptables.go
|
||||
+++ b/components/engine/vendor/github.com/docker/libnetwork/iptables/iptables.go
|
||||
@@ -146,6 +146,19 @@ func ProgramChain(c *ChainInfo, bridgeName string, hairpinMode, enable bool) err
|
||||
return errors.New("Could not program chain, missing chain name")
|
||||
}
|
||||
|
||||
+ // Either add or remove the interface from the firewalld zone
|
||||
+ if firewalldRunning {
|
||||
+ if enable {
|
||||
+ if err := AddInterfaceFirewalld(bridgeName); err != nil {
|
||||
+ return err
|
||||
+ }
|
||||
+ } else {
|
||||
+ if err := DelInterfaceFirewalld(bridgeName); err != nil {
|
||||
+ return err
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
switch c.Table {
|
||||
case Nat:
|
||||
preroute := []string{
|
||||
--
|
||||
2.29.2
|
||||
|
@ -1,40 +0,0 @@
|
||||
From cb676052272ed4f6f3b901dbc21510fabf742860 Mon Sep 17 00:00:00 2001
|
||||
From: Goldwyn Rodrigues <rgoldwyn@suse.com>
|
||||
Date: Mon, 22 Apr 2019 09:08:28 -0500
|
||||
Subject: [PATCH] apparmor: allow readby and tracedby
|
||||
|
||||
Fixes audit errors such as:
|
||||
|
||||
type=AVC msg=audit(1550236803.810:143):
|
||||
apparmor="DENIED" operation="ptrace" profile="docker-default"
|
||||
pid=3181 comm="ps" requested_mask="readby" denied_mask="readby"
|
||||
peer="docker-default"
|
||||
|
||||
audit(1550236375.918:3): apparmor="DENIED" operation="ptrace"
|
||||
profile="docker-default" pid=2267 comm="ps"
|
||||
requested_mask="tracedby" denied_mask="tracedby"
|
||||
peer="docker-default"
|
||||
|
||||
SUSE-Bugs: bsc#1122469
|
||||
Signed-off-by: Goldwyn Rodrigues <rgoldwyn@suse.com>
|
||||
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
|
||||
---
|
||||
components/engine/profiles/apparmor/template.go | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/components/engine/profiles/apparmor/template.go b/components/engine/profiles/apparmor/template.go
|
||||
index 400b3bd50a11..d8db0ee2fb36 100644
|
||||
--- a/components/engine/profiles/apparmor/template.go
|
||||
+++ b/components/engine/profiles/apparmor/template.go
|
||||
@@ -44,7 +44,7 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) {
|
||||
|
||||
{{if ge .Version 208095}}
|
||||
# suppress ptrace denials when using 'docker ps' or using 'ps' inside a container
|
||||
- ptrace (trace,read) peer={{.Name}},
|
||||
+ ptrace (trace,read,tracedby,readby) peer={{.Name}},
|
||||
{{end}}
|
||||
}
|
||||
`
|
||||
--
|
||||
2.24.0
|
||||
|
59
cli-0001-Rename-bin-md2man-to-bin-go-md2man.patch
Normal file
59
cli-0001-Rename-bin-md2man-to-bin-go-md2man.patch
Normal file
@ -0,0 +1,59 @@
|
||||
From 6e2607c6a68ecf1a7378133f22cb7192e2eb9d5b Mon Sep 17 00:00:00 2001
|
||||
From: Arnaud Rebillout <elboulangero@gmail.com>
|
||||
Date: Wed, 16 Dec 2020 10:19:43 +0700
|
||||
Subject: [PATCH] Rename bin/md2man to bin/go-md2man
|
||||
|
||||
In the recent PR !2877, some code was added to check if md2man is
|
||||
already installed in the build environment. This is to cater to the
|
||||
needs of Linux distributions.
|
||||
|
||||
However it turns out that Linux distributions install md2man as
|
||||
bin/go-md2man instead of bin/md2man, hence the PR !2877 doesn't help
|
||||
much.
|
||||
|
||||
This commit fixes it by settling on using the binary name go-md2man.
|
||||
|
||||
For reference, here the file list of the package go-md2man in several
|
||||
distributions:
|
||||
|
||||
- Debian: <https://packages.debian.org/sid/amd64/go-md2man/filelist>
|
||||
- Ubuntu: <https://packages.ubuntu.com/hirsute/amd64/go-md2man/filelist>
|
||||
- Fedora: <https://fedora.pkgs.org/31/fedora-x86_64/golang-github-cpuguy83-md2man-2.0.0-0.4.20190624gitf79a8a8.fc31.x86_64.rpm.html>
|
||||
- ArchLinux: <https://www.archlinux.org/packages/community/x86_64/go-md2man/>
|
||||
|
||||
Signed-off-by: Arnaud Rebillout <elboulangero@gmail.com>
|
||||
---
|
||||
man/md2man-all.sh | 2 +-
|
||||
scripts/docs/generate-man.sh | 4 ++--
|
||||
2 files changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/man/md2man-all.sh b/man/md2man-all.sh
|
||||
index eb0bc6366a27..46c7b8f08eae 100755
|
||||
--- a/man/md2man-all.sh
|
||||
+++ b/man/md2man-all.sh
|
||||
@@ -18,5 +18,5 @@ for FILE in *.md; do
|
||||
continue
|
||||
fi
|
||||
mkdir -p "./man${num}"
|
||||
- md2man -in "$FILE" -out "./man${num}/${name}"
|
||||
+ go-md2man -in "$FILE" -out "./man${num}/${name}"
|
||||
done
|
||||
diff --git a/scripts/docs/generate-man.sh b/scripts/docs/generate-man.sh
|
||||
index 136ed1e00094..e312c87dd321 100755
|
||||
--- a/scripts/docs/generate-man.sh
|
||||
+++ b/scripts/docs/generate-man.sh
|
||||
@@ -4,9 +4,9 @@ set -eu -o pipefail
|
||||
|
||||
mkdir -p ./man/man1
|
||||
|
||||
-if ! command -v md2man &> /dev/null; then
|
||||
+if ! command -v go-md2man &> /dev/null; then
|
||||
# yay, go install creates a binary named "v2" ¯\_(ツ)_/¯
|
||||
- go build -o "/go/bin/md2man" ./vendor/github.com/cpuguy83/go-md2man/v2
|
||||
+ go build -o "/go/bin/go-md2man" ./vendor/github.com/cpuguy83/go-md2man/v2
|
||||
fi
|
||||
|
||||
# Generate man pages from cobra commands
|
||||
--
|
||||
2.30.0
|
||||
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:5bf99fd416c9a282dc97ac3568da541d378ea1c003a5680c07f11f91115d984d
|
||||
size 10421676
|
3
docker-20.10.2_ce_8891c58a433a.tar.xz
Normal file
3
docker-20.10.2_ce_8891c58a433a.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:8f38527e3b117ca42b0b702a3a8a2a3d73cb629d170730d7d741115e72da8171
|
||||
size 6463700
|
3
docker-cli-20.10.2_ce.tar.xz
Normal file
3
docker-cli-20.10.2_ce.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:83f9812b3d0fda73d6645d82577b0e3c7d603c042be6ee80119d0d5a48d73866
|
||||
size 4432320
|
@ -1,3 +1,27 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Jan 29 22:55:48 UTC 2021 - Aleksa Sarai <asarai@suse.com>
|
||||
|
||||
- Update to Docker 20.10.2-ce. See upstream changelog in the packaged
|
||||
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1181594
|
||||
- Remove upstreamed patches:
|
||||
- bsc1122469-0001-apparmor-allow-readby-and-tracedby.patch
|
||||
- boo1178801-0001-Add-docker-interfaces-to-firewalld-docker-zone.patch
|
||||
- Add patches to fix build:
|
||||
+ cli-0001-Rename-bin-md2man-to-bin-go-md2man.patch
|
||||
- Since upstream has changed their source repo (again) we have to rebase all of
|
||||
our patches. While doing this, I've collapsed all patches into one branch
|
||||
per-release and thus all the patches are now just one series:
|
||||
- packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
|
||||
+ 0001-PACKAGING-revert-Remove-docker-prefix-for-containerd.patch
|
||||
- secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
|
||||
+ 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
|
||||
- secrets-0002-SUSE-implement-SUSE-container-secrets.patch
|
||||
+ 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
|
||||
- private-registry-0001-Add-private-registry-mirror-support.patch
|
||||
+ 0004-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
|
||||
- bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
|
||||
+ 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jan 29 11:54:53 UTC 2021 - Aleksa Sarai <asarai@suse.com>
|
||||
|
||||
|
157
docker.spec
157
docker.spec
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package docker
|
||||
#
|
||||
# Copyright (c) 2020 SUSE LLC
|
||||
# Copyright (c) 2021 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -42,52 +42,55 @@
|
||||
# helpfully injects into our build environment from the changelog). If you want
|
||||
# to generate a new git_commit_epoch, use this:
|
||||
# $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s'
|
||||
%define git_version 5eb3275d4006
|
||||
%define git_commit_epoch 1606849828
|
||||
%define git_version 8891c58a433a
|
||||
%define git_commit_epoch 1608908869
|
||||
|
||||
# These are the git commits required. We verify them against the source to make
|
||||
# sure we didn't miss anything important when doing upgrades.
|
||||
%define required_containerd ea765aba0d05254012b0b9e595e995c09186427f
|
||||
%define required_dockerrunc dc9208a3303feef5b3839f4323d9beb36df0a9dd
|
||||
%define required_libnetwork 55e924b8a84231a065879156c0de95aefc5f5435
|
||||
%define required_containerd 269548fa27e0089a8b8278fc4fc781d7f65a939b
|
||||
%define required_dockerrunc ff819c7e9184c13b7c2607fe6c30ae19403a7aff
|
||||
%define required_libnetwork fa125a3512ee0f6187721c88582bf8c4378bd4d7
|
||||
|
||||
Name: %{realname}%{name_suffix}
|
||||
Version: 19.03.14_ce
|
||||
Version: 20.10.2_ce
|
||||
Release: 0
|
||||
Summary: The Moby-project Linux container runtime
|
||||
License: Apache-2.0
|
||||
Group: System/Management
|
||||
URL: http://www.docker.io
|
||||
# TODO(VR): check those SOURCE files below
|
||||
Source: %{realname}-%{version}_%{git_version}.tar.xz
|
||||
Source1: docker.service
|
||||
Source1: %{realname}-cli-%{version}.tar.xz
|
||||
Source2: docker-rpmlintrc
|
||||
# TODO: Move these source files to somewhere nicer.
|
||||
Source100: docker.service
|
||||
Source101: 80-docker.rules
|
||||
Source102: sysconfig.docker
|
||||
Source103: README_SUSE.md
|
||||
Source104: docker-audit.rules
|
||||
Source105: tests.sh
|
||||
Source106: docker-daemon.json
|
||||
# Kubelet-specific sources.
|
||||
# bsc#1086185 -- but we only apply this on Kubic.
|
||||
Source2: docker-kubic-service.conf
|
||||
Source3: 80-docker.rules
|
||||
Source4: sysconfig.docker
|
||||
Source5: kubelet.env
|
||||
Source6: docker-rpmlintrc
|
||||
Source7: README_SUSE.md
|
||||
Source8: docker-audit.rules
|
||||
Source9: tests.sh
|
||||
Source10: docker-daemon.json
|
||||
Source900: docker-kubic-service.conf
|
||||
Source901: kubelet.env
|
||||
# NOTE: All of these patches are maintained in <https://github.com/suse/docker>
|
||||
# in the suse-<version> branch. Make sure you update the patches in that
|
||||
# branch and then git-format-patch the patch here.
|
||||
# SUSE-FEATURE: Adds the /run/secrets mountpoint inside all Docker containers
|
||||
# which is not snapshotted when images are committed. Note that if you modify
|
||||
# this patch, please also modify the patch in the suse-secrets-v<version>
|
||||
# branch in http://github.com/suse/docker.mirror.
|
||||
Patch200: secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
|
||||
Patch201: secrets-0002-SUSE-implement-SUSE-container-secrets.patch
|
||||
# SUSE-ISSUE: Revert of https://github.com/docker/docker/pull/37907.
|
||||
Patch300: packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
|
||||
# SUSE-BACKPORT: Backport of https://github.com/docker/docker/pull/37353. bsc#1099277
|
||||
Patch401: bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
|
||||
# SUSE-BACKPORT: Backport of https://github.com/docker/docker/pull/39121. bsc#1122469
|
||||
Patch402: bsc1122469-0001-apparmor-allow-readby-and-tracedby.patch
|
||||
# SUSE-BACKPORT: Backport of https://github.com/moby/libnetwork/pull/2548. boo#1178801, SLE-16460
|
||||
Patch403: boo1178801-0001-Add-docker-interfaces-to-firewalld-docker-zone.patch
|
||||
# branch in <http://github.com/suse/docker>.
|
||||
Patch100: 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
|
||||
Patch101: 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
|
||||
# SUSE-FEATURE: Add support to mirror inofficial/private registries
|
||||
# (https://github.com/docker/docker/pull/34319)
|
||||
Patch500: private-registry-0001-Add-private-registry-mirror-support.patch
|
||||
# <https://github.com/docker/docker/pull/34319>.
|
||||
Patch200: 0004-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
|
||||
# SUSE-ISSUE: Revert of <https://github.com/docker/docker/pull/37907>.
|
||||
Patch300: 0001-PACKAGING-revert-Remove-docker-prefix-for-containerd.patch
|
||||
# SUSE-BACKPORT: Backport of https://github.com/docker/docker/pull/37353. bsc#1073877 bsc#1099277
|
||||
Patch301: 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
|
||||
# SUSE-BACKPORT: Backport of https://github.com/docker/cli/pull/2888.
|
||||
Patch302: cli-0001-Rename-bin-md2man-to-bin-go-md2man.patch
|
||||
BuildRequires: audit
|
||||
BuildRequires: bash-completion
|
||||
BuildRequires: ca-certificates
|
||||
@ -273,34 +276,41 @@ docker container runtime configuration for kubeadm
|
||||
|
||||
%prep
|
||||
%setup -q -n %{realname}-%{version}_%{git_version}
|
||||
|
||||
%if 0%{?is_opensuse}
|
||||
# nothing
|
||||
%else
|
||||
# PATCH-SUSE: Secrets patches.
|
||||
%patch200 -p1
|
||||
%patch201 -p1
|
||||
%patch100 -p1
|
||||
%patch101 -p1
|
||||
%endif
|
||||
# revert upstream
|
||||
%patch300 -p1
|
||||
# bsc#1099277
|
||||
%patch401 -p1
|
||||
# bsc#1122469
|
||||
%patch402 -p1
|
||||
# boo#1178801, SLE-16460
|
||||
%patch403 -p1
|
||||
%if "%flavour" == "kubic"
|
||||
# PATCH-SUSE: Mirror patch.
|
||||
%patch500 -p1
|
||||
%patch200 -p1
|
||||
%endif
|
||||
# packaging
|
||||
%patch300 -p1
|
||||
# bsc#1099277
|
||||
%patch301 -p1
|
||||
|
||||
cp %{SOURCE7} .
|
||||
# README_SUSE.md for documentation.
|
||||
cp %{SOURCE103} .
|
||||
|
||||
# Fill the CLI sources in a subdir.
|
||||
mkdir -p dist-suse/cli
|
||||
pushd dist-suse/cli/
|
||||
xz -dc %{SOURCE1} | tar -xof - --strip-components=1
|
||||
# https://github.com/docker/cli/pull/2888
|
||||
%patch302 -p1
|
||||
popd
|
||||
|
||||
%build
|
||||
BUILDTAGS="exclude_graphdriver_aufs apparmor selinux seccomp pkcs11"
|
||||
%if 0%{?sle_version} == 120000
|
||||
# Provided by patch406, to allow us to build with older distros but still
|
||||
# have deferred removal support at runtime. We only use this when building
|
||||
# on SLE12.
|
||||
# Allow us to build with older distros but still have deferred removal
|
||||
# support at runtime. We only use this when building on SLE12, because
|
||||
# later openSUSE/SLE versions have a new enough libdevicemapper to not
|
||||
# require the runtime checking.
|
||||
BUILDTAGS="libdm_dlsym_deferred_remove $BUILDTAGS"
|
||||
%endif
|
||||
|
||||
@ -326,14 +336,13 @@ EOF
|
||||
|
||||
# Preparing GOPATH so that the client is visible to the compiler
|
||||
mkdir -p src/github.com/docker/
|
||||
ln -s $(pwd)/components/cli $(pwd)/src/github.com/docker/cli
|
||||
ln -s $(pwd)/dist-suse/cli $(pwd)/src/github.com/docker/cli
|
||||
export GOPATH=$GOPATH:$(pwd)
|
||||
|
||||
###################
|
||||
## DOCKER ENGINE ##
|
||||
###################
|
||||
|
||||
pushd components/engine/
|
||||
# Ignore the warning that we compile outside a Docker container.
|
||||
./hack/make.sh dynbinary
|
||||
|
||||
@ -343,18 +352,17 @@ pushd components/engine/
|
||||
for testdir in {integration-cli,integration/*/}
|
||||
do
|
||||
( find "$testdir" -name '*_test.go' | grep -q '.' ) || continue
|
||||
GOPATH=$(pwd)/vendor:$(pwd)/.gopath/ go test \
|
||||
-buildmode=pie \
|
||||
-tags "$DOCKER_BUILDTAGS daemon autogen" \
|
||||
-c "github.com/docker/docker/$testdir" -o "$testdir/tests.main"
|
||||
GOPATH=$(pwd)/vendor:$(pwd)/.gopath/ go test -c \
|
||||
-o "$testdir/tests.main" -buildmode=pie \
|
||||
-tags "$DOCKER_BUILDTAGS daemon" \
|
||||
"github.com/docker/docker/$testdir"
|
||||
done
|
||||
popd
|
||||
|
||||
###################
|
||||
## DOCKER CLIENT ##
|
||||
###################
|
||||
|
||||
pushd components/cli/
|
||||
pushd dist-suse/cli/
|
||||
./scripts/build/dynbinary
|
||||
|
||||
mkdir -p ./man/man1
|
||||
@ -373,30 +381,29 @@ popd
|
||||
# We verify that all of our -git requires are correct, and match the contents
|
||||
# of the upstream vendoring scripts. This is done on-build to make sure that
|
||||
# someone doing an update didn't miss anything.
|
||||
cd components/engine
|
||||
grep 'RUNC_COMMIT:=%{required_dockerrunc}' hack/dockerfile/install/runc.installer
|
||||
grep 'CONTAINERD_COMMIT:=%{required_containerd}' hack/dockerfile/install/containerd.installer
|
||||
grep 'LIBNETWORK_COMMIT:=%{required_libnetwork}' hack/dockerfile/install/proxy.installer
|
||||
|
||||
%install
|
||||
install -d %{buildroot}%{_bindir}
|
||||
install -D -m755 components/cli/build/docker %{buildroot}/%{_bindir}/docker
|
||||
install -D -m755 components/engine/bundles/dynbinary-daemon/dockerd %{buildroot}/%{_bindir}/dockerd
|
||||
install -D -m755 dist-suse/cli/build/docker %{buildroot}/%{_bindir}/docker
|
||||
install -D -m755 bundles/dynbinary-daemon/dockerd %{buildroot}/%{_bindir}/dockerd
|
||||
install -d %{buildroot}/%{_localstatedir}/lib/docker
|
||||
install -Dd -m 0755 \
|
||||
%{buildroot}%{_sysconfdir}/init.d \
|
||||
%{buildroot}%{_sbindir}
|
||||
|
||||
install -D -m0644 components/cli/contrib/completion/bash/docker "%{buildroot}%{_datarootdir}/bash-completion/completions/%{realname}"
|
||||
install -D -m0644 components/cli/contrib/completion/zsh/_docker "%{buildroot}%{_sysconfdir}/zsh_completion.d/_%{realname}"
|
||||
install -D -m0644 components/cli/contrib/completion/fish/docker.fish "%{buildroot}/%{_datadir}/fish/vendor_completions.d/%{realname}.fish"
|
||||
install -D -m0644 dist-suse/cli/contrib/completion/bash/docker "%{buildroot}%{_datarootdir}/bash-completion/completions/%{realname}"
|
||||
install -D -m0644 dist-suse/cli/contrib/completion/zsh/_docker "%{buildroot}%{_sysconfdir}/zsh_completion.d/_%{realname}"
|
||||
install -D -m0644 dist-suse/cli/contrib/completion/fish/docker.fish "%{buildroot}/%{_datadir}/fish/vendor_completions.d/%{realname}.fish"
|
||||
|
||||
#
|
||||
# systemd service
|
||||
#
|
||||
install -D -m0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{realname}.service
|
||||
install -D -m0644 %{SOURCE100} %{buildroot}%{_unitdir}/%{realname}.service
|
||||
%if "%flavour" == "kubic"
|
||||
install -D -m0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{realname}.service.d/90-kubic.conf
|
||||
install -D -m0644 %{SOURCE900} %{buildroot}%{_unitdir}/%{realname}.service.d/90-kubic.conf
|
||||
%endif
|
||||
ln -sf service %{buildroot}%{_sbindir}/rcdocker
|
||||
|
||||
@ -404,30 +411,30 @@ ln -sf service %{buildroot}%{_sbindir}/rcdocker
|
||||
# udev rules that prevents dolphin to show all docker devices and slows down
|
||||
# upstream report https://bugs.kde.org/show_bug.cgi?id=329930
|
||||
#
|
||||
install -D -m 0644 %{SOURCE3} %{buildroot}%{_udevrulesdir}/80-%{realname}.rules
|
||||
install -D -m 0644 %{SOURCE101} %{buildroot}%{_udevrulesdir}/80-%{realname}.rules
|
||||
|
||||
# audit rules
|
||||
install -D -m 0640 %{SOURCE8} %{buildroot}%{_sysconfdir}/audit/rules.d/%{realname}.rules
|
||||
install -D -m 0640 %{SOURCE104} %{buildroot}%{_sysconfdir}/audit/rules.d/%{realname}.rules
|
||||
|
||||
# sysconfig file
|
||||
install -D -m 644 %{SOURCE4} %{buildroot}%{_fillupdir}/sysconfig.docker
|
||||
install -D -m 644 %{SOURCE102} %{buildroot}%{_fillupdir}/sysconfig.docker
|
||||
|
||||
# install docker config file
|
||||
install -D -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}/docker/daemon.json
|
||||
install -D -m 644 %{SOURCE106} %{buildroot}%{_sysconfdir}/docker/daemon.json
|
||||
|
||||
# install manpages (using the ones from the engine)
|
||||
install -d %{buildroot}%{_mandir}/man1
|
||||
install -p -m 644 components/cli/man/man1/*.1 %{buildroot}%{_mandir}/man1
|
||||
install -p -m 644 dist-suse/cli/man/man1/*.1 %{buildroot}%{_mandir}/man1
|
||||
install -d %{buildroot}%{_mandir}/man5
|
||||
install -p -m 644 components/cli/man/man5/Dockerfile.5 %{buildroot}%{_mandir}/man5
|
||||
install -p -m 644 dist-suse/cli/man/man5/Dockerfile.5 %{buildroot}%{_mandir}/man5
|
||||
install -d %{buildroot}%{_mandir}/man8
|
||||
install -p -m 644 components/cli/man/man8/*.8 %{buildroot}%{_mandir}/man8
|
||||
install -p -m 644 dist-suse/cli/man/man8/*.8 %{buildroot}%{_mandir}/man8
|
||||
|
||||
# install docker-test files -- we want to avoid installing the entire source tree.
|
||||
install -d %{buildroot}%{_prefix}/src/docker/
|
||||
install -D -m0755 %{SOURCE9} %{buildroot}%{_prefix}/src/docker/tests.sh
|
||||
install -D -m0755 %{SOURCE105} %{buildroot}%{_prefix}/src/docker/tests.sh
|
||||
# We need hack/, contrib/, profiles/, and the integration*/ trees.
|
||||
cp -a components/engine/{hack,contrib,profiles,integration{,-cli}} %{buildroot}%{_prefix}/src/docker/
|
||||
cp -a {hack,contrib,profiles,integration{,-cli}} %{buildroot}%{_prefix}/src/docker/
|
||||
echo "%{version}" > %{buildroot}%{_prefix}/src/docker/VERSION
|
||||
# And now we can remove all *_test.go files -- since we already have test
|
||||
# binaries. Due to a lot of hacks within the Docker integration tests, we can't
|
||||
@ -437,8 +444,8 @@ find %{buildroot}%{_prefix}/src/docker \
|
||||
|
||||
%if "%flavour" == "kubic"
|
||||
# place kubelet.env in fillupdir (for kubeadm-criconfig)
|
||||
sed -e 's-@LIBEXECDIR@-%{_libexecdir}-g' -i %{SOURCE5}
|
||||
install -D -m 0644 %{SOURCE5} %{buildroot}%{_fillupdir}/sysconfig.kubelet
|
||||
sed -e 's-@LIBEXECDIR@-%{_libexecdir}-g' -i %{SOURCE901}
|
||||
install -D -m 0644 %{SOURCE901} %{buildroot}%{_fillupdir}/sysconfig.kubelet
|
||||
%endif
|
||||
|
||||
%fdupes %{buildroot}
|
||||
@ -485,8 +492,8 @@ grep -q '^dockremap:' /etc/subgid || \
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
%doc components/engine/README.md README_SUSE.md CHANGELOG.md
|
||||
%license components/engine/LICENSE
|
||||
%doc README.md README_SUSE.md CHANGELOG.md
|
||||
%license LICENSE
|
||||
%{_bindir}/docker
|
||||
%{_bindir}/dockerd
|
||||
%{_sbindir}/rcdocker
|
||||
|
@ -1,126 +0,0 @@
|
||||
From 33d18d20a806e2541292acb55338dea2065d2501 Mon Sep 17 00:00:00 2001
|
||||
From: Aleksa Sarai <asarai@suse.de>
|
||||
Date: Thu, 29 Nov 2018 20:53:16 +1100
|
||||
Subject: [PATCH] revert "Remove 'docker-' prefix for containerd and runc
|
||||
binaries"
|
||||
|
||||
This reverts commit 34eede0296bce6a9c335cb429f10728ae3f4252d, as it
|
||||
would significantly break openSUSE's packaging (as well as causing
|
||||
conflicts between the very-outdated runc that Docker uses and the more
|
||||
up-to-date one available for Podman).
|
||||
|
||||
Signed-off-by: Aleksa Sarai <asarai@suse.de>
|
||||
---
|
||||
components/engine/api/swagger.yaml | 4 ++--
|
||||
components/engine/builder/builder-next/executor_unix.go | 2 +-
|
||||
components/engine/daemon/daemon_unix.go | 6 +++---
|
||||
components/engine/libcontainerd/supervisor/remote_daemon.go | 4 ++--
|
||||
.../engine/libcontainerd/supervisor/remote_daemon_linux.go | 4 ++--
|
||||
.../libcontainerd/supervisor/remote_daemon_windows.go | 4 ++--
|
||||
6 files changed, 12 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/components/engine/api/swagger.yaml b/components/engine/api/swagger.yaml
|
||||
index 6e0bc25b52d6..58f860d22a49 100644
|
||||
--- a/components/engine/api/swagger.yaml
|
||||
+++ b/components/engine/api/swagger.yaml
|
||||
@@ -3980,10 +3980,10 @@ definitions:
|
||||
$ref: "#/definitions/Runtime"
|
||||
default:
|
||||
runc:
|
||||
- path: "runc"
|
||||
+ path: "docker-runc"
|
||||
example:
|
||||
runc:
|
||||
- path: "runc"
|
||||
+ path: "docker-runc"
|
||||
runc-master:
|
||||
path: "/go/bin/runc"
|
||||
custom:
|
||||
diff --git a/components/engine/builder/builder-next/executor_unix.go b/components/engine/builder/builder-next/executor_unix.go
|
||||
index 620ffb401de7..dd63779a27d2 100644
|
||||
--- a/components/engine/builder/builder-next/executor_unix.go
|
||||
+++ b/components/engine/builder/builder-next/executor_unix.go
|
||||
@@ -28,7 +28,7 @@ func newExecutor(root, cgroupParent string, net libnetwork.NetworkController, ro
|
||||
}
|
||||
return runcexecutor.New(runcexecutor.Opt{
|
||||
Root: filepath.Join(root, "executor"),
|
||||
- CommandCandidates: []string{"runc"},
|
||||
+ CommandCandidates: []string{"docker-runc", "runc"},
|
||||
DefaultCgroupParent: cgroupParent,
|
||||
Rootless: rootless,
|
||||
NoPivot: os.Getenv("DOCKER_RAMDISK") != "",
|
||||
diff --git a/components/engine/daemon/daemon_unix.go b/components/engine/daemon/daemon_unix.go
|
||||
index df64de6edf13..fa9bfb528414 100644
|
||||
--- a/components/engine/daemon/daemon_unix.go
|
||||
+++ b/components/engine/daemon/daemon_unix.go
|
||||
@@ -54,11 +54,11 @@ import (
|
||||
const (
|
||||
// DefaultShimBinary is the default shim to be used by containerd if none
|
||||
// is specified
|
||||
- DefaultShimBinary = "containerd-shim"
|
||||
+ DefaultShimBinary = "docker-containerd-shim"
|
||||
|
||||
// DefaultRuntimeBinary is the default runtime to be used by
|
||||
// containerd if none is specified
|
||||
- DefaultRuntimeBinary = "runc"
|
||||
+ DefaultRuntimeBinary = "docker-runc"
|
||||
|
||||
// See https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/tree/kernel/sched/sched.h?id=8cd9234c64c584432f6992fe944ca9e46ca8ea76#n269
|
||||
linuxMinCPUShares = 2
|
||||
@@ -77,7 +77,7 @@ const (
|
||||
|
||||
// DefaultRuntimeName is the default runtime to be used by
|
||||
// containerd if none is specified
|
||||
- DefaultRuntimeName = "runc"
|
||||
+ DefaultRuntimeName = "docker-runc"
|
||||
)
|
||||
|
||||
type containerGetter interface {
|
||||
diff --git a/components/engine/libcontainerd/supervisor/remote_daemon.go b/components/engine/libcontainerd/supervisor/remote_daemon.go
|
||||
index 31b93f11f0b1..5fba7f29eff9 100644
|
||||
--- a/components/engine/libcontainerd/supervisor/remote_daemon.go
|
||||
+++ b/components/engine/libcontainerd/supervisor/remote_daemon.go
|
||||
@@ -27,8 +27,8 @@ const (
|
||||
shutdownTimeout = 15 * time.Second
|
||||
startupTimeout = 15 * time.Second
|
||||
configFile = "containerd.toml"
|
||||
- binaryName = "containerd"
|
||||
- pidFile = "containerd.pid"
|
||||
+ binaryName = "docker-containerd"
|
||||
+ pidFile = "docker-containerd.pid"
|
||||
)
|
||||
|
||||
type pluginConfigs struct {
|
||||
diff --git a/components/engine/libcontainerd/supervisor/remote_daemon_linux.go b/components/engine/libcontainerd/supervisor/remote_daemon_linux.go
|
||||
index 799399c07bc5..1ea91d2b5d0b 100644
|
||||
--- a/components/engine/libcontainerd/supervisor/remote_daemon_linux.go
|
||||
+++ b/components/engine/libcontainerd/supervisor/remote_daemon_linux.go
|
||||
@@ -11,8 +11,8 @@ import (
|
||||
)
|
||||
|
||||
const (
|
||||
- sockFile = "containerd.sock"
|
||||
- debugSockFile = "containerd-debug.sock"
|
||||
+ sockFile = "docker-containerd.sock"
|
||||
+ debugSockFile = "docker-containerd-debug.sock"
|
||||
)
|
||||
|
||||
func (r *remote) setDefaults() {
|
||||
diff --git a/components/engine/libcontainerd/supervisor/remote_daemon_windows.go b/components/engine/libcontainerd/supervisor/remote_daemon_windows.go
|
||||
index 9b254ef58a0a..bcdc9529e0f7 100644
|
||||
--- a/components/engine/libcontainerd/supervisor/remote_daemon_windows.go
|
||||
+++ b/components/engine/libcontainerd/supervisor/remote_daemon_windows.go
|
||||
@@ -7,8 +7,8 @@ import (
|
||||
)
|
||||
|
||||
const (
|
||||
- grpcPipeName = `\\.\pipe\containerd-containerd`
|
||||
- debugPipeName = `\\.\pipe\containerd-debug`
|
||||
+ grpcPipeName = `\\.\pipe\docker-containerd-containerd`
|
||||
+ debugPipeName = `\\.\pipe\docker-containerd-debug`
|
||||
)
|
||||
|
||||
func (r *remote) setDefaults() {
|
||||
--
|
||||
2.22.0
|
||||
|
Loading…
Reference in New Issue
Block a user