Accepting request 1088253 from home:cyphar:docker

- Update to Docker 23.0.6-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/23.0/#2306>. bsc#1211578 - Rebase patches: * cli-0001-docs-include-required-tools-in-source-tree.patch - Re-unify packaging for SLE-12 and SLE-15. - Add patch to fix build on SLE-12 by switching back to libbtrfs-devel headers (the uapi headers in SLE-12 are too old). + 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch - Re-numbered patches: - 0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch + 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch` OBS-URL: https://build.opensuse.org/request/show/1088253 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=386
2023-05-22 06:23:47 +00:00 · 2023-05-22 06:23:47 +00:00 · 3a683e6a82
commit 3a683e6a82
parent 8bf4339d22
12 changed files with 138 additions and 53 deletions
--- a/0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
+++ b/0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
@ -1,7 +1,7 @@
-From 5c6812a104e161599fc8569d0b4af04224ef3b5a Mon Sep 17 00:00:00 2001
+From e4410ba60f96f1d57d088208eaedd12c0fca6b80 Mon Sep 17 00:00:00 2001
 From: Aleksa Sarai <asarai@suse.de>
 Date: Wed, 8 Mar 2017 12:41:54 +1100
-Subject: [PATCH 1/3] SECRETS: daemon: allow directory creation in /run/secrets
+Subject: [PATCH 1/4] SECRETS: daemon: allow directory creation in /run/secrets

 Since FileMode can have the directory bit set, allow a SecretStore
 implementation to return secrets that are actually directories. This is
@ -69,5 +69,5 @@ index 561077b66b60..0b70825dd2ff 100644
 			return errors.Wrap(err, "error setting ownership for secret")
 		}
 -- 
-2.40.0
+2.40.1

--- a/0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
+++ b/0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
@ -1,7 +1,7 @@
-From 4138c02a19fbd3d3ff50f0b364bf4b99adc47298 Mon Sep 17 00:00:00 2001
+From 3b56cce3fab96f60ef8dcb40fe143159c519e97a Mon Sep 17 00:00:00 2001
 From: Aleksa Sarai <asarai@suse.de>
 Date: Wed, 8 Mar 2017 11:43:29 +1100
-Subject: [PATCH 2/3] SECRETS: SUSE: implement SUSE container secrets
+Subject: [PATCH 2/4] SECRETS: SUSE: implement SUSE container secrets

 This allows for us to pass in host credentials to a container, allowing
 for SUSEConnect to work with containers.
@ -456,5 +456,5 @@ index 000000000000..32b0ece91b59
 +	return nil
 +}
 -- 
-2.40.0
+2.40.1

--- a/0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
+++ b/0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
@ -0,0 +1,46 @@
+From a5bb4ed6a9dd6f3e859524bcc44a822fdeb779fc Mon Sep 17 00:00:00 2001
+From: Aleksa Sarai <asarai@suse.de>
+Date: Mon, 22 May 2023 15:44:54 +1000
+Subject: [PATCH 3/4] BUILD: SLE12: revert "graphdriver/btrfs: use kernel UAPI
+ headers"
+
+This reverts commit 3208dcabdc8997340b255f5b880fef4e3f54580d.
+
+On SLE 12, our UAPI headers are too old, resulting in us being unable to
+build the btrfs driver with the new headers. This patch is only needed
+for SLE-12.
+
+Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
+---
+ daemon/graphdriver/btrfs/btrfs.go | 13 ++++---------
+ 1 file changed, 4 insertions(+), 9 deletions(-)
+
+diff --git a/daemon/graphdriver/btrfs/btrfs.go b/daemon/graphdriver/btrfs/btrfs.go
+index 7f82594b4ebd..532c19a8a15c 100644
+--- a/daemon/graphdriver/btrfs/btrfs.go
+++ b/daemon/graphdriver/btrfs/btrfs.go
+@@ -5,17 +5,12 @@ package btrfs // import "github.com/docker/docker/daemon/graphdriver/btrfs"
+ 
+ /*
+ #include <stdlib.h>
+-#include <stdio.h>
+ #include <dirent.h>
+ 
+-#include <linux/version.h>
+-#if LINUX_VERSION_CODE < KERNEL_VERSION(4,12,0)
+-    #error "Headers from kernel >= 4.12 are required to build with Btrfs support."
+-    #error "HINT: Set 'DOCKER_BUILDTAGS=exclude_graphdriver_btrfs' to build without Btrfs."
+-#endif
+-
+-#include <linux/btrfs.h>
+-#include <linux/btrfs_tree.h>
+// keep struct field name compatible with btrfs-progs < 6.1.
+#define max_referenced max_rfer
+#include <btrfs/ioctl.h>
+#include <btrfs/ctree.h>
+ 
+ static void set_name_btrfs_ioctl_vol_args_v2(struct btrfs_ioctl_vol_args_v2* btrfs_struct, const char* value) {
+     snprintf(btrfs_struct->name, BTRFS_SUBVOL_NAME_MAX, "%s", value);
+-- 
+2.40.1
+
--- a/0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
+++ b/0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
@ -1,7 +1,7 @@
-From 3e37bbad6f0a0c2576ad0b9dfe7a4a9290aa2aa0 Mon Sep 17 00:00:00 2001
+From 81648019f140e161dd723774ce206d40fb697ba3 Mon Sep 17 00:00:00 2001
 From: Aleksa Sarai <asarai@suse.de>
 Date: Fri, 29 Jun 2018 17:59:30 +1000
-Subject: [PATCH 3/3] bsc1073877: apparmor: clobber docker-default profile on
+Subject: [PATCH 4/4] bsc1073877: apparmor: clobber docker-default profile on
 start

 In the process of making docker-default reloading far less expensive,
@ -85,5 +85,5 @@ index 40abbe8cc19c..05c6db818c30 100644
 	}
 
 -- 
-2.40.0
+2.40.1

--- a/8
+++ b/8
@ -3,16 +3,16 @@
    <param name="url">https://github.com/moby/moby.git</param>
    <param name="scm">git</param>
    <param name="exclude">.git</param>
-    <param name="versionformat">23.0.5_ce_%h</param>
-    <param name="revision">v23.0.5</param>
+    <param name="versionformat">23.0.6_ce_%h</param>
+    <param name="revision">v23.0.6</param>
    <param name="filename">docker</param>
  </service>
  <service name="tar_scm" mode="disabled">
    <param name="url">https://github.com/docker/cli.git</param>
    <param name="scm">git</param>
    <param name="exclude">.git</param>
-    <param name="versionformat">23.0.5_ce</param>
-    <param name="revision">v23.0.5</param>
+    <param name="versionformat">23.0.6_ce</param>
+    <param name="revision">v23.0.6</param>
    <param name="filename">docker-cli</param>
  </service>
  <service name="recompress" mode="disabled">
--- a/cli-0001-docs-include-required-tools-in-source-tree.patch
+++ b/cli-0001-docs-include-required-tools-in-source-tree.patch
@ -1,4 +1,4 @@
-From 0c35d956eb289bd6186e2865a779d2615c471b94 Mon Sep 17 00:00:00 2001
+From f571ed4f350621b20280e74bf663535533246511 Mon Sep 17 00:00:00 2001
 From: Aleksa Sarai <asarai@suse.de>
 Date: Wed, 26 Apr 2023 10:13:48 +1000
 Subject: [PATCH] docs: include required tools in source tree
@ -23,9 +23,9 @@ Signed-off-by: Aleksa Sarai <asarai@suse.de>
 import.go                                     |   17 +
 man/go.mod                                    |   15 -
 man/tools.go                                  |   11 -
- scripts/docs/generate-man.sh                  |   32 +-
- scripts/docs/generate-md.sh                   |   23 +-
- scripts/docs/generate-yaml.sh                 |   28 +-
+ scripts/docs/generate-man.sh                  |   35 +-
+ scripts/docs/generate-md.sh                   |   28 +-
+ scripts/docs/generate-yaml.sh                 |   31 +-
 vendor.mod                                    |    4 +
 vendor.sum                                    |    4 +
 .../cpuguy83/go-md2man/v2/.gitignore          |    2 +
@ -89,7 +89,7 @@ Signed-off-by: Aleksa Sarai <asarai@suse.de>
 vendor/gopkg.in/yaml.v3/yamlh.go              |  807 +++++
 vendor/gopkg.in/yaml.v3/yamlprivateh.go       |  198 ++
 vendor/modules.txt                            |   15 +
- 71 files changed, 22956 insertions(+), 119 deletions(-)
+ 71 files changed, 22969 insertions(+), 117 deletions(-)
 delete mode 100644 docs/generate/go.mod
 delete mode 100644 docs/generate/tools.go
 create mode 100644 import.go
@ -251,10 +251,10 @@ index 3cafe6533aff..000000000000
 -	_ "github.com/spf13/pflag"
 -)
 diff --git a/scripts/docs/generate-man.sh b/scripts/docs/generate-man.sh
-index 6afed3fa8708..128828f50342 100755
+index 6afed3fa8708..6abac3b1d28e 100755
 --- a/scripts/docs/generate-man.sh
 +++ b/scripts/docs/generate-man.sh
-@@ -1,35 +1,13 @@
+@@ -1,35 +1,18 @@
 #!/usr/bin/env bash
 
 -set -eu
@ -270,7 +270,11 @@ index 6afed3fa8708..128828f50342 100755
 -
 -buildir=$(mktemp -d -t docker-cli-docsgen.XXXXXXXXXX)
 -trap clean EXIT
-
+# temporary "go.mod" to make -modfile= work
+touch go.mod
+# shellcheck disable=SC2064
+trap "rm -f $(pwd)/go.mod" EXIT
+ 
 -(
 -  set -x
 -  cp -r . "$buildir/"
@ -296,10 +300,10 @@ index 6afed3fa8708..128828f50342 100755
 mkdir -p man/man1
 (set -x ; /tmp/gen-manpages --root "." --target "$(pwd)/man/man1")
 diff --git a/scripts/docs/generate-md.sh b/scripts/docs/generate-md.sh
-index a947bb969673..327a06aa4c24 100755
+index a947bb969673..0e4e231e5c8e 100755
 --- a/scripts/docs/generate-md.sh
 +++ b/scripts/docs/generate-md.sh
-@@ -1,36 +1,19 @@
+@@ -1,36 +1,24 @@
 #!/usr/bin/env bash
 
 -set -eu
@ -334,16 +338,21 @@ index a947bb969673..327a06aa4c24 100755
 -  # build docsgen
 -  go build -mod=vendor -modfile=vendor.mod -tags docsgen -o /tmp/docsgen ./docs/generate/generate.go
 -)
+# temporary "go.mod" to make -modfile= work
+touch go.mod
+# shellcheck disable=SC2064
+trap "rm -f $(pwd)/go.mod" EXIT
+
 +# build docsgen
 +go build -mod=vendor -modfile=vendor.mod -tags docsgen -o /tmp/docsgen ./docs/generate/generate.go
 
 # yaml generation on docs repo needs the cli.md file: https://github.com/docker/cli/pull/3924#discussion_r1059986605
 # but markdown generation docker.md atm. While waiting for a fix in cli-docs-tool
 diff --git a/scripts/docs/generate-yaml.sh b/scripts/docs/generate-yaml.sh
-index 4d0006e43e79..3f3f7df8b140 100755
+index 4d0006e43e79..abebc183d49c 100755
 --- a/scripts/docs/generate-yaml.sh
 +++ b/scripts/docs/generate-yaml.sh
-@@ -1,33 +1,11 @@
+@@ -1,33 +1,16 @@
 #!/usr/bin/env bash
 
 -set -eu
@ -359,7 +368,11 @@ index 4d0006e43e79..3f3f7df8b140 100755
 -
 -buildir=$(mktemp -d -t docker-cli-docsgen.XXXXXXXXXX)
 -trap clean EXIT
-
+# temporary "go.mod" to make -modfile= work
+touch go.mod
+# shellcheck disable=SC2064
+trap "rm -f $(pwd)/go.mod" EXIT
+ 
 -(
 -  set -x
 -  cp -r . "$buildir/"
@ -381,7 +394,7 @@ index 4d0006e43e79..3f3f7df8b140 100755
 mkdir -p docs/yaml
 set -x
 diff --git a/vendor.mod b/vendor.mod
-index da1d033bff0b..61034043c05e 100644
+index eed166a6de6b..993aca7af845 100644
 --- a/vendor.mod
 +++ b/vendor.mod
@@ -8,7 +8,9 @@ go 1.18
@ -392,7 +405,7 @@ index da1d033bff0b..61034043c05e 100644
 	github.com/creack/pty v1.1.11
 +	github.com/docker/cli-docs-tool v0.5.1
 	github.com/docker/distribution v2.8.1+incompatible
- 	github.com/docker/docker v23.0.4+incompatible
+ 	github.com/docker/docker v23.0.5+incompatible
 	github.com/docker/docker-credential-helpers v0.7.0
@@ -67,6 +69,7 @@ require (
 	github.com/prometheus/common v0.37.0 // indirect
@ -409,7 +422,7 @@ index da1d033bff0b..61034043c05e 100644
 +	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
 diff --git a/vendor.sum b/vendor.sum
-index 91aae7c1487c..ad0005735231 100644
+index 6edc40179f41..c5e8b1e9ea76 100644
 --- a/vendor.sum
 +++ b/vendor.sum
@@ -89,6 +89,7 @@ github.com/containerd/containerd v1.6.19/go.mod h1:HZCDMn4v/Xl2579/MvtOC2M206i+J
@ -23703,7 +23716,7 @@ index 000000000000..e88f9c54aecb
 +
 +}
 diff --git a/vendor/modules.txt b/vendor/modules.txt
-index 520bc4ca95e0..e744937180df 100644
+index 807b468777dc..0d69cb4dbed5 100644
 --- a/vendor/modules.txt
 +++ b/vendor/modules.txt
@@ -18,9 +18,17 @@ github.com/containerd/containerd/errdefs
@ -23752,5 +23765,5 @@ index 520bc4ca95e0..e744937180df 100644
 ## explicit; go 1.13
 gotest.tools/v3/assert
 -- 
-2.40.0
+2.40.1

--- a/docker-23.0.5_ce_94d3ad69cc59.tar.xz
+++ b/docker-23.0.5_ce_94d3ad69cc59.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:84d3a48cfbeeece15ad367eb03834a97b0c57d195d889e5191c138cd6e06579a
-size 8262024
--- a/docker-23.0.6_ce_9dbdbd4b6d76.tar.xz
+++ b/docker-23.0.6_ce_9dbdbd4b6d76.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d8494e1f37d2ebed2a41b347351d04c7d62d85d3fc99bbe3a82ba801ede376bf
+size 8263188
--- a/docker-cli-23.0.5_ce.tar.xz
+++ b/docker-cli-23.0.5_ce.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:b93219b6b5c781031c1ed35fb3174c59e3572e3437218ca3646361259acb77e8
-size 3498104
--- a/docker-cli-23.0.6_ce.tar.xz
+++ b/docker-cli-23.0.6_ce.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3ec1ca7d82f44abfe53424d1afd9ab4d81289108041e160984c46ef7171dd18f
+size 3498076
--- a/docker.changes
+++ b/docker.changes
@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Sun May 21 02:31:35 UTC 2023 - Aleksa Sarai <asarai@suse.com>
+
+- Update to Docker 23.0.6-ce. See upstream changelog online at
+  <https://docs.docker.com/engine/release-notes/23.0/#2306>. bsc#1211578
+- Rebase patches:
+  * cli-0001-docs-include-required-tools-in-source-tree.patch
+- Re-unify packaging for SLE-12 and SLE-15.
+- Add patch to fix build on SLE-12 by switching back to libbtrfs-devel headers
+  (the uapi headers in SLE-12 are too old).
+  + 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
+- Re-numbered patches:
+  - 0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
+  + 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch`
+
 -------------------------------------------------------------------
 Thu Apr 27 14:09:05 UTC 2023 - Aleksa Sarai <asarai@suse.com>

--- a/docker.spec
+++ b/docker.spec
@ -31,9 +31,9 @@
 # helpfully injects into our build environment from the changelog). If you want
 # to generate a new git_commit_epoch, use this:
 #  $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s'
-%define real_version 23.0.5
-%define git_version 94d3ad69cc59
-%define git_commit_epoch 1682522945
+%define real_version 23.0.6
+%define git_version 9dbdbd4b6d76
+%define git_commit_epoch 1683319810

 Name:           docker
 Version:        %{real_version}_ce
@ -57,15 +57,16 @@ Source104:      docker-audit.rules
 Source105:      docker-daemon.json
 Source106:      docker.sysusers
 # NOTE: All of these patches are maintained in <https://github.com/suse/docker>
-#       in the suse-<version> branch. Make sure you update the patches in that
+#       in the suse-v<version> branch. Make sure you update the patches in that
 #       branch and then git-format-patch the patch here.
 # SUSE-FEATURE: Adds the /run/secrets mountpoint inside all Docker containers
 #               which is not snapshotted when images are committed.
 Patch100:       0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
 Patch101:       0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
-# SUSE-FEATURE: Add support to mirror unofficial/private registries
-#               <https://github.com/docker/docker/pull/34319>.
-Patch300:       0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
+# UPSTREAM: Revert of upstream patch to keep SLE-12 build working.
+Patch200:       0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
+# UPSTREAM: Backport of <https://github.com/moby/moby/pull/41954>.
+Patch300:       0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
 # UPSTREAM: Backport of <https://github.com/docker/cli/pull/4228>.
 Patch900:       cli-0001-docs-include-required-tools-in-source-tree.patch
 BuildRequires:  audit
@ -77,6 +78,7 @@ BuildRequires:  libapparmor-devel
 BuildRequires:  libbtrfs-devel >= 3.8
 BuildRequires:  libseccomp-devel >= 2.2
 BuildRequires:  libtool
+BuildRequires:  linux-glibc-devel
 BuildRequires:  procps
 BuildRequires:  sqlite3-devel
 BuildRequires:  zsh
@ -85,7 +87,19 @@ BuildRequires:  go-go-md2man
 BuildRequires:  pkgconfig(libsystemd)
 BuildRequires:  sysuser-tools
 BuildRequires:  golang(API) = 1.19
+%if 0%{?sle_version} >= 150000
+# This conditional only works on rpm>=4.13, which SLE 12 doesn't have. But we
+# don't need to support Docker+selinux for SLE 12 anyway.
 Requires:       (apparmor-parser or container-selinux)
+# This recommends is added to make sure that even if you have container-selinux
+# installed you will still be prompted to install apparmor-parser which Docker
+# requires to apply AppArmor profiles (for SELinux systems this doesn't matter
+# but if you switch back to AppArmor on reboot this would result in insecure
+# containers).
+Recommends:     apparmor-parser
+%else
+Requires:       apparmor-parser
+%endif
 Requires:       ca-certificates-mozilla
 # The docker-proxy binary used to be in a separate package. We obsolete it,
 # since now docker-proxy is maintained as part of this package.
@ -93,8 +107,8 @@ Obsoletes:      docker-libnetwork < 0.7.0.2
 Provides:       docker-libnetwork = 0.7.0.2.%{version}
 # Required to actually run containers. We require the minimum version that is
 # pinned by Docker, but in order to avoid headaches we allow for updates.
-Requires:       runc >= 1.1.5
-Requires:       containerd >= 1.6.20
+Requires:       runc >= 1.1.7
+Requires:       containerd >= 1.6.21
 # Needed for --init support. We don't use "tini", we use our own implementation
 # which handles edge-cases better.
 Requires:       catatonit
@ -109,12 +123,6 @@ Requires:       xz >= 4.9
 Requires(post): %fillup_prereq
 Requires(post): udev
 Requires(post): shadow
-# This recommends is added to make sure that even if you have container-selinux
-# installed you will still be prompted to install apparmor-parser which Docker
-# requires to apply AppArmor profiles (for SELinux systems this doesn't matter
-# but if you switch back to AppArmor on reboot this would result in insecure
-# containers).
-Recommends:     apparmor-parser
 # Not necessary, but must be installed when the underlying system is
 # configured to use lvm and the user doesn't explicitly provide a
 # different storage-driver than devicemapper
@ -184,12 +192,15 @@ cp %{SOURCE103} .
 %patch100 -p1
 %patch101 -p1
 %endif
+%if 0%{?sle_version} == 120000
+# Patches to build on SLE-12.
+%patch200 -p1
+%endif
 # bsc#1099277
 %patch300 -p1

 %build
 %sysusers_generate_pre %{SOURCE106} %{name} %{name}.conf
-echo "$PWD -- $PWD -- $PWD"

 BUILDTAGS="exclude_graphdriver_aufs apparmor selinux seccomp pkcs11"
 %if 0%{?sle_version} == 120000