Accepting request 1088253 from home:cyphar:docker

- Update to Docker 23.0.6-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/23.0/#2306>. bsc#1211578
- Rebase patches:
  * cli-0001-docs-include-required-tools-in-source-tree.patch
- Re-unify packaging for SLE-12 and SLE-15.
- Add patch to fix build on SLE-12 by switching back to libbtrfs-devel headers
  (the uapi headers in SLE-12 are too old).
  + 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
- Re-numbered patches:
  - 0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  + 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch`

OBS-URL: https://build.opensuse.org/request/show/1088253
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=386
This commit is contained in:
Aleksa Sarai 2023-05-22 06:23:47 +00:00 committed by Git OBS Bridge
parent 8bf4339d22
commit 3a683e6a82
12 changed files with 138 additions and 53 deletions

View File

@ -1,7 +1,7 @@
From 5c6812a104e161599fc8569d0b4af04224ef3b5a Mon Sep 17 00:00:00 2001
From e4410ba60f96f1d57d088208eaedd12c0fca6b80 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Wed, 8 Mar 2017 12:41:54 +1100
Subject: [PATCH 1/3] SECRETS: daemon: allow directory creation in /run/secrets
Subject: [PATCH 1/4] SECRETS: daemon: allow directory creation in /run/secrets
Since FileMode can have the directory bit set, allow a SecretStore
implementation to return secrets that are actually directories. This is
@ -69,5 +69,5 @@ index 561077b66b60..0b70825dd2ff 100644
return errors.Wrap(err, "error setting ownership for secret")
}
--
2.40.0
2.40.1

View File

@ -1,7 +1,7 @@
From 4138c02a19fbd3d3ff50f0b364bf4b99adc47298 Mon Sep 17 00:00:00 2001
From 3b56cce3fab96f60ef8dcb40fe143159c519e97a Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Wed, 8 Mar 2017 11:43:29 +1100
Subject: [PATCH 2/3] SECRETS: SUSE: implement SUSE container secrets
Subject: [PATCH 2/4] SECRETS: SUSE: implement SUSE container secrets
This allows for us to pass in host credentials to a container, allowing
for SUSEConnect to work with containers.
@ -456,5 +456,5 @@ index 000000000000..32b0ece91b59
+ return nil
+}
--
2.40.0
2.40.1

View File

@ -0,0 +1,46 @@
From a5bb4ed6a9dd6f3e859524bcc44a822fdeb779fc Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Mon, 22 May 2023 15:44:54 +1000
Subject: [PATCH 3/4] BUILD: SLE12: revert "graphdriver/btrfs: use kernel UAPI
headers"
This reverts commit 3208dcabdc8997340b255f5b880fef4e3f54580d.
On SLE 12, our UAPI headers are too old, resulting in us being unable to
build the btrfs driver with the new headers. This patch is only needed
for SLE-12.
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
---
daemon/graphdriver/btrfs/btrfs.go | 13 ++++---------
1 file changed, 4 insertions(+), 9 deletions(-)
diff --git a/daemon/graphdriver/btrfs/btrfs.go b/daemon/graphdriver/btrfs/btrfs.go
index 7f82594b4ebd..532c19a8a15c 100644
--- a/daemon/graphdriver/btrfs/btrfs.go
+++ b/daemon/graphdriver/btrfs/btrfs.go
@@ -5,17 +5,12 @@ package btrfs // import "github.com/docker/docker/daemon/graphdriver/btrfs"
/*
#include <stdlib.h>
-#include <stdio.h>
#include <dirent.h>
-#include <linux/version.h>
-#if LINUX_VERSION_CODE < KERNEL_VERSION(4,12,0)
- #error "Headers from kernel >= 4.12 are required to build with Btrfs support."
- #error "HINT: Set 'DOCKER_BUILDTAGS=exclude_graphdriver_btrfs' to build without Btrfs."
-#endif
-
-#include <linux/btrfs.h>
-#include <linux/btrfs_tree.h>
+// keep struct field name compatible with btrfs-progs < 6.1.
+#define max_referenced max_rfer
+#include <btrfs/ioctl.h>
+#include <btrfs/ctree.h>
static void set_name_btrfs_ioctl_vol_args_v2(struct btrfs_ioctl_vol_args_v2* btrfs_struct, const char* value) {
snprintf(btrfs_struct->name, BTRFS_SUBVOL_NAME_MAX, "%s", value);
--
2.40.1

View File

@ -1,7 +1,7 @@
From 3e37bbad6f0a0c2576ad0b9dfe7a4a9290aa2aa0 Mon Sep 17 00:00:00 2001
From 81648019f140e161dd723774ce206d40fb697ba3 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Fri, 29 Jun 2018 17:59:30 +1000
Subject: [PATCH 3/3] bsc1073877: apparmor: clobber docker-default profile on
Subject: [PATCH 4/4] bsc1073877: apparmor: clobber docker-default profile on
start
In the process of making docker-default reloading far less expensive,
@ -85,5 +85,5 @@ index 40abbe8cc19c..05c6db818c30 100644
}
--
2.40.0
2.40.1

View File

@ -3,16 +3,16 @@
<param name="url">https://github.com/moby/moby.git</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
<param name="versionformat">23.0.5_ce_%h</param>
<param name="revision">v23.0.5</param>
<param name="versionformat">23.0.6_ce_%h</param>
<param name="revision">v23.0.6</param>
<param name="filename">docker</param>
</service>
<service name="tar_scm" mode="disabled">
<param name="url">https://github.com/docker/cli.git</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
<param name="versionformat">23.0.5_ce</param>
<param name="revision">v23.0.5</param>
<param name="versionformat">23.0.6_ce</param>
<param name="revision">v23.0.6</param>
<param name="filename">docker-cli</param>
</service>
<service name="recompress" mode="disabled">

View File

@ -1,4 +1,4 @@
From 0c35d956eb289bd6186e2865a779d2615c471b94 Mon Sep 17 00:00:00 2001
From f571ed4f350621b20280e74bf663535533246511 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Wed, 26 Apr 2023 10:13:48 +1000
Subject: [PATCH] docs: include required tools in source tree
@ -23,9 +23,9 @@ Signed-off-by: Aleksa Sarai <asarai@suse.de>
import.go | 17 +
man/go.mod | 15 -
man/tools.go | 11 -
scripts/docs/generate-man.sh | 32 +-
scripts/docs/generate-md.sh | 23 +-
scripts/docs/generate-yaml.sh | 28 +-
scripts/docs/generate-man.sh | 35 +-
scripts/docs/generate-md.sh | 28 +-
scripts/docs/generate-yaml.sh | 31 +-
vendor.mod | 4 +
vendor.sum | 4 +
.../cpuguy83/go-md2man/v2/.gitignore | 2 +
@ -89,7 +89,7 @@ Signed-off-by: Aleksa Sarai <asarai@suse.de>
vendor/gopkg.in/yaml.v3/yamlh.go | 807 +++++
vendor/gopkg.in/yaml.v3/yamlprivateh.go | 198 ++
vendor/modules.txt | 15 +
71 files changed, 22956 insertions(+), 119 deletions(-)
71 files changed, 22969 insertions(+), 117 deletions(-)
delete mode 100644 docs/generate/go.mod
delete mode 100644 docs/generate/tools.go
create mode 100644 import.go
@ -251,10 +251,10 @@ index 3cafe6533aff..000000000000
- _ "github.com/spf13/pflag"
-)
diff --git a/scripts/docs/generate-man.sh b/scripts/docs/generate-man.sh
index 6afed3fa8708..128828f50342 100755
index 6afed3fa8708..6abac3b1d28e 100755
--- a/scripts/docs/generate-man.sh
+++ b/scripts/docs/generate-man.sh
@@ -1,35 +1,13 @@
@@ -1,35 +1,18 @@
#!/usr/bin/env bash
-set -eu
@ -270,7 +270,11 @@ index 6afed3fa8708..128828f50342 100755
-
-buildir=$(mktemp -d -t docker-cli-docsgen.XXXXXXXXXX)
-trap clean EXIT
-
+# temporary "go.mod" to make -modfile= work
+touch go.mod
+# shellcheck disable=SC2064
+trap "rm -f $(pwd)/go.mod" EXIT
-(
- set -x
- cp -r . "$buildir/"
@ -296,10 +300,10 @@ index 6afed3fa8708..128828f50342 100755
mkdir -p man/man1
(set -x ; /tmp/gen-manpages --root "." --target "$(pwd)/man/man1")
diff --git a/scripts/docs/generate-md.sh b/scripts/docs/generate-md.sh
index a947bb969673..327a06aa4c24 100755
index a947bb969673..0e4e231e5c8e 100755
--- a/scripts/docs/generate-md.sh
+++ b/scripts/docs/generate-md.sh
@@ -1,36 +1,19 @@
@@ -1,36 +1,24 @@
#!/usr/bin/env bash
-set -eu
@ -334,16 +338,21 @@ index a947bb969673..327a06aa4c24 100755
- # build docsgen
- go build -mod=vendor -modfile=vendor.mod -tags docsgen -o /tmp/docsgen ./docs/generate/generate.go
-)
+# temporary "go.mod" to make -modfile= work
+touch go.mod
+# shellcheck disable=SC2064
+trap "rm -f $(pwd)/go.mod" EXIT
+
+# build docsgen
+go build -mod=vendor -modfile=vendor.mod -tags docsgen -o /tmp/docsgen ./docs/generate/generate.go
# yaml generation on docs repo needs the cli.md file: https://github.com/docker/cli/pull/3924#discussion_r1059986605
# but markdown generation docker.md atm. While waiting for a fix in cli-docs-tool
diff --git a/scripts/docs/generate-yaml.sh b/scripts/docs/generate-yaml.sh
index 4d0006e43e79..3f3f7df8b140 100755
index 4d0006e43e79..abebc183d49c 100755
--- a/scripts/docs/generate-yaml.sh
+++ b/scripts/docs/generate-yaml.sh
@@ -1,33 +1,11 @@
@@ -1,33 +1,16 @@
#!/usr/bin/env bash
-set -eu
@ -359,7 +368,11 @@ index 4d0006e43e79..3f3f7df8b140 100755
-
-buildir=$(mktemp -d -t docker-cli-docsgen.XXXXXXXXXX)
-trap clean EXIT
-
+# temporary "go.mod" to make -modfile= work
+touch go.mod
+# shellcheck disable=SC2064
+trap "rm -f $(pwd)/go.mod" EXIT
-(
- set -x
- cp -r . "$buildir/"
@ -381,7 +394,7 @@ index 4d0006e43e79..3f3f7df8b140 100755
mkdir -p docs/yaml
set -x
diff --git a/vendor.mod b/vendor.mod
index da1d033bff0b..61034043c05e 100644
index eed166a6de6b..993aca7af845 100644
--- a/vendor.mod
+++ b/vendor.mod
@@ -8,7 +8,9 @@ go 1.18
@ -392,7 +405,7 @@ index da1d033bff0b..61034043c05e 100644
github.com/creack/pty v1.1.11
+ github.com/docker/cli-docs-tool v0.5.1
github.com/docker/distribution v2.8.1+incompatible
github.com/docker/docker v23.0.4+incompatible
github.com/docker/docker v23.0.5+incompatible
github.com/docker/docker-credential-helpers v0.7.0
@@ -67,6 +69,7 @@ require (
github.com/prometheus/common v0.37.0 // indirect
@ -409,7 +422,7 @@ index da1d033bff0b..61034043c05e 100644
+ gopkg.in/yaml.v3 v3.0.1 // indirect
)
diff --git a/vendor.sum b/vendor.sum
index 91aae7c1487c..ad0005735231 100644
index 6edc40179f41..c5e8b1e9ea76 100644
--- a/vendor.sum
+++ b/vendor.sum
@@ -89,6 +89,7 @@ github.com/containerd/containerd v1.6.19/go.mod h1:HZCDMn4v/Xl2579/MvtOC2M206i+J
@ -23703,7 +23716,7 @@ index 000000000000..e88f9c54aecb
+
+}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 520bc4ca95e0..e744937180df 100644
index 807b468777dc..0d69cb4dbed5 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -18,9 +18,17 @@ github.com/containerd/containerd/errdefs
@ -23752,5 +23765,5 @@ index 520bc4ca95e0..e744937180df 100644
## explicit; go 1.13
gotest.tools/v3/assert
--
2.40.0
2.40.1

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:84d3a48cfbeeece15ad367eb03834a97b0c57d195d889e5191c138cd6e06579a
size 8262024

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d8494e1f37d2ebed2a41b347351d04c7d62d85d3fc99bbe3a82ba801ede376bf
size 8263188

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b93219b6b5c781031c1ed35fb3174c59e3572e3437218ca3646361259acb77e8
size 3498104

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:3ec1ca7d82f44abfe53424d1afd9ab4d81289108041e160984c46ef7171dd18f
size 3498076

View File

@ -1,3 +1,18 @@
-------------------------------------------------------------------
Sun May 21 02:31:35 UTC 2023 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 23.0.6-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/23.0/#2306>. bsc#1211578
- Rebase patches:
* cli-0001-docs-include-required-tools-in-source-tree.patch
- Re-unify packaging for SLE-12 and SLE-15.
- Add patch to fix build on SLE-12 by switching back to libbtrfs-devel headers
(the uapi headers in SLE-12 are too old).
+ 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
- Re-numbered patches:
- 0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
+ 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch`
-------------------------------------------------------------------
Thu Apr 27 14:09:05 UTC 2023 - Aleksa Sarai <asarai@suse.com>

View File

@ -31,9 +31,9 @@
# helpfully injects into our build environment from the changelog). If you want
# to generate a new git_commit_epoch, use this:
# $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s'
%define real_version 23.0.5
%define git_version 94d3ad69cc59
%define git_commit_epoch 1682522945
%define real_version 23.0.6
%define git_version 9dbdbd4b6d76
%define git_commit_epoch 1683319810
Name: docker
Version: %{real_version}_ce
@ -57,15 +57,16 @@ Source104: docker-audit.rules
Source105: docker-daemon.json
Source106: docker.sysusers
# NOTE: All of these patches are maintained in <https://github.com/suse/docker>
# in the suse-<version> branch. Make sure you update the patches in that
# in the suse-v<version> branch. Make sure you update the patches in that
# branch and then git-format-patch the patch here.
# SUSE-FEATURE: Adds the /run/secrets mountpoint inside all Docker containers
# which is not snapshotted when images are committed.
Patch100: 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
Patch101: 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
# SUSE-FEATURE: Add support to mirror unofficial/private registries
# <https://github.com/docker/docker/pull/34319>.
Patch300: 0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
# UPSTREAM: Revert of upstream patch to keep SLE-12 build working.
Patch200: 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
# UPSTREAM: Backport of <https://github.com/moby/moby/pull/41954>.
Patch300: 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
# UPSTREAM: Backport of <https://github.com/docker/cli/pull/4228>.
Patch900: cli-0001-docs-include-required-tools-in-source-tree.patch
BuildRequires: audit
@ -77,6 +78,7 @@ BuildRequires: libapparmor-devel
BuildRequires: libbtrfs-devel >= 3.8
BuildRequires: libseccomp-devel >= 2.2
BuildRequires: libtool
BuildRequires: linux-glibc-devel
BuildRequires: procps
BuildRequires: sqlite3-devel
BuildRequires: zsh
@ -85,7 +87,19 @@ BuildRequires: go-go-md2man
BuildRequires: pkgconfig(libsystemd)
BuildRequires: sysuser-tools
BuildRequires: golang(API) = 1.19
%if 0%{?sle_version} >= 150000
# This conditional only works on rpm>=4.13, which SLE 12 doesn't have. But we
# don't need to support Docker+selinux for SLE 12 anyway.
Requires: (apparmor-parser or container-selinux)
# This recommends is added to make sure that even if you have container-selinux
# installed you will still be prompted to install apparmor-parser which Docker
# requires to apply AppArmor profiles (for SELinux systems this doesn't matter
# but if you switch back to AppArmor on reboot this would result in insecure
# containers).
Recommends: apparmor-parser
%else
Requires: apparmor-parser
%endif
Requires: ca-certificates-mozilla
# The docker-proxy binary used to be in a separate package. We obsolete it,
# since now docker-proxy is maintained as part of this package.
@ -93,8 +107,8 @@ Obsoletes: docker-libnetwork < 0.7.0.2
Provides: docker-libnetwork = 0.7.0.2.%{version}
# Required to actually run containers. We require the minimum version that is
# pinned by Docker, but in order to avoid headaches we allow for updates.
Requires: runc >= 1.1.5
Requires: containerd >= 1.6.20
Requires: runc >= 1.1.7
Requires: containerd >= 1.6.21
# Needed for --init support. We don't use "tini", we use our own implementation
# which handles edge-cases better.
Requires: catatonit
@ -109,12 +123,6 @@ Requires: xz >= 4.9
Requires(post): %fillup_prereq
Requires(post): udev
Requires(post): shadow
# This recommends is added to make sure that even if you have container-selinux
# installed you will still be prompted to install apparmor-parser which Docker
# requires to apply AppArmor profiles (for SELinux systems this doesn't matter
# but if you switch back to AppArmor on reboot this would result in insecure
# containers).
Recommends: apparmor-parser
# Not necessary, but must be installed when the underlying system is
# configured to use lvm and the user doesn't explicitly provide a
# different storage-driver than devicemapper
@ -184,12 +192,15 @@ cp %{SOURCE103} .
%patch100 -p1
%patch101 -p1
%endif
%if 0%{?sle_version} == 120000
# Patches to build on SLE-12.
%patch200 -p1
%endif
# bsc#1099277
%patch300 -p1
%build
%sysusers_generate_pre %{SOURCE106} %{name} %{name}.conf
echo "$PWD -- $PWD -- $PWD"
BUILDTAGS="exclude_graphdriver_aufs apparmor selinux seccomp pkcs11"
%if 0%{?sle_version} == 120000