From 3d7280619a5dda24cd22ed579626688d1928ca30d8ce63330ea030f66c2cc58c Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Mon, 19 Dec 2016 14:01:37 +0000 Subject: [PATCH 1/4] OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=158 --- _service | 4 ++-- docker-1.12.3.tar.xz | 3 --- docker-1.12.5.tar.xz | 3 +++ docker.changes | 6 ++++++ docker.spec | 8 ++++---- 5 files changed, 15 insertions(+), 9 deletions(-) delete mode 100644 docker-1.12.3.tar.xz create mode 100644 docker-1.12.5.tar.xz diff --git a/_service b/_service index a77e903..0948918 100644 --- a/_service +++ b/_service @@ -3,8 +3,8 @@ https://github.com/docker/docker.git git .git - 1.12.3 - v1.12.3 + 1.12.5 + v1.12.5 docker-*.tar diff --git a/docker-1.12.3.tar.xz b/docker-1.12.3.tar.xz deleted file mode 100644 index 1057cd2..0000000 --- a/docker-1.12.3.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:096dec850ed5124d9b822eb0dc84291a5ecbd5641ae6295eb228850d8b7805ba -size 11188896 diff --git a/docker-1.12.5.tar.xz b/docker-1.12.5.tar.xz new file mode 100644 index 0000000..a16d2d6 --- /dev/null +++ b/docker-1.12.5.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:23c2068ecc2a8a283338143c76ffaf6987a93df767f7f6b6927f73310915485d +size 11190552 diff --git a/docker.changes b/docker.changes index 6db99c0..e87ed89 100644 --- a/docker.changes +++ b/docker.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Dec 19 12:41:13 UTC 2016 - jmassaguerpla@suse.com + +- update docker to 1.12.5 (bsc#1016307). + This fixes bsc#1015661 + ------------------------------------------------------------------- Mon Dec 5 14:52:02 UTC 2016 - jmassaguerpla@suse.com diff --git a/docker.spec b/docker.spec index f157e07..56b04cd 100644 --- a/docker.spec +++ b/docker.spec @@ -36,7 +36,7 @@ %global docker_migration_warnfile %{docker_store}/docker-update-message.txt %define docker_graph %{docker_store}/graph %define git_version 8eab29e -%define version_unconverted 1.12.3 +%define version_unconverted 1.12.5 %define docker_version 1.12.1 %define __arch_install_post export NO_BRP_STRIP_DEBUG=true # When upgrading to a new version requires the service not to be restarted @@ -45,7 +45,7 @@ # 1.10.1 %global last_migration_version 1.10.1 Name: docker -Version: 1.12.3 +Version: 1.12.5 Release: 0 Summary: The Linux container runtime License: Apache-2.0 @@ -87,8 +87,8 @@ Requires: ca-certificates-mozilla # execdrivers of Docker. NOTE: The version pinning here matches upstream's # Dockerfile to ensure that we don't use a slightly incompatible version of # runC or containerd (which would be bad). -Requires: containerd = 0.2.4+gitr565_0366d7e -Requires: runc = 0.1.1+gitr2816_02f8fa7 +Requires: containerd = 0.2.5+gitr569_2a5e70c +Requires: runc = 0.1.1+gitr2818_f59ba3cdd76f # Provides mkfs.ext4 - used by Docker when devicemapper storage driver is used Requires: e2fsprogs Requires: git-core >= 1.7 From e7c95c3802934f3a1c9a16e5f72a7361175a1e11d025bedf4c11e1282a432a48 Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Date: Wed, 21 Dec 2016 09:44:20 +0000 Subject: [PATCH 2/4] Accepting request 447279 from home:cyphar:containers Remove socket activation from Docker, to match upstream. OBS-URL: https://build.opensuse.org/request/show/447279 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=159 --- docker.changes | 17 +++++++++++++---- docker.service | 19 +++++++------------ docker.socket | 12 ------------ docker.spec | 16 ++++------------ docker_systemd_lt_214.socket | 12 ------------ 5 files changed, 24 insertions(+), 52 deletions(-) delete mode 100644 docker.socket delete mode 100644 docker_systemd_lt_214.socket diff --git a/docker.changes b/docker.changes index e87ed89..95f053f 100644 --- a/docker.changes +++ b/docker.changes @@ -1,13 +1,22 @@ +------------------------------------------------------------------- +Tue Dec 20 05:08:54 UTC 2016 - asarai@suse.com + +- Remove old flags from dockerd's command-line, to be more inline with + upstream (now that docker-runc is provided by the runc package). -H is + dropped because upstream dropped it due to concerns with socket + activation. +- Remove socket activation entirely. + ------------------------------------------------------------------- Mon Dec 19 12:41:13 UTC 2016 - jmassaguerpla@suse.com - update docker to 1.12.5 (bsc#1016307). - This fixes bsc#1015661 + This fixes bsc#1015661 ------------------------------------------------------------------- Mon Dec 5 14:52:02 UTC 2016 - jmassaguerpla@suse.com -- fix bash-completion +- fix bash-completion ------------------------------------------------------------------- Tue Nov 29 21:57:08 UTC 2016 - jimmy@boombatower.com @@ -18,7 +27,7 @@ Tue Nov 29 21:57:08 UTC 2016 - jimmy@boombatower.com Thu Nov 24 16:09:52 UTC 2016 - jmassaguerpla@suse.com - fix runc and containerd revisions - fix bsc#1009961 + fix bsc#1009961 ------------------------------------------------------------------- Thu Oct 27 11:13:56 UTC 2016 - jmassaguerpla@suse.com @@ -33,7 +42,7 @@ Thu Oct 13 11:15:17 UTC 2016 - jmassaguerpla@suse.com - update docker to 1.12.2 (bsc#1004490). See changelog -https://github.com/docker/docker/blob/v1.12.2/CHANGELOG.md +https://github.com/docker/docker/blob/v1.12.2/CHANGELOG.md - update docker-mount-secrets.patch to 1.12.2 code diff --git a/docker.service b/docker.service index 352933c..71846cc 100644 --- a/docker.service +++ b/docker.service @@ -1,21 +1,16 @@ [Unit] Description=Docker Application Container Engine Documentation=http://docs.docker.com -After=network.target docker.socket containerd.socket -Requires=docker.socket containerd.socket +After=network.target containerd.socket +Requires=containerd.socket [Service] EnvironmentFile=/etc/sysconfig/docker -# Quick rundown of options, so we can keep track of them. Upstream's -# service file only contains -H. -# -# * -H tells Docker that it's running as a socket-activated service. -# * --containerd tells Docker to not manage the running of containerd. -# * --add-runtime and --default-runtime tell Docker to not try to use -# its "bundled" runC version (which is not shipped by us) but rather use -# the runC version provided as by the runc package. -ExecStart=/usr/bin/dockerd -H fd:// --containerd /run/containerd/containerd.sock --add-runtime oci=/usr/sbin/runc --default-runtime oci $DOCKER_NETWORK_OPTIONS $DOCKER_OPTS +# While Docker has support for socket activation (-H fd://), this is not +# enabled by default because enabling socket activation means that on boot your +# containers won't start until someone tries to administer the Docker daemon. +ExecStart=/usr/bin/dockerd $DOCKER_NETWORK_OPTIONS $DOCKER_OPTS ExecReload=/bin/kill -s HUP $MAINPID # Having non-zero Limit*s causes performance problems due to accounting overhead @@ -32,7 +27,7 @@ LimitCORE=infinity # Only systemd 218 and above support this property. #Delegate=yes -# Tis is not necessary because of how we set up containerd. +# This is not necessary because of how we set up containerd. #KillMode=process [Install] diff --git a/docker.socket b/docker.socket deleted file mode 100644 index bed29c5..0000000 --- a/docker.socket +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=Docker Socket for the API -PartOf=docker.service - -[Socket] -ListenStream=/var/run/docker.sock -SocketMode=0660 -SocketUser=root -SocketGroup=docker - -[Install] -WantedBy=sockets.target diff --git a/docker.spec b/docker.spec index 56b04cd..2c1f72c 100644 --- a/docker.spec +++ b/docker.spec @@ -37,7 +37,6 @@ %define docker_graph %{docker_store}/graph %define git_version 8eab29e %define version_unconverted 1.12.5 -%define docker_version 1.12.1 %define __arch_install_post export NO_BRP_STRIP_DEBUG=true # When upgrading to a new version requires the service not to be restarted # Due to a long migration process update last_migration_version to the new version @@ -105,11 +104,6 @@ Recommends: docker-image-migrator Conflicts: lxc < 1.0 BuildRoot: %{_tmppath}/%{name}-%{version}-build ExcludeArch: %ix86 s390 ppc -%if 0%{?suse_version} > 1320 -Source5: docker.socket -%else -Source5: docker_systemd_lt_214.socket -%endif %ifarch %{go_arches} BuildRequires: go >= 1.5 BuildRequires: go-go-md2man @@ -321,7 +315,6 @@ cp -av tests.main tests.sh %{buildroot}%{_prefix}/src/docker/hack/ # systemd service # install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service -install -D -m 0644 %{SOURCE5} %{buildroot}%{_unitdir}/%{name}.socket ln -sf service %{buildroot}%{_sbindir}/rcdocker # @@ -372,7 +365,7 @@ if [[ -d "%{docker_store}" && -n "$(find "%{docker_graph}" -maxdepth 1 -type d 2 fi getent group docker >/dev/null || groupadd -r docker -%service_add_pre %{name}.service %{name}.socket +%service_add_pre %{name}.service %post if [ -e %{docker_migration_testfile} ]; then @@ -382,18 +375,18 @@ else rm %{docker_migration_warnfile} fi fi -%service_add_post %{name}.service %{name}.socket +%service_add_post %{name}.service %{fillup_only -n docker} %preun -%service_del_preun %{name}.service %{name}.socket +%service_del_preun %{name}.service %postun if [ -e %{docker_migration_testfile} ]; then rm %{docker_migration_testfile} export DISABLE_RESTART_ON_UPDATE=yes fi -%service_del_postun %{name}.service %{name}.socket +%service_del_postun %{name}.service %files %defattr(-,root,root) @@ -404,7 +397,6 @@ fi %{_sbindir}/rcdocker %{_libexecdir}/docker/ %{_unitdir}/%{name}.service -%{_unitdir}/%{name}.socket %config %{_sysconfdir}/audit/rules.d/%{name}.rules %{_udevrulesdir}/80-%{name}.rules %{_localstatedir}/adm/fillup-templates/sysconfig.docker diff --git a/docker_systemd_lt_214.socket b/docker_systemd_lt_214.socket deleted file mode 100644 index 94b9e4d..0000000 --- a/docker_systemd_lt_214.socket +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=Docker Socket for the API -PartOf=docker.service - -[Socket] -ListenStream=/var/run/docker.sock -SocketMode=0660 -# A Socket(User|Group) replacement workaround for systemd <= 214 -ExecStartPost=/usr/bin/chown root:docker /var/run/docker.sock - -[Install] -WantedBy=sockets.target From be6bb16dbb520760bbe74c964102e702590c39c558bca1e0783ffb41ba07b7af Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Date: Wed, 21 Dec 2016 10:40:12 +0000 Subject: [PATCH 3/4] fix exec start in systemd. In the previous commit we removed the containerd option by mistake OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=160 --- docker.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker.service b/docker.service index 71846cc..dd081f2 100644 --- a/docker.service +++ b/docker.service @@ -10,7 +10,7 @@ EnvironmentFile=/etc/sysconfig/docker # While Docker has support for socket activation (-H fd://), this is not # enabled by default because enabling socket activation means that on boot your # containers won't start until someone tries to administer the Docker daemon. -ExecStart=/usr/bin/dockerd $DOCKER_NETWORK_OPTIONS $DOCKER_OPTS +ExecStart=/usr/bin/dockerd --containerd /run/containerd/containerd.sock $DOCKER_NETWORK_OPTIONS $DOCKER_OPTS ExecReload=/bin/kill -s HUP $MAINPID # Having non-zero Limit*s causes performance problems due to accounting overhead From d7c5e8e7f30abbac993d2df283a9bfddd8515d0ee1ffe59da1cbb1e6ca55acba Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 21 Dec 2016 14:28:32 +0000 Subject: [PATCH 4/4] Accepting request 447283 from home:jordimassaguerpla:branch:V:c:fix_ppc64le - remove netlink_gcc_go.patch after integration of PR https://github.com/golang/go/issues/11707 - new boltdb_bolt_add_brokenUnaligned.patch for ppc64 waiting for https://github.com/boltdb/bolt/pull/635 OBS-URL: https://build.opensuse.org/request/show/447283 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=161 --- boltdb_bolt_add_brokenUnaligned.patch | 27 +++++++++++++++ docker.changes | 8 +++++ docker.spec | 4 +-- netlink_gcc_go.patch | 48 --------------------------- 4 files changed, 37 insertions(+), 50 deletions(-) create mode 100644 boltdb_bolt_add_brokenUnaligned.patch delete mode 100644 netlink_gcc_go.patch diff --git a/boltdb_bolt_add_brokenUnaligned.patch b/boltdb_bolt_add_brokenUnaligned.patch new file mode 100644 index 0000000..af8df30 --- /dev/null +++ b/boltdb_bolt_add_brokenUnaligned.patch @@ -0,0 +1,27 @@ +From: Michel Normand +Subject: boltdb bolt add brokenUnaligned for ppc64 +Date: Tue, 20 Dec 2016 10:19:01 +0100 + +boltdb bolt add brokenUnaligned for ppc64 +as already done for bolt_ppc64le.go + +Correction already submitted upstream as +https://github.com/boltdb/bolt/pull/635 + +Signed-off-by: Michel Normand +--- + vendor/src/github.com/boltdb/bolt/bolt_ppc64.go | 3 +++ + 1 file changed, 3 insertions(+) + +Index: docker-1.12.3/vendor/src/github.com/boltdb/bolt/bolt_ppc64.go +=================================================================== +--- docker-1.12.3.orig/vendor/src/github.com/boltdb/bolt/bolt_ppc64.go ++++ docker-1.12.3/vendor/src/github.com/boltdb/bolt/bolt_ppc64.go +@@ -7,3 +7,6 @@ const maxMapSize = 0xFFFFFFFFFFFF // 256 + + // maxAllocSize is the size used when creating array pointers. + const maxAllocSize = 0x7FFFFFFF ++ ++// Are unaligned load/stores broken on this arch? ++var brokenUnaligned = false + diff --git a/docker.changes b/docker.changes index 95f053f..7551508 100644 --- a/docker.changes +++ b/docker.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Tue Dec 20 12:41:33 UTC 2016 - normand@linux.vnet.ibm.com + +- remove netlink_gcc_go.patch after integration of PR + https://github.com/golang/go/issues/11707 +- new boltdb_bolt_add_brokenUnaligned.patch for ppc64 + waiting for https://github.com/boltdb/bolt/pull/635 + ------------------------------------------------------------------- Tue Dec 20 05:08:54 UTC 2016 - asarai@suse.com diff --git a/docker.spec b/docker.spec index 2c1f72c..9904640 100644 --- a/docker.spec +++ b/docker.spec @@ -61,8 +61,8 @@ Source9: docker-update-message.txt Source10: tests.sh # Fixes for architecture-specific issues (gcc-go). Patch100: gcc-go-patches.patch -Patch101: netlink_gcc_go.patch Patch102: netlink_netns_powerpc.patch +Patch103: boltdb_bolt_add_brokenUnaligned.patch # SUSE-FEATURE: Adds the /run/secrets mountpoint inside all Docker containers # which is not snapshotted when images are committed. Note that if you modify # this patch, please also modify the patch in the suse-secrets-v @@ -174,8 +174,8 @@ Test package for docker. It contains the source code and the tests. %endif %ifnarch %{go_arches} %patch100 -p1 -%patch101 -p1 %patch102 -p1 +%patch103 -p1 %endif %patch300 -p1 cp %{SOURCE7} . diff --git a/netlink_gcc_go.patch b/netlink_gcc_go.patch deleted file mode 100644 index 19fb111..0000000 --- a/netlink_gcc_go.patch +++ /dev/null @@ -1,48 +0,0 @@ -diff --git a/vendor/src/github.com/vishvananda/netlink/link_linux.go b/vendor/src/github.com/vishvananda/netlink/link_linux.go -index 3aa9124..6ad7c2b 100644 ---- a/vendor/src/github.com/vishvananda/netlink/link_linux.go -+++ b/vendor/src/github.com/vishvananda/netlink/link_linux.go -@@ -415,11 +415,11 @@ func LinkAdd(link Link) error { - req.Flags |= syscall.IFF_TUN_EXCL - copy(req.Name[:15], base.Name) - req.Flags |= uint16(tuntap.Mode) -- _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, file.Fd(), uintptr(syscall.TUNSETIFF), uintptr(unsafe.Pointer(&req))) -+ _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, file.Fd(), uintptr(syscall_TUNSETIFF), uintptr(unsafe.Pointer(&req))) - if errno != 0 { - return fmt.Errorf("Tuntap IOCTL TUNSETIFF failed, errno %v", errno) - } -- _, _, errno = syscall.Syscall(syscall.SYS_IOCTL, file.Fd(), uintptr(syscall.TUNSETPERSIST), 1) -+ _, _, errno = syscall.Syscall(syscall.SYS_IOCTL, file.Fd(), uintptr(syscall_TUNSETPERSIST), 1) - if errno != 0 { - return fmt.Errorf("Tuntap IOCTL TUNSETPERSIST failed, errno %v", errno) - } -diff --git a/vendor/src/github.com/vishvananda/netlink/link_linux_others.go b/vendor/src/github.com/vishvananda/netlink/link_linux_others.go -new file mode 100644 -index 0000000..feb6070 ---- /dev/null -+++ b/vendor/src/github.com/vishvananda/netlink/link_linux_others.go -@@ -0,0 +1,9 @@ -+// +build linux -+// +build x86_64 arm64 s390x -+ -+package netlink -+ -+const ( -+ syscall_TUNSETIFF = 0x400454ca -+ syscall_TUNSETPERSIST = 0x400454ca -+) -diff --git a/vendor/src/github.com/vishvananda/netlink/link_linux_powerpc.go b/vendor/src/github.com/vishvananda/netlink/link_linux_powerpc.go -new file mode 100644 -index 0000000..fac7c06 ---- /dev/null -+++ b/vendor/src/github.com/vishvananda/netlink/link_linux_powerpc.go -@@ -0,0 +1,9 @@ -+// +build linux -+// +build ppc64 ppc64le -+ -+package netlink -+ -+const ( -+ syscall_TUNSETIFF = 0x800454ca -+ syscall_TUNSETPERSIST = 0x800454ca -+)