Accepting request 612799 from home:cyphar:containers:docker_bsc1065609

- Update secrets patch to not log incorrect warnings when attempting to inject
  non-existent host files. bsc#1065609
  * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
  * secrets-0002-SUSE-implement-SUSE-container-secrets.patch

OBS-URL: https://build.opensuse.org/request/show/612799
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=247
This commit is contained in:
Aleksa Sarai 2018-05-30 05:44:31 +00:00 committed by Git OBS Bridge
parent 832a61093a
commit 4bd579423a
3 changed files with 25 additions and 9 deletions

View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Tue May 29 08:10:48 UTC 2018 - asarai@suse.com
- Update secrets patch to not log incorrect warnings when attempting to inject
non-existent host files. bsc#1065609
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
-------------------------------------------------------------------
Tue Apr 10 09:25:43 UTC 2018 - mmeister@suse.com

View File

@ -10,7 +10,7 @@ useful for creating directories and subdirectories of secrets.
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
Signed-off-by: Aleksa Sarai <asarai@suse.de>
---
.../engine/daemon/container_operations_unix.go | 24 +++++++++++++++++++---
.../daemon/container_operations_unix.go | 24 ++++++++++++++++---
1 file changed, 21 insertions(+), 3 deletions(-)
diff --git a/components/engine/daemon/container_operations_unix.go b/components/engine/daemon/container_operations_unix.go
@ -70,5 +70,5 @@ index 954c194ea836..3ef1e0262edc 100644
return errors.Wrap(err, "error setting ownership for secret")
}
--
2.16.1
2.17.0

View File

@ -1,4 +1,4 @@
From 3a7cd305f75fabc49460066e5452458a524ead5c Mon Sep 17 00:00:00 2001
From a7533a3084e925eb478148ef30bec0d1f1b81ae3 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Wed, 8 Mar 2017 11:43:29 +1100
Subject: [PATCH 2/2] SUSE: implement SUSE container secrets
@ -10,12 +10,12 @@ THIS PATCH IS NOT TO BE UPSTREAMED, DUE TO THE FACT THAT IT IS
SUSE-SPECIFIC, AND UPSTREAM DOES NOT APPROVE OF THIS CONCEPT BECAUSE IT
MAKES BUILDS NOT ENTIRELY REPRODUCIBLE.
SUSE-Bugs: bsc#1057743 bsc#1055676 bsc#1030702
SUSE-Bugs: bsc#1065609 bsc#1057743 bsc#1055676 bsc#1030702
Signed-off-by: Aleksa Sarai <asarai@suse.de>
---
components/engine/daemon/start.go | 5 +
components/engine/daemon/suse_secrets.go | 391 +++++++++++++++++++++++++++++++
2 files changed, 396 insertions(+)
components/engine/daemon/suse_secrets.go | 399 +++++++++++++++++++++++
2 files changed, 404 insertions(+)
create mode 100644 components/engine/daemon/suse_secrets.go
diff --git a/components/engine/daemon/start.go b/components/engine/daemon/start.go
@ -36,10 +36,10 @@ index 55438cf2c45f..7dfa6cd1d055 100644
return systemError{err}
diff --git a/components/engine/daemon/suse_secrets.go b/components/engine/daemon/suse_secrets.go
new file mode 100644
index 000000000000..9d0788f0410d
index 000000000000..00e485368b47
--- /dev/null
+++ b/components/engine/daemon/suse_secrets.go
@@ -0,0 +1,391 @@
@@ -0,0 +1,399 @@
+/*
+ * suse-secrets: patch for Docker to implement SUSE secrets
+ * Copyright (C) 2017 SUSE LLC.
@ -143,6 +143,10 @@ index 000000000000..9d0788f0410d
+ var suseFiles []*SuseFakeFile
+
+ path := filepath.Join(prefix, dir)
+ if _, err := os.Lstat(path); err != nil && os.IsNotExist(err) {
+ // If the path doesn't exist at all we don't inject anything.
+ return nil, nil
+ }
+ fi, err := os.Stat(path)
+ if err != nil {
+ // Ignore dangling symlinks.
@ -259,6 +263,10 @@ index 000000000000..9d0788f0410d
+// readFile returns a secret given a file under a given prefix.
+func readFile(prefix, file string) ([]*SuseFakeFile, error) {
+ path := filepath.Join(prefix, file)
+ if _, err := os.Lstat(path); err != nil && os.IsNotExist(err) {
+ // If the path doesn't exist at all we don't inject anything.
+ return nil, nil
+ }
+ fi, err := os.Stat(path)
+ if err != nil {
+ // Ignore dangling symlinks.
@ -432,5 +440,5 @@ index 000000000000..9d0788f0410d
+ return nil
+}
--
2.16.1
2.17.0