Accepting request 612799 from home:cyphar:containers:docker_bsc1065609
- Update secrets patch to not log incorrect warnings when attempting to inject non-existent host files. bsc#1065609 * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch * secrets-0002-SUSE-implement-SUSE-container-secrets.patch OBS-URL: https://build.opensuse.org/request/show/612799 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=247
This commit is contained in:
parent
832a61093a
commit
4bd579423a
@ -1,3 +1,11 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue May 29 08:10:48 UTC 2018 - asarai@suse.com
|
||||
|
||||
- Update secrets patch to not log incorrect warnings when attempting to inject
|
||||
non-existent host files. bsc#1065609
|
||||
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
|
||||
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Apr 10 09:25:43 UTC 2018 - mmeister@suse.com
|
||||
|
||||
|
@ -10,7 +10,7 @@ useful for creating directories and subdirectories of secrets.
|
||||
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
|
||||
Signed-off-by: Aleksa Sarai <asarai@suse.de>
|
||||
---
|
||||
.../engine/daemon/container_operations_unix.go | 24 +++++++++++++++++++---
|
||||
.../daemon/container_operations_unix.go | 24 ++++++++++++++++---
|
||||
1 file changed, 21 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/components/engine/daemon/container_operations_unix.go b/components/engine/daemon/container_operations_unix.go
|
||||
@ -70,5 +70,5 @@ index 954c194ea836..3ef1e0262edc 100644
|
||||
return errors.Wrap(err, "error setting ownership for secret")
|
||||
}
|
||||
--
|
||||
2.16.1
|
||||
2.17.0
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 3a7cd305f75fabc49460066e5452458a524ead5c Mon Sep 17 00:00:00 2001
|
||||
From a7533a3084e925eb478148ef30bec0d1f1b81ae3 Mon Sep 17 00:00:00 2001
|
||||
From: Aleksa Sarai <asarai@suse.de>
|
||||
Date: Wed, 8 Mar 2017 11:43:29 +1100
|
||||
Subject: [PATCH 2/2] SUSE: implement SUSE container secrets
|
||||
@ -10,12 +10,12 @@ THIS PATCH IS NOT TO BE UPSTREAMED, DUE TO THE FACT THAT IT IS
|
||||
SUSE-SPECIFIC, AND UPSTREAM DOES NOT APPROVE OF THIS CONCEPT BECAUSE IT
|
||||
MAKES BUILDS NOT ENTIRELY REPRODUCIBLE.
|
||||
|
||||
SUSE-Bugs: bsc#1057743 bsc#1055676 bsc#1030702
|
||||
SUSE-Bugs: bsc#1065609 bsc#1057743 bsc#1055676 bsc#1030702
|
||||
Signed-off-by: Aleksa Sarai <asarai@suse.de>
|
||||
---
|
||||
components/engine/daemon/start.go | 5 +
|
||||
components/engine/daemon/suse_secrets.go | 391 +++++++++++++++++++++++++++++++
|
||||
2 files changed, 396 insertions(+)
|
||||
components/engine/daemon/suse_secrets.go | 399 +++++++++++++++++++++++
|
||||
2 files changed, 404 insertions(+)
|
||||
create mode 100644 components/engine/daemon/suse_secrets.go
|
||||
|
||||
diff --git a/components/engine/daemon/start.go b/components/engine/daemon/start.go
|
||||
@ -36,10 +36,10 @@ index 55438cf2c45f..7dfa6cd1d055 100644
|
||||
return systemError{err}
|
||||
diff --git a/components/engine/daemon/suse_secrets.go b/components/engine/daemon/suse_secrets.go
|
||||
new file mode 100644
|
||||
index 000000000000..9d0788f0410d
|
||||
index 000000000000..00e485368b47
|
||||
--- /dev/null
|
||||
+++ b/components/engine/daemon/suse_secrets.go
|
||||
@@ -0,0 +1,391 @@
|
||||
@@ -0,0 +1,399 @@
|
||||
+/*
|
||||
+ * suse-secrets: patch for Docker to implement SUSE secrets
|
||||
+ * Copyright (C) 2017 SUSE LLC.
|
||||
@ -143,6 +143,10 @@ index 000000000000..9d0788f0410d
|
||||
+ var suseFiles []*SuseFakeFile
|
||||
+
|
||||
+ path := filepath.Join(prefix, dir)
|
||||
+ if _, err := os.Lstat(path); err != nil && os.IsNotExist(err) {
|
||||
+ // If the path doesn't exist at all we don't inject anything.
|
||||
+ return nil, nil
|
||||
+ }
|
||||
+ fi, err := os.Stat(path)
|
||||
+ if err != nil {
|
||||
+ // Ignore dangling symlinks.
|
||||
@ -259,6 +263,10 @@ index 000000000000..9d0788f0410d
|
||||
+// readFile returns a secret given a file under a given prefix.
|
||||
+func readFile(prefix, file string) ([]*SuseFakeFile, error) {
|
||||
+ path := filepath.Join(prefix, file)
|
||||
+ if _, err := os.Lstat(path); err != nil && os.IsNotExist(err) {
|
||||
+ // If the path doesn't exist at all we don't inject anything.
|
||||
+ return nil, nil
|
||||
+ }
|
||||
+ fi, err := os.Stat(path)
|
||||
+ if err != nil {
|
||||
+ // Ignore dangling symlinks.
|
||||
@ -432,5 +440,5 @@ index 000000000000..9d0788f0410d
|
||||
+ return nil
|
||||
+}
|
||||
--
|
||||
2.16.1
|
||||
2.17.0
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user