- Update to Docker 18.09.1-ce. See upstream changelog in the packaged

/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1124308

OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=283

_service

@@ -3,15 +3,12 @@
     <param name="url">https://github.com/docker/docker-ce.git</param>
     <param name="scm">git</param>
     <param name="exclude">.git</param>
-    <param name="versionformat">18.09.0_ce</param>
-    <param name="revision">v18.09.0</param>
+    <param name="versionformat">18.09.1_ce.%h</param>
+    <param name="revision">v18.09.1</param>
     <param name="filename">docker</param>
   </service>
   <service name="recompress" mode="disabled">
     <param name="file">docker-*.tar</param>
     <param name="compression">xz</param>
   </service>
-  <service name="set_version" mode="disabled">
-    <param name="basename">docker</param>
-  </service>
 </services>

bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch

@@ -1,75 +0,0 @@
-From 4962b0a0bc6ca1fc99b0936175f929f9d3f5fa4c Mon Sep 17 00:00:00 2001
-From: Aleksa Sarai <asarai@suse.de>
-Date: Sun, 8 Apr 2018 20:21:30 +1000
-Subject: [PATCH 1/2] apparmor: allow receiving of signals from 'docker kill'
-
-In newer kernels, AppArmor will reject attempts to send signals to a
-container because the signal originated from outside of that AppArmor
-profile. Correct this by allowing all unconfined signals to be received.
-
-Signed-off-by: Goldwyn Rodrigues <rgoldwyn@suse.com>
-Signed-off-by: Aleksa Sarai <asarai@suse.de>
----
- .../engine/profiles/apparmor/apparmor.go      | 21 +++++++++++++++++++
- .../engine/profiles/apparmor/template.go      |  6 ++++++
- 2 files changed, 27 insertions(+)
-
-diff --git a/components/engine/profiles/apparmor/apparmor.go b/components/engine/profiles/apparmor/apparmor.go
-index b021668c8e4c..2f58ee852cab 100644
---- a/components/engine/profiles/apparmor/apparmor.go
-+++ b/components/engine/profiles/apparmor/apparmor.go
-@@ -23,6 +23,8 @@ var (
- type profileData struct {
- 	// Name is profile name.
- 	Name string
-+	// DaemonProfile is the profile name of our daemon.
-+	DaemonProfile string
- 	// Imports defines the apparmor functions to import, before defining the profile.
- 	Imports []string
- 	// InnerImports defines the apparmor functions to import in the profile.
-@@ -70,6 +72,25 @@ func InstallDefault(name string) error {
- 		Name: name,
- 	}
- 
-+	// Figure out the daemon profile.
-+	currentProfile, err := ioutil.ReadFile("/proc/self/attr/current")
-+	if err != nil {
-+		// If we couldn't get the daemon profile, assume we are running
-+		// unconfined which is generally the default.
-+		currentProfile = nil
-+	}
-+	daemonProfile := string(currentProfile)
-+	// Normally profiles are suffixed by " (enforcing)" or similar. AppArmor
-+	// profiles cannot contain spaces so this doesn't restrict daemon profile
-+	// names.
-+	if parts := strings.SplitN(daemonProfile, " ", 2); len(parts) >= 1 {
-+		daemonProfile = parts[0]
-+	}
-+	if daemonProfile == "" {
-+		daemonProfile = "unconfined"
-+	}
-+	p.DaemonProfile = daemonProfile
-+
- 	// Install to a temporary directory.
- 	f, err := ioutil.TempFile("", name)
- 	if err != nil {
-diff --git a/components/engine/profiles/apparmor/template.go b/components/engine/profiles/apparmor/template.go
-index c00a3f70e993..400b3bd50a11 100644
---- a/components/engine/profiles/apparmor/template.go
-+++ b/components/engine/profiles/apparmor/template.go
-@@ -17,6 +17,12 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) {
-   capability,
-   file,
-   umount,
-+{{if ge .Version 208096}}
-+{{/* Allow 'docker kill' to actually send signals to container processes. */}}
-+  signal (receive) peer={{.DaemonProfile}},
-+{{/* Allow container processes to send signals amongst themselves. */}}
-+  signal (send,receive) peer={{.Name}},
-+{{end}}
- 
-   deny @{PROC}/* w,   # deny write for all files directly in /proc (not in a subdir)
-   # deny write to files not in /proc/<number>/** or /proc/sys/**
--- 
-2.19.1
-

docker-18.09.0_ce.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ce38c3b659b78bccdfaf07b1f0a4eaaf454ffec726434511feeee1b9a2fc8151
-size 9264940

docker-18.09.1_ce.4c52b901c6cb.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:977edd36e90089a63712975d63bdce7b99d6b5ac8cddaa54b71c216c1ed75020
+size 9334972

docker.changes

@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Tue Feb  5 11:24:02 UTC 2019 - Aleksa Sarai <asarai@suse.com>
+
+- Update to Docker 18.09.1-ce. See upstream changelog in the packaged
+  /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1124308
+- Remove upstreamed patches.
+  - bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
+
 -------------------------------------------------------------------
 Mon Jan 14 17:18:43 UTC 2019 - Andrey Karepin <egdfree@opensuse.org>
 

docker.spec

@@ -42,24 +42,24 @@
 # helpfully injects into our build environment from the changelog). If you want
 # to generate a new git_commit_epoch, use this:
 #  $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s'
-%define git_version e68fc7a215d7
-%define git_commit_epoch 1534871791
+%define git_version 4c52b901c6cb
+%define git_commit_epoch 1547060456
 
 # These are the git commits required. We verify them against the source to make
 # sure we didn't miss anything important when doing upgrades.
-%define required_containerd 468a545b9edcd5932818eb9de8e72413e616e86e
-%define required_dockerrunc 69663f0bd4b60df09991c08812a60108003fa340
-%define required_libnetwork 6da50d1978302f04c3e2089e29112ea24812f05b
+%define required_containerd 9754871865f7fe2f4e74d43e2fc7ccd237edcbce
+%define required_dockerrunc 96ec2177ae841256168fcf76954f7177af9446eb
+%define required_libnetwork 2cfbf9b1f98162a55829a21cc603c76072a75382
 
 Name:           %{realname}%{name_suffix}
-Version:        18.09.0_ce
+Version:        18.09.1_ce
 Release:        0
 Summary:        The Linux container runtime
 License:        Apache-2.0
 Group:          System/Management
 Url:            http://www.docker.io
 # TODO(VR): check those SOURCE files below
-Source:         %{realname}-%{version}.tar.xz
+Source:         %{realname}-%{version}.%{git_version}.tar.xz
 Source1:        docker.service
 # bsc#1086185 -- but we only apply this on Kubic.
 Source2:        docker-kubic-service.conf
@@ -76,8 +76,6 @@ Source9:        tests.sh
 # branch in http://github.com/suse/docker.mirror.
 Patch200:       secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
 Patch201:       secrets-0002-SUSE-implement-SUSE-container-secrets.patch
-# SUSE-BACKPORT: Backport of https://github.com/docker/docker/pull/37831. bsc#1073877
-Patch400:       bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
 # SUSE-BACKPORT: Backport of https://github.com/docker/docker/pull/37353. bsc#1099277
 Patch401:       bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch
 # SUSE-BACKPORT: Backport of https://github.com/docker/cli/pull/1306. boo#1047218
@@ -270,7 +268,7 @@ docker container runtime configuration for kubeadm
 %endif
 
 %prep
-%setup -q -n %{realname}-%{version}
+%setup -q -n %{realname}-%{version}.%{git_version}
 %if 0%{?is_opensuse}
 # nothing
 %else
@@ -278,8 +276,6 @@ docker container runtime configuration for kubeadm
 %patch200 -p1
 %patch201 -p1
 %endif
-# bsc#1073877
-%patch400 -p1
 # bsc#1099277
 %patch401 -p1
 # boo#1047218