diff --git a/0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch b/0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch index 1c8ddfa..0cc4766 100644 --- a/0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch +++ b/0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch @@ -1,4 +1,4 @@ -From 63d19d6ef58457e8aba6346157c9601e38f60929 Mon Sep 17 00:00:00 2001 +From 37dfb97c0016300dd6453fc718805ccdf341bfd6 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 8 Mar 2017 12:41:54 +1100 Subject: [PATCH 1/6] SECRETS: daemon: allow directory creation in /run/secrets @@ -10,17 +10,14 @@ useful for creating directories and subdirectories of secrets. Signed-off-by: Antonio Murdaca Signed-off-by: Aleksa Sarai --- - daemon/container_operations_unix.go | 25 ++++++++++++++++++++++--- - 1 file changed, 22 insertions(+), 3 deletions(-) + daemon/container_operations_unix.go | 24 +++++++++++++++++++++--- + 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/daemon/container_operations_unix.go b/daemon/container_operations_unix.go -index 6a50b99bd29e..583db20aa459 100644 +index 75b4b09b8dc4..583db20aa459 100644 --- a/daemon/container_operations_unix.go +++ b/daemon/container_operations_unix.go -@@ -1,8 +1,10 @@ -+//go:build linux || freebsd - // +build linux freebsd - +@@ -4,6 +4,7 @@ package daemon // import "github.com/docker/docker/daemon" import ( @@ -28,7 +25,7 @@ index 6a50b99bd29e..583db20aa459 100644 "fmt" "io/ioutil" "os" -@@ -12,6 +14,7 @@ import ( +@@ -13,6 +14,7 @@ import ( "github.com/docker/docker/container" "github.com/docker/docker/daemon/links" "github.com/docker/docker/errdefs" @@ -36,7 +33,7 @@ index 6a50b99bd29e..583db20aa459 100644 "github.com/docker/docker/pkg/idtools" "github.com/docker/docker/pkg/stringid" "github.com/docker/docker/pkg/system" -@@ -205,9 +208,6 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) { +@@ -206,9 +208,6 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) { if err != nil { return errors.Wrap(err, "unable to get secret from secret store") } @@ -46,7 +43,7 @@ index 6a50b99bd29e..583db20aa459 100644 uid, err := strconv.Atoi(s.File.UID) if err != nil { -@@ -218,6 +218,25 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) { +@@ -219,6 +218,25 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) { return err } @@ -73,5 +70,5 @@ index 6a50b99bd29e..583db20aa459 100644 return errors.Wrap(err, "error setting ownership for secret") } -- -2.35.1 +2.36.1 diff --git a/0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch b/0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch index 33577d4..565b413 100644 --- a/0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch +++ b/0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch @@ -1,4 +1,4 @@ -From a472a5da8d0aeb21b4cb6fbd2dc348a753c0a883 Mon Sep 17 00:00:00 2001 +From 11ac23e5620ee53c9527334d2222b32ca5098876 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 8 Mar 2017 11:43:29 +1100 Subject: [PATCH 2/6] SECRETS: SUSE: implement SUSE container secrets @@ -451,5 +451,5 @@ index 000000000000..9ee33adf7497 + return nil +} -- -2.35.1 +2.36.1 diff --git a/0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch b/0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch index 859d3a5..efe684e 100644 --- a/0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch +++ b/0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch @@ -1,4 +1,4 @@ -From 098dd769a226407da7a695ae44cf2e41a5d13a4a Mon Sep 17 00:00:00 2001 +From cf3c6ccefda39c60dc656404674628ac48b55de9 Mon Sep 17 00:00:00 2001 From: Valentin Rothberg Date: Mon, 2 Jul 2018 13:37:34 +0200 Subject: [PATCH 3/6] PRIVATE-REGISTRY: add private-registry mirror support @@ -1142,5 +1142,5 @@ index 3e3a5b41ffbd..451a6f874bc1 100644 endpoints = []APIEndpoint{ -- -2.35.1 +2.36.1 diff --git a/0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch b/0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch index eedb325..61930ec 100644 --- a/0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch +++ b/0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch @@ -1,4 +1,4 @@ -From 5e84bae968f7beadd92452795cfe2ce4f8995cef Mon Sep 17 00:00:00 2001 +From 5d2f7a37a37547663aae1538b2d3fd48dd7277c8 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 29 Jun 2018 17:59:30 +1000 Subject: [PATCH 4/6] bsc1073877: apparmor: clobber docker-default profile on @@ -22,10 +22,10 @@ Signed-off-by: Aleksa Sarai 3 files changed, 17 insertions(+), 6 deletions(-) diff --git a/daemon/apparmor_default.go b/daemon/apparmor_default.go -index a7cc3a5ef412..1a952953da8f 100644 +index 21813ec14f8f..0de75b32b7fa 100644 --- a/daemon/apparmor_default.go +++ b/daemon/apparmor_default.go -@@ -23,6 +23,15 @@ func DefaultApparmorProfile() string { +@@ -24,6 +24,15 @@ func DefaultApparmorProfile() string { return "" } @@ -41,7 +41,7 @@ index a7cc3a5ef412..1a952953da8f 100644 func ensureDefaultAppArmorProfile() error { if apparmor.IsEnabled() { loaded, err := aaprofile.IsLoaded(defaultAppArmorProfile) -@@ -36,10 +45,7 @@ func ensureDefaultAppArmorProfile() error { +@@ -37,10 +46,7 @@ func ensureDefaultAppArmorProfile() error { } // Load the profile. @@ -54,10 +54,10 @@ index a7cc3a5ef412..1a952953da8f 100644 return nil } diff --git a/daemon/apparmor_default_unsupported.go b/daemon/apparmor_default_unsupported.go -index dd581dc7dadb..5b14979cd4a3 100644 +index e3dc18b32b5e..9c7723056268 100644 --- a/daemon/apparmor_default_unsupported.go +++ b/daemon/apparmor_default_unsupported.go -@@ -2,6 +2,10 @@ +@@ -3,6 +3,10 @@ package daemon // import "github.com/docker/docker/daemon" @@ -85,5 +85,5 @@ index 2a2fbbd52e19..0999ac3186b7 100644 } -- -2.35.1 +2.36.1 diff --git a/0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch b/0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch index 2e546a4..bd92ee3 100644 --- a/0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch +++ b/0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch @@ -1,4 +1,4 @@ -From 98822d2010c709e64d5e86d7ec8e054861080a53 Mon Sep 17 00:00:00 2001 +From b54c6c7addcb163ddcef5e37fc7ed1c0afd0dbfa Mon Sep 17 00:00:00 2001 From: Michal Rostecki Date: Thu, 8 Apr 2021 14:42:02 +0100 Subject: [PATCH 5/6] bsc1183855: btrfs: Do not disable quota on cleanup @@ -24,10 +24,10 @@ Signed-off-by: Michal Rostecki 1 file changed, 8 insertions(+), 42 deletions(-) diff --git a/daemon/graphdriver/btrfs/btrfs.go b/daemon/graphdriver/btrfs/btrfs.go -index 8fd2854a2673..32c4f07c620d 100644 +index fa0cdf8666b1..02bbb5da1088 100644 --- a/daemon/graphdriver/btrfs/btrfs.go +++ b/daemon/graphdriver/btrfs/btrfs.go -@@ -103,7 +103,7 @@ func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap +@@ -104,7 +104,7 @@ func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap } if userDiskQuota { @@ -36,7 +36,7 @@ index 8fd2854a2673..32c4f07c620d 100644 return nil, err } } -@@ -172,18 +172,10 @@ func (d *Driver) GetMetadata(id string) (map[string]string, error) { +@@ -173,18 +173,10 @@ func (d *Driver) GetMetadata(id string) (map[string]string, error) { // Cleanup unmounts the home directory. func (d *Driver) Cleanup() error { @@ -56,7 +56,7 @@ index 8fd2854a2673..32c4f07c620d 100644 return nil } -@@ -341,7 +333,7 @@ func (d *Driver) updateQuotaStatus() { +@@ -342,7 +334,7 @@ func (d *Driver) updateQuotaStatus() { d.once.Do(func() { if !d.quotaEnabled { // In case quotaEnabled is not set, check qgroup and update quotaEnabled as needed @@ -65,7 +65,7 @@ index 8fd2854a2673..32c4f07c620d 100644 // quota is still not enabled return } -@@ -350,7 +342,7 @@ func (d *Driver) updateQuotaStatus() { +@@ -351,7 +343,7 @@ func (d *Driver) updateQuotaStatus() { }) } @@ -74,7 +74,7 @@ index 8fd2854a2673..32c4f07c620d 100644 d.updateQuotaStatus() if d.quotaEnabled { -@@ -376,32 +368,6 @@ func (d *Driver) subvolEnableQuota() error { +@@ -377,32 +369,6 @@ func (d *Driver) subvolEnableQuota() error { return nil } @@ -107,7 +107,7 @@ index 8fd2854a2673..32c4f07c620d 100644 func (d *Driver) subvolRescanQuota() error { d.updateQuotaStatus() -@@ -444,11 +410,11 @@ func subvolLimitQgroup(path string, size uint64) error { +@@ -445,11 +411,11 @@ func subvolLimitQgroup(path string, size uint64) error { return nil } @@ -121,7 +121,7 @@ index 8fd2854a2673..32c4f07c620d 100644 dir, err := openDir(path) if err != nil { return err -@@ -622,7 +588,7 @@ func (d *Driver) setStorageSize(dir string, driver *Driver) error { +@@ -623,7 +589,7 @@ func (d *Driver) setStorageSize(dir string, driver *Driver) error { if d.options.minSpace > 0 && driver.options.size < d.options.minSpace { return fmt.Errorf("btrfs: storage size cannot be less than %s", units.HumanSize(float64(d.options.minSpace))) } @@ -130,7 +130,7 @@ index 8fd2854a2673..32c4f07c620d 100644 return err } return subvolLimitQgroup(dir, driver.options.size) -@@ -676,7 +642,7 @@ func (d *Driver) Get(id, mountLabel string) (containerfs.ContainerFS, error) { +@@ -677,7 +643,7 @@ func (d *Driver) Get(id, mountLabel string) (containerfs.ContainerFS, error) { if quota, err := ioutil.ReadFile(d.quotasDirID(id)); err == nil { if size, err := strconv.ParseUint(string(quota), 10, 64); err == nil && size >= d.options.minSpace { @@ -140,5 +140,5 @@ index 8fd2854a2673..32c4f07c620d 100644 } if err := subvolLimitQgroup(dir, size); err != nil { -- -2.35.1 +2.36.1 diff --git a/0006-bsc1193930-vendor-update-golang.org-x-crypto.patch b/0006-bsc1193930-vendor-update-golang.org-x-crypto.patch index 3ec34c5..653d689 100644 --- a/0006-bsc1193930-vendor-update-golang.org-x-crypto.patch +++ b/0006-bsc1193930-vendor-update-golang.org-x-crypto.patch @@ -1,4 +1,4 @@ -From b0122ef823aa4f05c9c552fb0eeff2fc11a0a64c Mon Sep 17 00:00:00 2001 +From bb67252dfccb18dacc9e0c3463e7c52f32fb2900 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 29 Apr 2022 12:44:21 +1000 Subject: [PATCH 6/6] bsc1193930: vendor: update golang.org/x/crypto @@ -354,7 +354,7 @@ Signed-off-by: Aleksa Sarai create mode 100644 vendor/golang.org/x/crypto/xts/xts.go diff --git a/vendor.conf b/vendor.conf -index ac4640c76369..c21d903fa8a8 100644 +index 54e97e4562d8..9ff95d499ef8 100644 --- a/vendor.conf +++ b/vendor.conf @@ -150,7 +150,7 @@ github.com/golang/protobuf 84668698ea25b64748563aa20726 @@ -41068,5 +41068,5 @@ index 000000000000..b51308e95e52 + } +} -- -2.35.1 +2.36.1 diff --git a/_service b/_service index b716ef0..5626a21 100644 --- a/_service +++ b/_service @@ -3,16 +3,16 @@ https://github.com/moby/moby.git git .git - 20.10.14_ce_%h - v20.10.14 + 20.10.17_ce_%h + v20.10.17 docker https://github.com/docker/cli.git git .git - 20.10.14_ce - v20.10.14 + 20.10.17_ce + v20.10.17 docker-cli @@ -20,7 +20,7 @@ git .git %H - 64b7a4574d1426139437d20e81c0b6d391130ec8 + f6ccccb1c082a432c2a5814aaedaca56af33d9ea docker-libnetwork diff --git a/docker-20.10.14_ce_87a90dc786bd.tar.xz b/docker-20.10.14_ce_87a90dc786bd.tar.xz deleted file mode 100644 index 9e298f7..0000000 --- a/docker-20.10.14_ce_87a90dc786bd.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:6d3e2a8f966b51320d8aaae83ac9606b5e042766ebdac3fde5fd36bb8579502d -size 6424424 diff --git a/docker-20.10.17_ce_a89b84221c85.tar.xz b/docker-20.10.17_ce_a89b84221c85.tar.xz new file mode 100644 index 0000000..60379b3 --- /dev/null +++ b/docker-20.10.17_ce_a89b84221c85.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9464d19aa358c19089672a03b13572b9c512c8c19ad098b594caca864052c426 +size 6557740 diff --git a/docker-cli-20.10.14_ce.tar.xz b/docker-cli-20.10.14_ce.tar.xz deleted file mode 100644 index bcfa81e..0000000 --- a/docker-cli-20.10.14_ce.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b1549d97c545ac15336032be381f02de480bc25d8090feadf43a23d91ab56110 -size 4265544 diff --git a/docker-cli-20.10.17_ce.tar.xz b/docker-cli-20.10.17_ce.tar.xz new file mode 100644 index 0000000..1286b18 --- /dev/null +++ b/docker-cli-20.10.17_ce.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1eeb771ad69ec70e206d69bdb649d05f438d0fa4193bbb6f4c7fd276258a08a9 +size 4357440 diff --git a/docker-libnetwork-64b7a4574d1426139437d20e81c0b6d391130ec8.tar.xz b/docker-libnetwork-64b7a4574d1426139437d20e81c0b6d391130ec8.tar.xz deleted file mode 100644 index 6811745..0000000 --- a/docker-libnetwork-64b7a4574d1426139437d20e81c0b6d391130ec8.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:437df6f6e33cf527acbcc2117738430f89e43bc57d958557155b3392c3a00ff8 -size 1983592 diff --git a/docker-libnetwork-f6ccccb1c082a432c2a5814aaedaca56af33d9ea.tar.xz b/docker-libnetwork-f6ccccb1c082a432c2a5814aaedaca56af33d9ea.tar.xz new file mode 100644 index 0000000..dbe226f --- /dev/null +++ b/docker-libnetwork-f6ccccb1c082a432c2a5814aaedaca56af33d9ea.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a676901b2676dedd147e70b2e6c5b9869e8d2fad99605de20cc1b42830097d3b +size 1983552 diff --git a/docker.changes b/docker.changes index a992151..322bfa2 100644 --- a/docker.changes +++ b/docker.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Tue Jun 7 07:18:41 UTC 2022 - Aleksa Sarai + +- Update to Docker 20.10.17-ce. See upstream changelog online at + . bsc#1200145 +- Rebase patches: + * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch + * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch + * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch + * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch + * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch + * 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch + ------------------------------------------------------------------- Fri Apr 29 02:51:43 UTC 2022 - Aleksa Sarai diff --git a/docker.spec b/docker.spec index 22bd1e3..9d85bfa 100644 --- a/docker.spec +++ b/docker.spec @@ -42,24 +42,24 @@ # helpfully injects into our build environment from the changelog). If you want # to generate a new git_commit_epoch, use this: # $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s' -%define git_version 87a90dc786bd -%define git_commit_epoch 1649909084 +%define git_version a89b84221c85 +%define git_commit_epoch 1654554758 # We require a specific pin of libnetwork because it doesn't really do # versioning and minor version mismatches in libnetwork can break Docker # networking. All other key runtime dependencies (containerd, runc) are stable # enough that this isn't necessary. -%define libnetwork_version 64b7a4574d1426139437d20e81c0b6d391130ec8 +%define libnetwork_version f6ccccb1c082a432c2a5814aaedaca56af33d9ea %define dist_builddir %{_builddir}/dist-suse %define cli_builddir %{dist_builddir}/src/github.com/docker/cli %define proxy_builddir %{dist_builddir}/src/github.com/docker/libnetwork Name: %{realname}%{name_suffix} -Version: 20.10.14_ce +Version: 20.10.17_ce # This "nice version" is so that docker --version gives a result that can be # parsed by other people. boo#1182476 -%define nice_version 20.10.14-ce +%define nice_version 20.10.17-ce Release: 0 Summary: The Moby-project Linux container runtime License: Apache-2.0 @@ -111,8 +111,10 @@ BuildRequires: sqlite3-devel BuildRequires: zsh BuildRequires: fish BuildRequires: go-go-md2man -BuildRequires: go1.16 BuildRequires: pkgconfig(libsystemd) +# Due to a limitation in openSUSE's Go packaging we cannot have a BuildRequires +# for 'golang(API) >= 1.17' here, so just require 1.17 exactly. bsc#1172608 +BuildRequires: go1.17 Requires: apparmor-parser Requires: ca-certificates-mozilla # The docker-proxy binary used to be in a separate package. We obsolete it, @@ -121,8 +123,8 @@ Obsoletes: docker-libnetwork%{name_suffix} < 0.7.0.2 Provides: docker-libnetwork%{name_suffix} = 0.7.0.2.%{version} # Required to actually run containers. We require the minimum version that is # pinned by Docker, but in order to avoid headaches we allow for updates. -Requires: runc >= 1.0.2 -Requires: containerd >= 1.5 +Requires: runc >= 1.1.2 +Requires: containerd >= 1.6.6 # Needed for --init support. We don't use "tini", we use our own implementation # which handles edge-cases better. Requires: catatonit