Accepting request 495655 from Virtualization:containers

1 OBS-URL: https://build.opensuse.org/request/show/495655 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=54
2017-05-23 08:18:53 +00:00 · 2017-05-23 08:18:53 +00:00 · 7e47b9bdcc
commit 7e47b9bdcc
parent 4fa0574fc1 ba2f6637f8
14 changed files with 222 additions and 274 deletions
--- a/4
+++ b/4
@ -3,8 +3,8 @@
    <param name="url">https://github.com/docker/docker.git</param>
    <param name="scm">git</param>
    <param name="exclude">.git</param>
-    <param name="versionformat">1.13.0</param>
+    <param name="versionformat">17.04.0_ce</param>
-    <param name="revision">v1.13.0</param>
+    <param name="revision">v17.04.0-ce</param>
  </service>
  <service name="recompress" mode="disabled">
    <param name="file">docker-*.tar</param>
--- a/boltdb_bolt_add_brokenUnaligned.patch
+++ b/boltdb_bolt_add_brokenUnaligned.patch
@ -1,27 +0,0 @@
 From: Michel Normand <normand@linux.vnet.ibm.com>
 Subject: boltdb bolt add brokenUnaligned for ppc64
 Date: Tue, 20 Dec 2016 10:19:01 +0100
 boltdb bolt add brokenUnaligned for ppc64
 as already done for bolt_ppc64le.go
 Correction already submitted upstream as
 https://github.com/boltdb/bolt/pull/635
 Signed-off-by: Michel Normand <normand@linux.vnet.ibm.com>
 ---
 vendor/src/github.com/boltdb/bolt/bolt_ppc64.go |    3 +++
 1 file changed, 3 insertions(+)
 Index: docker-1.12.3/vendor/src/github.com/boltdb/bolt/bolt_ppc64.go
 ===================================================================
 --- docker-1.12.3.orig/vendor/src/github.com/boltdb/bolt/bolt_ppc64.go
 +++ docker-1.12.3/vendor/src/github.com/boltdb/bolt/bolt_ppc64.go
@@ -7,3 +7,6 @@ const maxMapSize = 0xFFFFFFFFFFFF // 256
 // maxAllocSize is the size used when creating array pointers.
 const maxAllocSize = 0x7FFFFFFF
 +
 +// Are unaligned load/stores broken on this arch?
 +var brokenUnaligned = false
--- a/bsc1037436-0001-client-check-tty-before-creating-exec-job.patch
+++ b/bsc1037436-0001-client-check-tty-before-creating-exec-job.patch
@ -0,0 +1,69 @@
 From c117441b1a74affb013a42ee8225d69ecfaf4d72 Mon Sep 17 00:00:00 2001
 From: Aleksa Sarai <asarai@suse.de>
 Date: Tue, 9 May 2017 23:31:46 +1000
 Subject: [PATCH] client: check tty before creating exec job
 This is necessary in order to avoid execId leaks in the case where a
 `docker exec -it` is run without a terminal available for the client.
 You can reproduce this issue by running the following command many
 times.
  % nohup docker exec -it some_container true
 The container `some_container` will have execIDs that will never
 normally be cleaned up (because the client died before they were
 started).
 In addition, this patch adds a docker-inspect step to ensure that we
 give "container does not exist" errors consistently.
 [SUSE: Fixes bsc#1037436.]
 Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
 Signed-off-by: Aleksa Sarai <asarai@suse.de>
 ---
 cli/command/container/exec.go | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)
 diff --git a/cli/command/container/exec.go b/cli/command/container/exec.go
 index 676708c77b91..d85113259242 100644
 --- a/cli/command/container/exec.go
 +++ b/cli/command/container/exec.go
@@ -79,6 +79,19 @@ func runExec(dockerCli *command.DockerCli, opts *execOptions, container string,
 	ctx := context.Background()
 	client := dockerCli.Client()
 +	// We need to check the tty _before_ we do the ContainerExecCreate, because
 +	// otherwise if we error out we will leak execIDs on the server (and
 +	// there's no easy way to clean those up). But also in order to make "not
 +	// exist" errors take precedence we do a dummy inspect first.
 +	if _, err := client.ContainerInspect(ctx, container); err != nil {
 +		return err
 +	}
 +	if !execConfig.Detach {
 +		if err := dockerCli.In().CheckTty(execConfig.AttachStdin, execConfig.Tty); err != nil {
 +			return err
 +		}
 +	}
 +
 	response, err := client.ContainerExecCreate(ctx, container, *execConfig)
 	if err != nil {
 		return err
@@ -90,12 +103,8 @@ func runExec(dockerCli *command.DockerCli, opts *execOptions, container string,
 		return nil
 	}
 -	//Temp struct for execStart so that we don't need to transfer all the execConfig
 -	if !execConfig.Detach {
 -		if err := dockerCli.In().CheckTty(execConfig.AttachStdin, execConfig.Tty); err != nil {
 -			return err
 -		}
 -	} else {
 +	// Temp struct for execStart so that we don't need to transfer all the execConfig.
 +	if execConfig.Detach {
 		execStartCheck := types.ExecStartCheck{
 			Detach: execConfig.Detach,
 			Tty:    execConfig.Tty,
 -- 
 2.12.2
--- a/bsc1037607-0001-apparmor-make-pkg-aaparser-work-on-read-only-root.patch
+++ b/bsc1037607-0001-apparmor-make-pkg-aaparser-work-on-read-only-root.patch
@ -0,0 +1,60 @@
 From 9783e1791fc438751b327023b0cd7d392e54084f Mon Sep 17 00:00:00 2001
 From: Aleksa Sarai <asarai@suse.de>
 Date: Thu, 18 May 2017 00:02:00 +1000
 Subject: [PATCH] apparmor: make pkg/aaparser work on read-only root
 This is necessary because normally `apparmor_parser -r` will try to
 create a temporary directory on the host (which is not allowed if the
 host has a rootfs). However, the -K option bypasses saving things to the
 cache (which avoids this issue).
  % apparmor_parser -r /tmp/docker-profile
  mkstemp: Read-only file system
  % apparmor_parser -Kr /tmp/docker-profile
  %
 In addition, add extra information to the ensureDefaultAppArmorProfile
 errors so that problems like this are easier to debug.
 Fixes: 2f7596aaef3a ("apparmor: do not save profile to /etc/apparmor.d")
 Signed-off-by: Aleksa Sarai <asarai@suse.de>
 ---
 daemon/apparmor_default.go | 2 +-
 pkg/aaparser/aaparser.go   | 7 ++++---
 2 files changed, 5 insertions(+), 4 deletions(-)
 diff --git a/daemon/apparmor_default.go b/daemon/apparmor_default.go
 index 09dd0541b872..2a418b25c241 100644
 --- a/daemon/apparmor_default.go
 +++ b/daemon/apparmor_default.go
@@ -28,7 +28,7 @@ func ensureDefaultAppArmorProfile() error {
 		// Load the profile.
 		if err := aaprofile.InstallDefault(defaultApparmorProfile); err != nil {
 -			return fmt.Errorf("AppArmor enabled on system but the %s profile could not be loaded.", defaultApparmorProfile)
 +			return fmt.Errorf("AppArmor enabled on system but the %s profile could not be loaded: %s", defaultApparmorProfile, err)
 		}
 	}
 diff --git a/pkg/aaparser/aaparser.go b/pkg/aaparser/aaparser.go
 index e794c4c729e2..5de4a4d79b35 100644
 --- a/pkg/aaparser/aaparser.go
 +++ b/pkg/aaparser/aaparser.go
@@ -22,10 +22,11 @@ func GetVersion() (int, error) {
 	return parseVersion(output)
 }
 -// LoadProfile runs `apparmor_parser -r` on a specified apparmor profile to
 -// replace the profile.
 +// LoadProfile runs `apparmor_parser -Kr` on a specified apparmor profile to
 +// replace the profile. The `-K` is necessary to make sure that apparmor_parser
 +// doesn't try to write to a read-only filesystem.
 func LoadProfile(profilePath string) error {
 -	_, err := cmd("", "-r", profilePath)
 +	_, err := cmd("", "-Kr", profilePath)
 	return err
 }
 -- 
 2.12.2
--- a/docker-1.13.0.tar.xz
+++ b/docker-1.13.0.tar.xz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:1da90f2f637d55c7bef034761f0781a7cc4facdefc50b9d77f0c6a78185efe0a
 size 5130016
--- a/docker-17.04.0_ce.tar.xz
+++ b/docker-17.04.0_ce.tar.xz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:c192552cebebba3e5af60af995fb7fd6f6423b8df71574e8a1f188878ae21913
 size 4574004
--- a/docker.changes
+++ b/docker.changes
@ -1,3 +1,66 @@
 -------------------------------------------------------------------
 Wed May 17 14:41:29 UTC 2017 - asarai@suse.com
 - Fix bsc#1037607 which was causing read-only issues on Kubic, this is a
  backport of https://github.com/moby/moby/pull/33250.
  + bsc1037607-0001-apparmor-make-pkg-aaparser-work-on-read-only-root.patch
 -------------------------------------------------------------------
 Wed May 10 13:54:44 UTC 2017 - asarai@suse.com
 - Add a partial fix for boo#1038493.
 - Fixed bsc#1037436 where execids were being leaked due to bad error handling.
  This is a backport of https://github.com/docker/cli/pull/52.
   + bsc1037436-0001-client-check-tty-before-creating-exec-job.patch
 -------------------------------------------------------------------
 Thu May  4 19:03:40 UTC 2017 - jmassaguerpla@suse.com
 - Fix golang requirements in the subpackages
 -------------------------------------------------------------------
 Mon May  1 07:57:35 UTC 2017 - fcastelli@suse.com
 - Update golang build requirements to use golang(API) symbol: this is
  needed to solve a conflict between multiple versions of Go being available
 -------------------------------------------------------------------
 Tue Apr 18 15:38:11 UTC 2017 - jmassaguerpla@suse.com
 - Fix secrets-0002-SUSE-implement-SUSE-container-secrets.patch:
  substitute docker/distribution/digest by opencontainers/digest
 -------------------------------------------------------------------
 Thu Apr 13 14:34:35 UTC 2017 - jmassaguerpla@suse.com
 - Update to version 17.04.0-ce (fix bsc#1034053 )
 - Patches removed because have been merged into this version:
  * pr31549-cmd-docker-fix-TestDaemonCommand.patch
  * pr31773-daemon-also-ensureDefaultApparmorProfile-in-exec-pat.patch
 - Patches rebased:
  * integration-cli-fix-TestInfoEnsureSucceeds.patch
 - Build man pages for all archs (bsc#953182)
 - Containers cannot resolve DNS if docker host uses 127.0.0.1 as resolver (bsc#1034063)
 see /usr/share/doc/packages/docker/CHANGELOG.md
 -------------------------------------------------------------------
 Wed Apr 12 09:54:18 UTC 2017 - jmassaguerpla@suse.com
 - Make sure this is being built with go 1.7
 -------------------------------------------------------------------
 Wed Apr 12 09:14:35 UTC 2017 - jmassaguerpla@suse.com
 - remove the go_arches macro because we are using go1.7 which
  is available in all archs
 - remove gcc specific patches
  * gcc-go-patches.patch
  * netlink_netns_powerpc.patch
  * boltdb_bolt_add_brokenUnaligned.patch
 -------------------------------------------------------------------
 Wed Apr 12 07:58:08 UTC 2017 - asarai@suse.com
--- a/docker.spec
+++ b/docker.spec
@ -17,26 +17,12 @@
 # nodebuginfo
 # Check if go_arches is defined in the project configuration
 # Otherwise, define it here
 # In order to define it in the project configuration, see
 #
 # https://en.opensuse.org/openSUSE:Build%20Service%20prjconf#Macros
 #
 # The Macros tag is the one that defines the go_arches variable to be used
 # in the spec file.
 # The "define" one is to help the specfile parser of the buildservice
 # to see what packages are being built. You also want to define it here
 # for keeping things consistent.
 %{!?go_arches: %global go_arches %ix86 x86_64 aarch64 ppc64le}
 %global docker_store              %{_localstatedir}/lib/docker
 %global docker_migration_testfile %{docker_store}/.suse-image-migration-v1to2-complete
 %global docker_migration_warnfile %{docker_store}/docker-update-message.txt
 %define docker_graph              %{docker_store}/graph
 %define git_version 78d1802
-%define version_unconverted 1.13.0
+%define version_unconverted 17.04.0_ce
 %define __arch_install_post export NO_BRP_STRIP_DEBUG=true
 # When upgrading to a new version requires the service not to be restarted
 # Due to a long migration process update last_migration_version to the new version
@ -44,7 +30,7 @@
 # 1.10.1
 %global last_migration_version 1.10.1
 Name:           docker
-Version:        1.13.0
+Version:        17.04.0_ce
 Release:        0
 Summary:        The Linux container runtime
 License:        Apache-2.0
@ -60,10 +46,6 @@ Source8:        docker-audit.rules
 Source9:        docker-update-message.txt
 Source10:       tests.sh
 Source11:       docker_service_helper.sh
 # Fixes for architecture-specific issues (gcc-go).
 Patch100:       gcc-go-patches.patch
 Patch102:       netlink_netns_powerpc.patch
 Patch103:       boltdb_bolt_add_brokenUnaligned.patch
 # SUSE-FEATURE: Adds the /run/secrets mountpoint inside all Docker containers
 # which is not snapshotted when images are committed. Note that if you modify
 # this patch, please also modify the patch in the suse-secrets-v<version>
@ -72,8 +54,10 @@ Patch200:       secrets-0001-daemon-allow-directory-creation-in-run-secrets.patc
 Patch201:       secrets-0002-SUSE-implement-SUSE-container-secrets.patch
 # PATCH-FIX-UPSTREAM: Backports.
 Patch300:       integration-cli-fix-TestInfoEnsureSucceeds.patch
-Patch301:       pr31549-cmd-docker-fix-TestDaemonCommand.patch
+# PATCH-FIX-UPSTREAM: Backport of https://github.com/docker/cli/pull/52 (bsc#1037436).
-Patch302:       pr31773-daemon-also-ensureDefaultApparmorProfile-in-exec-pat.patch
+Patch400:       bsc1037436-0001-client-check-tty-before-creating-exec-job.patch
 # PATCH-FIX-UPSTREAM: Backport of https://github.com/moby/moby/pull/33250 (bsc#1037607).
 Patch401:       bsc1037607-0001-apparmor-make-pkg-aaparser-work-on-read-only-root.patch
 BuildRequires:  audit
 BuildRequires:  bash-completion
 BuildRequires:  ca-certificates
@ -97,13 +81,13 @@ BuildRequires:  zsh
 Requires:       apparmor-parser
 Requires:       bridge-utils
 Requires:       ca-certificates-mozilla
-Requires:       docker-libnetwork = 0.0.0+git20161019.0f53435
+Requires:       docker-libnetwork = 0.0.0+git20170119.7b2b1fe
 # Containerd and runC are required as they are the only currently supported
 # execdrivers of Docker. NOTE: The version pinning here matches upstream's
 # Dockerfile to ensure that we don't use a slightly incompatible version of
 # runC or containerd (which would be bad).
-Requires:       containerd = 0.2.5+gitr608_03e5862
+Requires:       containerd = 0.2.5+gitr639_422e31c
-Requires:       runc = 0.1.1+gitr2942_2f7393a
+Requires:       runc = 0.1.1+gitr2947_9c2d8d1
 # Provides mkfs.ext4 - used by Docker when devicemapper storage driver is used
 Requires:       e2fsprogs
 Requires:       git-core >= 1.7
@ -124,12 +108,9 @@ Recommends:     lvm2 >= 2.2.89
 Conflicts:      lxc < 1.0
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 ExcludeArch:    %ix86 s390 ppc
-%ifarch %{go_arches}
+# Make sure we build with go 1.7
 BuildRequires:  go >= 1.5
 BuildRequires:  go-go-md2man
-%else
+BuildRequires:  golang(API) = 1.7
 BuildRequires:  gcc6-go >= 6.1
 %endif
 %description
 Docker complements LXC with a high-level API which operates at the process
@ -169,15 +150,12 @@ Requires:       apparmor-parser
 Requires:       bash-completion
 Requires:       device-mapper-devel >= 1.2.68
 Requires:       glibc-devel-static
 # Make sure we require go 1.7
 Requires:       libapparmor-devel
 Requires:       libbtrfs-devel >= 3.8
 Requires:       procps
 Requires:       sqlite3-devel
-%ifarch %{go_arches}
+Requires:       golang(API) = 1.7
 Requires:       go >= 1.4
 %else
 Requires:       gcc6-go >= 6.1
 %endif
 %description test
 Test package for docker. It contains the source code and the tests.
@ -190,25 +168,13 @@ Test package for docker. It contains the source code and the tests.
 %patch200 -p1
 %patch201 -p1
 %endif
 %ifnarch %{go_arches}
 %patch100 -p1
 %patch102 -p1
 %patch103 -p1
 %endif
 %patch300 -p1
-%patch301 -p1
+%patch400 -p1
-%patch302 -p1
+%patch401 -p1
 cp %{SOURCE7} .
 cp %{SOURCE10} .
 %build
 %ifnarch %{go_arches}
 tmphack=/tmp/dirty-hack
 [ -e $tmphack ] && rm -rf $tmphack
 mkdir $tmphack
 ln -s %{_bindir}/go-6 $tmphack/go
 export PATH=$tmphack:$PATH
 %endif
 BUILDTAGS="exclude_graphdriver_aufs apparmor selinux pkcs11"
 %if 0%{?with_libseccomp}
@ -226,16 +192,15 @@ BUILDTAGS="seccomp $BUILDTAGS"
 export AUTO_GOPATH=1
 export DOCKER_BUILDTAGS="$BUILDTAGS"
 export DOCKER_GITCOMMIT=%{git_version}
 # Until boo#1038493 is fixed properly we need to do this hack to get the
 # compiled-into-the-binary GOROOT.
 export GOROOT="$(GOROOT= go env GOROOT)"
 EOF
 ) > docker_build_env
 . ./docker_build_env
 %ifarch %{go_arches}
 ./hack/make.sh dynbinary
 man/md2man-all.sh
 %else
 ./hack/make.sh dyngccgo
 %endif
 # build the tests binary
 GOPATH=$(pwd)/vendor:$(pwd)/.gopath/ go test \
@ -246,7 +211,6 @@ GOPATH=$(pwd)/vendor:$(pwd)/.gopath/ go test \
 # otherwise the resulting package will have extra requires
 rm -rf hack/make/.build-deb
 %ifarch %go_arches
 %check
 . ./docker_build_env
@ -304,18 +268,12 @@ PKG_LIST=$(go list -e \
 %endif
 go test -cover -ldflags -w -tags "$DOCKER_BUILDTAGS" -a -test.timeout=10m $PKG_LIST
 %endif
 %install
 install -d %{buildroot}%{go_contribdir}
 install -d %{buildroot}%{_bindir}
 %ifarch %{go_arches}
 install -D -m755 bundles/latest/dynbinary-client/%{name} %{buildroot}/%{_bindir}/%{name}
 install -D -m755 bundles/latest/dynbinary-daemon/%{name}d %{buildroot}/%{_bindir}/%{name}d
 %else
 install -D -m755 bundles/latest/dyngccgo/%{name} %{buildroot}/%{_bindir}/%{name}
 install -D -m755 bundles/latest/dyngccgo/%{name}d %{buildroot}/%{_bindir}/%{name}d
 %endif
 install -d %{buildroot}/%{_prefix}/lib/docker
 install -Dd -m 0755 \
   %{buildroot}%{_sysconfdir}/init.d \
@ -356,7 +314,6 @@ install -D -m 0640 %{SOURCE8} %{buildroot}%{_sysconfdir}/audit/rules.d/%{name}.r
 # sysconfig file
 install -D -m 644 %{SOURCE4} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.docker
 %ifarch %{go_arches}
 # install manpages
 install -d %{buildroot}%{_mandir}/man1
 install -p -m 644 man/man1/*.1 %{buildroot}%{_mandir}/man1
@ -364,7 +321,6 @@ install -d %{buildroot}%{_mandir}/man5
 install -p -m 644 man/man5/Dockerfile.5 %{buildroot}%{_mandir}/man5
 install -d %{buildroot}%{_mandir}/man8
 install -p -m 644 man/man8/*.8 %{buildroot}%{_mandir}/man8
 %endif
 install -D -m 0644 %{SOURCE9} %{buildroot}%{docker_migration_warnfile}
@ -424,7 +380,7 @@ fi
 %files
 %defattr(-,root,root)
-%doc README.md LICENSE README_SUSE.md
+%doc README.md LICENSE README_SUSE.md CHANGELOG.md
 %{_bindir}/docker
 %{_bindir}/dockerd
 %{_sbindir}/rcdocker
@ -434,12 +390,10 @@ fi
 %{_udevrulesdir}/80-%{name}.rules
 %{_localstatedir}/adm/fillup-templates/sysconfig.docker
 %{_localstatedir}/lib/docker/
 %ifarch %{go_arches}
 %{_mandir}/man1/docker-*.1%{ext_man}
 %{_mandir}/man1/docker.1%{ext_man}
 %{_mandir}/man5/Dockerfile.5%{ext_man}
 %{_mandir}/man8/dockerd.8%{ext_man}
 %endif
 %files bash-completion
 %defattr(-,root,root)
--- a/gcc-go-patches.patch
+++ b/gcc-go-patches.patch
@ -1,47 +0,0 @@
 diff --git a/hack/make/gccgo b/hack/make/gccgo
 index 54c983e..1c11bbf 100644
 --- a/hack/make/gccgo
 +++ b/hack/make/gccgo
@@ -1,5 +1,5 @@
 #!/bin/bash
 -set -e
 +set -ex
 BINARY_NAME="dockerd-$VERSION"
 BINARY_EXTENSION="$(binary_extension)"
@@ -22,9 +22,11 @@ go build -compiler=gccgo \
 	"${BUILDFLAGS[@]}" \
 	-gccgoflags "
 		-g
 +		-Wl,--add-needed -Wl,--no-as-needed
 		$EXTLDFLAGS_STATIC
 +                -static-libgo
 		-Wl,--no-export-dynamic
 -		-ldl
 +		-ldl -lselinux -lsystemd
 		-pthread
 	" \
 	./cmd/dockerd
@@ -37,7 +39,9 @@ go build -compiler=gccgo \
 	"${BUILDFLAGS[@]}" \
 	-gccgoflags "
 		-g
 +		-Wl,--add-needed -Wl,--no-as-needed
 		$EXTLDFLAGS_STATIC
 +                -static-libgo
 		-Wl,--no-export-dynamic
 		-ldl
 		-pthread
@@ -55,9 +59,11 @@ go build -compiler=gccgo \
 	"${BUILDFLAGS[@]}" \
 	-gccgoflags "
 		-g
 +		-Wl,--add-needed -Wl,--no-as-needed
 		$EXTLDFLAGS_STATIC
 +		-static-libgo
 		-Wl,--no-export-dynamic
 -		-ldl
 +		-ldl -lselinux -lsystemd
 		-pthread
 	" \
 	./cmd/docker
--- a/integration-cli-fix-TestInfoEnsureSucceeds.patch
+++ b/integration-cli-fix-TestInfoEnsureSucceeds.patch
@ -1,13 +1,13 @@
 diff --git a/integration-cli/docker_cli_info_test.go b/integration-cli/docker_cli_info_test.go
-index 62ce7e2..46516f9 100644
+index 5eb2f0f..39f93bd 100644
 --- a/integration-cli/docker_cli_info_test.go
 +++ b/integration-cli/docker_cli_info_test.go
-@@ -40,7 +40,7 @@ func (s *DockerSuite) TestInfoEnsureSucceeds(c *check.C) {
+@@ -41,7 +41,7 @@ func (s *DockerSuite) TestInfoEnsureSucceeds(c *check.C) {
 	}
- 	if DaemonIsLinux.Condition() {
+ 	if DaemonIsLinux() {
 -		stringsToCheck = append(stringsToCheck, "Runtimes:", "Default Runtime: runc")
 +		stringsToCheck = append(stringsToCheck, "Runtimes:", "Default Runtime: oci")
 	}
- 	if experimentalDaemon {
+ 	if testEnv.ExperimentalDaemon() {
--- a/netlink_netns_powerpc.patch
+++ b/netlink_netns_powerpc.patch
@ -1,16 +0,0 @@
 ---
 vendor/src/github.com/vishvananda/netns/netns_linux_ppc64.go |    7 +++++++
 1 file changed, 7 insertions(+)
 Index: docker-1.10.2/vendor/src/github.com/vishvananda/netns/netns_linux_ppc64.go
 ===================================================================
 --- /dev/null
 +++ docker-1.10.2/vendor/src/github.com/vishvananda/netns/netns_linux_ppc64.go
@@ -0,0 +1,7 @@
 +// +build linux,ppc64
 +
 +package netns
 +
 +const (
 +	SYS_SETNS = 350
 +)
--- a/pr31549-cmd-docker-fix-TestDaemonCommand.patch
+++ b/pr31549-cmd-docker-fix-TestDaemonCommand.patch
@ -1,49 +0,0 @@
 From dd7159060f60ea04007c069df189a29fda2c655f Mon Sep 17 00:00:00 2001
 From: Aleksa Sarai <asarai@suse.de>
 Date: Sun, 5 Mar 2017 15:25:11 +1100
 Subject: [PATCH] cmd: docker: fix TestDaemonCommand
 In more recent versions of Cobra, `--help` parsing is done before
 anything else resulting in TestDaemonCommand not actually passing. I'm
 actually unsure if this test ever passed since it appears that !daemon
 is not being run as part of the test suite.
 Signed-off-by: Aleksa Sarai <asarai@suse.de>
 ---
 cmd/docker/daemon_none.go      | 6 ++++--
 cmd/docker/daemon_none_test.go | 2 +-
 2 files changed, 5 insertions(+), 3 deletions(-)
 diff --git a/cmd/docker/daemon_none.go b/cmd/docker/daemon_none.go
 index 65f9f37be22f..6fbd00012526 100644
 --- a/cmd/docker/daemon_none.go
 +++ b/cmd/docker/daemon_none.go
@@ -12,8 +12,10 @@ import (
 func newDaemonCommand() *cobra.Command {
 	return &cobra.Command{
 -		Use:    "daemon",
 -		Hidden: true,
 +		Use:                "daemon",
 +		Hidden:             true,
 +		Args:               cobra.ArbitraryArgs,
 +		DisableFlagParsing: true,
 		RunE: func(cmd *cobra.Command, args []string) error {
 			return runDaemon()
 		},
 diff --git a/cmd/docker/daemon_none_test.go b/cmd/docker/daemon_none_test.go
 index 32032fe1b344..bd42add98696 100644
 --- a/cmd/docker/daemon_none_test.go
 +++ b/cmd/docker/daemon_none_test.go
@@ -10,7 +10,7 @@ import (
 func TestDaemonCommand(t *testing.T) {
 	cmd := newDaemonCommand()
 -	cmd.SetArgs([]string{"--help"})
 +	cmd.SetArgs([]string{"--version"})
 	err := cmd.Execute()
 	assert.Error(t, err, "Please run `dockerd`")
 -- 
 2.12.0
--- a/pr31773-daemon-also-ensureDefaultApparmorProfile-in-exec-pat.patch
+++ b/pr31773-daemon-also-ensureDefaultApparmorProfile-in-exec-pat.patch
@ -1,59 +0,0 @@
 From 790a81ea9acce318d0e037771c253951b874140b Mon Sep 17 00:00:00 2001
 From: Aleksa Sarai <asarai@suse.de>
 Date: Mon, 13 Mar 2017 14:57:35 +1100
 Subject: [PATCH] daemon: also ensureDefaultApparmorProfile in exec path
 When 567ef8e7858c ("daemon: switch to 'ensure' workflow for AppArmor
 profiles") was merged, it didn't correctly handle the exec path if
 AppArmor profiles were deleted. Fix this by duplicating the
 ensureDefaultApparmorProfile code in the exec code.
 Fixes: 567ef8e7858c ("daemon: switch to 'ensure' workflow for AppArmor profiles")
 Signed-off-by: Aleksa Sarai <asarai@suse.de>
 ---
 daemon/exec_linux.go | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 diff --git a/daemon/exec_linux.go b/daemon/exec_linux.go
 index 5aeedc347027..bb11c11e447c 100644
 --- a/daemon/exec_linux.go
 +++ b/daemon/exec_linux.go
@@ -5,6 +5,7 @@ import (
 	"github.com/docker/docker/daemon/caps"
 	"github.com/docker/docker/daemon/exec"
 	"github.com/docker/docker/libcontainerd"
 +	"github.com/opencontainers/runc/libcontainer/apparmor"
 	"github.com/opencontainers/runtime-spec/specs-go"
 )
@@ -23,5 +24,27 @@ func execSetPlatformOpt(c *container.Container, ec *exec.Config, p *libcontainer
 	if ec.Privileged {
 		p.Capabilities = caps.GetAllCapabilities()
 	}
 +	if apparmor.IsEnabled() {
 +		var appArmorProfile string
 +		if c.AppArmorProfile != "" {
 +			appArmorProfile = c.AppArmorProfile
 +		} else if c.HostConfig.Privileged {
 +			appArmorProfile = "unconfined"
 +		} else {
 +			appArmorProfile = "docker-default"
 +		}
 +
 +		if appArmorProfile == "docker-default" {
 +			// Unattended upgrades and other fun services can unload AppArmor
 +			// profiles inadvertently. Since we cannot store our profile in
 +			// /etc/apparmor.d, nor can we practically add other ways of
 +			// telling the system to keep our profile loaded, in order to make
 +			// sure that we keep the default profile enabled we dynamically
 +			// reload it if necessary.
 +			if err := ensureDefaultAppArmorProfile(); err != nil {
 +				return err
 +			}
 +		}
 +	}
 	return nil
 }
 -- 
 2.12.0
--- a/secrets-0002-SUSE-implement-SUSE-container-secrets.patch
+++ b/secrets-0002-SUSE-implement-SUSE-container-secrets.patch
@ -66,7 +66,7 @@ index 000000000000..591abc998e67
 +	"syscall"
 +
 +	"github.com/Sirupsen/logrus"
-+	"github.com/docker/distribution/digest"
+	"github.com/opencontainers/go-digest"
 +	"github.com/docker/docker/container"
 +
 +	swarmtypes "github.com/docker/docker/api/types/swarm"