diff --git a/_service b/_service
index 29e28cd..53842c5 100644
--- a/_service
+++ b/_service
@@ -3,15 +3,12 @@
https://github.com/docker/docker-ce.git
git
.git
- 18.09.0_ce
- v18.09.0
+ 18.09.1_ce.%h
+ v18.09.1
docker
docker-*.tar
xz
-
- docker
-
diff --git a/bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch b/bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
deleted file mode 100644
index 0ac53e5..0000000
--- a/bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-From 4962b0a0bc6ca1fc99b0936175f929f9d3f5fa4c Mon Sep 17 00:00:00 2001
-From: Aleksa Sarai
-Date: Sun, 8 Apr 2018 20:21:30 +1000
-Subject: [PATCH 1/2] apparmor: allow receiving of signals from 'docker kill'
-
-In newer kernels, AppArmor will reject attempts to send signals to a
-container because the signal originated from outside of that AppArmor
-profile. Correct this by allowing all unconfined signals to be received.
-
-Signed-off-by: Goldwyn Rodrigues
-Signed-off-by: Aleksa Sarai
----
- .../engine/profiles/apparmor/apparmor.go | 21 +++++++++++++++++++
- .../engine/profiles/apparmor/template.go | 6 ++++++
- 2 files changed, 27 insertions(+)
-
-diff --git a/components/engine/profiles/apparmor/apparmor.go b/components/engine/profiles/apparmor/apparmor.go
-index b021668c8e4c..2f58ee852cab 100644
---- a/components/engine/profiles/apparmor/apparmor.go
-+++ b/components/engine/profiles/apparmor/apparmor.go
-@@ -23,6 +23,8 @@ var (
- type profileData struct {
- // Name is profile name.
- Name string
-+ // DaemonProfile is the profile name of our daemon.
-+ DaemonProfile string
- // Imports defines the apparmor functions to import, before defining the profile.
- Imports []string
- // InnerImports defines the apparmor functions to import in the profile.
-@@ -70,6 +72,25 @@ func InstallDefault(name string) error {
- Name: name,
- }
-
-+ // Figure out the daemon profile.
-+ currentProfile, err := ioutil.ReadFile("/proc/self/attr/current")
-+ if err != nil {
-+ // If we couldn't get the daemon profile, assume we are running
-+ // unconfined which is generally the default.
-+ currentProfile = nil
-+ }
-+ daemonProfile := string(currentProfile)
-+ // Normally profiles are suffixed by " (enforcing)" or similar. AppArmor
-+ // profiles cannot contain spaces so this doesn't restrict daemon profile
-+ // names.
-+ if parts := strings.SplitN(daemonProfile, " ", 2); len(parts) >= 1 {
-+ daemonProfile = parts[0]
-+ }
-+ if daemonProfile == "" {
-+ daemonProfile = "unconfined"
-+ }
-+ p.DaemonProfile = daemonProfile
-+
- // Install to a temporary directory.
- f, err := ioutil.TempFile("", name)
- if err != nil {
-diff --git a/components/engine/profiles/apparmor/template.go b/components/engine/profiles/apparmor/template.go
-index c00a3f70e993..400b3bd50a11 100644
---- a/components/engine/profiles/apparmor/template.go
-+++ b/components/engine/profiles/apparmor/template.go
-@@ -17,6 +17,12 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) {
- capability,
- file,
- umount,
-+{{if ge .Version 208096}}
-+{{/* Allow 'docker kill' to actually send signals to container processes. */}}
-+ signal (receive) peer={{.DaemonProfile}},
-+{{/* Allow container processes to send signals amongst themselves. */}}
-+ signal (send,receive) peer={{.Name}},
-+{{end}}
-
- deny @{PROC}/* w, # deny write for all files directly in /proc (not in a subdir)
- # deny write to files not in /proc//** or /proc/sys/**
---
-2.19.1
-
diff --git a/docker-18.09.0_ce.tar.xz b/docker-18.09.0_ce.tar.xz
deleted file mode 100644
index f42cb41..0000000
--- a/docker-18.09.0_ce.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ce38c3b659b78bccdfaf07b1f0a4eaaf454ffec726434511feeee1b9a2fc8151
-size 9264940
diff --git a/docker-18.09.1_ce.4c52b901c6cb.tar.xz b/docker-18.09.1_ce.4c52b901c6cb.tar.xz
new file mode 100644
index 0000000..1e93f46
--- /dev/null
+++ b/docker-18.09.1_ce.4c52b901c6cb.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:977edd36e90089a63712975d63bdce7b99d6b5ac8cddaa54b71c216c1ed75020
+size 9334972
diff --git a/docker-daemon.json b/docker-daemon.json
new file mode 100644
index 0000000..3661a83
--- /dev/null
+++ b/docker-daemon.json
@@ -0,0 +1,8 @@
+{
+ "log-level": "warn",
+ "log-driver": "json-file",
+ "log-opts": {
+ "max-size": "10m",
+ "max-file": "5"
+ }
+}
diff --git a/docker.changes b/docker.changes
index bb05463..8db1c35 100644
--- a/docker.changes
+++ b/docker.changes
@@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Sat Feb 9 13:54:03 UTC 2019 - Aleksa Sarai
+
+- Update shell completion to use Group: System/Shells.
+
+-------------------------------------------------------------------
+Wed Feb 6 14:37:43 UTC 2019 - Michal Jura
+
+- Add daemon.json file with rotation logs cofiguration, bsc#1114832
+
+-------------------------------------------------------------------
+Tue Feb 5 11:24:02 UTC 2019 - Aleksa Sarai
+
+- Update to Docker 18.09.1-ce. See upstream changelog in the packaged
+ /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1124308
+- Remove upstreamed patches.
+ - bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
+
-------------------------------------------------------------------
Fri Jan 11 09:57:32 UTC 2019 - Sascha Grunert
diff --git a/docker.spec b/docker.spec
index 1528765..0a6149c 100644
--- a/docker.spec
+++ b/docker.spec
@@ -42,24 +42,24 @@
# helpfully injects into our build environment from the changelog). If you want
# to generate a new git_commit_epoch, use this:
# $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s'
-%define git_version e68fc7a215d7
-%define git_commit_epoch 1534871791
+%define git_version 4c52b901c6cb
+%define git_commit_epoch 1547060456
# These are the git commits required. We verify them against the source to make
# sure we didn't miss anything important when doing upgrades.
-%define required_containerd 468a545b9edcd5932818eb9de8e72413e616e86e
-%define required_dockerrunc 69663f0bd4b60df09991c08812a60108003fa340
-%define required_libnetwork 6da50d1978302f04c3e2089e29112ea24812f05b
+%define required_containerd 9754871865f7fe2f4e74d43e2fc7ccd237edcbce
+%define required_dockerrunc 96ec2177ae841256168fcf76954f7177af9446eb
+%define required_libnetwork 2cfbf9b1f98162a55829a21cc603c76072a75382
Name: %{realname}%{name_suffix}
-Version: 18.09.0_ce
+Version: 18.09.1_ce
Release: 0
Summary: The Linux container runtime
License: Apache-2.0
Group: System/Management
Url: http://www.docker.io
# TODO(VR): check those SOURCE files below
-Source: %{realname}-%{version}.tar.xz
+Source: %{realname}-%{version}.%{git_version}.tar.xz
Source1: docker.service
# bsc#1086185 -- but we only apply this on Kubic.
Source2: docker-kubic-service.conf
@@ -70,14 +70,13 @@ Source6: docker-rpmlintrc
Source7: README_SUSE.md
Source8: docker-audit.rules
Source9: tests.sh
+Source10: docker-daemon.json
# SUSE-FEATURE: Adds the /run/secrets mountpoint inside all Docker containers
# which is not snapshotted when images are committed. Note that if you modify
# this patch, please also modify the patch in the suse-secrets-v
# branch in http://github.com/suse/docker.mirror.
Patch200: secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
Patch201: secrets-0002-SUSE-implement-SUSE-container-secrets.patch
-# SUSE-BACKPORT: Backport of https://github.com/docker/docker/pull/37831. bsc#1073877
-Patch400: bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
# SUSE-BACKPORT: Backport of https://github.com/docker/docker/pull/37353. bsc#1099277
Patch401: bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch
# SUSE-BACKPORT: Backport of https://github.com/docker/cli/pull/1306. boo#1047218
@@ -175,7 +174,7 @@ service-oriented architectures, etc.
%package bash-completion
Summary: Bash Completion for %{name}
-Group: System/Management
+Group: System/Shells
Requires: %{name} = %{version}
Supplements: packageand(%{name}:bash-completion)
BuildArch: noarch
@@ -196,7 +195,7 @@ Bash command line completion support for %{name}.
%package zsh-completion
Summary: Zsh Completion for %{name}
-Group: System/Management
+Group: System/Shells
Requires: %{name} = %{version}
Supplements: packageand(%{name}:zsh)
BuildArch: noarch
@@ -259,7 +258,7 @@ docker container runtime configuration for kubeadm
%endif
%prep
-%setup -q -n %{realname}-%{version}
+%setup -q -n %{realname}-%{version}.%{git_version}
%if 0%{?is_opensuse}
# nothing
%else
@@ -267,8 +266,6 @@ docker container runtime configuration for kubeadm
%patch200 -p1
%patch201 -p1
%endif
-# bsc#1073877
-%patch400 -p1
# bsc#1099277
%patch401 -p1
# boo#1047218
@@ -394,6 +391,9 @@ install -D -m 0640 %{SOURCE8} %{buildroot}%{_sysconfdir}/audit/rules.d/%{realnam
# sysconfig file
install -D -m 644 %{SOURCE4} %{buildroot}%{_fillupdir}/sysconfig.docker
+# install docker config file
+install -D -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}/daemon.json
+
# install manpages (using the ones from the engine)
install -d %{buildroot}%{_mandir}/man1
install -p -m 644 components/cli/man/man1/*.1 %{buildroot}%{_mandir}/man1
@@ -451,6 +451,7 @@ getent group docker >/dev/null || groupadd -r docker
%dir %{_unitdir}/%{realname}.service.d/
%{_unitdir}/%{realname}.service.d/90-kubic.conf
%endif
+%config %{_sysconfdir}/daemon.json
%config %{_sysconfdir}/audit/rules.d/%{realname}.rules
%{_udevrulesdir}/80-%{realname}.rules
%{_fillupdir}/sysconfig.docker