Accepting request 1040668 from home:cyphar:docker
- Update to Docker 20.10.21-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/#201021>. bsc#1206065 - Rebase patches: * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch * 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch * 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch - The PRIVATE-REGISTRY patch will now output a warning if it is being used (in preparation for removing the feature). This feature was never meant to be used by users directly (and is only available in the -kubic/CaaSP version of the package anyway) and thus should not affect any users. OBS-URL: https://build.opensuse.org/request/show/1040668 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=378
This commit is contained in:
parent
2d5b72554e
commit
8d13290266
@ -1,7 +1,7 @@
|
|||||||
From 37dfb97c0016300dd6453fc718805ccdf341bfd6 Mon Sep 17 00:00:00 2001
|
From 823bedd07fac6778a3d94b6f949ac16e6bd12638 Mon Sep 17 00:00:00 2001
|
||||||
From: Aleksa Sarai <asarai@suse.de>
|
From: Aleksa Sarai <asarai@suse.de>
|
||||||
Date: Wed, 8 Mar 2017 12:41:54 +1100
|
Date: Wed, 8 Mar 2017 12:41:54 +1100
|
||||||
Subject: [PATCH 1/6] SECRETS: daemon: allow directory creation in /run/secrets
|
Subject: [PATCH 1/7] SECRETS: daemon: allow directory creation in /run/secrets
|
||||||
|
|
||||||
Since FileMode can have the directory bit set, allow a SecretStore
|
Since FileMode can have the directory bit set, allow a SecretStore
|
||||||
implementation to return secrets that are actually directories. This is
|
implementation to return secrets that are actually directories. This is
|
||||||
@ -70,5 +70,5 @@ index 75b4b09b8dc4..583db20aa459 100644
|
|||||||
return errors.Wrap(err, "error setting ownership for secret")
|
return errors.Wrap(err, "error setting ownership for secret")
|
||||||
}
|
}
|
||||||
--
|
--
|
||||||
2.36.1
|
2.38.1
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
From 11ac23e5620ee53c9527334d2222b32ca5098876 Mon Sep 17 00:00:00 2001
|
From fa24396cbecbb6cdc7c734559389486849c2268c Mon Sep 17 00:00:00 2001
|
||||||
From: Aleksa Sarai <asarai@suse.de>
|
From: Aleksa Sarai <asarai@suse.de>
|
||||||
Date: Wed, 8 Mar 2017 11:43:29 +1100
|
Date: Wed, 8 Mar 2017 11:43:29 +1100
|
||||||
Subject: [PATCH 2/6] SECRETS: SUSE: implement SUSE container secrets
|
Subject: [PATCH 2/7] SECRETS: SUSE: implement SUSE container secrets
|
||||||
|
|
||||||
This allows for us to pass in host credentials to a container, allowing
|
This allows for us to pass in host credentials to a container, allowing
|
||||||
for SUSEConnect to work with containers.
|
for SUSEConnect to work with containers.
|
||||||
@ -451,5 +451,5 @@ index 000000000000..9ee33adf7497
|
|||||||
+ return nil
|
+ return nil
|
||||||
+}
|
+}
|
||||||
--
|
--
|
||||||
2.36.1
|
2.38.1
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
From cf3c6ccefda39c60dc656404674628ac48b55de9 Mon Sep 17 00:00:00 2001
|
From 0fe6aba9612d2b483b29192c0605b1311b77a92b Mon Sep 17 00:00:00 2001
|
||||||
From: Valentin Rothberg <vrothberg@suse.com>
|
From: Valentin Rothberg <vrothberg@suse.com>
|
||||||
Date: Mon, 2 Jul 2018 13:37:34 +0200
|
Date: Mon, 2 Jul 2018 13:37:34 +0200
|
||||||
Subject: [PATCH 3/6] PRIVATE-REGISTRY: add private-registry mirror support
|
Subject: [PATCH 3/7] PRIVATE-REGISTRY: add private-registry mirror support
|
||||||
|
|
||||||
NOTE: This is a backport/downstream patch of the upstream pull-request
|
NOTE: This is a backport/downstream patch of the upstream pull-request
|
||||||
for Moby, which is still subject to changes. Please visit
|
for Moby, which is still subject to changes. Please visit
|
||||||
@ -72,12 +72,12 @@ Signed-off-by: Aleksa Sarai <asarai@suse.de>
|
|||||||
distribution/pull.go | 2 +-
|
distribution/pull.go | 2 +-
|
||||||
distribution/pull_v2.go | 2 +-
|
distribution/pull_v2.go | 2 +-
|
||||||
distribution/push.go | 2 +-
|
distribution/push.go | 2 +-
|
||||||
registry/config.go | 126 ++++++++++++++++++++++++++++-
|
registry/config.go | 133 +++++++++++++++++++++++++++++-
|
||||||
registry/config_test.go | 142 ++++++++++++++++++++++++++++++++
|
registry/config_test.go | 142 ++++++++++++++++++++++++++++++++
|
||||||
registry/registry_test.go | 99 ++++++++++++++++++++---
|
registry/registry_test.go | 99 ++++++++++++++++++++---
|
||||||
registry/service.go | 43 +++++++---
|
registry/service.go | 43 +++++++---
|
||||||
registry/service_v2.go | 64 +++++++++++----
|
registry/service_v2.go | 63 +++++++++++----
|
||||||
12 files changed, 710 insertions(+), 46 deletions(-)
|
12 files changed, 716 insertions(+), 46 deletions(-)
|
||||||
|
|
||||||
diff --git a/api/types/registry/registry.go b/api/types/registry/registry.go
|
diff --git a/api/types/registry/registry.go b/api/types/registry/registry.go
|
||||||
index 53e47084c8d5..b4bb9ef805d3 100644
|
index 53e47084c8d5..b4bb9ef805d3 100644
|
||||||
@ -444,10 +444,10 @@ index c8ddd4c5cfcd..b17e9d25d6c2 100644
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
diff --git a/distribution/pull_v2.go b/distribution/pull_v2.go
|
diff --git a/distribution/pull_v2.go b/distribution/pull_v2.go
|
||||||
index 123abf6b497a..097ead45d0fd 100644
|
index 5abd18b6cf7c..0796e7ea1d52 100644
|
||||||
--- a/distribution/pull_v2.go
|
--- a/distribution/pull_v2.go
|
||||||
+++ b/distribution/pull_v2.go
|
+++ b/distribution/pull_v2.go
|
||||||
@@ -432,7 +432,7 @@ func (p *v2Puller) pullV2Tag(ctx context.Context, ref reference.Named, platform
|
@@ -433,7 +433,7 @@ func (p *v2Puller) pullV2Tag(ctx context.Context, ref reference.Named, platform
|
||||||
// the other side speaks the v2 protocol.
|
// the other side speaks the v2 protocol.
|
||||||
p.confirmedV2 = true
|
p.confirmedV2 = true
|
||||||
|
|
||||||
@ -470,7 +470,7 @@ index 5617a4c95f49..0a24aebed968 100644
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
diff --git a/registry/config.go b/registry/config.go
|
diff --git a/registry/config.go b/registry/config.go
|
||||||
index 54b83fa40aab..e1ba24b83bdd 100644
|
index 54b83fa40aab..5adc913e4344 100644
|
||||||
--- a/registry/config.go
|
--- a/registry/config.go
|
||||||
+++ b/registry/config.go
|
+++ b/registry/config.go
|
||||||
@@ -14,11 +14,12 @@ import (
|
@@ -14,11 +14,12 @@ import (
|
||||||
@ -512,7 +512,7 @@ index 54b83fa40aab..e1ba24b83bdd 100644
|
|||||||
config := &serviceConfig{
|
config := &serviceConfig{
|
||||||
ServiceConfig: registrytypes.ServiceConfig{
|
ServiceConfig: registrytypes.ServiceConfig{
|
||||||
InsecureRegistryCIDRs: make([]*registrytypes.NetIPNet, 0),
|
InsecureRegistryCIDRs: make([]*registrytypes.NetIPNet, 0),
|
||||||
@@ -78,10 +92,106 @@ func newServiceConfig(options ServiceOptions) (*serviceConfig, error) {
|
@@ -78,10 +92,113 @@ func newServiceConfig(options ServiceOptions) (*serviceConfig, error) {
|
||||||
if err := config.LoadInsecureRegistries(options.InsecureRegistries); err != nil {
|
if err := config.LoadInsecureRegistries(options.InsecureRegistries); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@ -531,6 +531,13 @@ index 54b83fa40aab..e1ba24b83bdd 100644
|
|||||||
+func (config *serviceConfig) checkRegistries() error {
|
+func (config *serviceConfig) checkRegistries() error {
|
||||||
+ inUse := make(map[string]string) // key: host, value: user
|
+ inUse := make(map[string]string) // key: host, value: user
|
||||||
+
|
+
|
||||||
|
+ if len(config.Registries) > 0 {
|
||||||
|
+ logrus.Errorf("[SUSE] You are currently using an unsupported and out-of-tree Docker feature intended for internal SUSE only.")
|
||||||
|
+ logrus.Errorf("[SUSE] If you see this warning (and you are not using CaaSP) please open a SUSE bug report to alert us of this.")
|
||||||
|
+ logrus.Errorf("[SUSE] This feature (registry mirrors) will be removed in a future Docker release on SUSE.")
|
||||||
|
+ logrus.Errorf("[SUSE] Please DO NOT submit an upstream bug report about this warning!")
|
||||||
|
+ }
|
||||||
|
+
|
||||||
+ // make sure that each mirror serves only one registry
|
+ // make sure that each mirror serves only one registry
|
||||||
+ for _, reg := range config.Registries {
|
+ for _, reg := range config.Registries {
|
||||||
+ for _, mirror := range reg.Mirrors {
|
+ for _, mirror := range reg.Mirrors {
|
||||||
@ -619,7 +626,7 @@ index 54b83fa40aab..e1ba24b83bdd 100644
|
|||||||
// LoadAllowNondistributableArtifacts loads allow-nondistributable-artifacts registries into config.
|
// LoadAllowNondistributableArtifacts loads allow-nondistributable-artifacts registries into config.
|
||||||
func (config *serviceConfig) LoadAllowNondistributableArtifacts(registries []string) error {
|
func (config *serviceConfig) LoadAllowNondistributableArtifacts(registries []string) error {
|
||||||
cidrs := map[string]*registrytypes.NetIPNet{}
|
cidrs := map[string]*registrytypes.NetIPNet{}
|
||||||
@@ -122,6 +232,10 @@ func (config *serviceConfig) LoadAllowNondistributableArtifacts(registries []str
|
@@ -122,6 +239,10 @@ func (config *serviceConfig) LoadAllowNondistributableArtifacts(registries []str
|
||||||
// LoadMirrors loads mirrors to config, after removing duplicates.
|
// LoadMirrors loads mirrors to config, after removing duplicates.
|
||||||
// Returns an error if mirrors contains an invalid mirror.
|
// Returns an error if mirrors contains an invalid mirror.
|
||||||
func (config *serviceConfig) LoadMirrors(mirrors []string) error {
|
func (config *serviceConfig) LoadMirrors(mirrors []string) error {
|
||||||
@ -630,7 +637,7 @@ index 54b83fa40aab..e1ba24b83bdd 100644
|
|||||||
mMap := map[string]struct{}{}
|
mMap := map[string]struct{}{}
|
||||||
unique := []string{}
|
unique := []string{}
|
||||||
|
|
||||||
@@ -151,6 +265,10 @@ func (config *serviceConfig) LoadMirrors(mirrors []string) error {
|
@@ -151,6 +272,10 @@ func (config *serviceConfig) LoadMirrors(mirrors []string) error {
|
||||||
|
|
||||||
// LoadInsecureRegistries loads insecure registries to config
|
// LoadInsecureRegistries loads insecure registries to config
|
||||||
func (config *serviceConfig) LoadInsecureRegistries(registries []string) error {
|
func (config *serviceConfig) LoadInsecureRegistries(registries []string) error {
|
||||||
@ -1042,10 +1049,10 @@ index 3b08e39da2c2..62556ba1ba70 100644
|
|||||||
for _, endpoint := range allEndpoints {
|
for _, endpoint := range allEndpoints {
|
||||||
if !endpoint.Mirror {
|
if !endpoint.Mirror {
|
||||||
diff --git a/registry/service_v2.go b/registry/service_v2.go
|
diff --git a/registry/service_v2.go b/registry/service_v2.go
|
||||||
index 3e3a5b41ffbd..451a6f874bc1 100644
|
index 154ac7c93e80..06f7d20de8f9 100644
|
||||||
--- a/registry/service_v2.go
|
--- a/registry/service_v2.go
|
||||||
+++ b/registry/service_v2.go
|
+++ b/registry/service_v2.go
|
||||||
@@ -1,39 +1,71 @@
|
@@ -1,42 +1,73 @@
|
||||||
package registry // import "github.com/docker/docker/registry"
|
package registry // import "github.com/docker/docker/registry"
|
||||||
|
|
||||||
import (
|
import (
|
||||||
@ -1060,17 +1067,7 @@ index 3e3a5b41ffbd..451a6f874bc1 100644
|
|||||||
-func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndpoint, err error) {
|
-func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndpoint, err error) {
|
||||||
+func (s *DefaultService) lookupV2Endpoints(reference string) (endpoints []APIEndpoint, err error) {
|
+func (s *DefaultService) lookupV2Endpoints(reference string) (endpoints []APIEndpoint, err error) {
|
||||||
tlsConfig := tlsconfig.ServerDefault()
|
tlsConfig := tlsconfig.ServerDefault()
|
||||||
- if hostname == DefaultNamespace || hostname == IndexHostname {
|
|
||||||
- for _, mirror := range s.config.Mirrors {
|
|
||||||
- if !strings.HasPrefix(mirror, "http://") && !strings.HasPrefix(mirror, "https://") {
|
|
||||||
- mirror = "https://" + mirror
|
|
||||||
- }
|
|
||||||
- mirrorURL, err := url.Parse(mirror)
|
|
||||||
- if err != nil {
|
|
||||||
- return nil, err
|
|
||||||
- }
|
|
||||||
- mirrorTLSConfig, err := s.tlsConfigForMirror(mirrorURL)
|
|
||||||
+
|
|
||||||
+ // extraxt the hostname from the reference
|
+ // extraxt the hostname from the reference
|
||||||
+ refURL := reference
|
+ refURL := reference
|
||||||
+ if !strings.HasPrefix(refURL, "http://") && !strings.HasPrefix(refURL, "https://") {
|
+ if !strings.HasPrefix(refURL, "http://") && !strings.HasPrefix(refURL, "https://") {
|
||||||
@ -1085,6 +1082,18 @@ index 3e3a5b41ffbd..451a6f874bc1 100644
|
|||||||
+ return nil, fmt.Errorf("SUSE PATCH [lookupV2Endpoints]: cannot determine hostname of reference %s", reference)
|
+ return nil, fmt.Errorf("SUSE PATCH [lookupV2Endpoints]: cannot determine hostname of reference %s", reference)
|
||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
|
ana := allowNondistributableArtifacts(s.config, hostname)
|
||||||
|
|
||||||
|
- if hostname == DefaultNamespace || hostname == IndexHostname {
|
||||||
|
- for _, mirror := range s.config.Mirrors {
|
||||||
|
- if !strings.HasPrefix(mirror, "http://") && !strings.HasPrefix(mirror, "https://") {
|
||||||
|
- mirror = "https://" + mirror
|
||||||
|
- }
|
||||||
|
- mirrorURL, err := url.Parse(mirror)
|
||||||
|
- if err != nil {
|
||||||
|
- return nil, err
|
||||||
|
- }
|
||||||
|
- mirrorTLSConfig, err := s.tlsConfigForMirror(mirrorURL)
|
||||||
+ // create endpoints for official and configured registries
|
+ // create endpoints for official and configured registries
|
||||||
+ official := false
|
+ official := false
|
||||||
+ if hostname == "docker.io" {
|
+ if hostname == "docker.io" {
|
||||||
@ -1131,8 +1140,8 @@ index 3e3a5b41ffbd..451a6f874bc1 100644
|
|||||||
+ Official: official,
|
+ Official: official,
|
||||||
TrimHostname: true,
|
TrimHostname: true,
|
||||||
TLSConfig: tlsConfig,
|
TLSConfig: tlsConfig,
|
||||||
})
|
|
||||||
@@ -45,7 +77,7 @@ func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp
|
@@ -48,7 +79,7 @@ func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp
|
||||||
|
|
||||||
tlsConfig, err = s.tlsConfig(hostname)
|
tlsConfig, err = s.tlsConfig(hostname)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -1142,5 +1151,5 @@ index 3e3a5b41ffbd..451a6f874bc1 100644
|
|||||||
|
|
||||||
endpoints = []APIEndpoint{
|
endpoints = []APIEndpoint{
|
||||||
--
|
--
|
||||||
2.36.1
|
2.38.1
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
From 5d2f7a37a37547663aae1538b2d3fd48dd7277c8 Mon Sep 17 00:00:00 2001
|
From bc52d15141402d94eeaee618f1df0b540f527b98 Mon Sep 17 00:00:00 2001
|
||||||
From: Aleksa Sarai <asarai@suse.de>
|
From: Aleksa Sarai <asarai@suse.de>
|
||||||
Date: Fri, 29 Jun 2018 17:59:30 +1000
|
Date: Fri, 29 Jun 2018 17:59:30 +1000
|
||||||
Subject: [PATCH 4/6] bsc1073877: apparmor: clobber docker-default profile on
|
Subject: [PATCH 4/7] bsc1073877: apparmor: clobber docker-default profile on
|
||||||
start
|
start
|
||||||
|
|
||||||
In the process of making docker-default reloading far less expensive,
|
In the process of making docker-default reloading far less expensive,
|
||||||
@ -69,10 +69,10 @@ index e3dc18b32b5e..9c7723056268 100644
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
diff --git a/daemon/daemon.go b/daemon/daemon.go
|
diff --git a/daemon/daemon.go b/daemon/daemon.go
|
||||||
index 2a2fbbd52e19..0999ac3186b7 100644
|
index f15a4b038498..2f0c23bc62c9 100644
|
||||||
--- a/daemon/daemon.go
|
--- a/daemon/daemon.go
|
||||||
+++ b/daemon/daemon.go
|
+++ b/daemon/daemon.go
|
||||||
@@ -855,8 +855,9 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
|
@@ -857,8 +857,9 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
|
||||||
logrus.Warnf("Failed to configure golang's threads limit: %v", err)
|
logrus.Warnf("Failed to configure golang's threads limit: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -85,5 +85,5 @@ index 2a2fbbd52e19..0999ac3186b7 100644
|
|||||||
}
|
}
|
||||||
|
|
||||||
--
|
--
|
||||||
2.36.1
|
2.38.1
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
From b54c6c7addcb163ddcef5e37fc7ed1c0afd0dbfa Mon Sep 17 00:00:00 2001
|
From 57673ad5455b1b27e41716e33b67c9cd8099b580 Mon Sep 17 00:00:00 2001
|
||||||
From: Michal Rostecki <mrostecki@opensuse.org>
|
From: Michal Rostecki <mrostecki@opensuse.org>
|
||||||
Date: Thu, 8 Apr 2021 14:42:02 +0100
|
Date: Thu, 8 Apr 2021 14:42:02 +0100
|
||||||
Subject: [PATCH 5/6] bsc1183855: btrfs: Do not disable quota on cleanup
|
Subject: [PATCH 5/7] bsc1183855: btrfs: Do not disable quota on cleanup
|
||||||
|
|
||||||
Before this change, cleanup of the btrfs driver (occuring on each daemon
|
Before this change, cleanup of the btrfs driver (occuring on each daemon
|
||||||
shutdown) resulted in disabling quotas. It was done with an assumption
|
shutdown) resulted in disabling quotas. It was done with an assumption
|
||||||
@ -140,5 +140,5 @@ index fa0cdf8666b1..02bbb5da1088 100644
|
|||||||
}
|
}
|
||||||
if err := subvolLimitQgroup(dir, size); err != nil {
|
if err := subvolLimitQgroup(dir, size); err != nil {
|
||||||
--
|
--
|
||||||
2.36.1
|
2.38.1
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
From bb67252dfccb18dacc9e0c3463e7c52f32fb2900 Mon Sep 17 00:00:00 2001
|
From dd265ac6cbe070f80a0c607ba147af35858ae5e9 Mon Sep 17 00:00:00 2001
|
||||||
From: Aleksa Sarai <asarai@suse.de>
|
From: Aleksa Sarai <asarai@suse.de>
|
||||||
Date: Fri, 29 Apr 2022 12:44:21 +1000
|
Date: Fri, 29 Apr 2022 12:44:21 +1000
|
||||||
Subject: [PATCH 6/6] bsc1193930: vendor: update golang.org/x/crypto
|
Subject: [PATCH 6/7] bsc1193930: vendor: update golang.org/x/crypto
|
||||||
|
|
||||||
This is necessary to fix several security issues that Docker hasn't
|
This is necessary to fix several security issues that Docker hasn't
|
||||||
backported to their CE branch:
|
backported to their CE branch:
|
||||||
@ -354,10 +354,10 @@ Signed-off-by: Aleksa Sarai <asarai@suse.de>
|
|||||||
create mode 100644 vendor/golang.org/x/crypto/xts/xts.go
|
create mode 100644 vendor/golang.org/x/crypto/xts/xts.go
|
||||||
|
|
||||||
diff --git a/vendor.conf b/vendor.conf
|
diff --git a/vendor.conf b/vendor.conf
|
||||||
index 54e97e4562d8..9ff95d499ef8 100644
|
index a41471b57b71..2965c71c3709 100644
|
||||||
--- a/vendor.conf
|
--- a/vendor.conf
|
||||||
+++ b/vendor.conf
|
+++ b/vendor.conf
|
||||||
@@ -150,7 +150,7 @@ github.com/golang/protobuf 84668698ea25b64748563aa20726
|
@@ -152,7 +152,7 @@ github.com/golang/protobuf 84668698ea25b64748563aa20726
|
||||||
github.com/cloudflare/cfssl 5d63dbd981b5c408effbb58c442d54761ff94fbd # 1.3.2
|
github.com/cloudflare/cfssl 5d63dbd981b5c408effbb58c442d54761ff94fbd # 1.3.2
|
||||||
github.com/fernet/fernet-go 9eac43b88a5efb8651d24de9b68e87567e029736
|
github.com/fernet/fernet-go 9eac43b88a5efb8651d24de9b68e87567e029736
|
||||||
github.com/google/certificate-transparency-go 37a384cd035e722ea46e55029093e26687138edf # v1.0.20
|
github.com/google/certificate-transparency-go 37a384cd035e722ea46e55029093e26687138edf # v1.0.20
|
||||||
@ -41068,5 +41068,5 @@ index 000000000000..b51308e95e52
|
|||||||
+ }
|
+ }
|
||||||
+}
|
+}
|
||||||
--
|
--
|
||||||
2.36.1
|
2.38.1
|
||||||
|
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 078fbd36b8fecab42ac7faad973a16aed10ab28c Mon Sep 17 00:00:00 2001
|
From 6451aa1559ce5a135f599682ab33721e116925bd Mon Sep 17 00:00:00 2001
|
||||||
From: Sebastiaan van Stijn <github@gone.nl>
|
From: Sebastiaan van Stijn <github@gone.nl>
|
||||||
Date: Fri, 29 Jan 2021 14:55:08 +0100
|
Date: Fri, 29 Jan 2021 14:55:08 +0100
|
||||||
Subject: [PATCH 7/7] bsc1200022: fifo.Close(): prevent possible panic if fifo
|
Subject: [PATCH 7/7] bsc1200022: fifo.Close(): prevent possible panic if fifo
|
||||||
@ -52,5 +52,5 @@ index 96c214f270bf..c3eec295b578 100644
|
|||||||
case <-f.closed:
|
case <-f.closed:
|
||||||
f.handle.Close()
|
f.handle.Close()
|
||||||
--
|
--
|
||||||
2.36.1
|
2.38.1
|
||||||
|
|
||||||
|
10
_service
10
_service
@ -3,16 +3,16 @@
|
|||||||
<param name="url">https://github.com/moby/moby.git</param>
|
<param name="url">https://github.com/moby/moby.git</param>
|
||||||
<param name="scm">git</param>
|
<param name="scm">git</param>
|
||||||
<param name="exclude">.git</param>
|
<param name="exclude">.git</param>
|
||||||
<param name="versionformat">20.10.17_ce_%h</param>
|
<param name="versionformat">20.10.21_ce_%h</param>
|
||||||
<param name="revision">v20.10.17</param>
|
<param name="revision">v20.10.21</param>
|
||||||
<param name="filename">docker</param>
|
<param name="filename">docker</param>
|
||||||
</service>
|
</service>
|
||||||
<service name="tar_scm" mode="disabled">
|
<service name="tar_scm" mode="disabled">
|
||||||
<param name="url">https://github.com/docker/cli.git</param>
|
<param name="url">https://github.com/docker/cli.git</param>
|
||||||
<param name="scm">git</param>
|
<param name="scm">git</param>
|
||||||
<param name="exclude">.git</param>
|
<param name="exclude">.git</param>
|
||||||
<param name="versionformat">20.10.17_ce</param>
|
<param name="versionformat">20.10.21_ce</param>
|
||||||
<param name="revision">v20.10.17</param>
|
<param name="revision">v20.10.21</param>
|
||||||
<param name="filename">docker-cli</param>
|
<param name="filename">docker-cli</param>
|
||||||
</service>
|
</service>
|
||||||
<service name="tar_scm" mode="disabled">
|
<service name="tar_scm" mode="disabled">
|
||||||
@ -20,7 +20,7 @@
|
|||||||
<param name="scm">git</param>
|
<param name="scm">git</param>
|
||||||
<param name="exclude">.git</param>
|
<param name="exclude">.git</param>
|
||||||
<param name="versionformat">%H</param>
|
<param name="versionformat">%H</param>
|
||||||
<param name="revision">f6ccccb1c082a432c2a5814aaedaca56af33d9ea</param>
|
<param name="revision">0dde5c895075df6e3630e76f750a447cf63f4789</param>
|
||||||
<param name="filename">docker-libnetwork</param>
|
<param name="filename">docker-libnetwork</param>
|
||||||
</service>
|
</service>
|
||||||
<service name="recompress" mode="disabled">
|
<service name="recompress" mode="disabled">
|
||||||
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:9464d19aa358c19089672a03b13572b9c512c8c19ad098b594caca864052c426
|
|
||||||
size 6557740
|
|
3
docker-20.10.21_ce_3056208812eb.tar.xz
Normal file
3
docker-20.10.21_ce_3056208812eb.tar.xz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:2696414f3d39bb862d2e60e614a4fe2e6a655c65c30742a4a28b776fbbd59bc5
|
||||||
|
size 6590696
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:1eeb771ad69ec70e206d69bdb649d05f438d0fa4193bbb6f4c7fd276258a08a9
|
|
||||||
size 4357440
|
|
3
docker-cli-20.10.21_ce.tar.xz
Normal file
3
docker-cli-20.10.21_ce.tar.xz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:cfa23215b99aed9c85a401fd1aeb961a5a3f8b3095fb6815ba8eb83cf182481f
|
||||||
|
size 4358052
|
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:24a4b6aeb1391b2ab9f99fad7343913ecc7191a10669a056e0a2cdf449e3733e
|
||||||
|
size 1983868
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:a676901b2676dedd147e70b2e6c5b9869e8d2fad99605de20cc1b42830097d3b
|
|
||||||
size 1983552
|
|
@ -1,3 +1,21 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Dec 6 11:49:32 UTC 2022 - Aleksa Sarai <asarai@suse.com>
|
||||||
|
|
||||||
|
- Update to Docker 20.10.21-ce. See upstream changelog online at
|
||||||
|
<https://docs.docker.com/engine/release-notes/#201021>. bsc#1206065
|
||||||
|
- Rebase patches:
|
||||||
|
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
|
||||||
|
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
|
||||||
|
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
|
||||||
|
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
|
||||||
|
* 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
|
||||||
|
* 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
|
||||||
|
* 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
|
||||||
|
- The PRIVATE-REGISTRY patch will now output a warning if it is being used (in
|
||||||
|
preparation for removing the feature). This feature was never meant to be
|
||||||
|
used by users directly (and is only available in the -kubic/CaaSP version of
|
||||||
|
the package anyway) and thus should not affect any users.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Oct 24 09:45:20 UTC 2022 - Dan Čermák <dcermak@suse.com>
|
Mon Oct 24 09:45:20 UTC 2022 - Dan Čermák <dcermak@suse.com>
|
||||||
|
|
||||||
|
17
docker.spec
17
docker.spec
@ -42,24 +42,25 @@
|
|||||||
# helpfully injects into our build environment from the changelog). If you want
|
# helpfully injects into our build environment from the changelog). If you want
|
||||||
# to generate a new git_commit_epoch, use this:
|
# to generate a new git_commit_epoch, use this:
|
||||||
# $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s'
|
# $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s'
|
||||||
%define git_version a89b84221c85
|
%define real_version 20.10.21
|
||||||
%define git_commit_epoch 1654554758
|
%define git_version 3056208812eb
|
||||||
|
%define git_commit_epoch 1666698255
|
||||||
|
|
||||||
# We require a specific pin of libnetwork because it doesn't really do
|
# We require a specific pin of libnetwork because it doesn't really do
|
||||||
# versioning and minor version mismatches in libnetwork can break Docker
|
# versioning and minor version mismatches in libnetwork can break Docker
|
||||||
# networking. All other key runtime dependencies (containerd, runc) are stable
|
# networking. All other key runtime dependencies (containerd, runc) are stable
|
||||||
# enough that this isn't necessary.
|
# enough that this isn't necessary.
|
||||||
%define libnetwork_version f6ccccb1c082a432c2a5814aaedaca56af33d9ea
|
%define libnetwork_version 0dde5c895075df6e3630e76f750a447cf63f4789
|
||||||
|
|
||||||
%define dist_builddir %{_builddir}/dist-suse
|
%define dist_builddir %{_builddir}/dist-suse
|
||||||
%define cli_builddir %{dist_builddir}/src/github.com/docker/cli
|
%define cli_builddir %{dist_builddir}/src/github.com/docker/cli
|
||||||
%define proxy_builddir %{dist_builddir}/src/github.com/docker/libnetwork
|
%define proxy_builddir %{dist_builddir}/src/github.com/docker/libnetwork
|
||||||
|
|
||||||
Name: %{realname}%{name_suffix}
|
Name: %{realname}%{name_suffix}
|
||||||
Version: 20.10.17_ce
|
Version: %{real_version}_ce
|
||||||
# This "nice version" is so that docker --version gives a result that can be
|
# This "nice version" is so that docker --version gives a result that can be
|
||||||
# parsed by other people. boo#1182476
|
# parsed by other people. boo#1182476
|
||||||
%define nice_version 20.10.17-ce
|
%define nice_version %{real_version}-ce
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: The Moby-project Linux container runtime
|
Summary: The Moby-project Linux container runtime
|
||||||
License: Apache-2.0
|
License: Apache-2.0
|
||||||
@ -117,8 +118,8 @@ BuildRequires: go-go-md2man
|
|||||||
BuildRequires: pkgconfig(libsystemd)
|
BuildRequires: pkgconfig(libsystemd)
|
||||||
BuildRequires: sysuser-tools
|
BuildRequires: sysuser-tools
|
||||||
# Due to a limitation in openSUSE's Go packaging we cannot have a BuildRequires
|
# Due to a limitation in openSUSE's Go packaging we cannot have a BuildRequires
|
||||||
# for 'golang(API) >= 1.17' here, so just require 1.17 exactly. bsc#1172608
|
# for 'golang(API) >= 1.18' here, so just require 1.18 exactly. bsc#1172608
|
||||||
BuildRequires: go1.17
|
BuildRequires: go1.18
|
||||||
Requires: (apparmor-parser or container-selinux)
|
Requires: (apparmor-parser or container-selinux)
|
||||||
Requires: ca-certificates-mozilla
|
Requires: ca-certificates-mozilla
|
||||||
# The docker-proxy binary used to be in a separate package. We obsolete it,
|
# The docker-proxy binary used to be in a separate package. We obsolete it,
|
||||||
@ -128,7 +129,7 @@ Provides: docker-libnetwork%{name_suffix} = 0.7.0.2.%{version}
|
|||||||
# Required to actually run containers. We require the minimum version that is
|
# Required to actually run containers. We require the minimum version that is
|
||||||
# pinned by Docker, but in order to avoid headaches we allow for updates.
|
# pinned by Docker, but in order to avoid headaches we allow for updates.
|
||||||
Requires: runc >= 1.1.2
|
Requires: runc >= 1.1.2
|
||||||
Requires: containerd >= 1.6.6
|
Requires: containerd >= 1.6.9
|
||||||
# Needed for --init support. We don't use "tini", we use our own implementation
|
# Needed for --init support. We don't use "tini", we use our own implementation
|
||||||
# which handles edge-cases better.
|
# which handles edge-cases better.
|
||||||
Requires: catatonit
|
Requires: catatonit
|
||||||
|
Loading…
Reference in New Issue
Block a user