From 91fa19e9250aa92718cf150864b6df058d3680106e4774494b9be1d4fea875bc Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Tue, 24 Oct 2017 10:02:17 +0000 Subject: [PATCH] Accepting request 536268 from home:cyphar:containers:boo1064781_docker_version - Correctly set `docker version` information, including the version, git commit, and SOURCE_DATE_EPOCH (requires a backport). This should *effectively* make Docker builds reproducible, with minimal cost. boo#1064781 + bsc1064781-0001-Allow-to-override-build-date.patch OBS-URL: https://build.opensuse.org/request/show/536268 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=208 --- ...81-0001-Allow-to-override-build-date.patch | 33 +++++++++++++++++++ docker.changes | 8 +++++ docker.spec | 29 +++++++++++++--- 3 files changed, 65 insertions(+), 5 deletions(-) create mode 100644 bsc1064781-0001-Allow-to-override-build-date.patch diff --git a/bsc1064781-0001-Allow-to-override-build-date.patch b/bsc1064781-0001-Allow-to-override-build-date.patch new file mode 100644 index 0000000..f62090d --- /dev/null +++ b/bsc1064781-0001-Allow-to-override-build-date.patch @@ -0,0 +1,33 @@ +From 760763e9957840f1983a5006f4e66d6920ec496e Mon Sep 17 00:00:00 2001 +From: "Bernhard M. Wiedemann" +Date: Wed, 19 Jul 2017 06:17:19 +0200 +Subject: [PATCH] Allow to override build date + +in order to make builds reproducible. +See https://reproducible-builds.org/ for why this is good +and https://reproducible-builds.org/specs/source-date-epoch/ +for the definition of this variable. + +SUSE-Bugfix: https://bugzilla.suse.com/show_bug.cgi?id=1064781 +Signed-off-by: Bernhard M. Wiedemann +Signed-off-by: Aleksa Sarai +--- + hack/make.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hack/make.sh b/hack/make.sh +index b7d59ba94a00..7d18d649b540 100755 +--- a/hack/make.sh ++++ b/hack/make.sh +@@ -68,7 +68,7 @@ DEFAULT_BUNDLES=( + ) + + VERSION=$(< ./VERSION) +-! BUILDTIME=$(date --rfc-3339 ns 2> /dev/null | sed -e 's/ /T/') ++! BUILDTIME=$(date -u -d "@${SOURCE_DATE_EPOCH:-$(date +%s)}" --rfc-3339 ns 2> /dev/null | sed -e 's/ /T/') + if [ "$DOCKER_GITCOMMIT" ]; then + GITCOMMIT="$DOCKER_GITCOMMIT" + elif command -v git &> /dev/null && [ -d .git ] && git rev-parse &> /dev/null; then +-- +2.14.2 + diff --git a/docker.changes b/docker.changes index f75ff90..1826677 100644 --- a/docker.changes +++ b/docker.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Tue Oct 24 06:50:29 UTC 2017 - asarai@suse.com + +- Correctly set `docker version` information, including the version, git + commit, and SOURCE_DATE_EPOCH (requires a backport). This should + *effectively* make Docker builds reproducible, with minimal cost. boo#1064781 + + bsc1064781-0001-Allow-to-override-build-date.patch + ------------------------------------------------------------------- Mon Oct 16 11:06:22 UTC 2017 - asarai@suse.com diff --git a/docker.spec b/docker.spec index f39e230..658c455 100644 --- a/docker.spec +++ b/docker.spec @@ -22,14 +22,22 @@ %global docker_migration_warnfile %{docker_store}/docker-update-message.txt %global docker_plugin_warnfile %{docker_store}/docker-plugin-message.txt %define docker_graph %{docker_store}/graph -%define git_version 78d1802 -%define version_unconverted 17.07.0_ce %define __arch_install_post export NO_BRP_STRIP_DEBUG=true + +# Used when generating the "build" information for Docker version. The value of +# git_commit_epoch is unused here (we use SOURCE_DATE_EPOCH, which rpm +# helpfully injects into our build environment from the changelog). If you want +# to generate a new git_commit_epoch, use this: +# $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s' +%define git_version 87847530f717 +%define git_commit_epoch 1508266293 + # When upgrading to a new version requires the service not to be restarted # Due to a long migration process update last_migration_version to the new version # that will first perform the migration, last time this was needed was version # 1.10.1 %global last_migration_version 1.10.1 + Name: docker Version: 17.07.0_ce Release: 0 @@ -58,6 +66,8 @@ Patch201: secrets-0002-SUSE-implement-SUSE-container-secrets.patch Patch401: bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch # SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/34573. bsc#1045628 Patch402: bsc1045628-0001-devicemapper-remove-container-rootfs-mountPath-after.patch +# SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/34176. boo#1064781 +Patch403: bsc1064781-0001-Allow-to-override-build-date.patch BuildRequires: audit BuildRequires: bash-completion BuildRequires: ca-certificates @@ -179,6 +189,8 @@ Test package for docker. It contains the source code and the tests. %patch401 -p1 -d components/engine # bsc#1045628 %patch402 -p1 -d components/engine +# boo#1064781 +%patch403 -p1 -d components/engine cp %{SOURCE7} . cp %{SOURCE9} . @@ -197,12 +209,19 @@ BUILDTAGS="seccomp $BUILDTAGS" (cat </dev/null | sed -e 's/ /T/')" EOF ) > docker_build_env . ./docker_build_env @@ -301,10 +320,10 @@ PKG_LIST=$(go list ./... \ | grep -v 'github.com/docker/cli/vendor' \ | grep -v 'github.com/docker/cli/cli/command/idresolver' \ | grep -v 'github.com/docker/cli/cli/command/image' \ - | grep -v 'github.com/docker/cli/cli/image' + | grep -v 'github.com/docker/cli/cli/image' \ ) -go test -buildmode=pie -ldflags -w -tags daemon -a -test.timeout=10m $PKG_LIST +go test -buildmode=pie -cover -ldflags -w -tags daemon -a -test.timeout=10m $PKG_LIST %install install -d %{buildroot}%{go_contribdir}