Accepting request 434284 from home:cyphar:branches:Virtualization:containers

This just fixes the docker-mount-secrets.patch to assist in bsc#999582. OBS-URL: https://build.opensuse.org/request/show/434284 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=146
2016-10-11 10:30:52 +00:00 · 2016-10-11 10:30:52 +00:00 · 96b81887ce
commit 96b81887ce
parent 41d1413338
3 changed files with 39 additions and 39 deletions
--- a/docker-mount-secrets.patch
+++ b/docker-mount-secrets.patch
@ -1,31 +1,23 @@
-From fb84d5a3fbc3f1fad7dfc961b5dace3915eae7f9 Mon Sep 17 00:00:00 2001
+commit 7726422774cf8dda6766cb268b4e9110e4f68945
-From: Aleksa Sarai <asarai@suse.de>
+Author: Aleksa Sarai <asarai@suse.de>
-Date: Mon, 11 Apr 2016 22:54:35 +1000
+Date:   Mon Apr 11 22:54:35 2016 +1000
 Subject: [PATCH] SUSE: implement SUSE container secrets
-This allows for us to pass in host credentials to a container, allowing
+    SUSE: implement SUSE container secrets
 for SUSEConnect to work with containers.
-THIS PATCH IS NOT TO BE UPSTREAMED, DUE TO THE FACT THAT IT IS
+    This allows for us to pass in host credentials to a container, allowing
-SUSE-SPECIFIC, AND UPSTREAM DOES NOT APPROVE OF THIS CONCEPT BECAUSE IT
+    for SUSEConnect to work with containers.
 MAKES BUILDS NOT ENTIRELY REPRODUCIBLE.
-Signed-off-by: Aleksa Sarai <asarai@suse.de>
+    THIS PATCH IS NOT TO BE UPSTREAMED, DUE TO THE FACT THAT IT IS
---
+    SUSE-SPECIFIC, AND UPSTREAM DOES NOT APPROVE OF THIS CONCEPT BECAUSE IT
- container/container_unix.go         |  63 ++++++++++++
+    MAKES BUILDS NOT ENTIRELY REPRODUCIBLE.
- daemon/container_operations_unix.go |  50 ++++++++++
+    
- daemon/daemon_unix.go               |   6 +-
+    Signed-off-by: Aleksa Sarai <asarai@suse.de>
 daemon/oci_linux.go                 |   7 ++
 daemon/start.go                     |   6 ++
 daemon/suse_secrets.go              | 184 ++++++++++++++++++++++++++++++++++++
 6 files changed, 314 insertions(+), 2 deletions(-)
 create mode 100644 daemon/suse_secrets.go
 diff --git a/container/container_unix.go b/container/container_unix.go
-index 8273bdb..d86d783 100644
+index 2727b818f542..07a07102f031 100644
 --- a/container/container_unix.go
 +++ b/container/container_unix.go
-@@ -34,6 +34,8 @@ type Container struct {
+@@ -35,6 +35,8 @@ type Container struct {
 	HostsPath       string
 	ShmPath         string
 	ResolvConfPath  string
@ -34,14 +26,14 @@ index 8273bdb..d86d783 100644
 	SeccompProfile  string
 	NoNewPrivileges bool
 }
-@@ -243,6 +245,67 @@ func (container *Container) IpcMounts() []Mount {
+@@ -256,6 +258,67 @@ func (container *Container) IpcMounts() []Mount {
 	return mounts
 }
 +// SUSE:secrets :: SuseSecretsResourcePath returns the path to the container's
 +// personal /run/secrets tmpfs.
 +func (container *Container) SuseSecretsResourcePath() (string, error) {
-+	return container.GetRootResourcePath("suse:secrets")
+	return container.GetRootResourcePath("suse.secrets")
 +}
 +
 +// SUSE:secrets :: SuseSecretMounts returns the list of mounts required for the
@ -103,10 +95,10 @@ index 8273bdb..d86d783 100644
 func (container *Container) UpdateContainer(hostConfig *containertypes.HostConfig) error {
 	container.Lock()
 diff --git a/daemon/container_operations_unix.go b/daemon/container_operations_unix.go
-index c8a0b93..036c65a 100644
+index 55bd3fc8392d..a3ab7fbd83d1 100644
 --- a/daemon/container_operations_unix.go
 +++ b/daemon/container_operations_unix.go
-@@ -168,6 +168,56 @@ func (daemon *Daemon) getIpcContainer(container *container.Container) (*containe
+@@ -184,6 +184,56 @@ func (daemon *Daemon) getPidContainer(container *container.Container) (*containe
 	return c, nil
 }
@ -164,10 +156,10 @@ index c8a0b93..036c65a 100644
 	var err error
 diff --git a/daemon/daemon_unix.go b/daemon/daemon_unix.go
-index 9e231c5..1138c9a 100644
+index f26691226f91..2ced1b869b81 100644
 --- a/daemon/daemon_unix.go
 +++ b/daemon/daemon_unix.go
-@@ -795,8 +795,10 @@ func initBridgeDriver(controller libnetwork.NetworkController, config *Config) e
+@@ -809,8 +809,10 @@ func initBridgeDriver(controller libnetwork.NetworkController, config *Config) e
 // the container from unwanted side-effects on the rw layer.
 func setupInitLayer(initLayer string, rootUID, rootGID int) error {
 	for pth, typ := range map[string]string{
@ -181,10 +173,10 @@ index 9e231c5..1138c9a 100644
 		"/sys":             "dir",
 		"/.dockerenv":      "file",
 diff --git a/daemon/oci_linux.go b/daemon/oci_linux.go
-index e238640..0d8bb47 100644
+index 4459d02fcad3..6af7d351ccc0 100644
 --- a/daemon/oci_linux.go
 +++ b/daemon/oci_linux.go
-@@ -655,6 +655,10 @@ func (daemon *Daemon) createSpec(c *container.Container) (*libcontainerd.Spec, e
+@@ -656,6 +656,10 @@ func (daemon *Daemon) createSpec(c *container.Container) (*libcontainerd.Spec, e
 	if err := daemon.setupIpcDirs(c); err != nil {
 		return nil, err
 	}
@ -195,7 +187,7 @@ index e238640..0d8bb47 100644
 	ms, err := daemon.setupMounts(c)
 	if err != nil {
-@@ -662,6 +666,8 @@ func (daemon *Daemon) createSpec(c *container.Container) (*libcontainerd.Spec, e
+@@ -663,6 +667,8 @@ func (daemon *Daemon) createSpec(c *container.Container) (*libcontainerd.Spec, e
 	}
 	ms = append(ms, c.IpcMounts()...)
 	ms = append(ms, c.TmpfsMounts()...)
@ -205,10 +197,10 @@ index e238640..0d8bb47 100644
 	if err := setMounts(daemon, &s, c, ms); err != nil {
 		return nil, fmt.Errorf("linux mounts: %v", err)
 diff --git a/daemon/start.go b/daemon/start.go
-index 4862969..6d3b56e 100644
+index 7a0bc2121c83..30b75ee2a616 100644
 --- a/daemon/start.go
 +++ b/daemon/start.go
-@@ -164,6 +164,12 @@ func (daemon *Daemon) Cleanup(container *container.Container) {
+@@ -173,6 +173,12 @@ func (daemon *Daemon) Cleanup(container *container.Container) {
 	container.UnmountIpcMounts(detachMounted)
@ -223,7 +215,7 @@ index 4862969..6d3b56e 100644
 		// Ensure that all the mounts are gone
 diff --git a/daemon/suse_secrets.go b/daemon/suse_secrets.go
 new file mode 100644
-index 0000000..417a1a9
+index 000000000000..417a1a9e5b61
 --- /dev/null
 +++ b/daemon/suse_secrets.go
@@ -0,0 +1,184 @@
@ -411,6 +403,3 @@ index 0000000..417a1a9
 +
 +	return secrets, nil
 +}
 -- 
 2.8.1
--- a/docker.changes
+++ b/docker.changes
@ -1,3 +1,10 @@
 -------------------------------------------------------------------
 Tue Oct 11 09:36:23 UTC 2016 - asarai@suse.com
 - docker-mount-secrets.patch: change the internal mountpoint name to not use
  ":" as that character can be considered a special character by other tools.
  bsc#999582
 -------------------------------------------------------------------
 Mon Sep 19 11:56:15 UTC 2016 - jmassaguerpla@suse.com
--- a/docker.spec
+++ b/docker.spec
@ -64,6 +64,10 @@ Source10:       tests.sh
 Patch100:       gcc-go-patches.patch
 Patch101:       netlink_gcc_go.patch
 Patch102:       netlink_netns_powerpc.patch
 # SUSE-FEATURE: Adds the /run/secrets mountpoint inside all Docker containers
 # which is not snapshotted when images are committed. Note that if you modify
 # this patch, please also modify the patch in the suse-secrets-v<version>
 # branch in http://github.com/suse/docker.mirror.
 Patch200:       docker-mount-secrets.patch
 Patch300:       integration-cli-fix-TestInfoEnsureSucceeds.patch
 BuildRequires:  audit