Accepting request 356411 from home:cyphar:branches:Virtualization:containers

This adds a fix for the (quite specific) JSON bug which completely breaks container starts.

OBS-URL: https://build.opensuse.org/request/show/356411
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=57

docker.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Wed Jan 27 23:40:09 UTC 2016 - asarai@suse.com
+
+- backport 1 bugfix from the upstream 1.10 branch
+   Added:
+    fix_json_econnreset_bug.patch (https://github.com/docker/docker/issues/14203)
+
 -------------------------------------------------------------------
 Thu Jan 21 16:52:41 UTC 2016 - jmassaguerpla@suse.com
 

docker.spec

@@ -50,12 +50,14 @@ Patch2:         fix_bnc_958255.patch
 Patch3:         use_fs_cgroups_by_default.patch
 # fix an issue with cgroups. This is fixed upstream, too.
 Patch4:         fix_cgroup.parent_path_sanitisation.patch
+# fix an issue with JSON and containers not starting. This is fixed upstream, too.
+Patch5:         fix_json_econnreset_bug.patch
 # Required to overcome some limitations of gcc-go: https://groups.google.com/forum/#!msg/golang-nuts/SlGCPYkjxo4/4DjcjXRCqAkJ
 # Right now docker passes the sha1sum of the dockerinit binary to the docker binary at build time
 # We cannot do that, right now a quick and really dirty way to get it running is
 # to simply disable this check
 # Required to overcome some limitations of gcc-go: https://groups.google.com/forum/# !msg/golang-nuts/SlGCPYkjxo4/4DjcjXRCqAkJ
-Patch5:         gcc5_socket_workaround.patch
+Patch6:         gcc5_socket_workaround.patch
 Patch100:       ignore-dockerinit-checksum.patch
 Patch101:       gcc-go-patches.patch
 Patch102:       add_bolt_ppc64.patch
@@ -158,6 +160,7 @@ Test package for docker. It contains the source code and the tests.
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1
 # 1330 is Tumbleweed after leap has been released
 # gcc5-go in Tumbleweed includes this commit
 # https://github.com/golang/gofrontend/commit/a850225433a66a58613c22185c3b09626f5545eb
@@ -166,7 +169,7 @@ Test package for docker. It contains the source code and the tests.
 # for that issue.
 # Thus, we need to workaround the workaroundn in tumbleweed
 %if 0%{?suse_version} >= 1330 && 0%{?is_opensuse} == 1
-%patch5 -p1
+%patch6 -p1
 %endif
 %ifnarch %go_arches
 %patch100 -p1

fix_json_econnreset_bug.patch

@@ -0,0 +1,136 @@
+commit 7b5896702bd2951541af27925620172edb5d3505
+Author: Michael Crosby <crosbymichael@gmail.com>
+Date:   Tue Jan 26 15:00:07 2016 -0800
+
+    Update libcontainer to 3d8a20bb772defc28c355534d83
+    
+    Fixes #14203
+    
+    This bump fixes the issue of having the container's pipes connection
+    reset by peer because of using the json.Encoder and having a \n added to
+    the output.
+    
+    Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
+
+Index: docker-1.9.1/hack/vendor.sh
+===================================================================
+--- docker-1.9.1.orig/hack/vendor.sh
++++ docker-1.9.1/hack/vendor.sh
+@@ -48,7 +48,7 @@ clone git github.com/agl/ed25519 d2b94fd
+ 
+ # this runc commit from branch relabel_fix_docker_1.9.1, pls remove it when you
+ # update next time
+-clone git github.com/opencontainers/runc 1349b37bd56f4f5ce2690b5b2c0f53f88a261c67 # libcontainer
++clone git github.com/opencontainers/runc 3d8a20bb772defc28c355534d83486416d1719b4 # libcontainer
+ # libcontainer deps (see src/github.com/opencontainers/runc/Godeps/Godeps.json)
+ clone git github.com/coreos/go-systemd v3
+ clone git github.com/godbus/dbus v2
+Index: docker-1.9.1/vendor/src/github.com/opencontainers/runc/libcontainer/container_linux.go
+===================================================================
+--- docker-1.9.1.orig/vendor/src/github.com/opencontainers/runc/libcontainer/container_linux.go
++++ docker-1.9.1/vendor/src/github.com/opencontainers/runc/libcontainer/container_linux.go
+@@ -18,6 +18,7 @@ import (
+ 	"github.com/opencontainers/runc/libcontainer/cgroups"
+ 	"github.com/opencontainers/runc/libcontainer/configs"
+ 	"github.com/opencontainers/runc/libcontainer/criurpc"
++	"github.com/opencontainers/runc/libcontainer/utils"
+ )
+ 
+ const stdioFdCount = 3
+@@ -863,7 +864,7 @@ func (c *linuxContainer) updateState(pro
+ 	}
+ 	defer f.Close()
+ 	os.Remove(filepath.Join(c.root, "checkpoint"))
+-	return json.NewEncoder(f).Encode(state)
++	return utils.WriteJSON(f, state)
+ }
+ 
+ func (c *linuxContainer) currentStatus() (Status, error) {
+Index: docker-1.9.1/vendor/src/github.com/opencontainers/runc/libcontainer/factory_linux.go
+===================================================================
+--- docker-1.9.1.orig/vendor/src/github.com/opencontainers/runc/libcontainer/factory_linux.go
++++ docker-1.9.1/vendor/src/github.com/opencontainers/runc/libcontainer/factory_linux.go
+@@ -5,7 +5,6 @@ package libcontainer
+ import (
+ 	"encoding/json"
+ 	"fmt"
+-	"io/ioutil"
+ 	"os"
+ 	"os/exec"
+ 	"path/filepath"
+@@ -19,6 +18,7 @@ import (
+ 	"github.com/opencontainers/runc/libcontainer/cgroups/systemd"
+ 	"github.com/opencontainers/runc/libcontainer/configs"
+ 	"github.com/opencontainers/runc/libcontainer/configs/validate"
++	"github.com/opencontainers/runc/libcontainer/utils"
+ )
+ 
+ const (
+@@ -225,10 +225,7 @@ func (l *LinuxFactory) StartInitializati
+ 		// if we have an error during the initialization of the container's init then send it back to the
+ 		// parent process in the form of an initError.
+ 		if err != nil {
+-			// ensure that any data sent from the parent is consumed so it doesn't
+-			// receive ECONNRESET when the child writes to the pipe.
+-			ioutil.ReadAll(pipe)
+-			if err := json.NewEncoder(pipe).Encode(newSystemError(err)); err != nil {
++			if err := utils.WriteJSON(pipe, newSystemError(err)); err != nil {
+ 				panic(err)
+ 			}
+ 		}
+Index: docker-1.9.1/vendor/src/github.com/opencontainers/runc/libcontainer/process_linux.go
+===================================================================
+--- docker-1.9.1.orig/vendor/src/github.com/opencontainers/runc/libcontainer/process_linux.go
++++ docker-1.9.1/vendor/src/github.com/opencontainers/runc/libcontainer/process_linux.go
+@@ -15,6 +15,7 @@ import (
+ 	"github.com/opencontainers/runc/libcontainer/cgroups"
+ 	"github.com/opencontainers/runc/libcontainer/configs"
+ 	"github.com/opencontainers/runc/libcontainer/system"
++	"github.com/opencontainers/runc/libcontainer/utils"
+ )
+ 
+ type parentProcess interface {
+@@ -71,7 +72,7 @@ func (p *setnsProcess) start() (err erro
+ 			return newSystemError(err)
+ 		}
+ 	}
+-	if err := json.NewEncoder(p.parentPipe).Encode(p.config); err != nil {
++	if err := utils.WriteJSON(p.parentPipe, p.config); err != nil {
+ 		return newSystemError(err)
+ 	}
+ 	if err := syscall.Shutdown(int(p.parentPipe.Fd()), syscall.SHUT_WR); err != nil {
+@@ -262,7 +263,7 @@ func (p *initProcess) startTime() (strin
+ 
+ func (p *initProcess) sendConfig() error {
+ 	// send the state to the container's init process then shutdown writes for the parent
+-	if err := json.NewEncoder(p.parentPipe).Encode(p.config); err != nil {
++	if err := utils.WriteJSON(p.parentPipe, p.config); err != nil {
+ 		return err
+ 	}
+ 	// shutdown writes for the parent side of the pipe
+Index: docker-1.9.1/vendor/src/github.com/opencontainers/runc/libcontainer/utils/utils.go
+===================================================================
+--- docker-1.9.1.orig/vendor/src/github.com/opencontainers/runc/libcontainer/utils/utils.go
++++ docker-1.9.1/vendor/src/github.com/opencontainers/runc/libcontainer/utils/utils.go
+@@ -3,6 +3,7 @@ package utils
+ import (
+ 	"crypto/rand"
+ 	"encoding/hex"
++	"encoding/json"
+ 	"io"
+ 	"path/filepath"
+ 	"syscall"
+@@ -43,3 +44,13 @@ func ExitStatus(status syscall.WaitStatu
+ 	}
+ 	return status.ExitStatus()
+ }
++
++// WriteJSON writes the provided struct v to w using standard json marshaling
++func WriteJSON(w io.Writer, v interface{}) error {
++	data, err := json.Marshal(v)
++	if err != nil {
++		return err
++	}
++	_, err = w.Write(data)
++	return err
++}