From 82acbf96efa2964650530cf465dd6faf78bcfe73fbc25d351c526dc3c441d7c7 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 13 Jan 2017 13:05:35 +0000 Subject: [PATCH 1/2] Accepting request 449885 from home:jordimassaguerpla:branch:Vc:add_wait_on_service_startup - add "a wait" when starting docker service to fix bsc#1019251 OBS-URL: https://build.opensuse.org/request/show/449885 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=163 --- docker.changes | 6 ++++++ docker.service | 2 ++ docker.spec | 4 +++- docker_service_helper.sh | 22 ++++++++++++++++++++++ 4 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 docker_service_helper.sh diff --git a/docker.changes b/docker.changes index 7551508..8df470a 100644 --- a/docker.changes +++ b/docker.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Jan 11 12:47:16 UTC 2017 - jmassaguerpla@suse.com + +- add "a wait" when starting docker service to fix + bsc#1019251 + ------------------------------------------------------------------- Tue Dec 20 12:41:33 UTC 2016 - normand@linux.vnet.ibm.com diff --git a/docker.service b/docker.service index dd081f2..f87ec47 100644 --- a/docker.service +++ b/docker.service @@ -10,7 +10,9 @@ EnvironmentFile=/etc/sysconfig/docker # While Docker has support for socket activation (-H fd://), this is not # enabled by default because enabling socket activation means that on boot your # containers won't start until someone tries to administer the Docker daemon. +Type=simple ExecStart=/usr/bin/dockerd --containerd /run/containerd/containerd.sock $DOCKER_NETWORK_OPTIONS $DOCKER_OPTS +ExecStartPost=/usr/lib/docker/docker_service_helper.sh wait ExecReload=/bin/kill -s HUP $MAINPID # Having non-zero Limit*s causes performance problems due to accounting overhead diff --git a/docker.spec b/docker.spec index 9904640..bda3aa8 100644 --- a/docker.spec +++ b/docker.spec @@ -1,7 +1,7 @@ # # spec file for package docker # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -59,6 +59,7 @@ Source7: README_SUSE.md Source8: docker-audit.rules Source9: docker-update-message.txt Source10: tests.sh +Source11: docker_service_helper.sh # Fixes for architecture-specific issues (gcc-go). Patch100: gcc-go-patches.patch Patch102: netlink_netns_powerpc.patch @@ -316,6 +317,7 @@ cp -av tests.main tests.sh %{buildroot}%{_prefix}/src/docker/hack/ # install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service ln -sf service %{buildroot}%{_sbindir}/rcdocker +install -D -m 0755 %{SOURCE11} %{buildroot}/%{_libexecdir}/docker/ # # udev rules that prevents dolphin to show all docker devices and slows down diff --git a/docker_service_helper.sh b/docker_service_helper.sh new file mode 100644 index 0000000..fec7513 --- /dev/null +++ b/docker_service_helper.sh @@ -0,0 +1,22 @@ +#!/bin/bash + +if [ "$1" != "wait" ];then + echo "Usage $0 option" + echo "options can be" + echo " wait: wait for the daemon to start" + exit -1 +fi + +echo "Waiting for docker daemon to start" +for i in {1..60};do + docker version > /dev/null 2>&1 && break + sleep 1 +done +if docker version > /dev/null 2>&1;then + echo "Docker is alive" + exit 0 +else + echo "Docker is dead" + exit 1 +fi + From 9dd652a377c4166b39bc8a295830315870b238ade47782b459dec0fbaf597d20 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 13 Jan 2017 17:01:50 +0000 Subject: [PATCH 2/2] Accepting request 450174 from home:jordimassaguerpla:branch:Vc:update_docker_1_12_6 OBS-URL: https://build.opensuse.org/request/show/450174 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=164 --- _service | 4 ++-- docker-1.12.5.tar.xz | 3 --- docker-1.12.6.tar.xz | 3 +++ docker.changes | 7 +++++++ docker.spec | 8 ++++---- 5 files changed, 16 insertions(+), 9 deletions(-) delete mode 100644 docker-1.12.5.tar.xz create mode 100644 docker-1.12.6.tar.xz diff --git a/_service b/_service index 0948918..6520ecd 100644 --- a/_service +++ b/_service @@ -3,8 +3,8 @@ https://github.com/docker/docker.git git .git - 1.12.5 - v1.12.5 + 1.12.6 + v1.12.6 docker-*.tar diff --git a/docker-1.12.5.tar.xz b/docker-1.12.5.tar.xz deleted file mode 100644 index a16d2d6..0000000 --- a/docker-1.12.5.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:23c2068ecc2a8a283338143c76ffaf6987a93df767f7f6b6927f73310915485d -size 11190552 diff --git a/docker-1.12.6.tar.xz b/docker-1.12.6.tar.xz new file mode 100644 index 0000000..250ec17 --- /dev/null +++ b/docker-1.12.6.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ade8df08afa29834e772ae9061975801ff35bd2b4c7979df4ff4df8f22ffce8c +size 11190120 diff --git a/docker.changes b/docker.changes index 8df470a..51f2ed2 100644 --- a/docker.changes +++ b/docker.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Fri Jan 13 13:56:15 UTC 2017 - jmassaguerpla@suse.com + +- fix CVE-2016-9962 bsc#1012568 . Fix it by updating to 1.12.6 + plus an extra commit to fix liverestore: + https://github.com/docker/docker/commit/97cd32a6a9076306baa637a29bba84c3f1f3d218 + ------------------------------------------------------------------- Wed Jan 11 12:47:16 UTC 2017 - jmassaguerpla@suse.com diff --git a/docker.spec b/docker.spec index bda3aa8..82d8c07 100644 --- a/docker.spec +++ b/docker.spec @@ -35,8 +35,8 @@ %global docker_migration_testfile %{docker_store}/.suse-image-migration-v1to2-complete %global docker_migration_warnfile %{docker_store}/docker-update-message.txt %define docker_graph %{docker_store}/graph -%define git_version 8eab29e -%define version_unconverted 1.12.5 +%define git_version 78d1802 +%define version_unconverted 1.12.6 %define __arch_install_post export NO_BRP_STRIP_DEBUG=true # When upgrading to a new version requires the service not to be restarted # Due to a long migration process update last_migration_version to the new version @@ -44,7 +44,7 @@ # 1.10.1 %global last_migration_version 1.10.1 Name: docker -Version: 1.12.5 +Version: 1.12.6 Release: 0 Summary: The Linux container runtime License: Apache-2.0 @@ -88,7 +88,7 @@ Requires: ca-certificates-mozilla # Dockerfile to ensure that we don't use a slightly incompatible version of # runC or containerd (which would be bad). Requires: containerd = 0.2.5+gitr569_2a5e70c -Requires: runc = 0.1.1+gitr2818_f59ba3cdd76f +Requires: runc = 0.1.1+gitr2819_50a19c6 # Provides mkfs.ext4 - used by Docker when devicemapper storage driver is used Requires: e2fsprogs Requires: git-core >= 1.7