Accepting request 450492 from Virtualization:containers

** This should go together with https://build.opensuse.org/project/show/openSUSE:Factory:Staging:adi:160" **

- fix CVE-2016-9962 bsc#1012568 . Fix it by updating to 1.12.6
  plus an extra commit to fix liverestore:
  97cd32a6a9 

- add "a wait" when starting docker service to fix
  bsc#1019251

OBS-URL: https://build.opensuse.org/request/show/450492
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=50

_service

@@ -3,8 +3,8 @@
     <param name="url">https://github.com/docker/docker.git</param>
     <param name="scm">git</param>
     <param name="exclude">.git</param>
-    <param name="versionformat">1.12.5</param>
+    <param name="versionformat">1.12.6</param>
-    <param name="revision">v1.12.5</param>
+    <param name="revision">v1.12.6</param>
   </service>
   <service name="recompress" mode="disabled">
     <param name="file">docker-*.tar</param>

docker-1.12.5.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:23c2068ecc2a8a283338143c76ffaf6987a93df767f7f6b6927f73310915485d
-size 11190552

docker-1.12.6.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ade8df08afa29834e772ae9061975801ff35bd2b4c7979df4ff4df8f22ffce8c
+size 11190120

docker.changes

@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Fri Jan 13 13:56:15 UTC 2017 - jmassaguerpla@suse.com
+
+- fix CVE-2016-9962 bsc#1012568 . Fix it by updating to 1.12.6
+  plus an extra commit to fix liverestore:
+  https://github.com/docker/docker/commit/97cd32a6a9076306baa637a29bba84c3f1f3d218 
+
+-------------------------------------------------------------------
+Wed Jan 11 12:47:16 UTC 2017 - jmassaguerpla@suse.com
+
+- add "a wait" when starting docker service to fix
+  bsc#1019251 
+
 -------------------------------------------------------------------
 Tue Dec 20 12:41:33 UTC 2016 - normand@linux.vnet.ibm.com
 

docker.service

@@ -10,7 +10,9 @@ EnvironmentFile=/etc/sysconfig/docker
 # While Docker has support for socket activation (-H fd://), this is not
 # enabled by default because enabling socket activation means that on boot your
 # containers won't start until someone tries to administer the Docker daemon.
+Type=simple
 ExecStart=/usr/bin/dockerd --containerd /run/containerd/containerd.sock $DOCKER_NETWORK_OPTIONS $DOCKER_OPTS
+ExecStartPost=/usr/lib/docker/docker_service_helper.sh wait
 ExecReload=/bin/kill -s HUP $MAINPID
 
 # Having non-zero Limit*s causes performance problems due to accounting overhead

docker.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package docker
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -35,8 +35,8 @@
 %global docker_migration_testfile %{docker_store}/.suse-image-migration-v1to2-complete
 %global docker_migration_warnfile %{docker_store}/docker-update-message.txt
 %define docker_graph              %{docker_store}/graph
-%define git_version 8eab29e
+%define git_version 78d1802
-%define version_unconverted 1.12.5
+%define version_unconverted 1.12.6
 %define __arch_install_post export NO_BRP_STRIP_DEBUG=true
 # When upgrading to a new version requires the service not to be restarted
 # Due to a long migration process update last_migration_version to the new version
@@ -44,7 +44,7 @@
 # 1.10.1
 %global last_migration_version 1.10.1
 Name:           docker
-Version:        1.12.5
+Version:        1.12.6
 Release:        0
 Summary:        The Linux container runtime
 License:        Apache-2.0
@@ -59,6 +59,7 @@ Source7:        README_SUSE.md
 Source8:        docker-audit.rules
 Source9:        docker-update-message.txt
 Source10:       tests.sh
+Source11:       docker_service_helper.sh 
 # Fixes for architecture-specific issues (gcc-go).
 Patch100:       gcc-go-patches.patch
 Patch102:       netlink_netns_powerpc.patch
@@ -87,7 +88,7 @@ Requires:       ca-certificates-mozilla
 # Dockerfile to ensure that we don't use a slightly incompatible version of
 # runC or containerd (which would be bad).
 Requires:       containerd = 0.2.5+gitr569_2a5e70c
-Requires:       runc = 0.1.1+gitr2818_f59ba3cdd76f
+Requires:       runc = 0.1.1+gitr2819_50a19c6
 # Provides mkfs.ext4 - used by Docker when devicemapper storage driver is used
 Requires:       e2fsprogs
 Requires:       git-core >= 1.7
@@ -316,6 +317,7 @@ cp -av tests.main tests.sh %{buildroot}%{_prefix}/src/docker/hack/
 #
 install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service
 ln -sf service %{buildroot}%{_sbindir}/rcdocker
+install -D -m 0755 %{SOURCE11} %{buildroot}/%{_libexecdir}/docker/
 
 #
 # udev rules that prevents dolphin to show all docker devices and slows down

docker_service_helper.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+if [ "$1" != "wait" ];then
+    echo "Usage $0 option"
+    echo "options can be"
+    echo "  wait: wait for the daemon to start"
+    exit -1
+fi
+
+echo "Waiting for docker daemon to start"
+for i in {1..60};do
+    docker version > /dev/null 2>&1 && break
+    sleep 1
+done
+if docker version > /dev/null 2>&1;then
+    echo "Docker is alive"
+    exit 0
+else
+    echo  "Docker is dead"
+    exit 1
+fi
+