pool/docker
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 540407 from home:cyphar:containers:docker_bsc1057743

Browse Source 
Match secrets patches with upstream. This corrects a bug in our fix for
bsc#1055676.

OBS-URL: https://build.opensuse.org/request/show/540407
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=216
This commit is contained in:
Aleksa Sarai 2017-11-10 07:15:19 +00:00 committed by Git OBS Bridge
parent 6a6c6aa170
commit c1e075d88f
2 changed files with 11 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
View File

@ -70,5 +70,5 @@ index 84b7eb352f1a..dc3a48bfe47a 100644
return errors.Wrap(err, "error setting ownership for secret") return errors.Wrap(err, "error setting ownership for secret")
} }
-- --
2.14.2 2.15.0

17
secrets-0002-SUSE-implement-SUSE-container-secrets.patch
View File

@ -1,4 +1,4 @@
From afb202611a8330e0b3a7900aa2d68b7cc1d489fe Mon Sep 17 00:00:00 2001 From 7c03750568cb9b67b763cd03f92ce45c567ca043 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de> From: Aleksa Sarai <asarai@suse.de>
Date: Wed, 8 Mar 2017 11:43:29 +1100 Date: Wed, 8 Mar 2017 11:43:29 +1100
Subject: [PATCH 2/2] SUSE: implement SUSE container secrets Subject: [PATCH 2/2] SUSE: implement SUSE container secrets
@ -13,8 +13,8 @@ MAKES BUILDS NOT ENTIRELY REPRODUCIBLE.
Signed-off-by: Aleksa Sarai <asarai@suse.de> Signed-off-by: Aleksa Sarai <asarai@suse.de>
--- ---
daemon/start.go | 5 + daemon/start.go | 5 +
daemon/suse_secrets.go | 328 +++++++++++++++++++++++++++++++++++++++++++++++++ daemon/suse_secrets.go | 331 +++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 333 insertions(+) 2 files changed, 336 insertions(+)
create mode 100644 daemon/suse_secrets.go create mode 100644 daemon/suse_secrets.go
diff --git a/daemon/start.go b/daemon/start.go diff --git a/daemon/start.go b/daemon/start.go
@ -35,10 +35,10 @@ index 55438cf2c45f..7dfa6cd1d055 100644
return err return err
diff --git a/daemon/suse_secrets.go b/daemon/suse_secrets.go diff --git a/daemon/suse_secrets.go b/daemon/suse_secrets.go
new file mode 100644 new file mode 100644
index 000000000000..b09ad96f01b0 index 000000000000..b6914adf09ce
--- /dev/null --- /dev/null
+++ b/daemon/suse_secrets.go +++ b/daemon/suse_secrets.go
@@ -0,0 +1,328 @@ @@ -0,0 +1,331 @@
+/* +/*
+ * suse-secrets: patch for Docker to implement SUSE secrets + * suse-secrets: patch for Docker to implement SUSE secrets
+ * Copyright (C) 2017 SUSE LLC. + * Copyright (C) 2017 SUSE LLC.
@ -94,6 +94,9 @@ index 000000000000..b09ad96f01b0
+} +}
+ +
+func (s SuseFakeFile) id() string { +func (s SuseFakeFile) id() string {
+ // NOTE: It is _very_ important that this string always has a prefix of
+ // "suse". This is how we can ensure that we can operate on
+ // SecretReferences with a confidence that it was made by us.
+ return fmt.Sprintf("suse_%s_%s", digest.FromBytes(s.Data).Hex(), s.Path) + return fmt.Sprintf("suse_%s_%s", digest.FromBytes(s.Data).Hex(), s.Path)
+} +}
+ +
@ -113,7 +116,7 @@ index 000000000000..b09ad96f01b0
+ // mapped). + // mapped).
+ ctrUser := idtools.IDPair{UID: s.Uid, GID: s.Gid} + ctrUser := idtools.IDPair{UID: s.Uid, GID: s.Gid}
+ hostUser := idMaps.RootPair() + hostUser := idMaps.RootPair()
+ if user, err := idMaps.ToHost(ctrUser); err != nil { + if user, err := idMaps.ToHost(ctrUser); err == nil {
+ hostUser = user + hostUser = user
+ } + }
+ +
@ -368,5 +371,5 @@ index 000000000000..b09ad96f01b0
+ return nil + return nil
+} +}
-- --
2.14.2 2.15.0