Accepting request 885816 from home:cyphar:docker
- Update to Docker 20.10.6-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1184768 - Rebase patches: * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch - Backport upstream fix <https://github.com/moby/moby/pull/42273> for btrfs quotas being removed by Docker regularly. bsc#1183855 bsc#1175081 + 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch OBS-URL: https://build.opensuse.org/request/show/885816 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=360
This commit is contained in:
parent
269847c9f6
commit
c746a15310
@ -1,7 +1,7 @@
|
||||
From 6a5d238a42b8adc5d29bbd9bd688aa1034f5cdfd Mon Sep 17 00:00:00 2001
|
||||
From 5dfd507cf2ab34a99d925eae7fa9a1a062c1930e Mon Sep 17 00:00:00 2001
|
||||
From: Aleksa Sarai <asarai@suse.de>
|
||||
Date: Wed, 8 Mar 2017 12:41:54 +1100
|
||||
Subject: [PATCH 1/4] SECRETS: daemon: allow directory creation in /run/secrets
|
||||
Subject: [PATCH 1/5] SECRETS: daemon: allow directory creation in /run/secrets
|
||||
|
||||
Since FileMode can have the directory bit set, allow a SecretStore
|
||||
implementation to return secrets that are actually directories. This is
|
||||
@ -70,5 +70,5 @@ index 5521adbd2749..c103d9349c51 100644
|
||||
return errors.Wrap(err, "error setting ownership for secret")
|
||||
}
|
||||
--
|
||||
2.30.1
|
||||
2.30.2
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
From bf083a6f80b204325673732944b53a447f9e4171 Mon Sep 17 00:00:00 2001
|
||||
From cb696ab8168b611535c04f8780c4632a2dc0ec2a Mon Sep 17 00:00:00 2001
|
||||
From: Aleksa Sarai <asarai@suse.de>
|
||||
Date: Wed, 8 Mar 2017 11:43:29 +1100
|
||||
Subject: [PATCH 2/4] SECRETS: SUSE: implement SUSE container secrets
|
||||
Subject: [PATCH 2/5] SECRETS: SUSE: implement SUSE container secrets
|
||||
|
||||
This allows for us to pass in host credentials to a container, allowing
|
||||
for SUSEConnect to work with containers.
|
||||
@ -451,5 +451,5 @@ index 000000000000..9ee33adf7497
|
||||
+ return nil
|
||||
+}
|
||||
--
|
||||
2.30.1
|
||||
2.30.2
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 10d0381bf317221167af0930c552a8b27c7861a4 Mon Sep 17 00:00:00 2001
|
||||
From 759c1b0c2d4a3c89dea396510d2a1518ad2fcb2c Mon Sep 17 00:00:00 2001
|
||||
From: Valentin Rothberg <vrothberg@suse.com>
|
||||
Date: Mon, 2 Jul 2018 13:37:34 +0200
|
||||
Subject: [PATCH 3/4] PRIVATE-REGISTRY: add private-registry mirror support
|
||||
Subject: [PATCH 3/5] PRIVATE-REGISTRY: add private-registry mirror support
|
||||
|
||||
NOTE: This is a backport/downstream patch of the upstream pull-request
|
||||
for Moby, which is still subject to changes. Please visit
|
||||
@ -1142,5 +1142,5 @@ index 3e3a5b41ffbd..451a6f874bc1 100644
|
||||
|
||||
endpoints = []APIEndpoint{
|
||||
--
|
||||
2.30.1
|
||||
2.30.2
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 8cf5f05b8bcb5588bec92d5732e81f26fa632fce Mon Sep 17 00:00:00 2001
|
||||
From 9f27140b54e30eed9d3428b24c3ca9c340c48394 Mon Sep 17 00:00:00 2001
|
||||
From: Aleksa Sarai <asarai@suse.de>
|
||||
Date: Fri, 29 Jun 2018 17:59:30 +1000
|
||||
Subject: [PATCH 4/4] bsc1073877: apparmor: clobber docker-default profile on
|
||||
Subject: [PATCH 4/5] bsc1073877: apparmor: clobber docker-default profile on
|
||||
start
|
||||
|
||||
In the process of making docker-default reloading far less expensive,
|
||||
@ -85,5 +85,5 @@ index 3d8cca288010..62d3859cff8c 100644
|
||||
}
|
||||
|
||||
--
|
||||
2.30.1
|
||||
2.30.2
|
||||
|
||||
|
144
0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
Normal file
144
0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
Normal file
@ -0,0 +1,144 @@
|
||||
From bb452793d224b00a3700af9fdd9b0f183e1141f1 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Rostecki <mrostecki@opensuse.org>
|
||||
Date: Thu, 8 Apr 2021 14:42:02 +0100
|
||||
Subject: [PATCH 5/5] bsc1183855: btrfs: Do not disable quota on cleanup
|
||||
|
||||
Before this change, cleanup of the btrfs driver (occuring on each daemon
|
||||
shutdown) resulted in disabling quotas. It was done with an assumption
|
||||
that quotas can be enabled or disabled on a subvolume level, which is
|
||||
not true - enabling or disabling quota is always done on a filesystem
|
||||
level.
|
||||
|
||||
That was leading to disabling quota on btrfs filesystems on each daemon
|
||||
shutdown.
|
||||
|
||||
This change fixes that behavior and removes misleading `subvol` prefix
|
||||
from functions and methods which set up quota (on a filesystem level).
|
||||
|
||||
SUSE-Bugs: bsc#1175081 bsc#1183855
|
||||
SUSE-Upstream-Commit: 1ec689c4c2ecda24ed8495451c53072bb0497871
|
||||
Fixes: 401c8d176743 ("Add disk quota support for btrfs")
|
||||
Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
|
||||
---
|
||||
daemon/graphdriver/btrfs/btrfs.go | 50 +++++--------------------------
|
||||
1 file changed, 8 insertions(+), 42 deletions(-)
|
||||
|
||||
diff --git a/daemon/graphdriver/btrfs/btrfs.go b/daemon/graphdriver/btrfs/btrfs.go
|
||||
index 0499489d16e6..0720bb571f2e 100644
|
||||
--- a/daemon/graphdriver/btrfs/btrfs.go
|
||||
+++ b/daemon/graphdriver/btrfs/btrfs.go
|
||||
@@ -96,7 +96,7 @@ func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap
|
||||
}
|
||||
|
||||
if userDiskQuota {
|
||||
- if err := driver.subvolEnableQuota(); err != nil {
|
||||
+ if err := driver.enableQuota(); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
@@ -165,18 +165,10 @@ func (d *Driver) GetMetadata(id string) (map[string]string, error) {
|
||||
|
||||
// Cleanup unmounts the home directory.
|
||||
func (d *Driver) Cleanup() error {
|
||||
- err := d.subvolDisableQuota()
|
||||
- umountErr := mount.Unmount(d.home)
|
||||
-
|
||||
- // in case we have two errors, prefer the one from disableQuota()
|
||||
- if err != nil {
|
||||
+ if err := mount.Unmount(d.home); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
- if umountErr != nil {
|
||||
- return umountErr
|
||||
- }
|
||||
-
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -334,7 +326,7 @@ func (d *Driver) updateQuotaStatus() {
|
||||
d.once.Do(func() {
|
||||
if !d.quotaEnabled {
|
||||
// In case quotaEnabled is not set, check qgroup and update quotaEnabled as needed
|
||||
- if err := subvolQgroupStatus(d.home); err != nil {
|
||||
+ if err := qgroupStatus(d.home); err != nil {
|
||||
// quota is still not enabled
|
||||
return
|
||||
}
|
||||
@@ -343,7 +335,7 @@ func (d *Driver) updateQuotaStatus() {
|
||||
})
|
||||
}
|
||||
|
||||
-func (d *Driver) subvolEnableQuota() error {
|
||||
+func (d *Driver) enableQuota() error {
|
||||
d.updateQuotaStatus()
|
||||
|
||||
if d.quotaEnabled {
|
||||
@@ -369,32 +361,6 @@ func (d *Driver) subvolEnableQuota() error {
|
||||
return nil
|
||||
}
|
||||
|
||||
-func (d *Driver) subvolDisableQuota() error {
|
||||
- d.updateQuotaStatus()
|
||||
-
|
||||
- if !d.quotaEnabled {
|
||||
- return nil
|
||||
- }
|
||||
-
|
||||
- dir, err := openDir(d.home)
|
||||
- if err != nil {
|
||||
- return err
|
||||
- }
|
||||
- defer closeDir(dir)
|
||||
-
|
||||
- var args C.struct_btrfs_ioctl_quota_ctl_args
|
||||
- args.cmd = C.BTRFS_QUOTA_CTL_DISABLE
|
||||
- _, _, errno := unix.Syscall(unix.SYS_IOCTL, getDirFd(dir), C.BTRFS_IOC_QUOTA_CTL,
|
||||
- uintptr(unsafe.Pointer(&args)))
|
||||
- if errno != 0 {
|
||||
- return fmt.Errorf("Failed to disable btrfs quota for %s: %v", dir, errno.Error())
|
||||
- }
|
||||
-
|
||||
- d.quotaEnabled = false
|
||||
-
|
||||
- return nil
|
||||
-}
|
||||
-
|
||||
func (d *Driver) subvolRescanQuota() error {
|
||||
d.updateQuotaStatus()
|
||||
|
||||
@@ -437,11 +403,11 @@ func subvolLimitQgroup(path string, size uint64) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
-// subvolQgroupStatus performs a BTRFS_IOC_TREE_SEARCH on the root path
|
||||
+// qgroupStatus performs a BTRFS_IOC_TREE_SEARCH on the root path
|
||||
// with search key of BTRFS_QGROUP_STATUS_KEY.
|
||||
// In case qgroup is enabled, the retuned key type will match BTRFS_QGROUP_STATUS_KEY.
|
||||
// For more details please see https://github.com/kdave/btrfs-progs/blob/v4.9/qgroup.c#L1035
|
||||
-func subvolQgroupStatus(path string) error {
|
||||
+func qgroupStatus(path string) error {
|
||||
dir, err := openDir(path)
|
||||
if err != nil {
|
||||
return err
|
||||
@@ -608,7 +574,7 @@ func (d *Driver) setStorageSize(dir string, driver *Driver) error {
|
||||
if d.options.minSpace > 0 && driver.options.size < d.options.minSpace {
|
||||
return fmt.Errorf("btrfs: storage size cannot be less than %s", units.HumanSize(float64(d.options.minSpace)))
|
||||
}
|
||||
- if err := d.subvolEnableQuota(); err != nil {
|
||||
+ if err := d.enableQuota(); err != nil {
|
||||
return err
|
||||
}
|
||||
return subvolLimitQgroup(dir, driver.options.size)
|
||||
@@ -662,7 +628,7 @@ func (d *Driver) Get(id, mountLabel string) (containerfs.ContainerFS, error) {
|
||||
|
||||
if quota, err := ioutil.ReadFile(d.quotasDirID(id)); err == nil {
|
||||
if size, err := strconv.ParseUint(string(quota), 10, 64); err == nil && size >= d.options.minSpace {
|
||||
- if err := d.subvolEnableQuota(); err != nil {
|
||||
+ if err := d.enableQuota(); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if err := subvolLimitQgroup(dir, size); err != nil {
|
||||
--
|
||||
2.30.2
|
||||
|
10
_service
10
_service
@ -3,16 +3,16 @@
|
||||
<param name="url">https://github.com/moby/moby.git</param>
|
||||
<param name="scm">git</param>
|
||||
<param name="exclude">.git</param>
|
||||
<param name="versionformat">20.10.5_ce_%h</param>
|
||||
<param name="revision">v20.10.5</param>
|
||||
<param name="versionformat">20.10.6_ce_%h</param>
|
||||
<param name="revision">v20.10.6</param>
|
||||
<param name="filename">docker</param>
|
||||
</service>
|
||||
<service name="tar_scm" mode="disabled">
|
||||
<param name="url">https://github.com/docker/cli.git</param>
|
||||
<param name="scm">git</param>
|
||||
<param name="exclude">.git</param>
|
||||
<param name="versionformat">20.10.5_ce</param>
|
||||
<param name="revision">v20.10.5</param>
|
||||
<param name="versionformat">20.10.6_ce</param>
|
||||
<param name="revision">v20.10.6</param>
|
||||
<param name="filename">docker-cli</param>
|
||||
</service>
|
||||
<service name="tar_scm" mode="disabled">
|
||||
@ -20,7 +20,7 @@
|
||||
<param name="scm">git</param>
|
||||
<param name="exclude">.git</param>
|
||||
<param name="versionformat">%H</param>
|
||||
<param name="revision">fa125a3512ee0f6187721c88582bf8c4378bd4d7</param>
|
||||
<param name="revision">b3507428be5b458cb0e2b4086b13531fb0706e46</param>
|
||||
<param name="filename">docker-libnetwork</param>
|
||||
</service>
|
||||
<service name="recompress" mode="disabled">
|
||||
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:c4bf5efa9032ba23ac7a9d49d1820f0e1fbc789dfeb8c7cdb6d4909a242dc1a4
|
||||
size 6483364
|
3
docker-20.10.6_ce_8728dd246c3a.tar.xz
Normal file
3
docker-20.10.6_ce_8728dd246c3a.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:620a514c43fc9ffa7fbac50d16f3479e576425ef1496c13c6b2c226be1dc54ef
|
||||
size 6486364
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:a95986b5c90e357b76bbc2251cbd6da9c4adc3d689d84fe165922824e4118b16
|
||||
size 4452156
|
3
docker-cli-20.10.6_ce.tar.xz
Normal file
3
docker-cli-20.10.6_ce.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:22c42e3fb154a00627b6698573fe4b035638cfd5f5dc1d26795e096d73c1da13
|
||||
size 4409500
|
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:29bbbfafb284edb07004fdfe2dccc43c7f8e0eb8c17e7370f13e22e6778b7745
|
||||
size 1982240
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:a50f42e391a98ab204eaa93e2269981be36f619c68b2bbfc3224263fbd30c4a8
|
||||
size 1982676
|
@ -1,3 +1,17 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Apr 15 05:23:20 UTC 2021 - Aleksa Sarai <asarai@suse.com>
|
||||
|
||||
- Update to Docker 20.10.6-ce. See upstream changelog in the packaged
|
||||
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1184768
|
||||
- Rebase patches:
|
||||
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
|
||||
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
|
||||
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
|
||||
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
|
||||
- Backport upstream fix <https://github.com/moby/moby/pull/42273> for btrfs
|
||||
quotas being removed by Docker regularly. bsc#1183855 bsc#1175081
|
||||
+ 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Mar 3 00:49:58 UTC 2021 - Aleksa Sarai <asarai@suse.com>
|
||||
|
||||
|
16
docker.spec
16
docker.spec
@ -42,24 +42,24 @@
|
||||
# helpfully injects into our build environment from the changelog). If you want
|
||||
# to generate a new git_commit_epoch, use this:
|
||||
# $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s'
|
||||
%define git_version 363e9a88a11b
|
||||
%define git_commit_epoch 1614234438
|
||||
%define git_version 8728dd246c3a
|
||||
%define git_commit_epoch 1618005978
|
||||
|
||||
# We require a specific pin of libnetwork because it doesn't really do
|
||||
# versioning and minor version mismatches in libnetwork can break Docker
|
||||
# networking. All other key runtime dependencies (containerd, runc) are stable
|
||||
# enough that this isn't necessary.
|
||||
%define libnetwork_version fa125a3512ee0f6187721c88582bf8c4378bd4d7
|
||||
%define libnetwork_version b3507428be5b458cb0e2b4086b13531fb0706e46
|
||||
|
||||
%define dist_builddir %{_builddir}/dist-suse
|
||||
%define cli_builddir %{dist_builddir}/src/github.com/docker/cli
|
||||
%define proxy_builddir %{dist_builddir}/src/github.com/docker/libnetwork
|
||||
|
||||
Name: %{realname}%{name_suffix}
|
||||
Version: 20.10.5_ce
|
||||
Version: 20.10.6_ce
|
||||
# This "nice version" is so that docker --version gives a result that can be
|
||||
# parsed by other people. boo#1182476
|
||||
%define nice_version 20.10.5-ce
|
||||
%define nice_version 20.10.6-ce
|
||||
Release: 0
|
||||
Summary: The Moby-project Linux container runtime
|
||||
License: Apache-2.0
|
||||
@ -92,6 +92,8 @@ Patch101: 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
|
||||
Patch200: 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
|
||||
# SUSE-BACKPORT: Backport of https://github.com/docker/docker/pull/37353. bsc#1073877 bsc#1099277
|
||||
Patch300: 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
|
||||
# SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/42273. bsc#1183855 bsc#1175081
|
||||
Patch301: 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
|
||||
BuildRequires: audit
|
||||
BuildRequires: bash-completion
|
||||
BuildRequires: ca-certificates
|
||||
@ -257,6 +259,8 @@ docker container runtime configuration for kubeadm
|
||||
%endif
|
||||
# bsc#1099277
|
||||
%patch300 -p1
|
||||
# bsc#1183855 bsc#1175081
|
||||
%patch301 -p1
|
||||
|
||||
# README_SUSE.md for documentation.
|
||||
cp %{SOURCE103} .
|
||||
@ -322,7 +326,7 @@ export GOPATH="$GOPATH:$PWD"
|
||||
###################
|
||||
|
||||
pushd %{cli_builddir}
|
||||
./scripts/build/dynbinary
|
||||
make dynbinary
|
||||
|
||||
mkdir -p ./man/man1
|
||||
go build -buildmode=pie -o gen-manpages github.com/docker/cli/man
|
||||
|
Loading…
Reference in New Issue
Block a user