Accepting request 885816 from home:cyphar:docker

- Update to Docker 20.10.6-ce. See upstream changelog in the packaged
  /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1184768
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Backport upstream fix <https://github.com/moby/moby/pull/42273> for btrfs
  quotas being removed by Docker regularly. bsc#1183855 bsc#1175081
  + 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch

OBS-URL: https://build.opensuse.org/request/show/885816
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=360
This commit is contained in:
Aleksa Sarai 2021-04-16 04:37:30 +00:00 committed by Git OBS Bridge
parent 269847c9f6
commit c746a15310
14 changed files with 194 additions and 32 deletions

View File

@ -1,7 +1,7 @@
From 6a5d238a42b8adc5d29bbd9bd688aa1034f5cdfd Mon Sep 17 00:00:00 2001 From 5dfd507cf2ab34a99d925eae7fa9a1a062c1930e Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de> From: Aleksa Sarai <asarai@suse.de>
Date: Wed, 8 Mar 2017 12:41:54 +1100 Date: Wed, 8 Mar 2017 12:41:54 +1100
Subject: [PATCH 1/4] SECRETS: daemon: allow directory creation in /run/secrets Subject: [PATCH 1/5] SECRETS: daemon: allow directory creation in /run/secrets
Since FileMode can have the directory bit set, allow a SecretStore Since FileMode can have the directory bit set, allow a SecretStore
implementation to return secrets that are actually directories. This is implementation to return secrets that are actually directories. This is
@ -70,5 +70,5 @@ index 5521adbd2749..c103d9349c51 100644
return errors.Wrap(err, "error setting ownership for secret") return errors.Wrap(err, "error setting ownership for secret")
} }
-- --
2.30.1 2.30.2

View File

@ -1,7 +1,7 @@
From bf083a6f80b204325673732944b53a447f9e4171 Mon Sep 17 00:00:00 2001 From cb696ab8168b611535c04f8780c4632a2dc0ec2a Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de> From: Aleksa Sarai <asarai@suse.de>
Date: Wed, 8 Mar 2017 11:43:29 +1100 Date: Wed, 8 Mar 2017 11:43:29 +1100
Subject: [PATCH 2/4] SECRETS: SUSE: implement SUSE container secrets Subject: [PATCH 2/5] SECRETS: SUSE: implement SUSE container secrets
This allows for us to pass in host credentials to a container, allowing This allows for us to pass in host credentials to a container, allowing
for SUSEConnect to work with containers. for SUSEConnect to work with containers.
@ -451,5 +451,5 @@ index 000000000000..9ee33adf7497
+ return nil + return nil
+} +}
-- --
2.30.1 2.30.2

View File

@ -1,7 +1,7 @@
From 10d0381bf317221167af0930c552a8b27c7861a4 Mon Sep 17 00:00:00 2001 From 759c1b0c2d4a3c89dea396510d2a1518ad2fcb2c Mon Sep 17 00:00:00 2001
From: Valentin Rothberg <vrothberg@suse.com> From: Valentin Rothberg <vrothberg@suse.com>
Date: Mon, 2 Jul 2018 13:37:34 +0200 Date: Mon, 2 Jul 2018 13:37:34 +0200
Subject: [PATCH 3/4] PRIVATE-REGISTRY: add private-registry mirror support Subject: [PATCH 3/5] PRIVATE-REGISTRY: add private-registry mirror support
NOTE: This is a backport/downstream patch of the upstream pull-request NOTE: This is a backport/downstream patch of the upstream pull-request
for Moby, which is still subject to changes. Please visit for Moby, which is still subject to changes. Please visit
@ -1142,5 +1142,5 @@ index 3e3a5b41ffbd..451a6f874bc1 100644
endpoints = []APIEndpoint{ endpoints = []APIEndpoint{
-- --
2.30.1 2.30.2

View File

@ -1,7 +1,7 @@
From 8cf5f05b8bcb5588bec92d5732e81f26fa632fce Mon Sep 17 00:00:00 2001 From 9f27140b54e30eed9d3428b24c3ca9c340c48394 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de> From: Aleksa Sarai <asarai@suse.de>
Date: Fri, 29 Jun 2018 17:59:30 +1000 Date: Fri, 29 Jun 2018 17:59:30 +1000
Subject: [PATCH 4/4] bsc1073877: apparmor: clobber docker-default profile on Subject: [PATCH 4/5] bsc1073877: apparmor: clobber docker-default profile on
start start
In the process of making docker-default reloading far less expensive, In the process of making docker-default reloading far less expensive,
@ -85,5 +85,5 @@ index 3d8cca288010..62d3859cff8c 100644
} }
-- --
2.30.1 2.30.2

View File

@ -0,0 +1,144 @@
From bb452793d224b00a3700af9fdd9b0f183e1141f1 Mon Sep 17 00:00:00 2001
From: Michal Rostecki <mrostecki@opensuse.org>
Date: Thu, 8 Apr 2021 14:42:02 +0100
Subject: [PATCH 5/5] bsc1183855: btrfs: Do not disable quota on cleanup
Before this change, cleanup of the btrfs driver (occuring on each daemon
shutdown) resulted in disabling quotas. It was done with an assumption
that quotas can be enabled or disabled on a subvolume level, which is
not true - enabling or disabling quota is always done on a filesystem
level.
That was leading to disabling quota on btrfs filesystems on each daemon
shutdown.
This change fixes that behavior and removes misleading `subvol` prefix
from functions and methods which set up quota (on a filesystem level).
SUSE-Bugs: bsc#1175081 bsc#1183855
SUSE-Upstream-Commit: 1ec689c4c2ecda24ed8495451c53072bb0497871
Fixes: 401c8d176743 ("Add disk quota support for btrfs")
Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
---
daemon/graphdriver/btrfs/btrfs.go | 50 +++++--------------------------
1 file changed, 8 insertions(+), 42 deletions(-)
diff --git a/daemon/graphdriver/btrfs/btrfs.go b/daemon/graphdriver/btrfs/btrfs.go
index 0499489d16e6..0720bb571f2e 100644
--- a/daemon/graphdriver/btrfs/btrfs.go
+++ b/daemon/graphdriver/btrfs/btrfs.go
@@ -96,7 +96,7 @@ func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap
}
if userDiskQuota {
- if err := driver.subvolEnableQuota(); err != nil {
+ if err := driver.enableQuota(); err != nil {
return nil, err
}
}
@@ -165,18 +165,10 @@ func (d *Driver) GetMetadata(id string) (map[string]string, error) {
// Cleanup unmounts the home directory.
func (d *Driver) Cleanup() error {
- err := d.subvolDisableQuota()
- umountErr := mount.Unmount(d.home)
-
- // in case we have two errors, prefer the one from disableQuota()
- if err != nil {
+ if err := mount.Unmount(d.home); err != nil {
return err
}
- if umountErr != nil {
- return umountErr
- }
-
return nil
}
@@ -334,7 +326,7 @@ func (d *Driver) updateQuotaStatus() {
d.once.Do(func() {
if !d.quotaEnabled {
// In case quotaEnabled is not set, check qgroup and update quotaEnabled as needed
- if err := subvolQgroupStatus(d.home); err != nil {
+ if err := qgroupStatus(d.home); err != nil {
// quota is still not enabled
return
}
@@ -343,7 +335,7 @@ func (d *Driver) updateQuotaStatus() {
})
}
-func (d *Driver) subvolEnableQuota() error {
+func (d *Driver) enableQuota() error {
d.updateQuotaStatus()
if d.quotaEnabled {
@@ -369,32 +361,6 @@ func (d *Driver) subvolEnableQuota() error {
return nil
}
-func (d *Driver) subvolDisableQuota() error {
- d.updateQuotaStatus()
-
- if !d.quotaEnabled {
- return nil
- }
-
- dir, err := openDir(d.home)
- if err != nil {
- return err
- }
- defer closeDir(dir)
-
- var args C.struct_btrfs_ioctl_quota_ctl_args
- args.cmd = C.BTRFS_QUOTA_CTL_DISABLE
- _, _, errno := unix.Syscall(unix.SYS_IOCTL, getDirFd(dir), C.BTRFS_IOC_QUOTA_CTL,
- uintptr(unsafe.Pointer(&args)))
- if errno != 0 {
- return fmt.Errorf("Failed to disable btrfs quota for %s: %v", dir, errno.Error())
- }
-
- d.quotaEnabled = false
-
- return nil
-}
-
func (d *Driver) subvolRescanQuota() error {
d.updateQuotaStatus()
@@ -437,11 +403,11 @@ func subvolLimitQgroup(path string, size uint64) error {
return nil
}
-// subvolQgroupStatus performs a BTRFS_IOC_TREE_SEARCH on the root path
+// qgroupStatus performs a BTRFS_IOC_TREE_SEARCH on the root path
// with search key of BTRFS_QGROUP_STATUS_KEY.
// In case qgroup is enabled, the retuned key type will match BTRFS_QGROUP_STATUS_KEY.
// For more details please see https://github.com/kdave/btrfs-progs/blob/v4.9/qgroup.c#L1035
-func subvolQgroupStatus(path string) error {
+func qgroupStatus(path string) error {
dir, err := openDir(path)
if err != nil {
return err
@@ -608,7 +574,7 @@ func (d *Driver) setStorageSize(dir string, driver *Driver) error {
if d.options.minSpace > 0 && driver.options.size < d.options.minSpace {
return fmt.Errorf("btrfs: storage size cannot be less than %s", units.HumanSize(float64(d.options.minSpace)))
}
- if err := d.subvolEnableQuota(); err != nil {
+ if err := d.enableQuota(); err != nil {
return err
}
return subvolLimitQgroup(dir, driver.options.size)
@@ -662,7 +628,7 @@ func (d *Driver) Get(id, mountLabel string) (containerfs.ContainerFS, error) {
if quota, err := ioutil.ReadFile(d.quotasDirID(id)); err == nil {
if size, err := strconv.ParseUint(string(quota), 10, 64); err == nil && size >= d.options.minSpace {
- if err := d.subvolEnableQuota(); err != nil {
+ if err := d.enableQuota(); err != nil {
return nil, err
}
if err := subvolLimitQgroup(dir, size); err != nil {
--
2.30.2

View File

@ -3,16 +3,16 @@
<param name="url">https://github.com/moby/moby.git</param> <param name="url">https://github.com/moby/moby.git</param>
<param name="scm">git</param> <param name="scm">git</param>
<param name="exclude">.git</param> <param name="exclude">.git</param>
<param name="versionformat">20.10.5_ce_%h</param> <param name="versionformat">20.10.6_ce_%h</param>
<param name="revision">v20.10.5</param> <param name="revision">v20.10.6</param>
<param name="filename">docker</param> <param name="filename">docker</param>
</service> </service>
<service name="tar_scm" mode="disabled"> <service name="tar_scm" mode="disabled">
<param name="url">https://github.com/docker/cli.git</param> <param name="url">https://github.com/docker/cli.git</param>
<param name="scm">git</param> <param name="scm">git</param>
<param name="exclude">.git</param> <param name="exclude">.git</param>
<param name="versionformat">20.10.5_ce</param> <param name="versionformat">20.10.6_ce</param>
<param name="revision">v20.10.5</param> <param name="revision">v20.10.6</param>
<param name="filename">docker-cli</param> <param name="filename">docker-cli</param>
</service> </service>
<service name="tar_scm" mode="disabled"> <service name="tar_scm" mode="disabled">
@ -20,7 +20,7 @@
<param name="scm">git</param> <param name="scm">git</param>
<param name="exclude">.git</param> <param name="exclude">.git</param>
<param name="versionformat">%H</param> <param name="versionformat">%H</param>
<param name="revision">fa125a3512ee0f6187721c88582bf8c4378bd4d7</param> <param name="revision">b3507428be5b458cb0e2b4086b13531fb0706e46</param>
<param name="filename">docker-libnetwork</param> <param name="filename">docker-libnetwork</param>
</service> </service>
<service name="recompress" mode="disabled"> <service name="recompress" mode="disabled">

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c4bf5efa9032ba23ac7a9d49d1820f0e1fbc789dfeb8c7cdb6d4909a242dc1a4
size 6483364

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:620a514c43fc9ffa7fbac50d16f3479e576425ef1496c13c6b2c226be1dc54ef
size 6486364

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a95986b5c90e357b76bbc2251cbd6da9c4adc3d689d84fe165922824e4118b16
size 4452156

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:22c42e3fb154a00627b6698573fe4b035638cfd5f5dc1d26795e096d73c1da13
size 4409500

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:29bbbfafb284edb07004fdfe2dccc43c7f8e0eb8c17e7370f13e22e6778b7745
size 1982240

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a50f42e391a98ab204eaa93e2269981be36f619c68b2bbfc3224263fbd30c4a8
size 1982676

View File

@ -1,3 +1,17 @@
-------------------------------------------------------------------
Thu Apr 15 05:23:20 UTC 2021 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 20.10.6-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1184768
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Backport upstream fix <https://github.com/moby/moby/pull/42273> for btrfs
quotas being removed by Docker regularly. bsc#1183855 bsc#1175081
+ 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Mar 3 00:49:58 UTC 2021 - Aleksa Sarai <asarai@suse.com> Wed Mar 3 00:49:58 UTC 2021 - Aleksa Sarai <asarai@suse.com>

View File

@ -42,24 +42,24 @@
# helpfully injects into our build environment from the changelog). If you want # helpfully injects into our build environment from the changelog). If you want
# to generate a new git_commit_epoch, use this: # to generate a new git_commit_epoch, use this:
# $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s' # $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s'
%define git_version 363e9a88a11b %define git_version 8728dd246c3a
%define git_commit_epoch 1614234438 %define git_commit_epoch 1618005978
# We require a specific pin of libnetwork because it doesn't really do # We require a specific pin of libnetwork because it doesn't really do
# versioning and minor version mismatches in libnetwork can break Docker # versioning and minor version mismatches in libnetwork can break Docker
# networking. All other key runtime dependencies (containerd, runc) are stable # networking. All other key runtime dependencies (containerd, runc) are stable
# enough that this isn't necessary. # enough that this isn't necessary.
%define libnetwork_version fa125a3512ee0f6187721c88582bf8c4378bd4d7 %define libnetwork_version b3507428be5b458cb0e2b4086b13531fb0706e46
%define dist_builddir %{_builddir}/dist-suse %define dist_builddir %{_builddir}/dist-suse
%define cli_builddir %{dist_builddir}/src/github.com/docker/cli %define cli_builddir %{dist_builddir}/src/github.com/docker/cli
%define proxy_builddir %{dist_builddir}/src/github.com/docker/libnetwork %define proxy_builddir %{dist_builddir}/src/github.com/docker/libnetwork
Name: %{realname}%{name_suffix} Name: %{realname}%{name_suffix}
Version: 20.10.5_ce Version: 20.10.6_ce
# This "nice version" is so that docker --version gives a result that can be # This "nice version" is so that docker --version gives a result that can be
# parsed by other people. boo#1182476 # parsed by other people. boo#1182476
%define nice_version 20.10.5-ce %define nice_version 20.10.6-ce
Release: 0 Release: 0
Summary: The Moby-project Linux container runtime Summary: The Moby-project Linux container runtime
License: Apache-2.0 License: Apache-2.0
@ -92,6 +92,8 @@ Patch101: 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
Patch200: 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch Patch200: 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
# SUSE-BACKPORT: Backport of https://github.com/docker/docker/pull/37353. bsc#1073877 bsc#1099277 # SUSE-BACKPORT: Backport of https://github.com/docker/docker/pull/37353. bsc#1073877 bsc#1099277
Patch300: 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch Patch300: 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
# SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/42273. bsc#1183855 bsc#1175081
Patch301: 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
BuildRequires: audit BuildRequires: audit
BuildRequires: bash-completion BuildRequires: bash-completion
BuildRequires: ca-certificates BuildRequires: ca-certificates
@ -257,6 +259,8 @@ docker container runtime configuration for kubeadm
%endif %endif
# bsc#1099277 # bsc#1099277
%patch300 -p1 %patch300 -p1
# bsc#1183855 bsc#1175081
%patch301 -p1
# README_SUSE.md for documentation. # README_SUSE.md for documentation.
cp %{SOURCE103} . cp %{SOURCE103} .
@ -322,7 +326,7 @@ export GOPATH="$GOPATH:$PWD"
################### ###################
pushd %{cli_builddir} pushd %{cli_builddir}
./scripts/build/dynbinary make dynbinary
mkdir -p ./man/man1 mkdir -p ./man/man1
go build -buildmode=pie -o gen-manpages github.com/docker/cli/man go build -buildmode=pie -o gen-manpages github.com/docker/cli/man