pool/docker
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Update to Docker 20.10.3-ce. See upstream changelog in the packaged

Browse Source 
/usr/share/doc/packages/docker/CHANGELOG.md. CVE-2021-21285 CVE-2021-21284
- Drop docker-runc, docker-test and docker-libnetwork packages. We now just use
  the upstream runc package (it's stable enough and Docker no longer pins git
  versions). docker-libnetwork is so unstable that it doesn't have any
  versioning scheme and so it really doesn't make sense to maintain the project
  as a separate package. bsc#1181641 bsc#1181677

OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=354
This commit is contained in:
Aleksa Sarai 2021-02-02 22:19:52 +00:00 committed by Git OBS Bridge
parent de3596b770
commit cb6967cb97
14 changed files with 151 additions and 481 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
0001-PACKAGING-revert-Remove-docker-prefix-for-containerd.patch
View File

@ -1,110 +0,0 @@
From 9961826453fee3b52244ba920359b9e2f9ad137c Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Thu, 29 Nov 2018 20:53:16 +1100
Subject: [PATCH 1/5] PACKAGING: revert "Remove 'docker-' prefix for containerd
and runc binaries"
This reverts commit 34eede0296bce6a9c335cb429f10728ae3f4252d, as it
would significantly break openSUSE's packaging (as well as causing
conflicts between the very-outdated runc that Docker uses and the more
up-to-date one available for Podman).
Signed-off-by: Aleksa Sarai <asarai@suse.de>
---
builder/builder-next/executor_unix.go | 2 +-
daemon/daemon_unix.go | 8 ++++++--
libcontainerd/supervisor/remote_daemon.go | 4 ++--
libcontainerd/supervisor/remote_daemon_linux.go | 4 ++--
libcontainerd/supervisor/remote_daemon_windows.go | 4 ++--
5 files changed, 13 insertions(+), 9 deletions(-)
diff --git a/builder/builder-next/executor_unix.go b/builder/builder-next/executor_unix.go
index c052ec707fec..d1caf53f5023 100644
--- a/builder/builder-next/executor_unix.go
+++ b/builder/builder-next/executor_unix.go
@@ -32,7 +32,7 @@ func newExecutor(root, cgroupParent string, net libnetwork.NetworkController, dn
}
return runcexecutor.New(runcexecutor.Opt{
Root: filepath.Join(root, "executor"),
- CommandCandidates: []string{"runc"},
+ CommandCandidates: []string{"docker-runc", "runc"},
DefaultCgroupParent: cgroupParent,
Rootless: rootless,
NoPivot: os.Getenv("DOCKER_RAMDISK") != "",
diff --git a/daemon/daemon_unix.go b/daemon/daemon_unix.go
index 5fa688dff4c7..f610fdb01d27 100644
--- a/daemon/daemon_unix.go
+++ b/daemon/daemon_unix.go
@@ -58,11 +58,11 @@ const (
// DefaultShimBinary is the default shim to be used by containerd if none
// is specified
- DefaultShimBinary = "containerd-shim"
+ DefaultShimBinary = "docker-containerd-shim"
// DefaultRuntimeBinary is the default runtime to be used by
// containerd if none is specified
- DefaultRuntimeBinary = "runc"
+ DefaultRuntimeBinary = "docker-runc"
// See https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/tree/kernel/sched/sched.h?id=8cd9234c64c584432f6992fe944ca9e46ca8ea76#n269
linuxMinCPUShares = 2
@@ -78,6 +78,10 @@ const (
cgroupFsDriver = "cgroupfs"
cgroupSystemdDriver = "systemd"
cgroupNoneDriver = "none"
+
+ // DefaultRuntimeName is the default runtime to be used by
+ // containerd if none is specified
+ DefaultRuntimeName = "docker-runc"
)
type containerGetter interface {
diff --git a/libcontainerd/supervisor/remote_daemon.go b/libcontainerd/supervisor/remote_daemon.go
index 3538612246f4..f17868a7e1f8 100644
--- a/libcontainerd/supervisor/remote_daemon.go
+++ b/libcontainerd/supervisor/remote_daemon.go
@@ -27,8 +27,8 @@ const (
shutdownTimeout = 15 * time.Second
startupTimeout = 15 * time.Second
configFile = "containerd.toml"
- binaryName = "containerd"
- pidFile = "containerd.pid"
+ binaryName = "docker-containerd"
+ pidFile = "docker-containerd.pid"
)
type pluginConfigs struct {
diff --git a/libcontainerd/supervisor/remote_daemon_linux.go b/libcontainerd/supervisor/remote_daemon_linux.go
index d229881a62b3..da93fc45371d 100644
--- a/libcontainerd/supervisor/remote_daemon_linux.go
+++ b/libcontainerd/supervisor/remote_daemon_linux.go
@@ -11,8 +11,8 @@ import (
)
const (
- sockFile = "containerd.sock"
- debugSockFile = "containerd-debug.sock"
+ sockFile = "docker-containerd.sock"
+ debugSockFile = "docker-containerd-debug.sock"
)
func (r *remote) setDefaults() {
diff --git a/libcontainerd/supervisor/remote_daemon_windows.go b/libcontainerd/supervisor/remote_daemon_windows.go
index 9b254ef58a0a..bcdc9529e0f7 100644
--- a/libcontainerd/supervisor/remote_daemon_windows.go
+++ b/libcontainerd/supervisor/remote_daemon_windows.go
@@ -7,8 +7,8 @@ import (
)
const (
- grpcPipeName = `\\.\pipe\containerd-containerd`
- debugPipeName = `\\.\pipe\containerd-debug`
+ grpcPipeName = `\\.\pipe\docker-containerd-containerd`
+ debugPipeName = `\\.\pipe\docker-containerd-debug`
)
func (r *remote) setDefaults() {
--
2.30.0

6
0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch → 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
View File

@ -1,7 +1,7 @@
From e24062ca12b575bc417fea2f46544ccd18e5f1eb Mon Sep 17 00:00:00 2001
From 1edf7a140c843cc6db85cdea298db19fee316dcb Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Wed, 8 Mar 2017 12:41:54 +1100
Subject: [PATCH 2/5] SECRETS: daemon: allow directory creation in /run/secrets
Subject: [PATCH 1/4] SECRETS: daemon: allow directory creation in /run/secrets
Since FileMode can have the directory bit set, allow a SecretStore
implementation to return secrets that are actually directories. This is
@ -14,7 +14,7 @@ Signed-off-by: Aleksa Sarai <asarai@suse.de>
1 file changed, 21 insertions(+), 3 deletions(-)
diff --git a/daemon/container_operations_unix.go b/daemon/container_operations_unix.go
index f4f1bd2c0b6a..f18f522485ee 100644
index 5521adbd2749..c103d9349c51 100644
--- a/daemon/container_operations_unix.go
+++ b/daemon/container_operations_unix.go
@@ -3,6 +3,7 @@

4
0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch → 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
View File

@ -1,7 +1,7 @@
From 3469fd3b7da0477ba781d95b02bd698c770916f6 Mon Sep 17 00:00:00 2001
From b7419429d17675d8db949bd7c35812308684254a Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Wed, 8 Mar 2017 11:43:29 +1100
Subject: [PATCH 3/5] SECRETS: SUSE: implement SUSE container secrets
Subject: [PATCH 2/4] SECRETS: SUSE: implement SUSE container secrets
This allows for us to pass in host credentials to a container, allowing
for SUSEConnect to work with containers.

6
0004-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch → 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
View File

@ -1,7 +1,7 @@
From 3e63781e1bf40affdb884ddd83b82fc51c54d88a Mon Sep 17 00:00:00 2001
From aa173dd56730552524ab35d74acbe61709c732e2 Mon Sep 17 00:00:00 2001
From: Valentin Rothberg <vrothberg@suse.com>
Date: Mon, 2 Jul 2018 13:37:34 +0200
Subject: [PATCH 4/5] PRIVATE-REGISTRY: add private-registry mirror support
Subject: [PATCH 3/4] PRIVATE-REGISTRY: add private-registry mirror support
NOTE: This is a backport/downstream patch of the upstream pull-request
for Moby, which is still subject to changes. Please visit
@ -444,7 +444,7 @@ index c8ddd4c5cfcd..b17e9d25d6c2 100644
return err
}
diff --git a/distribution/pull_v2.go b/distribution/pull_v2.go
index 12497ea890e7..926e02f851fd 100644
index 023ee2e71efd..e14cdd16b410 100644
--- a/distribution/pull_v2.go
+++ b/distribution/pull_v2.go
@@ -431,7 +431,7 @@ func (p *v2Puller) pullV2Tag(ctx context.Context, ref reference.Named, platform

18
0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch → 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
View File

@ -1,7 +1,7 @@
From 4d134a69323ba490b1f8976394cdd9fe0c278b3d Mon Sep 17 00:00:00 2001
From eb4e0b351b4bb229bfd5fd3ed57d3c35040265e0 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Fri, 29 Jun 2018 17:59:30 +1000
Subject: [PATCH 5/5] bsc1073877: apparmor: clobber docker-default profile on
Subject: [PATCH 4/4] bsc1073877: apparmor: clobber docker-default profile on
start
In the process of making docker-default reloading far less expensive,
@ -22,12 +22,12 @@ Signed-off-by: Aleksa Sarai <asarai@suse.de>
3 files changed, 17 insertions(+), 6 deletions(-)
diff --git a/daemon/apparmor_default.go b/daemon/apparmor_default.go
index 2045412a7966..0c1fd0f0c940 100644
index a7cc3a5ef412..1a952953da8f 100644
--- a/daemon/apparmor_default.go
+++ b/daemon/apparmor_default.go
@@ -15,6 +15,15 @@ const (
defaultAppArmorProfile = "docker-default"
)
@@ -23,6 +23,15 @@ func DefaultApparmorProfile() string {
return ""
}
+func clobberDefaultAppArmorProfile() error {
+ if apparmor.IsEnabled() {
@ -41,7 +41,7 @@ index 2045412a7966..0c1fd0f0c940 100644
func ensureDefaultAppArmorProfile() error {
if apparmor.IsEnabled() {
loaded, err := aaprofile.IsLoaded(defaultAppArmorProfile)
@@ -28,10 +37,7 @@ func ensureDefaultAppArmorProfile() error {
@@ -36,10 +45,7 @@ func ensureDefaultAppArmorProfile() error {
}
// Load the profile.
@ -54,7 +54,7 @@ index 2045412a7966..0c1fd0f0c940 100644
return nil
}
diff --git a/daemon/apparmor_default_unsupported.go b/daemon/apparmor_default_unsupported.go
index 51f9c526b350..97d7758442ee 100644
index dd581dc7dadb..5b14979cd4a3 100644
--- a/daemon/apparmor_default_unsupported.go
+++ b/daemon/apparmor_default_unsupported.go
@@ -2,6 +2,10 @@
@ -69,7 +69,7 @@ index 51f9c526b350..97d7758442ee 100644
return nil
}
diff --git a/daemon/daemon.go b/daemon/daemon.go
index 3e86ab5c8721..4a574da030da 100644
index 794ff9712d08..f9e727b348c5 100644
--- a/daemon/daemon.go
+++ b/daemon/daemon.go
@@ -855,8 +855,9 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S

18
_service
View File

@ -1,20 +1,28 @@
<services>
<service name="tar_scm" mode="disabled">
<param name="url">https://github.com/docker/docker.git</param>
<param name="url">https://github.com/moby/moby.git</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
<param name="versionformat">20.10.2_ce_%h</param>
<param name="revision">v20.10.2</param>
<param name="versionformat">20.10.3_ce_%h</param>
<param name="revision">v20.10.3</param>
<param name="filename">docker</param>
</service>
<service name="tar_scm" mode="disabled">
<param name="url">https://github.com/docker/cli.git</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
<param name="versionformat">20.10.2_ce</param>
<param name="revision">v20.10.2</param>
<param name="versionformat">20.10.3_ce</param>
<param name="revision">v20.10.3</param>
<param name="filename">docker-cli</param>
</service>
<service name="tar_scm" mode="disabled">
<param name="url">https://github.com/docker/libnetwork.git</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
<param name="versionformat">%H</param>
<param name="revision">fa125a3512ee0f6187721c88582bf8c4378bd4d7</param>
<param name="filename">docker-libnetwork</param>
</service>
<service name="recompress" mode="disabled">
<param name="file">docker-*.tar</param>
<param name="compression">xz</param>

3
docker-20.10.2_ce_8891c58a433a.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:8f38527e3b117ca42b0b702a3a8a2a3d73cb629d170730d7d741115e72da8171
size 6463700

3
docker-20.10.3_ce_46229ca1d815.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:84fcc9d36db90c8b87a0b19d5846ade17e8dc4586e998e071c843fd8d43a0bef
size 6481288

3
docker-cli-20.10.2_ce.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:83f9812b3d0fda73d6645d82577b0e3c7d603c042be6ee80119d0d5a48d73866
size 4432320

3
docker-cli-20.10.3_ce.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a8526bdb466209ffd1c3ef41fcfccb9588b67d507d4444701398d6f7987f5f16
size 4450316

3
docker-libnetwork-fa125a3512ee0f6187721c88582bf8c4378bd4d7.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a50f42e391a98ab204eaa93e2269981be36f619c68b2bbfc3224263fbd30c4a8
size 1982676

27
docker.changes
View File

@ -1,3 +1,30 @@
-------------------------------------------------------------------
Tue Feb 2 13:06:17 UTC 2021 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 20.10.3-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. CVE-2021-21285 CVE-2021-21284
- Rebase patches on top of 20.10.3-ce.
- 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
+ 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
- 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
+ 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
- 0004-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
+ 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
- 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
+ 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
-------------------------------------------------------------------
Tue Feb 2 05:28:01 UTC 2021 - Aleksa Sarai <asarai@suse.com>
- Drop docker-runc, docker-test and docker-libnetwork packages. We now just use
the upstream runc package (it's stable enough and Docker no longer pins git
versions). docker-libnetwork is so unstable that it doesn't have any
versioning scheme and so it really doesn't make sense to maintain the project
as a separate package. bsc#1181641 bsc#1181677
- Remove no-longer-needed patch for packaging now that we've dropped
docker-runc and docker-libnetwork.
- 0001-PACKAGING-revert-Remove-docker-prefix-for-containerd.patch
-------------------------------------------------------------------
Fri Jan 29 22:55:48 UTC 2021 - Aleksa Sarai <asarai@suse.com>

223
docker.spec
View File

@ -42,17 +42,21 @@
# helpfully injects into our build environment from the changelog). If you want
# to generate a new git_commit_epoch, use this:
# $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s'
%define git_version 8891c58a433a
%define git_commit_epoch 1608908869
%define git_version 46229ca1d815
%define git_commit_epoch 1611869592
# These are the git commits required. We verify them against the source to make
# sure we didn't miss anything important when doing upgrades.
%define required_containerd 269548fa27e0089a8b8278fc4fc781d7f65a939b
%define required_dockerrunc ff819c7e9184c13b7c2607fe6c30ae19403a7aff
%define required_libnetwork fa125a3512ee0f6187721c88582bf8c4378bd4d7
# We require a specific pin of libnetwork because it doesn't really do
# versioning and minor version mismatches in libnetwork can break Docker
# networking. All other key runtime dependencies (containerd, runc) are stable
# enough that this isn't necessary.
%define libnetwork_version fa125a3512ee0f6187721c88582bf8c4378bd4d7
%define dist_builddir %{_builddir}/dist-suse
%define cli_builddir %{dist_builddir}/src/github.com/docker/cli
%define proxy_builddir %{dist_builddir}/src/github.com/docker/libnetwork
Name: %{realname}%{name_suffix}
Version: 20.10.2_ce
Version: 20.10.3_ce
Release: 0
Summary: The Moby-project Linux container runtime
License: Apache-2.0
@ -60,15 +64,15 @@ Group: System/Management
URL: http://www.docker.io
Source: %{realname}-%{version}_%{git_version}.tar.xz
Source1: %{realname}-cli-%{version}.tar.xz
Source2: docker-rpmlintrc
Source2: %{realname}-libnetwork-%{libnetwork_version}.tar.xz
Source3: docker-rpmlintrc
# TODO: Move these source files to somewhere nicer.
Source100: docker.service
Source101: 80-docker.rules
Source102: sysconfig.docker
Source103: README_SUSE.md
Source104: docker-audit.rules
Source105: tests.sh
Source106: docker-daemon.json
Source105: docker-daemon.json
# Kubelet-specific sources.
# bsc#1086185 -- but we only apply this on Kubic.
Source900: docker-kubic-service.conf
@ -78,17 +82,15 @@ Source901: kubelet.env
# branch and then git-format-patch the patch here.
# SUSE-FEATURE: Adds the /run/secrets mountpoint inside all Docker containers
# which is not snapshotted when images are committed.
Patch100: 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
Patch101: 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
Patch100: 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
Patch101: 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
# SUSE-FEATURE: Add support to mirror unofficial/private registries
# <https://github.com/docker/docker/pull/34319>.
Patch200: 0004-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
# SUSE-ISSUE: Revert of <https://github.com/docker/docker/pull/37907>.
Patch300: 0001-PACKAGING-revert-Remove-docker-prefix-for-containerd.patch
Patch200: 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
# SUSE-BACKPORT: Backport of https://github.com/docker/docker/pull/37353. bsc#1073877 bsc#1099277
Patch301: 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
Patch300: 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
# SUSE-BACKPORT: Backport of https://github.com/docker/cli/pull/2888.
Patch302: cli-0001-Rename-bin-md2man-to-bin-go-md2man.patch
Patch301: cli-0001-Rename-bin-md2man-to-bin-go-md2man.patch
BuildRequires: audit
BuildRequires: bash-completion
BuildRequires: ca-certificates
@ -102,23 +104,21 @@ BuildRequires: procps
BuildRequires: sqlite3-devel
BuildRequires: zsh
BuildRequires: fish
BuildRequires: go-go-md2man
# We cannot use Go 1.14 because it breaks io.Copy (among other things) by
# returning -EINTR from I/O syscalls much more often.
BuildRequires: go1.13
BuildRequires: pkgconfig(libsystemd)
Requires: apparmor-parser
Requires: ca-certificates-mozilla
# Required in order for networking to work. fix_bsc_1057743 is a work-around
# for some old packaging issues (where rpm would delete a binary that was
# installed by docker-libnetwork). See bsc#1057743 for more details.
BuildRequires: docker-libnetwork%{name_suffix}-git = %{required_libnetwork}
Requires: docker-libnetwork%{name_suffix}-git = %{required_libnetwork}
Requires: fix_bsc_1057743
# Containerd and runC are required as they are the only currently supported
# execdrivers of Docker. NOTE: The version pinning here matches upstream's
# vendor.conf to ensure that we don't use a slightly incompatible version of
# runC or containerd (which would be bad).
BuildRequires: containerd%{name_suffix}-git = %{required_containerd}
Requires: containerd%{name_suffix}-git = %{required_containerd}
BuildRequires: docker-runc%{name_suffix}-git = %{required_dockerrunc}
Requires: docker-runc%{name_suffix}-git = %{required_dockerrunc}
# The docker-proxy binary used to be in a separate package. We obsolete it,
# since now docker-proxy is maintained as part of this package.
Obsoletes: docker-libnetwork%{name_suffix} < 0.7.0.2
Provides: docker-libnetwork%{name_suffix} = 0.7.0.2.%{version}
# Required to actually run containers. We require the minimum version that is
# pinned by Docker, but in order to avoid headaches we allow for updates.
Requires: runc >= 1.0.0~rc92
Requires: containerd >= 1.4.3
# Needed for --init support. We don't use "tini", we use our own implementation
# which handles edge-cases better.
Requires: catatonit
@ -132,20 +132,13 @@ Requires: xz >= 4.9
Requires(post): %fillup_prereq
Requires(post): udev
Requires(post): shadow
# We used to have a migration tool for the upgrade from v1.9.x to v1.10.x.
# It is no longer useful, so we obsolete it. bsc#1069758
Obsoletes: docker-image-migrator
# Not necessary, but must be installed when the underlying system is
# configured to use lvm and the user doesn't explicitly provide a
# different storage-driver than devicemapper
Recommends: lvm2 >= 2.2.89
Recommends: git-core >= 1.7
Conflicts: lxc < 1.0
ExcludeArch: s390 ppc
BuildRequires: go-go-md2man
# We cannot use Go 1.14 because it breaks io.Copy (among other things) by
# returning -EINTR from I/O syscalls much more often.
BuildRequires: go1.13
# KUBIC-SPECIFIC: This was required when upgrading from the original kubic
# packaging, when everything was renamed to -kubic. It also is
# used to ensure that nothing complains too much when using
@ -233,31 +226,6 @@ Provides: %{realname}-fish-completion = %{version}
%description fish-completion
Fish command line completion support for %{name}.
%package test
%global __requires_exclude ^libgo.so.*$
Summary: Test package for docker
# Needed for test-suite.
Group: System/Management
Requires: curl
Requires: go
Requires: iputils
Requires: jq
Requires: net-tools-deprecated
# KUBIC-SPECIFIC: This was required when upgrading from the original kubic
# packaging, when everything was renamed to -kubic. It also is
# used to ensure that nothing complains too much when using
# -kubic packages. Hopfully it can be removed one day.
%if "%flavour" == "kubic"
# Obsolete old packege without the -kubic suffix
Obsoletes: %{realname}-test = 1.12.6
# Conflict with non-kubic package, and provide equivalent
Conflicts: %{realname}-test > 1.12.6
Provides: %{realname}-test = %{version}
%endif
%description test
Test package for docker. It contains the source code and the tests.
%if "%flavour" == "kubic"
%package kubeadm-criconfig
Summary: docker container runtime configuration for kubeadm
@ -286,23 +254,29 @@ docker container runtime configuration for kubeadm
# PATCH-SUSE: Mirror patch.
%patch200 -p1
%endif
# packaging
%patch300 -p1
# bsc#1099277
%patch301 -p1
%patch300 -p1
# README_SUSE.md for documentation.
cp %{SOURCE103} .
# Fill the CLI sources in a subdir.
mkdir -p dist-suse/cli
pushd dist-suse/cli/
# Extract the docker-cli source in a subdir.
mkdir -p %{cli_builddir}
pushd %{cli_builddir}
xz -dc %{SOURCE1} | tar -xof - --strip-components=1
# https://github.com/docker/cli/pull/2888
%patch302 -p1
%patch301 -p1
popd
# Extract the docker-libnetwork source in a subdir.
mkdir -p %{proxy_builddir}
pushd %{proxy_builddir}
xz -dc %{SOURCE2} | tar -xof - --strip-components=1
popd
%build
echo "$PWD -- $PWD -- $PWD"
BUILDTAGS="exclude_graphdriver_aufs apparmor selinux seccomp pkcs11"
%if 0%{?sle_version} == 120000
# Allow us to build with older distros but still have deferred removal
@ -334,8 +308,8 @@ EOF
# Preparing GOPATH so that the client is visible to the compiler
mkdir -p src/github.com/docker/
ln -s $(pwd)/dist-suse/cli $(pwd)/src/github.com/docker/cli
export GOPATH=$GOPATH:$(pwd)
ln -s "%{cli_builddir}" "$PWD/src/github.com/docker/cli"
export GOPATH="$GOPATH:$PWD"
###################
## DOCKER ENGINE ##
@ -344,106 +318,82 @@ export GOPATH=$GOPATH:$(pwd)
# Ignore the warning that we compile outside a Docker container.
./hack/make.sh dynbinary
# Build test binaries (integration-cli and integration/*). They are all stored
# within the testdir -- we will only end up installing these test files for
# docker-test.
for testdir in {integration-cli,integration/*/}
do
( find "$testdir" -name '*_test.go' | grep -q '.' ) || continue
GOPATH=$(pwd)/vendor:$(pwd)/.gopath/ go test -c \
-o "$testdir/tests.main" -buildmode=pie \
-tags "$DOCKER_BUILDTAGS daemon" \
"github.com/docker/docker/$testdir"
done
###################
## DOCKER CLIENT ##
###################
pushd dist-suse/cli/
pushd %{cli_builddir}
./scripts/build/dynbinary
mkdir -p ./man/man1
go build -buildmode=pie -o gen-manpages github.com/docker/cli/man
./gen-manpages --root "$(pwd)" --target "$(pwd)/man/man1"
./gen-manpages --root "$PWD" --target "$PWD/man/man1"
./man/md2man-all.sh
popd
%check
# We used to run 'go test' here, however we found that this actually didn't
# catch any issues that were caught by smoke testing, and %check would
# continually cause package builds to fail due to flaky tests. If you ever need
# to know how the testing was done, you can always look in the package history.
# boo#1095817
##################
## DOCKER PROXY ##
##################
# We verify that all of our -git requires are correct, and match the contents
# of the upstream vendoring scripts. This is done on-build to make sure that
# someone doing an update didn't miss anything.
grep 'RUNC_COMMIT:=%{required_dockerrunc}' hack/dockerfile/install/runc.installer
grep 'CONTAINERD_COMMIT:=%{required_containerd}' hack/dockerfile/install/containerd.installer
grep 'LIBNETWORK_COMMIT:=%{required_libnetwork}' hack/dockerfile/install/proxy.installer
pushd %{proxy_builddir}
GOPATH="%{dist_builddir}" \
go build -buildmode=pie -o docker-proxy github.com/docker/libnetwork/cmd/proxy
popd
# We verify that our libnetwork source is the correct version. This is done
# on-build to make sure that someone doing an update didn't miss anything.
grep 'LIBNETWORK_COMMIT:=%{libnetwork_version}' hack/dockerfile/install/proxy.installer
%install
install -d %{buildroot}%{_bindir}
install -D -m755 dist-suse/cli/build/docker %{buildroot}/%{_bindir}/docker
install -D -m755 bundles/dynbinary-daemon/dockerd %{buildroot}/%{_bindir}/dockerd
install -d %{buildroot}/%{_localstatedir}/lib/docker
install -Dd -m 0755 \
install -Dd -m0755 \
%{buildroot}%{_sysconfdir}/init.d \
%{buildroot}%{_bindir} \
%{buildroot}%{_sbindir}
install -D -m0644 dist-suse/cli/contrib/completion/bash/docker "%{buildroot}%{_datarootdir}/bash-completion/completions/%{realname}"
install -D -m0644 dist-suse/cli/contrib/completion/zsh/_docker "%{buildroot}%{_sysconfdir}/zsh_completion.d/_%{realname}"
install -D -m0644 dist-suse/cli/contrib/completion/fish/docker.fish "%{buildroot}/%{_datadir}/fish/vendor_completions.d/%{realname}.fish"
# docker daemon
install -D -m0755 bundles/dynbinary-daemon/dockerd %{buildroot}/%{_bindir}/dockerd
install -d %{buildroot}/%{_localstatedir}/lib/docker
# daemon.json config file
install -D -m0644 %{SOURCE105} %{buildroot}%{_sysconfdir}/docker/daemon.json
# docker cli
install -D -m0755 %{cli_builddir}/build/docker %{buildroot}/%{_bindir}/docker
install -D -m0644 %{cli_builddir}/contrib/completion/bash/docker "%{buildroot}%{_datarootdir}/bash-completion/completions/%{realname}"
install -D -m0644 %{cli_builddir}/contrib/completion/zsh/_docker "%{buildroot}%{_sysconfdir}/zsh_completion.d/_%{realname}"
install -D -m0644 %{cli_builddir}/contrib/completion/fish/docker.fish "%{buildroot}/%{_datadir}/fish/vendor_completions.d/%{realname}.fish"
# docker proxy
install -D -m0755 %{proxy_builddir}/docker-proxy %{buildroot}/%{_bindir}/docker-proxy
#
# systemd service
#
install -D -m0644 %{SOURCE100} %{buildroot}%{_unitdir}/%{realname}.service
%if "%flavour" == "kubic"
install -D -m0644 %{SOURCE900} %{buildroot}%{_unitdir}/%{realname}.service.d/90-kubic.conf
%endif
ln -sf service %{buildroot}%{_sbindir}/rcdocker
#
# udev rules that prevents dolphin to show all docker devices and slows down
# upstream report https://bugs.kde.org/show_bug.cgi?id=329930
#
install -D -m 0644 %{SOURCE101} %{buildroot}%{_udevrulesdir}/80-%{realname}.rules
install -D -m0644 %{SOURCE101} %{buildroot}%{_udevrulesdir}/80-%{realname}.rules
# audit rules
install -D -m 0640 %{SOURCE104} %{buildroot}%{_sysconfdir}/audit/rules.d/%{realname}.rules
install -D -m0640 %{SOURCE104} %{buildroot}%{_sysconfdir}/audit/rules.d/%{realname}.rules
# sysconfig file
install -D -m 644 %{SOURCE102} %{buildroot}%{_fillupdir}/sysconfig.docker
# install docker config file
install -D -m 644 %{SOURCE106} %{buildroot}%{_sysconfdir}/docker/daemon.json
install -D -m0644 %{SOURCE102} %{buildroot}%{_fillupdir}/sysconfig.docker
# install manpages (using the ones from the engine)
install -d %{buildroot}%{_mandir}/man1
install -p -m 644 dist-suse/cli/man/man1/*.1 %{buildroot}%{_mandir}/man1
install -p -m0644 %{cli_builddir}/man/man1/*.1 %{buildroot}%{_mandir}/man1
install -d %{buildroot}%{_mandir}/man5
install -p -m 644 dist-suse/cli/man/man5/Dockerfile.5 %{buildroot}%{_mandir}/man5
install -p -m0644 %{cli_builddir}/man/man5/Dockerfile.5 %{buildroot}%{_mandir}/man5
install -d %{buildroot}%{_mandir}/man8
install -p -m 644 dist-suse/cli/man/man8/*.8 %{buildroot}%{_mandir}/man8
# install docker-test files -- we want to avoid installing the entire source tree.
install -d %{buildroot}%{_prefix}/src/docker/
install -D -m0755 %{SOURCE105} %{buildroot}%{_prefix}/src/docker/tests.sh
# We need hack/, contrib/, profiles/, and the integration*/ trees.
cp -a {hack,contrib,profiles,integration{,-cli}} %{buildroot}%{_prefix}/src/docker/
echo "%{version}" > %{buildroot}%{_prefix}/src/docker/VERSION
# And now we can remove all *_test.go files -- since we already have test
# binaries. Due to a lot of hacks within the Docker integration tests, we can't
# really do a bigger cleanup than this.
find %{buildroot}%{_prefix}/src/docker \
-type f -name '*_test.go' -delete
install -p -m0644 %{cli_builddir}/man/man8/*.8 %{buildroot}%{_mandir}/man8
%if "%flavour" == "kubic"
# place kubelet.env in fillupdir (for kubeadm-criconfig)
sed -e 's-@LIBEXECDIR@-%{_libexecdir}-g' -i %{SOURCE901}
install -D -m 0644 %{SOURCE901} %{buildroot}%{_fillupdir}/sysconfig.kubelet
install -D -m0644 %{SOURCE901} %{buildroot}%{_fillupdir}/sysconfig.kubelet
%endif
%fdupes %{buildroot}
@ -494,6 +444,7 @@ grep -q '^dockremap:' /etc/subgid || \
%license LICENSE
%{_bindir}/docker
%{_bindir}/dockerd
%{_bindir}/docker-proxy
%{_sbindir}/rcdocker
%dir %{_localstatedir}/lib/docker/
@ -527,10 +478,6 @@ grep -q '^dockremap:' /etc/subgid || \
%defattr(-,root,root)
%{_datadir}/fish/vendor_completions.d/%{realname}.fish
%files test
%defattr(-,root,root)
%{_prefix}/src/docker/
%if "%flavour" == "kubic"
%files kubeadm-criconfig
%defattr(-,root,root)

205
tests.sh
View File

@ -1,205 +0,0 @@
#!/bin/bash
#
# Script for launching the Docker integration tests
# XXX: We currently only support running integration-cli.
#
set -Eeuo pipefail
DOCKER_DIR=/usr/src/docker
SCRIPTS_DIR="$DOCKER_DIR/hack"
VERSION="$(cat "$DOCKER_DIR/VERSION")"
# working dirs
FROZEN_IMAGES_DIR="/tmp/docker-frozen-images"
FROZEN_IMAGES_LINK=/docker-frozen-images
readarray -t TESTS < <(find "$DOCKER_DIR/integration-cli" -type f -executable -name 'tests.main')
CHECK_TIMEOUT="${CHECK_TIMEOUT:-15m}"
TEST_TIMEOUT="${TEST_TIMEOUT:-0}"
TEST_ARGS=("-check.v" "-check.timeout=${CHECK_TIMEOUT}" "-test.timeout=${TEST_TIMEOUT}")
TEST_SELECT=
TEST_LOG=/tmp/docker-tests.log
KEEPBUNDLE="${KEEPBUNDLE:-}"
# the config file for Docker
CFG_DOCKER=/etc/docker/daemon.json
################################################################################
log() { echo ">>> $@" ; }
warn() { log "WARNING: $@" ; }
error() { log "ERROR: $@" ; }
abort() { log "FATAL: $@" ; exit 1 ; }
usage() { echo "$USAGE" ; }
abort_usage() { usage ; abort "$@" ; }
bundle() {
local bundle="$1"; shift
log "Making bundle: $(basename "$bundle") (in $PWD)"
local oldFlags="$-"
set +Eeu
source "$SCRIPTS_DIR/make/$bundle" "$@"
set "-$oldFlags"
}
save_backup() {
for x in $@ ; do
if [ ! -f "$x" ] ; then
touch "$x.nbak"
elif [ -f "$x.bak" ] ; then
warn "$x.bak already exists: no backup will be done"
else
cp -f "$x" "$x.bak"
fi
done
}
restore_backup() {
for x in $@ ; do
if [ -f "$x.nbak" ] ; then
rm -f "$x.nbak"
elif [ -f "$x.bak" ] ; then
mv -f "$x.bak" "$x"
fi
done
}
require_go() { go version >/dev/null 2>&1 ; }
require_git() { git version >/dev/null 2>&1 ; }
################################################################################
[ "${#TESTS[@]}" -gt 0 ] || abort "integration tests executable not found in $DOCKER_DIR"
[ "$EUID" -eq 0 ] || abort "this script must be run as root"
[ -n "$VERSION" ] || abort "could not obtain version"
if [ "$#" -gt 0 ] ; then
# run only some specific tests
TEST_ARGS+=( "-check.f=$(echo $@ | tr ' ' '|')" )
fi
# tests require this user and group
/usr/sbin/groupadd -r docker >/dev/null 2>&1 || /bin/true
/usr/sbin/useradd --create-home --gid docker unprivilegeduser >/dev/null 2>&1 || /bin/true
export DOCKER_TEST_HOST="tcp://127.0.0.1:2375"
export PATH="/usr/local/bin:$PATH"
export TZ=utc
export DOCKER_GRAPHDRIVER="${DOCKER_GRAPHDRIVER:-vfs}"
export DOCKER_USERLANDPROXY="${DOCKER_USERLANDPROXY:-true}"
export DOCKER_STORAGE_OPTS="${DOCKER_STORAGE_OPTS:-}"
export DOCKER_REMAP_ROOT="${DOCKER_REMAP_ROOT:-}" # "default" uses dockremap
# Example usage: DOCKER_STORAGE_OPTS="dm.basesize=20G,dm.loopdatasize=200G".
storage_opts=()
if [ -n "$DOCKER_STORAGE_OPTS" ]; then
IFS=','
for i in ${DOCKER_STORAGE_OPTS}; do
storage_opts+=("$i")
done
unset IFS
fi
# deal with remapping
save_backup /etc/subuid /etc/subgid
echo "dockremap:500000:65536" >/etc/subuid
echo "dockremap:500000:65536" >/etc/subgid
groupadd dockremap >/dev/null 2>&1 || /bin/true
useradd -g dockremap dockremap >/dev/null 2>&1 || /bin/true
# make sure Docker is stopped, set our config file and then start again
save_backup "$CFG_DOCKER"
cat <<CFG_DOCKER_EOF >"$CFG_DOCKER"
{
"log-level": "debug",
"log-driver": "json-file",
"log-opts": {
"max-size": "50m",
"max-file": "5"
},
"userns-remap": "$DOCKER_REMAP_ROOT",
"hosts": [
"tcp://127.0.0.1:2375"
],
"storage-driver": "$DOCKER_GRAPHDRIVER",
"storage-opts": [
$(printf '"%s",' "${storage_opts[@]}" | sed 's/"",//g;$s/,$//')
],
"userland-proxy": $DOCKER_USERLANDPROXY
}
CFG_DOCKER_EOF
systemctl restart docker.service
cleanup() {
log "Restoring configuration files..."
restore_backup /etc/subuid /etc/subgid "$CFG_DOCKER"
rm -f "$FROZEN_IMAGES_LINK"
log "Removing images and containers..."
export DOCKER_HOST="$DOCKER_TEST_HOST"
docker ps -aq | xargs docker rm -f &>/dev/null || :
docker images -q | xargs docker rmi -f &>/dev/null || :
log "Restarting the Docker service in a pristine state..."
systemctl restart docker.service
}
trap cleanup EXIT
cd "$DOCKER_DIR"
export MAKEDIR="$SCRIPTS_DIR/make"
export DOCKER_HOST="$DOCKER_TEST_HOST"
# Clean up all images on the host -- this is key to avoid test run failures.
log "Cleaning the environment..."
docker ps -aq | xargs docker rm -f &>/dev/null || :
docker images -q | xargs docker rmi -f &>/dev/null || :
log "Preparing the environment..."
bundle .integration-daemon-setup
# XXX: Really this should be sourced from the Dockerfile but this is good
# enough for now. This comes from the Docker 18.09.1-ce Dockerfile.
log "Downlading frozen images..."
mkdir -p "$FROZEN_IMAGES_DIR"
ln -sf "$FROZEN_IMAGES_DIR" "$FROZEN_IMAGES_LINK"
"$DOCKER_DIR/contrib/download-frozen-image-v2.sh" "$FROZEN_IMAGES_DIR" \
buildpack-deps:jessie@sha256:dd86dced7c9cd2a724e779730f0a53f93b7ef42228d4344b25ce9a42a1486251 \
busybox:latest@sha256:bbc3a03235220b170ba48a157dd097dd1379299370e1ed99ce976df0355d24f0 \
busybox:glibc@sha256:0b55a30394294ab23b9afd58fab94e61a923f5834fba7ddbae7f8e0c11ba85e6 \
debian:jessie@sha256:287a20c5f73087ab406e6b364833e3fb7b3ae63ca0eb3486555dc27ed32c6e60 \
hello-world:latest@sha256:be0cd392e45be79ffeffa6b05338b98ebb16c87b255f48e297ec7f98e123905c
# The code within integration-cli which handles building *-test images doesn't
# appear to work within our setup, not to mention we don't want to Require: a
# bunch of build tools so we just use the provided Dockerfile and
# buildpack-deps.
tar -cC "$FROZEN_IMAGES_DIR" . | docker load
for dir in "$DOCKER_DIR"/contrib/*-test
do
log "Building *-test images ($dir)..."
docker build -t "$(basename "$dir")" "$dir"
done
# For some reason, dockerd appears to put the containerd.sock in the wrong
# place under systemd. So we just manually add a symlink for it.
[ -e "/var/run/docker/containerd/containerd.sock" ] || \
ln -s docker-containerd.sock /var/run/docker/containerd/containerd.sock
# And there appears to be an issue with daemon.json as a configuration format,
# so we need to hide our generated configuration. The original will be restored
# in cleanup().
rm -f "$CFG_DOCKER"
# Run all of our tests.
rm -f "$TEST_LOG"
for TEST in "${TESTS[@]}"
do
cd "$(dirname "$TEST")"
log "Running integration test ($TEST)..." | tee -a "$TEST_LOG"
"$TEST" "${TEST_ARGS[@]}" 2>&1 | tee -a "$TEST_LOG" || :
done
export -n DOCKER_HOST