From cdaf1b8273e295f95eec948248f3dc34fe9be94118efc59ba8124c0281e165c8 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Tue, 13 Feb 2018 11:34:28 +0000 Subject: [PATCH] Accepting request 576039 from home:cyphar:containers:switch_patch_source - Update patches to be sourced from https://github.com/suse/docker-ce (which are based on the upstream docker/docker-ce repo). The reason for this change (though it is functionally identical to the old patches) is so that public patch maintenance is much simpler. * bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch * bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch * secrets-0002-SUSE-implement-SUSE-container-secrets.patch OBS-URL: https://build.opensuse.org/request/show/576039 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=235 --- ...namically-load-dm_task_deferred_remo.patch | 38 +++++++++---------- ...CL_UNPRIVILEGED-for-user-namespaced-.patch | 19 +++++----- docker.changes | 12 ++++++ docker.spec | 8 ++-- ...ow-directory-creation-in-run-secrets.patch | 12 +++--- ...USE-implement-SUSE-container-secrets.patch | 22 +++++------ 6 files changed, 61 insertions(+), 50 deletions(-) diff --git a/bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch b/bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch index 28cd85f..98cf3f0 100644 --- a/bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch +++ b/bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch @@ -1,4 +1,4 @@ -From b492588a54b8efa1fba1de700cb3e0ad3fe665d9 Mon Sep 17 00:00:00 2001 +From e57d7270deb50c31ac1f732d8f28812e5b809062 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Thu, 16 Nov 2017 17:09:16 +1100 Subject: [PATCH] pkg: devmapper: dynamically load dm_task_deferred_remove @@ -19,18 +19,18 @@ default (libdm_dlsym_deferred_remove). SUSE-Bugs: bsc#1021227 bsc#1029320 bsc#1058173 Signed-off-by: Aleksa Sarai --- - hack/make.sh | 12 +- + components/engine/hack/make.sh | 12 +- ...> devmapper_wrapper_dynamic_deferred_remove.go} | 10 +- ...mapper_wrapper_dynamic_dlsym_deferred_remove.go | 128 +++++++++++++++++++++ .../devmapper_wrapper_no_deferred_remove.go | 6 +- 4 files changed, 149 insertions(+), 7 deletions(-) - rename pkg/devicemapper/{devmapper_wrapper_deferred_remove.go => devmapper_wrapper_dynamic_deferred_remove.go} (78%) - create mode 100644 pkg/devicemapper/devmapper_wrapper_dynamic_dlsym_deferred_remove.go + rename components/engine/pkg/devicemapper/{devmapper_wrapper_deferred_remove.go => devmapper_wrapper_dynamic_deferred_remove.go} (78%) + create mode 100644 components/engine/pkg/devicemapper/devmapper_wrapper_dynamic_dlsym_deferred_remove.go -diff --git a/hack/make.sh b/hack/make.sh -index bc18c066b66c..6e94824ad557 100755 ---- a/hack/make.sh -+++ b/hack/make.sh +diff --git a/components/engine/hack/make.sh b/components/engine/hack/make.sh +index 58e0d8cd628a..3b78ddef30b0 100755 +--- a/components/engine/hack/make.sh ++++ b/components/engine/hack/make.sh @@ -112,6 +112,12 @@ if [ ! "$GOPATH" ]; then exit 1 fi @@ -61,13 +61,13 @@ index bc18c066b66c..6e94824ad557 100755 fi # Use these flags when compiling the tests and final binary -diff --git a/pkg/devicemapper/devmapper_wrapper_deferred_remove.go b/pkg/devicemapper/devmapper_wrapper_dynamic_deferred_remove.go +diff --git a/components/engine/pkg/devicemapper/devmapper_wrapper_deferred_remove.go b/components/engine/pkg/devicemapper/devmapper_wrapper_dynamic_deferred_remove.go similarity index 78% -rename from pkg/devicemapper/devmapper_wrapper_deferred_remove.go -rename to pkg/devicemapper/devmapper_wrapper_dynamic_deferred_remove.go +rename from components/engine/pkg/devicemapper/devmapper_wrapper_deferred_remove.go +rename to components/engine/pkg/devicemapper/devmapper_wrapper_dynamic_deferred_remove.go index 7f793c270868..bf57371ff4cf 100644 ---- a/pkg/devicemapper/devmapper_wrapper_deferred_remove.go -+++ b/pkg/devicemapper/devmapper_wrapper_dynamic_deferred_remove.go +--- a/components/engine/pkg/devicemapper/devmapper_wrapper_deferred_remove.go ++++ b/components/engine/pkg/devicemapper/devmapper_wrapper_dynamic_deferred_remove.go @@ -1,11 +1,15 @@ -// +build linux,cgo,!libdm_no_deferred_remove +// +build linux,cgo,!static_build @@ -87,11 +87,11 @@ index 7f793c270868..bf57371ff4cf 100644 const LibraryDeferredRemovalSupport = true func dmTaskDeferredRemoveFct(task *cdmTask) int { -diff --git a/pkg/devicemapper/devmapper_wrapper_dynamic_dlsym_deferred_remove.go b/pkg/devicemapper/devmapper_wrapper_dynamic_dlsym_deferred_remove.go +diff --git a/components/engine/pkg/devicemapper/devmapper_wrapper_dynamic_dlsym_deferred_remove.go b/components/engine/pkg/devicemapper/devmapper_wrapper_dynamic_dlsym_deferred_remove.go new file mode 100644 index 000000000000..5dfb369f1ff8 --- /dev/null -+++ b/pkg/devicemapper/devmapper_wrapper_dynamic_dlsym_deferred_remove.go ++++ b/components/engine/pkg/devicemapper/devmapper_wrapper_dynamic_dlsym_deferred_remove.go @@ -0,0 +1,128 @@ +// +build linux,cgo,!static_build +// +build libdm_dlsym_deferred_remove,!libdm_no_deferred_remove @@ -221,10 +221,10 @@ index 000000000000..5dfb369f1ff8 + }() + return int(C.dm_task_get_info((*C.struct_dm_task)(task), (*C.struct_dm_info)(unsafe.Pointer(&Cinfo)))) +} -diff --git a/pkg/devicemapper/devmapper_wrapper_no_deferred_remove.go b/pkg/devicemapper/devmapper_wrapper_no_deferred_remove.go +diff --git a/components/engine/pkg/devicemapper/devmapper_wrapper_no_deferred_remove.go b/components/engine/pkg/devicemapper/devmapper_wrapper_no_deferred_remove.go index a880fec8c499..80b034b3ff17 100644 ---- a/pkg/devicemapper/devmapper_wrapper_no_deferred_remove.go -+++ b/pkg/devicemapper/devmapper_wrapper_no_deferred_remove.go +--- a/components/engine/pkg/devicemapper/devmapper_wrapper_no_deferred_remove.go ++++ b/components/engine/pkg/devicemapper/devmapper_wrapper_no_deferred_remove.go @@ -1,8 +1,10 @@ -// +build linux,cgo,libdm_no_deferred_remove +// +build linux,cgo @@ -239,5 +239,5 @@ index a880fec8c499..80b034b3ff17 100644 func dmTaskDeferredRemoveFct(task *cdmTask) int { -- -2.15.1 +2.16.1 diff --git a/bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch b/bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch index 88b70c2..4823872 100644 --- a/bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch +++ b/bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch @@ -1,4 +1,4 @@ -From a24b98c0fc45d640b4eed8105033b313b8145e35 Mon Sep 17 00:00:00 2001 +From ff7b94c76f343931463b5916fb3fbd2610869a1a Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Sun, 15 Oct 2017 17:06:20 +1100 Subject: [PATCH] daemon: oci: obey CL_UNPRIVILEGED for user namespaced daemon @@ -14,17 +14,16 @@ CL_UNPRIVILEGED mount flags when Docker is spawning containers with user namespaces enabled. SUSE-Bug: https://bugzilla.suse.com/show_bug.cgi?id=1055676 -SUSE-Backport: https://github.com/moby/moby/pull/35205 Signed-off-by: Aleksa Sarai --- - daemon/oci_linux.go | 46 ++++++++++++++++++++++++++++++++++++++++++++++ + components/engine/daemon/oci_linux.go | 46 +++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) -diff --git a/daemon/oci_linux.go b/daemon/oci_linux.go -index 0f8a392c2621..89ac627ff090 100644 ---- a/daemon/oci_linux.go -+++ b/daemon/oci_linux.go -@@ -26,6 +26,7 @@ import ( +diff --git a/components/engine/daemon/oci_linux.go b/components/engine/daemon/oci_linux.go +index 6917b4841429..936cb8f998ca 100644 +--- a/components/engine/daemon/oci_linux.go ++++ b/components/engine/daemon/oci_linux.go +@@ -27,6 +27,7 @@ import ( "github.com/opencontainers/runc/libcontainer/user" specs "github.com/opencontainers/runtime-spec/specs-go" "github.com/sirupsen/logrus" @@ -71,7 +70,7 @@ index 0f8a392c2621..89ac627ff090 100644 var ( mountPropagationMap = map[string]int{ "private": mount.PRIVATE, -@@ -575,6 +608,19 @@ func setMounts(daemon *Daemon, s *specs.Spec, c *container.Container, mounts []c +@@ -586,6 +619,19 @@ func setMounts(daemon *Daemon, s *specs.Spec, c *container.Container, mounts []c opts = append(opts, mountPropagationReverseMap[pFlag]) } @@ -92,5 +91,5 @@ index 0f8a392c2621..89ac627ff090 100644 s.Mounts = append(s.Mounts, mt) } -- -2.15.0 +2.16.1 diff --git a/docker.changes b/docker.changes index e9358e8..9e5a225 100644 --- a/docker.changes +++ b/docker.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Tue Feb 13 10:45:58 UTC 2018 - asarai@suse.com + +- Update patches to be sourced from https://github.com/suse/docker-ce (which + are based on the upstream docker/docker-ce repo). The reason for this change + (though it is functionally identical to the old patches) is so that public + patch maintenance is much simpler. + * bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch + * bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch + * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch + * secrets-0002-SUSE-implement-SUSE-container-secrets.patch + ------------------------------------------------------------------- Fri Jan 19 14:12:32 UTC 2018 - asarai@suse.com diff --git a/docker.spec b/docker.spec index c0efd7e..f858dfd 100644 --- a/docker.spec +++ b/docker.spec @@ -184,13 +184,13 @@ Test package for docker. It contains the source code and the tests. # nothing %else # PATCH-SUSE: Secrets patches. -%patch200 -p1 -d components/engine -%patch201 -p1 -d components/engine +%patch200 -p1 +%patch201 -p1 %endif # bsc#1055676 -%patch400 -p1 -d components/engine +%patch400 -p1 # bsc#1021227 bsc#1029320 bsc#1058173 -%patch401 -p1 -d components/engine +%patch401 -p1 cp %{SOURCE7} . cp %{SOURCE9} . diff --git a/secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch b/secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch index c0e06a8..e3464ad 100644 --- a/secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch +++ b/secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch @@ -1,4 +1,4 @@ -From 5022c3554723040682444e324cd26ec8e2500131 Mon Sep 17 00:00:00 2001 +From c607825b73e5f850b3804a10e9f3c8684cb29d16 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 8 Mar 2017 12:41:54 +1100 Subject: [PATCH 1/2] daemon: allow directory creation in /run/secrets @@ -10,13 +10,13 @@ useful for creating directories and subdirectories of secrets. Signed-off-by: Antonio Murdaca Signed-off-by: Aleksa Sarai --- - daemon/container_operations_unix.go | 24 +++++++++++++++++++++--- + .../engine/daemon/container_operations_unix.go | 24 +++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) -diff --git a/daemon/container_operations_unix.go b/daemon/container_operations_unix.go +diff --git a/components/engine/daemon/container_operations_unix.go b/components/engine/daemon/container_operations_unix.go index 954c194ea836..3ef1e0262edc 100644 ---- a/daemon/container_operations_unix.go -+++ b/daemon/container_operations_unix.go +--- a/components/engine/daemon/container_operations_unix.go ++++ b/components/engine/daemon/container_operations_unix.go @@ -3,6 +3,7 @@ package daemon @@ -70,5 +70,5 @@ index 954c194ea836..3ef1e0262edc 100644 return errors.Wrap(err, "error setting ownership for secret") } -- -2.15.1 +2.16.1 diff --git a/secrets-0002-SUSE-implement-SUSE-container-secrets.patch b/secrets-0002-SUSE-implement-SUSE-container-secrets.patch index e85be85..71a79bc 100644 --- a/secrets-0002-SUSE-implement-SUSE-container-secrets.patch +++ b/secrets-0002-SUSE-implement-SUSE-container-secrets.patch @@ -1,4 +1,4 @@ -From a84aa9152b50ea1fd73a7d09246ac056534d0e48 Mon Sep 17 00:00:00 2001 +From 3a7cd305f75fabc49460066e5452458a524ead5c Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 8 Mar 2017 11:43:29 +1100 Subject: [PATCH 2/2] SUSE: implement SUSE container secrets @@ -13,15 +13,15 @@ MAKES BUILDS NOT ENTIRELY REPRODUCIBLE. SUSE-Bugs: bsc#1057743 bsc#1055676 bsc#1030702 Signed-off-by: Aleksa Sarai --- - daemon/start.go | 5 + - daemon/suse_secrets.go | 391 +++++++++++++++++++++++++++++++++++++++++++++++++ + components/engine/daemon/start.go | 5 + + components/engine/daemon/suse_secrets.go | 391 +++++++++++++++++++++++++++++++ 2 files changed, 396 insertions(+) - create mode 100644 daemon/suse_secrets.go + create mode 100644 components/engine/daemon/suse_secrets.go -diff --git a/daemon/start.go b/daemon/start.go -index de32a649d7ed..2b6137d315e9 100644 ---- a/daemon/start.go -+++ b/daemon/start.go +diff --git a/components/engine/daemon/start.go b/components/engine/daemon/start.go +index 55438cf2c45f..7dfa6cd1d055 100644 +--- a/components/engine/daemon/start.go ++++ b/components/engine/daemon/start.go @@ -147,6 +147,11 @@ func (daemon *Daemon) containerStart(container *container.Container, checkpoint return err } @@ -34,11 +34,11 @@ index de32a649d7ed..2b6137d315e9 100644 spec, err := daemon.createSpec(container) if err != nil { return systemError{err} -diff --git a/daemon/suse_secrets.go b/daemon/suse_secrets.go +diff --git a/components/engine/daemon/suse_secrets.go b/components/engine/daemon/suse_secrets.go new file mode 100644 index 000000000000..9d0788f0410d --- /dev/null -+++ b/daemon/suse_secrets.go ++++ b/components/engine/daemon/suse_secrets.go @@ -0,0 +1,391 @@ +/* + * suse-secrets: patch for Docker to implement SUSE secrets @@ -432,5 +432,5 @@ index 000000000000..9d0788f0410d + return nil +} -- -2.15.1 +2.16.1