diff --git a/_service b/_service
index 6454f97..aeaf081 100644
--- a/_service
+++ b/_service
@@ -3,8 +3,8 @@
https://github.com/docker/docker.git
git
.git
- 1.9.1
- v1.9.1
+ 1.10.3
+ v1.10.3
docker-*.tar
diff --git a/add_bolt_arm64.patch b/add_bolt_arm64.patch
deleted file mode 100644
index 731efa3..0000000
--- a/add_bolt_arm64.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-From: Michel Normand
-Subject: add bolt arm64
-Date: Fri, 04 Dec 2015 17:07:22 +0100
-
-add bolt arm64
-
-Signed-off-by: Michel Normand
----
- vendor/src/github.com/boltdb/bolt/bolt_arm64.go | 4 ++++
- 1 file changed, 4 insertions(+)
-
-Index: docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_arm64.go
-===================================================================
---- /dev/null
-+++ docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_arm64.go
-@@ -0,0 +1,4 @@
-+package bolt
-+
-+// maxMapSize represents the largest mmap size supported by Bolt.
-+const maxMapSize = 0xFFFFFFFFFFFF // 256TB
diff --git a/add_bolt_ppc64.patch b/add_bolt_ppc64.patch
deleted file mode 100644
index 3db9b71..0000000
--- a/add_bolt_ppc64.patch
+++ /dev/null
@@ -1,23 +0,0 @@
----
- vendor/src/github.com/boltdb/bolt/bolt_ppc64.go | 4 ++++
- vendor/src/github.com/boltdb/bolt/bolt_ppc64le.go | 4 ++++
- 2 files changed, 8 insertions(+)
-
-Index: docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_ppc64.go
-===================================================================
---- /dev/null
-+++ docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_ppc64.go
-@@ -0,0 +1,4 @@
-+package bolt
-+
-+// maxMapSize represents the largest mmap size supported by Bolt.
-+const maxMapSize = 0xFFFFFFFFFFFF // 256TB
-Index: docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_ppc64le.go
-===================================================================
---- /dev/null
-+++ docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_ppc64le.go
-@@ -0,0 +1,4 @@
-+package bolt
-+
-+// maxMapSize represents the largest mmap size supported by Bolt.
-+const maxMapSize = 0xFFFFFFFFFFFF // 256TB
diff --git a/boltdb_bolt_powerpc.patch b/boltdb_bolt_powerpc.patch
new file mode 100644
index 0000000..9858a0b
--- /dev/null
+++ b/boltdb_bolt_powerpc.patch
@@ -0,0 +1,18 @@
+---
+ vendor/src/github.com/boltdb/bolt/bolt_ppc64.go | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+Index: docker-1.10.2/vendor/src/github.com/boltdb/bolt/bolt_ppc64.go
+===================================================================
+--- /dev/null
++++ docker-1.10.2/vendor/src/github.com/boltdb/bolt/bolt_ppc64.go
+@@ -0,0 +1,9 @@
++// +build ppc64
++
++package bolt
++
++// maxMapSize represents the largest mmap size supported by Bolt.
++const maxMapSize = 0xFFFFFFFFFFFF // 256TB
++
++// maxAllocSize is the size used when creating array pointers.
++const maxAllocSize = 0x7FFFFFFF
diff --git a/docker-1.10.3.tar.xz b/docker-1.10.3.tar.xz
new file mode 100644
index 0000000..9004edc
--- /dev/null
+++ b/docker-1.10.3.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:981d52320b7936c294d4b433deffe7af9934b715e207d38a7a993a5a74b3862e
+size 8307800
diff --git a/docker-1.9.1.tar.xz b/docker-1.9.1.tar.xz
deleted file mode 100644
index acdcd5c..0000000
--- a/docker-1.9.1.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:edb9bdbcce529e4170b6ad8a14643b12f176c8d2b1690f182f29bc79e3dde3c0
-size 6283244
diff --git a/docker.changes b/docker.changes
index 5fe194c..3eee7a4 100644
--- a/docker.changes
+++ b/docker.changes
@@ -1,3 +1,224 @@
+-------------------------------------------------------------------
+Tue Mar 22 15:27:26 UTC 2016 - fcastelli@suse.com
+
+- Changed systemd unit file and default sysconfig file to include network options,
+ this is needed to get SDN like flannel to work
+
+-------------------------------------------------------------------
+Tue Mar 15 09:16:55 UTC 2016 - asarai@suse.de
+
+- docker.spec: update warning to mention that /etc/sysconfig/docker is sourced
+ by the migration script.
+
+-------------------------------------------------------------------
+Mon Mar 14 10:20:19 UTC 2016 - asarai@suse.de
+
+- docker.spec: only Reccomends: the docker-image-migrator package as it is no
+ longer required for our ugly systemctl hacks.
+- docker.spec: fix up documentation to refer to the script you need to run in
+ the migrator package.
+- docker.spec: print a warning if you force the DOCKER_FORCE_INSTALL option.
+
+-------------------------------------------------------------------
+Fri Mar 11 08:44:46 UTC 2016 - asarai@suse.de
+
+- spec: switch to new done file name from docker-image-migrator
+
+-------------------------------------------------------------------
+Fri Mar 11 08:41:49 UTC 2016 - jmassaguerpla@suse.com
+
+- update to docker 1.10.3 (bnc#970637)
+ Runtime
+ Fix Docker client exiting with an "Unrecognized input header" error #20706
+ Fix Docker exiting if Exec is started with both AttachStdin and Detach #20647
+ Distribution
+ Fix a crash when pushing multiple images sharing the same layers to the same repository in parallel #20831
+ Fix a panic when pushing images to a registry which uses a misconfigured token service #21030
+ Plugin system
+ Fix issue preventing volume plugins to start when SELinux is enabled #20834
+ Prevent Docker from exiting if a volume plugin returns a null response for Get requests #20682
+ Fix plugin system leaking file descriptors if a plugin has an error #20680
+ Security
+ Fix linux32 emulation to fail during docker build #20672 It was due to the personality syscall being blocked by the default seccomp profile.
+ Fix Oracle XE 10g failing to start in a container #20981 It was due to the ipc syscall being blocked by the default seccomp profile.
+ Fix user namespaces not working on Linux From Scratch #20685
+ Fix issue preventing daemon to start if userns is enabled and the subuid or subgid files contain comments #20725
+
+ More at https://github.com/docker/docker/releases/tag/v1.10.3
+
+-------------------------------------------------------------------
+Thu Mar 10 13:52:54 UTC 2016 - asarai@suse.de
+
+- spec: improve file-based migration checks to make sure that it doesn't cause
+ errors if running on a /var/lib/docker without /var/lib/docker/graph.
+
+-------------------------------------------------------------------
+Wed Mar 9 13:45:14 UTC 2016 - asarai@suse.de
+
+- spec: implement file-based migration checks. The migrator will be updated to
+ match the warning message's instructions. This looks like it works with my
+ testing.
+
+-------------------------------------------------------------------
+Mon Mar 7 14:09:17 UTC 2016 - normand@linux.vnet.ibm.com
+
+- more patches to build on ppc64 architecture
+ update netlink_gcc_go.patch
+ new netlink_netns_powerpc.patch
+ new boltdb_bolt_powerpc.patch
+ new libnetwork_drivers_bridge_powerpc.patch to replace
+ deleted fix-ppc64le.patch
+
+-------------------------------------------------------------------
+Tue Mar 1 17:54:41 UTC 2016 - jmassaguerpla@suse.com
+
+- fix bsc#968972 - let docker manage the cgroups of the processes
+ that it launches without systemd
+
+-------------------------------------------------------------------
+Tue Mar 1 15:28:56 UTC 2016 - jmassaguerpla@suse.com
+
+- Require docker-image-migrator (bnc#968933)
+
+-------------------------------------------------------------------
+Tue Feb 23 08:55:17 UTC 2016 - jmassaguerpla@suse.com
+
+Update to version 1.10.2 (bnc#968933)
+
+ - Runtime
+ Prevent systemd from deleting containers' cgroups when its configuration is reloaded #20518
+ Fix SELinux issues by disregarding --read-only when mounting /dev/mqueue #20333
+ Fix chown permissions used during docker cp when userns is used #20446
+ Fix configuration loading issue with all booleans defaulting to true #20471
+ Fix occasional panic with docker logs -f #20522
+
+ - Distribution
+ Keep layer reference if deletion failed to avoid a badly inconsistent state #20513
+ Handle gracefully a corner case when canceling migration #20372
+ Fix docker import on compressed data #20367
+ Fix tar-split files corruption during migration that later cause docker push and docker save to fail #20458
+
+ - Networking
+ Fix daemon crash if embedded DNS is sent garbage #20510
+
+ - Volumes
+ Fix issue with multiple volume references with same name #20381
+
+ - Security
+ Fix potential cache corruption and delegation conflict issues #20523
+
+link to changelog:
+
+https://github.com/docker/docker/blob/v1.10.2/CHANGELOG.md
+
+-------------------------------------------------------------------
+Mon Feb 15 09:48:41 UTC 2016 - asarai@suse.com
+
+- fix-apparmor.patch: switch to a backported version of docker/docker#20305,
+ which also fixes several potential issues if the major version of apparmor
+ changes.
+
+-------------------------------------------------------------------
+Mon Feb 15 08:35:43 UTC 2016 - asarai@suse.com
+
+- Remove 1.10.0 tarball.
+
+-------------------------------------------------------------------
+Fri Feb 12 16:04:19 UTC 2016 - jmassaguerpla@suse.com
+
+- Update to docker 1.10.1
+ It includes some fixes to 1.10.0, see detailed changelog in
+
+https://github.com/docker/docker/blob/v1.10.1/CHANGELOG.md
+
+-------------------------------------------------------------------
+Tue Feb 9 17:24:46 UTC 2016 - jmassaguerpla@suse.com
+
+- Update docker to 1.10.0 (bnc#965918)
+
+ Add usernamespace support
+ Add support for custom seccomp profiles
+ Improvements in network and volume management
+
+detailed changelog in
+
+https://github.com/docker/docker/blob/590d5108bbdaabb05af590f76c9757daceb6d02e/CHANGELOG.md
+
+- removed patches, because code has been merged in 1.10.0 release:
+ libcontainer-apparmor-fixes.patch: see: https://github.com/docker/docker/blob/release/v1.10/contrib/apparmor/template.go
+ fix_bnc_958255.patch: see https://github.com/docker/docker/commit/2b4f64e59018c21aacbf311d5c774dd5521b5352
+ use_fs_cgroups_by_default.patch
+ fix_cgroup.parent_path_sanitisation.patch
+ add_bolt_ppc64.patch
+ add_bolt_arm64.patch
+ add_bolt_s390x.patch
+
+- remove gcc-go-build-static-libgo.patch: This has been replace by gcc-go-patches.patch
+
+- removed patches, because arm and ppc are not build using the dynbinary target, but the dyngccgo one:
+ docker_remove_journald_to_fix_dynbinary_build_on_arm.patch
+ docker_remove_journald_to_fix_dynbinary_build_on_powerpc.patch
+ docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch
+
+- added patches:
+ fix_platform_type_arm.patch: fix build for arm64 and aarch64: set utsname as uint8 for arm64 and aarch64
+ gcc5_socket_workaround.patch: gcc5-go in Tumbleweed includes this commit
+ https://github.com/golang/gofrontend/commit/a850225433a66a58613c22185c3b09626f5545eb
+ Which "fixes" the data type for RawSockaddr.Data
+ However, docker now expects the "wrong" data type, since docker had a workaround
+ for that issue.
+ Thus, we need to workaround the workaround in tumbleweed
+ netlink_gcc_go.patch: add constants for syscalls TUNSETIFF and TUNSETPERSIST to fix a gcc issue.
+ This is a workaround for bnc#964468: gcc-go can no longer compile Docker.
+ fix-apparmor.patch: fix https://github.com/docker/docker/issues/20269 . It affects SLE12 which has apparmor
+ version 2.8 and not openSUSE which has version 2.9.
+ fix-ppc64le.patch: Build netlink driver using int8 and not uint8 for the data structure
+
+
+- reviewed patches:
+ ignore-dockerinit-checksum.patch: review context in patch
+ fix-docker-init.patch: review patch because build method has been changed in spec file for gcc-go
+ gcc-go-patches.patch: review context in patch
+
+- Build requires go >= 1.5: For version 1.9, we could use Go 1.4.3
+ see GO_VERSION https://github.com/docker/docker/blob/release/v1.9/Dockerfile
+ However, for version 1.10, we need go 1.5.3
+ see GO_VERSION https://github.com/docker/docker/blob/release/v1.10/Dockerfile
+
+- fix bnc#965600 - SLES12 SP1 - Static shared memory limit in container
+
+
+-------------------------------------------------------------------
+Wed Jan 27 23:40:09 UTC 2016 - asarai@suse.com
+
+- backport 1 bugfix from the upstream 1.10 branch
+ Added:
+ fix_json_econnreset_bug.patch (https://github.com/docker/docker/issues/14203)
+
+-------------------------------------------------------------------
+Fri Jan 22 15:08:05 UTC 2016 - jmassaguerpla@suse.com
+
+- use_fs_cgroups_by_default.patch: fix bsc#963177 - Use fs cgroups
+ by default in docker
+- fix_cgroup.parent_path_sanitisation.patch: fix bsc# 963198 - fix
+ cgroup.Parent path sanitisation in docker
+- fix_bnc_958255.patch: fix bnc#958255 - Docker creates strange
+ apparmor profile
+
+-------------------------------------------------------------------
+Thu Jan 21 16:52:41 UTC 2016 - jmassaguerpla@suse.com
+
+- gcc5-go in Tumbleweed includes this commit
+ https://github.com/golang/gofrontend/commit/a850225433a66a58613c22185c3b09626f5545eb
+ Which "fixes" the data type for RawSockaddr.Data
+ However, docker now expects the "wrong" data type, since docker had a workaround
+ for that issue.
+ Thus, we need to workaround the workaroundn in tumbleweed
+
+- There was an error in one of the file list
+
+
+-------------------------------------------------------------------
Wed Dec 23 10:47:04 UTC 2015 - fcastelli@suse.com
- Add rules for auditd. This is required to fix bnc#959405
diff --git a/docker.service b/docker.service
index 013ea44..c2fc918 100644
--- a/docker.service
+++ b/docker.service
@@ -5,12 +5,17 @@ After=network.target docker.socket
Requires=docker.socket
[Service]
+# the default is not to use systemd for cgroups because the delegate issues still
+# exists and systemd currently does not support the cgroup feature set required
+# for containers run by docker
EnvironmentFile=/etc/sysconfig/docker
-ExecStart=/usr/bin/docker daemon -H fd:// $DOCKER_OPTS
+ExecStart=/usr/bin/docker daemon -H fd:// $DOCKER_NETWORK_OPTIONS $DOCKER_OPTS
MountFlags=slave
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity
+# set delegate yes so that systemd does not reset the cgroups of docker containers
+Delegate=yes
[Install]
WantedBy=multi-user.target
diff --git a/docker.spec b/docker.spec
index a3ba49b..d6e8b40 100644
--- a/docker.spec
+++ b/docker.spec
@@ -1,7 +1,7 @@
#
# spec file for package docker
#
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,10 +16,14 @@
#
-%define git_version a34a1d5
+%define docker_store /var/lib/docker
+%define docker_graph %{docker_store}/graph
+%define docker_migration_testfile %{docker_store}/.suse-image-migration-v1to2-complete
+
+%define git_version 9e83765
%define go_arches %ix86 x86_64
Name: docker
-Version: 1.9.1
+Version: 1.10.3
Release: 0
Summary: The Linux container runtime
License: Apache-2.0
@@ -41,26 +45,26 @@ Source7: README_SUSE.md
Source8: docker-audit.rules
# TODO: remove once we figure out what is wrong with iptables on ppc64le
Source100: sysconfig.docker.ppc64le
-Patch0: fix-docker-init.patch
-# PATCH-FIX-OPENSUSE libcontainer-apparmor-fixes.patch -- mount rules aren't supported in our apparmor
-Patch1: libcontainer-apparmor-fixes.patch
+Patch0: fix_platform_type_arm.patch
+Patch1: gcc5_socket_workaround.patch
+Patch2: fix-docker-init.patch
+Patch3: fix-apparmor.patch
# Required to overcome some limitations of gcc-go: https://groups.google.com/forum/#!msg/golang-nuts/SlGCPYkjxo4/4DjcjXRCqAkJ
# Right now docker passes the sha1sum of the dockerinit binary to the docker binary at build time
# We cannot do that, right now a quick and really dirty way to get it running is
# to simply disable this check
Patch100: ignore-dockerinit-checksum.patch
-Patch101: gcc-go-build-static-libgo.patch
-Patch102: add_bolt_ppc64.patch
-Patch103: docker_remove_journald_to_fix_dynbinary_build_on_arm.patch
-Patch104: docker_remove_journald_to_fix_dynbinary_build_on_powerpc.patch
-Patch105: add_bolt_arm64.patch
-Patch106: docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch
+Patch101: gcc-go-patches.patch
+Patch102: netlink_gcc_go.patch
+Patch103: netlink_netns_powerpc.patch
+Patch104: boltdb_bolt_powerpc.patch
+Patch105: libnetwork_drivers_bridge_powerpc.patch
BuildRequires: audit
BuildRequires: bash-completion
BuildRequires: device-mapper-devel >= 1.2.68
BuildRequires: glibc-devel-static
%ifarch %go_arches
-BuildRequires: go >= 1.4
+BuildRequires: go >= 1.5
BuildRequires: go-go-md2man
%else
BuildRequires: gcc5-go >= 5.0
@@ -84,6 +88,8 @@ Requires: lvm2 >= 2.2.89
Requires: procps
Requires: tar >= 1.26
Requires: xz >= 4.9
+# Not necessary, but must be installed to have a smooth upgrade.
+Recommends: docker-image-migrator
Conflicts: lxc < 1.0
PreReq: %fillup_prereq
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -140,21 +146,33 @@ Requires: procps
Requires: sqlite3-devel
BuildArch: noarch
+%global __requires_exclude ^libgo.so.*$
+
%description test
Test package for docker. It contains the source code and the tests.
%prep
-%setup -q -n docker-%{version}
+%setup -q -n %{name}-%{version}
%patch0 -p1
+# 1330 is Tumbleweed after leap has been released
+# gcc5-go in Tumbleweed includes this commit
+# https://github.com/golang/gofrontend/commit/a850225433a66a58613c22185c3b09626f5545eb
+# Which "fixes" the data type for RawSockaddr.Data
+# However, docker now expects the "wrong" data type, since docker had a workaround
+# for that issue.
+# Thus, we need to workaround the workaroundn in tumbleweed
+%if 0%{?suse_version} >= 1330 && 0%{?is_opensuse} == 1
%patch1 -p1
+%endif
+%patch2 -p1
+%patch3 -p1
%ifnarch %go_arches
-%patch100 -p1
-%patch101 -p0
+%patch101 -p1
%patch102 -p1
%patch103 -p1
%patch104 -p1
%patch105 -p1
-%patch106 -p1
+%patch100 -p1
%endif
cp %{SOURCE7} .
@@ -174,10 +192,14 @@ export DOCKER_GITCOMMIT=%{git_version}
EOF
) > docker_build_env
. ./docker_build_env
-./hack/make.sh dynbinary
+
%ifarch %go_arches
+./hack/make.sh dynbinary
man/md2man-all.sh
+%else
+./hack/make.sh dyngccgo
%endif
+
# remove other than systemd
# otherwise the resulting package will have extra requires
rm -rf hack/make/.build-deb
@@ -185,9 +207,14 @@ rm -rf hack/make/.build-deb
%install
install -d %{buildroot}%{go_contribdir}
install -d %{buildroot}%{_bindir}
+%ifarch %go_arches
install -D -m755 bundles/%{version}/dynbinary/%{name}-%{version} %{buildroot}/%{_bindir}/%{name}
-install -d %{buildroot}/%{_prefix}/lib/docker
install -D -m755 bundles/%{version}/dynbinary/dockerinit-%{version} %{buildroot}/%{_prefix}/lib/docker/dockerinit
+%else
+install -D -m755 bundles/%{version}/dyngccgo/%{name}-%{version} %{buildroot}/%{_bindir}/%{name}
+install -D -m755 bundles/%{version}/dyngccgo/dockerinit-%{version} %{buildroot}/%{_prefix}/lib/docker/dockerinit
+%endif
+install -d %{buildroot}/%{_prefix}/lib/docker
install -Dd -m 0755 \
%{buildroot}%{_sysconfdir}/init.d \
%{buildroot}%{_sbindir}
@@ -233,6 +260,73 @@ install -p -m 644 man/man5/Dockerfile.5 %{buildroot}%{_mandir}/man5
%fdupes %{buildroot}
%pre
+# We're currently inside rpmlint, which will cause us to fail the tests if it
+# happens that the Docker install in the builder requires a migration.
+if [[ -z "$BUILD_ROOT" ]]
+then
+ # In order to make sure we don't print a scary warning when we shouldn't we
+ # need to test these things (in this order):
+ # 1. Check that /var/lib/docker actually exists (docker daemon has run).
+ # 2. Check that the migrator has *not* finished.
+ # 3. Check that /var/lib/docker/graph exists (this is a <=1.9.1 thing, but
+ # will stick around if it has been migrated -- which is why we need the
+ # MIGRATION_TESTFILE check).
+ # 4. Check that there are images in the graph/ directory.
+ if [[ -d "%{docker_store}" && ( ! -f "%{docker_migration_testfile}" ) && -d "%{docker_store}" && -n "$(find "%{docker_store}" -maxdepth 1 -type d 2>/dev/null | grep -Ev '_tmp|^%{docker_store}$')" ]]
+ then
+
+ if [ -n "$DOCKER_FORCE_INSTALL" ]
+ then
+ echo >&2 "*** IGNORING DOWNTIME WARNING! FORCING INSTALLATION. ***"
+ else
+
+cat >&2 <=1.10.0, the Docker image format
+has changed to be completely content-addressible. This results in several positive
+improvements to image operations (better caching during builds mainly). However,
+the migration operation may take several hours if you have a lot of large images
+on a Docker host. In order to ensure that you have minimum downtime, this update
+of Docker will not complete successfully, and you will have the opportunity to
+run a separate migration tool (which will not cause downtime for your Docker
+daemon).
+
+In order to run this migration tool, please install the 'docker-image-migrator'
+package. You can run the migration with this command, which will exit after the
+migration has been completed:
+
+$ /usr/lib/docker-image-migrator/do-image-migration-v1to2.sh
+
+Because the migrator requires information about the storage driver used by Docker,
+the migration script will source /etc/sysconfig/docker and use \$DOCKER_OPTS as
+arguments to the migrator. If this automated migration fails, it will be re-attempted
+with every known storage driver. In addition, the script accepts arguments which
+will simiarly be appended to the set of arguments (after \$DOCKER_OPTS) to the
+migrator.
+
+However, if you prefer to not run this separate migration tool, you can force this
+update using the following command. THIS WILL CAUSE DOWNTIME, BECAUSE DOCKER WILL
+RUN THE MIGRATION ON FIRST START AND YOU WILL BE UNABLE TO START ANY CONTAINERS
+OR USE ANY DOCKER COMMANDS (EVEN CONTAINERS WITH RESTART POLICIES ACTIVE):
+
+$ DOCKER_FORCE_INSTALL=1 sudo -E zypper up docker
+EOF
+
+ # Fail the update.
+ exit 1
+ fi
+ fi
+
+ # In order to make sure that we don't accidentally cause problems with an
+ # upgrade to docker>=1.10.2, we'll touch the same file we tested in (2).
+ # -m701 is *not* a typo, it is necessary for certain syscalls with remapped
+ # root.
+ [[ -d "%{docker_store}" ]] || install -d -m701 %{docker_store} || :
+ touch %{docker_migration_testfile}
+fi
+
echo "creating group docker..."
groupadd -r docker 2>/dev/null || :
%service_add_pre %{name}.service %{name}.socket
diff --git a/docker_remove_journald_to_fix_dynbinary_build_on_arm.patch b/docker_remove_journald_to_fix_dynbinary_build_on_arm.patch
deleted file mode 100644
index 94b4950..0000000
--- a/docker_remove_journald_to_fix_dynbinary_build_on_arm.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From 6f6f10a75f8b447637e8a89d685452871899e9c0 Mon Sep 17 00:00:00 2001
-From: Stefan Scherer
-Date: Thu, 19 Nov 2015 17:09:20 +0100
-Subject: [PATCH] prevent journald from being built on ARM
-
-Signed-off-by: Govinda Fichtner
-
----
- daemon/logger/journald/journald.go | 2 +-
- daemon/logger/journald/journald_unsupported.go | 2 +-
- daemon/logger/journald/read.go | 2 +-
- daemon/logger/journald/read_unsupported.go | 2 +-
- 4 files changed, 4 insertions(+), 4 deletions(-)
-
-Index: docker-1.9.1/daemon/logger/journald/journald.go
-===================================================================
---- docker-1.9.1.orig/daemon/logger/journald/journald.go
-+++ docker-1.9.1/daemon/logger/journald/journald.go
-@@ -1,4 +1,4 @@
--// +build linux
-+// +build linux,!arm
-
- // Package journald provides the log driver for forwarding server logs
- // to endpoints that receive the systemd format.
-Index: docker-1.9.1/daemon/logger/journald/journald_unsupported.go
-===================================================================
---- docker-1.9.1.orig/daemon/logger/journald/journald_unsupported.go
-+++ docker-1.9.1/daemon/logger/journald/journald_unsupported.go
-@@ -1,3 +1,3 @@
--// +build !linux
-+// +build !linux linux,arm
-
- package journald
-Index: docker-1.9.1/daemon/logger/journald/read.go
-===================================================================
---- docker-1.9.1.orig/daemon/logger/journald/read.go
-+++ docker-1.9.1/daemon/logger/journald/read.go
-@@ -1,4 +1,4 @@
--// +build linux,cgo,!static_build,journald
-+// +build linux,cgo,!static_build,journald,!arm
-
- package journald
-
-Index: docker-1.9.1/daemon/logger/journald/read_unsupported.go
-===================================================================
---- docker-1.9.1.orig/daemon/logger/journald/read_unsupported.go
-+++ docker-1.9.1/daemon/logger/journald/read_unsupported.go
-@@ -1,4 +1,4 @@
--// +build !linux !cgo static_build !journald
-+// +build !linux !cgo static_build !journald linux,arm
-
- package journald
-
diff --git a/docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch b/docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch
deleted file mode 100644
index 729b7d3..0000000
--- a/docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From: Michel Normand
-Subject: docker remove journald to fix dynbinary build on arm64
-Date: Fri, 04 Dec 2015 17:07:12 +0100
-
-docker remove journald to fix dynbinary build on arm64
-
-Signed-off-by: Michel Normand
----
- daemon/logger/journald/journald.go | 2 +-
- daemon/logger/journald/journald_unsupported.go | 2 +-
- daemon/logger/journald/read.go | 2 +-
- daemon/logger/journald/read_unsupported.go | 2 +-
- 4 files changed, 4 insertions(+), 4 deletions(-)
-
-Index: docker-1.9.1/daemon/logger/journald/journald.go
-===================================================================
---- docker-1.9.1.orig/daemon/logger/journald/journald.go
-+++ docker-1.9.1/daemon/logger/journald/journald.go
-@@ -1,4 +1,4 @@
--// +build linux,!arm linux,!ppc64 linux,!ppc64le
-+// +build linux,!arm linux,!arm64 linux,!ppc64 linux,!ppc64le
-
- // Package journald provides the log driver for forwarding server logs
- // to endpoints that receive the systemd format.
-Index: docker-1.9.1/daemon/logger/journald/journald_unsupported.go
-===================================================================
---- docker-1.9.1.orig/daemon/logger/journald/journald_unsupported.go
-+++ docker-1.9.1/daemon/logger/journald/journald_unsupported.go
-@@ -1,3 +1,3 @@
--// +build !linux linux,arm linux,ppc64 linux,ppc64le
-+// +build !linux linux,arm linux,arm64 linux,ppc64 linux,ppc64le
-
- package journald
-Index: docker-1.9.1/daemon/logger/journald/read.go
-===================================================================
---- docker-1.9.1.orig/daemon/logger/journald/read.go
-+++ docker-1.9.1/daemon/logger/journald/read.go
-@@ -1,4 +1,4 @@
--// +build linux,cgo,!static_build,journald,!arm,!ppc64,!ppc64le
-+// +build linux,cgo,!static_build,journald,!arm,!arm64,!ppc64,!ppc64le
-
- package journald
-
-Index: docker-1.9.1/daemon/logger/journald/read_unsupported.go
-===================================================================
---- docker-1.9.1.orig/daemon/logger/journald/read_unsupported.go
-+++ docker-1.9.1/daemon/logger/journald/read_unsupported.go
-@@ -1,4 +1,4 @@
--// +build !linux !cgo static_build !journald linux,arm linux,ppc64 linux,ppc64le
-+// +build !linux !cgo static_build !journald linux,arm linux,arm64 linux,ppc64 linux,ppc64le
-
- package journald
-
diff --git a/docker_remove_journald_to_fix_dynbinary_build_on_powerpc.patch b/docker_remove_journald_to_fix_dynbinary_build_on_powerpc.patch
deleted file mode 100644
index ec2fb22..0000000
--- a/docker_remove_journald_to_fix_dynbinary_build_on_powerpc.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From: Michel Normand
-Subject: docker remove journald to fix dynbinary build on powerpc
-Date: Fri, 04 Dec 2015 14:45:43 +0100
-
-docker remove journald to fix dynbinary build on powerpc
-
-Signed-off-by: Michel Normand
----
- daemon/logger/journald/journald.go | 2 +-
- daemon/logger/journald/journald_unsupported.go | 2 +-
- daemon/logger/journald/read.go | 2 +-
- daemon/logger/journald/read_unsupported.go | 2 +-
- 4 files changed, 4 insertions(+), 4 deletions(-)
-
-Index: docker-1.9.1/daemon/logger/journald/journald.go
-===================================================================
---- docker-1.9.1.orig/daemon/logger/journald/journald.go
-+++ docker-1.9.1/daemon/logger/journald/journald.go
-@@ -1,4 +1,4 @@
--// +build linux,!arm
-+// +build linux,!arm linux,!ppc64 linux,!ppc64le
-
- // Package journald provides the log driver for forwarding server logs
- // to endpoints that receive the systemd format.
-Index: docker-1.9.1/daemon/logger/journald/journald_unsupported.go
-===================================================================
---- docker-1.9.1.orig/daemon/logger/journald/journald_unsupported.go
-+++ docker-1.9.1/daemon/logger/journald/journald_unsupported.go
-@@ -1,3 +1,3 @@
--// +build !linux linux,arm
-+// +build !linux linux,arm linux,ppc64 linux,ppc64le
-
- package journald
-Index: docker-1.9.1/daemon/logger/journald/read.go
-===================================================================
---- docker-1.9.1.orig/daemon/logger/journald/read.go
-+++ docker-1.9.1/daemon/logger/journald/read.go
-@@ -1,4 +1,4 @@
--// +build linux,cgo,!static_build,journald,!arm
-+// +build linux,cgo,!static_build,journald,!arm,!ppc64,!ppc64le
-
- package journald
-
-Index: docker-1.9.1/daemon/logger/journald/read_unsupported.go
-===================================================================
---- docker-1.9.1.orig/daemon/logger/journald/read_unsupported.go
-+++ docker-1.9.1/daemon/logger/journald/read_unsupported.go
-@@ -1,4 +1,4 @@
--// +build !linux !cgo static_build !journald linux,arm
-+// +build !linux !cgo static_build !journald linux,arm linux,ppc64 linux,ppc64le
-
- package journald
-
diff --git a/fix-apparmor.patch b/fix-apparmor.patch
new file mode 100644
index 0000000..fa463bd
--- /dev/null
+++ b/fix-apparmor.patch
@@ -0,0 +1,292 @@
+Index: docker-1.10.1/contrib/apparmor/main.go
+===================================================================
+--- docker-1.10.1.orig/contrib/apparmor/main.go
++++ docker-1.10.1/contrib/apparmor/main.go
+@@ -11,8 +11,7 @@ import (
+ )
+
+ type profileData struct {
+- MajorVersion int
+- MinorVersion int
++ Version int
+ }
+
+ func main() {
+@@ -23,13 +22,12 @@ func main() {
+ // parse the arg
+ apparmorProfilePath := os.Args[1]
+
+- majorVersion, minorVersion, err := aaparser.GetVersion()
++ version, err := aaparser.GetVersion()
+ if err != nil {
+ log.Fatal(err)
+ }
+ data := profileData{
+- MajorVersion: majorVersion,
+- MinorVersion: minorVersion,
++ Version: version,
+ }
+ fmt.Printf("apparmor_parser is of version %+v\n", data)
+
+Index: docker-1.10.1/daemon/execdriver/native/apparmor.go
+===================================================================
+--- docker-1.10.1.orig/daemon/execdriver/native/apparmor.go
++++ docker-1.10.1/daemon/execdriver/native/apparmor.go
+@@ -25,8 +25,7 @@ type data struct {
+ ExecPath string
+ Imports []string
+ InnerImports []string
+- MajorVersion int
+- MinorVersion int
++ Version int
+ }
+
+ const baseTemplate = `
+@@ -64,14 +63,17 @@ profile {{.Name}} flags=(attach_disconne
+ deny /sys/firmware/efi/efivars/** rwklx,
+ deny /sys/kernel/security/** rwklx,
+
+-{{if ge .MajorVersion 2}}{{if ge .MinorVersion 8}}
++{{if ge .Version 208095}}
++ # apparmor-2.8.95 is Ubuntu 14.04 LTS (Trusty Tahr)
++ # apparmor-2.8.95 is apparmor-2.9 beta, which supports ptrace rule
++ # other apparmor-2.8 versions do not support this rule
+ # suppress ptrace denials when using 'docker ps' or using 'ps' inside a container
+ ptrace (trace,read) peer=docker-default,
+-{{end}}{{end}}
+-{{if ge .MajorVersion 2}}{{if ge .MinorVersion 9}}
++{{end}}
++{{if ge .Version 209000}}
+ # docker daemon confinement requires explict allow rule for signal
+ signal (receive) set=(kill,term) peer={{.ExecPath}},
+-{{end}}{{end}}
++{{end}}
+ }
+ `
+
+@@ -91,7 +93,7 @@ func generateProfile(out io.Writer) erro
+ if abstractionsExists() {
+ data.InnerImports = append(data.InnerImports, "#include ")
+ }
+- data.MajorVersion, data.MinorVersion, err = aaparser.GetVersion()
++ data.Version, err = aaparser.GetVersion()
+ if err != nil {
+ return err
+ }
+Index: docker-1.10.1/pkg/aaparser/aaparser.go
+===================================================================
+--- docker-1.10.1.orig/pkg/aaparser/aaparser.go
++++ docker-1.10.1/pkg/aaparser/aaparser.go
+@@ -1,45 +1,92 @@
++// Package aaparser is a convenience package interacting with `apparmor_parser`.
+ package aaparser
+
+ import (
+ "fmt"
+- "log"
+ "os/exec"
++ "path/filepath"
+ "strconv"
+ "strings"
+ )
+
+-// GetVersion returns the major and minor version of apparmor_parser
+-func GetVersion() (int, int, error) {
+- // get the apparmor_version version
+- cmd := exec.Command("apparmor_parser", "--version")
++const (
++ binary = "apparmor_parser"
++)
++
++// GetVersion returns the major and minor version of apparmor_parser.
++func GetVersion() (int, error) {
++ output, err := cmd("", "--version")
++ if err != nil {
++ return -1, err
++ }
++
++ return parseVersion(output)
++}
+
+- output, err := cmd.CombinedOutput()
++// LoadProfile runs `apparmor_parser -r -W` on a specified apparmor profile to
++// replace and write it to disk.
++func LoadProfile(profilePath string) error {
++ _, err := cmd(filepath.Dir(profilePath), "-r", "-W", filepath.Base(profilePath))
+ if err != nil {
+- log.Fatalf("getting apparmor_parser version failed: %s (%s)", err, output)
++ return err
+ }
++ return nil
++}
++
++// cmd runs `apparmor_parser` with the passed arguments.
++func cmd(dir string, arg ...string) (string, error) {
++ c := exec.Command(binary, arg...)
++ c.Dir = dir
+
+- // parse the version from the output
++ output, err := c.CombinedOutput()
++ if err != nil {
++ return "", fmt.Errorf("running `%s %s` failed with output: %s\nerror: %v", c.Path, strings.Join(c.Args, " "), string(output), err)
++ }
++
++ return string(output), nil
++}
++
++// parseVersion takes the output from `apparmor_parser --version` and returns
++// a representation of the {major, minor, patch} version as a single number of
++// the form MMmmPPP {major, minor, patch}.
++func parseVersion(output string) (int, error) {
+ // output is in the form of the following:
+ // AppArmor parser version 2.9.1
+ // Copyright (C) 1999-2008 Novell Inc.
+ // Copyright 2009-2012 Canonical Ltd.
+- lines := strings.SplitN(string(output), "\n", 2)
++
++ lines := strings.SplitN(output, "\n", 2)
+ words := strings.Split(lines[0], " ")
+ version := words[len(words)-1]
++
+ // split by major minor version
+ v := strings.Split(version, ".")
+- if len(v) < 2 {
+- return -1, -1, fmt.Errorf("parsing major minor version failed for %q", version)
++ if len(v) == 0 || len(v) > 3 {
++ return -1, fmt.Errorf("parsing version failed for output: `%s`", output)
+ }
+
++ // Default the versions to 0.
++ var majorVersion, minorVersion, patchLevel int
++
+ majorVersion, err := strconv.Atoi(v[0])
+ if err != nil {
+- return -1, -1, err
++ return -1, err
+ }
+- minorVersion, err := strconv.Atoi(v[1])
+- if err != nil {
+- return -1, -1, err
++
++ if len(v) > 1 {
++ minorVersion, err = strconv.Atoi(v[1])
++ if err != nil {
++ return -1, err
++ }
++ }
++ if len(v) > 2 {
++ patchLevel, err = strconv.Atoi(v[2])
++ if err != nil {
++ return -1, err
++ }
+ }
+
+- return majorVersion, minorVersion, nil
++ // major*10^5 + minor*10^3 + patch*10^0
++ numericVersion := majorVersion*1e5 + minorVersion*1e3 + patchLevel
++ return numericVersion, nil
+ }
+Index: docker-1.10.1/contrib/apparmor/template.go
+===================================================================
+--- docker-1.10.1.orig/contrib/apparmor/template.go
++++ docker-1.10.1/contrib/apparmor/template.go
+@@ -20,11 +20,11 @@ profile /usr/bin/docker (attach_disconne
+
+ umount,
+ pivot_root,
+-{{if ge .MajorVersion 2}}{{if ge .MinorVersion 9}}
++{{if ge .Version 209000}}
+ signal (receive) peer=@{profile_name},
+ signal (receive) peer=unconfined,
+ signal (send),
+-{{end}}{{end}}
++{{end}}
+ network,
+ capability,
+ owner /** rw,
+@@ -46,12 +46,12 @@ profile /usr/bin/docker (attach_disconne
+ /etc/ld.so.cache r,
+ /etc/passwd r,
+
+-{{if ge .MajorVersion 2}}{{if ge .MinorVersion 9}}
++{{if ge .Version 209000}}
+ ptrace peer=@{profile_name},
+ ptrace (read) peer=docker-default,
+ deny ptrace (trace) peer=docker-default,
+ deny ptrace peer=/usr/bin/docker///bin/ps,
+-{{end}}{{end}}
++{{end}}
+
+ /usr/lib/** rm,
+ /lib/** rm,
+@@ -72,11 +72,11 @@ profile /usr/bin/docker (attach_disconne
+ /sbin/zfs rCx,
+ /sbin/apparmor_parser rCx,
+
+-{{if ge .MajorVersion 2}}{{if ge .MinorVersion 9}}
++{{if ge .Version 209000}}
+ # Transitions
+ change_profile -> docker-*,
+ change_profile -> unconfined,
+-{{end}}{{end}}
++{{end}}
+
+ profile /bin/cat (complain) {
+ /etc/ld.so.cache r,
+@@ -98,10 +98,10 @@ profile /usr/bin/docker (attach_disconne
+ /dev/null rw,
+ /bin/ps mr,
+
+-{{if ge .MajorVersion 2}}{{if ge .MinorVersion 9}}
++{{if ge .Version 209000}}
+ # We don't need ptrace so we'll deny and ignore the error.
+ deny ptrace (read, trace),
+-{{end}}{{end}}
++{{end}}
+
+ # Quiet dac_override denials
+ deny capability dac_override,
+@@ -119,15 +119,15 @@ profile /usr/bin/docker (attach_disconne
+ /proc/tty/drivers r,
+ }
+ profile /sbin/iptables (complain) {
+-{{if ge .MajorVersion 2}}{{if ge .MinorVersion 9}}
++{{if ge .Version 209000}}
+ signal (receive) peer=/usr/bin/docker,
+-{{end}}{{end}}
++{{end}}
+ capability net_admin,
+ }
+ profile /sbin/auplink flags=(attach_disconnected, complain) {
+-{{if ge .MajorVersion 2}}{{if ge .MinorVersion 9}}
++{{if ge .Version 209000}}
+ signal (receive) peer=/usr/bin/docker,
+-{{end}}{{end}}
++{{end}}
+ capability sys_admin,
+ capability dac_override,
+
+@@ -146,9 +146,9 @@ profile /usr/bin/docker (attach_disconne
+ /proc/[0-9]*/mounts rw,
+ }
+ profile /sbin/modprobe /bin/kmod (complain) {
+-{{if ge .MajorVersion 2}}{{if ge .MinorVersion 9}}
++{{if ge .Version 209000}}
+ signal (receive) peer=/usr/bin/docker,
+-{{end}}{{end}}
++{{end}}
+ capability sys_module,
+ /etc/ld.so.cache r,
+ /lib/** rm,
+@@ -162,9 +162,9 @@ profile /usr/bin/docker (attach_disconne
+ }
+ # xz works via pipes, so we do not need access to the filesystem.
+ profile /usr/bin/xz (complain) {
+-{{if ge .MajorVersion 2}}{{if ge .MinorVersion 9}}
++{{if ge .Version 209000}}
+ signal (receive) peer=/usr/bin/docker,
+-{{end}}{{end}}
++{{end}}
+ /etc/ld.so.cache r,
+ /lib/** rm,
+ /usr/bin/xz rm,
diff --git a/fix-docker-init.patch b/fix-docker-init.patch
index d20346b..718b93d 100644
--- a/fix-docker-init.patch
+++ b/fix-docker-init.patch
@@ -8,3 +8,14 @@ diff -Naur a/hack/make/.dockerinit b/hack/make/.dockerinit
+/usr/bin/strip -s $DEST/dockerinit-$VERSION
# sha1 our new dockerinit to ensure separate docker and dockerinit always run in a perfect pair compiled for one another
export DOCKER_INITSHA1=$($sha1sum "$DEST/dockerinit-$VERSION" | cut -d' ' -f1)
+diff --git a/hack/make/.dockerinit-gccgo b/hack/make/.dockerinit-gccgo
+index 3caa526..f272d29 100644
+--- a/hack/make/.dockerinit-gccgo
++++ b/hack/make/.dockerinit-gccgo
+@@ -27,5 +27,6 @@ else
+ exit 1
+ fi
+
++/usr/bin/strip -s $DEST/dockerinit-$VERSION
+ # sha1 our new dockerinit to ensure separate docker and dockerinit always run in a perfect pair compiled for one another
+ export DOCKER_INITSHA1=$($sha1sum "$DEST/dockerinit-$VERSION" | cut -d' ' -f1)
diff --git a/fix_platform_type_arm.patch b/fix_platform_type_arm.patch
new file mode 100644
index 0000000..90598a3
--- /dev/null
+++ b/fix_platform_type_arm.patch
@@ -0,0 +1,20 @@
+diff --git a/pkg/platform/utsname_int8.go b/pkg/platform/utsname_int8.go
+index 5dcbadf..a022a35 100644
+--- a/pkg/platform/utsname_int8.go
++++ b/pkg/platform/utsname_int8.go
+@@ -1,4 +1,4 @@
+-// +build linux,386 linux,amd64 linux,arm64
++// +build linux,386 linux,amd64
+ // see golang's sources src/syscall/ztypes_linux_*.go that use int8
+
+ package platform
+diff --git a/pkg/platform/utsname_uint8.go b/pkg/platform/utsname_uint8.go
+index c9875cf..0ee937a 100644
+--- a/pkg/platform/utsname_uint8.go
++++ b/pkg/platform/utsname_uint8.go
+@@ -1,4 +1,4 @@
+-// +build linux,arm linux,ppc64 linux,ppc64le s390x
++// +build linux,arm linux,ppc64 linux,ppc64le s390x linux,arm64 linux,aarch64
+ // see golang's sources src/syscall/ztypes_linux_*.go that use uint8
+
+ package platform
diff --git a/gcc-go-build-static-libgo.patch b/gcc-go-build-static-libgo.patch
deleted file mode 100644
index e4096fd..0000000
--- a/gcc-go-build-static-libgo.patch
+++ /dev/null
@@ -1,10 +0,0 @@
---- hack/make/binary
-+++ hack/make/binary
-@@ -9,6 +9,7 @@
-
- echo "Building: $DEST/$BINARY_FULLNAME"
- go build \
-+ -gccgoflags="-static-libgo" \
- -o "$DEST/$BINARY_FULLNAME" \
- "${BUILDFLAGS[@]}" \
- -ldflags "
diff --git a/gcc-go-patches.patch b/gcc-go-patches.patch
new file mode 100644
index 0000000..b063c9e
--- /dev/null
+++ b/gcc-go-patches.patch
@@ -0,0 +1,24 @@
+diff --git a/hack/make/gccgo b/hack/make/gccgo
+index 878c814..84b7f69 100644
+--- a/hack/make/gccgo
++++ b/hack/make/gccgo
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-set -e
++set -ex
+
+ BINARY_NAME="docker-$VERSION"
+ BINARY_EXTENSION="$(binary_extension)"
+@@ -16,9 +16,11 @@ go build -compiler=gccgo \
+ "${BUILDFLAGS[@]}" \
+ -gccgoflags "
+ -g
++ -Wl,--add-needed -Wl,--no-as-needed
+ $EXTLDFLAGS_STATIC
++ -static-libgo
+ -Wl,--no-export-dynamic
+- -ldl
++ -ldl -lselinux -lsystemd
+ -pthread
+ " \
+ ./docker
diff --git a/gcc5_socket_workaround.patch b/gcc5_socket_workaround.patch
new file mode 100644
index 0000000..1f5b9d3
--- /dev/null
+++ b/gcc5_socket_workaround.patch
@@ -0,0 +1,46 @@
+diff --git a/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux.go b/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux.go
+index 007ccb2..65f638f 100644
+--- a/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux.go
++++ b/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux.go
+@@ -22,7 +22,7 @@ type ifreqIndex struct {
+
+ type ifreqHwaddr struct {
+ IfrnName [ifNameSize]byte
+- IfruHwaddr syscall.RawSockaddr
++ IfruHwaddr patchedRawSockAddr
+ }
+
+ var rnd = rand.New(rand.NewSource(time.Now().UnixNano()))
+diff --git a/vendor/src/github.com/docker/libnetwork/drivers/bridge/patched_socket_ppc64xe_type.go b/vendor/src/github.com/docker/libnetwork/drivers/bridge/patched_socket_ppc64xe_type.go
+new file mode 100644
+index 0000000..118f7bf
+--- /dev/null
++++ b/vendor/src/github.com/docker/libnetwork/drivers/bridge/patched_socket_ppc64xe_type.go
+@@ -0,0 +1,11 @@
++// Copyright (c) 2015 SUSE LLC. All rights reserved.
++
++// +build linux
++// +build ppc64 ppc64le
++
++package bridge
++
++type patchedRawSockAddr struct {
++ Family uint16
++ Data [14]int8
++}
+diff --git a/vendor/src/github.com/docker/libnetwork/drivers/bridge/patched_socket_type.go b/vendor/src/github.com/docker/libnetwork/drivers/bridge/patched_socket_type.go
+new file mode 100644
+index 0000000..cdba329
+--- /dev/null
++++ b/vendor/src/github.com/docker/libnetwork/drivers/bridge/patched_socket_type.go
+@@ -0,0 +1,10 @@
++// Copyright (c) 2015 SUSE LLC. All rights reserved.
++
++// +build linux,!ppc64,!ppc64le
++
++package bridge
++
++type patchedRawSockAddr struct {
++ Family uint16
++ Data [14]int8
++}
diff --git a/ignore-dockerinit-checksum.patch b/ignore-dockerinit-checksum.patch
index efa3f76..7c033f7 100644
--- a/ignore-dockerinit-checksum.patch
+++ b/ignore-dockerinit-checksum.patch
@@ -1,11 +1,12 @@
-diff -Naur a/utils/utils.go b/utils/utils.go
---- a/utils/utils.go 2015-08-11 18:35:27.000000000 +0200
-+++ b/utils/utils.go 2015-08-12 18:06:47.930445696 +0200
-@@ -76,7 +76,7 @@
+diff --git a/utils/utils.go b/utils/utils.go
+index 340b9e4..70a85a6 100644
+--- a/utils/utils.go
++++ b/utils/utils.go
+@@ -75,7 +75,7 @@ func isValidDockerInitPath(target string, selfPath string) bool { // target and
}
return os.SameFile(targetFileInfo, selfPathFileInfo)
}
-- return dockerversion.INITSHA1 != "" && dockerInitSha1(target) == dockerversion.INITSHA1
+- return dockerversion.InitSHA1 != "" && dockerInitSha1(target) == dockerversion.InitSHA1
+ return true
}
diff --git a/libcontainer-apparmor-fixes.patch b/libcontainer-apparmor-fixes.patch
deleted file mode 100644
index 3300ae9..0000000
--- a/libcontainer-apparmor-fixes.patch
+++ /dev/null
@@ -1,11 +0,0 @@
-diff -Naur a/contrib/apparmor/docker-engine b/contrib/apparmor/docker-engine
---- a/contrib/apparmor/docker-engine 2015-08-11 18:35:27.000000000 +0200
-+++ b/contrib/apparmor/docker-engine 2015-08-12 18:05:07.608444190 +0200
-@@ -13,7 +13,6 @@
- mount -> /sys/**,
- mount -> /run/docker/netns/**,
-
-- umount,
- pivot_root,
- signal (receive) peer=@{profile_name},
- signal (receive) peer=unconfined,
diff --git a/libnetwork_drivers_bridge_powerpc.patch b/libnetwork_drivers_bridge_powerpc.patch
new file mode 100644
index 0000000..d1ffbdd
--- /dev/null
+++ b/libnetwork_drivers_bridge_powerpc.patch
@@ -0,0 +1,25 @@
+---
+ vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go | 2 +-
+ vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_notarm.go | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+Index: docker-1.10.2/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go
+===================================================================
+--- docker-1.10.2.orig/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go
++++ docker-1.10.2/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go
+@@ -1,4 +1,4 @@
+-// +build arm ppc64 ppc64le
++// +build arm,!ppc64,!ppc64le
+
+ package bridge
+
+Index: docker-1.10.2/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_notarm.go
+===================================================================
+--- docker-1.10.2.orig/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_notarm.go
++++ docker-1.10.2/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_notarm.go
+@@ -1,4 +1,4 @@
+-// +build !arm,!ppc64,!ppc64le
++// +build !arm ppc64 ppc64le
+
+ package bridge
+
diff --git a/netlink_gcc_go.patch b/netlink_gcc_go.patch
new file mode 100644
index 0000000..19fb111
--- /dev/null
+++ b/netlink_gcc_go.patch
@@ -0,0 +1,48 @@
+diff --git a/vendor/src/github.com/vishvananda/netlink/link_linux.go b/vendor/src/github.com/vishvananda/netlink/link_linux.go
+index 3aa9124..6ad7c2b 100644
+--- a/vendor/src/github.com/vishvananda/netlink/link_linux.go
++++ b/vendor/src/github.com/vishvananda/netlink/link_linux.go
+@@ -415,11 +415,11 @@ func LinkAdd(link Link) error {
+ req.Flags |= syscall.IFF_TUN_EXCL
+ copy(req.Name[:15], base.Name)
+ req.Flags |= uint16(tuntap.Mode)
+- _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, file.Fd(), uintptr(syscall.TUNSETIFF), uintptr(unsafe.Pointer(&req)))
++ _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, file.Fd(), uintptr(syscall_TUNSETIFF), uintptr(unsafe.Pointer(&req)))
+ if errno != 0 {
+ return fmt.Errorf("Tuntap IOCTL TUNSETIFF failed, errno %v", errno)
+ }
+- _, _, errno = syscall.Syscall(syscall.SYS_IOCTL, file.Fd(), uintptr(syscall.TUNSETPERSIST), 1)
++ _, _, errno = syscall.Syscall(syscall.SYS_IOCTL, file.Fd(), uintptr(syscall_TUNSETPERSIST), 1)
+ if errno != 0 {
+ return fmt.Errorf("Tuntap IOCTL TUNSETPERSIST failed, errno %v", errno)
+ }
+diff --git a/vendor/src/github.com/vishvananda/netlink/link_linux_others.go b/vendor/src/github.com/vishvananda/netlink/link_linux_others.go
+new file mode 100644
+index 0000000..feb6070
+--- /dev/null
++++ b/vendor/src/github.com/vishvananda/netlink/link_linux_others.go
+@@ -0,0 +1,9 @@
++// +build linux
++// +build x86_64 arm64 s390x
++
++package netlink
++
++const (
++ syscall_TUNSETIFF = 0x400454ca
++ syscall_TUNSETPERSIST = 0x400454ca
++)
+diff --git a/vendor/src/github.com/vishvananda/netlink/link_linux_powerpc.go b/vendor/src/github.com/vishvananda/netlink/link_linux_powerpc.go
+new file mode 100644
+index 0000000..fac7c06
+--- /dev/null
++++ b/vendor/src/github.com/vishvananda/netlink/link_linux_powerpc.go
+@@ -0,0 +1,9 @@
++// +build linux
++// +build ppc64 ppc64le
++
++package netlink
++
++const (
++ syscall_TUNSETIFF = 0x800454ca
++ syscall_TUNSETPERSIST = 0x800454ca
++)
diff --git a/netlink_netns_powerpc.patch b/netlink_netns_powerpc.patch
new file mode 100644
index 0000000..85f8b4a
--- /dev/null
+++ b/netlink_netns_powerpc.patch
@@ -0,0 +1,16 @@
+---
+ vendor/src/github.com/vishvananda/netns/netns_linux_ppc64.go | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+Index: docker-1.10.2/vendor/src/github.com/vishvananda/netns/netns_linux_ppc64.go
+===================================================================
+--- /dev/null
++++ docker-1.10.2/vendor/src/github.com/vishvananda/netns/netns_linux_ppc64.go
+@@ -0,0 +1,7 @@
++// +build linux,ppc64
++
++package netns
++
++const (
++ SYS_SETNS = 350
++)
diff --git a/sysconfig.docker b/sysconfig.docker
index f089e52..5b3b0fb 100644
--- a/sysconfig.docker
+++ b/sysconfig.docker
@@ -6,3 +6,5 @@
## ServiceRestart : docker
#
DOCKER_OPTS=""
+
+DOCKER_NETWORK_OPTIONS=""