From f0d9c665f73bb7e2dc12dd59890e153333dafe172d0f41d4bade1e76bbbcfc20 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.com>
Date: Tue, 7 Mar 2017 10:40:30 +0000
Subject: [PATCH] Accepting request 477346 from
 home:jordimassaguerpla:branch:V:c:docker:small_fixes_1_13_0

- fix docker-mount-secrets.patch to apply to docker-1.13.0

- Remove old plugins.json to prevent docker-1.13 to fail to start

- Fix bsc#1026827: systemd TasksMax default throttles docker

- Fix post section by adding shadow as a package requirement
  Otherwise the groupadd instruction fails

OBS-URL: https://build.opensuse.org/request/show/477346
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=171
---
 docker-mount-secrets.patch | 68 +++++++++++++-------------------------
 docker.changes             | 21 ++++++++++++
 docker.service             |  2 +-
 docker.spec                |  8 +++++
 4 files changed, 53 insertions(+), 46 deletions(-)

diff --git a/docker-mount-secrets.patch b/docker-mount-secrets.patch
index b6e8963..4cc67d2 100644
--- a/docker-mount-secrets.patch
+++ b/docker-mount-secrets.patch
@@ -1,31 +1,8 @@
-From 17cd15ba4160f0e0830453529b9b01edc308d847 Mon Sep 17 00:00:00 2001
-From: Aleksa Sarai <asarai@suse.de>
-Date: Mon, 11 Apr 2016 22:54:35 +1000
-Subject: [PATCH] SUSE: implement SUSE container secrets
-
-This allows for us to pass in host credentials to a container, allowing
-for SUSEConnect to work with containers.
-
-THIS PATCH IS NOT TO BE UPSTREAMED, DUE TO THE FACT THAT IT IS
-SUSE-SPECIFIC, AND UPSTREAM DOES NOT APPROVE OF THIS CONCEPT BECAUSE IT
-MAKES BUILDS NOT ENTIRELY REPRODUCIBLE.
-
-Signed-off-by: Aleksa Sarai <asarai@suse.de>
----
- container/container_unix.go         |  63 ++++++++++++
- daemon/container_operations_unix.go |  50 ++++++++++
- daemon/daemon_unix.go               |   6 +-
- daemon/oci_linux.go                 |   6 ++
- daemon/start.go                     |   6 ++
- daemon/suse_secrets.go              | 184 ++++++++++++++++++++++++++++++++++++
- 6 files changed, 313 insertions(+), 2 deletions(-)
- create mode 100644 daemon/suse_secrets.go
-
 diff --git a/container/container_unix.go b/container/container_unix.go
-index 2727b81..07a0710 100644
+index f92d586..70cc74f 100644
 --- a/container/container_unix.go
 +++ b/container/container_unix.go
-@@ -35,6 +35,8 @@ type Container struct {
+@@ -39,6 +39,8 @@ type Container struct {
  	HostsPath       string
  	ShmPath         string
  	ResolvConfPath  string
@@ -34,8 +11,8 @@ index 2727b81..07a0710 100644
  	SeccompProfile  string
  	NoNewPrivileges bool
  }
-@@ -256,6 +258,67 @@ func (container *Container) IpcMounts() []Mount {
- 	return mounts
+@@ -281,6 +283,67 @@ func (container *Container) UnmountSecrets() error {
+ 	return detachMounted(container.SecretMountPath())
  }
  
 +// SUSE:secrets :: SuseSecretsResourcePath returns the path to the container's
@@ -63,7 +40,7 @@ index 2727b81..07a0710 100644
 +			Source:      container.SuseSecretsPath,
 +			Destination: "/run/secrets",
 +			Writable:    true,
-+			Propagation: volume.DefaultPropagationMode,
++			Propagation: string(volume.DefaultPropagationMode),
 +		})
 +	}
 +
@@ -103,10 +80,10 @@ index 2727b81..07a0710 100644
  func (container *Container) UpdateContainer(hostConfig *containertypes.HostConfig) error {
  	container.Lock()
 diff --git a/daemon/container_operations_unix.go b/daemon/container_operations_unix.go
-index 55bd3fc..a3ab7fb 100644
+index 2296045..d6f7889 100644
 --- a/daemon/container_operations_unix.go
 +++ b/daemon/container_operations_unix.go
-@@ -184,6 +184,56 @@ func (daemon *Daemon) getPidContainer(container *container.Container) (*containe
+@@ -87,6 +87,56 @@ func (daemon *Daemon) getPidContainer(container *container.Container) (*containe
  	return c, nil
  }
  
@@ -163,13 +140,13 @@ index 55bd3fc..a3ab7fb 100644
  func (daemon *Daemon) setupIpcDirs(c *container.Container) error {
  	var err error
  
-diff --git a/daemon/daemon_unix.go b/daemon/daemon_unix.go
-index f266912..2ced1b8 100644
---- a/daemon/daemon_unix.go
-+++ b/daemon/daemon_unix.go
-@@ -809,8 +809,10 @@ func initBridgeDriver(controller libnetwork.NetworkController, config *Config) e
+diff --git a/daemon/initlayer/setup_unix.go b/daemon/initlayer/setup_unix.go
+index e83c275..8c56310 100644
+--- a/daemon/initlayer/setup_unix.go
++++ b/daemon/initlayer/setup_unix.go
+@@ -18,8 +18,10 @@ import (
  // the container from unwanted side-effects on the rw layer.
- func setupInitLayer(initLayer string, rootUID, rootGID int) error {
+ func Setup(initLayer string, rootUID, rootGID int) error {
  	for pth, typ := range map[string]string{
 -		"/dev/pts":         "dir",
 -		"/dev/shm":         "dir",
@@ -181,11 +158,11 @@ index f266912..2ced1b8 100644
  		"/sys":             "dir",
  		"/.dockerenv":      "file",
 diff --git a/daemon/oci_linux.go b/daemon/oci_linux.go
-index 4459d02..6af7d35 100644
+index 1daefc5..8e27f1d 100644
 --- a/daemon/oci_linux.go
 +++ b/daemon/oci_linux.go
-@@ -656,6 +656,10 @@ func (daemon *Daemon) createSpec(c *container.Container) (*libcontainerd.Spec, e
- 	if err := daemon.setupIpcDirs(c); err != nil {
+@@ -693,6 +693,10 @@ func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) {
+ 	if err := daemon.setupSecretDir(c); err != nil {
  		return nil, err
  	}
 +	// SUSE:secrets :: We need to set up the container-specific secrets tmpfs here.
@@ -195,20 +172,21 @@ index 4459d02..6af7d35 100644
  
  	ms, err := daemon.setupMounts(c)
  	if err != nil {
-@@ -663,6 +667,8 @@ func (daemon *Daemon) createSpec(c *container.Container) (*libcontainerd.Spec, e
+@@ -711,6 +715,9 @@ func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) {
+ 		ms = append(ms, *m)
  	}
- 	ms = append(ms, c.IpcMounts()...)
- 	ms = append(ms, c.TmpfsMounts()...)
+ 
 +	// SUSE:secrets :: We add the mounts to the OCI config which containerd then uses.
 +	ms = append(ms, c.SuseSecretMounts()...)
++
  	sort.Sort(mounts(ms))
  	if err := setMounts(daemon, &s, c, ms); err != nil {
  		return nil, fmt.Errorf("linux mounts: %v", err)
 diff --git a/daemon/start.go b/daemon/start.go
-index fcf24c5..57a8c33 100644
+index 6c94fd5..9bbdc21 100644
 --- a/daemon/start.go
 +++ b/daemon/start.go
-@@ -173,6 +173,12 @@ func (daemon *Daemon) Cleanup(container *container.Container) {
+@@ -205,6 +205,12 @@ func (daemon *Daemon) Cleanup(container *container.Container) {
  
  	container.UnmountIpcMounts(detachMounted)
  
@@ -225,7 +203,7 @@ diff --git a/daemon/suse_secrets.go b/daemon/suse_secrets.go
 new file mode 100644
 index 0000000..417a1a9
 --- /dev/null
-+++ b/daemon/suse_secrets.go
++++ b/b/daemon/suse_secrets.go
 @@ -0,0 +1,184 @@
 +package daemon
 +
diff --git a/docker.changes b/docker.changes
index 64df359..ab7640a 100644
--- a/docker.changes
+++ b/docker.changes
@@ -1,3 +1,24 @@
+-------------------------------------------------------------------
+Mon Mar  6 18:11:47 UTC 2017 - jmassaguerpla@suse.com
+
+- fix docker-mount-secrets.patch to apply to docker-1.13.0 
+
+-------------------------------------------------------------------
+Mon Mar  6 15:31:02 UTC 2017 - jmassaguerpla@suse.com
+
+- Remove old plugins.json to prevent docker-1.13 to fail to start 
+
+-------------------------------------------------------------------
+Mon Mar  6 12:52:14 UTC 2017 - jmassaguerpla@suse.com
+
+- Fix bsc#1026827: systemd TasksMax default throttles docker  
+
+-------------------------------------------------------------------
+Mon Mar  6 10:09:14 UTC 2017 - jmassaguerpla@suse.com
+
+- Fix post section by adding shadow as a package requirement
+  Otherwise the groupadd instruction fails 
+
 -------------------------------------------------------------------
 Sun Mar  5 04:54:52 UTC 2017 - asarai@suse.com
 
diff --git a/docker.service b/docker.service
index e654024..4b5b5d4 100644
--- a/docker.service
+++ b/docker.service
@@ -23,7 +23,7 @@ LimitCORE=infinity
 
 # Uncomment TasksMax if your systemd version supports it.
 # Only systemd 226 and above support this property.
-#TasksMax=infinity
+TasksMax=infinity
 
 # Set delegate yes so that systemd does not reset the cgroups of docker containers
 # Only systemd 218 and above support this property.
diff --git a/docker.spec b/docker.spec
index 9c6885b..55f305f 100644
--- a/docker.spec
+++ b/docker.spec
@@ -105,6 +105,7 @@ Requires:       tar >= 1.26
 Requires:       xz >= 4.9
 Requires(post): %fillup_prereq
 Requires(post): udev
+Requires(post): shadow
 # Not necessary, but must be installed to have a smooth upgrade.
 Recommends:     docker-image-migrator
 Conflicts:      lxc < 1.0
@@ -378,6 +379,13 @@ else
         rm %{docker_migration_warnfile}
     fi
 fi
+# If plugins.json is present, docker will fail to start
+# https://github.com/docker/docker/releases/1.13.0
+if [ -e /var/lib/docker/plugins/plugins.json ];then
+  echo "Warning: Disabling previous installed plugins"
+  echo "Otherwise docker will fail to boot"
+  mv /var/lib/docker/plugins/plugins.json /var/lib/docker/plugins/_plugins.json.old
+fi
 %service_add_post %{name}.service
 %{fillup_only -n docker}