diff --git a/_service b/_service
index f92f464..25917fc 100644
--- a/_service
+++ b/_service
@@ -3,8 +3,8 @@
https://github.com/docker/docker-ce.git
git
.git
- 18.09.8_ce_%h
- v18.09.8
+ 19.03.0_ce_%h
+ v19.03.0
docker
diff --git a/bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch b/bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch
deleted file mode 100644
index 852463d..0000000
--- a/bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-From a3e63ddd20b7f52ff5e81bdb1beb867d28a1c9c8 Mon Sep 17 00:00:00 2001
-From: Aleksa Sarai
-Date: Sun, 17 Jun 2018 17:05:54 +1000
-Subject: [PATCH 1/2] oci: include the domainname in "kernel.domainname"
-
-The OCI doesn't have a specific field for an NIS domainname[1] (mainly
-because FreeBSD and Solaris appear to have a similar concept but it is
-configured entirely differently).
-
-However, on Linux, the NIS domainname can be configured through both the
-setdomainname(2) syscall but also through the "kernel.domainname"
-sysctl. Since the OCI has a way of injecting sysctls this means we don't
-need to have any OCI changes to support NIS domainnames (and we can
-always switch if the OCI picks up such support in the future).
-
-It should be noted that because we have to generate this each spec
-creation we also have to make sure that it's not clobbered by the
-HostConfig. I'm pretty sure making this change generic (so that
-HostConfig will not clobber any pre-set sysctls) will not cause other
-issues to crop up.
-
-[1]: https://github.com/opencontainers/runtime-spec/issues/592
-
-SUSE-Bugs: bsc#1001161
-Signed-off-by: Aleksa Sarai
----
- components/engine/daemon/oci_linux.go | 16 ++++++++++++++--
- 1 file changed, 14 insertions(+), 2 deletions(-)
-
-diff --git a/components/engine/daemon/oci_linux.go b/components/engine/daemon/oci_linux.go
-index 7611fc054d13..d5838623528e 100644
---- a/components/engine/daemon/oci_linux.go
-+++ b/components/engine/daemon/oci_linux.go
-@@ -679,7 +679,15 @@ func (daemon *Daemon) populateCommonSpec(s *specs.Spec, c *container.Container)
- s.Process.Cwd = cwd
- s.Process.Env = c.CreateDaemonEnvironment(c.Config.Tty, linkedEnv)
- s.Process.Terminal = c.Config.Tty
-- s.Hostname = c.FullHostname()
-+
-+ s.Hostname = c.Config.Hostname
-+ // There isn't a field in the OCI for the NIS domainname, but luckily there
-+ // is a sysctl which has an identical effect to setdomainname(2) so there's
-+ // no explicit need for runtime support.
-+ s.Linux.Sysctl = make(map[string]string)
-+ if c.Config.Domainname != "" {
-+ s.Linux.Sysctl["kernel.domainname"] = c.Config.Domainname
-+ }
-
- return nil
- }
-@@ -715,7 +723,11 @@ func (daemon *Daemon) createSpec(c *container.Container) (retSpec *specs.Spec, e
- if err := setResources(&s, c.HostConfig.Resources); err != nil {
- return nil, fmt.Errorf("linux runtime spec resources: %v", err)
- }
-- s.Linux.Sysctl = c.HostConfig.Sysctls
-+ // We merge the sysctls injected above with the HostConfig (latter takes
-+ // precedence for backwards-compatibility reasons).
-+ for k, v := range c.HostConfig.Sysctls {
-+ s.Linux.Sysctl[k] = v
-+ }
-
- p := s.Linux.CgroupsPath
- if useSystemd {
---
-2.21.0
-
diff --git a/bsc1001161-0002-cli-add-a-separate-domainname-flag.patch b/bsc1001161-0002-cli-add-a-separate-domainname-flag.patch
deleted file mode 100644
index 629a867..0000000
--- a/bsc1001161-0002-cli-add-a-separate-domainname-flag.patch
+++ /dev/null
@@ -1,216 +0,0 @@
-From 1b4f9787461d00dceea94d51af8db80f0b6aa906 Mon Sep 17 00:00:00 2001
-From: Aleksa Sarai
-Date: Mon, 18 Jun 2018 21:58:23 +1000
-Subject: [PATCH 2/2] cli: add a separate --domainname flag
-
-A while ago, Docker split the "Domainname" field out from the "Hostname"
-field for the container configuration. There was no real user-visible
-change associated with this (and under the hood "Domainname" was mostly
-left unused from the command-line point of view). We now add this flag
-in order to match other proposed changes to allow for setting the NIS
-domainname of a container.
-
-This also includes a fix for the --hostname parsing tests (they would
-not error out if only one of .Hostname and .Domainname were incorrectly
-set -- which is not correct).
-
-SUSE-Bugs: bsc#1001161
-Signed-off-by: Aleksa Sarai
----
- components/cli/cli/command/container/opts.go | 3 ++
- .../cli/cli/command/container/opts_test.go | 31 ++++++++++++++++---
- components/cli/contrib/completion/bash/docker | 1 +
- components/cli/contrib/completion/zsh/_docker | 1 +
- .../cli/docs/reference/commandline/create.md | 1 +
- .../cli/docs/reference/commandline/run.md | 1 +
- .../reference/commandline/service_create.md | 2 +-
- components/cli/docs/reference/run.md | 6 ++--
- components/cli/man/docker-run.1.md | 7 +++++
- 9 files changed, 44 insertions(+), 9 deletions(-)
-
-diff --git a/components/cli/cli/command/container/opts.go b/components/cli/cli/command/container/opts.go
-index 97906b672252..7cd9ce998c8b 100644
---- a/components/cli/cli/command/container/opts.go
-+++ b/components/cli/cli/command/container/opts.go
-@@ -74,6 +74,7 @@ type containerOptions struct {
- containerIDFile string
- entrypoint string
- hostname string
-+ domainname string
- memory opts.MemBytes
- memoryReservation opts.MemBytes
- memorySwap opts.MemSwapBytes
-@@ -169,6 +170,7 @@ func addFlags(flags *pflag.FlagSet) *containerOptions {
- flags.StringVar(&copts.entrypoint, "entrypoint", "", "Overwrite the default ENTRYPOINT of the image")
- flags.Var(&copts.groupAdd, "group-add", "Add additional groups to join")
- flags.StringVarP(&copts.hostname, "hostname", "h", "", "Container host name")
-+ flags.StringVar(&copts.domainname, "domainname", "", "Container NIS domain name")
- flags.BoolVarP(&copts.stdin, "interactive", "i", false, "Keep STDIN open even if not attached")
- flags.VarP(&copts.labels, "label", "l", "Set meta data on a container")
- flags.Var(&copts.labelsFile, "label-file", "Read in a line delimited file of labels")
-@@ -546,6 +548,7 @@ func parse(flags *pflag.FlagSet, copts *containerOptions) (*containerConfig, err
-
- config := &container.Config{
- Hostname: copts.hostname,
-+ Domainname: copts.domainname,
- ExposedPorts: ports,
- User: copts.user,
- Tty: copts.tty,
-diff --git a/components/cli/cli/command/container/opts_test.go b/components/cli/cli/command/container/opts_test.go
-index 6d7c95a5ddb8..70bedc661751 100644
---- a/components/cli/cli/command/container/opts_test.go
-+++ b/components/cli/cli/command/container/opts_test.go
-@@ -265,14 +265,35 @@ func TestParseHostname(t *testing.T) {
- hostnameWithDomainTld := "--hostname=hostname.domainname.tld"
- for hostname, expectedHostname := range validHostnames {
- if config, _ := mustParse(t, fmt.Sprintf("--hostname=%s", hostname)); config.Hostname != expectedHostname {
-- t.Fatalf("Expected the config to have 'hostname' as hostname, got '%v'", config.Hostname)
-+ t.Fatalf("Expected the config to have 'hostname' as %q, got %q", expectedHostname, config.Hostname)
- }
- }
-- if config, _ := mustParse(t, hostnameWithDomain); config.Hostname != "hostname.domainname" && config.Domainname != "" {
-- t.Fatalf("Expected the config to have 'hostname' as hostname.domainname, got '%v'", config.Hostname)
-+ if config, _ := mustParse(t, hostnameWithDomain); config.Hostname != "hostname.domainname" || config.Domainname != "" {
-+ t.Fatalf("Expected the config to have 'hostname' as hostname.domainname, got %q", config.Hostname)
- }
-- if config, _ := mustParse(t, hostnameWithDomainTld); config.Hostname != "hostname.domainname.tld" && config.Domainname != "" {
-- t.Fatalf("Expected the config to have 'hostname' as hostname.domainname.tld, got '%v'", config.Hostname)
-+ if config, _ := mustParse(t, hostnameWithDomainTld); config.Hostname != "hostname.domainname.tld" || config.Domainname != "" {
-+ t.Fatalf("Expected the config to have 'hostname' as hostname.domainname.tld, got %q", config.Hostname)
-+ }
-+}
-+
-+func TestParseHostnameDomainname(t *testing.T) {
-+ validDomainnames := map[string]string{
-+ "domainname": "domainname",
-+ "domain-name": "domain-name",
-+ "domainname123": "domainname123",
-+ "123domainname": "123domainname",
-+ "domainname-63-bytes-long-should-be-valid-and-without-any-errors": "domainname-63-bytes-long-should-be-valid-and-without-any-errors",
-+ }
-+ for domainname, expectedDomainname := range validDomainnames {
-+ if config, _ := mustParse(t, "--domainname="+domainname); config.Domainname != expectedDomainname {
-+ t.Fatalf("Expected the config to have 'domainname' as %q, got %q", expectedDomainname, config.Domainname)
-+ }
-+ }
-+ if config, _ := mustParse(t, "--hostname=some.prefix --domainname=domainname"); config.Hostname != "some.prefix" || config.Domainname != "domainname" {
-+ t.Fatalf("Expected the config to have 'hostname' as 'some.prefix' and 'domainname' as 'domainname', got %q and %q", config.Hostname, config.Domainname)
-+ }
-+ if config, _ := mustParse(t, "--hostname=another-prefix --domainname=domainname.tld"); config.Hostname != "another-prefix" || config.Domainname != "domainname.tld" {
-+ t.Fatalf("Expected the config to have 'hostname' as 'another-prefix' and 'domainname' as 'domainname.tld', got %q and %q", config.Hostname, config.Domainname)
- }
- }
-
-diff --git a/components/cli/contrib/completion/bash/docker b/components/cli/contrib/completion/bash/docker
-index 92d57408617e..a0d4878ee311 100644
---- a/components/cli/contrib/completion/bash/docker
-+++ b/components/cli/contrib/completion/bash/docker
-@@ -1809,6 +1809,7 @@ _docker_container_run_and_create() {
- --dns
- --dns-option
- --dns-search
-+ --domainname
- --entrypoint
- --env -e
- --env-file
-diff --git a/components/cli/contrib/completion/zsh/_docker b/components/cli/contrib/completion/zsh/_docker
-index 94f042204dfb..9a502db0886f 100644
---- a/components/cli/contrib/completion/zsh/_docker
-+++ b/components/cli/contrib/completion/zsh/_docker
-@@ -617,6 +617,7 @@ __docker_container_subcommand() {
- "($help)*--dns=[Custom DNS servers]:DNS server: "
- "($help)*--dns-option=[Custom DNS options]:DNS option: "
- "($help)*--dns-search=[Custom DNS search domains]:DNS domains: "
-+ "($help)*--domainname=[Container NIS domain name]:domainname:_hosts"
- "($help)*"{-e=,--env=}"[Environment variables]:environment variable: "
- "($help)--entrypoint=[Overwrite the default entrypoint of the image]:entry point: "
- "($help)*--env-file=[Read environment variables from a file]:environment file:_files"
-diff --git a/components/cli/docs/reference/commandline/create.md b/components/cli/docs/reference/commandline/create.md
-index d585da40ae1e..c829dbb3e5b9 100644
---- a/components/cli/docs/reference/commandline/create.md
-+++ b/components/cli/docs/reference/commandline/create.md
-@@ -53,6 +53,7 @@ Options:
- --dns value Set custom DNS servers (default [])
- --dns-option value Set DNS options (default [])
- --dns-search value Set custom DNS search domains (default [])
-+ --domainname string Container NIS domain name
- --entrypoint string Overwrite the default ENTRYPOINT of the image
- -e, --env value Set environment variables (default [])
- --env-file value Read in a file of environment variables (default [])
-diff --git a/components/cli/docs/reference/commandline/run.md b/components/cli/docs/reference/commandline/run.md
-index 6a2630bd1978..a4721e4a7761 100644
---- a/components/cli/docs/reference/commandline/run.md
-+++ b/components/cli/docs/reference/commandline/run.md
-@@ -57,6 +57,7 @@ Options:
- --dns value Set custom DNS servers (default [])
- --dns-option value Set DNS options (default [])
- --dns-search value Set custom DNS search domains (default [])
-+ --domainname string Container NIS domain name
- --entrypoint string Overwrite the default ENTRYPOINT of the image
- -e, --env value Set environment variables (default [])
- --env-file value Read in a file of environment variables (default [])
-diff --git a/components/cli/docs/reference/commandline/service_create.md b/components/cli/docs/reference/commandline/service_create.md
-index bc68128d0cf9..b395a0bda064 100644
---- a/components/cli/docs/reference/commandline/service_create.md
-+++ b/components/cli/docs/reference/commandline/service_create.md
-@@ -755,7 +755,7 @@ The swarm extends my-network to each node running the service.
- Containers on the same network can access each other using
- [service discovery](https://docs.docker.com/engine/swarm/networking/#use-swarm-mode-service-discovery).
-
--Long form syntax of `--network` allows to specify list of aliases and driver options:
-+Long form syntax of `--network` allows to specify list of aliases and driver options:
- `--network name=my-network,alias=web1,driver-opt=field1=value1`
-
- ### Publish service ports externally to the swarm (-p, --publish)
-diff --git a/components/cli/docs/reference/run.md b/components/cli/docs/reference/run.md
-index a59a30525554..695974fe533c 100644
---- a/components/cli/docs/reference/run.md
-+++ b/components/cli/docs/reference/run.md
-@@ -256,7 +256,7 @@ The UTS namespace is for setting the hostname and the domain that is visible
- to running processes in that namespace. By default, all containers, including
- those with `--network=host`, have their own UTS namespace. The `host` setting will
- result in the container using the same UTS namespace as the host. Note that
--`--hostname` is invalid in `host` UTS mode.
-+`--hostname` and `--domainname` are invalid in `host` UTS mode.
-
- You may wish to share the UTS namespace with the host if you would like the
- hostname of the container to change as the hostname of the host changes. A
-@@ -396,8 +396,8 @@ network stack and all interfaces from the host will be available to the
- container. The container's hostname will match the hostname on the host
- system. Note that `--mac-address` is invalid in `host` netmode. Even in `host`
- network mode a container has its own UTS namespace by default. As such
--`--hostname` is allowed in `host` network mode and will only change the
--hostname inside the container.
-+`--hostname` and `--domainname` are allowed in `host` network mode and will
-+only change the hostname and domain name inside the container.
- Similar to `--hostname`, the `--add-host`, `--dns`, `--dns-search`, and
- `--dns-option` options can be used in `host` network mode. These options update
- `/etc/hosts` or `/etc/resolv.conf` inside the container. No change are made to
-diff --git a/components/cli/man/docker-run.1.md b/components/cli/man/docker-run.1.md
-index e03377001d4e..4a1464a74200 100644
---- a/components/cli/man/docker-run.1.md
-+++ b/components/cli/man/docker-run.1.md
-@@ -35,6 +35,7 @@ docker-run - Run a command in a new container
- [**--dns**[=*[]*]]
- [**--dns-option**[=*[]*]]
- [**--dns-search**[=*[]*]]
-+[**--domainname**[=*DOMAINNAME*]]
- [**-e**|**--env**[=*[]*]]
- [**--entrypoint**[=*ENTRYPOINT*]]
- [**--env-file**[=*[]*]]
-@@ -285,6 +286,12 @@ configuration passed to the container. Typically this is necessary when the
- host DNS configuration is invalid for the container (e.g., 127.0.0.1). When this
- is the case the **--dns** flags is necessary for every run.
-
-+**--domainname**=""
-+ Container NIS domain name
-+
-+ Sets the container's NIS domain name (see also **setdomainname(2)**) that is
-+ available inside the container.
-+
- **-e**, **--env**=[]
- Set environment variables
-
---
-2.21.0
-
diff --git a/bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch b/bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
deleted file mode 100644
index d5debc1..0000000
--- a/bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From 64f1dfcbe4313bccacbe603dcb444da82d9136d7 Mon Sep 17 00:00:00 2001
-From: Aleksa Sarai
-Date: Thu, 23 Aug 2018 19:53:55 +1000
-Subject: [PATCH] man: obey SOURCE_DATE_EPOCH when generating man pages
-
-Previously our man pages included the current time each time they were
-generated. This causes an issue for reproducible builds, since each
-re-build of a package that includes the man pages will have different
-times listed in the man pages.
-
-To fix this, add support for SOURCE_DATE_EPOCH (which is a standardised
-packaging environment variable, designed to be used specifically for
-this purpose[1]). spf13/cobra doesn't support this natively yet (though
-I will push a patch for that as well), but it's simpler to fix it
-directly in docker/cli.
-
-[1]: https://reproducible-builds.org/specs/source-date-epoch/
-
-SUSE-Bugs: boo#1047218
-Signed-off-by: Aleksa Sarai
----
- components/cli/man/generate.go | 13 +++++++++++++
- 1 file changed, 13 insertions(+)
-
-diff --git a/components/cli/man/generate.go b/components/cli/man/generate.go
-index 2d940e31fd10..e5e480be3f32 100644
---- a/components/cli/man/generate.go
-+++ b/components/cli/man/generate.go
-@@ -6,6 +6,8 @@ import (
- "log"
- "os"
- "path/filepath"
-+ "strconv"
-+ "time"
-
- "github.com/docker/cli/cli/command"
- "github.com/docker/cli/cli/command/commands"
-@@ -24,6 +26,17 @@ func generateManPages(opts *options) error {
- Source: "Docker Community",
- }
-
-+ // If SOURCE_DATE_EPOCH is set, in order to allow reproducible package
-+ // builds, we explicitly set the build time to SOURCE_DATE_EPOCH.
-+ if epoch := os.Getenv("SOURCE_DATE_EPOCH"); epoch != "" {
-+ unixEpoch, err := strconv.ParseInt(epoch, 10, 64)
-+ if err != nil {
-+ return fmt.Errorf("invalid SOURCE_DATE_EPOCH: %v", err)
-+ }
-+ now := time.Unix(unixEpoch, 0)
-+ header.Date = &now
-+ }
-+
- stdin, stdout, stderr := term.StdStreams()
- dockerCli := command.NewDockerCli(stdin, stdout, stderr, false, nil)
- cmd := &cobra.Command{Use: "docker"}
---
-2.21.0
-
diff --git a/bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch b/bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
index a52b473..dd05e01 100644
--- a/bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
+++ b/bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
@@ -1,4 +1,4 @@
-From 66a84fc12ea9c9a4a9805550b3cd2055862ef1c6 Mon Sep 17 00:00:00 2001
+From a67925f5d977db2b5a1b0162149cbd0de2b20598 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai
Date: Fri, 29 Jun 2018 17:59:30 +1000
Subject: [PATCH] apparmor: clobber docker-default profile on start
@@ -17,8 +17,8 @@ Signed-off-by: Aleksa Sarai
---
components/engine/daemon/apparmor_default.go | 14 ++++++++++----
.../engine/daemon/apparmor_default_unsupported.go | 4 ++++
- components/engine/daemon/daemon.go | 4 +++-
- 3 files changed, 17 insertions(+), 5 deletions(-)
+ components/engine/daemon/daemon.go | 5 +++--
+ 3 files changed, 17 insertions(+), 6 deletions(-)
diff --git a/components/engine/daemon/apparmor_default.go b/components/engine/daemon/apparmor_default.go
index 461f5c7f96b2..8f21c5c0c566 100644
@@ -68,13 +68,14 @@ index 51f9c526b350..97d7758442ee 100644
return nil
}
diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
-index a307863017ab..67cd286002bf 100644
+index f049b0d2a41f..7bd89e76b32f 100644
--- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go
-@@ -735,7 +735,9 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
+@@ -807,8 +807,9 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
logrus.Warnf("Failed to configure golang's threads limit: %v", err)
}
+- // ensureDefaultAppArmorProfile does nothing if apparmor is disabled
- if err := ensureDefaultAppArmorProfile(); err != nil {
+ // Make sure we clobber any pre-existing docker-default profile to ensure
+ // that upgrades to the profile actually work smoothly.
@@ -83,5 +84,5 @@ index a307863017ab..67cd286002bf 100644
}
--
-2.21.0
+2.22.0
diff --git a/bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch b/bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch
deleted file mode 100644
index 7d80317..0000000
--- a/bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch
+++ /dev/null
@@ -1,121 +0,0 @@
-From c2e035cbcb9a9fb7f89f729bef5b3354891fcdad Mon Sep 17 00:00:00 2001
-From: Aleksa Sarai
-Date: Tue, 12 Mar 2019 18:37:31 +1100
-Subject: [PATCH] integration-cli: don't build -test images if they already
- exist
-
-There's no need to try to re-build the test images if they already
-exist. This change makes basically no difference to the upstream
-integration test-suite running, but for users who want to run the
-integration-cli suite on a host machine (such as distributions doing
-tests) this change allows images to be pre-loaded such that compilers
-aren't needed on the test machine.
-
-However, this does remove the accidental re-compilation of nnp-test, as
-well as handling errors far more cleanly (previously if an error
-occurred during a test build, further tests won't attempt to rebuild
-it).
-
-SUSE-Bugs: bsc#1128746
-Signed-off-by: Aleksa Sarai
----
- .../fixtures_linux_daemon_test.go | 21 +++++++++--------
- .../internal/test/environment/environment.go | 23 +++++++++++++++++++
- 2 files changed, 35 insertions(+), 9 deletions(-)
-
-diff --git a/components/engine/integration-cli/fixtures_linux_daemon_test.go b/components/engine/integration-cli/fixtures_linux_daemon_test.go
-index 5c874ec14b0c..ab152f4a9988 100644
---- a/components/engine/integration-cli/fixtures_linux_daemon_test.go
-+++ b/components/engine/integration-cli/fixtures_linux_daemon_test.go
-@@ -8,7 +8,6 @@ import (
- "path/filepath"
- "runtime"
- "strings"
-- "sync"
-
- "github.com/docker/docker/internal/test/fixtures/load"
- "github.com/go-check/check"
-@@ -24,17 +23,13 @@ type logT interface {
- Logf(string, ...interface{})
- }
-
--var ensureSyscallTestOnce sync.Once
--
- func ensureSyscallTest(c *check.C) {
-- var doIt bool
-- ensureSyscallTestOnce.Do(func() {
-- doIt = true
-- })
-- if !doIt {
-+ defer testEnv.ProtectImage(c, "syscall-test:latest")
-+
-+ // If the image already exists, there's nothing left to do.
-+ if testEnv.HasExistingImage(c, "syscall-test:latest") {
- return
- }
-- defer testEnv.ProtectImage(c, "syscall-test:latest")
-
- // if no match, must build in docker, which is significantly slower
- // (slower mostly because of the vfs graphdriver)
-@@ -93,6 +88,14 @@ func ensureSyscallTestBuild(c *check.C) {
-
- func ensureNNPTest(c *check.C) {
- defer testEnv.ProtectImage(c, "nnp-test:latest")
-+
-+ // If the image already exists, there's nothing left to do.
-+ if testEnv.HasExistingImage(c, "nnp-test:latest") {
-+ return
-+ }
-+
-+ // if no match, must build in docker, which is significantly slower
-+ // (slower mostly because of the vfs graphdriver)
- if testEnv.OSType != runtime.GOOS {
- ensureNNPTestBuild(c)
- return
-diff --git a/components/engine/internal/test/environment/environment.go b/components/engine/internal/test/environment/environment.go
-index 5538d2097e9b..763c08ba4845 100644
---- a/components/engine/internal/test/environment/environment.go
-+++ b/components/engine/internal/test/environment/environment.go
-@@ -8,9 +8,12 @@ import (
- "strings"
-
- "github.com/docker/docker/api/types"
-+ "github.com/docker/docker/api/types/filters"
- "github.com/docker/docker/client"
-+ "github.com/docker/docker/internal/test"
- "github.com/docker/docker/internal/test/fixtures/load"
- "github.com/pkg/errors"
-+ "gotest.tools/assert"
- )
-
- // Execution contains information about the current test execution and daemon
-@@ -151,6 +154,26 @@ func (e *Execution) IsUserNamespace() bool {
- return root != ""
- }
-
-+// HasExistingImage checks whether there is an image with the given reference.
-+// Note that this is done by filtering and then checking whether there were any
-+// results -- so ambiguous references might result in false-positives.
-+func (e *Execution) HasExistingImage(t testingT, reference string) bool {
-+ if ht, ok := t.(test.HelperT); ok {
-+ ht.Helper()
-+ }
-+ client := e.APIClient()
-+ filter := filters.NewArgs()
-+ filter.Add("dangling", "false")
-+ filter.Add("reference", reference)
-+ imageList, err := client.ImageList(context.Background(), types.ImageListOptions{
-+ All: true,
-+ Filters: filter,
-+ })
-+ assert.NilError(t, err, "failed to list images")
-+
-+ return len(imageList) > 0
-+}
-+
- // EnsureFrozenImagesLinux loads frozen test images into the daemon
- // if they aren't already loaded
- func EnsureFrozenImagesLinux(testEnv *Execution) error {
---
-2.21.0
-
diff --git a/docker-18.09.8_ce_0dd43dd87fd5.tar.xz b/docker-18.09.8_ce_0dd43dd87fd5.tar.xz
deleted file mode 100644
index b4124d3..0000000
--- a/docker-18.09.8_ce_0dd43dd87fd5.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e880c4ce4da35e4dd723c8b8e8dbedf95612e8bb1f423bbd900726fb47069068
-size 9344440
diff --git a/docker-19.03.0_ce_aeac9490dc54.tar.xz b/docker-19.03.0_ce_aeac9490dc54.tar.xz
new file mode 100644
index 0000000..b537bb0
--- /dev/null
+++ b/docker-19.03.0_ce_aeac9490dc54.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8987d5663c875fe4dde2e367099fd737902b95c80a8d712d14723bea44e335d8
+size 9978876
diff --git a/docker.changes b/docker.changes
index bf6e56f..b7481c6 100644
--- a/docker.changes
+++ b/docker.changes
@@ -1,3 +1,20 @@
+-------------------------------------------------------------------
+Mon Jul 22 22:13:30 UTC 2019 - Aleksa Sarai
+
+- Update to Docker 19.03.0-ce. See upstream changelog in the packaged
+ /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1142413
+- Remove upstreamed patches:
+ - bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch
+ - bsc1001161-0002-cli-add-a-separate-domainname-flag.patch
+ - bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
+ - bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch
+- Rebase pacthes:
+ * bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
+ * packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
+ * private-registry-0001-Add-private-registry-mirror-support.patch
+ * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
+ * secrets-0002-SUSE-implement-SUSE-container-secrets.patch
+
-------------------------------------------------------------------
Wed Jul 17 23:15:33 UTC 2019 - Aleksa Sarai
diff --git a/docker.spec b/docker.spec
index ae34ff3..f68e4d5 100644
--- a/docker.spec
+++ b/docker.spec
@@ -42,17 +42,17 @@
# helpfully injects into our build environment from the changelog). If you want
# to generate a new git_commit_epoch, use this:
# $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s'
-%define git_version 0dd43dd87fd5
-%define git_commit_epoch 1563383036
+%define git_version aeac9490dc54
+%define git_commit_epoch 1563384968
# These are the git commits required. We verify them against the source to make
# sure we didn't miss anything important when doing upgrades.
%define required_containerd 894b81a4b802e4eb2a91d1ce216b8817763c29fb
%define required_dockerrunc 425e105d5a03fabd737a126ad93d62a9eeede87f
-%define required_libnetwork e7933d41e7b206756115aa9df5e0599fc5169742
+%define required_libnetwork fc5a7d91d54cc98f64fc28f9e288b46a0bee756c
Name: %{realname}%{name_suffix}
-Version: 18.09.8_ce
+Version: 19.03.0_ce
Release: 0
Summary: The Moby-project Linux container runtime
License: Apache-2.0
@@ -79,19 +79,11 @@ Patch200: secrets-0001-daemon-allow-directory-creation-in-run-secrets.patc
Patch201: secrets-0002-SUSE-implement-SUSE-container-secrets.patch
# SUSE-BACKPORT: Backport of https://github.com/docker/docker/pull/37353. bsc#1099277
Patch401: bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
-# SUSE-BACKPORT: Backport of https://github.com/docker/cli/pull/1306. boo#1047218
-Patch402: bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
# SUSE-ISSUE: Revert of https://github.com/docker/docker/pull/37907.
-Patch403: packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
-# SUSE-BACKPORT: Backport of https://github.com/docker/docker/pull/37302. bsc#1001161
-Patch404: bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch
-# SUSE-BACKPORT: Backport of https://github.com/docker/cli/pull/1130. bsc#1001161
-Patch405: bsc1001161-0002-cli-add-a-separate-domainname-flag.patch
+Patch402: packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
# SUSE-FEATURE: Add support to mirror inofficial/private registries
# (https://github.com/docker/docker/pull/34319)
Patch500: private-registry-0001-Add-private-registry-mirror-support.patch
-# SUSE-BACKPORT: Backport of test-only patch https://github.com/moby/moby/pull/38853. bsc1128746
-Patch900: bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch
BuildRequires: audit
BuildRequires: bash-completion
BuildRequires: ca-certificates
@@ -141,9 +133,8 @@ Recommends: lvm2 >= 2.2.89
Recommends: git-core >= 1.7
Conflicts: lxc < 1.0
ExcludeArch: s390 ppc
-# Make sure we build with go 1.10
BuildRequires: go-go-md2man
-BuildRequires: golang(API) = 1.10
+BuildRequires: golang(API) >= 1.12
# KUBIC-SPECIFIC: This was required when upgrading from the original kubic
# packaging, when everything was renamed to -kubic. It also is
# used to ensure that nothing complains too much when using
@@ -266,19 +257,12 @@ docker container runtime configuration for kubeadm
%endif
# bsc#1099277
%patch401 -p1
-# boo#1047218
-%patch402 -p1
# revert upstream
-%patch403 -p1
-# bsc#1001161
-%patch404 -p1
-%patch405 -p1
+%patch402 -p1
%if "%flavour" == "kubic"
# PATCH-SUSE: Mirror patch.
%patch500 -p1
%endif
-# bsc#1128746
-%patch900 -p1
cp %{SOURCE7} .
diff --git a/packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch b/packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
index 5e8c2a9..9d25662 100644
--- a/packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
+++ b/packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
@@ -1,4 +1,4 @@
-From 6d022d4e08225c2fda686fc0d5febecee2efa864 Mon Sep 17 00:00:00 2001
+From 33d18d20a806e2541292acb55338dea2065d2501 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai
Date: Thu, 29 Nov 2018 20:53:16 +1100
Subject: [PATCH] revert "Remove 'docker-' prefix for containerd and runc
@@ -11,20 +11,19 @@ up-to-date one available for Podman).
Signed-off-by: Aleksa Sarai
---
- components/engine/api/swagger.yaml | 4 +--
- .../builder/builder-next/executor_unix.go | 2 +-
- components/engine/cmd/dockerd/daemon.go | 36 +++++++------------
- components/engine/daemon/daemon_unix.go | 6 ++--
- .../libcontainerd/supervisor/remote_daemon.go | 4 +--
- .../supervisor/remote_daemon_linux.go | 4 +--
- .../supervisor/remote_daemon_windows.go | 4 +--
- 7 files changed, 25 insertions(+), 35 deletions(-)
+ components/engine/api/swagger.yaml | 4 ++--
+ components/engine/builder/builder-next/executor_unix.go | 2 +-
+ components/engine/daemon/daemon_unix.go | 6 +++---
+ components/engine/libcontainerd/supervisor/remote_daemon.go | 4 ++--
+ .../engine/libcontainerd/supervisor/remote_daemon_linux.go | 4 ++--
+ .../libcontainerd/supervisor/remote_daemon_windows.go | 4 ++--
+ 6 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/components/engine/api/swagger.yaml b/components/engine/api/swagger.yaml
-index ca9d29e021de..082e5783ff1f 100644
+index 6e0bc25b52d6..58f860d22a49 100644
--- a/components/engine/api/swagger.yaml
+++ b/components/engine/api/swagger.yaml
-@@ -3866,10 +3866,10 @@ definitions:
+@@ -3980,10 +3980,10 @@ definitions:
$ref: "#/definitions/Runtime"
default:
runc:
@@ -38,80 +37,20 @@ index ca9d29e021de..082e5783ff1f 100644
path: "/go/bin/runc"
custom:
diff --git a/components/engine/builder/builder-next/executor_unix.go b/components/engine/builder/builder-next/executor_unix.go
-index 3a11f8588144..ce4d2d937f9f 100644
+index 620ffb401de7..dd63779a27d2 100644
--- a/components/engine/builder/builder-next/executor_unix.go
+++ b/components/engine/builder/builder-next/executor_unix.go
-@@ -28,7 +28,7 @@ func newExecutor(root, cgroupParent string, net libnetwork.NetworkController) (e
+@@ -28,7 +28,7 @@ func newExecutor(root, cgroupParent string, net libnetwork.NetworkController, ro
}
return runcexecutor.New(runcexecutor.Opt{
Root: filepath.Join(root, "executor"),
- CommandCandidates: []string{"runc"},
+ CommandCandidates: []string{"docker-runc", "runc"},
DefaultCgroupParent: cgroupParent,
- }, networkProviders)
- }
-diff --git a/components/engine/cmd/dockerd/daemon.go b/components/engine/cmd/dockerd/daemon.go
-index 839537316af4..05922e6418d0 100644
---- a/components/engine/cmd/dockerd/daemon.go
-+++ b/components/engine/cmd/dockerd/daemon.go
-@@ -10,7 +10,6 @@ import (
- "strings"
- "time"
-
-- containerddefaults "github.com/containerd/containerd/defaults"
- "github.com/docker/distribution/uuid"
- "github.com/docker/docker/api"
- apiserver "github.com/docker/docker/api/server"
-@@ -141,25 +140,21 @@ func (cli *DaemonCli) start(opts *daemonOptions) (err error) {
-
- ctx, cancel := context.WithCancel(context.Background())
- if cli.Config.ContainerdAddr == "" && runtime.GOOS != "windows" {
-- if !systemContainerdRunning() {
-- opts, err := cli.getContainerdDaemonOpts()
-- if err != nil {
-- cancel()
-- return fmt.Errorf("Failed to generate containerd options: %v", err)
-- }
--
-- r, err := supervisor.Start(ctx, filepath.Join(cli.Config.Root, "containerd"), filepath.Join(cli.Config.ExecRoot, "containerd"), opts...)
-- if err != nil {
-- cancel()
-- return fmt.Errorf("Failed to start containerd: %v", err)
-- }
-- cli.Config.ContainerdAddr = r.Address()
-+ opts, err := cli.getContainerdDaemonOpts()
-+ if err != nil {
-+ cancel()
-+ return fmt.Errorf("Failed to generate containerd options: %v", err)
-+ }
-
-- // Try to wait for containerd to shutdown
-- defer r.WaitTimeout(10 * time.Second)
-- } else {
-- cli.Config.ContainerdAddr = containerddefaults.DefaultAddress
-+ r, err := supervisor.Start(ctx, filepath.Join(cli.Config.Root, "containerd"), filepath.Join(cli.Config.ExecRoot, "containerd"), opts...)
-+ if err != nil {
-+ cancel()
-+ return fmt.Errorf("Failed to start containerd: %v", err)
- }
-+ cli.Config.ContainerdAddr = r.Address()
-+
-+ // Try to wait for containerd to shutdown
-+ defer r.WaitTimeout(10 * time.Second)
- }
- defer cancel()
-
-@@ -665,8 +660,3 @@ func validateAuthzPlugins(requestedPlugins []string, pg plugingetter.PluginGette
- }
- return nil
- }
--
--func systemContainerdRunning() bool {
-- _, err := os.Lstat(containerddefaults.DefaultAddress)
-- return err == nil
--}
+ Rootless: rootless,
+ NoPivot: os.Getenv("DOCKER_RAMDISK") != "",
diff --git a/components/engine/daemon/daemon_unix.go b/components/engine/daemon/daemon_unix.go
-index 5234201c828f..c40d11bc85c2 100644
+index df64de6edf13..fa9bfb528414 100644
--- a/components/engine/daemon/daemon_unix.go
+++ b/components/engine/daemon/daemon_unix.go
@@ -54,11 +54,11 @@ import (
@@ -128,7 +67,7 @@ index 5234201c828f..c40d11bc85c2 100644
// See https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/tree/kernel/sched/sched.h?id=8cd9234c64c584432f6992fe944ca9e46ca8ea76#n269
linuxMinCPUShares = 2
-@@ -76,7 +76,7 @@ const (
+@@ -77,7 +77,7 @@ const (
// DefaultRuntimeName is the default runtime to be used by
// containerd if none is specified
@@ -138,7 +77,7 @@ index 5234201c828f..c40d11bc85c2 100644
type containerGetter interface {
diff --git a/components/engine/libcontainerd/supervisor/remote_daemon.go b/components/engine/libcontainerd/supervisor/remote_daemon.go
-index eb9a2bdd8198..309f50f26bb2 100644
+index 31b93f11f0b1..5fba7f29eff9 100644
--- a/components/engine/libcontainerd/supervisor/remote_daemon.go
+++ b/components/engine/libcontainerd/supervisor/remote_daemon.go
@@ -27,8 +27,8 @@ const (
@@ -183,5 +122,5 @@ index 9b254ef58a0a..bcdc9529e0f7 100644
func (r *remote) setDefaults() {
--
-2.21.0
+2.22.0
diff --git a/private-registry-0001-Add-private-registry-mirror-support.patch b/private-registry-0001-Add-private-registry-mirror-support.patch
index 590a5dc..f6ead07 100644
--- a/private-registry-0001-Add-private-registry-mirror-support.patch
+++ b/private-registry-0001-Add-private-registry-mirror-support.patch
@@ -1,4 +1,4 @@
-From 2a00f998e1e081a9f72f0ba81403dceea252c6a1 Mon Sep 17 00:00:00 2001
+From 69d43a9550cdedf86b0d4b29e9d737af90221109 Mon Sep 17 00:00:00 2001
From: Valentin Rothberg
Date: Mon, 2 Jul 2018 13:37:34 +0200
Subject: [PATCH] Add private-registry mirror support
@@ -72,12 +72,12 @@ Signed-off-by: Aleksa Sarai
components/engine/distribution/pull.go | 2 +-
components/engine/distribution/pull_v2.go | 2 +-
components/engine/distribution/push.go | 2 +-
- components/engine/registry/config.go | 120 ++++++++++++++-
+ components/engine/registry/config.go | 124 ++++++++++++++-
components/engine/registry/config_test.go | 136 +++++++++++++++++
components/engine/registry/registry_test.go | 91 ++++++++++-
- components/engine/registry/service.go | 56 ++++---
+ components/engine/registry/service.go | 45 ++++--
components/engine/registry/service_v2.go | 66 +++++---
- 12 files changed, 705 insertions(+), 46 deletions(-)
+ 12 files changed, 697 insertions(+), 47 deletions(-)
diff --git a/components/engine/api/types/registry/registry.go b/components/engine/api/types/registry/registry.go
index 8789ad3b3210..c663fec7d881 100644
@@ -243,10 +243,10 @@ index 8789ad3b3210..c663fec7d881 100644
// NetIPNet is the net.IPNet type, which can be marshalled and
diff --git a/components/engine/daemon/config/config.go b/components/engine/daemon/config/config.go
-index 8b2c844a579f..e61940661c70 100644
+index 80ecbbd9550d..8ce69714d9bf 100644
--- a/components/engine/daemon/config/config.go
+++ b/components/engine/daemon/config/config.go
-@@ -470,6 +470,10 @@ func findConfigurationConflicts(config map[string]interface{}, flags *pflag.Flag
+@@ -467,6 +467,10 @@ func findConfigurationConflicts(config map[string]interface{}, flags *pflag.Flag
// 1. Search keys from the file that we don't recognize as flags.
unknownKeys := make(map[string]interface{})
for key, value := range config {
@@ -258,7 +258,7 @@ index 8b2c844a579f..e61940661c70 100644
unknownKeys[key] = value
}
diff --git a/components/engine/daemon/reload.go b/components/engine/daemon/reload.go
-index 026d7dd517f7..924c3982cd2a 100644
+index a31dd0cb87c1..99cc4a65a79d 100644
--- a/components/engine/daemon/reload.go
+++ b/components/engine/daemon/reload.go
@@ -21,8 +21,14 @@ import (
@@ -286,7 +286,7 @@ index 026d7dd517f7..924c3982cd2a 100644
return daemon.reloadNetworkDiagnosticPort(conf, attributes)
}
-@@ -294,6 +303,30 @@ func (daemon *Daemon) reloadRegistryMirrors(conf *config.Config, attributes map[
+@@ -295,6 +304,30 @@ func (daemon *Daemon) reloadRegistryMirrors(conf *config.Config, attributes map[
return nil
}
@@ -314,7 +314,7 @@ index 026d7dd517f7..924c3982cd2a 100644
+ return nil
+}
+
- // reloadLiveRestore updates configuration with live retore option
+ // reloadLiveRestore updates configuration with live restore option
// and updates the passed attributes
func (daemon *Daemon) reloadLiveRestore(conf *config.Config, attributes map[string]string) error {
diff --git a/components/engine/daemon/reload_test.go b/components/engine/daemon/reload_test.go
@@ -431,10 +431,10 @@ index ffad297f71b7..21733c3f1e33 100644
daemon := &Daemon{
imageService: images.NewImageService(images.ImageServiceConfig{}),
diff --git a/components/engine/distribution/pull.go b/components/engine/distribution/pull.go
-index 5de73ae99ac3..8e78c49273dd 100644
+index be366ce4a99b..49e0d0352778 100644
--- a/components/engine/distribution/pull.go
+++ b/components/engine/distribution/pull.go
-@@ -63,7 +63,7 @@ func Pull(ctx context.Context, ref reference.Named, imagePullConfig *ImagePullCo
+@@ -58,7 +58,7 @@ func Pull(ctx context.Context, ref reference.Named, imagePullConfig *ImagePullCo
return err
}
@@ -444,7 +444,7 @@ index 5de73ae99ac3..8e78c49273dd 100644
return err
}
diff --git a/components/engine/distribution/pull_v2.go b/components/engine/distribution/pull_v2.go
-index 8f05cfa0b289..a562477ea6cd 100644
+index dd91ff2157b1..2640f6134e5d 100644
--- a/components/engine/distribution/pull_v2.go
+++ b/components/engine/distribution/pull_v2.go
@@ -379,7 +379,7 @@ func (p *v2Puller) pullV2Tag(ctx context.Context, ref reference.Named, platform
@@ -457,10 +457,10 @@ index 8f05cfa0b289..a562477ea6cd 100644
var (
diff --git a/components/engine/distribution/push.go b/components/engine/distribution/push.go
-index eb3bc5597462..a4624dee9482 100644
+index 5617a4c95f49..0a24aebed968 100644
--- a/components/engine/distribution/push.go
+++ b/components/engine/distribution/push.go
-@@ -64,7 +64,7 @@ func Push(ctx context.Context, ref reference.Named, imagePushConfig *ImagePushCo
+@@ -58,7 +58,7 @@ func Push(ctx context.Context, ref reference.Named, imagePushConfig *ImagePushCo
return err
}
@@ -470,29 +470,27 @@ index eb3bc5597462..a4624dee9482 100644
return err
}
diff --git a/components/engine/registry/config.go b/components/engine/registry/config.go
-index de5a526b694d..cf90abb8be04 100644
+index 6bb9258c9b6f..f1945237d235 100644
--- a/components/engine/registry/config.go
+++ b/components/engine/registry/config.go
-@@ -14,7 +14,7 @@ import (
+@@ -14,11 +14,12 @@ import (
"github.com/sirupsen/logrus"
)
-// ServiceOptions holds command line options.
+// ServiceOptions holds the user-specified configuration options.
type ServiceOptions struct {
- AllowNondistributableArtifacts []string `json:"allow-nondistributable-artifacts,omitempty"`
- Mirrors []string `json:"registry-mirrors,omitempty"`
-@@ -23,6 +23,9 @@ type ServiceOptions struct {
- // V2Only controls access to legacy registries. If it is set to true via the
- // command line flag the daemon will not attempt to contact v1 legacy registries
- V2Only bool `json:"disable-legacy-registry,omitempty"`
-+
-+ // Registries holds information associated with the specified registries.
-+ Registries []registrytypes.Registry `json:"registries,omitempty"`
+- AllowNondistributableArtifacts []string `json:"allow-nondistributable-artifacts,omitempty"`
+- Mirrors []string `json:"registry-mirrors,omitempty"`
+- InsecureRegistries []string `json:"insecure-registries,omitempty"`
++ AllowNondistributableArtifacts []string `json:"allow-nondistributable-artifacts,omitempty"`
++ Mirrors []string `json:"registry-mirrors,omitempty"`
++ InsecureRegistries []string `json:"insecure-registries,omitempty"`
++ Registries []registrytypes.Registry `json:"registries,omitempty"`
}
// serviceConfig holds daemon configuration for the registry service.
-@@ -67,8 +70,21 @@ var (
+@@ -62,8 +63,21 @@ var (
// for mocking in unit tests
var lookupIP = net.LookupIP
@@ -514,7 +512,7 @@ index de5a526b694d..cf90abb8be04 100644
config := &serviceConfig{
ServiceConfig: registrytypes.ServiceConfig{
InsecureRegistryCIDRs: make([]*registrytypes.NetIPNet, 0),
-@@ -87,10 +103,104 @@ func newServiceConfig(options ServiceOptions) (*serviceConfig, error) {
+@@ -81,10 +95,104 @@ func newServiceConfig(options ServiceOptions) (*serviceConfig, error) {
if err := config.LoadInsecureRegistries(options.InsecureRegistries); err != nil {
return nil, err
}
@@ -619,7 +617,7 @@ index de5a526b694d..cf90abb8be04 100644
// LoadAllowNondistributableArtifacts loads allow-nondistributable-artifacts registries into config.
func (config *serviceConfig) LoadAllowNondistributableArtifacts(registries []string) error {
cidrs := map[string]*registrytypes.NetIPNet{}
-@@ -131,6 +241,10 @@ func (config *serviceConfig) LoadAllowNondistributableArtifacts(registries []str
+@@ -125,6 +233,10 @@ func (config *serviceConfig) LoadAllowNondistributableArtifacts(registries []str
// LoadMirrors loads mirrors to config, after removing duplicates.
// Returns an error if mirrors contains an invalid mirror.
func (config *serviceConfig) LoadMirrors(mirrors []string) error {
@@ -630,7 +628,7 @@ index de5a526b694d..cf90abb8be04 100644
mMap := map[string]struct{}{}
unique := []string{}
-@@ -160,6 +274,10 @@ func (config *serviceConfig) LoadMirrors(mirrors []string) error {
+@@ -154,6 +266,10 @@ func (config *serviceConfig) LoadMirrors(mirrors []string) error {
// LoadInsecureRegistries loads insecure registries to config
func (config *serviceConfig) LoadInsecureRegistries(registries []string) error {
@@ -921,7 +919,7 @@ index b7459471b3f6..1e0d53e7dc21 100644
func TestPushRegistryTag(t *testing.T) {
diff --git a/components/engine/registry/service.go b/components/engine/registry/service.go
-index b441970ff170..b3c1ee21f383 100644
+index 08f5c7a4e12c..ee0c97a8a21b 100644
--- a/components/engine/registry/service.go
+++ b/components/engine/registry/service.go
@@ -8,7 +8,7 @@ import (
@@ -1031,33 +1029,8 @@ index b441970ff170..b3c1ee21f383 100644
if err == nil {
for _, endpoint := range allEndpoints {
if !endpoint.Mirror {
-@@ -308,8 +323,8 @@ func (s *DefaultService) LookupPushEndpoints(hostname string) (endpoints []APIEn
- return endpoints, err
- }
-
--func (s *DefaultService) lookupEndpoints(hostname string) (endpoints []APIEndpoint, err error) {
-- endpoints, err = s.lookupV2Endpoints(hostname)
-+func (s *DefaultService) lookupEndpoints(reference string) (endpoints []APIEndpoint, err error) {
-+ endpoints, err = s.lookupV2Endpoints(reference)
- if err != nil {
- return nil, err
- }
-@@ -318,6 +333,13 @@ func (s *DefaultService) lookupEndpoints(hostname string) (endpoints []APIEndpoi
- return endpoints, nil
- }
-
-+ // When falling back to V1 endpoints, switch to the hostname
-+ ref, err := dref.ParseNamed(reference)
-+ if err != nil {
-+ return nil, err
-+ }
-+ hostname := dref.Domain(ref)
-+
- legacyEndpoints, err := s.lookupV1Endpoints(hostname)
- if err != nil {
- return nil, err
diff --git a/components/engine/registry/service_v2.go b/components/engine/registry/service_v2.go
-index 3a56dc91145a..9de221cf2aa0 100644
+index 1a4c9e310547..efebb4f41486 100644
--- a/components/engine/registry/service_v2.go
+++ b/components/engine/registry/service_v2.go
@@ -1,30 +1,51 @@
@@ -1160,5 +1133,5 @@ index 3a56dc91145a..9de221cf2aa0 100644
endpoints = []APIEndpoint{
--
-2.21.0
+2.22.0
diff --git a/secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch b/secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
index 9bdcba8..e6c05ad 100644
--- a/secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
+++ b/secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
@@ -1,4 +1,4 @@
-From 6603582112f42cd00b84d62a5412f2380e55d7e3 Mon Sep 17 00:00:00 2001
+From 47b241f184e61474957c4ffb8a3dcbaa543eadb9 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai
Date: Wed, 8 Mar 2017 12:41:54 +1100
Subject: [PATCH 1/2] daemon: allow directory creation in /run/secrets
@@ -14,7 +14,7 @@ Signed-off-by: Aleksa Sarai
1 file changed, 21 insertions(+), 3 deletions(-)
diff --git a/components/engine/daemon/container_operations_unix.go b/components/engine/daemon/container_operations_unix.go
-index c0aab7234269..8d8b13d26cff 100644
+index 3fcdc1913bed..4920def81a7e 100644
--- a/components/engine/daemon/container_operations_unix.go
+++ b/components/engine/daemon/container_operations_unix.go
@@ -3,6 +3,7 @@
@@ -70,5 +70,5 @@ index c0aab7234269..8d8b13d26cff 100644
return errors.Wrap(err, "error setting ownership for secret")
}
--
-2.21.0
+2.22.0
diff --git a/secrets-0002-SUSE-implement-SUSE-container-secrets.patch b/secrets-0002-SUSE-implement-SUSE-container-secrets.patch
index b1ef806..b939896 100644
--- a/secrets-0002-SUSE-implement-SUSE-container-secrets.patch
+++ b/secrets-0002-SUSE-implement-SUSE-container-secrets.patch
@@ -1,4 +1,4 @@
-From 3eabc382912eeb475013b5514412968dfa300d63 Mon Sep 17 00:00:00 2001
+From 80072183953f8cf6fcef6b5e65e609e833dd9fb8 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai
Date: Wed, 8 Mar 2017 11:43:29 +1100
Subject: [PATCH 2/2] SUSE: implement SUSE container secrets
@@ -19,7 +19,7 @@ Signed-off-by: Aleksa Sarai
create mode 100644 components/engine/daemon/suse_secrets.go
diff --git a/components/engine/daemon/start.go b/components/engine/daemon/start.go
-index e2265a4faeca..31b60e5621c6 100644
+index 57a7267b7cbb..46c3a603554f 100644
--- a/components/engine/daemon/start.go
+++ b/components/engine/daemon/start.go
@@ -151,6 +151,11 @@ func (daemon *Daemon) containerStart(container *container.Container, checkpoint
@@ -437,5 +437,5 @@ index 000000000000..087c877015a7
+ return nil
+}
--
-2.21.0
+2.22.0