From ff604e37bbf0856949d5c606bf9c57ea5541ba1fc05ecf80b4db257594685ca1 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Tue, 23 Jul 2019 01:51:56 +0000 Subject: [PATCH] Accepting request 717716 from home:cyphar:docker Docker v19.03.0-ce. OBS-URL: https://build.opensuse.org/request/show/717716 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=315 --- _service | 4 +- ...-the-domainname-in-kernel.domainname.patch | 66 ------ ...2-cli-add-a-separate-domainname-flag.patch | 216 ------------------ ...DATE_EPOCH-when-generating-man-pages.patch | 58 ----- ...bber-docker-default-profile-on-start.patch | 13 +- ...don-t-build-test-images-if-they-alre.patch | 121 ---------- docker-18.09.8_ce_0dd43dd87fd5.tar.xz | 3 - docker-19.03.0_ce_aeac9490dc54.tar.xz | 3 + docker.changes | 17 ++ docker.spec | 30 +-- ...cker-prefix-for-containerd-and-runc-.patch | 97 ++------ ...-Add-private-registry-mirror-support.patch | 87 +++---- ...ow-directory-creation-in-run-secrets.patch | 6 +- ...USE-implement-SUSE-container-secrets.patch | 6 +- 14 files changed, 90 insertions(+), 637 deletions(-) delete mode 100644 bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch delete mode 100644 bsc1001161-0002-cli-add-a-separate-domainname-flag.patch delete mode 100644 bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch delete mode 100644 bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch delete mode 100644 docker-18.09.8_ce_0dd43dd87fd5.tar.xz create mode 100644 docker-19.03.0_ce_aeac9490dc54.tar.xz diff --git a/_service b/_service index f92f464..25917fc 100644 --- a/_service +++ b/_service @@ -3,8 +3,8 @@ https://github.com/docker/docker-ce.git git .git - 18.09.8_ce_%h - v18.09.8 + 19.03.0_ce_%h + v19.03.0 docker diff --git a/bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch b/bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch deleted file mode 100644 index 852463d..0000000 --- a/bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch +++ /dev/null @@ -1,66 +0,0 @@ -From a3e63ddd20b7f52ff5e81bdb1beb867d28a1c9c8 Mon Sep 17 00:00:00 2001 -From: Aleksa Sarai -Date: Sun, 17 Jun 2018 17:05:54 +1000 -Subject: [PATCH 1/2] oci: include the domainname in "kernel.domainname" - -The OCI doesn't have a specific field for an NIS domainname[1] (mainly -because FreeBSD and Solaris appear to have a similar concept but it is -configured entirely differently). - -However, on Linux, the NIS domainname can be configured through both the -setdomainname(2) syscall but also through the "kernel.domainname" -sysctl. Since the OCI has a way of injecting sysctls this means we don't -need to have any OCI changes to support NIS domainnames (and we can -always switch if the OCI picks up such support in the future). - -It should be noted that because we have to generate this each spec -creation we also have to make sure that it's not clobbered by the -HostConfig. I'm pretty sure making this change generic (so that -HostConfig will not clobber any pre-set sysctls) will not cause other -issues to crop up. - -[1]: https://github.com/opencontainers/runtime-spec/issues/592 - -SUSE-Bugs: bsc#1001161 -Signed-off-by: Aleksa Sarai ---- - components/engine/daemon/oci_linux.go | 16 ++++++++++++++-- - 1 file changed, 14 insertions(+), 2 deletions(-) - -diff --git a/components/engine/daemon/oci_linux.go b/components/engine/daemon/oci_linux.go -index 7611fc054d13..d5838623528e 100644 ---- a/components/engine/daemon/oci_linux.go -+++ b/components/engine/daemon/oci_linux.go -@@ -679,7 +679,15 @@ func (daemon *Daemon) populateCommonSpec(s *specs.Spec, c *container.Container) - s.Process.Cwd = cwd - s.Process.Env = c.CreateDaemonEnvironment(c.Config.Tty, linkedEnv) - s.Process.Terminal = c.Config.Tty -- s.Hostname = c.FullHostname() -+ -+ s.Hostname = c.Config.Hostname -+ // There isn't a field in the OCI for the NIS domainname, but luckily there -+ // is a sysctl which has an identical effect to setdomainname(2) so there's -+ // no explicit need for runtime support. -+ s.Linux.Sysctl = make(map[string]string) -+ if c.Config.Domainname != "" { -+ s.Linux.Sysctl["kernel.domainname"] = c.Config.Domainname -+ } - - return nil - } -@@ -715,7 +723,11 @@ func (daemon *Daemon) createSpec(c *container.Container) (retSpec *specs.Spec, e - if err := setResources(&s, c.HostConfig.Resources); err != nil { - return nil, fmt.Errorf("linux runtime spec resources: %v", err) - } -- s.Linux.Sysctl = c.HostConfig.Sysctls -+ // We merge the sysctls injected above with the HostConfig (latter takes -+ // precedence for backwards-compatibility reasons). -+ for k, v := range c.HostConfig.Sysctls { -+ s.Linux.Sysctl[k] = v -+ } - - p := s.Linux.CgroupsPath - if useSystemd { --- -2.21.0 - diff --git a/bsc1001161-0002-cli-add-a-separate-domainname-flag.patch b/bsc1001161-0002-cli-add-a-separate-domainname-flag.patch deleted file mode 100644 index 629a867..0000000 --- a/bsc1001161-0002-cli-add-a-separate-domainname-flag.patch +++ /dev/null @@ -1,216 +0,0 @@ -From 1b4f9787461d00dceea94d51af8db80f0b6aa906 Mon Sep 17 00:00:00 2001 -From: Aleksa Sarai -Date: Mon, 18 Jun 2018 21:58:23 +1000 -Subject: [PATCH 2/2] cli: add a separate --domainname flag - -A while ago, Docker split the "Domainname" field out from the "Hostname" -field for the container configuration. There was no real user-visible -change associated with this (and under the hood "Domainname" was mostly -left unused from the command-line point of view). We now add this flag -in order to match other proposed changes to allow for setting the NIS -domainname of a container. - -This also includes a fix for the --hostname parsing tests (they would -not error out if only one of .Hostname and .Domainname were incorrectly -set -- which is not correct). - -SUSE-Bugs: bsc#1001161 -Signed-off-by: Aleksa Sarai ---- - components/cli/cli/command/container/opts.go | 3 ++ - .../cli/cli/command/container/opts_test.go | 31 ++++++++++++++++--- - components/cli/contrib/completion/bash/docker | 1 + - components/cli/contrib/completion/zsh/_docker | 1 + - .../cli/docs/reference/commandline/create.md | 1 + - .../cli/docs/reference/commandline/run.md | 1 + - .../reference/commandline/service_create.md | 2 +- - components/cli/docs/reference/run.md | 6 ++-- - components/cli/man/docker-run.1.md | 7 +++++ - 9 files changed, 44 insertions(+), 9 deletions(-) - -diff --git a/components/cli/cli/command/container/opts.go b/components/cli/cli/command/container/opts.go -index 97906b672252..7cd9ce998c8b 100644 ---- a/components/cli/cli/command/container/opts.go -+++ b/components/cli/cli/command/container/opts.go -@@ -74,6 +74,7 @@ type containerOptions struct { - containerIDFile string - entrypoint string - hostname string -+ domainname string - memory opts.MemBytes - memoryReservation opts.MemBytes - memorySwap opts.MemSwapBytes -@@ -169,6 +170,7 @@ func addFlags(flags *pflag.FlagSet) *containerOptions { - flags.StringVar(&copts.entrypoint, "entrypoint", "", "Overwrite the default ENTRYPOINT of the image") - flags.Var(&copts.groupAdd, "group-add", "Add additional groups to join") - flags.StringVarP(&copts.hostname, "hostname", "h", "", "Container host name") -+ flags.StringVar(&copts.domainname, "domainname", "", "Container NIS domain name") - flags.BoolVarP(&copts.stdin, "interactive", "i", false, "Keep STDIN open even if not attached") - flags.VarP(&copts.labels, "label", "l", "Set meta data on a container") - flags.Var(&copts.labelsFile, "label-file", "Read in a line delimited file of labels") -@@ -546,6 +548,7 @@ func parse(flags *pflag.FlagSet, copts *containerOptions) (*containerConfig, err - - config := &container.Config{ - Hostname: copts.hostname, -+ Domainname: copts.domainname, - ExposedPorts: ports, - User: copts.user, - Tty: copts.tty, -diff --git a/components/cli/cli/command/container/opts_test.go b/components/cli/cli/command/container/opts_test.go -index 6d7c95a5ddb8..70bedc661751 100644 ---- a/components/cli/cli/command/container/opts_test.go -+++ b/components/cli/cli/command/container/opts_test.go -@@ -265,14 +265,35 @@ func TestParseHostname(t *testing.T) { - hostnameWithDomainTld := "--hostname=hostname.domainname.tld" - for hostname, expectedHostname := range validHostnames { - if config, _ := mustParse(t, fmt.Sprintf("--hostname=%s", hostname)); config.Hostname != expectedHostname { -- t.Fatalf("Expected the config to have 'hostname' as hostname, got '%v'", config.Hostname) -+ t.Fatalf("Expected the config to have 'hostname' as %q, got %q", expectedHostname, config.Hostname) - } - } -- if config, _ := mustParse(t, hostnameWithDomain); config.Hostname != "hostname.domainname" && config.Domainname != "" { -- t.Fatalf("Expected the config to have 'hostname' as hostname.domainname, got '%v'", config.Hostname) -+ if config, _ := mustParse(t, hostnameWithDomain); config.Hostname != "hostname.domainname" || config.Domainname != "" { -+ t.Fatalf("Expected the config to have 'hostname' as hostname.domainname, got %q", config.Hostname) - } -- if config, _ := mustParse(t, hostnameWithDomainTld); config.Hostname != "hostname.domainname.tld" && config.Domainname != "" { -- t.Fatalf("Expected the config to have 'hostname' as hostname.domainname.tld, got '%v'", config.Hostname) -+ if config, _ := mustParse(t, hostnameWithDomainTld); config.Hostname != "hostname.domainname.tld" || config.Domainname != "" { -+ t.Fatalf("Expected the config to have 'hostname' as hostname.domainname.tld, got %q", config.Hostname) -+ } -+} -+ -+func TestParseHostnameDomainname(t *testing.T) { -+ validDomainnames := map[string]string{ -+ "domainname": "domainname", -+ "domain-name": "domain-name", -+ "domainname123": "domainname123", -+ "123domainname": "123domainname", -+ "domainname-63-bytes-long-should-be-valid-and-without-any-errors": "domainname-63-bytes-long-should-be-valid-and-without-any-errors", -+ } -+ for domainname, expectedDomainname := range validDomainnames { -+ if config, _ := mustParse(t, "--domainname="+domainname); config.Domainname != expectedDomainname { -+ t.Fatalf("Expected the config to have 'domainname' as %q, got %q", expectedDomainname, config.Domainname) -+ } -+ } -+ if config, _ := mustParse(t, "--hostname=some.prefix --domainname=domainname"); config.Hostname != "some.prefix" || config.Domainname != "domainname" { -+ t.Fatalf("Expected the config to have 'hostname' as 'some.prefix' and 'domainname' as 'domainname', got %q and %q", config.Hostname, config.Domainname) -+ } -+ if config, _ := mustParse(t, "--hostname=another-prefix --domainname=domainname.tld"); config.Hostname != "another-prefix" || config.Domainname != "domainname.tld" { -+ t.Fatalf("Expected the config to have 'hostname' as 'another-prefix' and 'domainname' as 'domainname.tld', got %q and %q", config.Hostname, config.Domainname) - } - } - -diff --git a/components/cli/contrib/completion/bash/docker b/components/cli/contrib/completion/bash/docker -index 92d57408617e..a0d4878ee311 100644 ---- a/components/cli/contrib/completion/bash/docker -+++ b/components/cli/contrib/completion/bash/docker -@@ -1809,6 +1809,7 @@ _docker_container_run_and_create() { - --dns - --dns-option - --dns-search -+ --domainname - --entrypoint - --env -e - --env-file -diff --git a/components/cli/contrib/completion/zsh/_docker b/components/cli/contrib/completion/zsh/_docker -index 94f042204dfb..9a502db0886f 100644 ---- a/components/cli/contrib/completion/zsh/_docker -+++ b/components/cli/contrib/completion/zsh/_docker -@@ -617,6 +617,7 @@ __docker_container_subcommand() { - "($help)*--dns=[Custom DNS servers]:DNS server: " - "($help)*--dns-option=[Custom DNS options]:DNS option: " - "($help)*--dns-search=[Custom DNS search domains]:DNS domains: " -+ "($help)*--domainname=[Container NIS domain name]:domainname:_hosts" - "($help)*"{-e=,--env=}"[Environment variables]:environment variable: " - "($help)--entrypoint=[Overwrite the default entrypoint of the image]:entry point: " - "($help)*--env-file=[Read environment variables from a file]:environment file:_files" -diff --git a/components/cli/docs/reference/commandline/create.md b/components/cli/docs/reference/commandline/create.md -index d585da40ae1e..c829dbb3e5b9 100644 ---- a/components/cli/docs/reference/commandline/create.md -+++ b/components/cli/docs/reference/commandline/create.md -@@ -53,6 +53,7 @@ Options: - --dns value Set custom DNS servers (default []) - --dns-option value Set DNS options (default []) - --dns-search value Set custom DNS search domains (default []) -+ --domainname string Container NIS domain name - --entrypoint string Overwrite the default ENTRYPOINT of the image - -e, --env value Set environment variables (default []) - --env-file value Read in a file of environment variables (default []) -diff --git a/components/cli/docs/reference/commandline/run.md b/components/cli/docs/reference/commandline/run.md -index 6a2630bd1978..a4721e4a7761 100644 ---- a/components/cli/docs/reference/commandline/run.md -+++ b/components/cli/docs/reference/commandline/run.md -@@ -57,6 +57,7 @@ Options: - --dns value Set custom DNS servers (default []) - --dns-option value Set DNS options (default []) - --dns-search value Set custom DNS search domains (default []) -+ --domainname string Container NIS domain name - --entrypoint string Overwrite the default ENTRYPOINT of the image - -e, --env value Set environment variables (default []) - --env-file value Read in a file of environment variables (default []) -diff --git a/components/cli/docs/reference/commandline/service_create.md b/components/cli/docs/reference/commandline/service_create.md -index bc68128d0cf9..b395a0bda064 100644 ---- a/components/cli/docs/reference/commandline/service_create.md -+++ b/components/cli/docs/reference/commandline/service_create.md -@@ -755,7 +755,7 @@ The swarm extends my-network to each node running the service. - Containers on the same network can access each other using - [service discovery](https://docs.docker.com/engine/swarm/networking/#use-swarm-mode-service-discovery). - --Long form syntax of `--network` allows to specify list of aliases and driver options: -+Long form syntax of `--network` allows to specify list of aliases and driver options: - `--network name=my-network,alias=web1,driver-opt=field1=value1` - - ### Publish service ports externally to the swarm (-p, --publish) -diff --git a/components/cli/docs/reference/run.md b/components/cli/docs/reference/run.md -index a59a30525554..695974fe533c 100644 ---- a/components/cli/docs/reference/run.md -+++ b/components/cli/docs/reference/run.md -@@ -256,7 +256,7 @@ The UTS namespace is for setting the hostname and the domain that is visible - to running processes in that namespace. By default, all containers, including - those with `--network=host`, have their own UTS namespace. The `host` setting will - result in the container using the same UTS namespace as the host. Note that --`--hostname` is invalid in `host` UTS mode. -+`--hostname` and `--domainname` are invalid in `host` UTS mode. - - You may wish to share the UTS namespace with the host if you would like the - hostname of the container to change as the hostname of the host changes. A -@@ -396,8 +396,8 @@ network stack and all interfaces from the host will be available to the - container. The container's hostname will match the hostname on the host - system. Note that `--mac-address` is invalid in `host` netmode. Even in `host` - network mode a container has its own UTS namespace by default. As such --`--hostname` is allowed in `host` network mode and will only change the --hostname inside the container. -+`--hostname` and `--domainname` are allowed in `host` network mode and will -+only change the hostname and domain name inside the container. - Similar to `--hostname`, the `--add-host`, `--dns`, `--dns-search`, and - `--dns-option` options can be used in `host` network mode. These options update - `/etc/hosts` or `/etc/resolv.conf` inside the container. No change are made to -diff --git a/components/cli/man/docker-run.1.md b/components/cli/man/docker-run.1.md -index e03377001d4e..4a1464a74200 100644 ---- a/components/cli/man/docker-run.1.md -+++ b/components/cli/man/docker-run.1.md -@@ -35,6 +35,7 @@ docker-run - Run a command in a new container - [**--dns**[=*[]*]] - [**--dns-option**[=*[]*]] - [**--dns-search**[=*[]*]] -+[**--domainname**[=*DOMAINNAME*]] - [**-e**|**--env**[=*[]*]] - [**--entrypoint**[=*ENTRYPOINT*]] - [**--env-file**[=*[]*]] -@@ -285,6 +286,12 @@ configuration passed to the container. Typically this is necessary when the - host DNS configuration is invalid for the container (e.g., 127.0.0.1). When this - is the case the **--dns** flags is necessary for every run. - -+**--domainname**="" -+ Container NIS domain name -+ -+ Sets the container's NIS domain name (see also **setdomainname(2)**) that is -+ available inside the container. -+ - **-e**, **--env**=[] - Set environment variables - --- -2.21.0 - diff --git a/bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch b/bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch deleted file mode 100644 index d5debc1..0000000 --- a/bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 64f1dfcbe4313bccacbe603dcb444da82d9136d7 Mon Sep 17 00:00:00 2001 -From: Aleksa Sarai -Date: Thu, 23 Aug 2018 19:53:55 +1000 -Subject: [PATCH] man: obey SOURCE_DATE_EPOCH when generating man pages - -Previously our man pages included the current time each time they were -generated. This causes an issue for reproducible builds, since each -re-build of a package that includes the man pages will have different -times listed in the man pages. - -To fix this, add support for SOURCE_DATE_EPOCH (which is a standardised -packaging environment variable, designed to be used specifically for -this purpose[1]). spf13/cobra doesn't support this natively yet (though -I will push a patch for that as well), but it's simpler to fix it -directly in docker/cli. - -[1]: https://reproducible-builds.org/specs/source-date-epoch/ - -SUSE-Bugs: boo#1047218 -Signed-off-by: Aleksa Sarai ---- - components/cli/man/generate.go | 13 +++++++++++++ - 1 file changed, 13 insertions(+) - -diff --git a/components/cli/man/generate.go b/components/cli/man/generate.go -index 2d940e31fd10..e5e480be3f32 100644 ---- a/components/cli/man/generate.go -+++ b/components/cli/man/generate.go -@@ -6,6 +6,8 @@ import ( - "log" - "os" - "path/filepath" -+ "strconv" -+ "time" - - "github.com/docker/cli/cli/command" - "github.com/docker/cli/cli/command/commands" -@@ -24,6 +26,17 @@ func generateManPages(opts *options) error { - Source: "Docker Community", - } - -+ // If SOURCE_DATE_EPOCH is set, in order to allow reproducible package -+ // builds, we explicitly set the build time to SOURCE_DATE_EPOCH. -+ if epoch := os.Getenv("SOURCE_DATE_EPOCH"); epoch != "" { -+ unixEpoch, err := strconv.ParseInt(epoch, 10, 64) -+ if err != nil { -+ return fmt.Errorf("invalid SOURCE_DATE_EPOCH: %v", err) -+ } -+ now := time.Unix(unixEpoch, 0) -+ header.Date = &now -+ } -+ - stdin, stdout, stderr := term.StdStreams() - dockerCli := command.NewDockerCli(stdin, stdout, stderr, false, nil) - cmd := &cobra.Command{Use: "docker"} --- -2.21.0 - diff --git a/bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch b/bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch index a52b473..dd05e01 100644 --- a/bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch +++ b/bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch @@ -1,4 +1,4 @@ -From 66a84fc12ea9c9a4a9805550b3cd2055862ef1c6 Mon Sep 17 00:00:00 2001 +From a67925f5d977db2b5a1b0162149cbd0de2b20598 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 29 Jun 2018 17:59:30 +1000 Subject: [PATCH] apparmor: clobber docker-default profile on start @@ -17,8 +17,8 @@ Signed-off-by: Aleksa Sarai --- components/engine/daemon/apparmor_default.go | 14 ++++++++++---- .../engine/daemon/apparmor_default_unsupported.go | 4 ++++ - components/engine/daemon/daemon.go | 4 +++- - 3 files changed, 17 insertions(+), 5 deletions(-) + components/engine/daemon/daemon.go | 5 +++-- + 3 files changed, 17 insertions(+), 6 deletions(-) diff --git a/components/engine/daemon/apparmor_default.go b/components/engine/daemon/apparmor_default.go index 461f5c7f96b2..8f21c5c0c566 100644 @@ -68,13 +68,14 @@ index 51f9c526b350..97d7758442ee 100644 return nil } diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go -index a307863017ab..67cd286002bf 100644 +index f049b0d2a41f..7bd89e76b32f 100644 --- a/components/engine/daemon/daemon.go +++ b/components/engine/daemon/daemon.go -@@ -735,7 +735,9 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S +@@ -807,8 +807,9 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S logrus.Warnf("Failed to configure golang's threads limit: %v", err) } +- // ensureDefaultAppArmorProfile does nothing if apparmor is disabled - if err := ensureDefaultAppArmorProfile(); err != nil { + // Make sure we clobber any pre-existing docker-default profile to ensure + // that upgrades to the profile actually work smoothly. @@ -83,5 +84,5 @@ index a307863017ab..67cd286002bf 100644 } -- -2.21.0 +2.22.0 diff --git a/bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch b/bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch deleted file mode 100644 index 7d80317..0000000 --- a/bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch +++ /dev/null @@ -1,121 +0,0 @@ -From c2e035cbcb9a9fb7f89f729bef5b3354891fcdad Mon Sep 17 00:00:00 2001 -From: Aleksa Sarai -Date: Tue, 12 Mar 2019 18:37:31 +1100 -Subject: [PATCH] integration-cli: don't build -test images if they already - exist - -There's no need to try to re-build the test images if they already -exist. This change makes basically no difference to the upstream -integration test-suite running, but for users who want to run the -integration-cli suite on a host machine (such as distributions doing -tests) this change allows images to be pre-loaded such that compilers -aren't needed on the test machine. - -However, this does remove the accidental re-compilation of nnp-test, as -well as handling errors far more cleanly (previously if an error -occurred during a test build, further tests won't attempt to rebuild -it). - -SUSE-Bugs: bsc#1128746 -Signed-off-by: Aleksa Sarai ---- - .../fixtures_linux_daemon_test.go | 21 +++++++++-------- - .../internal/test/environment/environment.go | 23 +++++++++++++++++++ - 2 files changed, 35 insertions(+), 9 deletions(-) - -diff --git a/components/engine/integration-cli/fixtures_linux_daemon_test.go b/components/engine/integration-cli/fixtures_linux_daemon_test.go -index 5c874ec14b0c..ab152f4a9988 100644 ---- a/components/engine/integration-cli/fixtures_linux_daemon_test.go -+++ b/components/engine/integration-cli/fixtures_linux_daemon_test.go -@@ -8,7 +8,6 @@ import ( - "path/filepath" - "runtime" - "strings" -- "sync" - - "github.com/docker/docker/internal/test/fixtures/load" - "github.com/go-check/check" -@@ -24,17 +23,13 @@ type logT interface { - Logf(string, ...interface{}) - } - --var ensureSyscallTestOnce sync.Once -- - func ensureSyscallTest(c *check.C) { -- var doIt bool -- ensureSyscallTestOnce.Do(func() { -- doIt = true -- }) -- if !doIt { -+ defer testEnv.ProtectImage(c, "syscall-test:latest") -+ -+ // If the image already exists, there's nothing left to do. -+ if testEnv.HasExistingImage(c, "syscall-test:latest") { - return - } -- defer testEnv.ProtectImage(c, "syscall-test:latest") - - // if no match, must build in docker, which is significantly slower - // (slower mostly because of the vfs graphdriver) -@@ -93,6 +88,14 @@ func ensureSyscallTestBuild(c *check.C) { - - func ensureNNPTest(c *check.C) { - defer testEnv.ProtectImage(c, "nnp-test:latest") -+ -+ // If the image already exists, there's nothing left to do. -+ if testEnv.HasExistingImage(c, "nnp-test:latest") { -+ return -+ } -+ -+ // if no match, must build in docker, which is significantly slower -+ // (slower mostly because of the vfs graphdriver) - if testEnv.OSType != runtime.GOOS { - ensureNNPTestBuild(c) - return -diff --git a/components/engine/internal/test/environment/environment.go b/components/engine/internal/test/environment/environment.go -index 5538d2097e9b..763c08ba4845 100644 ---- a/components/engine/internal/test/environment/environment.go -+++ b/components/engine/internal/test/environment/environment.go -@@ -8,9 +8,12 @@ import ( - "strings" - - "github.com/docker/docker/api/types" -+ "github.com/docker/docker/api/types/filters" - "github.com/docker/docker/client" -+ "github.com/docker/docker/internal/test" - "github.com/docker/docker/internal/test/fixtures/load" - "github.com/pkg/errors" -+ "gotest.tools/assert" - ) - - // Execution contains information about the current test execution and daemon -@@ -151,6 +154,26 @@ func (e *Execution) IsUserNamespace() bool { - return root != "" - } - -+// HasExistingImage checks whether there is an image with the given reference. -+// Note that this is done by filtering and then checking whether there were any -+// results -- so ambiguous references might result in false-positives. -+func (e *Execution) HasExistingImage(t testingT, reference string) bool { -+ if ht, ok := t.(test.HelperT); ok { -+ ht.Helper() -+ } -+ client := e.APIClient() -+ filter := filters.NewArgs() -+ filter.Add("dangling", "false") -+ filter.Add("reference", reference) -+ imageList, err := client.ImageList(context.Background(), types.ImageListOptions{ -+ All: true, -+ Filters: filter, -+ }) -+ assert.NilError(t, err, "failed to list images") -+ -+ return len(imageList) > 0 -+} -+ - // EnsureFrozenImagesLinux loads frozen test images into the daemon - // if they aren't already loaded - func EnsureFrozenImagesLinux(testEnv *Execution) error { --- -2.21.0 - diff --git a/docker-18.09.8_ce_0dd43dd87fd5.tar.xz b/docker-18.09.8_ce_0dd43dd87fd5.tar.xz deleted file mode 100644 index b4124d3..0000000 --- a/docker-18.09.8_ce_0dd43dd87fd5.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e880c4ce4da35e4dd723c8b8e8dbedf95612e8bb1f423bbd900726fb47069068 -size 9344440 diff --git a/docker-19.03.0_ce_aeac9490dc54.tar.xz b/docker-19.03.0_ce_aeac9490dc54.tar.xz new file mode 100644 index 0000000..b537bb0 --- /dev/null +++ b/docker-19.03.0_ce_aeac9490dc54.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8987d5663c875fe4dde2e367099fd737902b95c80a8d712d14723bea44e335d8 +size 9978876 diff --git a/docker.changes b/docker.changes index bf6e56f..b7481c6 100644 --- a/docker.changes +++ b/docker.changes @@ -1,3 +1,20 @@ +------------------------------------------------------------------- +Mon Jul 22 22:13:30 UTC 2019 - Aleksa Sarai + +- Update to Docker 19.03.0-ce. See upstream changelog in the packaged + /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1142413 +- Remove upstreamed patches: + - bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch + - bsc1001161-0002-cli-add-a-separate-domainname-flag.patch + - bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch + - bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch +- Rebase pacthes: + * bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch + * packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch + * private-registry-0001-Add-private-registry-mirror-support.patch + * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch + * secrets-0002-SUSE-implement-SUSE-container-secrets.patch + ------------------------------------------------------------------- Wed Jul 17 23:15:33 UTC 2019 - Aleksa Sarai diff --git a/docker.spec b/docker.spec index ae34ff3..f68e4d5 100644 --- a/docker.spec +++ b/docker.spec @@ -42,17 +42,17 @@ # helpfully injects into our build environment from the changelog). If you want # to generate a new git_commit_epoch, use this: # $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s' -%define git_version 0dd43dd87fd5 -%define git_commit_epoch 1563383036 +%define git_version aeac9490dc54 +%define git_commit_epoch 1563384968 # These are the git commits required. We verify them against the source to make # sure we didn't miss anything important when doing upgrades. %define required_containerd 894b81a4b802e4eb2a91d1ce216b8817763c29fb %define required_dockerrunc 425e105d5a03fabd737a126ad93d62a9eeede87f -%define required_libnetwork e7933d41e7b206756115aa9df5e0599fc5169742 +%define required_libnetwork fc5a7d91d54cc98f64fc28f9e288b46a0bee756c Name: %{realname}%{name_suffix} -Version: 18.09.8_ce +Version: 19.03.0_ce Release: 0 Summary: The Moby-project Linux container runtime License: Apache-2.0 @@ -79,19 +79,11 @@ Patch200: secrets-0001-daemon-allow-directory-creation-in-run-secrets.patc Patch201: secrets-0002-SUSE-implement-SUSE-container-secrets.patch # SUSE-BACKPORT: Backport of https://github.com/docker/docker/pull/37353. bsc#1099277 Patch401: bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch -# SUSE-BACKPORT: Backport of https://github.com/docker/cli/pull/1306. boo#1047218 -Patch402: bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch # SUSE-ISSUE: Revert of https://github.com/docker/docker/pull/37907. -Patch403: packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch -# SUSE-BACKPORT: Backport of https://github.com/docker/docker/pull/37302. bsc#1001161 -Patch404: bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch -# SUSE-BACKPORT: Backport of https://github.com/docker/cli/pull/1130. bsc#1001161 -Patch405: bsc1001161-0002-cli-add-a-separate-domainname-flag.patch +Patch402: packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch # SUSE-FEATURE: Add support to mirror inofficial/private registries # (https://github.com/docker/docker/pull/34319) Patch500: private-registry-0001-Add-private-registry-mirror-support.patch -# SUSE-BACKPORT: Backport of test-only patch https://github.com/moby/moby/pull/38853. bsc1128746 -Patch900: bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch BuildRequires: audit BuildRequires: bash-completion BuildRequires: ca-certificates @@ -141,9 +133,8 @@ Recommends: lvm2 >= 2.2.89 Recommends: git-core >= 1.7 Conflicts: lxc < 1.0 ExcludeArch: s390 ppc -# Make sure we build with go 1.10 BuildRequires: go-go-md2man -BuildRequires: golang(API) = 1.10 +BuildRequires: golang(API) >= 1.12 # KUBIC-SPECIFIC: This was required when upgrading from the original kubic # packaging, when everything was renamed to -kubic. It also is # used to ensure that nothing complains too much when using @@ -266,19 +257,12 @@ docker container runtime configuration for kubeadm %endif # bsc#1099277 %patch401 -p1 -# boo#1047218 -%patch402 -p1 # revert upstream -%patch403 -p1 -# bsc#1001161 -%patch404 -p1 -%patch405 -p1 +%patch402 -p1 %if "%flavour" == "kubic" # PATCH-SUSE: Mirror patch. %patch500 -p1 %endif -# bsc#1128746 -%patch900 -p1 cp %{SOURCE7} . diff --git a/packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch b/packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch index 5e8c2a9..9d25662 100644 --- a/packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch +++ b/packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch @@ -1,4 +1,4 @@ -From 6d022d4e08225c2fda686fc0d5febecee2efa864 Mon Sep 17 00:00:00 2001 +From 33d18d20a806e2541292acb55338dea2065d2501 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Thu, 29 Nov 2018 20:53:16 +1100 Subject: [PATCH] revert "Remove 'docker-' prefix for containerd and runc @@ -11,20 +11,19 @@ up-to-date one available for Podman). Signed-off-by: Aleksa Sarai --- - components/engine/api/swagger.yaml | 4 +-- - .../builder/builder-next/executor_unix.go | 2 +- - components/engine/cmd/dockerd/daemon.go | 36 +++++++------------ - components/engine/daemon/daemon_unix.go | 6 ++-- - .../libcontainerd/supervisor/remote_daemon.go | 4 +-- - .../supervisor/remote_daemon_linux.go | 4 +-- - .../supervisor/remote_daemon_windows.go | 4 +-- - 7 files changed, 25 insertions(+), 35 deletions(-) + components/engine/api/swagger.yaml | 4 ++-- + components/engine/builder/builder-next/executor_unix.go | 2 +- + components/engine/daemon/daemon_unix.go | 6 +++--- + components/engine/libcontainerd/supervisor/remote_daemon.go | 4 ++-- + .../engine/libcontainerd/supervisor/remote_daemon_linux.go | 4 ++-- + .../libcontainerd/supervisor/remote_daemon_windows.go | 4 ++-- + 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/components/engine/api/swagger.yaml b/components/engine/api/swagger.yaml -index ca9d29e021de..082e5783ff1f 100644 +index 6e0bc25b52d6..58f860d22a49 100644 --- a/components/engine/api/swagger.yaml +++ b/components/engine/api/swagger.yaml -@@ -3866,10 +3866,10 @@ definitions: +@@ -3980,10 +3980,10 @@ definitions: $ref: "#/definitions/Runtime" default: runc: @@ -38,80 +37,20 @@ index ca9d29e021de..082e5783ff1f 100644 path: "/go/bin/runc" custom: diff --git a/components/engine/builder/builder-next/executor_unix.go b/components/engine/builder/builder-next/executor_unix.go -index 3a11f8588144..ce4d2d937f9f 100644 +index 620ffb401de7..dd63779a27d2 100644 --- a/components/engine/builder/builder-next/executor_unix.go +++ b/components/engine/builder/builder-next/executor_unix.go -@@ -28,7 +28,7 @@ func newExecutor(root, cgroupParent string, net libnetwork.NetworkController) (e +@@ -28,7 +28,7 @@ func newExecutor(root, cgroupParent string, net libnetwork.NetworkController, ro } return runcexecutor.New(runcexecutor.Opt{ Root: filepath.Join(root, "executor"), - CommandCandidates: []string{"runc"}, + CommandCandidates: []string{"docker-runc", "runc"}, DefaultCgroupParent: cgroupParent, - }, networkProviders) - } -diff --git a/components/engine/cmd/dockerd/daemon.go b/components/engine/cmd/dockerd/daemon.go -index 839537316af4..05922e6418d0 100644 ---- a/components/engine/cmd/dockerd/daemon.go -+++ b/components/engine/cmd/dockerd/daemon.go -@@ -10,7 +10,6 @@ import ( - "strings" - "time" - -- containerddefaults "github.com/containerd/containerd/defaults" - "github.com/docker/distribution/uuid" - "github.com/docker/docker/api" - apiserver "github.com/docker/docker/api/server" -@@ -141,25 +140,21 @@ func (cli *DaemonCli) start(opts *daemonOptions) (err error) { - - ctx, cancel := context.WithCancel(context.Background()) - if cli.Config.ContainerdAddr == "" && runtime.GOOS != "windows" { -- if !systemContainerdRunning() { -- opts, err := cli.getContainerdDaemonOpts() -- if err != nil { -- cancel() -- return fmt.Errorf("Failed to generate containerd options: %v", err) -- } -- -- r, err := supervisor.Start(ctx, filepath.Join(cli.Config.Root, "containerd"), filepath.Join(cli.Config.ExecRoot, "containerd"), opts...) -- if err != nil { -- cancel() -- return fmt.Errorf("Failed to start containerd: %v", err) -- } -- cli.Config.ContainerdAddr = r.Address() -+ opts, err := cli.getContainerdDaemonOpts() -+ if err != nil { -+ cancel() -+ return fmt.Errorf("Failed to generate containerd options: %v", err) -+ } - -- // Try to wait for containerd to shutdown -- defer r.WaitTimeout(10 * time.Second) -- } else { -- cli.Config.ContainerdAddr = containerddefaults.DefaultAddress -+ r, err := supervisor.Start(ctx, filepath.Join(cli.Config.Root, "containerd"), filepath.Join(cli.Config.ExecRoot, "containerd"), opts...) -+ if err != nil { -+ cancel() -+ return fmt.Errorf("Failed to start containerd: %v", err) - } -+ cli.Config.ContainerdAddr = r.Address() -+ -+ // Try to wait for containerd to shutdown -+ defer r.WaitTimeout(10 * time.Second) - } - defer cancel() - -@@ -665,8 +660,3 @@ func validateAuthzPlugins(requestedPlugins []string, pg plugingetter.PluginGette - } - return nil - } -- --func systemContainerdRunning() bool { -- _, err := os.Lstat(containerddefaults.DefaultAddress) -- return err == nil --} + Rootless: rootless, + NoPivot: os.Getenv("DOCKER_RAMDISK") != "", diff --git a/components/engine/daemon/daemon_unix.go b/components/engine/daemon/daemon_unix.go -index 5234201c828f..c40d11bc85c2 100644 +index df64de6edf13..fa9bfb528414 100644 --- a/components/engine/daemon/daemon_unix.go +++ b/components/engine/daemon/daemon_unix.go @@ -54,11 +54,11 @@ import ( @@ -128,7 +67,7 @@ index 5234201c828f..c40d11bc85c2 100644 // See https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/tree/kernel/sched/sched.h?id=8cd9234c64c584432f6992fe944ca9e46ca8ea76#n269 linuxMinCPUShares = 2 -@@ -76,7 +76,7 @@ const ( +@@ -77,7 +77,7 @@ const ( // DefaultRuntimeName is the default runtime to be used by // containerd if none is specified @@ -138,7 +77,7 @@ index 5234201c828f..c40d11bc85c2 100644 type containerGetter interface { diff --git a/components/engine/libcontainerd/supervisor/remote_daemon.go b/components/engine/libcontainerd/supervisor/remote_daemon.go -index eb9a2bdd8198..309f50f26bb2 100644 +index 31b93f11f0b1..5fba7f29eff9 100644 --- a/components/engine/libcontainerd/supervisor/remote_daemon.go +++ b/components/engine/libcontainerd/supervisor/remote_daemon.go @@ -27,8 +27,8 @@ const ( @@ -183,5 +122,5 @@ index 9b254ef58a0a..bcdc9529e0f7 100644 func (r *remote) setDefaults() { -- -2.21.0 +2.22.0 diff --git a/private-registry-0001-Add-private-registry-mirror-support.patch b/private-registry-0001-Add-private-registry-mirror-support.patch index 590a5dc..f6ead07 100644 --- a/private-registry-0001-Add-private-registry-mirror-support.patch +++ b/private-registry-0001-Add-private-registry-mirror-support.patch @@ -1,4 +1,4 @@ -From 2a00f998e1e081a9f72f0ba81403dceea252c6a1 Mon Sep 17 00:00:00 2001 +From 69d43a9550cdedf86b0d4b29e9d737af90221109 Mon Sep 17 00:00:00 2001 From: Valentin Rothberg Date: Mon, 2 Jul 2018 13:37:34 +0200 Subject: [PATCH] Add private-registry mirror support @@ -72,12 +72,12 @@ Signed-off-by: Aleksa Sarai components/engine/distribution/pull.go | 2 +- components/engine/distribution/pull_v2.go | 2 +- components/engine/distribution/push.go | 2 +- - components/engine/registry/config.go | 120 ++++++++++++++- + components/engine/registry/config.go | 124 ++++++++++++++- components/engine/registry/config_test.go | 136 +++++++++++++++++ components/engine/registry/registry_test.go | 91 ++++++++++- - components/engine/registry/service.go | 56 ++++--- + components/engine/registry/service.go | 45 ++++-- components/engine/registry/service_v2.go | 66 +++++--- - 12 files changed, 705 insertions(+), 46 deletions(-) + 12 files changed, 697 insertions(+), 47 deletions(-) diff --git a/components/engine/api/types/registry/registry.go b/components/engine/api/types/registry/registry.go index 8789ad3b3210..c663fec7d881 100644 @@ -243,10 +243,10 @@ index 8789ad3b3210..c663fec7d881 100644 // NetIPNet is the net.IPNet type, which can be marshalled and diff --git a/components/engine/daemon/config/config.go b/components/engine/daemon/config/config.go -index 8b2c844a579f..e61940661c70 100644 +index 80ecbbd9550d..8ce69714d9bf 100644 --- a/components/engine/daemon/config/config.go +++ b/components/engine/daemon/config/config.go -@@ -470,6 +470,10 @@ func findConfigurationConflicts(config map[string]interface{}, flags *pflag.Flag +@@ -467,6 +467,10 @@ func findConfigurationConflicts(config map[string]interface{}, flags *pflag.Flag // 1. Search keys from the file that we don't recognize as flags. unknownKeys := make(map[string]interface{}) for key, value := range config { @@ -258,7 +258,7 @@ index 8b2c844a579f..e61940661c70 100644 unknownKeys[key] = value } diff --git a/components/engine/daemon/reload.go b/components/engine/daemon/reload.go -index 026d7dd517f7..924c3982cd2a 100644 +index a31dd0cb87c1..99cc4a65a79d 100644 --- a/components/engine/daemon/reload.go +++ b/components/engine/daemon/reload.go @@ -21,8 +21,14 @@ import ( @@ -286,7 +286,7 @@ index 026d7dd517f7..924c3982cd2a 100644 return daemon.reloadNetworkDiagnosticPort(conf, attributes) } -@@ -294,6 +303,30 @@ func (daemon *Daemon) reloadRegistryMirrors(conf *config.Config, attributes map[ +@@ -295,6 +304,30 @@ func (daemon *Daemon) reloadRegistryMirrors(conf *config.Config, attributes map[ return nil } @@ -314,7 +314,7 @@ index 026d7dd517f7..924c3982cd2a 100644 + return nil +} + - // reloadLiveRestore updates configuration with live retore option + // reloadLiveRestore updates configuration with live restore option // and updates the passed attributes func (daemon *Daemon) reloadLiveRestore(conf *config.Config, attributes map[string]string) error { diff --git a/components/engine/daemon/reload_test.go b/components/engine/daemon/reload_test.go @@ -431,10 +431,10 @@ index ffad297f71b7..21733c3f1e33 100644 daemon := &Daemon{ imageService: images.NewImageService(images.ImageServiceConfig{}), diff --git a/components/engine/distribution/pull.go b/components/engine/distribution/pull.go -index 5de73ae99ac3..8e78c49273dd 100644 +index be366ce4a99b..49e0d0352778 100644 --- a/components/engine/distribution/pull.go +++ b/components/engine/distribution/pull.go -@@ -63,7 +63,7 @@ func Pull(ctx context.Context, ref reference.Named, imagePullConfig *ImagePullCo +@@ -58,7 +58,7 @@ func Pull(ctx context.Context, ref reference.Named, imagePullConfig *ImagePullCo return err } @@ -444,7 +444,7 @@ index 5de73ae99ac3..8e78c49273dd 100644 return err } diff --git a/components/engine/distribution/pull_v2.go b/components/engine/distribution/pull_v2.go -index 8f05cfa0b289..a562477ea6cd 100644 +index dd91ff2157b1..2640f6134e5d 100644 --- a/components/engine/distribution/pull_v2.go +++ b/components/engine/distribution/pull_v2.go @@ -379,7 +379,7 @@ func (p *v2Puller) pullV2Tag(ctx context.Context, ref reference.Named, platform @@ -457,10 +457,10 @@ index 8f05cfa0b289..a562477ea6cd 100644 var ( diff --git a/components/engine/distribution/push.go b/components/engine/distribution/push.go -index eb3bc5597462..a4624dee9482 100644 +index 5617a4c95f49..0a24aebed968 100644 --- a/components/engine/distribution/push.go +++ b/components/engine/distribution/push.go -@@ -64,7 +64,7 @@ func Push(ctx context.Context, ref reference.Named, imagePushConfig *ImagePushCo +@@ -58,7 +58,7 @@ func Push(ctx context.Context, ref reference.Named, imagePushConfig *ImagePushCo return err } @@ -470,29 +470,27 @@ index eb3bc5597462..a4624dee9482 100644 return err } diff --git a/components/engine/registry/config.go b/components/engine/registry/config.go -index de5a526b694d..cf90abb8be04 100644 +index 6bb9258c9b6f..f1945237d235 100644 --- a/components/engine/registry/config.go +++ b/components/engine/registry/config.go -@@ -14,7 +14,7 @@ import ( +@@ -14,11 +14,12 @@ import ( "github.com/sirupsen/logrus" ) -// ServiceOptions holds command line options. +// ServiceOptions holds the user-specified configuration options. type ServiceOptions struct { - AllowNondistributableArtifacts []string `json:"allow-nondistributable-artifacts,omitempty"` - Mirrors []string `json:"registry-mirrors,omitempty"` -@@ -23,6 +23,9 @@ type ServiceOptions struct { - // V2Only controls access to legacy registries. If it is set to true via the - // command line flag the daemon will not attempt to contact v1 legacy registries - V2Only bool `json:"disable-legacy-registry,omitempty"` -+ -+ // Registries holds information associated with the specified registries. -+ Registries []registrytypes.Registry `json:"registries,omitempty"` +- AllowNondistributableArtifacts []string `json:"allow-nondistributable-artifacts,omitempty"` +- Mirrors []string `json:"registry-mirrors,omitempty"` +- InsecureRegistries []string `json:"insecure-registries,omitempty"` ++ AllowNondistributableArtifacts []string `json:"allow-nondistributable-artifacts,omitempty"` ++ Mirrors []string `json:"registry-mirrors,omitempty"` ++ InsecureRegistries []string `json:"insecure-registries,omitempty"` ++ Registries []registrytypes.Registry `json:"registries,omitempty"` } // serviceConfig holds daemon configuration for the registry service. -@@ -67,8 +70,21 @@ var ( +@@ -62,8 +63,21 @@ var ( // for mocking in unit tests var lookupIP = net.LookupIP @@ -514,7 +512,7 @@ index de5a526b694d..cf90abb8be04 100644 config := &serviceConfig{ ServiceConfig: registrytypes.ServiceConfig{ InsecureRegistryCIDRs: make([]*registrytypes.NetIPNet, 0), -@@ -87,10 +103,104 @@ func newServiceConfig(options ServiceOptions) (*serviceConfig, error) { +@@ -81,10 +95,104 @@ func newServiceConfig(options ServiceOptions) (*serviceConfig, error) { if err := config.LoadInsecureRegistries(options.InsecureRegistries); err != nil { return nil, err } @@ -619,7 +617,7 @@ index de5a526b694d..cf90abb8be04 100644 // LoadAllowNondistributableArtifacts loads allow-nondistributable-artifacts registries into config. func (config *serviceConfig) LoadAllowNondistributableArtifacts(registries []string) error { cidrs := map[string]*registrytypes.NetIPNet{} -@@ -131,6 +241,10 @@ func (config *serviceConfig) LoadAllowNondistributableArtifacts(registries []str +@@ -125,6 +233,10 @@ func (config *serviceConfig) LoadAllowNondistributableArtifacts(registries []str // LoadMirrors loads mirrors to config, after removing duplicates. // Returns an error if mirrors contains an invalid mirror. func (config *serviceConfig) LoadMirrors(mirrors []string) error { @@ -630,7 +628,7 @@ index de5a526b694d..cf90abb8be04 100644 mMap := map[string]struct{}{} unique := []string{} -@@ -160,6 +274,10 @@ func (config *serviceConfig) LoadMirrors(mirrors []string) error { +@@ -154,6 +266,10 @@ func (config *serviceConfig) LoadMirrors(mirrors []string) error { // LoadInsecureRegistries loads insecure registries to config func (config *serviceConfig) LoadInsecureRegistries(registries []string) error { @@ -921,7 +919,7 @@ index b7459471b3f6..1e0d53e7dc21 100644 func TestPushRegistryTag(t *testing.T) { diff --git a/components/engine/registry/service.go b/components/engine/registry/service.go -index b441970ff170..b3c1ee21f383 100644 +index 08f5c7a4e12c..ee0c97a8a21b 100644 --- a/components/engine/registry/service.go +++ b/components/engine/registry/service.go @@ -8,7 +8,7 @@ import ( @@ -1031,33 +1029,8 @@ index b441970ff170..b3c1ee21f383 100644 if err == nil { for _, endpoint := range allEndpoints { if !endpoint.Mirror { -@@ -308,8 +323,8 @@ func (s *DefaultService) LookupPushEndpoints(hostname string) (endpoints []APIEn - return endpoints, err - } - --func (s *DefaultService) lookupEndpoints(hostname string) (endpoints []APIEndpoint, err error) { -- endpoints, err = s.lookupV2Endpoints(hostname) -+func (s *DefaultService) lookupEndpoints(reference string) (endpoints []APIEndpoint, err error) { -+ endpoints, err = s.lookupV2Endpoints(reference) - if err != nil { - return nil, err - } -@@ -318,6 +333,13 @@ func (s *DefaultService) lookupEndpoints(hostname string) (endpoints []APIEndpoi - return endpoints, nil - } - -+ // When falling back to V1 endpoints, switch to the hostname -+ ref, err := dref.ParseNamed(reference) -+ if err != nil { -+ return nil, err -+ } -+ hostname := dref.Domain(ref) -+ - legacyEndpoints, err := s.lookupV1Endpoints(hostname) - if err != nil { - return nil, err diff --git a/components/engine/registry/service_v2.go b/components/engine/registry/service_v2.go -index 3a56dc91145a..9de221cf2aa0 100644 +index 1a4c9e310547..efebb4f41486 100644 --- a/components/engine/registry/service_v2.go +++ b/components/engine/registry/service_v2.go @@ -1,30 +1,51 @@ @@ -1160,5 +1133,5 @@ index 3a56dc91145a..9de221cf2aa0 100644 endpoints = []APIEndpoint{ -- -2.21.0 +2.22.0 diff --git a/secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch b/secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch index 9bdcba8..e6c05ad 100644 --- a/secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch +++ b/secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch @@ -1,4 +1,4 @@ -From 6603582112f42cd00b84d62a5412f2380e55d7e3 Mon Sep 17 00:00:00 2001 +From 47b241f184e61474957c4ffb8a3dcbaa543eadb9 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 8 Mar 2017 12:41:54 +1100 Subject: [PATCH 1/2] daemon: allow directory creation in /run/secrets @@ -14,7 +14,7 @@ Signed-off-by: Aleksa Sarai 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/components/engine/daemon/container_operations_unix.go b/components/engine/daemon/container_operations_unix.go -index c0aab7234269..8d8b13d26cff 100644 +index 3fcdc1913bed..4920def81a7e 100644 --- a/components/engine/daemon/container_operations_unix.go +++ b/components/engine/daemon/container_operations_unix.go @@ -3,6 +3,7 @@ @@ -70,5 +70,5 @@ index c0aab7234269..8d8b13d26cff 100644 return errors.Wrap(err, "error setting ownership for secret") } -- -2.21.0 +2.22.0 diff --git a/secrets-0002-SUSE-implement-SUSE-container-secrets.patch b/secrets-0002-SUSE-implement-SUSE-container-secrets.patch index b1ef806..b939896 100644 --- a/secrets-0002-SUSE-implement-SUSE-container-secrets.patch +++ b/secrets-0002-SUSE-implement-SUSE-container-secrets.patch @@ -1,4 +1,4 @@ -From 3eabc382912eeb475013b5514412968dfa300d63 Mon Sep 17 00:00:00 2001 +From 80072183953f8cf6fcef6b5e65e609e833dd9fb8 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 8 Mar 2017 11:43:29 +1100 Subject: [PATCH 2/2] SUSE: implement SUSE container secrets @@ -19,7 +19,7 @@ Signed-off-by: Aleksa Sarai create mode 100644 components/engine/daemon/suse_secrets.go diff --git a/components/engine/daemon/start.go b/components/engine/daemon/start.go -index e2265a4faeca..31b60e5621c6 100644 +index 57a7267b7cbb..46c3a603554f 100644 --- a/components/engine/daemon/start.go +++ b/components/engine/daemon/start.go @@ -151,6 +151,11 @@ func (daemon *Daemon) containerStart(container *container.Container, checkpoint @@ -437,5 +437,5 @@ index 000000000000..087c877015a7 + return nil +} -- -2.21.0 +2.22.0