Commit Graph

481 Commits

Author SHA256 Message Date
Aleksa Sarai
c7eaf3a256 Accepting request 545157 from home:cyphar:containers:docker_bsc
Add link to https://bugzilla.suse.com/show_bug.cgi?id=1069758 in the changelog.

OBS-URL: https://build.opensuse.org/request/show/545157
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=220
2017-11-24 12:32:16 +00:00
Aleksa Sarai
a5b4f28061 Accepting request 545109 from home:cyphar:containers:docker_drop_migrator
Rebase. I've also dropped the docker-image-migrator removal (it's depending on
an openSUSE:Factory change).

- Remove migration code for the v1.9.x -> v1.10.x migration. This has been
  around for a while, and we no longer support migrating from such an old
  version "nicely". Docker still has migration code that will run on
  first-boot, we are merely removing all of the "nice" warnings which tell
  users how to avoid issues during an upgrade that ocurred more than a year
  ago.

OBS-URL: https://build.opensuse.org/request/show/545109
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=219
2017-11-24 10:32:23 +00:00
Aleksa Sarai
eb28b07ea5 Accepting request 544765 from home:RBrownSUSE:branches:Virtualization:containers
Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)

OBS-URL: https://build.opensuse.org/request/show/544765
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=218
2017-11-24 10:06:46 +00:00
Dominique Leuenberger
41554f0a6c Accepting request 540195 from Virtualization:containers
- Add a backport of https://github.com/moby/moby/pull/35424, which fixes a
  security issue where a maliciously crafted image could be used to crash a
  Docker daemon. bsc#1066210 CVE-2017-14992
  + bsc1066210-0001-vendor-update-to-github.com-vbatts-tar-split-v0.10.2.patch
- Add a backport of https://github.com/moby/moby/pull/35399, which fixes a
  security issue where a Docker container (with a disabled AppArmor profile)
  could write to /proc/scsi/... and subsequently DoS the host. bsc#1066801
  CVE-2017-16539
  + bsc1066801-0001-oci-add-proc-scsi-to-masked-paths.patch
- Fix bsc#1059011
  The systemd service helper script used a timeout of 60 seconds to
  start the daemon, which is insufficient in cases where the daemon
  takes longer to start. Instead, set the service type from 'simple' to
  'notify' and remove the now superfluous helper script.
- fix bsc#1057743: Add a Requires: fix_bsc_1057743 which is provided by the
  newer version of docker-libnetwork. This is necessary because of a versioning
  bug we found in bsc#1057743.

OBS-URL: https://build.opensuse.org/request/show/540195
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=63
2017-11-10 13:42:49 +00:00
Aleksa Sarai
c1e075d88f Accepting request 540407 from home:cyphar:containers:docker_bsc1057743
Match secrets patches with upstream. This corrects a bug in our fix for
bsc#1055676.

OBS-URL: https://build.opensuse.org/request/show/540407
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=216
2017-11-10 07:15:19 +00:00
Aleksa Sarai
6a6c6aa170 Accepting request 540191 from home:cyphar:containers:docker_forwardport
- Fix bsc#1059011
  The systemd service helper script used a timeout of 60 seconds to
  start the daemon, which is insufficient in cases where the daemon
  takes longer to start. Instead, set the service type from 'simple' to
  'notify' and remove the now superfluous helper script.
- fix bsc#1057743: Add a Requires: fix_bsc_1057743 which is provided by the
  newer version of docker-libnetwork. This is necessary because of a versioning
  bug we found in bsc#1057743.

OBS-URL: https://build.opensuse.org/request/show/540191
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=215
2017-11-09 12:24:37 +00:00
Aleksa Sarai
7ee12cd06b osc copypac from project:Virtualization:containers package:docker revision:212
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=214
2017-11-09 11:09:35 +00:00
Aleksa Sarai
9a0bb40a46 - Fix bsc#1059011
The systemd service helper script used a timeout of 60 seconds to
  start the daemon, which is insufficient in cases where the daemon
  takes longer to start. Instead, set the service type from 'simple' to
  'notify' and remove the now superfluous helper script.
- fix bsc#1057743: Add a Requires: fix_bsc_1057743 which is provided by the
  newer version of docker-libnetwork. This is necessary because of a versioning
  bug we found in bsc#1057743.

OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=213
2017-11-09 11:08:27 +00:00
Aleksa Sarai
ca68434d79 Accepting request 539622 from home:cyphar:containers:docker_CVE-2017-14992
- Add a backport of https://github.com/moby/moby/pull/35424, which fixes a
  security issue where a maliciously crafted image could be used to crash a
  Docker daemon. bsc#1066210 CVE-2017-14992
  + bsc1066210-0001-vendor-update-to-github.com-vbatts-tar-split-v0.10.2.patch

OBS-URL: https://build.opensuse.org/request/show/539622
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=212
2017-11-07 17:23:31 +00:00
Aleksa Sarai
2c5d57165f Accepting request 539487 from home:cyphar:containers:docker_CVE-2017-16539
Update bsc1066801-0001-oci-add-proc-scsi-to-masked-paths.patch.

OBS-URL: https://build.opensuse.org/request/show/539487
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=211
2017-11-07 10:53:24 +00:00
Aleksa Sarai
9102c78185 Accepting request 539455 from home:cyphar:containers:docker_CVE-2017-16539
- Add a backport of https://github.com/moby/moby/pull/35399, which fixes a
  security issue where a Docker container (with a disabled AppArmor profile)
  could write to /proc/scsi/... and subsequently DoS the host. bsc#1066801
  CVE-2017-16539
  + bsc1066801-0001-oci-add-proc-scsi-to-masked-paths.patch

OBS-URL: https://build.opensuse.org/request/show/539455
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=210
2017-11-07 09:33:12 +00:00
Dominique Leuenberger
c9664c6805 Accepting request 536271 from Virtualization:containers
1

OBS-URL: https://build.opensuse.org/request/show/536271
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=62
2017-10-25 15:45:18 +00:00
Aleksa Sarai
91fa19e925 Accepting request 536268 from home:cyphar:containers:boo1064781_docker_version
- Correctly set `docker version` information, including the version, git
  commit, and SOURCE_DATE_EPOCH (requires a backport). This should
  *effectively* make Docker builds reproducible, with minimal cost. boo#1064781
  + bsc1064781-0001-Allow-to-override-build-date.patch

OBS-URL: https://build.opensuse.org/request/show/536268
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=208
2017-10-24 10:02:17 +00:00
Dominique Leuenberger
ee6fad3b59 Accepting request 535075 from Virtualization:containers
Update Docker to v17.07.0_ce. This SR is in conjunction with:

* request#535047
* request#535048
* request#535049

OBS-URL: https://build.opensuse.org/request/show/535075
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=61
2017-10-20 12:39:56 +00:00
Aleksa Sarai
2b837c69aa Accepting request 535073 from home:cyphar:containers:docker-ce_v17.07
Re-enable tests and correct changelog (again).

OBS-URL: https://build.opensuse.org/request/show/535073
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=206
2017-10-19 02:18:11 +00:00
Aleksa Sarai
63ed852619 Correct a series of minor issues in the v17.07.0_ce update, mainly related to
changelog entries and the versions of certain packages not being correct.

OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=205
2017-10-18 06:27:21 +00:00
Aleksa Sarai
5bc18f1a1b Accepting request 534446 from home:vrothberg:branches:Virtualization:containers
The docker-ce 17.07 update. Depends on:
- https://build.opensuse.org/request/show/534442
- https://build.opensuse.org/request/show/534444
- https://build.opensuse.org/request/show/534445

OBS-URL: https://build.opensuse.org/request/show/534446
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=204
2017-10-18 04:27:06 +00:00
Dominique Leuenberger
335659c13f Accepting request 526985 from Virtualization:containers
1

OBS-URL: https://build.opensuse.org/request/show/526985
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=60
2017-09-21 10:31:53 +00:00
Jordi Massaguer
e69ff9a2ac Accepting request 526390 from home:jordimassaguerpla:branch:V:c:fix_update_message_docker
- fix /var/adm/update-message/docker file name to be
  /var/adm/update-message/docker-%{version}-%{release}

OBS-URL: https://build.opensuse.org/request/show/526390
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=202
2017-09-18 10:05:54 +00:00
Dominique Leuenberger
e7abb960ae Accepting request 521899 from Virtualization:containers
1

OBS-URL: https://build.opensuse.org/request/show/521899
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=59
2017-09-07 20:11:56 +00:00
Valentin Rothberg
00112aab82 Accepting request 521690 from home:cyphar:containers:dm_bsc1045628
- devicemapper: add patch to make the dm storage driver remove a container's
  rootfs mountpoint before attempting to do libdm operations on it. This helps
  avoid complications when live mounts will leak into containers. Backport of
  https://github.com/moby/moby/pull/34573. bsc#1045628
  + bsc1045628-0001-devicemapper-remove-container-rootfs-mountPath-after.patch

OBS-URL: https://build.opensuse.org/request/show/521690
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=200
2017-09-07 07:53:28 +00:00
Jordi Massaguer
64b99bd0ee Accepting request 519818 from home:cyphar:containers:bsc1055676_userns_mount
- Fix a regression in our SUSE secrets patches, which caused the copied files
  to not carry the correct {uid,gid} mapping when using user namespaces. This
  would not cause any bugs (SUSEConnect does the right thing anyway) but it's
  possible some programs would not treat the files correctly. This is
  tangentially related to bsc#1055676.
  * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
  * secrets-0002-SUSE-implement-SUSE-container-secrets.patch

OBS-URL: https://build.opensuse.org/request/show/519818
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=199
2017-09-04 13:03:50 +00:00
Dominique Leuenberger
5b3a1383e8 Accepting request 516137 from Virtualization:containers
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/516137
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=58
2017-08-17 09:44:02 +00:00
Aleksa Sarai
ca3f73206d - Use -buildmode=pie for tests and binary build. bsc#1048046 bsc#1051429
This also includes some various improvements to the packaging of runc,
containerd and docker-runc.

OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=197
2017-08-11 12:09:59 +00:00
Dominique Leuenberger
8f54946f95 Accepting request 512811 from Virtualization:containers
1

OBS-URL: https://build.opensuse.org/request/show/512811
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=57
2017-07-30 09:26:14 +00:00
Aleksa Sarai
18b17a0bdb Accepting request 512333 from home:jordimassaguerpla:branch:Vc:fix_seccomp_and_dm
- enable deferred removal for sle12sp2 and newer (and openSUSE
  equivalent. fix bsc#1021227

- enable libseccomp on sle12sp2 and newer, 42.2 and newer
  fix bsc#1028638 - docker: conditional filtering not supported on
  libseccomp for sle12

OBS-URL: https://build.opensuse.org/request/show/512333
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=195
2017-07-27 16:11:06 +00:00
Jordi Massaguer
eee720d9e6 Accepting request 509416 from home:jordimassaguerpla:branch:Vc:docker:bsc_1046024
- add SuSEfirewall2.service to the After clause in docker.service
  in order to fix bsc#1046024

OBS-URL: https://build.opensuse.org/request/show/509416
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=194
2017-07-11 11:32:02 +00:00
Thomas Hipp
5283b611b2 Accepting request 508834 from home:thipp:branches:Virtualization:containers
- fix path to docker-runc in systemd service file 
- change dependency to docker-runc

OBS-URL: https://build.opensuse.org/request/show/508834
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=193
2017-07-10 11:39:04 +00:00
Dominique Leuenberger
de6e51c1cb Accepting request 504651 from Virtualization:containers
- Fix bsc#1029630: docker does not wait for lvm on system startup
I added "lvm2-monitor.service" as an "After dependency" of the docker systemd
unit. (forwarded request 504626 from jordimassaguerpla)

OBS-URL: https://build.opensuse.org/request/show/504651
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=56
2017-06-21 11:52:10 +00:00
Aleksa Sarai
6d17ff854b Accepting request 504626 from home:jordimassaguerpla:branch:V:c:fix_bsc_1029630:docker
- Fix bsc#1029630: docker does not wait for lvm on system startup
I added "lvm2-monitor.service" as an "After dependency" of the docker systemd
unit.

OBS-URL: https://build.opensuse.org/request/show/504626
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=191
2017-06-19 11:50:14 +00:00
Dominique Leuenberger
50be8ad7ff Accepting request 499667 from Virtualization:containers
1

OBS-URL: https://build.opensuse.org/request/show/499667
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=55
2017-06-02 08:32:08 +00:00
Aleksa Sarai
d3edfac459 Accepting request 499665 from home:jordimassaguerpla:branch:V:c:bsc_722377
- Fix bsc#1032287: missing docker systemd configuration

OBS-URL: https://build.opensuse.org/request/show/499665
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=189
2017-05-30 11:36:16 +00:00
Jordi Massaguer
9fce3cd938 Accepting request 498958 from home:cyphar:containers
- Update SUSE secrets patch to correctly handle restarting of containers.
  + secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
  + secrets-0002-SUSE-implement-SUSE-container-secrets.patch

OBS-URL: https://build.opensuse.org/request/show/498958
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=188
2017-05-29 12:37:19 +00:00
Jordi Massaguer
a61156fa80 Accepting request 496617 from home:scarabeus_iv:branches:Virtualization:containers
- Fix bsc#1038476 warning about non-executable docker
  * Simply verify we have binary prior using it, might happen if
    someone had docker installed and then did remove it and install
    from scratch again

OBS-URL: https://build.opensuse.org/request/show/496617
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=187
2017-05-25 08:24:46 +00:00
Dominique Leuenberger
7e47b9bdcc Accepting request 495655 from Virtualization:containers
1

OBS-URL: https://build.opensuse.org/request/show/495655
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=54
2017-05-23 08:18:53 +00:00
Miquel Sabate Sola
ba2f6637f8 Accepting request 495639 from home:cyphar:containers
- Fix bsc#1037607 which was causing read-only issues on Kubic, this is a
  backport of https://github.com/moby/moby/pull/33250.
  + bsc1037607-0001-apparmor-make-pkg-aaparser-work-on-read-only-root.patch

OBS-URL: https://build.opensuse.org/request/show/495639
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=185
2017-05-17 15:18:13 +00:00
Miquel Sabate Sola
e7663235ed Accepting request 494283 from home:cyphar:containers
- Add a partial fix for boo#1038493.
- Fixed bsc#1037436 where execids were being leaked due to bad error handling.
  This is a backport of https://github.com/docker/cli/pull/52.
   + bsc1037436-0001-client-check-tty-before-creating-exec-job.patch

OBS-URL: https://build.opensuse.org/request/show/494283
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=184
2017-05-10 14:04:27 +00:00
Jordi Massaguer
1e1a89ae18 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=183 2017-05-04 19:02:51 +00:00
Jordi Massaguer
5cc47a1efe Accepting request 492292 from home:flavio_castelli:branches:Virtualization:containers
- Update golang build requirements to use golang(API) symbol: this is
  needed to solve a conflict between multiple versions of Go being available

OBS-URL: https://build.opensuse.org/request/show/492292
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=182
2017-05-02 15:36:24 +00:00
Jordi Massaguer
da53caf134 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=181 2017-04-20 10:54:05 +00:00
Jordi Massaguer
fed8ecda73 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=180 2017-04-20 10:25:37 +00:00
Yuchen Lin
4fa0574fc1 Accepting request 487506 from Virtualization:containers
1

OBS-URL: https://build.opensuse.org/request/show/487506
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=53
2017-04-17 08:26:34 +00:00
Jordi Massaguer
5fbd718e69 Accepting request 487501 from home:cyphar:containers
- Enable Delegate=yes, since systemd will safely ignore lvalues it doesn't
  understand.

OBS-URL: https://build.opensuse.org/request/show/487501
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=178
2017-04-12 08:37:11 +00:00
Jordi Massaguer
fa6eaf989a Accepting request 487315 from home:cyphar:containers
- Update SUSE secrets patch to handle boo#1030702.
  * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
  * secrets-0002-SUSE-implement-SUSE-container-secrets.patch

OBS-URL: https://build.opensuse.org/request/show/487315
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=177
2017-04-11 12:13:39 +00:00
Jordi Massaguer
c9c04a0b92 Accepting request 487252 from home:m_meister:branches:Virtualization:containers
https://bugzilla.suse.com/show_bug.cgi?id=1032644

OBS-URL: https://build.opensuse.org/request/show/487252
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=176
2017-04-11 09:17:58 +00:00
Aleksa Sarai
5038fcde2b Accepting request 484060 from home:jordimassaguerpla:branch:V:c:docker:fix_seccomp
- Disable libseccomp for leap 42.1, sle12sp1 and sle12, because
  docker needs a higher version. Otherwise, we get the error
    "conditional filtering requires libseccomp version >= 2.2.1
  (bsc#1028639 and bsc#1028638)

OBS-URL: https://build.opensuse.org/request/show/484060
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=175
2017-03-31 11:32:13 +00:00
Dominique Leuenberger
b61db04550 Accepting request 480841 from Virtualization:containers
1

OBS-URL: https://build.opensuse.org/request/show/480841
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=52
2017-03-22 22:18:14 +00:00
Jordi Massaguer
757ddedc74 Accepting request 480819 from home:cyphar:containers
- Add a backport of fix to AppArmor lazy loading docker-exec case.
  https://github.com/docker/docker/pull/31773
  + pr31773-daemon-also-ensureDefaultApparmorProfile-in-exec-pat.patch

OBS-URL: https://build.opensuse.org/request/show/480819
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=173
2017-03-17 13:18:51 +00:00
Jordi Massaguer
9c1f006520 Accepting request 477670 from home:cyphar:containers
This massively cleans up the docker mount secrets patch we have to use the new
Docker Swarm framework for /run/secrets (which doesn't require swarm mode with
these patches).

OBS-URL: https://build.opensuse.org/request/show/477670
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=172
2017-03-08 09:03:15 +00:00
Aleksa Sarai
f0d9c665f7 Accepting request 477346 from home:jordimassaguerpla:branch:V:c:docker:small_fixes_1_13_0
- fix docker-mount-secrets.patch to apply to docker-1.13.0 

- Remove old plugins.json to prevent docker-1.13 to fail to start 

- Fix bsc#1026827: systemd TasksMax default throttles docker  

- Fix post section by adding shadow as a package requirement
  Otherwise the groupadd instruction fails

OBS-URL: https://build.opensuse.org/request/show/477346
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=171
2017-03-07 10:40:30 +00:00