Commit Graph

365 Commits

Author SHA256 Message Date
Aleksa Sarai
b7f9caccb8 Accepting request 619741 from home:cyphar:docker_apparmor
- Update the AppArmor patchset again to fix a separate issue where changed
  AppArmor profiles don't actually get applied on Docker daemon reboot.
  bsc#1099277
  * bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
  + bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch

OBS-URL: https://build.opensuse.org/request/show/619741
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=254
2018-06-29 11:09:45 +00:00
Yuchen Lin
569d910394 Accepting request 616513 from Virtualization:containers
OBS-URL: https://build.opensuse.org/request/show/616513
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=77
2018-06-22 11:15:19 +00:00
Jordi Massaguer
b71d7ce544 Accepting request 616493 from home:dcassany:branches:Virtualization:containers
- Make use of %license macro

OBS-URL: https://build.opensuse.org/request/show/616493
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=252
2018-06-13 11:40:04 +00:00
Dominique Leuenberger
80b49b5d23 Accepting request 614829 from Virtualization:containers
OBS-URL: https://build.opensuse.org/request/show/614829
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=76
2018-06-08 21:11:45 +00:00
Valentin Rothberg
83153bc279 Accepting request 614826 from home:cyphar:containers:apparmor_fixup_bsc1073877
- Update to AppArmor patch so that signal mediation also works for signals
  between in-container processes. bsc#1073877
  * bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch

OBS-URL: https://build.opensuse.org/request/show/614826
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=250
2018-06-07 06:25:06 +00:00
Aleksa Sarai
92f6adde7d Accepting request 614224 from home:cyphar:containers:remove_check_section
- Remove 'go test' from %check section, as it has only ever caused us problems
  and hasn't (as far as I remember) ever caught a release-blocking issue. Smoke
  testing has been far more useful. boo#1095817

OBS-URL: https://build.opensuse.org/request/show/614224
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=249
2018-06-05 11:23:05 +00:00
Dominique Leuenberger
dbef6e7b94 Accepting request 612961 from Virtualization:containers
- Update secrets patch to not log incorrect warnings when attempting to inject
  non-existent host files. bsc#1065609
  * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
  * secrets-0002-SUSE-implement-SUSE-container-secrets.patch

OBS-URL: https://build.opensuse.org/request/show/612961
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=75
2018-06-03 10:28:41 +00:00
Aleksa Sarai
4bd579423a Accepting request 612799 from home:cyphar:containers:docker_bsc1065609
- Update secrets patch to not log incorrect warnings when attempting to inject
  non-existent host files. bsc#1065609
  * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
  * secrets-0002-SUSE-implement-SUSE-container-secrets.patch

OBS-URL: https://build.opensuse.org/request/show/612799
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=247
2018-05-30 05:44:31 +00:00
Dominique Leuenberger
f6034d555a Accepting request 605682 from Virtualization:containers
OBS-URL: https://build.opensuse.org/request/show/605682
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=74
2018-05-15 08:10:29 +00:00
Aleksa Sarai
832a61093a Accepting request 605674 from home:cyphar:containers:fixup
update changelog

OBS-URL: https://build.opensuse.org/request/show/605674
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=245
2018-05-09 08:43:43 +00:00
Dominique Leuenberger
f556da197a Accepting request 598552 from Virtualization:containers
OBS-URL: https://build.opensuse.org/request/show/598552
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=73
2018-04-22 12:35:27 +00:00
Valentin Rothberg
7e7d9a111a Accepting request 598526 from home:cyphar:containers:docker-apparmor
- Fix up the AppArmor 'docker kill' patch to work on older AppArmor versions.
  boo#1089732
  * bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch

OBS-URL: https://build.opensuse.org/request/show/598526
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=243
2018-04-19 12:32:33 +00:00
Dominique Leuenberger
0d3850798d Accepting request 595995 from Virtualization:containers
OBS-URL: https://build.opensuse.org/request/show/595995
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=72
2018-04-17 09:13:13 +00:00
Aleksa Sarai
c9962818ba Accepting request 595152 from home:cyphar:containers:apparmor
- Add patch to handle AppArmor changes that make 'docker kill' stop working.
  bsc#1073877
  + bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch

OBS-URL: https://build.opensuse.org/request/show/595152
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=241
2018-04-12 14:45:14 +00:00
Aleksa Sarai
36f6ac97aa Accepting request 594073 from home:cyphar:containers:docker_ppc_fixup
- Fix manpage generation breaking ppc64le builds due to a missing
  -buildemode=pie.

OBS-URL: https://build.opensuse.org/request/show/594073
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=240
2018-04-10 09:09:40 +00:00
Dominique Leuenberger
7bf5c350ad Accepting request 593664 from Virtualization:containers
OBS-URL: https://build.opensuse.org/request/show/593664
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=71
2018-04-05 13:29:29 +00:00
Valentin Rothberg
b0a1746a0a Accepting request 593541 from home:vrothberg:branches:Virtualization:containers
- Compile and install all manpages.
  bsc#1085117

OBS-URL: https://build.opensuse.org/request/show/593541
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=238
2018-04-05 05:48:40 +00:00
Aleksa Sarai
2c2c83d31e Accepting request 591549 from home:cyphar:containers_docker-init
- Add requirement for catatonit, which provides a docker-init implementation.
  fate#324652

OBS-URL: https://build.opensuse.org/request/show/591549
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=237
2018-03-28 09:48:12 +00:00
Dominique Leuenberger
dfa2ecf531 Accepting request 576049 from Virtualization:containers
OBS-URL: https://build.opensuse.org/request/show/576049
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=70
2018-02-16 20:40:02 +00:00
Aleksa Sarai
cdaf1b8273 Accepting request 576039 from home:cyphar:containers:switch_patch_source
- Update patches to be sourced from https://github.com/suse/docker-ce (which
  are based on the upstream docker/docker-ce repo). The reason for this change
  (though it is functionally identical to the old patches) is so that public
  patch maintenance is much simpler.
  * bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch
  * bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch
  * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
  * secrets-0002-SUSE-implement-SUSE-container-secrets.patch

OBS-URL: https://build.opensuse.org/request/show/576039
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=235
2018-02-13 11:34:28 +00:00
Dominique Leuenberger
aee56fe48c Accepting request 567740 from Virtualization:containers
OBS-URL: https://build.opensuse.org/request/show/567740
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=69
2018-01-21 14:48:18 +00:00
Jordi Massaguer
6643e811f1 Accepting request 567735 from home:cyphar:containers:docker_obsoletes_image-migrator
- Add Obsoletes: docker-image-migrator, as the tool is no longer needed and
  we've pretty much removed it from everywhere except the containers module.
  bsc#1069758

OBS-URL: https://build.opensuse.org/request/show/567735
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=233
2018-01-19 15:22:50 +00:00
Aleksa Sarai
450c4fe91a Accepting request 567583 from home:vrothberg:branches:Virtualization:containers
- Remove requirement on bridge-utils, which has been replaced by libnetwork in
  Docker.
  bsc#1072798

OBS-URL: https://build.opensuse.org/request/show/567583
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=232
2018-01-19 08:07:52 +00:00
Dominique Leuenberger
8fb9d62120 Accepting request 563290 from Virtualization:containers
Minor changelog update.

OBS-URL: https://build.opensuse.org/request/show/563290
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=68
2018-01-13 20:34:30 +00:00
Aleksa Sarai
6e5b54a6a2 Accepting request 563287 from home:cyphar:containers_module_update
Update changelogs to mention bsc#1069758 properly.

OBS-URL: https://build.opensuse.org/request/show/563287
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=230
2018-01-10 12:24:47 +00:00
Dominique Leuenberger
173e951030 Accepting request 558281 from Virtualization:containers
Docker v17.09.1_ce upgrade.

OBS-URL: https://build.opensuse.org/request/show/558281
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=67
2017-12-21 10:25:14 +00:00
Aleksa Sarai
9c7edd7eef - Update to Docker v17.09.1_ce. Upstream changelog:
https://github.com/docker/docker-ce/releases/tag/v17.09.1-ce
- Removed patches (merged upstream):
  - bsc1045628-0001-devicemapper-remove-container-rootfs-mountPath-after.patch
  - bsc1066210-0001-vendor-update-to-github.com-vbatts-tar-split-v0.10.2.patch
  - bsc1066801-0001-oci-add-proc-scsi-to-masked-paths.patch
- Update to Docker v17.09.0_ce. Upstream changelog:
  https://github.com/docker/docker-ce/releases/tag/v17.09.0-ce
- Rebased patches:
  * bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch
  * bsc1045628-0001-devicemapper-remove-container-rootfs-mountPath-after.patch
  * bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch
  * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
  * secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Removed patches (merged upstream):
  - bsc1064781-0001-Allow-to-override-build-date.patch

OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=228
2017-12-19 03:42:51 +00:00
Aleksa Sarai
6e5904b7ca Accepting request 558082 from home:cyphar:containers:docker_bsc1021227
- Add a patch to dynamically probe whether libdevmapper supports
  dm_task_deferred_remove. This is necessary because we build the containers
  module on a SLE12 base, but later SLE versions have libdevmapper support.
  This should not affect openSUSE, as all openSUSE versions have a new enough
  libdevmapper. Backport of https://github.com/moby/moby/pull/35518.
  bsc#1021227 bsc#1029320 bsc#1058173
  + bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch

OBS-URL: https://build.opensuse.org/request/show/558082
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=227
2017-12-18 12:28:20 +00:00
Dominique Leuenberger
d2183f2175 Accepting request 548181 from Virtualization:containers
OBS-URL: https://build.opensuse.org/request/show/548181
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=66
2017-12-08 11:54:01 +00:00
Aleksa Sarai
a953cf90b5 Accepting request 548172 from home:cyphar:containers:docker_test_fixup
- Fix up the ordering of tests in docker.spec. This is to keep things easier to
  backport into the SLE package.

OBS-URL: https://build.opensuse.org/request/show/548172
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=225
2017-12-04 16:40:53 +00:00
Dominique Leuenberger
20660fb93a Accepting request 546698 from Virtualization:containers
OBS-URL: https://build.opensuse.org/request/show/546698
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=65
2017-12-03 09:06:24 +00:00
Jordi Massaguer
8fc843bebc Accepting request 546676 from home:cyphar:containers:docker_bsc1057743
- Include secrets fix to handle "old" containers that have orphaned secret
  data. It's not clear why Docker caches these secrets, but fix the problem by
  trashing the references manually. bsc#1057743
  * secrets-0002-SUSE-implement-SUSE-container-secrets.patch

OBS-URL: https://build.opensuse.org/request/show/546676
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=223
2017-11-30 11:49:12 +00:00
Dominique Leuenberger
a75507162a Accepting request 545292 from Virtualization:containers
This is an update of the Docker package, mostly just including packaging fixes.
It also drops all of the v1.10.x migration logic we added a while ago. The
delete request for docker-image-migrator was submitted in parallel.

OBS-URL: https://build.opensuse.org/request/show/545292
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=64
2017-11-30 11:41:35 +00:00
Aleksa Sarai
08b07fd7b4 Accepting request 545273 from home:cyphar:containers:docker_fixup
Fixup according to comments in https://build.opensuse.org/request/show/545160.

OBS-URL: https://build.opensuse.org/request/show/545273
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=221
2017-11-24 16:47:10 +00:00
Aleksa Sarai
c7eaf3a256 Accepting request 545157 from home:cyphar:containers:docker_bsc
Add link to https://bugzilla.suse.com/show_bug.cgi?id=1069758 in the changelog.

OBS-URL: https://build.opensuse.org/request/show/545157
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=220
2017-11-24 12:32:16 +00:00
Aleksa Sarai
a5b4f28061 Accepting request 545109 from home:cyphar:containers:docker_drop_migrator
Rebase. I've also dropped the docker-image-migrator removal (it's depending on
an openSUSE:Factory change).

- Remove migration code for the v1.9.x -> v1.10.x migration. This has been
  around for a while, and we no longer support migrating from such an old
  version "nicely". Docker still has migration code that will run on
  first-boot, we are merely removing all of the "nice" warnings which tell
  users how to avoid issues during an upgrade that ocurred more than a year
  ago.

OBS-URL: https://build.opensuse.org/request/show/545109
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=219
2017-11-24 10:32:23 +00:00
Aleksa Sarai
eb28b07ea5 Accepting request 544765 from home:RBrownSUSE:branches:Virtualization:containers
Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)

OBS-URL: https://build.opensuse.org/request/show/544765
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=218
2017-11-24 10:06:46 +00:00
Dominique Leuenberger
41554f0a6c Accepting request 540195 from Virtualization:containers
- Add a backport of https://github.com/moby/moby/pull/35424, which fixes a
  security issue where a maliciously crafted image could be used to crash a
  Docker daemon. bsc#1066210 CVE-2017-14992
  + bsc1066210-0001-vendor-update-to-github.com-vbatts-tar-split-v0.10.2.patch
- Add a backport of https://github.com/moby/moby/pull/35399, which fixes a
  security issue where a Docker container (with a disabled AppArmor profile)
  could write to /proc/scsi/... and subsequently DoS the host. bsc#1066801
  CVE-2017-16539
  + bsc1066801-0001-oci-add-proc-scsi-to-masked-paths.patch
- Fix bsc#1059011
  The systemd service helper script used a timeout of 60 seconds to
  start the daemon, which is insufficient in cases where the daemon
  takes longer to start. Instead, set the service type from 'simple' to
  'notify' and remove the now superfluous helper script.
- fix bsc#1057743: Add a Requires: fix_bsc_1057743 which is provided by the
  newer version of docker-libnetwork. This is necessary because of a versioning
  bug we found in bsc#1057743.

OBS-URL: https://build.opensuse.org/request/show/540195
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=63
2017-11-10 13:42:49 +00:00
Aleksa Sarai
c1e075d88f Accepting request 540407 from home:cyphar:containers:docker_bsc1057743
Match secrets patches with upstream. This corrects a bug in our fix for
bsc#1055676.

OBS-URL: https://build.opensuse.org/request/show/540407
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=216
2017-11-10 07:15:19 +00:00
Aleksa Sarai
6a6c6aa170 Accepting request 540191 from home:cyphar:containers:docker_forwardport
- Fix bsc#1059011
  The systemd service helper script used a timeout of 60 seconds to
  start the daemon, which is insufficient in cases where the daemon
  takes longer to start. Instead, set the service type from 'simple' to
  'notify' and remove the now superfluous helper script.
- fix bsc#1057743: Add a Requires: fix_bsc_1057743 which is provided by the
  newer version of docker-libnetwork. This is necessary because of a versioning
  bug we found in bsc#1057743.

OBS-URL: https://build.opensuse.org/request/show/540191
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=215
2017-11-09 12:24:37 +00:00
Aleksa Sarai
7ee12cd06b osc copypac from project:Virtualization:containers package:docker revision:212
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=214
2017-11-09 11:09:35 +00:00
Aleksa Sarai
9a0bb40a46 - Fix bsc#1059011
The systemd service helper script used a timeout of 60 seconds to
  start the daemon, which is insufficient in cases where the daemon
  takes longer to start. Instead, set the service type from 'simple' to
  'notify' and remove the now superfluous helper script.
- fix bsc#1057743: Add a Requires: fix_bsc_1057743 which is provided by the
  newer version of docker-libnetwork. This is necessary because of a versioning
  bug we found in bsc#1057743.

OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=213
2017-11-09 11:08:27 +00:00
Aleksa Sarai
ca68434d79 Accepting request 539622 from home:cyphar:containers:docker_CVE-2017-14992
- Add a backport of https://github.com/moby/moby/pull/35424, which fixes a
  security issue where a maliciously crafted image could be used to crash a
  Docker daemon. bsc#1066210 CVE-2017-14992
  + bsc1066210-0001-vendor-update-to-github.com-vbatts-tar-split-v0.10.2.patch

OBS-URL: https://build.opensuse.org/request/show/539622
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=212
2017-11-07 17:23:31 +00:00
Aleksa Sarai
2c5d57165f Accepting request 539487 from home:cyphar:containers:docker_CVE-2017-16539
Update bsc1066801-0001-oci-add-proc-scsi-to-masked-paths.patch.

OBS-URL: https://build.opensuse.org/request/show/539487
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=211
2017-11-07 10:53:24 +00:00
Aleksa Sarai
9102c78185 Accepting request 539455 from home:cyphar:containers:docker_CVE-2017-16539
- Add a backport of https://github.com/moby/moby/pull/35399, which fixes a
  security issue where a Docker container (with a disabled AppArmor profile)
  could write to /proc/scsi/... and subsequently DoS the host. bsc#1066801
  CVE-2017-16539
  + bsc1066801-0001-oci-add-proc-scsi-to-masked-paths.patch

OBS-URL: https://build.opensuse.org/request/show/539455
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=210
2017-11-07 09:33:12 +00:00
Dominique Leuenberger
c9664c6805 Accepting request 536271 from Virtualization:containers
1

OBS-URL: https://build.opensuse.org/request/show/536271
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=62
2017-10-25 15:45:18 +00:00
Aleksa Sarai
91fa19e925 Accepting request 536268 from home:cyphar:containers:boo1064781_docker_version
- Correctly set `docker version` information, including the version, git
  commit, and SOURCE_DATE_EPOCH (requires a backport). This should
  *effectively* make Docker builds reproducible, with minimal cost. boo#1064781
  + bsc1064781-0001-Allow-to-override-build-date.patch

OBS-URL: https://build.opensuse.org/request/show/536268
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=208
2017-10-24 10:02:17 +00:00
Dominique Leuenberger
ee6fad3b59 Accepting request 535075 from Virtualization:containers
Update Docker to v17.07.0_ce. This SR is in conjunction with:

* request#535047
* request#535048
* request#535049

OBS-URL: https://build.opensuse.org/request/show/535075
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=61
2017-10-20 12:39:56 +00:00
Aleksa Sarai
2b837c69aa Accepting request 535073 from home:cyphar:containers:docker-ce_v17.07
Re-enable tests and correct changelog (again).

OBS-URL: https://build.opensuse.org/request/show/535073
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=206
2017-10-19 02:18:11 +00:00
Aleksa Sarai
63ed852619 Correct a series of minor issues in the v17.07.0_ce update, mainly related to
changelog entries and the versions of certain packages not being correct.

OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=205
2017-10-18 06:27:21 +00:00