# # spec file for package docker # # Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %define docker_store /var/lib/docker %define docker_graph %{docker_store}/graph %define docker_migration_testfile %{docker_store}/.suse-image-migration-v1to2-complete %define git_version 9e83765 %define go_arches %ix86 x86_64 aarch64 %define version_unconverted 1.11.1 Name: docker Version: 1.11.1 Release: 0 Summary: The Linux container runtime License: Apache-2.0 Group: System/Management Url: http://www.docker.io Source: %{name}-%{version}.tar.xz Source1: docker.service Source3: 80-docker.rules Source4: sysconfig.docker %if 0%{?suse_version} > 1320 Source5: docker.socket %else Source5: docker_systemd_lt_214.socket %endif Source6: docker-rpmlintrc Source7: README_SUSE.md Source8: docker-audit.rules # TODO: remove once we figure out what is wrong with iptables on ppc64le Source100: sysconfig.docker.ppc64le # The mount-secrets patch is be a SLE-specific feature. As such, it is disabled by default on openSUSE. # PATCH-FEATURE-SLE docker-mount-secrets.patch -- pass the SCC machine credentials and the /etc/SUSEConnect file to containers Patch200: docker-mount-secrets.patch # Required to overcome some limitations of gcc-go: https://groups.google.com/forum/#!msg/golang-nuts/SlGCPYkjxo4/4DjcjXRCqAkJ Patch101: gcc-go-patches.patch Patch102: netlink_gcc_go.patch Patch103: netlink_netns_powerpc.patch # This fixes bsc#976777. While the fix is upstream, it isn't in Docker 1.10.3 or # Docker 1.11.0. This patch was squashed and cherry-picked from runc#708. Patch301: cve-2016-3697-numeric-uid.patch # This fixes bnc#964673. This fix is in boltdb upstream, but has yet to be # merged into Docker (in a vendor commit). This patch was cherry-picked from # bolt#555. Patch302: bnc964673-boltdb-metadata-recovery.patch BuildRequires: audit BuildRequires: bash-completion BuildRequires: device-mapper-devel >= 1.2.68 BuildRequires: glibc-devel-static %ifarch %go_arches BuildRequires: go >= 1.5 BuildRequires: go-go-md2man %else BuildRequires: gcc5-go >= 5.0 %endif BuildRequires: libapparmor-devel BuildRequires: libbtrfs-devel >= 3.8 BuildRequires: procps BuildRequires: sqlite3-devel BuildRequires: systemd-devel BuildRequires: zsh Requires: apparmor-parser Requires: bridge-utils Requires: ca-certificates-mozilla # Provides mkfs.ext4 - used by Docker when devicemapper storage driver is used Requires: e2fsprogs Requires: git-core >= 1.7 Requires: iproute2 >= 3.5 Requires: iptables >= 1.4 Requires: kernel >= 3.8.0 Requires: lvm2 >= 2.2.89 Requires: procps Requires: tar >= 1.26 Requires: xz >= 4.9 # Containerd is required as it is the only currently supported execdriver of Docker. Requires: containerd # Not necessary, but must be installed to have a smooth upgrade. Recommends: docker-image-migrator Conflicts: lxc < 1.0 PreReq: %fillup_prereq BuildRoot: %{_tmppath}/%{name}-%{version}-build ExcludeArch: %ix86 ExcludeArch: s390 %if 0%{?is_opensuse} ExcludeArch: s390x %endif ExcludeArch: ppc # It's a bad idea to strip Go binaries (apart from making debugging impossible, # it also is known to cause some interesting runtime bugs). However, rpmbuild # will strip your binaries if it is creating debuginfo packages (as well as # doing it by default). So we have to manually disable both of these things. %undefine _build_create_debug %define __arch_install_post export NO_BRP_STRIP_DEBUG=true %description Docker complements LXC with a high-level API which operates at the process level. It runs unix processes with strong guarantees of isolation and repeatability across servers. Docker is a great building block for automating distributed systems: large-scale web deployments, database clusters, continuous deployment systems, private PaaS, service-oriented architectures, etc. %package bash-completion Summary: Bash Completion for %{name} Group: System/Management Requires: %{name} = %{version} Requires: bash-completion BuildArch: noarch %description bash-completion Bash command line completion support for %{name}. %package zsh-completion Summary: Zsh Completion for %{name} Group: System/Management Requires: %{name} = %{version} Supplements: packageand(docker:zsh) BuildArch: noarch %description zsh-completion Zsh command line completion support for %{name}. %package test Summary: Test package for docker Group: System/Management Requires: device-mapper-devel >= 1.2.68 Requires: glibc-devel-static %ifarch %go_arches Requires: go >= 1.4 %else Requires: gcc5-go >= 5.0 %endif BuildRequires: fdupes Requires: apparmor-parser Requires: bash-completion Requires: libapparmor-devel Requires: libbtrfs-devel >= 3.8 Requires: procps Requires: sqlite3-devel BuildArch: noarch %global __requires_exclude ^libgo.so.*$ %description test Test package for docker. It contains the source code and the tests. %prep %setup -q -n %{name}-%{version} %if 0%{?is_opensuse} # nothing %else %patch200 -p1 %endif %ifnarch %go_arches %patch101 -p1 %patch102 -p1 %patch103 -p1 %endif # bsc#976777 %patch301 -p1 # bnc#964673 %patch302 -p1 cp %{SOURCE7} . %build %ifnarch %go_arches tmphack=/tmp/dirty-hack [ -e $tmphack ] && rm -rf $tmphack mkdir $tmphack ln -s /usr/bin/go-5 $tmphack/go export PATH=$tmphack:$PATH %endif (cat < docker_build_env . ./docker_build_env %ifarch %go_arches ./hack/make.sh dynbinary man/md2man-all.sh %else ./hack/make.sh dyngccgo %endif # remove other than systemd # otherwise the resulting package will have extra requires rm -rf hack/make/.build-deb %install install -d %{buildroot}%{go_contribdir} install -d %{buildroot}%{_bindir} %ifarch %go_arches install -D -m755 bundles/%{version}/dynbinary/%{name}-%{version} %{buildroot}/%{_bindir}/%{name} %else install -D -m755 bundles/%{version}/dyngccgo/%{name}-%{version} %{buildroot}/%{_bindir}/%{name} %endif install -d %{buildroot}/%{_prefix}/lib/docker install -Dd -m 0755 \ %{buildroot}%{_sysconfdir}/init.d \ %{buildroot}%{_sbindir} install -D -m0644 contrib/completion/bash/docker "%{buildroot}/etc/bash_completion.d/%{name}" install -D -m0644 contrib/completion/zsh/_docker "%{buildroot}/etc/zsh_completion.d/%{name}" # copy all for the test package install -d %{buildroot}/usr/src/docker/ cp -av . %{buildroot}/usr/src/docker/ # # systemd service # install -D -m 0644 %SOURCE1 %{buildroot}%{_unitdir}/%{name}.service install -D -m 0644 %SOURCE5 %{buildroot}%{_unitdir}/%{name}.socket ln -sf /sbin/service $RPM_BUILD_ROOT/usr/sbin/rcdocker # # udev rules that prevents dolphin to show all docker devices and slows down # upstream report https://bugs.kde.org/show_bug.cgi?id=329930 # install -D -m 0644 %SOURCE3 %{buildroot}%{_prefix}/lib/udev/rules.d/80-%{name}.rules # audit rules install -D -m 0640 %SOURCE8 %{buildroot}%{_sysconfdir}/audit/rules.d/%{name}.rules # sysconfig file %ifarch ppc64le install -D -m 644 %SOURCE100 %{buildroot}/var/adm/fillup-templates/sysconfig.docker %else install -D -m 644 %SOURCE4 %{buildroot}/var/adm/fillup-templates/sysconfig.docker %endif %ifarch %go_arches # install manpages install -d %{buildroot}%{_mandir}/man1 install -p -m 644 man/man1/*.1 %{buildroot}%{_mandir}/man1 install -d %{buildroot}%{_mandir}/man5 install -p -m 644 man/man5/Dockerfile.5 %{buildroot}%{_mandir}/man5 %endif %fdupes %{buildroot} %pre # We're currently inside rpmlint, which will cause us to fail the tests if it # happens that the Docker install in the builder requires a migration. if [[ -z "$BUILD_ROOT" ]] then # In order to make sure we don't print a scary warning when we shouldn't we # need to test these things (in this order): # 1. Check that /var/lib/docker actually exists (docker daemon has run). # 2. Check that the migrator has *not* finished. # 3. Check that /var/lib/docker/graph exists (this is a <=1.9.1 thing, but # will stick around if it has been migrated -- which is why we need the # MIGRATION_TESTFILE check). # 4. Check that there are images in the graph/ directory. if [[ -d "%{docker_store}" && ( ! -f "%{docker_migration_testfile}" ) && -d "%{docker_store}" && -n "$(find "%{docker_store}" -maxdepth 1 -type d 2>/dev/null | grep -Ev '_tmp|^%{docker_store}$')" ]] then if [ -n "$DOCKER_FORCE_INSTALL" ] then echo >&2 "*** IGNORING DOWNTIME WARNING! FORCING INSTALLATION. ***" else cat >&2 <=1.10.0, the Docker image format has changed to be completely content-addressible. This results in several positive improvements to image operations (better caching during builds mainly). However, the migration operation may take several hours if you have a lot of large images on a Docker host. In order to ensure that you have minimum downtime, this update of Docker will not complete successfully, and you will have the opportunity to run a separate migration tool (which will not cause downtime for your Docker daemon). In order to run this migration tool, please install the 'docker-image-migrator' package. You can run the migration with this command, which will exit after the migration has been completed: $ /usr/lib/docker-image-migrator/do-image-migration-v1to2.sh Because the migrator requires information about the storage driver used by Docker, the migration script will source /etc/sysconfig/docker and use \$DOCKER_OPTS as arguments to the migrator. If this automated migration fails, it will be re-attempted with every known storage driver. In addition, the script accepts arguments which will simiarly be appended to the set of arguments (after \$DOCKER_OPTS) to the migrator. However, if you prefer to not run this separate migration tool, you can force this update using the following command. THIS WILL CAUSE DOWNTIME, BECAUSE DOCKER WILL RUN THE MIGRATION ON FIRST START AND YOU WILL BE UNABLE TO START ANY CONTAINERS OR USE ANY DOCKER COMMANDS (EVEN CONTAINERS WITH RESTART POLICIES ACTIVE): $ DOCKER_FORCE_INSTALL=1 sudo -E zypper up docker EOF # Fail the update. exit 1 fi fi # In order to make sure that we don't accidentally cause problems with an # upgrade to docker>=1.10.2, we'll touch the same file we tested in (2). # -m701 is *not* a typo, it is necessary for certain syscalls with remapped # root. [[ -d "%{docker_store}" ]] || install -d -m701 %{docker_store} || : touch %{docker_migration_testfile} fi echo "creating group docker..." groupadd -r docker 2>/dev/null || : %service_add_pre %{name}.service %{name}.socket %post %service_add_post %{name}.service %{name}.socket %{fillup_only -n docker} %preun %service_del_preun %{name}.service %{name}.socket %postun %service_del_postun %{name}.service %{name}.socket %files %defattr(-,root,root) %doc README.md LICENSE README_SUSE.md %{_bindir}/docker %{_sbindir}/rcdocker %{_prefix}/lib/docker/ %{_unitdir}/%{name}.service %{_unitdir}/%{name}.socket %config %{_sysconfdir}/audit/rules.d/%{name}.rules %{_prefix}/lib/udev/rules.d/80-%{name}.rules /var/adm/fillup-templates/sysconfig.docker %ifarch %go_arches %{_mandir}/man1/docker-*.1.gz %{_mandir}/man1/docker.1.gz %{_mandir}/man5/Dockerfile.5.gz %endif %files bash-completion %defattr(-,root,root) %config %{_sysconfdir}/bash_completion.d/%{name} %files zsh-completion %defattr(-,root,root) %config %{_sysconfdir}/zsh_completion.d/%{name} %files test %defattr(-,root,root) /usr/src/docker/ # exclude binaries %exclude /usr/src/docker/bundles/ # exclude init configurations other than systemd %exclude /usr/src/docker/contrib/init/openrc %exclude /usr/src/docker/contrib/init/sysvinit-debian %exclude /usr/src/docker/contrib/init/sysvinit-redhat %exclude /usr/src/docker/contrib/init/upstart %changelog