#
# spec file for package docker
#
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# nodebuginfo


%global docker_store              %{_localstatedir}/lib/docker
%global docker_migration_testfile %{docker_store}/.suse-image-migration-v1to2-complete
%global docker_migration_warnfile %{docker_store}/docker-update-message.txt
%global docker_plugin_warnfile    %{docker_store}/docker-plugin-message.txt
%define docker_graph              %{docker_store}/graph
%define git_version 78d1802
%define version_unconverted 17.07.0_ce
%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
# When upgrading to a new version requires the service not to be restarted
# Due to a long migration process update last_migration_version to the new version
# that will first perform the migration, last time this was needed was version
# 1.10.1
%global last_migration_version 1.10.1
Name:           docker
Version:        17.07.0_ce
Release:        0
Summary:        The Linux container runtime
License:        Apache-2.0
Group:          System/Management
Url:            http://www.docker.io
# TODO(VR): check those SOURCE files below
Source:         %{name}-%{version}.tar.xz
Source1:        docker.service
Source3:        80-docker.rules
Source4:        sysconfig.docker
Source6:        docker-rpmlintrc
Source7:        README_SUSE.md
Source8:        docker-audit.rules
Source9:        tests.sh
Source50:       docker-update-message.txt
Source51:       docker-plugin-message.txt
# SUSE-FEATURE: Adds the /run/secrets mountpoint inside all Docker containers
# which is not snapshotted when images are committed. Note that if you modify
# this patch, please also modify the patch in the suse-secrets-v<version>
# branch in http://github.com/suse/docker.mirror.
Patch200:       secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
Patch201:       secrets-0002-SUSE-implement-SUSE-container-secrets.patch
# SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/35205. bsc#1055676
Patch401:       bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch
# SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/34573. bsc#1045628
Patch402:       bsc1045628-0001-devicemapper-remove-container-rootfs-mountPath-after.patch
BuildRequires:  audit
BuildRequires:  bash-completion
BuildRequires:  ca-certificates
BuildRequires:  device-mapper-devel >= 1.2.68
BuildRequires:  glibc-devel-static
BuildRequires:  libapparmor-devel
BuildRequires:  libbtrfs-devel >= 3.8
# enable libseccomp for sle >= sle12sp2
%if 0%{?sle_version} >= 120200
%define with_libseccomp 1
%endif
# enable libseccomp for leap >= 42.2
%if 0%{?leap_version} >= 420200
%define with_libseccomp 1
%endif
# enable libseccomp for Factory
%if 0%{?suse_version} > 1320
%define with_libseccomp 1
%endif
%if 0%{?with_libseccomp}
BuildRequires:  libseccomp-devel
%endif
BuildRequires:  libtool
BuildRequires:  procps
BuildRequires:  sqlite3-devel
BuildRequires:  systemd-devel
BuildRequires:  zsh
Requires:       apparmor-parser
Requires:       bridge-utils
Requires:       ca-certificates-mozilla
Requires:       docker-libnetwork = 0.7.0dev.3+git20170816.4a242dba7739
# Containerd and runC are required as they are the only currently supported
# execdrivers of Docker. NOTE: The version pinning here matches upstream's
# vendor.conf to ensure that we don't use a slightly incompatible version of
# runC or containerd (which would be bad).
Requires:       containerd = 0.2.3+gitr671_3addd8406531
Requires:       docker-runc = 1.0.0rc3+gitr3201_2d41c04
# Provides mkfs.ext4 - used by Docker when devicemapper storage driver is used
Requires:       e2fsprogs
Requires:       git-core >= 1.7
Requires:       iproute2 >= 3.5
Requires:       iptables >= 1.4
Requires:       procps
Requires:       tar >= 1.26
Requires:       xz >= 4.9
Requires(post): %fillup_prereq
Requires(post): udev
Requires(post): shadow
# Not necessary, but must be installed to have a smooth upgrade.
Recommends:     docker-image-migrator
# Not necessary, but must be installed when the underlying system is
# configured to use lvm and the user doesn't explicitly provide a
# different storage-driver than devicemapper
Recommends:     lvm2 >= 2.2.89
Conflicts:      lxc < 1.0
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
ExcludeArch:    %ix86 s390 ppc
# Make sure we build with go 1.8
BuildRequires:  go-go-md2man
BuildRequires:  golang(API) = 1.8

%description
Docker complements LXC with a high-level API which operates at the process
level. It runs unix processes with strong guarantees of isolation and
repeatability across servers.

Docker is a great building block for automating distributed systems: large-scale
web deployments, database clusters, continuous deployment systems, private PaaS,
service-oriented architectures, etc.

%package bash-completion
Summary:        Bash Completion for %{name}
Group:          System/Management
Requires:       %{name} = %{version}
Supplements:    packageand(docker:bash-completion)
BuildArch:      noarch

%description bash-completion
Bash command line completion support for %{name}.

%package zsh-completion
Summary:        Zsh Completion for %{name}
Group:          System/Management
Requires:       %{name} = %{version}
Supplements:    packageand(docker:zsh)
BuildArch:      noarch

%description zsh-completion
Zsh command line completion support for %{name}.

%package test
%global __requires_exclude ^libgo.so.*$
Summary:        Test package for docker
Group:          System/Management
BuildRequires:  fdupes
Requires:       apparmor-parser
Requires:       bash-completion
Requires:       device-mapper-devel >= 1.2.68
Requires:       glibc-devel-static
# Make sure we require go 1.7
Requires:       libapparmor-devel
Requires:       libbtrfs-devel >= 3.8
Requires:       procps
Requires:       sqlite3-devel
Requires:       golang(API) = 1.8

%description test
Test package for docker. It contains the source code and the tests.

%prep
%setup -q
%if 0%{?is_opensuse}
# nothing
%else
%patch200 -p1 -d components/engine
%patch201 -p1 -d components/engine
%endif
# bsc#1055676
%patch401 -p1 -d components/engine
# bsc#1045628
%patch402 -p1 -d components/engine

cp %{SOURCE7} .
cp %{SOURCE9} .

%build
BUILDTAGS="exclude_graphdriver_aufs apparmor selinux pkcs11"
%if 0%{?with_libseccomp}
BUILDTAGS="seccomp $BUILDTAGS"
%endif
# For SLE12 libdevmapper.h is not recent enough to define
# dm_task_deferred_remove().
%if 0%{?sle_version} == 120000
	BUILDTAGS="libdm_no_deferred_remove $BUILDTAGS"
%endif

(cat <<EOF
export AUTO_GOPATH=1
export DOCKER_BUILDTAGS="$BUILDTAGS"
export DOCKER_GITCOMMIT=%{git_version}
# Until boo#1038493 is fixed properly we need to do this hack to get the
# compiled-into-the-binary GOROOT.
export GOROOT="$(GOROOT= go env GOROOT)"
# Make sure we always build PIC code. bsc#1048046
export BUILDFLAGS="-buildmode=pie"
EOF
) > docker_build_env
. ./docker_build_env

# Preparing GOPATH so that the client is visible to the compiler
mkdir -p src/github.com/docker/
ln -s $(pwd)/components/cli $(pwd)/src/github.com/docker/cli
GOPATH=$GOPATH:$(pwd)

# DOCKER ENGINE
cd components/engine/
# ignore the warning that we compile outside a Docker container
./hack/make.sh dynbinary
# build the tests binary
GOPATH=$(pwd)/vendor:$(pwd)/.gopath/ go test \
	-buildmode=pie \
	-tags "$DOCKER_BUILDTAGS daemon autogen" \
	-c github.com/docker/docker/integration-cli -o tests.main
cd ../..

# DOCKER CLIENT
cd components/cli
./scripts/build/dynbinary
./man/md2man-all.sh
cd ../..

%check
. ./docker_build_env

# DOCKER ENGINE
# go test will look in github.com/docker/docker/vendor for vendored packages but
# Docker keeps them in github.com/docker/docker/vendor/src. Let's do it like
# Docker does it and append github.com/docker/docker/vendor to the GOPATH so the
# packages are found by go test.
export GOPATH=$HOME/go/src/github.com/docker/docker/vendor:$GOPATH

# Create or dir if it doesn't exist already
mkdir -p $HOME/go/src/github.com/docker

# Remove any existing symlinks.
rm -rf $HOME/go/src/github.com/docker/*

# go list -e ... doesn't seem to work with symlinks so do a full copy instead.
cp -ar %{buildroot}/usr/src/docker/engine $HOME/go/src/github.com/docker/docker

cd $HOME/go/src/github.com/docker/docker

# The command is taken from hack/make/test-unit and various test runs.
# Everything that follows github.com/docker/pkg/integration-cli are packages
# containing tests that cannot run in an obs build context. Some tests must be
# excluded as they will always fail in our build environments.
PKG_LIST=$(go list -e \
		-f '{{if ne .Name "github.com/docker/docker"}} {{.ImportPath}}
		{{end}}'  \
		-tags "$DOCKER_BUILDTAGS" \
		-a "${BUILDFLAGS[@]}" ... \
		| grep    'github.com/docker/docker' \
		| grep -v 'github.com/docker/docker/vendor' \
		| grep -v 'github.com/docker/docker/integration-cli' \
		| grep -v 'github.com/docker/docker/pkg/archive$' \
		| grep -v 'github.com/docker/docker/pkg/chrootarchive$' \
		| grep -v 'github.com/docker/docker/pkg/gitutils$' \
		| grep -v 'github.com/docker/docker/pkg/idtools$' \
		| grep -v 'github.com/docker/docker/pkg/jsonlog$' \
		| grep -v 'github.com/docker/docker/pkg/mount$' \
		| grep -v 'github.com/docker/docker/pkg/sysinfo$' \
		| grep -v 'github.com/docker/docker/registry$' \
		| grep -v 'github.com/docker/docker/volume/local$' \
		| grep -v 'github.com/docker/docker/builder$' \
		| grep -v 'github.com/docker/docker/builder/remotecontext' \
		| grep -v 'github.com/docker/docker/builder/dockerfile$' \
		| grep -v 'github.com/docker/docker/builder/dockerfile/parser$' \
		| grep -v 'github.com/docker/docker/daemon$' \
		| grep -v 'github.com/docker/docker/daemon/graphdriver' \
		| grep -v 'github.com/docker/docker/cmd/dockerd$' \
		| grep -v 'github.com/docker/docker/pkg/integration$' \
%if ! 0%{?with_libseccomp}
		| grep -v 'github.com/docker/docker/profiles/seccomp$' \
%endif
		)

rm ./pkg/system/rm_test.go

#go test -buildmode=pie -cover -ldflags -w -tags "$DOCKER_BUILDTAGS" -a -test.timeout=10m $PKG_LIST

# DOCKER CLIENT
cp -ar %{buildroot}/usr/src/docker/cli $HOME/go/src/github.com/docker/cli
cd $HOME/go/src/github.com/docker/cli
PKG_LIST=$(go list ./... \
		| grep    'github.com/docker/cli' \
		| grep -v 'github.com/docker/cli/vendor' \
		| grep -v 'github.com/docker/cli/cli/command/idresolver' \
		| grep -v 'github.com/docker/cli/cli/command/image' \
		| grep -v 'github.com/docker/cli/cli/image'
		)

go test -buildmode=pie -ldflags -w -tags daemon -a -test.timeout=10m $PKG_LIST

%install
install -d %{buildroot}%{go_contribdir}
install -d %{buildroot}%{_bindir}
install -D -m755 components/cli/build/docker %{buildroot}/%{_bindir}/docker
install -D -m755 components/engine/bundles/latest/dynbinary-daemon/dockerd %{buildroot}/%{_bindir}/dockerd
install -d %{buildroot}/%{_prefix}/lib/docker
install -Dd -m 0755 \
	%{buildroot}%{_sysconfdir}/init.d \
	%{buildroot}%{_sbindir}

install -D -m0644 components/cli/contrib/completion/bash/docker "%{buildroot}%{_sysconfdir}/bash_completion.d/%{name}"
install -D -m0644 components/cli/contrib/completion/zsh/_docker "%{buildroot}%{_sysconfdir}/zsh_completion.d/%{name}"
# copy all for the test package
install -d %{buildroot}%{_prefix}/src/docker/
cp -a components/engine/. %{buildroot}%{_prefix}/src/docker/engine
cp -a components/cli/. %{buildroot}%{_prefix}/src/docker/cli

#
# systemd service
#
install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service
ln -sf service %{buildroot}%{_sbindir}/rcdocker

#
# udev rules that prevents dolphin to show all docker devices and slows down
# upstream report https://bugs.kde.org/show_bug.cgi?id=329930
#
install -D -m 0644 %{SOURCE3} %{buildroot}%{_udevrulesdir}/80-%{name}.rules

# audit rules
install -D -m 0640 %{SOURCE8} %{buildroot}%{_sysconfdir}/audit/rules.d/%{name}.rules

# sysconfig file
install -D -m 644 %{SOURCE4} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.docker

# install manpages (using the ones from the engine)
install -d %{buildroot}%{_mandir}/man1
install -p -m 644 components/cli/man/man1/*.1 %{buildroot}%{_mandir}/man1
install -d %{buildroot}%{_mandir}/man5
install -p -m 644 components/cli/man/man5/Dockerfile.5 %{buildroot}%{_mandir}/man5
install -d %{buildroot}%{_mandir}/man8
install -p -m 644 components/cli/man/man8/*.8 %{buildroot}%{_mandir}/man8

install -D -m 0644 %{SOURCE50} %{buildroot}%{docker_migration_warnfile}
install -D -m 0644 %{SOURCE51} %{buildroot}%{docker_plugin_warnfile}

%fdupes %{buildroot}

%pre
# TODO: Remove this code in the near future.
# In order to make sure we don't print a scary warning when we shouldn't we
# need to test these things (in this order):
# 1. Check that %%{_localstatedir}/lib/docker actually exists (docker daemon has run).
# 2. Check that the migrator has *not* finished.
# 3. Check that %%{_localstatedir}/lib/docker/graph exists (this is a <=1.9.1 thing, but
#    will stick around if it has been migrated -- which is why we need the
#    MIGRATION_TESTFILE check).
# 4. Check that there are images in the graph/ directory.
if [[ -x %{_bindir}/docker && -d "%{docker_store}" && -n "$(find "%{docker_graph}" -maxdepth 1 -type d 2>/dev/null | grep -Ev '_tmp|^%{docker_graph}$')" ]]; then
    # Check if currently installed version of docker is old enough to need migration.
    CURRENT_DOCKER_VERSION=$(docker -v | sed 's/^.*[^0-9]\([0-9]*\.[0-9]*\.[0-9]*\).*$/\1/')
    # This variable will contain the current docker version if migration is needed otherwise it will contain the upgrade point.
    # Next time the docker package needs to be upgraded without restarting the service increase the 1.10.1 to the new version.
    NEED_UPGRADE_VERSION=$(echo -e "$CURRENT_DOCKER_VERSION\n%{last_migration_version}" | sort -V | head -1)

    if [[ $CURRENT_DOCKER_VERSION == $NEED_UPGRADE_VERSION ]]; then
        touch %{docker_migration_testfile}
    fi
fi

getent group docker >/dev/null || groupadd -r docker
%service_add_pre %{name}.service

%post
if [  -e %{docker_migration_testfile} ]; then
    cat %{docker_migration_warnfile} >> /var/adm/update-messages/docker-%{version}-%{release}
else
    if [ -e %{docker_migration_warnfile} ]; then
        rm %{docker_migration_warnfile}
    fi
fi

# TODO: Remove this code in the near future.
# If plugins.json is present, docker will fail to start. It should be noted
# that this was not supported by us, as it was only experimental at the time.
# But handle this migration anyway. https://github.com/docker/docker/releases/tag/v1.13.0
if [ -e /var/lib/docker/plugins/plugins.json ];then
    cat %{docker_plugin_warnfile} >> /var/adm/update-messages/docker-%{version}-%{release}
	mv /var/lib/docker/plugins/plugins.json /var/lib/docker/plugins/_plugins.json.old
fi

%service_add_post %{name}.service
%{fillup_only -n docker}

%preun
%service_del_preun %{name}.service

%postun
if [  -e %{docker_migration_testfile} ]; then
    rm %{docker_migration_testfile}
    export DISABLE_RESTART_ON_UPDATE=yes
fi
%service_del_postun %{name}.service

%files
%defattr(-,root,root)
%doc components/engine/README.md components/engine/LICENSE README_SUSE.md CHANGELOG.md
%{_bindir}/docker
%{_bindir}/dockerd
%{_sbindir}/rcdocker
%{_libexecdir}/docker/
%{_unitdir}/%{name}.service
%config %{_sysconfdir}/audit/rules.d/%{name}.rules
%{_udevrulesdir}/80-%{name}.rules
%{_localstatedir}/adm/fillup-templates/sysconfig.docker
%{_localstatedir}/lib/docker/
%{_mandir}/man1/docker-*.1%{ext_man}
%{_mandir}/man1/docker.1%{ext_man}
%{_mandir}/man5/Dockerfile.5%{ext_man}
%{_mandir}/man8/dockerd.8%{ext_man}

%files bash-completion
%defattr(-,root,root)
%config %{_sysconfdir}/bash_completion.d/%{name}

%files zsh-completion
%defattr(-,root,root)
%config %{_sysconfdir}/zsh_completion.d/%{name}

%files test
%defattr(-,root,root)
%{_prefix}/src/docker/
# exclude binaries
%exclude %{_prefix}/src/docker/engine/bundles/
%exclude %{_prefix}/src/docker/cli/build/
# exclude init configurations other than systemd
%exclude %{_prefix}/src/docker/engine/contrib/init/openrc
%exclude %{_prefix}/src/docker/engine/contrib/init/sysvinit-debian
%exclude %{_prefix}/src/docker/engine/contrib/init/sysvinit-redhat
%exclude %{_prefix}/src/docker/engine/contrib/init/upstart

%changelog