Wed Dec 23 10:47:04 UTC 2015 - fcastelli@suse.com - Add rules for auditd. This is required to fix bnc#959405 ------------------------------------------------------------------- Fri Dec 4 16:08:22 UTC 2015 - normand@linux.vnet.ibm.com - remove 2 patches and add 5 others after 1.9.1 upgrade Removed: docker_missing_ppc64le_netlink_linux_files.patch docker_rename_jump_amd64_as_jump_linux.patch Added: add_bolt_ppc64.patch add_bolt_arm64.patch docker_remove_journald_to_fix_dynbinary_build_on_arm.patch docker_remove_journald_to_fix_dynbinary_build_on_powerpc.patch docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch ------------------------------------------------------------------- Tue Nov 24 10:53:44 UTC 2015 - fcastelli@suse.com - Upgrade to 1.9.1(bnc#956434) * Runtime: - Do not prevent daemon from booting if images could not be restored (#17695) - Force IPC mount to unmount on daemon shutdown/init (#17539) - Turn IPC unmount errors into warnings (#17554) - Fix `docker stats` performance regression (#17638) - Clarify cryptic error message upon `docker logs` if `--log-driver=none` (#17767) - Fix seldom panics (#17639, #17634, #17703) - Fix opq whiteouts problems for files with dot prefix (#17819) - devicemapper: try defaulting to xfs instead of ext4 for performance reasons (#17903, #17918) - devicemapper: fix displayed fs in docker info (#17974) - selinux: only relabel if user requested so with the `z` option (#17450, #17834) - Do not make network calls when normalizing names (#18014) *Client: - Fix `docker login` on windows (#17738) - Fix bug with `docker inspect` output when not connected to daemon (#17715) - Fix `docker inspect -f {{.HostConfig.Dns}} somecontainer` (#17680) * Builder: - Fix regression with symlink behavior in ADD/COPY (#17710) * Networking: - Allow passing a network ID as an argument for `--net` (#17558) - Fix connect to host and prevent disconnect from host for `host` network (#17476) - Fix `--fixed-cidr` issue when gateway ip falls in ip-range and ip-range is not the first block in the network (#17853) - Restore deterministic `IPv6` generation from `MAC` address on default `bridge` network (#17890) - Allow port-mapping only for endpoints created on docker run (#17858) - Fixed an endpoint delete issue with a possible stale sbox (#18102) * Distribution: - Correct parent chain in v2 push when v1Compatibility files on the disk are inconsistent (#18047) ------------------------------------------------------------------- Fri Nov 13 16:58:43 UTC 2015 - fcastelli@suse.com - Update to version 1.9.0 (bnc#954812): * Runtime: - `docker stats` now returns block IO metrics (#15005) - `docker stats` now details network stats per interface (#15786) - Add `ancestor=` filter to `docker ps --filter` flag to filter containers based on their ancestor images (#14570) - Add `label=` filter to `docker ps --filter` to filter containers based on label (#16530) - Add `--kernel-memory` flag to `docker run` (#14006) - Add `--message` flag to `docker import` allowing to specify an optional message (#15711) - Add `--privileged` flag to `docker exec` (#14113) - Add `--stop-signal` flag to `docker run` allowing to replace the container process stopping signal (#15307) - Add a new `unless-stopped` restart policy (#15348) - Inspecting an image now returns tags (#13185) - Add container size information to `docker inspect` (#15796) - Add `RepoTags` and `RepoDigests` field to `/images/{name:.*}/json` (#17275) - Remove the deprecated `/container/ps` endpoint from the API (#15972) - Send and document correct HTTP codes for `/exec//start` (#16250) - Share shm and mqueue between containers sharing IPC namespace (#15862) - Event stream now shows OOM status when `--oom-kill-disable` is set (#16235) - Ensure special network files (/etc/hosts etc.) are read-only if bind-mounted with `ro` option (#14965) - Improve `rmi` performance (#16890) - Do not update /etc/hosts for the default bridge network, except for links (#17325) - Fix conflict with duplicate container names (#17389) - Fix an issue with incorrect template execution in `docker inspect` (#17284) - DEPRECATE `-c` short flag variant for `--cpu-shares` in docker run (#16271) * Client: - Allow `docker import` to import from local files (#11907) * Builder: - Add a `STOPSIGNAL` Dockerfile instruction allowing to set a different stop-signal for the container process (#15307) - Add an `ARG` Dockerfile instruction and a `--build-arg` flag to `docker build` that allows to add build-time environment variables (#15182) - Improve cache miss performance (#16890) * Storage: - devicemapper: Implement deferred deletion capability (#16381) * Networking: - `docker network` exits experimental and is part of standard release (#16645) - New network top-level concept, with associated subcommands and API (#16645) WARNING: the API is different from the experimental API - Support for multiple isolated/micro-segmented networks (#16645) - Built-in multihost networking using VXLAN based overlay driver (#14071) - Support for third-party network plugins (#13424) - Ability to dynamically connect containers to multiple networks (#16645) - Support for user-defined IP address management via pluggable IPAM drivers (#16910) - Add daemon flags `--cluster-store` and `--cluster-advertise` for built-in nodes discovery (#16229) - Add `--cluster-store-opt` for setting up TLS settings (#16644) - Add `--dns-opt` to the daemon (#16031) - DEPRECATE following container `NetworkSettings` fields in API v1.21: `EndpointID`, `Gateway`, `GlobalIPv6Address`, `GlobalIPv6PrefixLen`, `IPAddress`, `IPPrefixLen`, `IPv6Gateway` and `MacAddress`. Those are now specific to the `bridge` network. Use `NetworkSettings.Networks` to inspect the networking settings of a container per network. * Volumes: - New top-level `volume` subcommand and API (#14242) - Move API volume driver settings to host-specific config (#15798) - Print an error message if volume name is not unique (#16009) - Ensure volumes created from Dockerfiles always use the local volume driver (#15507) - DEPRECATE auto-creating missing host paths for bind mounts (#16349) * Logging: - Add `awslogs` logging driver for Amazon CloudWatch (#15495) - Add generic `tag` log option to allow customizing container/image information passed to driver (e.g. show container names) (#15384) - Implement the `docker logs` endpoint for the journald driver (#13707) - DEPRECATE driver-specific log tags (e.g. `syslog-tag`, etc.) (#15384) * Distribution: - `docker search` now works with partial names (#16509) - Push optimization: avoid buffering to file (#15493) - The daemon will display progress for images that were already being pulled by another client (#15489) - Only permissions required for the current action being performed are requested (#) - Renaming trust keys (and respective environment variables) from `offline` to `root` and `tagging` to `repository` (#16894) - DEPRECATE trust key environment variables `DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE` and `DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE` (#16894) * Security: - Add SELinux profiles to the rpm package (#15832) - Fix various issues with AppArmor profiles provided in the deb package (#14609) - Add AppArmor policy that prevents writing to /proc (#15571) - Remove fix_15279.patch: code has been merged upstream - Change systemd unit file to no longer use the deprecated "-d" option (bnc#954737) ------------------------------------------------------------------- Mon Oct 26 14:02:47 UTC 2015 - normand@linux.vnet.ibm.com - new patch to avoid ppc64le build error docker_missing_ppc64le_netlink_linux_files.patch ------------------------------------------------------------------- Mon Oct 12 20:28:46 UTC 2015 - fcastelli@suse.com - Update docker to 1.8.3 version: * Fix layer IDs lead to local graph poisoning (CVE-2014-8178) (bnc#949660) * Fix manifest validation and parsing logic errors allow pull-by-digest validation bypass (CVE-2014-8179) * Add `--disable-legacy-registry` to prevent a daemon from using a v1 registry ------------------------------------------------------------------- Thu Sep 10 22:33:01 UTC 2015 - jmassaguerpla@suse.com - Update docker to 1.8.2 version see detailed changelog in https://github.com/docker/docker/releases/tag/v1.8.2 fix bsc#946653 update do docker 1.8.2 - devicemapper: fix zero-sized field access Fix issue #15279: does not build with Go 1.5 tip Due to golang/go@7904946 the devices field is dropped. This solution works on go1.4 and go1.5 See more in https://github.com/docker/docker/pull/15404 This fix was not included in v1.8.2. See previous link on why. fix_15279.patch: contains the patch for issue#15279 ------------------------------------------------------------------- Fri Aug 21 08:46:30 UTC 2015 - normand@linux.vnet.ibm.com - new patch as per upstream issue https://github.com/docker/docker/issues/14056#issuecomment-113680944 docker_rename_jump_amd64_as_jump_linux.patch ------------------------------------------------------------------- Fri Aug 21 08:07:58 UTC 2015 - normand@linux.vnet.ibm.com - ignore-dockerinit-checksum.patch need -p1 in spec ------------------------------------------------------------------- Thu Aug 13 09:00:25 UTC 2015 - jmassaguerpla@suse.com - Update to docker 1.8.1(bsc#942369 and bsc#942370): - Fix a bug where pushing multiple tags would result in invalid images - Update to docker 1.8.0: see detailed changelog in https://github.com/docker/docker/releases/tag/v1.8.0 - remove docker-netns-aarch64.patch: This patch was adding vendor/src/github.com/vishvananda/netns/netns_linux_arm64.go which is now included upstream, so we don't need this patch anymore ------------------------------------------------------------------- Fri Jul 24 14:24:16 UTC 2015 - jmassaguerpla@suse.com - Exclude archs where docker does not build. Otherwise it gets into and infinite loop when building. We'll fix that later if we want to release for those archs. ------------------------------------------------------------------- Wed Jul 15 08:11:11 UTC 2015 - jmassaguerpla@suse.com - Update to 1.7.1 (2015-07-14) (bnc#938156) Runtime Fix default user spawning exec process with docker exec Make --bridge=none not to configure the network bridge Publish networking stats properly Fix implicit devicemapper selection with static binaries Fix socket connections that hung intermittently Fix bridge interface creation on CentOS/RHEL 6.6 Fix local dns lookups added to resolv.conf Fix copy command mounting volumes Fix read/write privileges in volumes mounted with --volumes-from Remote API Fix unmarshalling of Command and Entrypoint Set limit for minimum client version supported Validate port specification Return proper errors when attach/reattach fail Distribution Fix pulling private images Fix fallback between registry V2 and V1 ------------------------------------------------------------------- Fri Jul 10 11:22:00 UTC 2015 - jmassaguerpla@suse.com - Exclude init scripts other than systemd from the test-package ------------------------------------------------------------------- Wed Jul 1 12:38:50 UTC 2015 - jmassaguerpla@suse.com - Exclude intel 32 bits arch. Docker does not built on that. Let's make it explicit. ------------------------------------------------------------------- Thu Jun 25 16:49:59 UTC 2015 - dmueller@suse.com - rediff ignore-dockerinit-checksum.patch, gcc-go-build-static-libgo.patch to make them apply again. - introduce go_arches for architectures that use the go compiler instead of gcc-go - add docker-netns-aarch64.patch: Add support for AArch64 - enable build for aarch64 ------------------------------------------------------------------- Wed Jun 24 09:02:03 UTC 2015 - fcastelli@suse.com - Build man pages only on platforms where gc compiler is available. ------------------------------------------------------------------- Mon Jun 22 08:48:11 UTC 2015 - fcastelli@suse.com - Updated to 1.7.0 (2015-06-16) - bnc#935570 * Runtime - Experimental feature: support for out-of-process volume plugins - The userland proxy can be disabled in favor of hairpin NAT using the daemon’s `--userland-proxy=false` flag - The `exec` command supports the `-u|--user` flag to specify the new process owner - Default gateway for containers can be specified daemon-wide using the `--default-gateway` and `--default-gateway-v6` flags - The CPU CFS (Completely Fair Scheduler) quota can be set in `docker run` using `--cpu-quota` - Container block IO can be controlled in `docker run` using`--blkio-weight` - ZFS support - The `docker logs` command supports a `--since` argument - UTS namespace can be shared with the host with `docker run --uts=host` * Quality - Networking stack was entirely rewritten as part of the libnetwork effort - Engine internals refactoring - Volumes code was entirely rewritten to support the plugins effort - Sending SIGUSR1 to a daemon will dump all goroutines stacks without exiting * Build - Support ${variable:-value} and ${variable:+value} syntax for environment variables - Support resource management flags `--cgroup-parent`, `--cpu-period`, `--cpu-quota`, `--cpuset-cpus`, `--cpuset-mems` - git context changes with branches and directories - The .dockerignore file support exclusion rules * Distribution - Client support for v2 mirroring support for the official registry * Bugfixes - Firewalld is now supported and will automatically be used when available - mounting --device recursively - Patch 0002-Stripped-dockerinit-binary.patch renamed to fix-docker-init.patch and fixed to build with latest version of docker ------------------------------------------------------------------- Tue Jun 9 16:35:46 UTC 2015 - jmassaguerpla@suse.com - Add test subpackage and fix line numbers in patches ------------------------------------------------------------------- Fri Jun 5 15:29:45 UTC 2015 - fcastelli@suse.com - Fixed ppc64le name inside of spec file ------------------------------------------------------------------- Fri Jun 5 15:23:47 UTC 2015 - fcastelli@suse.com - Build docker on PPC and S390x using gcc-go provided by gcc5 * added sysconfig.docker.ppc64le: make docker daemon start on ppc64le despite some iptables issues. To be removed soon * ignore-dockerinit-checksum.patch: applied only when building with gcc-go. Required to workaround a limitation of gcc-go * gcc-go-build-static-libgo.patch: used only when building with gcc-go, link libgo statically into docker itself. ------------------------------------------------------------------- Wed May 27 10:02:51 UTC 2015 - dmacvicar@suse.de - build and install man pages ------------------------------------------------------------------- Mon May 18 15:08:59 UTC 2015 - fcastelli@suse.com - Update to version 1.6.2 (2015-05-13) [bnc#931301] * Revert change prohibiting mounting into /sys ------------------------------------------------------------------- Fri May 8 15:00:38 UTC 2015 - fcastelli@suse.com Updated to version 1.6.1 (2015-05-07) [bnc#930235] * Security - Fix read/write /proc paths (CVE-2015-3630) - Prohibit VOLUME /proc and VOLUME / (CVE-2015-3631) - Fix opening of file-descriptor 1 (CVE-2015-3627) - Fix symlink traversal on container respawn allowing local privilege escalation (CVE-2015-3629) - Prohibit mount of /sys * Runtime - Update Apparmor policy to not allow mounts - Updated libcontainer-apparmor-fixes.patch: adapt patch to reflect changes introduced by docker 1.6.1 ------------------------------------------------------------------- Thu May 7 13:33:03 UTC 2015 - develop7@develop7.info - Get rid of SocketUser and SocketGroup workarounds for docker.socket ------------------------------------------------------------------- Fri Apr 17 14:02:13 UTC 2015 - fcastelli@suse.com - Updated to version 1.6.0 (2015-04-07) [bnc#908033] * Builder: + Building images from an image ID + build containers with resource constraints, ie `docker build --cpu-shares=100 --memory=1024m...` + `commit --change` to apply specified Dockerfile instructions while committing the image + `import --change` to apply specified Dockerfile instructions while importing the image + basic build cancellation * Client: + Windows Support * Runtime: + Container and image Labels + `--cgroup-parent` for specifying a parent cgroup to place container cgroup within + Logging drivers, `json-file`, `syslog`, or `none` + Pulling images by ID + `--ulimit` to set the ulimit on a container + `--default-ulimit` option on the daemon which applies to all created containers (and overwritten by `--ulimit` on run) - Updated '0002-Stripped-dockerinit-binary.patch' to reflect changes inside of the latest version of Docker. - bnc#908033: support of Docker Registry API v2. ------------------------------------------------------------------- Fri Apr 3 19:57:38 UTC 2015 - dmueller@suse.com - enable build for armv7l ------------------------------------------------------------------- Fri Apr 3 14:59:35 UTC 2015 - fcastelli@suse.com - Updated docker.spec to fixed building with the latest version of our Go pacakge. - Updated 0002-Stripped-dockerinit-binary.patch to fix check made by the docker daemon against the dockerinit binary. ------------------------------------------------------------------- Fri Mar 27 10:29:35 UTC 2015 - fcastelli@suse.com - Updated systemd service and socket units to fix socket activation and to align with best practices recommended by upstram. Moreover socket activation fixes bnc#920645. ------------------------------------------------------------------- Wed Feb 11 13:59:01 UTC 2015 - fcastelli@suse.com - Updated to 1.5.0 (2015-02-10): * Builder: - Dockerfile to use for a given `docker build` can be specified with the `-f` flag - Dockerfile and .dockerignore files can be themselves excluded as part of the .dockerignore file, thus preventing modifications to these files invalidating ADD or COPY instructions cache - ADD and COPY instructions accept relative paths - Dockerfile `FROM scratch` instruction is now interpreted as a no-base specifier - Improve performance when exposing a large number of ports * Hack: - Allow client-side only integration tests for Windows - Include docker-py integration tests against Docker daemon as part of our test suites * Packaging: - Support for the new version of the registry HTTP API - Speed up `docker push` for images with a majority of already existing layers - Fixed contacting a private registry through a proxy * Remote API: - A new endpoint will stream live container resource metrics and can be accessed with the `docker stats` command - Containers can be renamed using the new `rename` endpoint and the associated `docker rename` command - Container `inspect` endpoint show the ID of `exec` commands running in this container - Container `inspect` endpoint show the number of times Docker auto-restarted the container - New types of event can be streamed by the `events` endpoint: ‘OOM’ (container died with out of memory), ‘exec_create’, and ‘exec_start' - Fixed returned string fields which hold numeric characters incorrectly omitting surrounding double quotes * Runtime: - Docker daemon has full IPv6 support - The `docker run` command can take the `--pid=host` flag to use the host PID namespace, which makes it possible for example to debug host processes using containerized debugging tools - The `docker run` command can take the `--read-only` flag to make the container’s root filesystem mounted as readonly, which can be used in combination with volumes to force a container’s processes to only write to locations that will be persisted - Container total memory usage can be limited for `docker run` using the `—memory-swap` flag - Major stability improvements for devicemapper storage driver - Better integration with host system: containers will reflect changes to the host's `/etc/resolv.conf` file when restarted - Better integration with host system: per-container iptable rules are moved to the DOCKER chain - Fixed container exiting on out of memory to return an invalid exit code * Other: - The HTTP_PROXY, HTTPS_PROXY, and NO_PROXY environment variables are properly taken into account by the client when connecting to the Docker daemon ------------------------------------------------------------------- Thu Jan 15 10:00:07 UTC 2015 - fcastelli@suse.com - Updated to 1.4.1 (2014-12-15): * Runtime: - Fix issue with volumes-from and bind mounts not being honored after create (fixes bnc#913213) ------------------------------------------------------------------- Thu Jan 15 09:41:20 UTC 2015 - fcastelli@suse.com - Added e2fsprogs as runtime dependency, this is required when the devicemapper driver is used. (bnc#913211). - Fixed owner & group for docker.socket (thanks to Andrei Dziahel and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752555#5) ------------------------------------------------------------------- Fri Dec 12 16:13:30 UTC 2014 - fcastelli@suse.com - Updated to 1.4.0 (2014-12-11): * Notable Features since 1.3.0: - Set key=value labels to the daemon (displayed in `docker info`), applied with new `-label` daemon flag - Add support for `ENV` in Dockerfile of the form: `ENV name=value name2=value2...` - New Overlayfs Storage Driver - `docker info` now returns an `ID` and `Name` field - Filter events by event name, container, or image - `docker cp` now supports copying from container volumes - Fixed `docker tag`, so it honors `--force` when overriding a tag for existing image. - Changes introduced by 1.3.3 (2014-12-11): * Security: - Fix path traversal vulnerability in processing of absolute symbolic links (CVE-2014-9356) - (bnc#909709) - Fix decompression of xz image archives, preventing privilege escalation (CVE-2014-9357) - (bnc#909710) - Validate image IDs (CVE-2014-9358) - (bnc#909712) * Runtime: - Fix an issue when image archives are being read slowly * Client: - Fix a regression related to stdin redirection - Fix a regression with `docker cp` when destination is the current directory ------------------------------------------------------------------- Wed Nov 26 11:27:06 UTC 2014 - fcastelli@suse.com - Updated to 1.3.2 (2014-11-20) - fixes bnc#907012 (CVE-2014-6407) and bnc#907014 (CVE-2014-6408) * Security: - Fix tar breakout vulnerability - Extractions are now sandboxed chroot - Security options are no longer committed to images * Runtime: - Fix deadlock in `docker ps -f exited=1` - Fix a bug when `--volumes-from` references a container that failed to start * Registry: - `--insecure-registry` now accepts CIDR notation such as 10.1.0.0/16 - Private registries whose IPs fall in the 127.0.0.0/8 range do no need the `--insecure-registry` flag - Skip the experimental registry v2 API when mirroring is enabled - Fixed minor packaging issues. ------------------------------------------------------------------- Fri Oct 31 08:54:47 UTC 2014 - fcastelli@suse.com - Updated to version 1.3.1 2014-10-28) * Security: - Prevent fallback to SSL protocols < TLS 1.0 for client, daemon and registry [CVE-2014-5277] - Secure HTTPS connection to registries with certificate verification and without HTTP fallback unless `--insecure-registry` is specified * Runtime: - Fix issue where volumes would not be shared * Client: - Fix issue with `--iptables=false` not automatically setting `--ip-masq=false` - Fix docker run output to non-TTY stdout * Builder: - Fix escaping `$` for environment variables - Fix issue with lowercase `onbuild` Dockerfile instruction - Restrict envrionment variable expansion to `ENV`, `ADD`, `COPY`, `WORKDIR`, `EXPOSE`, `VOLUME` and `USER` ------------------------------------------------------------------- Mon Oct 20 08:38:30 UTC 2014 - fcastelli@suse.com - Upgraded to version 1.3.0 (2014-10-14) * docker `exec` allows you to run additional processes inside existing containers * docker `create` gives you the ability to create a container via the cli without executing a process * `--security-opts` options to allow user to customize container labels and apparmor profiles * docker `ps` filters * wildcard support to copy/add * move production urls to get.docker.com from get.docker.io * allocate ip address on the bridge inside a valid cidr * use drone.io for pr and ci testing * ability to setup an official registry mirror * Ability to save multiple images with docker `save` ------------------------------------------------------------------- Fri Sep 12 13:21:40 UTC 2014 - cbosdonnat@suse.com - Generated AppArmor profile used mount rules which aren't supported in our version of AppArmor. libcontainer-apparmor-fixes.patch ------------------------------------------------------------------- Thu Sep 4 15:41:39 UTC 2014 - fcastelli@suse.com - Updates to SUSE's readme file. ------------------------------------------------------------------- Mon Aug 25 07:49:48 UTC 2014 - fcastelli@suse.com - Upgraded to version 1.2.0: * Runtime: - Make /etc/hosts /etc/resolv.conf and /etc/hostname editable at runtime - Auto-restart containers using policies - Use /var/lib/docker/tmp for large temporary files - `--cap-add` and `--cap-drop` to tweak what linux capability you want - `--device` to use devices in containers * Client: - `docker search` on private registries - Add `exited` filter to `docker ps --filter` - `docker rm -f` now kills instead of stop - Support for IPv6 addresses in `--dns` flag * Proxy: - Proxy instances in separate processes - Small bug fix on UDP proxy ------------------------------------------------------------------- Fri Aug 8 15:31:41 UTC 2014 - fcastelli@suse.com - Final changes to README_SUSE.md ------------------------------------------------------------------- Fri Aug 8 10:28:48 UTC 2014 - fcastelli@suse.com - Added other small fixes to README_SUSE.md ------------------------------------------------------------------- Thu Aug 7 14:06:30 UTC 2014 - fcastelli@suse.com - Small improvements to README_SUSE.md ------------------------------------------------------------------- Thu Aug 7 13:29:30 UTC 2014 - fcastelli@suse.com - Removed useless sysctl rule. - Added README_SUSE.md ------------------------------------------------------------------- Fri Jul 25 06:17:04 UTC 2014 - fcastelli@suse.com - Updated to 1.1.2: * Runtime: - Fix port allocation for existing containers - Fix containers restart on daemon restart - Updated conflict condition with LXC package. ------------------------------------------------------------------- Fri Jul 18 09:38:47 UTC 2014 - fcastelli@suse.com - Add apparmor-parser runtime dependency ------------------------------------------------------------------- Fri Jul 18 08:44:29 UTC 2014 - fcastelli@suse.com - Build with AppArmor and SELinux support ------------------------------------------------------------------- Wed Jul 16 13:37:23 UTC 2014 - fcastelli@suse.com - Ensure docker can be built only on x86_64 ------------------------------------------------------------------- Wed Jul 16 09:07:45 UTC 2014 - fcastelli@suse.com - Added docker-rpmlintrc to list of source files ------------------------------------------------------------------- Mon Jul 14 09:39:40 UTC 2014 - fcastelli@suse.com - Updated to 1.1.1, notables features since 1.0.0: * Add `.dockerignore` support * Pause containers during `docker commit` * Add `--tail` to `docker logs` * Enhance security for the LXC driver - Builder * Fix issue with ADD * Allow a tar file as context for `docker build` * Fix issue with white-spaces and multi-lines in `Dockerfiles` * Fix `ONBUILD` instruction passed to grandchildren - Runtime * Overall performance improvements * Allow `/` as source of `docker run -v` * Fix port allocation * Fix bug in `docker save` * Add links information to `docker inspect` * Fix events subscription * Fix /etc/hostname file with host networking * Allow `-h` and `--net=none` * Fix issue with hotplug devices in `--privileged` - Client * Improve command line parsing for `docker commit` * Fix artifacts with events * Fix a panic with empty flags - Remote API * Improve status code for the `start` and `stop` endpoints - Miscellaneous * Fix several races ------------------------------------------------------------------- Mon Jul 14 09:03:23 UTC 2014 - fcastelli@suse.com - Fix CVE-2014-3499: systemd socket activation results in privilege escalation [bnc#885209] ------------------------------------------------------------------- Tue Jun 10 15:58:24 UTC 2014 - fcastelli@suse.com - add exclusivearch to reduce to architectures with a working "go" package (patch submitted by Rudy). ------------------------------------------------------------------- Mon Jun 9 21:09:28 UTC 2014 - fcastelli@suse.com - Updated to 1.0.0, Notable features since 0.12.0 * Production support ------------------------------------------------------------------- Mon Jun 9 14:58:12 UTC 2014 - fcastelli@suse.com - Upgraded to 0.12.0: * New `COPY` Dockerfile instruction to allow copying a local file from the context into the container without ever extracting if the file is a tar file * Inherit file permissions from the host on `ADD` * New `pause` and `unpause` commands to allow pausing and unpausing of containers using cgroup freezer * The `images` command has a `-f`/`--filter` option to filter the list of images * Add `--force-rm` to clean up after a failed build * Standardize JSON keys in Remote API to CamelCase * Pull from a docker run now assumes `latest` tag if not specified * Enhance security on Linux capabilities and device nodes ------------------------------------------------------------------- Wed May 21 15:24:11 UTC 2014 - fcastelli@suse.com - Do not require ca-certificates-cert package at runtime, it's not needed. ------------------------------------------------------------------- Wed May 21 14:22:47 UTC 2014 - fcastelli@suse.com - Disabled AUFS backend at build time, we are never going to support that. - Updated rpmlint to ignore missing man page of docker. ------------------------------------------------------------------- Wed May 21 08:10:48 UTC 2014 - smoioli@suse.com - Fixes a merge issue with TTYs: https://github.com/dotcloud/docker/pull/4882 ------------------------------------------------------------------- Thu May 15 15:04:51 UTC 2014 - fcastelli@suse.com - Ensure /etc/sysconfig/docker file is created upon package installation. ------------------------------------------------------------------- Thu May 15 14:35:39 UTC 2014 - fcastelli@suse.com - Updated rpmlintrc ------------------------------------------------------------------- Thu May 15 13:45:03 UTC 2014 - fcastelli@suse.com - Do not specify a custon DOCKERINIT_PATH at build time. ------------------------------------------------------------------- Thu May 15 13:21:44 UTC 2014 - fcastelli@suse.com - Removed 0001-Allowed-installation-of-dockerinit-into-usr-lib64.patch, leave dockerinit installed inside of /usr/lib/docker. ------------------------------------------------------------------- Thu May 15 13:05:20 UTC 2014 - fcastelli@suse.com - Added sysconfig file to handle docker environment file. ------------------------------------------------------------------- Thu May 8 08:09:17 UTC 2014 - fcastelli@suse.com - Update to 0.11.1: * Registry: - Fix push and pull to private registry - 0.11.0 changes: * SELinux support for mount and process labels * Linked containers can be accessed by hostname * Use the net `--net` flag to allow advanced network configuration such as host networking so that containers can use the host's network interfaces * Add a ping endpoint to the Remote API to do healthchecks of your docker daemon * Logs can now be returned with an optional timestamp * Docker now works with registries that support SHA-512 * Multiple registry endpoints are supported to allow registry mirrors ------------------------------------------------------------------- Wed Apr 9 07:28:35 UTC 2014 - fcastelli@suse.com - Updated to version 0.10.0: * Builder: - Fix printing multiple messages on a single line. Fixes broken output during builds. - Follow symlinks inside container's root for ADD build instructions. - Fix EXPOSE caching. * Contrib: - Add variable for DOCKER_LOGFILE to sysvinit and use append instead of overwrite in opening the logfile. - Fix init script cgroup mounting workarounds to be more similar to cgroupfs-mount and thus work properly. - Remove inotifywait hack from the upstart host-integration example because it's not necessary any more. - Add check-config script to contrib. - Fix fish shell completion. * Remote API: - Add TLS auth support for API. - Move git clone from daemon to client. - Fix content-type detection in docker cp. - Split API into 2 go packages. * Runtime: - Support hairpin NAT without going through Docker server. - devicemapper: succeed immediately when removing non-existing devices. - devicemapper: improve handling of devicemapper devices (add per device lock, increase sleep time and unlock while sleeping). - devicemapper: increase timeout in waitClose to 10 seconds. - devicemapper: ensure we shut down thin pool cleanly. - devicemapper: pass info, rather than hash to activateDeviceIfNeeded, deactivateDevice, setInitialized, deleteDevice. - devicemapper: avoid AB-BA deadlock. - devicemapper: make shutdown better/faster. - improve alpha sorting in mflag. - Remove manual http cookie management because the cookiejar is being used. - Use BSD raw mode on Darwin. Fixes nano, tmux and others. - Add FreeBSD support for the client. - Merge auth package into registry. - Add deprecation warning for -t on `docker pull`. - Remove goroutine leak on error. - Update parseLxcInfo to comply with new lxc1.0 format. - Fix attach exit on darwin. - Improve deprecation message. - Retry to retrieve the layer metadata up to 5 times for `docker pull`. - Only unshare the mount namespace for execin. - Merge existing config when committing. - Disable daemon startup timeout. - Fix issue #4681: add loopback interface when networking is disabled. - Add failing test case for issue #4681. - Send SIGTERM to child, instead of SIGKILL. - Show the driver and the kernel version in `docker info` even when not in debug mode. - Always symlink /dev/ptmx for libcontainer. This fixes console related problems. - Fix issue caused by the absence of /etc/apparmor.d. - Don't leave empty cidFile behind when failing to create the container. - Mount cgroups automatically if they're not mounted already. - Use mock for search tests. - Update to double-dash everywhere. - Move .dockerenv parsing to lxc driver. - Move all bind-mounts in the container inside the namespace. - Don't use separate bind mount for container. - Always symlink /dev/ptmx for libcontainer. - Don't kill by pid for other drivers. - Add initial logging to libcontainer. - Sort by port in `docker ps`. - Move networking drivers into runtime top level package. - Add --no-prune to `docker rmi`. - Add time since exit in `docker ps`. - graphdriver: add build tags. - Prevent allocation of previously allocated ports & prevent improve port allocation. - Add support for --since/--before in `docker ps`. - Clean up container stop. - Add support for configurable dns search domains. - Add support for relative WORKDIR instructions. - Add --output flag for docker save. - Remove duplication of DNS entries in config merging. - Add cpuset.cpus to cgroups and native driver options. - Remove docker-ci. - Promote btrfs. btrfs is no longer considered experimental. - Add --input flag to `docker load`. - Return error when existing bridge doesn't match IP address. - Strip comments before parsing line continuations to avoid interpreting instructions as comments. - Fix TestOnlyLoopbackExistsWhenUsingDisableNetworkOption to ignore "DOWN" interfaces. - Add systemd implementation of cgroups and make containers show up as systemd units. - Fix commit and import when no repository is specified. - Remount /var/lib/docker as --private to fix scaling issue. - Use the environment's proxy when pinging the remote registry. - Reduce error level from harmless errors. - Allow --volumes-from to be individual files. - Fix expanding buffer in StdCopy. - Set error regardless of attach or stdin. This fixes #3364. - Add support for --env-file to load environment variables from files. - Symlink /etc/mtab and /proc/mounts. - Allow pushing a single tag. - Shut down containers cleanly at shutdown and wait forever for the containers to shut down. This makes container shutdown on daemon shutdown work properly via SIGTERM. - Don't throw error when starting an already running container. - Fix dynamic port allocation limit. - remove setupDev from libcontainer. - Add API version to `docker version`. - Return correct exit code when receiving signal and make SIGQUIT quit without cleanup. - Fix --volumes-from mount failure. - Allow non-privileged containers to create device nodes. - Skip login tests because of external dependency on a hosted service. - Deprecate `docker images --tree` and `docker images --viz`. - Deprecate `docker insert`. - Include base abstraction for apparmor. This fixes some apparmor related problems on Ubuntu 14.04. - Add specific error message when hitting 401 over HTTP on push. - Fix absolute volume check. - Remove volumes-from from the config. - Move DNS options to hostconfig. - Update the apparmor profile for libcontainer. - Add deprecation notice for `docker commit -run`. ------------------------------------------------------------------- Wed Mar 26 16:47:03 UTC 2014 - fcastelli@suse.com - Updated to 0.9.1: * Builder: - Fix printing multiple messages on a single line. Fixes broken output during builds. * Remote API: - Fix content-type detection in `docker cp`. * Runtime: - Use BSD raw mode on Darwin. Fixes nano, tmux and others. - Only unshare the mount namespace for execin. - Retry to retrieve the layer metadata up to 5 times for `docker pull`. - Merge existing config when committing. - Fix panic in monitor. - Disable daemon startup timeout. - Fix issue #4681: add loopback interface when networking is disabled. - Add failing test case for issue #4681. - Send SIGTERM to child, instead of SIGKILL. - Show the driver and the kernel version in `docker info` even when not in debug mode. - Always symlink /dev/ptmx for libcontainer. This fixes console related problems. - Fix issue caused by the absence of /etc/apparmor.d. - Don't leave empty cidFile behind when failing to create the container. - Improve deprecation message. - Fix attach exit on darwin. - devicemapper: improve handling of devicemapper devices (add per device lock, increase sleep time, unlock while sleeping). - devicemapper: succeed immediately when removing non-existing devices. - devicemapper: increase timeout in waitClose to 10 seconds. - Remove goroutine leak on error. - Update parseLxcInfo to comply with new lxc1.0 format. ------------------------------------------------------------------- Tue Mar 25 21:06:35 UTC 2014 - fcastelli@suse.com - Updated to docker 0.9.0: * Builder: - Avoid extra mount/unmount during build. This fixes mount/unmount related errors during build. - Add error to docker build --rm. This adds missing error handling. - Forbid chained onbuild, `onbuild from` and `onbuild maintainer` triggers. - Make `--rm` the default for `docker build`. * Remote API: - Move code specific to the API to the api package. - Fix header content type for the API. Makes all endpoints use proper content type. - Fix registry auth & remove ping calls from CmdPush and CmdPull. - Add newlines to the JSON stream functions. * Runtime: - Do not ping the registry from the CLI. All requests to registres flow through the daemon. - Check for nil information return in the lxc driver. This fixes panics with older lxc versions. - Devicemapper: cleanups and fix for unmount. Fixes two problems which were causing unmount to fail intermittently. - Devicemapper: remove directory when removing device. Directories don't get left behind when removing the device. - Devicemapper: enable skip_block_zeroing. Improves performance by not zeroing blocks. - Devicemapper: fix shutdown warnings. Fixes shutdown warnings concerning pool device removal. - Ensure docker cp stream is closed properly. Fixes problems with files not being copied by `docker cp`. - Stop making `tcp://` default to `127.0.0.1:4243` and remove the default port for tcp. - Fix `--run` in `docker commit`. This makes `docker commit --run` work again. - Fix custom bridge related options. This makes custom bridges work again. - Mount-bind the PTY as container console. This allows tmux/screen to run. - Add the pure Go libcontainer library to make it possible to run containers using only features of the Linux kernel. - Add native exec driver which uses libcontainer and make it the default exec driver. - Add support for handling extended attributes in archives. - Set the container MTU to be the same as the host MTU. - Add simple sha256 checksums for layers to speed up `docker push`. - Improve kernel version parsing. - Allow flag grouping (`docker run -it`). - Remove chroot exec driver. - Fix divide by zero to fix panic. - Rewrite `docker rmi`. - Fix docker info with lxc 1.0.0. - Fix fedora tty with apparmor. - Don't always append env vars, replace defaults with vars from config. - Fix a goroutine leak. - Switch to Go 1.2.1. - Fix unique constraint error checks. - Handle symlinks for Docker's data directory and for TMPDIR. - Add deprecation warnings for flags (-flag is deprecated in favor of --flag) - Add apparmor profile for the native execution driver. - Move system specific code from archive to pkg/system. - Fix duplicate signal for `docker run -i -t` (issue #3336). - Return correct process pid for lxc. - Add a -G option to specify the group which unix sockets belong to. - Add `-f` flag to `docker rm` to force removal of running containers. - Kill ghost containers and restart all ghost containers when the docker daemon restarts. - Add `DOCKER_RAMDISK` environment variable to make Docker work when the root is on a ramdisk. - Updated requirements according to 0.9.0 release notes. ------------------------------------------------------------------- Wed Feb 19 08:35:27 UTC 2014 - fcastelli@suse.com - updated to Docker 0.8.1 * Builder: - Avoid extra mount/unmount during build. This removes an unneeded mount/unmount operation which was causing problems with devicemapper - Fix regression with ADD of tar files. This stops Docker from decompressing tarballs added via ADD from the local file system - Add error to `docker build --rm`. This adds a missing error check to ensure failures to remove containers are detected and reported * Remote API: - Fix broken images API for version less than 1.7 - Use the right encoding for all API endpoints which return JSON - Move remote api client to api/ - Queue calls to the API using generic socket wait * Runtime: - Fix the use of custom settings for bridges and custom bridges - Refactor the devicemapper code to avoid many mount/unmount race conditions and failures - Remove two panics which could make Docker crash in some situations - Don't ping registry from the CLI client - Enable skip_block_zeroing for devicemapper. This stops devicemapper from always zeroing entire blocks - Fix --run in `docker commit`. This makes docker commit store `--run` in the image configuration - Remove directory when removing devicemapper device. This cleans up leftover mount directories - Drop NET_ADMIN capability for non-privileged containers. Unprivileged containers can't change their network configuration - Ensure `docker cp` stream is closed properly - Avoid extra mount/unmount during container registration. This removes an unneeded mount/unmount operation which was causing problems with devicemapper - Stop allowing tcp:// as a default tcp bin address which binds to 127.0.0.1:4243 and remove the default port - Mount-bind the PTY as container console. This allows tmux and screen to run in a container - Clean up archive closing. This fixes and improves archive handling - Fix engine tests on systems where temp directories are symlinked - Add test methods for save and load - Avoid temporarily unmounting the container when restarting it. This fixes a race for devicemapper during restart - Support submodules when building from a GitHub repository - Quote volume path to allow spaces - Fix remote tar ADD behavior. This fixes a regression which was causing Docker to extract tarballs ------------------------------------------------------------------- Thu Feb 13 09:07:39 UTC 2014 - fcastelli@suse.com - Ensure lxc >= 1.0 is not installed on the system, this version is not compatible with docker yet. ------------------------------------------------------------------- Thu Feb 6 08:48:22 UTC 2014 - fcastelli@suse.com - updated to docker 0.8.0: * Images and containers can be removed much faster * Building an image from source with docker build is now much faster * The Docker daemon starts and stops much faster * The memory footprint of many common operations has been reduced, by streaming files instead of buffering them in memory, fixing memory leaks, and fixing various suboptimal memory allocations * Several race conditions were fixed, making Docker more stable under very high concurrency load. This makes Docker more stable and less likely to crash and reduces the memory footprint of many common operations * All packaging operations are now built on the Go language’s standard tar implementation, which is bundled with Docker itself. This makes packaging more portable across host distributions, and solves several issues caused by quirks and incompatibilities between different distributions of tar * Docker can now create, remove and modify larger numbers of containers and images graciously thanks to more aggressive releasing of system resources. For example the storage driver API now allows Docker to do reference counting on mounts created by the drivers. With the ongoing changes to the networking and execution subsystems of docker testing these areas have been a focus of the refactoring. By moving these subsystems into separate packages we can test, analyze, and monitor coverage and quality of these packages * The Docker daemon supports systemd socket activation * Docker now ships with an experimental storage driver which uses the BTRFS filesystem for copy-on-write * The ADD instruction now supports caching, which avoids unnecessarily re-uploading the same source content again and again when it hasn’t changed * The new ONBUILD instruction adds to your image a “trigger” instruction to be executed at a later time, when the image is used as the base for another build * Many components have been separated into smaller sub-packages, each with a dedicated test suite. As a result the code is better-tested, more readable and easier to change * Docker is officially supported on Mac OSX ------------------------------------------------------------------- Fri Jan 31 18:14:09 UTC 2014 - f_koch@gmx.de - Fix udev file name ------------------------------------------------------------------- Sat Jan 25 14:04:50 UTC 2014 - fcastelli@suse.com - Added again the patch which forces the docker binary to look for the dockerinit file into the right location. Docker's official build system is still bugged. ------------------------------------------------------------------- Sat Jan 25 11:05:42 UTC 2014 - fcastelli@suse.com - updated to 0.7.6: * Builder: - Do not follow symlink outside of build context * Runtime: - Remount bind mounts when ro is specified - Use https for fetching docker version * Other: - Inline the test.docker.io fingerprint - Add ca-certificates to packaging documentation - rpm changes: * remove patch which forced docker to loook for the dockerinit binary into /usr/lib64/docker. Docker's build system now accepts an environment variable to address this issue. * install udev rules inside of /usr/lib/udev as requested by rpmlint. ------------------------------------------------------------------- Fri Jan 10 10:44:23 UTC 2014 - fcastelli@suse.com - updated to 0.7.5: * Builder: - Disable compression for build. More space usage but a much faster upload - Fix ADD caching for certain paths - Do not compress archive from git build * Documentation: * Fix error in GROUP add example * Make sure the GPG fingerprint is inline in the documentation * Give more specific advice on setting up signing of commits for DCO * Runtime: * Fix misspelled container names * Do not add hostname when networking is disabled * Return most recent image from the cache by date * Return all errors from docker wait * Add Content-Type Header "application/json" to GET /version and /info responses * Other: - Update DCO to version 1.1 - Update Makefile to use "docker:GIT_BRANCH" as the generated image name - Update Travis to check for new 1.1 DCO version - 0.7.4 changes: * Builder: - Fix ADD caching issue with . prefixed path - Fix docker build on devicemapper by reverting sparse file tar option - Fix issue with file caching and prevent wrong cache hit - Use same error handling while unmarshalling CMD and ENTRYPOINT * Documentation: - Simplify and streamline Amazon Quickstart - Install instructions use unprefixed fedora image - Update instructions for mtu flag for Docker on GCE - Add Ubuntu Saucy to installation - Fix for wrong version warning on master instead of latest * Runtime: - Only get the image's rootfs when we need to calculate the image size - Correctly handle unmapping UDP ports - Make CopyFileWithTar use a pipe instead of a buffer to save memory on docker build - Fix login message to say pull instead of push - Fix "docker load" help by removing "SOURCE" prompt and mentioning STDIN - Make blank -H option default to the same as no -H was sent - Extract cgroups utilities to own submodule * Other: - Add Travis CI configuration to validate DCO and gofmt requirements - Add Developer Certificate of Origin Text - Upgrade VBox Guest Additions - Check standalone header when pinging a registry server ------------------------------------------------------------------- Tue Jan 7 12:48:30 UTC 2014 - fcastelli@suse.com - Spec file cleanup: removed useless SUSE versions checks around bash and zsh completion sub packages. - Updated runtime dependencies according to what reported by the official documentation. ------------------------------------------------------------------- Tue Jan 7 08:26:37 UTC 2014 - fcastelli@suse.com - Updated to 0.7.3: * Builder: - Update ADD to use the image cache, based on a hash of the added content - Add error message for empty Dockerfile * Documentation: - Fix outdated link to the "Introduction" on www.docker.io - Update the docs to get wider when the screen does - Add information about needing to install LXC when using raw binaries - Update Fedora documentation to disentangle the docker and docker.io conflict - Add a note about using the new `-mtu` flag in several GCE zones - Add FrugalWare installation instructions - Add a more complete example of `docker run` - Fix API documentation for creating and starting Privileged containers - Add missing "name" parameter documentation on "/containers/create" - Add a mention of `lxc-checkconfig` as a way to check for some of the necessary kernel configuration - Update the 1.8 API documentation with some additions that were added to the docs for 1.7 * Hack: - Add missing libdevmapper dependency to the packagers documentation - Update minimum Go requirement to a hard line at Go 1.2+ - Many minor improvements to the Vagrantfile - Add ability to customize dockerinit search locations when compiling (to be used very sparingly only by packagers of platforms who require a nonstandard location) - Add coverprofile generation reporting - Add `-a` to our Go build flags, removing the need for recompiling the stdlib manually - Update Dockerfile to be more canonical and have less spurious warnings during build - Fix some miscellaneous `docker pull` progress bar display issues - Migrate more miscellaneous packages under the "pkg" folder - Update TextMate highlighting to automatically be enabled for files named "Dockerfile" - Reorganize syntax highlighting files under a common "contrib/syntax" directory - Update install.sh script (https://get.docker.io/) to not fail if busybox fails to download or run at the end of the Ubuntu/Debian installation - Add support for container names in bash completion * Packaging: - Add an official Docker client binary for Darwin (Mac OS X) - Remove empty "Vendor" string and added "License" on deb package - Add a stubbed version of "/etc/default/docker" in the deb package * Runtime: - Update layer application to extract tars in place, avoiding file churn while handling whiteouts - Fix permissiveness of mtime comparisons in tar handling (since GNU tar and Go tar do not yet support sub-second mtime precision) - Reimplement `docker top` in pure Go to work more consistently, and even inside Docker-in-Docker (thus removing the shell injection vulnerability present in some versions of `lxc-ps`) - Update `-H unix://` to work similarly to `-H tcp://` by inserting the default values for missing portions - Fix more edge cases regarding dockerinit and deleted or replaced docker or dockerinit files - Update container name validation to include '.' - Fix use of a symlink or non-absolute path as the argument to `-g` to work as expected - Update to handle external mounts outside of LXC, fixing many small mounting quirks and making future execution backends and other features simpler - Update to use proper box-drawing characters everywhere in `docker images -tree` - Move MTU setting from LXC configuration to directly use netlink - Add `-S` option to external tar invocation for more efficient spare file handling - Add arch/os info to User-Agent string, especially for registry requests - Add `-mtu` option to Docker daemon for configuring MTU - Fix `docker build` to exit with a non-zero exit code on error - Add `DOCKER_HOST` environment variable to configure the client `-H` flag without specifying it manually for every invocation ------------------------------------------------------------------- Wed Dec 18 08:35:14 UTC 2013 - fcastelli@suse.com - Removed docker.init file from OBS, it's no longer needed since we moved to systemd. ------------------------------------------------------------------- Tue Dec 17 17:25:47 UTC 2013 - fcastelli@suse.com - Required git-core rather than the full package chain. ------------------------------------------------------------------- Tue Dec 17 10:59:08 UTC 2013 - fcastelli@suse.com - Fixed openSUSE 12.3 package by adding explicit requirement of systemd-devel package at build time. ------------------------------------------------------------------- Tue Dec 17 10:09:04 UTC 2013 - fcastelli@suse.com - Updated to docker 0.7.2: * Runtime: - Validate container names on creation with standard regex - Increase maximum image depth to 127 from 42 - Continue to move api endpoints to the job api - Add -bip flag to allow specification of dynamic bridge IP via CIDR - Allow bridge creation when ipv6 is not enabled on certain systems - Set hostname and IP address from within dockerinit - Drop capabilities from within dockerinit - Fix volumes on host when symlink is present the image - Prevent deletion of image if ANY container is depending on it even if the container is not running - Update docker push to use new progress display - Use os.Lstat to allow mounting unix sockets when inspecting volumes - Adjusted handling of inactive user login - Add missing defines in devicemapper for older kernels - Allow untag operations with no container validation - Add auth config to docker build * Documentation: - Add more information about Docker logging - Add RHEL documentation - Add a direct example for changing the CMD that is run in a container - Update Arch installation documentation - Add section on Trusted Builds - Add Network documentation page * Other: - Add new cover bundle for providing code coverage reporting - Separate integration tests in bundles - Make Tianon the hack maintainer - Update mkimage-debootstrap with more tweaks for keeping images small - Use https to get the install script - Remove vendored dotcloud/tar now that Go 1.2 has been released - Marked /etc/sysctl.d/200-docker.conf as configuration file within the spec file. - Added 'ca-certificates-cacert' as runtime dependency, this is required to pull containers from docker's official repository. ------------------------------------------------------------------- Thu Dec 12 08:41:30 UTC 2013 - fcastelli@suse.com - Removed dnsmasq dependency - Added GNU tar as an explicit dependency - Moved to systemd - Updated to docker 0.7.1: * Add @SvenDowideit as documentation maintainer * Add links example * Add documentation regarding ambassador pattern * Add Google Cloud Platform docs * Add dockerfile best practices * Update doc for RHEL * Update doc for registry * Update Postgres examples * Update doc for Ubuntu install * Improve remote api doc - modified patches: * 0001-Allowed-installation-of-dockerinit-into-usr-lib64.patch: changed to apply against the updated codebase. ------------------------------------------------------------------- Thu Nov 28 10:18:12 UTC 2013 - fcastelli@suse.com - Updated runtime dependencies according to docker's official guidelines. ------------------------------------------------------------------- Thu Nov 28 09:25:05 UTC 2013 - fcastelli@suse.com - Fixed packaging errors: * dockerinit binary was not built, causing docker to be unusable. * added custom rpmlint rules. ------------------------------------------------------------------- Tue Nov 26 15:59:38 UTC 2013 - fcastelli@suse.com * rpm changes: * do no longer require a AUFS cable kernel at runtime. * build docker using intree dependencies provided by upstream. * created zsh completion sub-package. * 0.7.0 (2013-11-25) - Storage drivers: choose from aufs, device mapper, vfs or btrfs. - Standard Linux support: docker now runs on unmodified linux kernels and all major distributions. - Links: compose complex software stacks by connecting containers to each other. - Container naming: organize your containers by giving them memorable names. - Advanced port redirects: specify port redirects per interface, or keep sensitive ports private. - Offline transfer: push and pull images to the filesystem without losing information. - Quality: numerous bugfixes and small usability improvements. Significant increase in test coverage. * 0.6.7 (2013-11-21) - Improved stability, fixes some race conditons - Skip the volumes mounted when deleting the volumes of container. - Fix layer size computation: handle hard links correctly - Use the work Path for docker cp CONTAINER:PATH - Fix tmp dir never cleanup - Speedup docker ps - More informative error message on name collisions - Fix nameserver regex - Always return long id's - Fix container restart race condition - Keep published ports on docker stop;docker start - Fix container networking on Fedora - Correctly express "any address" to iptables - Fix network setup when reconnecting to ghost container - Prevent deletion if image is used by a running container - Lock around read operations in graph - remote API: return full ID on docker rmi - client: - Add -tree option to images - Offline image transfer - Exit with status 2 on usage error and display usage on stderr - Do not forward SIGCHLD to container - Use string timestamp for docker events -since * 0.6.6 (2013-11-06) - Ensure container name on register - Fix regression in /etc/hosts - Add lock around write operations in graph - Check if port is valid - Fix restart runtime error with ghost container networking - Added some more colors and animals to increase the pool of generated names - Fix issues in docker inspect - Escape apparmor confinement - Set environment variables using a file. - Prevent docker insert to erase something - Prevent DNS server conflicts in CreateBridgeIface - Validate bind mounts on the server side - Use parent image config in docker build - Fix regression in /etc/hosts - Client: * Add -P flag to publish all exposed ports * Add -notrunc and -q flags to docker history * Fix docker commit, tag and import usage * Add stars, trusted builds and library flags in docker search * Fix docker logs with tty - RemoteAPI: * Make /events API send headers immediately * Do not split last column docker top + Add size to history * 0.6.5 (2013-10-29) - Containers can now be named - Containers can now be linked together for service discovery - 'run -a', 'start -a' and 'attach' can forward signals to the container for better integration with process supervisors - Automatically start crashed containers after a reboot - Expose IP, port, and proto as separate environment vars for container links - Allow ports to be published to specific ips - Prohibit inter-container communication by default - Ignore ErrClosedPipe for stdin in Container.Attach - Remove unused field kernelVersion - Fix issue when mounting subdirectories of /mnt in container - Fix untag during removal of images - Check return value of syscall.Chdir when changing working directory inside dockerinit - Client: - Only pass stdin to hijack when needed to avoid closed pipe errors - Use less reflection in command-line method invocation - Monitor the tty size after starting the container, not prior - Remove useless os.Exit() calls after log.Fatal - Documentation: Fix the flags for nc in example - Testing: Remove warnings and prevent mount issues - Testing: Change logic for tty resize to avoid warning in tests - Builder: Fix race condition in docker build with verbose output - Registry: Fix content-type for PushImageJSONIndex method - Contrib: Improve helper tools to generate debian and Arch linux server images * 0.6.4 (2013-10-16) - Add cleanup of container when Start() fails - Add better comments to utils/stdcopy.go - Add utils.Errorf for error logging - Add -rm to docker run for removing a container on exit - Remove error messages which are not actually errors - Fix `docker rm` with volumes - Fix some error cases where a HTTP body might not be closed - Fix panic with wrong dockercfg file - Fix the attach behavior with -i - Record termination time in state. - Use empty string so TempDir uses the OS's temp dir automatically - Make sure to close the network allocators - Autorestart containers by default - Bump vendor kr/pty to commit 3b1f6487b `(syscall.O_NOCTTY)` - lxc: Allow set_file_cap capability in container - Move run -rm to the cli only - Split stdout stderr - Always create a new session for the container - Builder: Abort build if mergeConfig returns an error and fix duplicate error message - Packaging: Remove deprecated packaging directory - Registry: Use correct auth config when logging in. - Registry: Fix the error message so it is the same as the regex ------------------------------------------------------------------- Wed Oct 2 12:04:09 UTC 2013 - fcastelli@suse.com * 0.6.3 (2013-09-23) - Client: Fix detach issue - Runtime: Only copy and change permissions on non-bindmount volumes - Registry: Update regular expression to match index * Runtime: Allow multiple volumes-from * Packaging: Download apt key over HTTPS * Documentation: Update section on extracting the docker binary after build * Documentation: Update development environment docs for new build process * Documentation: Remove 'base' image from documentation * Packaging: Add 'docker' group on install for ubuntu package - Runtime: Fix HTTP imports from STDIN ------------------------------------------------------------------- Thu Sep 26 10:33:21 UTC 2013 - fcastelli@suse.com - Fixed build on SLE_11_SP3 ------------------------------------------------------------------- Mon Sep 23 10:17:17 UTC 2013 - fcastelli@suse.com - Fixed git commit version: the wrong version was showed by 'docker version'. ------------------------------------------------------------------- Mon Sep 23 09:56:42 UTC 2013 - fcastelli@suse.com * 0.6.2 (2013-09-17) Hack: Vendor all dependencies Builder: Add -rm option in order to remove intermediate containers Runtime: Add domainname support Runtime: Implement image filtering with path.Match Builder: Allow multiline for the RUN instruction Runtime: Remove unnecesasry warnings Runtime: Only mount the hostname file when the config exists Runtime: Handle signals within the docker login command Runtime: Remove os/user dependency Registry: Implement login with private registry Remote API: Bump to v1.5 Packaging: Break down hack/make.sh into small scripts, one per 'bundle': test, binary, ubuntu etc. Documentation: General improvments Runtime: UID and GID are now also applied to volumes Runtime: docker start set error code upon error Runtime: docker run set the same error code as the process started Registry: Fix push issues ------------------------------------------------------------------- Mon Aug 26 14:22:34 UTC 2013 - fcastelli@suse.com * 0.6.1 (2013-08-23) Registry: Pass "meta" headers in API calls to the registry Packaging: Use correct upstart script with new build tool Packaging: Use libffi-dev, don't build it from sources Packaging: Removed duplicate mercurial install command * 0.6.0 (2013-08-22) Runtime: Load authConfig only when needed and fix useless WARNING Runtime: Add lxc-conf flag to allow custom lxc options Runtime: Fix race conditions in parallel pull Runtime: Improve CMD, ENTRYPOINT, and attach docs. Documentation: Small fix to docs regarding adding docker groups Documentation: Add MongoDB image example Builder: Add USER instruction do Dockerfile Documentation: updated default -H docs Remote API: Sort Images by most recent creation date. Builder: Add workdir support for the Buildfile Runtime: Add an option to set the working directory Runtime: Show tag used when image is missing Documentation: Update readme with dependencies for building Documentation: Add instructions for creating and using the docker group Remote API: Reworking opaque requests in registry module Runtime: Fix Graph ByParent() to generate list of child images per parent image. Runtime: Add Image name to LogEvent tests Documentation: Add sudo to examples and installation to documentation Hack: Bash Completion: Limit commands to containers of a relevant state Remote API: Add image name in /events Runtime: Apply volumes-from before creating volumes Runtime: Make docker run handle SIGINT/SIGTERM Runtime: Prevent crash when .dockercfg not readable Hack: Add docker dependencies coverage testing into docker-ci Runtime: Add -privileged flag and relevant tests, docs, and examples Packaging: Docker-brew 0.5.2 support and memory footprint reduction Runtime: Install script should be fetched over https, not http. Packaging: Add new docker dependencies into docker-ci Runtime: Use Go 1.1.2 for dockerbuilder Registry: Improve auth push Runtime: API, issue 1471: Use groups for socket permissions Documentation: PostgreSQL service example in documentation Contrib: bash completion script Tests: Improve TestKillDifferentUser to prevent timeout on buildbot Documentation: Fix typo in docs for docker run -dns Documentation: Adding a reference to ps -a Runtime: Correctly detect IPv4 forwarding Packaging: Revert "docker.upstart: avoid spawning a sh process" Runtime: Use ranged for loop on channels Runtime: Fix typo: fmt.Sprint -> fmt.Sprintf Tests: Fix typo in TestBindMounts (runContainer called without image) Runtime: add websocket support to /container//attach/ws Runtime: Mount /dev/shm as a tmpfs Builder: Only count known instructions as build steps Builder: Fix docker build and docker events output Runtime: switch from http to https for get.docker.io Tests: Improve TestGetContainersTop so it does not rely on sleep Packaging: Docker-brew and Docker standard library Testing: Add some tests in server and utils Packaging: Release docker with docker Builder: Make sure ENV instruction within build perform a commit each time Packaging: Fix the upstart script generated by get.docker.io Runtime: fix small \n error un docker build Runtime: Let userland proxy handle container-bound traffic Runtime: Updated the Docker CLI to specify a value for the "Host" header. Runtime: Add warning when net.ipv4.ip_forwarding = 0 Registry: Registry unit tests + mock registry Runtime: fixed #910. print user name to docker info output Builder: Forbid certain paths within docker build ADD Runtime: change network range to avoid conflict with EC2 DNS Tests: Relax the lo interface test to allow iface index != 1 Documentation: Suggest installing linux-headers by default. Documentation: Change the twitter handle Client: Add docker cp command and copy api endpoint to copy container files/folders to the host Remote API: Use mime pkg to parse Content-Type Runtime: Reduce connect and read timeout when pinging the registry Documentation: Update amazon.rst to explain that Vagrant is not necessary for running Docker on ec2 Packaging: Enabled the docs to generate manpages. Runtime: Parallel pull Runtime: Handle ip route showing mask-less IP addresses Documentation: Clarify Amazon EC2 installation Documentation: 'Base' image is deprecated and should no longer be referenced in the docs. Runtime: Fix to "Inject dockerinit at /.dockerinit" Runtime: Allow ENTRYPOINT without CMD Runtime: Always consider localhost as a domain name when parsing the FQN repos name Remote API: 650 http utils and user agent field Documentation: fix a typo in the ubuntu installation guide Builder: Repository name (and optionally a tag) in build usage Documentation: Move note about officially supported kernel Packaging: Revert "Bind daemon to 0.0.0.0 in Vagrant. Builder: Add no cache for docker build Runtime: Add hostname to environment Runtime: Add last stable version in docker version Builder: Make sure ADD will create everything in 0755 Documentation: Add ufw doc Tests: Add registry functional test to docker-ci Documentation: Solved the logo being squished in Safari Runtime: Use utils.ParseRepositoryTag instead of strings.Split(name, ":") in server.ImageDelete Runtime: Refactor checksum Runtime: Improve connect message with socket error Documentation: Added information about Docker's high level tools over LXC. Don't read from stdout when only attached to stdin ------------------------------------------------------------------- Wed Aug 7 15:11:23 UTC 2013 - fcastelli@suse.com * added commits required to get docker working with a private registry. * 0.5.1 (2013-07-30) API: Docker client now sets useragent (RFC 2616) Runtime: Add ps args to docker top Runtime: Add support for container ID files (pidfile like) Runtime: Add container=lxc in default env Runtime: Support networkless containers with docker run -n and docker -d -b=none API: Add /events endpoint Builder: ADD command now understands URLs Builder: CmdAdd and CmdEnv now respect Dockerfile-set ENV variables Hack: Simplify unit tests with helpers Hack: Improve docker.upstart event Hack: Add coverage testing into docker-ci Runtime: Stdout/stderr logs are now stored in the same file as JSON Runtime: Allocate a /16 IP range by default, with fallback to /24. Try 12 ranges instead of 3. Runtime: Change .dockercfg format to json and support multiple auth remote Runtime: Do not override volumes from config Runtime: Fix issue with EXPOSE override Builder: Create directories with 755 instead of 700 within ADD instruction ------------------------------------------------------------------- Thu Jul 25 09:43:48 UTC 2013 - fcastelli@suse.com 0.5.0 (2013-07-17) Runtime: List all processes running inside a container with 'docker top' Runtime: Host directories can be mounted as volumes with 'docker run -v' Runtime: Containers can expose public UDP ports (eg, '-p 123/udp') Runtime: Optionally specify an exact public port (eg. '-p 80:4500') Registry: New image naming scheme inspired by Go packaging convention allows arbitrary combinations of registries Builder: ENTRYPOINT instruction sets a default binary entry point to a container Builder: VOLUME instruction marks a part of the container as persistent data Builder: 'docker build' displays the full output of a build by default Runtime: 'docker login' supports additional options Runtime: Dont save a container's hostname when committing an image. Registry: Fix issues when uploading images to a private registry 0.4.8 (2013-07-01) Builder: New build operation ENTRYPOINT adds an executable entry point to the container. Runtime: Fix a bug which caused 'docker run -d' to no longer print the container ID. Tests: Fix issues in the test suite 0.4.7 (2013-06-28) Registry: easier push/pull to a custom registry Remote API: the progress bar updates faster when downloading and uploading large files Remote API: fix a bug in the optional unix socket transport Runtime: improve detection of kernel version Runtime: host directories can be mounted as volumes with 'docker run -b' Runtime: fix an issue when only attaching to stdin Runtime: use 'tar --numeric-owner' to avoid uid mismatch across multiple hosts Hack: improve test suite and dev environment Hack: remove dependency on unit tests on 'os/user' Documentation: add terminology section 0.4.6 (2013-06-22) Runtime: fix a bug which caused creation of empty images (and volumes) to crash. 0.4.5 (2013-06-21) Builder: 'docker build git://URL' fetches and builds a remote git repository Runtime: 'docker ps -s' optionally prints container size Tests: Improved and simplified Runtime: fix a regression introduced in 0.4.3 which caused the logs command to fail. Builder: fix a regression when using ADD with single regular file. 0.4.4 (2013-06-19) Builder: fix a regression introduced in 0.4.3 which caused builds to fail on new clients. 0.4.3 (2013-06-19) Builder: ADD of a local file will detect tar archives and unpack them Runtime: Remove bsdtar dependency Runtime: Add unix socket and multiple -H support Runtime: Prevent rm of running containers Runtime: Use go1.1 cookiejar Builder: ADD improvements: use tar for copy + automatically unpack local archives Builder: ADD uses tar/untar for copies instead of calling 'cp -ar' Builder: nicer output for 'docker build' Builder: fixed the behavior of ADD to be (mostly) reverse-compatible, predictable and well-documented. Client: HumanReadable ProgressBar sizes in pull Client: Fix docker version's git commit output API: Send all tags on History API call API: Add tag lookup to history command. Fixes #882 Runtime: Fix issue detaching from running TTY container Runtime: Forbid parralel push/pull for a single image/repo. Fixes #311 Runtime: Fix race condition within Run command when attaching. Builder: fix a bug which caused builds to fail if ADD was the first command Documentation: fix missing command in irc bouncer example 0.4.2 (2013-06-17) Packaging: Bumped version to work around an Ubuntu bug 0.4.1 (2013-06-17) Remote Api: Add flag to enable cross domain requests Remote Api/Client: Add images and containers sizes in docker ps and docker images Runtime: Configure dns configuration host-wide with 'docker -d -dns' Runtime: Detect faulty DNS configuration and replace it with a public default Runtime: allow docker run : Runtime: you can now specify public port (ex: -p 80:4500) Client: allow multiple params in inspect Client: Print the container id before the hijack in docker run Registry: add regexp check on repo's name Registry: Move auth to the client Runtime: improved image removal to garbage-collect unreferenced parents Vagrantfile: Add the rest api port to vagrantfile's port_forward Upgrade to Go 1.1 Builder: don't ignore last line in Dockerfile when it doesn't end with \n Registry: Remove login check on pull 0.4.0 (2013-06-03) Introducing Builder: 'docker build' builds a container, layer by layer, from a source repository containing a Dockerfile Introducing Remote API: control Docker programmatically using a simple HTTP/json API Runtime: various reliability and usability improvements 0.3.4 (2013-05-30) Builder: 'docker build' builds a container, layer by layer, from a source repository containing a Dockerfile Builder: 'docker build -t FOO' applies the tag FOO to the newly built container. Runtime: interactive TTYs correctly handle window resize Runtime: fix how configuration is merged between layers Remote API: split stdout and stderr on 'docker run' Remote API: optionally listen on a different IP and port (use at your own risk) Documentation: improved install instructions. 0.3.3 (2013-05-23) Registry: Fix push regression Various bugfixes 0.3.2 (2013-05-09) Runtime: Store the actual archive on commit Registry: Improve the checksum process Registry: Use the size to have a good progress bar while pushing Registry: Use the actual archive if it exists in order to speed up the push Registry: Fix error 400 on push 0.3.1 (2013-05-08) Builder: Implement the autorun capability within docker builder Builder: Add caching to docker builder Builder: Add support for docker builder with native API as top level command Runtime: Add go version to debug infos Builder: Implement ENV within docker builder Registry: Add docker search top level command in order to search a repository Images: output graph of images to dot (graphviz) Documentation: new introduction and high-level overview Documentation: Add the documentation for docker builder Website: new high-level overview Makefile: Swap "go get" for "go get -d", especially to compile on go1.1rc Images: fix ByParent function Builder: Check the command existance prior create and add Unit tests for the case Registry: Fix pull for official images with specific tag Registry: Fix issue when login in with a different user and trying to push Documentation: CSS fix for docker documentation to make REST API docs look better. Documentation: Fixed CouchDB example page header mistake Documentation: fixed README formatting Registry: Improve checksum - async calculation Runtime: kernel version - don't show the dash if flavor is empty Documentation: updated www.docker.io website. Builder: use any whitespaces instead of tabs Packaging: packaging ubuntu; issue #510: Use goland-stable PPA package to build docker ------------------------------------------------------------------- Tue May 7 09:09:34 UTC 2013 - fcastelli@suse.com * Update to 0.3.0 (2013-05-06) - Registry: Implement the new registry - Documentation: new example: sharing data between 2 couchdb databases - Runtime: Fix the command existance check - Runtime: strings.Split may return an empty string on no match - Runtime: Fix an index out of range crash if cgroup memory is not - Documentation: Various improvments - Vagrant: Use only one deb line in /etc/apt ------------------------------------------------------------------- Mon May 6 16:00:00 UTC 2013 - fcastelli@suse.com - Update to version 0.2.2 * 0.2.2 (2013-05-03) - Support for data volumes ('docker run -v=PATH') - Share data volumes between containers ('docker run -volumes-from') - Improved documentation - Upgrade to Go 1.0.3 - Various upgrades to the dev environment for contributors * 0.2.1 (2013-05-01) - 'docker commit -run' bundles a layer with default runtime options: command, ports etc. - Improve install process on Vagrant - New Dockerfile operation: "maintainer" - New Dockerfile operation: "expose" - New Dockerfile operation: "cmd" - Contrib script to build a Debian base layer - 'docker -d -r': restart crashed containers at daemon startup - Runtime: improve test coverage * 0.2.0 (2013-04-23) - Runtime: ghost containers can be killed and waited for - Documentation: update install intructions - Packaging: fix Vagrantfile - Development: automate releasing binaries and ubuntu packages - Add a changelog - Various bugfixes * 0.1.8 (2013-04-22) - Dynamically detect cgroup capabilities - Issue stability warning on kernels <3.8 - 'docker push' buffers on disk instead of memory - Fix 'docker diff' for removed files - Fix 'docker stop' for ghost containers - Fix handling of pidfile - Various bugfixes and stability improvements * 0.1.7 (2013-04-18) - Container ports are available on localhost - 'docker ps' shows allocated TCP ports - Contributors can run 'make hack' to start a continuous integration VM - Streamline ubuntu packaging & uploading - Various bugfixes and stability improvements * 0.1.6 (2013-04-17) - Record the author an image with 'docker commit -author' * 0.1.5 (2013-04-17) - Disable standalone mode - Use a custom DNS resolver with 'docker -d -dns' - Detect ghost containers - Improve diagnosis of missing system capabilities - Allow disabling memory limits at compile time - Add debian packaging - Documentation: installing on Arch Linux - Documentation: running Redis on docker - Fixed lxc 0.9 compatibility - Automatically load aufs module - Various bugfixes and stability improvements * 0.1.4 (2013-04-09): - Full support for TTY emulation - Detach from a TTY session with the escape sequence C-p C-q - Various bugfixes and stability improvements - Minor UI improvements - Automatically create our own bridge interface 'docker0' ------------------------------------------------------------------- Wed Apr 10 10:31:11 UTC 2013 - fcastelli@suse.com - Apply patch that creates pidfile. - Update the init script to look for the pidfile under the right location. - Update the init script to acknowledge the code taken from Ubuntu's lxc-net script. ------------------------------------------------------------------- Tue Apr 9 08:24:33 UTC 2013 - fcastelli@suse.com - create initial package using version 0.1.3 from git commit 0767916adedb01