ae8b5fe738
<https://github.com/docker/buildx/releases/tag/v0.19.3> OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=423
4250 lines
203 KiB
Plaintext
4250 lines
203 KiB
Plaintext
-------------------------------------------------------------------
|
||
Tue Dec 17 13:20:39 UTC 2024 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Update to docker-buildx 0.19.3. See upstream changelog online at
|
||
<https://github.com/docker/buildx/releases/tag/v0.19.3>
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Dec 13 06:12:25 UTC 2024 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Update to Docker 27.4.0-ce. See upstream changelog online at
|
||
<https://docs.docker.com/engine/release-notes/27/#274>
|
||
- Rebase patches:
|
||
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
|
||
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
|
||
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
|
||
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
|
||
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
|
||
* cli-0001-docs-include-required-tools-in-source-tree.patch
|
||
- Remove upstreamed patches:
|
||
- 0006-bsc1221916-update-to-patched-buildkit-version-to-fix.patch
|
||
- 0007-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 11 10:14:56 UTC 2024 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Update docker-buildx to v0.19.2. See upstream changelog online at
|
||
<https://github.com/docker/buildx/releases/tag/v0.19.2>.
|
||
|
||
Some notable changelogs from the last update:
|
||
* <https://github.com/docker/buildx/releases/tag/v0.19.0>
|
||
* <https://github.com/docker/buildx/releases/tag/v0.18.0>
|
||
- Update to Go 1.22.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 11 05:39:42 UTC 2024 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Add a new toggle file /etc/docker/suse-secrets-enable which allows users to
|
||
disable the SUSEConnect integration with Docker (which creates special mounts
|
||
in /run/secrets to allow container-suseconnect to authenticate containers
|
||
with registries on registered hosts). bsc#1231348 bsc#1232999
|
||
|
||
In order to disable these mounts, just do
|
||
|
||
echo 0 > /etc/docker/suse-secrets-enable
|
||
|
||
and restart Docker. In order to re-enable them, just do
|
||
|
||
echo 1 > /etc/docker/suse-secrets-enable
|
||
|
||
and restart Docker. Docker will output information on startup to tell you
|
||
whether the SUSE secrets feature is enabled or not.
|
||
|
||
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 27 12:10:42 UTC 2024 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Disable docker-buildx builds for SLES. It turns out that build containers
|
||
with docker-buildx don't currently get the SUSE secrets mounts applied,
|
||
meaning that container-suseconnect doesn't work when building images.
|
||
bsc#1233819
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 20 05:34:38 UTC 2024 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Add docker-integration-tests-devel subpackage for building and running the
|
||
upstream Docker integration tests on machines to test that Docker works
|
||
properly. Users should not install this package.
|
||
- docker-rpmlintrc updated to include allow-list for all of the integration
|
||
tests package, since it contains a bunch of stuff that wouldn't normally be
|
||
allowed.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Nov 12 06:34:28 UTC 2024 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from
|
||
sysconfig a long time ago, and apparently this causes issues with systemd in
|
||
some cases.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 16 22:24:52 UTC 2024 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Further merge docker and docker-stable specfiles to minimise the differences.
|
||
The main thing is that we now include both halves of the
|
||
Conflicts/Provides/Obsoletes dance in both specfiles.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 16 05:37:14 UTC 2024 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Update to docker-buildx v0.17.1 to match standalone docker-buildx package we
|
||
are replacing. See upstream changelog online at
|
||
<https://github.com/docker/buildx/releases/tag/v0.17.1>
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 18 13:47:45 UTC 2024 - Ana Guerrero <ana.guerrero@suse.com>
|
||
|
||
- Add %{_sysconfdir}/audit/rules.d to filelist.
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Sep 7 06:07:50 UTC 2024 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Mark docker-buildx as required since classic "docker build" has been
|
||
deprecated since Docker 23.0. bsc#1230331
|
||
- Import docker-buildx v0.16.2 as a subpackage. Previously this was a separate
|
||
package, but with docker-stable it will be necessary to maintain the packages
|
||
together and it makes more sense to have them live in the same OBS package.
|
||
bsc#1230333
|
||
- Make some minor name macro updates to help with the docker-stable package
|
||
fork.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 31 05:28:09 UTC 2024 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Update to Docker 26.1.5-ce. See upstream changelog online at
|
||
<https://docs.docker.com/engine/release-notes/26.1/#2615>
|
||
bsc#1230294
|
||
- This update includes fixes for:
|
||
* CVE-2024-41110. bsc#1228324
|
||
* CVE-2023-47108. bsc#1217070
|
||
* CVE-2023-45142. bsc#1228553
|
||
- Rebase patches:
|
||
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
|
||
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
|
||
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
|
||
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
|
||
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
|
||
* 0006-bsc1221916-update-to-patched-buildkit-version-to-fix.patch
|
||
* 0007-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch
|
||
* cli-0001-docs-include-required-tools-in-source-tree.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 31 04:58:15 UTC 2024 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
[NOTE: This update was only ever released in SLES and Leap.]
|
||
|
||
- Update to Docker 25.0.6-ce. See upstream changelog online at
|
||
<https://docs.docker.com/engine/release-notes/25.0/#2506>
|
||
- This update includes fixes for:
|
||
* CVE-2024-41110. bsc#1228324
|
||
* CVE-2023-47108. bsc#1217070 bsc#1229806
|
||
* CVE-2023-45142. bsc#1228553 bsc#1229806
|
||
- Rebase patches:
|
||
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
|
||
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
|
||
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
|
||
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
|
||
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
|
||
* 0006-bsc1221916-update-to-patched-buildkit-version-to-fix.patch
|
||
* 0007-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 24 08:15:24 UTC 2024 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Rebase patches:
|
||
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
|
||
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
|
||
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
|
||
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
|
||
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
|
||
- Fix BuildKit's symlink resolution logic to correctly handle non-lexical
|
||
symlinks. Backport of <https://github.com/moby/buildkit/pull/4896> and
|
||
<https://github.com/moby/buildkit/pull/5060>. bsc#1221916
|
||
+ 0006-bsc1221916-update-to-patched-buildkit-version-to-fix.patch
|
||
- Write volume options atomically so sudden system crashes won't result in
|
||
future Docker starts failing due to empty files. Backport of
|
||
<https://github.com/moby/moby/pull/48034>. bsc#1214855
|
||
+ 0007-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 6 04:17:23 UTC 2024 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Update to Docker 26.1.4-ce. See upstream changelog online at
|
||
<https://docs.docker.com/engine/release-notes/26.1/#2614>
|
||
- Rebase patches:
|
||
* cli-0001-docs-include-required-tools-in-source-tree.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 24 13:43:30 UTC 2024 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Update to Docker 26.1.0-ce. See upstream changelog online at
|
||
<https://docs.docker.com/engine/release-notes/26.1/#2610>
|
||
- Rebase patches:
|
||
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
|
||
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
|
||
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
|
||
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
|
||
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
|
||
* cli-0001-docs-include-required-tools-in-source-tree.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Apr 18 07:46:18 UTC 2024 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Update to Docker 26.0.1-ce. See upstream changelog online at
|
||
<https://docs.docker.com/engine/release-notes/26.0/#2601>
|
||
- Rebase patches:
|
||
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
|
||
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
|
||
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
|
||
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
|
||
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
|
||
* cli-0001-docs-include-required-tools-in-source-tree.patch
|
||
- Update --add-runtime to point to correct binary path.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 25 12:34:56 UTC 2024 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
[NOTE: This update was only ever released in SLES and Leap.]
|
||
|
||
- Update to Docker 25.0.5-ce. See upstream changelog online at
|
||
<https://docs.docker.com/engine/release-notes/25.0/#2505> bsc#1223409
|
||
- Rebase patches:
|
||
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
|
||
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
|
||
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
|
||
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
|
||
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
|
||
* cli-0001-docs-include-required-tools-in-source-tree.patch
|
||
- Remove upstreamed patches:
|
||
- 0007-daemon-overlay2-remove-world-writable-permission-fro.patch
|
||
- Update --add-runtime to point to correct binary path.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Mar 8 07:46:11 UTC 2024 - Dan Čermák <dcermak@suse.com>
|
||
|
||
[NOTE: This update was only ever released in SLES and Leap.]
|
||
|
||
- Add patch to fix bsc#1220339
|
||
* 0007-daemon-overlay2-remove-world-writable-permission-fro.patch
|
||
|
||
- rebase patches:
|
||
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
|
||
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
|
||
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
|
||
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
|
||
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
|
||
* 0006-Vendor-in-latest-buildkit-v0.11-branch-including-CVE.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Feb 22 14:13:42 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
|
||
|
||
- Allow to disable apparmor support (ALP supports only SELinux)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 17 12:56:22 UTC 2024 - Danish Prakash <danish.prakash@suse.com>
|
||
|
||
- Update to Docker 25.0.3-ce. See upstream changelog online at
|
||
<https://docs.docker.com/engine/release-notes/25.0/#2503>
|
||
- Fixes:
|
||
* bsc#1219267 - CVE-2024-23651
|
||
* bsc#1219268 - CVE-2024-23652
|
||
* bsc#1219438 - CVE-2024-23653
|
||
- Rebase patches:
|
||
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
|
||
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
|
||
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
|
||
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
|
||
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
|
||
* cli-0001-docs-include-required-tools-in-source-tree.patch
|
||
- Remove upstreamed patches:
|
||
- 0006-Vendor-in-latest-buildkit-v0.11-branch-including-CVE.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 14 08:40:36 UTC 2024 - Dan Čermák <dcermak@suse.com>
|
||
|
||
- Vendor latest buildkit v0.11:
|
||
Add patch 0006-Vendor-in-latest-buildkit-v0.11-branch-including-CVE.patch that
|
||
vendors in the latest v0.11 buildkit branch including bugfixes for the following:
|
||
* bsc#1219438: CVE-2024-23653
|
||
* bsc#1219268: CVE-2024-23652
|
||
* bsc#1219267: CVE-2024-23651
|
||
|
||
- rebase patches:
|
||
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
|
||
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
|
||
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
|
||
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
|
||
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
|
||
|
||
- switch from %patchN to %patch -PN syntax
|
||
- remove unused rpmlint filters and add filters to silence pointless bash & zsh
|
||
completion warnings
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Oct 27 21:14:37 UTC 2023 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Update to Docker 24.0.7-ce. See upstream changelog online at
|
||
<https://docs.docker.com/engine/release-notes/24.0/#2407>. bsc#1217513
|
||
* Deny containers access to /sys/devices/virtual/powercap by default.
|
||
- CVE-2020-8694 bsc#1170415
|
||
- CVE-2020-8695 bsc#1170446
|
||
- CVE-2020-12912 bsc#1178760
|
||
- Rebase patches:
|
||
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
|
||
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
|
||
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
|
||
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
|
||
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
|
||
* cli-0001-docs-include-required-tools-in-source-tree.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 11 10:32:43 UTC 2023 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Add a patch to fix apparmor on SLE-12, reverting the upstream removal of
|
||
version-specific templating for the default apparmor profile. bsc#1213500
|
||
+ 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
|
||
- Rebase patches:
|
||
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
|
||
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
|
||
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
|
||
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 14 01:46:30 UTC 2023 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Update to Docker 24.0.6-ce. See upstream changelog online at
|
||
<https://docs.docker.com/engine/release-notes/24.0/#2406>. bsc#1215323
|
||
- Rebase patches:
|
||
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
|
||
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
|
||
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
|
||
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
|
||
* cli-0001-docs-include-required-tools-in-source-tree.patch
|
||
- Switch from disabledrun to manualrun in _service.
|
||
- Add a docker.socket unit file, but with socket activation effectively
|
||
disabled to ensure that Docker will always run even if you start the socket
|
||
individually. Users should probably just ignore this unit file. bsc#1210141
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 25 19:40:25 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
||
|
||
- Update to Docker 24.0.5-ce. See upstream changelog online at
|
||
<https://docs.docker.com/engine/release-notes/24.0/#2405>. bsc#1213229
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jul 7 21:29:05 UTC 2023 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Update to Docker 24.0.4-ce. See upstream changelog online at
|
||
<https://docs.docker.com/engine/release-notes/24.0/#2404>. bsc#1213500
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jul 7 02:35:02 UTC 2023 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Update to Docker 24.0.3-ce. See upstream changelog online at
|
||
<https://docs.docker.com/engine/release-notes/24.0/#2403>. bsc#1213120
|
||
- Rebase patches:
|
||
* cli-0001-docs-include-required-tools-in-source-tree.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 29 10:07:13 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
|
||
|
||
- Recommend docker-rootless-extras instead of Require(ing) it, given
|
||
it's an additional functionality and not inherently required for
|
||
docker to function.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 20 15:28:13 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
|
||
|
||
- Add docker-rootless-extras subpackage
|
||
(https://docs.docker.com/engine/security/rootless)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 14 13:02:01 UTC 2023 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Update to Docker 24.0.2-ce. See upstream changelog online at
|
||
<https://docs.docker.com/engine/release-notes/24.0/#2402>. bsc#1212368
|
||
* Includes the upstreamed fix for the mount table pollution issue.
|
||
bsc#1210797
|
||
- Add Recommends for docker-buildx, and add /usr/lib/docker/cli-plugins as
|
||
being provided by this package.
|
||
- Rebase patches:
|
||
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
|
||
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
|
||
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
|
||
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
|
||
* cli-0001-docs-include-required-tools-in-source-tree.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Sun May 21 02:31:35 UTC 2023 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Update to Docker 23.0.6-ce. See upstream changelog online at
|
||
<https://docs.docker.com/engine/release-notes/23.0/#2306>. bsc#1211578
|
||
- Rebase patches:
|
||
* cli-0001-docs-include-required-tools-in-source-tree.patch
|
||
- Re-unify packaging for SLE-12 and SLE-15.
|
||
- Add patch to fix build on SLE-12 by switching back to libbtrfs-devel headers
|
||
(the uapi headers in SLE-12 are too old).
|
||
+ 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
|
||
- Re-numbered patches:
|
||
- 0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
|
||
+ 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch`
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Apr 27 14:09:05 UTC 2023 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Update to Docker 23.0.5-ce. See upstream changelog online at
|
||
<https://docs.docker.com/engine/release-notes/23.0/#2305>.
|
||
- Rebase patches:
|
||
* cli-0001-docs-include-required-tools-in-source-tree.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 26 00:31:54 UTC 2023 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Update to Docker 23.0.4-ce. See upstream changelog online at
|
||
<https://docs.docker.com/engine/release-notes/23.0/#2304>. bsc#1208074
|
||
- Fixes:
|
||
* bsc#1214107 - CVE-2023-28840
|
||
* bsc#1214108 - CVE-2023-28841
|
||
* bsc#1214109 - CVE-2023-28842
|
||
- Rebase patches:
|
||
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
|
||
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
|
||
* 0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
|
||
- Renumbered patches:
|
||
- 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
|
||
- Remove upstreamed patches:
|
||
- 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
|
||
- 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
|
||
- 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
|
||
- Backport <https://github.com/docker/cli/pull/4228> to allow man pages to be
|
||
built without internet access in OBS.
|
||
+ cli-0001-docs-include-required-tools-in-source-tree.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 1 14:33:19 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
||
|
||
- update to 20.10.23-ce.
|
||
* see upstream changelog at https://docs.docker.com/engine/release-notes/#201023
|
||
|
||
- drop kubic flavor as kubic is EOL. this removes:
|
||
kubelet.env docker-kubic-service.conf 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Dec 6 11:49:32 UTC 2022 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Update to Docker 20.10.21-ce. See upstream changelog online at
|
||
<https://docs.docker.com/engine/release-notes/#201021>. bsc#1206065
|
||
bsc#1205375 CVE-2022-36109
|
||
- Rebase patches:
|
||
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
|
||
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
|
||
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
|
||
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
|
||
* 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
|
||
* 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
|
||
* 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
|
||
- The PRIVATE-REGISTRY patch will now output a warning if it is being used (in
|
||
preparation for removing the feature). This feature was never meant to be
|
||
used by users directly (and is only available in the -kubic/CaaSP version of
|
||
the package anyway) and thus should not affect any users.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 24 09:45:20 UTC 2022 - Dan Čermák <dcermak@suse.com>
|
||
|
||
- Fix wrong After: in docker.service, fixes bsc#1188447
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 29 08:40:35 UTC 2022 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Add apparmor-parser as a Recommends to make sure that most users will end up
|
||
with it installed even if they are primarily running SELinux.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 29 07:27:03 UTC 2022 - Fabian Vogt <fvogt@suse.com>
|
||
|
||
- Fix syntax of boolean dependency
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jul 28 07:42:33 UTC 2022 - Frederic Crozat <fcrozat@suse.com>
|
||
|
||
- Allow to install container-selinux instead of apparmor-parser.
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Jul 17 17:06:01 UTC 2022 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Change to using systemd-sysusers
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 29 12:19:55 UTC 2022 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Backport <https://github.com/containerd/fifo/pull/32> to fix a crash-on-start
|
||
issue with dockerd. bsc#1200022
|
||
+ 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 7 07:18:41 UTC 2022 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Update to Docker 20.10.17-ce. See upstream changelog online at
|
||
<https://docs.docker.com/engine/release-notes/#201017>. bsc#1200145
|
||
- Rebase patches:
|
||
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
|
||
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
|
||
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
|
||
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
|
||
* 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
|
||
* 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 29 02:51:43 UTC 2022 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Add patch to update golang.org/x/crypto for CVE-2021-43565 and CVE-2022-27191.
|
||
bsc#1193930 bsc#1197284
|
||
* 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
|
||
- Rebase patches:
|
||
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
|
||
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
|
||
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
|
||
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
|
||
* 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Apr 14 04:09:58 UTC 2022 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Update to Docker 20.10.14-ce. See upstream changelog online at
|
||
<https://docs.docker.com/engine/release-notes/#201014>. bsc#1197517
|
||
CVE-2022-24769
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jan 17 07:23:01 UTC 2022 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Update to Docker 20.10.12-ce. See upstream changelog online at
|
||
<https://docs.docker.com/engine/release-notes/#201012>.
|
||
- Remove CHANGELOG.md. It hasn't been maintained since 2017, and all of the
|
||
changelogs are currently only available online.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Nov 18 08:35:37 UTC 2021 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Update to Docker 20.10.11-ce. See upstream changelog online at
|
||
<https://docs.docker.com/engine/release-notes/#201011>. bsc#1192814
|
||
bsc#1193273 CVE-2021-41190
|
||
- Rebase patches:
|
||
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
|
||
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
|
||
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
|
||
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
|
||
* 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
|
||
- Remove upstreamed patches:
|
||
- 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 6 02:51:16 UTC 2021 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Update to Docker 20.10.9-ce. See upstream changelog online at
|
||
<https://docs.docker.com/engine/release-notes/#20109>. bsc#1191355
|
||
CVE-2021-41089 bsc#1191015 CVE-2021-41091 bsc#1191434
|
||
CVE-2021-41092 bsc#1191334 CVE-2021-41103 bsc#1191121
|
||
- Rebase patches:
|
||
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
|
||
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
|
||
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
|
||
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
|
||
* 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
|
||
* 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch
|
||
- Switch to Go 1.16.x compiler, in line with upstream.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Sep 20 23:59:05 UTC 2021 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Add patch to return ENOSYS for clone3 to avoid breaking glibc again.
|
||
bsc#1190670
|
||
+ 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Mon May 3 13:24:55 UTC 2021 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Add shell requires for the *-completion subpackages.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Apr 15 05:23:20 UTC 2021 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Update to Docker 20.10.6-ce. See upstream changelog online at
|
||
<https://docs.docker.com/engine/release-notes/#20106>. bsc#1184768
|
||
- Rebase patches:
|
||
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
|
||
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
|
||
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
|
||
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
|
||
- Backport upstream fix <https://github.com/moby/moby/pull/42273> for btrfs
|
||
quotas being removed by Docker regularly. bsc#1183855 bsc#1175081
|
||
+ 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 3 00:49:58 UTC 2021 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Update to Docker 20.10.5-ce. See upstream changelog online at
|
||
<https://docs.docker.com/engine/release-notes/#20105>. bsc#1182947
|
||
- Update runc dependency to 1.0.0~rc93.
|
||
- Remove upstreamed patches:
|
||
- cli-0001-Rename-bin-md2man-to-bin-go-md2man.patch
|
||
- Rebase patches:
|
||
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
|
||
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
|
||
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
|
||
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
|
||
- Switch version to use -ce suffix rather than _ce to avoid confusing other
|
||
tools. boo#1182476
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Feb 14 06:33:16 UTC 2021 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
[NOTE: This update was only ever released in SLES and Leap.]
|
||
|
||
- It turns out the boo#1178801 libnetwork patch is also broken on Leap, so drop
|
||
the patch entirely. bsc#1180401 bsc#1182168
|
||
- boo1178801-0001-Add-docker-interfaces-to-firewalld-docker-zone.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 10 07:40:36 UTC 2021 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Fix incorrect cast in SUSE secrets patches causing warnings on SLES.
|
||
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Feb 6 12:36:42 UTC 2021 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
[NOTE: This update was only ever released in SLES and Leap.]
|
||
|
||
- Update Docker to 19.03.15-ce. See upstream changelog in the packaged
|
||
/usr/share/doc/packages/docker/CHANGELOG.md. This update includes fixes for
|
||
bsc#1181732 (CVE-2021-21284) and bsc#1181730 (CVE-2021-21285).
|
||
- Rebase patches:
|
||
* bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
|
||
- Only apply the boo#1178801 libnetwork patch to handle firewalld on openSUSE.
|
||
It appears that SLES doesn't like the patch. bsc#1180401
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 2 13:06:17 UTC 2021 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Update to Docker 20.10.3-ce. See upstream changelog in the packaged
|
||
/usr/share/doc/packages/docker/CHANGELOG.md. Fixes bsc#1181732
|
||
(CVE-2021-21284) and bsc#1181730 (CVE-2021-21285).
|
||
- Rebase patches on top of 20.10.3-ce.
|
||
- 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
|
||
+ 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
|
||
- 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
|
||
+ 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
|
||
- 0004-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
|
||
+ 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
|
||
- 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
|
||
+ 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 2 05:28:01 UTC 2021 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Drop docker-runc, docker-test and docker-libnetwork packages. We now just use
|
||
the upstream runc package (it's stable enough and Docker no longer pins git
|
||
versions). docker-libnetwork is so unstable that it doesn't have any
|
||
versioning scheme and so it really doesn't make sense to maintain the project
|
||
as a separate package. bsc#1181641 bsc#1181677
|
||
- Remove no-longer-needed patch for packaging now that we've dropped
|
||
docker-runc and docker-libnetwork.
|
||
- 0001-PACKAGING-revert-Remove-docker-prefix-for-containerd.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jan 29 22:55:48 UTC 2021 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Update to Docker 20.10.2-ce. See upstream changelog in the packaged
|
||
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1181594
|
||
- Remove upstreamed patches:
|
||
- bsc1122469-0001-apparmor-allow-readby-and-tracedby.patch
|
||
- boo1178801-0001-Add-docker-interfaces-to-firewalld-docker-zone.patch
|
||
- Add patches to fix build:
|
||
+ cli-0001-Rename-bin-md2man-to-bin-go-md2man.patch
|
||
- Since upstream has changed their source repo (again) we have to rebase all of
|
||
our patches. While doing this, I've collapsed all patches into one branch
|
||
per-release and thus all the patches are now just one series:
|
||
- packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
|
||
+ 0001-PACKAGING-revert-Remove-docker-prefix-for-containerd.patch
|
||
- secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
|
||
+ 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
|
||
- secrets-0002-SUSE-implement-SUSE-container-secrets.patch
|
||
+ 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
|
||
- private-registry-0001-Add-private-registry-mirror-support.patch
|
||
+ 0004-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
|
||
- bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
|
||
+ 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jan 29 11:54:53 UTC 2021 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Re-apply secrets fix for bsc#1065609 which appears to have been lost after it
|
||
was fixed.
|
||
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
|
||
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 23 06:40:46 UTC 2020 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Add Conflicts and Provides for kubic flavour of docker-fish-completion.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Dec 21 07:06:53 UTC 2020 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Update to Docker 19.03.14-ce. See upstream changelog in the packaged
|
||
/usr/share/doc/packages/docker/CHANGELOG.md. CVE-2020-15257 bsc#1180243
|
||
|
||
https://github.com/docker/docker-ce/releases/tag/v19.03.14
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Dec 14 13:45:56 UTC 2020 - Robert Munteanu <rombert@apache.org>
|
||
|
||
- Enable fish-completion
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Nov 12 18:36:26 UTC 2020 - Michał Rostecki <mrostecki@suse.com>
|
||
|
||
- Add a patch which makes Docker compatible with firewalld with
|
||
nftables backend. Backport of https://github.com/moby/libnetwork/pull/2548
|
||
(boo#1178801, SLE-16460)
|
||
* boo1178801-0001-Add-docker-interfaces-to-firewalld-docker-zone.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Sep 18 08:20:04 UTC 2020 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Update to Docker 19.03.13-ce. See upstream changelog in the packaged
|
||
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1176708
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Aug 3 16:58:07 UTC 2020 - Callum Farmer <callumjfarmer13@gmail.com>
|
||
|
||
- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 30 23:00:00 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
|
||
|
||
- Emergency fix: %requires_eq does not work with provide symbols,
|
||
only effective package names. Convert back to regular Requires.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 25 21:54:46 UTC 2020 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Update to Docker 19.03.12-ce. See upstream changelog in the packaged
|
||
/usr/share/doc/packages/docker/CHANGELOG.md.
|
||
- Use Go 1.13 instead of Go 1.14 because Go 1.14 can cause all sorts of
|
||
spurrious errors due to Go returning -EINTR from I/O syscalls much more often
|
||
(due to Go 1.14's pre-emptive goroutine support).
|
||
- bsc1172377-0001-unexport-testcase.Cleanup-to-fix-Go-1.14.patch
|
||
- Add BuildRequires for all -git dependencies so that we catch missing
|
||
dependencies much more quickly.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 2 08:37:06 UTC 2020 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Update to Docker 19.03.11-ce. See upstream changelog in the packaged
|
||
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1172377 CVE-2020-13401
|
||
- Backport https://github.com/gotestyourself/gotest.tools/pull/169 so that we
|
||
can build Docker with Go 1.14 (upstream uses Go 1.13).
|
||
+ bsc1172377-0001-unexport-testcase.Cleanup-to-fix-Go-1.14.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Dec 19 15:42:26 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>
|
||
|
||
- BuildRequire pkgconfig(libsystemd) instead of systemd-devel:
|
||
Allow OBS to shortcut through the -mini flavors.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Dec 12 13:27:21 UTC 2019 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Add backport of https://github.com/docker/docker/pull/39121. bsc#1122469
|
||
+ bsc1122469-0001-apparmor-allow-readby-and-tracedby.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 11 23:55:40 UTC 2019 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Support older SLE systems which don't have "usermod -w -v".
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Nov 18 04:46:31 UTC 2019 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Update to Docker 19.03.5-ce. See upstream changelog in the packaged
|
||
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1158590 bsc#1157330
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Oct 19 11:21:03 UTC 2019 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Update to Docker 19.03.4-ce. See upstream changelog in the packaged
|
||
/usr/share/doc/packages/docker/CHANGELOG.md.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Oct 8 21:47:56 UTC 2019 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Drop containerd.service workaround (we've released enough versions without
|
||
containerd.service -- there's no need to support package upgrades that old).
|
||
- Update to Docker 19.03.3-ce. See upstream changelog in the packaged
|
||
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1153367
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Oct 1 23:54:25 UTC 2019 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Update to Docker 19.03.2-ce. See upstream changelog in the packaged
|
||
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1150397
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Sep 22 17:41:56 UTC 2019 - Chris Coutinho <chrisbcoutinho@gmail.com>
|
||
|
||
- Fix zsh-completion (docker -> _docker)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 30 05:14:44 UTC 2019 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Fix default installation such that --userns-remap=default works properly
|
||
(this appears to be an upstream regression, where --userns-remap=default
|
||
doesn't auto-create the group and results in an error on-start). boo#1143349
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jul 26 12:49:18 UTC 2019 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Update to Docker 19.03.1-ce. See upstream changelog in the packaged
|
||
/usr/share/doc/packages/docker/CHANGELOG.md. CVE-2019-14271
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jul 22 22:13:30 UTC 2019 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Update to Docker 19.03.0-ce. See upstream changelog in the packaged
|
||
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1142413
|
||
- Remove upstreamed patches:
|
||
- bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch
|
||
- bsc1001161-0002-cli-add-a-separate-domainname-flag.patch
|
||
- bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
|
||
- bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch
|
||
- Rebase pacthes:
|
||
* bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
|
||
* packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
|
||
* private-registry-0001-Add-private-registry-mirror-support.patch
|
||
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
|
||
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 17 23:15:33 UTC 2019 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Move bash-completion to correct location.
|
||
- Update to Docker 18.09.8-ce. See upstream changelog in the packaged
|
||
/usr/share/doc/packages/docker/CHANGELOG.md.
|
||
* Includes fixes for CVE-2019-13509 bsc#1142160.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jun 28 01:21:19 UTC 2019 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Update to Docker 18.09.7-ce. See upstream changelog in the packaged
|
||
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1139649
|
||
- Remove upstreamed patches:
|
||
- CVE-2018-15664.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 27 07:12:57 UTC 2019 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Use %config(noreplace) for /etc/docker/daemon.json. bsc#1138920
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jun 7 08:36:17 UTC 2019 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Add patch for CVE-2018-15664. bsc#1096726
|
||
+ CVE-2018-15664.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Mon May 6 18:25:14 UTC 2019 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Update to Docker 18.09.6-ce see upstream changelog in the packaged
|
||
/usr/share/doc/packages/docker/CHANGELOG.md.
|
||
- Rebase patches:
|
||
* bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri May 3 14:02:46 UTC 2019 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Update to Docker 18.09.5-ce see upstream changelog in the packaged
|
||
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1128376 boo#1134068
|
||
- Rebase patches:
|
||
* bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch
|
||
* bsc1001161-0002-cli-add-a-separate-domainname-flag.patch
|
||
* bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
|
||
* bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch
|
||
* packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
|
||
* private-registry-0001-Add-private-registry-mirror-support.patch
|
||
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
|
||
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
|
||
- Updated patch name:
|
||
+ bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
|
||
- bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Mar 22 09:19:28 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
|
||
|
||
- Update to Docker 18.09.3-ce. See upstream changelog in the packaged
|
||
/usr/share/doc/packages/docker/CHANGELOG.md.
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Mar 10 21:12:09 UTC 2019 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- docker-test: improvements to test packaging (we don't need to ship around the
|
||
entire source tree, and we also need to build the born-again integration/
|
||
tests which contain a suite-per-directory). We also need a new patch which
|
||
fixes the handling of *-test images. bsc#1128746
|
||
+ bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 26 09:39:57 UTC 2019 - Michal Jura <mjura@suse.com>
|
||
|
||
- Move daemon.json file to /etc/docker directory, bsc#1114832
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Feb 9 13:54:03 UTC 2019 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Update shell completion to use Group: System/Shells.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 6 14:37:43 UTC 2019 - Michal Jura <mjura@suse.com>
|
||
|
||
- Add daemon.json file with rotation logs cofiguration, bsc#1114832
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 5 11:24:02 UTC 2019 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Update to Docker 18.09.1-ce. See upstream changelog in the packaged
|
||
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1124308
|
||
* Includes fix for CVE-2018-10892 bsc#1100331.
|
||
* Includes fix for CVE-2018-20699 bsc#1121768.
|
||
- Remove upstreamed patches.
|
||
- bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jan 11 09:57:32 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
|
||
|
||
- Disable leap based builds for kubic flavor. bsc#1121412
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 19 19:28:47 UTC 2018 - clee@suse.com
|
||
|
||
- Update go requirements to >= go1.10.6 to fix
|
||
* bsc#1118897 CVE-2018-16873
|
||
go#29230 cmd/go: remote command execution during "go get -u"
|
||
* bsc#1118898 CVE-2018-16874
|
||
go#29231 cmd/go: directory traversal in "go get" via curly braces in import paths
|
||
* bsc#1118899 CVE-2018-16875
|
||
go#29233 crypto/x509: CPU denial of service
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Dec 18 10:10:06 UTC 2018 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Handle build breakage due to missing 'export GOPATH' (caused by resolution of
|
||
boo#1119634). I believe Docker is one of the only packages with this problem.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Dec 3 16:14:22 UTC 2018 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Add backports of https://github.com/docker/docker/pull/37302 and
|
||
https://github.com/docker/cli/pull/1130, which allow for users to explicitly
|
||
specify the NIS domainname of a container. bsc#1001161
|
||
+ bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch
|
||
+ bsc1001161-0002-cli-add-a-separate-domainname-flag.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Nov 29 09:41:11 UTC 2018 - Aleksa Sarai <asarai@suse.com>
|
||
|
||
- Update docker.service to match upstream and avoid rlimit problems.
|
||
bsc#1112980
|
||
- Upgrade to Docker 18.09.0-ce. See upstream changelog in the packaged
|
||
/usr/share/doc/packages/docker/CHANGELOG.md. boo#1115464 bsc#1118990
|
||
- Add revert of an upstream patch to fix docker-* handling.
|
||
+ packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
|
||
- Rebase patches:
|
||
* bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
|
||
* bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
|
||
* bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch
|
||
* private-registry-0001-Add-private-registry-mirror-support.patch
|
||
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
|
||
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
|
||
- Remove upstreamed patches:
|
||
- bsc1100727-0001-build-add-buildmode-pie.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 8 06:41:21 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
|
||
|
||
- Reduce the disk footprint by recommending git-core instead of
|
||
hard requiring it.
|
||
bsc#1108038
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Sep 4 08:32:43 UTC 2018 - rbrown@suse.com
|
||
|
||
- ExcludeArch i586 for entire docker-kubic flavour
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Sep 4 07:32:47 UTC 2018 - rbrown@suse.com
|
||
|
||
- ExcludeArch i586 for docker-kubic-kubeadm-criconfig subpackage
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 24 08:17:41 UTC 2018 - asarai@suse.com
|
||
|
||
- Add patch to make package reproducible, which is a backport of
|
||
https://github.com/docker/cli/pull/1306. boo#1047218
|
||
+ bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 22 09:54:57 UTC 2018 - asarai@suse.com
|
||
|
||
- Upgrade to docker-ce v18.06.1-ce. bsc#1102522 bsc#1113313
|
||
Upstream changelog:
|
||
https://github.com/docker/docker-ce/releases/tag/v18.06.1-ce
|
||
- Remove patches that were merged upstream:
|
||
- bsc1102522-0001-18.06-disable-containerd-CRI-plugin.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 21 09:50:01 UTC 2018 - asarai@suse.com
|
||
|
||
- Add a backport of https://github.com/docker/engine/pull/29 for the 18.06.0-ce
|
||
upgrade. This is a potential security issue (the CRI plugin was enabled by
|
||
default, which listens on a TCP port bound to 0.0.0.0) that will be fixed
|
||
upstream in the 18.06.1-ce upgrade. bsc#1102522
|
||
+ bsc1102522-0001-18.06-disable-containerd-CRI-plugin.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 21 09:39:57 UTC 2018 - rbrown@suse.com
|
||
|
||
- Kubic: Make crio default, docker as alternative runtime
|
||
(boo#1104821)
|
||
- Provide kubernetes CRI config with docker-kubic-kubeadm-criconfig
|
||
subpackage
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 16 02:00:31 UTC 2018 - asarai@suse.com
|
||
|
||
- Merge -kubic packages back into the main Virtualization:containers packages.
|
||
This is done using _multibuild to add a "kubic" flavour, which is then used
|
||
to conditionally compile patches and other kubic-specific features.
|
||
bsc#1105000
|
||
- Rework docker-rpmlintrc with the new _multibuild setup.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 1 09:40:59 UTC 2018 - asarai@suse.com
|
||
|
||
- Enable seccomp support on SLE12, since libseccomp is now a new enough vintage
|
||
to work with Docker and containerd. fate#325877
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 31 09:48:16 UTC 2018 - asarai@suse.com
|
||
|
||
- Upgrade to docker-ce v18.06.0-ce. bsc#1102522
|
||
- Remove systemd-service dependency on containerd, which is now being started
|
||
by dockerd to align with upstream defaults.
|
||
- Removed the following patches as they are merged upstream:
|
||
- bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch
|
||
- bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch
|
||
- Rebased the following patches:
|
||
* bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
|
||
* bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch
|
||
* bsc1100727-0001-build-add-buildmode-pie.patch
|
||
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
|
||
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jul 30 09:44:47 UTC 2018 - asarai@suse.com
|
||
|
||
- Build the client binary with -buildmode=pie to fix issues on POWER.
|
||
bsc#1100727
|
||
+ bsc1100727-0001-build-add-buildmode-pie.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jun 29 08:35:56 UTC 2018 - asarai@suse.com
|
||
|
||
- Update the AppArmor patchset again to fix a separate issue where changed
|
||
AppArmor profiles don't actually get applied on Docker daemon reboot.
|
||
bsc#1099277
|
||
* bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
|
||
+ bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 5 11:24:35 UTC 2018 - asarai@suse.com
|
||
|
||
- Update to AppArmor patch so that signal mediation also works for signals
|
||
between in-container processes. bsc#1073877
|
||
* bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 5 08:41:07 UTC 2018 - dcassany@suse.com
|
||
|
||
- Make use of %license macro
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 5 06:38:40 UTC 2018 - asarai@suse.com
|
||
|
||
- Remove 'go test' from %check section, as it has only ever caused us problems
|
||
and hasn't (as far as I remember) ever caught a release-blocking issue. Smoke
|
||
testing has been far more useful. boo#1095817
|
||
|
||
-------------------------------------------------------------------
|
||
Tue May 29 08:10:48 UTC 2018 - asarai@suse.com
|
||
|
||
- Update secrets patch to not log incorrect warnings when attempting to inject
|
||
non-existent host files. bsc#1065609
|
||
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
|
||
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 16 10:12:56 UTC 2018 - jmassaguerpla@suse.com
|
||
|
||
- Review Obsoletes to fix bsc#1080978
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Apr 12 12:49:25 UTC 2018 - fcastelli@suse.com
|
||
|
||
- Put docker under the podruntime slice. This the recommended
|
||
deployment to allow fine resource control on Kubernetes.
|
||
bsc#1086185
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Apr 10 09:25:43 UTC 2018 - mmeister@suse.com
|
||
|
||
- Add patch to handle AppArmor changes that make 'docker kill' stop working.
|
||
bsc#1073877 boo#1089732
|
||
+ bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 6 04:21:28 UTC 2018 - asarai@suse.com
|
||
|
||
- Fix manpage generation breaking ppc64le builds due to a missing
|
||
-buildemode=pie.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 4 12:27:29 UTC 2018 - vrothberg@suse.com
|
||
|
||
- Compile and install all manpages.
|
||
bsc#1085117
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Mar 27 10:13:41 UTC 2018 - asarai@suse.com
|
||
|
||
- Add requirement for catatonit, which provides a docker-init implementation.
|
||
fate#324652 bsc#1085380
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 8 13:14:54 UTC 2018 - vrothberg@suse.com
|
||
|
||
- Fix private-registry-0001-Add-private-registry-mirror-support.patch to
|
||
deal corretly with TLS configs of 3rd party registries.
|
||
fix bsc#1084533
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 13 10:45:58 UTC 2018 - asarai@suse.com
|
||
|
||
- Update patches to be sourced from https://github.com/suse/docker-ce (which
|
||
are based on the upstream docker/docker-ce repo). The reason for this change
|
||
(though it is functionally identical to the old patches) is so that public
|
||
patch maintenance is much simpler.
|
||
* bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch
|
||
* bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch
|
||
* private-registry-0001-Add-private-registry-mirror-support.patch
|
||
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
|
||
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 12 10:52:33 UTC 2018 - rbrown@suse.com
|
||
|
||
- Add ${version} to equivalent non-kubic package provides
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Feb 8 12:34:51 UTC 2018 - rbrown@suse.com
|
||
|
||
- Add Provides for equivalent non-kubic packages
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jan 30 12:27:44 UTC 2018 - vrothberg@suse.com
|
||
|
||
- Disable all tests for docker/client and docker/pkg/discovery. The unit tests
|
||
of those packages broke reproducibly the builds in IBS.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jan 29 14:39:02 UTC 2018 - vrothberg@suse.com
|
||
|
||
- Disable flaky tests github.com/docker/docker/pkg/discovery/kv.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jan 26 07:15:53 UTC 2018 - vrothberg@suse.com
|
||
|
||
- Add patch to support mirroring of private/non-upstream registries. As soon as
|
||
the upstream PR (https://github.com/moby/moby/pull/34319) is merged, this
|
||
patch will be replaced by the backported one from upstream.
|
||
+ private-registry-0001-Add-private-registry-mirror-support.patch
|
||
fix bsc#1074971
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jan 19 14:12:32 UTC 2018 - asarai@suse.com
|
||
|
||
- Add Obsoletes: docker-image-migrator, as the tool is no longer needed and
|
||
we've pretty much removed it from everywhere except the containers module.
|
||
bsc#1069758
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jan 19 07:48:10 UTC 2018 - vrothberg@suse.com
|
||
|
||
- Remove requirement on bridge-utils, which has been replaced by libnetwork in
|
||
Docker. bsc#1072798
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Dec 18 12:32:35 UTC 2017 - asarai@suse.com
|
||
|
||
- Update to Docker v17.09.1_ce (bsc#1069758). Upstream changelog:
|
||
https://github.com/docker/docker-ce/releases/tag/v17.09.1-ce
|
||
- Removed patches (merged upstream):
|
||
- bsc1045628-0001-devicemapper-remove-container-rootfs-mountPath-after.patch
|
||
- bsc1066210-0001-vendor-update-to-github.com-vbatts-tar-split-v0.10.2.patch
|
||
- bsc1066801-0001-oci-add-proc-scsi-to-masked-paths.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Dec 18 12:32:35 UTC 2017 - asarai@suse.com
|
||
|
||
- Update to Docker v17.09.0_ce. Upstream changelog:
|
||
https://github.com/docker/docker-ce/releases/tag/v17.09.0-ce
|
||
- Rebased patches:
|
||
* bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch
|
||
* bsc1045628-0001-devicemapper-remove-container-rootfs-mountPath-after.patch
|
||
* bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch
|
||
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
|
||
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
|
||
- Removed patches (merged upstream):
|
||
- bsc1064781-0001-Allow-to-override-build-date.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Dec 5 10:58:07 UTC 2017 - asarai@suse.com
|
||
|
||
- Add a patch to dynamically probe whether libdevmapper supports
|
||
dm_task_deferred_remove. This is necessary because we build the containers
|
||
module on a SLE12 base, but later SLE versions have libdevmapper support.
|
||
This should not affect openSUSE, as all openSUSE versions have a new enough
|
||
libdevmapper. Backport of https://github.com/moby/moby/pull/35518.
|
||
bsc#1021227 bsc#1029320 bsc#1058173
|
||
+ bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Dec 4 12:22:29 UTC 2017 - asarai@suse.com
|
||
|
||
- Fix up the ordering of tests in docker.spec. This is to keep things easier to
|
||
backport into the SLE package.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Nov 30 10:15:20 UTC 2017 - asarai@suse.com
|
||
|
||
- Include secrets fix to handle "old" containers that have orphaned secret
|
||
data. It's not clear why Docker caches these secrets, but fix the problem by
|
||
trashing the references manually. bsc#1057743
|
||
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Nov 23 13:48:08 UTC 2017 - rbrown@suse.com
|
||
|
||
- Replace references to /var/adm/fillup-templates with new
|
||
%_fillupdir macro (boo#1069468)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Nov 14 22:39:56 UTC 2017 - asarai@suse.com
|
||
|
||
- Remove migration code for the v1.9.x -> v1.10.x migration. This has been
|
||
around for a while, and we no longer support migrating from such an old
|
||
version "nicely". Docker still has migration code that will run on
|
||
first-boot, we are merely removing all of the "nice" warnings which tell
|
||
users how to avoid issues during an upgrade that ocurred more than a year
|
||
ago.
|
||
- Drop un-needed files:
|
||
- docker-plugin-message.txt
|
||
- docker-update-message.txt
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Nov 7 16:47:01 UTC 2017 - asarai@suse.com
|
||
|
||
- Add a backport of https://github.com/moby/moby/pull/35424, which fixes a
|
||
security issue where a maliciously crafted image could be used to crash a
|
||
Docker daemon. bsc#1066210 CVE-2017-14992
|
||
+ bsc1066210-0001-vendor-update-to-github.com-vbatts-tar-split-v0.10.2.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Nov 7 09:00:31 UTC 2017 - asarai@suse.com
|
||
|
||
- Add a backport of https://github.com/moby/moby/pull/35399, which fixes a
|
||
security issue where a Docker container (with a disabled AppArmor profile)
|
||
could write to /proc/scsi/... and subsequently DoS the host. bsc#1066801
|
||
CVE-2017-16539
|
||
+ bsc1066801-0001-oci-add-proc-scsi-to-masked-paths.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Oct 24 06:50:29 UTC 2017 - asarai@suse.com
|
||
|
||
- Correctly set `docker version` information, including the version, git
|
||
commit, and SOURCE_DATE_EPOCH (requires a backport). This should
|
||
*effectively* make Docker builds reproducible, with minimal cost. boo#1064781
|
||
+ bsc1064781-0001-Allow-to-override-build-date.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 16 11:06:22 UTC 2017 - asarai@suse.com
|
||
|
||
- Add backport of https://github.com/moby/moby/pull/35205. This used to be
|
||
fixed in docker-runc, but we're moving it here after upstream discussion.
|
||
bsc#1055676
|
||
+ bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 9 11:36:59 UTC 2017 - asarai@suse.com
|
||
|
||
- Update to Docker v17.07.0_ce. Upstream changelog:
|
||
https://github.com/docker/docker-ce/releases/tag/v17.06.0-ce
|
||
https://github.com/docker/docker-ce/releases/tag/v17.07.0-ce
|
||
- Removed no-longer needed patches.
|
||
- bsc1037436-0001-client-check-tty-before-creating-exec-job.patch
|
||
- bsc1037607-0001-apparmor-make-pkg-aaparser-work-on-read-only-root.patch
|
||
- integration-cli-fix-TestInfoEnsureSucceeds.patch
|
||
- Added backport of https://github.com/moby/moby/pull/34573. bsc#1045628
|
||
+ bsc1045628-0001-devicemapper-remove-container-rootfs-mountPath-after.patch
|
||
- Rewrite secrets patches to correctly handle directories in a way that doesn't
|
||
cause errors when starting new containers.
|
||
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
|
||
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 2 08:12:17 UTC 2017 - vrothberg@suse.com
|
||
|
||
- Fix bsc#1059011
|
||
|
||
The systemd service helper script used a timeout of 60 seconds to
|
||
start the daemon, which is insufficient in cases where the daemon
|
||
takes longer to start. Instead, set the service type from 'simple' to
|
||
'notify' and remove the now superfluous helper script.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 27 15:04:19 UTC 2017 - jmassaguerpla@suse.com
|
||
|
||
- fix bsc#1057743: Add a Requires: fix_bsc_1057743 which is provided by the
|
||
newer version of docker-libnetwork. This is necessary because of a versioning
|
||
bug we found in bsc#1057743.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Sep 15 15:32:49 UTC 2017 - jmassaguerpla@suse.com
|
||
|
||
- fix /var/adm/update-message/docker file name to be
|
||
/var/adm/update-message/docker-%{version}-%{release}
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 6 11:42:31 UTC 2017 - asarai@suse.com
|
||
|
||
- devicemapper: add patch to make the dm storage driver remove a container's
|
||
rootfs mountpoint before attempting to do libdm operations on it. This helps
|
||
avoid complications when live mounts will leak into containers. Backport of
|
||
https://github.com/moby/moby/pull/34573. bsc#1045628
|
||
+ bsc1045628-0001-devicemapper-remove-container-rootfs-mountPath-after.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 30 14:58:52 UTC 2017 - asarai@suse.com
|
||
|
||
- Fix a regression in our SUSE secrets patches, which caused the copied files
|
||
to not carry the correct {uid,gid} mapping when using user namespaces. This
|
||
would not cause any bugs (SUSEConnect does the right thing anyway) but it's
|
||
possible some programs would not treat the files correctly. This is
|
||
tangentially related to bsc#1055676.
|
||
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
|
||
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 2 13:37:16 UTC 2017 - asarai@suse.com
|
||
|
||
- Use -buildmode=pie for tests and binary build. bsc#1048046 bsc#1051429
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 19 18:12:26 UTC 2017 - jmassaguerpla@suse.com
|
||
|
||
- enable deferred removal for sle12sp2 and newer (and openSUSE
|
||
equivalent. fix bsc#1021227
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 19 17:17:04 UTC 2017 - jmassaguerpla@suse.com
|
||
|
||
- enable libseccomp on sle12sp2 and newer, 42.2 and newer
|
||
fix bsc#1028638 - docker: conditional filtering not supported on
|
||
libseccomp for sle12
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 11 10:50:12 UTC 2017 - jmassaguerpla@suse.com
|
||
|
||
- add SuSEfirewall2.service to the After clause in docker.service
|
||
in order to fix bsc#1046024
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jul 7 14:53:59 UTC 2017 - thipp@suse.de
|
||
|
||
- fix path to docker-runc in systemd service file
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jul 6 14:18:29 UTC 2017 - thipp@suse.de
|
||
|
||
- change dependency to docker-runc
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 19 10:54:36 UTC 2017 - jmassaguerpla@suse.com
|
||
|
||
- Fix bsc#1029630: docker does not wait for lvm on system startup
|
||
|
||
I added "lvm2-monitor.service" as an "After dependency" of the docker systemd
|
||
unit.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue May 30 11:29:45 UTC 2017 - jmassaguerpla@suse.com
|
||
|
||
- Fix bsc#1032287: missing docker systemd configuration
|
||
|
||
-------------------------------------------------------------------
|
||
Mon May 29 11:08:44 UTC 2017 - asarai@suse.com
|
||
|
||
- Update SUSE secrets patch to correctly handle restarting of containers.
|
||
+ secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
|
||
+ secrets-0002-SUSE-implement-SUSE-container-secrets.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 17 14:41:29 UTC 2017 - asarai@suse.com
|
||
|
||
- Fix bsc#1037607 which was causing read-only issues on Kubic, this is a
|
||
backport of https://github.com/moby/moby/pull/33250.
|
||
+ bsc1037607-0001-apparmor-make-pkg-aaparser-work-on-read-only-root.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu May 11 07:36:32 UTC 2017 - tchvatal@suse.com
|
||
|
||
- Fix bsc#1038476 warning about non-executable docker
|
||
* Simply verify we have binary prior using it, might happen if
|
||
someone had docker installed and then did remove it and install
|
||
from scratch again
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 10 13:54:44 UTC 2017 - asarai@suse.com
|
||
|
||
- Add a partial fix for boo#1038493.
|
||
- Fixed bsc#1037436 where execids were being leaked due to bad error handling.
|
||
This is a backport of https://github.com/docker/cli/pull/52.
|
||
+ bsc1037436-0001-client-check-tty-before-creating-exec-job.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu May 4 19:03:40 UTC 2017 - jmassaguerpla@suse.com
|
||
|
||
- Fix golang requirements in the subpackages
|
||
|
||
-------------------------------------------------------------------
|
||
Mon May 1 07:57:35 UTC 2017 - fcastelli@suse.com
|
||
|
||
- Update golang build requirements to use golang(API) symbol: this is
|
||
needed to solve a conflict between multiple versions of Go being available
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Apr 18 15:38:11 UTC 2017 - jmassaguerpla@suse.com
|
||
|
||
- Fix secrets-0002-SUSE-implement-SUSE-container-secrets.patch:
|
||
substitute docker/distribution/digest by opencontainers/digest
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Apr 13 14:34:35 UTC 2017 - jmassaguerpla@suse.com
|
||
|
||
- Update to version 17.04.0-ce (fix bsc#1034053 )
|
||
|
||
- Patches removed because have been merged into this version:
|
||
* pr31549-cmd-docker-fix-TestDaemonCommand.patch
|
||
* pr31773-daemon-also-ensureDefaultApparmorProfile-in-exec-pat.patch
|
||
- Patches rebased:
|
||
* integration-cli-fix-TestInfoEnsureSucceeds.patch
|
||
- Build man pages for all archs (bsc#953182)
|
||
- Containers cannot resolve DNS if docker host uses 127.0.0.1 as resolver (bsc#1034063)
|
||
|
||
see /usr/share/doc/packages/docker/CHANGELOG.md
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 12 09:54:18 UTC 2017 - jmassaguerpla@suse.com
|
||
|
||
- Make sure this is being built with go 1.7
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 12 09:14:35 UTC 2017 - jmassaguerpla@suse.com
|
||
|
||
- remove the go_arches macro because we are using go1.7 which
|
||
is available in all archs
|
||
|
||
- remove gcc specific patches
|
||
* gcc-go-patches.patch
|
||
* netlink_netns_powerpc.patch
|
||
* boltdb_bolt_add_brokenUnaligned.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 12 07:58:08 UTC 2017 - asarai@suse.com
|
||
|
||
- Enable Delegate=yes, since systemd will safely ignore lvalues it doesn't
|
||
understand.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Apr 11 11:49:05 UTC 2017 - asarai@suse.com
|
||
|
||
- Update SUSE secrets patch to handle boo#1030702.
|
||
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
|
||
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Apr 11 08:28:33 UTC 2017 - mmeister@suse.com
|
||
|
||
- Fix (bsc#1032644)
|
||
|
||
Change lvm2 from Requires to Recommends
|
||
|
||
Docker usually uses a default storage driver, when it's not configured
|
||
explicitly. This default driver then depends on the underlying
|
||
system and gets chosen during installation.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 20 08:12:01 UTC 2017 - jmassaguerpla@suse.com
|
||
|
||
- Disable libseccomp for leap 42.1, sle12sp1 and sle12, because
|
||
docker needs a higher version. Otherwise, we get the error
|
||
"conditional filtering requires libseccomp version >= 2.2.1
|
||
(bsc#1028639 and bsc#1028638)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Mar 17 11:08:03 UTC 2017 - asarai@suse.com
|
||
|
||
- Add a backport of fix to AppArmor lazy loading docker-exec case.
|
||
https://github.com/docker/docker/pull/31773
|
||
+ pr31773-daemon-also-ensureDefaultApparmorProfile-in-exec-pat.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 8 00:48:46 UTC 2017 - asarai@suse.com
|
||
|
||
- Clean up docker-mount-secrets.patch to use the new swarm secrets internals of
|
||
Docker 1.13.0, which removes the need to implement any secret handling
|
||
ourselves. This resulted in a split up of the patch.
|
||
- docker-mount-secrets.patch
|
||
+ secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
|
||
+ secrets-0002-SUSE-implement-SUSE-container-secrets.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 6 15:31:02 UTC 2017 - jmassaguerpla@suse.com
|
||
|
||
- Remove old plugins.json to prevent docker-1.13 to fail to start
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 6 12:52:14 UTC 2017 - jmassaguerpla@suse.com
|
||
|
||
- Fix bsc#1026827: systemd TasksMax default throttles docker
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 6 10:09:14 UTC 2017 - jmassaguerpla@suse.com
|
||
|
||
- Fix post section by adding shadow as a package requirement
|
||
Otherwise the groupadd instruction fails
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Mar 5 04:54:52 UTC 2017 - asarai@suse.com
|
||
|
||
- Add patch to fix TestDaemonCommand failure in %check. This is an upstream
|
||
bug, and has an upstream PR to fix it https://github.com/docker/docker/pull/31549.
|
||
+ pr31549-cmd-docker-fix-TestDaemonCommand.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 1 15:59:40 UTC 2017 - jmassaguerpla@suse.com
|
||
|
||
- update docker to 1.13.0
|
||
|
||
see details in https://github.com/docker/docker/releases/tag/v1.13.0
|
||
|
||
- use the same buildflags for building docker and for building the
|
||
tests.
|
||
|
||
- enable pkcs11:
|
||
https://github.com/docker/docker/commit/37fa75b3447007bb8ea311f02610bb383b0db77f
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jan 27 12:30:18 UTC 2017 - bg@suse.com
|
||
|
||
- enable architecture s390x for openSUSE
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 26 15:43:38 UTC 2017 - jmassaguerpla@suse.com
|
||
|
||
- provide the oci runtime so that containers which were using an old
|
||
runtime option, when started on the new docker version, the runtime
|
||
is changed to the new one. fix bsc#1020806 bsc#1016992
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jan 13 13:56:15 UTC 2017 - jmassaguerpla@suse.com
|
||
|
||
- fix CVE-2016-9962 bsc#1012568 . Fix it by updating to 1.12.6
|
||
plus an extra commit to fix liverestore:
|
||
https://github.com/docker/docker/commit/97cd32a6a9076306baa637a29bba84c3f1f3d218
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 11 12:47:16 UTC 2017 - jmassaguerpla@suse.com
|
||
|
||
- add "a wait" when starting docker service to fix
|
||
bsc#1019251
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Dec 20 12:41:33 UTC 2016 - normand@linux.vnet.ibm.com
|
||
|
||
- remove netlink_gcc_go.patch after integration of PR
|
||
https://github.com/golang/go/issues/11707
|
||
- new boltdb_bolt_add_brokenUnaligned.patch for ppc64
|
||
waiting for https://github.com/boltdb/bolt/pull/635
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Dec 20 05:08:54 UTC 2016 - asarai@suse.com
|
||
|
||
- Remove old flags from dockerd's command-line, to be more inline with
|
||
upstream (now that docker-runc is provided by the runc package). -H is
|
||
dropped because upstream dropped it due to concerns with socket
|
||
activation.
|
||
- Remove socket activation entirely.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Dec 19 12:41:13 UTC 2016 - jmassaguerpla@suse.com
|
||
|
||
- update docker to 1.12.5 (bsc#1016307).
|
||
This fixes bsc#1015661
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Dec 5 14:52:02 UTC 2016 - jmassaguerpla@suse.com
|
||
|
||
- fix bash-completion
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Nov 29 21:57:08 UTC 2016 - jimmy@boombatower.com
|
||
|
||
- Add packageand(docker:bash) to bash-completion to match zsh-completion.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Nov 24 16:09:52 UTC 2016 - jmassaguerpla@suse.com
|
||
|
||
- fix runc and containerd revisions
|
||
fix bsc#1009961
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Oct 27 11:13:56 UTC 2016 - jmassaguerpla@suse.com
|
||
|
||
- update docker to 1.12.3
|
||
- fix bsc#1007249 - CVE-2016-8867: Fix ambient capability usage in containers
|
||
- other fixes:
|
||
https://github.com/docker/docker/releases/tag/v1.12.3
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Oct 13 11:15:17 UTC 2016 - jmassaguerpla@suse.com
|
||
|
||
- update docker to 1.12.2 (bsc#1004490). See changelog
|
||
|
||
https://github.com/docker/docker/blob/v1.12.2/CHANGELOG.md
|
||
|
||
- update docker-mount-secrets.patch to 1.12.2 code
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Oct 11 09:36:23 UTC 2016 - asarai@suse.com
|
||
|
||
- docker-mount-secrets.patch: change the internal mountpoint name to not use
|
||
":" as that character can be considered a special character by other tools.
|
||
bsc#999582
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Sep 19 11:56:15 UTC 2016 - jmassaguerpla@suse.com
|
||
|
||
- fix go_arches definition: use global instead of define, otherwise
|
||
it fails to build
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 14 09:41:57 UTC 2016 - asarai@suse.com
|
||
|
||
- Add dockerd(8) man page.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Sep 9 12:42:24 UTC 2016 - thipp@suse.de
|
||
|
||
- add missing patch to changelog
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 7 16:33:59 UTC 2016 - thipp@suse.de
|
||
|
||
- fix integration test case
|
||
- add integration-cli-fix-TestInfoEnsureSucceeds.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Sep 6 13:28:38 UTC 2016 - thipp@suse.de
|
||
|
||
- update rpmlintrc
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Sep 2 12:02:23 UTC 2016 - thipp@suse.de
|
||
|
||
- make test timeout configurable
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Sep 2 10:25:27 UTC 2016 - asarai@suse.com
|
||
|
||
- Remove noarch from docker-test, which was causing lots of fun issues when
|
||
trying to run them.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 30 09:07:19 UTC 2016 - jmassaguerpla@suse.com
|
||
|
||
- Fix build for ppc64le: use static libgo for dockerd and docker-proxy
|
||
as in docker build.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Aug 29 12:11:21 UTC 2016 - jmassaguerpla@suse.com
|
||
|
||
- Update docker to 1.12.1 (bsc#996015)
|
||
|
||
see changelog in https://github.com/docker/docker/releases/tag/v1.12.1
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 26 12:02:35 UTC 2016 - cbrauner@suse.de
|
||
|
||
- Add asaurin@suse.com's test.sh test script.
|
||
- Add integration test binary in docker.spec file. This is work done by
|
||
asaurin@suse.com.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 26 10:43:38 UTC 2016 - asarai@suse.com
|
||
|
||
- Package docker-proxy (which was split out of the docker binary in 1.12).
|
||
boo#995620
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 26 10:00:36 UTC 2016 - jmassaguerpla@suse.com
|
||
|
||
- fix bsc#995102 - Docker "migrator" prevents installing "docker",
|
||
if docker 1.9 was installed before but there were no images
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 26 08:49:15 UTC 2016 - asarai@suse.com
|
||
|
||
- Update docker.service file with several changes.
|
||
* Reapply fix for bsc#983015 (Limit*=infinity).
|
||
* Specify an "OCI" runtime for our runc package explicitly. bsc#978260
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 25 14:02:04 UTC 2016 - jmassaguerpla@suse.com
|
||
|
||
- remove disable-pprof-trace.patch: We can remove this patch because
|
||
we use go 1.6, either gcc6-go or gc-go. This patch was for gcc5-go
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 24 12:31:23 UTC 2016 - jmassaguerpla@suse.com
|
||
|
||
- add go_arches in project configuration: this way, we can use the
|
||
same spec file but decide in the project configuration if to
|
||
use gc-go or gcc-go for some archs.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 23 11:35:09 UTC 2016 - jmassaguerpla@suse.com
|
||
|
||
- use gcc6-go instead of gcc5-go (bsc#988408)
|
||
- build ppc64le with gc-go because this version builds with gc-go 1.6
|
||
- remove bnc964673-boltdb-metadata-recovery.patch because it has already
|
||
been merged
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 23 11:34:09 UTC 2016 - cbrauner@suse.com
|
||
|
||
- update to v1.12.0 (bsc#995058)
|
||
see detailed changelog at
|
||
https://github.com/docker/docker/releases/tag/v1.12.0
|
||
- disable test that fail in obs build context
|
||
- only run unit tests on architectures that provide the go list and go test
|
||
tools
|
||
- disable dockerd, parser, integration test, and devicemapper related tests
|
||
on versions below SLE12 and openSUSE_13.2
|
||
- bump test timeout to 10m (for aarch64)
|
||
- run unit tests during the build
|
||
- Adapt docker.service file.
|
||
- adapt install sections for gccgo builds: gccgo build are not built in separate
|
||
folders for client and daemon. They both reside in dyngccgo.
|
||
- gcc-go-patch: link against systemd when compiling the daemon.
|
||
- Add disable-pprof-trace.patch
|
||
pprof.Trace() is not available in go version <= 1.4 which we use to build SLES
|
||
packages. This patch comments out the pprof.Trace() section.
|
||
- update gcc-go-patch and docker-mount-secrets.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 23 11:34:09 UTC 2016 - tboerger@suse.com
|
||
|
||
- Fixed binary split, install both required binaries correctly
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 16 09:39:11 UTC 2016 - asarai@suse.com
|
||
|
||
* Explicitly state the version dependencies for runC and containerd, to
|
||
avoid potential issues with incompatible component versions. These
|
||
must be updated *each time we do a release*. bsc#993847
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jul 25 05:34:50 UTC 2016 - sflees@suse.de
|
||
|
||
- Don't exit mid install, add the ability to not restart the docker
|
||
service during certain updates with long migration phases
|
||
bsc#980555
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 19 17:03:32 UTC 2016 - jmassaguerpla@suse.com
|
||
|
||
- remove kernel dependency (bsc#987198)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 13 13:41:33 UTC 2016 - cbrauner@suse.de
|
||
|
||
- remove sysconfig.docker.ppc64le patch
|
||
setting iptables option on ppc64le works now (bsc#988707)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 5 17:52:58 UTC 2016 - jmassaguerpla@suse.com
|
||
|
||
- fix bsc#984942: audit.rules in docker-1.9.1-58.1.x86_64.rpm has a
|
||
syntax error
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 5 14:26:45 UTC 2016 - asarai@suse.com
|
||
|
||
* Update docker.service to include changes from upstream, including the
|
||
soon-to-be-merged patch https://github.com/docker/docker/pull/24307,
|
||
which fixes bnc#983015.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jun 24 00:23:57 UTC 2016 - dmueller@suse.com
|
||
|
||
- readd dropped declaration for patch200
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 8 14:42:08 UTC 2016 - asarai@suse.de
|
||
|
||
* Removed patches:
|
||
- cve-2016-3697-numeric-uid.patch (merged upstream in gh@docker/docker#22998).
|
||
* Update Docker to 1.11.2. (bsc#989566) Changelog from upstream:
|
||
|
||
* Networking
|
||
* Fix a stale endpoint issue on overlay networks during ungraceful restart
|
||
(#23015)
|
||
* Fix an issue where the wrong port could be reported by docker
|
||
inspect/ps/port (#22997)
|
||
|
||
* Runtime
|
||
* Fix a potential panic when running docker build (#23032)
|
||
* Fix interpretation of --user parameter (#22998)
|
||
* Fix a bug preventing container statistics to be correctly reported (#22955)
|
||
* Fix an issue preventing container to be restarted after daemon restart
|
||
(#22947)
|
||
* Fix issues when running 32 bit binaries on Ubuntu 16.04 (#22922)
|
||
* Fix a possible deadlock on image deletion and container attach (#22918)
|
||
* Fix an issue where containers fail to start after a daemon restart if they
|
||
depend on a containerized cluster store (#22561)
|
||
* Fix an issue causing docker ps to hang on CentOS when using devicemapper
|
||
(#22168, #23067)
|
||
* Fix a bug preventing to docker exec into a container when using
|
||
devicemapper (#22168, #23067)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri May 20 10:26:39 UTC 2016 - jmassaguerpla@suse.com
|
||
|
||
- Fix udev files ownership
|
||
|
||
-------------------------------------------------------------------
|
||
Thu May 19 13:43:44 UTC 2016 - tchvatal@suse.com
|
||
|
||
- Pass over with spec-cleaner, no factual changes
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 18 14:21:09 UTC 2016 - asarai@suse.de
|
||
|
||
* Make sure we *always* build unstripped Go binaries.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon May 16 13:55:07 UTC 2016 - asarai@suse.de
|
||
|
||
* Add a patch to fix database soft corruption issues if the Docker dameon dies
|
||
in a bad state. There is a PR upstream to vendor Docker to have this fix as
|
||
well, but it probably won't get in until 1.11.2. bnc#964673
|
||
(https://github.com/docker/docker/pull/22765)
|
||
|
||
+ bnc964673-boltdb-metadata-recovery.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Mon May 2 07:40:22 UTC 2016 - asarai@suse.de
|
||
|
||
* Remove conditional Patch directive for SUSE secrets, since conditionally
|
||
including patches results in incompatible .src.rpms. The patch is still
|
||
applied conditionally.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 29 09:04:54 UTC 2016 - asarai@suse.de
|
||
|
||
* Update to Docker 1.11.1. Changelog from upstream:
|
||
|
||
* Distribution
|
||
- Fix schema2 manifest media type to be of type `application/vnd.docker.container.image.v1+json` ([#21949](https://github.com/docker/docker/pull/21949))
|
||
|
||
* Documentation
|
||
+ Add missing API documentation for changes introduced with 1.11.0 ([#22048](https://github.com/docker/docker/pull/22048))
|
||
|
||
* Builder
|
||
* Append label passed to `docker build` as arguments as an implicit `LABEL` command at the end of the processed `Dockerfile` ([#22184](https://github.com/docker/docker/pull/22184))
|
||
|
||
* Networking
|
||
- Fix a panic that would occur when forwarding DNS query ([#22261](https://github.com/docker/docker/pull/22261))
|
||
- Fix an issue where OS threads could end up within an incorrect network namespace when using user defined networks ([#22261](https://github.com/docker/docker/pull/22261))
|
||
|
||
* Runtime
|
||
- Fix a bug preventing labels configuration to be reloaded via the config file ([#22299](https://github.com/docker/docker/pull/22299))
|
||
- Fix a regression where container mounting `/var/run` would prevent other containers from being removed ([#22256](https://github.com/docker/docker/pull/22256))
|
||
- Fix an issue where it would be impossible to update both `memory-swap` and `memory` value together ([#22255](https://github.com/docker/docker/pull/22255))
|
||
- Fix a regression from 1.11.0 where the `/auth` endpoint would not initialize `serveraddress` if it is not provided ([#22254](https://github.com/docker/docker/pull/22254))
|
||
- Add missing cleanup of container temporary files when cancelling a schedule restart ([#22237](https://github.com/docker/docker/pull/22237))
|
||
- Removed scary error message when no restart policy is specified ([#21993](https://github.com/docker/docker/pull/21993))
|
||
- Fix a panic that would occur when the plugins were activated via the json spec ([#22191](https://github.com/docker/docker/pull/22191))
|
||
- Fix restart backoff logic to correctly reset delay if container ran for at least 10secs ([#22125](https://github.com/docker/docker/pull/22125))
|
||
- Remove error message when a container restart get cancelled ([#22123](https://github.com/docker/docker/pull/22123))
|
||
- Fix an issue where `docker` would not correcly clean up after `docker exec` ([#22121](https://github.com/docker/docker/pull/22121))
|
||
- Fix a panic that could occur when servicing concurrent `docker stats` commands ([#22120](https://github.com/docker/docker/pull/22120))`
|
||
- Revert deprecation of non-existing host directories auto-creation ([#22065](https://github.com/docker/docker/pull/22065))
|
||
- Hide misleading rpc error on daemon shutdown ([#22058](https://github.com/docker/docker/pull/22058))
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 27 10:29:47 UTC 2016 - jmassaguerpla@suse.com
|
||
|
||
- Fix go version to 1.5 (bsc#977394)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 22 10:43:37 UTC 2016 - asarai@suse.de
|
||
|
||
- Add patch to fix vulnerability in Docker <= 1.11.0. This patch is upstream,
|
||
but was merged after the 1.11.0 merge window. CVE-2016-3697. bsc#976777.
|
||
+ cve-2016-3697-numeric-uid.patch
|
||
The upstream PR is here[1] and was vendored into Docker here[2].
|
||
|
||
[1]: https://github.com/opencontainers/runc/pull/708
|
||
[2]: https://github.com/docker/docker/pull/21665
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 18 19:33:56 UTC 2016 - mpluskal@suse.com
|
||
|
||
- Supplemnent zsh from zsh-completion
|
||
* zsh-completion will be automatically installed if zsh and
|
||
docker are installed
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 18 15:44:11 UTC 2016 - jmassaguerpla@suse.com
|
||
|
||
- Remove gcc5_socker_workaround.patch: This patch is not needed anymore
|
||
since gcc5 has been updated in all platforms
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 18 06:19:18 UTC 2016 - asarai@suse.de
|
||
|
||
* Removed patches that have been fixed upstream and in gcc-go:
|
||
- boltdb_bolt_powerpc.patch
|
||
- fix-apparmor.patch
|
||
- fix-btrfs-ioctl-structure.patch
|
||
- fix-docker-init.patch
|
||
- libnetwork_drivers_bridge_powerpc.patch
|
||
- ignore-dockerinit-checksum.patch
|
||
* Require containerd, as it is the only currently supported Docker execdriver.
|
||
* Update docker.socket to require containerd.socket and use --containerd in
|
||
docker.service so that the services are self-contained.
|
||
* Update to Docker 1.11.0. Changelog from upstream:
|
||
|
||
* Builder
|
||
- Fix a bug where Docker would not used the correct uid/gid when processing the `WORKDIR` command ([#21033](https://github.com/docker/docker/pull/21033))
|
||
- Fix a bug where copy operations with userns would not use the proper uid/gid ([#20782](https://github.com/docker/docker/pull/20782), [#21162](https://github.com/docker/docker/pull/21162))
|
||
|
||
* Client
|
||
* Usage of the `:` separator for security option has been deprecated. `=` should be used instead ([#21232](https://github.com/docker/docker/pull/21232))
|
||
+ The client user agent is now passed to the registry on `pull`, `build`, `push`, `login` and `search` operations ([#21306](https://github.com/docker/docker/pull/21306), [#21373](https://github.com/docker/docker/pull/21373))
|
||
* Allow setting the Domainname and Hostname separately through the API ([#20200](https://github.com/docker/docker/pull/20200))
|
||
* Docker info will now warn users if it can not detect the kernel version or the operating system ([#21128](https://github.com/docker/docker/pull/21128))
|
||
- Fix an issue where `docker stats --no-stream` output could be all 0s ([#20803](https://github.com/docker/docker/pull/20803))
|
||
- Fix a bug where some newly started container would not appear in a running `docker stats` command ([#20792](https://github.com/docker/docker/pull/20792))
|
||
* Post processing is no longer enabled for linux-cgo terminals ([#20587](https://github.com/docker/docker/pull/20587))
|
||
- Values to `--hostname` are now refused if they do not comply with [RFC1123](https://tools.ietf.org/html/rfc1123) ([#20566](https://github.com/docker/docker/pull/20566))
|
||
+ Docker learned how to use a SOCKS proxy ([#20366](https://github.com/docker/docker/pull/20366), [#18373](https://github.com/docker/docker/pull/18373))
|
||
+ Docker now supports external credential stores ([#20107](https://github.com/docker/docker/pull/20107))
|
||
* `docker ps` now supports displaying the list of volumes mounted inside a container ([#20017](https://github.com/docker/docker/pull/20017))
|
||
* `docker info` now also report Docker's root directory location ([#19986](https://github.com/docker/docker/pull/19986))
|
||
- Docker now prohibits login in with an empty username (spaces are trimmed) ([#19806](https://github.com/docker/docker/pull/19806))
|
||
* Docker events attributes are now sorted by key ([#19761](https://github.com/docker/docker/pull/19761))
|
||
* `docker ps` no longer show exported port for stopped containers ([#19483](https://github.com/docker/docker/pull/19483))
|
||
- Docker now cleans after itself if a save/export command fails ([#17849](https://github.com/docker/docker/pull/17849))
|
||
* Docker load learned how to display a progress bar ([#17329](https://github.com/docker/docker/pull/17329), [#120078](https://github.com/docker/docker/pull/20078))
|
||
|
||
* Distribution
|
||
- Fix a panic that occurred when pulling an images with 0 layers ([#21222](https://github.com/docker/docker/pull/21222))
|
||
- Fix a panic that could occur on error while pushing to a registry with a misconfigured token service ([#21212](https://github.com/docker/docker/pull/21212))
|
||
+ All first-level delegation roles are now signed when doing a trusted push ([#21046](https://github.com/docker/docker/pull/21046))
|
||
+ OAuth support for registries was added ([#20970](https://github.com/docker/docker/pull/20970))
|
||
* `docker login` now handles token using the implementation found in [docker/distribution](https://github.com/docker/distribution) ([#20832](https://github.com/docker/docker/pull/20832))
|
||
* `docker login` will no longer prompt for an email ([#20565](https://github.com/docker/docker/pull/20565))
|
||
* Docker will now fallback to registry V1 if no basic auth credentials are available ([#20241](https://github.com/docker/docker/pull/20241))
|
||
* Docker will now try to resume layer download where it left off after a network error/timeout ([#19840](https://github.com/docker/docker/pull/19840))
|
||
- Fix generated manifest mediaType when pushing cross-repository ([#19509](https://github.com/docker/docker/pull/19509))
|
||
- Fix docker requesting additional push credentials when pulling an image if Content Trust is enabled ([#20382](https://github.com/docker/docker/pull/20382))
|
||
|
||
* Logging
|
||
- Fix a race in the journald log driver ([#21311](https://github.com/docker/docker/pull/21311))
|
||
* Docker syslog driver now uses the RFC-5424 format when emitting logs ([#20121](https://github.com/docker/docker/pull/20121))
|
||
* Docker GELF log driver now allows to specify the compression algorithm and level via the `gelf-compression-type` and `gelf-compression-level` options ([#19831](https://github.com/docker/docker/pull/19831))
|
||
* Docker daemon learned to output uncolorized logs via the `--raw-logs` options ([#19794](https://github.com/docker/docker/pull/19794))
|
||
+ Docker, on Windows platform, now includes an ETW (Event Tracing in Windows) logging driver named `etwlogs` ([#19689](https://github.com/docker/docker/pull/19689))
|
||
* Journald log driver learned how to handle tags ([#19564](https://github.com/docker/docker/pull/19564))
|
||
+ The fluentd log driver learned the following options: `fluentd-address`, `fluentd-buffer-limit`, `fluentd-retry-wait`, `fluentd-max-retries` and `fluentd-async-connect` ([#19439](https://github.com/docker/docker/pull/19439))
|
||
+ Docker learned to send log to Google Cloud via the new `gcplogs` logging driver. ([#18766](https://github.com/docker/docker/pull/18766))
|
||
|
||
* Misc
|
||
+ When saving linked images together with `docker save` a subsequent `docker load` will correctly restore their parent/child relationship ([#21385](https://github.com/docker/docker/pull/c))
|
||
+ Support for building the Docker cli for OpenBSD was added ([#21325](https://github.com/docker/docker/pull/21325))
|
||
+ Labels can now be applied at network, volume and image creation ([#21270](https://github.com/docker/docker/pull/21270))
|
||
* The `dockremap` is now created as a system user ([#21266](https://github.com/docker/docker/pull/21266))
|
||
- Fix a few response body leaks ([#21258](https://github.com/docker/docker/pull/21258))
|
||
- Docker, when run as a service with systemd, will now properly manage its processes cgroups ([#20633](https://github.com/docker/docker/pull/20633))
|
||
* Docker info now reports the value of cgroup KernelMemory or emits a warning if it is not supported ([#20863](https://github.com/docker/docker/pull/20863))
|
||
* Docker info now also reports the cgroup driver in use ([#20388](https://github.com/docker/docker/pull/20388))
|
||
* Docker completion is now available on PowerShell ([#19894](https://github.com/docker/docker/pull/19894))
|
||
* `dockerinit` is no more ([#19490](https://github.com/docker/docker/pull/19490),[#19851](https://github.com/docker/docker/pull/19851))
|
||
+ Support for building Docker on arm64 was added ([#19013](https://github.com/docker/docker/pull/19013))
|
||
+ Experimental support for building docker.exe in a native Windows Docker installation ([#18348](https://github.com/docker/docker/pull/18348))
|
||
|
||
* Networking
|
||
- Fix panic if a node is forcibly removed from the cluster ([#21671](https://github.com/docker/docker/pull/21671))
|
||
- Fix "error creating vxlan interface" when starting a container in a Swarm cluster ([#21671](https://github.com/docker/docker/pull/21671))
|
||
* `docker network inspect` will now report all endpoints whether they have an active container or not ([#21160](https://github.com/docker/docker/pull/21160))
|
||
+ Experimental support for the MacVlan and IPVlan network drivers have been added ([#21122](https://github.com/docker/docker/pull/21122))
|
||
* Output of `docker network ls` is now sorted by network name ([#20383](https://github.com/docker/docker/pull/20383))
|
||
- Fix a bug where Docker would allow a network to be created with the reserved `default` name ([#19431](https://github.com/docker/docker/pull/19431))
|
||
* `docker network inspect` returns whether a network is internal or not ([#19357](https://github.com/docker/docker/pull/19357))
|
||
+ Control IPv6 via explicit option when creating a network (`docker network create --ipv6`). This shows up as a new `EnableIPv6` field in `docker network inspect` ([#17513](https://github.com/docker/docker/pull/17513))
|
||
* Support for AAAA Records (aka IPv6 Service Discovery) in embedded DNS Server ([#21396](https://github.com/docker/docker/pull/21396))
|
||
- Fix to not forward docker domain IPv6 queries to external servers ([#21396](https://github.com/docker/docker/pull/21396))
|
||
* Multiple A/AAAA records from embedded DNS Server for DNS Round robin ([#21019](https://github.com/docker/docker/pull/21019))
|
||
- Fix endpoint count inconsistency after an ungraceful dameon restart ([#21261](https://github.com/docker/docker/pull/21261))
|
||
- Move the ownership of exposed ports and port-mapping options from Endpoint to Sandbox ([#21019](https://github.com/docker/docker/pull/21019))
|
||
- Fixed a bug which prevents docker reload when host is configured with ipv6.disable=1 ([#21019](https://github.com/docker/docker/pull/21019))
|
||
- Added inbuilt nil IPAM driver ([#21019](https://github.com/docker/docker/pull/21019))
|
||
- Fixed bug in iptables.Exists() logic [#21019](https://github.com/docker/docker/pull/21019)
|
||
- Fixed a Veth interface leak when using overlay network ([#21019](https://github.com/docker/docker/pull/21019))
|
||
- Fixed a bug which prevents docker reload after a network delete during shutdown ([#20214](https://github.com/docker/docker/pull/20214))
|
||
- Make sure iptables chains are recreated on firewalld reload ([#20419](https://github.com/docker/docker/pull/20419))
|
||
- Allow to pass global datastore during config reload ([#20419](https://github.com/docker/docker/pull/20419))
|
||
- For anonymous containers use the alias name for IP to name mapping, ie:DNS PTR record ([#21019](https://github.com/docker/docker/pull/21019))
|
||
- Fix a panic when deleting an entry from /etc/hosts file ([#21019](https://github.com/docker/docker/pull/21019))
|
||
- Source the forwarded DNS queries from the container net namespace ([#21019](https://github.com/docker/docker/pull/21019))
|
||
- Fix to retain the network internal mode config for bridge networks on daemon reload ([#21780] (https://github.com/docker/docker/pull/21780))
|
||
- Fix to retain IPAM driver option configs on daemon reload ([#21914] (https://github.com/docker/docker/pull/21914))
|
||
|
||
* Plugins
|
||
- Fix a file descriptor leak that would occur every time plugins were enumerated ([#20686](https://github.com/docker/docker/pull/20686))
|
||
- Fix an issue where Authz plugin would corrupt the payload body when faced with a large amount of data ([#20602](https://github.com/docker/docker/pull/20602))
|
||
|
||
* Runtime
|
||
- Fix a panic that could occur when cleanup after a container started with invalid parameters ([#21716](https://github.com/docker/docker/pull/21716))
|
||
- Fix a race with event timers stopping early ([#21692](https://github.com/docker/docker/pull/21692))
|
||
- Fix race conditions in the layer store, potentially corrupting the map and crashing the process ([#21677](https://github.com/docker/docker/pull/21677))
|
||
- Un-deprecate auto-creation of host directories for mounts. This feature was marked deprecated in ([#21666](https://github.com/docker/docker/pull/21666))
|
||
Docker 1.9, but was decided to be too much of an backward-incompatible change, so it was decided to keep the feature.
|
||
+ It is now possible for containers to share the NET and IPC namespaces when `userns` is enabled ([#21383](https://github.com/docker/docker/pull/21383))
|
||
+ `docker inspect <image-id>` will now expose the rootfs layers ([#21370](https://github.com/docker/docker/pull/21370))
|
||
+ Docker Windows gained a minimal `top` implementation ([#21354](https://github.com/docker/docker/pull/21354))
|
||
* Docker learned to report the faulty exe when a container cannot be started due to its condition ([#21345](https://github.com/docker/docker/pull/21345))
|
||
* Docker with device mapper will now refuse to run if `udev sync` is not available ([#21097](https://github.com/docker/docker/pull/21097))
|
||
- Fix a bug where Docker would not validate the config file upon configuration reload ([#21089](https://github.com/docker/docker/pull/21089))
|
||
- Fix a hang that would happen on attach if initial start was to fail ([#21048](https://github.com/docker/docker/pull/21048))
|
||
- Fix an issue where registry service options in the daemon configuration file were not properly taken into account ([#21045](https://github.com/docker/docker/pull/21045))
|
||
- Fix a race between the exec and resize operations ([#21022](https://github.com/docker/docker/pull/21022))
|
||
- Fix an issue where nanoseconds were not correctly taken in account when filtering Docker events ([#21013](https://github.com/docker/docker/pull/21013))
|
||
- Fix the handling of Docker command when passed a 64 bytes id ([#21002](https://github.com/docker/docker/pull/21002))
|
||
* Docker will now return a `204` (i.e http.StatusNoContent) code when it successfully deleted a network ([#20977](https://github.com/docker/docker/pull/20977))
|
||
- Fix a bug where the daemon would wait indefinitely in case the process it was about to killed had already exited on its own ([#20967](https://github.com/docker/docker/pull/20967)
|
||
* The devmapper driver learned the `dm.min_free_space` option. If the mapped device free space reaches the passed value, new device creation will be prohibited. ([#20786](https://github.com/docker/docker/pull/20786))
|
||
+ Docker can now prevent processes in container to gain new privileges via the `--security-opt=no-new-privileges` flag ([#20727](https://github.com/docker/docker/pull/20727))
|
||
- Starting a container with the `--device` option will now correctly resolves symlinks ([#20684](https://github.com/docker/docker/pull/20684))
|
||
+ Docker now relies on [`containerd`](https://github.com/docker/containerd) and [`runc`](https://github.com/opencontainers/runc) to spawn containers. ([#20662](https://github.com/docker/docker/pull/20662))
|
||
- Fix docker configuration reloading to only alter value present in the given config file ([#20604](https://github.com/docker/docker/pull/20604))
|
||
+ Docker now allows setting a container hostname via the `--hostname` flag when `--net=host` ([#20177](https://github.com/docker/docker/pull/20177))
|
||
+ Docker now allows executing privileged container while running with `--userns-remap` if both `--privileged` and the new `--userns=host` flag are specified ([#20111](https://github.com/docker/docker/pull/20111))
|
||
- Fix Docker not cleaning up correctly old containers upon restarting after a crash ([#19679](https://github.com/docker/docker/pull/19679))
|
||
* Docker will now error out if it doesn't recognize a configuration key within the config file ([#19517](https://github.com/docker/docker/pull/19517))
|
||
- Fix container loading, on daemon startup, when they depends on a plugin running within a container ([#19500](https://github.com/docker/docker/pull/19500))
|
||
* `docker update` learned how to change a container restart policy ([#19116](https://github.com/docker/docker/pull/19116))
|
||
* `docker inspect` now also returns a new `State` field containing the container state in a human readable way (i.e. one of `created`, `restarting`, `running`, `paused`, `exited` or `dead`)([#18966](https://github.com/docker/docker/pull/18966))
|
||
+ Docker learned to limit the number of active pids (i.e. processes) within the container via the `pids-limit` flags. NOTE: This requires `CGROUP_PIDS=y` to be in the kernel configuration. ([#18697](https://github.com/docker/docker/pull/18697))
|
||
- `docker load` now has a `--quiet` option to suppress the load output ([#20078](https://github.com/docker/docker/pull/20078))
|
||
- Fix a bug in neighbor discovery for IPv6 peers ([#20842](https://github.com/docker/docker/pull/20842))
|
||
- Fix a panic during cleanup if a container was started with invalid options ([#21802](https://github.com/docker/docker/pull/21802))
|
||
- Fix a situation where a container cannot be stopped if the terminal is closed ([#21840](https://github.com/docker/docker/pull/21840))
|
||
|
||
* Security
|
||
* Object with the `pcp_pmcd_t` selinux type were given management access to `/var/lib/docker(/.*)?` ([#21370](https://github.com/docker/docker/pull/21370))
|
||
* `restart_syscall`, `copy_file_range`, `mlock2` joined the list of allowed calls in the default seccomp profile ([#21117](https://github.com/docker/docker/pull/21117), [#21262](https://github.com/docker/docker/pull/21262))
|
||
* `send`, `recv` and `x32` were added to the list of allowed syscalls and arch in the default seccomp profile ([#19432](https://github.com/docker/docker/pull/19432))
|
||
* Docker Content Trust now requests the server to perform snapshot signing ([#21046](https://github.com/docker/docker/pull/21046))
|
||
* Support for using YubiKeys for Content Trust signing has been moved out of experimental ([#21591](https://github.com/docker/docker/pull/21591))
|
||
|
||
* Volumes
|
||
* Output of `docker volume ls` is now sorted by volume name ([#20389](https://github.com/docker/docker/pull/20389))
|
||
* Local volumes can now accepts options similar to the unix `mount` tool ([#20262](https://github.com/docker/docker/pull/20262))
|
||
- Fix an issue where one letter directory name could not be used as source for volumes ([#21106](https://github.com/docker/docker/pull/21106))
|
||
+ `docker run -v` now accepts a new flag `nocopy`. This tell the runtime not to copy the container path content into the volume (which is the default behavior) ([#21223](https://github.com/docker/docker/pull/21223))
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 13 11:16:51 UTC 2016 - jmassaguerpla@suse.com
|
||
|
||
- docker.spec: apply gcc5 socket patch also for sle12 and leap
|
||
because gcc5 has been updated there as well.
|
||
|
||
- docker.spec: add a "is_opensuse" check for the mount-secrets patch.
|
||
This way we can use this same package for opensuse.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 8 13:27:55 UTC 2016 - dmueller@suse.com
|
||
|
||
- use go-lang for aarch64:
|
||
- drop fix_platform_type_arm.patch (works around a gcc-go bug, so
|
||
unnecessary)
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Apr 7 09:35:40 UTC 2016 - asarai@suse.de
|
||
|
||
- Add patch from upstream (https://github.com/docker/docker/pull/21723) to fix
|
||
compilation on Factory and Tumbleweed (which have btrfsprogs >= 4.5).
|
||
+ fix-btrfs-ioctl-structure.patch bnc#974208
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Mar 22 15:27:26 UTC 2016 - fcastelli@suse.com
|
||
|
||
- Changed systemd unit file and default sysconfig file to include network options,
|
||
this is needed to get SDN like flannel to work
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Mar 15 09:16:55 UTC 2016 - asarai@suse.de
|
||
|
||
- docker.spec: update warning to mention that /etc/sysconfig/docker is sourced
|
||
by the migration script.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 14 10:20:19 UTC 2016 - asarai@suse.de
|
||
|
||
- docker.spec: only Reccomends: the docker-image-migrator package as it is no
|
||
longer required for our ugly systemctl hacks.
|
||
- docker.spec: fix up documentation to refer to the script you need to run in
|
||
the migrator package.
|
||
- docker.spec: print a warning if you force the DOCKER_FORCE_INSTALL option.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Mar 11 08:44:46 UTC 2016 - asarai@suse.de
|
||
|
||
- spec: switch to new done file name from docker-image-migrator
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Mar 11 08:41:49 UTC 2016 - jmassaguerpla@suse.com
|
||
|
||
- update to docker 1.10.3 (bnc#970637)
|
||
Runtime
|
||
Fix Docker client exiting with an "Unrecognized input header" error #20706
|
||
Fix Docker exiting if Exec is started with both AttachStdin and Detach #20647
|
||
Distribution
|
||
Fix a crash when pushing multiple images sharing the same layers to the same repository in parallel #20831
|
||
Fix a panic when pushing images to a registry which uses a misconfigured token service #21030
|
||
Plugin system
|
||
Fix issue preventing volume plugins to start when SELinux is enabled #20834
|
||
Prevent Docker from exiting if a volume plugin returns a null response for Get requests #20682
|
||
Fix plugin system leaking file descriptors if a plugin has an error #20680
|
||
Security
|
||
Fix linux32 emulation to fail during docker build #20672 It was due to the personality syscall being blocked by the default seccomp profile.
|
||
Fix Oracle XE 10g failing to start in a container #20981 It was due to the ipc syscall being blocked by the default seccomp profile.
|
||
Fix user namespaces not working on Linux From Scratch #20685
|
||
Fix issue preventing daemon to start if userns is enabled and the subuid or subgid files contain comments #20725
|
||
|
||
More at https://github.com/docker/docker/releases/tag/v1.10.3
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 10 13:52:54 UTC 2016 - asarai@suse.de
|
||
|
||
- spec: improve file-based migration checks to make sure that it doesn't cause
|
||
errors if running on a /var/lib/docker without /var/lib/docker/graph.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 9 13:45:14 UTC 2016 - asarai@suse.de
|
||
|
||
- spec: implement file-based migration checks. The migrator will be updated to
|
||
match the warning message's instructions. This looks like it works with my
|
||
testing.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 7 14:09:17 UTC 2016 - normand@linux.vnet.ibm.com
|
||
|
||
- more patches to build on ppc64 architecture
|
||
update netlink_gcc_go.patch
|
||
new netlink_netns_powerpc.patch
|
||
new boltdb_bolt_powerpc.patch
|
||
new libnetwork_drivers_bridge_powerpc.patch to replace
|
||
deleted fix-ppc64le.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Mar 1 17:54:41 UTC 2016 - jmassaguerpla@suse.com
|
||
|
||
- fix bsc#968972 - let docker manage the cgroups of the processes
|
||
that it launches without systemd
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Mar 1 15:28:56 UTC 2016 - jmassaguerpla@suse.com
|
||
|
||
- Require docker-image-migrator (bnc#968933)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 23 08:55:17 UTC 2016 - jmassaguerpla@suse.com
|
||
|
||
Update to version 1.10.2 (bnc#968933)
|
||
|
||
- Runtime
|
||
Prevent systemd from deleting containers' cgroups when its configuration is reloaded #20518
|
||
Fix SELinux issues by disregarding --read-only when mounting /dev/mqueue #20333
|
||
Fix chown permissions used during docker cp when userns is used #20446
|
||
Fix configuration loading issue with all booleans defaulting to true #20471
|
||
Fix occasional panic with docker logs -f #20522
|
||
|
||
- Distribution
|
||
Keep layer reference if deletion failed to avoid a badly inconsistent state #20513
|
||
Handle gracefully a corner case when canceling migration #20372
|
||
Fix docker import on compressed data #20367
|
||
Fix tar-split files corruption during migration that later cause docker push and docker save to fail #20458
|
||
|
||
- Networking
|
||
Fix daemon crash if embedded DNS is sent garbage #20510
|
||
|
||
- Volumes
|
||
Fix issue with multiple volume references with same name #20381
|
||
|
||
- Security
|
||
Fix potential cache corruption and delegation conflict issues #20523
|
||
|
||
link to changelog:
|
||
|
||
https://github.com/docker/docker/blob/v1.10.2/CHANGELOG.md
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 15 09:48:41 UTC 2016 - asarai@suse.com
|
||
|
||
- fix-apparmor.patch: switch to a backported version of docker/docker#20305,
|
||
which also fixes several potential issues if the major version of apparmor
|
||
changes.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 15 08:35:43 UTC 2016 - asarai@suse.com
|
||
|
||
- Remove 1.10.0 tarball.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Feb 12 16:04:19 UTC 2016 - jmassaguerpla@suse.com
|
||
|
||
- Update to docker 1.10.1
|
||
It includes some fixes to 1.10.0, see detailed changelog in
|
||
|
||
https://github.com/docker/docker/blob/v1.10.1/CHANGELOG.md
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 9 17:24:46 UTC 2016 - jmassaguerpla@suse.com
|
||
|
||
- Update docker to 1.10.0 (bnc#965918)
|
||
|
||
Add usernamespace support
|
||
Add support for custom seccomp profiles
|
||
Improvements in network and volume management
|
||
|
||
detailed changelog in
|
||
|
||
https://github.com/docker/docker/blob/590d5108bbdaabb05af590f76c9757daceb6d02e/CHANGELOG.md
|
||
|
||
- removed patches, because code has been merged in 1.10.0 release:
|
||
libcontainer-apparmor-fixes.patch: see: https://github.com/docker/docker/blob/release/v1.10/contrib/apparmor/template.go
|
||
fix_bnc_958255.patch: see https://github.com/docker/docker/commit/2b4f64e59018c21aacbf311d5c774dd5521b5352
|
||
use_fs_cgroups_by_default.patch
|
||
fix_cgroup.parent_path_sanitisation.patch
|
||
add_bolt_ppc64.patch
|
||
add_bolt_arm64.patch
|
||
add_bolt_s390x.patch
|
||
|
||
- remove gcc-go-build-static-libgo.patch: This has been replace by gcc-go-patches.patch
|
||
|
||
- removed patches, because arm and ppc are not build using the dynbinary target, but the dyngccgo one:
|
||
docker_remove_journald_to_fix_dynbinary_build_on_arm.patch
|
||
docker_remove_journald_to_fix_dynbinary_build_on_powerpc.patch
|
||
docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch
|
||
|
||
- added patches:
|
||
fix_platform_type_arm.patch: fix build for arm64 and aarch64: set utsname as uint8 for arm64 and aarch64
|
||
gcc5_socket_workaround.patch: gcc5-go in Tumbleweed includes this commit
|
||
https://github.com/golang/gofrontend/commit/a850225433a66a58613c22185c3b09626f5545eb
|
||
Which "fixes" the data type for RawSockaddr.Data
|
||
However, docker now expects the "wrong" data type, since docker had a workaround
|
||
for that issue.
|
||
Thus, we need to workaround the workaround in tumbleweed
|
||
netlink_gcc_go.patch: add constants for syscalls TUNSETIFF and TUNSETPERSIST to fix a gcc issue.
|
||
This is a workaround for bnc#964468: gcc-go can no longer compile Docker.
|
||
fix-apparmor.patch: fix https://github.com/docker/docker/issues/20269 . It affects SLE12 which has apparmor
|
||
version 2.8 and not openSUSE which has version 2.9.
|
||
fix-ppc64le.patch: Build netlink driver using int8 and not uint8 for the data structure
|
||
|
||
|
||
- reviewed patches:
|
||
ignore-dockerinit-checksum.patch: review context in patch
|
||
fix-docker-init.patch: review patch because build method has been changed in spec file for gcc-go
|
||
gcc-go-patches.patch: review context in patch
|
||
|
||
- Build requires go >= 1.5: For version 1.9, we could use Go 1.4.3
|
||
see GO_VERSION https://github.com/docker/docker/blob/release/v1.9/Dockerfile
|
||
However, for version 1.10, we need go 1.5.3
|
||
see GO_VERSION https://github.com/docker/docker/blob/release/v1.10/Dockerfile
|
||
|
||
- fix bnc#965600 - SLES12 SP1 - Static shared memory limit in container
|
||
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 9 13:24:34 UTC 2016 - asarai@suse.com
|
||
|
||
- docker-mount-secrets.patch: fix up this patch to work on Docker 1.10
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 27 11:57:59 UTC 2016 - asarai@suse.com
|
||
|
||
- docker-mount-secrets.patch: properly register /run/secrets as a
|
||
mountpoint, so that it is unmounted properly when the container
|
||
is removed and thus container removal works. (bnc#963142)
|
||
- docker-mount-secrets.patch: in addition, add some extra debugging
|
||
information to the secrets patch.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 27 09:42:59 UTC 2016 - asarai@suse.com
|
||
|
||
- fix_json_econnreset_bug.patch: fix JSON bug that causes containers to not start
|
||
in weird circumstances. https://github.com/docker/docker/issues/14203
|
||
-------------------------------------------------------------------
|
||
Wed Dec 23 11:10:54 UTC 2015 - fcastelli@suse.com jmassaguerpla@suse.com
|
||
|
||
- fix_bnc_958255.patch: fix Docker creates strange apparmor profile
|
||
(bnc#958255)
|
||
- use_fs_cgroups_by_default.patch: Use fs cgroups by default:
|
||
https://github.com/docker/docker/commit/419fd7449fe1a984f582731fcd4d9455000846b0
|
||
- fix_cgroup.parent_path_sanitisation.patch: fix cgroup.Parent path
|
||
sanitisation:
|
||
https://github.com/opencontainers/runc/commit/bf899fef451956be4abd63de6d6141d9f9096a02
|
||
- Add rules for auditd. This is required to fix bnc#959405
|
||
- Remove 7 patches, add 6 and modify 1, after 1.9.1 upgrade
|
||
* Removed:
|
||
- docker_missing_ppc64le_netlink_linux_files.patch: the code that this
|
||
bug refers to has benn removed upstream
|
||
- docker_rename_jump_amd64_as_jump_linux.patch: the code that this bug
|
||
refers to has been removed upstream
|
||
- Remove fix_15279.patch: code has been merged upstream
|
||
- Remove add_missing_syscall_for_s390x.patch: code has been merged upstream
|
||
- Remove fix_incompatible_assignment_error_bnc_950931.patch: code has been
|
||
merged upstream
|
||
- Remove fix_libsecomp_error_bnc_950931.patch: the code that this bug refers to
|
||
has been removed upstream
|
||
- Remove gcc5_socket_workaround.patch: Code has been fixed. Building with
|
||
this patch is giving the error we were trying to fix, implying that the
|
||
code has been fixed somewhere else.
|
||
* Added:
|
||
- add_bolt_ppc64.patch
|
||
- add_bolt_arm64.patch
|
||
- docker_remove_journald_to_fix_dynbinary_build_on_arm.patch
|
||
- docker_remove_journald_to_fix_dynbinary_build_on_powerpc.patch
|
||
- docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch
|
||
- gcc-go-build-static-libgo.patch: enable static linking of libgo in ggc-go
|
||
In order to do this, we had to work-around an issue from gcc-go:
|
||
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69357
|
||
* Modify:
|
||
- Upgrade to 1.9.1(bnc#956434)
|
||
* Runtime:
|
||
- Do not prevent daemon from booting if images could not be restored
|
||
(#17695)
|
||
- Force IPC mount to unmount on daemon shutdown/init (#17539)
|
||
- Turn IPC unmount errors into warnings (#17554)
|
||
- Fix `docker stats` performance regression (#17638)
|
||
- Clarify cryptic error message upon `docker logs` if `--log-driver=none`
|
||
(#17767)
|
||
- Fix seldom panics (#17639, #17634, #17703)
|
||
- Fix opq whiteouts problems for files with dot prefix (#17819)
|
||
- devicemapper: try defaulting to xfs instead of ext4 for performance
|
||
reasons (#17903, #17918)
|
||
- devicemapper: fix displayed fs in docker info (#17974)
|
||
- selinux: only relabel if user requested so with the `z` option
|
||
(#17450, #17834)
|
||
- Do not make network calls when normalizing names (#18014)
|
||
*Client:
|
||
- Fix `docker login` on windows (#17738)
|
||
- Fix bug with `docker inspect` output when not connected to daemon
|
||
(#17715)
|
||
- Fix `docker inspect -f {{.HostConfig.Dns}} somecontainer` (#17680)
|
||
* Builder:
|
||
- Fix regression with symlink behavior in ADD/COPY (#17710)
|
||
* Networking:
|
||
- Allow passing a network ID as an argument for `--net` (#17558)
|
||
- Fix connect to host and prevent disconnect from host for `host` network
|
||
(#17476)
|
||
- Fix `--fixed-cidr` issue when gateway ip falls in ip-range and ip-range
|
||
is not the first block in the network (#17853)
|
||
- Restore deterministic `IPv6` generation from `MAC` address on default
|
||
`bridge` network (#17890)
|
||
- Allow port-mapping only for endpoints created on docker run (#17858)
|
||
- Fixed an endpoint delete issue with a possible stale sbox (#18102)
|
||
* Distribution:
|
||
- Correct parent chain in v2 push when v1Compatibility files on the disk
|
||
are inconsistent (#18047)
|
||
- Update to version 1.9.0 (bnc#954812):
|
||
* Runtime:
|
||
- `docker stats` now returns block IO metrics (#15005)
|
||
- `docker stats` now details network stats per interface (#15786)
|
||
- Add `ancestor=<image>` filter to `docker ps --filter` flag to filter
|
||
containers based on their ancestor images (#14570)
|
||
- Add `label=<somelabel>` filter to `docker ps --filter` to filter
|
||
containers based on label (#16530)
|
||
- Add `--kernel-memory` flag to `docker run` (#14006)
|
||
- Add `--message` flag to `docker import` allowing to specify an optional
|
||
message (#15711)
|
||
- Add `--privileged` flag to `docker exec` (#14113)
|
||
- Add `--stop-signal` flag to `docker run` allowing to replace the
|
||
container process stopping signal (#15307)
|
||
- Add a new `unless-stopped` restart policy (#15348)
|
||
- Inspecting an image now returns tags (#13185)
|
||
- Add container size information to `docker inspect` (#15796)
|
||
- Add `RepoTags` and `RepoDigests` field to `/images/{name:.*}/json`
|
||
(#17275)
|
||
- Remove the deprecated `/container/ps` endpoint from the API (#15972)
|
||
- Send and document correct HTTP codes for `/exec/<name>/start` (#16250)
|
||
- Share shm and mqueue between containers sharing IPC namespace (#15862)
|
||
- Event stream now shows OOM status when `--oom-kill-disable` is
|
||
set (#16235)
|
||
- Ensure special network files (/etc/hosts etc.) are read-only if
|
||
bind-mounted
|
||
with `ro` option (#14965)
|
||
- Improve `rmi` performance (#16890)
|
||
- Do not update /etc/hosts for the default bridge network, except for links
|
||
(#17325)
|
||
- Fix conflict with duplicate container names (#17389)
|
||
- Fix an issue with incorrect template execution in `docker inspect`
|
||
(#17284)
|
||
- DEPRECATE `-c` short flag variant for `--cpu-shares` in docker run
|
||
(#16271)
|
||
* Client:
|
||
- Allow `docker import` to import from local files (#11907)
|
||
* Builder:
|
||
- Add a `STOPSIGNAL` Dockerfile instruction allowing to set a different
|
||
stop-signal for the container process (#15307)
|
||
- Add an `ARG` Dockerfile instruction and a `--build-arg` flag to
|
||
`docker build`
|
||
that allows to add build-time environment variables (#15182)
|
||
- Improve cache miss performance (#16890)
|
||
* Storage:
|
||
- devicemapper: Implement deferred deletion capability (#16381)
|
||
* Networking:
|
||
- `docker network` exits experimental and is part of standard release
|
||
(#16645)
|
||
- New network top-level concept, with associated subcommands and API
|
||
(#16645)
|
||
WARNING: the API is different from the experimental API
|
||
- Support for multiple isolated/micro-segmented networks (#16645)
|
||
- Built-in multihost networking using VXLAN based overlay driver (#14071)
|
||
- Support for third-party network plugins (#13424)
|
||
- Ability to dynamically connect containers to multiple networks (#16645)
|
||
- Support for user-defined IP address management via pluggable IPAM drivers
|
||
(#16910)
|
||
- Add daemon flags `--cluster-store` and `--cluster-advertise` for built-in
|
||
nodes discovery (#16229)
|
||
- Add `--cluster-store-opt` for setting up TLS settings (#16644)
|
||
- Add `--dns-opt` to the daemon (#16031)
|
||
- DEPRECATE following container `NetworkSettings` fields in API v1.21:
|
||
`EndpointID`, `Gateway`, `GlobalIPv6Address`, `GlobalIPv6PrefixLen`,
|
||
`IPAddress`, `IPPrefixLen`, `IPv6Gateway` and `MacAddress`.
|
||
Those are now specific to the `bridge` network. Use
|
||
`NetworkSettings.Networks` to inspect
|
||
the networking settings of a container per network.
|
||
* Volumes:
|
||
- New top-level `volume` subcommand and API (#14242)
|
||
- Move API volume driver settings to host-specific config (#15798)
|
||
- Print an error message if volume name is not unique (#16009)
|
||
- Ensure volumes created from Dockerfiles always use the local volume driver
|
||
(#15507)
|
||
- DEPRECATE auto-creating missing host paths for bind mounts (#16349)
|
||
* Logging:
|
||
- Add `awslogs` logging driver for Amazon CloudWatch (#15495)
|
||
- Add generic `tag` log option to allow customizing container/image
|
||
information passed to driver (e.g. show container names) (#15384)
|
||
- Implement the `docker logs` endpoint for the journald driver (#13707)
|
||
- DEPRECATE driver-specific log tags (e.g. `syslog-tag`, etc.) (#15384)
|
||
* Distribution:
|
||
- `docker search` now works with partial names (#16509)
|
||
- Push optimization: avoid buffering to file (#15493)
|
||
- The daemon will display progress for images that were already being
|
||
pulled by another client (#15489)
|
||
- Only permissions required for the current action being performed are
|
||
requested (#)
|
||
- Renaming trust keys (and respective environment variables) from `offline`
|
||
to `root` and `tagging` to `repository` (#16894)
|
||
- DEPRECATE trust key environment variables
|
||
`DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE` and
|
||
`DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE` (#16894)
|
||
* Security:
|
||
- Add SELinux profiles to the rpm package (#15832)
|
||
- Fix various issues with AppArmor profiles provided in the deb package
|
||
(#14609)
|
||
- Add AppArmor policy that prevents writing to /proc (#15571)
|
||
- Change systemd unit file to no longer use the deprecated "-d" option
|
||
(bnc#954737)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Nov 24 16:34:52 UTC 2015 - fcastelli@suse.com
|
||
|
||
- Changed docker-mount-secrets.patch: allow removal of containers
|
||
even when the entry point failed. bnc#954797
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Nov 3 12:36:25 UTC 2015 - msabate@suse.com
|
||
|
||
- Fixed the format of the fix_libsecomp_error_bnc_950931 patch.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Nov 3 12:30:22 UTC 2015 - msabate@suse.com
|
||
|
||
- Merged the fix_libsecomp_error_bnc_950931.patch and the
|
||
fix_x86_build_removing_empty_file_jump_amd_64.patch patches.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Nov 3 10:39:27 UTC 2015 - jmassaguerpla@suse.com
|
||
|
||
- Fix build for x86_64. Patch fix_libsecomp_error_bnc_950931.patch
|
||
had created and empty file jump_amd64.go instead of removing it.
|
||
This broke the build for x86_64.
|
||
This commit fixes it by removing that empty file.
|
||
|
||
fix_x86_build_removing_empty_file_jump_amd_64.patch: patch that
|
||
removes empty file jump_amd64.go
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Nov 2 15:49:48 UTC 2015 - msabate@suse.com
|
||
|
||
- Added patch that fixes a known gcc-go for ppc64xe in the syscall.RawSockAddr
|
||
type.
|
||
|
||
gcc5_socket_workaround.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Oct 29 14:17:32 UTC 2015 - jmassaguerpla@suse.com
|
||
|
||
- Add patches for fixing ppc64le build (bnc#950931)
|
||
|
||
fix_libsecomp_error_bnc_950931.patch
|
||
fix_incompatible_assignment_error_bnc_950931.patch
|
||
docker_missing_ppc64le_netlink_linux_files.patch
|
||
|
||
- Remove docker_rename_jump_amd64_as_jump_linux.patch because it clashes
|
||
with the previous patches.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Oct 22 12:11:14 UTC 2015 - jmassaguerpla@suse.com
|
||
|
||
- Exclude libgo as a requirement. The auto requires script was adding
|
||
libgo as a requirement when building with gcc-go which was wrong.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Oct 16 15:43:46 UTC 2015 - jmassaguerpla@suse.com
|
||
|
||
- Add patch for missing systemcall for s390x. See
|
||
|
||
https://github.com/docker/docker/commit/eecf6cd48cf7c48f00aa8261cf431c87084161ae
|
||
|
||
add_missing_syscall_for_s390x.patch: contains the patch
|
||
|
||
- Exclude s390x for sle12 because it hangs when running go. It works for sle12sp1
|
||
thus we don't want to exclude sle12sp1 but only sle12.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 12 20:10:00 UTC 2015 - fcastelli@suse.com
|
||
|
||
- Update docker to 1.8.3 version:
|
||
* Fix layer IDs lead to local graph poisoning (CVE-2014-8178) (bnc#949660)
|
||
* Fix manifest validation and parsing logic errors allow pull-by-digest validation bypass (CVE-2014-8179)
|
||
* Add `--disable-legacy-registry` to prevent a daemon from using a v1 registry
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Sep 22 13:20:49 UTC 2015 - jmassaguerpla@suse.com
|
||
|
||
- Update docker to 1.8.2 version
|
||
|
||
see detailed changelog in
|
||
|
||
https://github.com/docker/docker/releases/tag/v1.8.2
|
||
|
||
fix bsc#946653 update do docker 1.8.2
|
||
|
||
- devicemapper: fix zero-sized field access
|
||
Fix issue #15279: does not build with Go 1.5 tip
|
||
Due to golang/go@7904946
|
||
the devices field is dropped.
|
||
|
||
This solution works on go1.4 and go1.5
|
||
|
||
See more in https://github.com/docker/docker/pull/15404
|
||
|
||
This fix was not included in v1.8.2. See previous link
|
||
on why.
|
||
|
||
fix_15279.patch: contains the patch for issue#15279
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 21 08:46:30 UTC 2015 - normand@linux.vnet.ibm.com
|
||
|
||
- new patch as per upstream issue
|
||
https://github.com/docker/docker/issues/14056#issuecomment-113680944
|
||
docker_rename_jump_amd64_as_jump_linux.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 21 08:07:58 UTC 2015 - normand@linux.vnet.ibm.com
|
||
|
||
- ignore-dockerinit-checksum.patch need -p1 in spec
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 13 09:38:03 UTC 2015 - jmassaguerpla@suse.com
|
||
|
||
- Update to docker 1.8.1(bsc#942369 and bsc#942370):
|
||
- Fix a bug where pushing multiple tags would result in invalid images
|
||
|
||
- Update to docker 1.8.0:
|
||
see detailed changelog in
|
||
|
||
https://github.com/docker/docker/releases/tag/v1.8.0
|
||
|
||
- remove docker-netns-aarch64.patch: This patch was adding
|
||
vendor/src/github.com/vishvananda/netns/netns_linux_arm64.go
|
||
which is now included upstream, so we don't need this patch anymore
|
||
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jul 24 14:41:21 UTC 2015 - jmassaguerpla@suse.com
|
||
|
||
- Remove 0002-Stripped-dockerinit-binary.patch because we do not
|
||
use it anymore (we got rid of that when updating to 1.7.1)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jul 24 14:14:38 UTC 2015 - jmassaguerpla@suse.com
|
||
|
||
- Exclude archs where docker does not build. Otherwise it gets into
|
||
and infinite loop when building.
|
||
|
||
We'll fix that later if we want to release for those archs.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 15 08:11:11 UTC 2015 - jmassaguerpla@suse.com
|
||
|
||
- Update to 1.7.1 (2015-07-14) (bnc#938156)
|
||
* Runtime
|
||
- Fix default user spawning exec process with docker exec
|
||
- Make --bridge=none not to configure the network bridge
|
||
- Publish networking stats properly
|
||
- Fix implicit devicemapper selection with static binaries
|
||
- Fix socket connections that hung intermittently
|
||
- Fix bridge interface creation on CentOS/RHEL 6.6
|
||
- Fix local dns lookups added to resolv.conf
|
||
- Fix copy command mounting volumes
|
||
- Fix read/write privileges in volumes mounted with --volumes-from
|
||
* Remote API
|
||
- Fix unmarshalling of Command and Entrypoint
|
||
- Set limit for minimum client version supported
|
||
- Validate port specification
|
||
- Return proper errors when attach/reattach fail
|
||
* Distribution
|
||
- Fix pulling private images
|
||
- Fix fallback between registry V2 and V1
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jul 10 11:22:00 UTC 2015 - jmassaguerpla@suse.com
|
||
|
||
- Exclude init scripts other than systemd from the test-package
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 1 12:38:50 UTC 2015 - jmassaguerpla@suse.com
|
||
|
||
- Exclude intel 32 bits arch. Docker does not built on that. Let's
|
||
make it explicit.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 25 16:49:59 UTC 2015 - dmueller@suse.com
|
||
|
||
- rediff ignore-dockerinit-checksum.patch, gcc-go-build-static-libgo.patch
|
||
to make them apply again.
|
||
- introduce go_arches for architectures that use the go compiler
|
||
instead of gcc-go
|
||
- add docker-netns-aarch64.patch: Add support for AArch64
|
||
- enable build for aarch64
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 24 09:02:03 UTC 2015 - fcastelli@suse.com
|
||
|
||
- Build man pages only on platforms where gc compiler is available.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 22 08:48:11 UTC 2015 - fcastelli@suse.com
|
||
|
||
- Updated to 1.7.0 (2015-06-16) - bnc#935570
|
||
* Runtime
|
||
- Experimental feature: support for out-of-process volume plugins
|
||
- The userland proxy can be disabled in favor of hairpin NAT using the daemon’s `--userland-proxy=false` flag
|
||
- The `exec` command supports the `-u|--user` flag to specify the new process owner
|
||
- Default gateway for containers can be specified daemon-wide using the `--default-gateway` and `--default-gateway-v6` flags
|
||
- The CPU CFS (Completely Fair Scheduler) quota can be set in `docker run` using `--cpu-quota`
|
||
- Container block IO can be controlled in `docker run` using`--blkio-weight`
|
||
- ZFS support
|
||
- The `docker logs` command supports a `--since` argument
|
||
- UTS namespace can be shared with the host with `docker run --uts=host`
|
||
* Quality
|
||
- Networking stack was entirely rewritten as part of the libnetwork effort
|
||
- Engine internals refactoring
|
||
- Volumes code was entirely rewritten to support the plugins effort
|
||
- Sending SIGUSR1 to a daemon will dump all goroutines stacks without exiting
|
||
* Build
|
||
- Support ${variable:-value} and ${variable:+value} syntax for environment variables
|
||
- Support resource management flags `--cgroup-parent`, `--cpu-period`, `--cpu-quota`, `--cpuset-cpus`, `--cpuset-mems`
|
||
- git context changes with branches and directories
|
||
- The .dockerignore file support exclusion rules
|
||
* Distribution
|
||
- Client support for v2 mirroring support for the official registry
|
||
* Bugfixes
|
||
- Firewalld is now supported and will automatically be used when available
|
||
- mounting --device recursively
|
||
- Patch 0002-Stripped-dockerinit-binary.patch renamed to fix-docker-init.patch
|
||
and fixed to build with latest version of docker
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 9 16:35:46 UTC 2015 - jmassaguerpla@suse.com
|
||
|
||
- Add test subpackage and fix line numbers in patches
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jun 5 15:29:45 UTC 2015 - fcastelli@suse.com
|
||
|
||
- Fixed ppc64le name inside of spec file
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jun 5 15:23:47 UTC 2015 - fcastelli@suse.com
|
||
|
||
- Build docker on PPC and S390x using gcc-go provided by gcc5
|
||
* added sysconfig.docker.ppc64le: make docker daemon start on ppc64le
|
||
despite some iptables issues. To be removed soon
|
||
* ignore-dockerinit-checksum.patch: applied only when building with
|
||
gcc-go. Required to workaround a limitation of gcc-go
|
||
* gcc-go-build-static-libgo.patch: used only when building with gcc-go,
|
||
link libgo statically into docker itself.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 1 15:47:59 UTC 2015 - fcastelli@suse.com
|
||
|
||
- Remove set-SCC_URL-env-variable.patch, the SCC_URL is now read
|
||
from SUSEConnect by the container service
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 1 13:03:24 UTC 2015 - fcastelli@suse.com
|
||
|
||
- Automatically set SCC_URL environment variable inside of the
|
||
containers by parsing the /etc/SUSEConnect.example file
|
||
* Add set-SCC_URL-env-variable.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 1 10:00:55 UTC 2015 - fcastelli@suse.com
|
||
|
||
- Place SCC machine credentials inside of /run/secrets/credentials.d
|
||
* Edit docker-mount-scc-credentials.patch¬
|
||
|
||
-------------------------------------------------------------------
|
||
Thu May 28 15:10:09 UTC 2015 - dmacvicar@suse.de
|
||
|
||
- pass the SCC machine credentials to the container
|
||
* Add docker-mount-scc-credentials.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 27 10:02:51 UTC 2015 - dmacvicar@suse.de
|
||
|
||
- build and install man pages
|
||
|
||
-------------------------------------------------------------------
|
||
Mon May 18 15:08:59 UTC 2015 - fcastelli@suse.com
|
||
|
||
- Update to version 1.6.2 (2015-05-13) [bnc#931301]
|
||
* Revert change prohibiting mounting into /sys
|
||
|
||
-------------------------------------------------------------------
|
||
Fri May 8 15:00:38 UTC 2015 - fcastelli@suse.com
|
||
|
||
Updated to version 1.6.1 (2015-05-07) [bnc#930235]
|
||
* Security
|
||
- Fix read/write /proc paths (CVE-2015-3630)
|
||
- Prohibit VOLUME /proc and VOLUME / (CVE-2015-3631)
|
||
- Fix opening of file-descriptor 1 (CVE-2015-3627)
|
||
- Fix symlink traversal on container respawn allowing local privilege escalation (CVE-2015-3629)
|
||
- Prohibit mount of /sys
|
||
* Runtime
|
||
- Update Apparmor policy to not allow mounts
|
||
- Updated libcontainer-apparmor-fixes.patch: adapt patch to reflect
|
||
changes introduced by docker 1.6.1
|
||
|
||
-------------------------------------------------------------------
|
||
Thu May 7 13:33:03 UTC 2015 - develop7@develop7.info
|
||
|
||
- Get rid of SocketUser and SocketGroup workarounds for docker.socket
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 17 14:02:13 UTC 2015 - fcastelli@suse.com
|
||
|
||
- Updated to version 1.6.0 (2015-04-07) [bnc#908033]
|
||
* Builder:
|
||
+ Building images from an image ID
|
||
+ build containers with resource constraints, ie `docker build --cpu-shares=100 --memory=1024m...`
|
||
+ `commit --change` to apply specified Dockerfile instructions while committing the image
|
||
+ `import --change` to apply specified Dockerfile instructions while importing the image
|
||
+ basic build cancellation
|
||
* Client:
|
||
+ Windows Support
|
||
* Runtime:
|
||
+ Container and image Labels
|
||
+ `--cgroup-parent` for specifying a parent cgroup to place container cgroup within
|
||
+ Logging drivers, `json-file`, `syslog`, or `none`
|
||
+ Pulling images by ID
|
||
+ `--ulimit` to set the ulimit on a container
|
||
+ `--default-ulimit` option on the daemon which applies to all created containers (and overwritten by `--ulimit` on run)
|
||
- Updated '0002-Stripped-dockerinit-binary.patch' to reflect changes inside of
|
||
the latest version of Docker.
|
||
- bnc#908033: support of Docker Registry API v2.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 3 19:57:38 UTC 2015 - dmueller@suse.com
|
||
|
||
- enable build for armv7l
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 3 14:59:35 UTC 2015 - fcastelli@suse.com
|
||
|
||
- Updated docker.spec to fixed building with the latest version of our
|
||
Go pacakge.
|
||
- Updated 0002-Stripped-dockerinit-binary.patch to fix check made by
|
||
the docker daemon against the dockerinit binary.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Mar 27 10:29:35 UTC 2015 - fcastelli@suse.com
|
||
|
||
- Updated systemd service and socket units to fix socket activation
|
||
and to align with best practices recommended by upstram. Moreover
|
||
socket activation fixes bnc#920645.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 11 13:59:01 UTC 2015 - fcastelli@suse.com
|
||
|
||
- Updated to 1.5.0 (2015-02-10):
|
||
* Builder:
|
||
- Dockerfile to use for a given `docker build` can be specified with
|
||
the `-f` flag
|
||
- Dockerfile and .dockerignore files can be themselves excluded as part
|
||
of the .dockerignore file, thus preventing modifications to these files
|
||
invalidating ADD or COPY instructions cache
|
||
- ADD and COPY instructions accept relative paths
|
||
- Dockerfile `FROM scratch` instruction is now interpreted as a no-base
|
||
specifier
|
||
- Improve performance when exposing a large number of ports
|
||
* Hack:
|
||
- Allow client-side only integration tests for Windows
|
||
- Include docker-py integration tests against Docker daemon as part of our
|
||
test suites
|
||
* Packaging:
|
||
- Support for the new version of the registry HTTP API
|
||
- Speed up `docker push` for images with a majority of already existing
|
||
layers
|
||
- Fixed contacting a private registry through a proxy
|
||
* Remote API:
|
||
- A new endpoint will stream live container resource metrics and can be
|
||
accessed with the `docker stats` command
|
||
- Containers can be renamed using the new `rename` endpoint and the
|
||
associated `docker rename` command
|
||
- Container `inspect` endpoint show the ID of `exec` commands running in
|
||
this container
|
||
- Container `inspect` endpoint show the number of times Docker
|
||
auto-restarted the container
|
||
- New types of event can be streamed by the `events` endpoint: ‘OOM’
|
||
(container died with out of memory), ‘exec_create’, and ‘exec_start'
|
||
- Fixed returned string fields which hold numeric characters incorrectly
|
||
omitting surrounding double quotes
|
||
* Runtime:
|
||
- Docker daemon has full IPv6 support
|
||
- The `docker run` command can take the `--pid=host` flag to use the host
|
||
PID namespace, which makes it possible for example to debug host processes
|
||
using containerized debugging tools
|
||
- The `docker run` command can take the `--read-only` flag to make the
|
||
container’s root filesystem mounted as readonly, which can be used in
|
||
combination with volumes to force a container’s processes to only write to
|
||
locations that will be persisted
|
||
- Container total memory usage can be limited for `docker run` using the
|
||
`—memory-swap` flag
|
||
- Major stability improvements for devicemapper storage driver
|
||
- Better integration with host system: containers will reflect changes
|
||
to the host's `/etc/resolv.conf` file when restarted
|
||
- Better integration with host system: per-container iptable rules are moved
|
||
to the DOCKER chain
|
||
- Fixed container exiting on out of memory to return an invalid exit code
|
||
* Other:
|
||
- The HTTP_PROXY, HTTPS_PROXY, and NO_PROXY environment variables are
|
||
properly taken into account by the client when connecting to the
|
||
Docker daemon
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 15 10:00:07 UTC 2015 - fcastelli@suse.com
|
||
|
||
- Updated to 1.4.1 (2014-12-15):
|
||
* Runtime:
|
||
- Fix issue with volumes-from and bind mounts not being honored after
|
||
create (fixes bnc#913213)
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 15 09:41:20 UTC 2015 - fcastelli@suse.com
|
||
|
||
- Added e2fsprogs as runtime dependency, this is required when the
|
||
devicemapper driver is used. (bnc#913211).
|
||
- Fixed owner & group for docker.socket (thanks to Andrei Dziahel and
|
||
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752555#5)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Dec 12 16:13:30 UTC 2014 - fcastelli@suse.com
|
||
|
||
- Updated to 1.4.0 (2014-12-11):
|
||
* Notable Features since 1.3.0:
|
||
- Set key=value labels to the daemon (displayed in `docker info`), applied with
|
||
new `-label` daemon flag
|
||
- Add support for `ENV` in Dockerfile of the form:
|
||
`ENV name=value name2=value2...`
|
||
- New Overlayfs Storage Driver
|
||
- `docker info` now returns an `ID` and `Name` field
|
||
- Filter events by event name, container, or image
|
||
- `docker cp` now supports copying from container volumes
|
||
- Fixed `docker tag`, so it honors `--force` when overriding a tag for existing
|
||
image.
|
||
- Changes introduced by 1.3.3 (2014-12-11):
|
||
* Security:
|
||
- Fix path traversal vulnerability in processing of absolute symbolic links (CVE-2014-9356) - (bnc#909709)
|
||
- Fix decompression of xz image archives, preventing privilege escalation (CVE-2014-9357) - (bnc#909710)
|
||
- Validate image IDs (CVE-2014-9358) - (bnc#909712)
|
||
* Runtime:
|
||
- Fix an issue when image archives are being read slowly
|
||
* Client:
|
||
- Fix a regression related to stdin redirection
|
||
- Fix a regression with `docker cp` when destination is the current directory
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 26 11:27:06 UTC 2014 - fcastelli@suse.com
|
||
|
||
- Updated to 1.3.2 (2014-11-20) - fixes bnc#907012 (CVE-2014-6407) and
|
||
bnc#907014 (CVE-2014-6408)
|
||
* Security:
|
||
- Fix tar breakout vulnerability
|
||
- Extractions are now sandboxed chroot
|
||
- Security options are no longer committed to images
|
||
* Runtime:
|
||
- Fix deadlock in `docker ps -f exited=1`
|
||
- Fix a bug when `--volumes-from` references a container that failed to start
|
||
* Registry:
|
||
- `--insecure-registry` now accepts CIDR notation such as 10.1.0.0/16
|
||
- Private registries whose IPs fall in the 127.0.0.0/8 range do no need
|
||
the `--insecure-registry` flag
|
||
- Skip the experimental registry v2 API when mirroring is enabled
|
||
- Fixed minor packaging issues.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Oct 31 08:54:47 UTC 2014 - fcastelli@suse.com
|
||
|
||
- Updated to version 1.3.1 2014-10-28)
|
||
* Security:
|
||
- Prevent fallback to SSL protocols < TLS 1.0 for client, daemon and
|
||
registry [CVE-2014-5277]
|
||
- Secure HTTPS connection to registries with certificate verification and
|
||
without HTTP fallback unless `--insecure-registry` is specified
|
||
* Runtime:
|
||
- Fix issue where volumes would not be shared
|
||
* Client:
|
||
- Fix issue with `--iptables=false` not automatically
|
||
setting `--ip-masq=false`
|
||
- Fix docker run output to non-TTY stdout
|
||
* Builder:
|
||
- Fix escaping `$` for environment variables
|
||
- Fix issue with lowercase `onbuild` Dockerfile instruction
|
||
- Restrict envrionment variable expansion to `ENV`, `ADD`, `COPY`,
|
||
`WORKDIR`, `EXPOSE`, `VOLUME` and `USER`
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 20 08:38:30 UTC 2014 - fcastelli@suse.com
|
||
|
||
- Upgraded to version 1.3.0 (2014-10-14)
|
||
* docker `exec` allows you to run additional processes inside existing containers
|
||
* docker `create` gives you the ability to create a container via the cli without executing a process
|
||
* `--security-opts` options to allow user to customize container labels and apparmor profiles
|
||
* docker `ps` filters
|
||
* wildcard support to copy/add
|
||
* move production urls to get.docker.com from get.docker.io
|
||
* allocate ip address on the bridge inside a valid cidr
|
||
* use drone.io for pr and ci testing
|
||
* ability to setup an official registry mirror
|
||
* Ability to save multiple images with docker `save`
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Sep 12 13:21:40 UTC 2014 - cbosdonnat@suse.com
|
||
|
||
- Generated AppArmor profile used mount rules which aren't supported
|
||
in our version of AppArmor. libcontainer-apparmor-fixes.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 4 15:41:39 UTC 2014 - fcastelli@suse.com
|
||
|
||
- Updates to SUSE's readme file.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Aug 25 07:49:48 UTC 2014 - fcastelli@suse.com
|
||
|
||
- Upgraded to version 1.2.0:
|
||
* Runtime:
|
||
- Make /etc/hosts /etc/resolv.conf and /etc/hostname editable at runtime
|
||
- Auto-restart containers using policies
|
||
- Use /var/lib/docker/tmp for large temporary files
|
||
- `--cap-add` and `--cap-drop` to tweak what linux capability you want
|
||
- `--device` to use devices in containers
|
||
* Client:
|
||
- `docker search` on private registries
|
||
- Add `exited` filter to `docker ps --filter`
|
||
- `docker rm -f` now kills instead of stop
|
||
- Support for IPv6 addresses in `--dns` flag
|
||
* Proxy:
|
||
- Proxy instances in separate processes
|
||
- Small bug fix on UDP proxy
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 8 15:31:41 UTC 2014 - fcastelli@suse.com
|
||
|
||
- Final changes to README_SUSE.md
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 8 10:28:48 UTC 2014 - fcastelli@suse.com
|
||
|
||
- Added other small fixes to README_SUSE.md
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 7 14:06:30 UTC 2014 - fcastelli@suse.com
|
||
|
||
- Small improvements to README_SUSE.md
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 7 13:29:30 UTC 2014 - fcastelli@suse.com
|
||
|
||
- Removed useless sysctl rule.
|
||
- Added README_SUSE.md
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jul 25 06:17:04 UTC 2014 - fcastelli@suse.com
|
||
|
||
- Updated to 1.1.2:
|
||
* Runtime:
|
||
- Fix port allocation for existing containers
|
||
- Fix containers restart on daemon restart
|
||
- Updated conflict condition with LXC package.
|
||
-------------------------------------------------------------------
|
||
Fri Jul 18 09:38:47 UTC 2014 - fcastelli@suse.com
|
||
|
||
- Add apparmor-parser runtime dependency
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jul 18 08:44:29 UTC 2014 - fcastelli@suse.com
|
||
|
||
- Build with AppArmor and SELinux support
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 16 13:37:23 UTC 2014 - fcastelli@suse.com
|
||
|
||
- Ensure docker can be built only on x86_64
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 16 09:07:45 UTC 2014 - fcastelli@suse.com
|
||
|
||
- Added docker-rpmlintrc to list of source files
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jul 14 09:39:40 UTC 2014 - fcastelli@suse.com
|
||
|
||
- Updated to 1.1.1, notables features since 1.0.0:
|
||
* Add `.dockerignore` support
|
||
* Pause containers during `docker commit`
|
||
* Add `--tail` to `docker logs`
|
||
* Enhance security for the LXC driver
|
||
- Builder
|
||
* Fix issue with ADD
|
||
* Allow a tar file as context for `docker build`
|
||
* Fix issue with white-spaces and multi-lines in `Dockerfiles`
|
||
* Fix `ONBUILD` instruction passed to grandchildren
|
||
- Runtime
|
||
* Overall performance improvements
|
||
* Allow `/` as source of `docker run -v`
|
||
* Fix port allocation
|
||
* Fix bug in `docker save`
|
||
* Add links information to `docker inspect`
|
||
* Fix events subscription
|
||
* Fix /etc/hostname file with host networking
|
||
* Allow `-h` and `--net=none`
|
||
* Fix issue with hotplug devices in `--privileged`
|
||
- Client
|
||
* Improve command line parsing for `docker commit`
|
||
* Fix artifacts with events
|
||
* Fix a panic with empty flags
|
||
- Remote API
|
||
* Improve status code for the `start` and `stop` endpoints
|
||
- Miscellaneous
|
||
* Fix several races
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jul 14 09:03:23 UTC 2014 - fcastelli@suse.com
|
||
|
||
- Fix CVE-2014-3499: systemd socket activation results in privilege escalation [bnc#885209]
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 10 15:58:24 UTC 2014 - fcastelli@suse.com
|
||
|
||
- add exclusivearch to reduce to architectures with a working "go" package
|
||
(patch submitted by Rudy).
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 9 21:09:28 UTC 2014 - fcastelli@suse.com
|
||
|
||
- Updated to 1.0.0, Notable features since 0.12.0
|
||
* Production support
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 9 14:58:12 UTC 2014 - fcastelli@suse.com
|
||
|
||
- Upgraded to 0.12.0:
|
||
* New `COPY` Dockerfile instruction to allow copying a local file from the context into the container without ever extracting if the file is a tar file
|
||
* Inherit file permissions from the host on `ADD`
|
||
* New `pause` and `unpause` commands to allow pausing and unpausing of containers using cgroup freezer
|
||
* The `images` command has a `-f`/`--filter` option to filter the list of images
|
||
* Add `--force-rm` to clean up after a failed build
|
||
* Standardize JSON keys in Remote API to CamelCase
|
||
* Pull from a docker run now assumes `latest` tag if not specified
|
||
* Enhance security on Linux capabilities and device nodes
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 21 15:24:11 UTC 2014 - fcastelli@suse.com
|
||
|
||
- Do not require ca-certificates-cert package at runtime, it's not needed.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 21 14:22:47 UTC 2014 - fcastelli@suse.com
|
||
|
||
- Disabled AUFS backend at build time, we are never going to support that.
|
||
- Updated rpmlint to ignore missing man page of docker.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 21 08:10:48 UTC 2014 - smoioli@suse.com
|
||
|
||
- Fixes a merge issue with TTYs: https://github.com/dotcloud/docker/pull/4882
|
||
|
||
-------------------------------------------------------------------
|
||
Thu May 15 15:04:51 UTC 2014 - fcastelli@suse.com
|
||
|
||
- Ensure /etc/sysconfig/docker file is created upon package installation.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu May 15 14:35:39 UTC 2014 - fcastelli@suse.com
|
||
|
||
- Updated rpmlintrc
|
||
|
||
-------------------------------------------------------------------
|
||
Thu May 15 13:45:03 UTC 2014 - fcastelli@suse.com
|
||
|
||
- Do not specify a custon DOCKERINIT_PATH at build time.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu May 15 13:21:44 UTC 2014 - fcastelli@suse.com
|
||
|
||
- Removed 0001-Allowed-installation-of-dockerinit-into-usr-lib64.patch, leave
|
||
dockerinit installed inside of /usr/lib/docker.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu May 15 13:05:20 UTC 2014 - fcastelli@suse.com
|
||
|
||
- Added sysconfig file to handle docker environment file.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu May 8 08:09:17 UTC 2014 - fcastelli@suse.com
|
||
|
||
- Update to 0.11.1:
|
||
* Registry:
|
||
- Fix push and pull to private registry
|
||
- 0.11.0 changes:
|
||
* SELinux support for mount and process labels
|
||
* Linked containers can be accessed by hostname
|
||
* Use the net `--net` flag to allow advanced network configuration such as host networking so that containers can use the host's network interfaces
|
||
* Add a ping endpoint to the Remote API to do healthchecks of your docker daemon
|
||
* Logs can now be returned with an optional timestamp
|
||
* Docker now works with registries that support SHA-512
|
||
* Multiple registry endpoints are supported to allow registry mirrors
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 9 07:28:35 UTC 2014 - fcastelli@suse.com
|
||
|
||
- Updated to version 0.10.0:
|
||
* Builder:
|
||
- Fix printing multiple messages on a single line. Fixes broken output during builds.
|
||
- Follow symlinks inside container's root for ADD build instructions.
|
||
- Fix EXPOSE caching.
|
||
* Contrib:
|
||
- Add variable for DOCKER_LOGFILE to sysvinit and use append instead of overwrite in opening the logfile.
|
||
- Fix init script cgroup mounting workarounds to be more similar to cgroupfs-mount and thus work properly.
|
||
- Remove inotifywait hack from the upstart host-integration example because it's not necessary any more.
|
||
- Add check-config script to contrib.
|
||
- Fix fish shell completion.
|
||
* Remote API:
|
||
- Add TLS auth support for API.
|
||
- Move git clone from daemon to client.
|
||
- Fix content-type detection in docker cp.
|
||
- Split API into 2 go packages.
|
||
* Runtime:
|
||
- Support hairpin NAT without going through Docker server.
|
||
- devicemapper: succeed immediately when removing non-existing devices.
|
||
- devicemapper: improve handling of devicemapper devices (add per device lock, increase sleep time and unlock while sleeping).
|
||
- devicemapper: increase timeout in waitClose to 10 seconds.
|
||
- devicemapper: ensure we shut down thin pool cleanly.
|
||
- devicemapper: pass info, rather than hash to activateDeviceIfNeeded, deactivateDevice, setInitialized, deleteDevice.
|
||
- devicemapper: avoid AB-BA deadlock.
|
||
- devicemapper: make shutdown better/faster.
|
||
- improve alpha sorting in mflag.
|
||
- Remove manual http cookie management because the cookiejar is being used.
|
||
- Use BSD raw mode on Darwin. Fixes nano, tmux and others.
|
||
- Add FreeBSD support for the client.
|
||
- Merge auth package into registry.
|
||
- Add deprecation warning for -t on `docker pull`.
|
||
- Remove goroutine leak on error.
|
||
- Update parseLxcInfo to comply with new lxc1.0 format.
|
||
- Fix attach exit on darwin.
|
||
- Improve deprecation message.
|
||
- Retry to retrieve the layer metadata up to 5 times for `docker pull`.
|
||
- Only unshare the mount namespace for execin.
|
||
- Merge existing config when committing.
|
||
- Disable daemon startup timeout.
|
||
- Fix issue #4681: add loopback interface when networking is disabled.
|
||
- Add failing test case for issue #4681.
|
||
- Send SIGTERM to child, instead of SIGKILL.
|
||
- Show the driver and the kernel version in `docker info` even when not in debug mode.
|
||
- Always symlink /dev/ptmx for libcontainer. This fixes console related problems.
|
||
- Fix issue caused by the absence of /etc/apparmor.d.
|
||
- Don't leave empty cidFile behind when failing to create the container.
|
||
- Mount cgroups automatically if they're not mounted already.
|
||
- Use mock for search tests.
|
||
- Update to double-dash everywhere.
|
||
- Move .dockerenv parsing to lxc driver.
|
||
- Move all bind-mounts in the container inside the namespace.
|
||
- Don't use separate bind mount for container.
|
||
- Always symlink /dev/ptmx for libcontainer.
|
||
- Don't kill by pid for other drivers.
|
||
- Add initial logging to libcontainer.
|
||
- Sort by port in `docker ps`.
|
||
- Move networking drivers into runtime top level package.
|
||
- Add --no-prune to `docker rmi`.
|
||
- Add time since exit in `docker ps`.
|
||
- graphdriver: add build tags.
|
||
- Prevent allocation of previously allocated ports & prevent improve port allocation.
|
||
- Add support for --since/--before in `docker ps`.
|
||
- Clean up container stop.
|
||
- Add support for configurable dns search domains.
|
||
- Add support for relative WORKDIR instructions.
|
||
- Add --output flag for docker save.
|
||
- Remove duplication of DNS entries in config merging.
|
||
- Add cpuset.cpus to cgroups and native driver options.
|
||
- Remove docker-ci.
|
||
- Promote btrfs. btrfs is no longer considered experimental.
|
||
- Add --input flag to `docker load`.
|
||
- Return error when existing bridge doesn't match IP address.
|
||
- Strip comments before parsing line continuations to avoid interpreting instructions as comments.
|
||
- Fix TestOnlyLoopbackExistsWhenUsingDisableNetworkOption to ignore "DOWN" interfaces.
|
||
- Add systemd implementation of cgroups and make containers show up as systemd units.
|
||
- Fix commit and import when no repository is specified.
|
||
- Remount /var/lib/docker as --private to fix scaling issue.
|
||
- Use the environment's proxy when pinging the remote registry.
|
||
- Reduce error level from harmless errors.
|
||
- Allow --volumes-from to be individual files.
|
||
- Fix expanding buffer in StdCopy.
|
||
- Set error regardless of attach or stdin. This fixes #3364.
|
||
- Add support for --env-file to load environment variables from files.
|
||
- Symlink /etc/mtab and /proc/mounts.
|
||
- Allow pushing a single tag.
|
||
- Shut down containers cleanly at shutdown and wait forever for the containers to shut down. This makes container shutdown on daemon shutdown work properly via SIGTERM.
|
||
- Don't throw error when starting an already running container.
|
||
- Fix dynamic port allocation limit.
|
||
- remove setupDev from libcontainer.
|
||
- Add API version to `docker version`.
|
||
- Return correct exit code when receiving signal and make SIGQUIT quit without cleanup.
|
||
- Fix --volumes-from mount failure.
|
||
- Allow non-privileged containers to create device nodes.
|
||
- Skip login tests because of external dependency on a hosted service.
|
||
- Deprecate `docker images --tree` and `docker images --viz`.
|
||
- Deprecate `docker insert`.
|
||
- Include base abstraction for apparmor. This fixes some apparmor related problems on Ubuntu 14.04.
|
||
- Add specific error message when hitting 401 over HTTP on push.
|
||
- Fix absolute volume check.
|
||
- Remove volumes-from from the config.
|
||
- Move DNS options to hostconfig.
|
||
- Update the apparmor profile for libcontainer.
|
||
- Add deprecation notice for `docker commit -run`.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 26 16:47:03 UTC 2014 - fcastelli@suse.com
|
||
|
||
- Updated to 0.9.1:
|
||
* Builder:
|
||
- Fix printing multiple messages on a single line. Fixes broken output during builds.
|
||
* Remote API:
|
||
- Fix content-type detection in `docker cp`.
|
||
* Runtime:
|
||
- Use BSD raw mode on Darwin. Fixes nano, tmux and others.
|
||
- Only unshare the mount namespace for execin.
|
||
- Retry to retrieve the layer metadata up to 5 times for `docker pull`.
|
||
- Merge existing config when committing.
|
||
- Fix panic in monitor.
|
||
- Disable daemon startup timeout.
|
||
- Fix issue #4681: add loopback interface when networking is disabled.
|
||
- Add failing test case for issue #4681.
|
||
- Send SIGTERM to child, instead of SIGKILL.
|
||
- Show the driver and the kernel version in `docker info` even when not in debug mode.
|
||
- Always symlink /dev/ptmx for libcontainer. This fixes console related problems.
|
||
- Fix issue caused by the absence of /etc/apparmor.d.
|
||
- Don't leave empty cidFile behind when failing to create the container.
|
||
- Improve deprecation message.
|
||
- Fix attach exit on darwin.
|
||
- devicemapper: improve handling of devicemapper devices (add per device lock, increase sleep time, unlock while sleeping).
|
||
- devicemapper: succeed immediately when removing non-existing devices.
|
||
- devicemapper: increase timeout in waitClose to 10 seconds.
|
||
- Remove goroutine leak on error.
|
||
- Update parseLxcInfo to comply with new lxc1.0 format.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Mar 25 21:06:35 UTC 2014 - fcastelli@suse.com
|
||
|
||
- Updated to docker 0.9.0:
|
||
* Builder:
|
||
- Avoid extra mount/unmount during build. This fixes mount/unmount related errors during build.
|
||
- Add error to docker build --rm. This adds missing error handling.
|
||
- Forbid chained onbuild, `onbuild from` and `onbuild maintainer` triggers.
|
||
- Make `--rm` the default for `docker build`.
|
||
* Remote API:
|
||
- Move code specific to the API to the api package.
|
||
- Fix header content type for the API. Makes all endpoints use proper content type.
|
||
- Fix registry auth & remove ping calls from CmdPush and CmdPull.
|
||
- Add newlines to the JSON stream functions.
|
||
* Runtime:
|
||
- Do not ping the registry from the CLI. All requests to registres flow through the daemon.
|
||
- Check for nil information return in the lxc driver. This fixes panics with older lxc versions.
|
||
- Devicemapper: cleanups and fix for unmount. Fixes two problems which were causing unmount to fail intermittently.
|
||
- Devicemapper: remove directory when removing device. Directories don't get left behind when removing the device.
|
||
- Devicemapper: enable skip_block_zeroing. Improves performance by not zeroing blocks.
|
||
- Devicemapper: fix shutdown warnings. Fixes shutdown warnings concerning pool device removal.
|
||
- Ensure docker cp stream is closed properly. Fixes problems with files not being copied by `docker cp`.
|
||
- Stop making `tcp://` default to `127.0.0.1:4243` and remove the default port for tcp.
|
||
- Fix `--run` in `docker commit`. This makes `docker commit --run` work again.
|
||
- Fix custom bridge related options. This makes custom bridges work again.
|
||
- Mount-bind the PTY as container console. This allows tmux/screen to run.
|
||
- Add the pure Go libcontainer library to make it possible to run containers using only features of the Linux kernel.
|
||
- Add native exec driver which uses libcontainer and make it the default exec driver.
|
||
- Add support for handling extended attributes in archives.
|
||
- Set the container MTU to be the same as the host MTU.
|
||
- Add simple sha256 checksums for layers to speed up `docker push`.
|
||
- Improve kernel version parsing.
|
||
- Allow flag grouping (`docker run -it`).
|
||
- Remove chroot exec driver.
|
||
- Fix divide by zero to fix panic.
|
||
- Rewrite `docker rmi`.
|
||
- Fix docker info with lxc 1.0.0.
|
||
- Fix fedora tty with apparmor.
|
||
- Don't always append env vars, replace defaults with vars from config.
|
||
- Fix a goroutine leak.
|
||
- Switch to Go 1.2.1.
|
||
- Fix unique constraint error checks.
|
||
- Handle symlinks for Docker's data directory and for TMPDIR.
|
||
- Add deprecation warnings for flags (-flag is deprecated in favor of --flag)
|
||
- Add apparmor profile for the native execution driver.
|
||
- Move system specific code from archive to pkg/system.
|
||
- Fix duplicate signal for `docker run -i -t` (issue #3336).
|
||
- Return correct process pid for lxc.
|
||
- Add a -G option to specify the group which unix sockets belong to.
|
||
- Add `-f` flag to `docker rm` to force removal of running containers.
|
||
- Kill ghost containers and restart all ghost containers when the docker daemon restarts.
|
||
- Add `DOCKER_RAMDISK` environment variable to make Docker work when the root is on a ramdisk.
|
||
- Updated requirements according to 0.9.0 release notes.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 19 08:35:27 UTC 2014 - fcastelli@suse.com
|
||
|
||
- updated to Docker 0.8.1
|
||
* Builder:
|
||
- Avoid extra mount/unmount during build. This removes an unneeded
|
||
mount/unmount operation which was causing problems with devicemapper
|
||
- Fix regression with ADD of tar files. This stops Docker from
|
||
decompressing tarballs added via ADD from the local file system
|
||
- Add error to `docker build --rm`. This adds a missing error check to
|
||
ensure failures to remove containers are detected and reported
|
||
* Remote API:
|
||
- Fix broken images API for version less than 1.7
|
||
- Use the right encoding for all API endpoints which return JSON
|
||
- Move remote api client to api/
|
||
- Queue calls to the API using generic socket wait
|
||
* Runtime:
|
||
- Fix the use of custom settings for bridges and custom bridges
|
||
- Refactor the devicemapper code to avoid many mount/unmount race
|
||
conditions and failures
|
||
- Remove two panics which could make Docker crash in some situations
|
||
- Don't ping registry from the CLI client
|
||
- Enable skip_block_zeroing for devicemapper. This stops devicemapper from
|
||
always zeroing entire blocks
|
||
- Fix --run in `docker commit`. This makes docker commit store `--run`
|
||
in the image configuration
|
||
- Remove directory when removing devicemapper device. This cleans up
|
||
leftover mount directories
|
||
- Drop NET_ADMIN capability for non-privileged containers. Unprivileged
|
||
containers can't change their network configuration
|
||
- Ensure `docker cp` stream is closed properly
|
||
- Avoid extra mount/unmount during container registration. This removes
|
||
an unneeded mount/unmount operation which was causing problems with
|
||
devicemapper
|
||
- Stop allowing tcp:// as a default tcp bin address which binds to
|
||
127.0.0.1:4243 and remove the default port
|
||
- Mount-bind the PTY as container console. This allows tmux and screen to
|
||
run in a container
|
||
- Clean up archive closing. This fixes and improves archive handling
|
||
- Fix engine tests on systems where temp directories are symlinked
|
||
- Add test methods for save and load
|
||
- Avoid temporarily unmounting the container when restarting it. This
|
||
fixes a race for devicemapper during restart
|
||
- Support submodules when building from a GitHub repository
|
||
- Quote volume path to allow spaces
|
||
- Fix remote tar ADD behavior. This fixes a regression which was
|
||
causing Docker to extract tarballs
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Feb 13 09:07:39 UTC 2014 - fcastelli@suse.com
|
||
|
||
- Ensure lxc >= 1.0 is not installed on the system, this version is
|
||
not compatible with docker yet.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Feb 6 08:48:22 UTC 2014 - fcastelli@suse.com
|
||
|
||
- updated to docker 0.8.0:
|
||
* Images and containers can be removed much faster
|
||
* Building an image from source with docker build is now much faster
|
||
* The Docker daemon starts and stops much faster
|
||
* The memory footprint of many common operations has been reduced, by
|
||
streaming files instead of buffering them in memory, fixing memory leaks,
|
||
and fixing various suboptimal memory allocations
|
||
* Several race conditions were fixed, making Docker more stable under very
|
||
high concurrency load. This makes Docker more stable and less likely to
|
||
crash and reduces the memory footprint of many common operations
|
||
* All packaging operations are now built on the Go language’s standard tar
|
||
implementation, which is bundled with Docker itself. This makes packaging
|
||
more portable across host distributions, and solves several issues caused
|
||
by quirks and incompatibilities between different distributions of tar
|
||
* Docker can now create, remove and modify larger numbers of containers and
|
||
images graciously thanks to more aggressive releasing of system resources.
|
||
For example the storage driver API now allows Docker to do reference
|
||
counting on mounts created by the drivers. With the ongoing changes to the
|
||
networking and execution subsystems of docker testing these areas have been
|
||
a focus of the refactoring. By moving these subsystems into separate
|
||
packages we can test, analyze, and monitor coverage and quality of these
|
||
packages
|
||
* The Docker daemon supports systemd socket activation
|
||
* Docker now ships with an experimental storage driver which uses the BTRFS
|
||
filesystem for copy-on-write
|
||
* The ADD instruction now supports caching, which avoids unnecessarily
|
||
re-uploading the same source content again and again when it hasn’t changed
|
||
* The new ONBUILD instruction adds to your image a “trigger” instruction to be
|
||
executed at a later time, when the image is used as the base for another
|
||
build
|
||
* Many components have been separated into smaller sub-packages, each with a
|
||
dedicated test suite. As a result the code is better-tested, more readable
|
||
and easier to change
|
||
* Docker is officially supported on Mac OSX
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jan 31 18:14:09 UTC 2014 - f_koch@gmx.de
|
||
|
||
- Fix udev file name
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Jan 25 14:04:50 UTC 2014 - fcastelli@suse.com
|
||
|
||
- Added again the patch which forces the docker binary to look for the
|
||
dockerinit file into the right location. Docker's official build system
|
||
is still bugged.
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Jan 25 11:05:42 UTC 2014 - fcastelli@suse.com
|
||
|
||
- updated to 0.7.6:
|
||
* Builder:
|
||
- Do not follow symlink outside of build context
|
||
* Runtime:
|
||
- Remount bind mounts when ro is specified
|
||
- Use https for fetching docker version
|
||
* Other:
|
||
- Inline the test.docker.io fingerprint
|
||
- Add ca-certificates to packaging documentation
|
||
- rpm changes:
|
||
* remove patch which forced docker to loook for the dockerinit binary into
|
||
/usr/lib64/docker. Docker's build system now accepts an environment
|
||
variable to address this issue.
|
||
* install udev rules inside of /usr/lib/udev as requested by rpmlint.
|
||
-------------------------------------------------------------------
|
||
Fri Jan 10 10:44:23 UTC 2014 - fcastelli@suse.com
|
||
|
||
- updated to 0.7.5:
|
||
* Builder:
|
||
- Disable compression for build. More space usage but a much faster upload
|
||
- Fix ADD caching for certain paths
|
||
- Do not compress archive from git build
|
||
* Documentation:
|
||
* Fix error in GROUP add example
|
||
* Make sure the GPG fingerprint is inline in the documentation
|
||
* Give more specific advice on setting up signing of commits for DCO
|
||
* Runtime:
|
||
* Fix misspelled container names
|
||
* Do not add hostname when networking is disabled
|
||
* Return most recent image from the cache by date
|
||
* Return all errors from docker wait
|
||
* Add Content-Type Header "application/json" to GET /version and /info responses
|
||
* Other:
|
||
- Update DCO to version 1.1
|
||
- Update Makefile to use "docker:GIT_BRANCH" as the generated image name
|
||
- Update Travis to check for new 1.1 DCO version
|
||
- 0.7.4 changes:
|
||
* Builder:
|
||
- Fix ADD caching issue with . prefixed path
|
||
- Fix docker build on devicemapper by reverting sparse file tar option
|
||
- Fix issue with file caching and prevent wrong cache hit
|
||
- Use same error handling while unmarshalling CMD and ENTRYPOINT
|
||
* Documentation:
|
||
- Simplify and streamline Amazon Quickstart
|
||
- Install instructions use unprefixed fedora image
|
||
- Update instructions for mtu flag for Docker on GCE
|
||
- Add Ubuntu Saucy to installation
|
||
- Fix for wrong version warning on master instead of latest
|
||
* Runtime:
|
||
- Only get the image's rootfs when we need to calculate the image size
|
||
- Correctly handle unmapping UDP ports
|
||
- Make CopyFileWithTar use a pipe instead of a buffer to save memory on docker build
|
||
- Fix login message to say pull instead of push
|
||
- Fix "docker load" help by removing "SOURCE" prompt and mentioning STDIN
|
||
- Make blank -H option default to the same as no -H was sent
|
||
- Extract cgroups utilities to own submodule
|
||
* Other:
|
||
- Add Travis CI configuration to validate DCO and gofmt requirements
|
||
- Add Developer Certificate of Origin Text
|
||
- Upgrade VBox Guest Additions
|
||
- Check standalone header when pinging a registry server
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jan 7 12:48:30 UTC 2014 - fcastelli@suse.com
|
||
|
||
- Spec file cleanup: removed useless SUSE versions checks around bash and zsh
|
||
completion sub packages.
|
||
- Updated runtime dependencies according to what reported by the official
|
||
documentation.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jan 7 08:26:37 UTC 2014 - fcastelli@suse.com
|
||
|
||
- Updated to 0.7.3:
|
||
* Builder:
|
||
- Update ADD to use the image cache, based on a hash of the added content
|
||
- Add error message for empty Dockerfile
|
||
* Documentation:
|
||
- Fix outdated link to the "Introduction" on www.docker.io
|
||
- Update the docs to get wider when the screen does
|
||
- Add information about needing to install LXC when using raw binaries
|
||
- Update Fedora documentation to disentangle the docker and docker.io conflict
|
||
- Add a note about using the new `-mtu` flag in several GCE zones
|
||
- Add FrugalWare installation instructions
|
||
- Add a more complete example of `docker run`
|
||
- Fix API documentation for creating and starting Privileged containers
|
||
- Add missing "name" parameter documentation on "/containers/create"
|
||
- Add a mention of `lxc-checkconfig` as a way to check for some of the necessary kernel configuration
|
||
- Update the 1.8 API documentation with some additions that were added to the docs for 1.7
|
||
* Hack:
|
||
- Add missing libdevmapper dependency to the packagers documentation
|
||
- Update minimum Go requirement to a hard line at Go 1.2+
|
||
- Many minor improvements to the Vagrantfile
|
||
- Add ability to customize dockerinit search locations when compiling (to be used very sparingly only by packagers of platforms who require a nonstandard location)
|
||
- Add coverprofile generation reporting
|
||
- Add `-a` to our Go build flags, removing the need for recompiling the stdlib manually
|
||
- Update Dockerfile to be more canonical and have less spurious warnings during build
|
||
- Fix some miscellaneous `docker pull` progress bar display issues
|
||
- Migrate more miscellaneous packages under the "pkg" folder
|
||
- Update TextMate highlighting to automatically be enabled for files named "Dockerfile"
|
||
- Reorganize syntax highlighting files under a common "contrib/syntax" directory
|
||
- Update install.sh script (https://get.docker.io/) to not fail if busybox fails to download or run at the end of the Ubuntu/Debian installation
|
||
- Add support for container names in bash completion
|
||
* Packaging:
|
||
- Add an official Docker client binary for Darwin (Mac OS X)
|
||
- Remove empty "Vendor" string and added "License" on deb package
|
||
- Add a stubbed version of "/etc/default/docker" in the deb package
|
||
* Runtime:
|
||
- Update layer application to extract tars in place, avoiding file churn while handling whiteouts
|
||
- Fix permissiveness of mtime comparisons in tar handling (since GNU tar and Go tar do not yet support sub-second mtime precision)
|
||
- Reimplement `docker top` in pure Go to work more consistently, and even inside Docker-in-Docker (thus removing the shell injection vulnerability present in some versions of `lxc-ps`)
|
||
- Update `-H unix://` to work similarly to `-H tcp://` by inserting the default values for missing portions
|
||
- Fix more edge cases regarding dockerinit and deleted or replaced docker or dockerinit files
|
||
- Update container name validation to include '.'
|
||
- Fix use of a symlink or non-absolute path as the argument to `-g` to work as expected
|
||
- Update to handle external mounts outside of LXC, fixing many small mounting quirks and making future execution backends and other features simpler
|
||
- Update to use proper box-drawing characters everywhere in `docker images -tree`
|
||
- Move MTU setting from LXC configuration to directly use netlink
|
||
- Add `-S` option to external tar invocation for more efficient spare file handling
|
||
- Add arch/os info to User-Agent string, especially for registry requests
|
||
- Add `-mtu` option to Docker daemon for configuring MTU
|
||
- Fix `docker build` to exit with a non-zero exit code on error
|
||
- Add `DOCKER_HOST` environment variable to configure the client `-H` flag without specifying it manually for every invocation
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 18 08:35:14 UTC 2013 - fcastelli@suse.com
|
||
|
||
- Removed docker.init file from OBS, it's no longer needed since we
|
||
moved to systemd.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Dec 17 17:25:47 UTC 2013 - fcastelli@suse.com
|
||
|
||
- Required git-core rather than the full package chain.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Dec 17 10:59:08 UTC 2013 - fcastelli@suse.com
|
||
|
||
- Fixed openSUSE 12.3 package by adding explicit requirement of
|
||
systemd-devel package at build time.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Dec 17 10:09:04 UTC 2013 - fcastelli@suse.com
|
||
|
||
- Updated to docker 0.7.2:
|
||
* Runtime:
|
||
- Validate container names on creation with standard regex
|
||
- Increase maximum image depth to 127 from 42
|
||
- Continue to move api endpoints to the job api
|
||
- Add -bip flag to allow specification of dynamic bridge IP via CIDR
|
||
- Allow bridge creation when ipv6 is not enabled on certain systems
|
||
- Set hostname and IP address from within dockerinit
|
||
- Drop capabilities from within dockerinit
|
||
- Fix volumes on host when symlink is present the image
|
||
- Prevent deletion of image if ANY container is depending on it even if the container is not running
|
||
- Update docker push to use new progress display
|
||
- Use os.Lstat to allow mounting unix sockets when inspecting volumes
|
||
- Adjusted handling of inactive user login
|
||
- Add missing defines in devicemapper for older kernels
|
||
- Allow untag operations with no container validation
|
||
- Add auth config to docker build
|
||
* Documentation:
|
||
- Add more information about Docker logging
|
||
- Add RHEL documentation
|
||
- Add a direct example for changing the CMD that is run in a container
|
||
- Update Arch installation documentation
|
||
- Add section on Trusted Builds
|
||
- Add Network documentation page
|
||
* Other:
|
||
- Add new cover bundle for providing code coverage reporting
|
||
- Separate integration tests in bundles
|
||
- Make Tianon the hack maintainer
|
||
- Update mkimage-debootstrap with more tweaks for keeping images small
|
||
- Use https to get the install script
|
||
- Remove vendored dotcloud/tar now that Go 1.2 has been released
|
||
- Marked /etc/sysctl.d/200-docker.conf as configuration file within the spec file.
|
||
- Added 'ca-certificates-cacert' as runtime dependency, this is required to pull
|
||
containers from docker's official repository.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Dec 12 08:41:30 UTC 2013 - fcastelli@suse.com
|
||
|
||
- Removed dnsmasq dependency
|
||
- Added GNU tar as an explicit dependency
|
||
- Moved to systemd
|
||
- Updated to docker 0.7.1:
|
||
* Add @SvenDowideit as documentation maintainer
|
||
* Add links example
|
||
* Add documentation regarding ambassador pattern
|
||
* Add Google Cloud Platform docs
|
||
* Add dockerfile best practices
|
||
* Update doc for RHEL
|
||
* Update doc for registry
|
||
* Update Postgres examples
|
||
* Update doc for Ubuntu install
|
||
* Improve remote api doc
|
||
- modified patches:
|
||
* 0001-Allowed-installation-of-dockerinit-into-usr-lib64.patch: changed
|
||
to apply against the updated codebase.
|
||
-------------------------------------------------------------------
|
||
Thu Nov 28 10:18:12 UTC 2013 - fcastelli@suse.com
|
||
|
||
- Updated runtime dependencies according to docker's official guidelines.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Nov 28 09:25:05 UTC 2013 - fcastelli@suse.com
|
||
|
||
- Fixed packaging errors:
|
||
* dockerinit binary was not built, causing docker to be unusable.
|
||
* added custom rpmlint rules.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Nov 26 15:59:38 UTC 2013 - fcastelli@suse.com
|
||
* rpm changes:
|
||
* do no longer require a AUFS cable kernel at runtime.
|
||
* build docker using intree dependencies provided by upstream.
|
||
* created zsh completion sub-package.
|
||
|
||
* 0.7.0 (2013-11-25)
|
||
- Storage drivers: choose from aufs, device mapper, vfs or btrfs.
|
||
- Standard Linux support: docker now runs on unmodified linux kernels and all major distributions.
|
||
- Links: compose complex software stacks by connecting containers to each other.
|
||
- Container naming: organize your containers by giving them memorable names.
|
||
- Advanced port redirects: specify port redirects per interface, or keep sensitive ports private.
|
||
- Offline transfer: push and pull images to the filesystem without losing information.
|
||
- Quality: numerous bugfixes and small usability improvements. Significant increase in test coverage.
|
||
|
||
* 0.6.7 (2013-11-21)
|
||
- Improved stability, fixes some race conditons
|
||
- Skip the volumes mounted when deleting the volumes of container.
|
||
- Fix layer size computation: handle hard links correctly
|
||
- Use the work Path for docker cp CONTAINER:PATH
|
||
- Fix tmp dir never cleanup
|
||
- Speedup docker ps
|
||
- More informative error message on name collisions
|
||
- Fix nameserver regex
|
||
- Always return long id's
|
||
- Fix container restart race condition
|
||
- Keep published ports on docker stop;docker start
|
||
- Fix container networking on Fedora
|
||
- Correctly express "any address" to iptables
|
||
- Fix network setup when reconnecting to ghost container
|
||
- Prevent deletion if image is used by a running container
|
||
- Lock around read operations in graph
|
||
- remote API: return full ID on docker rmi
|
||
- client:
|
||
- Add -tree option to images
|
||
- Offline image transfer
|
||
- Exit with status 2 on usage error and display usage on stderr
|
||
- Do not forward SIGCHLD to container
|
||
- Use string timestamp for docker events -since
|
||
|
||
* 0.6.6 (2013-11-06)
|
||
- Ensure container name on register
|
||
- Fix regression in /etc/hosts
|
||
- Add lock around write operations in graph
|
||
- Check if port is valid
|
||
- Fix restart runtime error with ghost container networking
|
||
- Added some more colors and animals to increase the pool of generated names
|
||
- Fix issues in docker inspect
|
||
- Escape apparmor confinement
|
||
- Set environment variables using a file.
|
||
- Prevent docker insert to erase something
|
||
- Prevent DNS server conflicts in CreateBridgeIface
|
||
- Validate bind mounts on the server side
|
||
- Use parent image config in docker build
|
||
- Fix regression in /etc/hosts
|
||
- Client:
|
||
* Add -P flag to publish all exposed ports
|
||
* Add -notrunc and -q flags to docker history
|
||
* Fix docker commit, tag and import usage
|
||
* Add stars, trusted builds and library flags in docker search
|
||
* Fix docker logs with tty
|
||
- RemoteAPI:
|
||
* Make /events API send headers immediately
|
||
* Do not split last column docker top
|
||
+ Add size to history
|
||
|
||
* 0.6.5 (2013-10-29)
|
||
- Containers can now be named
|
||
- Containers can now be linked together for service discovery
|
||
- 'run -a', 'start -a' and 'attach' can forward signals to the container for better integration with process supervisors
|
||
- Automatically start crashed containers after a reboot
|
||
- Expose IP, port, and proto as separate environment vars for container links
|
||
- Allow ports to be published to specific ips
|
||
- Prohibit inter-container communication by default
|
||
- Ignore ErrClosedPipe for stdin in Container.Attach
|
||
- Remove unused field kernelVersion
|
||
- Fix issue when mounting subdirectories of /mnt in container
|
||
- Fix untag during removal of images
|
||
- Check return value of syscall.Chdir when changing working directory inside dockerinit
|
||
- Client:
|
||
- Only pass stdin to hijack when needed to avoid closed pipe errors
|
||
- Use less reflection in command-line method invocation
|
||
- Monitor the tty size after starting the container, not prior
|
||
- Remove useless os.Exit() calls after log.Fatal
|
||
- Documentation: Fix the flags for nc in example
|
||
- Testing: Remove warnings and prevent mount issues
|
||
- Testing: Change logic for tty resize to avoid warning in tests
|
||
- Builder: Fix race condition in docker build with verbose output
|
||
- Registry: Fix content-type for PushImageJSONIndex method
|
||
- Contrib: Improve helper tools to generate debian and Arch linux server images
|
||
|
||
* 0.6.4 (2013-10-16)
|
||
- Add cleanup of container when Start() fails
|
||
- Add better comments to utils/stdcopy.go
|
||
- Add utils.Errorf for error logging
|
||
- Add -rm to docker run for removing a container on exit
|
||
- Remove error messages which are not actually errors
|
||
- Fix `docker rm` with volumes
|
||
- Fix some error cases where a HTTP body might not be closed
|
||
- Fix panic with wrong dockercfg file
|
||
- Fix the attach behavior with -i
|
||
- Record termination time in state.
|
||
- Use empty string so TempDir uses the OS's temp dir automatically
|
||
- Make sure to close the network allocators
|
||
- Autorestart containers by default
|
||
- Bump vendor kr/pty to commit 3b1f6487b `(syscall.O_NOCTTY)`
|
||
- lxc: Allow set_file_cap capability in container
|
||
- Move run -rm to the cli only
|
||
- Split stdout stderr
|
||
- Always create a new session for the container
|
||
- Builder: Abort build if mergeConfig returns an error and fix duplicate error message
|
||
- Packaging: Remove deprecated packaging directory
|
||
- Registry: Use correct auth config when logging in.
|
||
- Registry: Fix the error message so it is the same as the regex
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 2 12:04:09 UTC 2013 - fcastelli@suse.com
|
||
|
||
* 0.6.3 (2013-09-23)
|
||
|
||
- Client: Fix detach issue
|
||
- Runtime: Only copy and change permissions on non-bindmount volumes
|
||
- Registry: Update regular expression to match index
|
||
* Runtime: Allow multiple volumes-from
|
||
* Packaging: Download apt key over HTTPS
|
||
* Documentation: Update section on extracting the docker binary after build
|
||
* Documentation: Update development environment docs for new build process
|
||
* Documentation: Remove 'base' image from documentation
|
||
* Packaging: Add 'docker' group on install for ubuntu package
|
||
- Runtime: Fix HTTP imports from STDIN
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 26 10:33:21 UTC 2013 - fcastelli@suse.com
|
||
|
||
- Fixed build on SLE_11_SP3
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Sep 23 10:17:17 UTC 2013 - fcastelli@suse.com
|
||
|
||
- Fixed git commit version: the wrong version was showed by 'docker version'.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Sep 23 09:56:42 UTC 2013 - fcastelli@suse.com
|
||
|
||
* 0.6.2 (2013-09-17)
|
||
|
||
Hack: Vendor all dependencies
|
||
Builder: Add -rm option in order to remove intermediate containers
|
||
Runtime: Add domainname support
|
||
Runtime: Implement image filtering with path.Match
|
||
Builder: Allow multiline for the RUN instruction
|
||
Runtime: Remove unnecesasry warnings
|
||
Runtime: Only mount the hostname file when the config exists
|
||
Runtime: Handle signals within the docker login command
|
||
Runtime: Remove os/user dependency
|
||
Registry: Implement login with private registry
|
||
Remote API: Bump to v1.5
|
||
Packaging: Break down hack/make.sh into small scripts, one per 'bundle': test, binary, ubuntu etc.
|
||
Documentation: General improvments
|
||
Runtime: UID and GID are now also applied to volumes
|
||
Runtime: docker start set error code upon error
|
||
Runtime: docker run set the same error code as the process started
|
||
Registry: Fix push issues
|
||
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Aug 26 14:22:34 UTC 2013 - fcastelli@suse.com
|
||
|
||
* 0.6.1 (2013-08-23)
|
||
|
||
Registry: Pass "meta" headers in API calls to the registry
|
||
Packaging: Use correct upstart script with new build tool
|
||
Packaging: Use libffi-dev, don't build it from sources
|
||
Packaging: Removed duplicate mercurial install command
|
||
|
||
* 0.6.0 (2013-08-22)
|
||
|
||
Runtime: Load authConfig only when needed and fix useless WARNING
|
||
Runtime: Add lxc-conf flag to allow custom lxc options
|
||
Runtime: Fix race conditions in parallel pull
|
||
Runtime: Improve CMD, ENTRYPOINT, and attach docs.
|
||
Documentation: Small fix to docs regarding adding docker groups
|
||
Documentation: Add MongoDB image example
|
||
Builder: Add USER instruction do Dockerfile
|
||
Documentation: updated default -H docs
|
||
Remote API: Sort Images by most recent creation date.
|
||
Builder: Add workdir support for the Buildfile
|
||
Runtime: Add an option to set the working directory
|
||
Runtime: Show tag used when image is missing
|
||
Documentation: Update readme with dependencies for building
|
||
Documentation: Add instructions for creating and using the docker group
|
||
Remote API: Reworking opaque requests in registry module
|
||
Runtime: Fix Graph ByParent() to generate list of child images per parent image.
|
||
Runtime: Add Image name to LogEvent tests
|
||
Documentation: Add sudo to examples and installation to documentation
|
||
Hack: Bash Completion: Limit commands to containers of a relevant state
|
||
Remote API: Add image name in /events
|
||
Runtime: Apply volumes-from before creating volumes
|
||
Runtime: Make docker run handle SIGINT/SIGTERM
|
||
Runtime: Prevent crash when .dockercfg not readable
|
||
Hack: Add docker dependencies coverage testing into docker-ci
|
||
Runtime: Add -privileged flag and relevant tests, docs, and examples
|
||
Packaging: Docker-brew 0.5.2 support and memory footprint reduction
|
||
Runtime: Install script should be fetched over https, not http.
|
||
Packaging: Add new docker dependencies into docker-ci
|
||
Runtime: Use Go 1.1.2 for dockerbuilder
|
||
Registry: Improve auth push
|
||
Runtime: API, issue 1471: Use groups for socket permissions
|
||
Documentation: PostgreSQL service example in documentation
|
||
Contrib: bash completion script
|
||
Tests: Improve TestKillDifferentUser to prevent timeout on buildbot
|
||
Documentation: Fix typo in docs for docker run -dns
|
||
Documentation: Adding a reference to ps -a
|
||
Runtime: Correctly detect IPv4 forwarding
|
||
Packaging: Revert "docker.upstart: avoid spawning a sh process"
|
||
Runtime: Use ranged for loop on channels
|
||
Runtime: Fix typo: fmt.Sprint -> fmt.Sprintf
|
||
Tests: Fix typo in TestBindMounts (runContainer called without image)
|
||
Runtime: add websocket support to /container//attach/ws
|
||
Runtime: Mount /dev/shm as a tmpfs
|
||
Builder: Only count known instructions as build steps
|
||
Builder: Fix docker build and docker events output
|
||
Runtime: switch from http to https for get.docker.io
|
||
Tests: Improve TestGetContainersTop so it does not rely on sleep
|
||
Packaging: Docker-brew and Docker standard library
|
||
Testing: Add some tests in server and utils
|
||
Packaging: Release docker with docker
|
||
Builder: Make sure ENV instruction within build perform a commit each time
|
||
Packaging: Fix the upstart script generated by get.docker.io
|
||
Runtime: fix small \n error un docker build
|
||
Runtime: Let userland proxy handle container-bound traffic
|
||
Runtime: Updated the Docker CLI to specify a value for the "Host" header.
|
||
Runtime: Add warning when net.ipv4.ip_forwarding = 0
|
||
Registry: Registry unit tests + mock registry
|
||
Runtime: fixed #910. print user name to docker info output
|
||
Builder: Forbid certain paths within docker build ADD
|
||
Runtime: change network range to avoid conflict with EC2 DNS
|
||
Tests: Relax the lo interface test to allow iface index != 1
|
||
Documentation: Suggest installing linux-headers by default.
|
||
Documentation: Change the twitter handle
|
||
Client: Add docker cp command and copy api endpoint to copy container files/folders to the host
|
||
Remote API: Use mime pkg to parse Content-Type
|
||
Runtime: Reduce connect and read timeout when pinging the registry
|
||
Documentation: Update amazon.rst to explain that Vagrant is not necessary for running Docker on ec2
|
||
Packaging: Enabled the docs to generate manpages.
|
||
Runtime: Parallel pull
|
||
Runtime: Handle ip route showing mask-less IP addresses
|
||
Documentation: Clarify Amazon EC2 installation
|
||
Documentation: 'Base' image is deprecated and should no longer be referenced in the docs.
|
||
Runtime: Fix to "Inject dockerinit at /.dockerinit"
|
||
Runtime: Allow ENTRYPOINT without CMD
|
||
Runtime: Always consider localhost as a domain name when parsing the FQN repos name
|
||
Remote API: 650 http utils and user agent field
|
||
Documentation: fix a typo in the ubuntu installation guide
|
||
Builder: Repository name (and optionally a tag) in build usage
|
||
Documentation: Move note about officially supported kernel
|
||
Packaging: Revert "Bind daemon to 0.0.0.0 in Vagrant.
|
||
Builder: Add no cache for docker build
|
||
Runtime: Add hostname to environment
|
||
Runtime: Add last stable version in docker version
|
||
Builder: Make sure ADD will create everything in 0755
|
||
Documentation: Add ufw doc
|
||
Tests: Add registry functional test to docker-ci
|
||
Documentation: Solved the logo being squished in Safari
|
||
Runtime: Use utils.ParseRepositoryTag instead of strings.Split(name, ":") in server.ImageDelete
|
||
Runtime: Refactor checksum
|
||
Runtime: Improve connect message with socket error
|
||
Documentation: Added information about Docker's high level tools over LXC.
|
||
Don't read from stdout when only attached to stdin
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 7 15:11:23 UTC 2013 - fcastelli@suse.com
|
||
|
||
* added commits required to get docker working with a private registry.
|
||
|
||
* 0.5.1 (2013-07-30)
|
||
|
||
API: Docker client now sets useragent (RFC 2616)
|
||
Runtime: Add ps args to docker top
|
||
Runtime: Add support for container ID files (pidfile like)
|
||
Runtime: Add container=lxc in default env
|
||
Runtime: Support networkless containers with docker run -n and docker -d -b=none
|
||
API: Add /events endpoint
|
||
Builder: ADD command now understands URLs
|
||
Builder: CmdAdd and CmdEnv now respect Dockerfile-set ENV variables
|
||
Hack: Simplify unit tests with helpers
|
||
Hack: Improve docker.upstart event
|
||
Hack: Add coverage testing into docker-ci
|
||
Runtime: Stdout/stderr logs are now stored in the same file as JSON
|
||
Runtime: Allocate a /16 IP range by default, with fallback to /24. Try 12 ranges instead of 3.
|
||
Runtime: Change .dockercfg format to json and support multiple auth remote
|
||
Runtime: Do not override volumes from config
|
||
Runtime: Fix issue with EXPOSE override
|
||
Builder: Create directories with 755 instead of 700 within ADD instruction
|
||
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jul 25 09:43:48 UTC 2013 - fcastelli@suse.com
|
||
|
||
0.5.0 (2013-07-17)
|
||
|
||
Runtime: List all processes running inside a container with 'docker top'
|
||
Runtime: Host directories can be mounted as volumes with 'docker run -v'
|
||
Runtime: Containers can expose public UDP ports (eg, '-p 123/udp')
|
||
Runtime: Optionally specify an exact public port (eg. '-p 80:4500')
|
||
Registry: New image naming scheme inspired by Go packaging convention allows arbitrary combinations of registries
|
||
Builder: ENTRYPOINT instruction sets a default binary entry point to a container
|
||
Builder: VOLUME instruction marks a part of the container as persistent data
|
||
Builder: 'docker build' displays the full output of a build by default
|
||
Runtime: 'docker login' supports additional options
|
||
Runtime: Dont save a container's hostname when committing an image.
|
||
Registry: Fix issues when uploading images to a private registry
|
||
|
||
0.4.8 (2013-07-01)
|
||
|
||
Builder: New build operation ENTRYPOINT adds an executable entry point to the container.
|
||
Runtime: Fix a bug which caused 'docker run -d' to no longer print the container ID.
|
||
Tests: Fix issues in the test suite
|
||
|
||
0.4.7 (2013-06-28)
|
||
|
||
Registry: easier push/pull to a custom registry
|
||
Remote API: the progress bar updates faster when downloading and uploading large files
|
||
Remote API: fix a bug in the optional unix socket transport
|
||
Runtime: improve detection of kernel version
|
||
Runtime: host directories can be mounted as volumes with 'docker run -b'
|
||
Runtime: fix an issue when only attaching to stdin
|
||
Runtime: use 'tar --numeric-owner' to avoid uid mismatch across multiple hosts
|
||
Hack: improve test suite and dev environment
|
||
Hack: remove dependency on unit tests on 'os/user'
|
||
Documentation: add terminology section
|
||
|
||
0.4.6 (2013-06-22)
|
||
|
||
Runtime: fix a bug which caused creation of empty images (and volumes) to crash.
|
||
|
||
0.4.5 (2013-06-21)
|
||
|
||
Builder: 'docker build git://URL' fetches and builds a remote git repository
|
||
Runtime: 'docker ps -s' optionally prints container size
|
||
Tests: Improved and simplified
|
||
Runtime: fix a regression introduced in 0.4.3 which caused the logs command to fail.
|
||
Builder: fix a regression when using ADD with single regular file.
|
||
|
||
0.4.4 (2013-06-19)
|
||
|
||
Builder: fix a regression introduced in 0.4.3 which caused builds to fail on new clients.
|
||
|
||
0.4.3 (2013-06-19)
|
||
|
||
Builder: ADD of a local file will detect tar archives and unpack them
|
||
Runtime: Remove bsdtar dependency
|
||
Runtime: Add unix socket and multiple -H support
|
||
Runtime: Prevent rm of running containers
|
||
Runtime: Use go1.1 cookiejar
|
||
Builder: ADD improvements: use tar for copy + automatically unpack local archives
|
||
Builder: ADD uses tar/untar for copies instead of calling 'cp -ar'
|
||
Builder: nicer output for 'docker build'
|
||
Builder: fixed the behavior of ADD to be (mostly) reverse-compatible, predictable and well-documented.
|
||
Client: HumanReadable ProgressBar sizes in pull
|
||
Client: Fix docker version's git commit output
|
||
API: Send all tags on History API call
|
||
API: Add tag lookup to history command. Fixes #882
|
||
Runtime: Fix issue detaching from running TTY container
|
||
Runtime: Forbid parralel push/pull for a single image/repo. Fixes #311
|
||
Runtime: Fix race condition within Run command when attaching.
|
||
Builder: fix a bug which caused builds to fail if ADD was the first command
|
||
Documentation: fix missing command in irc bouncer example
|
||
|
||
0.4.2 (2013-06-17)
|
||
|
||
Packaging: Bumped version to work around an Ubuntu bug
|
||
|
||
0.4.1 (2013-06-17)
|
||
|
||
Remote Api: Add flag to enable cross domain requests
|
||
Remote Api/Client: Add images and containers sizes in docker ps and docker images
|
||
Runtime: Configure dns configuration host-wide with 'docker -d -dns'
|
||
Runtime: Detect faulty DNS configuration and replace it with a public default
|
||
Runtime: allow docker run :
|
||
Runtime: you can now specify public port (ex: -p 80:4500)
|
||
Client: allow multiple params in inspect
|
||
Client: Print the container id before the hijack in docker run
|
||
Registry: add regexp check on repo's name
|
||
Registry: Move auth to the client
|
||
Runtime: improved image removal to garbage-collect unreferenced parents
|
||
Vagrantfile: Add the rest api port to vagrantfile's port_forward
|
||
Upgrade to Go 1.1
|
||
Builder: don't ignore last line in Dockerfile when it doesn't end with \n
|
||
Registry: Remove login check on pull
|
||
|
||
0.4.0 (2013-06-03)
|
||
|
||
Introducing Builder: 'docker build' builds a container, layer by layer, from a source repository containing a Dockerfile
|
||
Introducing Remote API: control Docker programmatically using a simple HTTP/json API
|
||
Runtime: various reliability and usability improvements
|
||
|
||
0.3.4 (2013-05-30)
|
||
|
||
Builder: 'docker build' builds a container, layer by layer, from a source repository containing a Dockerfile
|
||
Builder: 'docker build -t FOO' applies the tag FOO to the newly built container.
|
||
Runtime: interactive TTYs correctly handle window resize
|
||
Runtime: fix how configuration is merged between layers
|
||
Remote API: split stdout and stderr on 'docker run'
|
||
Remote API: optionally listen on a different IP and port (use at your own risk)
|
||
Documentation: improved install instructions.
|
||
|
||
0.3.3 (2013-05-23)
|
||
|
||
Registry: Fix push regression
|
||
Various bugfixes
|
||
|
||
0.3.2 (2013-05-09)
|
||
|
||
Runtime: Store the actual archive on commit
|
||
Registry: Improve the checksum process
|
||
Registry: Use the size to have a good progress bar while pushing
|
||
Registry: Use the actual archive if it exists in order to speed up the push
|
||
Registry: Fix error 400 on push
|
||
|
||
0.3.1 (2013-05-08)
|
||
|
||
Builder: Implement the autorun capability within docker builder
|
||
Builder: Add caching to docker builder
|
||
Builder: Add support for docker builder with native API as top level command
|
||
Runtime: Add go version to debug infos
|
||
Builder: Implement ENV within docker builder
|
||
Registry: Add docker search top level command in order to search a repository
|
||
Images: output graph of images to dot (graphviz)
|
||
Documentation: new introduction and high-level overview
|
||
Documentation: Add the documentation for docker builder
|
||
Website: new high-level overview
|
||
Makefile: Swap "go get" for "go get -d", especially to compile on go1.1rc
|
||
Images: fix ByParent function
|
||
Builder: Check the command existance prior create and add Unit tests for the case
|
||
Registry: Fix pull for official images with specific tag
|
||
Registry: Fix issue when login in with a different user and trying to push
|
||
Documentation: CSS fix for docker documentation to make REST API docs look better.
|
||
Documentation: Fixed CouchDB example page header mistake
|
||
Documentation: fixed README formatting
|
||
Registry: Improve checksum - async calculation
|
||
Runtime: kernel version - don't show the dash if flavor is empty
|
||
Documentation: updated www.docker.io website.
|
||
Builder: use any whitespaces instead of tabs
|
||
Packaging: packaging ubuntu; issue #510: Use goland-stable PPA package to build docker
|
||
|
||
|
||
-------------------------------------------------------------------
|
||
Tue May 7 09:09:34 UTC 2013 - fcastelli@suse.com
|
||
|
||
* Update to 0.3.0 (2013-05-06)
|
||
- Registry: Implement the new registry
|
||
- Documentation: new example: sharing data between 2 couchdb databases
|
||
- Runtime: Fix the command existance check
|
||
- Runtime: strings.Split may return an empty string on no match
|
||
- Runtime: Fix an index out of range crash if cgroup memory is not
|
||
- Documentation: Various improvments
|
||
- Vagrant: Use only one deb line in /etc/apt
|
||
|
||
-------------------------------------------------------------------
|
||
Mon May 6 16:00:00 UTC 2013 - fcastelli@suse.com
|
||
|
||
- Update to version 0.2.2
|
||
|
||
* 0.2.2 (2013-05-03)
|
||
- Support for data volumes ('docker run -v=PATH')
|
||
- Share data volumes between containers ('docker run -volumes-from')
|
||
- Improved documentation
|
||
- Upgrade to Go 1.0.3
|
||
- Various upgrades to the dev environment for contributors
|
||
|
||
* 0.2.1 (2013-05-01)
|
||
- 'docker commit -run' bundles a layer with default runtime options: command, ports etc.
|
||
- Improve install process on Vagrant
|
||
- New Dockerfile operation: "maintainer"
|
||
- New Dockerfile operation: "expose"
|
||
- New Dockerfile operation: "cmd"
|
||
- Contrib script to build a Debian base layer
|
||
- 'docker -d -r': restart crashed containers at daemon startup
|
||
- Runtime: improve test coverage
|
||
|
||
* 0.2.0 (2013-04-23)
|
||
- Runtime: ghost containers can be killed and waited for
|
||
- Documentation: update install intructions
|
||
- Packaging: fix Vagrantfile
|
||
- Development: automate releasing binaries and ubuntu packages
|
||
- Add a changelog
|
||
- Various bugfixes
|
||
|
||
* 0.1.8 (2013-04-22)
|
||
- Dynamically detect cgroup capabilities
|
||
- Issue stability warning on kernels <3.8
|
||
- 'docker push' buffers on disk instead of memory
|
||
- Fix 'docker diff' for removed files
|
||
- Fix 'docker stop' for ghost containers
|
||
- Fix handling of pidfile
|
||
- Various bugfixes and stability improvements
|
||
|
||
* 0.1.7 (2013-04-18)
|
||
- Container ports are available on localhost
|
||
- 'docker ps' shows allocated TCP ports
|
||
- Contributors can run 'make hack' to start a continuous integration VM
|
||
- Streamline ubuntu packaging & uploading
|
||
- Various bugfixes and stability improvements
|
||
|
||
* 0.1.6 (2013-04-17)
|
||
- Record the author an image with 'docker commit -author'
|
||
|
||
* 0.1.5 (2013-04-17)
|
||
- Disable standalone mode
|
||
- Use a custom DNS resolver with 'docker -d -dns'
|
||
- Detect ghost containers
|
||
- Improve diagnosis of missing system capabilities
|
||
- Allow disabling memory limits at compile time
|
||
- Add debian packaging
|
||
- Documentation: installing on Arch Linux
|
||
- Documentation: running Redis on docker
|
||
- Fixed lxc 0.9 compatibility
|
||
- Automatically load aufs module
|
||
- Various bugfixes and stability improvements
|
||
|
||
* 0.1.4 (2013-04-09):
|
||
- Full support for TTY emulation
|
||
- Detach from a TTY session with the escape sequence C-p C-q
|
||
- Various bugfixes and stability improvements
|
||
- Minor UI improvements
|
||
- Automatically create our own bridge interface 'docker0'
|
||
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 10 10:31:11 UTC 2013 - fcastelli@suse.com
|
||
|
||
- Apply patch that creates pidfile.
|
||
- Update the init script to look for the pidfile under the right location.
|
||
- Update the init script to acknowledge the code taken from Ubuntu's lxc-net script.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Apr 9 08:24:33 UTC 2013 - fcastelli@suse.com
|
||
|
||
- create initial package using version 0.1.3 from git commit 0767916adedb01
|