forked from pool/docker
Accepting request 1082884 from home:cyphar:docker
- Update to Docker 23.0.4-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/23.0/#2304>. bsc#1208074 - Rebase patches: * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch * 0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch - Renumbered patches: - 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch - Remove upstreamed patches: - 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch - 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch - 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch - Backport <https://github.com/docker/cli/pull/4228> to allow man pages to be built without internet access in OBS. + cli-0001-docs-include-required-tools-in-source-tree.patch OBS-URL: https://build.opensuse.org/request/show/1082884 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=384
This commit is contained in:
parent
fd8d986a59
commit
31e1155fb8
@ -1,7 +1,7 @@
|
||||
From 823bedd07fac6778a3d94b6f949ac16e6bd12638 Mon Sep 17 00:00:00 2001
|
||||
From 5c6812a104e161599fc8569d0b4af04224ef3b5a Mon Sep 17 00:00:00 2001
|
||||
From: Aleksa Sarai <asarai@suse.de>
|
||||
Date: Wed, 8 Mar 2017 12:41:54 +1100
|
||||
Subject: [PATCH 1/7] SECRETS: daemon: allow directory creation in /run/secrets
|
||||
Subject: [PATCH 1/3] SECRETS: daemon: allow directory creation in /run/secrets
|
||||
|
||||
Since FileMode can have the directory bit set, allow a SecretStore
|
||||
implementation to return secrets that are actually directories. This is
|
||||
@ -10,11 +10,11 @@ useful for creating directories and subdirectories of secrets.
|
||||
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
|
||||
Signed-off-by: Aleksa Sarai <asarai@suse.de>
|
||||
---
|
||||
daemon/container_operations_unix.go | 24 +++++++++++++++++++++---
|
||||
1 file changed, 21 insertions(+), 3 deletions(-)
|
||||
daemon/container_operations_unix.go | 23 ++++++++++++++++++++---
|
||||
1 file changed, 20 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/daemon/container_operations_unix.go b/daemon/container_operations_unix.go
|
||||
index 75b4b09b8dc4..583db20aa459 100644
|
||||
index 561077b66b60..0b70825dd2ff 100644
|
||||
--- a/daemon/container_operations_unix.go
|
||||
+++ b/daemon/container_operations_unix.go
|
||||
@@ -4,6 +4,7 @@
|
||||
@ -23,12 +23,12 @@ index 75b4b09b8dc4..583db20aa459 100644
|
||||
import (
|
||||
+ "bytes"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
@@ -13,6 +14,7 @@ import (
|
||||
"github.com/docker/docker/container"
|
||||
"path/filepath"
|
||||
@@ -14,6 +15,7 @@ import (
|
||||
"github.com/docker/docker/daemon/links"
|
||||
"github.com/docker/docker/errdefs"
|
||||
"github.com/docker/docker/libnetwork"
|
||||
+ "github.com/docker/docker/pkg/archive"
|
||||
"github.com/docker/docker/pkg/idtools"
|
||||
"github.com/docker/docker/pkg/stringid"
|
||||
@ -37,13 +37,13 @@ index 75b4b09b8dc4..583db20aa459 100644
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "unable to get secret from secret store")
|
||||
}
|
||||
- if err := ioutil.WriteFile(fPath, secret.Spec.Data, s.File.Mode); err != nil {
|
||||
- if err := os.WriteFile(fPath, secret.Spec.Data, s.File.Mode); err != nil {
|
||||
- return errors.Wrap(err, "error injecting secret")
|
||||
- }
|
||||
|
||||
uid, err := strconv.Atoi(s.File.UID)
|
||||
if err != nil {
|
||||
@@ -219,6 +218,25 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
|
||||
@@ -219,6 +218,24 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
|
||||
return err
|
||||
}
|
||||
|
||||
@ -55,14 +55,13 @@ index 75b4b09b8dc4..583db20aa459 100644
|
||||
+ // If the "file" is a directory, then s.File.Data is actually a tar
|
||||
+ // archive of the directory. So we just do a tar extraction here.
|
||||
+ if err := archive.UntarUncompressed(bytes.NewBuffer(secret.Spec.Data), fPath, &archive.TarOptions{
|
||||
+ UIDMaps: daemon.idMapping.UIDs(),
|
||||
+ GIDMaps: daemon.idMapping.GIDs(),
|
||||
+ IDMap: daemon.idMapping,
|
||||
+ }); err != nil {
|
||||
+ return errors.Wrap(err, "error injecting secretdir")
|
||||
+ }
|
||||
+ }
|
||||
+ } else {
|
||||
+ if err := ioutil.WriteFile(fPath, secret.Spec.Data, s.File.Mode); err != nil {
|
||||
+ if err := os.WriteFile(fPath, secret.Spec.Data, s.File.Mode); err != nil {
|
||||
+ return errors.Wrap(err, "error injecting secret")
|
||||
+ }
|
||||
+ }
|
||||
@ -70,5 +69,5 @@ index 75b4b09b8dc4..583db20aa459 100644
|
||||
return errors.Wrap(err, "error setting ownership for secret")
|
||||
}
|
||||
--
|
||||
2.38.1
|
||||
2.40.0
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
From fa24396cbecbb6cdc7c734559389486849c2268c Mon Sep 17 00:00:00 2001
|
||||
From 4138c02a19fbd3d3ff50f0b364bf4b99adc47298 Mon Sep 17 00:00:00 2001
|
||||
From: Aleksa Sarai <asarai@suse.de>
|
||||
Date: Wed, 8 Mar 2017 11:43:29 +1100
|
||||
Subject: [PATCH 2/7] SECRETS: SUSE: implement SUSE container secrets
|
||||
Subject: [PATCH 2/3] SECRETS: SUSE: implement SUSE container secrets
|
||||
|
||||
This allows for us to pass in host credentials to a container, allowing
|
||||
for SUSEConnect to work with containers.
|
||||
@ -14,12 +14,12 @@ SUSE-Bugs: bsc#1065609 bsc#1057743 bsc#1055676 bsc#1030702
|
||||
Signed-off-by: Aleksa Sarai <asarai@suse.de>
|
||||
---
|
||||
daemon/start.go | 5 +
|
||||
daemon/suse_secrets.go | 410 +++++++++++++++++++++++++++++++++++++++++
|
||||
2 files changed, 415 insertions(+)
|
||||
daemon/suse_secrets.go | 415 +++++++++++++++++++++++++++++++++++++++++
|
||||
2 files changed, 420 insertions(+)
|
||||
create mode 100644 daemon/suse_secrets.go
|
||||
|
||||
diff --git a/daemon/start.go b/daemon/start.go
|
||||
index d9bc082b1078..091dae2ae65e 100644
|
||||
index 9d6f7812b67c..53c42082c5bf 100644
|
||||
--- a/daemon/start.go
|
||||
+++ b/daemon/start.go
|
||||
@@ -150,6 +150,11 @@ func (daemon *Daemon) containerStart(container *container.Container, checkpoint
|
||||
@ -36,10 +36,10 @@ index d9bc082b1078..091dae2ae65e 100644
|
||||
return errdefs.System(err)
|
||||
diff --git a/daemon/suse_secrets.go b/daemon/suse_secrets.go
|
||||
new file mode 100644
|
||||
index 000000000000..9ee33adf7497
|
||||
index 000000000000..32b0ece91b59
|
||||
--- /dev/null
|
||||
+++ b/daemon/suse_secrets.go
|
||||
@@ -0,0 +1,410 @@
|
||||
@@ -0,0 +1,415 @@
|
||||
+/*
|
||||
+ * suse-secrets: patch for Docker to implement SUSE secrets
|
||||
+ * Copyright (C) 2017-2021 SUSE LLC.
|
||||
@ -75,8 +75,8 @@ index 000000000000..9ee33adf7497
|
||||
+ "github.com/docker/docker/pkg/idtools"
|
||||
+
|
||||
+ swarmtypes "github.com/docker/docker/api/types/swarm"
|
||||
+ swarmexec "github.com/docker/swarmkit/agent/exec"
|
||||
+ swarmapi "github.com/docker/swarmkit/api"
|
||||
+ swarmexec "github.com/moby/swarmkit/v2/agent/exec"
|
||||
+ swarmapi "github.com/moby/swarmkit/v2/api"
|
||||
+
|
||||
+ "github.com/opencontainers/go-digest"
|
||||
+ "github.com/sirupsen/logrus"
|
||||
@ -113,7 +113,7 @@ index 000000000000..9ee33adf7497
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+func (s SuseFakeFile) toSecretReference(idMaps *idtools.IdentityMapping) *swarmtypes.SecretReference {
|
||||
+func (s SuseFakeFile) toSecretReference(idMaps idtools.IdentityMapping) *swarmtypes.SecretReference {
|
||||
+ // Figure out the host-facing {uid,gid} based on the provided maps. Fall
|
||||
+ // back to root if the UID/GID don't match (we are guaranteed that root is
|
||||
+ // mapped).
|
||||
@ -345,6 +345,7 @@ index 000000000000..9ee33adf7497
|
||||
+ suseEmptyStore struct{}
|
||||
+ suseEmptySecret struct{}
|
||||
+ suseEmptyConfig struct{}
|
||||
+ suseEmptyVolume struct{}
|
||||
+)
|
||||
+
|
||||
+// In order to reduce the amount of code touched outside of this file, we
|
||||
@ -356,14 +357,17 @@ index 000000000000..9ee33adf7497
|
||||
+ emptyStore swarmexec.DependencyGetter = suseEmptyStore{}
|
||||
+ emptySecret swarmexec.SecretGetter = suseEmptySecret{}
|
||||
+ emptyConfig swarmexec.ConfigGetter = suseEmptyConfig{}
|
||||
+ emptyVolume swarmexec.VolumeGetter = suseEmptyVolume{}
|
||||
+)
|
||||
+
|
||||
+var errSuseEmptyStore = fmt.Errorf("SUSE:secrets :: tried to get a resource from empty store [this is a bug]")
|
||||
+
|
||||
+func (_ suseEmptyConfig) Get(_ string) (*swarmapi.Config, error) { return nil, errSuseEmptyStore }
|
||||
+func (_ suseEmptySecret) Get(_ string) (*swarmapi.Secret, error) { return nil, errSuseEmptyStore }
|
||||
+func (_ suseEmptyVolume) Get(_ string) (string, error) { return "", errSuseEmptyStore }
|
||||
+func (_ suseEmptyStore) Secrets() swarmexec.SecretGetter { return emptySecret }
|
||||
+func (_ suseEmptyStore) Configs() swarmexec.ConfigGetter { return emptyConfig }
|
||||
+func (_ suseEmptyStore) Volumes() swarmexec.VolumeGetter { return emptyVolume }
|
||||
+
|
||||
+type suseDependencyStore struct {
|
||||
+ dfl swarmexec.DependencyGetter
|
||||
@ -373,6 +377,7 @@ index 000000000000..9ee33adf7497
|
||||
+// The following are effectively dumb wrappers that return ourselves, or the
|
||||
+// default.
|
||||
+func (s *suseDependencyStore) Secrets() swarmexec.SecretGetter { return s }
|
||||
+func (s *suseDependencyStore) Volumes() swarmexec.VolumeGetter { return emptyVolume }
|
||||
+func (s *suseDependencyStore) Configs() swarmexec.ConfigGetter { return s.dfl.Configs() }
|
||||
+
|
||||
+// Get overrides the underlying DependencyGetter with our own secrets (falling
|
||||
@ -451,5 +456,5 @@ index 000000000000..9ee33adf7497
|
||||
+ return nil
|
||||
+}
|
||||
--
|
||||
2.38.1
|
||||
2.40.0
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
From bc52d15141402d94eeaee618f1df0b540f527b98 Mon Sep 17 00:00:00 2001
|
||||
From 3e37bbad6f0a0c2576ad0b9dfe7a4a9290aa2aa0 Mon Sep 17 00:00:00 2001
|
||||
From: Aleksa Sarai <asarai@suse.de>
|
||||
Date: Fri, 29 Jun 2018 17:59:30 +1000
|
||||
Subject: [PATCH 4/7] bsc1073877: apparmor: clobber docker-default profile on
|
||||
Subject: [PATCH 3/3] bsc1073877: apparmor: clobber docker-default profile on
|
||||
start
|
||||
|
||||
In the process of making docker-default reloading far less expensive,
|
||||
@ -22,7 +22,7 @@ Signed-off-by: Aleksa Sarai <asarai@suse.de>
|
||||
3 files changed, 17 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/daemon/apparmor_default.go b/daemon/apparmor_default.go
|
||||
index 21813ec14f8f..0de75b32b7fa 100644
|
||||
index 6376001613f7..5fde21a4af8a 100644
|
||||
--- a/daemon/apparmor_default.go
|
||||
+++ b/daemon/apparmor_default.go
|
||||
@@ -24,6 +24,15 @@ func DefaultApparmorProfile() string {
|
||||
@ -30,7 +30,7 @@ index 21813ec14f8f..0de75b32b7fa 100644
|
||||
}
|
||||
|
||||
+func clobberDefaultAppArmorProfile() error {
|
||||
+ if apparmor.IsEnabled() {
|
||||
+ if apparmor.HostSupports() {
|
||||
+ if err := aaprofile.InstallDefault(defaultAppArmorProfile); err != nil {
|
||||
+ return fmt.Errorf("AppArmor enabled on system but the %s profile could not be loaded: %s", defaultAppArmorProfile, err)
|
||||
+ }
|
||||
@ -39,7 +39,7 @@ index 21813ec14f8f..0de75b32b7fa 100644
|
||||
+}
|
||||
+
|
||||
func ensureDefaultAppArmorProfile() error {
|
||||
if apparmor.IsEnabled() {
|
||||
if apparmor.HostSupports() {
|
||||
loaded, err := aaprofile.IsLoaded(defaultAppArmorProfile)
|
||||
@@ -37,10 +46,7 @@ func ensureDefaultAppArmorProfile() error {
|
||||
}
|
||||
@ -69,10 +69,10 @@ index e3dc18b32b5e..9c7723056268 100644
|
||||
return nil
|
||||
}
|
||||
diff --git a/daemon/daemon.go b/daemon/daemon.go
|
||||
index f15a4b038498..2f0c23bc62c9 100644
|
||||
index 40abbe8cc19c..05c6db818c30 100644
|
||||
--- a/daemon/daemon.go
|
||||
+++ b/daemon/daemon.go
|
||||
@@ -857,8 +857,9 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
|
||||
@@ -807,8 +807,9 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
|
||||
logrus.Warnf("Failed to configure golang's threads limit: %v", err)
|
||||
}
|
||||
|
||||
@ -85,5 +85,5 @@ index f15a4b038498..2f0c23bc62c9 100644
|
||||
}
|
||||
|
||||
--
|
||||
2.38.1
|
||||
2.40.0
|
||||
|
@ -1,144 +0,0 @@
|
||||
From 57673ad5455b1b27e41716e33b67c9cd8099b580 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Rostecki <mrostecki@opensuse.org>
|
||||
Date: Thu, 8 Apr 2021 14:42:02 +0100
|
||||
Subject: [PATCH 5/7] bsc1183855: btrfs: Do not disable quota on cleanup
|
||||
|
||||
Before this change, cleanup of the btrfs driver (occuring on each daemon
|
||||
shutdown) resulted in disabling quotas. It was done with an assumption
|
||||
that quotas can be enabled or disabled on a subvolume level, which is
|
||||
not true - enabling or disabling quota is always done on a filesystem
|
||||
level.
|
||||
|
||||
That was leading to disabling quota on btrfs filesystems on each daemon
|
||||
shutdown.
|
||||
|
||||
This change fixes that behavior and removes misleading `subvol` prefix
|
||||
from functions and methods which set up quota (on a filesystem level).
|
||||
|
||||
SUSE-Bugs: bsc#1175081 bsc#1183855
|
||||
SUSE-Upstream-Commit: 1ec689c4c2ecda24ed8495451c53072bb0497871
|
||||
Fixes: 401c8d176743 ("Add disk quota support for btrfs")
|
||||
Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
|
||||
---
|
||||
daemon/graphdriver/btrfs/btrfs.go | 50 +++++--------------------------
|
||||
1 file changed, 8 insertions(+), 42 deletions(-)
|
||||
|
||||
diff --git a/daemon/graphdriver/btrfs/btrfs.go b/daemon/graphdriver/btrfs/btrfs.go
|
||||
index fa0cdf8666b1..02bbb5da1088 100644
|
||||
--- a/daemon/graphdriver/btrfs/btrfs.go
|
||||
+++ b/daemon/graphdriver/btrfs/btrfs.go
|
||||
@@ -104,7 +104,7 @@ func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap
|
||||
}
|
||||
|
||||
if userDiskQuota {
|
||||
- if err := driver.subvolEnableQuota(); err != nil {
|
||||
+ if err := driver.enableQuota(); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
@@ -173,18 +173,10 @@ func (d *Driver) GetMetadata(id string) (map[string]string, error) {
|
||||
|
||||
// Cleanup unmounts the home directory.
|
||||
func (d *Driver) Cleanup() error {
|
||||
- err := d.subvolDisableQuota()
|
||||
- umountErr := mount.Unmount(d.home)
|
||||
-
|
||||
- // in case we have two errors, prefer the one from disableQuota()
|
||||
- if err != nil {
|
||||
+ if err := mount.Unmount(d.home); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
- if umountErr != nil {
|
||||
- return umountErr
|
||||
- }
|
||||
-
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -342,7 +334,7 @@ func (d *Driver) updateQuotaStatus() {
|
||||
d.once.Do(func() {
|
||||
if !d.quotaEnabled {
|
||||
// In case quotaEnabled is not set, check qgroup and update quotaEnabled as needed
|
||||
- if err := subvolQgroupStatus(d.home); err != nil {
|
||||
+ if err := qgroupStatus(d.home); err != nil {
|
||||
// quota is still not enabled
|
||||
return
|
||||
}
|
||||
@@ -351,7 +343,7 @@ func (d *Driver) updateQuotaStatus() {
|
||||
})
|
||||
}
|
||||
|
||||
-func (d *Driver) subvolEnableQuota() error {
|
||||
+func (d *Driver) enableQuota() error {
|
||||
d.updateQuotaStatus()
|
||||
|
||||
if d.quotaEnabled {
|
||||
@@ -377,32 +369,6 @@ func (d *Driver) subvolEnableQuota() error {
|
||||
return nil
|
||||
}
|
||||
|
||||
-func (d *Driver) subvolDisableQuota() error {
|
||||
- d.updateQuotaStatus()
|
||||
-
|
||||
- if !d.quotaEnabled {
|
||||
- return nil
|
||||
- }
|
||||
-
|
||||
- dir, err := openDir(d.home)
|
||||
- if err != nil {
|
||||
- return err
|
||||
- }
|
||||
- defer closeDir(dir)
|
||||
-
|
||||
- var args C.struct_btrfs_ioctl_quota_ctl_args
|
||||
- args.cmd = C.BTRFS_QUOTA_CTL_DISABLE
|
||||
- _, _, errno := unix.Syscall(unix.SYS_IOCTL, getDirFd(dir), C.BTRFS_IOC_QUOTA_CTL,
|
||||
- uintptr(unsafe.Pointer(&args)))
|
||||
- if errno != 0 {
|
||||
- return fmt.Errorf("Failed to disable btrfs quota for %s: %v", dir, errno.Error())
|
||||
- }
|
||||
-
|
||||
- d.quotaEnabled = false
|
||||
-
|
||||
- return nil
|
||||
-}
|
||||
-
|
||||
func (d *Driver) subvolRescanQuota() error {
|
||||
d.updateQuotaStatus()
|
||||
|
||||
@@ -445,11 +411,11 @@ func subvolLimitQgroup(path string, size uint64) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
-// subvolQgroupStatus performs a BTRFS_IOC_TREE_SEARCH on the root path
|
||||
+// qgroupStatus performs a BTRFS_IOC_TREE_SEARCH on the root path
|
||||
// with search key of BTRFS_QGROUP_STATUS_KEY.
|
||||
// In case qgroup is enabled, the retuned key type will match BTRFS_QGROUP_STATUS_KEY.
|
||||
// For more details please see https://github.com/kdave/btrfs-progs/blob/v4.9/qgroup.c#L1035
|
||||
-func subvolQgroupStatus(path string) error {
|
||||
+func qgroupStatus(path string) error {
|
||||
dir, err := openDir(path)
|
||||
if err != nil {
|
||||
return err
|
||||
@@ -623,7 +589,7 @@ func (d *Driver) setStorageSize(dir string, driver *Driver) error {
|
||||
if d.options.minSpace > 0 && driver.options.size < d.options.minSpace {
|
||||
return fmt.Errorf("btrfs: storage size cannot be less than %s", units.HumanSize(float64(d.options.minSpace)))
|
||||
}
|
||||
- if err := d.subvolEnableQuota(); err != nil {
|
||||
+ if err := d.enableQuota(); err != nil {
|
||||
return err
|
||||
}
|
||||
return subvolLimitQgroup(dir, driver.options.size)
|
||||
@@ -677,7 +643,7 @@ func (d *Driver) Get(id, mountLabel string) (containerfs.ContainerFS, error) {
|
||||
|
||||
if quota, err := ioutil.ReadFile(d.quotasDirID(id)); err == nil {
|
||||
if size, err := strconv.ParseUint(string(quota), 10, 64); err == nil && size >= d.options.minSpace {
|
||||
- if err := d.subvolEnableQuota(); err != nil {
|
||||
+ if err := d.enableQuota(); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if err := subvolLimitQgroup(dir, size); err != nil {
|
||||
--
|
||||
2.38.1
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -1,56 +0,0 @@
|
||||
From 6451aa1559ce5a135f599682ab33721e116925bd Mon Sep 17 00:00:00 2001
|
||||
From: Sebastiaan van Stijn <github@gone.nl>
|
||||
Date: Fri, 29 Jan 2021 14:55:08 +0100
|
||||
Subject: [PATCH 7/7] bsc1200022: fifo.Close(): prevent possible panic if fifo
|
||||
is nil
|
||||
|
||||
I'm not sure if this is the right approach, and synchronisation should probably
|
||||
be added elsewhere to fix the underlying issue.
|
||||
|
||||
Trying to prevent a panic that was seen on container restore in th docker daemon:
|
||||
|
||||
panic: runtime error: invalid memory address or nil pointer dereference
|
||||
[signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0x5586c892a7a4]
|
||||
|
||||
goroutine 420 [running]:
|
||||
github.com/docker/docker/vendor/github.com/containerd/fifo.(*fifo).Close(0x0, 0x0, 0x0)
|
||||
/go/src/github.com/docker/docker/vendor/github.com/containerd/fifo/fifo.go:208 +0x44
|
||||
github.com/docker/docker/vendor/github.com/containerd/containerd/cio.(*cio).Close(0xc000d06f60, 0x5586cb5654d0, 0xc000d8e9e8)
|
||||
/go/src/github.com/docker/docker/vendor/github.com/containerd/containerd/cio/io.go:203 +0x90
|
||||
github.com/docker/docker/libcontainerd/remote.(*client).Restore.func1(0xc0008bf820, 0xc0008a2040)
|
||||
/go/src/github.com/docker/docker/libcontainerd/remote/client.go:86 +0x5a
|
||||
github.com/docker/docker/libcontainerd/remote.(*client).Restore(0xc00098e5b0, 0x5586cb61c7c0, 0xc000052088, 0xc0011b6500, 0x40, 0xc0008bf810, 0x5586cb05cf00, 0xffffffffffffffff, 0x0, 0x0, ...)
|
||||
/go/src/github.com/docker/docker/libcontainerd/remote/client.go:107 +0x923
|
||||
github.com/docker/docker/daemon.(*Daemon).restore.func3(0xc00079d9e0, 0xc000a38230, 0xc00000c1e0, 0xc00079d9a8, 0xc000d84f00, 0xc000d84ed0, 0xc000d84ea0, 0xc00128a280)
|
||||
/go/src/github.com/docker/docker/daemon/daemon.go:351 +0x48a
|
||||
created by github.com/docker/docker/daemon.(*Daemon).restore
|
||||
/go/src/github.com/docker/docker/daemon/daemon.go:319 +0x4b3
|
||||
|
||||
If the fifo is nil, there's nothing to be done in Close(), so returning early
|
||||
in that situation.
|
||||
|
||||
Backport: <https://github.com/containerd/fifo/pull/32>
|
||||
SUSE-Bugs: bsc#1200022
|
||||
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
|
||||
---
|
||||
vendor/github.com/containerd/fifo/fifo.go | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/vendor/github.com/containerd/fifo/fifo.go b/vendor/github.com/containerd/fifo/fifo.go
|
||||
index 96c214f270bf..c3eec295b578 100644
|
||||
--- a/vendor/github.com/containerd/fifo/fifo.go
|
||||
+++ b/vendor/github.com/containerd/fifo/fifo.go
|
||||
@@ -204,6 +204,10 @@ func (f *fifo) Write(b []byte) (int, error) {
|
||||
// before open(2) has returned and fifo was never opened.
|
||||
func (f *fifo) Close() (retErr error) {
|
||||
for {
|
||||
+ if f == nil {
|
||||
+ return
|
||||
+ }
|
||||
+
|
||||
select {
|
||||
case <-f.closed:
|
||||
f.handle.Close()
|
||||
--
|
||||
2.38.1
|
||||
|
16
_service
16
_service
@ -3,26 +3,18 @@
|
||||
<param name="url">https://github.com/moby/moby.git</param>
|
||||
<param name="scm">git</param>
|
||||
<param name="exclude">.git</param>
|
||||
<param name="versionformat">20.10.23_ce_%h</param>
|
||||
<param name="revision">v20.10.23</param>
|
||||
<param name="versionformat">23.0.4_ce_%h</param>
|
||||
<param name="revision">v23.0.4</param>
|
||||
<param name="filename">docker</param>
|
||||
</service>
|
||||
<service name="tar_scm" mode="disabled">
|
||||
<param name="url">https://github.com/docker/cli.git</param>
|
||||
<param name="scm">git</param>
|
||||
<param name="exclude">.git</param>
|
||||
<param name="versionformat">20.10.23_ce</param>
|
||||
<param name="revision">v20.10.23</param>
|
||||
<param name="versionformat">23.0.4_ce</param>
|
||||
<param name="revision">v23.0.4</param>
|
||||
<param name="filename">docker-cli</param>
|
||||
</service>
|
||||
<service name="tar_scm" mode="disabled">
|
||||
<param name="url">https://github.com/docker/libnetwork.git</param>
|
||||
<param name="scm">git</param>
|
||||
<param name="exclude">.git</param>
|
||||
<param name="versionformat">%H</param>
|
||||
<param name="revision">05b93e0d3a95952f70c113b0bc5bdb538d7afdd7</param>
|
||||
<param name="filename">docker-libnetwork</param>
|
||||
</service>
|
||||
<service name="recompress" mode="disabled">
|
||||
<param name="file">docker-*.tar</param>
|
||||
<param name="compression">xz</param>
|
||||
|
23756
cli-0001-docs-include-required-tools-in-source-tree.patch
Normal file
23756
cli-0001-docs-include-required-tools-in-source-tree.patch
Normal file
File diff suppressed because it is too large
Load Diff
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:0d6b832806f3144a4b917657f615d9388081e7c7b3f77db3b4b7c6c01b931686
|
||||
size 6589992
|
3
docker-23.0.4_ce_cbce3319305c.tar.xz
Normal file
3
docker-23.0.4_ce_cbce3319305c.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:5a4b5308b55bf785e97acf5dca70866a362b71b8d314ce4762fb0bc7be59d611
|
||||
size 8261820
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:c2a96dd55814fc22ccfe054b78438963fc139b292696bc3ba7667abd399d7c70
|
||||
size 4320480
|
3
docker-cli-23.0.4_ce.tar.xz
Normal file
3
docker-cli-23.0.4_ce.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:5d870ff012fbf1abc1dd7d01188894940ad7a9fc1d829ebb95377b298f1cbee7
|
||||
size 3497948
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:44fa1530b22f18434174b03895c8933b356f254b718855fd7487888afbb10e91
|
||||
size 1983112
|
@ -1,3 +1,22 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Apr 26 00:31:54 UTC 2023 - Aleksa Sarai <asarai@suse.com>
|
||||
|
||||
- Update to Docker 23.0.4-ce. See upstream changelog online at
|
||||
<https://docs.docker.com/engine/release-notes/23.0/#2304>. bsc#1208074
|
||||
- Rebase patches:
|
||||
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
|
||||
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
|
||||
* 0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
|
||||
- Renumbered patches:
|
||||
- 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
|
||||
- Remove upstreamed patches:
|
||||
- 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
|
||||
- 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
|
||||
- 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
|
||||
- Backport <https://github.com/docker/cli/pull/4228> to allow man pages to be
|
||||
built without internet access in OBS.
|
||||
+ cli-0001-docs-include-required-tools-in-source-tree.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Feb 1 14:33:19 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
||||
|
||||
|
184
docker.spec
184
docker.spec
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package docker
|
||||
#
|
||||
# Copyright (c) 2021 SUSE LLC
|
||||
# Copyright (c) 2023 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -26,37 +26,16 @@
|
||||
%define _fillupdir /var/adm/fillup-templates
|
||||
%endif
|
||||
|
||||
# Handle _multibuild magic.
|
||||
%define flavour @BUILD_FLAVOR@%{nil}
|
||||
|
||||
# We split the Name: into "realname" and "name_suffix".
|
||||
%define realname docker
|
||||
%if "%flavour" == ""
|
||||
%define name_suffix %{nil}
|
||||
%else
|
||||
%define name_suffix -%{flavour}
|
||||
%endif
|
||||
|
||||
# Used when generating the "build" information for Docker version. The value of
|
||||
# git_commit_epoch is unused here (we use SOURCE_DATE_EPOCH, which rpm
|
||||
# helpfully injects into our build environment from the changelog). If you want
|
||||
# to generate a new git_commit_epoch, use this:
|
||||
# $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s'
|
||||
%define real_version 20.10.23
|
||||
%define git_version 6051f1429
|
||||
%define git_commit_epoch 1674059068
|
||||
%define real_version 23.0.4
|
||||
%define git_version cbce3319305c
|
||||
%define git_commit_epoch 1681433958
|
||||
|
||||
# We require a specific pin of libnetwork because it doesn't really do
|
||||
# versioning and minor version mismatches in libnetwork can break Docker
|
||||
# networking. All other key runtime dependencies (containerd, runc) are stable
|
||||
# enough that this isn't necessary.
|
||||
%define libnetwork_version 05b93e0d3a95952f70c113b0bc5bdb538d7afdd7
|
||||
|
||||
%define dist_builddir %{_builddir}/dist-suse
|
||||
%define cli_builddir %{dist_builddir}/src/github.com/docker/cli
|
||||
%define proxy_builddir %{dist_builddir}/src/github.com/docker/libnetwork
|
||||
|
||||
Name: %{realname}%{name_suffix}
|
||||
Name: docker
|
||||
Version: %{real_version}_ce
|
||||
# This "nice version" is so that docker --version gives a result that can be
|
||||
# parsed by other people. boo#1182476
|
||||
@ -66,9 +45,8 @@ Summary: The Moby-project Linux container runtime
|
||||
License: Apache-2.0
|
||||
Group: System/Management
|
||||
URL: http://www.docker.io
|
||||
Source: %{realname}-%{version}_%{git_version}.tar.xz
|
||||
Source1: %{realname}-cli-%{version}.tar.xz
|
||||
Source2: %{realname}-libnetwork-%{libnetwork_version}.tar.xz
|
||||
Source: %{name}-%{version}_%{git_version}.tar.xz
|
||||
Source1: %{name}-cli-%{version}.tar.xz
|
||||
Source3: docker-rpmlintrc
|
||||
# TODO: Move these source files to somewhere nicer.
|
||||
Source100: docker.service
|
||||
@ -87,14 +65,9 @@ Patch100: 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
|
||||
Patch101: 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
|
||||
# SUSE-FEATURE: Add support to mirror unofficial/private registries
|
||||
# <https://github.com/docker/docker/pull/34319>.
|
||||
Patch300: 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
|
||||
# SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/42273. bsc#1183855 bsc#1175081
|
||||
Patch301: 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
|
||||
# SUSE-BACKPORT: Backport of several golang.org/x/crypto updates.
|
||||
# bsc#1193930 CVE-2021-43565 bsc#1197284 CVE-2022-27191
|
||||
Patch302: 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
|
||||
# SUSE-BACKPORT: Backport of <https://github.com/containerd/fifo/pull/32>. bsc#1200022
|
||||
Patch303: 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
|
||||
Patch300: 0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
|
||||
# UPSTREAM: Backport of <https://github.com/docker/cli/pull/4228>.
|
||||
Patch900: cli-0001-docs-include-required-tools-in-source-tree.patch
|
||||
BuildRequires: audit
|
||||
BuildRequires: bash-completion
|
||||
BuildRequires: ca-certificates
|
||||
@ -111,17 +84,17 @@ BuildRequires: fish
|
||||
BuildRequires: go-go-md2man
|
||||
BuildRequires: pkgconfig(libsystemd)
|
||||
BuildRequires: sysuser-tools
|
||||
BuildRequires: golang(API) = 1.18
|
||||
BuildRequires: golang(API) = 1.19
|
||||
Requires: (apparmor-parser or container-selinux)
|
||||
Requires: ca-certificates-mozilla
|
||||
# The docker-proxy binary used to be in a separate package. We obsolete it,
|
||||
# since now docker-proxy is maintained as part of this package.
|
||||
Obsoletes: docker-libnetwork%{name_suffix} < 0.7.0.2
|
||||
Provides: docker-libnetwork%{name_suffix} = 0.7.0.2.%{version}
|
||||
Obsoletes: docker-libnetwork < 0.7.0.2
|
||||
Provides: docker-libnetwork = 0.7.0.2.%{version}
|
||||
# Required to actually run containers. We require the minimum version that is
|
||||
# pinned by Docker, but in order to avoid headaches we allow for updates.
|
||||
Requires: runc >= 1.1.2
|
||||
Requires: containerd >= 1.6.9
|
||||
Requires: runc >= 1.1.5
|
||||
Requires: containerd >= 1.6.20
|
||||
# Needed for --init support. We don't use "tini", we use our own implementation
|
||||
# which handles edge-cases better.
|
||||
Requires: catatonit
|
||||
@ -149,7 +122,6 @@ Recommends: lvm2 >= 2.2.89
|
||||
Recommends: git-core >= 1.7
|
||||
ExcludeArch: s390 ppc
|
||||
|
||||
|
||||
%description
|
||||
Docker complements LXC with a high-level API which operates at the process
|
||||
level. It runs unix processes with strong guarantees of isolation and
|
||||
@ -193,38 +165,27 @@ BuildArch: noarch
|
||||
Fish command line completion support for %{name}.
|
||||
|
||||
%prep
|
||||
%setup -q -n %{realname}-%{version}_%{git_version}
|
||||
# docker-cli
|
||||
%define cli_builddir %{_builddir}/%{name}-cli-%{version}
|
||||
%setup -q -T -b 1 -n %{name}-cli-%{version}
|
||||
[ "%{cli_builddir}" = "$PWD" ]
|
||||
# offline manpages
|
||||
%patch900 -p1
|
||||
|
||||
%if 0%{?is_opensuse}
|
||||
# nothing
|
||||
%else
|
||||
# docker
|
||||
%define docker_builddir %{_builddir}/%{name}-%{version}_%{git_version}
|
||||
%setup -q -n %{name}-%{version}_%{git_version}
|
||||
[ "%{docker_builddir}" = "$PWD" ]
|
||||
# README_SUSE.md for documentation.
|
||||
cp %{SOURCE103} .
|
||||
|
||||
%if 0%{?is_opensuse} == 0
|
||||
# PATCH-SUSE: Secrets patches.
|
||||
%patch100 -p1
|
||||
%patch101 -p1
|
||||
%endif
|
||||
# bsc#1099277
|
||||
%patch300 -p1
|
||||
# bsc#1183855 bsc#1175081
|
||||
%patch301 -p1
|
||||
# bsc#1193930 CVE-2021-43565 bsc#1197284 CVE-2022-27191
|
||||
%patch302 -p1
|
||||
# bsc#1200022
|
||||
%patch303 -p1
|
||||
|
||||
# README_SUSE.md for documentation.
|
||||
cp %{SOURCE103} .
|
||||
|
||||
# Extract the docker-cli source in a subdir.
|
||||
mkdir -p %{cli_builddir}
|
||||
pushd %{cli_builddir}
|
||||
xz -dc %{SOURCE1} | tar -xof - --strip-components=1
|
||||
popd
|
||||
|
||||
# Extract the docker-libnetwork source in a subdir.
|
||||
mkdir -p %{proxy_builddir}
|
||||
pushd %{proxy_builddir}
|
||||
xz -dc %{SOURCE2} | tar -xof - --strip-components=1
|
||||
popd
|
||||
|
||||
%build
|
||||
%sysusers_generate_pre %{SOURCE106} %{name} %{name}.conf
|
||||
@ -239,12 +200,7 @@ BUILDTAGS="exclude_graphdriver_aufs apparmor selinux seccomp pkcs11"
|
||||
BUILDTAGS="libdm_dlsym_deferred_remove $BUILDTAGS"
|
||||
%endif
|
||||
|
||||
(cat <<EOF
|
||||
export AUTO_GOPATH=1
|
||||
export DOCKER_BUILDTAGS="$BUILDTAGS"
|
||||
# Until boo#1038493 is fixed properly we need to do this hack to get the
|
||||
# compiled-into-the-binary GOROOT.
|
||||
export GOROOT="$(GOROOT= go env GOROOT)"
|
||||
# Make sure we always build PIC code. bsc#1048046
|
||||
export BUILDFLAGS="-buildmode=pie"
|
||||
# Specify all of the versioning information. We use SOURCE_DATE_EPOCH if it's
|
||||
@ -255,50 +211,29 @@ export DOCKER_GITCOMMIT="%{git_version}"
|
||||
export GITCOMMIT="%{git_version}"
|
||||
export SOURCE_DATE_EPOCH="${SOURCE_DATE_EPOCH:-%{git_commit_epoch}}"
|
||||
export BUILDTIME="$(date -u -d "@$SOURCE_DATE_EPOCH" --rfc-3339 ns 2>/dev/null | sed -e 's/ /T/')"
|
||||
# NOTE: This will have to be removed with the next major Docker bump.
|
||||
export GO111MODULE=off
|
||||
EOF
|
||||
) > docker_build_env
|
||||
. ./docker_build_env
|
||||
|
||||
# Preparing GOPATH so that the client is visible to the compiler
|
||||
mkdir -p src/github.com/docker/
|
||||
ln -s "%{cli_builddir}" "$PWD/src/github.com/docker/cli"
|
||||
export GOPATH="$GOPATH:$PWD"
|
||||
|
||||
###################
|
||||
## DOCKER ENGINE ##
|
||||
###################
|
||||
|
||||
# Ignore the warning that we compile outside a Docker container.
|
||||
pushd "%{docker_builddir}"
|
||||
# use go module for build
|
||||
ln -s {vendor,go}.mod
|
||||
ln -s {vendor,go}.sum
|
||||
./hack/make.sh dynbinary
|
||||
popd
|
||||
|
||||
###################
|
||||
## DOCKER CLIENT ##
|
||||
###################
|
||||
|
||||
pushd %{cli_builddir}
|
||||
make dynbinary
|
||||
|
||||
mkdir -p ./man/man1
|
||||
go build -buildmode=pie -o gen-manpages github.com/docker/cli/man
|
||||
./gen-manpages --root "$PWD" --target "$PWD/man/man1"
|
||||
./man/md2man-all.sh
|
||||
pushd "%{cli_builddir}"
|
||||
# use go module for build
|
||||
ln -s {vendor,go}.mod
|
||||
ln -s {vendor,go}.sum
|
||||
make DISABLE_WARN_OUTSIDE_CONTAINER=1 dynbinary manpages
|
||||
popd
|
||||
|
||||
##################
|
||||
## DOCKER PROXY ##
|
||||
##################
|
||||
|
||||
pushd %{proxy_builddir}
|
||||
GOPATH="%{dist_builddir}" \
|
||||
go build -buildmode=pie -o docker-proxy github.com/docker/libnetwork/cmd/proxy
|
||||
popd
|
||||
|
||||
# We verify that our libnetwork source is the correct version. This is done
|
||||
# on-build to make sure that someone doing an update didn't miss anything.
|
||||
grep 'LIBNETWORK_COMMIT:=%{libnetwork_version}' hack/dockerfile/install/proxy.installer
|
||||
|
||||
%install
|
||||
install -Dd -m0755 \
|
||||
%{buildroot}%{_sysconfdir}/init.d \
|
||||
@ -306,30 +241,31 @@ install -Dd -m0755 \
|
||||
%{buildroot}%{_sbindir}
|
||||
|
||||
# docker daemon
|
||||
install -D -m0755 bundles/dynbinary-daemon/dockerd %{buildroot}/%{_bindir}/dockerd
|
||||
install -D -m0755 %{docker_builddir}/bundles/dynbinary-daemon/dockerd %{buildroot}/%{_bindir}/dockerd
|
||||
# docker proxy
|
||||
install -D -m0755 %{docker_builddir}/bundles/dynbinary-daemon/docker-proxy %{buildroot}/%{_bindir}/docker-proxy
|
||||
|
||||
# /var/lib/docker
|
||||
install -d %{buildroot}/%{_localstatedir}/lib/docker
|
||||
# daemon.json config file
|
||||
install -D -m0644 %{SOURCE105} %{buildroot}%{_sysconfdir}/docker/daemon.json
|
||||
|
||||
# docker cli
|
||||
install -D -m0755 %{cli_builddir}/build/docker %{buildroot}/%{_bindir}/docker
|
||||
install -D -m0644 %{cli_builddir}/contrib/completion/bash/docker "%{buildroot}%{_datarootdir}/bash-completion/completions/%{realname}"
|
||||
install -D -m0644 %{cli_builddir}/contrib/completion/zsh/_docker "%{buildroot}%{_sysconfdir}/zsh_completion.d/_%{realname}"
|
||||
install -D -m0644 %{cli_builddir}/contrib/completion/fish/docker.fish "%{buildroot}/%{_datadir}/fish/vendor_completions.d/%{realname}.fish"
|
||||
|
||||
# docker proxy
|
||||
install -D -m0755 %{proxy_builddir}/docker-proxy %{buildroot}/%{_bindir}/docker-proxy
|
||||
install -D -m0644 %{cli_builddir}/contrib/completion/bash/docker "%{buildroot}%{_datarootdir}/bash-completion/completions/%{name}"
|
||||
install -D -m0644 %{cli_builddir}/contrib/completion/zsh/_docker "%{buildroot}%{_sysconfdir}/zsh_completion.d/_%{name}"
|
||||
install -D -m0644 %{cli_builddir}/contrib/completion/fish/docker.fish "%{buildroot}/%{_datadir}/fish/vendor_completions.d/%{name}.fish"
|
||||
|
||||
# systemd service
|
||||
install -D -m0644 %{SOURCE100} %{buildroot}%{_unitdir}/%{realname}.service
|
||||
install -D -m0644 %{SOURCE100} %{buildroot}%{_unitdir}/%{name}.service
|
||||
ln -sf service %{buildroot}%{_sbindir}/rcdocker
|
||||
|
||||
# udev rules that prevents dolphin to show all docker devices and slows down
|
||||
# upstream report https://bugs.kde.org/show_bug.cgi?id=329930
|
||||
install -D -m0644 %{SOURCE101} %{buildroot}%{_udevrulesdir}/80-%{realname}.rules
|
||||
install -D -m0644 %{SOURCE101} %{buildroot}%{_udevrulesdir}/80-%{name}.rules
|
||||
|
||||
# audit rules
|
||||
install -D -m0640 %{SOURCE104} %{buildroot}%{_sysconfdir}/audit/rules.d/%{realname}.rules
|
||||
install -D -m0640 %{SOURCE104} %{buildroot}%{_sysconfdir}/audit/rules.d/%{name}.rules
|
||||
|
||||
# sysconfig file
|
||||
install -D -m0644 %{SOURCE102} %{buildroot}%{_fillupdir}/sysconfig.docker
|
||||
@ -363,17 +299,17 @@ grep -q '^dockremap:' /etc/subgid || \
|
||||
usermod -w 100000000-200000000 dockremap &>/dev/null || \
|
||||
echo "dockremap:100000000:100000001" >>/etc/subgid ||:
|
||||
|
||||
%service_add_pre %{realname}.service
|
||||
%service_add_pre %{name}.service
|
||||
|
||||
%post
|
||||
%service_add_post %{realname}.service
|
||||
%service_add_post %{name}.service
|
||||
%{fillup_only -n docker}
|
||||
|
||||
%preun
|
||||
%service_del_preun %{realname}.service
|
||||
%service_del_preun %{name}.service
|
||||
|
||||
%postun
|
||||
%service_del_postun %{realname}.service
|
||||
%service_del_postun %{name}.service
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
@ -385,15 +321,15 @@ grep -q '^dockremap:' /etc/subgid || \
|
||||
%{_sbindir}/rcdocker
|
||||
%dir %{_localstatedir}/lib/docker/
|
||||
|
||||
%{_unitdir}/%{realname}.service
|
||||
%{_unitdir}/%{name}.service
|
||||
%{_sysusersdir}/%{name}.conf
|
||||
|
||||
%dir %{_sysconfdir}/docker
|
||||
%config(noreplace) %{_sysconfdir}/docker/daemon.json
|
||||
%{_fillupdir}/sysconfig.docker
|
||||
|
||||
%config %{_sysconfdir}/audit/rules.d/%{realname}.rules
|
||||
%{_udevrulesdir}/80-%{realname}.rules
|
||||
%config %{_sysconfdir}/audit/rules.d/%{name}.rules
|
||||
%{_udevrulesdir}/80-%{name}.rules
|
||||
|
||||
%{_mandir}/man1/docker-*.1%{ext_man}
|
||||
%{_mandir}/man1/docker.1%{ext_man}
|
||||
@ -402,14 +338,14 @@ grep -q '^dockremap:' /etc/subgid || \
|
||||
|
||||
%files bash-completion
|
||||
%defattr(-,root,root)
|
||||
%{_datarootdir}/bash-completion/completions/%{realname}
|
||||
%{_datarootdir}/bash-completion/completions/%{name}
|
||||
|
||||
%files zsh-completion
|
||||
%defattr(-,root,root)
|
||||
%{_sysconfdir}/zsh_completion.d/_%{realname}
|
||||
%{_sysconfdir}/zsh_completion.d/_%{name}
|
||||
|
||||
%files fish-completion
|
||||
%defattr(-,root,root)
|
||||
%{_datadir}/fish/vendor_completions.d/%{realname}.fish
|
||||
%{_datadir}/fish/vendor_completions.d/%{name}.fish
|
||||
|
||||
%changelog
|
||||
|
Loading…
Reference in New Issue
Block a user