diff --git a/0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch b/0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch index 4497c4a..28ddf7f 100644 --- a/0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch +++ b/0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch @@ -1,7 +1,7 @@ -From 5c6812a104e161599fc8569d0b4af04224ef3b5a Mon Sep 17 00:00:00 2001 +From e4410ba60f96f1d57d088208eaedd12c0fca6b80 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 8 Mar 2017 12:41:54 +1100 -Subject: [PATCH 1/3] SECRETS: daemon: allow directory creation in /run/secrets +Subject: [PATCH 1/4] SECRETS: daemon: allow directory creation in /run/secrets Since FileMode can have the directory bit set, allow a SecretStore implementation to return secrets that are actually directories. This is @@ -69,5 +69,5 @@ index 561077b66b60..0b70825dd2ff 100644 return errors.Wrap(err, "error setting ownership for secret") } -- -2.40.0 +2.40.1 diff --git a/0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch b/0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch index 4d4f280..bcb1b2b 100644 --- a/0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch +++ b/0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch @@ -1,7 +1,7 @@ -From 4138c02a19fbd3d3ff50f0b364bf4b99adc47298 Mon Sep 17 00:00:00 2001 +From 3b56cce3fab96f60ef8dcb40fe143159c519e97a Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 8 Mar 2017 11:43:29 +1100 -Subject: [PATCH 2/3] SECRETS: SUSE: implement SUSE container secrets +Subject: [PATCH 2/4] SECRETS: SUSE: implement SUSE container secrets This allows for us to pass in host credentials to a container, allowing for SUSEConnect to work with containers. @@ -456,5 +456,5 @@ index 000000000000..32b0ece91b59 + return nil +} -- -2.40.0 +2.40.1 diff --git a/0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch b/0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch new file mode 100644 index 0000000..b985040 --- /dev/null +++ b/0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch @@ -0,0 +1,46 @@ +From a5bb4ed6a9dd6f3e859524bcc44a822fdeb779fc Mon Sep 17 00:00:00 2001 +From: Aleksa Sarai +Date: Mon, 22 May 2023 15:44:54 +1000 +Subject: [PATCH 3/4] BUILD: SLE12: revert "graphdriver/btrfs: use kernel UAPI + headers" + +This reverts commit 3208dcabdc8997340b255f5b880fef4e3f54580d. + +On SLE 12, our UAPI headers are too old, resulting in us being unable to +build the btrfs driver with the new headers. This patch is only needed +for SLE-12. + +Signed-off-by: Aleksa Sarai +--- + daemon/graphdriver/btrfs/btrfs.go | 13 ++++--------- + 1 file changed, 4 insertions(+), 9 deletions(-) + +diff --git a/daemon/graphdriver/btrfs/btrfs.go b/daemon/graphdriver/btrfs/btrfs.go +index 7f82594b4ebd..532c19a8a15c 100644 +--- a/daemon/graphdriver/btrfs/btrfs.go ++++ b/daemon/graphdriver/btrfs/btrfs.go +@@ -5,17 +5,12 @@ package btrfs // import "github.com/docker/docker/daemon/graphdriver/btrfs" + + /* + #include +-#include + #include + +-#include +-#if LINUX_VERSION_CODE < KERNEL_VERSION(4,12,0) +- #error "Headers from kernel >= 4.12 are required to build with Btrfs support." +- #error "HINT: Set 'DOCKER_BUILDTAGS=exclude_graphdriver_btrfs' to build without Btrfs." +-#endif +- +-#include +-#include ++// keep struct field name compatible with btrfs-progs < 6.1. ++#define max_referenced max_rfer ++#include ++#include + + static void set_name_btrfs_ioctl_vol_args_v2(struct btrfs_ioctl_vol_args_v2* btrfs_struct, const char* value) { + snprintf(btrfs_struct->name, BTRFS_SUBVOL_NAME_MAX, "%s", value); +-- +2.40.1 + diff --git a/0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch b/0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch similarity index 95% rename from 0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch rename to 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch index 6f2d6ca..1dd395a 100644 --- a/0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch +++ b/0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch @@ -1,7 +1,7 @@ -From 3e37bbad6f0a0c2576ad0b9dfe7a4a9290aa2aa0 Mon Sep 17 00:00:00 2001 +From 81648019f140e161dd723774ce206d40fb697ba3 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 29 Jun 2018 17:59:30 +1000 -Subject: [PATCH 3/3] bsc1073877: apparmor: clobber docker-default profile on +Subject: [PATCH 4/4] bsc1073877: apparmor: clobber docker-default profile on start In the process of making docker-default reloading far less expensive, @@ -85,5 +85,5 @@ index 40abbe8cc19c..05c6db818c30 100644 } -- -2.40.0 +2.40.1 diff --git a/_service b/_service index d3b3a76..4de9b4c 100644 --- a/_service +++ b/_service @@ -3,16 +3,16 @@ https://github.com/moby/moby.git git .git - 23.0.5_ce_%h - v23.0.5 + 23.0.6_ce_%h + v23.0.6 docker https://github.com/docker/cli.git git .git - 23.0.5_ce - v23.0.5 + 23.0.6_ce + v23.0.6 docker-cli diff --git a/cli-0001-docs-include-required-tools-in-source-tree.patch b/cli-0001-docs-include-required-tools-in-source-tree.patch index edfa78c..508d45d 100644 --- a/cli-0001-docs-include-required-tools-in-source-tree.patch +++ b/cli-0001-docs-include-required-tools-in-source-tree.patch @@ -1,4 +1,4 @@ -From 0c35d956eb289bd6186e2865a779d2615c471b94 Mon Sep 17 00:00:00 2001 +From f571ed4f350621b20280e74bf663535533246511 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 26 Apr 2023 10:13:48 +1000 Subject: [PATCH] docs: include required tools in source tree @@ -23,9 +23,9 @@ Signed-off-by: Aleksa Sarai import.go | 17 + man/go.mod | 15 - man/tools.go | 11 - - scripts/docs/generate-man.sh | 32 +- - scripts/docs/generate-md.sh | 23 +- - scripts/docs/generate-yaml.sh | 28 +- + scripts/docs/generate-man.sh | 35 +- + scripts/docs/generate-md.sh | 28 +- + scripts/docs/generate-yaml.sh | 31 +- vendor.mod | 4 + vendor.sum | 4 + .../cpuguy83/go-md2man/v2/.gitignore | 2 + @@ -89,7 +89,7 @@ Signed-off-by: Aleksa Sarai vendor/gopkg.in/yaml.v3/yamlh.go | 807 +++++ vendor/gopkg.in/yaml.v3/yamlprivateh.go | 198 ++ vendor/modules.txt | 15 + - 71 files changed, 22956 insertions(+), 119 deletions(-) + 71 files changed, 22969 insertions(+), 117 deletions(-) delete mode 100644 docs/generate/go.mod delete mode 100644 docs/generate/tools.go create mode 100644 import.go @@ -251,10 +251,10 @@ index 3cafe6533aff..000000000000 - _ "github.com/spf13/pflag" -) diff --git a/scripts/docs/generate-man.sh b/scripts/docs/generate-man.sh -index 6afed3fa8708..128828f50342 100755 +index 6afed3fa8708..6abac3b1d28e 100755 --- a/scripts/docs/generate-man.sh +++ b/scripts/docs/generate-man.sh -@@ -1,35 +1,13 @@ +@@ -1,35 +1,18 @@ #!/usr/bin/env bash -set -eu @@ -270,7 +270,11 @@ index 6afed3fa8708..128828f50342 100755 - -buildir=$(mktemp -d -t docker-cli-docsgen.XXXXXXXXXX) -trap clean EXIT -- ++# temporary "go.mod" to make -modfile= work ++touch go.mod ++# shellcheck disable=SC2064 ++trap "rm -f $(pwd)/go.mod" EXIT + -( - set -x - cp -r . "$buildir/" @@ -296,10 +300,10 @@ index 6afed3fa8708..128828f50342 100755 mkdir -p man/man1 (set -x ; /tmp/gen-manpages --root "." --target "$(pwd)/man/man1") diff --git a/scripts/docs/generate-md.sh b/scripts/docs/generate-md.sh -index a947bb969673..327a06aa4c24 100755 +index a947bb969673..0e4e231e5c8e 100755 --- a/scripts/docs/generate-md.sh +++ b/scripts/docs/generate-md.sh -@@ -1,36 +1,19 @@ +@@ -1,36 +1,24 @@ #!/usr/bin/env bash -set -eu @@ -334,16 +338,21 @@ index a947bb969673..327a06aa4c24 100755 - # build docsgen - go build -mod=vendor -modfile=vendor.mod -tags docsgen -o /tmp/docsgen ./docs/generate/generate.go -) ++# temporary "go.mod" to make -modfile= work ++touch go.mod ++# shellcheck disable=SC2064 ++trap "rm -f $(pwd)/go.mod" EXIT ++ +# build docsgen +go build -mod=vendor -modfile=vendor.mod -tags docsgen -o /tmp/docsgen ./docs/generate/generate.go # yaml generation on docs repo needs the cli.md file: https://github.com/docker/cli/pull/3924#discussion_r1059986605 # but markdown generation docker.md atm. While waiting for a fix in cli-docs-tool diff --git a/scripts/docs/generate-yaml.sh b/scripts/docs/generate-yaml.sh -index 4d0006e43e79..3f3f7df8b140 100755 +index 4d0006e43e79..abebc183d49c 100755 --- a/scripts/docs/generate-yaml.sh +++ b/scripts/docs/generate-yaml.sh -@@ -1,33 +1,11 @@ +@@ -1,33 +1,16 @@ #!/usr/bin/env bash -set -eu @@ -359,7 +368,11 @@ index 4d0006e43e79..3f3f7df8b140 100755 - -buildir=$(mktemp -d -t docker-cli-docsgen.XXXXXXXXXX) -trap clean EXIT -- ++# temporary "go.mod" to make -modfile= work ++touch go.mod ++# shellcheck disable=SC2064 ++trap "rm -f $(pwd)/go.mod" EXIT + -( - set -x - cp -r . "$buildir/" @@ -381,7 +394,7 @@ index 4d0006e43e79..3f3f7df8b140 100755 mkdir -p docs/yaml set -x diff --git a/vendor.mod b/vendor.mod -index da1d033bff0b..61034043c05e 100644 +index eed166a6de6b..993aca7af845 100644 --- a/vendor.mod +++ b/vendor.mod @@ -8,7 +8,9 @@ go 1.18 @@ -392,7 +405,7 @@ index da1d033bff0b..61034043c05e 100644 github.com/creack/pty v1.1.11 + github.com/docker/cli-docs-tool v0.5.1 github.com/docker/distribution v2.8.1+incompatible - github.com/docker/docker v23.0.4+incompatible + github.com/docker/docker v23.0.5+incompatible github.com/docker/docker-credential-helpers v0.7.0 @@ -67,6 +69,7 @@ require ( github.com/prometheus/common v0.37.0 // indirect @@ -409,7 +422,7 @@ index da1d033bff0b..61034043c05e 100644 + gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/vendor.sum b/vendor.sum -index 91aae7c1487c..ad0005735231 100644 +index 6edc40179f41..c5e8b1e9ea76 100644 --- a/vendor.sum +++ b/vendor.sum @@ -89,6 +89,7 @@ github.com/containerd/containerd v1.6.19/go.mod h1:HZCDMn4v/Xl2579/MvtOC2M206i+J @@ -23703,7 +23716,7 @@ index 000000000000..e88f9c54aecb + +} diff --git a/vendor/modules.txt b/vendor/modules.txt -index 520bc4ca95e0..e744937180df 100644 +index 807b468777dc..0d69cb4dbed5 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -18,9 +18,17 @@ github.com/containerd/containerd/errdefs @@ -23752,5 +23765,5 @@ index 520bc4ca95e0..e744937180df 100644 ## explicit; go 1.13 gotest.tools/v3/assert -- -2.40.0 +2.40.1 diff --git a/docker-23.0.5_ce_94d3ad69cc59.tar.xz b/docker-23.0.5_ce_94d3ad69cc59.tar.xz deleted file mode 100644 index d5ef907..0000000 --- a/docker-23.0.5_ce_94d3ad69cc59.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:84d3a48cfbeeece15ad367eb03834a97b0c57d195d889e5191c138cd6e06579a -size 8262024 diff --git a/docker-23.0.6_ce_9dbdbd4b6d76.tar.xz b/docker-23.0.6_ce_9dbdbd4b6d76.tar.xz new file mode 100644 index 0000000..9d75f26 --- /dev/null +++ b/docker-23.0.6_ce_9dbdbd4b6d76.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d8494e1f37d2ebed2a41b347351d04c7d62d85d3fc99bbe3a82ba801ede376bf +size 8263188 diff --git a/docker-cli-23.0.5_ce.tar.xz b/docker-cli-23.0.5_ce.tar.xz deleted file mode 100644 index 8ab54dd..0000000 --- a/docker-cli-23.0.5_ce.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b93219b6b5c781031c1ed35fb3174c59e3572e3437218ca3646361259acb77e8 -size 3498104 diff --git a/docker-cli-23.0.6_ce.tar.xz b/docker-cli-23.0.6_ce.tar.xz new file mode 100644 index 0000000..c0a0664 --- /dev/null +++ b/docker-cli-23.0.6_ce.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3ec1ca7d82f44abfe53424d1afd9ab4d81289108041e160984c46ef7171dd18f +size 3498076 diff --git a/docker.changes b/docker.changes index 1327910..c602031 100644 --- a/docker.changes +++ b/docker.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Sun May 21 02:31:35 UTC 2023 - Aleksa Sarai + +- Update to Docker 23.0.6-ce. See upstream changelog online at + . bsc#1211578 +- Rebase patches: + * cli-0001-docs-include-required-tools-in-source-tree.patch +- Re-unify packaging for SLE-12 and SLE-15. +- Add patch to fix build on SLE-12 by switching back to libbtrfs-devel headers + (the uapi headers in SLE-12 are too old). + + 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch +- Re-numbered patches: + - 0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch + + 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch` + ------------------------------------------------------------------- Thu Apr 27 14:09:05 UTC 2023 - Aleksa Sarai diff --git a/docker.spec b/docker.spec index 7ba190e..e345ab6 100644 --- a/docker.spec +++ b/docker.spec @@ -31,9 +31,9 @@ # helpfully injects into our build environment from the changelog). If you want # to generate a new git_commit_epoch, use this: # $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s' -%define real_version 23.0.5 -%define git_version 94d3ad69cc59 -%define git_commit_epoch 1682522945 +%define real_version 23.0.6 +%define git_version 9dbdbd4b6d76 +%define git_commit_epoch 1683319810 Name: docker Version: %{real_version}_ce @@ -57,15 +57,16 @@ Source104: docker-audit.rules Source105: docker-daemon.json Source106: docker.sysusers # NOTE: All of these patches are maintained in -# in the suse- branch. Make sure you update the patches in that +# in the suse-v branch. Make sure you update the patches in that # branch and then git-format-patch the patch here. # SUSE-FEATURE: Adds the /run/secrets mountpoint inside all Docker containers # which is not snapshotted when images are committed. Patch100: 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch Patch101: 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch -# SUSE-FEATURE: Add support to mirror unofficial/private registries -# . -Patch300: 0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch +# UPSTREAM: Revert of upstream patch to keep SLE-12 build working. +Patch200: 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch +# UPSTREAM: Backport of . +Patch300: 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch # UPSTREAM: Backport of . Patch900: cli-0001-docs-include-required-tools-in-source-tree.patch BuildRequires: audit @@ -77,6 +78,7 @@ BuildRequires: libapparmor-devel BuildRequires: libbtrfs-devel >= 3.8 BuildRequires: libseccomp-devel >= 2.2 BuildRequires: libtool +BuildRequires: linux-glibc-devel BuildRequires: procps BuildRequires: sqlite3-devel BuildRequires: zsh @@ -85,7 +87,19 @@ BuildRequires: go-go-md2man BuildRequires: pkgconfig(libsystemd) BuildRequires: sysuser-tools BuildRequires: golang(API) = 1.19 +%if 0%{?sle_version} >= 150000 +# This conditional only works on rpm>=4.13, which SLE 12 doesn't have. But we +# don't need to support Docker+selinux for SLE 12 anyway. Requires: (apparmor-parser or container-selinux) +# This recommends is added to make sure that even if you have container-selinux +# installed you will still be prompted to install apparmor-parser which Docker +# requires to apply AppArmor profiles (for SELinux systems this doesn't matter +# but if you switch back to AppArmor on reboot this would result in insecure +# containers). +Recommends: apparmor-parser +%else +Requires: apparmor-parser +%endif Requires: ca-certificates-mozilla # The docker-proxy binary used to be in a separate package. We obsolete it, # since now docker-proxy is maintained as part of this package. @@ -93,8 +107,8 @@ Obsoletes: docker-libnetwork < 0.7.0.2 Provides: docker-libnetwork = 0.7.0.2.%{version} # Required to actually run containers. We require the minimum version that is # pinned by Docker, but in order to avoid headaches we allow for updates. -Requires: runc >= 1.1.5 -Requires: containerd >= 1.6.20 +Requires: runc >= 1.1.7 +Requires: containerd >= 1.6.21 # Needed for --init support. We don't use "tini", we use our own implementation # which handles edge-cases better. Requires: catatonit @@ -109,12 +123,6 @@ Requires: xz >= 4.9 Requires(post): %fillup_prereq Requires(post): udev Requires(post): shadow -# This recommends is added to make sure that even if you have container-selinux -# installed you will still be prompted to install apparmor-parser which Docker -# requires to apply AppArmor profiles (for SELinux systems this doesn't matter -# but if you switch back to AppArmor on reboot this would result in insecure -# containers). -Recommends: apparmor-parser # Not necessary, but must be installed when the underlying system is # configured to use lvm and the user doesn't explicitly provide a # different storage-driver than devicemapper @@ -184,12 +192,15 @@ cp %{SOURCE103} . %patch100 -p1 %patch101 -p1 %endif +%if 0%{?sle_version} == 120000 +# Patches to build on SLE-12. +%patch200 -p1 +%endif # bsc#1099277 %patch300 -p1 %build %sysusers_generate_pre %{SOURCE106} %{name} %{name}.conf -echo "$PWD -- $PWD -- $PWD" BUILDTAGS="exclude_graphdriver_aufs apparmor selinux seccomp pkcs11" %if 0%{?sle_version} == 120000