SHA256
1
0
forked from pool/docker

Accepting request 652637 from home:cyphar:containers:docker_18.09

[ DO NOT FORWARD TO FACTORY! ]
- Upgrade to Docker 18.09.0-ce. See upstream changelog in the packaged
  /usr/share/doc/packages/docker/CHANGELOG.md
- Add revert of an upstream patch to fix docker-* handling.
  + packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
- Rebase patches:
  * bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
  * bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
  * bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch
  * private-registry-0001-Add-private-registry-mirror-support.patch
  * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
  * secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Remove upstreamed patches:
  - bsc1100727-0001-build-add-buildmode-pie.patch

OBS-URL: https://build.opensuse.org/request/show/652637
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=271
This commit is contained in:
Aleksa Sarai 2018-11-29 15:15:40 +00:00 committed by Git OBS Bridge
parent 0ca6dfbd71
commit 4bdf0ab402
13 changed files with 438 additions and 72 deletions

View File

@ -3,8 +3,8 @@
<param name="url">https://github.com/docker/docker-ce.git</param> <param name="url">https://github.com/docker/docker-ce.git</param>
<param name="scm">git</param> <param name="scm">git</param>
<param name="exclude">.git</param> <param name="exclude">.git</param>
<param name="versionformat">18.06.1_ce</param> <param name="versionformat">18.09.0_ce</param>
<param name="revision">v18.06.1-ce</param> <param name="revision">v18.09.0</param>
<param name="filename">docker</param> <param name="filename">docker</param>
</service> </service>
<service name="recompress" mode="disabled"> <service name="recompress" mode="disabled">

View File

@ -1,4 +1,4 @@
From d84d2f13c475bf5ff0ce7b080b759b0239d5d345 Mon Sep 17 00:00:00 2001 From 0a2ba19d51fef679d2a695fd14c30facd5f901f1 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de> From: Aleksa Sarai <asarai@suse.de>
Date: Thu, 23 Aug 2018 19:53:55 +1000 Date: Thu, 23 Aug 2018 19:53:55 +1000
Subject: [PATCH] man: obey SOURCE_DATE_EPOCH when generating man pages Subject: [PATCH] man: obey SOURCE_DATE_EPOCH when generating man pages
@ -23,7 +23,7 @@ Signed-off-by: Aleksa Sarai <asarai@suse.de>
1 file changed, 13 insertions(+) 1 file changed, 13 insertions(+)
diff --git a/components/cli/man/generate.go b/components/cli/man/generate.go diff --git a/components/cli/man/generate.go b/components/cli/man/generate.go
index 4197558a2225..4a3e98fb22c1 100644 index 2d940e31fd10..e5e480be3f32 100644
--- a/components/cli/man/generate.go --- a/components/cli/man/generate.go
+++ b/components/cli/man/generate.go +++ b/components/cli/man/generate.go
@@ -6,6 +6,8 @@ import ( @@ -6,6 +6,8 @@ import (
@ -51,8 +51,8 @@ index 4197558a2225..4a3e98fb22c1 100644
+ } + }
+ +
stdin, stdout, stderr := term.StdStreams() stdin, stdout, stderr := term.StdStreams()
dockerCli := command.NewDockerCli(stdin, stdout, stderr, false) dockerCli := command.NewDockerCli(stdin, stdout, stderr, false, nil)
cmd := &cobra.Command{Use: "docker"} cmd := &cobra.Command{Use: "docker"}
-- --
2.18.0 2.19.1

View File

@ -1,4 +1,4 @@
From 3464bd58d266b0640774952e825558044ffc64e2 Mon Sep 17 00:00:00 2001 From 4962b0a0bc6ca1fc99b0936175f929f9d3f5fa4c Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de> From: Aleksa Sarai <asarai@suse.de>
Date: Sun, 8 Apr 2018 20:21:30 +1000 Date: Sun, 8 Apr 2018 20:21:30 +1000
Subject: [PATCH 1/2] apparmor: allow receiving of signals from 'docker kill' Subject: [PATCH 1/2] apparmor: allow receiving of signals from 'docker kill'
@ -7,15 +7,54 @@ In newer kernels, AppArmor will reject attempts to send signals to a
container because the signal originated from outside of that AppArmor container because the signal originated from outside of that AppArmor
profile. Correct this by allowing all unconfined signals to be received. profile. Correct this by allowing all unconfined signals to be received.
SUSE-Bugs: bsc#1073877 boo#1089732
Signed-off-by: Goldwyn Rodrigues <rgoldwyn@suse.com> Signed-off-by: Goldwyn Rodrigues <rgoldwyn@suse.com>
Signed-off-by: Aleksa Sarai <asarai@suse.de> Signed-off-by: Aleksa Sarai <asarai@suse.de>
--- ---
components/engine/profiles/apparmor/template.go | 6 ++++++ .../engine/profiles/apparmor/apparmor.go | 21 +++++++++++++++++++
1 file changed, 6 insertions(+) .../engine/profiles/apparmor/template.go | 6 ++++++
2 files changed, 27 insertions(+)
diff --git a/components/engine/profiles/apparmor/apparmor.go b/components/engine/profiles/apparmor/apparmor.go
index b021668c8e4c..2f58ee852cab 100644
--- a/components/engine/profiles/apparmor/apparmor.go
+++ b/components/engine/profiles/apparmor/apparmor.go
@@ -23,6 +23,8 @@ var (
type profileData struct {
// Name is profile name.
Name string
+ // DaemonProfile is the profile name of our daemon.
+ DaemonProfile string
// Imports defines the apparmor functions to import, before defining the profile.
Imports []string
// InnerImports defines the apparmor functions to import in the profile.
@@ -70,6 +72,25 @@ func InstallDefault(name string) error {
Name: name,
}
+ // Figure out the daemon profile.
+ currentProfile, err := ioutil.ReadFile("/proc/self/attr/current")
+ if err != nil {
+ // If we couldn't get the daemon profile, assume we are running
+ // unconfined which is generally the default.
+ currentProfile = nil
+ }
+ daemonProfile := string(currentProfile)
+ // Normally profiles are suffixed by " (enforcing)" or similar. AppArmor
+ // profiles cannot contain spaces so this doesn't restrict daemon profile
+ // names.
+ if parts := strings.SplitN(daemonProfile, " ", 2); len(parts) >= 1 {
+ daemonProfile = parts[0]
+ }
+ if daemonProfile == "" {
+ daemonProfile = "unconfined"
+ }
+ p.DaemonProfile = daemonProfile
+
// Install to a temporary directory.
f, err := ioutil.TempFile("", name)
if err != nil {
diff --git a/components/engine/profiles/apparmor/template.go b/components/engine/profiles/apparmor/template.go diff --git a/components/engine/profiles/apparmor/template.go b/components/engine/profiles/apparmor/template.go
index c00a3f70e993..772c4a4873f6 100644 index c00a3f70e993..400b3bd50a11 100644
--- a/components/engine/profiles/apparmor/template.go --- a/components/engine/profiles/apparmor/template.go
+++ b/components/engine/profiles/apparmor/template.go +++ b/components/engine/profiles/apparmor/template.go
@@ -17,6 +17,12 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) { @@ -17,6 +17,12 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) {
@ -24,13 +63,13 @@ index c00a3f70e993..772c4a4873f6 100644
umount, umount,
+{{if ge .Version 208096}} +{{if ge .Version 208096}}
+{{/* Allow 'docker kill' to actually send signals to container processes. */}} +{{/* Allow 'docker kill' to actually send signals to container processes. */}}
+ signal (receive) peer=unconfined, + signal (receive) peer={{.DaemonProfile}},
+{{/* And allow signals to be sent inside the container. */}} +{{/* Allow container processes to send signals amongst themselves. */}}
+ signal (send,receive) peer={{.Name}}, + signal (send,receive) peer={{.Name}},
+{{end}} +{{end}}
deny @{PROC}/* w, # deny write for all files directly in /proc (not in a subdir) deny @{PROC}/* w, # deny write for all files directly in /proc (not in a subdir)
# deny write to files not in /proc/<number>/** or /proc/sys/** # deny write to files not in /proc/<number>/** or /proc/sys/**
-- --
2.18.0 2.19.1

View File

@ -1,4 +1,4 @@
From 0954810e947abf0b4e5d8f6c78598c5d66b43952 Mon Sep 17 00:00:00 2001 From 04f594765577163a26f24d0fe3fc7a2283f1e018 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de> From: Aleksa Sarai <asarai@suse.de>
Date: Fri, 29 Jun 2018 17:59:30 +1000 Date: Fri, 29 Jun 2018 17:59:30 +1000
Subject: [PATCH 2/2] apparmor: clobber docker-default profile on start Subject: [PATCH 2/2] apparmor: clobber docker-default profile on start
@ -68,10 +68,10 @@ index 51f9c526b350..97d7758442ee 100644
return nil return nil
} }
diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go diff --git a/components/engine/daemon/daemon.go b/components/engine/daemon/daemon.go
index 5e5f586ae085..6ca6a7aaa268 100644 index a307863017ab..67cd286002bf 100644
--- a/components/engine/daemon/daemon.go --- a/components/engine/daemon/daemon.go
+++ b/components/engine/daemon/daemon.go +++ b/components/engine/daemon/daemon.go
@@ -660,7 +660,9 @@ func NewDaemon(config *config.Config, registryService registry.Service, containe @@ -735,7 +735,9 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
logrus.Warnf("Failed to configure golang's threads limit: %v", err) logrus.Warnf("Failed to configure golang's threads limit: %v", err)
} }
@ -83,5 +83,5 @@ index 5e5f586ae085..6ca6a7aaa268 100644
} }
-- --
2.18.0 2.19.1

View File

@ -1,30 +0,0 @@
From 547870ff2904a75fa3e0ee96fa264d53a81d4c01 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Mon, 30 Jul 2018 19:34:01 +1000
Subject: [PATCH] build: add -buildmode=pie
Make all dynbinary builds be position-independent (this adds both
security benefits and can help with flaky builds on POWER
architectures).
SUSE-Bugs: bsc#1100727
Signed-off-by: Aleksa Sarai <asarai@suse.de>
---
components/cli/scripts/build/dynbinary | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/components/cli/scripts/build/dynbinary b/components/cli/scripts/build/dynbinary
index 3c32ed342ef7..4feb7e71d852 100755
--- a/components/cli/scripts/build/dynbinary
+++ b/components/cli/scripts/build/dynbinary
@@ -9,6 +9,6 @@ source ./scripts/build/.variables
echo "Building dynamically linked $TARGET"
export CGO_ENABLED=1
-go build -o "${TARGET}" -tags pkcs11 --ldflags "${LDFLAGS}" "${SOURCE}"
+go build -o "${TARGET}" -tags pkcs11 --ldflags "${LDFLAGS}" -buildmode=pie "${SOURCE}"
ln -sf "$(basename "${TARGET}")" build/docker
--
2.18.0

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:061ae523be13dbe05ff5377626113a299327cc39fc145f801cd674c67b8c7fe0
size 8561132

3
docker-18.09.0_ce.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ce38c3b659b78bccdfaf07b1f0a4eaaf454ffec726434511feeee1b9a2fc8151
size 9264940

View File

@ -1,3 +1,20 @@
-------------------------------------------------------------------
Thu Nov 29 09:41:11 UTC 2018 - Aleksa Sarai <asarai@suse.com>
- Upgrade to Docker 18.09.0-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md
- Add revert of an upstream patch to fix docker-* handling.
+ packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
- Rebase patches:
* bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
* bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
* bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch
* private-registry-0001-Add-private-registry-mirror-support.patch
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Remove upstreamed patches:
- bsc1100727-0001-build-add-buildmode-pie.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Oct 8 06:41:21 UTC 2018 - Valentin Rothberg <vrothberg@suse.com> Mon Oct 8 06:41:21 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>

View File

@ -49,10 +49,10 @@
# sure we didn't miss anything important when doing upgrades. # sure we didn't miss anything important when doing upgrades.
%define required_containerd 468a545b9edcd5932818eb9de8e72413e616e86e %define required_containerd 468a545b9edcd5932818eb9de8e72413e616e86e
%define required_dockerrunc 69663f0bd4b60df09991c08812a60108003fa340 %define required_dockerrunc 69663f0bd4b60df09991c08812a60108003fa340
%define required_libnetwork 3ac297bc7fd0afec9051bbb47024c9bc1d75bf5b %define required_libnetwork 6da50d1978302f04c3e2089e29112ea24812f05b
Name: %{realname}%{name_suffix} Name: %{realname}%{name_suffix}
Version: 18.06.1_ce Version: 18.09.0_ce
Release: 0 Release: 0
Summary: The Linux container runtime Summary: The Linux container runtime
License: Apache-2.0 License: Apache-2.0
@ -76,14 +76,14 @@ Source9: tests.sh
# branch in http://github.com/suse/docker.mirror. # branch in http://github.com/suse/docker.mirror.
Patch200: secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch Patch200: secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
Patch201: secrets-0002-SUSE-implement-SUSE-container-secrets.patch Patch201: secrets-0002-SUSE-implement-SUSE-container-secrets.patch
# SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/36822. bsc#1073877 # SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/37831. bsc#1073877
Patch400: bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch Patch400: bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
# SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/37353. bsc#1099277 # SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/37353. bsc#1099277
Patch401: bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch Patch401: bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch
# SUSE-BACKPORT: Backport of https://github.com/docker/cli/pull/1242. bsc#1100727
Patch402: bsc1100727-0001-build-add-buildmode-pie.patch
# SUSE-BACKPORT: Backport of https://github.com/docker/cli/pull/1306. boo#1047218 # SUSE-BACKPORT: Backport of https://github.com/docker/cli/pull/1306. boo#1047218
Patch403: bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch Patch402: bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
# SUSE-ISSUE: Revert of https://github.com/moby/moby/pull/37907.
Patch403: packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
# SUSE-FEATURE: Add support to mirror inofficial/private registries # SUSE-FEATURE: Add support to mirror inofficial/private registries
# (https://github.com/moby/moby/pull/34319) # (https://github.com/moby/moby/pull/34319)
Patch500: private-registry-0001-Add-private-registry-mirror-support.patch Patch500: private-registry-0001-Add-private-registry-mirror-support.patch
@ -263,9 +263,9 @@ docker container runtime configuration for kubeadm
%patch400 -p1 %patch400 -p1
# bsc#1099277 # bsc#1099277
%patch401 -p1 %patch401 -p1
# bsc#1100727
%patch402 -p1
# boo#1047218 # boo#1047218
%patch402 -p1
# revert upstream
%patch403 -p1 %patch403 -p1
%if "%flavour" == "kubic" %if "%flavour" == "kubic"
# PATCH-SUSE: Mirror patch. # PATCH-SUSE: Mirror patch.

View File

@ -0,0 +1,339 @@
From c948416313c2a1f65ed083a4df19008c8c5d00ba Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Thu, 29 Nov 2018 20:53:16 +1100
Subject: [PATCH] revert "Remove 'docker-' prefix for containerd and runc
binaries"
This reverts commit 34eede0296bce6a9c335cb429f10728ae3f4252d, as it
would significantly break openSUSE's packaging (as well as causing
conflicts between the very-outdated runc that Docker uses and the more
up-to-date one available for Podman).
Signed-off-by: Aleksa Sarai <asarai@suse.de>
---
components/engine/api/swagger.yaml | 4 +--
.../builder/builder-next/executor_unix.go | 2 +-
components/engine/cmd/dockerd/daemon.go | 36 +++++++------------
.../contrib/docker-machine-install-bundle.sh | 2 +-
components/engine/daemon/daemon_unix.go | 6 ++--
.../dockerfile/install/containerd.installer | 6 ++--
.../hack/dockerfile/install/runc.installer | 2 +-
components/engine/hack/make/.binary-setup | 8 ++---
.../hack/make/.integration-test-helpers | 2 +-
.../engine/integration-cli/check_test.go | 2 +-
.../integration-cli/docker_cli_daemon_test.go | 8 ++---
.../engine/internal/test/daemon/daemon.go | 3 +-
.../libcontainerd/supervisor/remote_daemon.go | 4 +--
.../supervisor/remote_daemon_linux.go | 4 +--
.../supervisor/remote_daemon_windows.go | 4 +--
15 files changed, 40 insertions(+), 53 deletions(-)
diff --git a/components/engine/api/swagger.yaml b/components/engine/api/swagger.yaml
index f58a64f29ea3..d275f2ff49eb 100644
--- a/components/engine/api/swagger.yaml
+++ b/components/engine/api/swagger.yaml
@@ -3852,10 +3852,10 @@ definitions:
$ref: "#/definitions/Runtime"
default:
runc:
- path: "runc"
+ path: "docker-runc"
example:
runc:
- path: "runc"
+ path: "docker-runc"
runc-master:
path: "/go/bin/runc"
custom:
diff --git a/components/engine/builder/builder-next/executor_unix.go b/components/engine/builder/builder-next/executor_unix.go
index b3ea33c05c71..94d8bb766045 100644
--- a/components/engine/builder/builder-next/executor_unix.go
+++ b/components/engine/builder/builder-next/executor_unix.go
@@ -27,7 +27,7 @@ func newExecutor(root, cgroupParent string, net libnetwork.NetworkController) (e
}
return runcexecutor.New(runcexecutor.Opt{
Root: filepath.Join(root, "executor"),
- CommandCandidates: []string{"runc"},
+ CommandCandidates: []string{"docker-runc", "runc"},
DefaultCgroupParent: cgroupParent,
}, networkProviders)
}
diff --git a/components/engine/cmd/dockerd/daemon.go b/components/engine/cmd/dockerd/daemon.go
index 839537316af4..05922e6418d0 100644
--- a/components/engine/cmd/dockerd/daemon.go
+++ b/components/engine/cmd/dockerd/daemon.go
@@ -10,7 +10,6 @@ import (
"strings"
"time"
- containerddefaults "github.com/containerd/containerd/defaults"
"github.com/docker/distribution/uuid"
"github.com/docker/docker/api"
apiserver "github.com/docker/docker/api/server"
@@ -141,25 +140,21 @@ func (cli *DaemonCli) start(opts *daemonOptions) (err error) {
ctx, cancel := context.WithCancel(context.Background())
if cli.Config.ContainerdAddr == "" && runtime.GOOS != "windows" {
- if !systemContainerdRunning() {
- opts, err := cli.getContainerdDaemonOpts()
- if err != nil {
- cancel()
- return fmt.Errorf("Failed to generate containerd options: %v", err)
- }
-
- r, err := supervisor.Start(ctx, filepath.Join(cli.Config.Root, "containerd"), filepath.Join(cli.Config.ExecRoot, "containerd"), opts...)
- if err != nil {
- cancel()
- return fmt.Errorf("Failed to start containerd: %v", err)
- }
- cli.Config.ContainerdAddr = r.Address()
+ opts, err := cli.getContainerdDaemonOpts()
+ if err != nil {
+ cancel()
+ return fmt.Errorf("Failed to generate containerd options: %v", err)
+ }
- // Try to wait for containerd to shutdown
- defer r.WaitTimeout(10 * time.Second)
- } else {
- cli.Config.ContainerdAddr = containerddefaults.DefaultAddress
+ r, err := supervisor.Start(ctx, filepath.Join(cli.Config.Root, "containerd"), filepath.Join(cli.Config.ExecRoot, "containerd"), opts...)
+ if err != nil {
+ cancel()
+ return fmt.Errorf("Failed to start containerd: %v", err)
}
+ cli.Config.ContainerdAddr = r.Address()
+
+ // Try to wait for containerd to shutdown
+ defer r.WaitTimeout(10 * time.Second)
}
defer cancel()
@@ -665,8 +660,3 @@ func validateAuthzPlugins(requestedPlugins []string, pg plugingetter.PluginGette
}
return nil
}
-
-func systemContainerdRunning() bool {
- _, err := os.Lstat(containerddefaults.DefaultAddress)
- return err == nil
-}
diff --git a/components/engine/contrib/docker-machine-install-bundle.sh b/components/engine/contrib/docker-machine-install-bundle.sh
index eff821799c71..860598943bd4 100755
--- a/components/engine/contrib/docker-machine-install-bundle.sh
+++ b/components/engine/contrib/docker-machine-install-bundle.sh
@@ -31,7 +31,7 @@ bundle_files(){
echo $BUNDLE/binary-daemon/$f
fi
done
- for f in containerd ctr containerd-shim docker-init runc; do
+ for f in docker-containerd docker-containerd-ctr docker-containerd-shim docker-init docker-runc; do
echo $BUNDLE/binary-daemon/$f
done
if [ -d $BUNDLE/dynbinary-client ]; then
diff --git a/components/engine/daemon/daemon_unix.go b/components/engine/daemon/daemon_unix.go
index b69eede21c44..77adba94a468 100644
--- a/components/engine/daemon/daemon_unix.go
+++ b/components/engine/daemon/daemon_unix.go
@@ -54,11 +54,11 @@ import (
const (
// DefaultShimBinary is the default shim to be used by containerd if none
// is specified
- DefaultShimBinary = "containerd-shim"
+ DefaultShimBinary = "docker-containerd-shim"
// DefaultRuntimeBinary is the default runtime to be used by
// containerd if none is specified
- DefaultRuntimeBinary = "runc"
+ DefaultRuntimeBinary = "docker-runc"
// See https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/tree/kernel/sched/sched.h?id=8cd9234c64c584432f6992fe944ca9e46ca8ea76#n269
linuxMinCPUShares = 2
@@ -76,7 +76,7 @@ const (
// DefaultRuntimeName is the default runtime to be used by
// containerd if none is specified
- DefaultRuntimeName = "runc"
+ DefaultRuntimeName = "docker-runc"
)
type containerGetter interface {
diff --git a/components/engine/hack/dockerfile/install/containerd.installer b/components/engine/hack/dockerfile/install/containerd.installer
index 4e5680d1ec92..4be15a6abfb8 100755
--- a/components/engine/hack/dockerfile/install/containerd.installer
+++ b/components/engine/hack/dockerfile/install/containerd.installer
@@ -30,7 +30,7 @@ install_containerd() {
mkdir -p ${PREFIX}
- cp bin/containerd ${PREFIX}/containerd
- cp bin/containerd-shim ${PREFIX}/containerd-shim
- cp bin/ctr ${PREFIX}/ctr
+ cp bin/containerd ${PREFIX}/docker-containerd
+ cp bin/containerd-shim ${PREFIX}/docker-containerd-shim
+ cp bin/ctr ${PREFIX}/docker-containerd-ctr
}
diff --git a/components/engine/hack/dockerfile/install/runc.installer b/components/engine/hack/dockerfile/install/runc.installer
index ed483e0f40c6..62263b3c038b 100755
--- a/components/engine/hack/dockerfile/install/runc.installer
+++ b/components/engine/hack/dockerfile/install/runc.installer
@@ -18,5 +18,5 @@ install_runc() {
fi
make BUILDTAGS="$RUNC_BUILDTAGS" "$target"
mkdir -p ${PREFIX}
- cp runc ${PREFIX}/runc
+ cp runc ${PREFIX}/docker-runc
}
diff --git a/components/engine/hack/make/.binary-setup b/components/engine/hack/make/.binary-setup
index 69bb39b364c6..15de89fe1025 100644
--- a/components/engine/hack/make/.binary-setup
+++ b/components/engine/hack/make/.binary-setup
@@ -1,9 +1,9 @@
#!/usr/bin/env bash
DOCKER_DAEMON_BINARY_NAME='dockerd'
-DOCKER_RUNC_BINARY_NAME='runc'
-DOCKER_CONTAINERD_BINARY_NAME='containerd'
-DOCKER_CONTAINERD_CTR_BINARY_NAME='ctr'
-DOCKER_CONTAINERD_SHIM_BINARY_NAME='containerd-shim'
+DOCKER_RUNC_BINARY_NAME='docker-runc'
+DOCKER_CONTAINERD_BINARY_NAME='docker-containerd'
+DOCKER_CONTAINERD_CTR_BINARY_NAME='docker-containerd-ctr'
+DOCKER_CONTAINERD_SHIM_BINARY_NAME='docker-containerd-shim'
DOCKER_PROXY_BINARY_NAME='docker-proxy'
DOCKER_INIT_BINARY_NAME='docker-init'
diff --git a/components/engine/hack/make/.integration-test-helpers b/components/engine/hack/make/.integration-test-helpers
index 149b6538004c..da2bb7cad2e3 100644
--- a/components/engine/hack/make/.integration-test-helpers
+++ b/components/engine/hack/make/.integration-test-helpers
@@ -112,7 +112,7 @@ error_on_leaked_containerd_shims() {
fi
leftovers=$(ps -ax -o pid,cmd |
- awk '$2 == "containerd-shim" && $4 ~ /.*\/bundles\/.*\/test-integration/ { print $1 }')
+ awk '$2 == "docker-containerd-shim" && $4 ~ /.*\/bundles\/.*\/test-integration/ { print $1 }')
if [ -n "$leftovers" ]; then
ps aux
kill -9 $leftovers 2> /dev/null
diff --git a/components/engine/integration-cli/check_test.go b/components/engine/integration-cli/check_test.go
index 2282967ee569..256b9153d298 100644
--- a/components/engine/integration-cli/check_test.go
+++ b/components/engine/integration-cli/check_test.go
@@ -32,7 +32,7 @@ const (
privateRegistryURL = registry.DefaultURL
// path to containerd's ctr binary
- ctrBinary = "ctr"
+ ctrBinary = "docker-containerd-ctr"
// the docker daemon binary to use
dockerdBinary = "dockerd"
diff --git a/components/engine/integration-cli/docker_cli_daemon_test.go b/components/engine/integration-cli/docker_cli_daemon_test.go
index d3cd5f167649..52946738edd7 100644
--- a/components/engine/integration-cli/docker_cli_daemon_test.go
+++ b/components/engine/integration-cli/docker_cli_daemon_test.go
@@ -44,8 +44,6 @@ import (
"gotest.tools/icmd"
)
-const containerdSocket = "/var/run/docker/containerd/containerd.sock"
-
// TestLegacyDaemonCommand test starting docker daemon using "deprecated" docker daemon
// command. Remove this test when we remove this.
func (s *DockerDaemonSuite) TestLegacyDaemonCommand(c *check.C) {
@@ -1451,7 +1449,7 @@ func (s *DockerDaemonSuite) TestCleanupMountsAfterDaemonAndContainerKill(c *chec
c.Assert(d.Kill(), check.IsNil)
// kill the container
- icmd.RunCommand(ctrBinary, "--address", containerdSocket,
+ icmd.RunCommand(ctrBinary, "--address", "/var/run/docker/containerd/docker-containerd.sock",
"--namespace", moby_daemon.ContainersNamespace, "tasks", "kill", id).Assert(c, icmd.Success)
// restart daemon.
@@ -1973,7 +1971,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithKilledRunningContainer(t *check
}
// kill the container
- icmd.RunCommand(ctrBinary, "--address", containerdSocket,
+ icmd.RunCommand(ctrBinary, "--address", "/var/run/docker/containerd/docker-containerd.sock",
"--namespace", moby_daemon.ContainersNamespace, "tasks", "kill", cid).Assert(t, icmd.Success)
// Give time to containerd to process the command if we don't
@@ -2076,7 +2074,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithUnpausedRunningContainer(t *che
// resume the container
result := icmd.RunCommand(
ctrBinary,
- "--address", containerdSocket,
+ "--address", "/var/run/docker/containerd/docker-containerd.sock",
"--namespace", moby_daemon.ContainersNamespace,
"tasks", "resume", cid)
result.Assert(t, icmd.Success)
diff --git a/components/engine/internal/test/daemon/daemon.go b/components/engine/internal/test/daemon/daemon.go
index 4f56dff9bba8..8c04c3158f7a 100644
--- a/components/engine/internal/test/daemon/daemon.go
+++ b/components/engine/internal/test/daemon/daemon.go
@@ -38,7 +38,6 @@ type logT interface {
}
const defaultDockerdBinary = "dockerd"
-const containerdSocket = "/var/run/docker/containerd/containerd.sock"
var errDaemonNotStarted = errors.New("daemon not started")
@@ -225,7 +224,7 @@ func (d *Daemon) StartWithLogFile(out *os.File, providedArgs ...string) error {
return errors.Wrapf(err, "[%s] could not find docker binary in $PATH", d.id)
}
args := append(d.GlobalFlags,
- "--containerd", containerdSocket,
+ "--containerd", "/var/run/docker/containerd/docker-containerd.sock",
"--data-root", d.Root,
"--exec-root", d.execRoot,
"--pidfile", fmt.Sprintf("%s/docker.pid", d.Folder),
diff --git a/components/engine/libcontainerd/supervisor/remote_daemon.go b/components/engine/libcontainerd/supervisor/remote_daemon.go
index 095300f753e9..1dcfbe176b0d 100644
--- a/components/engine/libcontainerd/supervisor/remote_daemon.go
+++ b/components/engine/libcontainerd/supervisor/remote_daemon.go
@@ -27,8 +27,8 @@ const (
shutdownTimeout = 15 * time.Second
startupTimeout = 15 * time.Second
configFile = "containerd.toml"
- binaryName = "containerd"
- pidFile = "containerd.pid"
+ binaryName = "docker-containerd"
+ pidFile = "docker-containerd.pid"
)
type pluginConfigs struct {
diff --git a/components/engine/libcontainerd/supervisor/remote_daemon_linux.go b/components/engine/libcontainerd/supervisor/remote_daemon_linux.go
index 799399c07bc5..1ea91d2b5d0b 100644
--- a/components/engine/libcontainerd/supervisor/remote_daemon_linux.go
+++ b/components/engine/libcontainerd/supervisor/remote_daemon_linux.go
@@ -11,8 +11,8 @@ import (
)
const (
- sockFile = "containerd.sock"
- debugSockFile = "containerd-debug.sock"
+ sockFile = "docker-containerd.sock"
+ debugSockFile = "docker-containerd-debug.sock"
)
func (r *remote) setDefaults() {
diff --git a/components/engine/libcontainerd/supervisor/remote_daemon_windows.go b/components/engine/libcontainerd/supervisor/remote_daemon_windows.go
index 9b254ef58a0a..bcdc9529e0f7 100644
--- a/components/engine/libcontainerd/supervisor/remote_daemon_windows.go
+++ b/components/engine/libcontainerd/supervisor/remote_daemon_windows.go
@@ -7,8 +7,8 @@ import (
)
const (
- grpcPipeName = `\\.\pipe\containerd-containerd`
- debugPipeName = `\\.\pipe\containerd-debug`
+ grpcPipeName = `\\.\pipe\docker-containerd-containerd`
+ debugPipeName = `\\.\pipe\docker-containerd-debug`
)
func (r *remote) setDefaults() {
--
2.19.1

View File

@ -1,4 +1,4 @@
From 46c2590f7637dba208b3db7e44c04e24f33c436d Mon Sep 17 00:00:00 2001 From a2d285ef5de9537fe2dbf14c4671625aa3035b98 Mon Sep 17 00:00:00 2001
From: Valentin Rothberg <vrothberg@suse.com> From: Valentin Rothberg <vrothberg@suse.com>
Date: Mon, 2 Jul 2018 13:37:34 +0200 Date: Mon, 2 Jul 2018 13:37:34 +0200
Subject: [PATCH] Add private-registry mirror support Subject: [PATCH] Add private-registry mirror support
@ -63,6 +63,7 @@ http for security reasons.
Signed-off-by: Flavio Castelli <fcastelli@suse.com> Signed-off-by: Flavio Castelli <fcastelli@suse.com>
Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Signed-off-by: Aleksa Sarai <asarai@suse.de>
--- ---
.../engine/api/types/registry/registry.go | 144 ++++++++++++++++++ .../engine/api/types/registry/registry.go | 144 ++++++++++++++++++
components/engine/daemon/config/config.go | 4 + components/engine/daemon/config/config.go | 4 +
@ -242,10 +243,10 @@ index 8789ad3b3210..c663fec7d881 100644
// NetIPNet is the net.IPNet type, which can be marshalled and // NetIPNet is the net.IPNet type, which can be marshalled and
diff --git a/components/engine/daemon/config/config.go b/components/engine/daemon/config/config.go diff --git a/components/engine/daemon/config/config.go b/components/engine/daemon/config/config.go
index 6cda223a1181..308eb83f2116 100644 index 8b2c844a579f..e61940661c70 100644
--- a/components/engine/daemon/config/config.go --- a/components/engine/daemon/config/config.go
+++ b/components/engine/daemon/config/config.go +++ b/components/engine/daemon/config/config.go
@@ -439,6 +439,10 @@ func findConfigurationConflicts(config map[string]interface{}, flags *pflag.Flag @@ -470,6 +470,10 @@ func findConfigurationConflicts(config map[string]interface{}, flags *pflag.Flag
// 1. Search keys from the file that we don't recognize as flags. // 1. Search keys from the file that we don't recognize as flags.
unknownKeys := make(map[string]interface{}) unknownKeys := make(map[string]interface{})
for key, value := range config { for key, value := range config {
@ -253,11 +254,11 @@ index 6cda223a1181..308eb83f2116 100644
+ if key == "registries" { + if key == "registries" {
+ continue + continue
+ } + }
if flag := flags.Lookup(key); flag == nil { if flag := flags.Lookup(key); flag == nil && !skipValidateOptions[key] {
unknownKeys[key] = value unknownKeys[key] = value
} }
diff --git a/components/engine/daemon/reload.go b/components/engine/daemon/reload.go diff --git a/components/engine/daemon/reload.go b/components/engine/daemon/reload.go
index 210864ff879d..5e744c5dcf8d 100644 index 026d7dd517f7..924c3982cd2a 100644
--- a/components/engine/daemon/reload.go --- a/components/engine/daemon/reload.go
+++ b/components/engine/daemon/reload.go +++ b/components/engine/daemon/reload.go
@@ -21,8 +21,14 @@ import ( @@ -21,8 +21,14 @@ import (
@ -275,7 +276,7 @@ index 210864ff879d..5e744c5dcf8d 100644
daemon.configStore.Lock() daemon.configStore.Lock()
attributes := map[string]string{} attributes := map[string]string{}
@@ -64,6 +70,9 @@ func (daemon *Daemon) Reload(conf *config.Config) (err error) { @@ -65,6 +71,9 @@ func (daemon *Daemon) Reload(conf *config.Config) (err error) {
if err := daemon.reloadLiveRestore(conf, attributes); err != nil { if err := daemon.reloadLiveRestore(conf, attributes); err != nil {
return err return err
} }
@ -285,7 +286,7 @@ index 210864ff879d..5e744c5dcf8d 100644
return daemon.reloadNetworkDiagnosticPort(conf, attributes) return daemon.reloadNetworkDiagnosticPort(conf, attributes)
} }
@@ -293,6 +302,30 @@ func (daemon *Daemon) reloadRegistryMirrors(conf *config.Config, attributes map[ @@ -294,6 +303,30 @@ func (daemon *Daemon) reloadRegistryMirrors(conf *config.Config, attributes map[
return nil return nil
} }
@ -1159,5 +1160,5 @@ index 3a56dc91145a..9de221cf2aa0 100644
endpoints = []APIEndpoint{ endpoints = []APIEndpoint{
-- --
2.18.0 2.19.1

View File

@ -1,4 +1,4 @@
From 95a40e4f18c80cce91f16c6dff08e13642de54da Mon Sep 17 00:00:00 2001 From c3d68210b8ff379d2e0c2de9f37cc0834a343228 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de> From: Aleksa Sarai <asarai@suse.de>
Date: Wed, 8 Mar 2017 12:41:54 +1100 Date: Wed, 8 Mar 2017 12:41:54 +1100
Subject: [PATCH 1/2] daemon: allow directory creation in /run/secrets Subject: [PATCH 1/2] daemon: allow directory creation in /run/secrets
@ -14,7 +14,7 @@ Signed-off-by: Aleksa Sarai <asarai@suse.de>
1 file changed, 21 insertions(+), 3 deletions(-) 1 file changed, 21 insertions(+), 3 deletions(-)
diff --git a/components/engine/daemon/container_operations_unix.go b/components/engine/daemon/container_operations_unix.go diff --git a/components/engine/daemon/container_operations_unix.go b/components/engine/daemon/container_operations_unix.go
index bc7ee452332b..d34129dfd80b 100644 index 9953c7f3fddc..05e67ca3fa6f 100644
--- a/components/engine/daemon/container_operations_unix.go --- a/components/engine/daemon/container_operations_unix.go
+++ b/components/engine/daemon/container_operations_unix.go +++ b/components/engine/daemon/container_operations_unix.go
@@ -3,6 +3,7 @@ @@ -3,6 +3,7 @@
@ -70,5 +70,5 @@ index bc7ee452332b..d34129dfd80b 100644
return errors.Wrap(err, "error setting ownership for secret") return errors.Wrap(err, "error setting ownership for secret")
} }
-- --
2.18.0 2.19.1

View File

@ -1,4 +1,4 @@
From f178392f98b42bf36ff8d8c6a23c8caab9ac10f7 Mon Sep 17 00:00:00 2001 From accb71345392d5885a61180f547367835f9e3047 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de> From: Aleksa Sarai <asarai@suse.de>
Date: Wed, 8 Mar 2017 11:43:29 +1100 Date: Wed, 8 Mar 2017 11:43:29 +1100
Subject: [PATCH 2/2] SUSE: implement SUSE container secrets Subject: [PATCH 2/2] SUSE: implement SUSE container secrets
@ -437,5 +437,5 @@ index 000000000000..817cd5561023
+ return nil + return nil
+} +}
-- --
2.18.0 2.19.1