Accepting request 981223 from Virtualization:containers

OBS-URL: https://build.opensuse.org/request/show/981223
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=121

0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch

@@ -1,4 +1,4 @@
-From 63d19d6ef58457e8aba6346157c9601e38f60929 Mon Sep 17 00:00:00 2001
+From 37dfb97c0016300dd6453fc718805ccdf341bfd6 Mon Sep 17 00:00:00 2001
 From: Aleksa Sarai <asarai@suse.de>
 Date: Wed, 8 Mar 2017 12:41:54 +1100
 Subject: [PATCH 1/6] SECRETS: daemon: allow directory creation in /run/secrets
@@ -10,17 +10,14 @@ useful for creating directories and subdirectories of secrets.
 Signed-off-by: Antonio Murdaca <runcom@redhat.com>
 Signed-off-by: Aleksa Sarai <asarai@suse.de>
 ---
- daemon/container_operations_unix.go | 25 ++++++++++++++++++++++---
- 1 file changed, 22 insertions(+), 3 deletions(-)
+ daemon/container_operations_unix.go | 24 +++++++++++++++++++++---
+ 1 file changed, 21 insertions(+), 3 deletions(-)
 
 diff --git a/daemon/container_operations_unix.go b/daemon/container_operations_unix.go
-index 6a50b99bd29e..583db20aa459 100644
+index 75b4b09b8dc4..583db20aa459 100644
 --- a/daemon/container_operations_unix.go
 +++ b/daemon/container_operations_unix.go
-@@ -1,8 +1,10 @@
-+//go:build linux || freebsd
- // +build linux freebsd
- 
+@@ -4,6 +4,7 @@
  package daemon // import "github.com/docker/docker/daemon"
  
  import (
@@ -28,7 +25,7 @@ index 6a50b99bd29e..583db20aa459 100644
  	"fmt"
  	"io/ioutil"
  	"os"
-@@ -12,6 +14,7 @@ import (
+@@ -13,6 +14,7 @@ import (
  	"github.com/docker/docker/container"
  	"github.com/docker/docker/daemon/links"
  	"github.com/docker/docker/errdefs"
@@ -36,7 +33,7 @@ index 6a50b99bd29e..583db20aa459 100644
  	"github.com/docker/docker/pkg/idtools"
  	"github.com/docker/docker/pkg/stringid"
  	"github.com/docker/docker/pkg/system"
-@@ -205,9 +208,6 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
+@@ -206,9 +208,6 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
  		if err != nil {
  			return errors.Wrap(err, "unable to get secret from secret store")
  		}
@@ -46,7 +43,7 @@ index 6a50b99bd29e..583db20aa459 100644
  
  		uid, err := strconv.Atoi(s.File.UID)
  		if err != nil {
-@@ -218,6 +218,25 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
+@@ -219,6 +218,25 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
  			return err
  		}
  
@@ -73,5 +70,5 @@ index 6a50b99bd29e..583db20aa459 100644
  			return errors.Wrap(err, "error setting ownership for secret")
  		}
 -- 
-2.35.1
+2.36.1
 

0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch

@@ -1,4 +1,4 @@
-From a472a5da8d0aeb21b4cb6fbd2dc348a753c0a883 Mon Sep 17 00:00:00 2001
+From 11ac23e5620ee53c9527334d2222b32ca5098876 Mon Sep 17 00:00:00 2001
 From: Aleksa Sarai <asarai@suse.de>
 Date: Wed, 8 Mar 2017 11:43:29 +1100
 Subject: [PATCH 2/6] SECRETS: SUSE: implement SUSE container secrets
@@ -451,5 +451,5 @@ index 000000000000..9ee33adf7497
 +	return nil
 +}
 -- 
-2.35.1
+2.36.1
 

0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch

@@ -1,4 +1,4 @@
-From 098dd769a226407da7a695ae44cf2e41a5d13a4a Mon Sep 17 00:00:00 2001
+From cf3c6ccefda39c60dc656404674628ac48b55de9 Mon Sep 17 00:00:00 2001
 From: Valentin Rothberg <vrothberg@suse.com>
 Date: Mon, 2 Jul 2018 13:37:34 +0200
 Subject: [PATCH 3/6] PRIVATE-REGISTRY: add private-registry mirror support
@@ -1142,5 +1142,5 @@ index 3e3a5b41ffbd..451a6f874bc1 100644
  
  	endpoints = []APIEndpoint{
 -- 
-2.35.1
+2.36.1
 

0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch

@@ -1,4 +1,4 @@
-From 5e84bae968f7beadd92452795cfe2ce4f8995cef Mon Sep 17 00:00:00 2001
+From 5d2f7a37a37547663aae1538b2d3fd48dd7277c8 Mon Sep 17 00:00:00 2001
 From: Aleksa Sarai <asarai@suse.de>
 Date: Fri, 29 Jun 2018 17:59:30 +1000
 Subject: [PATCH 4/6] bsc1073877: apparmor: clobber docker-default profile on
@@ -22,10 +22,10 @@ Signed-off-by: Aleksa Sarai <asarai@suse.de>
  3 files changed, 17 insertions(+), 6 deletions(-)
 
 diff --git a/daemon/apparmor_default.go b/daemon/apparmor_default.go
-index a7cc3a5ef412..1a952953da8f 100644
+index 21813ec14f8f..0de75b32b7fa 100644
 --- a/daemon/apparmor_default.go
 +++ b/daemon/apparmor_default.go
-@@ -23,6 +23,15 @@ func DefaultApparmorProfile() string {
+@@ -24,6 +24,15 @@ func DefaultApparmorProfile() string {
  	return ""
  }
  
@@ -41,7 +41,7 @@ index a7cc3a5ef412..1a952953da8f 100644
  func ensureDefaultAppArmorProfile() error {
  	if apparmor.IsEnabled() {
  		loaded, err := aaprofile.IsLoaded(defaultAppArmorProfile)
-@@ -36,10 +45,7 @@ func ensureDefaultAppArmorProfile() error {
+@@ -37,10 +46,7 @@ func ensureDefaultAppArmorProfile() error {
  		}
  
  		// Load the profile.
@@ -54,10 +54,10 @@ index a7cc3a5ef412..1a952953da8f 100644
  	return nil
  }
 diff --git a/daemon/apparmor_default_unsupported.go b/daemon/apparmor_default_unsupported.go
-index dd581dc7dadb..5b14979cd4a3 100644
+index e3dc18b32b5e..9c7723056268 100644
 --- a/daemon/apparmor_default_unsupported.go
 +++ b/daemon/apparmor_default_unsupported.go
-@@ -2,6 +2,10 @@
+@@ -3,6 +3,10 @@
  
  package daemon // import "github.com/docker/docker/daemon"
  
@@ -85,5 +85,5 @@ index 2a2fbbd52e19..0999ac3186b7 100644
  	}
  
 -- 
-2.35.1
+2.36.1
 

0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch

@@ -1,4 +1,4 @@
-From 98822d2010c709e64d5e86d7ec8e054861080a53 Mon Sep 17 00:00:00 2001
+From b54c6c7addcb163ddcef5e37fc7ed1c0afd0dbfa Mon Sep 17 00:00:00 2001
 From: Michal Rostecki <mrostecki@opensuse.org>
 Date: Thu, 8 Apr 2021 14:42:02 +0100
 Subject: [PATCH 5/6] bsc1183855: btrfs: Do not disable quota on cleanup
@@ -24,10 +24,10 @@ Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
  1 file changed, 8 insertions(+), 42 deletions(-)
 
 diff --git a/daemon/graphdriver/btrfs/btrfs.go b/daemon/graphdriver/btrfs/btrfs.go
-index 8fd2854a2673..32c4f07c620d 100644
+index fa0cdf8666b1..02bbb5da1088 100644
 --- a/daemon/graphdriver/btrfs/btrfs.go
 +++ b/daemon/graphdriver/btrfs/btrfs.go
-@@ -103,7 +103,7 @@ func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap
+@@ -104,7 +104,7 @@ func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap
  	}
  
  	if userDiskQuota {
@@ -36,7 +36,7 @@ index 8fd2854a2673..32c4f07c620d 100644
  			return nil, err
  		}
  	}
-@@ -172,18 +172,10 @@ func (d *Driver) GetMetadata(id string) (map[string]string, error) {
+@@ -173,18 +173,10 @@ func (d *Driver) GetMetadata(id string) (map[string]string, error) {
  
  // Cleanup unmounts the home directory.
  func (d *Driver) Cleanup() error {
@@ -56,7 +56,7 @@ index 8fd2854a2673..32c4f07c620d 100644
  	return nil
  }
  
-@@ -341,7 +333,7 @@ func (d *Driver) updateQuotaStatus() {
+@@ -342,7 +334,7 @@ func (d *Driver) updateQuotaStatus() {
  	d.once.Do(func() {
  		if !d.quotaEnabled {
  			// In case quotaEnabled is not set, check qgroup and update quotaEnabled as needed
@@ -65,7 +65,7 @@ index 8fd2854a2673..32c4f07c620d 100644
  				// quota is still not enabled
  				return
  			}
-@@ -350,7 +342,7 @@ func (d *Driver) updateQuotaStatus() {
+@@ -351,7 +343,7 @@ func (d *Driver) updateQuotaStatus() {
  	})
  }
  
@@ -74,7 +74,7 @@ index 8fd2854a2673..32c4f07c620d 100644
  	d.updateQuotaStatus()
  
  	if d.quotaEnabled {
-@@ -376,32 +368,6 @@ func (d *Driver) subvolEnableQuota() error {
+@@ -377,32 +369,6 @@ func (d *Driver) subvolEnableQuota() error {
  	return nil
  }
  
@@ -107,7 +107,7 @@ index 8fd2854a2673..32c4f07c620d 100644
  func (d *Driver) subvolRescanQuota() error {
  	d.updateQuotaStatus()
  
-@@ -444,11 +410,11 @@ func subvolLimitQgroup(path string, size uint64) error {
+@@ -445,11 +411,11 @@ func subvolLimitQgroup(path string, size uint64) error {
  	return nil
  }
  
@@ -121,7 +121,7 @@ index 8fd2854a2673..32c4f07c620d 100644
  	dir, err := openDir(path)
  	if err != nil {
  		return err
-@@ -622,7 +588,7 @@ func (d *Driver) setStorageSize(dir string, driver *Driver) error {
+@@ -623,7 +589,7 @@ func (d *Driver) setStorageSize(dir string, driver *Driver) error {
  	if d.options.minSpace > 0 && driver.options.size < d.options.minSpace {
  		return fmt.Errorf("btrfs: storage size cannot be less than %s", units.HumanSize(float64(d.options.minSpace)))
  	}
@@ -130,7 +130,7 @@ index 8fd2854a2673..32c4f07c620d 100644
  		return err
  	}
  	return subvolLimitQgroup(dir, driver.options.size)
-@@ -676,7 +642,7 @@ func (d *Driver) Get(id, mountLabel string) (containerfs.ContainerFS, error) {
+@@ -677,7 +643,7 @@ func (d *Driver) Get(id, mountLabel string) (containerfs.ContainerFS, error) {
  
  	if quota, err := ioutil.ReadFile(d.quotasDirID(id)); err == nil {
  		if size, err := strconv.ParseUint(string(quota), 10, 64); err == nil && size >= d.options.minSpace {
@@ -140,5 +140,5 @@ index 8fd2854a2673..32c4f07c620d 100644
  			}
  			if err := subvolLimitQgroup(dir, size); err != nil {
 -- 
-2.35.1
+2.36.1
 

0006-bsc1193930-vendor-update-golang.org-x-crypto.patch

@@ -1,4 +1,4 @@
-From b0122ef823aa4f05c9c552fb0eeff2fc11a0a64c Mon Sep 17 00:00:00 2001
+From bb67252dfccb18dacc9e0c3463e7c52f32fb2900 Mon Sep 17 00:00:00 2001
 From: Aleksa Sarai <asarai@suse.de>
 Date: Fri, 29 Apr 2022 12:44:21 +1000
 Subject: [PATCH 6/6] bsc1193930: vendor: update golang.org/x/crypto
@@ -354,7 +354,7 @@ Signed-off-by: Aleksa Sarai <asarai@suse.de>
  create mode 100644 vendor/golang.org/x/crypto/xts/xts.go
 
 diff --git a/vendor.conf b/vendor.conf
-index ac4640c76369..c21d903fa8a8 100644
+index 54e97e4562d8..9ff95d499ef8 100644
 --- a/vendor.conf
 +++ b/vendor.conf
 @@ -150,7 +150,7 @@ github.com/golang/protobuf                          84668698ea25b64748563aa20726
@@ -41068,5 +41068,5 @@ index 000000000000..b51308e95e52
 +	}
 +}
 -- 
-2.35.1
+2.36.1
 

_service

@@ -3,16 +3,16 @@
     <param name="url">https://github.com/moby/moby.git</param>
     <param name="scm">git</param>
     <param name="exclude">.git</param>
-    <param name="versionformat">20.10.14_ce_%h</param>
-    <param name="revision">v20.10.14</param>
+    <param name="versionformat">20.10.17_ce_%h</param>
+    <param name="revision">v20.10.17</param>
     <param name="filename">docker</param>
   </service>
   <service name="tar_scm" mode="disabled">
     <param name="url">https://github.com/docker/cli.git</param>
     <param name="scm">git</param>
     <param name="exclude">.git</param>
-    <param name="versionformat">20.10.14_ce</param>
-    <param name="revision">v20.10.14</param>
+    <param name="versionformat">20.10.17_ce</param>
+    <param name="revision">v20.10.17</param>
     <param name="filename">docker-cli</param>
   </service>
   <service name="tar_scm" mode="disabled">
@@ -20,7 +20,7 @@
     <param name="scm">git</param>
     <param name="exclude">.git</param>
     <param name="versionformat">%H</param>
-    <param name="revision">64b7a4574d1426139437d20e81c0b6d391130ec8</param>
+    <param name="revision">f6ccccb1c082a432c2a5814aaedaca56af33d9ea</param>
     <param name="filename">docker-libnetwork</param>
   </service>
   <service name="recompress" mode="disabled">

docker-20.10.14_ce_87a90dc786bd.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:6d3e2a8f966b51320d8aaae83ac9606b5e042766ebdac3fde5fd36bb8579502d
-size 6424424

docker-20.10.17_ce_a89b84221c85.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9464d19aa358c19089672a03b13572b9c512c8c19ad098b594caca864052c426
+size 6557740

docker-cli-20.10.14_ce.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:b1549d97c545ac15336032be381f02de480bc25d8090feadf43a23d91ab56110
-size 4265544

docker-cli-20.10.17_ce.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1eeb771ad69ec70e206d69bdb649d05f438d0fa4193bbb6f4c7fd276258a08a9
+size 4357440

docker-libnetwork-64b7a4574d1426139437d20e81c0b6d391130ec8.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:437df6f6e33cf527acbcc2117738430f89e43bc57d958557155b3392c3a00ff8
-size 1983592

docker-libnetwork-f6ccccb1c082a432c2a5814aaedaca56af33d9ea.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a676901b2676dedd147e70b2e6c5b9869e8d2fad99605de20cc1b42830097d3b
+size 1983552

docker.changes

@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Tue Jun  7 07:18:41 UTC 2022 - Aleksa Sarai <asarai@suse.com>
+
+- Update to Docker 20.10.17-ce. See upstream changelog online at
+  <https://docs.docker.com/engine/release-notes/#201017>. bsc#1200145
+- Rebase patches:
+  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
+  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
+  * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
+  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
+  * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
+  * 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
+
 -------------------------------------------------------------------
 Fri Apr 29 02:51:43 UTC 2022 - Aleksa Sarai <asarai@suse.com>
 

docker.spec

@@ -42,24 +42,24 @@
 # helpfully injects into our build environment from the changelog). If you want
 # to generate a new git_commit_epoch, use this:
 #  $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s'
-%define git_version 87a90dc786bd
-%define git_commit_epoch 1649909084
+%define git_version a89b84221c85
+%define git_commit_epoch 1654554758
 
 # We require a specific pin of libnetwork because it doesn't really do
 # versioning and minor version mismatches in libnetwork can break Docker
 # networking. All other key runtime dependencies (containerd, runc) are stable
 # enough that this isn't necessary.
-%define libnetwork_version 64b7a4574d1426139437d20e81c0b6d391130ec8
+%define libnetwork_version f6ccccb1c082a432c2a5814aaedaca56af33d9ea
 
 %define dist_builddir  %{_builddir}/dist-suse
 %define cli_builddir   %{dist_builddir}/src/github.com/docker/cli
 %define proxy_builddir %{dist_builddir}/src/github.com/docker/libnetwork
 
 Name:           %{realname}%{name_suffix}
-Version:        20.10.14_ce
+Version:        20.10.17_ce
 # This "nice version" is so that docker --version gives a result that can be
 # parsed by other people. boo#1182476
-%define nice_version 20.10.14-ce
+%define nice_version 20.10.17-ce
 Release:        0
 Summary:        The Moby-project Linux container runtime
 License:        Apache-2.0
@@ -111,8 +111,10 @@ BuildRequires:  sqlite3-devel
 BuildRequires:  zsh
 BuildRequires:  fish
 BuildRequires:  go-go-md2man
-BuildRequires:  go1.16
 BuildRequires:  pkgconfig(libsystemd)
+# Due to a limitation in openSUSE's Go packaging we cannot have a BuildRequires
+# for 'golang(API) >= 1.17' here, so just require 1.17 exactly. bsc#1172608
+BuildRequires:  go1.17
 Requires:       apparmor-parser
 Requires:       ca-certificates-mozilla
 # The docker-proxy binary used to be in a separate package. We obsolete it,
@@ -121,8 +123,8 @@ Obsoletes:      docker-libnetwork%{name_suffix} < 0.7.0.2
 Provides:       docker-libnetwork%{name_suffix} = 0.7.0.2.%{version}
 # Required to actually run containers. We require the minimum version that is
 # pinned by Docker, but in order to avoid headaches we allow for updates.
-Requires:       runc >= 1.0.2
-Requires:       containerd >= 1.5
+Requires:       runc >= 1.1.2
+Requires:       containerd >= 1.6.6
 # Needed for --init support. We don't use "tini", we use our own implementation
 # which handles edge-cases better.
 Requires:       catatonit