diff --git a/_service b/_service index e2962f5..9d5f616 100644 --- a/_service +++ b/_service @@ -3,8 +3,8 @@ <param name="url">https://github.com/docker/docker.git</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="versionformat">1.13.0</param> - <param name="revision">v1.13.0</param> + <param name="versionformat">17.04.0_ce</param> + <param name="revision">v17.04.0-ce</param> </service> <service name="recompress" mode="disabled"> <param name="file">docker-*.tar</param> diff --git a/boltdb_bolt_add_brokenUnaligned.patch b/boltdb_bolt_add_brokenUnaligned.patch deleted file mode 100644 index af8df30..0000000 --- a/boltdb_bolt_add_brokenUnaligned.patch +++ /dev/null @@ -1,27 +0,0 @@ -From: Michel Normand <normand@linux.vnet.ibm.com> -Subject: boltdb bolt add brokenUnaligned for ppc64 -Date: Tue, 20 Dec 2016 10:19:01 +0100 - -boltdb bolt add brokenUnaligned for ppc64 -as already done for bolt_ppc64le.go - -Correction already submitted upstream as -https://github.com/boltdb/bolt/pull/635 - -Signed-off-by: Michel Normand <normand@linux.vnet.ibm.com> ---- - vendor/src/github.com/boltdb/bolt/bolt_ppc64.go | 3 +++ - 1 file changed, 3 insertions(+) - -Index: docker-1.12.3/vendor/src/github.com/boltdb/bolt/bolt_ppc64.go -=================================================================== ---- docker-1.12.3.orig/vendor/src/github.com/boltdb/bolt/bolt_ppc64.go -+++ docker-1.12.3/vendor/src/github.com/boltdb/bolt/bolt_ppc64.go -@@ -7,3 +7,6 @@ const maxMapSize = 0xFFFFFFFFFFFF // 256 - - // maxAllocSize is the size used when creating array pointers. - const maxAllocSize = 0x7FFFFFFF -+ -+// Are unaligned load/stores broken on this arch? -+var brokenUnaligned = false - diff --git a/bsc1037436-0001-client-check-tty-before-creating-exec-job.patch b/bsc1037436-0001-client-check-tty-before-creating-exec-job.patch new file mode 100644 index 0000000..939bd0b --- /dev/null +++ b/bsc1037436-0001-client-check-tty-before-creating-exec-job.patch @@ -0,0 +1,69 @@ +From c117441b1a74affb013a42ee8225d69ecfaf4d72 Mon Sep 17 00:00:00 2001 +From: Aleksa Sarai <asarai@suse.de> +Date: Tue, 9 May 2017 23:31:46 +1000 +Subject: [PATCH] client: check tty before creating exec job + +This is necessary in order to avoid execId leaks in the case where a +`docker exec -it` is run without a terminal available for the client. +You can reproduce this issue by running the following command many +times. + + % nohup docker exec -it some_container true + +The container `some_container` will have execIDs that will never +normally be cleaned up (because the client died before they were +started). + +In addition, this patch adds a docker-inspect step to ensure that we +give "container does not exist" errors consistently. + +[SUSE: Fixes bsc#1037436.] + +Signed-off-by: Valentin Rothberg <vrothberg@suse.com> +Signed-off-by: Aleksa Sarai <asarai@suse.de> +--- + cli/command/container/exec.go | 21 +++++++++++++++------ + 1 file changed, 15 insertions(+), 6 deletions(-) + +diff --git a/cli/command/container/exec.go b/cli/command/container/exec.go +index 676708c77b91..d85113259242 100644 +--- a/cli/command/container/exec.go ++++ b/cli/command/container/exec.go +@@ -79,6 +79,19 @@ func runExec(dockerCli *command.DockerCli, opts *execOptions, container string, + ctx := context.Background() + client := dockerCli.Client() + ++ // We need to check the tty _before_ we do the ContainerExecCreate, because ++ // otherwise if we error out we will leak execIDs on the server (and ++ // there's no easy way to clean those up). But also in order to make "not ++ // exist" errors take precedence we do a dummy inspect first. ++ if _, err := client.ContainerInspect(ctx, container); err != nil { ++ return err ++ } ++ if !execConfig.Detach { ++ if err := dockerCli.In().CheckTty(execConfig.AttachStdin, execConfig.Tty); err != nil { ++ return err ++ } ++ } ++ + response, err := client.ContainerExecCreate(ctx, container, *execConfig) + if err != nil { + return err +@@ -90,12 +103,8 @@ func runExec(dockerCli *command.DockerCli, opts *execOptions, container string, + return nil + } + +- //Temp struct for execStart so that we don't need to transfer all the execConfig +- if !execConfig.Detach { +- if err := dockerCli.In().CheckTty(execConfig.AttachStdin, execConfig.Tty); err != nil { +- return err +- } +- } else { ++ // Temp struct for execStart so that we don't need to transfer all the execConfig. ++ if execConfig.Detach { + execStartCheck := types.ExecStartCheck{ + Detach: execConfig.Detach, + Tty: execConfig.Tty, +-- +2.12.2 + diff --git a/bsc1037607-0001-apparmor-make-pkg-aaparser-work-on-read-only-root.patch b/bsc1037607-0001-apparmor-make-pkg-aaparser-work-on-read-only-root.patch new file mode 100644 index 0000000..ac5da10 --- /dev/null +++ b/bsc1037607-0001-apparmor-make-pkg-aaparser-work-on-read-only-root.patch @@ -0,0 +1,60 @@ +From 9783e1791fc438751b327023b0cd7d392e54084f Mon Sep 17 00:00:00 2001 +From: Aleksa Sarai <asarai@suse.de> +Date: Thu, 18 May 2017 00:02:00 +1000 +Subject: [PATCH] apparmor: make pkg/aaparser work on read-only root + +This is necessary because normally `apparmor_parser -r` will try to +create a temporary directory on the host (which is not allowed if the +host has a rootfs). However, the -K option bypasses saving things to the +cache (which avoids this issue). + + % apparmor_parser -r /tmp/docker-profile + mkstemp: Read-only file system + % apparmor_parser -Kr /tmp/docker-profile + % + +In addition, add extra information to the ensureDefaultAppArmorProfile +errors so that problems like this are easier to debug. + +Fixes: 2f7596aaef3a ("apparmor: do not save profile to /etc/apparmor.d") +Signed-off-by: Aleksa Sarai <asarai@suse.de> +--- + daemon/apparmor_default.go | 2 +- + pkg/aaparser/aaparser.go | 7 ++++--- + 2 files changed, 5 insertions(+), 4 deletions(-) + +diff --git a/daemon/apparmor_default.go b/daemon/apparmor_default.go +index 09dd0541b872..2a418b25c241 100644 +--- a/daemon/apparmor_default.go ++++ b/daemon/apparmor_default.go +@@ -28,7 +28,7 @@ func ensureDefaultAppArmorProfile() error { + + // Load the profile. + if err := aaprofile.InstallDefault(defaultApparmorProfile); err != nil { +- return fmt.Errorf("AppArmor enabled on system but the %s profile could not be loaded.", defaultApparmorProfile) ++ return fmt.Errorf("AppArmor enabled on system but the %s profile could not be loaded: %s", defaultApparmorProfile, err) + } + } + +diff --git a/pkg/aaparser/aaparser.go b/pkg/aaparser/aaparser.go +index e794c4c729e2..5de4a4d79b35 100644 +--- a/pkg/aaparser/aaparser.go ++++ b/pkg/aaparser/aaparser.go +@@ -22,10 +22,11 @@ func GetVersion() (int, error) { + return parseVersion(output) + } + +-// LoadProfile runs `apparmor_parser -r` on a specified apparmor profile to +-// replace the profile. ++// LoadProfile runs `apparmor_parser -Kr` on a specified apparmor profile to ++// replace the profile. The `-K` is necessary to make sure that apparmor_parser ++// doesn't try to write to a read-only filesystem. + func LoadProfile(profilePath string) error { +- _, err := cmd("", "-r", profilePath) ++ _, err := cmd("", "-Kr", profilePath) + return err + } + +-- +2.12.2 + diff --git a/docker-1.13.0.tar.xz b/docker-1.13.0.tar.xz deleted file mode 100644 index 8e5b482..0000000 --- a/docker-1.13.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1da90f2f637d55c7bef034761f0781a7cc4facdefc50b9d77f0c6a78185efe0a -size 5130016 diff --git a/docker-17.04.0_ce.tar.xz b/docker-17.04.0_ce.tar.xz new file mode 100644 index 0000000..4cc9c8b --- /dev/null +++ b/docker-17.04.0_ce.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c192552cebebba3e5af60af995fb7fd6f6423b8df71574e8a1f188878ae21913 +size 4574004 diff --git a/docker.changes b/docker.changes index 8bf8590..35016e2 100644 --- a/docker.changes +++ b/docker.changes @@ -1,3 +1,66 @@ +------------------------------------------------------------------- +Wed May 17 14:41:29 UTC 2017 - asarai@suse.com + +- Fix bsc#1037607 which was causing read-only issues on Kubic, this is a + backport of https://github.com/moby/moby/pull/33250. + + bsc1037607-0001-apparmor-make-pkg-aaparser-work-on-read-only-root.patch + +------------------------------------------------------------------- +Wed May 10 13:54:44 UTC 2017 - asarai@suse.com + +- Add a partial fix for boo#1038493. +- Fixed bsc#1037436 where execids were being leaked due to bad error handling. + This is a backport of https://github.com/docker/cli/pull/52. + + bsc1037436-0001-client-check-tty-before-creating-exec-job.patch + +------------------------------------------------------------------- +Thu May 4 19:03:40 UTC 2017 - jmassaguerpla@suse.com + +- Fix golang requirements in the subpackages + +------------------------------------------------------------------- +Mon May 1 07:57:35 UTC 2017 - fcastelli@suse.com + +- Update golang build requirements to use golang(API) symbol: this is + needed to solve a conflict between multiple versions of Go being available + +------------------------------------------------------------------- +Tue Apr 18 15:38:11 UTC 2017 - jmassaguerpla@suse.com + +- Fix secrets-0002-SUSE-implement-SUSE-container-secrets.patch: + substitute docker/distribution/digest by opencontainers/digest + +------------------------------------------------------------------- +Thu Apr 13 14:34:35 UTC 2017 - jmassaguerpla@suse.com + +- Update to version 17.04.0-ce (fix bsc#1034053 ) + +- Patches removed because have been merged into this version: + * pr31549-cmd-docker-fix-TestDaemonCommand.patch + * pr31773-daemon-also-ensureDefaultApparmorProfile-in-exec-pat.patch +- Patches rebased: + * integration-cli-fix-TestInfoEnsureSucceeds.patch +- Build man pages for all archs (bsc#953182) +- Containers cannot resolve DNS if docker host uses 127.0.0.1 as resolver (bsc#1034063) + +see /usr/share/doc/packages/docker/CHANGELOG.md + +------------------------------------------------------------------- +Wed Apr 12 09:54:18 UTC 2017 - jmassaguerpla@suse.com + +- Make sure this is being built with go 1.7 + +------------------------------------------------------------------- +Wed Apr 12 09:14:35 UTC 2017 - jmassaguerpla@suse.com + +- remove the go_arches macro because we are using go1.7 which + is available in all archs + +- remove gcc specific patches + * gcc-go-patches.patch + * netlink_netns_powerpc.patch + * boltdb_bolt_add_brokenUnaligned.patch + ------------------------------------------------------------------- Wed Apr 12 07:58:08 UTC 2017 - asarai@suse.com diff --git a/docker.spec b/docker.spec index bd0de84..ef39fc6 100644 --- a/docker.spec +++ b/docker.spec @@ -17,26 +17,12 @@ # nodebuginfo -# Check if go_arches is defined in the project configuration -# Otherwise, define it here -# In order to define it in the project configuration, see -# -# https://en.opensuse.org/openSUSE:Build%20Service%20prjconf#Macros -# -# The Macros tag is the one that defines the go_arches variable to be used -# in the spec file. -# The "define" one is to help the specfile parser of the buildservice -# to see what packages are being built. You also want to define it here -# for keeping things consistent. - -%{!?go_arches: %global go_arches %ix86 x86_64 aarch64 ppc64le} - %global docker_store %{_localstatedir}/lib/docker %global docker_migration_testfile %{docker_store}/.suse-image-migration-v1to2-complete %global docker_migration_warnfile %{docker_store}/docker-update-message.txt %define docker_graph %{docker_store}/graph %define git_version 78d1802 -%define version_unconverted 1.13.0 +%define version_unconverted 17.04.0_ce %define __arch_install_post export NO_BRP_STRIP_DEBUG=true # When upgrading to a new version requires the service not to be restarted # Due to a long migration process update last_migration_version to the new version @@ -44,7 +30,7 @@ # 1.10.1 %global last_migration_version 1.10.1 Name: docker -Version: 1.13.0 +Version: 17.04.0_ce Release: 0 Summary: The Linux container runtime License: Apache-2.0 @@ -60,10 +46,6 @@ Source8: docker-audit.rules Source9: docker-update-message.txt Source10: tests.sh Source11: docker_service_helper.sh -# Fixes for architecture-specific issues (gcc-go). -Patch100: gcc-go-patches.patch -Patch102: netlink_netns_powerpc.patch -Patch103: boltdb_bolt_add_brokenUnaligned.patch # SUSE-FEATURE: Adds the /run/secrets mountpoint inside all Docker containers # which is not snapshotted when images are committed. Note that if you modify # this patch, please also modify the patch in the suse-secrets-v<version> @@ -72,8 +54,10 @@ Patch200: secrets-0001-daemon-allow-directory-creation-in-run-secrets.patc Patch201: secrets-0002-SUSE-implement-SUSE-container-secrets.patch # PATCH-FIX-UPSTREAM: Backports. Patch300: integration-cli-fix-TestInfoEnsureSucceeds.patch -Patch301: pr31549-cmd-docker-fix-TestDaemonCommand.patch -Patch302: pr31773-daemon-also-ensureDefaultApparmorProfile-in-exec-pat.patch +# PATCH-FIX-UPSTREAM: Backport of https://github.com/docker/cli/pull/52 (bsc#1037436). +Patch400: bsc1037436-0001-client-check-tty-before-creating-exec-job.patch +# PATCH-FIX-UPSTREAM: Backport of https://github.com/moby/moby/pull/33250 (bsc#1037607). +Patch401: bsc1037607-0001-apparmor-make-pkg-aaparser-work-on-read-only-root.patch BuildRequires: audit BuildRequires: bash-completion BuildRequires: ca-certificates @@ -97,13 +81,13 @@ BuildRequires: zsh Requires: apparmor-parser Requires: bridge-utils Requires: ca-certificates-mozilla -Requires: docker-libnetwork = 0.0.0+git20161019.0f53435 +Requires: docker-libnetwork = 0.0.0+git20170119.7b2b1fe # Containerd and runC are required as they are the only currently supported # execdrivers of Docker. NOTE: The version pinning here matches upstream's # Dockerfile to ensure that we don't use a slightly incompatible version of # runC or containerd (which would be bad). -Requires: containerd = 0.2.5+gitr608_03e5862 -Requires: runc = 0.1.1+gitr2942_2f7393a +Requires: containerd = 0.2.5+gitr639_422e31c +Requires: runc = 0.1.1+gitr2947_9c2d8d1 # Provides mkfs.ext4 - used by Docker when devicemapper storage driver is used Requires: e2fsprogs Requires: git-core >= 1.7 @@ -124,12 +108,9 @@ Recommends: lvm2 >= 2.2.89 Conflicts: lxc < 1.0 BuildRoot: %{_tmppath}/%{name}-%{version}-build ExcludeArch: %ix86 s390 ppc -%ifarch %{go_arches} -BuildRequires: go >= 1.5 +# Make sure we build with go 1.7 BuildRequires: go-go-md2man -%else -BuildRequires: gcc6-go >= 6.1 -%endif +BuildRequires: golang(API) = 1.7 %description Docker complements LXC with a high-level API which operates at the process @@ -169,15 +150,12 @@ Requires: apparmor-parser Requires: bash-completion Requires: device-mapper-devel >= 1.2.68 Requires: glibc-devel-static +# Make sure we require go 1.7 Requires: libapparmor-devel Requires: libbtrfs-devel >= 3.8 Requires: procps Requires: sqlite3-devel -%ifarch %{go_arches} -Requires: go >= 1.4 -%else -Requires: gcc6-go >= 6.1 -%endif +Requires: golang(API) = 1.7 %description test Test package for docker. It contains the source code and the tests. @@ -190,25 +168,13 @@ Test package for docker. It contains the source code and the tests. %patch200 -p1 %patch201 -p1 %endif -%ifnarch %{go_arches} -%patch100 -p1 -%patch102 -p1 -%patch103 -p1 -%endif %patch300 -p1 -%patch301 -p1 -%patch302 -p1 +%patch400 -p1 +%patch401 -p1 cp %{SOURCE7} . cp %{SOURCE10} . %build -%ifnarch %{go_arches} -tmphack=/tmp/dirty-hack -[ -e $tmphack ] && rm -rf $tmphack -mkdir $tmphack -ln -s %{_bindir}/go-6 $tmphack/go -export PATH=$tmphack:$PATH -%endif BUILDTAGS="exclude_graphdriver_aufs apparmor selinux pkcs11" %if 0%{?with_libseccomp} @@ -226,16 +192,15 @@ BUILDTAGS="seccomp $BUILDTAGS" export AUTO_GOPATH=1 export DOCKER_BUILDTAGS="$BUILDTAGS" export DOCKER_GITCOMMIT=%{git_version} +# Until boo#1038493 is fixed properly we need to do this hack to get the +# compiled-into-the-binary GOROOT. +export GOROOT="$(GOROOT= go env GOROOT)" EOF ) > docker_build_env . ./docker_build_env -%ifarch %{go_arches} ./hack/make.sh dynbinary man/md2man-all.sh -%else -./hack/make.sh dyngccgo -%endif # build the tests binary GOPATH=$(pwd)/vendor:$(pwd)/.gopath/ go test \ @@ -246,7 +211,6 @@ GOPATH=$(pwd)/vendor:$(pwd)/.gopath/ go test \ # otherwise the resulting package will have extra requires rm -rf hack/make/.build-deb -%ifarch %go_arches %check . ./docker_build_env @@ -300,22 +264,16 @@ PKG_LIST=$(go list -e \ | grep -v 'github.com/docker/docker/pkg/integration$') %else | grep -v 'github.com/docker/docker/pkg/integration$' \ - | grep -v 'github.com/docker/docker/profiles/seccomp$') + | grep -v 'github.com/docker/docker/profiles/seccomp$') %endif go test -cover -ldflags -w -tags "$DOCKER_BUILDTAGS" -a -test.timeout=10m $PKG_LIST -%endif %install install -d %{buildroot}%{go_contribdir} install -d %{buildroot}%{_bindir} -%ifarch %{go_arches} install -D -m755 bundles/latest/dynbinary-client/%{name} %{buildroot}/%{_bindir}/%{name} install -D -m755 bundles/latest/dynbinary-daemon/%{name}d %{buildroot}/%{_bindir}/%{name}d -%else -install -D -m755 bundles/latest/dyngccgo/%{name} %{buildroot}/%{_bindir}/%{name} -install -D -m755 bundles/latest/dyngccgo/%{name}d %{buildroot}/%{_bindir}/%{name}d -%endif install -d %{buildroot}/%{_prefix}/lib/docker install -Dd -m 0755 \ %{buildroot}%{_sysconfdir}/init.d \ @@ -356,7 +314,6 @@ install -D -m 0640 %{SOURCE8} %{buildroot}%{_sysconfdir}/audit/rules.d/%{name}.r # sysconfig file install -D -m 644 %{SOURCE4} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.docker -%ifarch %{go_arches} # install manpages install -d %{buildroot}%{_mandir}/man1 install -p -m 644 man/man1/*.1 %{buildroot}%{_mandir}/man1 @@ -364,7 +321,6 @@ install -d %{buildroot}%{_mandir}/man5 install -p -m 644 man/man5/Dockerfile.5 %{buildroot}%{_mandir}/man5 install -d %{buildroot}%{_mandir}/man8 install -p -m 644 man/man8/*.8 %{buildroot}%{_mandir}/man8 -%endif install -D -m 0644 %{SOURCE9} %{buildroot}%{docker_migration_warnfile} @@ -424,7 +380,7 @@ fi %files %defattr(-,root,root) -%doc README.md LICENSE README_SUSE.md +%doc README.md LICENSE README_SUSE.md CHANGELOG.md %{_bindir}/docker %{_bindir}/dockerd %{_sbindir}/rcdocker @@ -434,12 +390,10 @@ fi %{_udevrulesdir}/80-%{name}.rules %{_localstatedir}/adm/fillup-templates/sysconfig.docker %{_localstatedir}/lib/docker/ -%ifarch %{go_arches} %{_mandir}/man1/docker-*.1%{ext_man} %{_mandir}/man1/docker.1%{ext_man} %{_mandir}/man5/Dockerfile.5%{ext_man} %{_mandir}/man8/dockerd.8%{ext_man} -%endif %files bash-completion %defattr(-,root,root) diff --git a/gcc-go-patches.patch b/gcc-go-patches.patch deleted file mode 100644 index b911aaf..0000000 --- a/gcc-go-patches.patch +++ /dev/null @@ -1,47 +0,0 @@ -diff --git a/hack/make/gccgo b/hack/make/gccgo -index 54c983e..1c11bbf 100644 ---- a/hack/make/gccgo -+++ b/hack/make/gccgo -@@ -1,5 +1,5 @@ - #!/bin/bash --set -e -+set -ex - - BINARY_NAME="dockerd-$VERSION" - BINARY_EXTENSION="$(binary_extension)" -@@ -22,9 +22,11 @@ go build -compiler=gccgo \ - "${BUILDFLAGS[@]}" \ - -gccgoflags " - -g -+ -Wl,--add-needed -Wl,--no-as-needed - $EXTLDFLAGS_STATIC -+ -static-libgo - -Wl,--no-export-dynamic -- -ldl -+ -ldl -lselinux -lsystemd - -pthread - " \ - ./cmd/dockerd -@@ -37,7 +39,9 @@ go build -compiler=gccgo \ - "${BUILDFLAGS[@]}" \ - -gccgoflags " - -g -+ -Wl,--add-needed -Wl,--no-as-needed - $EXTLDFLAGS_STATIC -+ -static-libgo - -Wl,--no-export-dynamic - -ldl - -pthread -@@ -55,9 +59,11 @@ go build -compiler=gccgo \ - "${BUILDFLAGS[@]}" \ - -gccgoflags " - -g -+ -Wl,--add-needed -Wl,--no-as-needed - $EXTLDFLAGS_STATIC -+ -static-libgo - -Wl,--no-export-dynamic -- -ldl -+ -ldl -lselinux -lsystemd - -pthread - " \ - ./cmd/docker diff --git a/integration-cli-fix-TestInfoEnsureSucceeds.patch b/integration-cli-fix-TestInfoEnsureSucceeds.patch index fd4d91b..261dcde 100644 --- a/integration-cli-fix-TestInfoEnsureSucceeds.patch +++ b/integration-cli-fix-TestInfoEnsureSucceeds.patch @@ -1,13 +1,13 @@ diff --git a/integration-cli/docker_cli_info_test.go b/integration-cli/docker_cli_info_test.go -index 62ce7e2..46516f9 100644 +index 5eb2f0f..39f93bd 100644 --- a/integration-cli/docker_cli_info_test.go +++ b/integration-cli/docker_cli_info_test.go -@@ -40,7 +40,7 @@ func (s *DockerSuite) TestInfoEnsureSucceeds(c *check.C) { +@@ -41,7 +41,7 @@ func (s *DockerSuite) TestInfoEnsureSucceeds(c *check.C) { } - if DaemonIsLinux.Condition() { + if DaemonIsLinux() { - stringsToCheck = append(stringsToCheck, "Runtimes:", "Default Runtime: runc") + stringsToCheck = append(stringsToCheck, "Runtimes:", "Default Runtime: oci") } - if experimentalDaemon { + if testEnv.ExperimentalDaemon() { diff --git a/netlink_netns_powerpc.patch b/netlink_netns_powerpc.patch deleted file mode 100644 index 85f8b4a..0000000 --- a/netlink_netns_powerpc.patch +++ /dev/null @@ -1,16 +0,0 @@ ---- - vendor/src/github.com/vishvananda/netns/netns_linux_ppc64.go | 7 +++++++ - 1 file changed, 7 insertions(+) - -Index: docker-1.10.2/vendor/src/github.com/vishvananda/netns/netns_linux_ppc64.go -=================================================================== ---- /dev/null -+++ docker-1.10.2/vendor/src/github.com/vishvananda/netns/netns_linux_ppc64.go -@@ -0,0 +1,7 @@ -+// +build linux,ppc64 -+ -+package netns -+ -+const ( -+ SYS_SETNS = 350 -+) diff --git a/pr31549-cmd-docker-fix-TestDaemonCommand.patch b/pr31549-cmd-docker-fix-TestDaemonCommand.patch deleted file mode 100644 index 3cad3ae..0000000 --- a/pr31549-cmd-docker-fix-TestDaemonCommand.patch +++ /dev/null @@ -1,49 +0,0 @@ -From dd7159060f60ea04007c069df189a29fda2c655f Mon Sep 17 00:00:00 2001 -From: Aleksa Sarai <asarai@suse.de> -Date: Sun, 5 Mar 2017 15:25:11 +1100 -Subject: [PATCH] cmd: docker: fix TestDaemonCommand - -In more recent versions of Cobra, `--help` parsing is done before -anything else resulting in TestDaemonCommand not actually passing. I'm -actually unsure if this test ever passed since it appears that !daemon -is not being run as part of the test suite. - -Signed-off-by: Aleksa Sarai <asarai@suse.de> ---- - cmd/docker/daemon_none.go | 6 ++++-- - cmd/docker/daemon_none_test.go | 2 +- - 2 files changed, 5 insertions(+), 3 deletions(-) - -diff --git a/cmd/docker/daemon_none.go b/cmd/docker/daemon_none.go -index 65f9f37be22f..6fbd00012526 100644 ---- a/cmd/docker/daemon_none.go -+++ b/cmd/docker/daemon_none.go -@@ -12,8 +12,10 @@ import ( - - func newDaemonCommand() *cobra.Command { - return &cobra.Command{ -- Use: "daemon", -- Hidden: true, -+ Use: "daemon", -+ Hidden: true, -+ Args: cobra.ArbitraryArgs, -+ DisableFlagParsing: true, - RunE: func(cmd *cobra.Command, args []string) error { - return runDaemon() - }, -diff --git a/cmd/docker/daemon_none_test.go b/cmd/docker/daemon_none_test.go -index 32032fe1b344..bd42add98696 100644 ---- a/cmd/docker/daemon_none_test.go -+++ b/cmd/docker/daemon_none_test.go -@@ -10,7 +10,7 @@ import ( - - func TestDaemonCommand(t *testing.T) { - cmd := newDaemonCommand() -- cmd.SetArgs([]string{"--help"}) -+ cmd.SetArgs([]string{"--version"}) - err := cmd.Execute() - - assert.Error(t, err, "Please run `dockerd`") --- -2.12.0 - diff --git a/pr31773-daemon-also-ensureDefaultApparmorProfile-in-exec-pat.patch b/pr31773-daemon-also-ensureDefaultApparmorProfile-in-exec-pat.patch deleted file mode 100644 index 0e853d5..0000000 --- a/pr31773-daemon-also-ensureDefaultApparmorProfile-in-exec-pat.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 790a81ea9acce318d0e037771c253951b874140b Mon Sep 17 00:00:00 2001 -From: Aleksa Sarai <asarai@suse.de> -Date: Mon, 13 Mar 2017 14:57:35 +1100 -Subject: [PATCH] daemon: also ensureDefaultApparmorProfile in exec path - -When 567ef8e7858c ("daemon: switch to 'ensure' workflow for AppArmor -profiles") was merged, it didn't correctly handle the exec path if -AppArmor profiles were deleted. Fix this by duplicating the -ensureDefaultApparmorProfile code in the exec code. - -Fixes: 567ef8e7858c ("daemon: switch to 'ensure' workflow for AppArmor profiles") -Signed-off-by: Aleksa Sarai <asarai@suse.de> ---- - daemon/exec_linux.go | 23 +++++++++++++++++++++++ - 1 file changed, 23 insertions(+) - -diff --git a/daemon/exec_linux.go b/daemon/exec_linux.go -index 5aeedc347027..bb11c11e447c 100644 ---- a/daemon/exec_linux.go -+++ b/daemon/exec_linux.go -@@ -5,6 +5,7 @@ import ( - "github.com/docker/docker/daemon/caps" - "github.com/docker/docker/daemon/exec" - "github.com/docker/docker/libcontainerd" -+ "github.com/opencontainers/runc/libcontainer/apparmor" - "github.com/opencontainers/runtime-spec/specs-go" - ) - -@@ -23,5 +24,27 @@ func execSetPlatformOpt(c *container.Container, ec *exec.Config, p *libcontainer - if ec.Privileged { - p.Capabilities = caps.GetAllCapabilities() - } -+ if apparmor.IsEnabled() { -+ var appArmorProfile string -+ if c.AppArmorProfile != "" { -+ appArmorProfile = c.AppArmorProfile -+ } else if c.HostConfig.Privileged { -+ appArmorProfile = "unconfined" -+ } else { -+ appArmorProfile = "docker-default" -+ } -+ -+ if appArmorProfile == "docker-default" { -+ // Unattended upgrades and other fun services can unload AppArmor -+ // profiles inadvertently. Since we cannot store our profile in -+ // /etc/apparmor.d, nor can we practically add other ways of -+ // telling the system to keep our profile loaded, in order to make -+ // sure that we keep the default profile enabled we dynamically -+ // reload it if necessary. -+ if err := ensureDefaultAppArmorProfile(); err != nil { -+ return err -+ } -+ } -+ } - return nil - } --- -2.12.0 - diff --git a/secrets-0002-SUSE-implement-SUSE-container-secrets.patch b/secrets-0002-SUSE-implement-SUSE-container-secrets.patch index 600b8e4..ae078b6 100644 --- a/secrets-0002-SUSE-implement-SUSE-container-secrets.patch +++ b/secrets-0002-SUSE-implement-SUSE-container-secrets.patch @@ -66,7 +66,7 @@ index 000000000000..591abc998e67 + "syscall" + + "github.com/Sirupsen/logrus" -+ "github.com/docker/distribution/digest" ++ "github.com/opencontainers/go-digest" + "github.com/docker/docker/container" + + swarmtypes "github.com/docker/docker/api/types/swarm"