SHA256
1
0
forked from pool/docker

Accepting request 1040668 from home:cyphar:docker

- Update to Docker 20.10.21-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/#201021>. bsc#1206065
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
  * 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
  * 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
- The PRIVATE-REGISTRY patch will now output a warning if it is being used (in
  preparation for removing the feature). This feature was never meant to be
  used by users directly (and is only available in the -kubic/CaaSP version of
  the package anyway) and thus should not affect any users.

OBS-URL: https://build.opensuse.org/request/show/1040668
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=378
This commit is contained in:
Aleksa Sarai 2022-12-06 13:40:50 +00:00 committed by Git OBS Bridge
parent 2d5b72554e
commit 8d13290266
16 changed files with 98 additions and 70 deletions

View File

@ -1,7 +1,7 @@
From 37dfb97c0016300dd6453fc718805ccdf341bfd6 Mon Sep 17 00:00:00 2001 From 823bedd07fac6778a3d94b6f949ac16e6bd12638 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de> From: Aleksa Sarai <asarai@suse.de>
Date: Wed, 8 Mar 2017 12:41:54 +1100 Date: Wed, 8 Mar 2017 12:41:54 +1100
Subject: [PATCH 1/6] SECRETS: daemon: allow directory creation in /run/secrets Subject: [PATCH 1/7] SECRETS: daemon: allow directory creation in /run/secrets
Since FileMode can have the directory bit set, allow a SecretStore Since FileMode can have the directory bit set, allow a SecretStore
implementation to return secrets that are actually directories. This is implementation to return secrets that are actually directories. This is
@ -70,5 +70,5 @@ index 75b4b09b8dc4..583db20aa459 100644
return errors.Wrap(err, "error setting ownership for secret") return errors.Wrap(err, "error setting ownership for secret")
} }
-- --
2.36.1 2.38.1

View File

@ -1,7 +1,7 @@
From 11ac23e5620ee53c9527334d2222b32ca5098876 Mon Sep 17 00:00:00 2001 From fa24396cbecbb6cdc7c734559389486849c2268c Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de> From: Aleksa Sarai <asarai@suse.de>
Date: Wed, 8 Mar 2017 11:43:29 +1100 Date: Wed, 8 Mar 2017 11:43:29 +1100
Subject: [PATCH 2/6] SECRETS: SUSE: implement SUSE container secrets Subject: [PATCH 2/7] SECRETS: SUSE: implement SUSE container secrets
This allows for us to pass in host credentials to a container, allowing This allows for us to pass in host credentials to a container, allowing
for SUSEConnect to work with containers. for SUSEConnect to work with containers.
@ -451,5 +451,5 @@ index 000000000000..9ee33adf7497
+ return nil + return nil
+} +}
-- --
2.36.1 2.38.1

View File

@ -1,7 +1,7 @@
From cf3c6ccefda39c60dc656404674628ac48b55de9 Mon Sep 17 00:00:00 2001 From 0fe6aba9612d2b483b29192c0605b1311b77a92b Mon Sep 17 00:00:00 2001
From: Valentin Rothberg <vrothberg@suse.com> From: Valentin Rothberg <vrothberg@suse.com>
Date: Mon, 2 Jul 2018 13:37:34 +0200 Date: Mon, 2 Jul 2018 13:37:34 +0200
Subject: [PATCH 3/6] PRIVATE-REGISTRY: add private-registry mirror support Subject: [PATCH 3/7] PRIVATE-REGISTRY: add private-registry mirror support
NOTE: This is a backport/downstream patch of the upstream pull-request NOTE: This is a backport/downstream patch of the upstream pull-request
for Moby, which is still subject to changes. Please visit for Moby, which is still subject to changes. Please visit
@ -72,12 +72,12 @@ Signed-off-by: Aleksa Sarai <asarai@suse.de>
distribution/pull.go | 2 +- distribution/pull.go | 2 +-
distribution/pull_v2.go | 2 +- distribution/pull_v2.go | 2 +-
distribution/push.go | 2 +- distribution/push.go | 2 +-
registry/config.go | 126 ++++++++++++++++++++++++++++- registry/config.go | 133 +++++++++++++++++++++++++++++-
registry/config_test.go | 142 ++++++++++++++++++++++++++++++++ registry/config_test.go | 142 ++++++++++++++++++++++++++++++++
registry/registry_test.go | 99 ++++++++++++++++++++--- registry/registry_test.go | 99 ++++++++++++++++++++---
registry/service.go | 43 +++++++--- registry/service.go | 43 +++++++---
registry/service_v2.go | 64 +++++++++++---- registry/service_v2.go | 63 +++++++++++----
12 files changed, 710 insertions(+), 46 deletions(-) 12 files changed, 716 insertions(+), 46 deletions(-)
diff --git a/api/types/registry/registry.go b/api/types/registry/registry.go diff --git a/api/types/registry/registry.go b/api/types/registry/registry.go
index 53e47084c8d5..b4bb9ef805d3 100644 index 53e47084c8d5..b4bb9ef805d3 100644
@ -444,10 +444,10 @@ index c8ddd4c5cfcd..b17e9d25d6c2 100644
return err return err
} }
diff --git a/distribution/pull_v2.go b/distribution/pull_v2.go diff --git a/distribution/pull_v2.go b/distribution/pull_v2.go
index 123abf6b497a..097ead45d0fd 100644 index 5abd18b6cf7c..0796e7ea1d52 100644
--- a/distribution/pull_v2.go --- a/distribution/pull_v2.go
+++ b/distribution/pull_v2.go +++ b/distribution/pull_v2.go
@@ -432,7 +432,7 @@ func (p *v2Puller) pullV2Tag(ctx context.Context, ref reference.Named, platform @@ -433,7 +433,7 @@ func (p *v2Puller) pullV2Tag(ctx context.Context, ref reference.Named, platform
// the other side speaks the v2 protocol. // the other side speaks the v2 protocol.
p.confirmedV2 = true p.confirmedV2 = true
@ -470,7 +470,7 @@ index 5617a4c95f49..0a24aebed968 100644
return err return err
} }
diff --git a/registry/config.go b/registry/config.go diff --git a/registry/config.go b/registry/config.go
index 54b83fa40aab..e1ba24b83bdd 100644 index 54b83fa40aab..5adc913e4344 100644
--- a/registry/config.go --- a/registry/config.go
+++ b/registry/config.go +++ b/registry/config.go
@@ -14,11 +14,12 @@ import ( @@ -14,11 +14,12 @@ import (
@ -512,7 +512,7 @@ index 54b83fa40aab..e1ba24b83bdd 100644
config := &serviceConfig{ config := &serviceConfig{
ServiceConfig: registrytypes.ServiceConfig{ ServiceConfig: registrytypes.ServiceConfig{
InsecureRegistryCIDRs: make([]*registrytypes.NetIPNet, 0), InsecureRegistryCIDRs: make([]*registrytypes.NetIPNet, 0),
@@ -78,10 +92,106 @@ func newServiceConfig(options ServiceOptions) (*serviceConfig, error) { @@ -78,10 +92,113 @@ func newServiceConfig(options ServiceOptions) (*serviceConfig, error) {
if err := config.LoadInsecureRegistries(options.InsecureRegistries); err != nil { if err := config.LoadInsecureRegistries(options.InsecureRegistries); err != nil {
return nil, err return nil, err
} }
@ -531,6 +531,13 @@ index 54b83fa40aab..e1ba24b83bdd 100644
+func (config *serviceConfig) checkRegistries() error { +func (config *serviceConfig) checkRegistries() error {
+ inUse := make(map[string]string) // key: host, value: user + inUse := make(map[string]string) // key: host, value: user
+ +
+ if len(config.Registries) > 0 {
+ logrus.Errorf("[SUSE] You are currently using an unsupported and out-of-tree Docker feature intended for internal SUSE only.")
+ logrus.Errorf("[SUSE] If you see this warning (and you are not using CaaSP) please open a SUSE bug report to alert us of this.")
+ logrus.Errorf("[SUSE] This feature (registry mirrors) will be removed in a future Docker release on SUSE.")
+ logrus.Errorf("[SUSE] Please DO NOT submit an upstream bug report about this warning!")
+ }
+
+ // make sure that each mirror serves only one registry + // make sure that each mirror serves only one registry
+ for _, reg := range config.Registries { + for _, reg := range config.Registries {
+ for _, mirror := range reg.Mirrors { + for _, mirror := range reg.Mirrors {
@ -619,7 +626,7 @@ index 54b83fa40aab..e1ba24b83bdd 100644
// LoadAllowNondistributableArtifacts loads allow-nondistributable-artifacts registries into config. // LoadAllowNondistributableArtifacts loads allow-nondistributable-artifacts registries into config.
func (config *serviceConfig) LoadAllowNondistributableArtifacts(registries []string) error { func (config *serviceConfig) LoadAllowNondistributableArtifacts(registries []string) error {
cidrs := map[string]*registrytypes.NetIPNet{} cidrs := map[string]*registrytypes.NetIPNet{}
@@ -122,6 +232,10 @@ func (config *serviceConfig) LoadAllowNondistributableArtifacts(registries []str @@ -122,6 +239,10 @@ func (config *serviceConfig) LoadAllowNondistributableArtifacts(registries []str
// LoadMirrors loads mirrors to config, after removing duplicates. // LoadMirrors loads mirrors to config, after removing duplicates.
// Returns an error if mirrors contains an invalid mirror. // Returns an error if mirrors contains an invalid mirror.
func (config *serviceConfig) LoadMirrors(mirrors []string) error { func (config *serviceConfig) LoadMirrors(mirrors []string) error {
@ -630,7 +637,7 @@ index 54b83fa40aab..e1ba24b83bdd 100644
mMap := map[string]struct{}{} mMap := map[string]struct{}{}
unique := []string{} unique := []string{}
@@ -151,6 +265,10 @@ func (config *serviceConfig) LoadMirrors(mirrors []string) error { @@ -151,6 +272,10 @@ func (config *serviceConfig) LoadMirrors(mirrors []string) error {
// LoadInsecureRegistries loads insecure registries to config // LoadInsecureRegistries loads insecure registries to config
func (config *serviceConfig) LoadInsecureRegistries(registries []string) error { func (config *serviceConfig) LoadInsecureRegistries(registries []string) error {
@ -1042,10 +1049,10 @@ index 3b08e39da2c2..62556ba1ba70 100644
for _, endpoint := range allEndpoints { for _, endpoint := range allEndpoints {
if !endpoint.Mirror { if !endpoint.Mirror {
diff --git a/registry/service_v2.go b/registry/service_v2.go diff --git a/registry/service_v2.go b/registry/service_v2.go
index 3e3a5b41ffbd..451a6f874bc1 100644 index 154ac7c93e80..06f7d20de8f9 100644
--- a/registry/service_v2.go --- a/registry/service_v2.go
+++ b/registry/service_v2.go +++ b/registry/service_v2.go
@@ -1,39 +1,71 @@ @@ -1,42 +1,73 @@
package registry // import "github.com/docker/docker/registry" package registry // import "github.com/docker/docker/registry"
import ( import (
@ -1060,17 +1067,7 @@ index 3e3a5b41ffbd..451a6f874bc1 100644
-func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndpoint, err error) { -func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndpoint, err error) {
+func (s *DefaultService) lookupV2Endpoints(reference string) (endpoints []APIEndpoint, err error) { +func (s *DefaultService) lookupV2Endpoints(reference string) (endpoints []APIEndpoint, err error) {
tlsConfig := tlsconfig.ServerDefault() tlsConfig := tlsconfig.ServerDefault()
- if hostname == DefaultNamespace || hostname == IndexHostname {
- for _, mirror := range s.config.Mirrors {
- if !strings.HasPrefix(mirror, "http://") && !strings.HasPrefix(mirror, "https://") {
- mirror = "https://" + mirror
- }
- mirrorURL, err := url.Parse(mirror)
- if err != nil {
- return nil, err
- }
- mirrorTLSConfig, err := s.tlsConfigForMirror(mirrorURL)
+
+ // extraxt the hostname from the reference + // extraxt the hostname from the reference
+ refURL := reference + refURL := reference
+ if !strings.HasPrefix(refURL, "http://") && !strings.HasPrefix(refURL, "https://") { + if !strings.HasPrefix(refURL, "http://") && !strings.HasPrefix(refURL, "https://") {
@ -1085,6 +1082,18 @@ index 3e3a5b41ffbd..451a6f874bc1 100644
+ return nil, fmt.Errorf("SUSE PATCH [lookupV2Endpoints]: cannot determine hostname of reference %s", reference) + return nil, fmt.Errorf("SUSE PATCH [lookupV2Endpoints]: cannot determine hostname of reference %s", reference)
+ } + }
+ +
ana := allowNondistributableArtifacts(s.config, hostname)
- if hostname == DefaultNamespace || hostname == IndexHostname {
- for _, mirror := range s.config.Mirrors {
- if !strings.HasPrefix(mirror, "http://") && !strings.HasPrefix(mirror, "https://") {
- mirror = "https://" + mirror
- }
- mirrorURL, err := url.Parse(mirror)
- if err != nil {
- return nil, err
- }
- mirrorTLSConfig, err := s.tlsConfigForMirror(mirrorURL)
+ // create endpoints for official and configured registries + // create endpoints for official and configured registries
+ official := false + official := false
+ if hostname == "docker.io" { + if hostname == "docker.io" {
@ -1131,8 +1140,8 @@ index 3e3a5b41ffbd..451a6f874bc1 100644
+ Official: official, + Official: official,
TrimHostname: true, TrimHostname: true,
TLSConfig: tlsConfig, TLSConfig: tlsConfig,
})
@@ -45,7 +77,7 @@ func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp @@ -48,7 +79,7 @@ func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp
tlsConfig, err = s.tlsConfig(hostname) tlsConfig, err = s.tlsConfig(hostname)
if err != nil { if err != nil {
@ -1142,5 +1151,5 @@ index 3e3a5b41ffbd..451a6f874bc1 100644
endpoints = []APIEndpoint{ endpoints = []APIEndpoint{
-- --
2.36.1 2.38.1

View File

@ -1,7 +1,7 @@
From 5d2f7a37a37547663aae1538b2d3fd48dd7277c8 Mon Sep 17 00:00:00 2001 From bc52d15141402d94eeaee618f1df0b540f527b98 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de> From: Aleksa Sarai <asarai@suse.de>
Date: Fri, 29 Jun 2018 17:59:30 +1000 Date: Fri, 29 Jun 2018 17:59:30 +1000
Subject: [PATCH 4/6] bsc1073877: apparmor: clobber docker-default profile on Subject: [PATCH 4/7] bsc1073877: apparmor: clobber docker-default profile on
start start
In the process of making docker-default reloading far less expensive, In the process of making docker-default reloading far less expensive,
@ -69,10 +69,10 @@ index e3dc18b32b5e..9c7723056268 100644
return nil return nil
} }
diff --git a/daemon/daemon.go b/daemon/daemon.go diff --git a/daemon/daemon.go b/daemon/daemon.go
index 2a2fbbd52e19..0999ac3186b7 100644 index f15a4b038498..2f0c23bc62c9 100644
--- a/daemon/daemon.go --- a/daemon/daemon.go
+++ b/daemon/daemon.go +++ b/daemon/daemon.go
@@ -855,8 +855,9 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S @@ -857,8 +857,9 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
logrus.Warnf("Failed to configure golang's threads limit: %v", err) logrus.Warnf("Failed to configure golang's threads limit: %v", err)
} }
@ -85,5 +85,5 @@ index 2a2fbbd52e19..0999ac3186b7 100644
} }
-- --
2.36.1 2.38.1

View File

@ -1,7 +1,7 @@
From b54c6c7addcb163ddcef5e37fc7ed1c0afd0dbfa Mon Sep 17 00:00:00 2001 From 57673ad5455b1b27e41716e33b67c9cd8099b580 Mon Sep 17 00:00:00 2001
From: Michal Rostecki <mrostecki@opensuse.org> From: Michal Rostecki <mrostecki@opensuse.org>
Date: Thu, 8 Apr 2021 14:42:02 +0100 Date: Thu, 8 Apr 2021 14:42:02 +0100
Subject: [PATCH 5/6] bsc1183855: btrfs: Do not disable quota on cleanup Subject: [PATCH 5/7] bsc1183855: btrfs: Do not disable quota on cleanup
Before this change, cleanup of the btrfs driver (occuring on each daemon Before this change, cleanup of the btrfs driver (occuring on each daemon
shutdown) resulted in disabling quotas. It was done with an assumption shutdown) resulted in disabling quotas. It was done with an assumption
@ -140,5 +140,5 @@ index fa0cdf8666b1..02bbb5da1088 100644
} }
if err := subvolLimitQgroup(dir, size); err != nil { if err := subvolLimitQgroup(dir, size); err != nil {
-- --
2.36.1 2.38.1

View File

@ -1,7 +1,7 @@
From bb67252dfccb18dacc9e0c3463e7c52f32fb2900 Mon Sep 17 00:00:00 2001 From dd265ac6cbe070f80a0c607ba147af35858ae5e9 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de> From: Aleksa Sarai <asarai@suse.de>
Date: Fri, 29 Apr 2022 12:44:21 +1000 Date: Fri, 29 Apr 2022 12:44:21 +1000
Subject: [PATCH 6/6] bsc1193930: vendor: update golang.org/x/crypto Subject: [PATCH 6/7] bsc1193930: vendor: update golang.org/x/crypto
This is necessary to fix several security issues that Docker hasn't This is necessary to fix several security issues that Docker hasn't
backported to their CE branch: backported to their CE branch:
@ -354,10 +354,10 @@ Signed-off-by: Aleksa Sarai <asarai@suse.de>
create mode 100644 vendor/golang.org/x/crypto/xts/xts.go create mode 100644 vendor/golang.org/x/crypto/xts/xts.go
diff --git a/vendor.conf b/vendor.conf diff --git a/vendor.conf b/vendor.conf
index 54e97e4562d8..9ff95d499ef8 100644 index a41471b57b71..2965c71c3709 100644
--- a/vendor.conf --- a/vendor.conf
+++ b/vendor.conf +++ b/vendor.conf
@@ -150,7 +150,7 @@ github.com/golang/protobuf 84668698ea25b64748563aa20726 @@ -152,7 +152,7 @@ github.com/golang/protobuf 84668698ea25b64748563aa20726
github.com/cloudflare/cfssl 5d63dbd981b5c408effbb58c442d54761ff94fbd # 1.3.2 github.com/cloudflare/cfssl 5d63dbd981b5c408effbb58c442d54761ff94fbd # 1.3.2
github.com/fernet/fernet-go 9eac43b88a5efb8651d24de9b68e87567e029736 github.com/fernet/fernet-go 9eac43b88a5efb8651d24de9b68e87567e029736
github.com/google/certificate-transparency-go 37a384cd035e722ea46e55029093e26687138edf # v1.0.20 github.com/google/certificate-transparency-go 37a384cd035e722ea46e55029093e26687138edf # v1.0.20
@ -41068,5 +41068,5 @@ index 000000000000..b51308e95e52
+ } + }
+} +}
-- --
2.36.1 2.38.1

View File

@ -1,4 +1,4 @@
From 078fbd36b8fecab42ac7faad973a16aed10ab28c Mon Sep 17 00:00:00 2001 From 6451aa1559ce5a135f599682ab33721e116925bd Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl> From: Sebastiaan van Stijn <github@gone.nl>
Date: Fri, 29 Jan 2021 14:55:08 +0100 Date: Fri, 29 Jan 2021 14:55:08 +0100
Subject: [PATCH 7/7] bsc1200022: fifo.Close(): prevent possible panic if fifo Subject: [PATCH 7/7] bsc1200022: fifo.Close(): prevent possible panic if fifo
@ -52,5 +52,5 @@ index 96c214f270bf..c3eec295b578 100644
case <-f.closed: case <-f.closed:
f.handle.Close() f.handle.Close()
-- --
2.36.1 2.38.1

View File

@ -3,16 +3,16 @@
<param name="url">https://github.com/moby/moby.git</param> <param name="url">https://github.com/moby/moby.git</param>
<param name="scm">git</param> <param name="scm">git</param>
<param name="exclude">.git</param> <param name="exclude">.git</param>
<param name="versionformat">20.10.17_ce_%h</param> <param name="versionformat">20.10.21_ce_%h</param>
<param name="revision">v20.10.17</param> <param name="revision">v20.10.21</param>
<param name="filename">docker</param> <param name="filename">docker</param>
</service> </service>
<service name="tar_scm" mode="disabled"> <service name="tar_scm" mode="disabled">
<param name="url">https://github.com/docker/cli.git</param> <param name="url">https://github.com/docker/cli.git</param>
<param name="scm">git</param> <param name="scm">git</param>
<param name="exclude">.git</param> <param name="exclude">.git</param>
<param name="versionformat">20.10.17_ce</param> <param name="versionformat">20.10.21_ce</param>
<param name="revision">v20.10.17</param> <param name="revision">v20.10.21</param>
<param name="filename">docker-cli</param> <param name="filename">docker-cli</param>
</service> </service>
<service name="tar_scm" mode="disabled"> <service name="tar_scm" mode="disabled">
@ -20,7 +20,7 @@
<param name="scm">git</param> <param name="scm">git</param>
<param name="exclude">.git</param> <param name="exclude">.git</param>
<param name="versionformat">%H</param> <param name="versionformat">%H</param>
<param name="revision">f6ccccb1c082a432c2a5814aaedaca56af33d9ea</param> <param name="revision">0dde5c895075df6e3630e76f750a447cf63f4789</param>
<param name="filename">docker-libnetwork</param> <param name="filename">docker-libnetwork</param>
</service> </service>
<service name="recompress" mode="disabled"> <service name="recompress" mode="disabled">

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:9464d19aa358c19089672a03b13572b9c512c8c19ad098b594caca864052c426
size 6557740

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2696414f3d39bb862d2e60e614a4fe2e6a655c65c30742a4a28b776fbbd59bc5
size 6590696

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1eeb771ad69ec70e206d69bdb649d05f438d0fa4193bbb6f4c7fd276258a08a9
size 4357440

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:cfa23215b99aed9c85a401fd1aeb961a5a3f8b3095fb6815ba8eb83cf182481f
size 4358052

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:24a4b6aeb1391b2ab9f99fad7343913ecc7191a10669a056e0a2cdf449e3733e
size 1983868

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a676901b2676dedd147e70b2e6c5b9869e8d2fad99605de20cc1b42830097d3b
size 1983552

View File

@ -1,3 +1,21 @@
-------------------------------------------------------------------
Tue Dec 6 11:49:32 UTC 2022 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 20.10.21-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#201021>. bsc#1206065
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
* 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
* 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
- The PRIVATE-REGISTRY patch will now output a warning if it is being used (in
preparation for removing the feature). This feature was never meant to be
used by users directly (and is only available in the -kubic/CaaSP version of
the package anyway) and thus should not affect any users.
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Oct 24 09:45:20 UTC 2022 - Dan Čermák <dcermak@suse.com> Mon Oct 24 09:45:20 UTC 2022 - Dan Čermák <dcermak@suse.com>

View File

@ -42,24 +42,25 @@
# helpfully injects into our build environment from the changelog). If you want # helpfully injects into our build environment from the changelog). If you want
# to generate a new git_commit_epoch, use this: # to generate a new git_commit_epoch, use this:
# $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s' # $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s'
%define git_version a89b84221c85 %define real_version 20.10.21
%define git_commit_epoch 1654554758 %define git_version 3056208812eb
%define git_commit_epoch 1666698255
# We require a specific pin of libnetwork because it doesn't really do # We require a specific pin of libnetwork because it doesn't really do
# versioning and minor version mismatches in libnetwork can break Docker # versioning and minor version mismatches in libnetwork can break Docker
# networking. All other key runtime dependencies (containerd, runc) are stable # networking. All other key runtime dependencies (containerd, runc) are stable
# enough that this isn't necessary. # enough that this isn't necessary.
%define libnetwork_version f6ccccb1c082a432c2a5814aaedaca56af33d9ea %define libnetwork_version 0dde5c895075df6e3630e76f750a447cf63f4789
%define dist_builddir %{_builddir}/dist-suse %define dist_builddir %{_builddir}/dist-suse
%define cli_builddir %{dist_builddir}/src/github.com/docker/cli %define cli_builddir %{dist_builddir}/src/github.com/docker/cli
%define proxy_builddir %{dist_builddir}/src/github.com/docker/libnetwork %define proxy_builddir %{dist_builddir}/src/github.com/docker/libnetwork
Name: %{realname}%{name_suffix} Name: %{realname}%{name_suffix}
Version: 20.10.17_ce Version: %{real_version}_ce
# This "nice version" is so that docker --version gives a result that can be # This "nice version" is so that docker --version gives a result that can be
# parsed by other people. boo#1182476 # parsed by other people. boo#1182476
%define nice_version 20.10.17-ce %define nice_version %{real_version}-ce
Release: 0 Release: 0
Summary: The Moby-project Linux container runtime Summary: The Moby-project Linux container runtime
License: Apache-2.0 License: Apache-2.0
@ -117,8 +118,8 @@ BuildRequires: go-go-md2man
BuildRequires: pkgconfig(libsystemd) BuildRequires: pkgconfig(libsystemd)
BuildRequires: sysuser-tools BuildRequires: sysuser-tools
# Due to a limitation in openSUSE's Go packaging we cannot have a BuildRequires # Due to a limitation in openSUSE's Go packaging we cannot have a BuildRequires
# for 'golang(API) >= 1.17' here, so just require 1.17 exactly. bsc#1172608 # for 'golang(API) >= 1.18' here, so just require 1.18 exactly. bsc#1172608
BuildRequires: go1.17 BuildRequires: go1.18
Requires: (apparmor-parser or container-selinux) Requires: (apparmor-parser or container-selinux)
Requires: ca-certificates-mozilla Requires: ca-certificates-mozilla
# The docker-proxy binary used to be in a separate package. We obsolete it, # The docker-proxy binary used to be in a separate package. We obsolete it,
@ -128,7 +129,7 @@ Provides: docker-libnetwork%{name_suffix} = 0.7.0.2.%{version}
# Required to actually run containers. We require the minimum version that is # Required to actually run containers. We require the minimum version that is
# pinned by Docker, but in order to avoid headaches we allow for updates. # pinned by Docker, but in order to avoid headaches we allow for updates.
Requires: runc >= 1.1.2 Requires: runc >= 1.1.2
Requires: containerd >= 1.6.6 Requires: containerd >= 1.6.9
# Needed for --init support. We don't use "tini", we use our own implementation # Needed for --init support. We don't use "tini", we use our own implementation
# which handles edge-cases better. # which handles edge-cases better.
Requires: catatonit Requires: catatonit