From 9dce1f84b959c8a0d27ca318493283ed45ac3d9782182f46822846907807eeaf Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Thu, 28 Jan 2016 08:07:07 +0000 Subject: [PATCH] Accepting request 356411 from home:cyphar:branches:Virtualization:containers This adds a fix for the (quite specific) JSON bug which completely breaks container starts. OBS-URL: https://build.opensuse.org/request/show/356411 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=57 --- docker.changes | 7 ++ docker.spec | 7 +- fix_json_econnreset_bug.patch | 136 ++++++++++++++++++++++++++++++++++ 3 files changed, 148 insertions(+), 2 deletions(-) create mode 100644 fix_json_econnreset_bug.patch diff --git a/docker.changes b/docker.changes index 20bc487..8766a73 100644 --- a/docker.changes +++ b/docker.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed Jan 27 23:40:09 UTC 2016 - asarai@suse.com + +- backport 1 bugfix from the upstream 1.10 branch + Added: + fix_json_econnreset_bug.patch (https://github.com/docker/docker/issues/14203) + ------------------------------------------------------------------- Thu Jan 21 16:52:41 UTC 2016 - jmassaguerpla@suse.com diff --git a/docker.spec b/docker.spec index dba3a65..99d73c2 100644 --- a/docker.spec +++ b/docker.spec @@ -50,12 +50,14 @@ Patch2: fix_bnc_958255.patch Patch3: use_fs_cgroups_by_default.patch # fix an issue with cgroups. This is fixed upstream, too. Patch4: fix_cgroup.parent_path_sanitisation.patch +# fix an issue with JSON and containers not starting. This is fixed upstream, too. +Patch5: fix_json_econnreset_bug.patch # Required to overcome some limitations of gcc-go: https://groups.google.com/forum/#!msg/golang-nuts/SlGCPYkjxo4/4DjcjXRCqAkJ # Right now docker passes the sha1sum of the dockerinit binary to the docker binary at build time # We cannot do that, right now a quick and really dirty way to get it running is # to simply disable this check # Required to overcome some limitations of gcc-go: https://groups.google.com/forum/# !msg/golang-nuts/SlGCPYkjxo4/4DjcjXRCqAkJ -Patch5: gcc5_socket_workaround.patch +Patch6: gcc5_socket_workaround.patch Patch100: ignore-dockerinit-checksum.patch Patch101: gcc-go-patches.patch Patch102: add_bolt_ppc64.patch @@ -158,6 +160,7 @@ Test package for docker. It contains the source code and the tests. %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 # 1330 is Tumbleweed after leap has been released # gcc5-go in Tumbleweed includes this commit # https://github.com/golang/gofrontend/commit/a850225433a66a58613c22185c3b09626f5545eb @@ -166,7 +169,7 @@ Test package for docker. It contains the source code and the tests. # for that issue. # Thus, we need to workaround the workaroundn in tumbleweed %if 0%{?suse_version} >= 1330 && 0%{?is_opensuse} == 1 -%patch5 -p1 +%patch6 -p1 %endif %ifnarch %go_arches %patch100 -p1 diff --git a/fix_json_econnreset_bug.patch b/fix_json_econnreset_bug.patch new file mode 100644 index 0000000..a54fc11 --- /dev/null +++ b/fix_json_econnreset_bug.patch @@ -0,0 +1,136 @@ +commit 7b5896702bd2951541af27925620172edb5d3505 +Author: Michael Crosby +Date: Tue Jan 26 15:00:07 2016 -0800 + + Update libcontainer to 3d8a20bb772defc28c355534d83 + + Fixes #14203 + + This bump fixes the issue of having the container's pipes connection + reset by peer because of using the json.Encoder and having a \n added to + the output. + + Signed-off-by: Michael Crosby + +Index: docker-1.9.1/hack/vendor.sh +=================================================================== +--- docker-1.9.1.orig/hack/vendor.sh ++++ docker-1.9.1/hack/vendor.sh +@@ -48,7 +48,7 @@ clone git github.com/agl/ed25519 d2b94fd + + # this runc commit from branch relabel_fix_docker_1.9.1, pls remove it when you + # update next time +-clone git github.com/opencontainers/runc 1349b37bd56f4f5ce2690b5b2c0f53f88a261c67 # libcontainer ++clone git github.com/opencontainers/runc 3d8a20bb772defc28c355534d83486416d1719b4 # libcontainer + # libcontainer deps (see src/github.com/opencontainers/runc/Godeps/Godeps.json) + clone git github.com/coreos/go-systemd v3 + clone git github.com/godbus/dbus v2 +Index: docker-1.9.1/vendor/src/github.com/opencontainers/runc/libcontainer/container_linux.go +=================================================================== +--- docker-1.9.1.orig/vendor/src/github.com/opencontainers/runc/libcontainer/container_linux.go ++++ docker-1.9.1/vendor/src/github.com/opencontainers/runc/libcontainer/container_linux.go +@@ -18,6 +18,7 @@ import ( + "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/runc/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/criurpc" ++ "github.com/opencontainers/runc/libcontainer/utils" + ) + + const stdioFdCount = 3 +@@ -863,7 +864,7 @@ func (c *linuxContainer) updateState(pro + } + defer f.Close() + os.Remove(filepath.Join(c.root, "checkpoint")) +- return json.NewEncoder(f).Encode(state) ++ return utils.WriteJSON(f, state) + } + + func (c *linuxContainer) currentStatus() (Status, error) { +Index: docker-1.9.1/vendor/src/github.com/opencontainers/runc/libcontainer/factory_linux.go +=================================================================== +--- docker-1.9.1.orig/vendor/src/github.com/opencontainers/runc/libcontainer/factory_linux.go ++++ docker-1.9.1/vendor/src/github.com/opencontainers/runc/libcontainer/factory_linux.go +@@ -5,7 +5,6 @@ package libcontainer + import ( + "encoding/json" + "fmt" +- "io/ioutil" + "os" + "os/exec" + "path/filepath" +@@ -19,6 +18,7 @@ import ( + "github.com/opencontainers/runc/libcontainer/cgroups/systemd" + "github.com/opencontainers/runc/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/configs/validate" ++ "github.com/opencontainers/runc/libcontainer/utils" + ) + + const ( +@@ -225,10 +225,7 @@ func (l *LinuxFactory) StartInitializati + // if we have an error during the initialization of the container's init then send it back to the + // parent process in the form of an initError. + if err != nil { +- // ensure that any data sent from the parent is consumed so it doesn't +- // receive ECONNRESET when the child writes to the pipe. +- ioutil.ReadAll(pipe) +- if err := json.NewEncoder(pipe).Encode(newSystemError(err)); err != nil { ++ if err := utils.WriteJSON(pipe, newSystemError(err)); err != nil { + panic(err) + } + } +Index: docker-1.9.1/vendor/src/github.com/opencontainers/runc/libcontainer/process_linux.go +=================================================================== +--- docker-1.9.1.orig/vendor/src/github.com/opencontainers/runc/libcontainer/process_linux.go ++++ docker-1.9.1/vendor/src/github.com/opencontainers/runc/libcontainer/process_linux.go +@@ -15,6 +15,7 @@ import ( + "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/runc/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/system" ++ "github.com/opencontainers/runc/libcontainer/utils" + ) + + type parentProcess interface { +@@ -71,7 +72,7 @@ func (p *setnsProcess) start() (err erro + return newSystemError(err) + } + } +- if err := json.NewEncoder(p.parentPipe).Encode(p.config); err != nil { ++ if err := utils.WriteJSON(p.parentPipe, p.config); err != nil { + return newSystemError(err) + } + if err := syscall.Shutdown(int(p.parentPipe.Fd()), syscall.SHUT_WR); err != nil { +@@ -262,7 +263,7 @@ func (p *initProcess) startTime() (strin + + func (p *initProcess) sendConfig() error { + // send the state to the container's init process then shutdown writes for the parent +- if err := json.NewEncoder(p.parentPipe).Encode(p.config); err != nil { ++ if err := utils.WriteJSON(p.parentPipe, p.config); err != nil { + return err + } + // shutdown writes for the parent side of the pipe +Index: docker-1.9.1/vendor/src/github.com/opencontainers/runc/libcontainer/utils/utils.go +=================================================================== +--- docker-1.9.1.orig/vendor/src/github.com/opencontainers/runc/libcontainer/utils/utils.go ++++ docker-1.9.1/vendor/src/github.com/opencontainers/runc/libcontainer/utils/utils.go +@@ -3,6 +3,7 @@ package utils + import ( + "crypto/rand" + "encoding/hex" ++ "encoding/json" + "io" + "path/filepath" + "syscall" +@@ -43,3 +44,13 @@ func ExitStatus(status syscall.WaitStatu + } + return status.ExitStatus() + } ++ ++// WriteJSON writes the provided struct v to w using standard json marshaling ++func WriteJSON(w io.Writer, v interface{}) error { ++ data, err := json.Marshal(v) ++ if err != nil { ++ return err ++ } ++ _, err = w.Write(data) ++ return err ++}