SHA256
1
0
forked from pool/docker

Accepting request 1083276 from Virtualization:containers

OBS-URL: https://build.opensuse.org/request/show/1083276
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=130
This commit is contained in:
Dominique Leuenberger 2023-04-27 17:59:59 +00:00 committed by Git OBS Bridge
commit a2c263582c
15 changed files with 23890 additions and 41450 deletions

View File

@ -1,7 +1,7 @@
From 823bedd07fac6778a3d94b6f949ac16e6bd12638 Mon Sep 17 00:00:00 2001 From 5c6812a104e161599fc8569d0b4af04224ef3b5a Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de> From: Aleksa Sarai <asarai@suse.de>
Date: Wed, 8 Mar 2017 12:41:54 +1100 Date: Wed, 8 Mar 2017 12:41:54 +1100
Subject: [PATCH 1/7] SECRETS: daemon: allow directory creation in /run/secrets Subject: [PATCH 1/3] SECRETS: daemon: allow directory creation in /run/secrets
Since FileMode can have the directory bit set, allow a SecretStore Since FileMode can have the directory bit set, allow a SecretStore
implementation to return secrets that are actually directories. This is implementation to return secrets that are actually directories. This is
@ -10,11 +10,11 @@ useful for creating directories and subdirectories of secrets.
Signed-off-by: Antonio Murdaca <runcom@redhat.com> Signed-off-by: Antonio Murdaca <runcom@redhat.com>
Signed-off-by: Aleksa Sarai <asarai@suse.de> Signed-off-by: Aleksa Sarai <asarai@suse.de>
--- ---
daemon/container_operations_unix.go | 24 +++++++++++++++++++++--- daemon/container_operations_unix.go | 23 ++++++++++++++++++++---
1 file changed, 21 insertions(+), 3 deletions(-) 1 file changed, 20 insertions(+), 3 deletions(-)
diff --git a/daemon/container_operations_unix.go b/daemon/container_operations_unix.go diff --git a/daemon/container_operations_unix.go b/daemon/container_operations_unix.go
index 75b4b09b8dc4..583db20aa459 100644 index 561077b66b60..0b70825dd2ff 100644
--- a/daemon/container_operations_unix.go --- a/daemon/container_operations_unix.go
+++ b/daemon/container_operations_unix.go +++ b/daemon/container_operations_unix.go
@@ -4,6 +4,7 @@ @@ -4,6 +4,7 @@
@ -23,12 +23,12 @@ index 75b4b09b8dc4..583db20aa459 100644
import ( import (
+ "bytes" + "bytes"
"fmt" "fmt"
"io/ioutil"
"os" "os"
@@ -13,6 +14,7 @@ import ( "path/filepath"
"github.com/docker/docker/container" @@ -14,6 +15,7 @@ import (
"github.com/docker/docker/daemon/links" "github.com/docker/docker/daemon/links"
"github.com/docker/docker/errdefs" "github.com/docker/docker/errdefs"
"github.com/docker/docker/libnetwork"
+ "github.com/docker/docker/pkg/archive" + "github.com/docker/docker/pkg/archive"
"github.com/docker/docker/pkg/idtools" "github.com/docker/docker/pkg/idtools"
"github.com/docker/docker/pkg/stringid" "github.com/docker/docker/pkg/stringid"
@ -37,13 +37,13 @@ index 75b4b09b8dc4..583db20aa459 100644
if err != nil { if err != nil {
return errors.Wrap(err, "unable to get secret from secret store") return errors.Wrap(err, "unable to get secret from secret store")
} }
- if err := ioutil.WriteFile(fPath, secret.Spec.Data, s.File.Mode); err != nil { - if err := os.WriteFile(fPath, secret.Spec.Data, s.File.Mode); err != nil {
- return errors.Wrap(err, "error injecting secret") - return errors.Wrap(err, "error injecting secret")
- } - }
uid, err := strconv.Atoi(s.File.UID) uid, err := strconv.Atoi(s.File.UID)
if err != nil { if err != nil {
@@ -219,6 +218,25 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) { @@ -219,6 +218,24 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
return err return err
} }
@ -55,14 +55,13 @@ index 75b4b09b8dc4..583db20aa459 100644
+ // If the "file" is a directory, then s.File.Data is actually a tar + // If the "file" is a directory, then s.File.Data is actually a tar
+ // archive of the directory. So we just do a tar extraction here. + // archive of the directory. So we just do a tar extraction here.
+ if err := archive.UntarUncompressed(bytes.NewBuffer(secret.Spec.Data), fPath, &archive.TarOptions{ + if err := archive.UntarUncompressed(bytes.NewBuffer(secret.Spec.Data), fPath, &archive.TarOptions{
+ UIDMaps: daemon.idMapping.UIDs(), + IDMap: daemon.idMapping,
+ GIDMaps: daemon.idMapping.GIDs(),
+ }); err != nil { + }); err != nil {
+ return errors.Wrap(err, "error injecting secretdir") + return errors.Wrap(err, "error injecting secretdir")
+ } + }
+ } + }
+ } else { + } else {
+ if err := ioutil.WriteFile(fPath, secret.Spec.Data, s.File.Mode); err != nil { + if err := os.WriteFile(fPath, secret.Spec.Data, s.File.Mode); err != nil {
+ return errors.Wrap(err, "error injecting secret") + return errors.Wrap(err, "error injecting secret")
+ } + }
+ } + }
@ -70,5 +69,5 @@ index 75b4b09b8dc4..583db20aa459 100644
return errors.Wrap(err, "error setting ownership for secret") return errors.Wrap(err, "error setting ownership for secret")
} }
-- --
2.38.1 2.40.0

View File

@ -1,7 +1,7 @@
From fa24396cbecbb6cdc7c734559389486849c2268c Mon Sep 17 00:00:00 2001 From 4138c02a19fbd3d3ff50f0b364bf4b99adc47298 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de> From: Aleksa Sarai <asarai@suse.de>
Date: Wed, 8 Mar 2017 11:43:29 +1100 Date: Wed, 8 Mar 2017 11:43:29 +1100
Subject: [PATCH 2/7] SECRETS: SUSE: implement SUSE container secrets Subject: [PATCH 2/3] SECRETS: SUSE: implement SUSE container secrets
This allows for us to pass in host credentials to a container, allowing This allows for us to pass in host credentials to a container, allowing
for SUSEConnect to work with containers. for SUSEConnect to work with containers.
@ -14,12 +14,12 @@ SUSE-Bugs: bsc#1065609 bsc#1057743 bsc#1055676 bsc#1030702
Signed-off-by: Aleksa Sarai <asarai@suse.de> Signed-off-by: Aleksa Sarai <asarai@suse.de>
--- ---
daemon/start.go | 5 + daemon/start.go | 5 +
daemon/suse_secrets.go | 410 +++++++++++++++++++++++++++++++++++++++++ daemon/suse_secrets.go | 415 +++++++++++++++++++++++++++++++++++++++++
2 files changed, 415 insertions(+) 2 files changed, 420 insertions(+)
create mode 100644 daemon/suse_secrets.go create mode 100644 daemon/suse_secrets.go
diff --git a/daemon/start.go b/daemon/start.go diff --git a/daemon/start.go b/daemon/start.go
index d9bc082b1078..091dae2ae65e 100644 index 9d6f7812b67c..53c42082c5bf 100644
--- a/daemon/start.go --- a/daemon/start.go
+++ b/daemon/start.go +++ b/daemon/start.go
@@ -150,6 +150,11 @@ func (daemon *Daemon) containerStart(container *container.Container, checkpoint @@ -150,6 +150,11 @@ func (daemon *Daemon) containerStart(container *container.Container, checkpoint
@ -36,10 +36,10 @@ index d9bc082b1078..091dae2ae65e 100644
return errdefs.System(err) return errdefs.System(err)
diff --git a/daemon/suse_secrets.go b/daemon/suse_secrets.go diff --git a/daemon/suse_secrets.go b/daemon/suse_secrets.go
new file mode 100644 new file mode 100644
index 000000000000..9ee33adf7497 index 000000000000..32b0ece91b59
--- /dev/null --- /dev/null
+++ b/daemon/suse_secrets.go +++ b/daemon/suse_secrets.go
@@ -0,0 +1,410 @@ @@ -0,0 +1,415 @@
+/* +/*
+ * suse-secrets: patch for Docker to implement SUSE secrets + * suse-secrets: patch for Docker to implement SUSE secrets
+ * Copyright (C) 2017-2021 SUSE LLC. + * Copyright (C) 2017-2021 SUSE LLC.
@ -75,8 +75,8 @@ index 000000000000..9ee33adf7497
+ "github.com/docker/docker/pkg/idtools" + "github.com/docker/docker/pkg/idtools"
+ +
+ swarmtypes "github.com/docker/docker/api/types/swarm" + swarmtypes "github.com/docker/docker/api/types/swarm"
+ swarmexec "github.com/docker/swarmkit/agent/exec" + swarmexec "github.com/moby/swarmkit/v2/agent/exec"
+ swarmapi "github.com/docker/swarmkit/api" + swarmapi "github.com/moby/swarmkit/v2/api"
+ +
+ "github.com/opencontainers/go-digest" + "github.com/opencontainers/go-digest"
+ "github.com/sirupsen/logrus" + "github.com/sirupsen/logrus"
@ -113,7 +113,7 @@ index 000000000000..9ee33adf7497
+ } + }
+} +}
+ +
+func (s SuseFakeFile) toSecretReference(idMaps *idtools.IdentityMapping) *swarmtypes.SecretReference { +func (s SuseFakeFile) toSecretReference(idMaps idtools.IdentityMapping) *swarmtypes.SecretReference {
+ // Figure out the host-facing {uid,gid} based on the provided maps. Fall + // Figure out the host-facing {uid,gid} based on the provided maps. Fall
+ // back to root if the UID/GID don't match (we are guaranteed that root is + // back to root if the UID/GID don't match (we are guaranteed that root is
+ // mapped). + // mapped).
@ -345,6 +345,7 @@ index 000000000000..9ee33adf7497
+ suseEmptyStore struct{} + suseEmptyStore struct{}
+ suseEmptySecret struct{} + suseEmptySecret struct{}
+ suseEmptyConfig struct{} + suseEmptyConfig struct{}
+ suseEmptyVolume struct{}
+) +)
+ +
+// In order to reduce the amount of code touched outside of this file, we +// In order to reduce the amount of code touched outside of this file, we
@ -356,14 +357,17 @@ index 000000000000..9ee33adf7497
+ emptyStore swarmexec.DependencyGetter = suseEmptyStore{} + emptyStore swarmexec.DependencyGetter = suseEmptyStore{}
+ emptySecret swarmexec.SecretGetter = suseEmptySecret{} + emptySecret swarmexec.SecretGetter = suseEmptySecret{}
+ emptyConfig swarmexec.ConfigGetter = suseEmptyConfig{} + emptyConfig swarmexec.ConfigGetter = suseEmptyConfig{}
+ emptyVolume swarmexec.VolumeGetter = suseEmptyVolume{}
+) +)
+ +
+var errSuseEmptyStore = fmt.Errorf("SUSE:secrets :: tried to get a resource from empty store [this is a bug]") +var errSuseEmptyStore = fmt.Errorf("SUSE:secrets :: tried to get a resource from empty store [this is a bug]")
+ +
+func (_ suseEmptyConfig) Get(_ string) (*swarmapi.Config, error) { return nil, errSuseEmptyStore } +func (_ suseEmptyConfig) Get(_ string) (*swarmapi.Config, error) { return nil, errSuseEmptyStore }
+func (_ suseEmptySecret) Get(_ string) (*swarmapi.Secret, error) { return nil, errSuseEmptyStore } +func (_ suseEmptySecret) Get(_ string) (*swarmapi.Secret, error) { return nil, errSuseEmptyStore }
+func (_ suseEmptyVolume) Get(_ string) (string, error) { return "", errSuseEmptyStore }
+func (_ suseEmptyStore) Secrets() swarmexec.SecretGetter { return emptySecret } +func (_ suseEmptyStore) Secrets() swarmexec.SecretGetter { return emptySecret }
+func (_ suseEmptyStore) Configs() swarmexec.ConfigGetter { return emptyConfig } +func (_ suseEmptyStore) Configs() swarmexec.ConfigGetter { return emptyConfig }
+func (_ suseEmptyStore) Volumes() swarmexec.VolumeGetter { return emptyVolume }
+ +
+type suseDependencyStore struct { +type suseDependencyStore struct {
+ dfl swarmexec.DependencyGetter + dfl swarmexec.DependencyGetter
@ -373,6 +377,7 @@ index 000000000000..9ee33adf7497
+// The following are effectively dumb wrappers that return ourselves, or the +// The following are effectively dumb wrappers that return ourselves, or the
+// default. +// default.
+func (s *suseDependencyStore) Secrets() swarmexec.SecretGetter { return s } +func (s *suseDependencyStore) Secrets() swarmexec.SecretGetter { return s }
+func (s *suseDependencyStore) Volumes() swarmexec.VolumeGetter { return emptyVolume }
+func (s *suseDependencyStore) Configs() swarmexec.ConfigGetter { return s.dfl.Configs() } +func (s *suseDependencyStore) Configs() swarmexec.ConfigGetter { return s.dfl.Configs() }
+ +
+// Get overrides the underlying DependencyGetter with our own secrets (falling +// Get overrides the underlying DependencyGetter with our own secrets (falling
@ -451,5 +456,5 @@ index 000000000000..9ee33adf7497
+ return nil + return nil
+} +}
-- --
2.38.1 2.40.0

View File

@ -1,7 +1,7 @@
From bc52d15141402d94eeaee618f1df0b540f527b98 Mon Sep 17 00:00:00 2001 From 3e37bbad6f0a0c2576ad0b9dfe7a4a9290aa2aa0 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de> From: Aleksa Sarai <asarai@suse.de>
Date: Fri, 29 Jun 2018 17:59:30 +1000 Date: Fri, 29 Jun 2018 17:59:30 +1000
Subject: [PATCH 4/7] bsc1073877: apparmor: clobber docker-default profile on Subject: [PATCH 3/3] bsc1073877: apparmor: clobber docker-default profile on
start start
In the process of making docker-default reloading far less expensive, In the process of making docker-default reloading far less expensive,
@ -22,7 +22,7 @@ Signed-off-by: Aleksa Sarai <asarai@suse.de>
3 files changed, 17 insertions(+), 6 deletions(-) 3 files changed, 17 insertions(+), 6 deletions(-)
diff --git a/daemon/apparmor_default.go b/daemon/apparmor_default.go diff --git a/daemon/apparmor_default.go b/daemon/apparmor_default.go
index 21813ec14f8f..0de75b32b7fa 100644 index 6376001613f7..5fde21a4af8a 100644
--- a/daemon/apparmor_default.go --- a/daemon/apparmor_default.go
+++ b/daemon/apparmor_default.go +++ b/daemon/apparmor_default.go
@@ -24,6 +24,15 @@ func DefaultApparmorProfile() string { @@ -24,6 +24,15 @@ func DefaultApparmorProfile() string {
@ -30,7 +30,7 @@ index 21813ec14f8f..0de75b32b7fa 100644
} }
+func clobberDefaultAppArmorProfile() error { +func clobberDefaultAppArmorProfile() error {
+ if apparmor.IsEnabled() { + if apparmor.HostSupports() {
+ if err := aaprofile.InstallDefault(defaultAppArmorProfile); err != nil { + if err := aaprofile.InstallDefault(defaultAppArmorProfile); err != nil {
+ return fmt.Errorf("AppArmor enabled on system but the %s profile could not be loaded: %s", defaultAppArmorProfile, err) + return fmt.Errorf("AppArmor enabled on system but the %s profile could not be loaded: %s", defaultAppArmorProfile, err)
+ } + }
@ -39,7 +39,7 @@ index 21813ec14f8f..0de75b32b7fa 100644
+} +}
+ +
func ensureDefaultAppArmorProfile() error { func ensureDefaultAppArmorProfile() error {
if apparmor.IsEnabled() { if apparmor.HostSupports() {
loaded, err := aaprofile.IsLoaded(defaultAppArmorProfile) loaded, err := aaprofile.IsLoaded(defaultAppArmorProfile)
@@ -37,10 +46,7 @@ func ensureDefaultAppArmorProfile() error { @@ -37,10 +46,7 @@ func ensureDefaultAppArmorProfile() error {
} }
@ -69,10 +69,10 @@ index e3dc18b32b5e..9c7723056268 100644
return nil return nil
} }
diff --git a/daemon/daemon.go b/daemon/daemon.go diff --git a/daemon/daemon.go b/daemon/daemon.go
index f15a4b038498..2f0c23bc62c9 100644 index 40abbe8cc19c..05c6db818c30 100644
--- a/daemon/daemon.go --- a/daemon/daemon.go
+++ b/daemon/daemon.go +++ b/daemon/daemon.go
@@ -857,8 +857,9 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S @@ -807,8 +807,9 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
logrus.Warnf("Failed to configure golang's threads limit: %v", err) logrus.Warnf("Failed to configure golang's threads limit: %v", err)
} }
@ -85,5 +85,5 @@ index f15a4b038498..2f0c23bc62c9 100644
} }
-- --
2.38.1 2.40.0

View File

@ -1,144 +0,0 @@
From 57673ad5455b1b27e41716e33b67c9cd8099b580 Mon Sep 17 00:00:00 2001
From: Michal Rostecki <mrostecki@opensuse.org>
Date: Thu, 8 Apr 2021 14:42:02 +0100
Subject: [PATCH 5/7] bsc1183855: btrfs: Do not disable quota on cleanup
Before this change, cleanup of the btrfs driver (occuring on each daemon
shutdown) resulted in disabling quotas. It was done with an assumption
that quotas can be enabled or disabled on a subvolume level, which is
not true - enabling or disabling quota is always done on a filesystem
level.
That was leading to disabling quota on btrfs filesystems on each daemon
shutdown.
This change fixes that behavior and removes misleading `subvol` prefix
from functions and methods which set up quota (on a filesystem level).
SUSE-Bugs: bsc#1175081 bsc#1183855
SUSE-Upstream-Commit: 1ec689c4c2ecda24ed8495451c53072bb0497871
Fixes: 401c8d176743 ("Add disk quota support for btrfs")
Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
---
daemon/graphdriver/btrfs/btrfs.go | 50 +++++--------------------------
1 file changed, 8 insertions(+), 42 deletions(-)
diff --git a/daemon/graphdriver/btrfs/btrfs.go b/daemon/graphdriver/btrfs/btrfs.go
index fa0cdf8666b1..02bbb5da1088 100644
--- a/daemon/graphdriver/btrfs/btrfs.go
+++ b/daemon/graphdriver/btrfs/btrfs.go
@@ -104,7 +104,7 @@ func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap
}
if userDiskQuota {
- if err := driver.subvolEnableQuota(); err != nil {
+ if err := driver.enableQuota(); err != nil {
return nil, err
}
}
@@ -173,18 +173,10 @@ func (d *Driver) GetMetadata(id string) (map[string]string, error) {
// Cleanup unmounts the home directory.
func (d *Driver) Cleanup() error {
- err := d.subvolDisableQuota()
- umountErr := mount.Unmount(d.home)
-
- // in case we have two errors, prefer the one from disableQuota()
- if err != nil {
+ if err := mount.Unmount(d.home); err != nil {
return err
}
- if umountErr != nil {
- return umountErr
- }
-
return nil
}
@@ -342,7 +334,7 @@ func (d *Driver) updateQuotaStatus() {
d.once.Do(func() {
if !d.quotaEnabled {
// In case quotaEnabled is not set, check qgroup and update quotaEnabled as needed
- if err := subvolQgroupStatus(d.home); err != nil {
+ if err := qgroupStatus(d.home); err != nil {
// quota is still not enabled
return
}
@@ -351,7 +343,7 @@ func (d *Driver) updateQuotaStatus() {
})
}
-func (d *Driver) subvolEnableQuota() error {
+func (d *Driver) enableQuota() error {
d.updateQuotaStatus()
if d.quotaEnabled {
@@ -377,32 +369,6 @@ func (d *Driver) subvolEnableQuota() error {
return nil
}
-func (d *Driver) subvolDisableQuota() error {
- d.updateQuotaStatus()
-
- if !d.quotaEnabled {
- return nil
- }
-
- dir, err := openDir(d.home)
- if err != nil {
- return err
- }
- defer closeDir(dir)
-
- var args C.struct_btrfs_ioctl_quota_ctl_args
- args.cmd = C.BTRFS_QUOTA_CTL_DISABLE
- _, _, errno := unix.Syscall(unix.SYS_IOCTL, getDirFd(dir), C.BTRFS_IOC_QUOTA_CTL,
- uintptr(unsafe.Pointer(&args)))
- if errno != 0 {
- return fmt.Errorf("Failed to disable btrfs quota for %s: %v", dir, errno.Error())
- }
-
- d.quotaEnabled = false
-
- return nil
-}
-
func (d *Driver) subvolRescanQuota() error {
d.updateQuotaStatus()
@@ -445,11 +411,11 @@ func subvolLimitQgroup(path string, size uint64) error {
return nil
}
-// subvolQgroupStatus performs a BTRFS_IOC_TREE_SEARCH on the root path
+// qgroupStatus performs a BTRFS_IOC_TREE_SEARCH on the root path
// with search key of BTRFS_QGROUP_STATUS_KEY.
// In case qgroup is enabled, the retuned key type will match BTRFS_QGROUP_STATUS_KEY.
// For more details please see https://github.com/kdave/btrfs-progs/blob/v4.9/qgroup.c#L1035
-func subvolQgroupStatus(path string) error {
+func qgroupStatus(path string) error {
dir, err := openDir(path)
if err != nil {
return err
@@ -623,7 +589,7 @@ func (d *Driver) setStorageSize(dir string, driver *Driver) error {
if d.options.minSpace > 0 && driver.options.size < d.options.minSpace {
return fmt.Errorf("btrfs: storage size cannot be less than %s", units.HumanSize(float64(d.options.minSpace)))
}
- if err := d.subvolEnableQuota(); err != nil {
+ if err := d.enableQuota(); err != nil {
return err
}
return subvolLimitQgroup(dir, driver.options.size)
@@ -677,7 +643,7 @@ func (d *Driver) Get(id, mountLabel string) (containerfs.ContainerFS, error) {
if quota, err := ioutil.ReadFile(d.quotasDirID(id)); err == nil {
if size, err := strconv.ParseUint(string(quota), 10, 64); err == nil && size >= d.options.minSpace {
- if err := d.subvolEnableQuota(); err != nil {
+ if err := d.enableQuota(); err != nil {
return nil, err
}
if err := subvolLimitQgroup(dir, size); err != nil {
--
2.38.1

File diff suppressed because it is too large Load Diff

View File

@ -1,56 +0,0 @@
From 6451aa1559ce5a135f599682ab33721e116925bd Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Fri, 29 Jan 2021 14:55:08 +0100
Subject: [PATCH 7/7] bsc1200022: fifo.Close(): prevent possible panic if fifo
is nil
I'm not sure if this is the right approach, and synchronisation should probably
be added elsewhere to fix the underlying issue.
Trying to prevent a panic that was seen on container restore in th docker daemon:
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0x5586c892a7a4]
goroutine 420 [running]:
github.com/docker/docker/vendor/github.com/containerd/fifo.(*fifo).Close(0x0, 0x0, 0x0)
/go/src/github.com/docker/docker/vendor/github.com/containerd/fifo/fifo.go:208 +0x44
github.com/docker/docker/vendor/github.com/containerd/containerd/cio.(*cio).Close(0xc000d06f60, 0x5586cb5654d0, 0xc000d8e9e8)
/go/src/github.com/docker/docker/vendor/github.com/containerd/containerd/cio/io.go:203 +0x90
github.com/docker/docker/libcontainerd/remote.(*client).Restore.func1(0xc0008bf820, 0xc0008a2040)
/go/src/github.com/docker/docker/libcontainerd/remote/client.go:86 +0x5a
github.com/docker/docker/libcontainerd/remote.(*client).Restore(0xc00098e5b0, 0x5586cb61c7c0, 0xc000052088, 0xc0011b6500, 0x40, 0xc0008bf810, 0x5586cb05cf00, 0xffffffffffffffff, 0x0, 0x0, ...)
/go/src/github.com/docker/docker/libcontainerd/remote/client.go:107 +0x923
github.com/docker/docker/daemon.(*Daemon).restore.func3(0xc00079d9e0, 0xc000a38230, 0xc00000c1e0, 0xc00079d9a8, 0xc000d84f00, 0xc000d84ed0, 0xc000d84ea0, 0xc00128a280)
/go/src/github.com/docker/docker/daemon/daemon.go:351 +0x48a
created by github.com/docker/docker/daemon.(*Daemon).restore
/go/src/github.com/docker/docker/daemon/daemon.go:319 +0x4b3
If the fifo is nil, there's nothing to be done in Close(), so returning early
in that situation.
Backport: <https://github.com/containerd/fifo/pull/32>
SUSE-Bugs: bsc#1200022
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---
vendor/github.com/containerd/fifo/fifo.go | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/vendor/github.com/containerd/fifo/fifo.go b/vendor/github.com/containerd/fifo/fifo.go
index 96c214f270bf..c3eec295b578 100644
--- a/vendor/github.com/containerd/fifo/fifo.go
+++ b/vendor/github.com/containerd/fifo/fifo.go
@@ -204,6 +204,10 @@ func (f *fifo) Write(b []byte) (int, error) {
// before open(2) has returned and fifo was never opened.
func (f *fifo) Close() (retErr error) {
for {
+ if f == nil {
+ return
+ }
+
select {
case <-f.closed:
f.handle.Close()
--
2.38.1

View File

@ -3,26 +3,18 @@
<param name="url">https://github.com/moby/moby.git</param> <param name="url">https://github.com/moby/moby.git</param>
<param name="scm">git</param> <param name="scm">git</param>
<param name="exclude">.git</param> <param name="exclude">.git</param>
<param name="versionformat">20.10.23_ce_%h</param> <param name="versionformat">23.0.5_ce_%h</param>
<param name="revision">v20.10.23</param> <param name="revision">v23.0.5</param>
<param name="filename">docker</param> <param name="filename">docker</param>
</service> </service>
<service name="tar_scm" mode="disabled"> <service name="tar_scm" mode="disabled">
<param name="url">https://github.com/docker/cli.git</param> <param name="url">https://github.com/docker/cli.git</param>
<param name="scm">git</param> <param name="scm">git</param>
<param name="exclude">.git</param> <param name="exclude">.git</param>
<param name="versionformat">20.10.23_ce</param> <param name="versionformat">23.0.5_ce</param>
<param name="revision">v20.10.23</param> <param name="revision">v23.0.5</param>
<param name="filename">docker-cli</param> <param name="filename">docker-cli</param>
</service> </service>
<service name="tar_scm" mode="disabled">
<param name="url">https://github.com/docker/libnetwork.git</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
<param name="versionformat">%H</param>
<param name="revision">05b93e0d3a95952f70c113b0bc5bdb538d7afdd7</param>
<param name="filename">docker-libnetwork</param>
</service>
<service name="recompress" mode="disabled"> <service name="recompress" mode="disabled">
<param name="file">docker-*.tar</param> <param name="file">docker-*.tar</param>
<param name="compression">xz</param> <param name="compression">xz</param>

File diff suppressed because it is too large Load Diff

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0d6b832806f3144a4b917657f615d9388081e7c7b3f77db3b4b7c6c01b931686
size 6589992

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:84d3a48cfbeeece15ad367eb03834a97b0c57d195d889e5191c138cd6e06579a
size 8262024

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c2a96dd55814fc22ccfe054b78438963fc139b292696bc3ba7667abd399d7c70
size 4320480

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b93219b6b5c781031c1ed35fb3174c59e3572e3437218ca3646361259acb77e8
size 3498104

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:44fa1530b22f18434174b03895c8933b356f254b718855fd7487888afbb10e91
size 1983112

View File

@ -1,3 +1,30 @@
-------------------------------------------------------------------
Thu Apr 27 14:09:05 UTC 2023 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 23.0.5-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/23.0/#2305>.
- Rebase patches:
* cli-0001-docs-include-required-tools-in-source-tree.patch
-------------------------------------------------------------------
Wed Apr 26 00:31:54 UTC 2023 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 23.0.4-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/23.0/#2304>. bsc#1208074
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Renumbered patches:
- 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Remove upstreamed patches:
- 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
- 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
- 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
- Backport <https://github.com/docker/cli/pull/4228> to allow man pages to be
built without internet access in OBS.
+ cli-0001-docs-include-required-tools-in-source-tree.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Feb 1 14:33:19 UTC 2023 - Dirk Müller <dmueller@suse.com> Wed Feb 1 14:33:19 UTC 2023 - Dirk Müller <dmueller@suse.com>

View File

@ -1,7 +1,7 @@
# #
# spec file for package docker # spec file for package docker
# #
# Copyright (c) 2021 SUSE LLC # Copyright (c) 2023 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -26,37 +26,16 @@
%define _fillupdir /var/adm/fillup-templates %define _fillupdir /var/adm/fillup-templates
%endif %endif
# Handle _multibuild magic.
%define flavour @BUILD_FLAVOR@%{nil}
# We split the Name: into "realname" and "name_suffix".
%define realname docker
%if "%flavour" == ""
%define name_suffix %{nil}
%else
%define name_suffix -%{flavour}
%endif
# Used when generating the "build" information for Docker version. The value of # Used when generating the "build" information for Docker version. The value of
# git_commit_epoch is unused here (we use SOURCE_DATE_EPOCH, which rpm # git_commit_epoch is unused here (we use SOURCE_DATE_EPOCH, which rpm
# helpfully injects into our build environment from the changelog). If you want # helpfully injects into our build environment from the changelog). If you want
# to generate a new git_commit_epoch, use this: # to generate a new git_commit_epoch, use this:
# $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s' # $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s'
%define real_version 20.10.23 %define real_version 23.0.5
%define git_version 6051f1429 %define git_version 94d3ad69cc59
%define git_commit_epoch 1674059068 %define git_commit_epoch 1682522945
# We require a specific pin of libnetwork because it doesn't really do Name: docker
# versioning and minor version mismatches in libnetwork can break Docker
# networking. All other key runtime dependencies (containerd, runc) are stable
# enough that this isn't necessary.
%define libnetwork_version 05b93e0d3a95952f70c113b0bc5bdb538d7afdd7
%define dist_builddir %{_builddir}/dist-suse
%define cli_builddir %{dist_builddir}/src/github.com/docker/cli
%define proxy_builddir %{dist_builddir}/src/github.com/docker/libnetwork
Name: %{realname}%{name_suffix}
Version: %{real_version}_ce Version: %{real_version}_ce
# This "nice version" is so that docker --version gives a result that can be # This "nice version" is so that docker --version gives a result that can be
# parsed by other people. boo#1182476 # parsed by other people. boo#1182476
@ -66,9 +45,8 @@ Summary: The Moby-project Linux container runtime
License: Apache-2.0 License: Apache-2.0
Group: System/Management Group: System/Management
URL: http://www.docker.io URL: http://www.docker.io
Source: %{realname}-%{version}_%{git_version}.tar.xz Source: %{name}-%{version}_%{git_version}.tar.xz
Source1: %{realname}-cli-%{version}.tar.xz Source1: %{name}-cli-%{version}.tar.xz
Source2: %{realname}-libnetwork-%{libnetwork_version}.tar.xz
Source3: docker-rpmlintrc Source3: docker-rpmlintrc
# TODO: Move these source files to somewhere nicer. # TODO: Move these source files to somewhere nicer.
Source100: docker.service Source100: docker.service
@ -87,14 +65,9 @@ Patch100: 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
Patch101: 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch Patch101: 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
# SUSE-FEATURE: Add support to mirror unofficial/private registries # SUSE-FEATURE: Add support to mirror unofficial/private registries
# <https://github.com/docker/docker/pull/34319>. # <https://github.com/docker/docker/pull/34319>.
Patch300: 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch Patch300: 0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
# SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/42273. bsc#1183855 bsc#1175081 # UPSTREAM: Backport of <https://github.com/docker/cli/pull/4228>.
Patch301: 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch Patch900: cli-0001-docs-include-required-tools-in-source-tree.patch
# SUSE-BACKPORT: Backport of several golang.org/x/crypto updates.
# bsc#1193930 CVE-2021-43565 bsc#1197284 CVE-2022-27191
Patch302: 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
# SUSE-BACKPORT: Backport of <https://github.com/containerd/fifo/pull/32>. bsc#1200022
Patch303: 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
BuildRequires: audit BuildRequires: audit
BuildRequires: bash-completion BuildRequires: bash-completion
BuildRequires: ca-certificates BuildRequires: ca-certificates
@ -111,17 +84,17 @@ BuildRequires: fish
BuildRequires: go-go-md2man BuildRequires: go-go-md2man
BuildRequires: pkgconfig(libsystemd) BuildRequires: pkgconfig(libsystemd)
BuildRequires: sysuser-tools BuildRequires: sysuser-tools
BuildRequires: golang(API) = 1.18 BuildRequires: golang(API) = 1.19
Requires: (apparmor-parser or container-selinux) Requires: (apparmor-parser or container-selinux)
Requires: ca-certificates-mozilla Requires: ca-certificates-mozilla
# The docker-proxy binary used to be in a separate package. We obsolete it, # The docker-proxy binary used to be in a separate package. We obsolete it,
# since now docker-proxy is maintained as part of this package. # since now docker-proxy is maintained as part of this package.
Obsoletes: docker-libnetwork%{name_suffix} < 0.7.0.2 Obsoletes: docker-libnetwork < 0.7.0.2
Provides: docker-libnetwork%{name_suffix} = 0.7.0.2.%{version} Provides: docker-libnetwork = 0.7.0.2.%{version}
# Required to actually run containers. We require the minimum version that is # Required to actually run containers. We require the minimum version that is
# pinned by Docker, but in order to avoid headaches we allow for updates. # pinned by Docker, but in order to avoid headaches we allow for updates.
Requires: runc >= 1.1.2 Requires: runc >= 1.1.5
Requires: containerd >= 1.6.9 Requires: containerd >= 1.6.20
# Needed for --init support. We don't use "tini", we use our own implementation # Needed for --init support. We don't use "tini", we use our own implementation
# which handles edge-cases better. # which handles edge-cases better.
Requires: catatonit Requires: catatonit
@ -149,7 +122,6 @@ Recommends: lvm2 >= 2.2.89
Recommends: git-core >= 1.7 Recommends: git-core >= 1.7
ExcludeArch: s390 ppc ExcludeArch: s390 ppc
%description %description
Docker complements LXC with a high-level API which operates at the process Docker complements LXC with a high-level API which operates at the process
level. It runs unix processes with strong guarantees of isolation and level. It runs unix processes with strong guarantees of isolation and
@ -193,38 +165,27 @@ BuildArch: noarch
Fish command line completion support for %{name}. Fish command line completion support for %{name}.
%prep %prep
%setup -q -n %{realname}-%{version}_%{git_version} # docker-cli
%define cli_builddir %{_builddir}/%{name}-cli-%{version}
%setup -q -T -b 1 -n %{name}-cli-%{version}
[ "%{cli_builddir}" = "$PWD" ]
# offline manpages
%patch900 -p1
%if 0%{?is_opensuse} # docker
# nothing %define docker_builddir %{_builddir}/%{name}-%{version}_%{git_version}
%else %setup -q -n %{name}-%{version}_%{git_version}
[ "%{docker_builddir}" = "$PWD" ]
# README_SUSE.md for documentation.
cp %{SOURCE103} .
%if 0%{?is_opensuse} == 0
# PATCH-SUSE: Secrets patches. # PATCH-SUSE: Secrets patches.
%patch100 -p1 %patch100 -p1
%patch101 -p1 %patch101 -p1
%endif %endif
# bsc#1099277 # bsc#1099277
%patch300 -p1 %patch300 -p1
# bsc#1183855 bsc#1175081
%patch301 -p1
# bsc#1193930 CVE-2021-43565 bsc#1197284 CVE-2022-27191
%patch302 -p1
# bsc#1200022
%patch303 -p1
# README_SUSE.md for documentation.
cp %{SOURCE103} .
# Extract the docker-cli source in a subdir.
mkdir -p %{cli_builddir}
pushd %{cli_builddir}
xz -dc %{SOURCE1} | tar -xof - --strip-components=1
popd
# Extract the docker-libnetwork source in a subdir.
mkdir -p %{proxy_builddir}
pushd %{proxy_builddir}
xz -dc %{SOURCE2} | tar -xof - --strip-components=1
popd
%build %build
%sysusers_generate_pre %{SOURCE106} %{name} %{name}.conf %sysusers_generate_pre %{SOURCE106} %{name} %{name}.conf
@ -239,12 +200,7 @@ BUILDTAGS="exclude_graphdriver_aufs apparmor selinux seccomp pkcs11"
BUILDTAGS="libdm_dlsym_deferred_remove $BUILDTAGS" BUILDTAGS="libdm_dlsym_deferred_remove $BUILDTAGS"
%endif %endif
(cat <<EOF
export AUTO_GOPATH=1 export AUTO_GOPATH=1
export DOCKER_BUILDTAGS="$BUILDTAGS"
# Until boo#1038493 is fixed properly we need to do this hack to get the
# compiled-into-the-binary GOROOT.
export GOROOT="$(GOROOT= go env GOROOT)"
# Make sure we always build PIC code. bsc#1048046 # Make sure we always build PIC code. bsc#1048046
export BUILDFLAGS="-buildmode=pie" export BUILDFLAGS="-buildmode=pie"
# Specify all of the versioning information. We use SOURCE_DATE_EPOCH if it's # Specify all of the versioning information. We use SOURCE_DATE_EPOCH if it's
@ -255,50 +211,29 @@ export DOCKER_GITCOMMIT="%{git_version}"
export GITCOMMIT="%{git_version}" export GITCOMMIT="%{git_version}"
export SOURCE_DATE_EPOCH="${SOURCE_DATE_EPOCH:-%{git_commit_epoch}}" export SOURCE_DATE_EPOCH="${SOURCE_DATE_EPOCH:-%{git_commit_epoch}}"
export BUILDTIME="$(date -u -d "@$SOURCE_DATE_EPOCH" --rfc-3339 ns 2>/dev/null | sed -e 's/ /T/')" export BUILDTIME="$(date -u -d "@$SOURCE_DATE_EPOCH" --rfc-3339 ns 2>/dev/null | sed -e 's/ /T/')"
# NOTE: This will have to be removed with the next major Docker bump.
export GO111MODULE=off
EOF
) > docker_build_env
. ./docker_build_env
# Preparing GOPATH so that the client is visible to the compiler
mkdir -p src/github.com/docker/
ln -s "%{cli_builddir}" "$PWD/src/github.com/docker/cli"
export GOPATH="$GOPATH:$PWD"
################### ###################
## DOCKER ENGINE ## ## DOCKER ENGINE ##
################### ###################
# Ignore the warning that we compile outside a Docker container. pushd "%{docker_builddir}"
# use go module for build
ln -s {vendor,go}.mod
ln -s {vendor,go}.sum
./hack/make.sh dynbinary ./hack/make.sh dynbinary
popd
################### ###################
## DOCKER CLIENT ## ## DOCKER CLIENT ##
################### ###################
pushd %{cli_builddir} pushd "%{cli_builddir}"
make dynbinary # use go module for build
ln -s {vendor,go}.mod
mkdir -p ./man/man1 ln -s {vendor,go}.sum
go build -buildmode=pie -o gen-manpages github.com/docker/cli/man make DISABLE_WARN_OUTSIDE_CONTAINER=1 dynbinary manpages
./gen-manpages --root "$PWD" --target "$PWD/man/man1"
./man/md2man-all.sh
popd popd
##################
## DOCKER PROXY ##
##################
pushd %{proxy_builddir}
GOPATH="%{dist_builddir}" \
go build -buildmode=pie -o docker-proxy github.com/docker/libnetwork/cmd/proxy
popd
# We verify that our libnetwork source is the correct version. This is done
# on-build to make sure that someone doing an update didn't miss anything.
grep 'LIBNETWORK_COMMIT:=%{libnetwork_version}' hack/dockerfile/install/proxy.installer
%install %install
install -Dd -m0755 \ install -Dd -m0755 \
%{buildroot}%{_sysconfdir}/init.d \ %{buildroot}%{_sysconfdir}/init.d \
@ -306,30 +241,31 @@ install -Dd -m0755 \
%{buildroot}%{_sbindir} %{buildroot}%{_sbindir}
# docker daemon # docker daemon
install -D -m0755 bundles/dynbinary-daemon/dockerd %{buildroot}/%{_bindir}/dockerd install -D -m0755 %{docker_builddir}/bundles/dynbinary-daemon/dockerd %{buildroot}/%{_bindir}/dockerd
# docker proxy
install -D -m0755 %{docker_builddir}/bundles/dynbinary-daemon/docker-proxy %{buildroot}/%{_bindir}/docker-proxy
# /var/lib/docker
install -d %{buildroot}/%{_localstatedir}/lib/docker install -d %{buildroot}/%{_localstatedir}/lib/docker
# daemon.json config file # daemon.json config file
install -D -m0644 %{SOURCE105} %{buildroot}%{_sysconfdir}/docker/daemon.json install -D -m0644 %{SOURCE105} %{buildroot}%{_sysconfdir}/docker/daemon.json
# docker cli # docker cli
install -D -m0755 %{cli_builddir}/build/docker %{buildroot}/%{_bindir}/docker install -D -m0755 %{cli_builddir}/build/docker %{buildroot}/%{_bindir}/docker
install -D -m0644 %{cli_builddir}/contrib/completion/bash/docker "%{buildroot}%{_datarootdir}/bash-completion/completions/%{realname}" install -D -m0644 %{cli_builddir}/contrib/completion/bash/docker "%{buildroot}%{_datarootdir}/bash-completion/completions/%{name}"
install -D -m0644 %{cli_builddir}/contrib/completion/zsh/_docker "%{buildroot}%{_sysconfdir}/zsh_completion.d/_%{realname}" install -D -m0644 %{cli_builddir}/contrib/completion/zsh/_docker "%{buildroot}%{_sysconfdir}/zsh_completion.d/_%{name}"
install -D -m0644 %{cli_builddir}/contrib/completion/fish/docker.fish "%{buildroot}/%{_datadir}/fish/vendor_completions.d/%{realname}.fish" install -D -m0644 %{cli_builddir}/contrib/completion/fish/docker.fish "%{buildroot}/%{_datadir}/fish/vendor_completions.d/%{name}.fish"
# docker proxy
install -D -m0755 %{proxy_builddir}/docker-proxy %{buildroot}/%{_bindir}/docker-proxy
# systemd service # systemd service
install -D -m0644 %{SOURCE100} %{buildroot}%{_unitdir}/%{realname}.service install -D -m0644 %{SOURCE100} %{buildroot}%{_unitdir}/%{name}.service
ln -sf service %{buildroot}%{_sbindir}/rcdocker ln -sf service %{buildroot}%{_sbindir}/rcdocker
# udev rules that prevents dolphin to show all docker devices and slows down # udev rules that prevents dolphin to show all docker devices and slows down
# upstream report https://bugs.kde.org/show_bug.cgi?id=329930 # upstream report https://bugs.kde.org/show_bug.cgi?id=329930
install -D -m0644 %{SOURCE101} %{buildroot}%{_udevrulesdir}/80-%{realname}.rules install -D -m0644 %{SOURCE101} %{buildroot}%{_udevrulesdir}/80-%{name}.rules
# audit rules # audit rules
install -D -m0640 %{SOURCE104} %{buildroot}%{_sysconfdir}/audit/rules.d/%{realname}.rules install -D -m0640 %{SOURCE104} %{buildroot}%{_sysconfdir}/audit/rules.d/%{name}.rules
# sysconfig file # sysconfig file
install -D -m0644 %{SOURCE102} %{buildroot}%{_fillupdir}/sysconfig.docker install -D -m0644 %{SOURCE102} %{buildroot}%{_fillupdir}/sysconfig.docker
@ -363,17 +299,17 @@ grep -q '^dockremap:' /etc/subgid || \
usermod -w 100000000-200000000 dockremap &>/dev/null || \ usermod -w 100000000-200000000 dockremap &>/dev/null || \
echo "dockremap:100000000:100000001" >>/etc/subgid ||: echo "dockremap:100000000:100000001" >>/etc/subgid ||:
%service_add_pre %{realname}.service %service_add_pre %{name}.service
%post %post
%service_add_post %{realname}.service %service_add_post %{name}.service
%{fillup_only -n docker} %{fillup_only -n docker}
%preun %preun
%service_del_preun %{realname}.service %service_del_preun %{name}.service
%postun %postun
%service_del_postun %{realname}.service %service_del_postun %{name}.service
%files %files
%defattr(-,root,root) %defattr(-,root,root)
@ -385,15 +321,15 @@ grep -q '^dockremap:' /etc/subgid || \
%{_sbindir}/rcdocker %{_sbindir}/rcdocker
%dir %{_localstatedir}/lib/docker/ %dir %{_localstatedir}/lib/docker/
%{_unitdir}/%{realname}.service %{_unitdir}/%{name}.service
%{_sysusersdir}/%{name}.conf %{_sysusersdir}/%{name}.conf
%dir %{_sysconfdir}/docker %dir %{_sysconfdir}/docker
%config(noreplace) %{_sysconfdir}/docker/daemon.json %config(noreplace) %{_sysconfdir}/docker/daemon.json
%{_fillupdir}/sysconfig.docker %{_fillupdir}/sysconfig.docker
%config %{_sysconfdir}/audit/rules.d/%{realname}.rules %config %{_sysconfdir}/audit/rules.d/%{name}.rules
%{_udevrulesdir}/80-%{realname}.rules %{_udevrulesdir}/80-%{name}.rules
%{_mandir}/man1/docker-*.1%{ext_man} %{_mandir}/man1/docker-*.1%{ext_man}
%{_mandir}/man1/docker.1%{ext_man} %{_mandir}/man1/docker.1%{ext_man}
@ -402,14 +338,14 @@ grep -q '^dockremap:' /etc/subgid || \
%files bash-completion %files bash-completion
%defattr(-,root,root) %defattr(-,root,root)
%{_datarootdir}/bash-completion/completions/%{realname} %{_datarootdir}/bash-completion/completions/%{name}
%files zsh-completion %files zsh-completion
%defattr(-,root,root) %defattr(-,root,root)
%{_sysconfdir}/zsh_completion.d/_%{realname} %{_sysconfdir}/zsh_completion.d/_%{name}
%files fish-completion %files fish-completion
%defattr(-,root,root) %defattr(-,root,root)
%{_datadir}/fish/vendor_completions.d/%{realname}.fish %{_datadir}/fish/vendor_completions.d/%{name}.fish
%changelog %changelog