Accepting request 545292 from Virtualization:containers

This is an update of the Docker package, mostly just including packaging fixes. It also drops all of the v1.10.x migration logic we added a while ago. The delete request for docker-image-migrator was submitted in parallel. OBS-URL: https://build.opensuse.org/request/show/545292 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=64
2017-11-30 11:41:35 +00:00 · 2017-11-30 11:41:35 +00:00 · a75507162a
commit a75507162a
parent 41554f0a6c 08b07fd7b4
6 changed files with 43 additions and 108 deletions
--- a/docker-plugin-message.txt
+++ b/docker-plugin-message.txt
@ -1,6 +0,0 @@
-                            ***  WARNING  ***
-
-Disabling previously installed (experimental) plugins. The original plugin file
-is still available under /var/lib/docker/plugins/_plugins.json.old. This
-configuration style is no longer supported by Docker after v1.13.0 (and will
-cause it to fail to start).
--- a/docker-update-message.txt
+++ b/docker-update-message.txt
@ -1,28 +0,0 @@
-                            ***  WARNING  ***
-
-The docker service has not been restarted. 
-
-In the migration from docker<1.10.0 to docker>=1.10.0, the Docker image format
-has changed to be completely content-addressible. This results in several positive
-improvements to image operations (better caching during builds mainly). However,
-the migration operation may take several hours if you have a lot of large images
-on a Docker host. In order to ensure that you have minimum downtime, the docker
-service has not been restarted as it will trigger this migration. You may either
-restart this service at a time of your choosing or manually run the separate 
-migration tool (which will not cause downtime for your Docker daemon).
-
-You can run the migration with this command, which will exit after the migration 
-has been completed:
-
-$ %{_libexecdir}/docker-image-migrator/do-image-migration-v1to2.sh
-
-Because the migrator requires information about the storage driver used by Docker,
-the migration script will source %{_sysconfdir}/sysconfig/docker and use \$DOCKER_OPTS as
-arguments to the migrator. If this automated migration fails, it will be re-attempted
-with every known storage driver. In addition, the script accepts arguments which
-will simiarly be appended to the set of arguments (after \$DOCKER_OPTS) to the
-migrator.
-
-Restarting docker without running this separate migration tool, WILL CAUSE DOWNTIME, 
-BECAUSE DOCKER WILL RUN THE MIGRATION ON FIRST START AND YOU WILL BE UNABLE TO START 
-ANY CONTAINERS OR USE ANY DOCKER COMMANDS (EVEN CONTAINERS WITH RESTART POLICIES ACTIVE):
--- a/docker.changes
+++ b/docker.changes
@ -1,3 +1,22 @@
+-------------------------------------------------------------------
+Thu Nov 23 13:48:08 UTC 2017 - rbrown@suse.com
+
+- Replace references to /var/adm/fillup-templates with new
+  %_fillupdir macro (boo#1069468)
+
+-------------------------------------------------------------------
+Tue Nov 14 22:39:56 UTC 2017 - asarai@suse.com
+
+- Remove migration code for the v1.9.x -> v1.10.x migration. This has been
+  around for a while, and we no longer support migrating from such an old
+  version "nicely". Docker still has migration code that will run on
+  first-boot, we are merely removing all of the "nice" warnings which tell
+  users how to avoid issues during an upgrade that ocurred more than a year
+  ago.
+- Drop un-needed files:
+  - docker-plugin-message.txt
+  - docker-update-message.txt
+
 -------------------------------------------------------------------
 Tue Nov  7 16:47:01 UTC 2017 - asarai@suse.com

@ -34,7 +53,7 @@ Mon Oct 16 11:06:22 UTC 2017 - asarai@suse.com
 -------------------------------------------------------------------
 Mon Oct  9 11:36:59 UTC 2017 - asarai@suse.com

- Update to Docker v17.07-ce. Upstream changelog:
+- Update to Docker v17.07-ce (bsc#1069758). Upstream changelog:
  https://github.com/docker/docker-ce/releases/tag/v17.06.0-ce
  https://github.com/docker/docker-ce/releases/tag/v17.07.0-ce
 - Removed no-longer needed patches.
--- a/docker.spec
+++ b/docker.spec
@ -17,12 +17,14 @@
 # nodebuginfo


-%global docker_store              %{_localstatedir}/lib/docker
-%global docker_migration_testfile %{docker_store}/.suse-image-migration-v1to2-complete
-%global docker_migration_warnfile %{docker_store}/docker-update-message.txt
-%global docker_plugin_warnfile    %{docker_store}/docker-plugin-message.txt
-%define docker_graph              %{docker_store}/graph
-%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
+# Where important update information will be stored, such that an administrator
+# is guaranteed to see the relevant warning.
+%define update_messages %{_localstatedir}/adm/update-messages/%{name}-%{version}-%{release}
+
+#Compat macro for new _fillupdir macro introduced in Nov 2017
+%if ! %{defined _fillupdir}
+  %define _fillupdir /var/adm/fillup-templates
+%endif

 # Used when generating the "build" information for Docker version. The value of
 # git_commit_epoch is unused here (we use SOURCE_DATE_EPOCH, which rpm
@ -32,12 +34,6 @@
 %define git_version 87847530f717
 %define git_commit_epoch 1508266293

-# When upgrading to a new version requires the service not to be restarted
-# Due to a long migration process update last_migration_version to the new version
-# that will first perform the migration, last time this was needed was version
-# 1.10.1
-%global last_migration_version 1.10.1
-
 Name:           docker
 Version:        17.07.0_ce
 Release:        0
@ -54,8 +50,6 @@ Source6:        docker-rpmlintrc
 Source7:        README_SUSE.md
 Source8:        docker-audit.rules
 Source9:        tests.sh
-Source50:       docker-update-message.txt
-Source51:       docker-plugin-message.txt
 # SUSE-FEATURE: Adds the /run/secrets mountpoint inside all Docker containers
 # which is not snapshotted when images are committed. Note that if you modify
 # this patch, please also modify the patch in the suse-secrets-v<version>
@ -124,8 +118,6 @@ Requires:       xz >= 4.9
 Requires(post): %fillup_prereq
 Requires(post): udev
 Requires(post): shadow
-# Not necessary, but must be installed to have a smooth upgrade.
-Recommends:     docker-image-migrator
 # Not necessary, but must be installed when the underlying system is
 # configured to use lvm and the user doesn't explicitly provide a
 # different storage-driver than devicemapper
@ -342,7 +334,7 @@ install -d %{buildroot}%{go_contribdir}
 install -d %{buildroot}%{_bindir}
 install -D -m755 components/cli/build/docker %{buildroot}/%{_bindir}/docker
 install -D -m755 components/engine/bundles/latest/dynbinary-daemon/dockerd %{buildroot}/%{_bindir}/dockerd
-install -d %{buildroot}/%{_prefix}/lib/docker
+install -d %{buildroot}/%{_localstatedir}/lib/docker
 install -Dd -m 0755 \
 	%{buildroot}%{_sysconfdir}/init.d \
 	%{buildroot}%{_sbindir}
@ -370,7 +362,7 @@ install -D -m 0644 %{SOURCE3} %{buildroot}%{_udevrulesdir}/80-%{name}.rules
 install -D -m 0640 %{SOURCE8} %{buildroot}%{_sysconfdir}/audit/rules.d/%{name}.rules

 # sysconfig file
-install -D -m 644 %{SOURCE4} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.docker
+install -D -m 644 %{SOURCE4} %{buildroot}%{_fillupdir}/sysconfig.docker

 # install manpages (using the ones from the engine)
 install -d %{buildroot}%{_mandir}/man1
@ -380,54 +372,13 @@ install -p -m 644 components/cli/man/man5/Dockerfile.5 %{buildroot}%{_mandir}/ma
 install -d %{buildroot}%{_mandir}/man8
 install -p -m 644 components/cli/man/man8/*.8 %{buildroot}%{_mandir}/man8

-install -D -m 0644 %{SOURCE50} %{buildroot}%{docker_migration_warnfile}
-install -D -m 0644 %{SOURCE51} %{buildroot}%{docker_plugin_warnfile}
-
 %fdupes %{buildroot}

 %pre
-# TODO: Remove this code in the near future.
-# In order to make sure we don't print a scary warning when we shouldn't we
-# need to test these things (in this order):
-# 1. Check that %%{_localstatedir}/lib/docker actually exists (docker daemon has run).
-# 2. Check that the migrator has *not* finished.
-# 3. Check that %%{_localstatedir}/lib/docker/graph exists (this is a <=1.9.1 thing, but
-#    will stick around if it has been migrated -- which is why we need the
-#    MIGRATION_TESTFILE check).
-# 4. Check that there are images in the graph/ directory.
-if [[ -x %{_bindir}/docker && -d "%{docker_store}" && -n "$(find "%{docker_graph}" -maxdepth 1 -type d 2>/dev/null | grep -Ev '_tmp|^%{docker_graph}$')" ]]; then
-    # Check if currently installed version of docker is old enough to need migration.
-    CURRENT_DOCKER_VERSION=$(docker -v | sed 's/^.*[^0-9]\([0-9]*\.[0-9]*\.[0-9]*\).*$/\1/')
-    # This variable will contain the current docker version if migration is needed otherwise it will contain the upgrade point.
-    # Next time the docker package needs to be upgraded without restarting the service increase the 1.10.1 to the new version.
-    NEED_UPGRADE_VERSION=$(echo -e "$CURRENT_DOCKER_VERSION\n%{last_migration_version}" | sort -V | head -1)
-
-    if [[ $CURRENT_DOCKER_VERSION == $NEED_UPGRADE_VERSION ]]; then
-        touch %{docker_migration_testfile}
-    fi
-fi
-
 getent group docker >/dev/null || groupadd -r docker
 %service_add_pre %{name}.service

 %post
-if [  -e %{docker_migration_testfile} ]; then
-    cat %{docker_migration_warnfile} >> /var/adm/update-messages/docker-%{version}-%{release}
-else
-    if [ -e %{docker_migration_warnfile} ]; then
-        rm %{docker_migration_warnfile}
-    fi
-fi
-
-# TODO: Remove this code in the near future.
-# If plugins.json is present, docker will fail to start. It should be noted
-# that this was not supported by us, as it was only experimental at the time.
-# But handle this migration anyway. https://github.com/docker/docker/releases/tag/v1.13.0
-if [ -e /var/lib/docker/plugins/plugins.json ];then
-    cat %{docker_plugin_warnfile} >> /var/adm/update-messages/docker-%{version}-%{release}
-	mv /var/lib/docker/plugins/plugins.json /var/lib/docker/plugins/_plugins.json.old
-fi
-
 %service_add_post %{name}.service
 %{fillup_only -n docker}

@ -435,10 +386,6 @@ fi
 %service_del_preun %{name}.service

 %postun
-if [  -e %{docker_migration_testfile} ]; then
-    rm %{docker_migration_testfile}
-    export DISABLE_RESTART_ON_UPDATE=yes
-fi
 %service_del_postun %{name}.service

 %files
@ -450,8 +397,8 @@ fi
 %{_unitdir}/%{name}.service
 %config %{_sysconfdir}/audit/rules.d/%{name}.rules
 %{_udevrulesdir}/80-%{name}.rules
-%{_localstatedir}/adm/fillup-templates/sysconfig.docker
-%{_localstatedir}/lib/docker/
+%{_fillupdir}/sysconfig.docker
+%dir %{_localstatedir}/lib/docker/
 %{_mandir}/man1/docker-*.1%{ext_man}
 %{_mandir}/man1/docker.1%{ext_man}
 %{_mandir}/man5/Dockerfile.5%{ext_man}
--- a/secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
+++ b/secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
@ -70,5 +70,5 @@ index 84b7eb352f1a..dc3a48bfe47a 100644
 			return errors.Wrap(err, "error setting ownership for secret")
 		}
 -- 
-2.14.2
+2.15.0

--- a/secrets-0002-SUSE-implement-SUSE-container-secrets.patch
+++ b/secrets-0002-SUSE-implement-SUSE-container-secrets.patch
@ -1,4 +1,4 @@
-From afb202611a8330e0b3a7900aa2d68b7cc1d489fe Mon Sep 17 00:00:00 2001
+From 7c03750568cb9b67b763cd03f92ce45c567ca043 Mon Sep 17 00:00:00 2001
 From: Aleksa Sarai <asarai@suse.de>
 Date: Wed, 8 Mar 2017 11:43:29 +1100
 Subject: [PATCH 2/2] SUSE: implement SUSE container secrets
@ -13,8 +13,8 @@ MAKES BUILDS NOT ENTIRELY REPRODUCIBLE.
 Signed-off-by: Aleksa Sarai <asarai@suse.de>
 ---
 daemon/start.go        |   5 +
- daemon/suse_secrets.go | 328 +++++++++++++++++++++++++++++++++++++++++++++++++
- 2 files changed, 333 insertions(+)
+ daemon/suse_secrets.go | 331 +++++++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 336 insertions(+)
 create mode 100644 daemon/suse_secrets.go

 diff --git a/daemon/start.go b/daemon/start.go
@ -35,10 +35,10 @@ index 55438cf2c45f..7dfa6cd1d055 100644
 		return err
 diff --git a/daemon/suse_secrets.go b/daemon/suse_secrets.go
 new file mode 100644
-index 000000000000..b09ad96f01b0
+index 000000000000..b6914adf09ce
 --- /dev/null
 +++ b/daemon/suse_secrets.go
-@@ -0,0 +1,328 @@
+@@ -0,0 +1,331 @@
 +/*
 + * suse-secrets: patch for Docker to implement SUSE secrets
 + * Copyright (C) 2017 SUSE LLC.
@ -94,6 +94,9 @@ index 000000000000..b09ad96f01b0
 +}
 +
 +func (s SuseFakeFile) id() string {
+	// NOTE: It is _very_ important that this string always has a prefix of
+	//       "suse". This is how we can ensure that we can operate on
+	//       SecretReferences with a confidence that it was made by us.
 +	return fmt.Sprintf("suse_%s_%s", digest.FromBytes(s.Data).Hex(), s.Path)
 +}
 +
@ -113,7 +116,7 @@ index 000000000000..b09ad96f01b0
 +	// mapped).
 +	ctrUser := idtools.IDPair{UID: s.Uid, GID: s.Gid}
 +	hostUser := idMaps.RootPair()
-+	if user, err := idMaps.ToHost(ctrUser); err != nil {
+	if user, err := idMaps.ToHost(ctrUser); err == nil {
 +		hostUser = user
 +	}
 +
@ -368,5 +371,5 @@ index 000000000000..b09ad96f01b0
 +	return nil
 +}
 -- 
-2.14.2
+2.15.0