SHA256
1
0
forked from pool/docker

Accepting request 973798 from Virtualization:containers

OBS-URL: https://build.opensuse.org/request/show/973798
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=120
This commit is contained in:
Dominique Leuenberger 2022-05-01 16:53:27 +00:00 committed by Git OBS Bridge
commit be2248fdb1
8 changed files with 41107 additions and 17 deletions

View File

@ -1,7 +1,7 @@
From f6170a9d05df85cc61f3e5373eceed61ef3d741e Mon Sep 17 00:00:00 2001 From 63d19d6ef58457e8aba6346157c9601e38f60929 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de> From: Aleksa Sarai <asarai@suse.de>
Date: Wed, 8 Mar 2017 12:41:54 +1100 Date: Wed, 8 Mar 2017 12:41:54 +1100
Subject: [PATCH 1/5] SECRETS: daemon: allow directory creation in /run/secrets Subject: [PATCH 1/6] SECRETS: daemon: allow directory creation in /run/secrets
Since FileMode can have the directory bit set, allow a SecretStore Since FileMode can have the directory bit set, allow a SecretStore
implementation to return secrets that are actually directories. This is implementation to return secrets that are actually directories. This is
@ -73,5 +73,5 @@ index 6a50b99bd29e..583db20aa459 100644
return errors.Wrap(err, "error setting ownership for secret") return errors.Wrap(err, "error setting ownership for secret")
} }
-- --
2.33.1 2.35.1

View File

@ -1,7 +1,7 @@
From a28715c97b87152c41538b137f8ad49003db1756 Mon Sep 17 00:00:00 2001 From a472a5da8d0aeb21b4cb6fbd2dc348a753c0a883 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de> From: Aleksa Sarai <asarai@suse.de>
Date: Wed, 8 Mar 2017 11:43:29 +1100 Date: Wed, 8 Mar 2017 11:43:29 +1100
Subject: [PATCH 2/5] SECRETS: SUSE: implement SUSE container secrets Subject: [PATCH 2/6] SECRETS: SUSE: implement SUSE container secrets
This allows for us to pass in host credentials to a container, allowing This allows for us to pass in host credentials to a container, allowing
for SUSEConnect to work with containers. for SUSEConnect to work with containers.
@ -451,5 +451,5 @@ index 000000000000..9ee33adf7497
+ return nil + return nil
+} +}
-- --
2.33.1 2.35.1

View File

@ -1,7 +1,7 @@
From 4914111dcaf1257a9dd3f9f7a089de17c7dc6752 Mon Sep 17 00:00:00 2001 From 098dd769a226407da7a695ae44cf2e41a5d13a4a Mon Sep 17 00:00:00 2001
From: Valentin Rothberg <vrothberg@suse.com> From: Valentin Rothberg <vrothberg@suse.com>
Date: Mon, 2 Jul 2018 13:37:34 +0200 Date: Mon, 2 Jul 2018 13:37:34 +0200
Subject: [PATCH 3/5] PRIVATE-REGISTRY: add private-registry mirror support Subject: [PATCH 3/6] PRIVATE-REGISTRY: add private-registry mirror support
NOTE: This is a backport/downstream patch of the upstream pull-request NOTE: This is a backport/downstream patch of the upstream pull-request
for Moby, which is still subject to changes. Please visit for Moby, which is still subject to changes. Please visit
@ -444,10 +444,10 @@ index c8ddd4c5cfcd..b17e9d25d6c2 100644
return err return err
} }
diff --git a/distribution/pull_v2.go b/distribution/pull_v2.go diff --git a/distribution/pull_v2.go b/distribution/pull_v2.go
index 023ee2e71efd..e14cdd16b410 100644 index 123abf6b497a..097ead45d0fd 100644
--- a/distribution/pull_v2.go --- a/distribution/pull_v2.go
+++ b/distribution/pull_v2.go +++ b/distribution/pull_v2.go
@@ -431,7 +431,7 @@ func (p *v2Puller) pullV2Tag(ctx context.Context, ref reference.Named, platform @@ -432,7 +432,7 @@ func (p *v2Puller) pullV2Tag(ctx context.Context, ref reference.Named, platform
// the other side speaks the v2 protocol. // the other side speaks the v2 protocol.
p.confirmedV2 = true p.confirmedV2 = true
@ -1142,5 +1142,5 @@ index 3e3a5b41ffbd..451a6f874bc1 100644
endpoints = []APIEndpoint{ endpoints = []APIEndpoint{
-- --
2.33.1 2.35.1

View File

@ -1,7 +1,7 @@
From 29779c3e010e387ef037e5ef9a33cf05a14c79ea Mon Sep 17 00:00:00 2001 From 5e84bae968f7beadd92452795cfe2ce4f8995cef Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de> From: Aleksa Sarai <asarai@suse.de>
Date: Fri, 29 Jun 2018 17:59:30 +1000 Date: Fri, 29 Jun 2018 17:59:30 +1000
Subject: [PATCH 4/5] bsc1073877: apparmor: clobber docker-default profile on Subject: [PATCH 4/6] bsc1073877: apparmor: clobber docker-default profile on
start start
In the process of making docker-default reloading far less expensive, In the process of making docker-default reloading far less expensive,
@ -85,5 +85,5 @@ index 2a2fbbd52e19..0999ac3186b7 100644
} }
-- --
2.33.1 2.35.1

View File

@ -1,7 +1,7 @@
From a6aa2a591d31f43e01ba29abdf73658b34fded49 Mon Sep 17 00:00:00 2001 From 98822d2010c709e64d5e86d7ec8e054861080a53 Mon Sep 17 00:00:00 2001
From: Michal Rostecki <mrostecki@opensuse.org> From: Michal Rostecki <mrostecki@opensuse.org>
Date: Thu, 8 Apr 2021 14:42:02 +0100 Date: Thu, 8 Apr 2021 14:42:02 +0100
Subject: [PATCH 5/5] bsc1183855: btrfs: Do not disable quota on cleanup Subject: [PATCH 5/6] bsc1183855: btrfs: Do not disable quota on cleanup
Before this change, cleanup of the btrfs driver (occuring on each daemon Before this change, cleanup of the btrfs driver (occuring on each daemon
shutdown) resulted in disabling quotas. It was done with an assumption shutdown) resulted in disabling quotas. It was done with an assumption
@ -140,5 +140,5 @@ index 8fd2854a2673..32c4f07c620d 100644
} }
if err := subvolLimitQgroup(dir, size); err != nil { if err := subvolLimitQgroup(dir, size); err != nil {
-- --
2.33.1 2.35.1

File diff suppressed because it is too large Load Diff

View File

@ -1,3 +1,16 @@
-------------------------------------------------------------------
Fri Apr 29 02:51:43 UTC 2022 - Aleksa Sarai <asarai@suse.com>
- Add patch to update golang.org/x/crypto for CVE-2021-43565 and CVE-2022-27191.
bsc#1193930 bsc#1197284
* 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Apr 14 04:09:58 UTC 2022 - Aleksa Sarai <asarai@suse.com> Thu Apr 14 04:09:58 UTC 2022 - Aleksa Sarai <asarai@suse.com>

View File

@ -94,6 +94,9 @@ Patch200: 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
Patch300: 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch Patch300: 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
# SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/42273. bsc#1183855 bsc#1175081 # SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/42273. bsc#1183855 bsc#1175081
Patch301: 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch Patch301: 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
# SUSE-BACKPORT: Backport of several golang.org/x/crypto updates.
# bsc#1193930 CVE-2021-43565 bsc#1197284 CVE-2022-27191
Patch302: 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
BuildRequires: audit BuildRequires: audit
BuildRequires: bash-completion BuildRequires: bash-completion
BuildRequires: ca-certificates BuildRequires: ca-certificates
@ -262,6 +265,8 @@ docker container runtime configuration for kubeadm
%patch300 -p1 %patch300 -p1
# bsc#1183855 bsc#1175081 # bsc#1183855 bsc#1175081
%patch301 -p1 %patch301 -p1
# bsc#1193930 CVE-2021-43565 bsc#1197284 CVE-2022-27191
%patch302 -p1
# README_SUSE.md for documentation. # README_SUSE.md for documentation.
cp %{SOURCE103} . cp %{SOURCE103} .