diff --git a/secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch b/secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch index d1ba60b..66d1782 100644 --- a/secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch +++ b/secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch @@ -70,5 +70,5 @@ index 84b7eb352f1a..dc3a48bfe47a 100644 return errors.Wrap(err, "error setting ownership for secret") } -- -2.14.2 +2.15.0 diff --git a/secrets-0002-SUSE-implement-SUSE-container-secrets.patch b/secrets-0002-SUSE-implement-SUSE-container-secrets.patch index b430bdb..0180ad0 100644 --- a/secrets-0002-SUSE-implement-SUSE-container-secrets.patch +++ b/secrets-0002-SUSE-implement-SUSE-container-secrets.patch @@ -1,4 +1,4 @@ -From afb202611a8330e0b3a7900aa2d68b7cc1d489fe Mon Sep 17 00:00:00 2001 +From 7c03750568cb9b67b763cd03f92ce45c567ca043 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 8 Mar 2017 11:43:29 +1100 Subject: [PATCH 2/2] SUSE: implement SUSE container secrets @@ -13,8 +13,8 @@ MAKES BUILDS NOT ENTIRELY REPRODUCIBLE. Signed-off-by: Aleksa Sarai --- daemon/start.go | 5 + - daemon/suse_secrets.go | 328 +++++++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 333 insertions(+) + daemon/suse_secrets.go | 331 +++++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 336 insertions(+) create mode 100644 daemon/suse_secrets.go diff --git a/daemon/start.go b/daemon/start.go @@ -35,10 +35,10 @@ index 55438cf2c45f..7dfa6cd1d055 100644 return err diff --git a/daemon/suse_secrets.go b/daemon/suse_secrets.go new file mode 100644 -index 000000000000..b09ad96f01b0 +index 000000000000..b6914adf09ce --- /dev/null +++ b/daemon/suse_secrets.go -@@ -0,0 +1,328 @@ +@@ -0,0 +1,331 @@ +/* + * suse-secrets: patch for Docker to implement SUSE secrets + * Copyright (C) 2017 SUSE LLC. @@ -94,6 +94,9 @@ index 000000000000..b09ad96f01b0 +} + +func (s SuseFakeFile) id() string { ++ // NOTE: It is _very_ important that this string always has a prefix of ++ // "suse". This is how we can ensure that we can operate on ++ // SecretReferences with a confidence that it was made by us. + return fmt.Sprintf("suse_%s_%s", digest.FromBytes(s.Data).Hex(), s.Path) +} + @@ -113,7 +116,7 @@ index 000000000000..b09ad96f01b0 + // mapped). + ctrUser := idtools.IDPair{UID: s.Uid, GID: s.Gid} + hostUser := idMaps.RootPair() -+ if user, err := idMaps.ToHost(ctrUser); err != nil { ++ if user, err := idMaps.ToHost(ctrUser); err == nil { + hostUser = user + } + @@ -368,5 +371,5 @@ index 000000000000..b09ad96f01b0 + return nil +} -- -2.14.2 +2.15.0