diff --git a/0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch b/0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch index c30fad5..15cbd34 100644 --- a/0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch +++ b/0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch @@ -1,7 +1,7 @@ -From 6a5d238a42b8adc5d29bbd9bd688aa1034f5cdfd Mon Sep 17 00:00:00 2001 +From 5dfd507cf2ab34a99d925eae7fa9a1a062c1930e Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 8 Mar 2017 12:41:54 +1100 -Subject: [PATCH 1/4] SECRETS: daemon: allow directory creation in /run/secrets +Subject: [PATCH 1/5] SECRETS: daemon: allow directory creation in /run/secrets Since FileMode can have the directory bit set, allow a SecretStore implementation to return secrets that are actually directories. This is @@ -70,5 +70,5 @@ index 5521adbd2749..c103d9349c51 100644 return errors.Wrap(err, "error setting ownership for secret") } -- -2.30.1 +2.30.2 diff --git a/0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch b/0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch index 58cb947..190a682 100644 --- a/0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch +++ b/0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch @@ -1,7 +1,7 @@ -From bf083a6f80b204325673732944b53a447f9e4171 Mon Sep 17 00:00:00 2001 +From cb696ab8168b611535c04f8780c4632a2dc0ec2a Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 8 Mar 2017 11:43:29 +1100 -Subject: [PATCH 2/4] SECRETS: SUSE: implement SUSE container secrets +Subject: [PATCH 2/5] SECRETS: SUSE: implement SUSE container secrets This allows for us to pass in host credentials to a container, allowing for SUSEConnect to work with containers. @@ -451,5 +451,5 @@ index 000000000000..9ee33adf7497 + return nil +} -- -2.30.1 +2.30.2 diff --git a/0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch b/0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch index f847574..6142fe0 100644 --- a/0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch +++ b/0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch @@ -1,7 +1,7 @@ -From 10d0381bf317221167af0930c552a8b27c7861a4 Mon Sep 17 00:00:00 2001 +From 759c1b0c2d4a3c89dea396510d2a1518ad2fcb2c Mon Sep 17 00:00:00 2001 From: Valentin Rothberg Date: Mon, 2 Jul 2018 13:37:34 +0200 -Subject: [PATCH 3/4] PRIVATE-REGISTRY: add private-registry mirror support +Subject: [PATCH 3/5] PRIVATE-REGISTRY: add private-registry mirror support NOTE: This is a backport/downstream patch of the upstream pull-request for Moby, which is still subject to changes. Please visit @@ -1142,5 +1142,5 @@ index 3e3a5b41ffbd..451a6f874bc1 100644 endpoints = []APIEndpoint{ -- -2.30.1 +2.30.2 diff --git a/0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch b/0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch index 8bf0f71..0ba5e8d 100644 --- a/0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch +++ b/0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch @@ -1,7 +1,7 @@ -From 8cf5f05b8bcb5588bec92d5732e81f26fa632fce Mon Sep 17 00:00:00 2001 +From 9f27140b54e30eed9d3428b24c3ca9c340c48394 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 29 Jun 2018 17:59:30 +1000 -Subject: [PATCH 4/4] bsc1073877: apparmor: clobber docker-default profile on +Subject: [PATCH 4/5] bsc1073877: apparmor: clobber docker-default profile on start In the process of making docker-default reloading far less expensive, @@ -85,5 +85,5 @@ index 3d8cca288010..62d3859cff8c 100644 } -- -2.30.1 +2.30.2 diff --git a/0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch b/0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch new file mode 100644 index 0000000..cd2a429 --- /dev/null +++ b/0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch @@ -0,0 +1,144 @@ +From bb452793d224b00a3700af9fdd9b0f183e1141f1 Mon Sep 17 00:00:00 2001 +From: Michal Rostecki +Date: Thu, 8 Apr 2021 14:42:02 +0100 +Subject: [PATCH 5/5] bsc1183855: btrfs: Do not disable quota on cleanup + +Before this change, cleanup of the btrfs driver (occuring on each daemon +shutdown) resulted in disabling quotas. It was done with an assumption +that quotas can be enabled or disabled on a subvolume level, which is +not true - enabling or disabling quota is always done on a filesystem +level. + +That was leading to disabling quota on btrfs filesystems on each daemon +shutdown. + +This change fixes that behavior and removes misleading `subvol` prefix +from functions and methods which set up quota (on a filesystem level). + +SUSE-Bugs: bsc#1175081 bsc#1183855 +SUSE-Upstream-Commit: 1ec689c4c2ecda24ed8495451c53072bb0497871 +Fixes: 401c8d176743 ("Add disk quota support for btrfs") +Signed-off-by: Michal Rostecki +--- + daemon/graphdriver/btrfs/btrfs.go | 50 +++++-------------------------- + 1 file changed, 8 insertions(+), 42 deletions(-) + +diff --git a/daemon/graphdriver/btrfs/btrfs.go b/daemon/graphdriver/btrfs/btrfs.go +index 0499489d16e6..0720bb571f2e 100644 +--- a/daemon/graphdriver/btrfs/btrfs.go ++++ b/daemon/graphdriver/btrfs/btrfs.go +@@ -96,7 +96,7 @@ func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap + } + + if userDiskQuota { +- if err := driver.subvolEnableQuota(); err != nil { ++ if err := driver.enableQuota(); err != nil { + return nil, err + } + } +@@ -165,18 +165,10 @@ func (d *Driver) GetMetadata(id string) (map[string]string, error) { + + // Cleanup unmounts the home directory. + func (d *Driver) Cleanup() error { +- err := d.subvolDisableQuota() +- umountErr := mount.Unmount(d.home) +- +- // in case we have two errors, prefer the one from disableQuota() +- if err != nil { ++ if err := mount.Unmount(d.home); err != nil { + return err + } + +- if umountErr != nil { +- return umountErr +- } +- + return nil + } + +@@ -334,7 +326,7 @@ func (d *Driver) updateQuotaStatus() { + d.once.Do(func() { + if !d.quotaEnabled { + // In case quotaEnabled is not set, check qgroup and update quotaEnabled as needed +- if err := subvolQgroupStatus(d.home); err != nil { ++ if err := qgroupStatus(d.home); err != nil { + // quota is still not enabled + return + } +@@ -343,7 +335,7 @@ func (d *Driver) updateQuotaStatus() { + }) + } + +-func (d *Driver) subvolEnableQuota() error { ++func (d *Driver) enableQuota() error { + d.updateQuotaStatus() + + if d.quotaEnabled { +@@ -369,32 +361,6 @@ func (d *Driver) subvolEnableQuota() error { + return nil + } + +-func (d *Driver) subvolDisableQuota() error { +- d.updateQuotaStatus() +- +- if !d.quotaEnabled { +- return nil +- } +- +- dir, err := openDir(d.home) +- if err != nil { +- return err +- } +- defer closeDir(dir) +- +- var args C.struct_btrfs_ioctl_quota_ctl_args +- args.cmd = C.BTRFS_QUOTA_CTL_DISABLE +- _, _, errno := unix.Syscall(unix.SYS_IOCTL, getDirFd(dir), C.BTRFS_IOC_QUOTA_CTL, +- uintptr(unsafe.Pointer(&args))) +- if errno != 0 { +- return fmt.Errorf("Failed to disable btrfs quota for %s: %v", dir, errno.Error()) +- } +- +- d.quotaEnabled = false +- +- return nil +-} +- + func (d *Driver) subvolRescanQuota() error { + d.updateQuotaStatus() + +@@ -437,11 +403,11 @@ func subvolLimitQgroup(path string, size uint64) error { + return nil + } + +-// subvolQgroupStatus performs a BTRFS_IOC_TREE_SEARCH on the root path ++// qgroupStatus performs a BTRFS_IOC_TREE_SEARCH on the root path + // with search key of BTRFS_QGROUP_STATUS_KEY. + // In case qgroup is enabled, the retuned key type will match BTRFS_QGROUP_STATUS_KEY. + // For more details please see https://github.com/kdave/btrfs-progs/blob/v4.9/qgroup.c#L1035 +-func subvolQgroupStatus(path string) error { ++func qgroupStatus(path string) error { + dir, err := openDir(path) + if err != nil { + return err +@@ -608,7 +574,7 @@ func (d *Driver) setStorageSize(dir string, driver *Driver) error { + if d.options.minSpace > 0 && driver.options.size < d.options.minSpace { + return fmt.Errorf("btrfs: storage size cannot be less than %s", units.HumanSize(float64(d.options.minSpace))) + } +- if err := d.subvolEnableQuota(); err != nil { ++ if err := d.enableQuota(); err != nil { + return err + } + return subvolLimitQgroup(dir, driver.options.size) +@@ -662,7 +628,7 @@ func (d *Driver) Get(id, mountLabel string) (containerfs.ContainerFS, error) { + + if quota, err := ioutil.ReadFile(d.quotasDirID(id)); err == nil { + if size, err := strconv.ParseUint(string(quota), 10, 64); err == nil && size >= d.options.minSpace { +- if err := d.subvolEnableQuota(); err != nil { ++ if err := d.enableQuota(); err != nil { + return nil, err + } + if err := subvolLimitQgroup(dir, size); err != nil { +-- +2.30.2 + diff --git a/_service b/_service index 9b8545b..29776d4 100644 --- a/_service +++ b/_service @@ -3,16 +3,16 @@ https://github.com/moby/moby.git git .git - 20.10.5_ce_%h - v20.10.5 + 20.10.6_ce_%h + v20.10.6 docker https://github.com/docker/cli.git git .git - 20.10.5_ce - v20.10.5 + 20.10.6_ce + v20.10.6 docker-cli @@ -20,7 +20,7 @@ git .git %H - fa125a3512ee0f6187721c88582bf8c4378bd4d7 + b3507428be5b458cb0e2b4086b13531fb0706e46 docker-libnetwork diff --git a/docker-20.10.5_ce_363e9a88a11b.tar.xz b/docker-20.10.5_ce_363e9a88a11b.tar.xz deleted file mode 100644 index 5520c68..0000000 --- a/docker-20.10.5_ce_363e9a88a11b.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c4bf5efa9032ba23ac7a9d49d1820f0e1fbc789dfeb8c7cdb6d4909a242dc1a4 -size 6483364 diff --git a/docker-20.10.6_ce_8728dd246c3a.tar.xz b/docker-20.10.6_ce_8728dd246c3a.tar.xz new file mode 100644 index 0000000..ec628c7 --- /dev/null +++ b/docker-20.10.6_ce_8728dd246c3a.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:620a514c43fc9ffa7fbac50d16f3479e576425ef1496c13c6b2c226be1dc54ef +size 6486364 diff --git a/docker-cli-20.10.5_ce.tar.xz b/docker-cli-20.10.5_ce.tar.xz deleted file mode 100644 index 9774bb1..0000000 --- a/docker-cli-20.10.5_ce.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a95986b5c90e357b76bbc2251cbd6da9c4adc3d689d84fe165922824e4118b16 -size 4452156 diff --git a/docker-cli-20.10.6_ce.tar.xz b/docker-cli-20.10.6_ce.tar.xz new file mode 100644 index 0000000..4d8cbef --- /dev/null +++ b/docker-cli-20.10.6_ce.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:22c42e3fb154a00627b6698573fe4b035638cfd5f5dc1d26795e096d73c1da13 +size 4409500 diff --git a/docker-libnetwork-b3507428be5b458cb0e2b4086b13531fb0706e46.tar.xz b/docker-libnetwork-b3507428be5b458cb0e2b4086b13531fb0706e46.tar.xz new file mode 100644 index 0000000..93d7a9a --- /dev/null +++ b/docker-libnetwork-b3507428be5b458cb0e2b4086b13531fb0706e46.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:29bbbfafb284edb07004fdfe2dccc43c7f8e0eb8c17e7370f13e22e6778b7745 +size 1982240 diff --git a/docker-libnetwork-fa125a3512ee0f6187721c88582bf8c4378bd4d7.tar.xz b/docker-libnetwork-fa125a3512ee0f6187721c88582bf8c4378bd4d7.tar.xz deleted file mode 100644 index aadb7e5..0000000 --- a/docker-libnetwork-fa125a3512ee0f6187721c88582bf8c4378bd4d7.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a50f42e391a98ab204eaa93e2269981be36f619c68b2bbfc3224263fbd30c4a8 -size 1982676 diff --git a/docker.changes b/docker.changes index a901309..88189c4 100644 --- a/docker.changes +++ b/docker.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Thu Apr 15 05:23:20 UTC 2021 - Aleksa Sarai + +- Update to Docker 20.10.6-ce. See upstream changelog in the packaged + /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1184768 +- Rebase patches: + * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch + * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch + * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch + * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch +- Backport upstream fix for btrfs + quotas being removed by Docker regularly. bsc#1183855 bsc#1175081 + + 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch + ------------------------------------------------------------------- Wed Mar 3 00:49:58 UTC 2021 - Aleksa Sarai diff --git a/docker.spec b/docker.spec index ea33933..aa959f8 100644 --- a/docker.spec +++ b/docker.spec @@ -42,24 +42,24 @@ # helpfully injects into our build environment from the changelog). If you want # to generate a new git_commit_epoch, use this: # $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s' -%define git_version 363e9a88a11b -%define git_commit_epoch 1614234438 +%define git_version 8728dd246c3a +%define git_commit_epoch 1618005978 # We require a specific pin of libnetwork because it doesn't really do # versioning and minor version mismatches in libnetwork can break Docker # networking. All other key runtime dependencies (containerd, runc) are stable # enough that this isn't necessary. -%define libnetwork_version fa125a3512ee0f6187721c88582bf8c4378bd4d7 +%define libnetwork_version b3507428be5b458cb0e2b4086b13531fb0706e46 %define dist_builddir %{_builddir}/dist-suse %define cli_builddir %{dist_builddir}/src/github.com/docker/cli %define proxy_builddir %{dist_builddir}/src/github.com/docker/libnetwork Name: %{realname}%{name_suffix} -Version: 20.10.5_ce +Version: 20.10.6_ce # This "nice version" is so that docker --version gives a result that can be # parsed by other people. boo#1182476 -%define nice_version 20.10.5-ce +%define nice_version 20.10.6-ce Release: 0 Summary: The Moby-project Linux container runtime License: Apache-2.0 @@ -92,6 +92,8 @@ Patch101: 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch Patch200: 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch # SUSE-BACKPORT: Backport of https://github.com/docker/docker/pull/37353. bsc#1073877 bsc#1099277 Patch300: 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch +# SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/42273. bsc#1183855 bsc#1175081 +Patch301: 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch BuildRequires: audit BuildRequires: bash-completion BuildRequires: ca-certificates @@ -257,6 +259,8 @@ docker container runtime configuration for kubeadm %endif # bsc#1099277 %patch300 -p1 +# bsc#1183855 bsc#1175081 +%patch301 -p1 # README_SUSE.md for documentation. cp %{SOURCE103} . @@ -322,7 +326,7 @@ export GOPATH="$GOPATH:$PWD" ################### pushd %{cli_builddir} -./scripts/build/dynbinary +make dynbinary mkdir -p ./man/man1 go build -buildmode=pie -o gen-manpages github.com/docker/cli/man