forked from pool/docker
Accepting request 576039 from home:cyphar:containers:switch_patch_source
- Update patches to be sourced from https://github.com/suse/docker-ce (which are based on the upstream docker/docker-ce repo). The reason for this change (though it is functionally identical to the old patches) is so that public patch maintenance is much simpler. * bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch * bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch * secrets-0002-SUSE-implement-SUSE-container-secrets.patch OBS-URL: https://build.opensuse.org/request/show/576039 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=235
This commit is contained in:
parent
6643e811f1
commit
cdaf1b8273
@ -1,4 +1,4 @@
|
||||
From b492588a54b8efa1fba1de700cb3e0ad3fe665d9 Mon Sep 17 00:00:00 2001
|
||||
From e57d7270deb50c31ac1f732d8f28812e5b809062 Mon Sep 17 00:00:00 2001
|
||||
From: Aleksa Sarai <asarai@suse.de>
|
||||
Date: Thu, 16 Nov 2017 17:09:16 +1100
|
||||
Subject: [PATCH] pkg: devmapper: dynamically load dm_task_deferred_remove
|
||||
@ -19,18 +19,18 @@ default (libdm_dlsym_deferred_remove).
|
||||
SUSE-Bugs: bsc#1021227 bsc#1029320 bsc#1058173
|
||||
Signed-off-by: Aleksa Sarai <asarai@suse.de>
|
||||
---
|
||||
hack/make.sh | 12 +-
|
||||
components/engine/hack/make.sh | 12 +-
|
||||
...> devmapper_wrapper_dynamic_deferred_remove.go} | 10 +-
|
||||
...mapper_wrapper_dynamic_dlsym_deferred_remove.go | 128 +++++++++++++++++++++
|
||||
.../devmapper_wrapper_no_deferred_remove.go | 6 +-
|
||||
4 files changed, 149 insertions(+), 7 deletions(-)
|
||||
rename pkg/devicemapper/{devmapper_wrapper_deferred_remove.go => devmapper_wrapper_dynamic_deferred_remove.go} (78%)
|
||||
create mode 100644 pkg/devicemapper/devmapper_wrapper_dynamic_dlsym_deferred_remove.go
|
||||
rename components/engine/pkg/devicemapper/{devmapper_wrapper_deferred_remove.go => devmapper_wrapper_dynamic_deferred_remove.go} (78%)
|
||||
create mode 100644 components/engine/pkg/devicemapper/devmapper_wrapper_dynamic_dlsym_deferred_remove.go
|
||||
|
||||
diff --git a/hack/make.sh b/hack/make.sh
|
||||
index bc18c066b66c..6e94824ad557 100755
|
||||
--- a/hack/make.sh
|
||||
+++ b/hack/make.sh
|
||||
diff --git a/components/engine/hack/make.sh b/components/engine/hack/make.sh
|
||||
index 58e0d8cd628a..3b78ddef30b0 100755
|
||||
--- a/components/engine/hack/make.sh
|
||||
+++ b/components/engine/hack/make.sh
|
||||
@@ -112,6 +112,12 @@ if [ ! "$GOPATH" ]; then
|
||||
exit 1
|
||||
fi
|
||||
@ -61,13 +61,13 @@ index bc18c066b66c..6e94824ad557 100755
|
||||
fi
|
||||
|
||||
# Use these flags when compiling the tests and final binary
|
||||
diff --git a/pkg/devicemapper/devmapper_wrapper_deferred_remove.go b/pkg/devicemapper/devmapper_wrapper_dynamic_deferred_remove.go
|
||||
diff --git a/components/engine/pkg/devicemapper/devmapper_wrapper_deferred_remove.go b/components/engine/pkg/devicemapper/devmapper_wrapper_dynamic_deferred_remove.go
|
||||
similarity index 78%
|
||||
rename from pkg/devicemapper/devmapper_wrapper_deferred_remove.go
|
||||
rename to pkg/devicemapper/devmapper_wrapper_dynamic_deferred_remove.go
|
||||
rename from components/engine/pkg/devicemapper/devmapper_wrapper_deferred_remove.go
|
||||
rename to components/engine/pkg/devicemapper/devmapper_wrapper_dynamic_deferred_remove.go
|
||||
index 7f793c270868..bf57371ff4cf 100644
|
||||
--- a/pkg/devicemapper/devmapper_wrapper_deferred_remove.go
|
||||
+++ b/pkg/devicemapper/devmapper_wrapper_dynamic_deferred_remove.go
|
||||
--- a/components/engine/pkg/devicemapper/devmapper_wrapper_deferred_remove.go
|
||||
+++ b/components/engine/pkg/devicemapper/devmapper_wrapper_dynamic_deferred_remove.go
|
||||
@@ -1,11 +1,15 @@
|
||||
-// +build linux,cgo,!libdm_no_deferred_remove
|
||||
+// +build linux,cgo,!static_build
|
||||
@ -87,11 +87,11 @@ index 7f793c270868..bf57371ff4cf 100644
|
||||
const LibraryDeferredRemovalSupport = true
|
||||
|
||||
func dmTaskDeferredRemoveFct(task *cdmTask) int {
|
||||
diff --git a/pkg/devicemapper/devmapper_wrapper_dynamic_dlsym_deferred_remove.go b/pkg/devicemapper/devmapper_wrapper_dynamic_dlsym_deferred_remove.go
|
||||
diff --git a/components/engine/pkg/devicemapper/devmapper_wrapper_dynamic_dlsym_deferred_remove.go b/components/engine/pkg/devicemapper/devmapper_wrapper_dynamic_dlsym_deferred_remove.go
|
||||
new file mode 100644
|
||||
index 000000000000..5dfb369f1ff8
|
||||
--- /dev/null
|
||||
+++ b/pkg/devicemapper/devmapper_wrapper_dynamic_dlsym_deferred_remove.go
|
||||
+++ b/components/engine/pkg/devicemapper/devmapper_wrapper_dynamic_dlsym_deferred_remove.go
|
||||
@@ -0,0 +1,128 @@
|
||||
+// +build linux,cgo,!static_build
|
||||
+// +build libdm_dlsym_deferred_remove,!libdm_no_deferred_remove
|
||||
@ -221,10 +221,10 @@ index 000000000000..5dfb369f1ff8
|
||||
+ }()
|
||||
+ return int(C.dm_task_get_info((*C.struct_dm_task)(task), (*C.struct_dm_info)(unsafe.Pointer(&Cinfo))))
|
||||
+}
|
||||
diff --git a/pkg/devicemapper/devmapper_wrapper_no_deferred_remove.go b/pkg/devicemapper/devmapper_wrapper_no_deferred_remove.go
|
||||
diff --git a/components/engine/pkg/devicemapper/devmapper_wrapper_no_deferred_remove.go b/components/engine/pkg/devicemapper/devmapper_wrapper_no_deferred_remove.go
|
||||
index a880fec8c499..80b034b3ff17 100644
|
||||
--- a/pkg/devicemapper/devmapper_wrapper_no_deferred_remove.go
|
||||
+++ b/pkg/devicemapper/devmapper_wrapper_no_deferred_remove.go
|
||||
--- a/components/engine/pkg/devicemapper/devmapper_wrapper_no_deferred_remove.go
|
||||
+++ b/components/engine/pkg/devicemapper/devmapper_wrapper_no_deferred_remove.go
|
||||
@@ -1,8 +1,10 @@
|
||||
-// +build linux,cgo,libdm_no_deferred_remove
|
||||
+// +build linux,cgo
|
||||
@ -239,5 +239,5 @@ index a880fec8c499..80b034b3ff17 100644
|
||||
|
||||
func dmTaskDeferredRemoveFct(task *cdmTask) int {
|
||||
--
|
||||
2.15.1
|
||||
2.16.1
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From a24b98c0fc45d640b4eed8105033b313b8145e35 Mon Sep 17 00:00:00 2001
|
||||
From ff7b94c76f343931463b5916fb3fbd2610869a1a Mon Sep 17 00:00:00 2001
|
||||
From: Aleksa Sarai <asarai@suse.de>
|
||||
Date: Sun, 15 Oct 2017 17:06:20 +1100
|
||||
Subject: [PATCH] daemon: oci: obey CL_UNPRIVILEGED for user namespaced daemon
|
||||
@ -14,17 +14,16 @@ CL_UNPRIVILEGED mount flags when Docker is spawning containers with user
|
||||
namespaces enabled.
|
||||
|
||||
SUSE-Bug: https://bugzilla.suse.com/show_bug.cgi?id=1055676
|
||||
SUSE-Backport: https://github.com/moby/moby/pull/35205
|
||||
Signed-off-by: Aleksa Sarai <asarai@suse.de>
|
||||
---
|
||||
daemon/oci_linux.go | 46 ++++++++++++++++++++++++++++++++++++++++++++++
|
||||
components/engine/daemon/oci_linux.go | 46 +++++++++++++++++++++++++++++++++++
|
||||
1 file changed, 46 insertions(+)
|
||||
|
||||
diff --git a/daemon/oci_linux.go b/daemon/oci_linux.go
|
||||
index 0f8a392c2621..89ac627ff090 100644
|
||||
--- a/daemon/oci_linux.go
|
||||
+++ b/daemon/oci_linux.go
|
||||
@@ -26,6 +26,7 @@ import (
|
||||
diff --git a/components/engine/daemon/oci_linux.go b/components/engine/daemon/oci_linux.go
|
||||
index 6917b4841429..936cb8f998ca 100644
|
||||
--- a/components/engine/daemon/oci_linux.go
|
||||
+++ b/components/engine/daemon/oci_linux.go
|
||||
@@ -27,6 +27,7 @@ import (
|
||||
"github.com/opencontainers/runc/libcontainer/user"
|
||||
specs "github.com/opencontainers/runtime-spec/specs-go"
|
||||
"github.com/sirupsen/logrus"
|
||||
@ -71,7 +70,7 @@ index 0f8a392c2621..89ac627ff090 100644
|
||||
var (
|
||||
mountPropagationMap = map[string]int{
|
||||
"private": mount.PRIVATE,
|
||||
@@ -575,6 +608,19 @@ func setMounts(daemon *Daemon, s *specs.Spec, c *container.Container, mounts []c
|
||||
@@ -586,6 +619,19 @@ func setMounts(daemon *Daemon, s *specs.Spec, c *container.Container, mounts []c
|
||||
opts = append(opts, mountPropagationReverseMap[pFlag])
|
||||
}
|
||||
|
||||
@ -92,5 +91,5 @@ index 0f8a392c2621..89ac627ff090 100644
|
||||
s.Mounts = append(s.Mounts, mt)
|
||||
}
|
||||
--
|
||||
2.15.0
|
||||
2.16.1
|
||||
|
||||
|
@ -1,3 +1,15 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Feb 13 10:45:58 UTC 2018 - asarai@suse.com
|
||||
|
||||
- Update patches to be sourced from https://github.com/suse/docker-ce (which
|
||||
are based on the upstream docker/docker-ce repo). The reason for this change
|
||||
(though it is functionally identical to the old patches) is so that public
|
||||
patch maintenance is much simpler.
|
||||
* bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch
|
||||
* bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch
|
||||
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
|
||||
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jan 19 14:12:32 UTC 2018 - asarai@suse.com
|
||||
|
||||
|
@ -184,13 +184,13 @@ Test package for docker. It contains the source code and the tests.
|
||||
# nothing
|
||||
%else
|
||||
# PATCH-SUSE: Secrets patches.
|
||||
%patch200 -p1 -d components/engine
|
||||
%patch201 -p1 -d components/engine
|
||||
%patch200 -p1
|
||||
%patch201 -p1
|
||||
%endif
|
||||
# bsc#1055676
|
||||
%patch400 -p1 -d components/engine
|
||||
%patch400 -p1
|
||||
# bsc#1021227 bsc#1029320 bsc#1058173
|
||||
%patch401 -p1 -d components/engine
|
||||
%patch401 -p1
|
||||
|
||||
cp %{SOURCE7} .
|
||||
cp %{SOURCE9} .
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 5022c3554723040682444e324cd26ec8e2500131 Mon Sep 17 00:00:00 2001
|
||||
From c607825b73e5f850b3804a10e9f3c8684cb29d16 Mon Sep 17 00:00:00 2001
|
||||
From: Aleksa Sarai <asarai@suse.de>
|
||||
Date: Wed, 8 Mar 2017 12:41:54 +1100
|
||||
Subject: [PATCH 1/2] daemon: allow directory creation in /run/secrets
|
||||
@ -10,13 +10,13 @@ useful for creating directories and subdirectories of secrets.
|
||||
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
|
||||
Signed-off-by: Aleksa Sarai <asarai@suse.de>
|
||||
---
|
||||
daemon/container_operations_unix.go | 24 +++++++++++++++++++++---
|
||||
.../engine/daemon/container_operations_unix.go | 24 +++++++++++++++++++---
|
||||
1 file changed, 21 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/daemon/container_operations_unix.go b/daemon/container_operations_unix.go
|
||||
diff --git a/components/engine/daemon/container_operations_unix.go b/components/engine/daemon/container_operations_unix.go
|
||||
index 954c194ea836..3ef1e0262edc 100644
|
||||
--- a/daemon/container_operations_unix.go
|
||||
+++ b/daemon/container_operations_unix.go
|
||||
--- a/components/engine/daemon/container_operations_unix.go
|
||||
+++ b/components/engine/daemon/container_operations_unix.go
|
||||
@@ -3,6 +3,7 @@
|
||||
package daemon
|
||||
|
||||
@ -70,5 +70,5 @@ index 954c194ea836..3ef1e0262edc 100644
|
||||
return errors.Wrap(err, "error setting ownership for secret")
|
||||
}
|
||||
--
|
||||
2.15.1
|
||||
2.16.1
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From a84aa9152b50ea1fd73a7d09246ac056534d0e48 Mon Sep 17 00:00:00 2001
|
||||
From 3a7cd305f75fabc49460066e5452458a524ead5c Mon Sep 17 00:00:00 2001
|
||||
From: Aleksa Sarai <asarai@suse.de>
|
||||
Date: Wed, 8 Mar 2017 11:43:29 +1100
|
||||
Subject: [PATCH 2/2] SUSE: implement SUSE container secrets
|
||||
@ -13,15 +13,15 @@ MAKES BUILDS NOT ENTIRELY REPRODUCIBLE.
|
||||
SUSE-Bugs: bsc#1057743 bsc#1055676 bsc#1030702
|
||||
Signed-off-by: Aleksa Sarai <asarai@suse.de>
|
||||
---
|
||||
daemon/start.go | 5 +
|
||||
daemon/suse_secrets.go | 391 +++++++++++++++++++++++++++++++++++++++++++++++++
|
||||
components/engine/daemon/start.go | 5 +
|
||||
components/engine/daemon/suse_secrets.go | 391 +++++++++++++++++++++++++++++++
|
||||
2 files changed, 396 insertions(+)
|
||||
create mode 100644 daemon/suse_secrets.go
|
||||
create mode 100644 components/engine/daemon/suse_secrets.go
|
||||
|
||||
diff --git a/daemon/start.go b/daemon/start.go
|
||||
index de32a649d7ed..2b6137d315e9 100644
|
||||
--- a/daemon/start.go
|
||||
+++ b/daemon/start.go
|
||||
diff --git a/components/engine/daemon/start.go b/components/engine/daemon/start.go
|
||||
index 55438cf2c45f..7dfa6cd1d055 100644
|
||||
--- a/components/engine/daemon/start.go
|
||||
+++ b/components/engine/daemon/start.go
|
||||
@@ -147,6 +147,11 @@ func (daemon *Daemon) containerStart(container *container.Container, checkpoint
|
||||
return err
|
||||
}
|
||||
@ -34,11 +34,11 @@ index de32a649d7ed..2b6137d315e9 100644
|
||||
spec, err := daemon.createSpec(container)
|
||||
if err != nil {
|
||||
return systemError{err}
|
||||
diff --git a/daemon/suse_secrets.go b/daemon/suse_secrets.go
|
||||
diff --git a/components/engine/daemon/suse_secrets.go b/components/engine/daemon/suse_secrets.go
|
||||
new file mode 100644
|
||||
index 000000000000..9d0788f0410d
|
||||
--- /dev/null
|
||||
+++ b/daemon/suse_secrets.go
|
||||
+++ b/components/engine/daemon/suse_secrets.go
|
||||
@@ -0,0 +1,391 @@
|
||||
+/*
|
||||
+ * suse-secrets: patch for Docker to implement SUSE secrets
|
||||
@ -432,5 +432,5 @@ index 000000000000..9d0788f0410d
|
||||
+ return nil
|
||||
+}
|
||||
--
|
||||
2.15.1
|
||||
2.16.1
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user