SHA256
1
0
forked from pool/docker

Accepting request 576039 from home:cyphar:containers:switch_patch_source

- Update patches to be sourced from https://github.com/suse/docker-ce (which
  are based on the upstream docker/docker-ce repo). The reason for this change
  (though it is functionally identical to the old patches) is so that public
  patch maintenance is much simpler.
  * bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch
  * bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch
  * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
  * secrets-0002-SUSE-implement-SUSE-container-secrets.patch

OBS-URL: https://build.opensuse.org/request/show/576039
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=235
This commit is contained in:
Aleksa Sarai 2018-02-13 11:34:28 +00:00 committed by Git OBS Bridge
parent 6643e811f1
commit cdaf1b8273
6 changed files with 61 additions and 50 deletions

View File

@ -1,4 +1,4 @@
From b492588a54b8efa1fba1de700cb3e0ad3fe665d9 Mon Sep 17 00:00:00 2001
From e57d7270deb50c31ac1f732d8f28812e5b809062 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Thu, 16 Nov 2017 17:09:16 +1100
Subject: [PATCH] pkg: devmapper: dynamically load dm_task_deferred_remove
@ -19,18 +19,18 @@ default (libdm_dlsym_deferred_remove).
SUSE-Bugs: bsc#1021227 bsc#1029320 bsc#1058173
Signed-off-by: Aleksa Sarai <asarai@suse.de>
---
hack/make.sh | 12 +-
components/engine/hack/make.sh | 12 +-
...> devmapper_wrapper_dynamic_deferred_remove.go} | 10 +-
...mapper_wrapper_dynamic_dlsym_deferred_remove.go | 128 +++++++++++++++++++++
.../devmapper_wrapper_no_deferred_remove.go | 6 +-
4 files changed, 149 insertions(+), 7 deletions(-)
rename pkg/devicemapper/{devmapper_wrapper_deferred_remove.go => devmapper_wrapper_dynamic_deferred_remove.go} (78%)
create mode 100644 pkg/devicemapper/devmapper_wrapper_dynamic_dlsym_deferred_remove.go
rename components/engine/pkg/devicemapper/{devmapper_wrapper_deferred_remove.go => devmapper_wrapper_dynamic_deferred_remove.go} (78%)
create mode 100644 components/engine/pkg/devicemapper/devmapper_wrapper_dynamic_dlsym_deferred_remove.go
diff --git a/hack/make.sh b/hack/make.sh
index bc18c066b66c..6e94824ad557 100755
--- a/hack/make.sh
+++ b/hack/make.sh
diff --git a/components/engine/hack/make.sh b/components/engine/hack/make.sh
index 58e0d8cd628a..3b78ddef30b0 100755
--- a/components/engine/hack/make.sh
+++ b/components/engine/hack/make.sh
@@ -112,6 +112,12 @@ if [ ! "$GOPATH" ]; then
exit 1
fi
@ -61,13 +61,13 @@ index bc18c066b66c..6e94824ad557 100755
fi
# Use these flags when compiling the tests and final binary
diff --git a/pkg/devicemapper/devmapper_wrapper_deferred_remove.go b/pkg/devicemapper/devmapper_wrapper_dynamic_deferred_remove.go
diff --git a/components/engine/pkg/devicemapper/devmapper_wrapper_deferred_remove.go b/components/engine/pkg/devicemapper/devmapper_wrapper_dynamic_deferred_remove.go
similarity index 78%
rename from pkg/devicemapper/devmapper_wrapper_deferred_remove.go
rename to pkg/devicemapper/devmapper_wrapper_dynamic_deferred_remove.go
rename from components/engine/pkg/devicemapper/devmapper_wrapper_deferred_remove.go
rename to components/engine/pkg/devicemapper/devmapper_wrapper_dynamic_deferred_remove.go
index 7f793c270868..bf57371ff4cf 100644
--- a/pkg/devicemapper/devmapper_wrapper_deferred_remove.go
+++ b/pkg/devicemapper/devmapper_wrapper_dynamic_deferred_remove.go
--- a/components/engine/pkg/devicemapper/devmapper_wrapper_deferred_remove.go
+++ b/components/engine/pkg/devicemapper/devmapper_wrapper_dynamic_deferred_remove.go
@@ -1,11 +1,15 @@
-// +build linux,cgo,!libdm_no_deferred_remove
+// +build linux,cgo,!static_build
@ -87,11 +87,11 @@ index 7f793c270868..bf57371ff4cf 100644
const LibraryDeferredRemovalSupport = true
func dmTaskDeferredRemoveFct(task *cdmTask) int {
diff --git a/pkg/devicemapper/devmapper_wrapper_dynamic_dlsym_deferred_remove.go b/pkg/devicemapper/devmapper_wrapper_dynamic_dlsym_deferred_remove.go
diff --git a/components/engine/pkg/devicemapper/devmapper_wrapper_dynamic_dlsym_deferred_remove.go b/components/engine/pkg/devicemapper/devmapper_wrapper_dynamic_dlsym_deferred_remove.go
new file mode 100644
index 000000000000..5dfb369f1ff8
--- /dev/null
+++ b/pkg/devicemapper/devmapper_wrapper_dynamic_dlsym_deferred_remove.go
+++ b/components/engine/pkg/devicemapper/devmapper_wrapper_dynamic_dlsym_deferred_remove.go
@@ -0,0 +1,128 @@
+// +build linux,cgo,!static_build
+// +build libdm_dlsym_deferred_remove,!libdm_no_deferred_remove
@ -221,10 +221,10 @@ index 000000000000..5dfb369f1ff8
+ }()
+ return int(C.dm_task_get_info((*C.struct_dm_task)(task), (*C.struct_dm_info)(unsafe.Pointer(&Cinfo))))
+}
diff --git a/pkg/devicemapper/devmapper_wrapper_no_deferred_remove.go b/pkg/devicemapper/devmapper_wrapper_no_deferred_remove.go
diff --git a/components/engine/pkg/devicemapper/devmapper_wrapper_no_deferred_remove.go b/components/engine/pkg/devicemapper/devmapper_wrapper_no_deferred_remove.go
index a880fec8c499..80b034b3ff17 100644
--- a/pkg/devicemapper/devmapper_wrapper_no_deferred_remove.go
+++ b/pkg/devicemapper/devmapper_wrapper_no_deferred_remove.go
--- a/components/engine/pkg/devicemapper/devmapper_wrapper_no_deferred_remove.go
+++ b/components/engine/pkg/devicemapper/devmapper_wrapper_no_deferred_remove.go
@@ -1,8 +1,10 @@
-// +build linux,cgo,libdm_no_deferred_remove
+// +build linux,cgo
@ -239,5 +239,5 @@ index a880fec8c499..80b034b3ff17 100644
func dmTaskDeferredRemoveFct(task *cdmTask) int {
--
2.15.1
2.16.1

View File

@ -1,4 +1,4 @@
From a24b98c0fc45d640b4eed8105033b313b8145e35 Mon Sep 17 00:00:00 2001
From ff7b94c76f343931463b5916fb3fbd2610869a1a Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Sun, 15 Oct 2017 17:06:20 +1100
Subject: [PATCH] daemon: oci: obey CL_UNPRIVILEGED for user namespaced daemon
@ -14,17 +14,16 @@ CL_UNPRIVILEGED mount flags when Docker is spawning containers with user
namespaces enabled.
SUSE-Bug: https://bugzilla.suse.com/show_bug.cgi?id=1055676
SUSE-Backport: https://github.com/moby/moby/pull/35205
Signed-off-by: Aleksa Sarai <asarai@suse.de>
---
daemon/oci_linux.go | 46 ++++++++++++++++++++++++++++++++++++++++++++++
components/engine/daemon/oci_linux.go | 46 +++++++++++++++++++++++++++++++++++
1 file changed, 46 insertions(+)
diff --git a/daemon/oci_linux.go b/daemon/oci_linux.go
index 0f8a392c2621..89ac627ff090 100644
--- a/daemon/oci_linux.go
+++ b/daemon/oci_linux.go
@@ -26,6 +26,7 @@ import (
diff --git a/components/engine/daemon/oci_linux.go b/components/engine/daemon/oci_linux.go
index 6917b4841429..936cb8f998ca 100644
--- a/components/engine/daemon/oci_linux.go
+++ b/components/engine/daemon/oci_linux.go
@@ -27,6 +27,7 @@ import (
"github.com/opencontainers/runc/libcontainer/user"
specs "github.com/opencontainers/runtime-spec/specs-go"
"github.com/sirupsen/logrus"
@ -71,7 +70,7 @@ index 0f8a392c2621..89ac627ff090 100644
var (
mountPropagationMap = map[string]int{
"private": mount.PRIVATE,
@@ -575,6 +608,19 @@ func setMounts(daemon *Daemon, s *specs.Spec, c *container.Container, mounts []c
@@ -586,6 +619,19 @@ func setMounts(daemon *Daemon, s *specs.Spec, c *container.Container, mounts []c
opts = append(opts, mountPropagationReverseMap[pFlag])
}
@ -92,5 +91,5 @@ index 0f8a392c2621..89ac627ff090 100644
s.Mounts = append(s.Mounts, mt)
}
--
2.15.0
2.16.1

View File

@ -1,3 +1,15 @@
-------------------------------------------------------------------
Tue Feb 13 10:45:58 UTC 2018 - asarai@suse.com
- Update patches to be sourced from https://github.com/suse/docker-ce (which
are based on the upstream docker/docker-ce repo). The reason for this change
(though it is functionally identical to the old patches) is so that public
patch maintenance is much simpler.
* bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch
* bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
-------------------------------------------------------------------
Fri Jan 19 14:12:32 UTC 2018 - asarai@suse.com

View File

@ -184,13 +184,13 @@ Test package for docker. It contains the source code and the tests.
# nothing
%else
# PATCH-SUSE: Secrets patches.
%patch200 -p1 -d components/engine
%patch201 -p1 -d components/engine
%patch200 -p1
%patch201 -p1
%endif
# bsc#1055676
%patch400 -p1 -d components/engine
%patch400 -p1
# bsc#1021227 bsc#1029320 bsc#1058173
%patch401 -p1 -d components/engine
%patch401 -p1
cp %{SOURCE7} .
cp %{SOURCE9} .

View File

@ -1,4 +1,4 @@
From 5022c3554723040682444e324cd26ec8e2500131 Mon Sep 17 00:00:00 2001
From c607825b73e5f850b3804a10e9f3c8684cb29d16 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Wed, 8 Mar 2017 12:41:54 +1100
Subject: [PATCH 1/2] daemon: allow directory creation in /run/secrets
@ -10,13 +10,13 @@ useful for creating directories and subdirectories of secrets.
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
Signed-off-by: Aleksa Sarai <asarai@suse.de>
---
daemon/container_operations_unix.go | 24 +++++++++++++++++++++---
.../engine/daemon/container_operations_unix.go | 24 +++++++++++++++++++---
1 file changed, 21 insertions(+), 3 deletions(-)
diff --git a/daemon/container_operations_unix.go b/daemon/container_operations_unix.go
diff --git a/components/engine/daemon/container_operations_unix.go b/components/engine/daemon/container_operations_unix.go
index 954c194ea836..3ef1e0262edc 100644
--- a/daemon/container_operations_unix.go
+++ b/daemon/container_operations_unix.go
--- a/components/engine/daemon/container_operations_unix.go
+++ b/components/engine/daemon/container_operations_unix.go
@@ -3,6 +3,7 @@
package daemon
@ -70,5 +70,5 @@ index 954c194ea836..3ef1e0262edc 100644
return errors.Wrap(err, "error setting ownership for secret")
}
--
2.15.1
2.16.1

View File

@ -1,4 +1,4 @@
From a84aa9152b50ea1fd73a7d09246ac056534d0e48 Mon Sep 17 00:00:00 2001
From 3a7cd305f75fabc49460066e5452458a524ead5c Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Wed, 8 Mar 2017 11:43:29 +1100
Subject: [PATCH 2/2] SUSE: implement SUSE container secrets
@ -13,15 +13,15 @@ MAKES BUILDS NOT ENTIRELY REPRODUCIBLE.
SUSE-Bugs: bsc#1057743 bsc#1055676 bsc#1030702
Signed-off-by: Aleksa Sarai <asarai@suse.de>
---
daemon/start.go | 5 +
daemon/suse_secrets.go | 391 +++++++++++++++++++++++++++++++++++++++++++++++++
components/engine/daemon/start.go | 5 +
components/engine/daemon/suse_secrets.go | 391 +++++++++++++++++++++++++++++++
2 files changed, 396 insertions(+)
create mode 100644 daemon/suse_secrets.go
create mode 100644 components/engine/daemon/suse_secrets.go
diff --git a/daemon/start.go b/daemon/start.go
index de32a649d7ed..2b6137d315e9 100644
--- a/daemon/start.go
+++ b/daemon/start.go
diff --git a/components/engine/daemon/start.go b/components/engine/daemon/start.go
index 55438cf2c45f..7dfa6cd1d055 100644
--- a/components/engine/daemon/start.go
+++ b/components/engine/daemon/start.go
@@ -147,6 +147,11 @@ func (daemon *Daemon) containerStart(container *container.Container, checkpoint
return err
}
@ -34,11 +34,11 @@ index de32a649d7ed..2b6137d315e9 100644
spec, err := daemon.createSpec(container)
if err != nil {
return systemError{err}
diff --git a/daemon/suse_secrets.go b/daemon/suse_secrets.go
diff --git a/components/engine/daemon/suse_secrets.go b/components/engine/daemon/suse_secrets.go
new file mode 100644
index 000000000000..9d0788f0410d
--- /dev/null
+++ b/daemon/suse_secrets.go
+++ b/components/engine/daemon/suse_secrets.go
@@ -0,0 +1,391 @@
+/*
+ * suse-secrets: patch for Docker to implement SUSE secrets
@ -432,5 +432,5 @@ index 000000000000..9d0788f0410d
+ return nil
+}
--
2.15.1
2.16.1