SHA256
1
0
forked from pool/docker
Jordi Massaguer 2017-04-20 10:54:05 +00:00 committed by Git OBS Bridge
parent fed8ecda73
commit da53caf134
9 changed files with 37 additions and 128 deletions

View File

@ -3,8 +3,8 @@
<param name="url">https://github.com/docker/docker.git</param> <param name="url">https://github.com/docker/docker.git</param>
<param name="scm">git</param> <param name="scm">git</param>
<param name="exclude">.git</param> <param name="exclude">.git</param>
<param name="versionformat">1.13.0</param> <param name="versionformat">17.04.0_ce</param>
<param name="revision">v1.13.0</param> <param name="revision">v17.04.0-ce</param>
</service> </service>
<service name="recompress" mode="disabled"> <service name="recompress" mode="disabled">
<param name="file">docker-*.tar</param> <param name="file">docker-*.tar</param>

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1da90f2f637d55c7bef034761f0781a7cc4facdefc50b9d77f0c6a78185efe0a
size 5130016

3
docker-17.04.0_ce.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c192552cebebba3e5af60af995fb7fd6f6423b8df71574e8a1f188878ae21913
size 4574004

View File

@ -1,3 +1,24 @@
-------------------------------------------------------------------
Tue Apr 18 15:38:11 UTC 2017 - jmassaguerpla@suse.com
- Fix secrets-0002-SUSE-implement-SUSE-container-secrets.patch:
substitute docker/distribution/digest by opencontainers/digest
-------------------------------------------------------------------
Thu Apr 13 14:34:35 UTC 2017 - jmassaguerpla@suse.com
- Update to version 17.04.0-ce (fix bsc#1034053 )
- Patches removed because have been merged into this version:
* pr31549-cmd-docker-fix-TestDaemonCommand.patch
* pr31773-daemon-also-ensureDefaultApparmorProfile-in-exec-pat.patch
- Patches rebased:
* integration-cli-fix-TestInfoEnsureSucceeds.patch
- Build man pages for all archs (bsc#953182)
- Containers cannot resolve DNS if docker host uses 127.0.0.1 as resolver (bsc#1034063)
see /usr/share/doc/packages/docker/CHANGELOG.md
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Apr 12 09:54:18 UTC 2017 - jmassaguerpla@suse.com Wed Apr 12 09:54:18 UTC 2017 - jmassaguerpla@suse.com

View File

@ -22,7 +22,7 @@
%global docker_migration_warnfile %{docker_store}/docker-update-message.txt %global docker_migration_warnfile %{docker_store}/docker-update-message.txt
%define docker_graph %{docker_store}/graph %define docker_graph %{docker_store}/graph
%define git_version 78d1802 %define git_version 78d1802
%define version_unconverted 1.13.0 %define version_unconverted 17.04.0_ce
%define __arch_install_post export NO_BRP_STRIP_DEBUG=true %define __arch_install_post export NO_BRP_STRIP_DEBUG=true
# When upgrading to a new version requires the service not to be restarted # When upgrading to a new version requires the service not to be restarted
# Due to a long migration process update last_migration_version to the new version # Due to a long migration process update last_migration_version to the new version
@ -30,7 +30,7 @@
# 1.10.1 # 1.10.1
%global last_migration_version 1.10.1 %global last_migration_version 1.10.1
Name: docker Name: docker
Version: 1.13.0 Version: 17.04.0_ce
Release: 0 Release: 0
Summary: The Linux container runtime Summary: The Linux container runtime
License: Apache-2.0 License: Apache-2.0
@ -54,8 +54,6 @@ Patch200: secrets-0001-daemon-allow-directory-creation-in-run-secrets.patc
Patch201: secrets-0002-SUSE-implement-SUSE-container-secrets.patch Patch201: secrets-0002-SUSE-implement-SUSE-container-secrets.patch
# PATCH-FIX-UPSTREAM: Backports. # PATCH-FIX-UPSTREAM: Backports.
Patch300: integration-cli-fix-TestInfoEnsureSucceeds.patch Patch300: integration-cli-fix-TestInfoEnsureSucceeds.patch
Patch301: pr31549-cmd-docker-fix-TestDaemonCommand.patch
Patch302: pr31773-daemon-also-ensureDefaultApparmorProfile-in-exec-pat.patch
BuildRequires: audit BuildRequires: audit
BuildRequires: bash-completion BuildRequires: bash-completion
BuildRequires: ca-certificates BuildRequires: ca-certificates
@ -79,13 +77,13 @@ BuildRequires: zsh
Requires: apparmor-parser Requires: apparmor-parser
Requires: bridge-utils Requires: bridge-utils
Requires: ca-certificates-mozilla Requires: ca-certificates-mozilla
Requires: docker-libnetwork = 0.0.0+git20161019.0f53435 Requires: docker-libnetwork = 0.0.0+git20170119.7b2b1fe
# Containerd and runC are required as they are the only currently supported # Containerd and runC are required as they are the only currently supported
# execdrivers of Docker. NOTE: The version pinning here matches upstream's # execdrivers of Docker. NOTE: The version pinning here matches upstream's
# Dockerfile to ensure that we don't use a slightly incompatible version of # Dockerfile to ensure that we don't use a slightly incompatible version of
# runC or containerd (which would be bad). # runC or containerd (which would be bad).
Requires: containerd = 0.2.5+gitr608_03e5862 Requires: containerd = 0.2.5+gitr639_422e31c
Requires: runc = 0.1.1+gitr2942_2f7393a Requires: runc = 0.1.1+gitr2947_9c2d8d1
# Provides mkfs.ext4 - used by Docker when devicemapper storage driver is used # Provides mkfs.ext4 - used by Docker when devicemapper storage driver is used
Requires: e2fsprogs Requires: e2fsprogs
Requires: git-core >= 1.7 Requires: git-core >= 1.7
@ -168,8 +166,6 @@ Test package for docker. It contains the source code and the tests.
%patch201 -p1 %patch201 -p1
%endif %endif
%patch300 -p1 %patch300 -p1
%patch301 -p1
%patch302 -p1
cp %{SOURCE7} . cp %{SOURCE7} .
cp %{SOURCE10} . cp %{SOURCE10} .
@ -376,7 +372,7 @@ fi
%files %files
%defattr(-,root,root) %defattr(-,root,root)
%doc README.md LICENSE README_SUSE.md %doc README.md LICENSE README_SUSE.md CHANGELOG.md
%{_bindir}/docker %{_bindir}/docker
%{_bindir}/dockerd %{_bindir}/dockerd
%{_sbindir}/rcdocker %{_sbindir}/rcdocker

View File

@ -1,13 +1,13 @@
diff --git a/integration-cli/docker_cli_info_test.go b/integration-cli/docker_cli_info_test.go diff --git a/integration-cli/docker_cli_info_test.go b/integration-cli/docker_cli_info_test.go
index 62ce7e2..46516f9 100644 index 5eb2f0f..39f93bd 100644
--- a/integration-cli/docker_cli_info_test.go --- a/integration-cli/docker_cli_info_test.go
+++ b/integration-cli/docker_cli_info_test.go +++ b/integration-cli/docker_cli_info_test.go
@@ -40,7 +40,7 @@ func (s *DockerSuite) TestInfoEnsureSucceeds(c *check.C) { @@ -41,7 +41,7 @@ func (s *DockerSuite) TestInfoEnsureSucceeds(c *check.C) {
} }
if DaemonIsLinux.Condition() { if DaemonIsLinux() {
- stringsToCheck = append(stringsToCheck, "Runtimes:", "Default Runtime: runc") - stringsToCheck = append(stringsToCheck, "Runtimes:", "Default Runtime: runc")
+ stringsToCheck = append(stringsToCheck, "Runtimes:", "Default Runtime: oci") + stringsToCheck = append(stringsToCheck, "Runtimes:", "Default Runtime: oci")
} }
if experimentalDaemon { if testEnv.ExperimentalDaemon() {

View File

@ -1,49 +0,0 @@
From dd7159060f60ea04007c069df189a29fda2c655f Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Sun, 5 Mar 2017 15:25:11 +1100
Subject: [PATCH] cmd: docker: fix TestDaemonCommand
In more recent versions of Cobra, `--help` parsing is done before
anything else resulting in TestDaemonCommand not actually passing. I'm
actually unsure if this test ever passed since it appears that !daemon
is not being run as part of the test suite.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
---
cmd/docker/daemon_none.go | 6 ++++--
cmd/docker/daemon_none_test.go | 2 +-
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/cmd/docker/daemon_none.go b/cmd/docker/daemon_none.go
index 65f9f37be22f..6fbd00012526 100644
--- a/cmd/docker/daemon_none.go
+++ b/cmd/docker/daemon_none.go
@@ -12,8 +12,10 @@ import (
func newDaemonCommand() *cobra.Command {
return &cobra.Command{
- Use: "daemon",
- Hidden: true,
+ Use: "daemon",
+ Hidden: true,
+ Args: cobra.ArbitraryArgs,
+ DisableFlagParsing: true,
RunE: func(cmd *cobra.Command, args []string) error {
return runDaemon()
},
diff --git a/cmd/docker/daemon_none_test.go b/cmd/docker/daemon_none_test.go
index 32032fe1b344..bd42add98696 100644
--- a/cmd/docker/daemon_none_test.go
+++ b/cmd/docker/daemon_none_test.go
@@ -10,7 +10,7 @@ import (
func TestDaemonCommand(t *testing.T) {
cmd := newDaemonCommand()
- cmd.SetArgs([]string{"--help"})
+ cmd.SetArgs([]string{"--version"})
err := cmd.Execute()
assert.Error(t, err, "Please run `dockerd`")
--
2.12.0

View File

@ -1,59 +0,0 @@
From 790a81ea9acce318d0e037771c253951b874140b Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Mon, 13 Mar 2017 14:57:35 +1100
Subject: [PATCH] daemon: also ensureDefaultApparmorProfile in exec path
When 567ef8e7858c ("daemon: switch to 'ensure' workflow for AppArmor
profiles") was merged, it didn't correctly handle the exec path if
AppArmor profiles were deleted. Fix this by duplicating the
ensureDefaultApparmorProfile code in the exec code.
Fixes: 567ef8e7858c ("daemon: switch to 'ensure' workflow for AppArmor profiles")
Signed-off-by: Aleksa Sarai <asarai@suse.de>
---
daemon/exec_linux.go | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
diff --git a/daemon/exec_linux.go b/daemon/exec_linux.go
index 5aeedc347027..bb11c11e447c 100644
--- a/daemon/exec_linux.go
+++ b/daemon/exec_linux.go
@@ -5,6 +5,7 @@ import (
"github.com/docker/docker/daemon/caps"
"github.com/docker/docker/daemon/exec"
"github.com/docker/docker/libcontainerd"
+ "github.com/opencontainers/runc/libcontainer/apparmor"
"github.com/opencontainers/runtime-spec/specs-go"
)
@@ -23,5 +24,27 @@ func execSetPlatformOpt(c *container.Container, ec *exec.Config, p *libcontainer
if ec.Privileged {
p.Capabilities = caps.GetAllCapabilities()
}
+ if apparmor.IsEnabled() {
+ var appArmorProfile string
+ if c.AppArmorProfile != "" {
+ appArmorProfile = c.AppArmorProfile
+ } else if c.HostConfig.Privileged {
+ appArmorProfile = "unconfined"
+ } else {
+ appArmorProfile = "docker-default"
+ }
+
+ if appArmorProfile == "docker-default" {
+ // Unattended upgrades and other fun services can unload AppArmor
+ // profiles inadvertently. Since we cannot store our profile in
+ // /etc/apparmor.d, nor can we practically add other ways of
+ // telling the system to keep our profile loaded, in order to make
+ // sure that we keep the default profile enabled we dynamically
+ // reload it if necessary.
+ if err := ensureDefaultAppArmorProfile(); err != nil {
+ return err
+ }
+ }
+ }
return nil
}
--
2.12.0

View File

@ -66,7 +66,7 @@ index 000000000000..591abc998e67
+ "syscall" + "syscall"
+ +
+ "github.com/Sirupsen/logrus" + "github.com/Sirupsen/logrus"
+ "github.com/docker/distribution/digest" + "github.com/opencontainers/go-digest"
+ "github.com/docker/docker/container" + "github.com/docker/docker/container"
+ +
+ swarmtypes "github.com/docker/docker/api/types/swarm" + swarmtypes "github.com/docker/docker/api/types/swarm"