From 91c98f7c10c747f2a23cbe2a8c6e40f9538532bb5e38e74cce4c67dbac3831be Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Date: Wed, 20 Jan 2016 18:58:55 +0000 Subject: [PATCH 01/37] Review patches: - remove docker_remove_jornald....patch because we suse dyngccgo instead of dynbinary - replace gcc-go-bulid-static-libgo.patch by gcc-go-patches which patches dyngccgo instea of dynbinary - add fix-ppc64le.patch to fix ppc64le build - fix_bnc_958255.patch: fix Docker creates strange apparmor profile (bnc#958255) - use_fs_cgroups_by_default.patch: Use fs cgroups by default: https://github.com/docker/docker/commit/419fd7449fe1a984f582731fcd4d9455000846b0 - fix_cgroup.parent_path_sanitisation.patch: fix cgroup.Parent path sanitisation: https://github.com/opencontainers/runc/commit/bf899fef451956be4abd63de6d6141d9f9096a02 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=51 --- docker.spec | 35 +++++++--- ...urnald_to_fix_dynbinary_build_on_arm.patch | 53 --------------- ...nald_to_fix_dynbinary_build_on_arm64.patch | 53 --------------- ...ld_to_fix_dynbinary_build_on_powerpc.patch | 53 --------------- fix-ppc64le.patch | 20 ++++++ fix_bnc_958255.patch | 13 ++++ fix_cgroup.parent_path_sanitisation.patch | 67 +++++++++++++++++++ gcc-go-build-static-libgo.patch | 10 --- gcc-go-patches.patch | 33 +++++++++ use_fs_cgroups_by_default.patch | 51 ++++++++++++++ 10 files changed, 210 insertions(+), 178 deletions(-) delete mode 100644 docker_remove_journald_to_fix_dynbinary_build_on_arm.patch delete mode 100644 docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch delete mode 100644 docker_remove_journald_to_fix_dynbinary_build_on_powerpc.patch create mode 100644 fix-ppc64le.patch create mode 100644 fix_bnc_958255.patch create mode 100644 fix_cgroup.parent_path_sanitisation.patch delete mode 100644 gcc-go-build-static-libgo.patch create mode 100644 gcc-go-patches.patch create mode 100644 use_fs_cgroups_by_default.patch diff --git a/docker.spec b/docker.spec index a3ba49b..4535a7d 100644 --- a/docker.spec +++ b/docker.spec @@ -1,7 +1,7 @@ # # spec file for package docker # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -44,17 +44,21 @@ Source100: sysconfig.docker.ppc64le Patch0: fix-docker-init.patch # PATCH-FIX-OPENSUSE libcontainer-apparmor-fixes.patch -- mount rules aren't supported in our apparmor Patch1: libcontainer-apparmor-fixes.patch +# fix regexp in apparmor default profile. This is already fixed upstream so in version > 1.9.1 it should be already fixed +Patch2: fix_bnc_958255.patch +# fix default cgroups. This is fixed upstream, too. +Patch3: use_fs_cgroups_by_default.patch +# fix an issue with cgroups. This is fixed upstream, too. +Patch4: fix_cgroup.parent_path_sanitisation.patch # Required to overcome some limitations of gcc-go: https://groups.google.com/forum/#!msg/golang-nuts/SlGCPYkjxo4/4DjcjXRCqAkJ # Right now docker passes the sha1sum of the dockerinit binary to the docker binary at build time # We cannot do that, right now a quick and really dirty way to get it running is # to simply disable this check Patch100: ignore-dockerinit-checksum.patch -Patch101: gcc-go-build-static-libgo.patch +Patch101: gcc-go-patches.patch Patch102: add_bolt_ppc64.patch -Patch103: docker_remove_journald_to_fix_dynbinary_build_on_arm.patch -Patch104: docker_remove_journald_to_fix_dynbinary_build_on_powerpc.patch Patch105: add_bolt_arm64.patch -Patch106: docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch +Patch108: fix-ppc64le.patch BuildRequires: audit BuildRequires: bash-completion BuildRequires: device-mapper-devel >= 1.2.68 @@ -140,6 +144,8 @@ Requires: procps Requires: sqlite3-devel BuildArch: noarch +%global __requires_exclude ^libgo.so.*$ + %description test Test package for docker. It contains the source code and the tests. @@ -147,14 +153,15 @@ Test package for docker. It contains the source code and the tests. %setup -q -n docker-%{version} %patch0 -p1 %patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 %ifnarch %go_arches %patch100 -p1 %patch101 -p0 %patch102 -p1 -%patch103 -p1 -%patch104 -p1 %patch105 -p1 -%patch106 -p1 +%patch108 -p1 %endif cp %{SOURCE7} . @@ -174,10 +181,14 @@ export DOCKER_GITCOMMIT=%{git_version} EOF ) > docker_build_env . ./docker_build_env -./hack/make.sh dynbinary + %ifarch %go_arches +./hack/make.sh dynbinary man/md2man-all.sh +%else +./hack/make.sh dyngccgo %endif + # remove other than systemd # otherwise the resulting package will have extra requires rm -rf hack/make/.build-deb @@ -185,7 +196,13 @@ rm -rf hack/make/.build-deb %install install -d %{buildroot}%{go_contribdir} install -d %{buildroot}%{_bindir} +%ifarch %go_arches install -D -m755 bundles/%{version}/dynbinary/%{name}-%{version} %{buildroot}/%{_bindir}/%{name} +install -D -m755 bundles/%{version}/dynbinary/dockerinit-%{version} %{buildroot}/%{_prefix}/lib/docker/dockerinit +%else +install -D -m755 bundles/%{version}/dyngccgo/%{name}-%{version} %{buildroot}/%{_bindir}/%{name} +install -D -m755 bundles/%{version}/dyngccgo/dockerinit-%{version} %{buildroot}/%{_prefix}/lib/docker/dockerinit +%endif install -d %{buildroot}/%{_prefix}/lib/docker install -D -m755 bundles/%{version}/dynbinary/dockerinit-%{version} %{buildroot}/%{_prefix}/lib/docker/dockerinit install -Dd -m 0755 \ diff --git a/docker_remove_journald_to_fix_dynbinary_build_on_arm.patch b/docker_remove_journald_to_fix_dynbinary_build_on_arm.patch deleted file mode 100644 index 94b4950..0000000 --- a/docker_remove_journald_to_fix_dynbinary_build_on_arm.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 6f6f10a75f8b447637e8a89d685452871899e9c0 Mon Sep 17 00:00:00 2001 -From: Stefan Scherer -Date: Thu, 19 Nov 2015 17:09:20 +0100 -Subject: [PATCH] prevent journald from being built on ARM - -Signed-off-by: Govinda Fichtner - ---- - daemon/logger/journald/journald.go | 2 +- - daemon/logger/journald/journald_unsupported.go | 2 +- - daemon/logger/journald/read.go | 2 +- - daemon/logger/journald/read_unsupported.go | 2 +- - 4 files changed, 4 insertions(+), 4 deletions(-) - -Index: docker-1.9.1/daemon/logger/journald/journald.go -=================================================================== ---- docker-1.9.1.orig/daemon/logger/journald/journald.go -+++ docker-1.9.1/daemon/logger/journald/journald.go -@@ -1,4 +1,4 @@ --// +build linux -+// +build linux,!arm - - // Package journald provides the log driver for forwarding server logs - // to endpoints that receive the systemd format. -Index: docker-1.9.1/daemon/logger/journald/journald_unsupported.go -=================================================================== ---- docker-1.9.1.orig/daemon/logger/journald/journald_unsupported.go -+++ docker-1.9.1/daemon/logger/journald/journald_unsupported.go -@@ -1,3 +1,3 @@ --// +build !linux -+// +build !linux linux,arm - - package journald -Index: docker-1.9.1/daemon/logger/journald/read.go -=================================================================== ---- docker-1.9.1.orig/daemon/logger/journald/read.go -+++ docker-1.9.1/daemon/logger/journald/read.go -@@ -1,4 +1,4 @@ --// +build linux,cgo,!static_build,journald -+// +build linux,cgo,!static_build,journald,!arm - - package journald - -Index: docker-1.9.1/daemon/logger/journald/read_unsupported.go -=================================================================== ---- docker-1.9.1.orig/daemon/logger/journald/read_unsupported.go -+++ docker-1.9.1/daemon/logger/journald/read_unsupported.go -@@ -1,4 +1,4 @@ --// +build !linux !cgo static_build !journald -+// +build !linux !cgo static_build !journald linux,arm - - package journald - diff --git a/docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch b/docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch deleted file mode 100644 index 729b7d3..0000000 --- a/docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch +++ /dev/null @@ -1,53 +0,0 @@ -From: Michel Normand -Subject: docker remove journald to fix dynbinary build on arm64 -Date: Fri, 04 Dec 2015 17:07:12 +0100 - -docker remove journald to fix dynbinary build on arm64 - -Signed-off-by: Michel Normand ---- - daemon/logger/journald/journald.go | 2 +- - daemon/logger/journald/journald_unsupported.go | 2 +- - daemon/logger/journald/read.go | 2 +- - daemon/logger/journald/read_unsupported.go | 2 +- - 4 files changed, 4 insertions(+), 4 deletions(-) - -Index: docker-1.9.1/daemon/logger/journald/journald.go -=================================================================== ---- docker-1.9.1.orig/daemon/logger/journald/journald.go -+++ docker-1.9.1/daemon/logger/journald/journald.go -@@ -1,4 +1,4 @@ --// +build linux,!arm linux,!ppc64 linux,!ppc64le -+// +build linux,!arm linux,!arm64 linux,!ppc64 linux,!ppc64le - - // Package journald provides the log driver for forwarding server logs - // to endpoints that receive the systemd format. -Index: docker-1.9.1/daemon/logger/journald/journald_unsupported.go -=================================================================== ---- docker-1.9.1.orig/daemon/logger/journald/journald_unsupported.go -+++ docker-1.9.1/daemon/logger/journald/journald_unsupported.go -@@ -1,3 +1,3 @@ --// +build !linux linux,arm linux,ppc64 linux,ppc64le -+// +build !linux linux,arm linux,arm64 linux,ppc64 linux,ppc64le - - package journald -Index: docker-1.9.1/daemon/logger/journald/read.go -=================================================================== ---- docker-1.9.1.orig/daemon/logger/journald/read.go -+++ docker-1.9.1/daemon/logger/journald/read.go -@@ -1,4 +1,4 @@ --// +build linux,cgo,!static_build,journald,!arm,!ppc64,!ppc64le -+// +build linux,cgo,!static_build,journald,!arm,!arm64,!ppc64,!ppc64le - - package journald - -Index: docker-1.9.1/daemon/logger/journald/read_unsupported.go -=================================================================== ---- docker-1.9.1.orig/daemon/logger/journald/read_unsupported.go -+++ docker-1.9.1/daemon/logger/journald/read_unsupported.go -@@ -1,4 +1,4 @@ --// +build !linux !cgo static_build !journald linux,arm linux,ppc64 linux,ppc64le -+// +build !linux !cgo static_build !journald linux,arm linux,arm64 linux,ppc64 linux,ppc64le - - package journald - diff --git a/docker_remove_journald_to_fix_dynbinary_build_on_powerpc.patch b/docker_remove_journald_to_fix_dynbinary_build_on_powerpc.patch deleted file mode 100644 index ec2fb22..0000000 --- a/docker_remove_journald_to_fix_dynbinary_build_on_powerpc.patch +++ /dev/null @@ -1,53 +0,0 @@ -From: Michel Normand -Subject: docker remove journald to fix dynbinary build on powerpc -Date: Fri, 04 Dec 2015 14:45:43 +0100 - -docker remove journald to fix dynbinary build on powerpc - -Signed-off-by: Michel Normand ---- - daemon/logger/journald/journald.go | 2 +- - daemon/logger/journald/journald_unsupported.go | 2 +- - daemon/logger/journald/read.go | 2 +- - daemon/logger/journald/read_unsupported.go | 2 +- - 4 files changed, 4 insertions(+), 4 deletions(-) - -Index: docker-1.9.1/daemon/logger/journald/journald.go -=================================================================== ---- docker-1.9.1.orig/daemon/logger/journald/journald.go -+++ docker-1.9.1/daemon/logger/journald/journald.go -@@ -1,4 +1,4 @@ --// +build linux,!arm -+// +build linux,!arm linux,!ppc64 linux,!ppc64le - - // Package journald provides the log driver for forwarding server logs - // to endpoints that receive the systemd format. -Index: docker-1.9.1/daemon/logger/journald/journald_unsupported.go -=================================================================== ---- docker-1.9.1.orig/daemon/logger/journald/journald_unsupported.go -+++ docker-1.9.1/daemon/logger/journald/journald_unsupported.go -@@ -1,3 +1,3 @@ --// +build !linux linux,arm -+// +build !linux linux,arm linux,ppc64 linux,ppc64le - - package journald -Index: docker-1.9.1/daemon/logger/journald/read.go -=================================================================== ---- docker-1.9.1.orig/daemon/logger/journald/read.go -+++ docker-1.9.1/daemon/logger/journald/read.go -@@ -1,4 +1,4 @@ --// +build linux,cgo,!static_build,journald,!arm -+// +build linux,cgo,!static_build,journald,!arm,!ppc64,!ppc64le - - package journald - -Index: docker-1.9.1/daemon/logger/journald/read_unsupported.go -=================================================================== ---- docker-1.9.1.orig/daemon/logger/journald/read_unsupported.go -+++ docker-1.9.1/daemon/logger/journald/read_unsupported.go -@@ -1,4 +1,4 @@ --// +build !linux !cgo static_build !journald linux,arm -+// +build !linux !cgo static_build !journald linux,arm linux,ppc64 linux,ppc64le - - package journald - diff --git a/fix-ppc64le.patch b/fix-ppc64le.patch new file mode 100644 index 0000000..a4c7a40 --- /dev/null +++ b/fix-ppc64le.patch @@ -0,0 +1,20 @@ +Index: docker-1.9.1/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go +=================================================================== +--- docker-1.9.1.orig/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go ++++ docker-1.9.1/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go +@@ -1,4 +1,4 @@ +-// +build arm ppc64 ppc64le ++// +build arm ppc64,!ppc64le + + package bridge + +Index: docker-1.9.1/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_notarm.go +=================================================================== +--- docker-1.9.1.orig/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_notarm.go ++++ docker-1.9.1/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_notarm.go +@@ -1,4 +1,4 @@ +-// +build !arm,!ppc64,!ppc64le ++// +build !arm,!ppc64 ppc64le + + package bridge + diff --git a/fix_bnc_958255.patch b/fix_bnc_958255.patch new file mode 100644 index 0000000..aa436c1 --- /dev/null +++ b/fix_bnc_958255.patch @@ -0,0 +1,13 @@ +diff --git a/daemon/execdriver/native/apparmor.go b/daemon/execdriver/native/apparmor.go +index 3aaba98..06babd3 100644 +--- a/daemon/execdriver/native/apparmor.go ++++ b/daemon/execdriver/native/apparmor.go +@@ -40,7 +40,7 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) { + file, + umount, + +- deny @{PROC}/{*,**^[0-9*],sys/kernel/shm*} wkx, ++ deny @{PROC}/{*,**^[0-9]*,sys/kernel/shm*} wkx, + deny @{PROC}/sysrq-trigger rwklx, + deny @{PROC}/mem rwklx, + deny @{PROC}/kmem rwklx, diff --git a/fix_cgroup.parent_path_sanitisation.patch b/fix_cgroup.parent_path_sanitisation.patch new file mode 100644 index 0000000..c1e6500 --- /dev/null +++ b/fix_cgroup.parent_path_sanitisation.patch @@ -0,0 +1,67 @@ +diff --git a/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/apply_raw.go b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/apply_raw.go +index a0a93a4..da31d06 100644 +--- a/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/apply_raw.go ++++ b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/apply_raw.go +@@ -216,12 +216,39 @@ func (m *Manager) GetPids() ([]int, error) { + return cgroups.GetPids(dir) + } + ++// pathClean makes a path safe for use with filepath.Join. This is done by not ++// only cleaning the path, but also (if the path is relative) adding a leading ++// '/' and cleaning it (then removing the leading '/'). This ensures that a ++// path resulting from prepending another path will always resolve to lexically ++// be a subdirectory of the prefixed path. This is all done lexically, so paths ++// that include symlinks won't be safe as a result of using pathClean. ++func pathClean(path string) string { ++ // Ensure that all paths are cleaned (especially problematic ones like ++ // "/../../../../../" which can cause lots of issues). ++ path = filepath.Clean(path) ++ ++ // If the path isn't absolute, we need to do more processing to fix paths ++ // such as "../../../..//some/path". We also shouldn't convert absolute ++ // paths to relative ones. ++ if !filepath.IsAbs(path) { ++ path = filepath.Clean(string(os.PathSeparator) + path) ++ // This can't fail, as (by definition) all paths are relative to root. ++ path, _ = filepath.Rel(string(os.PathSeparator), path) ++ } ++ ++ // Clean the path again for good measure. ++ return filepath.Clean(path) ++} ++ + func getCgroupData(c *configs.Cgroup, pid int) (*data, error) { + root, err := getCgroupRoot() + if err != nil { + return nil, err + } + ++ // Clean the parent slice path. ++ c.Parent = pathClean(c.Parent) ++ + cgroup := c.Name + if c.Parent != "" { + cgroup = filepath.Join(c.Parent, cgroup) +diff --git a/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/cpuset.go b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/cpuset.go +index f3ec2c3..0b13115 100644 +--- a/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/cpuset.go ++++ b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/cpuset.go +@@ -4,6 +4,7 @@ package fs + + import ( + "bytes" ++ "fmt" + "io/ioutil" + "os" + "path/filepath" +@@ -92,6 +93,10 @@ func (s *CpusetGroup) ensureParent(current, root string) error { + if filepath.Clean(parent) == root { + return nil + } ++ // Avoid infinite recursion. ++ if parent == current { ++ return fmt.Errorf("cpuset: cgroup parent path outside cgroup root") ++ } + if err := s.ensureParent(parent, root); err != nil { + return err + } diff --git a/gcc-go-build-static-libgo.patch b/gcc-go-build-static-libgo.patch deleted file mode 100644 index e4096fd..0000000 --- a/gcc-go-build-static-libgo.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- hack/make/binary -+++ hack/make/binary -@@ -9,6 +9,7 @@ - - echo "Building: $DEST/$BINARY_FULLNAME" - go build \ -+ -gccgoflags="-static-libgo" \ - -o "$DEST/$BINARY_FULLNAME" \ - "${BUILDFLAGS[@]}" \ - -ldflags " diff --git a/gcc-go-patches.patch b/gcc-go-patches.patch new file mode 100644 index 0000000..67dbcd8 --- /dev/null +++ b/gcc-go-patches.patch @@ -0,0 +1,33 @@ +Index: hack/make/.dockerinit-gccgo +=================================================================== +--- hack/make/.dockerinit-gccgo.orig ++++ hack/make/.dockerinit-gccgo +@@ -1,5 +1,5 @@ + #!/bin/bash +-set -e ++set -ex + + IAMSTATIC="true" + source "${MAKEDIR}/.go-autogen" +Index: hack/make/gccgo +=================================================================== +--- hack/make/gccgo.orig ++++ hack/make/gccgo +@@ -1,5 +1,5 @@ + #!/bin/bash +-set -e ++set -ex + + BINARY_NAME="docker-$VERSION" + BINARY_EXTENSION="$(binary_extension)" +@@ -17,6 +17,8 @@ go build -compiler=gccgo \ + -g ++ -Wl,--add-needed -Wl,--no-as-needed + $EXTLDFLAGS_STATIC ++ -static-libgo + -Wl,--no-export-dynamic +- -ldl ++ -ldl -lselinux -lsystemd + " \ + ./docker + diff --git a/use_fs_cgroups_by_default.patch b/use_fs_cgroups_by_default.patch new file mode 100644 index 0000000..f699da2 --- /dev/null +++ b/use_fs_cgroups_by_default.patch @@ -0,0 +1,51 @@ +From 419fd7449fe1a984f582731fcd4d9455000846b0 Mon Sep 17 00:00:00 2001 +From: Alexander Morozov +Date: Wed, 4 Nov 2015 13:51:46 -0800 +Subject: [PATCH] Use fs cgroups by default + +Our implementation of systemd cgroups is mixture of systemd api and +plain filesystem api. It's hard to keep it up to date with systemd and +it already contains some nasty bugs with new versions. Ideally it should +be replaced with some daemon flag which will allow to set parent systemd +slice. + +Signed-off-by: Alexander Morozov +--- + daemon/execdriver/native/driver.go | 3 --- + docs/reference/commandline/daemon.md | 8 ++++---- + 2 files changed, 4 insertions(+), 7 deletions(-) + +diff --git a/daemon/execdriver/native/driver.go b/daemon/execdriver/native/driver.go +index 09171c5..0b6cec3 100644 +--- a/daemon/execdriver/native/driver.go ++++ b/daemon/execdriver/native/driver.go +@@ -74,9 +74,6 @@ func NewDriver(root, initPath string, options []string) (*Driver, error) { + // this makes sure there are no breaking changes to people + // who upgrade from versions without native.cgroupdriver opt + cgm := libcontainer.Cgroupfs +- if systemd.UseSystemd() { +- cgm = libcontainer.SystemdCgroups +- } + + // parse the options + for _, option := range options { +diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md +index 91fd3c6..0721538 100644 +--- a/docs/reference/commandline/daemon.md ++++ b/docs/reference/commandline/daemon.md +@@ -452,11 +452,11 @@ single `native.cgroupdriver` option is available. + + The `native.cgroupdriver` option specifies the management of the container's + cgroups. You can specify `cgroupfs` or `systemd`. If you specify `systemd` and +-it is not available, the system uses `cgroupfs`. By default, if no option is +-specified, the execdriver first tries `systemd` and falls back to `cgroupfs`. +-This example sets the execdriver to `cgroupfs`: ++it is not available, the system uses `cgroupfs`. If you omit the ++`native.cgroupdriver` option,` cgroupfs` is used. ++This example sets the `cgroupdriver` to `systemd`: + +- $ sudo docker daemon --exec-opt native.cgroupdriver=cgroupfs ++ $ sudo docker daemon --exec-opt native.cgroupdriver=systemd + + Setting this option applies to all containers the daemon launches. + From c7d85d6fc8d10b5d7a836bfd6653dd7059280f47e163f755eaea0ae03902ab3c Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Date: Thu, 21 Jan 2016 15:14:37 +0000 Subject: [PATCH 02/37] add fix for gcc5 socket issue OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=52 --- docker.spec | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docker.spec b/docker.spec index 4535a7d..d14e9d0 100644 --- a/docker.spec +++ b/docker.spec @@ -54,6 +54,8 @@ Patch4: fix_cgroup.parent_path_sanitisation.patch # Right now docker passes the sha1sum of the dockerinit binary to the docker binary at build time # We cannot do that, right now a quick and really dirty way to get it running is # to simply disable this check +# Required to overcome some limitations of gcc-go: https://groups.google.com/forum/# !msg/golang-nuts/SlGCPYkjxo4/4DjcjXRCqAkJ +Patch5: gcc5_socket_workaround.patch Patch100: ignore-dockerinit-checksum.patch Patch101: gcc-go-patches.patch Patch102: add_bolt_ppc64.patch @@ -156,6 +158,7 @@ Test package for docker. It contains the source code and the tests. %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 %ifnarch %go_arches %patch100 -p1 %patch101 -p0 From a421f515c9d7cbecf6a3ddb6b5b015011f002c7b3d9580efadd668fb61f1c12d Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Date: Thu, 21 Jan 2016 15:15:06 +0000 Subject: [PATCH 03/37] add the patch for the previous fix that I forgot OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=53 --- gcc5_socket_workaround.patch | 46 ++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 gcc5_socket_workaround.patch diff --git a/gcc5_socket_workaround.patch b/gcc5_socket_workaround.patch new file mode 100644 index 0000000..ac23d8e --- /dev/null +++ b/gcc5_socket_workaround.patch @@ -0,0 +1,46 @@ +diff --git a/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux.go b/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux.go +index 007ccb2..65f638f 100644 +--- a/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux.go ++++ b/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux.go +@@ -22,7 +22,7 @@ type ifreqIndex struct { + + type ifreqHwaddr struct { + IfrnName [ifNameSize]byte +- IfruHwaddr syscall.RawSockaddr ++ IfruHwaddr patchedRawSockAddr + } + + var rnd = rand.New(rand.NewSource(time.Now().UnixNano())) +diff --git a/vendor/src/github.com/docker/libnetwork/drivers/bridge/patched_socket_ppc64xe_type.go b/vendor/src/github.com/docker/libnetwork/drivers/bridge/patched_socket_ppc64xe_type.go +new file mode 100644 +index 0000000..118f7bf +--- /dev/null ++++ b/vendor/src/github.com/docker/libnetwork/drivers/bridge/patched_socket_ppc64xe_type.go +@@ -0,0 +1,11 @@ ++// Copyright (c) 2015 SUSE LLC. All rights reserved. ++ ++// +build linux ++// +build ppc64 ppc64le ++ ++package bridge ++ ++type patchedRawSockAddr struct { ++ Family uint16 ++ Data [14]uint8 ++} +diff --git a/vendor/src/github.com/docker/libnetwork/drivers/bridge/patched_socket_type.go b/vendor/src/github.com/docker/libnetwork/drivers/bridge/patched_socket_type.go +new file mode 100644 +index 0000000..cdba329 +--- /dev/null ++++ b/vendor/src/github.com/docker/libnetwork/drivers/bridge/patched_socket_type.go +@@ -0,0 +1,10 @@ ++// Copyright (c) 2015 SUSE LLC. All rights reserved. ++ ++// +build linux,!ppc64,!ppc64le ++ ++package bridge ++ ++type patchedRawSockAddr struct { ++ Family uint16 ++ Data [14]int8 ++} From fc77975fbd5c3863b34a4fce4d2d394f6033fce654579329ade8b125ddb0e1f5 Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Date: Thu, 21 Jan 2016 16:53:25 +0000 Subject: [PATCH 04/37] - gcc5-go in Tumbleweed includes this commit https://github.com/golang/gofrontend/commit/a850225433a66a58613c22185c3b09626f5545eb Which "fixes" the data type for RawSockaddr.Data However, docker now expects the "wrong" data type, since docker had a workaround for that issue. Thus, we need to workaround the workaroundn in tumbleweed - There was an error in one of the file list OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=54 --- docker.changes | 14 ++++++++++++++ docker.spec | 10 +++++++++- gcc5_socket_workaround.patch | 2 +- 3 files changed, 24 insertions(+), 2 deletions(-) diff --git a/docker.changes b/docker.changes index 5fe194c..20bc487 100644 --- a/docker.changes +++ b/docker.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Thu Jan 21 16:52:41 UTC 2016 - jmassaguerpla@suse.com + +- gcc5-go in Tumbleweed includes this commit + https://github.com/golang/gofrontend/commit/a850225433a66a58613c22185c3b09626f5545eb + Which "fixes" the data type for RawSockaddr.Data + However, docker now expects the "wrong" data type, since docker had a workaround + for that issue. + Thus, we need to workaround the workaroundn in tumbleweed + +- There was an error in one of the file list + + +------------------------------------------------------------------- Wed Dec 23 10:47:04 UTC 2015 - fcastelli@suse.com - Add rules for auditd. This is required to fix bnc#959405 diff --git a/docker.spec b/docker.spec index d14e9d0..11c6458 100644 --- a/docker.spec +++ b/docker.spec @@ -158,7 +158,16 @@ Test package for docker. It contains the source code and the tests. %patch2 -p1 %patch3 -p1 %patch4 -p1 +# 1330 is Tumbleweed after leap has been released +# gcc5-go in Tumbleweed includes this commit +# https://github.com/golang/gofrontend/commit/a850225433a66a58613c22185c3b09626f5545eb +# Which "fixes" the data type for RawSockaddr.Data +# However, docker now expects the "wrong" data type, since docker had a workaround +# for that issue. +# Thus, we need to workaround the workaroundn in tumbleweed +%if 0%{suse_version} >= 1330 && 0%{is_opensuse} == 1 %patch5 -p1 +%endif %ifnarch %go_arches %patch100 -p1 %patch101 -p0 @@ -207,7 +216,6 @@ install -D -m755 bundles/%{version}/dyngccgo/%{name}-%{version} %{buildroot}/%{_ install -D -m755 bundles/%{version}/dyngccgo/dockerinit-%{version} %{buildroot}/%{_prefix}/lib/docker/dockerinit %endif install -d %{buildroot}/%{_prefix}/lib/docker -install -D -m755 bundles/%{version}/dynbinary/dockerinit-%{version} %{buildroot}/%{_prefix}/lib/docker/dockerinit install -Dd -m 0755 \ %{buildroot}%{_sysconfdir}/init.d \ %{buildroot}%{_sbindir} diff --git a/gcc5_socket_workaround.patch b/gcc5_socket_workaround.patch index ac23d8e..1f5b9d3 100644 --- a/gcc5_socket_workaround.patch +++ b/gcc5_socket_workaround.patch @@ -26,7 +26,7 @@ index 0000000..118f7bf + +type patchedRawSockAddr struct { + Family uint16 -+ Data [14]uint8 ++ Data [14]int8 +} diff --git a/vendor/src/github.com/docker/libnetwork/drivers/bridge/patched_socket_type.go b/vendor/src/github.com/docker/libnetwork/drivers/bridge/patched_socket_type.go new file mode 100644 From 019cc56ccf49d9cb4d713bbfed1ea4056d685f1e4388378e8c374f681939903d Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Date: Thu, 21 Jan 2016 17:21:02 +0000 Subject: [PATCH 05/37] fix the if expression in the spec file OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=55 --- docker.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker.spec b/docker.spec index 11c6458..c9df9f8 100644 --- a/docker.spec +++ b/docker.spec @@ -165,8 +165,8 @@ Test package for docker. It contains the source code and the tests. # However, docker now expects the "wrong" data type, since docker had a workaround # for that issue. # Thus, we need to workaround the workaroundn in tumbleweed -%if 0%{suse_version} >= 1330 && 0%{is_opensuse} == 1 -%patch5 -p1 +%if 0%{?suse_version} >= 1330 && 0%{?is_opensuse} == 1 + %patch5 -p1 %endif %ifnarch %go_arches %patch100 -p1 From cbbbf2fd6fac941acdda2cb79a343f4a4f4d45302e94d429e1177a7d0c360e46 Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Date: Thu, 21 Jan 2016 17:25:44 +0000 Subject: [PATCH 06/37] fix spec file. There was an extra space OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=56 --- docker.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker.spec b/docker.spec index c9df9f8..dba3a65 100644 --- a/docker.spec +++ b/docker.spec @@ -166,7 +166,7 @@ Test package for docker. It contains the source code and the tests. # for that issue. # Thus, we need to workaround the workaroundn in tumbleweed %if 0%{?suse_version} >= 1330 && 0%{?is_opensuse} == 1 - %patch5 -p1 +%patch5 -p1 %endif %ifnarch %go_arches %patch100 -p1 From 9dce1f84b959c8a0d27ca318493283ed45ac3d9782182f46822846907807eeaf Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Thu, 28 Jan 2016 08:07:07 +0000 Subject: [PATCH 07/37] Accepting request 356411 from home:cyphar:branches:Virtualization:containers This adds a fix for the (quite specific) JSON bug which completely breaks container starts. OBS-URL: https://build.opensuse.org/request/show/356411 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=57 --- docker.changes | 7 ++ docker.spec | 7 +- fix_json_econnreset_bug.patch | 136 ++++++++++++++++++++++++++++++++++ 3 files changed, 148 insertions(+), 2 deletions(-) create mode 100644 fix_json_econnreset_bug.patch diff --git a/docker.changes b/docker.changes index 20bc487..8766a73 100644 --- a/docker.changes +++ b/docker.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed Jan 27 23:40:09 UTC 2016 - asarai@suse.com + +- backport 1 bugfix from the upstream 1.10 branch + Added: + fix_json_econnreset_bug.patch (https://github.com/docker/docker/issues/14203) + ------------------------------------------------------------------- Thu Jan 21 16:52:41 UTC 2016 - jmassaguerpla@suse.com diff --git a/docker.spec b/docker.spec index dba3a65..99d73c2 100644 --- a/docker.spec +++ b/docker.spec @@ -50,12 +50,14 @@ Patch2: fix_bnc_958255.patch Patch3: use_fs_cgroups_by_default.patch # fix an issue with cgroups. This is fixed upstream, too. Patch4: fix_cgroup.parent_path_sanitisation.patch +# fix an issue with JSON and containers not starting. This is fixed upstream, too. +Patch5: fix_json_econnreset_bug.patch # Required to overcome some limitations of gcc-go: https://groups.google.com/forum/#!msg/golang-nuts/SlGCPYkjxo4/4DjcjXRCqAkJ # Right now docker passes the sha1sum of the dockerinit binary to the docker binary at build time # We cannot do that, right now a quick and really dirty way to get it running is # to simply disable this check # Required to overcome some limitations of gcc-go: https://groups.google.com/forum/# !msg/golang-nuts/SlGCPYkjxo4/4DjcjXRCqAkJ -Patch5: gcc5_socket_workaround.patch +Patch6: gcc5_socket_workaround.patch Patch100: ignore-dockerinit-checksum.patch Patch101: gcc-go-patches.patch Patch102: add_bolt_ppc64.patch @@ -158,6 +160,7 @@ Test package for docker. It contains the source code and the tests. %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 # 1330 is Tumbleweed after leap has been released # gcc5-go in Tumbleweed includes this commit # https://github.com/golang/gofrontend/commit/a850225433a66a58613c22185c3b09626f5545eb @@ -166,7 +169,7 @@ Test package for docker. It contains the source code and the tests. # for that issue. # Thus, we need to workaround the workaroundn in tumbleweed %if 0%{?suse_version} >= 1330 && 0%{?is_opensuse} == 1 -%patch5 -p1 +%patch6 -p1 %endif %ifnarch %go_arches %patch100 -p1 diff --git a/fix_json_econnreset_bug.patch b/fix_json_econnreset_bug.patch new file mode 100644 index 0000000..a54fc11 --- /dev/null +++ b/fix_json_econnreset_bug.patch @@ -0,0 +1,136 @@ +commit 7b5896702bd2951541af27925620172edb5d3505 +Author: Michael Crosby +Date: Tue Jan 26 15:00:07 2016 -0800 + + Update libcontainer to 3d8a20bb772defc28c355534d83 + + Fixes #14203 + + This bump fixes the issue of having the container's pipes connection + reset by peer because of using the json.Encoder and having a \n added to + the output. + + Signed-off-by: Michael Crosby + +Index: docker-1.9.1/hack/vendor.sh +=================================================================== +--- docker-1.9.1.orig/hack/vendor.sh ++++ docker-1.9.1/hack/vendor.sh +@@ -48,7 +48,7 @@ clone git github.com/agl/ed25519 d2b94fd + + # this runc commit from branch relabel_fix_docker_1.9.1, pls remove it when you + # update next time +-clone git github.com/opencontainers/runc 1349b37bd56f4f5ce2690b5b2c0f53f88a261c67 # libcontainer ++clone git github.com/opencontainers/runc 3d8a20bb772defc28c355534d83486416d1719b4 # libcontainer + # libcontainer deps (see src/github.com/opencontainers/runc/Godeps/Godeps.json) + clone git github.com/coreos/go-systemd v3 + clone git github.com/godbus/dbus v2 +Index: docker-1.9.1/vendor/src/github.com/opencontainers/runc/libcontainer/container_linux.go +=================================================================== +--- docker-1.9.1.orig/vendor/src/github.com/opencontainers/runc/libcontainer/container_linux.go ++++ docker-1.9.1/vendor/src/github.com/opencontainers/runc/libcontainer/container_linux.go +@@ -18,6 +18,7 @@ import ( + "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/runc/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/criurpc" ++ "github.com/opencontainers/runc/libcontainer/utils" + ) + + const stdioFdCount = 3 +@@ -863,7 +864,7 @@ func (c *linuxContainer) updateState(pro + } + defer f.Close() + os.Remove(filepath.Join(c.root, "checkpoint")) +- return json.NewEncoder(f).Encode(state) ++ return utils.WriteJSON(f, state) + } + + func (c *linuxContainer) currentStatus() (Status, error) { +Index: docker-1.9.1/vendor/src/github.com/opencontainers/runc/libcontainer/factory_linux.go +=================================================================== +--- docker-1.9.1.orig/vendor/src/github.com/opencontainers/runc/libcontainer/factory_linux.go ++++ docker-1.9.1/vendor/src/github.com/opencontainers/runc/libcontainer/factory_linux.go +@@ -5,7 +5,6 @@ package libcontainer + import ( + "encoding/json" + "fmt" +- "io/ioutil" + "os" + "os/exec" + "path/filepath" +@@ -19,6 +18,7 @@ import ( + "github.com/opencontainers/runc/libcontainer/cgroups/systemd" + "github.com/opencontainers/runc/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/configs/validate" ++ "github.com/opencontainers/runc/libcontainer/utils" + ) + + const ( +@@ -225,10 +225,7 @@ func (l *LinuxFactory) StartInitializati + // if we have an error during the initialization of the container's init then send it back to the + // parent process in the form of an initError. + if err != nil { +- // ensure that any data sent from the parent is consumed so it doesn't +- // receive ECONNRESET when the child writes to the pipe. +- ioutil.ReadAll(pipe) +- if err := json.NewEncoder(pipe).Encode(newSystemError(err)); err != nil { ++ if err := utils.WriteJSON(pipe, newSystemError(err)); err != nil { + panic(err) + } + } +Index: docker-1.9.1/vendor/src/github.com/opencontainers/runc/libcontainer/process_linux.go +=================================================================== +--- docker-1.9.1.orig/vendor/src/github.com/opencontainers/runc/libcontainer/process_linux.go ++++ docker-1.9.1/vendor/src/github.com/opencontainers/runc/libcontainer/process_linux.go +@@ -15,6 +15,7 @@ import ( + "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/runc/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/system" ++ "github.com/opencontainers/runc/libcontainer/utils" + ) + + type parentProcess interface { +@@ -71,7 +72,7 @@ func (p *setnsProcess) start() (err erro + return newSystemError(err) + } + } +- if err := json.NewEncoder(p.parentPipe).Encode(p.config); err != nil { ++ if err := utils.WriteJSON(p.parentPipe, p.config); err != nil { + return newSystemError(err) + } + if err := syscall.Shutdown(int(p.parentPipe.Fd()), syscall.SHUT_WR); err != nil { +@@ -262,7 +263,7 @@ func (p *initProcess) startTime() (strin + + func (p *initProcess) sendConfig() error { + // send the state to the container's init process then shutdown writes for the parent +- if err := json.NewEncoder(p.parentPipe).Encode(p.config); err != nil { ++ if err := utils.WriteJSON(p.parentPipe, p.config); err != nil { + return err + } + // shutdown writes for the parent side of the pipe +Index: docker-1.9.1/vendor/src/github.com/opencontainers/runc/libcontainer/utils/utils.go +=================================================================== +--- docker-1.9.1.orig/vendor/src/github.com/opencontainers/runc/libcontainer/utils/utils.go ++++ docker-1.9.1/vendor/src/github.com/opencontainers/runc/libcontainer/utils/utils.go +@@ -3,6 +3,7 @@ package utils + import ( + "crypto/rand" + "encoding/hex" ++ "encoding/json" + "io" + "path/filepath" + "syscall" +@@ -43,3 +44,13 @@ func ExitStatus(status syscall.WaitStatu + } + return status.ExitStatus() + } ++ ++// WriteJSON writes the provided struct v to w using standard json marshaling ++func WriteJSON(w io.Writer, v interface{}) error { ++ data, err := json.Marshal(v) ++ if err != nil { ++ return err ++ } ++ _, err = w.Write(data) ++ return err ++} From 64062d332d26398a0e64a05e62a8b6c3ca684fb5673edb99e49778c529c0fb34 Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Date: Fri, 5 Feb 2016 09:21:26 +0000 Subject: [PATCH 08/37] - Update to 1.10.0 version Add usernamespace support Add support for custom seccomp profiles Improvements in network and volume management detailed changelog in https://github.com/docker/docker/blob/590d5108bbdaabb05af590f76c9757daceb6d02e/CHANGELOG.md OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=58 --- _service | 4 +- add_bolt_arm64.patch | 20 ------- add_bolt_ppc64.patch | 23 -------- docker-1.9.1.tar.xz | 3 - docker.changes | 45 +++++++++------ docker.spec | 47 +++------------- fix-docker-init.patch | 10 ---- fix-ppc64le.patch | 8 +-- fix_bnc_958255.patch | 13 ----- fix_cgroup.parent_path_sanitisation.patch | 67 ----------------------- fix_platform_type_arm.patch | 20 +++++++ gcc-go-patches.patch | 31 ++++------- ignore-dockerinit-checksum.patch | 12 ---- libcontainer-apparmor-fixes.patch | 11 ---- use_fs_cgroups_by_default.patch | 51 ----------------- 15 files changed, 75 insertions(+), 290 deletions(-) delete mode 100644 add_bolt_arm64.patch delete mode 100644 add_bolt_ppc64.patch delete mode 100644 docker-1.9.1.tar.xz delete mode 100644 fix-docker-init.patch delete mode 100644 fix_bnc_958255.patch delete mode 100644 fix_cgroup.parent_path_sanitisation.patch create mode 100644 fix_platform_type_arm.patch delete mode 100644 ignore-dockerinit-checksum.patch delete mode 100644 libcontainer-apparmor-fixes.patch delete mode 100644 use_fs_cgroups_by_default.patch diff --git a/_service b/_service index 6454f97..399611a 100644 --- a/_service +++ b/_service @@ -3,8 +3,8 @@ https://github.com/docker/docker.git git .git - 1.9.1 - v1.9.1 + 1.10.0 + v1.10.0 docker-*.tar diff --git a/add_bolt_arm64.patch b/add_bolt_arm64.patch deleted file mode 100644 index 731efa3..0000000 --- a/add_bolt_arm64.patch +++ /dev/null @@ -1,20 +0,0 @@ -From: Michel Normand -Subject: add bolt arm64 -Date: Fri, 04 Dec 2015 17:07:22 +0100 - -add bolt arm64 - -Signed-off-by: Michel Normand ---- - vendor/src/github.com/boltdb/bolt/bolt_arm64.go | 4 ++++ - 1 file changed, 4 insertions(+) - -Index: docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_arm64.go -=================================================================== ---- /dev/null -+++ docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_arm64.go -@@ -0,0 +1,4 @@ -+package bolt -+ -+// maxMapSize represents the largest mmap size supported by Bolt. -+const maxMapSize = 0xFFFFFFFFFFFF // 256TB diff --git a/add_bolt_ppc64.patch b/add_bolt_ppc64.patch deleted file mode 100644 index 3db9b71..0000000 --- a/add_bolt_ppc64.patch +++ /dev/null @@ -1,23 +0,0 @@ ---- - vendor/src/github.com/boltdb/bolt/bolt_ppc64.go | 4 ++++ - vendor/src/github.com/boltdb/bolt/bolt_ppc64le.go | 4 ++++ - 2 files changed, 8 insertions(+) - -Index: docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_ppc64.go -=================================================================== ---- /dev/null -+++ docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_ppc64.go -@@ -0,0 +1,4 @@ -+package bolt -+ -+// maxMapSize represents the largest mmap size supported by Bolt. -+const maxMapSize = 0xFFFFFFFFFFFF // 256TB -Index: docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_ppc64le.go -=================================================================== ---- /dev/null -+++ docker-1.9.1/vendor/src/github.com/boltdb/bolt/bolt_ppc64le.go -@@ -0,0 +1,4 @@ -+package bolt -+ -+// maxMapSize represents the largest mmap size supported by Bolt. -+const maxMapSize = 0xFFFFFFFFFFFF // 256TB diff --git a/docker-1.9.1.tar.xz b/docker-1.9.1.tar.xz deleted file mode 100644 index acdcd5c..0000000 --- a/docker-1.9.1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:edb9bdbcce529e4170b6ad8a14643b12f176c8d2b1690f182f29bc79e3dde3c0 -size 6283244 diff --git a/docker.changes b/docker.changes index 8766a73..435c4bf 100644 --- a/docker.changes +++ b/docker.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Fri Feb 5 09:14:15 UTC 2016 - jmassaguerpla@suse.com + +- Update to 1.10.0 version + + Add usernamespace support + Add support for custom seccomp profiles + Improvements in network and volume management + +detailed changelog in + +https://github.com/docker/docker/blob/590d5108bbdaabb05af590f76c9757daceb6d02e/CHANGELOG.md + ------------------------------------------------------------------- Wed Jan 27 23:40:09 UTC 2016 - asarai@suse.com @@ -16,8 +29,8 @@ Thu Jan 21 16:52:41 UTC 2016 - jmassaguerpla@suse.com Thus, we need to workaround the workaroundn in tumbleweed - There was an error in one of the file list - - + + ------------------------------------------------------------------- Wed Dec 23 10:47:04 UTC 2015 - fcastelli@suse.com @@ -181,11 +194,11 @@ Thu Sep 10 22:33:01 UTC 2015 - jmassaguerpla@suse.com see detailed changelog in - https://github.com/docker/docker/releases/tag/v1.8.2 + https://github.com/docker/docker/releases/tag/v1.8.2 fix bsc#946653 update do docker 1.8.2 -- devicemapper: fix zero-sized field access +- devicemapper: fix zero-sized field access Fix issue #15279: does not build with Go 1.5 tip Due to golang/go@7904946 the devices field is dropped. @@ -193,7 +206,7 @@ Thu Sep 10 22:33:01 UTC 2015 - jmassaguerpla@suse.com This solution works on go1.4 and go1.5 See more in https://github.com/docker/docker/pull/15404 - + This fix was not included in v1.8.2. See previous link on why. @@ -221,9 +234,9 @@ Thu Aug 13 09:00:25 UTC 2015 - jmassaguerpla@suse.com - Update to docker 1.8.0: see detailed changelog in - https://github.com/docker/docker/releases/tag/v1.8.0 + https://github.com/docker/docker/releases/tag/v1.8.0 -- remove docker-netns-aarch64.patch: This patch was adding +- remove docker-netns-aarch64.patch: This patch was adding vendor/src/github.com/vishvananda/netns/netns_linux_arm64.go which is now included upstream, so we don't need this patch anymore @@ -233,7 +246,7 @@ Fri Jul 24 14:24:16 UTC 2015 - jmassaguerpla@suse.com - Exclude archs where docker does not build. Otherwise it gets into and infinite loop when building. - We'll fix that later if we want to release for those archs. + We'll fix that later if we want to release for those archs. ------------------------------------------------------------------- Wed Jul 15 08:11:11 UTC 2015 - jmassaguerpla@suse.com @@ -262,18 +275,18 @@ Distribution Fix pulling private images Fix fallback between registry V2 and V1 - + ------------------------------------------------------------------- Fri Jul 10 11:22:00 UTC 2015 - jmassaguerpla@suse.com -- Exclude init scripts other than systemd from the test-package +- Exclude init scripts other than systemd from the test-package ------------------------------------------------------------------- Wed Jul 1 12:38:50 UTC 2015 - jmassaguerpla@suse.com - Exclude intel 32 bits arch. Docker does not built on that. Let's - make it explicit. + make it explicit. ------------------------------------------------------------------- Thu Jun 25 16:49:59 UTC 2015 - dmueller@suse.com @@ -325,7 +338,7 @@ Mon Jun 22 08:48:11 UTC 2015 - fcastelli@suse.com ------------------------------------------------------------------- Tue Jun 9 16:35:46 UTC 2015 - jmassaguerpla@suse.com -- Add test subpackage and fix line numbers in patches +- Add test subpackage and fix line numbers in patches ------------------------------------------------------------------- Fri Jun 5 15:29:45 UTC 2015 - fcastelli@suse.com @@ -498,7 +511,7 @@ Fri Dec 12 16:13:30 UTC 2014 - fcastelli@suse.com * Notable Features since 1.3.0: - Set key=value labels to the daemon (displayed in `docker info`), applied with new `-label` daemon flag - - Add support for `ENV` in Dockerfile of the form: + - Add support for `ENV` in Dockerfile of the form: `ENV name=value name2=value2...` - New Overlayfs Storage Driver - `docker info` now returns an `ID` and `Name` field @@ -976,7 +989,7 @@ Wed Feb 19 08:35:27 UTC 2014 - fcastelli@suse.com - Fix broken images API for version less than 1.7 - Use the right encoding for all API endpoints which return JSON - Move remote api client to api/ - - Queue calls to the API using generic socket wait + - Queue calls to the API using generic socket wait * Runtime: - Fix the use of custom settings for bridges and custom bridges - Refactor the devicemapper code to avoid many mount/unmount race @@ -1099,7 +1112,7 @@ Fri Jan 10 10:44:23 UTC 2014 - fcastelli@suse.com * Do not add hostname when networking is disabled * Return most recent image from the cache by date * Return all errors from docker wait - * Add Content-Type Header "application/json" to GET /version and /info responses + * Add Content-Type Header "application/json" to GET /version and /info responses * Other: - Update DCO to version 1.1 - Update Makefile to use "docker:GIT_BRANCH" as the generated image name @@ -1118,7 +1131,7 @@ Fri Jan 10 10:44:23 UTC 2014 - fcastelli@suse.com - Fix for wrong version warning on master instead of latest * Runtime: - Only get the image's rootfs when we need to calculate the image size - - Correctly handle unmapping UDP ports + - Correctly handle unmapping UDP ports - Make CopyFileWithTar use a pipe instead of a buffer to save memory on docker build - Fix login message to say pull instead of push - Fix "docker load" help by removing "SOURCE" prompt and mentioning STDIN diff --git a/docker.spec b/docker.spec index 99d73c2..250ee91 100644 --- a/docker.spec +++ b/docker.spec @@ -16,10 +16,10 @@ # -%define git_version a34a1d5 +%define git_version 590d510 %define go_arches %ix86 x86_64 Name: docker -Version: 1.9.1 +Version: 1.10.0 Release: 0 Summary: The Linux container runtime License: Apache-2.0 @@ -41,34 +41,16 @@ Source7: README_SUSE.md Source8: docker-audit.rules # TODO: remove once we figure out what is wrong with iptables on ppc64le Source100: sysconfig.docker.ppc64le -Patch0: fix-docker-init.patch -# PATCH-FIX-OPENSUSE libcontainer-apparmor-fixes.patch -- mount rules aren't supported in our apparmor -Patch1: libcontainer-apparmor-fixes.patch -# fix regexp in apparmor default profile. This is already fixed upstream so in version > 1.9.1 it should be already fixed -Patch2: fix_bnc_958255.patch -# fix default cgroups. This is fixed upstream, too. -Patch3: use_fs_cgroups_by_default.patch -# fix an issue with cgroups. This is fixed upstream, too. -Patch4: fix_cgroup.parent_path_sanitisation.patch -# fix an issue with JSON and containers not starting. This is fixed upstream, too. -Patch5: fix_json_econnreset_bug.patch -# Required to overcome some limitations of gcc-go: https://groups.google.com/forum/#!msg/golang-nuts/SlGCPYkjxo4/4DjcjXRCqAkJ -# Right now docker passes the sha1sum of the dockerinit binary to the docker binary at build time -# We cannot do that, right now a quick and really dirty way to get it running is -# to simply disable this check -# Required to overcome some limitations of gcc-go: https://groups.google.com/forum/# !msg/golang-nuts/SlGCPYkjxo4/4DjcjXRCqAkJ -Patch6: gcc5_socket_workaround.patch -Patch100: ignore-dockerinit-checksum.patch -Patch101: gcc-go-patches.patch -Patch102: add_bolt_ppc64.patch -Patch105: add_bolt_arm64.patch -Patch108: fix-ppc64le.patch +Patch0: fix_platform_type_arm.patch +Patch1: gcc5_socket_workaround.patch +Patch100: gcc-go-patches.patch +Patch101: fix-ppc64le.patch BuildRequires: audit BuildRequires: bash-completion BuildRequires: device-mapper-devel >= 1.2.68 BuildRequires: glibc-devel-static %ifarch %go_arches -BuildRequires: go >= 1.4 +BuildRequires: go >= 1.5 BuildRequires: go-go-md2man %else BuildRequires: gcc5-go >= 5.0 @@ -156,11 +138,6 @@ Test package for docker. It contains the source code and the tests. %prep %setup -q -n docker-%{version} %patch0 -p1 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 # 1330 is Tumbleweed after leap has been released # gcc5-go in Tumbleweed includes this commit # https://github.com/golang/gofrontend/commit/a850225433a66a58613c22185c3b09626f5545eb @@ -169,14 +146,11 @@ Test package for docker. It contains the source code and the tests. # for that issue. # Thus, we need to workaround the workaroundn in tumbleweed %if 0%{?suse_version} >= 1330 && 0%{?is_opensuse} == 1 -%patch6 -p1 +%patch1 -p1 %endif %ifnarch %go_arches %patch100 -p1 -%patch101 -p0 -%patch102 -p1 -%patch105 -p1 -%patch108 -p1 +%patch101 -p1 %endif cp %{SOURCE7} . @@ -213,10 +187,8 @@ install -d %{buildroot}%{go_contribdir} install -d %{buildroot}%{_bindir} %ifarch %go_arches install -D -m755 bundles/%{version}/dynbinary/%{name}-%{version} %{buildroot}/%{_bindir}/%{name} -install -D -m755 bundles/%{version}/dynbinary/dockerinit-%{version} %{buildroot}/%{_prefix}/lib/docker/dockerinit %else install -D -m755 bundles/%{version}/dyngccgo/%{name}-%{version} %{buildroot}/%{_bindir}/%{name} -install -D -m755 bundles/%{version}/dyngccgo/dockerinit-%{version} %{buildroot}/%{_prefix}/lib/docker/dockerinit %endif install -d %{buildroot}/%{_prefix}/lib/docker install -Dd -m 0755 \ @@ -284,7 +256,6 @@ groupadd -r docker 2>/dev/null || : %{_bindir}/docker %{_sbindir}/rcdocker %{_prefix}/lib/docker/ -%{_prefix}/lib/docker/dockerinit %{_unitdir}/%{name}.service %{_unitdir}/%{name}.socket %config %{_sysconfdir}/audit/rules.d/%{name}.rules diff --git a/fix-docker-init.patch b/fix-docker-init.patch deleted file mode 100644 index d20346b..0000000 --- a/fix-docker-init.patch +++ /dev/null @@ -1,10 +0,0 @@ -diff -Naur a/hack/make/.dockerinit b/hack/make/.dockerinit ---- a/hack/make/.dockerinit 2015-08-11 18:35:27.000000000 +0200 -+++ b/hack/make/.dockerinit 2015-08-12 18:14:25.743452565 +0200 -@@ -29,5 +29,6 @@ - exit 1 - fi - -+/usr/bin/strip -s $DEST/dockerinit-$VERSION - # sha1 our new dockerinit to ensure separate docker and dockerinit always run in a perfect pair compiled for one another - export DOCKER_INITSHA1=$($sha1sum "$DEST/dockerinit-$VERSION" | cut -d' ' -f1) diff --git a/fix-ppc64le.patch b/fix-ppc64le.patch index a4c7a40..fd5afb1 100644 --- a/fix-ppc64le.patch +++ b/fix-ppc64le.patch @@ -1,3 +1,4 @@ + Index: docker-1.9.1/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go =================================================================== --- docker-1.9.1.orig/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go @@ -5,9 +6,9 @@ Index: docker-1.9.1/vendor/src/github.com/docker/libnetwork/drivers/bridge/netli @@ -1,4 +1,4 @@ -// +build arm ppc64 ppc64le +// +build arm ppc64,!ppc64le - + package bridge - + Index: docker-1.9.1/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_notarm.go =================================================================== --- docker-1.9.1.orig/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_notarm.go @@ -15,6 +16,5 @@ Index: docker-1.9.1/vendor/src/github.com/docker/libnetwork/drivers/bridge/netli @@ -1,4 +1,4 @@ -// +build !arm,!ppc64,!ppc64le +// +build !arm,!ppc64 ppc64le - + package bridge - diff --git a/fix_bnc_958255.patch b/fix_bnc_958255.patch deleted file mode 100644 index aa436c1..0000000 --- a/fix_bnc_958255.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/daemon/execdriver/native/apparmor.go b/daemon/execdriver/native/apparmor.go -index 3aaba98..06babd3 100644 ---- a/daemon/execdriver/native/apparmor.go -+++ b/daemon/execdriver/native/apparmor.go -@@ -40,7 +40,7 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) { - file, - umount, - -- deny @{PROC}/{*,**^[0-9*],sys/kernel/shm*} wkx, -+ deny @{PROC}/{*,**^[0-9]*,sys/kernel/shm*} wkx, - deny @{PROC}/sysrq-trigger rwklx, - deny @{PROC}/mem rwklx, - deny @{PROC}/kmem rwklx, diff --git a/fix_cgroup.parent_path_sanitisation.patch b/fix_cgroup.parent_path_sanitisation.patch deleted file mode 100644 index c1e6500..0000000 --- a/fix_cgroup.parent_path_sanitisation.patch +++ /dev/null @@ -1,67 +0,0 @@ -diff --git a/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/apply_raw.go b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/apply_raw.go -index a0a93a4..da31d06 100644 ---- a/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/apply_raw.go -+++ b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/apply_raw.go -@@ -216,12 +216,39 @@ func (m *Manager) GetPids() ([]int, error) { - return cgroups.GetPids(dir) - } - -+// pathClean makes a path safe for use with filepath.Join. This is done by not -+// only cleaning the path, but also (if the path is relative) adding a leading -+// '/' and cleaning it (then removing the leading '/'). This ensures that a -+// path resulting from prepending another path will always resolve to lexically -+// be a subdirectory of the prefixed path. This is all done lexically, so paths -+// that include symlinks won't be safe as a result of using pathClean. -+func pathClean(path string) string { -+ // Ensure that all paths are cleaned (especially problematic ones like -+ // "/../../../../../" which can cause lots of issues). -+ path = filepath.Clean(path) -+ -+ // If the path isn't absolute, we need to do more processing to fix paths -+ // such as "../../../..//some/path". We also shouldn't convert absolute -+ // paths to relative ones. -+ if !filepath.IsAbs(path) { -+ path = filepath.Clean(string(os.PathSeparator) + path) -+ // This can't fail, as (by definition) all paths are relative to root. -+ path, _ = filepath.Rel(string(os.PathSeparator), path) -+ } -+ -+ // Clean the path again for good measure. -+ return filepath.Clean(path) -+} -+ - func getCgroupData(c *configs.Cgroup, pid int) (*data, error) { - root, err := getCgroupRoot() - if err != nil { - return nil, err - } - -+ // Clean the parent slice path. -+ c.Parent = pathClean(c.Parent) -+ - cgroup := c.Name - if c.Parent != "" { - cgroup = filepath.Join(c.Parent, cgroup) -diff --git a/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/cpuset.go b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/cpuset.go -index f3ec2c3..0b13115 100644 ---- a/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/cpuset.go -+++ b/vendor/src/github.com/opencontainers/runc/libcontainer/cgroups/fs/cpuset.go -@@ -4,6 +4,7 @@ package fs - - import ( - "bytes" -+ "fmt" - "io/ioutil" - "os" - "path/filepath" -@@ -92,6 +93,10 @@ func (s *CpusetGroup) ensureParent(current, root string) error { - if filepath.Clean(parent) == root { - return nil - } -+ // Avoid infinite recursion. -+ if parent == current { -+ return fmt.Errorf("cpuset: cgroup parent path outside cgroup root") -+ } - if err := s.ensureParent(parent, root); err != nil { - return err - } diff --git a/fix_platform_type_arm.patch b/fix_platform_type_arm.patch new file mode 100644 index 0000000..90598a3 --- /dev/null +++ b/fix_platform_type_arm.patch @@ -0,0 +1,20 @@ +diff --git a/pkg/platform/utsname_int8.go b/pkg/platform/utsname_int8.go +index 5dcbadf..a022a35 100644 +--- a/pkg/platform/utsname_int8.go ++++ b/pkg/platform/utsname_int8.go +@@ -1,4 +1,4 @@ +-// +build linux,386 linux,amd64 linux,arm64 ++// +build linux,386 linux,amd64 + // see golang's sources src/syscall/ztypes_linux_*.go that use int8 + + package platform +diff --git a/pkg/platform/utsname_uint8.go b/pkg/platform/utsname_uint8.go +index c9875cf..0ee937a 100644 +--- a/pkg/platform/utsname_uint8.go ++++ b/pkg/platform/utsname_uint8.go +@@ -1,4 +1,4 @@ +-// +build linux,arm linux,ppc64 linux,ppc64le s390x ++// +build linux,arm linux,ppc64 linux,ppc64le s390x linux,arm64 linux,aarch64 + // see golang's sources src/syscall/ztypes_linux_*.go that use uint8 + + package platform diff --git a/gcc-go-patches.patch b/gcc-go-patches.patch index 67dbcd8..b063c9e 100644 --- a/gcc-go-patches.patch +++ b/gcc-go-patches.patch @@ -1,33 +1,24 @@ -Index: hack/make/.dockerinit-gccgo -=================================================================== ---- hack/make/.dockerinit-gccgo.orig -+++ hack/make/.dockerinit-gccgo +diff --git a/hack/make/gccgo b/hack/make/gccgo +index 878c814..84b7f69 100644 +--- a/hack/make/gccgo ++++ b/hack/make/gccgo @@ -1,5 +1,5 @@ #!/bin/bash -set -e +set -ex - - IAMSTATIC="true" - source "${MAKEDIR}/.go-autogen" -Index: hack/make/gccgo -=================================================================== ---- hack/make/gccgo.orig -+++ hack/make/gccgo -@@ -1,5 +1,5 @@ - #!/bin/bash --set -e -+set -ex - + BINARY_NAME="docker-$VERSION" BINARY_EXTENSION="$(binary_extension)" -@@ -17,6 +17,8 @@ go build -compiler=gccgo \ +@@ -16,9 +16,11 @@ go build -compiler=gccgo \ + "${BUILDFLAGS[@]}" \ + -gccgoflags " -g -+ -Wl,--add-needed -Wl,--no-as-needed ++ -Wl,--add-needed -Wl,--no-as-needed $EXTLDFLAGS_STATIC -+ -static-libgo ++ -static-libgo -Wl,--no-export-dynamic - -ldl + -ldl -lselinux -lsystemd + -pthread " \ ./docker - diff --git a/ignore-dockerinit-checksum.patch b/ignore-dockerinit-checksum.patch deleted file mode 100644 index efa3f76..0000000 --- a/ignore-dockerinit-checksum.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -Naur a/utils/utils.go b/utils/utils.go ---- a/utils/utils.go 2015-08-11 18:35:27.000000000 +0200 -+++ b/utils/utils.go 2015-08-12 18:06:47.930445696 +0200 -@@ -76,7 +76,7 @@ - } - return os.SameFile(targetFileInfo, selfPathFileInfo) - } -- return dockerversion.INITSHA1 != "" && dockerInitSha1(target) == dockerversion.INITSHA1 -+ return true - } - - // DockerInitPath figures out the path of our dockerinit (which may be SelfPath()) diff --git a/libcontainer-apparmor-fixes.patch b/libcontainer-apparmor-fixes.patch deleted file mode 100644 index 3300ae9..0000000 --- a/libcontainer-apparmor-fixes.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -Naur a/contrib/apparmor/docker-engine b/contrib/apparmor/docker-engine ---- a/contrib/apparmor/docker-engine 2015-08-11 18:35:27.000000000 +0200 -+++ b/contrib/apparmor/docker-engine 2015-08-12 18:05:07.608444190 +0200 -@@ -13,7 +13,6 @@ - mount -> /sys/**, - mount -> /run/docker/netns/**, - -- umount, - pivot_root, - signal (receive) peer=@{profile_name}, - signal (receive) peer=unconfined, diff --git a/use_fs_cgroups_by_default.patch b/use_fs_cgroups_by_default.patch deleted file mode 100644 index f699da2..0000000 --- a/use_fs_cgroups_by_default.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 419fd7449fe1a984f582731fcd4d9455000846b0 Mon Sep 17 00:00:00 2001 -From: Alexander Morozov -Date: Wed, 4 Nov 2015 13:51:46 -0800 -Subject: [PATCH] Use fs cgroups by default - -Our implementation of systemd cgroups is mixture of systemd api and -plain filesystem api. It's hard to keep it up to date with systemd and -it already contains some nasty bugs with new versions. Ideally it should -be replaced with some daemon flag which will allow to set parent systemd -slice. - -Signed-off-by: Alexander Morozov ---- - daemon/execdriver/native/driver.go | 3 --- - docs/reference/commandline/daemon.md | 8 ++++---- - 2 files changed, 4 insertions(+), 7 deletions(-) - -diff --git a/daemon/execdriver/native/driver.go b/daemon/execdriver/native/driver.go -index 09171c5..0b6cec3 100644 ---- a/daemon/execdriver/native/driver.go -+++ b/daemon/execdriver/native/driver.go -@@ -74,9 +74,6 @@ func NewDriver(root, initPath string, options []string) (*Driver, error) { - // this makes sure there are no breaking changes to people - // who upgrade from versions without native.cgroupdriver opt - cgm := libcontainer.Cgroupfs -- if systemd.UseSystemd() { -- cgm = libcontainer.SystemdCgroups -- } - - // parse the options - for _, option := range options { -diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md -index 91fd3c6..0721538 100644 ---- a/docs/reference/commandline/daemon.md -+++ b/docs/reference/commandline/daemon.md -@@ -452,11 +452,11 @@ single `native.cgroupdriver` option is available. - - The `native.cgroupdriver` option specifies the management of the container's - cgroups. You can specify `cgroupfs` or `systemd`. If you specify `systemd` and --it is not available, the system uses `cgroupfs`. By default, if no option is --specified, the execdriver first tries `systemd` and falls back to `cgroupfs`. --This example sets the execdriver to `cgroupfs`: -+it is not available, the system uses `cgroupfs`. If you omit the -+`native.cgroupdriver` option,` cgroupfs` is used. -+This example sets the `cgroupdriver` to `systemd`: - -- $ sudo docker daemon --exec-opt native.cgroupdriver=cgroupfs -+ $ sudo docker daemon --exec-opt native.cgroupdriver=systemd - - Setting this option applies to all containers the daemon launches. - From 248b1f0d92b1d65de993717357577294abc3928aada1b33a356ec7ee36a73f20 Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Date: Fri, 5 Feb 2016 10:19:13 +0000 Subject: [PATCH 09/37] add docker-1.10.0 tarball OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=59 --- docker-1.10.0.tar.xz | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 docker-1.10.0.tar.xz diff --git a/docker-1.10.0.tar.xz b/docker-1.10.0.tar.xz new file mode 100644 index 0000000..39fbc52 --- /dev/null +++ b/docker-1.10.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:28b9a52e84b02d7030f8fb39ba99583933421b512795b0b3537e1e57141cfb9b +size 8297720 From 19f2b26c4cb1baf991cdca535370dd55516cb1e2b477329366b54e4a3f4ccc02 Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Date: Fri, 5 Feb 2016 11:01:39 +0000 Subject: [PATCH 10/37] restore fix-docker-init.patch since docker-init has been removed in master branch, but not in this 1.10.0 version OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=60 --- docker.spec | 2 + fix-docker-init.patch | 10 + remove_docker_init.patch | 1182 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 1194 insertions(+) create mode 100644 fix-docker-init.patch create mode 100644 remove_docker_init.patch diff --git a/docker.spec b/docker.spec index 250ee91..604570f 100644 --- a/docker.spec +++ b/docker.spec @@ -43,6 +43,7 @@ Source8: docker-audit.rules Source100: sysconfig.docker.ppc64le Patch0: fix_platform_type_arm.patch Patch1: gcc5_socket_workaround.patch +Patch2: fix-docker-init.patch Patch100: gcc-go-patches.patch Patch101: fix-ppc64le.patch BuildRequires: audit @@ -148,6 +149,7 @@ Test package for docker. It contains the source code and the tests. %if 0%{?suse_version} >= 1330 && 0%{?is_opensuse} == 1 %patch1 -p1 %endif +%patch2 -p1 %ifnarch %go_arches %patch100 -p1 %patch101 -p1 diff --git a/fix-docker-init.patch b/fix-docker-init.patch new file mode 100644 index 0000000..d20346b --- /dev/null +++ b/fix-docker-init.patch @@ -0,0 +1,10 @@ +diff -Naur a/hack/make/.dockerinit b/hack/make/.dockerinit +--- a/hack/make/.dockerinit 2015-08-11 18:35:27.000000000 +0200 ++++ b/hack/make/.dockerinit 2015-08-12 18:14:25.743452565 +0200 +@@ -29,5 +29,6 @@ + exit 1 + fi + ++/usr/bin/strip -s $DEST/dockerinit-$VERSION + # sha1 our new dockerinit to ensure separate docker and dockerinit always run in a perfect pair compiled for one another + export DOCKER_INITSHA1=$($sha1sum "$DEST/dockerinit-$VERSION" | cut -d' ' -f1) diff --git a/remove_docker_init.patch b/remove_docker_init.patch new file mode 100644 index 0000000..523018e --- /dev/null +++ b/remove_docker_init.patch @@ -0,0 +1,1182 @@ +From 4357ed4a7363a1032edf93cf03232953c805184f Mon Sep 17 00:00:00 2001 +From: Aleksa Sarai +Date: Wed, 20 Jan 2016 22:53:54 +1100 +Subject: [PATCH 1/3] *: purge dockerinit from source code + +dockerinit has been around for a very long time. It was originally used +as a way for us to do configuration for LXC containers once the +container had started. LXC is no longer supported, and /.dockerinit has +been dead code for quite a while. This removes all code and references +in code to dockerinit. + +Signed-off-by: Aleksa Sarai +--- + Dockerfile | 5 +- + Dockerfile.armhf | 3 +- + Dockerfile.gccgo | 3 +- + api/client/info.go | 2 - + container/container_unix.go | 4 -- + contrib/builder/rpm/generate.sh | 4 +- + daemon/container_operations_unix.go | 1 - + daemon/container_operations_windows.go | 1 - + daemon/daemon_unix.go | 4 +- + daemon/execdriver/driver.go | 1 - + daemon/info.go | 7 --- + dockerinit/dockerinit.go | 11 ---- + dockerversion/version_lib.go | 3 - + hack/.vendor-helpers.sh | 1 - + hack/make.sh | 1 - + hack/make/.build-deb/rules | 4 +- + hack/make/.build-rpm/docker-engine.spec | 10 --- + hack/make/.dockerinit | 33 ---------- + hack/make/.dockerinit-gccgo | 31 --------- + hack/make/.go-autogen | 9 +-- + hack/make/dynbinary | 10 --- + hack/make/dyngccgo | 10 --- + integration-cli/docker_cli_diff_test.go | 6 +- + pkg/mount/mountinfo_linux_test.go | 1 - + utils/utils.go | 107 -------------------------------- + 25 files changed, 13 insertions(+), 259 deletions(-) + delete mode 100644 dockerinit/dockerinit.go + delete mode 100644 hack/make/.dockerinit + delete mode 100644 hack/make/.dockerinit-gccgo + +diff --git a/Dockerfile b/Dockerfile +index 56da7fe..71d5017 100644 +--- a/Dockerfile ++++ b/Dockerfile +@@ -96,8 +96,7 @@ RUN set -x \ + ENV PATH /osxcross/target/bin:$PATH + + # install seccomp +-# this can be changed to the ubuntu package libseccomp-dev if dockerinit is removed, +-# we need libseccomp.a (which the package does not provide) for dockerinit ++# TODO: switch to libseccomp-dev since dockerinit is gone + ENV SECCOMP_VERSION 2.2.3 + RUN set -x \ + && export SECCOMP_PATH="$(mktemp -d)" \ +@@ -114,7 +113,7 @@ RUN set -x \ + + # Install Go + # IMPORTANT: If the version of Go is updated, the Windows to Linux CI machines +-# will need updating, to avoid errors. Ping #docker-maintainers on IRC ++# will need updating, to avoid errors. Ping #docker-maintainers on IRC + # with a heads-up. + ENV GO_VERSION 1.5.3 + RUN curl -fsSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" \ +diff --git a/Dockerfile.armhf b/Dockerfile.armhf +index 3239edb..1bef8ec 100644 +--- a/Dockerfile.armhf ++++ b/Dockerfile.armhf +@@ -111,8 +111,7 @@ RUN git clone https://github.com/golang/lint.git /go/src/github.com/golang/lint + && go install -v github.com/golang/lint/golint + + # install seccomp +-# this can be changed to the ubuntu package libseccomp-dev if dockerinit is removed, +-# we need libseccomp.a (which the package does not provide) for dockerinit ++# TODO: switch to libseccomp-dev since dockerinit is gone + ENV SECCOMP_VERSION 2.2.3 + RUN set -x \ + && export SECCOMP_PATH="$(mktemp -d)" \ +diff --git a/Dockerfile.gccgo b/Dockerfile.gccgo +index 6d184f0..856489d 100644 +--- a/Dockerfile.gccgo ++++ b/Dockerfile.gccgo +@@ -42,8 +42,7 @@ RUN cd /usr/local/lvm2 \ + # see https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL + + # install seccomp +-# this can be changed to the ubuntu package libseccomp-dev if dockerinit is removed, +-# we need libseccomp.a (which the package does not provide) for dockerinit ++# TODO: switch to libseccomp-dev since dockerinit is gone + ENV SECCOMP_VERSION v2.2.3 + RUN set -x \ + && export SECCOMP_PATH=$(mktemp -d) \ +diff --git a/api/client/info.go b/api/client/info.go +index 42f0682..4c61633 100644 +--- a/api/client/info.go ++++ b/api/client/info.go +@@ -74,8 +74,6 @@ func (cli *DockerCli) CmdInfo(args ...string) error { + fmt.Fprintf(cli.out, " Goroutines: %d\n", info.NGoroutines) + fmt.Fprintf(cli.out, " System Time: %s\n", info.SystemTime) + fmt.Fprintf(cli.out, " EventsListeners: %d\n", info.NEventsListener) +- fmt.Fprintf(cli.out, " Init SHA1: %s\n", info.InitSha1) +- fmt.Fprintf(cli.out, " Init Path: %s\n", info.InitPath) + fmt.Fprintf(cli.out, " Docker Root Dir: %s\n", info.DockerRootDir) + } + +diff --git a/container/container_unix.go b/container/container_unix.go +index 9510a24..3db1444 100644 +--- a/container/container_unix.go ++++ b/container/container_unix.go +@@ -63,10 +63,6 @@ func (container *Container) CreateDaemonEnvironment(linkedEnv []string) []string + env := []string{ + "PATH=" + system.DefaultPathEnv, + "HOSTNAME=" + fullHostname, +- // Note: we don't set HOME here because it'll get autoset intelligently +- // based on the value of USER inside dockerinit, but only if it isn't +- // set already (ie, that can be overridden by setting HOME via -e or ENV +- // in a Dockerfile). + } + if container.Config.Tty { + env = append(env, "TERM=xterm") +diff --git a/contrib/builder/rpm/generate.sh b/contrib/builder/rpm/generate.sh +index 323502c..00749b0 100755 +--- a/contrib/builder/rpm/generate.sh ++++ b/contrib/builder/rpm/generate.sh +@@ -118,9 +118,7 @@ for version in "${versions[@]}"; do + + echo >> "$version/Dockerfile" + +- # fedora does not have a libseccomp.a for compiling static dockerinit +- # ONLY install libseccomp.a from source, this can be removed once dockerinit is removed +- # TODO remove this manual seccomp compilation once dockerinit is gone or no longer needs to be statically compiled ++ # TODO remove this since dockerinit is finally gone + case "$from" in + fedora:*) + awk '$1 == "ENV" && $2 == "SECCOMP_VERSION" { print; exit }' ../../../Dockerfile >> "$version/Dockerfile" +diff --git a/daemon/container_operations_unix.go b/daemon/container_operations_unix.go +index 0449613..8eaedcc 100644 +--- a/daemon/container_operations_unix.go ++++ b/daemon/container_operations_unix.go +@@ -254,7 +254,6 @@ func (daemon *Daemon) populateCommand(c *container.Container, env []string) erro + c.Command = &execdriver.Command{ + CommonCommand: execdriver.CommonCommand{ + ID: c.ID, +- InitPath: "/.dockerinit", + MountLabel: c.GetMountLabel(), + Network: en, + ProcessConfig: processConfig, +diff --git a/daemon/container_operations_windows.go b/daemon/container_operations_windows.go +index 23bc645..b812bfc 100644 +--- a/daemon/container_operations_windows.go ++++ b/daemon/container_operations_windows.go +@@ -124,7 +124,6 @@ func (daemon *Daemon) populateCommand(c *container.Container, env []string) erro + CommonCommand: execdriver.CommonCommand{ + ID: c.ID, + Rootfs: c.BaseFS, +- InitPath: "/.dockerinit", + WorkingDir: c.Config.WorkingDir, + Network: en, + MountLabel: c.GetMountLabel(), +diff --git a/daemon/daemon_unix.go b/daemon/daemon_unix.go +index 8f948e0..11dc7c7 100644 +--- a/daemon/daemon_unix.go ++++ b/daemon/daemon_unix.go +@@ -688,8 +688,7 @@ func initBridgeDriver(controller libnetwork.NetworkController, config *Config) e + } + + // setupInitLayer populates a directory with mountpoints suitable +-// for bind-mounting dockerinit into the container. The mountpoint is simply an +-// empty file at /.dockerinit ++// for bind-mounting things into the container. + // + // This extra layer is used by all containers as the top-most ro layer. It protects + // the container from unwanted side-effects on the rw layer. +@@ -699,7 +698,6 @@ func setupInitLayer(initLayer string, rootUID, rootGID int) error { + "/dev/shm": "dir", + "/proc": "dir", + "/sys": "dir", +- "/.dockerinit": "file", + "/.dockerenv": "file", + "/etc/resolv.conf": "file", + "/etc/hosts": "file", +diff --git a/daemon/execdriver/driver.go b/daemon/execdriver/driver.go +index 465e038..ba47b74 100644 +--- a/daemon/execdriver/driver.go ++++ b/daemon/execdriver/driver.go +@@ -131,7 +131,6 @@ type CommonProcessConfig struct { + type CommonCommand struct { + ContainerPid int `json:"container_pid"` // the pid for the process inside a container + ID string `json:"id"` +- InitPath string `json:"initpath"` // dockerinit + MountLabel string `json:"mount_label"` // TODO Windows. More involved, but can be factored out + Mounts []Mount `json:"mounts"` + Network *Network `json:"network"` +diff --git a/daemon/info.go b/daemon/info.go +index 008ac20..20d8356 100644 +--- a/daemon/info.go ++++ b/daemon/info.go +@@ -49,11 +49,6 @@ func (daemon *Daemon) SystemInfo() (*types.Info, error) { + logrus.Errorf("Could not read system memory info: %v", err) + } + +- // if we still have the original dockerinit binary from before +- // we copied it locally, let's return the path to that, since +- // that's more intuitive (the copied path is trivial to derive +- // by hand given VERSION) +- initPath := utils.DockerInitPath("") + sysInfo := sysinfo.New(true) + + var cRunning, cPaused, cStopped int32 +@@ -94,8 +89,6 @@ func (daemon *Daemon) SystemInfo() (*types.Info, error) { + OSType: platform.OSType, + Architecture: platform.Architecture, + RegistryConfig: daemon.RegistryService.Config, +- InitSha1: dockerversion.InitSHA1, +- InitPath: initPath, + NCPU: runtime.NumCPU(), + MemTotal: meminfo.MemTotal, + DockerRootDir: daemon.configStore.Root, +diff --git a/dockerinit/dockerinit.go b/dockerinit/dockerinit.go +deleted file mode 100644 +index 8a0be56..0000000 +--- a/dockerinit/dockerinit.go ++++ /dev/null +@@ -1,11 +0,0 @@ +-package main +- +-import ( +- _ "github.com/docker/docker/daemon/execdriver/native" +- "github.com/docker/docker/pkg/reexec" +-) +- +-func main() { +- // Running in init mode +- reexec.Init() +-} +diff --git a/dockerversion/version_lib.go b/dockerversion/version_lib.go +index 1d5862d..6644bce 100644 +--- a/dockerversion/version_lib.go ++++ b/dockerversion/version_lib.go +@@ -9,8 +9,5 @@ const ( + GitCommit string = "library-import" + Version string = "library-import" + BuildTime string = "library-import" +- + IAmStatic string = "library-import" +- InitSHA1 string = "library-import" +- InitPath string = "library-import" + ) +diff --git a/hack/.vendor-helpers.sh b/hack/.vendor-helpers.sh +index e3be72b..fcc745c 100755 +--- a/hack/.vendor-helpers.sh ++++ b/hack/.vendor-helpers.sh +@@ -76,7 +76,6 @@ _dockerfile_env() { + clean() { + local packages=( + "${PROJECT}/docker" # package main +- "${PROJECT}/dockerinit" # package main + "${PROJECT}/integration-cli" # external tests + ) + local dockerPlatforms=( ${DOCKER_ENGINE_OSARCH:="linux/amd64"} $(_dockerfile_env DOCKER_CROSSPLATFORMS) ) +diff --git a/hack/make.sh b/hack/make.sh +index dc6cffa..6e007cc 100755 +--- a/hack/make.sh ++++ b/hack/make.sh +@@ -237,7 +237,6 @@ test_env() { + HOME="$ABS_DEST/fake-HOME" \ + PATH="$PATH" \ + TEMP="$TEMP" \ +- TEST_DOCKERINIT_PATH="$TEST_DOCKERINIT_PATH" \ + "$@" + } + +diff --git a/hack/make/.build-deb/rules b/hack/make/.build-deb/rules +index 2c7f6c4..8928215 100755 +--- a/hack/make/.build-deb/rules ++++ b/hack/make/.build-deb/rules +@@ -17,14 +17,12 @@ override_dh_auto_test: + ./bundles/$(VERSION)/dynbinary/docker -v + + override_dh_strip: +- # the SHA1 of dockerinit is important: don't strip it +- # also, Go has lots of problems with stripping, so just don't ++ # Go has lots of problems with stripping, so just don't + + override_dh_auto_install: + mkdir -p debian/docker-engine/usr/bin + cp -aT "$$(readlink -f bundles/$(VERSION)/dynbinary/docker)" debian/docker-engine/usr/bin/docker + mkdir -p debian/docker-engine/usr/lib/docker +- cp -aT "$$(readlink -f bundles/$(VERSION)/dynbinary/dockerinit)" debian/docker-engine/usr/lib/docker/dockerinit + + override_dh_installinit: + # use "docker" as our service name, not "docker-engine" +diff --git a/hack/make/.build-rpm/docker-engine.spec b/hack/make/.build-rpm/docker-engine.spec +index 2fc1406..53b7cd7 100644 +--- a/hack/make/.build-rpm/docker-engine.spec ++++ b/hack/make/.build-rpm/docker-engine.spec +@@ -11,11 +11,6 @@ URL: https://dockerproject.org + Vendor: Docker + Packager: Docker + +-# docker builds in a checksum of dockerinit into docker, +-# # so stripping the binaries breaks docker +-%global __os_install_post %{_rpmconfigdir}/brp-compress +-%global debug_package %{nil} +- + # is_systemd conditional + %if 0%{?fedora} >= 21 || 0%{?centos} >= 7 || 0%{?rhel} >= 7 || 0%{?suse_version} >= 1300 + %global is_systemd 1 +@@ -124,10 +119,6 @@ export DOCKER_GITCOMMIT=%{_gitcommit} + install -d $RPM_BUILD_ROOT/%{_bindir} + install -p -m 755 bundles/%{_origversion}/dynbinary/docker-%{_origversion} $RPM_BUILD_ROOT/%{_bindir}/docker + +-# install dockerinit +-install -d $RPM_BUILD_ROOT/%{_libexecdir}/docker +-install -p -m 755 bundles/%{_origversion}/dynbinary/dockerinit-%{_origversion} $RPM_BUILD_ROOT/%{_libexecdir}/docker/dockerinit +- + # install udev rules + install -d $RPM_BUILD_ROOT/%{_sysconfdir}/udev/rules.d + install -p -m 644 contrib/udev/80-docker.rules $RPM_BUILD_ROOT/%{_sysconfdir}/udev/rules.d/80-docker.rules +@@ -175,7 +166,6 @@ install -p -m 644 contrib/syntax/nano/Dockerfile.nanorc $RPM_BUILD_ROOT/usr/shar + %files + %doc AUTHORS CHANGELOG.md CONTRIBUTING.md LICENSE MAINTAINERS NOTICE README.md + /%{_bindir}/docker +-/%{_libexecdir}/docker/dockerinit + /%{_sysconfdir}/udev/rules.d/80-docker.rules + %if 0%{?is_systemd} + /%{_unitdir}/docker.service +diff --git a/hack/make/.dockerinit b/hack/make/.dockerinit +deleted file mode 100644 +index 4a62ee1..0000000 +--- a/hack/make/.dockerinit ++++ /dev/null +@@ -1,33 +0,0 @@ +-#!/bin/bash +-set -e +- +-IAMSTATIC="true" +-source "${MAKEDIR}/.go-autogen" +- +-# dockerinit still needs to be a static binary, even if docker is dynamic +-go build \ +- -o "$DEST/dockerinit-$VERSION" \ +- "${BUILDFLAGS[@]}" \ +- -ldflags " +- $LDFLAGS +- $LDFLAGS_STATIC +- -extldflags \"$EXTLDFLAGS_STATIC\" +- " \ +- ./dockerinit +- +-echo "Created binary: $DEST/dockerinit-$VERSION" +-ln -sf "dockerinit-$VERSION" "$DEST/dockerinit" +- +-sha1sum= +-if command -v sha1sum &> /dev/null; then +- sha1sum=sha1sum +-elif command -v shasum &> /dev/null; then +- # Mac OS X - why couldn't they just use the same command name and be happy? +- sha1sum=shasum +-else +- echo >&2 'error: cannot find sha1sum command or equivalent' +- exit 1 +-fi +- +-# sha1 our new dockerinit to ensure separate docker and dockerinit always run in a perfect pair compiled for one another +-export DOCKER_INITSHA1=$($sha1sum "$DEST/dockerinit-$VERSION" | cut -d' ' -f1) +diff --git a/hack/make/.dockerinit-gccgo b/hack/make/.dockerinit-gccgo +deleted file mode 100644 +index 3caa526..0000000 +--- a/hack/make/.dockerinit-gccgo ++++ /dev/null +@@ -1,31 +0,0 @@ +-#!/bin/bash +-set -e +- +-IAMSTATIC="true" +-source "${MAKEDIR}/.go-autogen" +- +-# dockerinit still needs to be a static binary, even if docker is dynamic +-go build --compiler=gccgo \ +- -o "$DEST/dockerinit-$VERSION" \ +- "${BUILDFLAGS[@]}" \ +- --gccgoflags " +- -g +- -Wl,--no-export-dynamic +- $EXTLDFLAGS_STATIC +- -lnetgo +- " \ +- ./dockerinit +- +-echo "Created binary: $DEST/dockerinit-$VERSION" +-ln -sf "dockerinit-$VERSION" "$DEST/dockerinit" +- +-sha1sum= +-if command -v sha1sum &> /dev/null; then +- sha1sum=sha1sum +-else +- echo >&2 'error: cannot find sha1sum command or equivalent' +- exit 1 +-fi +- +-# sha1 our new dockerinit to ensure separate docker and dockerinit always run in a perfect pair compiled for one another +-export DOCKER_INITSHA1=$($sha1sum "$DEST/dockerinit-$VERSION" | cut -d' ' -f1) +diff --git a/hack/make/.go-autogen b/hack/make/.go-autogen +index 71f8370..c8e13b4 100644 +--- a/hack/make/.go-autogen ++++ b/hack/make/.go-autogen +@@ -14,10 +14,7 @@ const ( + GitCommit string = "$GITCOMMIT" + Version string = "$VERSION" + BuildTime string = "$BUILDTIME" +- + IAmStatic string = "${IAMSTATIC:-true}" +- InitSHA1 string = "$DOCKER_INITSHA1" +- InitPath string = "$DOCKER_INITPATH" + ) + // AUTOGENERATED FILE; see $BASH_SOURCE + DVEOF +@@ -44,9 +41,9 @@ When make binary is run, the Dockerfile prepares the build environment by: + + make.sh invokes hack/make/.go-autogen to: + +- - Run rsrc to create a binary file (autogen/winresources/rsrc.syso) that +- contains the manifest and icon. This file is automatically picked up by +- 'go build', so no post-processing steps are required. The sources for ++ - Run rsrc to create a binary file (autogen/winresources/rsrc.syso) that ++ contains the manifest and icon. This file is automatically picked up by ++ 'go build', so no post-processing steps are required. The sources for + rsrc.syso are under hack/make/.resources-windows. + + */ +diff --git a/hack/make/dynbinary b/hack/make/dynbinary +index e5fc0be..1d1a8e3 100644 +--- a/hack/make/dynbinary ++++ b/hack/make/dynbinary +@@ -1,16 +1,6 @@ + #!/bin/bash + set -e + +-if [ -z "$DOCKER_CLIENTONLY" ]; then +- source "${MAKEDIR}/.dockerinit" +- +- hash_files "$DEST/dockerinit-$VERSION" +-else +- # DOCKER_CLIENTONLY must be truthy, so we don't need to bother with dockerinit :) +- export DOCKER_INITSHA1="" +-fi +-# DOCKER_INITSHA1 is exported so that other bundlescripts can easily access it later without recalculating it +- + ( + export IAMSTATIC="false" + export LDFLAGS_STATIC_DOCKER='' +diff --git a/hack/make/dyngccgo b/hack/make/dyngccgo +index 0747637..a9019e8 100644 +--- a/hack/make/dyngccgo ++++ b/hack/make/dyngccgo +@@ -1,16 +1,6 @@ + #!/bin/bash + set -e + +-if [ -z "$DOCKER_CLIENTONLY" ]; then +- source "${MAKEDIR}/.dockerinit-gccgo" +- +- hash_files "$DEST/dockerinit-$VERSION" +-else +- # DOCKER_CLIENTONLY must be truthy, so we don't need to bother with dockerinit :) +- export DOCKER_INITSHA1="" +-fi +-# DOCKER_INITSHA1 is exported so that other bundlescripts can easily access it later without recalculating it +- + ( + export IAMSTATIC="false" + export EXTLDFLAGS_STATIC='' +diff --git a/integration-cli/docker_cli_diff_test.go b/integration-cli/docker_cli_diff_test.go +index 4f29d36..e0d0914 100644 +--- a/integration-cli/docker_cli_diff_test.go ++++ b/integration-cli/docker_cli_diff_test.go +@@ -27,10 +27,10 @@ func (s *DockerSuite) TestDiffFilenameShownInOutput(c *check.C) { + } + + // test to ensure GH #3840 doesn't occur any more +-func (s *DockerSuite) TestDiffEnsureDockerinitFilesAreIgnored(c *check.C) { ++func (s *DockerSuite) TestDiffEnsureInitLayerFilesAreIgnored(c *check.C) { + testRequires(c, DaemonIsLinux) + // this is a list of files which shouldn't show up in `docker diff` +- dockerinitFiles := []string{"/etc/resolv.conf", "/etc/hostname", "/etc/hosts", "/.dockerinit", "/.dockerenv"} ++ initLayerFiles := []string{"/etc/resolv.conf", "/etc/hostname", "/etc/hosts", "/.dockerenv"} + containerCount := 5 + + // we might not run into this problem from the first run, so start a few containers +@@ -41,7 +41,7 @@ func (s *DockerSuite) TestDiffEnsureDockerinitFilesAreIgnored(c *check.C) { + cleanCID := strings.TrimSpace(out) + out, _ = dockerCmd(c, "diff", cleanCID) + +- for _, filename := range dockerinitFiles { ++ for _, filename := range initLayerFiles { + c.Assert(out, checker.Not(checker.Contains), filename) + } + } +diff --git a/pkg/mount/mountinfo_linux_test.go b/pkg/mount/mountinfo_linux_test.go +index 812d12e..bd100e1 100644 +--- a/pkg/mount/mountinfo_linux_test.go ++++ b/pkg/mount/mountinfo_linux_test.go +@@ -224,7 +224,6 @@ const ( + 43 16 0:34 / /proc/fs/nfsd rw,nosuid,nodev,noexec,relatime - nfsd nfsd rw + 44 15 0:35 / /home/tianon/.gvfs rw,nosuid,nodev,relatime - fuse.gvfs-fuse-daemon gvfs-fuse-daemon rw,user_id=1000,group_id=1000 + 68 15 0:3336 / /var/lib/docker/aufs/mnt/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd rw,relatime - aufs none rw,si=9b4a7640128db39c +-85 68 8:6 /var/lib/docker/init/dockerinit-0.7.2-dev//deleted /var/lib/docker/aufs/mnt/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/.dockerinit rw,noatime,nodiratime - ext4 /dev/sda6 rw,data=ordered + 86 68 8:6 /var/lib/docker/containers/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/config.env /var/lib/docker/aufs/mnt/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/.dockerenv rw,noatime,nodiratime - ext4 /dev/sda6 rw,data=ordered + 87 68 8:6 /etc/resolv.conf /var/lib/docker/aufs/mnt/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/etc/resolv.conf rw,noatime,nodiratime - ext4 /dev/sda6 rw,data=ordered + 88 68 8:6 /var/lib/docker/containers/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/hostname /var/lib/docker/aufs/mnt/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/etc/hostname rw,noatime,nodiratime - ext4 /dev/sda6 rw,data=ordered +diff --git a/utils/utils.go b/utils/utils.go +index 340b9e4..49f50dd 100644 +--- a/utils/utils.go ++++ b/utils/utils.go +@@ -1,124 +1,17 @@ + package utils + + import ( +- "crypto/sha1" +- "encoding/hex" + "fmt" +- "io" + "io/ioutil" + "os" +- "os/exec" +- "path/filepath" + "runtime" + "strings" + + "github.com/docker/distribution/registry/api/errcode" +- "github.com/docker/docker/dockerversion" + "github.com/docker/docker/pkg/archive" + "github.com/docker/docker/pkg/stringid" + ) + +-// SelfPath figures out the absolute path of our own binary (if it's still around). +-func SelfPath() string { +- path, err := exec.LookPath(os.Args[0]) +- if err != nil { +- if os.IsNotExist(err) { +- return "" +- } +- if execErr, ok := err.(*exec.Error); ok && os.IsNotExist(execErr.Err) { +- return "" +- } +- panic(err) +- } +- path, err = filepath.Abs(path) +- if err != nil { +- if os.IsNotExist(err) { +- return "" +- } +- panic(err) +- } +- return path +-} +- +-func dockerInitSha1(target string) string { +- f, err := os.Open(target) +- if err != nil { +- return "" +- } +- defer f.Close() +- h := sha1.New() +- _, err = io.Copy(h, f) +- if err != nil { +- return "" +- } +- return hex.EncodeToString(h.Sum(nil)) +-} +- +-func isValidDockerInitPath(target string, selfPath string) bool { // target and selfPath should be absolute (InitPath and SelfPath already do this) +- if target == "" { +- return false +- } +- if dockerversion.IAmStatic == "true" { +- if selfPath == "" { +- return false +- } +- if target == selfPath { +- return true +- } +- targetFileInfo, err := os.Lstat(target) +- if err != nil { +- return false +- } +- selfPathFileInfo, err := os.Lstat(selfPath) +- if err != nil { +- return false +- } +- return os.SameFile(targetFileInfo, selfPathFileInfo) +- } +- return dockerversion.InitSHA1 != "" && dockerInitSha1(target) == dockerversion.InitSHA1 +-} +- +-// DockerInitPath figures out the path of our dockerinit (which may be SelfPath()) +-func DockerInitPath(localCopy string) string { +- selfPath := SelfPath() +- if isValidDockerInitPath(selfPath, selfPath) { +- // if we're valid, don't bother checking anything else +- return selfPath +- } +- var possibleInits = []string{ +- localCopy, +- dockerversion.InitPath, +- filepath.Join(filepath.Dir(selfPath), "dockerinit"), +- +- // FHS 3.0 Draft: "/usr/libexec includes internal binaries that are not intended to be executed directly by users or shell scripts. Applications may use a single subdirectory under /usr/libexec." +- // https://www.linuxbase.org/betaspecs/fhs/fhs.html#usrlibexec +- "/usr/libexec/docker/dockerinit", +- "/usr/local/libexec/docker/dockerinit", +- +- // FHS 2.3: "/usr/lib includes object files, libraries, and internal binaries that are not intended to be executed directly by users or shell scripts." +- // https://refspecs.linuxfoundation.org/FHS_2.3/fhs-2.3.html#USRLIBLIBRARIESFORPROGRAMMINGANDPA +- "/usr/lib/docker/dockerinit", +- "/usr/local/lib/docker/dockerinit", +- } +- for _, dockerInit := range possibleInits { +- if dockerInit == "" { +- continue +- } +- path, err := exec.LookPath(dockerInit) +- if err == nil { +- path, err = filepath.Abs(path) +- if err != nil { +- // LookPath already validated that this file exists and is executable (following symlinks), so how could Abs fail? +- panic(err) +- } +- if isValidDockerInitPath(path, selfPath) { +- return path +- } +- } +- } +- return "" +-} +- + var globalTestID string + + // TestDirectory creates a new temporary directory and returns its path. + +From e72192be404c9a8489191d43fd6e5c429081d5c8 Mon Sep 17 00:00:00 2001 +From: Aleksa Sarai +Date: Thu, 21 Jan 2016 01:27:46 +1100 +Subject: [PATCH 2/3] *: remove documentation references to dockerinit + +While the documentation is very patchy on dockerinit, remove all +references in packaging documentation to the now purged dockerinit. + +Signed-off-by: Aleksa Sarai +--- + project/PACKAGERS.md | 33 +-------------------------------- + 1 file changed, 1 insertion(+), 32 deletions(-) + +diff --git a/project/PACKAGERS.md b/project/PACKAGERS.md +index 780e961..3ca75e7 100644 +--- a/project/PACKAGERS.md ++++ b/project/PACKAGERS.md +@@ -210,7 +210,7 @@ the file "./VERSION". This binary is usually installed somewhere like + + ### Dynamic Daemon / Client-only Binary + +-If you are only interested in a Docker client binary, set `DOCKER_CLIENTONLY` to a non-empty value using something similar to the following: (which will prevent the extra step of compiling dockerinit) ++If you are only interested in a Docker client binary, set `DOCKER_CLIENTONLY` to a non-empty value using something similar to the following: + + ```bash + export DOCKER_CLIENTONLY=1 +@@ -228,37 +228,6 @@ following: + This will create "./bundles/$VERSION/dynbinary/docker-$VERSION", which for + client-only builds is the important file to grab and install as appropriate. + +-For daemon builds, you will also need to grab and install +-"./bundles/$VERSION/dynbinary/dockerinit-$VERSION", which is created from the +-minimal set of Docker's codebase that _must_ be compiled statically (and is thus +-a pure static binary). The acceptable locations Docker will search for this file +-are as follows (in order): +- +-* as "dockerinit" in the same directory as the daemon binary (ie, if docker is +- installed at "/usr/bin/docker", then "/usr/bin/dockerinit" will be the first +- place this file is searched for) +-* "/usr/libexec/docker/dockerinit" or "/usr/local/libexec/docker/dockerinit" +- ([FHS 3.0 Draft](https://www.linuxbase.org/betaspecs/fhs/fhs.html#usrlibexec)) +-* "/usr/lib/docker/dockerinit" or "/usr/local/lib/docker/dockerinit" ([FHS +- 2.3](https://refspecs.linuxfoundation.org/FHS_2.3/fhs-2.3.html#USRLIBLIBRARIESFORPROGRAMMINGANDPA)) +- +-If (and please, only if) one of the paths above is insufficient due to distro +-policy or similar issues, you may use the `DOCKER_INITPATH` environment variable +-at compile-time as follows to set a different path for Docker to search: +- +-```bash +-export DOCKER_INITPATH=/usr/lib/docker.io/dockerinit +-``` +- +-If you find yourself needing this, please don't hesitate to reach out to Tianon +-to see if it would be reasonable or helpful to add more paths to Docker's list, +-especially if there's a relevant standard worth referencing (such as the FHS). +- +-Also, it goes without saying, but for the purposes of the daemon please consider +-these two binaries ("docker" and "dockerinit") as if they were a single unit. +-Mixing and matching can cause undesired consequences, and will fail to run +-properly. +- + ## System Dependencies + + ### Runtime Dependencies + +From 71c63aa72e3788af27fef0de9005cde6c7728a2b Mon Sep 17 00:00:00 2001 +From: Aleksa Sarai +Date: Tue, 26 Jan 2016 23:46:22 +1100 +Subject: [PATCH 3/3] vendor: update engine-api + +This removes all references to InitPath and InitSha1, as well as pulling +in a few other minor engine-api fixes. + +Signed-off-by: Aleksa Sarai +--- + hack/vendor.sh | 2 +- + .../github.com/docker/engine-api/client/client.go | 22 +++++++++++++++------- + .../docker/engine-api/client/client_nounix.go | 6 ++++++ + .../docker/engine-api/client/client_unix.go | 6 ++++++ + .../docker/engine-api/client/container_commit.go | 9 +++------ + .../docker/engine-api/client/container_create.go | 17 +++-------------- + .../docker/engine-api/client/container_inspect.go | 2 +- + .../docker/engine-api/client/container_list.go | 2 +- + .../docker/engine-api/client/container_top.go | 2 +- + .../github.com/docker/engine-api/client/diff.go | 9 +++------ + .../github.com/docker/engine-api/client/exec.go | 4 ++-- + .../github.com/docker/engine-api/client/history.go | 8 +++----- + .../docker/engine-api/client/image_list.go | 2 +- + .../docker/engine-api/client/image_remove.go | 2 +- + .../docker/engine-api/client/image_search.go | 2 +- + .../github.com/docker/engine-api/client/login.go | 2 +- + .../github.com/docker/engine-api/client/network.go | 4 ++-- + .../github.com/docker/engine-api/client/version.go | 2 +- + .../github.com/docker/engine-api/client/volume.go | 6 +++--- + .../engine-api/types/container/host_config.go | 8 +++++++- + .../github.com/docker/engine-api/types/types.go | 5 +++-- + 21 files changed, 65 insertions(+), 57 deletions(-) + create mode 100644 vendor/src/github.com/docker/engine-api/client/client_nounix.go + create mode 100644 vendor/src/github.com/docker/engine-api/client/client_unix.go + +diff --git a/hack/vendor.sh b/hack/vendor.sh +index 535e4eb..a13d6c6 100755 +--- a/hack/vendor.sh ++++ b/hack/vendor.sh +@@ -22,7 +22,7 @@ clone git github.com/vdemeester/shakers 3c10293ce22b900c27acad7b28656196fcc2f73b + clone git golang.org/x/net 47990a1ba55743e6ef1affd3a14e5bac8553615d https://github.com/golang/net.git + clone git github.com/docker/go-units 651fc226e7441360384da338d0fd37f2440ffbe3 + clone git github.com/docker/go-connections v0.1.2 +-clone git github.com/docker/engine-api v0.2.2 ++clone git github.com/docker/engine-api bdbab71ec21209ef56dffdbe42c9d21843c30862 + clone git github.com/RackSec/srslog 6eb773f331e46fbba8eecb8e794e635e75fc04de + clone git github.com/imdario/mergo 0.2.1 + +diff --git a/vendor/src/github.com/docker/engine-api/client/client.go b/vendor/src/github.com/docker/engine-api/client/client.go +index 28f00e5..a62d859 100644 +--- a/vendor/src/github.com/docker/engine-api/client/client.go ++++ b/vendor/src/github.com/docker/engine-api/client/client.go +@@ -10,6 +10,8 @@ import ( + "path/filepath" + "strings" + "time" ++ ++ "github.com/docker/go-connections/tlsconfig" + ) + + // Client is the API client that performs all operations +@@ -41,21 +43,27 @@ type Client struct { + func NewEnvClient() (*Client, error) { + var transport *http.Transport + if dockerCertPath := os.Getenv("DOCKER_CERT_PATH"); dockerCertPath != "" { +- tlsc := &tls.Config{} +- +- cert, err := tls.LoadX509KeyPair(filepath.Join(dockerCertPath, "cert.pem"), filepath.Join(dockerCertPath, "key.pem")) ++ options := tlsconfig.Options{ ++ CAFile: filepath.Join(dockerCertPath, "ca.pem"), ++ CertFile: filepath.Join(dockerCertPath, "cert.pem"), ++ KeyFile: filepath.Join(dockerCertPath, "key.pem"), ++ InsecureSkipVerify: os.Getenv("DOCKER_TLS_VERIFY") == "", ++ } ++ tlsc, err := tlsconfig.Client(options) + if err != nil { +- return nil, fmt.Errorf("Error loading x509 key pair: %s", err) ++ return nil, err + } + +- tlsc.Certificates = append(tlsc.Certificates, cert) +- tlsc.InsecureSkipVerify = os.Getenv("DOCKER_TLS_VERIFY") == "" + transport = &http.Transport{ + TLSClientConfig: tlsc, + } + } + +- return NewClient(os.Getenv("DOCKER_HOST"), os.Getenv("DOCKER_API_VERSION"), transport, nil) ++ host := os.Getenv("DOCKER_HOST") ++ if host == "" { ++ host = DefaultDockerHost ++ } ++ return NewClient(host, os.Getenv("DOCKER_API_VERSION"), transport, nil) + } + + // NewClient initializes a new API client for the given host and API version. +diff --git a/vendor/src/github.com/docker/engine-api/client/client_nounix.go b/vendor/src/github.com/docker/engine-api/client/client_nounix.go +new file mode 100644 +index 0000000..d07ab84 +--- /dev/null ++++ b/vendor/src/github.com/docker/engine-api/client/client_nounix.go +@@ -0,0 +1,6 @@ ++// +build windows darwin ++ ++package client ++ ++// DefaultDockerHost defines os specific default if DOCKER_HOST is unset ++const DefaultDockerHost = "tcp://127.0.0.1:2375" +diff --git a/vendor/src/github.com/docker/engine-api/client/client_unix.go b/vendor/src/github.com/docker/engine-api/client/client_unix.go +new file mode 100644 +index 0000000..39c4bd8 +--- /dev/null ++++ b/vendor/src/github.com/docker/engine-api/client/client_unix.go +@@ -0,0 +1,6 @@ ++// +build linux freebsd ++ ++package client ++ ++// DefaultDockerHost defines os specific default if DOCKER_HOST is unset ++const DefaultDockerHost = "unix:///var/run/docker.sock" +diff --git a/vendor/src/github.com/docker/engine-api/client/container_commit.go b/vendor/src/github.com/docker/engine-api/client/container_commit.go +index 488d087..47534a6 100644 +--- a/vendor/src/github.com/docker/engine-api/client/container_commit.go ++++ b/vendor/src/github.com/docker/engine-api/client/container_commit.go +@@ -27,11 +27,8 @@ func (cli *Client) ContainerCommit(options types.ContainerCommitOptions) (types. + if err != nil { + return response, err + } +- defer ensureReaderClosed(resp) + +- if err := json.NewDecoder(resp.body).Decode(&response); err != nil { +- return response, err +- } +- +- return response, nil ++ err = json.NewDecoder(resp.body).Decode(&response) ++ ensureReaderClosed(resp) ++ return response, err + } +diff --git a/vendor/src/github.com/docker/engine-api/client/container_create.go b/vendor/src/github.com/docker/engine-api/client/container_create.go +index 0f85e7b..61b560a 100644 +--- a/vendor/src/github.com/docker/engine-api/client/container_create.go ++++ b/vendor/src/github.com/docker/engine-api/client/container_create.go +@@ -39,18 +39,7 @@ func (cli *Client) ContainerCreate(config *container.Config, hostConfig *contain + return response, err + } + +- if serverResp.statusCode == 404 && strings.Contains(err.Error(), "No such image") { +- return response, imageNotFoundError{config.Image} +- } +- +- if err != nil { +- return response, err +- } +- defer ensureReaderClosed(serverResp) +- +- if err := json.NewDecoder(serverResp.body).Decode(&response); err != nil { +- return response, err +- } +- +- return response, nil ++ err = json.NewDecoder(serverResp.body).Decode(&response) ++ ensureReaderClosed(serverResp) ++ return response, err + } +diff --git a/vendor/src/github.com/docker/engine-api/client/container_inspect.go b/vendor/src/github.com/docker/engine-api/client/container_inspect.go +index c18a764..f99e46f 100644 +--- a/vendor/src/github.com/docker/engine-api/client/container_inspect.go ++++ b/vendor/src/github.com/docker/engine-api/client/container_inspect.go +@@ -19,10 +19,10 @@ func (cli *Client) ContainerInspect(containerID string) (types.ContainerJSON, er + } + return types.ContainerJSON{}, err + } +- defer ensureReaderClosed(serverResp) + + var response types.ContainerJSON + err = json.NewDecoder(serverResp.body).Decode(&response) ++ ensureReaderClosed(serverResp) + return response, err + } + +diff --git a/vendor/src/github.com/docker/engine-api/client/container_list.go b/vendor/src/github.com/docker/engine-api/client/container_list.go +index b55307c..f553287 100644 +--- a/vendor/src/github.com/docker/engine-api/client/container_list.go ++++ b/vendor/src/github.com/docker/engine-api/client/container_list.go +@@ -46,9 +46,9 @@ func (cli *Client) ContainerList(options types.ContainerListOptions) ([]types.Co + if err != nil { + return nil, err + } +- defer ensureReaderClosed(resp) + + var containers []types.Container + err = json.NewDecoder(resp.body).Decode(&containers) ++ ensureReaderClosed(resp) + return containers, err + } +diff --git a/vendor/src/github.com/docker/engine-api/client/container_top.go b/vendor/src/github.com/docker/engine-api/client/container_top.go +index 04aecc2..1673947 100644 +--- a/vendor/src/github.com/docker/engine-api/client/container_top.go ++++ b/vendor/src/github.com/docker/engine-api/client/container_top.go +@@ -20,8 +20,8 @@ func (cli *Client) ContainerTop(containerID string, arguments []string) (types.C + if err != nil { + return response, err + } +- defer ensureReaderClosed(resp) + + err = json.NewDecoder(resp.body).Decode(&response) ++ ensureReaderClosed(resp) + return response, err + } +diff --git a/vendor/src/github.com/docker/engine-api/client/diff.go b/vendor/src/github.com/docker/engine-api/client/diff.go +index 6639d8b..c57bf69 100644 +--- a/vendor/src/github.com/docker/engine-api/client/diff.go ++++ b/vendor/src/github.com/docker/engine-api/client/diff.go +@@ -15,11 +15,8 @@ func (cli *Client) ContainerDiff(containerID string) ([]types.ContainerChange, e + if err != nil { + return changes, err + } +- defer ensureReaderClosed(serverResp) + +- if err := json.NewDecoder(serverResp.body).Decode(&changes); err != nil { +- return changes, err +- } +- +- return changes, nil ++ err = json.NewDecoder(serverResp.body).Decode(&changes) ++ ensureReaderClosed(serverResp) ++ return changes, err + } +diff --git a/vendor/src/github.com/docker/engine-api/client/exec.go b/vendor/src/github.com/docker/engine-api/client/exec.go +index 3a86b40..3d4577e 100644 +--- a/vendor/src/github.com/docker/engine-api/client/exec.go ++++ b/vendor/src/github.com/docker/engine-api/client/exec.go +@@ -13,8 +13,8 @@ func (cli *Client) ContainerExecCreate(config types.ExecConfig) (types.Container + if err != nil { + return response, err + } +- defer ensureReaderClosed(resp) + err = json.NewDecoder(resp.body).Decode(&response) ++ ensureReaderClosed(resp) + return response, err + } + +@@ -41,8 +41,8 @@ func (cli *Client) ContainerExecInspect(execID string) (types.ContainerExecInspe + if err != nil { + return response, err + } +- defer ensureReaderClosed(resp) + + err = json.NewDecoder(resp.body).Decode(&response) ++ ensureReaderClosed(resp) + return response, err + } +diff --git a/vendor/src/github.com/docker/engine-api/client/history.go b/vendor/src/github.com/docker/engine-api/client/history.go +index 7769727..21a2622 100644 +--- a/vendor/src/github.com/docker/engine-api/client/history.go ++++ b/vendor/src/github.com/docker/engine-api/client/history.go +@@ -14,10 +14,8 @@ func (cli *Client) ImageHistory(imageID string) ([]types.ImageHistory, error) { + if err != nil { + return history, err + } +- defer ensureReaderClosed(serverResp) + +- if err := json.NewDecoder(serverResp.body).Decode(&history); err != nil { +- return history, err +- } +- return history, nil ++ err = json.NewDecoder(serverResp.body).Decode(&history) ++ ensureReaderClosed(serverResp) ++ return history, err + } +diff --git a/vendor/src/github.com/docker/engine-api/client/image_list.go b/vendor/src/github.com/docker/engine-api/client/image_list.go +index d961570..0cdb0ba 100644 +--- a/vendor/src/github.com/docker/engine-api/client/image_list.go ++++ b/vendor/src/github.com/docker/engine-api/client/image_list.go +@@ -32,8 +32,8 @@ func (cli *Client) ImageList(options types.ImageListOptions) ([]types.Image, err + if err != nil { + return images, err + } +- defer ensureReaderClosed(serverResp) + + err = json.NewDecoder(serverResp.body).Decode(&images) ++ ensureReaderClosed(serverResp) + return images, err + } +diff --git a/vendor/src/github.com/docker/engine-api/client/image_remove.go b/vendor/src/github.com/docker/engine-api/client/image_remove.go +index c9c232c..28edb8e 100644 +--- a/vendor/src/github.com/docker/engine-api/client/image_remove.go ++++ b/vendor/src/github.com/docker/engine-api/client/image_remove.go +@@ -22,9 +22,9 @@ func (cli *Client) ImageRemove(options types.ImageRemoveOptions) ([]types.ImageD + if err != nil { + return nil, err + } +- defer ensureReaderClosed(resp) + + var dels []types.ImageDelete + err = json.NewDecoder(resp.body).Decode(&dels) ++ ensureReaderClosed(resp) + return dels, err + } +diff --git a/vendor/src/github.com/docker/engine-api/client/image_search.go b/vendor/src/github.com/docker/engine-api/client/image_search.go +index 5d9413c..0cad8a7 100644 +--- a/vendor/src/github.com/docker/engine-api/client/image_search.go ++++ b/vendor/src/github.com/docker/engine-api/client/image_search.go +@@ -27,9 +27,9 @@ func (cli *Client) ImageSearch(options types.ImageSearchOptions, privilegeFunc R + if err != nil { + return results, err + } +- defer ensureReaderClosed(resp) + + err = json.NewDecoder(resp.body).Decode(&results) ++ ensureReaderClosed(resp) + return results, err + } + +diff --git a/vendor/src/github.com/docker/engine-api/client/login.go b/vendor/src/github.com/docker/engine-api/client/login.go +index e9ba842..5ddcd5b 100644 +--- a/vendor/src/github.com/docker/engine-api/client/login.go ++++ b/vendor/src/github.com/docker/engine-api/client/login.go +@@ -19,9 +19,9 @@ func (cli *Client) RegistryLogin(auth types.AuthConfig) (types.AuthResponse, err + if err != nil { + return types.AuthResponse{}, err + } +- defer ensureReaderClosed(resp) + + var response types.AuthResponse + err = json.NewDecoder(resp.body).Decode(&response) ++ ensureReaderClosed(resp) + return response, err + } +diff --git a/vendor/src/github.com/docker/engine-api/client/network.go b/vendor/src/github.com/docker/engine-api/client/network.go +index de7f184..90b9adb 100644 +--- a/vendor/src/github.com/docker/engine-api/client/network.go ++++ b/vendor/src/github.com/docker/engine-api/client/network.go +@@ -65,8 +65,8 @@ func (cli *Client) NetworkList(options types.NetworkListOptions) ([]types.Networ + if err != nil { + return networkResources, err + } +- defer ensureReaderClosed(resp) + err = json.NewDecoder(resp.body).Decode(&networkResources) ++ ensureReaderClosed(resp) + return networkResources, err + } + +@@ -80,7 +80,7 @@ func (cli *Client) NetworkInspect(networkID string) (types.NetworkResource, erro + } + return networkResource, err + } +- defer ensureReaderClosed(resp) + err = json.NewDecoder(resp.body).Decode(&networkResource) ++ ensureReaderClosed(resp) + return networkResource, err + } +diff --git a/vendor/src/github.com/docker/engine-api/client/version.go b/vendor/src/github.com/docker/engine-api/client/version.go +index e97b798..0e9ce61 100644 +--- a/vendor/src/github.com/docker/engine-api/client/version.go ++++ b/vendor/src/github.com/docker/engine-api/client/version.go +@@ -12,9 +12,9 @@ func (cli *Client) ServerVersion() (types.Version, error) { + if err != nil { + return types.Version{}, err + } +- defer ensureReaderClosed(resp) + + var server types.Version + err = json.NewDecoder(resp.body).Decode(&server) ++ ensureReaderClosed(resp) + return server, err + } +diff --git a/vendor/src/github.com/docker/engine-api/client/volume.go b/vendor/src/github.com/docker/engine-api/client/volume.go +index 3419def..597e318 100644 +--- a/vendor/src/github.com/docker/engine-api/client/volume.go ++++ b/vendor/src/github.com/docker/engine-api/client/volume.go +@@ -25,9 +25,9 @@ func (cli *Client) VolumeList(filter filters.Args) (types.VolumesListResponse, e + if err != nil { + return volumes, err + } +- defer ensureReaderClosed(resp) + + err = json.NewDecoder(resp.body).Decode(&volumes) ++ ensureReaderClosed(resp) + return volumes, err + } + +@@ -41,8 +41,8 @@ func (cli *Client) VolumeInspect(volumeID string) (types.Volume, error) { + } + return volume, err + } +- defer ensureReaderClosed(resp) + err = json.NewDecoder(resp.body).Decode(&volume) ++ ensureReaderClosed(resp) + return volume, err + } + +@@ -53,8 +53,8 @@ func (cli *Client) VolumeCreate(options types.VolumeCreateRequest) (types.Volume + if err != nil { + return volume, err + } +- defer ensureReaderClosed(resp) + err = json.NewDecoder(resp.body).Decode(&volume) ++ ensureReaderClosed(resp) + return volume, err + } + +diff --git a/vendor/src/github.com/docker/engine-api/types/container/host_config.go b/vendor/src/github.com/docker/engine-api/types/container/host_config.go +index f43263d..b7c459e 100644 +--- a/vendor/src/github.com/docker/engine-api/types/container/host_config.go ++++ b/vendor/src/github.com/docker/engine-api/types/container/host_config.go +@@ -151,6 +151,11 @@ func (rp *RestartPolicy) IsUnlessStopped() bool { + return rp.Name == "unless-stopped" + } + ++// IsSame compares two RestartPolicy to see if they are the same ++func (rp *RestartPolicy) IsSame(tp *RestartPolicy) bool { ++ return rp.Name == tp.Name && rp.MaximumRetryCount == tp.MaximumRetryCount ++} ++ + // LogConfig represents the logging configuration of the container. + type LogConfig struct { + Type string +@@ -178,7 +183,7 @@ type Resources struct { + KernelMemory int64 // Kernel memory limit (in bytes) + Memory int64 // Memory limit (in bytes) + MemoryReservation int64 // Memory soft limit (in bytes) +- MemorySwap int64 // Total memory usage (memory + swap); set `-1` to disable swap ++ MemorySwap int64 // Total memory usage (memory + swap); set `-1` to enable unlimited swap + MemorySwappiness *int64 // Tuning container memory swappiness behaviour + OomKillDisable *bool // Whether to disable OOM Killer or not + PidsLimit int64 // Setting pids limit for a container +@@ -190,6 +195,7 @@ type Resources struct { + type UpdateConfig struct { + // Contains container's resources (cgroups, ulimits) + Resources ++ RestartPolicy RestartPolicy + } + + // HostConfig the non-portable Config structure of a container. +diff --git a/vendor/src/github.com/docker/engine-api/types/types.go b/vendor/src/github.com/docker/engine-api/types/types.go +index 9666ea4..de8b0be 100644 +--- a/vendor/src/github.com/docker/engine-api/types/types.go ++++ b/vendor/src/github.com/docker/engine-api/types/types.go +@@ -142,6 +142,7 @@ type Container struct { + SizeRw int64 `json:",omitempty"` + SizeRootFs int64 `json:",omitempty"` + Labels map[string]string ++ State string + Status string + HostConfig struct { + NetworkMode string `json:",omitempty"` +@@ -198,6 +199,7 @@ type Info struct { + Images int + Driver string + DriverStatus [][2]string ++ SystemStatus [][2]string + Plugins PluginsInfo + MemoryLimit bool + SwapLimit bool +@@ -222,8 +224,6 @@ type Info struct { + Architecture string + IndexServerAddress string + RegistryConfig *registry.ServiceConfig +- InitSha1 string +- InitPath string + NCPU int + MemTotal int64 + DockerRootDir string +@@ -388,6 +388,7 @@ type NetworkResource struct { + Scope string + Driver string + IPAM network.IPAM ++ Internal bool + Containers map[string]EndpointResource + Options map[string]string + } + From cf3843ed00b8c1a762aa17f35098a087d93c7f98dee209d525ee3ef9d456bbe1 Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Date: Mon, 8 Feb 2016 15:47:24 +0000 Subject: [PATCH 11/37] review dockerinit build and installation even we don't use dockerinit, we should still install it because that is expected. Also fix the build for gcc-go regarding dockerinit OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=61 --- docker.spec | 2 + fix-docker-init.patch | 12 + remove_docker_init.patch | 1182 -------------------------------------- 3 files changed, 14 insertions(+), 1182 deletions(-) delete mode 100644 remove_docker_init.patch diff --git a/docker.spec b/docker.spec index 604570f..b3aab48 100644 --- a/docker.spec +++ b/docker.spec @@ -189,8 +189,10 @@ install -d %{buildroot}%{go_contribdir} install -d %{buildroot}%{_bindir} %ifarch %go_arches install -D -m755 bundles/%{version}/dynbinary/%{name}-%{version} %{buildroot}/%{_bindir}/%{name} +install -D -m755 bundles/%{version}/dynbinary/dockerinit-%{version} %{buildroot}/%{_prefix}/lib/docker/dockerinit %else install -D -m755 bundles/%{version}/dyngccgo/%{name}-%{version} %{buildroot}/%{_bindir}/%{name} +install -D -m755 bundles/%{version}/dyngccgo/dockerinit-%{version} %{buildroot}/%{_prefix}/lib/docker/dockerinit %endif install -d %{buildroot}/%{_prefix}/lib/docker install -Dd -m 0755 \ diff --git a/fix-docker-init.patch b/fix-docker-init.patch index d20346b..26a4899 100644 --- a/fix-docker-init.patch +++ b/fix-docker-init.patch @@ -8,3 +8,15 @@ diff -Naur a/hack/make/.dockerinit b/hack/make/.dockerinit +/usr/bin/strip -s $DEST/dockerinit-$VERSION # sha1 our new dockerinit to ensure separate docker and dockerinit always run in a perfect pair compiled for one another export DOCKER_INITSHA1=$($sha1sum "$DEST/dockerinit-$VERSION" | cut -d' ' -f1) +diff --git a/hack/make/.dockerinit-gccgo b/hack/make/.dockerinit-gccgo +index 3caa526..f272d29 100644 +--- a/hack/make/.dockerinit-gccgo ++++ b/hack/make/.dockerinit-gccgo +@@ -27,5 +27,6 @@ else + exit 1 + fi + ++/usr/bin/strip -s $DEST/dockerinit-$VERSION + # sha1 our new dockerinit to ensure separate docker and dockerinit always run in a perfect pair compiled for one another + export DOCKER_INITSHA1=$($sha1sum "$DEST/dockerinit-$VERSION" | cut -d' ' -f1) + diff --git a/remove_docker_init.patch b/remove_docker_init.patch deleted file mode 100644 index 523018e..0000000 --- a/remove_docker_init.patch +++ /dev/null @@ -1,1182 +0,0 @@ -From 4357ed4a7363a1032edf93cf03232953c805184f Mon Sep 17 00:00:00 2001 -From: Aleksa Sarai -Date: Wed, 20 Jan 2016 22:53:54 +1100 -Subject: [PATCH 1/3] *: purge dockerinit from source code - -dockerinit has been around for a very long time. It was originally used -as a way for us to do configuration for LXC containers once the -container had started. LXC is no longer supported, and /.dockerinit has -been dead code for quite a while. This removes all code and references -in code to dockerinit. - -Signed-off-by: Aleksa Sarai ---- - Dockerfile | 5 +- - Dockerfile.armhf | 3 +- - Dockerfile.gccgo | 3 +- - api/client/info.go | 2 - - container/container_unix.go | 4 -- - contrib/builder/rpm/generate.sh | 4 +- - daemon/container_operations_unix.go | 1 - - daemon/container_operations_windows.go | 1 - - daemon/daemon_unix.go | 4 +- - daemon/execdriver/driver.go | 1 - - daemon/info.go | 7 --- - dockerinit/dockerinit.go | 11 ---- - dockerversion/version_lib.go | 3 - - hack/.vendor-helpers.sh | 1 - - hack/make.sh | 1 - - hack/make/.build-deb/rules | 4 +- - hack/make/.build-rpm/docker-engine.spec | 10 --- - hack/make/.dockerinit | 33 ---------- - hack/make/.dockerinit-gccgo | 31 --------- - hack/make/.go-autogen | 9 +-- - hack/make/dynbinary | 10 --- - hack/make/dyngccgo | 10 --- - integration-cli/docker_cli_diff_test.go | 6 +- - pkg/mount/mountinfo_linux_test.go | 1 - - utils/utils.go | 107 -------------------------------- - 25 files changed, 13 insertions(+), 259 deletions(-) - delete mode 100644 dockerinit/dockerinit.go - delete mode 100644 hack/make/.dockerinit - delete mode 100644 hack/make/.dockerinit-gccgo - -diff --git a/Dockerfile b/Dockerfile -index 56da7fe..71d5017 100644 ---- a/Dockerfile -+++ b/Dockerfile -@@ -96,8 +96,7 @@ RUN set -x \ - ENV PATH /osxcross/target/bin:$PATH - - # install seccomp --# this can be changed to the ubuntu package libseccomp-dev if dockerinit is removed, --# we need libseccomp.a (which the package does not provide) for dockerinit -+# TODO: switch to libseccomp-dev since dockerinit is gone - ENV SECCOMP_VERSION 2.2.3 - RUN set -x \ - && export SECCOMP_PATH="$(mktemp -d)" \ -@@ -114,7 +113,7 @@ RUN set -x \ - - # Install Go - # IMPORTANT: If the version of Go is updated, the Windows to Linux CI machines --# will need updating, to avoid errors. Ping #docker-maintainers on IRC -+# will need updating, to avoid errors. Ping #docker-maintainers on IRC - # with a heads-up. - ENV GO_VERSION 1.5.3 - RUN curl -fsSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" \ -diff --git a/Dockerfile.armhf b/Dockerfile.armhf -index 3239edb..1bef8ec 100644 ---- a/Dockerfile.armhf -+++ b/Dockerfile.armhf -@@ -111,8 +111,7 @@ RUN git clone https://github.com/golang/lint.git /go/src/github.com/golang/lint - && go install -v github.com/golang/lint/golint - - # install seccomp --# this can be changed to the ubuntu package libseccomp-dev if dockerinit is removed, --# we need libseccomp.a (which the package does not provide) for dockerinit -+# TODO: switch to libseccomp-dev since dockerinit is gone - ENV SECCOMP_VERSION 2.2.3 - RUN set -x \ - && export SECCOMP_PATH="$(mktemp -d)" \ -diff --git a/Dockerfile.gccgo b/Dockerfile.gccgo -index 6d184f0..856489d 100644 ---- a/Dockerfile.gccgo -+++ b/Dockerfile.gccgo -@@ -42,8 +42,7 @@ RUN cd /usr/local/lvm2 \ - # see https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL - - # install seccomp --# this can be changed to the ubuntu package libseccomp-dev if dockerinit is removed, --# we need libseccomp.a (which the package does not provide) for dockerinit -+# TODO: switch to libseccomp-dev since dockerinit is gone - ENV SECCOMP_VERSION v2.2.3 - RUN set -x \ - && export SECCOMP_PATH=$(mktemp -d) \ -diff --git a/api/client/info.go b/api/client/info.go -index 42f0682..4c61633 100644 ---- a/api/client/info.go -+++ b/api/client/info.go -@@ -74,8 +74,6 @@ func (cli *DockerCli) CmdInfo(args ...string) error { - fmt.Fprintf(cli.out, " Goroutines: %d\n", info.NGoroutines) - fmt.Fprintf(cli.out, " System Time: %s\n", info.SystemTime) - fmt.Fprintf(cli.out, " EventsListeners: %d\n", info.NEventsListener) -- fmt.Fprintf(cli.out, " Init SHA1: %s\n", info.InitSha1) -- fmt.Fprintf(cli.out, " Init Path: %s\n", info.InitPath) - fmt.Fprintf(cli.out, " Docker Root Dir: %s\n", info.DockerRootDir) - } - -diff --git a/container/container_unix.go b/container/container_unix.go -index 9510a24..3db1444 100644 ---- a/container/container_unix.go -+++ b/container/container_unix.go -@@ -63,10 +63,6 @@ func (container *Container) CreateDaemonEnvironment(linkedEnv []string) []string - env := []string{ - "PATH=" + system.DefaultPathEnv, - "HOSTNAME=" + fullHostname, -- // Note: we don't set HOME here because it'll get autoset intelligently -- // based on the value of USER inside dockerinit, but only if it isn't -- // set already (ie, that can be overridden by setting HOME via -e or ENV -- // in a Dockerfile). - } - if container.Config.Tty { - env = append(env, "TERM=xterm") -diff --git a/contrib/builder/rpm/generate.sh b/contrib/builder/rpm/generate.sh -index 323502c..00749b0 100755 ---- a/contrib/builder/rpm/generate.sh -+++ b/contrib/builder/rpm/generate.sh -@@ -118,9 +118,7 @@ for version in "${versions[@]}"; do - - echo >> "$version/Dockerfile" - -- # fedora does not have a libseccomp.a for compiling static dockerinit -- # ONLY install libseccomp.a from source, this can be removed once dockerinit is removed -- # TODO remove this manual seccomp compilation once dockerinit is gone or no longer needs to be statically compiled -+ # TODO remove this since dockerinit is finally gone - case "$from" in - fedora:*) - awk '$1 == "ENV" && $2 == "SECCOMP_VERSION" { print; exit }' ../../../Dockerfile >> "$version/Dockerfile" -diff --git a/daemon/container_operations_unix.go b/daemon/container_operations_unix.go -index 0449613..8eaedcc 100644 ---- a/daemon/container_operations_unix.go -+++ b/daemon/container_operations_unix.go -@@ -254,7 +254,6 @@ func (daemon *Daemon) populateCommand(c *container.Container, env []string) erro - c.Command = &execdriver.Command{ - CommonCommand: execdriver.CommonCommand{ - ID: c.ID, -- InitPath: "/.dockerinit", - MountLabel: c.GetMountLabel(), - Network: en, - ProcessConfig: processConfig, -diff --git a/daemon/container_operations_windows.go b/daemon/container_operations_windows.go -index 23bc645..b812bfc 100644 ---- a/daemon/container_operations_windows.go -+++ b/daemon/container_operations_windows.go -@@ -124,7 +124,6 @@ func (daemon *Daemon) populateCommand(c *container.Container, env []string) erro - CommonCommand: execdriver.CommonCommand{ - ID: c.ID, - Rootfs: c.BaseFS, -- InitPath: "/.dockerinit", - WorkingDir: c.Config.WorkingDir, - Network: en, - MountLabel: c.GetMountLabel(), -diff --git a/daemon/daemon_unix.go b/daemon/daemon_unix.go -index 8f948e0..11dc7c7 100644 ---- a/daemon/daemon_unix.go -+++ b/daemon/daemon_unix.go -@@ -688,8 +688,7 @@ func initBridgeDriver(controller libnetwork.NetworkController, config *Config) e - } - - // setupInitLayer populates a directory with mountpoints suitable --// for bind-mounting dockerinit into the container. The mountpoint is simply an --// empty file at /.dockerinit -+// for bind-mounting things into the container. - // - // This extra layer is used by all containers as the top-most ro layer. It protects - // the container from unwanted side-effects on the rw layer. -@@ -699,7 +698,6 @@ func setupInitLayer(initLayer string, rootUID, rootGID int) error { - "/dev/shm": "dir", - "/proc": "dir", - "/sys": "dir", -- "/.dockerinit": "file", - "/.dockerenv": "file", - "/etc/resolv.conf": "file", - "/etc/hosts": "file", -diff --git a/daemon/execdriver/driver.go b/daemon/execdriver/driver.go -index 465e038..ba47b74 100644 ---- a/daemon/execdriver/driver.go -+++ b/daemon/execdriver/driver.go -@@ -131,7 +131,6 @@ type CommonProcessConfig struct { - type CommonCommand struct { - ContainerPid int `json:"container_pid"` // the pid for the process inside a container - ID string `json:"id"` -- InitPath string `json:"initpath"` // dockerinit - MountLabel string `json:"mount_label"` // TODO Windows. More involved, but can be factored out - Mounts []Mount `json:"mounts"` - Network *Network `json:"network"` -diff --git a/daemon/info.go b/daemon/info.go -index 008ac20..20d8356 100644 ---- a/daemon/info.go -+++ b/daemon/info.go -@@ -49,11 +49,6 @@ func (daemon *Daemon) SystemInfo() (*types.Info, error) { - logrus.Errorf("Could not read system memory info: %v", err) - } - -- // if we still have the original dockerinit binary from before -- // we copied it locally, let's return the path to that, since -- // that's more intuitive (the copied path is trivial to derive -- // by hand given VERSION) -- initPath := utils.DockerInitPath("") - sysInfo := sysinfo.New(true) - - var cRunning, cPaused, cStopped int32 -@@ -94,8 +89,6 @@ func (daemon *Daemon) SystemInfo() (*types.Info, error) { - OSType: platform.OSType, - Architecture: platform.Architecture, - RegistryConfig: daemon.RegistryService.Config, -- InitSha1: dockerversion.InitSHA1, -- InitPath: initPath, - NCPU: runtime.NumCPU(), - MemTotal: meminfo.MemTotal, - DockerRootDir: daemon.configStore.Root, -diff --git a/dockerinit/dockerinit.go b/dockerinit/dockerinit.go -deleted file mode 100644 -index 8a0be56..0000000 ---- a/dockerinit/dockerinit.go -+++ /dev/null -@@ -1,11 +0,0 @@ --package main -- --import ( -- _ "github.com/docker/docker/daemon/execdriver/native" -- "github.com/docker/docker/pkg/reexec" --) -- --func main() { -- // Running in init mode -- reexec.Init() --} -diff --git a/dockerversion/version_lib.go b/dockerversion/version_lib.go -index 1d5862d..6644bce 100644 ---- a/dockerversion/version_lib.go -+++ b/dockerversion/version_lib.go -@@ -9,8 +9,5 @@ const ( - GitCommit string = "library-import" - Version string = "library-import" - BuildTime string = "library-import" -- - IAmStatic string = "library-import" -- InitSHA1 string = "library-import" -- InitPath string = "library-import" - ) -diff --git a/hack/.vendor-helpers.sh b/hack/.vendor-helpers.sh -index e3be72b..fcc745c 100755 ---- a/hack/.vendor-helpers.sh -+++ b/hack/.vendor-helpers.sh -@@ -76,7 +76,6 @@ _dockerfile_env() { - clean() { - local packages=( - "${PROJECT}/docker" # package main -- "${PROJECT}/dockerinit" # package main - "${PROJECT}/integration-cli" # external tests - ) - local dockerPlatforms=( ${DOCKER_ENGINE_OSARCH:="linux/amd64"} $(_dockerfile_env DOCKER_CROSSPLATFORMS) ) -diff --git a/hack/make.sh b/hack/make.sh -index dc6cffa..6e007cc 100755 ---- a/hack/make.sh -+++ b/hack/make.sh -@@ -237,7 +237,6 @@ test_env() { - HOME="$ABS_DEST/fake-HOME" \ - PATH="$PATH" \ - TEMP="$TEMP" \ -- TEST_DOCKERINIT_PATH="$TEST_DOCKERINIT_PATH" \ - "$@" - } - -diff --git a/hack/make/.build-deb/rules b/hack/make/.build-deb/rules -index 2c7f6c4..8928215 100755 ---- a/hack/make/.build-deb/rules -+++ b/hack/make/.build-deb/rules -@@ -17,14 +17,12 @@ override_dh_auto_test: - ./bundles/$(VERSION)/dynbinary/docker -v - - override_dh_strip: -- # the SHA1 of dockerinit is important: don't strip it -- # also, Go has lots of problems with stripping, so just don't -+ # Go has lots of problems with stripping, so just don't - - override_dh_auto_install: - mkdir -p debian/docker-engine/usr/bin - cp -aT "$$(readlink -f bundles/$(VERSION)/dynbinary/docker)" debian/docker-engine/usr/bin/docker - mkdir -p debian/docker-engine/usr/lib/docker -- cp -aT "$$(readlink -f bundles/$(VERSION)/dynbinary/dockerinit)" debian/docker-engine/usr/lib/docker/dockerinit - - override_dh_installinit: - # use "docker" as our service name, not "docker-engine" -diff --git a/hack/make/.build-rpm/docker-engine.spec b/hack/make/.build-rpm/docker-engine.spec -index 2fc1406..53b7cd7 100644 ---- a/hack/make/.build-rpm/docker-engine.spec -+++ b/hack/make/.build-rpm/docker-engine.spec -@@ -11,11 +11,6 @@ URL: https://dockerproject.org - Vendor: Docker - Packager: Docker - --# docker builds in a checksum of dockerinit into docker, --# # so stripping the binaries breaks docker --%global __os_install_post %{_rpmconfigdir}/brp-compress --%global debug_package %{nil} -- - # is_systemd conditional - %if 0%{?fedora} >= 21 || 0%{?centos} >= 7 || 0%{?rhel} >= 7 || 0%{?suse_version} >= 1300 - %global is_systemd 1 -@@ -124,10 +119,6 @@ export DOCKER_GITCOMMIT=%{_gitcommit} - install -d $RPM_BUILD_ROOT/%{_bindir} - install -p -m 755 bundles/%{_origversion}/dynbinary/docker-%{_origversion} $RPM_BUILD_ROOT/%{_bindir}/docker - --# install dockerinit --install -d $RPM_BUILD_ROOT/%{_libexecdir}/docker --install -p -m 755 bundles/%{_origversion}/dynbinary/dockerinit-%{_origversion} $RPM_BUILD_ROOT/%{_libexecdir}/docker/dockerinit -- - # install udev rules - install -d $RPM_BUILD_ROOT/%{_sysconfdir}/udev/rules.d - install -p -m 644 contrib/udev/80-docker.rules $RPM_BUILD_ROOT/%{_sysconfdir}/udev/rules.d/80-docker.rules -@@ -175,7 +166,6 @@ install -p -m 644 contrib/syntax/nano/Dockerfile.nanorc $RPM_BUILD_ROOT/usr/shar - %files - %doc AUTHORS CHANGELOG.md CONTRIBUTING.md LICENSE MAINTAINERS NOTICE README.md - /%{_bindir}/docker --/%{_libexecdir}/docker/dockerinit - /%{_sysconfdir}/udev/rules.d/80-docker.rules - %if 0%{?is_systemd} - /%{_unitdir}/docker.service -diff --git a/hack/make/.dockerinit b/hack/make/.dockerinit -deleted file mode 100644 -index 4a62ee1..0000000 ---- a/hack/make/.dockerinit -+++ /dev/null -@@ -1,33 +0,0 @@ --#!/bin/bash --set -e -- --IAMSTATIC="true" --source "${MAKEDIR}/.go-autogen" -- --# dockerinit still needs to be a static binary, even if docker is dynamic --go build \ -- -o "$DEST/dockerinit-$VERSION" \ -- "${BUILDFLAGS[@]}" \ -- -ldflags " -- $LDFLAGS -- $LDFLAGS_STATIC -- -extldflags \"$EXTLDFLAGS_STATIC\" -- " \ -- ./dockerinit -- --echo "Created binary: $DEST/dockerinit-$VERSION" --ln -sf "dockerinit-$VERSION" "$DEST/dockerinit" -- --sha1sum= --if command -v sha1sum &> /dev/null; then -- sha1sum=sha1sum --elif command -v shasum &> /dev/null; then -- # Mac OS X - why couldn't they just use the same command name and be happy? -- sha1sum=shasum --else -- echo >&2 'error: cannot find sha1sum command or equivalent' -- exit 1 --fi -- --# sha1 our new dockerinit to ensure separate docker and dockerinit always run in a perfect pair compiled for one another --export DOCKER_INITSHA1=$($sha1sum "$DEST/dockerinit-$VERSION" | cut -d' ' -f1) -diff --git a/hack/make/.dockerinit-gccgo b/hack/make/.dockerinit-gccgo -deleted file mode 100644 -index 3caa526..0000000 ---- a/hack/make/.dockerinit-gccgo -+++ /dev/null -@@ -1,31 +0,0 @@ --#!/bin/bash --set -e -- --IAMSTATIC="true" --source "${MAKEDIR}/.go-autogen" -- --# dockerinit still needs to be a static binary, even if docker is dynamic --go build --compiler=gccgo \ -- -o "$DEST/dockerinit-$VERSION" \ -- "${BUILDFLAGS[@]}" \ -- --gccgoflags " -- -g -- -Wl,--no-export-dynamic -- $EXTLDFLAGS_STATIC -- -lnetgo -- " \ -- ./dockerinit -- --echo "Created binary: $DEST/dockerinit-$VERSION" --ln -sf "dockerinit-$VERSION" "$DEST/dockerinit" -- --sha1sum= --if command -v sha1sum &> /dev/null; then -- sha1sum=sha1sum --else -- echo >&2 'error: cannot find sha1sum command or equivalent' -- exit 1 --fi -- --# sha1 our new dockerinit to ensure separate docker and dockerinit always run in a perfect pair compiled for one another --export DOCKER_INITSHA1=$($sha1sum "$DEST/dockerinit-$VERSION" | cut -d' ' -f1) -diff --git a/hack/make/.go-autogen b/hack/make/.go-autogen -index 71f8370..c8e13b4 100644 ---- a/hack/make/.go-autogen -+++ b/hack/make/.go-autogen -@@ -14,10 +14,7 @@ const ( - GitCommit string = "$GITCOMMIT" - Version string = "$VERSION" - BuildTime string = "$BUILDTIME" -- - IAmStatic string = "${IAMSTATIC:-true}" -- InitSHA1 string = "$DOCKER_INITSHA1" -- InitPath string = "$DOCKER_INITPATH" - ) - // AUTOGENERATED FILE; see $BASH_SOURCE - DVEOF -@@ -44,9 +41,9 @@ When make binary is run, the Dockerfile prepares the build environment by: - - make.sh invokes hack/make/.go-autogen to: - -- - Run rsrc to create a binary file (autogen/winresources/rsrc.syso) that -- contains the manifest and icon. This file is automatically picked up by -- 'go build', so no post-processing steps are required. The sources for -+ - Run rsrc to create a binary file (autogen/winresources/rsrc.syso) that -+ contains the manifest and icon. This file is automatically picked up by -+ 'go build', so no post-processing steps are required. The sources for - rsrc.syso are under hack/make/.resources-windows. - - */ -diff --git a/hack/make/dynbinary b/hack/make/dynbinary -index e5fc0be..1d1a8e3 100644 ---- a/hack/make/dynbinary -+++ b/hack/make/dynbinary -@@ -1,16 +1,6 @@ - #!/bin/bash - set -e - --if [ -z "$DOCKER_CLIENTONLY" ]; then -- source "${MAKEDIR}/.dockerinit" -- -- hash_files "$DEST/dockerinit-$VERSION" --else -- # DOCKER_CLIENTONLY must be truthy, so we don't need to bother with dockerinit :) -- export DOCKER_INITSHA1="" --fi --# DOCKER_INITSHA1 is exported so that other bundlescripts can easily access it later without recalculating it -- - ( - export IAMSTATIC="false" - export LDFLAGS_STATIC_DOCKER='' -diff --git a/hack/make/dyngccgo b/hack/make/dyngccgo -index 0747637..a9019e8 100644 ---- a/hack/make/dyngccgo -+++ b/hack/make/dyngccgo -@@ -1,16 +1,6 @@ - #!/bin/bash - set -e - --if [ -z "$DOCKER_CLIENTONLY" ]; then -- source "${MAKEDIR}/.dockerinit-gccgo" -- -- hash_files "$DEST/dockerinit-$VERSION" --else -- # DOCKER_CLIENTONLY must be truthy, so we don't need to bother with dockerinit :) -- export DOCKER_INITSHA1="" --fi --# DOCKER_INITSHA1 is exported so that other bundlescripts can easily access it later without recalculating it -- - ( - export IAMSTATIC="false" - export EXTLDFLAGS_STATIC='' -diff --git a/integration-cli/docker_cli_diff_test.go b/integration-cli/docker_cli_diff_test.go -index 4f29d36..e0d0914 100644 ---- a/integration-cli/docker_cli_diff_test.go -+++ b/integration-cli/docker_cli_diff_test.go -@@ -27,10 +27,10 @@ func (s *DockerSuite) TestDiffFilenameShownInOutput(c *check.C) { - } - - // test to ensure GH #3840 doesn't occur any more --func (s *DockerSuite) TestDiffEnsureDockerinitFilesAreIgnored(c *check.C) { -+func (s *DockerSuite) TestDiffEnsureInitLayerFilesAreIgnored(c *check.C) { - testRequires(c, DaemonIsLinux) - // this is a list of files which shouldn't show up in `docker diff` -- dockerinitFiles := []string{"/etc/resolv.conf", "/etc/hostname", "/etc/hosts", "/.dockerinit", "/.dockerenv"} -+ initLayerFiles := []string{"/etc/resolv.conf", "/etc/hostname", "/etc/hosts", "/.dockerenv"} - containerCount := 5 - - // we might not run into this problem from the first run, so start a few containers -@@ -41,7 +41,7 @@ func (s *DockerSuite) TestDiffEnsureDockerinitFilesAreIgnored(c *check.C) { - cleanCID := strings.TrimSpace(out) - out, _ = dockerCmd(c, "diff", cleanCID) - -- for _, filename := range dockerinitFiles { -+ for _, filename := range initLayerFiles { - c.Assert(out, checker.Not(checker.Contains), filename) - } - } -diff --git a/pkg/mount/mountinfo_linux_test.go b/pkg/mount/mountinfo_linux_test.go -index 812d12e..bd100e1 100644 ---- a/pkg/mount/mountinfo_linux_test.go -+++ b/pkg/mount/mountinfo_linux_test.go -@@ -224,7 +224,6 @@ const ( - 43 16 0:34 / /proc/fs/nfsd rw,nosuid,nodev,noexec,relatime - nfsd nfsd rw - 44 15 0:35 / /home/tianon/.gvfs rw,nosuid,nodev,relatime - fuse.gvfs-fuse-daemon gvfs-fuse-daemon rw,user_id=1000,group_id=1000 - 68 15 0:3336 / /var/lib/docker/aufs/mnt/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd rw,relatime - aufs none rw,si=9b4a7640128db39c --85 68 8:6 /var/lib/docker/init/dockerinit-0.7.2-dev//deleted /var/lib/docker/aufs/mnt/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/.dockerinit rw,noatime,nodiratime - ext4 /dev/sda6 rw,data=ordered - 86 68 8:6 /var/lib/docker/containers/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/config.env /var/lib/docker/aufs/mnt/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/.dockerenv rw,noatime,nodiratime - ext4 /dev/sda6 rw,data=ordered - 87 68 8:6 /etc/resolv.conf /var/lib/docker/aufs/mnt/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/etc/resolv.conf rw,noatime,nodiratime - ext4 /dev/sda6 rw,data=ordered - 88 68 8:6 /var/lib/docker/containers/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/hostname /var/lib/docker/aufs/mnt/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/etc/hostname rw,noatime,nodiratime - ext4 /dev/sda6 rw,data=ordered -diff --git a/utils/utils.go b/utils/utils.go -index 340b9e4..49f50dd 100644 ---- a/utils/utils.go -+++ b/utils/utils.go -@@ -1,124 +1,17 @@ - package utils - - import ( -- "crypto/sha1" -- "encoding/hex" - "fmt" -- "io" - "io/ioutil" - "os" -- "os/exec" -- "path/filepath" - "runtime" - "strings" - - "github.com/docker/distribution/registry/api/errcode" -- "github.com/docker/docker/dockerversion" - "github.com/docker/docker/pkg/archive" - "github.com/docker/docker/pkg/stringid" - ) - --// SelfPath figures out the absolute path of our own binary (if it's still around). --func SelfPath() string { -- path, err := exec.LookPath(os.Args[0]) -- if err != nil { -- if os.IsNotExist(err) { -- return "" -- } -- if execErr, ok := err.(*exec.Error); ok && os.IsNotExist(execErr.Err) { -- return "" -- } -- panic(err) -- } -- path, err = filepath.Abs(path) -- if err != nil { -- if os.IsNotExist(err) { -- return "" -- } -- panic(err) -- } -- return path --} -- --func dockerInitSha1(target string) string { -- f, err := os.Open(target) -- if err != nil { -- return "" -- } -- defer f.Close() -- h := sha1.New() -- _, err = io.Copy(h, f) -- if err != nil { -- return "" -- } -- return hex.EncodeToString(h.Sum(nil)) --} -- --func isValidDockerInitPath(target string, selfPath string) bool { // target and selfPath should be absolute (InitPath and SelfPath already do this) -- if target == "" { -- return false -- } -- if dockerversion.IAmStatic == "true" { -- if selfPath == "" { -- return false -- } -- if target == selfPath { -- return true -- } -- targetFileInfo, err := os.Lstat(target) -- if err != nil { -- return false -- } -- selfPathFileInfo, err := os.Lstat(selfPath) -- if err != nil { -- return false -- } -- return os.SameFile(targetFileInfo, selfPathFileInfo) -- } -- return dockerversion.InitSHA1 != "" && dockerInitSha1(target) == dockerversion.InitSHA1 --} -- --// DockerInitPath figures out the path of our dockerinit (which may be SelfPath()) --func DockerInitPath(localCopy string) string { -- selfPath := SelfPath() -- if isValidDockerInitPath(selfPath, selfPath) { -- // if we're valid, don't bother checking anything else -- return selfPath -- } -- var possibleInits = []string{ -- localCopy, -- dockerversion.InitPath, -- filepath.Join(filepath.Dir(selfPath), "dockerinit"), -- -- // FHS 3.0 Draft: "/usr/libexec includes internal binaries that are not intended to be executed directly by users or shell scripts. Applications may use a single subdirectory under /usr/libexec." -- // https://www.linuxbase.org/betaspecs/fhs/fhs.html#usrlibexec -- "/usr/libexec/docker/dockerinit", -- "/usr/local/libexec/docker/dockerinit", -- -- // FHS 2.3: "/usr/lib includes object files, libraries, and internal binaries that are not intended to be executed directly by users or shell scripts." -- // https://refspecs.linuxfoundation.org/FHS_2.3/fhs-2.3.html#USRLIBLIBRARIESFORPROGRAMMINGANDPA -- "/usr/lib/docker/dockerinit", -- "/usr/local/lib/docker/dockerinit", -- } -- for _, dockerInit := range possibleInits { -- if dockerInit == "" { -- continue -- } -- path, err := exec.LookPath(dockerInit) -- if err == nil { -- path, err = filepath.Abs(path) -- if err != nil { -- // LookPath already validated that this file exists and is executable (following symlinks), so how could Abs fail? -- panic(err) -- } -- if isValidDockerInitPath(path, selfPath) { -- return path -- } -- } -- } -- return "" --} -- - var globalTestID string - - // TestDirectory creates a new temporary directory and returns its path. - -From e72192be404c9a8489191d43fd6e5c429081d5c8 Mon Sep 17 00:00:00 2001 -From: Aleksa Sarai -Date: Thu, 21 Jan 2016 01:27:46 +1100 -Subject: [PATCH 2/3] *: remove documentation references to dockerinit - -While the documentation is very patchy on dockerinit, remove all -references in packaging documentation to the now purged dockerinit. - -Signed-off-by: Aleksa Sarai ---- - project/PACKAGERS.md | 33 +-------------------------------- - 1 file changed, 1 insertion(+), 32 deletions(-) - -diff --git a/project/PACKAGERS.md b/project/PACKAGERS.md -index 780e961..3ca75e7 100644 ---- a/project/PACKAGERS.md -+++ b/project/PACKAGERS.md -@@ -210,7 +210,7 @@ the file "./VERSION". This binary is usually installed somewhere like - - ### Dynamic Daemon / Client-only Binary - --If you are only interested in a Docker client binary, set `DOCKER_CLIENTONLY` to a non-empty value using something similar to the following: (which will prevent the extra step of compiling dockerinit) -+If you are only interested in a Docker client binary, set `DOCKER_CLIENTONLY` to a non-empty value using something similar to the following: - - ```bash - export DOCKER_CLIENTONLY=1 -@@ -228,37 +228,6 @@ following: - This will create "./bundles/$VERSION/dynbinary/docker-$VERSION", which for - client-only builds is the important file to grab and install as appropriate. - --For daemon builds, you will also need to grab and install --"./bundles/$VERSION/dynbinary/dockerinit-$VERSION", which is created from the --minimal set of Docker's codebase that _must_ be compiled statically (and is thus --a pure static binary). The acceptable locations Docker will search for this file --are as follows (in order): -- --* as "dockerinit" in the same directory as the daemon binary (ie, if docker is -- installed at "/usr/bin/docker", then "/usr/bin/dockerinit" will be the first -- place this file is searched for) --* "/usr/libexec/docker/dockerinit" or "/usr/local/libexec/docker/dockerinit" -- ([FHS 3.0 Draft](https://www.linuxbase.org/betaspecs/fhs/fhs.html#usrlibexec)) --* "/usr/lib/docker/dockerinit" or "/usr/local/lib/docker/dockerinit" ([FHS -- 2.3](https://refspecs.linuxfoundation.org/FHS_2.3/fhs-2.3.html#USRLIBLIBRARIESFORPROGRAMMINGANDPA)) -- --If (and please, only if) one of the paths above is insufficient due to distro --policy or similar issues, you may use the `DOCKER_INITPATH` environment variable --at compile-time as follows to set a different path for Docker to search: -- --```bash --export DOCKER_INITPATH=/usr/lib/docker.io/dockerinit --``` -- --If you find yourself needing this, please don't hesitate to reach out to Tianon --to see if it would be reasonable or helpful to add more paths to Docker's list, --especially if there's a relevant standard worth referencing (such as the FHS). -- --Also, it goes without saying, but for the purposes of the daemon please consider --these two binaries ("docker" and "dockerinit") as if they were a single unit. --Mixing and matching can cause undesired consequences, and will fail to run --properly. -- - ## System Dependencies - - ### Runtime Dependencies - -From 71c63aa72e3788af27fef0de9005cde6c7728a2b Mon Sep 17 00:00:00 2001 -From: Aleksa Sarai -Date: Tue, 26 Jan 2016 23:46:22 +1100 -Subject: [PATCH 3/3] vendor: update engine-api - -This removes all references to InitPath and InitSha1, as well as pulling -in a few other minor engine-api fixes. - -Signed-off-by: Aleksa Sarai ---- - hack/vendor.sh | 2 +- - .../github.com/docker/engine-api/client/client.go | 22 +++++++++++++++------- - .../docker/engine-api/client/client_nounix.go | 6 ++++++ - .../docker/engine-api/client/client_unix.go | 6 ++++++ - .../docker/engine-api/client/container_commit.go | 9 +++------ - .../docker/engine-api/client/container_create.go | 17 +++-------------- - .../docker/engine-api/client/container_inspect.go | 2 +- - .../docker/engine-api/client/container_list.go | 2 +- - .../docker/engine-api/client/container_top.go | 2 +- - .../github.com/docker/engine-api/client/diff.go | 9 +++------ - .../github.com/docker/engine-api/client/exec.go | 4 ++-- - .../github.com/docker/engine-api/client/history.go | 8 +++----- - .../docker/engine-api/client/image_list.go | 2 +- - .../docker/engine-api/client/image_remove.go | 2 +- - .../docker/engine-api/client/image_search.go | 2 +- - .../github.com/docker/engine-api/client/login.go | 2 +- - .../github.com/docker/engine-api/client/network.go | 4 ++-- - .../github.com/docker/engine-api/client/version.go | 2 +- - .../github.com/docker/engine-api/client/volume.go | 6 +++--- - .../engine-api/types/container/host_config.go | 8 +++++++- - .../github.com/docker/engine-api/types/types.go | 5 +++-- - 21 files changed, 65 insertions(+), 57 deletions(-) - create mode 100644 vendor/src/github.com/docker/engine-api/client/client_nounix.go - create mode 100644 vendor/src/github.com/docker/engine-api/client/client_unix.go - -diff --git a/hack/vendor.sh b/hack/vendor.sh -index 535e4eb..a13d6c6 100755 ---- a/hack/vendor.sh -+++ b/hack/vendor.sh -@@ -22,7 +22,7 @@ clone git github.com/vdemeester/shakers 3c10293ce22b900c27acad7b28656196fcc2f73b - clone git golang.org/x/net 47990a1ba55743e6ef1affd3a14e5bac8553615d https://github.com/golang/net.git - clone git github.com/docker/go-units 651fc226e7441360384da338d0fd37f2440ffbe3 - clone git github.com/docker/go-connections v0.1.2 --clone git github.com/docker/engine-api v0.2.2 -+clone git github.com/docker/engine-api bdbab71ec21209ef56dffdbe42c9d21843c30862 - clone git github.com/RackSec/srslog 6eb773f331e46fbba8eecb8e794e635e75fc04de - clone git github.com/imdario/mergo 0.2.1 - -diff --git a/vendor/src/github.com/docker/engine-api/client/client.go b/vendor/src/github.com/docker/engine-api/client/client.go -index 28f00e5..a62d859 100644 ---- a/vendor/src/github.com/docker/engine-api/client/client.go -+++ b/vendor/src/github.com/docker/engine-api/client/client.go -@@ -10,6 +10,8 @@ import ( - "path/filepath" - "strings" - "time" -+ -+ "github.com/docker/go-connections/tlsconfig" - ) - - // Client is the API client that performs all operations -@@ -41,21 +43,27 @@ type Client struct { - func NewEnvClient() (*Client, error) { - var transport *http.Transport - if dockerCertPath := os.Getenv("DOCKER_CERT_PATH"); dockerCertPath != "" { -- tlsc := &tls.Config{} -- -- cert, err := tls.LoadX509KeyPair(filepath.Join(dockerCertPath, "cert.pem"), filepath.Join(dockerCertPath, "key.pem")) -+ options := tlsconfig.Options{ -+ CAFile: filepath.Join(dockerCertPath, "ca.pem"), -+ CertFile: filepath.Join(dockerCertPath, "cert.pem"), -+ KeyFile: filepath.Join(dockerCertPath, "key.pem"), -+ InsecureSkipVerify: os.Getenv("DOCKER_TLS_VERIFY") == "", -+ } -+ tlsc, err := tlsconfig.Client(options) - if err != nil { -- return nil, fmt.Errorf("Error loading x509 key pair: %s", err) -+ return nil, err - } - -- tlsc.Certificates = append(tlsc.Certificates, cert) -- tlsc.InsecureSkipVerify = os.Getenv("DOCKER_TLS_VERIFY") == "" - transport = &http.Transport{ - TLSClientConfig: tlsc, - } - } - -- return NewClient(os.Getenv("DOCKER_HOST"), os.Getenv("DOCKER_API_VERSION"), transport, nil) -+ host := os.Getenv("DOCKER_HOST") -+ if host == "" { -+ host = DefaultDockerHost -+ } -+ return NewClient(host, os.Getenv("DOCKER_API_VERSION"), transport, nil) - } - - // NewClient initializes a new API client for the given host and API version. -diff --git a/vendor/src/github.com/docker/engine-api/client/client_nounix.go b/vendor/src/github.com/docker/engine-api/client/client_nounix.go -new file mode 100644 -index 0000000..d07ab84 ---- /dev/null -+++ b/vendor/src/github.com/docker/engine-api/client/client_nounix.go -@@ -0,0 +1,6 @@ -+// +build windows darwin -+ -+package client -+ -+// DefaultDockerHost defines os specific default if DOCKER_HOST is unset -+const DefaultDockerHost = "tcp://127.0.0.1:2375" -diff --git a/vendor/src/github.com/docker/engine-api/client/client_unix.go b/vendor/src/github.com/docker/engine-api/client/client_unix.go -new file mode 100644 -index 0000000..39c4bd8 ---- /dev/null -+++ b/vendor/src/github.com/docker/engine-api/client/client_unix.go -@@ -0,0 +1,6 @@ -+// +build linux freebsd -+ -+package client -+ -+// DefaultDockerHost defines os specific default if DOCKER_HOST is unset -+const DefaultDockerHost = "unix:///var/run/docker.sock" -diff --git a/vendor/src/github.com/docker/engine-api/client/container_commit.go b/vendor/src/github.com/docker/engine-api/client/container_commit.go -index 488d087..47534a6 100644 ---- a/vendor/src/github.com/docker/engine-api/client/container_commit.go -+++ b/vendor/src/github.com/docker/engine-api/client/container_commit.go -@@ -27,11 +27,8 @@ func (cli *Client) ContainerCommit(options types.ContainerCommitOptions) (types. - if err != nil { - return response, err - } -- defer ensureReaderClosed(resp) - -- if err := json.NewDecoder(resp.body).Decode(&response); err != nil { -- return response, err -- } -- -- return response, nil -+ err = json.NewDecoder(resp.body).Decode(&response) -+ ensureReaderClosed(resp) -+ return response, err - } -diff --git a/vendor/src/github.com/docker/engine-api/client/container_create.go b/vendor/src/github.com/docker/engine-api/client/container_create.go -index 0f85e7b..61b560a 100644 ---- a/vendor/src/github.com/docker/engine-api/client/container_create.go -+++ b/vendor/src/github.com/docker/engine-api/client/container_create.go -@@ -39,18 +39,7 @@ func (cli *Client) ContainerCreate(config *container.Config, hostConfig *contain - return response, err - } - -- if serverResp.statusCode == 404 && strings.Contains(err.Error(), "No such image") { -- return response, imageNotFoundError{config.Image} -- } -- -- if err != nil { -- return response, err -- } -- defer ensureReaderClosed(serverResp) -- -- if err := json.NewDecoder(serverResp.body).Decode(&response); err != nil { -- return response, err -- } -- -- return response, nil -+ err = json.NewDecoder(serverResp.body).Decode(&response) -+ ensureReaderClosed(serverResp) -+ return response, err - } -diff --git a/vendor/src/github.com/docker/engine-api/client/container_inspect.go b/vendor/src/github.com/docker/engine-api/client/container_inspect.go -index c18a764..f99e46f 100644 ---- a/vendor/src/github.com/docker/engine-api/client/container_inspect.go -+++ b/vendor/src/github.com/docker/engine-api/client/container_inspect.go -@@ -19,10 +19,10 @@ func (cli *Client) ContainerInspect(containerID string) (types.ContainerJSON, er - } - return types.ContainerJSON{}, err - } -- defer ensureReaderClosed(serverResp) - - var response types.ContainerJSON - err = json.NewDecoder(serverResp.body).Decode(&response) -+ ensureReaderClosed(serverResp) - return response, err - } - -diff --git a/vendor/src/github.com/docker/engine-api/client/container_list.go b/vendor/src/github.com/docker/engine-api/client/container_list.go -index b55307c..f553287 100644 ---- a/vendor/src/github.com/docker/engine-api/client/container_list.go -+++ b/vendor/src/github.com/docker/engine-api/client/container_list.go -@@ -46,9 +46,9 @@ func (cli *Client) ContainerList(options types.ContainerListOptions) ([]types.Co - if err != nil { - return nil, err - } -- defer ensureReaderClosed(resp) - - var containers []types.Container - err = json.NewDecoder(resp.body).Decode(&containers) -+ ensureReaderClosed(resp) - return containers, err - } -diff --git a/vendor/src/github.com/docker/engine-api/client/container_top.go b/vendor/src/github.com/docker/engine-api/client/container_top.go -index 04aecc2..1673947 100644 ---- a/vendor/src/github.com/docker/engine-api/client/container_top.go -+++ b/vendor/src/github.com/docker/engine-api/client/container_top.go -@@ -20,8 +20,8 @@ func (cli *Client) ContainerTop(containerID string, arguments []string) (types.C - if err != nil { - return response, err - } -- defer ensureReaderClosed(resp) - - err = json.NewDecoder(resp.body).Decode(&response) -+ ensureReaderClosed(resp) - return response, err - } -diff --git a/vendor/src/github.com/docker/engine-api/client/diff.go b/vendor/src/github.com/docker/engine-api/client/diff.go -index 6639d8b..c57bf69 100644 ---- a/vendor/src/github.com/docker/engine-api/client/diff.go -+++ b/vendor/src/github.com/docker/engine-api/client/diff.go -@@ -15,11 +15,8 @@ func (cli *Client) ContainerDiff(containerID string) ([]types.ContainerChange, e - if err != nil { - return changes, err - } -- defer ensureReaderClosed(serverResp) - -- if err := json.NewDecoder(serverResp.body).Decode(&changes); err != nil { -- return changes, err -- } -- -- return changes, nil -+ err = json.NewDecoder(serverResp.body).Decode(&changes) -+ ensureReaderClosed(serverResp) -+ return changes, err - } -diff --git a/vendor/src/github.com/docker/engine-api/client/exec.go b/vendor/src/github.com/docker/engine-api/client/exec.go -index 3a86b40..3d4577e 100644 ---- a/vendor/src/github.com/docker/engine-api/client/exec.go -+++ b/vendor/src/github.com/docker/engine-api/client/exec.go -@@ -13,8 +13,8 @@ func (cli *Client) ContainerExecCreate(config types.ExecConfig) (types.Container - if err != nil { - return response, err - } -- defer ensureReaderClosed(resp) - err = json.NewDecoder(resp.body).Decode(&response) -+ ensureReaderClosed(resp) - return response, err - } - -@@ -41,8 +41,8 @@ func (cli *Client) ContainerExecInspect(execID string) (types.ContainerExecInspe - if err != nil { - return response, err - } -- defer ensureReaderClosed(resp) - - err = json.NewDecoder(resp.body).Decode(&response) -+ ensureReaderClosed(resp) - return response, err - } -diff --git a/vendor/src/github.com/docker/engine-api/client/history.go b/vendor/src/github.com/docker/engine-api/client/history.go -index 7769727..21a2622 100644 ---- a/vendor/src/github.com/docker/engine-api/client/history.go -+++ b/vendor/src/github.com/docker/engine-api/client/history.go -@@ -14,10 +14,8 @@ func (cli *Client) ImageHistory(imageID string) ([]types.ImageHistory, error) { - if err != nil { - return history, err - } -- defer ensureReaderClosed(serverResp) - -- if err := json.NewDecoder(serverResp.body).Decode(&history); err != nil { -- return history, err -- } -- return history, nil -+ err = json.NewDecoder(serverResp.body).Decode(&history) -+ ensureReaderClosed(serverResp) -+ return history, err - } -diff --git a/vendor/src/github.com/docker/engine-api/client/image_list.go b/vendor/src/github.com/docker/engine-api/client/image_list.go -index d961570..0cdb0ba 100644 ---- a/vendor/src/github.com/docker/engine-api/client/image_list.go -+++ b/vendor/src/github.com/docker/engine-api/client/image_list.go -@@ -32,8 +32,8 @@ func (cli *Client) ImageList(options types.ImageListOptions) ([]types.Image, err - if err != nil { - return images, err - } -- defer ensureReaderClosed(serverResp) - - err = json.NewDecoder(serverResp.body).Decode(&images) -+ ensureReaderClosed(serverResp) - return images, err - } -diff --git a/vendor/src/github.com/docker/engine-api/client/image_remove.go b/vendor/src/github.com/docker/engine-api/client/image_remove.go -index c9c232c..28edb8e 100644 ---- a/vendor/src/github.com/docker/engine-api/client/image_remove.go -+++ b/vendor/src/github.com/docker/engine-api/client/image_remove.go -@@ -22,9 +22,9 @@ func (cli *Client) ImageRemove(options types.ImageRemoveOptions) ([]types.ImageD - if err != nil { - return nil, err - } -- defer ensureReaderClosed(resp) - - var dels []types.ImageDelete - err = json.NewDecoder(resp.body).Decode(&dels) -+ ensureReaderClosed(resp) - return dels, err - } -diff --git a/vendor/src/github.com/docker/engine-api/client/image_search.go b/vendor/src/github.com/docker/engine-api/client/image_search.go -index 5d9413c..0cad8a7 100644 ---- a/vendor/src/github.com/docker/engine-api/client/image_search.go -+++ b/vendor/src/github.com/docker/engine-api/client/image_search.go -@@ -27,9 +27,9 @@ func (cli *Client) ImageSearch(options types.ImageSearchOptions, privilegeFunc R - if err != nil { - return results, err - } -- defer ensureReaderClosed(resp) - - err = json.NewDecoder(resp.body).Decode(&results) -+ ensureReaderClosed(resp) - return results, err - } - -diff --git a/vendor/src/github.com/docker/engine-api/client/login.go b/vendor/src/github.com/docker/engine-api/client/login.go -index e9ba842..5ddcd5b 100644 ---- a/vendor/src/github.com/docker/engine-api/client/login.go -+++ b/vendor/src/github.com/docker/engine-api/client/login.go -@@ -19,9 +19,9 @@ func (cli *Client) RegistryLogin(auth types.AuthConfig) (types.AuthResponse, err - if err != nil { - return types.AuthResponse{}, err - } -- defer ensureReaderClosed(resp) - - var response types.AuthResponse - err = json.NewDecoder(resp.body).Decode(&response) -+ ensureReaderClosed(resp) - return response, err - } -diff --git a/vendor/src/github.com/docker/engine-api/client/network.go b/vendor/src/github.com/docker/engine-api/client/network.go -index de7f184..90b9adb 100644 ---- a/vendor/src/github.com/docker/engine-api/client/network.go -+++ b/vendor/src/github.com/docker/engine-api/client/network.go -@@ -65,8 +65,8 @@ func (cli *Client) NetworkList(options types.NetworkListOptions) ([]types.Networ - if err != nil { - return networkResources, err - } -- defer ensureReaderClosed(resp) - err = json.NewDecoder(resp.body).Decode(&networkResources) -+ ensureReaderClosed(resp) - return networkResources, err - } - -@@ -80,7 +80,7 @@ func (cli *Client) NetworkInspect(networkID string) (types.NetworkResource, erro - } - return networkResource, err - } -- defer ensureReaderClosed(resp) - err = json.NewDecoder(resp.body).Decode(&networkResource) -+ ensureReaderClosed(resp) - return networkResource, err - } -diff --git a/vendor/src/github.com/docker/engine-api/client/version.go b/vendor/src/github.com/docker/engine-api/client/version.go -index e97b798..0e9ce61 100644 ---- a/vendor/src/github.com/docker/engine-api/client/version.go -+++ b/vendor/src/github.com/docker/engine-api/client/version.go -@@ -12,9 +12,9 @@ func (cli *Client) ServerVersion() (types.Version, error) { - if err != nil { - return types.Version{}, err - } -- defer ensureReaderClosed(resp) - - var server types.Version - err = json.NewDecoder(resp.body).Decode(&server) -+ ensureReaderClosed(resp) - return server, err - } -diff --git a/vendor/src/github.com/docker/engine-api/client/volume.go b/vendor/src/github.com/docker/engine-api/client/volume.go -index 3419def..597e318 100644 ---- a/vendor/src/github.com/docker/engine-api/client/volume.go -+++ b/vendor/src/github.com/docker/engine-api/client/volume.go -@@ -25,9 +25,9 @@ func (cli *Client) VolumeList(filter filters.Args) (types.VolumesListResponse, e - if err != nil { - return volumes, err - } -- defer ensureReaderClosed(resp) - - err = json.NewDecoder(resp.body).Decode(&volumes) -+ ensureReaderClosed(resp) - return volumes, err - } - -@@ -41,8 +41,8 @@ func (cli *Client) VolumeInspect(volumeID string) (types.Volume, error) { - } - return volume, err - } -- defer ensureReaderClosed(resp) - err = json.NewDecoder(resp.body).Decode(&volume) -+ ensureReaderClosed(resp) - return volume, err - } - -@@ -53,8 +53,8 @@ func (cli *Client) VolumeCreate(options types.VolumeCreateRequest) (types.Volume - if err != nil { - return volume, err - } -- defer ensureReaderClosed(resp) - err = json.NewDecoder(resp.body).Decode(&volume) -+ ensureReaderClosed(resp) - return volume, err - } - -diff --git a/vendor/src/github.com/docker/engine-api/types/container/host_config.go b/vendor/src/github.com/docker/engine-api/types/container/host_config.go -index f43263d..b7c459e 100644 ---- a/vendor/src/github.com/docker/engine-api/types/container/host_config.go -+++ b/vendor/src/github.com/docker/engine-api/types/container/host_config.go -@@ -151,6 +151,11 @@ func (rp *RestartPolicy) IsUnlessStopped() bool { - return rp.Name == "unless-stopped" - } - -+// IsSame compares two RestartPolicy to see if they are the same -+func (rp *RestartPolicy) IsSame(tp *RestartPolicy) bool { -+ return rp.Name == tp.Name && rp.MaximumRetryCount == tp.MaximumRetryCount -+} -+ - // LogConfig represents the logging configuration of the container. - type LogConfig struct { - Type string -@@ -178,7 +183,7 @@ type Resources struct { - KernelMemory int64 // Kernel memory limit (in bytes) - Memory int64 // Memory limit (in bytes) - MemoryReservation int64 // Memory soft limit (in bytes) -- MemorySwap int64 // Total memory usage (memory + swap); set `-1` to disable swap -+ MemorySwap int64 // Total memory usage (memory + swap); set `-1` to enable unlimited swap - MemorySwappiness *int64 // Tuning container memory swappiness behaviour - OomKillDisable *bool // Whether to disable OOM Killer or not - PidsLimit int64 // Setting pids limit for a container -@@ -190,6 +195,7 @@ type Resources struct { - type UpdateConfig struct { - // Contains container's resources (cgroups, ulimits) - Resources -+ RestartPolicy RestartPolicy - } - - // HostConfig the non-portable Config structure of a container. -diff --git a/vendor/src/github.com/docker/engine-api/types/types.go b/vendor/src/github.com/docker/engine-api/types/types.go -index 9666ea4..de8b0be 100644 ---- a/vendor/src/github.com/docker/engine-api/types/types.go -+++ b/vendor/src/github.com/docker/engine-api/types/types.go -@@ -142,6 +142,7 @@ type Container struct { - SizeRw int64 `json:",omitempty"` - SizeRootFs int64 `json:",omitempty"` - Labels map[string]string -+ State string - Status string - HostConfig struct { - NetworkMode string `json:",omitempty"` -@@ -198,6 +199,7 @@ type Info struct { - Images int - Driver string - DriverStatus [][2]string -+ SystemStatus [][2]string - Plugins PluginsInfo - MemoryLimit bool - SwapLimit bool -@@ -222,8 +224,6 @@ type Info struct { - Architecture string - IndexServerAddress string - RegistryConfig *registry.ServiceConfig -- InitSha1 string -- InitPath string - NCPU int - MemTotal int64 - DockerRootDir string -@@ -388,6 +388,7 @@ type NetworkResource struct { - Scope string - Driver string - IPAM network.IPAM -+ Internal bool - Containers map[string]EndpointResource - Options map[string]string - } - From 5bf2e5da42c6ca37580f5742a095c50a7d8062ff3909b32a9d482582cb425fa1 Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Date: Mon, 8 Feb 2016 16:28:28 +0000 Subject: [PATCH 12/37] review fix-docker-init.patch OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=62 --- fix-docker-init.patch | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/fix-docker-init.patch b/fix-docker-init.patch index 26a4899..718b93d 100644 --- a/fix-docker-init.patch +++ b/fix-docker-init.patch @@ -13,10 +13,9 @@ index 3caa526..f272d29 100644 --- a/hack/make/.dockerinit-gccgo +++ b/hack/make/.dockerinit-gccgo @@ -27,5 +27,6 @@ else - exit 1 + exit 1 fi +/usr/bin/strip -s $DEST/dockerinit-$VERSION # sha1 our new dockerinit to ensure separate docker and dockerinit always run in a perfect pair compiled for one another export DOCKER_INITSHA1=$($sha1sum "$DEST/dockerinit-$VERSION" | cut -d' ' -f1) - From aadf656db73ab2a9ba9a48d78a822b106feb4eea525d0268675930119bab105b Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Date: Tue, 9 Feb 2016 11:46:03 +0000 Subject: [PATCH 13/37] add netlink_gcc_go patch and fix minor issues: review file list and name of the tarball OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=63 --- docker.spec | 5 ++++- netlink_gcc_go.patch | 48 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+), 1 deletion(-) create mode 100644 netlink_gcc_go.patch diff --git a/docker.spec b/docker.spec index b3aab48..a17aaf4 100644 --- a/docker.spec +++ b/docker.spec @@ -46,6 +46,7 @@ Patch1: gcc5_socket_workaround.patch Patch2: fix-docker-init.patch Patch100: gcc-go-patches.patch Patch101: fix-ppc64le.patch +Patch102: netlink_gcc_go.patch BuildRequires: audit BuildRequires: bash-completion BuildRequires: device-mapper-devel >= 1.2.68 @@ -137,7 +138,7 @@ BuildArch: noarch Test package for docker. It contains the source code and the tests. %prep -%setup -q -n docker-%{version} +%setup -q -n %{name}-%{version} %patch0 -p1 # 1330 is Tumbleweed after leap has been released # gcc5-go in Tumbleweed includes this commit @@ -153,6 +154,7 @@ Test package for docker. It contains the source code and the tests. %ifnarch %go_arches %patch100 -p1 %patch101 -p1 +%patch102 -p1 %endif cp %{SOURCE7} . @@ -260,6 +262,7 @@ groupadd -r docker 2>/dev/null || : %{_bindir}/docker %{_sbindir}/rcdocker %{_prefix}/lib/docker/ +%{_prefix}/lib/docker/dockerinit %{_unitdir}/%{name}.service %{_unitdir}/%{name}.socket %config %{_sysconfdir}/audit/rules.d/%{name}.rules diff --git a/netlink_gcc_go.patch b/netlink_gcc_go.patch new file mode 100644 index 0000000..cccc199 --- /dev/null +++ b/netlink_gcc_go.patch @@ -0,0 +1,48 @@ +diff --git a/vendor/src/github.com/vishvananda/netlink/link_linux.go b/vendor/src/github.com/vishvananda/netlink/link_linux.go +index 3aa9124..6ad7c2b 100644 +--- a/vendor/src/github.com/vishvananda/netlink/link_linux.go ++++ b/vendor/src/github.com/vishvananda/netlink/link_linux.go +@@ -415,11 +415,11 @@ func LinkAdd(link Link) error { + req.Flags |= syscall.IFF_TUN_EXCL + copy(req.Name[:15], base.Name) + req.Flags |= uint16(tuntap.Mode) +- _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, file.Fd(), uintptr(syscall.TUNSETIFF), uintptr(unsafe.Pointer(&req))) ++ _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, file.Fd(), uintptr(syscall_TUNSETIFF), uintptr(unsafe.Pointer(&req))) + if errno != 0 { + return fmt.Errorf("Tuntap IOCTL TUNSETIFF failed, errno %v", errno) + } +- _, _, errno = syscall.Syscall(syscall.SYS_IOCTL, file.Fd(), uintptr(syscall.TUNSETPERSIST), 1) ++ _, _, errno = syscall.Syscall(syscall.SYS_IOCTL, file.Fd(), uintptr(syscall_TUNSETPERSIST), 1) + if errno != 0 { + return fmt.Errorf("Tuntap IOCTL TUNSETPERSIST failed, errno %v", errno) + } +diff --git a/vendor/src/github.com/vishvananda/netlink/link_linux_others.go b/vendor/src/github.com/vishvananda/netlink/link_linux_others.go +new file mode 100644 +index 0000000..feb6070 +--- /dev/null ++++ b/vendor/src/github.com/vishvananda/netlink/link_linux_others.go +@@ -0,0 +1,9 @@ ++// +build linux ++// +build x86_64 arm64 s390x ++ ++package netlink ++ ++const ( ++ syscall_TUNSETIFF = 0x400454ca ++ syscall_TUNSETPERSIST = 0x400454ca ++) +diff --git a/vendor/src/github.com/vishvananda/netlink/link_linux_ppc64le.go b/vendor/src/github.com/vishvananda/netlink/link_linux_ppc64le.go +new file mode 100644 +index 0000000..fac7c06 +--- /dev/null ++++ b/vendor/src/github.com/vishvananda/netlink/link_linux_ppc64le.go +@@ -0,0 +1,9 @@ ++// +build linux ++// +build ppc64le ++ ++package netlink ++ ++const ( ++ syscall_TUNSETIFF = 0x800454ca ++ syscall_TUNSETPERSIST = 0x800454ca ++) From 43ef6adcd8b03393c88df3b5a5c796d46898972627052268f63cbb38d6365721 Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Date: Tue, 9 Feb 2016 11:59:56 +0000 Subject: [PATCH 14/37] restore ignore-dockerinit-checksum patch since we still have dockerinit, let's restore this patch to prevent unexpected side effects OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=64 --- docker.spec | 2 ++ ignore-dockerinit-checksum.patch | 12 ++++++++++++ 2 files changed, 14 insertions(+) create mode 100644 ignore-dockerinit-checksum.patch diff --git a/docker.spec b/docker.spec index a17aaf4..84aef6c 100644 --- a/docker.spec +++ b/docker.spec @@ -47,6 +47,7 @@ Patch2: fix-docker-init.patch Patch100: gcc-go-patches.patch Patch101: fix-ppc64le.patch Patch102: netlink_gcc_go.patch +Patch103: ignore-dockerinit-checksum.patch BuildRequires: audit BuildRequires: bash-completion BuildRequires: device-mapper-devel >= 1.2.68 @@ -155,6 +156,7 @@ Test package for docker. It contains the source code and the tests. %patch100 -p1 %patch101 -p1 %patch102 -p1 +%patch103 -p1 %endif cp %{SOURCE7} . diff --git a/ignore-dockerinit-checksum.patch b/ignore-dockerinit-checksum.patch new file mode 100644 index 0000000..efa3f76 --- /dev/null +++ b/ignore-dockerinit-checksum.patch @@ -0,0 +1,12 @@ +diff -Naur a/utils/utils.go b/utils/utils.go +--- a/utils/utils.go 2015-08-11 18:35:27.000000000 +0200 ++++ b/utils/utils.go 2015-08-12 18:06:47.930445696 +0200 +@@ -76,7 +76,7 @@ + } + return os.SameFile(targetFileInfo, selfPathFileInfo) + } +- return dockerversion.INITSHA1 != "" && dockerInitSha1(target) == dockerversion.INITSHA1 ++ return true + } + + // DockerInitPath figures out the path of our dockerinit (which may be SelfPath()) From 05a21b1818d10dd073bff407a41e847e246ebc86fab6ba3504d3b7eec946e0dc Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Date: Tue, 9 Feb 2016 12:16:49 +0000 Subject: [PATCH 15/37] remove fix_json_econnreset_bug.patch because it is already in docker-1.10 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=65 --- fix_json_econnreset_bug.patch | 136 ---------------------------------- 1 file changed, 136 deletions(-) delete mode 100644 fix_json_econnreset_bug.patch diff --git a/fix_json_econnreset_bug.patch b/fix_json_econnreset_bug.patch deleted file mode 100644 index a54fc11..0000000 --- a/fix_json_econnreset_bug.patch +++ /dev/null @@ -1,136 +0,0 @@ -commit 7b5896702bd2951541af27925620172edb5d3505 -Author: Michael Crosby -Date: Tue Jan 26 15:00:07 2016 -0800 - - Update libcontainer to 3d8a20bb772defc28c355534d83 - - Fixes #14203 - - This bump fixes the issue of having the container's pipes connection - reset by peer because of using the json.Encoder and having a \n added to - the output. - - Signed-off-by: Michael Crosby - -Index: docker-1.9.1/hack/vendor.sh -=================================================================== ---- docker-1.9.1.orig/hack/vendor.sh -+++ docker-1.9.1/hack/vendor.sh -@@ -48,7 +48,7 @@ clone git github.com/agl/ed25519 d2b94fd - - # this runc commit from branch relabel_fix_docker_1.9.1, pls remove it when you - # update next time --clone git github.com/opencontainers/runc 1349b37bd56f4f5ce2690b5b2c0f53f88a261c67 # libcontainer -+clone git github.com/opencontainers/runc 3d8a20bb772defc28c355534d83486416d1719b4 # libcontainer - # libcontainer deps (see src/github.com/opencontainers/runc/Godeps/Godeps.json) - clone git github.com/coreos/go-systemd v3 - clone git github.com/godbus/dbus v2 -Index: docker-1.9.1/vendor/src/github.com/opencontainers/runc/libcontainer/container_linux.go -=================================================================== ---- docker-1.9.1.orig/vendor/src/github.com/opencontainers/runc/libcontainer/container_linux.go -+++ docker-1.9.1/vendor/src/github.com/opencontainers/runc/libcontainer/container_linux.go -@@ -18,6 +18,7 @@ import ( - "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/configs" - "github.com/opencontainers/runc/libcontainer/criurpc" -+ "github.com/opencontainers/runc/libcontainer/utils" - ) - - const stdioFdCount = 3 -@@ -863,7 +864,7 @@ func (c *linuxContainer) updateState(pro - } - defer f.Close() - os.Remove(filepath.Join(c.root, "checkpoint")) -- return json.NewEncoder(f).Encode(state) -+ return utils.WriteJSON(f, state) - } - - func (c *linuxContainer) currentStatus() (Status, error) { -Index: docker-1.9.1/vendor/src/github.com/opencontainers/runc/libcontainer/factory_linux.go -=================================================================== ---- docker-1.9.1.orig/vendor/src/github.com/opencontainers/runc/libcontainer/factory_linux.go -+++ docker-1.9.1/vendor/src/github.com/opencontainers/runc/libcontainer/factory_linux.go -@@ -5,7 +5,6 @@ package libcontainer - import ( - "encoding/json" - "fmt" -- "io/ioutil" - "os" - "os/exec" - "path/filepath" -@@ -19,6 +18,7 @@ import ( - "github.com/opencontainers/runc/libcontainer/cgroups/systemd" - "github.com/opencontainers/runc/libcontainer/configs" - "github.com/opencontainers/runc/libcontainer/configs/validate" -+ "github.com/opencontainers/runc/libcontainer/utils" - ) - - const ( -@@ -225,10 +225,7 @@ func (l *LinuxFactory) StartInitializati - // if we have an error during the initialization of the container's init then send it back to the - // parent process in the form of an initError. - if err != nil { -- // ensure that any data sent from the parent is consumed so it doesn't -- // receive ECONNRESET when the child writes to the pipe. -- ioutil.ReadAll(pipe) -- if err := json.NewEncoder(pipe).Encode(newSystemError(err)); err != nil { -+ if err := utils.WriteJSON(pipe, newSystemError(err)); err != nil { - panic(err) - } - } -Index: docker-1.9.1/vendor/src/github.com/opencontainers/runc/libcontainer/process_linux.go -=================================================================== ---- docker-1.9.1.orig/vendor/src/github.com/opencontainers/runc/libcontainer/process_linux.go -+++ docker-1.9.1/vendor/src/github.com/opencontainers/runc/libcontainer/process_linux.go -@@ -15,6 +15,7 @@ import ( - "github.com/opencontainers/runc/libcontainer/cgroups" - "github.com/opencontainers/runc/libcontainer/configs" - "github.com/opencontainers/runc/libcontainer/system" -+ "github.com/opencontainers/runc/libcontainer/utils" - ) - - type parentProcess interface { -@@ -71,7 +72,7 @@ func (p *setnsProcess) start() (err erro - return newSystemError(err) - } - } -- if err := json.NewEncoder(p.parentPipe).Encode(p.config); err != nil { -+ if err := utils.WriteJSON(p.parentPipe, p.config); err != nil { - return newSystemError(err) - } - if err := syscall.Shutdown(int(p.parentPipe.Fd()), syscall.SHUT_WR); err != nil { -@@ -262,7 +263,7 @@ func (p *initProcess) startTime() (strin - - func (p *initProcess) sendConfig() error { - // send the state to the container's init process then shutdown writes for the parent -- if err := json.NewEncoder(p.parentPipe).Encode(p.config); err != nil { -+ if err := utils.WriteJSON(p.parentPipe, p.config); err != nil { - return err - } - // shutdown writes for the parent side of the pipe -Index: docker-1.9.1/vendor/src/github.com/opencontainers/runc/libcontainer/utils/utils.go -=================================================================== ---- docker-1.9.1.orig/vendor/src/github.com/opencontainers/runc/libcontainer/utils/utils.go -+++ docker-1.9.1/vendor/src/github.com/opencontainers/runc/libcontainer/utils/utils.go -@@ -3,6 +3,7 @@ package utils - import ( - "crypto/rand" - "encoding/hex" -+ "encoding/json" - "io" - "path/filepath" - "syscall" -@@ -43,3 +44,13 @@ func ExitStatus(status syscall.WaitStatu - } - return status.ExitStatus() - } -+ -+// WriteJSON writes the provided struct v to w using standard json marshaling -+func WriteJSON(w io.Writer, v interface{}) error { -+ data, err := json.Marshal(v) -+ if err != nil { -+ return err -+ } -+ _, err = w.Write(data) -+ return err -+} From 0510b2c508611fd709fef36903c494273bf887f880dbc2f29d585f21fd1a3770 Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Date: Tue, 9 Feb 2016 12:20:46 +0000 Subject: [PATCH 16/37] restore some comments into the spec file regarding docker-init OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=66 --- docker.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docker.spec b/docker.spec index 84aef6c..dc1b7e6 100644 --- a/docker.spec +++ b/docker.spec @@ -156,6 +156,10 @@ Test package for docker. It contains the source code and the tests. %patch100 -p1 %patch101 -p1 %patch102 -p1 +# Required to overcome some limitations of gcc-go: https://groups.google.com/forum/#!msg/golang-nuts/SlGCPYkjxo4/4DjcjXRCqAkJ +# Right now docker passes the sha1sum of the dockerinit binary to the docker binary at build time +# We cannot do that, right now a quick and really dirty way to get it running is +# to simply disable this check %patch103 -p1 %endif cp %{SOURCE7} . From 98394cfadd10958740ed48b41f51fcd15443a4e4aa9e06f4af5199a6e41319f4 Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Date: Tue, 9 Feb 2016 12:38:34 +0000 Subject: [PATCH 17/37] fix ignore-dockerinit-checksum.patch OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=67 --- ignore-dockerinit-checksum.patch | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/ignore-dockerinit-checksum.patch b/ignore-dockerinit-checksum.patch index efa3f76..7c033f7 100644 --- a/ignore-dockerinit-checksum.patch +++ b/ignore-dockerinit-checksum.patch @@ -1,11 +1,12 @@ -diff -Naur a/utils/utils.go b/utils/utils.go ---- a/utils/utils.go 2015-08-11 18:35:27.000000000 +0200 -+++ b/utils/utils.go 2015-08-12 18:06:47.930445696 +0200 -@@ -76,7 +76,7 @@ +diff --git a/utils/utils.go b/utils/utils.go +index 340b9e4..70a85a6 100644 +--- a/utils/utils.go ++++ b/utils/utils.go +@@ -75,7 +75,7 @@ func isValidDockerInitPath(target string, selfPath string) bool { // target and } return os.SameFile(targetFileInfo, selfPathFileInfo) } -- return dockerversion.INITSHA1 != "" && dockerInitSha1(target) == dockerversion.INITSHA1 +- return dockerversion.InitSHA1 != "" && dockerInitSha1(target) == dockerversion.InitSHA1 + return true } From 92e1eff954cda3093d6b636ee147b943a1069871938f97171c8a3f4fa57b54b7 Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Date: Tue, 9 Feb 2016 17:30:35 +0000 Subject: [PATCH 18/37] review changelog OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=68 --- docker.changes | 36 +++++++++++++++++++++++++++++++++++- 1 file changed, 35 insertions(+), 1 deletion(-) diff --git a/docker.changes b/docker.changes index 435c4bf..786cb18 100644 --- a/docker.changes +++ b/docker.changes @@ -1,7 +1,7 @@ ------------------------------------------------------------------- Fri Feb 5 09:14:15 UTC 2016 - jmassaguerpla@suse.com -- Update to 1.10.0 version +- Update to 1.10.0 version (bnc#965918) Add usernamespace support Add support for custom seccomp profiles @@ -11,6 +11,40 @@ detailed changelog in https://github.com/docker/docker/blob/590d5108bbdaabb05af590f76c9757daceb6d02e/CHANGELOG.md + +- removed patches, because code has been merged in 1.10.0 release: + libcontainer-apparmor-fixes.patch: see: https://github.com/docker/docker/blob/release/v1.10/contrib/apparmor/template.go + fix_bnc_958255.patch: see https://github.com/docker/docker/commit/2b4f64e59018c21aacbf311d5c774dd5521b5352 + use_fs_cgroups_by_default.patch + fix_cgroup.parent_path_sanitisation.patch + add_bolt_ppc64.patch + add_bolt_arm64.patch + add_bolt_s390x.patch + +- added patches: + fix_platform_type_arm.patch: fix build for arm64 and aarch64: set utsname as uint8 for arm64 and aarch64 + gcc5_socket_workaround.patch: gcc5-go in Tumbleweed includes this commit + https://github.com/golang/gofrontend/commit/a850225433a66a58613c22185c3b09626f5545eb + Which "fixes" the data type for RawSockaddr.Data + However, docker now expects the "wrong" data type, since docker had a workaround + for that issue. + Thus, we need to workaround the workaround in tumbleweed + netlink_gcc_go.patch: add constants for syscalls TUNSETIFF and TUNSETPERSIST to fix a gcc issue. + This is a workaround for bnc#964468: gcc-go can no longer compile Docker. + +- reviewed patches: + ignore-dockerinit-checksum.patch: review context in patch + fix-docker-init.patch: review patch because build method has been changed in spec file for gcc-go + gcc-go-patches.patch: review context in patch + +- Build requires go >= 1.5: For version 1.9, we could use Go 1.4.3 + see GO_VERSION https://github.com/docker/docker/blob/release/v1.9/Dockerfile + However, for version 1.10, we need go 1.5.3 + see GO_VERSION https://github.com/docker/docker/blob/release/v1.10/Dockerfile + +- fix bnc#965600 - SLES12 SP1 - Static shared memory limit in container + + ------------------------------------------------------------------- Wed Jan 27 23:40:09 UTC 2016 - asarai@suse.com From c6dc735d90e9b5928d1464280e980cca0a0c448624416be5362caa466c911600 Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Date: Tue, 9 Feb 2016 17:35:20 +0000 Subject: [PATCH 19/37] review patch numbers and comments and spaces in files OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=69 --- docker.spec | 19 ++++++++++--------- fix-ppc64le.patch | 8 ++++---- 2 files changed, 14 insertions(+), 13 deletions(-) diff --git a/docker.spec b/docker.spec index dc1b7e6..9049772 100644 --- a/docker.spec +++ b/docker.spec @@ -44,10 +44,15 @@ Source100: sysconfig.docker.ppc64le Patch0: fix_platform_type_arm.patch Patch1: gcc5_socket_workaround.patch Patch2: fix-docker-init.patch -Patch100: gcc-go-patches.patch -Patch101: fix-ppc64le.patch +# Required to overcome some limitations of gcc-go: https://groups.google.com/forum/#!msg/golang-nuts/SlGCPYkjxo4/4DjcjXRCqAkJ +# Right now docker passes the sha1sum of the dockerinit binary to the docker binary at build time +# We cannot do that, right now a quick and really dirty way to get it running is +# to simply disable this check +Patch100: ignore-dockerinit-checksum.patch +Patch101: gcc-go-patches.patch Patch102: netlink_gcc_go.patch -Patch103: ignore-dockerinit-checksum.patch +#TODO: rename this patch later on +Patch108: ignore-dockerinit-checksum.patch BuildRequires: audit BuildRequires: bash-completion BuildRequires: device-mapper-devel >= 1.2.68 @@ -153,14 +158,10 @@ Test package for docker. It contains the source code and the tests. %endif %patch2 -p1 %ifnarch %go_arches -%patch100 -p1 %patch101 -p1 +%patch108 -p1 %patch102 -p1 -# Required to overcome some limitations of gcc-go: https://groups.google.com/forum/#!msg/golang-nuts/SlGCPYkjxo4/4DjcjXRCqAkJ -# Right now docker passes the sha1sum of the dockerinit binary to the docker binary at build time -# We cannot do that, right now a quick and really dirty way to get it running is -# to simply disable this check -%patch103 -p1 +%patch100 -p1 %endif cp %{SOURCE7} . diff --git a/fix-ppc64le.patch b/fix-ppc64le.patch index fd5afb1..a4c7a40 100644 --- a/fix-ppc64le.patch +++ b/fix-ppc64le.patch @@ -1,4 +1,3 @@ - Index: docker-1.9.1/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go =================================================================== --- docker-1.9.1.orig/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go @@ -6,9 +5,9 @@ Index: docker-1.9.1/vendor/src/github.com/docker/libnetwork/drivers/bridge/netli @@ -1,4 +1,4 @@ -// +build arm ppc64 ppc64le +// +build arm ppc64,!ppc64le - + package bridge - + Index: docker-1.9.1/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_notarm.go =================================================================== --- docker-1.9.1.orig/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_notarm.go @@ -16,5 +15,6 @@ Index: docker-1.9.1/vendor/src/github.com/docker/libnetwork/drivers/bridge/netli @@ -1,4 +1,4 @@ -// +build !arm,!ppc64,!ppc64le +// +build !arm,!ppc64 ppc64le - + package bridge + From c9ddc4fd3744c40df4f714fb827f82ffe321c216f4115cb140c960162c05e274 Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Date: Tue, 9 Feb 2016 17:37:28 +0000 Subject: [PATCH 20/37] fix patch name in the previous commit I did a mistake when renumbering the patches OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=70 --- docker.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker.spec b/docker.spec index 9049772..1ebb846 100644 --- a/docker.spec +++ b/docker.spec @@ -52,7 +52,7 @@ Patch100: ignore-dockerinit-checksum.patch Patch101: gcc-go-patches.patch Patch102: netlink_gcc_go.patch #TODO: rename this patch later on -Patch108: ignore-dockerinit-checksum.patch +Patch108: fix-ppc64le.patch BuildRequires: audit BuildRequires: bash-completion BuildRequires: device-mapper-devel >= 1.2.68 From fce327c0ca5b354e420c00eebbac18c78d39a3677b96237b4838bdd885186040 Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Date: Fri, 12 Feb 2016 12:52:19 +0000 Subject: [PATCH 21/37] fix-apparmor.patch: fix https://github.com/docker/docker/issues/20269 . It affects SLE12 which has apparmor version 2.8 and not openSUSE which has version 2.9. OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=71 --- docker.changes | 2 + docker.spec | 2 + fix-apparmor.patch | 110 +++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 114 insertions(+) create mode 100644 fix-apparmor.patch diff --git a/docker.changes b/docker.changes index 786cb18..e09bab6 100644 --- a/docker.changes +++ b/docker.changes @@ -31,6 +31,8 @@ https://github.com/docker/docker/blob/590d5108bbdaabb05af590f76c9757daceb6d02e/C Thus, we need to workaround the workaround in tumbleweed netlink_gcc_go.patch: add constants for syscalls TUNSETIFF and TUNSETPERSIST to fix a gcc issue. This is a workaround for bnc#964468: gcc-go can no longer compile Docker. + fix-apparmor.patch: fix https://github.com/docker/docker/issues/20269 . It affects SLE12 which has apparmor + version 2.8 and not openSUSE which has version 2.9. - reviewed patches: ignore-dockerinit-checksum.patch: review context in patch diff --git a/docker.spec b/docker.spec index 1ebb846..2593d7f 100644 --- a/docker.spec +++ b/docker.spec @@ -44,6 +44,7 @@ Source100: sysconfig.docker.ppc64le Patch0: fix_platform_type_arm.patch Patch1: gcc5_socket_workaround.patch Patch2: fix-docker-init.patch +Patch3: fix-apparmor.patch # Required to overcome some limitations of gcc-go: https://groups.google.com/forum/#!msg/golang-nuts/SlGCPYkjxo4/4DjcjXRCqAkJ # Right now docker passes the sha1sum of the dockerinit binary to the docker binary at build time # We cannot do that, right now a quick and really dirty way to get it running is @@ -157,6 +158,7 @@ Test package for docker. It contains the source code and the tests. %patch1 -p1 %endif %patch2 -p1 +%patch3 -p1 %ifnarch %go_arches %patch101 -p1 %patch108 -p1 diff --git a/fix-apparmor.patch b/fix-apparmor.patch new file mode 100644 index 0000000..d3cc839 --- /dev/null +++ b/fix-apparmor.patch @@ -0,0 +1,110 @@ +diff --git a/contrib/apparmor/main.go b/contrib/apparmor/main.go +index 25f6e8c..2b15e1d 100644 +--- a/contrib/apparmor/main.go ++++ b/contrib/apparmor/main.go +@@ -13,6 +13,7 @@ import ( + type profileData struct { + MajorVersion int + MinorVersion int ++ PatchLevel int + } + + func main() { +@@ -23,13 +24,14 @@ func main() { + // parse the arg + apparmorProfilePath := os.Args[1] + +- majorVersion, minorVersion, err := aaparser.GetVersion() ++ majorVersion, minorVersion, patchLevel, err := aaparser.GetVersion() + if err != nil { + log.Fatal(err) + } + data := profileData{ + MajorVersion: majorVersion, + MinorVersion: minorVersion, ++ PatchLevel: patchLevel, + } + fmt.Printf("apparmor_parser is of version %+v\n", data) + +diff --git a/daemon/execdriver/native/apparmor.go b/daemon/execdriver/native/apparmor.go +index 5bbfef6..33859fd 100644 +--- a/daemon/execdriver/native/apparmor.go ++++ b/daemon/execdriver/native/apparmor.go +@@ -27,6 +27,7 @@ type data struct { + InnerImports []string + MajorVersion int + MinorVersion int ++ PatchLevel int + } + + const baseTemplate = ` +@@ -64,10 +65,13 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) { + deny /sys/firmware/efi/efivars/** rwklx, + deny /sys/kernel/security/** rwklx, + +-{{if ge .MajorVersion 2}}{{if ge .MinorVersion 8}} ++{{if ge .MajorVersion 2}}{{if ge .MinorVersion 8}}{{if ge .PatchLevel 95}} ++ # apparmor-2.8.95 is Ubuntu 14.04 LTS (Trusty Tahr) ++ # apparmor-2.8.95 is apparmor-2.9 beta, which supports ptrace rule ++ # other apparmor-2.8 versions do not support this rule + # suppress ptrace denials when using 'docker ps' or using 'ps' inside a container + ptrace (trace,read) peer=docker-default, +-{{end}}{{end}} ++{{end}}{{end}}{{end}} + {{if ge .MajorVersion 2}}{{if ge .MinorVersion 9}} + # docker daemon confinement requires explict allow rule for signal + signal (receive) set=(kill,term) peer={{.ExecPath}}, +@@ -91,7 +95,7 @@ func generateProfile(out io.Writer) error { + if abstractionsExists() { + data.InnerImports = append(data.InnerImports, "#include ") + } +- data.MajorVersion, data.MinorVersion, err = aaparser.GetVersion() ++ data.MajorVersion, data.MinorVersion, data.PatchLevel, err = aaparser.GetVersion() + if err != nil { + return err + } +diff --git a/pkg/aaparser/aaparser.go b/pkg/aaparser/aaparser.go +index 23dda99..a2f2f58 100644 +--- a/pkg/aaparser/aaparser.go ++++ b/pkg/aaparser/aaparser.go +@@ -8,8 +8,8 @@ import ( + "strings" + ) + +-// GetVersion returns the major and minor version of apparmor_parser +-func GetVersion() (int, int, error) { ++// GetVersion returns the major, minor and patch level version of apparmor_parser ++func GetVersion() (int, int, int, error) { + // get the apparmor_version version + cmd := exec.Command("apparmor_parser", "--version") + +@@ -29,17 +29,25 @@ func GetVersion() (int, int, error) { + // split by major minor version + v := strings.Split(version, ".") + if len(v) < 2 { +- return -1, -1, fmt.Errorf("parsing major minor version failed for %q", version) ++ return -1, -1, -1, fmt.Errorf("parsing major minor and patch level version failed for %q", version) + } + + majorVersion, err := strconv.Atoi(v[0]) + if err != nil { +- return -1, -1, err ++ return -1, -1, -1, err + } + minorVersion, err := strconv.Atoi(v[1]) + if err != nil { +- return -1, -1, err ++ return -1, -1, -1, err + } + +- return majorVersion, minorVersion, nil ++ patchLevel := 0 ++ ++ if len(v) == 3 { ++ patchLevel, err = strconv.Atoi(v[2]) ++ if err != nil { ++ return -1, -1, -1, err ++ } ++ } ++ return majorVersion, minorVersion, patchLevel, nil + } From 570a2ef161d387464f7d759020a2b75188b65d29ead341ac66c19eb38e3f4928 Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Date: Fri, 12 Feb 2016 16:12:58 +0000 Subject: [PATCH 22/37] - Update to docker 1.10.1 It includes some fixes to 1.10.0, see detailed changelog in https://github.com/docker/docker/blob/v1.10.1/CHANGELOG.md OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=72 --- _service | 4 ++-- docker-1.10.0.tar.xz | 3 --- docker-1.10.1.tar.xz | 3 +++ docker.changes | 8 ++++++++ docker.spec | 4 ++-- 5 files changed, 15 insertions(+), 7 deletions(-) delete mode 100644 docker-1.10.0.tar.xz create mode 100644 docker-1.10.1.tar.xz diff --git a/_service b/_service index 399611a..d5e2138 100644 --- a/_service +++ b/_service @@ -3,8 +3,8 @@ https://github.com/docker/docker.git git .git - 1.10.0 - v1.10.0 + 1.10.1 + v1.10.1 docker-*.tar diff --git a/docker-1.10.0.tar.xz b/docker-1.10.0.tar.xz deleted file mode 100644 index 39fbc52..0000000 --- a/docker-1.10.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:28b9a52e84b02d7030f8fb39ba99583933421b512795b0b3537e1e57141cfb9b -size 8297720 diff --git a/docker-1.10.1.tar.xz b/docker-1.10.1.tar.xz new file mode 100644 index 0000000..4fd1857 --- /dev/null +++ b/docker-1.10.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:da8b04d5596ef138d19303bb4155dee423d88cb8977259c01d3d9b73ecc08e71 +size 8302256 diff --git a/docker.changes b/docker.changes index e09bab6..c104a84 100644 --- a/docker.changes +++ b/docker.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Fri Feb 12 16:01:30 UTC 2016 - jmassaguerpla@suse.com + +- Update to docker 1.10.1 + It includes some fixes to 1.10.0, see detailed changelog in + +https://github.com/docker/docker/blob/v1.10.1/CHANGELOG.md + ------------------------------------------------------------------- Fri Feb 5 09:14:15 UTC 2016 - jmassaguerpla@suse.com diff --git a/docker.spec b/docker.spec index 2593d7f..662b478 100644 --- a/docker.spec +++ b/docker.spec @@ -16,10 +16,10 @@ # -%define git_version 590d510 +%define git_version 9e83765 %define go_arches %ix86 x86_64 Name: docker -Version: 1.10.0 +Version: 1.10.1 Release: 0 Summary: The Linux container runtime License: Apache-2.0 From 9e251436af01a5bcf3d9514d3f9a39cd1202beb60be0125120d69cdf7e072a71 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Mon, 15 Feb 2016 13:18:46 +0000 Subject: [PATCH 23/37] - fix-apparmor.patch: switch to a backported version of docker/docker#20305, which also fixes several potential issues if the major version of apparmor changes. OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=73 --- docker.changes | 7 ++ docker.spec | 2 +- fix-apparmor.patch | 290 ++++++++++++++++++++++++++++++++++++--------- 3 files changed, 244 insertions(+), 55 deletions(-) diff --git a/docker.changes b/docker.changes index c104a84..94f486b 100644 --- a/docker.changes +++ b/docker.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Feb 15 12:13:16 UTC 2016 - asarai@suse.com + +- fix-apparmor.patch: switch to a backported version of docker/docker#20305, + which also fixes several potential issues if the major version of apparmor + changes. + ------------------------------------------------------------------- Fri Feb 12 16:01:30 UTC 2016 - jmassaguerpla@suse.com diff --git a/docker.spec b/docker.spec index 662b478..c9d1100 100644 --- a/docker.spec +++ b/docker.spec @@ -1,7 +1,7 @@ # # spec file for package docker # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed diff --git a/fix-apparmor.patch b/fix-apparmor.patch index d3cc839..fa463bd 100644 --- a/fix-apparmor.patch +++ b/fix-apparmor.patch @@ -1,110 +1,292 @@ -diff --git a/contrib/apparmor/main.go b/contrib/apparmor/main.go -index 25f6e8c..2b15e1d 100644 ---- a/contrib/apparmor/main.go -+++ b/contrib/apparmor/main.go -@@ -13,6 +13,7 @@ import ( +Index: docker-1.10.1/contrib/apparmor/main.go +=================================================================== +--- docker-1.10.1.orig/contrib/apparmor/main.go ++++ docker-1.10.1/contrib/apparmor/main.go +@@ -11,8 +11,7 @@ import ( + ) + type profileData struct { - MajorVersion int - MinorVersion int -+ PatchLevel int +- MajorVersion int +- MinorVersion int ++ Version int } func main() { -@@ -23,13 +24,14 @@ func main() { +@@ -23,13 +22,12 @@ func main() { // parse the arg apparmorProfilePath := os.Args[1] - majorVersion, minorVersion, err := aaparser.GetVersion() -+ majorVersion, minorVersion, patchLevel, err := aaparser.GetVersion() ++ version, err := aaparser.GetVersion() if err != nil { log.Fatal(err) } data := profileData{ - MajorVersion: majorVersion, - MinorVersion: minorVersion, -+ PatchLevel: patchLevel, +- MajorVersion: majorVersion, +- MinorVersion: minorVersion, ++ Version: version, } fmt.Printf("apparmor_parser is of version %+v\n", data) -diff --git a/daemon/execdriver/native/apparmor.go b/daemon/execdriver/native/apparmor.go -index 5bbfef6..33859fd 100644 ---- a/daemon/execdriver/native/apparmor.go -+++ b/daemon/execdriver/native/apparmor.go -@@ -27,6 +27,7 @@ type data struct { +Index: docker-1.10.1/daemon/execdriver/native/apparmor.go +=================================================================== +--- docker-1.10.1.orig/daemon/execdriver/native/apparmor.go ++++ docker-1.10.1/daemon/execdriver/native/apparmor.go +@@ -25,8 +25,7 @@ type data struct { + ExecPath string + Imports []string InnerImports []string - MajorVersion int - MinorVersion int -+ PatchLevel int +- MajorVersion int +- MinorVersion int ++ Version int } const baseTemplate = ` -@@ -64,10 +65,13 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) { +@@ -64,14 +63,17 @@ profile {{.Name}} flags=(attach_disconne deny /sys/firmware/efi/efivars/** rwklx, deny /sys/kernel/security/** rwklx, -{{if ge .MajorVersion 2}}{{if ge .MinorVersion 8}} -+{{if ge .MajorVersion 2}}{{if ge .MinorVersion 8}}{{if ge .PatchLevel 95}} ++{{if ge .Version 208095}} + # apparmor-2.8.95 is Ubuntu 14.04 LTS (Trusty Tahr) -+ # apparmor-2.8.95 is apparmor-2.9 beta, which supports ptrace rule -+ # other apparmor-2.8 versions do not support this rule ++ # apparmor-2.8.95 is apparmor-2.9 beta, which supports ptrace rule ++ # other apparmor-2.8 versions do not support this rule # suppress ptrace denials when using 'docker ps' or using 'ps' inside a container ptrace (trace,read) peer=docker-default, -{{end}}{{end}} -+{{end}}{{end}}{{end}} - {{if ge .MajorVersion 2}}{{if ge .MinorVersion 9}} +-{{if ge .MajorVersion 2}}{{if ge .MinorVersion 9}} ++{{end}} ++{{if ge .Version 209000}} # docker daemon confinement requires explict allow rule for signal signal (receive) set=(kill,term) peer={{.ExecPath}}, -@@ -91,7 +95,7 @@ func generateProfile(out io.Writer) error { +-{{end}}{{end}} ++{{end}} + } + ` + +@@ -91,7 +93,7 @@ func generateProfile(out io.Writer) erro if abstractionsExists() { data.InnerImports = append(data.InnerImports, "#include ") } - data.MajorVersion, data.MinorVersion, err = aaparser.GetVersion() -+ data.MajorVersion, data.MinorVersion, data.PatchLevel, err = aaparser.GetVersion() ++ data.Version, err = aaparser.GetVersion() if err != nil { return err } -diff --git a/pkg/aaparser/aaparser.go b/pkg/aaparser/aaparser.go -index 23dda99..a2f2f58 100644 ---- a/pkg/aaparser/aaparser.go -+++ b/pkg/aaparser/aaparser.go -@@ -8,8 +8,8 @@ import ( +Index: docker-1.10.1/pkg/aaparser/aaparser.go +=================================================================== +--- docker-1.10.1.orig/pkg/aaparser/aaparser.go ++++ docker-1.10.1/pkg/aaparser/aaparser.go +@@ -1,45 +1,92 @@ ++// Package aaparser is a convenience package interacting with `apparmor_parser`. + package aaparser + + import ( + "fmt" +- "log" + "os/exec" ++ "path/filepath" + "strconv" "strings" ) -// GetVersion returns the major and minor version of apparmor_parser -func GetVersion() (int, int, error) { -+// GetVersion returns the major, minor and patch level version of apparmor_parser -+func GetVersion() (int, int, int, error) { - // get the apparmor_version version - cmd := exec.Command("apparmor_parser", "--version") +- // get the apparmor_version version +- cmd := exec.Command("apparmor_parser", "--version") ++const ( ++ binary = "apparmor_parser" ++) ++ ++// GetVersion returns the major and minor version of apparmor_parser. ++func GetVersion() (int, error) { ++ output, err := cmd("", "--version") ++ if err != nil { ++ return -1, err ++ } ++ ++ return parseVersion(output) ++} -@@ -29,17 +29,25 @@ func GetVersion() (int, int, error) { +- output, err := cmd.CombinedOutput() ++// LoadProfile runs `apparmor_parser -r -W` on a specified apparmor profile to ++// replace and write it to disk. ++func LoadProfile(profilePath string) error { ++ _, err := cmd(filepath.Dir(profilePath), "-r", "-W", filepath.Base(profilePath)) + if err != nil { +- log.Fatalf("getting apparmor_parser version failed: %s (%s)", err, output) ++ return err + } ++ return nil ++} ++ ++// cmd runs `apparmor_parser` with the passed arguments. ++func cmd(dir string, arg ...string) (string, error) { ++ c := exec.Command(binary, arg...) ++ c.Dir = dir + +- // parse the version from the output ++ output, err := c.CombinedOutput() ++ if err != nil { ++ return "", fmt.Errorf("running `%s %s` failed with output: %s\nerror: %v", c.Path, strings.Join(c.Args, " "), string(output), err) ++ } ++ ++ return string(output), nil ++} ++ ++// parseVersion takes the output from `apparmor_parser --version` and returns ++// a representation of the {major, minor, patch} version as a single number of ++// the form MMmmPPP {major, minor, patch}. ++func parseVersion(output string) (int, error) { + // output is in the form of the following: + // AppArmor parser version 2.9.1 + // Copyright (C) 1999-2008 Novell Inc. + // Copyright 2009-2012 Canonical Ltd. +- lines := strings.SplitN(string(output), "\n", 2) ++ ++ lines := strings.SplitN(output, "\n", 2) + words := strings.Split(lines[0], " ") + version := words[len(words)-1] ++ // split by major minor version v := strings.Split(version, ".") - if len(v) < 2 { +- if len(v) < 2 { - return -1, -1, fmt.Errorf("parsing major minor version failed for %q", version) -+ return -1, -1, -1, fmt.Errorf("parsing major minor and patch level version failed for %q", version) ++ if len(v) == 0 || len(v) > 3 { ++ return -1, fmt.Errorf("parsing version failed for output: `%s`", output) } ++ // Default the versions to 0. ++ var majorVersion, minorVersion, patchLevel int ++ majorVersion, err := strconv.Atoi(v[0]) if err != nil { - return -1, -1, err -+ return -1, -1, -1, err ++ return -1, err } - minorVersion, err := strconv.Atoi(v[1]) - if err != nil { +- minorVersion, err := strconv.Atoi(v[1]) +- if err != nil { - return -1, -1, err -+ return -1, -1, -1, err ++ ++ if len(v) > 1 { ++ minorVersion, err = strconv.Atoi(v[1]) ++ if err != nil { ++ return -1, err ++ } ++ } ++ if len(v) > 2 { ++ patchLevel, err = strconv.Atoi(v[2]) ++ if err != nil { ++ return -1, err ++ } } - return majorVersion, minorVersion, nil -+ patchLevel := 0 -+ -+ if len(v) == 3 { -+ patchLevel, err = strconv.Atoi(v[2]) -+ if err != nil { -+ return -1, -1, -1, err -+ } -+ } -+ return majorVersion, minorVersion, patchLevel, nil ++ // major*10^5 + minor*10^3 + patch*10^0 ++ numericVersion := majorVersion*1e5 + minorVersion*1e3 + patchLevel ++ return numericVersion, nil } +Index: docker-1.10.1/contrib/apparmor/template.go +=================================================================== +--- docker-1.10.1.orig/contrib/apparmor/template.go ++++ docker-1.10.1/contrib/apparmor/template.go +@@ -20,11 +20,11 @@ profile /usr/bin/docker (attach_disconne + + umount, + pivot_root, +-{{if ge .MajorVersion 2}}{{if ge .MinorVersion 9}} ++{{if ge .Version 209000}} + signal (receive) peer=@{profile_name}, + signal (receive) peer=unconfined, + signal (send), +-{{end}}{{end}} ++{{end}} + network, + capability, + owner /** rw, +@@ -46,12 +46,12 @@ profile /usr/bin/docker (attach_disconne + /etc/ld.so.cache r, + /etc/passwd r, + +-{{if ge .MajorVersion 2}}{{if ge .MinorVersion 9}} ++{{if ge .Version 209000}} + ptrace peer=@{profile_name}, + ptrace (read) peer=docker-default, + deny ptrace (trace) peer=docker-default, + deny ptrace peer=/usr/bin/docker///bin/ps, +-{{end}}{{end}} ++{{end}} + + /usr/lib/** rm, + /lib/** rm, +@@ -72,11 +72,11 @@ profile /usr/bin/docker (attach_disconne + /sbin/zfs rCx, + /sbin/apparmor_parser rCx, + +-{{if ge .MajorVersion 2}}{{if ge .MinorVersion 9}} ++{{if ge .Version 209000}} + # Transitions + change_profile -> docker-*, + change_profile -> unconfined, +-{{end}}{{end}} ++{{end}} + + profile /bin/cat (complain) { + /etc/ld.so.cache r, +@@ -98,10 +98,10 @@ profile /usr/bin/docker (attach_disconne + /dev/null rw, + /bin/ps mr, + +-{{if ge .MajorVersion 2}}{{if ge .MinorVersion 9}} ++{{if ge .Version 209000}} + # We don't need ptrace so we'll deny and ignore the error. + deny ptrace (read, trace), +-{{end}}{{end}} ++{{end}} + + # Quiet dac_override denials + deny capability dac_override, +@@ -119,15 +119,15 @@ profile /usr/bin/docker (attach_disconne + /proc/tty/drivers r, + } + profile /sbin/iptables (complain) { +-{{if ge .MajorVersion 2}}{{if ge .MinorVersion 9}} ++{{if ge .Version 209000}} + signal (receive) peer=/usr/bin/docker, +-{{end}}{{end}} ++{{end}} + capability net_admin, + } + profile /sbin/auplink flags=(attach_disconnected, complain) { +-{{if ge .MajorVersion 2}}{{if ge .MinorVersion 9}} ++{{if ge .Version 209000}} + signal (receive) peer=/usr/bin/docker, +-{{end}}{{end}} ++{{end}} + capability sys_admin, + capability dac_override, + +@@ -146,9 +146,9 @@ profile /usr/bin/docker (attach_disconne + /proc/[0-9]*/mounts rw, + } + profile /sbin/modprobe /bin/kmod (complain) { +-{{if ge .MajorVersion 2}}{{if ge .MinorVersion 9}} ++{{if ge .Version 209000}} + signal (receive) peer=/usr/bin/docker, +-{{end}}{{end}} ++{{end}} + capability sys_module, + /etc/ld.so.cache r, + /lib/** rm, +@@ -162,9 +162,9 @@ profile /usr/bin/docker (attach_disconne + } + # xz works via pipes, so we do not need access to the filesystem. + profile /usr/bin/xz (complain) { +-{{if ge .MajorVersion 2}}{{if ge .MinorVersion 9}} ++{{if ge .Version 209000}} + signal (receive) peer=/usr/bin/docker, +-{{end}}{{end}} ++{{end}} + /etc/ld.so.cache r, + /lib/** rm, + /usr/bin/xz rm, From c675fac864b97007d1d07aca940e51d2587ea2201f055805e1fe392a57672c69 Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Date: Tue, 1 Mar 2016 15:43:51 +0000 Subject: [PATCH 24/37] update to docker-1.10.2 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=74 --- _service | 4 ++-- docker-1.10.1.tar.xz | 3 --- docker-1.10.2.tar.xz | 3 +++ docker.changes | 31 +++++++++++++++++++++++++++++++ docker.spec | 5 +++-- 5 files changed, 39 insertions(+), 7 deletions(-) delete mode 100644 docker-1.10.1.tar.xz create mode 100644 docker-1.10.2.tar.xz diff --git a/_service b/_service index d5e2138..582909f 100644 --- a/_service +++ b/_service @@ -3,8 +3,8 @@ https://github.com/docker/docker.git git .git - 1.10.1 - v1.10.1 + 1.10.2 + v1.10.2 docker-*.tar diff --git a/docker-1.10.1.tar.xz b/docker-1.10.1.tar.xz deleted file mode 100644 index 4fd1857..0000000 --- a/docker-1.10.1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:da8b04d5596ef138d19303bb4155dee423d88cb8977259c01d3d9b73ecc08e71 -size 8302256 diff --git a/docker-1.10.2.tar.xz b/docker-1.10.2.tar.xz new file mode 100644 index 0000000..178de1e --- /dev/null +++ b/docker-1.10.2.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:14bf1e45e2f8d75b70f6a6c734514fbcdf61308e0934aca7935d7d8eb0bbe5bb +size 8306348 diff --git a/docker.changes b/docker.changes index 94f486b..f1cc092 100644 --- a/docker.changes +++ b/docker.changes @@ -1,3 +1,34 @@ +------------------------------------------------------------------- +Tue Feb 23 08:52:17 UTC 2016 - jmassaguerpla@suse.com + +Update to version 1.10.2 + + - Runtime + Prevent systemd from deleting containers' cgroups when its configuration is reloaded #20518 + Fix SELinux issues by disregarding --read-only when mounting /dev/mqueue #20333 + Fix chown permissions used during docker cp when userns is used #20446 + Fix configuration loading issue with all booleans defaulting to true #20471 + Fix occasional panic with docker logs -f #20522 + + - Distribution + Keep layer reference if deletion failed to avoid a badly inconsistent state #20513 + Handle gracefully a corner case when canceling migration #20372 + Fix docker import on compressed data #20367 + Fix tar-split files corruption during migration that later cause docker push and docker save to fail #20458 + + - Networking + Fix daemon crash if embedded DNS is sent garbage #20510 + + - Volumes + Fix issue with multiple volume references with same name #20381 + + - Security + Fix potential cache corruption and delegation conflict issues #20523 + +link to changelog: + +https://github.com/docker/docker/blob/v1.10.2/CHANGELOG.md + ------------------------------------------------------------------- Mon Feb 15 12:13:16 UTC 2016 - asarai@suse.com diff --git a/docker.spec b/docker.spec index c9d1100..2112fe7 100644 --- a/docker.spec +++ b/docker.spec @@ -1,7 +1,7 @@ # # spec file for package docker # -# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,7 +19,7 @@ %define git_version 9e83765 %define go_arches %ix86 x86_64 Name: docker -Version: 1.10.1 +Version: 1.10.2 Release: 0 Summary: The Linux container runtime License: Apache-2.0 @@ -73,6 +73,7 @@ BuildRequires: zsh Requires: apparmor-parser Requires: bridge-utils Requires: ca-certificates-mozilla +Requires: docker-image-migrator # Provides mkfs.ext4 - used by Docker when devicemapper storage driver is used Requires: e2fsprogs Requires: git-core >= 1.7 From 0d6e53e6f01d7a9274e960d3bf1c61d2dc1f5475686d219da1fbf72ddf42cabb Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Date: Tue, 1 Mar 2016 15:45:33 +0000 Subject: [PATCH 25/37] fix changelog OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=75 --- docker.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker.changes b/docker.changes index f1cc092..b13d336 100644 --- a/docker.changes +++ b/docker.changes @@ -1,7 +1,7 @@ ------------------------------------------------------------------- Tue Feb 23 08:52:17 UTC 2016 - jmassaguerpla@suse.com -Update to version 1.10.2 +Update to version 1.10.2 (bnc#968933) - Runtime Prevent systemd from deleting containers' cgroups when its configuration is reloaded #20518 From 67e552755b9dea1556f21f801b9b54f4a6e0e2e83cbb66a4b0981c4a4796cba4 Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Date: Tue, 1 Mar 2016 15:46:41 +0000 Subject: [PATCH 26/37] fix changelog OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=76 --- docker.changes | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docker.changes b/docker.changes index b13d336..15a83af 100644 --- a/docker.changes +++ b/docker.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Mar 1 15:28:56 UTC 2016 - jmassaguerpla@suse.com + +- Require docker-image-migrator (bnc#968933) + ------------------------------------------------------------------- Tue Feb 23 08:52:17 UTC 2016 - jmassaguerpla@suse.com From 7eeda7063e294d754ae06e46294d83f114008836d5bb61265d3b3eee88fdfd52 Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Date: Tue, 1 Mar 2016 17:44:13 +0000 Subject: [PATCH 27/37] fix changelog OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=77 --- docker.changes | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docker.changes b/docker.changes index 15a83af..5afbaa3 100644 --- a/docker.changes +++ b/docker.changes @@ -72,6 +72,13 @@ https://github.com/docker/docker/blob/590d5108bbdaabb05af590f76c9757daceb6d02e/C add_bolt_arm64.patch add_bolt_s390x.patch +- remove gcc-go-build-static-libgo.patch: This has been replace by gcc-go-patches.patch + +- removed patches, because arm and ppc are not build using the dynbinary target, but the dyngccgo one: + docker_remove_journald_to_fix_dynbinary_build_on_arm.patch + docker_remove_journald_to_fix_dynbinary_build_on_powerpc.patch + docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch + - added patches: fix_platform_type_arm.patch: fix build for arm64 and aarch64: set utsname as uint8 for arm64 and aarch64 gcc5_socket_workaround.patch: gcc5-go in Tumbleweed includes this commit @@ -84,6 +91,7 @@ https://github.com/docker/docker/blob/590d5108bbdaabb05af590f76c9757daceb6d02e/C This is a workaround for bnc#964468: gcc-go can no longer compile Docker. fix-apparmor.patch: fix https://github.com/docker/docker/issues/20269 . It affects SLE12 which has apparmor version 2.8 and not openSUSE which has version 2.9. + fix-ppc64le.patch: Build netlink driver using int8 and not uint8 for the data structure - reviewed patches: ignore-dockerinit-checksum.patch: review context in patch From 6a84d2ec5aa0a41090c625cd88c54b9212b7caa2b9e1e1b1a17e041f7cfa3df6 Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Date: Tue, 1 Mar 2016 18:22:19 +0000 Subject: [PATCH 28/37] - fix bsc#968972 - let docker manage the cgroups of the processes that it launches without systemd OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=78 --- docker.changes | 6 ++++++ docker.service | 5 +++++ 2 files changed, 11 insertions(+) diff --git a/docker.changes b/docker.changes index 5afbaa3..a789104 100644 --- a/docker.changes +++ b/docker.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Mar 1 17:54:41 UTC 2016 - jmassaguerpla@suse.com + +- fix bsc#968972 - let docker manage the cgroups of the processes + that it launches without systemd + ------------------------------------------------------------------- Tue Mar 1 15:28:56 UTC 2016 - jmassaguerpla@suse.com diff --git a/docker.service b/docker.service index 013ea44..6177c84 100644 --- a/docker.service +++ b/docker.service @@ -5,12 +5,17 @@ After=network.target docker.socket Requires=docker.socket [Service] +# the default is not to use systemd for cgroups because the delegate issues still +# exists and systemd currently does not support the cgroup feature set required +# for containers run by docker EnvironmentFile=/etc/sysconfig/docker ExecStart=/usr/bin/docker daemon -H fd:// $DOCKER_OPTS MountFlags=slave LimitNOFILE=1048576 LimitNPROC=1048576 LimitCORE=infinity +# set delegate yes so that systemd does not reset the cgroups of docker containers +Delegate=yes [Install] WantedBy=multi-user.target From 52e75bc3762bc5e8acf6975b48f518721ef322a12b4007b6a3352179fbdee009 Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Date: Mon, 7 Mar 2016 12:08:12 +0000 Subject: [PATCH 29/37] comment temporary the migration requirement until we fix that package OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=79 --- docker.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker.spec b/docker.spec index 2112fe7..f717308 100644 --- a/docker.spec +++ b/docker.spec @@ -73,7 +73,7 @@ BuildRequires: zsh Requires: apparmor-parser Requires: bridge-utils Requires: ca-certificates-mozilla -Requires: docker-image-migrator +# Requires: docker-image-migrator # Provides mkfs.ext4 - used by Docker when devicemapper storage driver is used Requires: e2fsprogs Requires: git-core >= 1.7 From 6c72404a571b8f97c7661b7b1bc4998b31c2864e99131befdaf1619e3ebc5a47 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Mon, 7 Mar 2016 12:08:24 +0000 Subject: [PATCH 30/37] - Remove docker-image-migrator for now (there are plenty of issues getting it to work properly at the moment). (bnc#968933) OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=80 --- docker.changes | 6 ++++++ docker.spec | 1 - 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/docker.changes b/docker.changes index a789104..b765a00 100644 --- a/docker.changes +++ b/docker.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Mar 7 11:48:01 UTC 2016 - asarai@suse.com + +- Remove docker-image-migrator for now (there are plenty of issues getting it to + work properly at the moment). (bnc#968933) + ------------------------------------------------------------------- Tue Mar 1 17:54:41 UTC 2016 - jmassaguerpla@suse.com diff --git a/docker.spec b/docker.spec index f717308..f996652 100644 --- a/docker.spec +++ b/docker.spec @@ -73,7 +73,6 @@ BuildRequires: zsh Requires: apparmor-parser Requires: bridge-utils Requires: ca-certificates-mozilla -# Requires: docker-image-migrator # Provides mkfs.ext4 - used by Docker when devicemapper storage driver is used Requires: e2fsprogs Requires: git-core >= 1.7 From 0a40d1c8519bfec1585040ffbf78146f10d73ebeee34ccd9c4ed36a87e4d3273 Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Date: Mon, 7 Mar 2016 14:44:00 +0000 Subject: [PATCH 31/37] Accepting request 367638 from home:michel_mno:branches:Virtualization:containers - more patches to build on ppc64 architecture update netlink_gcc_go.patch new netlink_netns_powerpc.patch new boltdb_bolt_powerpc.patch new libnetwork_drivers_bridge_powerpc.patch to replace deleted fix-ppc64le.patch OBS-URL: https://build.opensuse.org/request/show/367638 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=81 --- boltdb_bolt_powerpc.patch | 18 ++++++++++++++++++ docker.changes | 10 ++++++++++ docker.spec | 9 ++++++--- fix-ppc64le.patch | 20 -------------------- libnetwork_drivers_bridge_powerpc.patch | 25 +++++++++++++++++++++++++ netlink_gcc_go.patch | 6 +++--- netlink_netns_powerpc.patch | 16 ++++++++++++++++ 7 files changed, 78 insertions(+), 26 deletions(-) create mode 100644 boltdb_bolt_powerpc.patch delete mode 100644 fix-ppc64le.patch create mode 100644 libnetwork_drivers_bridge_powerpc.patch create mode 100644 netlink_netns_powerpc.patch diff --git a/boltdb_bolt_powerpc.patch b/boltdb_bolt_powerpc.patch new file mode 100644 index 0000000..9858a0b --- /dev/null +++ b/boltdb_bolt_powerpc.patch @@ -0,0 +1,18 @@ +--- + vendor/src/github.com/boltdb/bolt/bolt_ppc64.go | 9 +++++++++ + 1 file changed, 9 insertions(+) + +Index: docker-1.10.2/vendor/src/github.com/boltdb/bolt/bolt_ppc64.go +=================================================================== +--- /dev/null ++++ docker-1.10.2/vendor/src/github.com/boltdb/bolt/bolt_ppc64.go +@@ -0,0 +1,9 @@ ++// +build ppc64 ++ ++package bolt ++ ++// maxMapSize represents the largest mmap size supported by Bolt. ++const maxMapSize = 0xFFFFFFFFFFFF // 256TB ++ ++// maxAllocSize is the size used when creating array pointers. ++const maxAllocSize = 0x7FFFFFFF diff --git a/docker.changes b/docker.changes index b765a00..f0e4cf6 100644 --- a/docker.changes +++ b/docker.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Mon Mar 7 14:09:17 UTC 2016 - normand@linux.vnet.ibm.com + +- more patches to build on ppc64 architecture + update netlink_gcc_go.patch + new netlink_netns_powerpc.patch + new boltdb_bolt_powerpc.patch + new libnetwork_drivers_bridge_powerpc.patch to replace + deleted fix-ppc64le.patch + ------------------------------------------------------------------- Mon Mar 7 11:48:01 UTC 2016 - asarai@suse.com diff --git a/docker.spec b/docker.spec index f996652..dc92c00 100644 --- a/docker.spec +++ b/docker.spec @@ -52,8 +52,9 @@ Patch3: fix-apparmor.patch Patch100: ignore-dockerinit-checksum.patch Patch101: gcc-go-patches.patch Patch102: netlink_gcc_go.patch -#TODO: rename this patch later on -Patch108: fix-ppc64le.patch +Patch103: netlink_netns_powerpc.patch +Patch104: boltdb_bolt_powerpc.patch +Patch105: libnetwork_drivers_bridge_powerpc.patch BuildRequires: audit BuildRequires: bash-completion BuildRequires: device-mapper-devel >= 1.2.68 @@ -161,8 +162,10 @@ Test package for docker. It contains the source code and the tests. %patch3 -p1 %ifnarch %go_arches %patch101 -p1 -%patch108 -p1 %patch102 -p1 +%patch103 -p1 +%patch104 -p1 +%patch105 -p1 %patch100 -p1 %endif cp %{SOURCE7} . diff --git a/fix-ppc64le.patch b/fix-ppc64le.patch deleted file mode 100644 index a4c7a40..0000000 --- a/fix-ppc64le.patch +++ /dev/null @@ -1,20 +0,0 @@ -Index: docker-1.9.1/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go -=================================================================== ---- docker-1.9.1.orig/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go -+++ docker-1.9.1/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go -@@ -1,4 +1,4 @@ --// +build arm ppc64 ppc64le -+// +build arm ppc64,!ppc64le - - package bridge - -Index: docker-1.9.1/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_notarm.go -=================================================================== ---- docker-1.9.1.orig/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_notarm.go -+++ docker-1.9.1/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_notarm.go -@@ -1,4 +1,4 @@ --// +build !arm,!ppc64,!ppc64le -+// +build !arm,!ppc64 ppc64le - - package bridge - diff --git a/libnetwork_drivers_bridge_powerpc.patch b/libnetwork_drivers_bridge_powerpc.patch new file mode 100644 index 0000000..d1ffbdd --- /dev/null +++ b/libnetwork_drivers_bridge_powerpc.patch @@ -0,0 +1,25 @@ +--- + vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go | 2 +- + vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_notarm.go | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +Index: docker-1.10.2/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go +=================================================================== +--- docker-1.10.2.orig/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go ++++ docker-1.10.2/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_armppc64.go +@@ -1,4 +1,4 @@ +-// +build arm ppc64 ppc64le ++// +build arm,!ppc64,!ppc64le + + package bridge + +Index: docker-1.10.2/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_notarm.go +=================================================================== +--- docker-1.10.2.orig/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_notarm.go ++++ docker-1.10.2/vendor/src/github.com/docker/libnetwork/drivers/bridge/netlink_deprecated_linux_notarm.go +@@ -1,4 +1,4 @@ +-// +build !arm,!ppc64,!ppc64le ++// +build !arm ppc64 ppc64le + + package bridge + diff --git a/netlink_gcc_go.patch b/netlink_gcc_go.patch index cccc199..19fb111 100644 --- a/netlink_gcc_go.patch +++ b/netlink_gcc_go.patch @@ -31,14 +31,14 @@ index 0000000..feb6070 + syscall_TUNSETIFF = 0x400454ca + syscall_TUNSETPERSIST = 0x400454ca +) -diff --git a/vendor/src/github.com/vishvananda/netlink/link_linux_ppc64le.go b/vendor/src/github.com/vishvananda/netlink/link_linux_ppc64le.go +diff --git a/vendor/src/github.com/vishvananda/netlink/link_linux_powerpc.go b/vendor/src/github.com/vishvananda/netlink/link_linux_powerpc.go new file mode 100644 index 0000000..fac7c06 --- /dev/null -+++ b/vendor/src/github.com/vishvananda/netlink/link_linux_ppc64le.go ++++ b/vendor/src/github.com/vishvananda/netlink/link_linux_powerpc.go @@ -0,0 +1,9 @@ +// +build linux -+// +build ppc64le ++// +build ppc64 ppc64le + +package netlink + diff --git a/netlink_netns_powerpc.patch b/netlink_netns_powerpc.patch new file mode 100644 index 0000000..85f8b4a --- /dev/null +++ b/netlink_netns_powerpc.patch @@ -0,0 +1,16 @@ +--- + vendor/src/github.com/vishvananda/netns/netns_linux_ppc64.go | 7 +++++++ + 1 file changed, 7 insertions(+) + +Index: docker-1.10.2/vendor/src/github.com/vishvananda/netns/netns_linux_ppc64.go +=================================================================== +--- /dev/null ++++ docker-1.10.2/vendor/src/github.com/vishvananda/netns/netns_linux_ppc64.go +@@ -0,0 +1,7 @@ ++// +build linux,ppc64 ++ ++package netns ++ ++const ( ++ SYS_SETNS = 350 ++) From 5b9dc986b2707ab3c937ed0607a21c3a0cbdf488ce9d968184f8a6411e8ef215 Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Date: Fri, 11 Mar 2016 09:13:43 +0000 Subject: [PATCH 32/37] - update to docker 1.10.3 (bnc#970637) Runtime Fix Docker client exiting with an "Unrecognized input header" error #20706 Fix Docker exiting if Exec is started with both AttachStdin and Detach #20647 Distribution Fix a crash when pushing multiple images sharing the same layers to the same repository in parallel #20831 Fix a panic when pushing images to a registry which uses a misconfigured token service #21030 Plugin system Fix issue preventing volume plugins to start when SELinux is enabled #20834 Prevent Docker from exiting if a volume plugin returns a null response for Get requests #20682 Fix plugin system leaking file descriptors if a plugin has an error #20680 Security Fix linux32 emulation to fail during docker build #20672 It was due to the personality syscall being blocked by the default seccomp profile. Fix Oracle XE 10g failing to start in a container #20981 It was due to the ipc syscall being blocked by the default seccomp profile. Fix user namespaces not working on Linux From Scratch #20685 Fix issue preventing daemon to start if userns is enabled and the subuid or subgid files contain comments #20725 More at https://github.com/docker/docker/releases/tag/v1.10.3 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=82 --- _service | 4 ++-- docker-1.10.2.tar.xz | 3 --- docker-1.10.3.tar.xz | 3 +++ docker.changes | 21 +++++++++++++++++++++ docker.spec | 2 +- 5 files changed, 27 insertions(+), 6 deletions(-) delete mode 100644 docker-1.10.2.tar.xz create mode 100644 docker-1.10.3.tar.xz diff --git a/_service b/_service index 582909f..aeaf081 100644 --- a/_service +++ b/_service @@ -3,8 +3,8 @@ https://github.com/docker/docker.git git .git - 1.10.2 - v1.10.2 + 1.10.3 + v1.10.3 docker-*.tar diff --git a/docker-1.10.2.tar.xz b/docker-1.10.2.tar.xz deleted file mode 100644 index 178de1e..0000000 --- a/docker-1.10.2.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:14bf1e45e2f8d75b70f6a6c734514fbcdf61308e0934aca7935d7d8eb0bbe5bb -size 8306348 diff --git a/docker-1.10.3.tar.xz b/docker-1.10.3.tar.xz new file mode 100644 index 0000000..9004edc --- /dev/null +++ b/docker-1.10.3.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:981d52320b7936c294d4b433deffe7af9934b715e207d38a7a993a5a74b3862e +size 8307800 diff --git a/docker.changes b/docker.changes index f0e4cf6..847da25 100644 --- a/docker.changes +++ b/docker.changes @@ -1,4 +1,25 @@ ------------------------------------------------------------------- +Fri Mar 11 08:41:49 UTC 2016 - jmassaguerpla@suse.com + +- update to docker 1.10.3 (bnc#970637) + Runtime + Fix Docker client exiting with an "Unrecognized input header" error #20706 + Fix Docker exiting if Exec is started with both AttachStdin and Detach #20647 + Distribution + Fix a crash when pushing multiple images sharing the same layers to the same repository in parallel #20831 + Fix a panic when pushing images to a registry which uses a misconfigured token service #21030 + Plugin system + Fix issue preventing volume plugins to start when SELinux is enabled #20834 + Prevent Docker from exiting if a volume plugin returns a null response for Get requests #20682 + Fix plugin system leaking file descriptors if a plugin has an error #20680 + Security + Fix linux32 emulation to fail during docker build #20672 It was due to the personality syscall being blocked by the default seccomp profile. + Fix Oracle XE 10g failing to start in a container #20981 It was due to the ipc syscall being blocked by the default seccomp profile. + Fix user namespaces not working on Linux From Scratch #20685 + Fix issue preventing daemon to start if userns is enabled and the subuid or subgid files contain comments #20725 + + More at https://github.com/docker/docker/releases/tag/v1.10.3 +------------------------------------------------------------------- Mon Mar 7 14:09:17 UTC 2016 - normand@linux.vnet.ibm.com - more patches to build on ppc64 architecture diff --git a/docker.spec b/docker.spec index dc92c00..cd972f1 100644 --- a/docker.spec +++ b/docker.spec @@ -19,7 +19,7 @@ %define git_version 9e83765 %define go_arches %ix86 x86_64 Name: docker -Version: 1.10.2 +Version: 1.10.3 Release: 0 Summary: The Linux container runtime License: Apache-2.0 From 9339aa78a449ba75db16e555d9182322cbb20b783ab03af33fea4a2b8f862698 Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Date: Tue, 15 Mar 2016 11:35:05 +0000 Subject: [PATCH 33/37] sync with latest changes for docker-1.10 and also sync changelog with package for SLE OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=83 --- docker.changes | 42 +++++++++++++++++++++++++++------------ docker.spec | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 83 insertions(+), 12 deletions(-) diff --git a/docker.changes b/docker.changes index 847da25..bdbd7aa 100644 --- a/docker.changes +++ b/docker.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Mar 11 08:44:46 UTC 2016 - asarai@suse.de + +- spec: switch to new done file name from docker-image-migrator + ------------------------------------------------------------------- Fri Mar 11 08:41:49 UTC 2016 - jmassaguerpla@suse.com @@ -19,6 +24,20 @@ Fri Mar 11 08:41:49 UTC 2016 - jmassaguerpla@suse.com Fix issue preventing daemon to start if userns is enabled and the subuid or subgid files contain comments #20725 More at https://github.com/docker/docker/releases/tag/v1.10.3 + +------------------------------------------------------------------- +Thu Mar 10 13:52:54 UTC 2016 - asarai@suse.de + +- spec: improve file-based migration checks to make sure that it doesn't cause + errors if running on a /var/lib/docker without /var/lib/docker/graph. + +------------------------------------------------------------------- +Wed Mar 9 13:45:14 UTC 2016 - asarai@suse.de + +- spec: implement file-based migration checks. The migrator will be updated to + match the warning message's instructions. This looks like it works with my + testing. + ------------------------------------------------------------------- Mon Mar 7 14:09:17 UTC 2016 - normand@linux.vnet.ibm.com @@ -29,12 +48,6 @@ Mon Mar 7 14:09:17 UTC 2016 - normand@linux.vnet.ibm.com new libnetwork_drivers_bridge_powerpc.patch to replace deleted fix-ppc64le.patch -------------------------------------------------------------------- -Mon Mar 7 11:48:01 UTC 2016 - asarai@suse.com - -- Remove docker-image-migrator for now (there are plenty of issues getting it to - work properly at the moment). (bnc#968933) - ------------------------------------------------------------------- Tue Mar 1 17:54:41 UTC 2016 - jmassaguerpla@suse.com @@ -47,7 +60,7 @@ Tue Mar 1 15:28:56 UTC 2016 - jmassaguerpla@suse.com - Require docker-image-migrator (bnc#968933) ------------------------------------------------------------------- -Tue Feb 23 08:52:17 UTC 2016 - jmassaguerpla@suse.com +Tue Feb 23 08:55:17 UTC 2016 - jmassaguerpla@suse.com Update to version 1.10.2 (bnc#968933) @@ -78,14 +91,19 @@ link to changelog: https://github.com/docker/docker/blob/v1.10.2/CHANGELOG.md ------------------------------------------------------------------- -Mon Feb 15 12:13:16 UTC 2016 - asarai@suse.com +Mon Feb 15 09:48:41 UTC 2016 - asarai@suse.com - fix-apparmor.patch: switch to a backported version of docker/docker#20305, which also fixes several potential issues if the major version of apparmor changes. ------------------------------------------------------------------- -Fri Feb 12 16:01:30 UTC 2016 - jmassaguerpla@suse.com +Mon Feb 15 08:35:43 UTC 2016 - asarai@suse.com + +- Remove 1.10.0 tarball. + +------------------------------------------------------------------- +Fri Feb 12 16:04:19 UTC 2016 - jmassaguerpla@suse.com - Update to docker 1.10.1 It includes some fixes to 1.10.0, see detailed changelog in @@ -93,9 +111,9 @@ Fri Feb 12 16:01:30 UTC 2016 - jmassaguerpla@suse.com https://github.com/docker/docker/blob/v1.10.1/CHANGELOG.md ------------------------------------------------------------------- -Fri Feb 5 09:14:15 UTC 2016 - jmassaguerpla@suse.com +Tue Feb 9 17:24:46 UTC 2016 - jmassaguerpla@suse.com -- Update to 1.10.0 version (bnc#965918) +- Update docker to 1.10.0 (bnc#965918) Add usernamespace support Add support for custom seccomp profiles @@ -105,7 +123,6 @@ detailed changelog in https://github.com/docker/docker/blob/590d5108bbdaabb05af590f76c9757daceb6d02e/CHANGELOG.md - - removed patches, because code has been merged in 1.10.0 release: libcontainer-apparmor-fixes.patch: see: https://github.com/docker/docker/blob/release/v1.10/contrib/apparmor/template.go fix_bnc_958255.patch: see https://github.com/docker/docker/commit/2b4f64e59018c21aacbf311d5c774dd5521b5352 @@ -135,6 +152,7 @@ https://github.com/docker/docker/blob/590d5108bbdaabb05af590f76c9757daceb6d02e/C fix-apparmor.patch: fix https://github.com/docker/docker/issues/20269 . It affects SLE12 which has apparmor version 2.8 and not openSUSE which has version 2.9. fix-ppc64le.patch: Build netlink driver using int8 and not uint8 for the data structure + - reviewed patches: ignore-dockerinit-checksum.patch: review context in patch diff --git a/docker.spec b/docker.spec index cd972f1..8979893 100644 --- a/docker.spec +++ b/docker.spec @@ -16,6 +16,10 @@ # +%define docker_store /var/lib/docker +%define docker_graph %{docker_store}/graph +%define docker_migration_testfile %{docker_store}/.suse-image-migration-v1to2-complete + %define git_version 9e83765 %define go_arches %ix86 x86_64 Name: docker @@ -254,6 +258,55 @@ install -p -m 644 man/man5/Dockerfile.5 %{buildroot}%{_mandir}/man5 %fdupes %{buildroot} %pre +# We're currently inside rpmlint, which will cause us to fail the tests if it +# happens that the Docker install in the builder requires a migration. $BUILD +if [[ -z "$BUILD_ROOT" && -z "$DOCKER_FORCE_IMAGE_MIGRATION" ]] +then + # In order to make sure we don't print a scary warning when we shouldn't we + # need to test these things (in this order): + # 1. Check that /var/lib/docker actually exists (docker daemon has run). + # 2. Check that the migrator has *not* finished. + # 3. Check that /var/lib/docker/graph exists (this is a <=1.9.1 thing, but + # will stick around if it has been migrated -- which is why we need the + # MIGRATION_TESTFILE check). + # 4. Check that there are images in the graph/ directory. + if [[ -d "%{docker_store}" && ( ! -f "%{docker_migration_testfile}" ) && -d "%{docker_store}" && -n "$(find "%{docker_store}" -maxdepth 1 -type d 2>/dev/null | grep -Ev '_tmp|^%{docker_store}$')" ]] + then +cat >&2 <=1.10.0, the Docker image format +has changed to be completely content-addressible. This results in several positive +improvements to image operations (better caching during builds mainly). However, +the migration operation may take several hours if you have a lot of large images +on a Docker host. In order to ensure that you have minimum downtime, this update +of Docker will not complete successfully, and you will have the opportunity to +run a separate migration tool (which will not cause downtime for your Docker +daemon). + +In order to run this migration tool, please install docker-image-migrator package. + +However, if you prefer to not run this separate migration tool, you can force this +update using the following command. THIS WILL CAUSE DOWNTIME, BECAUSE DOCKER WILL +RUN THE MIGRATION ON FIRST START AND YOU WILL BE UNABLE TO START ANY CONTAINERS +OR USE ANY DOCKER COMMANDS (EVEN CONTAINERS WITH RESTART POLICIES ACTIVE): + +$ DOCKER_FORCE_IMAGE_MIGRATION=1 sudo -E zypper up docker +EOF + + # Fail the update. + exit 1 + fi + + # In order to make sure that we don't accidentally cause problems with an + # upgrade to docker>=1.10.2, we'll touch the same file we tested in (2). + # -m701 is *not* a typo, it is necessary for certain syscalls with remapped + # root. + [[ -d "%{docker_store}" ]] || install -d -m701 %{docker_store} || : + touch %{docker_migration_testfile} +fi + echo "creating group docker..." groupadd -r docker 2>/dev/null || : %service_add_pre %{name}.service %{name}.socket From f129359d5e685b393785d012adcecbb8c0927964cfe5b22c3e4ebc6d4df07f9b Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Date: Tue, 15 Mar 2016 11:39:02 +0000 Subject: [PATCH 34/37] fix changelog OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=84 --- docker.changes | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/docker.changes b/docker.changes index bdbd7aa..4dbc02c 100644 --- a/docker.changes +++ b/docker.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Tue Mar 15 09:16:55 UTC 2016 - asarai@suse.de + +- docker.spec: update warning to mention that /etc/sysconfig/docker is sourced + by the migration script. + +------------------------------------------------------------------- +Mon Mar 14 10:20:19 UTC 2016 - asarai@suse.de + +- docker.spec: only Reccomends: the docker-image-migrator package as it is no + longer required for our ugly systemctl hacks. +- docker.spec: fix up documentation to refer to the script you need to run in + the migrator package. +- docker.spec: print a warning if you force the DOCKER_FORCE_INSTALL option. + ------------------------------------------------------------------- Fri Mar 11 08:44:46 UTC 2016 - asarai@suse.de @@ -57,7 +72,7 @@ Tue Mar 1 17:54:41 UTC 2016 - jmassaguerpla@suse.com ------------------------------------------------------------------- Tue Mar 1 15:28:56 UTC 2016 - jmassaguerpla@suse.com -- Require docker-image-migrator (bnc#968933) +- Require docker-image-migrator (bnc#968933) ------------------------------------------------------------------- Tue Feb 23 08:55:17 UTC 2016 - jmassaguerpla@suse.com @@ -85,7 +100,7 @@ Update to version 1.10.2 (bnc#968933) - Security Fix potential cache corruption and delegation conflict issues #20523 - + link to changelog: https://github.com/docker/docker/blob/v1.10.2/CHANGELOG.md @@ -108,12 +123,12 @@ Fri Feb 12 16:04:19 UTC 2016 - jmassaguerpla@suse.com - Update to docker 1.10.1 It includes some fixes to 1.10.0, see detailed changelog in -https://github.com/docker/docker/blob/v1.10.1/CHANGELOG.md +https://github.com/docker/docker/blob/v1.10.1/CHANGELOG.md ------------------------------------------------------------------- Tue Feb 9 17:24:46 UTC 2016 - jmassaguerpla@suse.com -- Update docker to 1.10.0 (bnc#965918) +- Update docker to 1.10.0 (bnc#965918) Add usernamespace support Add support for custom seccomp profiles @@ -121,7 +136,7 @@ Tue Feb 9 17:24:46 UTC 2016 - jmassaguerpla@suse.com detailed changelog in -https://github.com/docker/docker/blob/590d5108bbdaabb05af590f76c9757daceb6d02e/CHANGELOG.md +https://github.com/docker/docker/blob/590d5108bbdaabb05af590f76c9757daceb6d02e/CHANGELOG.md - removed patches, because code has been merged in 1.10.0 release: libcontainer-apparmor-fixes.patch: see: https://github.com/docker/docker/blob/release/v1.10/contrib/apparmor/template.go @@ -152,7 +167,7 @@ https://github.com/docker/docker/blob/590d5108bbdaabb05af590f76c9757daceb6d02e/C fix-apparmor.patch: fix https://github.com/docker/docker/issues/20269 . It affects SLE12 which has apparmor version 2.8 and not openSUSE which has version 2.9. fix-ppc64le.patch: Build netlink driver using int8 and not uint8 for the data structure - + - reviewed patches: ignore-dockerinit-checksum.patch: review context in patch From 6632f104c35bcd4daca88211863f4247bca091b0f5ea2d7e4443c2f66afc8131 Mon Sep 17 00:00:00 2001 From: Jordi Massaguer Date: Tue, 15 Mar 2016 11:47:01 +0000 Subject: [PATCH 35/37] add last minute changes on the migration process OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=85 --- docker.spec | 32 ++++++++++++++++++++++++++------ 1 file changed, 26 insertions(+), 6 deletions(-) diff --git a/docker.spec b/docker.spec index 8979893..d6e8b40 100644 --- a/docker.spec +++ b/docker.spec @@ -88,6 +88,8 @@ Requires: lvm2 >= 2.2.89 Requires: procps Requires: tar >= 1.26 Requires: xz >= 4.9 +# Not necessary, but must be installed to have a smooth upgrade. +Recommends: docker-image-migrator Conflicts: lxc < 1.0 PreReq: %fillup_prereq BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -259,8 +261,8 @@ install -p -m 644 man/man5/Dockerfile.5 %{buildroot}%{_mandir}/man5 %pre # We're currently inside rpmlint, which will cause us to fail the tests if it -# happens that the Docker install in the builder requires a migration. $BUILD -if [[ -z "$BUILD_ROOT" && -z "$DOCKER_FORCE_IMAGE_MIGRATION" ]] +# happens that the Docker install in the builder requires a migration. +if [[ -z "$BUILD_ROOT" ]] then # In order to make sure we don't print a scary warning when we shouldn't we # need to test these things (in this order): @@ -272,6 +274,12 @@ then # 4. Check that there are images in the graph/ directory. if [[ -d "%{docker_store}" && ( ! -f "%{docker_migration_testfile}" ) && -d "%{docker_store}" && -n "$(find "%{docker_store}" -maxdepth 1 -type d 2>/dev/null | grep -Ev '_tmp|^%{docker_store}$')" ]] then + + if [ -n "$DOCKER_FORCE_INSTALL" ] + then + echo >&2 "*** IGNORING DOWNTIME WARNING! FORCING INSTALLATION. ***" + else + cat >&2 < Date: Tue, 15 Mar 2016 15:54:46 +0000 Subject: [PATCH 36/37] rebase changelog based on openSUSE:13.2:Update docker OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=86 --- docker.changes | 38 ++++++++++++++++++++++++-------------- 1 file changed, 24 insertions(+), 14 deletions(-) diff --git a/docker.changes b/docker.changes index 4dbc02c..5c5e523 100644 --- a/docker.changes +++ b/docker.changes @@ -189,6 +189,16 @@ Wed Jan 27 23:40:09 UTC 2016 - asarai@suse.com Added: fix_json_econnreset_bug.patch (https://github.com/docker/docker/issues/14203) +------------------------------------------------------------------- +Fri Jan 22 15:08:05 UTC 2016 - jmassaguerpla@suse.com + +- use_fs_cgroups_by_default.patch: fix bsc#963177 - Use fs cgroups + by default in docker +- fix_cgroup.parent_path_sanitisation.patch: fix bsc# 963198 - fix + cgroup.Parent path sanitisation in docker +- fix_bnc_958255.patch: fix bnc#958255 - Docker creates strange + apparmor profile + ------------------------------------------------------------------- Thu Jan 21 16:52:41 UTC 2016 - jmassaguerpla@suse.com @@ -365,11 +375,11 @@ Thu Sep 10 22:33:01 UTC 2015 - jmassaguerpla@suse.com see detailed changelog in - https://github.com/docker/docker/releases/tag/v1.8.2 + https://github.com/docker/docker/releases/tag/v1.8.2 fix bsc#946653 update do docker 1.8.2 -- devicemapper: fix zero-sized field access +- devicemapper: fix zero-sized field access Fix issue #15279: does not build with Go 1.5 tip Due to golang/go@7904946 the devices field is dropped. @@ -377,7 +387,7 @@ Thu Sep 10 22:33:01 UTC 2015 - jmassaguerpla@suse.com This solution works on go1.4 and go1.5 See more in https://github.com/docker/docker/pull/15404 - + This fix was not included in v1.8.2. See previous link on why. @@ -405,9 +415,9 @@ Thu Aug 13 09:00:25 UTC 2015 - jmassaguerpla@suse.com - Update to docker 1.8.0: see detailed changelog in - https://github.com/docker/docker/releases/tag/v1.8.0 + https://github.com/docker/docker/releases/tag/v1.8.0 -- remove docker-netns-aarch64.patch: This patch was adding +- remove docker-netns-aarch64.patch: This patch was adding vendor/src/github.com/vishvananda/netns/netns_linux_arm64.go which is now included upstream, so we don't need this patch anymore @@ -417,7 +427,7 @@ Fri Jul 24 14:24:16 UTC 2015 - jmassaguerpla@suse.com - Exclude archs where docker does not build. Otherwise it gets into and infinite loop when building. - We'll fix that later if we want to release for those archs. + We'll fix that later if we want to release for those archs. ------------------------------------------------------------------- Wed Jul 15 08:11:11 UTC 2015 - jmassaguerpla@suse.com @@ -446,18 +456,18 @@ Distribution Fix pulling private images Fix fallback between registry V2 and V1 - + ------------------------------------------------------------------- Fri Jul 10 11:22:00 UTC 2015 - jmassaguerpla@suse.com -- Exclude init scripts other than systemd from the test-package +- Exclude init scripts other than systemd from the test-package ------------------------------------------------------------------- Wed Jul 1 12:38:50 UTC 2015 - jmassaguerpla@suse.com - Exclude intel 32 bits arch. Docker does not built on that. Let's - make it explicit. + make it explicit. ------------------------------------------------------------------- Thu Jun 25 16:49:59 UTC 2015 - dmueller@suse.com @@ -509,7 +519,7 @@ Mon Jun 22 08:48:11 UTC 2015 - fcastelli@suse.com ------------------------------------------------------------------- Tue Jun 9 16:35:46 UTC 2015 - jmassaguerpla@suse.com -- Add test subpackage and fix line numbers in patches +- Add test subpackage and fix line numbers in patches ------------------------------------------------------------------- Fri Jun 5 15:29:45 UTC 2015 - fcastelli@suse.com @@ -682,7 +692,7 @@ Fri Dec 12 16:13:30 UTC 2014 - fcastelli@suse.com * Notable Features since 1.3.0: - Set key=value labels to the daemon (displayed in `docker info`), applied with new `-label` daemon flag - - Add support for `ENV` in Dockerfile of the form: + - Add support for `ENV` in Dockerfile of the form: `ENV name=value name2=value2...` - New Overlayfs Storage Driver - `docker info` now returns an `ID` and `Name` field @@ -1160,7 +1170,7 @@ Wed Feb 19 08:35:27 UTC 2014 - fcastelli@suse.com - Fix broken images API for version less than 1.7 - Use the right encoding for all API endpoints which return JSON - Move remote api client to api/ - - Queue calls to the API using generic socket wait + - Queue calls to the API using generic socket wait * Runtime: - Fix the use of custom settings for bridges and custom bridges - Refactor the devicemapper code to avoid many mount/unmount race @@ -1283,7 +1293,7 @@ Fri Jan 10 10:44:23 UTC 2014 - fcastelli@suse.com * Do not add hostname when networking is disabled * Return most recent image from the cache by date * Return all errors from docker wait - * Add Content-Type Header "application/json" to GET /version and /info responses + * Add Content-Type Header "application/json" to GET /version and /info responses * Other: - Update DCO to version 1.1 - Update Makefile to use "docker:GIT_BRANCH" as the generated image name @@ -1302,7 +1312,7 @@ Fri Jan 10 10:44:23 UTC 2014 - fcastelli@suse.com - Fix for wrong version warning on master instead of latest * Runtime: - Only get the image's rootfs when we need to calculate the image size - - Correctly handle unmapping UDP ports + - Correctly handle unmapping UDP ports - Make CopyFileWithTar use a pipe instead of a buffer to save memory on docker build - Fix login message to say pull instead of push - Fix "docker load" help by removing "SOURCE" prompt and mentioning STDIN From 30f62d728ce714acafd2747a6fafeca7e1a8a96a003fdcd03a3a4611ff4c7502 Mon Sep 17 00:00:00 2001 From: Flavio Castelli Date: Tue, 22 Mar 2016 15:28:46 +0000 Subject: [PATCH 37/37] - Changed systemd unit file and default sysconfig file to include network options, this is needed to get SDN like flannel to work OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=87 --- docker.changes | 6 ++++++ docker.service | 2 +- sysconfig.docker | 2 ++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/docker.changes b/docker.changes index 5c5e523..3eee7a4 100644 --- a/docker.changes +++ b/docker.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Mar 22 15:27:26 UTC 2016 - fcastelli@suse.com + +- Changed systemd unit file and default sysconfig file to include network options, + this is needed to get SDN like flannel to work + ------------------------------------------------------------------- Tue Mar 15 09:16:55 UTC 2016 - asarai@suse.de diff --git a/docker.service b/docker.service index 6177c84..c2fc918 100644 --- a/docker.service +++ b/docker.service @@ -9,7 +9,7 @@ Requires=docker.socket # exists and systemd currently does not support the cgroup feature set required # for containers run by docker EnvironmentFile=/etc/sysconfig/docker -ExecStart=/usr/bin/docker daemon -H fd:// $DOCKER_OPTS +ExecStart=/usr/bin/docker daemon -H fd:// $DOCKER_NETWORK_OPTIONS $DOCKER_OPTS MountFlags=slave LimitNOFILE=1048576 LimitNPROC=1048576 diff --git a/sysconfig.docker b/sysconfig.docker index f089e52..5b3b0fb 100644 --- a/sysconfig.docker +++ b/sysconfig.docker @@ -6,3 +6,5 @@ ## ServiceRestart : docker # DOCKER_OPTS="" + +DOCKER_NETWORK_OPTIONS=""