rpm/docker
SHA256
1
0
Fork 0
forked from pool/docker
Code Pull Requests Activity
6a6c6aa170
docker/docker.spec
Aleksa Sarai 6a6c6aa170 Accepting request 540191 from home:cyphar:containers:docker_forwardport 
- Fix bsc#1059011
  The systemd service helper script used a timeout of 60 seconds to
  start the daemon, which is insufficient in cases where the daemon
  takes longer to start. Instead, set the service type from 'simple' to
  'notify' and remove the now superfluous helper script.
- fix bsc#1057743: Add a Requires: fix_bsc_1057743 which is provided by the
  newer version of docker-libnetwork. This is necessary because of a versioning
  bug we found in bsc#1057743.

OBS-URL: https://build.opensuse.org/request/show/540191
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=215
2017-11-09 12:24:37 +00:00

481 lines
18 KiB
RPMSpec
Raw Blame History

#
# spec file for package docker
#
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# nodebuginfo
%global docker_store %{_localstatedir}/lib/docker
%global docker_migration_testfile %{docker_store}/.suse-image-migration-v1to2-complete
%global docker_migration_warnfile %{docker_store}/docker-update-message.txt
%global docker_plugin_warnfile %{docker_store}/docker-plugin-message.txt
%define docker_graph %{docker_store}/graph
%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
# Used when generating the "build" information for Docker version. The value of
# git_commit_epoch is unused here (we use SOURCE_DATE_EPOCH, which rpm
# helpfully injects into our build environment from the changelog). If you want
# to generate a new git_commit_epoch, use this:
# $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s'
%define git_version 87847530f717
%define git_commit_epoch 1508266293
# When upgrading to a new version requires the service not to be restarted
# Due to a long migration process update last_migration_version to the new version
# that will first perform the migration, last time this was needed was version
# 1.10.1
%global last_migration_version 1.10.1
Name: docker
Version: 17.07.0_ce
Release: 0
Summary: The Linux container runtime
License: Apache-2.0
Group: System/Management
Url: http://www.docker.io
# TODO(VR): check those SOURCE files below
Source: %{name}-%{version}.tar.xz
Source1: docker.service
Source3: 80-docker.rules
Source4: sysconfig.docker
Source6: docker-rpmlintrc
Source7: README_SUSE.md
Source8: docker-audit.rules
Source9: tests.sh
Source50: docker-update-message.txt
Source51: docker-plugin-message.txt
# SUSE-FEATURE: Adds the /run/secrets mountpoint inside all Docker containers
# which is not snapshotted when images are committed. Note that if you modify
# this patch, please also modify the patch in the suse-secrets-v<version>
# branch in http://github.com/suse/docker.mirror.
Patch200: secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
Patch201: secrets-0002-SUSE-implement-SUSE-container-secrets.patch
# SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/35205. bsc#1055676
Patch401: bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch
# SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/34573. bsc#1045628
Patch402: bsc1045628-0001-devicemapper-remove-container-rootfs-mountPath-after.patch
# SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/34176. boo#1064781
Patch403: bsc1064781-0001-Allow-to-override-build-date.patch
# SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/35399. boo#1066801 CVE-2017-16539
Patch404: bsc1066801-0001-oci-add-proc-scsi-to-masked-paths.patch
# SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/35424. boo#1066210 CVE-2017-14992
Patch405: bsc1066210-0001-vendor-update-to-github.com-vbatts-tar-split-v0.10.2.patch
BuildRequires: audit
BuildRequires: bash-completion
BuildRequires: ca-certificates
BuildRequires: device-mapper-devel >= 1.2.68
BuildRequires: glibc-devel-static
BuildRequires: libapparmor-devel
BuildRequires: libbtrfs-devel >= 3.8
# enable libseccomp for sle >= sle12sp2
%if 0%{?sle_version} >= 120200
%define with_libseccomp 1
%endif
# enable libseccomp for leap >= 42.2
%if 0%{?leap_version} >= 420200
%define with_libseccomp 1
%endif
# enable libseccomp for Factory
%if 0%{?suse_version} > 1320
%define with_libseccomp 1
%endif
%if 0%{?with_libseccomp}
BuildRequires: libseccomp-devel
%endif
BuildRequires: libtool
BuildRequires: procps
BuildRequires: sqlite3-devel
BuildRequires: systemd-devel
BuildRequires: zsh
Requires: apparmor-parser
Requires: bridge-utils
Requires: ca-certificates-mozilla
# Required in order for networking to work. fix_bsc_1057743 is a work-around
# for some old packaging issues (where rpm would delete a binary that was
# installed by docker-libnetwork). See bsc#1057743 for more details.
Requires: docker-libnetwork = 0.7.0+gitr2322_4a242dba7739
Requires: fix_bsc_1057743
# Containerd and runC are required as they are the only currently supported
# execdrivers of Docker. NOTE: The version pinning here matches upstream's
# vendor.conf to ensure that we don't use a slightly incompatible version of
# runC or containerd (which would be bad).
Requires: containerd = 0.2.8+gitr671_3addd8406531
Requires: docker-runc = 1.0.0rc3+gitr3201_2d41c04
# Provides mkfs.ext4 - used by Docker when devicemapper storage driver is used
Requires: e2fsprogs
Requires: git-core >= 1.7
Requires: iproute2 >= 3.5
Requires: iptables >= 1.4
Requires: procps
Requires: tar >= 1.26
Requires: xz >= 4.9
Requires(post): %fillup_prereq
Requires(post): udev
Requires(post): shadow
# Not necessary, but must be installed to have a smooth upgrade.
Recommends: docker-image-migrator
# Not necessary, but must be installed when the underlying system is
# configured to use lvm and the user doesn't explicitly provide a
# different storage-driver than devicemapper
Recommends: lvm2 >= 2.2.89
Conflicts: lxc < 1.0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
ExcludeArch: %ix86 s390 ppc
# Make sure we build with go 1.8
BuildRequires: go-go-md2man
BuildRequires: golang(API) = 1.8
%description
Docker complements LXC with a high-level API which operates at the process
level. It runs unix processes with strong guarantees of isolation and
repeatability across servers.
Docker is a great building block for automating distributed systems: large-scale
web deployments, database clusters, continuous deployment systems, private PaaS,
service-oriented architectures, etc.
%package bash-completion
Summary: Bash Completion for %{name}
Group: System/Management
Requires: %{name} = %{version}
Supplements: packageand(docker:bash-completion)
BuildArch: noarch
%description bash-completion
Bash command line completion support for %{name}.
%package zsh-completion
Summary: Zsh Completion for %{name}
Group: System/Management
Requires: %{name} = %{version}
Supplements: packageand(docker:zsh)
BuildArch: noarch
%description zsh-completion
Zsh command line completion support for %{name}.
%package test
%global __requires_exclude ^libgo.so.*$
Summary: Test package for docker
Group: System/Management
BuildRequires: fdupes
Requires: apparmor-parser
Requires: bash-completion
Requires: device-mapper-devel >= 1.2.68
Requires: glibc-devel-static
# Make sure we require go 1.7
Requires: libapparmor-devel
Requires: libbtrfs-devel >= 3.8
Requires: procps
Requires: sqlite3-devel
Requires: golang(API) = 1.8
%description test
Test package for docker. It contains the source code and the tests.
%prep
%setup -q
%if 0%{?is_opensuse}
# nothing
%else
%patch200 -p1 -d components/engine
%patch201 -p1 -d components/engine
%endif
# bsc#1055676
%patch401 -p1 -d components/engine
# bsc#1045628
%patch402 -p1 -d components/engine
# boo#1064781
%patch403 -p1 -d components/engine
# boo#1066801 CVE-2017-16539
%patch404 -p1 -d components/engine
# boo#1066210 CVE-2017-14992
%patch405 -p1 -d components/engine
cp %{SOURCE7} .
cp %{SOURCE9} .
%build
BUILDTAGS="exclude_graphdriver_aufs apparmor selinux pkcs11"
%if 0%{?with_libseccomp}
BUILDTAGS="seccomp $BUILDTAGS"
%endif
# For SLE12 libdevmapper.h is not recent enough to define
# dm_task_deferred_remove().
%if 0%{?sle_version} == 120000
BUILDTAGS="libdm_no_deferred_remove $BUILDTAGS"
%endif
(cat <<EOF
export AUTO_GOPATH=1
export DOCKER_BUILDTAGS="$BUILDTAGS"
# Until boo#1038493 is fixed properly we need to do this hack to get the
# compiled-into-the-binary GOROOT.
export GOROOT="$(GOROOT= go env GOROOT)"
# Make sure we always build PIC code. bsc#1048046
export BUILDFLAGS="-buildmode=pie"
# Specify all of the versioning information. We use SOURCE_DATE_EPOCH if it's
# been injected by rpmbuild, otherwise we use the hardcoded git_commit_epoch
# generated above. boo#1064781
export VERSION="$(cat ./VERSION 2>/dev/null || echo '%{version}')"
export DOCKER_GITCOMMIT="%{git_version}"
export GITCOMMIT="%{git_version}"
export SOURCE_DATE_EPOCH="${SOURCE_DATE_EPOCH:-%{git_commit_epoch}}"
export BUILDTIME="$(date -u -d "@$SOURCE_DATE_EPOCH" --rfc-3339 ns 2>/dev/null | sed -e 's/ /T/')"
EOF
) > docker_build_env
. ./docker_build_env
# Preparing GOPATH so that the client is visible to the compiler
mkdir -p src/github.com/docker/
ln -s $(pwd)/components/cli $(pwd)/src/github.com/docker/cli
GOPATH=$GOPATH:$(pwd)
# DOCKER ENGINE
cd components/engine/
# ignore the warning that we compile outside a Docker container
./hack/make.sh dynbinary
# build the tests binary
GOPATH=$(pwd)/vendor:$(pwd)/.gopath/ go test \
-buildmode=pie \
-tags "$DOCKER_BUILDTAGS daemon autogen" \
-c github.com/docker/docker/integration-cli -o tests.main
cd ../..
# DOCKER CLIENT
cd components/cli
./scripts/build/dynbinary
./man/md2man-all.sh
cd ../..
%check
. ./docker_build_env
# DOCKER ENGINE
# go test will look in github.com/docker/docker/vendor for vendored packages but
# Docker keeps them in github.com/docker/docker/vendor/src. Let's do it like
# Docker does it and append github.com/docker/docker/vendor to the GOPATH so the
# packages are found by go test.
export GOPATH=$HOME/go/src/github.com/docker/docker/vendor:$GOPATH
# Create or dir if it doesn't exist already
mkdir -p $HOME/go/src/github.com/docker
# Remove any existing symlinks.
rm -rf $HOME/go/src/github.com/docker/*
# go list -e ... doesn't seem to work with symlinks so do a full copy instead.
cp -ar %{buildroot}/usr/src/docker/engine $HOME/go/src/github.com/docker/docker
cd $HOME/go/src/github.com/docker/docker
# The command is taken from hack/make/test-unit and various test runs.
# Everything that follows github.com/docker/pkg/integration-cli are packages
# containing tests that cannot run in an obs build context. Some tests must be
# excluded as they will always fail in our build environments.
PKG_LIST=$(go list -e \
-f '{{if ne .Name "github.com/docker/docker"}} {{.ImportPath}}
{{end}}' \
-tags "$DOCKER_BUILDTAGS" \
-a "${BUILDFLAGS[@]}" ... \
| grep 'github.com/docker/docker' \
| grep -Ev 'vendor/(.+/)?github.com/docker/docker' \
| grep -v 'github.com/docker/docker/vendor' \
| grep -v 'github.com/docker/docker/integration-cli' \
| grep -v 'github.com/docker/docker/pkg/archive$' \
| grep -v 'github.com/docker/docker/pkg/chrootarchive$' \
| grep -v 'github.com/docker/docker/pkg/gitutils$' \
| grep -v 'github.com/docker/docker/pkg/idtools$' \
| grep -v 'github.com/docker/docker/pkg/jsonlog$' \
| grep -v 'github.com/docker/docker/pkg/mount$' \
| grep -v 'github.com/docker/docker/pkg/sysinfo$' \
| grep -v 'github.com/docker/docker/registry$' \
| grep -v 'github.com/docker/docker/volume/local$' \
| grep -v 'github.com/docker/docker/builder$' \
| grep -v 'github.com/docker/docker/builder/remotecontext' \
| grep -v 'github.com/docker/docker/builder/dockerfile$' \
| grep -v 'github.com/docker/docker/builder/dockerfile/parser$' \
| grep -v 'github.com/docker/docker/daemon$' \
| grep -v 'github.com/docker/docker/daemon/graphdriver' \
| grep -v 'github.com/docker/docker/cmd/dockerd$' \
| grep -v 'github.com/docker/docker/pkg/integration$' \
| grep -v 'github.com/docker/docker/pkg/testutil' \
%if 0%{?sle_version} == 120000
| grep -v 'github.com/docker/docker/pkg/devicemapper$' \
%endif
%if ! 0%{?with_libseccomp}
| grep -v 'github.com/docker/docker/profiles/seccomp$' \
%endif
)
rm ./pkg/system/rm_test.go
go test -buildmode=pie -cover -ldflags -w -tags "$DOCKER_BUILDTAGS" -a -test.timeout=10m $PKG_LIST
# DOCKER CLIENT
cp -ar %{buildroot}/usr/src/docker/cli $HOME/go/src/github.com/docker/cli
cd $HOME/go/src/github.com/docker/cli
PKG_LIST=$(go list ./... \
| grep 'github.com/docker/cli' \
| grep -v 'github.com/docker/cli/vendor' \
| grep -v 'github.com/docker/cli/cli/command/idresolver' \
| grep -v 'github.com/docker/cli/cli/command/image' \
| grep -v 'github.com/docker/cli/cli/image' \
)
go test -buildmode=pie -cover -ldflags -w -tags daemon -a -test.timeout=10m $PKG_LIST
%install
install -d %{buildroot}%{go_contribdir}
install -d %{buildroot}%{_bindir}
install -D -m755 components/cli/build/docker %{buildroot}/%{_bindir}/docker
install -D -m755 components/engine/bundles/latest/dynbinary-daemon/dockerd %{buildroot}/%{_bindir}/dockerd
install -d %{buildroot}/%{_prefix}/lib/docker
install -Dd -m 0755 \
%{buildroot}%{_sysconfdir}/init.d \
%{buildroot}%{_sbindir}
install -D -m0644 components/cli/contrib/completion/bash/docker "%{buildroot}%{_sysconfdir}/bash_completion.d/%{name}"
install -D -m0644 components/cli/contrib/completion/zsh/_docker "%{buildroot}%{_sysconfdir}/zsh_completion.d/%{name}"
# copy all for the test package
install -d %{buildroot}%{_prefix}/src/docker/
cp -a components/engine/. %{buildroot}%{_prefix}/src/docker/engine
cp -a components/cli/. %{buildroot}%{_prefix}/src/docker/cli
#
# systemd service
#
install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service
ln -sf service %{buildroot}%{_sbindir}/rcdocker
#
# udev rules that prevents dolphin to show all docker devices and slows down
# upstream report https://bugs.kde.org/show_bug.cgi?id=329930
#
install -D -m 0644 %{SOURCE3} %{buildroot}%{_udevrulesdir}/80-%{name}.rules
# audit rules
install -D -m 0640 %{SOURCE8} %{buildroot}%{_sysconfdir}/audit/rules.d/%{name}.rules
# sysconfig file
install -D -m 644 %{SOURCE4} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.docker
# install manpages (using the ones from the engine)
install -d %{buildroot}%{_mandir}/man1
install -p -m 644 components/cli/man/man1/*.1 %{buildroot}%{_mandir}/man1
install -d %{buildroot}%{_mandir}/man5
install -p -m 644 components/cli/man/man5/Dockerfile.5 %{buildroot}%{_mandir}/man5
install -d %{buildroot}%{_mandir}/man8
install -p -m 644 components/cli/man/man8/*.8 %{buildroot}%{_mandir}/man8
install -D -m 0644 %{SOURCE50} %{buildroot}%{docker_migration_warnfile}
install -D -m 0644 %{SOURCE51} %{buildroot}%{docker_plugin_warnfile}
%fdupes %{buildroot}
%pre
# TODO: Remove this code in the near future.
# In order to make sure we don't print a scary warning when we shouldn't we
# need to test these things (in this order):
# 1. Check that %%{_localstatedir}/lib/docker actually exists (docker daemon has run).
# 2. Check that the migrator has *not* finished.
# 3. Check that %%{_localstatedir}/lib/docker/graph exists (this is a <=1.9.1 thing, but
# will stick around if it has been migrated -- which is why we need the
# MIGRATION_TESTFILE check).
# 4. Check that there are images in the graph/ directory.
if [[ -x %{_bindir}/docker && -d "%{docker_store}" && -n "$(find "%{docker_graph}" -maxdepth 1 -type d 2>/dev/null | grep -Ev '_tmp|^%{docker_graph}$')" ]]; then
# Check if currently installed version of docker is old enough to need migration.
CURRENT_DOCKER_VERSION=$(docker -v | sed 's/^.*[^0-9]\([0-9]*\.[0-9]*\.[0-9]*\).*$/\1/')
# This variable will contain the current docker version if migration is needed otherwise it will contain the upgrade point.
# Next time the docker package needs to be upgraded without restarting the service increase the 1.10.1 to the new version.
NEED_UPGRADE_VERSION=$(echo -e "$CURRENT_DOCKER_VERSION\n%{last_migration_version}" | sort -V | head -1)
if [[ $CURRENT_DOCKER_VERSION == $NEED_UPGRADE_VERSION ]]; then
touch %{docker_migration_testfile}
fi
fi
getent group docker >/dev/null || groupadd -r docker
%service_add_pre %{name}.service
%post
if [ -e %{docker_migration_testfile} ]; then
cat %{docker_migration_warnfile} >> /var/adm/update-messages/docker-%{version}-%{release}
else
if [ -e %{docker_migration_warnfile} ]; then
rm %{docker_migration_warnfile}
fi
fi
# TODO: Remove this code in the near future.
# If plugins.json is present, docker will fail to start. It should be noted
# that this was not supported by us, as it was only experimental at the time.
# But handle this migration anyway. https://github.com/docker/docker/releases/tag/v1.13.0
if [ -e /var/lib/docker/plugins/plugins.json ];then
cat %{docker_plugin_warnfile} >> /var/adm/update-messages/docker-%{version}-%{release}
mv /var/lib/docker/plugins/plugins.json /var/lib/docker/plugins/_plugins.json.old
fi
%service_add_post %{name}.service
%{fillup_only -n docker}
%preun
%service_del_preun %{name}.service
%postun
if [ -e %{docker_migration_testfile} ]; then
rm %{docker_migration_testfile}
export DISABLE_RESTART_ON_UPDATE=yes
fi
%service_del_postun %{name}.service
%files
%defattr(-,root,root)
%doc components/engine/README.md components/engine/LICENSE README_SUSE.md CHANGELOG.md
%{_bindir}/docker
%{_bindir}/dockerd
%{_sbindir}/rcdocker
%{_unitdir}/%{name}.service
%config %{_sysconfdir}/audit/rules.d/%{name}.rules
%{_udevrulesdir}/80-%{name}.rules
%{_localstatedir}/adm/fillup-templates/sysconfig.docker
%{_localstatedir}/lib/docker/
%{_mandir}/man1/docker-*.1%{ext_man}
%{_mandir}/man1/docker.1%{ext_man}
%{_mandir}/man5/Dockerfile.5%{ext_man}
%{_mandir}/man8/dockerd.8%{ext_man}
%files bash-completion
%defattr(-,root,root)
%config %{_sysconfdir}/bash_completion.d/%{name}
%files zsh-completion
%defattr(-,root,root)
%config %{_sysconfdir}/zsh_completion.d/%{name}
%files test
%defattr(-,root,root)
%{_prefix}/src/docker/
# exclude binaries
%exclude %{_prefix}/src/docker/engine/bundles/
%exclude %{_prefix}/src/docker/cli/build/
# exclude init configurations other than systemd
%exclude %{_prefix}/src/docker/engine/contrib/init/openrc
%exclude %{_prefix}/src/docker/engine/contrib/init/sysvinit-debian
%exclude %{_prefix}/src/docker/engine/contrib/init/sysvinit-redhat
%exclude %{_prefix}/src/docker/engine/contrib/init/upstart
%changelog
View Git Blame Copy Permalink