diff --git a/.docker.metadata b/.docker.metadata index 2138dfe..12a3471 100644 --- a/.docker.metadata +++ b/.docker.metadata @@ -1,7 +1,7 @@ +0cec1715913aa452b81ef2f86bf50b274cff0dd6 SOURCES/58b38794e965c6f4df7b11883eb25f992ae2a627.tar.gz 7d706c08f937dcd01d21ddaf547cb05d533ac455 SOURCES/docker-lvm-plugin-3253f53.tar.gz 2dddc870e61fcc8c241241732095b82745df66f6 SOURCES/docker-novolume-plugin-7715854.tar.gz c21df049e5ca6d1a73889d4a1914c70d6a462839 SOURCES/docker-selinux-032bcda.tar.gz -592dcfc581b1edc99f8c76234ccdab674397f022 SOURCES/docker-storage-setup-338cf62.tar.gz -3bb36af0c03466afa5df665edf9d529f6f69a227 SOURCES/f9d4a2c183cb4ba202babc9f8649ea043d8c84d0.tar.gz +b33f5d20395a92bb0cffbf95e20a7e2c6edd25f3 SOURCES/docker-storage-setup-c818aeb.tar.gz c9aaf374b13b6925b01378e960eadd12a27b48f8 SOURCES/rhel-push-plugin-4eaaf33.tar.gz ea4b3d96c46fccb6781d66a6c53c087b179c80fe SOURCES/v1.10-migrator-c417a6a.tar.gz diff --git a/.gitignore b/.gitignore index 5381874..619a003 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,7 @@ +SOURCES/58b38794e965c6f4df7b11883eb25f992ae2a627.tar.gz SOURCES/docker-lvm-plugin-3253f53.tar.gz SOURCES/docker-novolume-plugin-7715854.tar.gz SOURCES/docker-selinux-032bcda.tar.gz -SOURCES/docker-storage-setup-338cf62.tar.gz -SOURCES/f9d4a2c183cb4ba202babc9f8649ea043d8c84d0.tar.gz +SOURCES/docker-storage-setup-c818aeb.tar.gz SOURCES/rhel-push-plugin-4eaaf33.tar.gz SOURCES/v1.10-migrator-c417a6a.tar.gz diff --git a/SOURCES/docker.service b/SOURCES/docker.service index 2b36946..1b3e7f4 100644 --- a/SOURCES/docker.service +++ b/SOURCES/docker.service @@ -3,6 +3,7 @@ Description=Docker Application Container Engine Documentation=http://docs.docker.com After=network.target rhel-push-plugin.socket Wants=docker-storage-setup.service +Requires=rhel-push-plugin.socket [Service] Type=notify @@ -12,6 +13,7 @@ EnvironmentFile=-/etc/sysconfig/docker-storage EnvironmentFile=-/etc/sysconfig/docker-network Environment=GOTRACEBACK=crash ExecStart=/usr/bin/docker-current daemon \ + --authorization-plugin=rhel-push-plugin \ --exec-opt native.cgroupdriver=systemd \ $OPTIONS \ $DOCKER_STORAGE_OPTIONS \ diff --git a/SOURCES/docker.sysconfig b/SOURCES/docker.sysconfig index e227c17..77bfe74 100644 --- a/SOURCES/docker.sysconfig +++ b/SOURCES/docker.sysconfig @@ -8,7 +8,7 @@ DOCKER_CERT_PATH=/etc/docker # pull use the ADD_REGISTRY option to list a set of registries, each prepended # with --add-registry flag. The first registry added will be the first registry # searched. -#ADD_REGISTRY='--add-registry registry.access.redhat.com' +ADD_REGISTRY='--add-registry registry.access.redhat.com' # If you want to block registries from being used, uncomment the BLOCK_REGISTRY # option and give it a set of registries, each prepended with --block-registry diff --git a/SPECS/docker.spec b/SPECS/docker.spec index a1dc6ab..bf05dfd 100644 --- a/SPECS/docker.spec +++ b/SPECS/docker.spec @@ -21,7 +21,7 @@ # docker %global git0 https://github.com/projectatomic/docker -%global commit0 f9d4a2c183cb4ba202babc9f8649ea043d8c84d0 +%global commit0 58b38794e965c6f4df7b11883eb25f992ae2a627 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # docker_branch used in %%check %global docker_branch rhel7-1.10.3 @@ -33,7 +33,7 @@ # d-s-s %global git2 https://github.com/projectatomic/docker-storage-setup -%global commit2 338cf6237b9613a4c674f8563473e0dc4d61c5fe +%global commit2 c818aeb9a35688233c7d5f26c22b5e5bcd385268 %global shortcommit2 %(c=%{commit2}; echo ${c:0:7}) %global dss_libdir %{_exec_prefix}/lib/%{name}-storage-setup @@ -43,9 +43,9 @@ %global shortcommit4 %(c=%{commit4}; echo ${c:0:7}) # rhel-push-plugin -#%global git5 https://github.com/projectatomic/rhel-push-plugin -#%global commit5 4eaaf336ed56171e82a08221e534136404a3f552 -#%global shortcommit5 %(c=%{commit5}; echo ${c:0:7}) +%global git5 https://github.com/projectatomic/rhel-push-plugin +%global commit5 4eaaf336ed56171e82a08221e534136404a3f552 +%global shortcommit5 %(c=%{commit5}; echo ${c:0:7}) # docker-lvm-plugin %global git6 https://github.com/projectatomic/%{repo}-lvm-plugin @@ -80,7 +80,7 @@ Name: %{repo} Version: 1.10.3 -Release: 46%{?dist}.10 +Release: 46%{?dist}.14 Summary: Automates deployment of containerized applications License: ASL 2.0 URL: https://%{import_path} @@ -92,7 +92,7 @@ Source0: %{git0}/archive/%{commit0}.tar.gz Source1: %{git1}/archive/%{commit1}/%{name}-selinux-%{shortcommit1}.tar.gz Source2: %{git2}/archive/%{commit2}/%{name}-storage-setup-%{shortcommit2}.tar.gz Source4: %{git4}/archive/%{commit4}/%{name}-novolume-plugin-%{shortcommit4}.tar.gz -#Source5: %{git5}/archive/%{commit5}/rhel-push-plugin-%{shortcommit5}.tar.gz +Source5: %{git5}/archive/%{commit5}/rhel-push-plugin-%{shortcommit5}.tar.gz Source6: %{git6}/archive/%{commit6}/%{name}-lvm-plugin-%{shortcommit6}.tar.gz Source7: %{git7}/archive/%{commit7}/v1.10-migrator-%{shortcommit7}.tar.gz Source8: %{name}.service @@ -121,9 +121,9 @@ Requires(postun): systemd # need xz to work with ubuntu images Requires: xz Requires: device-mapper-libs >= 7:1.02.97 -#Requires: subscription-manager -#Requires: %{name}-rhel-push-plugin = %{version}-%{release} -Requires: oci-register-machine >= 1:0-1.7 +Requires: subscription-manager +Requires: %{name}-rhel-push-plugin = %{version}-%{release} +Requires: oci-register-machine >= 1:0-1.8 Requires: oci-systemd-hook >= 1:0.1.4-4 Provides: lxc-%{name} = %{version}-%{release} Provides: %{name}-io = %{version}-%{release} @@ -213,16 +213,16 @@ local volumes defined. In particular, the plugin will block `docker run` with: The only thing allowed will be just bind mounts. -#%package rhel-push-plugin -#License: GPLv2 -#Summary: Avoids pushing a RHEL-based image to docker.io registry +%package rhel-push-plugin +License: GPLv2 +Summary: Avoids pushing a RHEL-based image to docker.io registry -#%description rhel-push-plugin -#In order to use this plugin you must be running at least Docker 1.10 which -#has support for authorization plugins. +%description rhel-push-plugin +In order to use this plugin you must be running at least Docker 1.10 which +has support for authorization plugins. -#This plugin avoids any RHEL based image to be pushed to the default docker.io -#registry preventing users to violate the RH subscription agreement. +This plugin avoids any RHEL based image to be pushed to the default docker.io +registry preventing users to violate the RH subscription agreement. %package lvm-plugin License: LGPLv3 @@ -253,6 +253,11 @@ running and skip checksum calculation on startup. %prep %autosetup -Sgit -n %{name}-%{commit0} +# rhel debranding for centos +%if 0%{?centos} +sed -i 's/ADD_REGISTRY/#ADD_REGISTRY/' %{SOURCE9} +%endif + # unpack %%{name}-selinux tar zxf %{SOURCE1} @@ -263,7 +268,7 @@ tar zxf %{SOURCE2} tar zxf %{SOURCE4} # untar rhel-push-plugin -#tar zxf %{SOURCE5} +tar zxf %{SOURCE5} # untar lvm-plugin tar zxf %{SOURCE6} @@ -306,7 +311,7 @@ pushd _build mkdir -p src/%{provider}.%{provider_tld}/{%{name},projectatomic} ln -s $(dirs +1 -l) src/%{import_path} ln -s $(dirs +1 -l)/%{repo}-novolume-plugin-%{commit4} src/%{provider}.%{provider_tld}/projectatomic/%{repo}-novolume-plugin -# ln -s $(dirs +1 -l)/rhel-push-plugin-%{commit5} src/%{provider}.%{provider_tld}/projectatomic/rhel-push-plugin + ln -s $(dirs +1 -l)/rhel-push-plugin-%{commit5} src/%{provider}.%{provider_tld}/projectatomic/rhel-push-plugin ln -s $(dirs +1 -l)/%{repo}-lvm-plugin-%{commit6} src/%{provider}.%{provider_tld}/projectatomic/%{repo}-lvm-plugin popd @@ -315,13 +320,13 @@ export DOCKER_BUILDTAGS='selinux seccomp' export GOPATH=$(pwd)/_build:$(pwd)/vendor:%{gopath} export GOPATH=$GOPATH:$(pwd)/_build export GOPATH=$GOPATH:$(pwd)/%{repo}-novolume-plugin-%{commit4}/Godeps/_workspace -#export GOPATH=$GOPATH:$(pwd)/rhel-push-plugin-%{commit5}/Godeps/_workspace +export GOPATH=$GOPATH:$(pwd)/rhel-push-plugin-%{commit5}/Godeps/_workspace export GOPATH=$GOPATH:$(pwd)/%{repo}-lvm-plugin-%{commit6}/vendor # build %%{name} manpages man/md2man-all.sh go-md2man -in %{repo}-novolume-plugin-%{commit4}/man/%{repo}-novolume-plugin.8.md -out %{repo}-novolume-plugin.8 -#go-md2man -in rhel-push-plugin-%{commit5}/man/rhel-push-plugin.8.md -out rhel-push-plugin.8 +go-md2man -in rhel-push-plugin-%{commit5}/man/rhel-push-plugin.8.md -out rhel-push-plugin.8 go-md2man -in %{repo}-lvm-plugin-%{commit6}/man/%{repo}-lvm-plugin.8.md -out %{repo}-lvm-plugin.8 # build %%{name} binary @@ -337,7 +342,7 @@ popd pushd $(pwd)/_build/src go build -ldflags "-B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n')" %{provider}.%{provider_tld}/projectatomic/%{repo}-novolume-plugin -#go build -ldflags "-B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n')" %{provider}.%{provider_tld}/projectatomic/rhel-push-plugin +go build -ldflags "-B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n')" %{provider}.%{provider_tld}/projectatomic/rhel-push-plugin go build -ldflags "-B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n')" %{provider}.%{provider_tld}/projectatomic/%{repo}-lvm-plugin popd @@ -434,16 +439,15 @@ rm -rf %{buildroot}%{_sharedstatedir}/%{name}-unit-test/contrib/init/openrc/%{na rm -rf %{name}-selinux-%{commit1}/%{name}-selinux.spec # install secrets dir -#install -d -p -m 750 %{buildroot}/%{_datadir}/rhel/secrets +install -d -p -m 750 %{buildroot}/%{_datadir}/rhel/secrets # rhbz#1110876 - update symlinks for subscription management -#ln -s %{_sysconfdir}/pki/entitlement %{buildroot}%{_datadir}/rhel/secrets/etc-pki-entitlement -#ln -s %{_sysconfdir}/rhsm %{buildroot}%{_datadir}/rhel/secrets/rhsm -#ln -s %{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/rhel/secrets/rhel7.repo +ln -s %{_sysconfdir}/pki/entitlement %{buildroot}%{_datadir}/rhel/secrets/etc-pki-entitlement +ln -s %{_sysconfdir}/rhsm %{buildroot}%{_datadir}/rhel/secrets/rhsm +ln -s %{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/rhel/secrets/rhel7.repo -#mkdir -p %{buildroot}/etc/%{name}/certs.d/redhat.{com,io} -#ln -s %{_sysconfdir}/rhsm/ca/redhat-uep.pem %{buildroot}/%{_sysconfdir}/%{name}/certs.d/redhat.com/redhat-ca.crt -#ln -s %{_sysconfdir}/rhsm/ca/redhat-uep.pem %{buildroot}/%{_sysconfdir}/%{name}/certs.d/redhat.io/redhat-ca.crt -mkdir -p %{buildroot}/etc/%{name}/certs.d +mkdir -p %{buildroot}/etc/%{name}/certs.d/redhat.{com,io} +ln -s %{_sysconfdir}/rhsm/ca/redhat-uep.pem %{buildroot}/%{_sysconfdir}/%{name}/certs.d/redhat.com/redhat-ca.crt +ln -s %{_sysconfdir}/rhsm/ca/redhat-uep.pem %{buildroot}/%{_sysconfdir}/%{name}/certs.d/redhat.io/redhat-ca.crt # install %%{name} config directory install -dp %{buildroot}%{_sysconfdir}/%{name}/ @@ -475,12 +479,12 @@ install -d %{buildroot}%{_mandir}/man8 install -p -m 644 %{repo}-novolume-plugin.8 %{buildroot}%{_mandir}/man8 # install rhel-push-plugin executable, unitfile, socket and man -#install -d %{buildroot}%{_libexecdir}/%{repo} -#install -p -m 755 _build/src/rhel-push-plugin %{buildroot}%{_libexecdir}/%{repo}/rhel-push-plugin -#install -p -m 644 rhel-push-plugin-%{commit5}/systemd/rhel-push-plugin.service %{buildroot}%{_unitdir}/rhel-push-plugin.service -#install -p -m 644 rhel-push-plugin-%{commit5}/systemd/rhel-push-plugin.socket %{buildroot}%{_unitdir}/rhel-push-plugin.socket -#install -d %{buildroot}%{_mandir}/man8 -#install -p -m 644 rhel-push-plugin.8 %{buildroot}%{_mandir}/man8 +install -d %{buildroot}%{_libexecdir}/%{repo} +install -p -m 755 _build/src/rhel-push-plugin %{buildroot}%{_libexecdir}/%{repo}/rhel-push-plugin +install -p -m 644 rhel-push-plugin-%{commit5}/systemd/rhel-push-plugin.service %{buildroot}%{_unitdir}/rhel-push-plugin.service +install -p -m 644 rhel-push-plugin-%{commit5}/systemd/rhel-push-plugin.socket %{buildroot}%{_unitdir}/rhel-push-plugin.socket +install -d %{buildroot}%{_mandir}/man8 +install -p -m 644 rhel-push-plugin.8 %{buildroot}%{_mandir}/man8 # install %%{repo}-lvm-plugin executable, unitfile, socket and man install -d %{buildroot}/%{_libexecdir}/%{repo} @@ -556,8 +560,8 @@ fi %{_mandir}/man5/*.5.gz %{_mandir}/man8/%{name}-daemon.8.gz %{_bindir}/%{name}-* -#%dir %{_datadir}/rhel -#%{_datadir}/rhel/* +%dir %{_datadir}/rhel +%{_datadir}/rhel/* %{_unitdir}/%{name}.service %{_unitdir}/%{name}-storage-setup.service %{_datadir}/bash-completion/completions/%{name} @@ -601,12 +605,12 @@ fi %{_libexecdir}/%{repo}/%{repo}-novolume-plugin %{_unitdir}/%{repo}-novolume-plugin.* -#%files rhel-push-plugin -#%license rhel-push-plugin-%{commit5}/LICENSE -#%doc rhel-push-plugin-%{commit5}/README.md -#%{_mandir}/man8/rhel-push-plugin.8.gz -#%{_libexecdir}/%{repo}/rhel-push-plugin -#%{_unitdir}/rhel-push-plugin.* +%files rhel-push-plugin +%license rhel-push-plugin-%{commit5}/LICENSE +%doc rhel-push-plugin-%{commit5}/README.md +%{_mandir}/man8/rhel-push-plugin.8.gz +%{_libexecdir}/%{repo}/rhel-push-plugin +%{_unitdir}/rhel-push-plugin.* %files lvm-plugin %license %{repo}-lvm-plugin-%{commit6}/LICENSE @@ -622,6 +626,25 @@ fi %{_bindir}/v1.10-migrator-* %changelog +* Mon Aug 29 2016 Lokesh Mandvekar - 1.10.3-46.14 +- Resolves: #1368999 +- built docker projectatomic/rhel7-1.10.3 commit 58b3879 + +* Fri Aug 26 2016 Lokesh Mandvekar - 1.10.3-46.13 +- Depend on oci-register-machine at runtime +- oci-register-machine is disabled by default via +/etc/oci-register-machine.conf + +* Tue Aug 23 2016 Lokesh Mandvekar - 1.10.3-46.12 +- Re: #1368267 - remove oci-register-machine runtime dep + +* Sat Aug 20 2016 Lokesh Mandvekar - 1.10.3-46.11 +- Resolves: #1368024 (partially) +- Resolves: #1358536 +- built docker projectatomic/rhel7-1.10.3 commit ece5db9 +- built d-s-s commit c818aeb +- RHEL debranding for CentOS - comment out ADD_REGISTRY in sysconfig + * Tue Jul 26 2016 Lokesh Mandvekar - 1.10.3-46.10 - Resolves: #1361673 - update unitfile to remove the need for forward-journald