diff --git a/.docker.metadata b/.docker.metadata index bd853e6..2d74c09 100644 --- a/.docker.metadata +++ b/.docker.metadata @@ -1,4 +1,4 @@ -511dc35272b3949eb48a5dd5115c06e29bbcbdb9 SOURCES/bb472f05c975b343fb13e55325a985f4ac1d0ca2.tar.gz +6c18476dcf8d5a7ad920b48cc3066b894fc66b83 SOURCES/a01dc02d9c369141f8bbbea0f51e8759dd6e5b93.tar.gz 18870c5eeee96c30dca0812c1ad4fd469595cbd6 SOURCES/dab51acd1b1a77f7cb01a1b7e2129ec85c846b71.tar.gz -b267c131454bcbf2c752c065fcadcfd4f7462c35 SOURCES/docker-selinux-44abd21.tar.gz +6d54ce77bcb43000bbd329a4839fe4204d2c8f80 SOURCES/docker-selinux-e2a5226.tar.gz e3a90d52c646cd099d668efa2075f92314609498 SOURCES/docker-storage-setup-6898d43.tar.gz diff --git a/.gitignore b/.gitignore index 8c8339a..c4372bf 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ -SOURCES/bb472f05c975b343fb13e55325a985f4ac1d0ca2.tar.gz +SOURCES/a01dc02d9c369141f8bbbea0f51e8759dd6e5b93.tar.gz SOURCES/dab51acd1b1a77f7cb01a1b7e2129ec85c846b71.tar.gz -SOURCES/docker-selinux-44abd21.tar.gz +SOURCES/docker-selinux-e2a5226.tar.gz SOURCES/docker-storage-setup-6898d43.tar.gz diff --git a/SOURCES/dev.patch b/SOURCES/dev.patch deleted file mode 100644 index b7c19d2..0000000 --- a/SOURCES/dev.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 40b0f129f5a6e005a949dc0ba808fb9ee557ebe4 Mon Sep 17 00:00:00 2001 -From: Mrunal Patel -Date: Fri, 9 Oct 2015 17:57:44 -0400 -Subject: [PATCH] Cherry pick changes for allowing /dev mount from host - -docker #16639 - -runc commit id c9d58506297e - -Signed-off-by: Mrunal Patel ---- - daemon/execdriver/native/create.go | 1 + - .../runc/libcontainer/rootfs_linux.go | 26 +++++++++++++--------- - 2 files changed, 17 insertions(+), 10 deletions(-) - -diff --git a/daemon/execdriver/native/create.go b/daemon/execdriver/native/create.go -index bbc83fe..ca8d7fd 100644 ---- a/daemon/execdriver/native/create.go -+++ b/daemon/execdriver/native/create.go -@@ -234,6 +234,7 @@ func (d *driver) setupMounts(container *configs.Config, c *execdriver.Command) e - for _, m := range container.Mounts { - if _, ok := userMounts[m.Destination]; !ok { - if mountDev && strings.HasPrefix(m.Destination, "/dev/") { -+ container.Devices = nil - continue - } - defaultMounts = append(defaultMounts, m) -diff --git a/vendor/src/github.com/opencontainers/runc/libcontainer/rootfs_linux.go b/vendor/src/github.com/opencontainers/runc/libcontainer/rootfs_linux.go -index a211d8d..9fd7058 100644 ---- a/vendor/src/github.com/opencontainers/runc/libcontainer/rootfs_linux.go -+++ b/vendor/src/github.com/opencontainers/runc/libcontainer/rootfs_linux.go -@@ -27,6 +27,8 @@ func setupRootfs(config *configs.Config, console *linuxConsole) (err error) { - if err := prepareRoot(config); err != nil { - return newSystemError(err) - } -+ -+ setupDev := len(config.Devices) == 0 - for _, m := range config.Mounts { - for _, precmd := range m.PremountCmds { - if err := mountCmd(precmd); err != nil { -@@ -43,14 +45,16 @@ func setupRootfs(config *configs.Config, console *linuxConsole) (err error) { - } - } - } -- if err := createDevices(config); err != nil { -- return newSystemError(err) -- } -- if err := setupPtmx(config, console); err != nil { -- return newSystemError(err) -- } -- if err := setupDevSymlinks(config.Rootfs); err != nil { -- return newSystemError(err) -+ if !setupDev { -+ if err := createDevices(config); err != nil { -+ return newSystemError(err) -+ } -+ if err := setupPtmx(config, console); err != nil { -+ return newSystemError(err) -+ } -+ if err := setupDevSymlinks(config.Rootfs); err != nil { -+ return newSystemError(err) -+ } - } - if err := syscall.Chdir(config.Rootfs); err != nil { - return newSystemError(err) -@@ -63,8 +67,10 @@ func setupRootfs(config *configs.Config, console *linuxConsole) (err error) { - if err != nil { - return newSystemError(err) - } -- if err := reOpenDevNull(config.Rootfs); err != nil { -- return newSystemError(err) -+ if !setupDev { -+ if err := reOpenDevNull(config.Rootfs); err != nil { -+ return newSystemError(err) -+ } - } - if config.Readonlyfs { - if err := setReadonly(); err != nil { diff --git a/SOURCES/docker.sysconfig b/SOURCES/docker.sysconfig index 6e83766..196c66f 100644 --- a/SOURCES/docker.sysconfig +++ b/SOURCES/docker.sysconfig @@ -9,7 +9,7 @@ DOCKER_CERT_PATH=/etc/docker # pull use the ADD_REGISTRY option to list a set of registries, each prepended # with --add-registry flag. The first registry added will be the first registry # searched. -# ADD_REGISTRY='--add-registry registry.access.redhat.com' +ADD_REGISTRY='--add-registry registry.access.redhat.com' # If you want to block registries from being used, uncomment the BLOCK_REGISTRY # option and give it a set of registries, each prepended with --block-registry diff --git a/SOURCES/libcontainer.patch b/SOURCES/libcontainer.patch deleted file mode 100644 index 488507e..0000000 --- a/SOURCES/libcontainer.patch +++ /dev/null @@ -1,552 +0,0 @@ -From 60cabaf0b8591b8e2bf6644114d8846adaf3239b Mon Sep 17 00:00:00 2001 -From: Mrunal Patel -Date: Fri, 9 Oct 2015 17:48:51 -0400 -Subject: [PATCH] Pick latest changes to libcontainer/user package - -Signed-off-by: Mrunal Patel ---- - .../opencontainers/runc/libcontainer/user/user.go | 39 +- - .../runc/libcontainer/user/user_test.go | 472 +++++++++++++++++++++ - 2 files changed, 494 insertions(+), 17 deletions(-) - create mode 100644 vendor/src/github.com/opencontainers/runc/libcontainer/user/user_test.go - -diff --git a/vendor/src/github.com/opencontainers/runc/libcontainer/user/user.go b/vendor/src/github.com/opencontainers/runc/libcontainer/user/user.go -index 964e31b..e6375ea 100644 ---- a/vendor/src/github.com/opencontainers/runc/libcontainer/user/user.go -+++ b/vendor/src/github.com/opencontainers/runc/libcontainer/user/user.go -@@ -349,21 +349,26 @@ func GetExecUser(userSpec string, defaults *ExecUser, passwd, group io.Reader) ( - return user, nil - } - --// GetAdditionalGroups looks up a list of groups by name or group id against --// against the given /etc/group formatted data. If a group name cannot be found, --// an error will be returned. If a group id cannot be found, it will be returned --// as-is. -+// GetAdditionalGroups looks up a list of groups by name or group id -+// against the given /etc/group formatted data. If a group name cannot -+// be found, an error will be returned. If a group id cannot be found, -+// or the given group data is nil, the id will be returned as-is -+// provided it is in the legal range. - func GetAdditionalGroups(additionalGroups []string, group io.Reader) ([]int, error) { -- groups, err := ParseGroupFilter(group, func(g Group) bool { -- for _, ag := range additionalGroups { -- if g.Name == ag || strconv.Itoa(g.Gid) == ag { -- return true -+ var groups = []Group{} -+ if group != nil { -+ var err error -+ groups, err = ParseGroupFilter(group, func(g Group) bool { -+ for _, ag := range additionalGroups { -+ if g.Name == ag || strconv.Itoa(g.Gid) == ag { -+ return true -+ } - } -+ return false -+ }) -+ if err != nil { -+ return nil, fmt.Errorf("Unable to find additional groups %v: %v", additionalGroups, err) - } -- return false -- }) -- if err != nil { -- return nil, fmt.Errorf("Unable to find additional groups %v: %v", additionalGroups, err) - } - - gidMap := make(map[int]struct{}) -@@ -401,13 +406,13 @@ func GetAdditionalGroups(additionalGroups []string, group io.Reader) ([]int, err - return gids, nil - } - --// Wrapper around GetAdditionalGroups that opens the groupPath given and gives --// it as an argument to GetAdditionalGroups. -+// GetAdditionalGroupsPath is a wrapper around GetAdditionalGroups -+// that opens the groupPath given and gives it as an argument to -+// GetAdditionalGroups. - func GetAdditionalGroupsPath(additionalGroups []string, groupPath string) ([]int, error) { - group, err := os.Open(groupPath) -- if err != nil { -- return nil, fmt.Errorf("Failed to open group file: %v", err) -+ if err == nil { -+ defer group.Close() - } -- defer group.Close() - return GetAdditionalGroups(additionalGroups, group) - } -diff --git a/vendor/src/github.com/opencontainers/runc/libcontainer/user/user_test.go b/vendor/src/github.com/opencontainers/runc/libcontainer/user/user_test.go -new file mode 100644 -index 0000000..53b2289 ---- /dev/null -+++ b/vendor/src/github.com/opencontainers/runc/libcontainer/user/user_test.go -@@ -0,0 +1,472 @@ -+package user -+ -+import ( -+ "io" -+ "reflect" -+ "sort" -+ "strconv" -+ "strings" -+ "testing" -+) -+ -+func TestUserParseLine(t *testing.T) { -+ var ( -+ a, b string -+ c []string -+ d int -+ ) -+ -+ parseLine("", &a, &b) -+ if a != "" || b != "" { -+ t.Fatalf("a and b should be empty ('%v', '%v')", a, b) -+ } -+ -+ parseLine("a", &a, &b) -+ if a != "a" || b != "" { -+ t.Fatalf("a should be 'a' and b should be empty ('%v', '%v')", a, b) -+ } -+ -+ parseLine("bad boys:corny cows", &a, &b) -+ if a != "bad boys" || b != "corny cows" { -+ t.Fatalf("a should be 'bad boys' and b should be 'corny cows' ('%v', '%v')", a, b) -+ } -+ -+ parseLine("", &c) -+ if len(c) != 0 { -+ t.Fatalf("c should be empty (%#v)", c) -+ } -+ -+ parseLine("d,e,f:g:h:i,j,k", &c, &a, &b, &c) -+ if a != "g" || b != "h" || len(c) != 3 || c[0] != "i" || c[1] != "j" || c[2] != "k" { -+ t.Fatalf("a should be 'g', b should be 'h', and c should be ['i','j','k'] ('%v', '%v', '%#v')", a, b, c) -+ } -+ -+ parseLine("::::::::::", &a, &b, &c) -+ if a != "" || b != "" || len(c) != 0 { -+ t.Fatalf("a, b, and c should all be empty ('%v', '%v', '%#v')", a, b, c) -+ } -+ -+ parseLine("not a number", &d) -+ if d != 0 { -+ t.Fatalf("d should be 0 (%v)", d) -+ } -+ -+ parseLine("b:12:c", &a, &d, &b) -+ if a != "b" || b != "c" || d != 12 { -+ t.Fatalf("a should be 'b' and b should be 'c', and d should be 12 ('%v', '%v', %v)", a, b, d) -+ } -+} -+ -+func TestUserParsePasswd(t *testing.T) { -+ users, err := ParsePasswdFilter(strings.NewReader(` -+root:x:0:0:root:/root:/bin/bash -+adm:x:3:4:adm:/var/adm:/bin/false -+this is just some garbage data -+`), nil) -+ if err != nil { -+ t.Fatalf("Unexpected error: %v", err) -+ } -+ if len(users) != 3 { -+ t.Fatalf("Expected 3 users, got %v", len(users)) -+ } -+ if users[0].Uid != 0 || users[0].Name != "root" { -+ t.Fatalf("Expected users[0] to be 0 - root, got %v - %v", users[0].Uid, users[0].Name) -+ } -+ if users[1].Uid != 3 || users[1].Name != "adm" { -+ t.Fatalf("Expected users[1] to be 3 - adm, got %v - %v", users[1].Uid, users[1].Name) -+ } -+} -+ -+func TestUserParseGroup(t *testing.T) { -+ groups, err := ParseGroupFilter(strings.NewReader(` -+root:x:0:root -+adm:x:4:root,adm,daemon -+this is just some garbage data -+`), nil) -+ if err != nil { -+ t.Fatalf("Unexpected error: %v", err) -+ } -+ if len(groups) != 3 { -+ t.Fatalf("Expected 3 groups, got %v", len(groups)) -+ } -+ if groups[0].Gid != 0 || groups[0].Name != "root" || len(groups[0].List) != 1 { -+ t.Fatalf("Expected groups[0] to be 0 - root - 1 member, got %v - %v - %v", groups[0].Gid, groups[0].Name, len(groups[0].List)) -+ } -+ if groups[1].Gid != 4 || groups[1].Name != "adm" || len(groups[1].List) != 3 { -+ t.Fatalf("Expected groups[1] to be 4 - adm - 3 members, got %v - %v - %v", groups[1].Gid, groups[1].Name, len(groups[1].List)) -+ } -+} -+ -+func TestValidGetExecUser(t *testing.T) { -+ const passwdContent = ` -+root:x:0:0:root user:/root:/bin/bash -+adm:x:42:43:adm:/var/adm:/bin/false -+this is just some garbage data -+` -+ const groupContent = ` -+root:x:0:root -+adm:x:43: -+grp:x:1234:root,adm -+this is just some garbage data -+` -+ defaultExecUser := ExecUser{ -+ Uid: 8888, -+ Gid: 8888, -+ Sgids: []int{8888}, -+ Home: "/8888", -+ } -+ -+ tests := []struct { -+ ref string -+ expected ExecUser -+ }{ -+ { -+ ref: "root", -+ expected: ExecUser{ -+ Uid: 0, -+ Gid: 0, -+ Sgids: []int{0, 1234}, -+ Home: "/root", -+ }, -+ }, -+ { -+ ref: "adm", -+ expected: ExecUser{ -+ Uid: 42, -+ Gid: 43, -+ Sgids: []int{1234}, -+ Home: "/var/adm", -+ }, -+ }, -+ { -+ ref: "root:adm", -+ expected: ExecUser{ -+ Uid: 0, -+ Gid: 43, -+ Sgids: defaultExecUser.Sgids, -+ Home: "/root", -+ }, -+ }, -+ { -+ ref: "adm:1234", -+ expected: ExecUser{ -+ Uid: 42, -+ Gid: 1234, -+ Sgids: defaultExecUser.Sgids, -+ Home: "/var/adm", -+ }, -+ }, -+ { -+ ref: "42:1234", -+ expected: ExecUser{ -+ Uid: 42, -+ Gid: 1234, -+ Sgids: defaultExecUser.Sgids, -+ Home: "/var/adm", -+ }, -+ }, -+ { -+ ref: "1337:1234", -+ expected: ExecUser{ -+ Uid: 1337, -+ Gid: 1234, -+ Sgids: defaultExecUser.Sgids, -+ Home: defaultExecUser.Home, -+ }, -+ }, -+ { -+ ref: "1337", -+ expected: ExecUser{ -+ Uid: 1337, -+ Gid: defaultExecUser.Gid, -+ Sgids: defaultExecUser.Sgids, -+ Home: defaultExecUser.Home, -+ }, -+ }, -+ { -+ ref: "", -+ expected: ExecUser{ -+ Uid: defaultExecUser.Uid, -+ Gid: defaultExecUser.Gid, -+ Sgids: defaultExecUser.Sgids, -+ Home: defaultExecUser.Home, -+ }, -+ }, -+ } -+ -+ for _, test := range tests { -+ passwd := strings.NewReader(passwdContent) -+ group := strings.NewReader(groupContent) -+ -+ execUser, err := GetExecUser(test.ref, &defaultExecUser, passwd, group) -+ if err != nil { -+ t.Logf("got unexpected error when parsing '%s': %s", test.ref, err.Error()) -+ t.Fail() -+ continue -+ } -+ -+ if !reflect.DeepEqual(test.expected, *execUser) { -+ t.Logf("got: %#v", execUser) -+ t.Logf("expected: %#v", test.expected) -+ t.Fail() -+ continue -+ } -+ } -+} -+ -+func TestInvalidGetExecUser(t *testing.T) { -+ const passwdContent = ` -+root:x:0:0:root user:/root:/bin/bash -+adm:x:42:43:adm:/var/adm:/bin/false -+this is just some garbage data -+` -+ const groupContent = ` -+root:x:0:root -+adm:x:43: -+grp:x:1234:root,adm -+this is just some garbage data -+` -+ -+ tests := []string{ -+ // No such user/group. -+ "notuser", -+ "notuser:notgroup", -+ "root:notgroup", -+ "notuser:adm", -+ "8888:notgroup", -+ "notuser:8888", -+ -+ // Invalid user/group values. -+ "-1:0", -+ "0:-3", -+ "-5:-2", -+ } -+ -+ for _, test := range tests { -+ passwd := strings.NewReader(passwdContent) -+ group := strings.NewReader(groupContent) -+ -+ execUser, err := GetExecUser(test, nil, passwd, group) -+ if err == nil { -+ t.Logf("got unexpected success when parsing '%s': %#v", test, execUser) -+ t.Fail() -+ continue -+ } -+ } -+} -+ -+func TestGetExecUserNilSources(t *testing.T) { -+ const passwdContent = ` -+root:x:0:0:root user:/root:/bin/bash -+adm:x:42:43:adm:/var/adm:/bin/false -+this is just some garbage data -+` -+ const groupContent = ` -+root:x:0:root -+adm:x:43: -+grp:x:1234:root,adm -+this is just some garbage data -+` -+ -+ defaultExecUser := ExecUser{ -+ Uid: 8888, -+ Gid: 8888, -+ Sgids: []int{8888}, -+ Home: "/8888", -+ } -+ -+ tests := []struct { -+ ref string -+ passwd, group bool -+ expected ExecUser -+ }{ -+ { -+ ref: "", -+ passwd: false, -+ group: false, -+ expected: ExecUser{ -+ Uid: 8888, -+ Gid: 8888, -+ Sgids: []int{8888}, -+ Home: "/8888", -+ }, -+ }, -+ { -+ ref: "root", -+ passwd: true, -+ group: false, -+ expected: ExecUser{ -+ Uid: 0, -+ Gid: 0, -+ Sgids: []int{8888}, -+ Home: "/root", -+ }, -+ }, -+ { -+ ref: "0", -+ passwd: false, -+ group: false, -+ expected: ExecUser{ -+ Uid: 0, -+ Gid: 8888, -+ Sgids: []int{8888}, -+ Home: "/8888", -+ }, -+ }, -+ { -+ ref: "0:0", -+ passwd: false, -+ group: false, -+ expected: ExecUser{ -+ Uid: 0, -+ Gid: 0, -+ Sgids: []int{8888}, -+ Home: "/8888", -+ }, -+ }, -+ } -+ -+ for _, test := range tests { -+ var passwd, group io.Reader -+ -+ if test.passwd { -+ passwd = strings.NewReader(passwdContent) -+ } -+ -+ if test.group { -+ group = strings.NewReader(groupContent) -+ } -+ -+ execUser, err := GetExecUser(test.ref, &defaultExecUser, passwd, group) -+ if err != nil { -+ t.Logf("got unexpected error when parsing '%s': %s", test.ref, err.Error()) -+ t.Fail() -+ continue -+ } -+ -+ if !reflect.DeepEqual(test.expected, *execUser) { -+ t.Logf("got: %#v", execUser) -+ t.Logf("expected: %#v", test.expected) -+ t.Fail() -+ continue -+ } -+ } -+} -+ -+func TestGetAdditionalGroups(t *testing.T) { -+ const groupContent = ` -+root:x:0:root -+adm:x:43: -+grp:x:1234:root,adm -+adm:x:4343:root,adm-duplicate -+this is just some garbage data -+` -+ tests := []struct { -+ groups []string -+ expected []int -+ hasError bool -+ }{ -+ { -+ // empty group -+ groups: []string{}, -+ expected: []int{}, -+ }, -+ { -+ // single group -+ groups: []string{"adm"}, -+ expected: []int{43}, -+ }, -+ { -+ // multiple groups -+ groups: []string{"adm", "grp"}, -+ expected: []int{43, 1234}, -+ }, -+ { -+ // invalid group -+ groups: []string{"adm", "grp", "not-exist"}, -+ expected: nil, -+ hasError: true, -+ }, -+ { -+ // group with numeric id -+ groups: []string{"43"}, -+ expected: []int{43}, -+ }, -+ { -+ // group with unknown numeric id -+ groups: []string{"adm", "10001"}, -+ expected: []int{43, 10001}, -+ }, -+ { -+ // groups specified twice with numeric and name -+ groups: []string{"adm", "43"}, -+ expected: []int{43}, -+ }, -+ { -+ // groups with too small id -+ groups: []string{"-1"}, -+ expected: nil, -+ hasError: true, -+ }, -+ { -+ // groups with too large id -+ groups: []string{strconv.Itoa(1 << 31)}, -+ expected: nil, -+ hasError: true, -+ }, -+ } -+ -+ for _, test := range tests { -+ group := strings.NewReader(groupContent) -+ -+ gids, err := GetAdditionalGroups(test.groups, group) -+ if test.hasError && err == nil { -+ t.Errorf("Parse(%#v) expects error but has none", test) -+ continue -+ } -+ if !test.hasError && err != nil { -+ t.Errorf("Parse(%#v) has error %v", test, err) -+ continue -+ } -+ sort.Sort(sort.IntSlice(gids)) -+ if !reflect.DeepEqual(gids, test.expected) { -+ t.Errorf("Gids(%v), expect %v from groups %v", gids, test.expected, test.groups) -+ } -+ } -+} -+ -+func TestGetAdditionalGroupsNumeric(t *testing.T) { -+ tests := []struct { -+ groups []string -+ expected []int -+ hasError bool -+ }{ -+ { -+ // numeric groups only -+ groups: []string{"1234", "5678"}, -+ expected: []int{1234, 5678}, -+ }, -+ { -+ // numeric and alphabetic -+ groups: []string{"1234", "fake"}, -+ expected: nil, -+ hasError: true, -+ }, -+ } -+ -+ for _, test := range tests { -+ gids, err := GetAdditionalGroups(test.groups, nil) -+ if test.hasError && err == nil { -+ t.Errorf("Parse(%#v) expects error but has none", test) -+ continue -+ } -+ if !test.hasError && err != nil { -+ t.Errorf("Parse(%#v) has error %v", test, err) -+ continue -+ } -+ sort.Sort(sort.IntSlice(gids)) -+ if !reflect.DeepEqual(gids, test.expected) { -+ t.Errorf("Gids(%v), expect %v from groups %v", gids, test.expected, test.groups) -+ } -+ } -+} diff --git a/SPECS/docker.spec b/SPECS/docker.spec index 2ece449..78b4c28 100644 --- a/SPECS/docker.spec +++ b/SPECS/docker.spec @@ -14,14 +14,14 @@ %global import_path %{common_path}/%{repo} %global import_path_libcontainer %{common_path}/libcontainer -%global d_commit bb472f05c975b343fb13e55325a985f4ac1d0ca2 +%global d_commit a01dc02d9c369141f8bbbea0f51e8759dd6e5b93 %global d_shortcommit %(c=%{d_commit}; echo ${c:0:7}) %global utils_commit dab51acd1b1a77f7cb01a1b7e2129ec85c846b71 # %%{name}-selinux stuff (prefix with ds_ for version/release etc.) # Some bits borrowed from the openstack-selinux package -%global ds_commit 44abd21628c8f4c054343f12d609d03de4644234 +%global ds_commit e2a52267a0ae0b8a0f93334747dd5f1d0cf0d368 %global ds_shortcommit %(c=%{ds_commit}; echo ${c:0:7}) %global selinuxtype targeted %global moduletype services @@ -49,7 +49,7 @@ Name: %{repo} Version: %{d_version} -Release: 7%{?dist} +Release: 8%{?dist} Summary: Automates deployment of containerized applications License: ASL 2.0 URL: https://%{import_path} @@ -70,8 +70,6 @@ Source11: https://%{provider}.%{provider_tld}/vbatts/%{name}-utils/archive/%{uti Source12: https://%{provider}.%{provider_tld}/fedora-cloud/%{name}-selinux/archive/%{ds_commit}/%{name}-selinux-%{ds_shortcommit}.tar.gz # Source13 is the source tarball for %%{name}-storage-setup Source13: https://%{provider}.%{provider_tld}/projectatomic/%{name}-storage-setup/archive/%{dss_commit}/%{name}-storage-setup-%{dss_shortcommit}.tar.gz -Patch0: libcontainer.patch -Patch1: dev.patch BuildRequires: glibc-static BuildRequires: golang == 1.4.2 BuildRequires: device-mapper-devel @@ -86,7 +84,7 @@ Requires(postun): systemd # need xz to work with ubuntu images Requires: xz Requires: device-mapper-libs >= 7:1.02.90-1 -#Requires: subscription-manager +Requires: subscription-manager Provides: lxc-%{name} = %{d_version}-%{release} Provides: %{name}-io = %{d_version}-%{release} @@ -141,8 +139,6 @@ SELinux policy modules for use with Docker. %prep %setup -qn %{name}-%{d_commit} -%patch0 -p1 -%patch1 -p1 cp %{SOURCE6} . # unpack %%{name}-selinux @@ -270,17 +266,16 @@ rm -rf %{buildroot}%{_sharedstatedir}/%{name}-unit-test/contrib/init/openrc/%{na # remove %%{name}-selinux rpm spec file rm -rf %{name}-selinux-%{ds_commit}/%{name}-selinux.spec -# don't install secrets dir -#install -d -p -m 750 %{buildroot}/%{_datadir}/rhel/secrets +# install secrets dir +install -d -p -m 750 %{buildroot}/%{_datadir}/rhel/secrets # rhbz#1110876 - update symlinks for subscription management -#ln -s %{_sysconfdir}/pki/entitlement %{buildroot}%{_datadir}/rhel/secrets/etc-pki-entitlement -#ln -s %{_sysconfdir}/rhsm %{buildroot}%{_datadir}/rhel/secrets/rhsm -#ln -s %{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/rhel/secrets/rhel7.repo +ln -s %{_sysconfdir}/pki/entitlement %{buildroot}%{_datadir}/rhel/secrets/etc-pki-entitlement +ln -s %{_sysconfdir}/rhsm %{buildroot}%{_datadir}/rhel/secrets/rhsm +ln -s %{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/rhel/secrets/rhel7.repo -#mkdir -p %{buildroot}/etc/%{name}/certs.d/redhat.{com,io} -#ln -s %{_sysconfdir}/rhsm/ca/redhat-uep.pem %{buildroot}/%{_sysconfdir}/%{name}/certs.d/redhat.com/redhat-ca.crt -#ln -s %{_sysconfdir}/rhsm/ca/redhat-uep.pem %{buildroot}/%{_sysconfdir}/%{name}/certs.d/redhat.io/redhat-ca.crt -mkdir -p %{buildroot}/etc/%{name}/certs.d +mkdir -p %{buildroot}/etc/%{name}/certs.d/redhat.{com,io} +ln -s %{_sysconfdir}/rhsm/ca/redhat-uep.pem %{buildroot}/%{_sysconfdir}/%{name}/certs.d/redhat.com/redhat-ca.crt +ln -s %{_sysconfdir}/rhsm/ca/redhat-uep.pem %{buildroot}/%{_sysconfdir}/%{name}/certs.d/redhat.io/redhat-ca.crt # install %%{name} config directory install -dp %{buildroot}%{_sysconfdir}/%{name}/ @@ -351,11 +346,11 @@ fi %{_mandir}/man1/%{name}* %{_mandir}/man5/* %{_bindir}/%{name} -#%dir %{_datadir}/rhel -#%dir %{_datadir}/rhel/secrets -#%{_datadir}/rhel/secrets/etc-pki-entitlement -#%{_datadir}/rhel/secrets/rhel7.repo -#%{_datadir}/rhel/secrets/rhsm +%dir %{_datadir}/rhel +%dir %{_datadir}/rhel/secrets +%{_datadir}/rhel/secrets/etc-pki-entitlement +%{_datadir}/rhel/secrets/rhel7.repo +%{_datadir}/rhel/secrets/rhsm %{_libexecdir}/%{name} %{_unitdir}/%{name}.service %config(noreplace) %{_sysconfdir}/sysconfig/%{name} @@ -398,6 +393,12 @@ fi %{_datadir}/selinux/* %changelog +* Wed Oct 14 2015 Lokesh Mandvekar - 1.8.2-8 +- built docker @rhatdan/rhel7-1.8 commit#a01dc02 +- built docker-selinux master commit#e2a5226 +- built d-s-s master commit#6898d43 +- built docker-utils master commit#dab51ac + * Fri Oct 09 2015 Lokesh Mandvekar - 1.8.2-7 - https://github.com/rhatdan/docker/pull/127 (changes for libcontainer/user) - https://github.com/rhatdan/docker/pull/128 (/dev mount from host)