diff --git a/.docker.metadata b/.docker.metadata index 658cf33..d90ff1c 100644 --- a/.docker.metadata +++ b/.docker.metadata @@ -1,2 +1,3 @@ -3f7364d513ba69e8adf6993e6d125e9d956f22b5 SOURCES/docker-d84a070.tar.gz +71c867c07de3e8649a69b96d8b8b3402606208fe SOURCES/codegansta.tgz +c401b4a3a1b847713e2fbbebbf68fe56a7706b67 SOURCES/docker-2a2f26c.tar.gz 4a2408e3e452c09c9e41844d53257c51eb0080d4 SOURCES/docker-man-3.tar.gz diff --git a/.gitignore b/.gitignore index 54ebd3f..29ac623 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ -SOURCES/docker-d84a070.tar.gz +SOURCES/codegansta.tgz +SOURCES/docker-2a2f26c.tar.gz SOURCES/docker-man-3.tar.gz diff --git a/README.debrand b/README.debrand deleted file mode 100644 index 01c46d2..0000000 --- a/README.debrand +++ /dev/null @@ -1,2 +0,0 @@ -Warning: This package was configured for automatic debranding, but the changes -failed to apply. diff --git a/SOURCES/0001-On-Red-Hat-Registry-Servers-we-return-404-on-certifi.patch b/SOURCES/0001-On-Red-Hat-Registry-Servers-we-return-404-on-certifi.patch new file mode 100644 index 0000000..c621351 --- /dev/null +++ b/SOURCES/0001-On-Red-Hat-Registry-Servers-we-return-404-on-certifi.patch @@ -0,0 +1,34 @@ +diff -up docker-2a2f26c1979cdaed884c765ea3dd203543e7e284/docs/sources/articles/certificates.md.404 docker-2a2f26c1979cdaed884c765ea3dd203543e7e284/docs/sources/articles/certificates.md +--- docker-2a2f26c1979cdaed884c765ea3dd203543e7e284/docs/sources/articles/certificates.md.404 2014-09-22 10:40:10.000000000 -0400 ++++ docker-2a2f26c1979cdaed884c765ea3dd203543e7e284/docs/sources/articles/certificates.md 2014-10-20 13:23:56.827130505 -0400 +@@ -31,7 +31,7 @@ repository. + + > **Note:** + > If there are multiple certificates, each will be tried in alphabetical +-> order. If there is an authentication error (e.g., 403, 5xx, etc.), Docker ++> order. If there is an authentication error (e.g., 403, 404, 5xx, etc.), Docker + > will continue to try with the next certificate. + + Our example is set up like this: +diff -up docker-2a2f26c1979cdaed884c765ea3dd203543e7e284/registry/registry.go.404 docker-2a2f26c1979cdaed884c765ea3dd203543e7e284/registry/registry.go +--- docker-2a2f26c1979cdaed884c765ea3dd203543e7e284/registry/registry.go.404 2014-10-20 13:23:56.828130500 -0400 ++++ docker-2a2f26c1979cdaed884c765ea3dd203543e7e284/registry/registry.go 2014-10-20 13:26:00.736574647 -0400 +@@ -168,14 +168,11 @@ func doRequest(req *http.Request, jar ht + for i, cert := range certs { + client := newClient(jar, pool, cert, timeout) + res, err := client.Do(req) +- if i == len(certs)-1 { +- // If this is the last cert, always return the result ++ if i == len(certs)-1 || err == nil && ++ res.StatusCode != 403 && ++ res.StatusCode != 404 && ++ res.StatusCode < 500 { + return res, client, err +- } else { +- // Otherwise, continue to next cert if 403 or 5xx +- if err == nil && res.StatusCode != 403 && !(res.StatusCode >= 500 && res.StatusCode < 600) { +- return res, client, err +- } + } + } + } diff --git a/SOURCES/docker-Super-minimal-host-based-secrets.patch b/SOURCES/docker-Super-minimal-host-based-secrets.patch deleted file mode 100644 index 95cfb5c..0000000 --- a/SOURCES/docker-Super-minimal-host-based-secrets.patch +++ /dev/null @@ -1,197 +0,0 @@ -diff -up docker-d84a070e476ce923dd03e28232564a87704613ab/daemon/container.go.secrets docker-d84a070e476ce923dd03e28232564a87704613ab/daemon/container.go ---- docker-d84a070e476ce923dd03e28232564a87704613ab/daemon/container.go.secrets 2014-07-22 20:29:56.000000000 -0400 -+++ docker-d84a070e476ce923dd03e28232564a87704613ab/daemon/container.go 2014-09-10 16:34:28.489624522 -0400 -@@ -277,6 +277,9 @@ func (container *Container) Start() (err - if err := populateCommand(container, env); err != nil { - return err - } -+ if err := container.setupSecretFiles(); err != nil { -+ return err -+ } - if err := setupMountsForContainer(container); err != nil { - return err - } -@@ -284,7 +287,21 @@ func (container *Container) Start() (err - return err - } - -- return container.waitForStart() -+ if err := container.waitForStart(); err != nil { -+ return err -+ } -+ -+ // Now the container is running, unmount the secrets on the host -+ secretsPath, err := container.secretsPath() -+ if err != nil { -+ return err -+ } -+ -+ if err := syscall.Unmount(secretsPath, syscall.MNT_DETACH); err != nil { -+ return err -+ } -+ -+ return nil - } - - func (container *Container) Run() error { -@@ -711,6 +728,10 @@ func (container *Container) jsonPath() ( - return container.getRootResourcePath("config.json") - } - -+func (container *Container) secretsPath() (string, error) { -+ return container.getRootResourcePath("secrets") -+} -+ - // This method must be exported to be used from the lxc template - // This directory is only usable when the container is running - func (container *Container) RootfsPath() string { -@@ -962,6 +983,31 @@ func (container *Container) verifyDaemon - } - } - -+func (container *Container) setupSecretFiles() error { -+ secretsPath, err := container.secretsPath() -+ if err != nil { -+ return err -+ } -+ -+ if err := os.MkdirAll(secretsPath, 0700); err != nil { -+ return err -+ } -+ -+ if err := syscall.Mount("tmpfs", secretsPath, "tmpfs", uintptr(syscall.MS_NOEXEC|syscall.MS_NOSUID|syscall.MS_NODEV), label.FormatMountLabel("", container.GetMountLabel())); err != nil { -+ return fmt.Errorf("mounting secret tmpfs: %s", err) -+ } -+ -+ data, err := getHostSecretData() -+ if err != nil { -+ return err -+ } -+ for _, s := range data { -+ s.SaveTo(secretsPath) -+ } -+ -+ return nil -+} -+ - func (container *Container) setupLinkedContainers() ([]string, error) { - var ( - env []string -diff -up docker-d84a070e476ce923dd03e28232564a87704613ab/daemon/secrets.go.secrets docker-d84a070e476ce923dd03e28232564a87704613ab/daemon/secrets.go ---- docker-d84a070e476ce923dd03e28232564a87704613ab/daemon/secrets.go.secrets 2014-09-10 16:28:26.922130421 -0400 -+++ docker-d84a070e476ce923dd03e28232564a87704613ab/daemon/secrets.go 2014-09-10 16:28:26.922130421 -0400 -@@ -0,0 +1,86 @@ -+package daemon -+ -+import ( -+ "io/ioutil" -+ "os" -+ "path/filepath" -+) -+ -+type Secret struct { -+ Name string -+ IsDir bool -+ HostBased bool -+} -+ -+type SecretData struct { -+ Name string -+ Data []byte -+} -+ -+func (s SecretData) SaveTo(dir string) error { -+ path := filepath.Join(dir, s.Name) -+ if err := os.MkdirAll(filepath.Dir(path), 0755); err != nil && !os.IsExist(err) { -+ return err -+ } -+ if err := ioutil.WriteFile(path, s.Data, 0755); err != nil { -+ return err -+ } -+ return nil -+} -+ -+func readAll(root, prefix string) ([]SecretData, error) { -+ path := filepath.Join(root, prefix) -+ -+ data := []SecretData{} -+ -+ files, err := ioutil.ReadDir(path) -+ if err != nil { -+ if os.IsNotExist(err) { -+ return data, nil -+ } -+ -+ return nil, err -+ } -+ -+ for _, f := range files { -+ fileData, err := readFile(root, filepath.Join(prefix, f.Name())) -+ if err != nil { -+ // If the file did not exist, might be a dangling symlink -+ // Ignore the error -+ if os.IsNotExist(err) { -+ continue -+ } -+ return nil, err -+ } -+ data = append(data, fileData...) -+ } -+ -+ return data, nil -+} -+ -+func readFile(root, name string) ([]SecretData, error) { -+ path := filepath.Join(root, name) -+ -+ s, err := os.Stat(path) -+ if err != nil { -+ return nil, err -+ } -+ -+ if s.IsDir() { -+ dirData, err := readAll(root, name) -+ if err != nil { -+ return nil, err -+ } -+ return dirData, nil -+ } else { -+ bytes, err := ioutil.ReadFile(path) -+ if err != nil { -+ return nil, err -+ } -+ return []SecretData{{Name: name, Data: bytes}}, nil -+ } -+} -+ -+func getHostSecretData() ([]SecretData, error) { -+ return readAll("/usr/share/rhel/secrets", "") -+} -diff -up docker-d84a070e476ce923dd03e28232564a87704613ab/daemon/volumes.go.secrets docker-d84a070e476ce923dd03e28232564a87704613ab/daemon/volumes.go ---- docker-d84a070e476ce923dd03e28232564a87704613ab/daemon/volumes.go.secrets 2014-09-10 16:28:26.922130421 -0400 -+++ docker-d84a070e476ce923dd03e28232564a87704613ab/daemon/volumes.go 2014-09-10 16:40:34.683228046 -0400 -@@ -48,6 +48,13 @@ func setupMountsForContainer(container * - mounts = append(mounts, execdriver.Mount{container.HostsPath, "/etc/hosts", false, true}) - } - -+ secretsPath, err := container.secretsPath() -+ if err != nil { -+ return err -+ } -+ -+ mounts = append(mounts, execdriver.Mount{secretsPath, "/run/secrets", true, true}) -+ - // Mount user specified volumes - // Note, these are not private because you may want propagation of (un)mounts from host - // volumes. For instance if you use -v /usr:/usr and the host later mounts /usr/share you -diff -up docker-d84a070e476ce923dd03e28232564a87704613ab/graph/graph.go.secrets docker-d84a070e476ce923dd03e28232564a87704613ab/graph/graph.go ---- docker-d84a070e476ce923dd03e28232564a87704613ab/graph/graph.go.secrets 2014-07-22 20:29:56.000000000 -0400 -+++ docker-d84a070e476ce923dd03e28232564a87704613ab/graph/graph.go 2014-09-10 16:28:26.923130420 -0400 -@@ -266,6 +266,7 @@ func SetupInitLayer(initLayer string) er - "/etc/hostname": "file", - "/dev/console": "file", - "/etc/mtab": "/proc/mounts", -+ "/run/secrets": "dir", - } { - parts := strings.Split(pth, "/") - prev := "/" diff --git a/SOURCES/docker-reverse-entitlement.patch b/SOURCES/docker-reverse-entitlement.patch new file mode 100644 index 0000000..ffdc5f5 --- /dev/null +++ b/SOURCES/docker-reverse-entitlement.patch @@ -0,0 +1,50 @@ +diff -up docker-2a2f26c1979cdaed884c765ea3dd203543e7e284/registry/registry.go.entitlement docker-2a2f26c1979cdaed884c765ea3dd203543e7e284/registry/registry.go +--- docker-2a2f26c1979cdaed884c765ea3dd203543e7e284/registry/registry.go.entitlement 2014-10-30 12:47:19.638087268 -0400 ++++ docker-2a2f26c1979cdaed884c765ea3dd203543e7e284/registry/registry.go 2014-10-30 12:48:30.778233169 -0400 +@@ -91,12 +91,6 @@ func doRequest(req *http.Request, jar ht + if err != nil && !os.IsNotExist(err) { + return nil, nil, err + } +- hostDir = path.Join(" /etc/pki/entitlement", req.URL.Host) +- if fs1, err := ioutil.ReadDir(hostDir); err == nil { +- for _, f := range fs1 { +- fs = append(fs, f) +- } +- } + + var ( + pool *x509.CertPool +@@ -124,33 +118,6 @@ func doRequest(req *http.Request, jar ht + cert, err := tls.LoadX509KeyPair(path.Join(hostDir, certName), path.Join(hostDir, keyName)) + if err != nil { + return nil, nil, err +- } +- certs = append(certs, &cert) +- } +- } +- if strings.HasSuffix(f.Name(), ".key") { +- keyName := f.Name() +- certName := keyName[:len(keyName)-4] + ".cert" +- if !hasFile(fs, certName) { +- return nil, nil, fmt.Errorf("Missing certificate %s for key %s", certName, keyName) +- } +- } +- if strings.HasSuffix(f.Name(), ".pem") { +- if strings.HasSuffix(f.Name(), "-key.pem") { +- keyName := f.Name() +- certName := keyName[:len(keyName)-len("-key.pem")] + ".pem" +- if !hasFile(fs, certName) { +- return nil, nil, fmt.Errorf("Missing certificate %s for key %s", certName, keyName) +- } +- } else { +- certName := f.Name() +- keyName := certName[:len(certName)-len(".pem")] + "-key.pem" +- if !hasFile(fs, keyName) { +- return nil, nil, fmt.Errorf("Missing key %s for certificate %s", keyName, certName) +- } +- cert, err := tls.LoadX509KeyPair(path.Join(hostDir, certName), path.Join(hostDir, keyName)) +- if err != nil { +- return nil, nil, err + } + certs = append(certs, &cert) + } diff --git a/SOURCES/docker-storage.sysconfig b/SOURCES/docker-storage.sysconfig new file mode 100644 index 0000000..3dc1654 --- /dev/null +++ b/SOURCES/docker-storage.sysconfig @@ -0,0 +1,14 @@ +# This file may be automatically generated by an installation program. + +# By default, Docker uses a loopback-mounted sparse file in +# /var/lib/docker. The loopback makes it slower, and there are some +# restrictive defaults, such as 100GB max storage. + +# If your installation did not set a custom storage for Docker, you +# may do it below. + +# Example: Use a custom pair of raw logical volumes (one for metadata, +# one for data). +# DOCKER_STORAGE_OPTIONS = --storage-opt dm.metadatadev=/dev/mylogvol/my-docker-metadata --storage-opt dm.datadev=/dev/mylogvol/my-docker-data + +DOCKER_STORAGE_OPTIONS= diff --git a/SOURCES/docker.service b/SOURCES/docker.service index 739d599..5ed3e23 100644 --- a/SOURCES/docker.service +++ b/SOURCES/docker.service @@ -7,10 +7,12 @@ Requires=docker.socket [Service] Type=notify EnvironmentFile=-/etc/sysconfig/docker -ExecStart=/usr/bin/docker -d $OPTIONS +EnvironmentFile=-/etc/sysconfig/docker-storage +ExecStart=/usr/bin/docker -d $OPTIONS $DOCKER_STORAGE_OPTIONS Restart=on-failure LimitNOFILE=1048576 LimitNPROC=1048576 [Install] +Also=docker.socket WantedBy=multi-user.target diff --git a/SOURCES/docker.socket b/SOURCES/docker.socket index 9db5049..7dd9509 100644 --- a/SOURCES/docker.socket +++ b/SOURCES/docker.socket @@ -1,5 +1,6 @@ [Unit] Description=Docker Socket for the API +PartOf=docker.service [Socket] ListenStream=/var/run/docker.sock diff --git a/SPECS/docker.spec b/SPECS/docker.spec index ccfbaab..b00dbd3 100644 --- a/SPECS/docker.spec +++ b/SPECS/docker.spec @@ -5,19 +5,22 @@ %global debug_package %{nil} %global gopath %{_datadir}/gocode -%global commit d84a070e476ce923dd03e28232564a87704613ab +%global import_path github.com/docker/docker +%global commit 2a2f26c1979cdaed884c765ea3dd203543e7e284 %global shortcommit %(c=%{commit}; echo ${c:0:7}) Name: docker -Version: 1.1.2 -Release: 13%{?dist} +Version: 1.2.0 +Release: 1.8%{?dist} Summary: Automates deployment of containerized applications License: ASL 2.0 URL: http://www.docker.io +# only x86_64 for now: https://github.com/docker/docker/issues/136 ExclusiveArch: x86_64 Source0: https://github.com/rhatdan/docker/archive/%{commit}/docker-%{shortcommit}.tar.gz -#Patch1: docker-Super-minimal-host-based-secrets.patch +Patch1: 0001-On-Red-Hat-Registry-Servers-we-return-404-on-certifi.patch +Patch2: docker-reverse-entitlement.patch # though final name for sysconf/sysvinit files is simply 'docker', # having .sysvinit and .sysconfig makes things clear Source1: docker.service @@ -25,18 +28,21 @@ Source2: docker-man-3.tar.gz Source3: docker.sysconfig # docker: systemd socket activation results in privilege escalation Source4: docker.socket +Source5: codegansta.tgz +Source6: docker-storage.sysconfig BuildRequires: gcc BuildRequires: glibc-static # ensure build uses golang 1.2-7 and above # http://code.google.com/p/go/source/detail?r=a15f344a9efa35ef168c8feaa92a15a1cdc93db5 -BuildRequires: golang >= 1.2-7 +BuildRequires: golang >= 1.3.1 BuildRequires: golang(github.com/gorilla/mux) >= 0-0.12 -BuildRequires: golang(github.com/kr/pty) >= 0-0.19 +BuildRequires: golang(github.com/kr/pty) >= 0-0.20 BuildRequires: golang(code.google.com/p/go.net/websocket) BuildRequires: golang(code.google.com/p/gosqlite/sqlite3) -BuildRequires: golang(github.com/syndtr/gocapability/capability) >= 0-0.5 +BuildRequires: golang(github.com/syndtr/gocapability/capability) >= 0-0.6 BuildRequires: golang(github.com/godbus/dbus) -BuildRequires: golang(github.com/coreos/go-systemd/activation) >= 2-1 +BuildRequires: golang(github.com/coreos/go-systemd/activation) >= 2-2 +#BuildRequires: golang(github.com/codegangsta/cli) BuildRequires: device-mapper-devel BuildRequires: btrfs-progs-devel BuildRequires: pkgconfig(systemd) @@ -46,6 +52,8 @@ Requires: xz Provides: lxc-docker = %{version} Provides: docker +Provides: docker-io +Provides: nsinit %description Docker is an open-source engine that automates the deployment of any @@ -57,27 +65,108 @@ and between virtually any server. The same container that a developer builds and tests on a laptop will run at scale, in production*, on VMs, bare-metal servers, OpenStack clusters, public instances, or combinations of the above. +%package devel +BuildRequires: golang +Summary: A golang registry for global request variables (source libraries) +Provides: docker-pkg-devel docker-io-pkg-devel +Provides: golang(github.com/docker/libcontainer) +Provides: golang(%{import_path}) = %{version}-%{release} +Provides: golang(%{import_path}/api) = %{version}-%{release} +Provides: golang(%{import_path}/api/client) = %{version}-%{release} +Provides: golang(%{import_path}/api/server) = %{version}-%{release} +Provides: golang(%{import_path}/archive) = %{version}-%{release} +Provides: golang(%{import_path}/builtins) = %{version}-%{release} +Provides: golang(%{import_path}/contrib) = %{version}-%{release} +Provides: golang(%{import_path}/contrib/docker-device-tool) = %{version}-%{release} +Provides: golang(%{import_path}/contrib/host-integration) = %{version}-%{release} +Provides: golang(%{import_path}/daemon) = %{version}-%{release} +Provides: golang(%{import_path}/daemon/execdriver) = %{version}-%{release} +Provides: golang(%{import_path}/daemon/execdriver/execdrivers) = %{version}-%{release} +Provides: golang(%{import_path}/daemon/execdriver/lxc) = %{version}-%{release} +Provides: golang(%{import_path}/daemon/execdriver/native) = %{version}-%{release} +Provides: golang(%{import_path}/daemon/execdriver/native/configuration) = %{version}-%{release} +Provides: golang(%{import_path}/daemon/execdriver/native/template) = %{version}-%{release} +Provides: golang(%{import_path}/daemon/graphdriver) = %{version}-%{release} +Provides: golang(%{import_path}/daemon/graphdriver/aufs) = %{version}-%{release} +Provides: golang(%{import_path}/daemon/graphdriver/btrfs) = %{version}-%{release} +Provides: golang(%{import_path}/daemon/graphdriver/devmapper) = %{version}-%{release} +Provides: golang(%{import_path}/daemon/graphdriver/graphtest) = %{version}-%{release} +Provides: golang(%{import_path}/daemon/graphdriver/vfs) = %{version}-%{release} +Provides: golang(%{import_path}/daemon/networkdriver) = %{version}-%{release} +Provides: golang(%{import_path}/daemon/networkdriver/bridge) = %{version}-%{release} +Provides: golang(%{import_path}/daemon/networkdriver/ipallocator) = %{version}-%{release} +Provides: golang(%{import_path}/daemon/networkdriver/portallocator) = %{version}-%{release} +Provides: golang(%{import_path}/daemon/networkdriver/portmapper) = %{version}-%{release} +Provides: golang(%{import_path}/dockerversion) = %{version}-%{release} +Provides: golang(%{import_path}/engine) = %{version}-%{release} +Provides: golang(%{import_path}/graph) = %{version}-%{release} +Provides: golang(%{import_path}/image) = %{version}-%{release} +Provides: golang(%{import_path}/integration) = %{version}-%{release} +Provides: golang(%{import_path}/integration-cli) = %{version}-%{release} +Provides: golang(%{import_path}/links) = %{version}-%{release} +Provides: golang(%{import_path}/nat) = %{version}-%{release} +Provides: golang(%{import_path}/opts) = %{version}-%{release} +Provides: golang(%{import_path}/registry) = %{version}-%{release} +Provides: golang(%{import_path}/runconfig) = %{version}-%{release} +Provides: golang(%{import_path}/utils) = %{version}-%{release} +Provides: golang(%{import_path}/utils/broadcastwriter) = %{version}-%{release} +Provides: golang(%{import_path}/pkg) = %{version}-%{release} +Provides: golang(%{import_path}/pkg/graphdb) = %{version}-%{release} +Provides: golang(%{import_path}/pkg/iptables) = %{version}-%{release} +Provides: golang(%{import_path}/pkg/listenbuffer) = %{version}-%{release} +Provides: golang(%{import_path}/pkg/mflag) = %{version}-%{release} +Provides: golang(%{import_path}/pkg/mflag/example) = %{version}-%{release} +Provides: golang(%{import_path}/pkg/mount) = %{version}-%{release} +Provides: golang(%{import_path}/pkg/namesgenerator) = %{version}-%{release} +Provides: golang(%{import_path}/pkg/networkfs/etchosts) = %{version}-%{release} +Provides: golang(%{import_path}/pkg/networkfs/resolvconf) = %{version}-%{release} +Provides: golang(%{import_path}/pkg/proxy) = %{version}-%{release} +Provides: golang(%{import_path}/pkg/signal) = %{version}-%{release} +Provides: golang(%{import_path}/pkg/symlink) = %{version}-%{release} +Provides: golang(%{import_path}/pkg/sysinfo) = %{version}-%{release} +Provides: golang(%{import_path}/pkg/system) = %{version}-%{release} +Provides: golang(%{import_path}/pkg/systemd) = %{version}-%{release} +Provides: golang(%{import_path}/pkg/tailfile) = %{version}-%{release} +Provides: golang(%{import_path}/pkg/term) = %{version}-%{release} +Provides: golang(%{import_path}/pkg/testutils) = %{version}-%{release} +Provides: golang(%{import_path}/pkg/truncindex) = %{version}-%{release} +Provides: golang(%{import_path}/pkg/units) = %{version}-%{release} +Provides: golang(%{import_path}/pkg/user) = %{version}-%{release} +Provides: golang(%{import_path}/pkg/version) = %{version}-%{release} + +Obsoletes: golang-github-docker-libcontainer-devel + +%description devel +This is the source libraries for docker. + %prep %setup -q -n docker-%{commit} -#%patch1 -p1 -b .secrets +%patch1 -p1 -b .404 +%patch2 -p1 -b .entitlement tar zxf %{SOURCE2} +tar zxf %{SOURCE5} %build mkdir _build pushd _build - mkdir -p src/github.com/dotcloud - ln -s $(dirs +1 -l) src/github.com/dotcloud/docker + mkdir -p src/github.com/docker + ln -s $(dirs +1 -l) src/github.com/docker/docker popd export DOCKER_GITCOMMIT="%{shortcommit}/%{version}" export DOCKER_BUILDTAGS='selinux' -export GOPATH=$(pwd)/_build:$(pwd)/vendor +export GOPATH=$(pwd)/_build:$(pwd)/vendor:%{gopath} hack/make.sh dynbinary cp contrib/syntax/vim/LICENSE LICENSE-vim-syntax cp contrib/syntax/vim/README.md README-vim-syntax.md +#build nsinit +pushd $(pwd)/_build/src + go build github.com/docker/libcontainer/nsinit +popd + %install # install binary install -d %{buildroot}%{_bindir} @@ -121,46 +210,79 @@ install -p -m 644 %{SOURCE4} %{buildroot}%{_unitdir} # for additional args install -d %{buildroot}%{_sysconfdir}/sysconfig/ install -p -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sysconfig/docker +install -p -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/sysconfig/docker-storage -#not needed for CentOS -## install secrets dir -#install -d -p -m 750 %{buildroot}/%{_datadir}/rhel/secrets -## rhbz#1110876 - update symlinks for subscription management -#ln -s %{_sysconfdir}/pki/entitlement %{buildroot}%{_datadir}/rhel/secrets/etc-pki-entitlement -#ln -s %{_sysconfdir}/rhsm %{buildroot}%{_datadir}/rhel/secrets/rhsm -#ln -s %{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/rhel/secrets/rhel7.repo +# install secrets dir +install -d -p -m 750 %{buildroot}/%{_datadir}/rhel/secrets +# rhbz#1110876 - update symlinks for subscription management +ln -s %{_sysconfdir}/pki/entitlement %{buildroot}%{_datadir}/rhel/secrets/etc-pki-entitlement +ln -s %{_sysconfdir}/rhsm %{buildroot}%{_datadir}/rhel/secrets/rhsm +ln -s %{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/rhel/secrets/rhel7.repo + +mkdir -p %{buildroot}/etc/docker/certs.d/redhat.com +ln -s /etc/rhsm/ca/redhat-uep.pem %{buildroot}/etc/docker/certs.d/redhat.com/redhat-ca.crt + +# Install nsinit +install -d -p %{buildroot}%{gopath}/src/github.com/docker/libcontainer/nsinit +cp -pav vendor/src/github.com/docker/libcontainer/nsinit/*.go %{buildroot}%{gopath}/src/github.com/docker/libcontainer/nsinit +install -d %{buildroot}%{_bindir} +install -p -m 755 ./_build/src/nsinit %{buildroot}%{_bindir}/nsinit + +# Install libcontainer +for dir in . apparmor cgroups cgroups/fs cgroups/systemd \ + console devices label mount mount/nodes namespaces \ + netlink network nsinit security/capabilities \ + security/restrict selinux syncpipe system user utils +do + install -d -p %{buildroot}%{gopath}/src/github.com/docker/libcontainer/$dir + cp -pav vendor/src/github.com/docker/libcontainer/$dir/*.go %{buildroot}%{gopath}/src/github.com/docker/libcontainer/$dir +done + +# sources +install -d -p %{buildroot}/%{gopath}/src/%{import_path} + +for dir in api archive builtins daemon dockerversion engine graph \ + image links nat opts pkg registry runconfig utils +do + echo $dir + cp -pav $dir %{buildroot}/%{gopath}/src/%{import_path}/ +done +find %{buildroot}/%{gopath}/src/%{import_path}/ -name \*.registry -delete %pre getent group docker > /dev/null || %{_sbindir}/groupadd -r docker exit 0 %post -%systemd_post docker +%systemd_post docker.service %preun -%systemd_preun docker +%systemd_preun docker.service %postun -%systemd_postun_with_restart docker +%systemd_postun_with_restart docker.service %files %defattr(-,root,root,-) -%doc AUTHORS CHANGELOG.md CONTRIBUTING.md FIXME MAINTAINERS NOTICE +%doc AUTHORS CHANGELOG.md CONTRIBUTING.md MAINTAINERS NOTICE %doc LICENSE* README*.md %{_mandir}/man1/* %{_mandir}/man5/* %{_bindir}/docker -#not needed for CentOS -#%dir %{_datadir}/rhel -#%dir %{_datadir}/rhel/secrets -#%{_datadir}/rhel/secrets/etc-pki-entitlement -#%{_datadir}/rhel/secrets/rhel7.repo -#%{_datadir}/rhel/secrets/rhsm +%dir %{_datadir}/rhel +%dir %{_datadir}/rhel/secrets +%{_datadir}/rhel/secrets/etc-pki-entitlement +%{_datadir}/rhel/secrets/rhel7.repo +%{_datadir}/rhel/secrets/rhsm %dir %{_libexecdir}/docker %{_libexecdir}/docker/dockerinit %{_unitdir}/docker.service %{_unitdir}/docker.socket %config(noreplace) %{_sysconfdir}/sysconfig/docker +%config(noreplace) %{_sysconfdir}/sysconfig/docker-storage +%{_sysconfdir}/docker/certs.d +#%{_sysconfdir}/docker/certs.d/redhat.com +#%{_sysconfdir}/docker/certs.d/redhat.com/redhat-ca.crt %{_datadir}/bash-completion/completions/docker %{_datadir}/zsh/site-functions/_docker %dir %{_sharedstatedir}/docker @@ -172,16 +294,279 @@ exit 0 %{_datadir}/vim/vimfiles/ftdetect/dockerfile.vim %dir %{_datadir}/vim/vimfiles/syntax %{_datadir}/vim/vimfiles/syntax/dockerfile.vim +%{_bindir}/nsinit +%dir %{gopath}/src/github.com/docker/libcontainer/nsinit +%{gopath}/src/github.com/docker/libcontainer/nsinit/*.go +%dir %{gopath}/src/%{import_path}/runconfig +%{gopath}/src/%{import_path}/runconfig/*.go +%dir %{gopath}/src/%{import_path}/utils +%{gopath}/src/%{import_path}/utils/*.go + +%files devel +%dir %{gopath}/src/%{import_path} +%dir %{gopath}/src/%{import_path}/api +%{gopath}/src/%{import_path}/api/MAINTAINERS +%{gopath}/src/%{import_path}/api/README.md +%{gopath}/src/%{import_path}/api/*.go +%dir %{gopath}/src/%{import_path}/api/client +%{gopath}/src/%{import_path}/api/client/*.go +%dir %{gopath}/src/%{import_path}/api/server +%{gopath}/src/%{import_path}/api/server/MAINTAINERS +%{gopath}/src/%{import_path}/api/server/*.go +%dir %{gopath}/src/%{import_path}/archive +%{gopath}/src/%{import_path}/archive/MAINTAINERS +%{gopath}/src/%{import_path}/archive/README.md +%{gopath}/src/%{import_path}/archive/*.go +%dir %{gopath}/src/%{import_path}/archive/testdata +%{gopath}/src/%{import_path}/archive/testdata/broken.tar +%dir %{gopath}/src/%{import_path}/builtins +%{gopath}/src/%{import_path}/builtins/*.go +%dir %{gopath}/src/%{import_path}/daemon +%{gopath}/src/%{import_path}/daemon/*.go +%{gopath}/src/%{import_path}/daemon/MAINTAINERS +%{gopath}/src/%{import_path}/daemon/README.md +%dir %{gopath}/src/%{import_path}/daemon/execdriver +%{gopath}/src/%{import_path}/daemon/execdriver/*.go +%{gopath}/src/%{import_path}/daemon/execdriver/MAINTAINERS +%dir %{gopath}/src/%{import_path}/daemon/execdriver/execdrivers +%{gopath}/src/%{import_path}/daemon/execdriver/execdrivers/*.go +%dir %{gopath}/src/%{import_path}/daemon/execdriver/lxc +%{gopath}/src/%{import_path}/daemon/execdriver/lxc/MAINTAINERS +%{gopath}/src/%{import_path}/daemon/execdriver/lxc/*.go +%dir %{gopath}/src/%{import_path}/daemon/execdriver/native +%{gopath}/src/%{import_path}/daemon/execdriver/native/*.go +%dir %{gopath}/src/%{import_path}/daemon/execdriver/native/configuration +%{gopath}/src/%{import_path}/daemon/execdriver/native/configuration/*.go +%dir %{gopath}/src/%{import_path}/daemon/execdriver/native/template +%{gopath}/src/%{import_path}/daemon/execdriver/native/template/*.go +%dir %{gopath}/src/%{import_path}/daemon/graphdriver +%{gopath}/src/%{import_path}/daemon/graphdriver/*.go +%dir %{gopath}/src/%{import_path}/daemon/graphdriver/aufs +%{gopath}/src/%{import_path}/daemon/graphdriver/aufs/*.go +%dir %{gopath}/src/%{import_path}/daemon/graphdriver/btrfs +%{gopath}/src/%{import_path}/daemon/graphdriver/btrfs/*.go +%{gopath}/src/%{import_path}/daemon/graphdriver/btrfs/MAINTAINERS +%dir %{gopath}/src/%{import_path}/daemon/graphdriver/devmapper +%{gopath}/src/%{import_path}/daemon/graphdriver/devmapper/*.go +%{gopath}/src/%{import_path}/daemon/graphdriver/devmapper/MAINTAINERS +%{gopath}/src/%{import_path}/daemon/graphdriver/devmapper/README.md +%dir %{gopath}/src/%{import_path}/daemon/graphdriver/graphtest +%{gopath}/src/%{import_path}/daemon/graphdriver/graphtest/*.go +%dir %{gopath}/src/%{import_path}/daemon/graphdriver/vfs +%{gopath}/src/%{import_path}/daemon/graphdriver/vfs/*.go +%dir %{gopath}/src/%{import_path}/daemon/networkdriver +%dir %{gopath}/src/%{import_path}/daemon/networkdriver/bridge +%{gopath}/src/%{import_path}/daemon/networkdriver/bridge/*.go +%dir %{gopath}/src/%{import_path}/daemon/networkdriver/ipallocator +%{gopath}/src/%{import_path}/daemon/networkdriver/ipallocator/*.go +%{gopath}/src/%{import_path}/daemon/networkdriver/*.go +%dir %{gopath}/src/%{import_path}/daemon/networkdriver/portallocator +%{gopath}/src/%{import_path}/daemon/networkdriver/portallocator/*.go +%dir %{gopath}/src/%{import_path}/daemon/networkdriver/portmapper +%{gopath}/src/%{import_path}/daemon/networkdriver/portmapper/*.go +%dir %{gopath}/src/%{import_path}/dockerversion +%{gopath}/src/%{import_path}/dockerversion/*.go +%dir %{gopath}/src/%{import_path}/engine +%{gopath}/src/%{import_path}/engine/MAINTAINERS +%{gopath}/src/%{import_path}/engine/*.go +%dir %{gopath}/src/%{import_path}/graph +%{gopath}/src/%{import_path}/graph/MAINTAINERS +%{gopath}/src/%{import_path}/graph/*.go +%dir %{gopath}/src/%{import_path}/image +%{gopath}/src/%{import_path}/image/*.go +%dir %{gopath}/src/%{import_path}/links +%{gopath}/src/%{import_path}/links/*.go +%dir %{gopath}/src/%{import_path}/nat +%{gopath}/src/%{import_path}/nat/*.go +%dir %{gopath}/src/%{import_path}/opts +%{gopath}/src/%{import_path}/opts/*.go +%{gopath}/src/%{import_path}/registry +%dir %{gopath}/src/%{import_path}/runconfig +%{gopath}/src/%{import_path}/runconfig/*.go +%dir %{gopath}/src/%{import_path}/utils +%{gopath}/src/%{import_path}/utils/*.go +#libcontainer +%dir %{gopath}/src/github.com/docker/libcontainer +%dir %{gopath}/src/github.com/docker/libcontainer/apparmor +%dir %{gopath}/src/github.com/docker/libcontainer/cgroups +%dir %{gopath}/src/github.com/docker/libcontainer/cgroups/fs +%dir %{gopath}/src/github.com/docker/libcontainer/cgroups/systemd +%dir %{gopath}/src/github.com/docker/libcontainer/console +%dir %{gopath}/src/github.com/docker/libcontainer/devices +%dir %{gopath}/src/github.com/docker/libcontainer/label +%dir %{gopath}/src/github.com/docker/libcontainer/mount +%dir %{gopath}/src/github.com/docker/libcontainer/mount/nodes +%dir %{gopath}/src/github.com/docker/libcontainer/namespaces +%dir %{gopath}/src/github.com/docker/libcontainer/netlink +%dir %{gopath}/src/github.com/docker/libcontainer/network +%dir %{gopath}/src/github.com/docker/libcontainer/nsinit +%dir %{gopath}/src/github.com/docker/libcontainer/security +%dir %{gopath}/src/github.com/docker/libcontainer/security/capabilities +%dir %{gopath}/src/github.com/docker/libcontainer/security/restrict +%dir %{gopath}/src/github.com/docker/libcontainer/selinux +%dir %{gopath}/src/github.com/docker/libcontainer/syncpipe +%dir %{gopath}/src/github.com/docker/libcontainer/system +%dir %{gopath}/src/github.com/docker/libcontainer/user +%dir %{gopath}/src/github.com/docker/libcontainer/utils +%{gopath}/src/github.com/docker/libcontainer/*.go +%{gopath}/src/github.com/docker/libcontainer/apparmor/*.go +%{gopath}/src/github.com/docker/libcontainer/cgroups/*.go +%{gopath}/src/github.com/docker/libcontainer/cgroups/fs/*.go +%{gopath}/src/github.com/docker/libcontainer/cgroups/systemd/*.go +%{gopath}/src/github.com/docker/libcontainer/console/*.go +%{gopath}/src/github.com/docker/libcontainer/devices/*.go +%{gopath}/src/github.com/docker/libcontainer/label/*.go +%{gopath}/src/github.com/docker/libcontainer/mount/*.go +%{gopath}/src/github.com/docker/libcontainer/mount/nodes/*.go +%{gopath}/src/github.com/docker/libcontainer/namespaces/*.go +%{gopath}/src/github.com/docker/libcontainer/netlink/*.go +%{gopath}/src/github.com/docker/libcontainer/network/*.go +%{gopath}/src/github.com/docker/libcontainer/nsinit/*.go +%{gopath}/src/github.com/docker/libcontainer/security/capabilities/*.go +%{gopath}/src/github.com/docker/libcontainer/security/restrict/*.go +%{gopath}/src/github.com/docker/libcontainer/selinux/*.go +%{gopath}/src/github.com/docker/libcontainer/syncpipe/*.go +%{gopath}/src/github.com/docker/libcontainer/system/*.go +%{gopath}/src/github.com/docker/libcontainer/user/*.go +%{gopath}/src/github.com/docker/libcontainer/utils/*.go + +%dir %{gopath}/src/%{import_path} +%dir %{gopath}/src/%{import_path}/pkg +%{gopath}/src/%{import_path}/pkg/README.md +%dir %{gopath}/src/%{import_path}/pkg/broadcastwriter +%{gopath}/src/%{import_path}/pkg/broadcastwriter/*.go +%dir %{gopath}/src/%{import_path}/pkg/graphdb +%{gopath}/src/%{import_path}/pkg/graphdb/MAINTAINERS +%{gopath}/src/%{import_path}/pkg/graphdb/*.go +%dir %{gopath}/src/%{import_path}/pkg/httputils +%{gopath}/src/%{import_path}/pkg/httputils/MAINTAINERS +%{gopath}/src/%{import_path}/pkg/httputils/*.go +%dir %{gopath}/src/%{import_path}/pkg/iptables +%{gopath}/src/%{import_path}/pkg/iptables/MAINTAINERS +%{gopath}/src/%{import_path}/pkg/iptables/*.go +%dir %{gopath}/src/%{import_path}/pkg/jsonlog +%{gopath}/src/%{import_path}/pkg/jsonlog/*.go +%dir %{gopath}/src/%{import_path}/pkg/listenbuffer +%{gopath}/src/%{import_path}/pkg/listenbuffer/*.go +%dir %{gopath}/src/%{import_path}/pkg/log +%{gopath}/src/%{import_path}/pkg/log/*.go +%dir %{gopath}/src/%{import_path}/pkg/mflag +%{gopath}/src/%{import_path}/pkg/mflag/LICENSE +%{gopath}/src/%{import_path}/pkg/mflag/MAINTAINERS +%{gopath}/src/%{import_path}/pkg/mflag/README.md +%dir %{gopath}/src/%{import_path}/pkg/mflag/example +%{gopath}/src/%{import_path}/pkg/mflag/example/example.go +%{gopath}/src/%{import_path}/pkg/mflag/*.go +%dir %{gopath}/src/%{import_path}/pkg/mount +%{gopath}/src/%{import_path}/pkg/mount/MAINTAINERS +%{gopath}/src/%{import_path}/pkg/mount/*.go +%dir %{gopath}/src/%{import_path}/pkg/namesgenerator +%{gopath}/src/%{import_path}/pkg/namesgenerator/*.go +%dir %{gopath}/src/%{import_path}/pkg/networkfs +%{gopath}/src/%{import_path}/pkg/networkfs/MAINTAINERS +%dir %{gopath}/src/%{import_path}/pkg/networkfs/etchosts +%{gopath}/src/%{import_path}/pkg/networkfs/etchosts/*.go +%dir %{gopath}/src/%{import_path}/pkg/networkfs/resolvconf +%{gopath}/src/%{import_path}/pkg/networkfs/resolvconf/*.go +%dir %{gopath}/src/%{import_path}/pkg/parsers +%{gopath}/src/%{import_path}/pkg/parsers/MAINTAINERS +%{gopath}/src/%{import_path}/pkg/parsers/*.go +%dir %{gopath}/src/%{import_path}/pkg/parsers/filters +%{gopath}/src/%{import_path}/pkg/parsers/filters/*.go +%dir %{gopath}/src/%{import_path}/pkg/parsers/kernel +%{gopath}/src/%{import_path}/pkg/parsers/kernel/*.go +%dir %{gopath}/src/%{import_path}/pkg/parsers/operatingsystem +%{gopath}/src/%{import_path}/pkg/parsers/operatingsystem/*.go +%dir %{gopath}/src/%{import_path}/pkg/proxy +%{gopath}/src/%{import_path}/pkg/proxy/MAINTAINERS +%{gopath}/src/%{import_path}/pkg/proxy/*.go +%dir %{gopath}/src/%{import_path}/pkg/signal +%{gopath}/src/%{import_path}/pkg/signal/*.go +%dir %{gopath}/src/%{import_path}/pkg/symlink +%{gopath}/src/%{import_path}/pkg/symlink/MAINTAINERS +%{gopath}/src/%{import_path}/pkg/symlink/*.go +%dir %{gopath}/src/%{import_path}/pkg/symlink/testdata +%dir %{gopath}/src/%{import_path}/pkg/symlink/testdata/fs +%dir %{gopath}/src/%{import_path}/pkg/symlink/testdata/fs/a +%{gopath}/src/%{import_path}/pkg/symlink/testdata/fs/a/d +%{gopath}/src/%{import_path}/pkg/symlink/testdata/fs/a/e +%{gopath}/src/%{import_path}/pkg/symlink/testdata/fs/a/f +%dir %{gopath}/src/%{import_path}/pkg/symlink/testdata/fs/b +%{gopath}/src/%{import_path}/pkg/symlink/testdata/fs/b/h +%{gopath}/src/%{import_path}/pkg/symlink/testdata/fs/g +%{gopath}/src/%{import_path}/pkg/symlink/testdata/fs/i +%dir %{gopath}/src/%{import_path}/pkg/sysinfo +%{gopath}/src/%{import_path}/pkg/sysinfo/MAINTAINERS +%{gopath}/src/%{import_path}/pkg/sysinfo/*.go +%dir %{gopath}/src/%{import_path}/pkg/system +%{gopath}/src/%{import_path}/pkg/system/MAINTAINERS +%{gopath}/src/%{import_path}/pkg/system/*.go +%dir %{gopath}/src/%{import_path}/pkg/systemd +%{gopath}/src/%{import_path}/pkg/systemd/MAINTAINERS +%{gopath}/src/%{import_path}/pkg/systemd/*.go +%dir %{gopath}/src/%{import_path}/pkg/tailfile +%{gopath}/src/%{import_path}/pkg/tailfile/*.go +%dir %{gopath}/src/%{import_path}/pkg/tarsum +%{gopath}/src/%{import_path}/pkg/tarsum/*.go +%dir %{gopath}/src/%{import_path}/pkg/tarsum/testdata +%dir %{gopath}/src/%{import_path}/pkg/tarsum/testdata/46af0962ab5afeb5ce6740d4d91652e69206fc991fd5328c1a94d364ad00e457 +%{gopath}/src/%{import_path}/pkg/tarsum/testdata/46af0962ab5afeb5ce6740d4d91652e69206fc991fd5328c1a94d364ad00e457/json +%{gopath}/src/%{import_path}/pkg/tarsum/testdata/46af0962ab5afeb5ce6740d4d91652e69206fc991fd5328c1a94d364ad00e457/layer.tar +%dir %{gopath}/src/%{import_path}/pkg/tarsum/testdata/511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158 +%{gopath}/src/%{import_path}/pkg/tarsum/testdata/511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158/json +%{gopath}/src/%{import_path}/pkg/tarsum/testdata/511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158/layer.tar +%dir %{gopath}/src/%{import_path}/pkg/truncindex +%{gopath}/src/%{import_path}/pkg/truncindex/MAINTAINERS +%{gopath}/src/%{import_path}/pkg/truncindex/*.go +%dir %{gopath}/src/%{import_path}/pkg/term +%{gopath}/src/%{import_path}/pkg/term/MAINTAINERS +%{gopath}/src/%{import_path}/pkg/term/*.go +%dir %{gopath}/src/%{import_path}/pkg/testutils +%{gopath}/src/%{import_path}/pkg/testutils/MAINTAINERS +%{gopath}/src/%{import_path}/pkg/testutils/README.md +%{gopath}/src/%{import_path}/pkg/testutils/utils.go +%dir %{gopath}/src/%{import_path}/pkg/units +%{gopath}/src/%{import_path}/pkg/units/MAINTAINERS +%{gopath}/src/%{import_path}/pkg/units/*.go +%dir %{gopath}/src/%{import_path}/pkg/version +%{gopath}/src/%{import_path}/pkg/version/*.go %changelog -* Mon Oct 20 2014 Jim Perrin - 1.1.2-13 -- debrand patch and remove entitlement stuff +* Thu Oct 30 2014 Dan Walsh - 1.2.0-1.8 +- Remove docker-rhel entitlment patch. This was buggy and is no longer needed -* Fri Sep 12 2014 Dan Walsh - 1.1.2-13 -- Fix sysconfig and docker.service script to allow $OPTIONS +* Mon Oct 20 2014 Dan Walsh - 1.2.0-1.7 +- Add 404 patch to allow docker to continue to try to download updates with +- different certs, even if the registry returns 404 error -* Wed Sep 10 2014 Dan Walsh - 1.1.2-12 -- Remove extra patches and ship only v1.1.2 plus secrets patch +* Tue Oct 7 2014 Eric Paris - 1.2.0-1.6 +- make docker.socket start/restart when docker starts/restarts + +* Tue Sep 30 2014 Eric Paris - 1.2.0-1.5 +- put docker.socket back the right way + +* Sat Sep 27 2014 Dan Walsh - 1.2.0-1.4 +- Remove docker.socket + +* Mon Sep 22 2014 Dan Walsh - 1.2.0-1.2 +- Fix docker.service file to use /etc/sysconfig/docker-storage.service + +* Mon Sep 22 2014 Dan Walsh - 1.2.0-1.1 +- Bump release to 1.2.0 +- Add support for /etc/sysconfig/docker-storage +- Add Provides:golang(github.com/docker/libcontainer) +- Add provides docker-io to get through compatibility issues +- Update man pages +- Add missing pieces of libcontainer +- Devel now obsoletes golang-github-docker-libcontainer-devel +- Remove runtime dependency on golang +- Fix secrets patch +- Add -devel -pkg-devel subpackages +- Move libcontainer from -lib to -devel subpackage +- Allow docker to use /etc/pki/entitlement for certs +- New sources that satisfy nsinit deps +- Change docker client certs links +- Add nsinit * Tue Sep 2 2014 Dan Walsh - 1.1.2-10 - Add docker client entitlement certs