From 40547097bb324cc14f8fb4ce1b84f6eec2bdf415 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Mar 07 2018 09:35:51 +0000 Subject: import docker-1.13.1-53.git774336d.el7 --- diff --git a/.docker.metadata b/.docker.metadata index 66b1e03..2f39dc4 100644 --- a/.docker.metadata +++ b/.docker.metadata @@ -1,8 +1,10 @@ -e3e41a30b84108abb71af3176bc22f0cd69b52ea SOURCES/3e8e77dcb88db0530c839b249bea7d75f9cd01d7.tar.gz -27fe386ea4378b478fa0051976d761419aa3f070 SOURCES/container-storage-setup-8276a1e.tar.gz -9e13309de5e468d5d68208d5fd0b7aca5e9f948e SOURCES/containerd-fa8fb3d.tar.gz +3e38eb46a96ca48b28d06945543012f804be810e SOURCES/774336db27bb8931c1705e47781b3842d290c968.tar.gz +9e9e55d86e9df69ce17c8186d6ead913273f02cf SOURCES/container-storage-setup-e0997c3.tar.gz +402d105d5ed40a9820d41b3f677df07c566393c9 SOURCES/containerd-296f1f8.tar.gz b0ba595ce2314c59ebbd53400f7f64809331a6b9 SOURCES/docker-lvm-plugin-8647404.tar.gz 0beb6283e30f1e87e907576f4571ccb0a48b6be5 SOURCES/docker-novolume-plugin-385ec70.tar.gz +fb49d4dd60e576f3a6412c2885256f8954fa5236 SOURCES/libnetwork-14db3c4.tar.gz 965d64f5a81c3a428ca3b29495ecf66748c67c1f SOURCES/rhel-push-plugin-af9107b.tar.gz -d01d661d4fb75caa219dd9ded75a7064a30d41b6 SOURCES/runc-c5d3116.tar.gz +78795d104677625593c70e1dbe569f235b5af0c5 SOURCES/runc-e9c345b.tar.gz +c5c3577b90edc8902f3dd888e55334ba6e9e1ddf SOURCES/tini-5b117de.tar.gz 496f9927f4254508ea1cd94f473b5b9321d41245 SOURCES/v1.10-migrator-c417a6a.tar.gz diff --git a/.gitignore b/.gitignore index f5923fa..4a29b61 100644 --- a/.gitignore +++ b/.gitignore @@ -1,8 +1,10 @@ -SOURCES/3e8e77dcb88db0530c839b249bea7d75f9cd01d7.tar.gz -SOURCES/container-storage-setup-8276a1e.tar.gz -SOURCES/containerd-fa8fb3d.tar.gz +SOURCES/774336db27bb8931c1705e47781b3842d290c968.tar.gz +SOURCES/container-storage-setup-e0997c3.tar.gz +SOURCES/containerd-296f1f8.tar.gz SOURCES/docker-lvm-plugin-8647404.tar.gz SOURCES/docker-novolume-plugin-385ec70.tar.gz +SOURCES/libnetwork-14db3c4.tar.gz SOURCES/rhel-push-plugin-af9107b.tar.gz -SOURCES/runc-c5d3116.tar.gz +SOURCES/runc-e9c345b.tar.gz +SOURCES/tini-5b117de.tar.gz SOURCES/v1.10-migrator-c417a6a.tar.gz diff --git a/SOURCES/docker.service b/SOURCES/docker.service index f9ba7b2..7a53857 100644 --- a/SOURCES/docker.service +++ b/SOURCES/docker.service @@ -3,6 +3,7 @@ Description=Docker Application Container Engine Documentation=http://docs.docker.com After=network.target rhel-push-plugin.socket registries.service Wants=docker-storage-setup.service +Requires=rhel-push-plugin.socket registries.service Requires=docker-cleanup.timer [Service] @@ -18,14 +19,16 @@ Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbin ExecStart=/usr/bin/dockerd-current \ --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current \ --default-runtime=docker-runc \ + --authorization-plugin=rhel-push-plugin \ --exec-opt native.cgroupdriver=systemd \ --userland-proxy-path=/usr/libexec/docker/docker-proxy-current \ + --seccomp-profile=/etc/docker/seccomp.json \ $OPTIONS \ $DOCKER_STORAGE_OPTIONS \ $DOCKER_NETWORK_OPTIONS \ $ADD_REGISTRY \ $BLOCK_REGISTRY \ - $INSECURE_REGISTRY\ + $INSECURE_REGISTRY \ $REGISTRIES ExecReload=/bin/kill -s HUP $MAINPID LimitNOFILE=1048576 diff --git a/SOURCES/seccomp.json b/SOURCES/seccomp.json new file mode 100644 index 0000000..b9a4564 --- /dev/null +++ b/SOURCES/seccomp.json @@ -0,0 +1,701 @@ +{ + "defaultAction": "SCMP_ACT_ERRNO", + "archMap": [ + { + "architecture": "SCMP_ARCH_X86_64", + "subArchitectures": [ + "SCMP_ARCH_X86", + "SCMP_ARCH_X32" + ] + }, + { + "architecture": "SCMP_ARCH_AARCH64", + "subArchitectures": [ + "SCMP_ARCH_ARM" + ] + }, + { + "architecture": "SCMP_ARCH_MIPS64", + "subArchitectures": [ + "SCMP_ARCH_MIPS", + "SCMP_ARCH_MIPS64N32" + ] + }, + { + "architecture": "SCMP_ARCH_MIPS64N32", + "subArchitectures": [ + "SCMP_ARCH_MIPS", + "SCMP_ARCH_MIPS64" + ] + }, + { + "architecture": "SCMP_ARCH_MIPSEL64", + "subArchitectures": [ + "SCMP_ARCH_MIPSEL", + "SCMP_ARCH_MIPSEL64N32" + ] + }, + { + "architecture": "SCMP_ARCH_MIPSEL64N32", + "subArchitectures": [ + "SCMP_ARCH_MIPSEL", + "SCMP_ARCH_MIPSEL64" + ] + }, + { + "architecture": "SCMP_ARCH_S390X", + "subArchitectures": [ + "SCMP_ARCH_S390" + ] + } + ], + "syscalls": [ + { + "names": [ + "accept", + "accept4", + "access", + "alarm", + "alarm", + "bind", + "brk", + "capget", + "capset", + "chdir", + "chmod", + "chown", + "chown32", + "clock_getres", + "clock_gettime", + "clock_nanosleep", + "close", + "connect", + "copy_file_range", + "creat", + "dup", + "dup2", + "dup3", + "epoll_create", + "epoll_create1", + "epoll_ctl", + "epoll_ctl_old", + "epoll_pwait", + "epoll_wait", + "epoll_wait_old", + "eventfd", + "eventfd2", + "execve", + "execveat", + "exit", + "exit_group", + "faccessat", + "fadvise64", + "fadvise64_64", + "fallocate", + "fanotify_mark", + "fchdir", + "fchmod", + "fchmodat", + "fchown", + "fchown32", + "fchownat", + "fcntl", + "fcntl64", + "fdatasync", + "fgetxattr", + "flistxattr", + "flock", + "fork", + "fremovexattr", + "fsetxattr", + "fstat", + "fstat64", + "fstatat64", + "fstatfs", + "fstatfs64", + "fsync", + "ftruncate", + "ftruncate64", + "futex", + "futimesat", + "getcpu", + "getcwd", + "getdents", + "getdents64", + "getegid", + "getegid32", + "geteuid", + "geteuid32", + "getgid", + "getgid32", + "getgroups", + "getgroups32", + "getitimer", + "getpeername", + "getpgid", + "getpgrp", + "getpid", + "getppid", + "getpriority", + "getrandom", + "getresgid", + "getresgid32", + "getresuid", + "getresuid32", + "getrlimit", + "get_robust_list", + "getrusage", + "getsid", + "getsockname", + "getsockopt", + "get_thread_area", + "gettid", + "gettimeofday", + "getuid", + "getuid32", + "getxattr", + "inotify_add_watch", + "inotify_init", + "inotify_init1", + "inotify_rm_watch", + "io_cancel", + "ioctl", + "io_destroy", + "io_getevents", + "ioprio_get", + "ioprio_set", + "io_setup", + "io_submit", + "ipc", + "kill", + "lchown", + "lchown32", + "lgetxattr", + "link", + "linkat", + "listen", + "listxattr", + "llistxattr", + "_llseek", + "lremovexattr", + "lseek", + "lsetxattr", + "lstat", + "lstat64", + "madvise", + "memfd_create", + "mincore", + "mkdir", + "mkdirat", + "mknod", + "mknodat", + "mlock", + "mlock2", + "mlockall", + "mmap", + "mmap2", + "mprotect", + "mq_getsetattr", + "mq_notify", + "mq_open", + "mq_timedreceive", + "mq_timedsend", + "mq_unlink", + "mremap", + "msgctl", + "msgget", + "msgrcv", + "msgsnd", + "msync", + "munlock", + "munlockall", + "munmap", + "nanosleep", + "newfstatat", + "_newselect", + "open", + "openat", + "pause", + "pipe", + "pipe2", + "poll", + "ppoll", + "prctl", + "pread64", + "preadv", + "prlimit64", + "pselect6", + "pwrite64", + "pwritev", + "read", + "readahead", + "readlink", + "readlinkat", + "readv", + "recv", + "recvfrom", + "recvmmsg", + "recvmsg", + "remap_file_pages", + "removexattr", + "rename", + "renameat", + "renameat2", + "restart_syscall", + "rmdir", + "rt_sigaction", + "rt_sigpending", + "rt_sigprocmask", + "rt_sigqueueinfo", + "rt_sigreturn", + "rt_sigsuspend", + "rt_sigtimedwait", + "rt_tgsigqueueinfo", + "sched_getaffinity", + "sched_getattr", + "sched_getparam", + "sched_get_priority_max", + "sched_get_priority_min", + "sched_getscheduler", + "sched_rr_get_interval", + "sched_setaffinity", + "sched_setattr", + "sched_setparam", + "sched_setscheduler", + "sched_yield", + "seccomp", + "select", + "semctl", + "semget", + "semop", + "semtimedop", + "send", + "sendfile", + "sendfile64", + "sendmmsg", + "sendmsg", + "sendto", + "setfsgid", + "setfsgid32", + "setfsuid", + "setfsuid32", + "setgid", + "setgid32", + "setgroups", + "setgroups32", + "setitimer", + "setpgid", + "setpriority", + "setregid", + "setregid32", + "setresgid", + "setresgid32", + "setresuid", + "setresuid32", + "setreuid", + "setreuid32", + "setrlimit", + "set_robust_list", + "setsid", + "setsockopt", + "set_thread_area", + "set_tid_address", + "setuid", + "setuid32", + "setxattr", + "shmat", + "shmctl", + "shmdt", + "shmget", + "shutdown", + "sigaltstack", + "signalfd", + "signalfd4", + "sigreturn", + "socket", + "socketcall", + "socketpair", + "splice", + "stat", + "stat64", + "statfs", + "statfs64", + "symlink", + "symlinkat", + "sync", + "sync_file_range", + "syncfs", + "sysinfo", + "syslog", + "tee", + "tgkill", + "time", + "timer_create", + "timer_delete", + "timerfd_create", + "timerfd_gettime", + "timerfd_settime", + "timer_getoverrun", + "timer_gettime", + "timer_settime", + "times", + "tkill", + "truncate", + "truncate64", + "ugetrlimit", + "umask", + "uname", + "unlink", + "unlinkat", + "utime", + "utimensat", + "utimes", + "vfork", + "vmsplice", + "wait4", + "waitid", + "waitpid", + "write", + "writev", + "mount", + "umount2", + "reboot", + "name_to_handle_at", + "unshare" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": {}, + "excludes": {} + }, + { + "names": [ + "personality" + ], + "action": "SCMP_ACT_ALLOW", + "args": [ + { + "index": 0, + "value": 0, + "valueTwo": 0, + "op": "SCMP_CMP_EQ" + } + ], + "comment": "", + "includes": {}, + "excludes": {} + }, + { + "names": [ + "personality" + ], + "action": "SCMP_ACT_ALLOW", + "args": [ + { + "index": 0, + "value": 8, + "valueTwo": 0, + "op": "SCMP_CMP_EQ" + } + ], + "comment": "", + "includes": {}, + "excludes": {} + }, + { + "names": [ + "personality" + ], + "action": "SCMP_ACT_ALLOW", + "args": [ + { + "index": 0, + "value": 4294967295, + "valueTwo": 0, + "op": "SCMP_CMP_EQ" + } + ], + "comment": "", + "includes": {}, + "excludes": {} + }, + { + "names": [ + "breakpoint", + "cacheflush", + "set_tls" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "arches": [ + "arm", + "arm64" + ] + }, + "excludes": {} + }, + { + "names": [ + "arch_prctl" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "arches": [ + "amd64", + "x32" + ] + }, + "excludes": {} + }, + { + "names": [ + "modify_ldt" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "arches": [ + "amd64", + "x32", + "x86" + ] + }, + "excludes": {} + }, + { + "names": [ + "s390_pci_mmio_read", + "s390_pci_mmio_write", + "s390_runtime_instr" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "arches": [ + "s390", + "s390x" + ] + }, + "excludes": {} + }, + { + "names": [ + "open_by_handle_at" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_DAC_READ_SEARCH" + ] + }, + "excludes": {} + }, + { + "names": [ + "bpf", + "clone", + "fanotify_init", + "lookup_dcookie", + "mount", + "name_to_handle_at", + "perf_event_open", + "setdomainname", + "sethostname", + "setns", + "umount", + "umount2", + "unshare" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_SYS_ADMIN" + ] + }, + "excludes": {} + }, + { + "names": [ + "clone" + ], + "action": "SCMP_ACT_ALLOW", + "args": [ + { + "index": 0, + "value": 2080505856, + "valueTwo": 0, + "op": "SCMP_CMP_MASKED_EQ" + } + ], + "comment": "", + "includes": {}, + "excludes": { + "caps": [ + "CAP_SYS_ADMIN" + ], + "arches": [ + "s390", + "s390x" + ] + } + }, + { + "names": [ + "clone" + ], + "action": "SCMP_ACT_ALLOW", + "args": [ + { + "index": 1, + "value": 2080505856, + "valueTwo": 0, + "op": "SCMP_CMP_MASKED_EQ" + } + ], + "comment": "s390 parameter ordering for clone is different", + "includes": { + "arches": [ + "s390", + "s390x" + ] + }, + "excludes": { + "caps": [ + "CAP_SYS_ADMIN" + ] + } + }, + { + "names": [ + "reboot" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_SYS_BOOT" + ] + }, + "excludes": {} + }, + { + "names": [ + "chroot" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_SYS_CHROOT" + ] + }, + "excludes": {} + }, + { + "names": [ + "delete_module", + "init_module", + "finit_module", + "query_module" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_SYS_MODULE" + ] + }, + "excludes": {} + }, + { + "names": [ + "acct" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_SYS_PACCT" + ] + }, + "excludes": {} + }, + { + "names": [ + "kcmp", + "process_vm_readv", + "process_vm_writev", + "ptrace" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_SYS_PTRACE" + ] + }, + "excludes": {} + }, + { + "names": [ + "iopl", + "ioperm" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_SYS_RAWIO" + ] + }, + "excludes": {} + }, + { + "names": [ + "settimeofday", + "stime", + "adjtimex" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_SYS_TIME" + ] + }, + "excludes": {} + }, + { + "names": [ + "vhangup" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_SYS_TTY_CONFIG" + ] + }, + "excludes": {} + } + ] +} \ No newline at end of file diff --git a/SPECS/docker.spec b/SPECS/docker.spec index 1e904ec..41d573c 100644 --- a/SPECS/docker.spec +++ b/SPECS/docker.spec @@ -24,14 +24,14 @@ # docker %global git_docker https://github.com/projectatomic/docker -%global commit_docker 3e8e77dcb88db0530c839b249bea7d75f9cd01d7 +%global commit_docker 774336db27bb8931c1705e47781b3842d290c968 %global shortcommit_docker %(c=%{commit_docker}; echo ${c:0:7}) # docker_branch used in %%check %global docker_branch %{name}-%{version} # d-s-s %global git_dss https://github.com/projectatomic/container-storage-setup -%global commit_dss 8276a1e9abf9607e82018c96001858d04420208e +%global commit_dss e0997c32103235a3eff8fe6917e6f2d0507c119e %global shortcommit_dss %(c=%{commit_dss}; echo ${c:0:7}) %global dss_libdir %{_exec_prefix}/lib/%{name}-storage-setup @@ -46,9 +46,9 @@ %global shortcommit_novolume %(c=%{commit_novolume}; echo ${c:0:7}) # rhel-push-plugin -#%global git_rhel_push https://github.com/projectatomic/rhel-push-plugin -#%global commit_rhel_push af9107b2aedb235338e32a3c19507cad3f218b0d -#%global shortcommit_rhel_push %(c=%{commit_rhel_push}; echo ${c:0:7}) +%global git_rhel_push https://github.com/projectatomic/rhel-push-plugin +%global commit_rhel_push af9107b2aedb235338e32a3c19507cad3f218b0d +%global shortcommit_rhel_push %(c=%{commit_rhel_push}; echo ${c:0:7}) # docker-lvm-plugin %global git_lvm https://github.com/projectatomic/%{repo}-lvm-plugin @@ -57,25 +57,35 @@ # docker-runc %global git_runc https://github.com/projectatomic/runc -%global commit_runc c5d311627d39439c5b1cc35c67a51c9c6ccda648 +%global commit_runc e9c345b3f906d5dc5e8100b05ce37073a811c74a %global shortcommit_runc %(c=%{commit_runc}; echo ${c:0:7}) # docker-containerd %global git_containerd https://github.com/projectatomic/containerd -%global commit_containerd fa8fb3d455e1baf716f3131581f0ed8b07c573a6 +%global commit_containerd 296f1f80d6c6a83cc625163f863e53d3287328ee %global shortcommit_containerd %(c=%{commit_containerd}; echo ${c:0:7}) +# docker-init +%global git_tini https://github.com/krallin/tini +%global commit_tini 5b117de7f824f3d3825737cf09581645abbe35d4 +%global shortcommit_tini %(c=%{commit_tini}; echo ${c:0:7}) + +# docker-proxy +%global git_libnetwork https://github.com/docker/libnetwork +%global commit_libnetwork 14db3c494c259b8caa159a244a8e9708e3f4b595 +%global shortcommit_libnetwork %(c=%{commit_libnetwork}; echo ${c:0:7}) + Name: %{repo} Epoch: 2 -Version: 1.12.6 -Release: 71.git%{shortcommit_docker}%{?dist}.1 +Version: 1.13.1 +Release: 53.git%{shortcommit_docker}%{?dist} Summary: Automates deployment of containerized applications License: ASL 2.0 URL: https://%{import_path} Source0: %{git_docker}/archive/%{commit_docker}.tar.gz Source2: %{git_dss}/archive/%{commit_dss}/container-storage-setup-%{shortcommit_dss}.tar.gz Source4: %{git_novolume}/archive/%{commit_novolume}/%{repo}-novolume-plugin-%{shortcommit_novolume}.tar.gz -#Source5: %{git_rhel_push}/archive/%{commit_rhel_push}/rhel-push-plugin-%{shortcommit_rhel_push}.tar.gz +Source5: %{git_rhel_push}/archive/%{commit_rhel_push}/rhel-push-plugin-%{shortcommit_rhel_push}.tar.gz Source6: %{git_lvm}/archive/%{commit_lvm}/%{repo}-lvm-plugin-%{shortcommit_lvm}.tar.gz Source8: %{name}.service Source9: %{name}.sysconfig @@ -96,6 +106,10 @@ Source25: %{name}-cleanup.service Source26: %{name}-cleanup.timer Source27: daemon.json Source29: 99-docker.conf +Source30: %{git_tini}/archive/%{commit_tini}/tini-%{shortcommit_tini}.tar.gz +Source31: %{git_libnetwork}/archive/%{commit_libnetwork}/libnetwork-%{shortcommit_libnetwork}.tar.gz +Source32: seccomp.json +BuildRequires: cmake BuildRequires: sed BuildRequires: git BuildRequires: glibc-static @@ -163,12 +177,12 @@ running and skip checksum calculation on startup. Summary: Common files for docker and docker-latest Requires: device-mapper-libs >= 7:1.02.97 Requires: oci-umount >= 2:2.0.0-1 -Requires: oci-register-machine >= 1:0-3.14 +Requires: oci-register-machine >= 1:0-5.13 Requires: oci-systemd-hook >= 1:0.1.4-9 -#Requires: %{name}-rhel-push-plugin = %{epoch}:%{version}-%{release} -#Requires: subscription-manager-plugin-container +Requires: %{name}-rhel-push-plugin = %{epoch}:%{version}-%{release} +Requires: subscription-manager-plugin-container Requires: xz -#Requires: atomic-registries +Requires: atomic-registries Requires: container-selinux >= 2:2.21-2 Requires: container-storage-setup >= 0.7.0-1 # rhbz#1214070 - update deps for d-s-s @@ -176,7 +190,7 @@ Requires: lvm2 >= 2.02.112 Requires: xfsprogs # rhbz#1282898 - obsolete docker-storage-setup Obsoletes: %{name}-storage-setup <= 0.0.4-2 -Requires: skopeo-containers >= 0.1.24-3 +Requires: skopeo-containers >= 1:0.1.26-2 Requires: gnupg Requires: tar @@ -218,16 +232,16 @@ local volumes defined. In particular, the plugin will block `docker run` with: The only thing allowed will be just bind mounts. -#%package rhel-push-plugin -#License: GPLv2 -#Summary: Avoids pushing a RHEL-based image to docker.io registry +%package rhel-push-plugin +License: GPLv2 +Summary: Avoids pushing a RHEL-based image to docker.io registry -#%description rhel-push-plugin -#In order to use this plugin you must be running at least Docker 1.10 which -#has support for authorization plugins. +%description rhel-push-plugin +In order to use this plugin you must be running at least Docker 1.10 which +has support for authorization plugins. -#This plugin avoids any RHEL based image to be pushed to the default docker.io -#registry preventing users to violate the RH subscription agreement. +This plugin avoids any RHEL based image to be pushed to the default docker.io +registry preventing users to violate the RH subscription agreement. %package lvm-plugin License: LGPLv3 @@ -250,7 +264,7 @@ tar zxf %{SOURCE2} tar zxf %{SOURCE4} # untar rhel-push-plugin -#tar zxf %{SOURCE5} +tar zxf %{SOURCE5} # untar lvm-plugin tar zxf %{SOURCE6} @@ -286,18 +300,32 @@ tar zxf %{SOURCE19} # untar docker-containerd tar zxf %{SOURCE20} +# untar docker-init +tar zxf %{SOURCE30} + +# untar libnetwork +tar zxf %{SOURCE31} + %build +# compile docker-proxy first - otherwise deps in gopath conflict with the others below and this fails. Remove libnetwork libs then. +pushd libnetwork-%{commit_libnetwork} +mkdir -p src/github.com/%{repo}/libnetwork +ln -s $(pwd)/* src/github.com/%{repo}/libnetwork +export GOPATH=$(pwd) +go build -ldflags="-linkmode=external" -o %{repo}-proxy github.com/%{repo}/libnetwork/cmd/proxy +popd + mkdir _build %global version_tag %{name}-%{version}-%{release}.%{_arch} -%{__sed} -r -i 's/^([\t ]*PkgVersion:[\t ]*)"",$/\1"%{version_tag}",/' daemon/info.go -%{__sed} -r -i 's/^([\t ]*PkgVersion:[\t ]*)"",$/\1"%{version_tag}",/' api/client/system/version.go +#%%{__sed} -r -i 's/^([\t ]*PkgVersion:[\t ]*)"",$/\1"%{version_tag}",/' daemon/info.go +#%%{__sed} -r -i 's/^([\t ]*PkgVersion:[\t ]*)"",$/\1"%{version_tag}",/' api/client/system/version.go pushd _build mkdir -p src/%{provider}.%{provider_tld}/{%{name},projectatomic} ln -s $(dirs +1 -l) src/%{import_path} ln -s $(dirs +1 -l)/%{repo}-novolume-plugin-%{commit_novolume} src/%{provider}.%{provider_tld}/projectatomic/%{repo}-novolume-plugin -# ln -s $(dirs +1 -l)/rhel-push-plugin-%{commit_rhel_push} src/%{provider}.%{provider_tld}/projectatomic/rhel-push-plugin + ln -s $(dirs +1 -l)/rhel-push-plugin-%{commit_rhel_push} src/%{provider}.%{provider_tld}/projectatomic/rhel-push-plugin ln -s $(dirs +1 -l)/%{repo}-lvm-plugin-%{commit_lvm} src/%{provider}.%{provider_tld}/projectatomic/%{repo}-lvm-plugin popd @@ -306,10 +334,10 @@ pushd $(pwd)/_build/src %gobuild %{provider}.%{provider_tld}/projectatomic/%{repo}-novolume-plugin popd -#export GOPATH=$(pwd)/rhel-push-plugin-%{commit_rhel_push}/Godeps/_workspace:$(pwd)/_build -#pushd $(pwd)/_build/src -#%gobuild %{provider}.%{provider_tld}/projectatomic/rhel-push-plugin -#popd +export GOPATH=$(pwd)/rhel-push-plugin-%{commit_rhel_push}/Godeps/_workspace:$(pwd)/_build +pushd $(pwd)/_build/src +%gobuild %{provider}.%{provider_tld}/projectatomic/rhel-push-plugin +popd export GOPATH=$(pwd)/%{repo}-lvm-plugin-%{commit_lvm}/vendor:$(pwd)/_build pushd $(pwd)/_build/src @@ -323,7 +351,7 @@ export GOPATH=$(pwd)/_build:$(pwd)/vendor:%{gopath} # build %%{name} manpages man/md2man-all.sh go-md2man -in %{repo}-novolume-plugin-%{commit_novolume}/man/%{repo}-novolume-plugin.8.md -out %{repo}-novolume-plugin.8 -#go-md2man -in rhel-push-plugin-%{commit_rhel_push}/man/rhel-push-plugin.8.md -out rhel-push-plugin.8 +go-md2man -in rhel-push-plugin-%{commit_rhel_push}/man/rhel-push-plugin.8.md -out rhel-push-plugin.8 go-md2man -in %{repo}-lvm-plugin-%{commit_lvm}/man/%{repo}-lvm-plugin.8.md -out %{repo}-lvm-plugin.8 # build %%{name} binary @@ -351,6 +379,12 @@ pushd containerd-%{commit_containerd} make popd +# build docker-init +pushd tini-%{commit_tini} +cmake -DMINIMAL=ON . +make tini-static +popd + %install # install binary install -d %{buildroot}%{_bindir} @@ -370,11 +404,18 @@ for x in bundles/latest; do continue fi rm $x/dynbinary-daemon/*.{md5,sha256} - install -p -m 755 $x/dynbinary-daemon/%{repo}-proxy-* %{buildroot}%{_libexecdir}/%{repo}/%{repo}-proxy-current install -p -m 755 $x/dynbinary-daemon/%{repo}d-* %{buildroot}%{_bindir}/%{repo}d-current break done +# install daemon.json and seccomp.json +install -dp %{buildroot}%{_sysconfdir}/%{name} +install -p -m 644 %{SOURCE32} %{buildroot}%{_sysconfdir}/%{name} + +#install docker-proxy +install -d %{buildroot}%{_libexecdir}/%{repo} +install -p -m 755 libnetwork-%{commit_libnetwork}/%{repo}-proxy %{buildroot}%{_libexecdir}/%{repo}/%{repo}-proxy-current + install -dp %{buildroot}%{_sysconfdir}/%{name} install -p -m 644 %{SOURCE27} %{buildroot}%{_sysconfdir}/%{name} @@ -466,12 +507,12 @@ install -d %{buildroot}%{_mandir}/man8 install -p -m 644 %{repo}-novolume-plugin.8 %{buildroot}%{_mandir}/man8 # install rhel-push-plugin executable, unitfile, socket and man -#install -d %{buildroot}%{_libexecdir}/%{repo} -#install -p -m 755 _build/src/rhel-push-plugin %{buildroot}%{_libexecdir}/%{repo}/rhel-push-plugin -#install -p -m 644 rhel-push-plugin-%{commit_rhel_push}/systemd/rhel-push-plugin.service %{buildroot}%{_unitdir}/rhel-push-plugin.service -#install -p -m 644 rhel-push-plugin-%{commit_rhel_push}/systemd/rhel-push-plugin.socket %{buildroot}%{_unitdir}/rhel-push-plugin.socket -#install -d %{buildroot}%{_mandir}/man8 -#install -p -m 644 rhel-push-plugin.8 %{buildroot}%{_mandir}/man8 +install -d %{buildroot}%{_libexecdir}/%{repo} +install -p -m 755 _build/src/rhel-push-plugin %{buildroot}%{_libexecdir}/%{repo}/rhel-push-plugin +install -p -m 644 rhel-push-plugin-%{commit_rhel_push}/systemd/rhel-push-plugin.service %{buildroot}%{_unitdir}/rhel-push-plugin.service +install -p -m 644 rhel-push-plugin-%{commit_rhel_push}/systemd/rhel-push-plugin.socket %{buildroot}%{_unitdir}/rhel-push-plugin.socket +install -d %{buildroot}%{_mandir}/man8 +install -p -m 644 rhel-push-plugin.8 %{buildroot}%{_mandir}/man8 # install %%{repo}-lvm-plugin executable, unitfile, socket and man install -d %{buildroot}/%{_libexecdir}/%{repo} @@ -502,6 +543,10 @@ install -p -m 755 containerd-%{commit_containerd}/bin/ctr %{buildroot}%{_bindir} install -d -p %{buildroot}%{_usr}/lib/sysctl.d install -p -m 644 %{SOURCE29} %{buildroot}%{_usr}/lib/sysctl.d +#install tini +install -d %{buildroot}%{_libexecdir}/%{repo} +install -p -m 755 tini-%{commit_tini}/tini-static %{buildroot}%{_libexecdir}/%{repo}/%{repo}-init-current + %check [ ! -w /run/%{name}.sock ] || { mkdir test_dir @@ -547,14 +592,32 @@ exit 0 %postun novolume-plugin %systemd_postun_with_restart %{name}-novolume-plugin.service -#%post rhel-push-plugin -#%systemd_post rhel-push-plugin.service - -#%preun rhel-push-plugin -#%systemd_preun rhel-push-plugin.service - -#%postun rhel-push-plugin -#%systemd_postun_with_restart rhel-push-plugin.service +%post rhel-push-plugin +%systemd_post rhel-push-plugin.service + +%preun rhel-push-plugin +%systemd_preun rhel-push-plugin.service + +%postun rhel-push-plugin +%systemd_postun_with_restart rhel-push-plugin.service + +%posttrans +# Install a default docker-storage-setup based on kernel version. +if [ ! -e %{_sysconfdir}/sysconfig/%{name}-storage-setup ]; then + # Import /etc/os-release + . %{_sysconfdir}/os-release || : + + case "$VERSION_ID" in + 7.0 | 7.1 | 7.2 | 7.3 | 7.4) + echo "STORAGE_DRIVER=devicemapper" >> %{_sysconfdir}/sysconfig/%{name}-storage-setup || : + echo "CONTAINER_THINPOOL=docker-pool" >> %{_sysconfdir}/sysconfig/%{name}-storage-setup || : + ;; + *) + # 7.5 onwards, switch to overlay2 by default. + echo "STORAGE_DRIVER=overlay2" >> %{_sysconfdir}/sysconfig/%{name}-storage-setup || : + ;; + esac +fi #define license tag if not already defined %{!?_licensedir:%global license %doc} @@ -564,8 +627,11 @@ exit 0 %doc AUTHORS CHANGELOG.md CONTRIBUTING.md MAINTAINERS NOTICE README*.md %config(noreplace) %attr(644, root, root) %{_sysconfdir}/sysconfig/%{name}-storage %config(noreplace) %{_sysconfdir}/sysconfig/%{name}-network -%config(noreplace) %{_sysconfdir}/sysconfig/%{name}-storage-setup +# Use ghost to not package default file installed by "make install-docker". +# Instead we will install a default based on kernel version in %posttrans. +%ghost %{_sysconfdir}/sysconfig/%{name}-storage-setup %config(noreplace) %{_sysconfdir}/%{name}/daemon.json +%config(noreplace) %{_sysconfdir}/%{name}/seccomp.json %dir %{_sysconfdir}/%{name} %{_bindir}/%{name}d-current %{_bindir}/%{name}-storage-setup @@ -591,10 +657,10 @@ exit 0 %{_datadir}/vim/vimfiles/syntax/%{name}file.vim %dir %{_datadir}/zsh/site-functions %{_datadir}/zsh/site-functions/_%{name} -# 1.12 specific %dir %{_libexecdir}/%{repo} %{_libexecdir}/%{repo}/%{repo}-runc-current %{_libexecdir}/%{repo}/%{repo}-proxy-current +%{_libexecdir}/%{repo}/%{repo}-init-current %{_unitdir}/%{name}-cleanup.service %{_unitdir}/%{name}-cleanup.timer #%%{_unitdir}/%%{repo}-containerd.service @@ -629,12 +695,12 @@ exit 0 %{_libexecdir}/%{repo}/%{repo}-novolume-plugin %{_unitdir}/%{repo}-novolume-plugin.* -#%files rhel-push-plugin -#%license rhel-push-plugin-%{commit_rhel_push}/LICENSE -#%doc rhel-push-plugin-%{commit_rhel_push}/README.md -#%{_mandir}/man8/rhel-push-plugin.8.gz -#%{_libexecdir}/%{repo}/rhel-push-plugin -#%{_unitdir}/rhel-push-plugin.* +%files rhel-push-plugin +%license rhel-push-plugin-%{commit_rhel_push}/LICENSE +%doc rhel-push-plugin-%{commit_rhel_push}/README.md +%{_mandir}/man8/rhel-push-plugin.8.gz +%{_libexecdir}/%{repo}/rhel-push-plugin +%{_unitdir}/rhel-push-plugin.* %files lvm-plugin %license %{repo}-lvm-plugin-%{commit_lvm}/LICENSE @@ -650,8 +716,70 @@ exit 0 %{_bindir}/%{name}-v1.10-migrator-* %changelog -* Mon Jan 29 2018 Johnny Hughes - 2:1.12.6-71.git3e8e77d -- Manual CentOS Debranding +* Tue Feb 20 2018 Lokesh Mandvekar - 2:1.13.1-53.git774336d +- Resolves: #1540540 +- built docker @projectatomic/docker-1.13.1-rhel commit 774336d +- built docker-novolume-plugin commit 385ec70 +- built rhel-push-plugin commit af9107b +- built docker-lvm-plugin commit 8647404 +- built docker-runc @projectatomic/docker-1.13.1-rhel commit e9c345b +- built docker-containerd @projectatomic/docker-1.13.1-rhel commit 296f1f8 +- built docker-init commit 5b117de +- built libnetwork commit 14db3c4 + +* Mon Feb 12 2018 Lokesh Mandvekar - 2:1.13.1-52.gitce62987 +- Resolves: #1534827, #1543575 +- built docker @projectatomic/docker-1.13.1-rhel commit ce62987 +- built docker-novolume-plugin commit 385ec70 +- built rhel-push-plugin commit af9107b +- built docker-lvm-plugin commit 8647404 +- built docker-runc @projectatomic/docker-1.13.1-rhel commit e9c345b +- built docker-containerd @projectatomic/docker-1.13.1-rhel commit 296f1f8 +- built docker-init commit 0effd37 +- built libnetwork commit 1ba8194 + +* Mon Feb 05 2018 Lokesh Mandvekar - 2:1.13.1-48.gitec9911e +- Resolves: #1536726 - bump skopeo-containers dependency + +* Mon Feb 05 2018 Lokesh Mandvekar - 2:1.13.1-47.gitec9911e +- oci-register-machine >= 1:0-5.13 (RE: #1542112) + +* Mon Feb 05 2018 Lokesh Mandvekar - 2:1.13.1-46.gitec9911e +- Resolves: #1542112 - depend on oci-register-machine (disabled in config file) +- revert removal of oci-register-machine done in 2:1.13.1-1 + +* Thu Feb 01 2018 Lokesh Mandvekar - 2:1.13.1-45.gitec9911e +- c-s-s >= 0.7.0-1 + +* Thu Feb 01 2018 Lokesh Mandvekar - 2:1.13.1-44.gitec9911e +- built docker @projectatomic/docker-1.13.1-rhel commit ec9911e +- built docker-novolume-plugin commit 385ec70 +- built rhel-push-plugin commit af9107b +- built docker-lvm-plugin commit 8647404 +- built docker-runc @projectatomic/docker-1.13.1-rhel commit 518736e +- built docker-containerd @projectatomic/docker-1.13.1-rhel commit 296f1f8 +- built docker-init commit 0effd37 +- built libnetwork commit 20dd462 + +* Tue Jan 30 2018 Lokesh Mandvekar - 2:1.13.1-43.gitec9911e +- built docker @projectatomic/docker-1.13.1-rhel commit ec9911e +- built docker-novolume-plugin commit 385ec70 +- built rhel-push-plugin commit af9107b +- built docker-lvm-plugin commit 8647404 +- built docker-runc @projectatomic/docker-1.13.1-rhel commit 518736e +- built docker-containerd @projectatomic/docker-1.13.1-rhel commit 296f1f8 +- built docker-init commit 0effd37 +- built libnetwork commit 20dd462 + +* Wed Jan 24 2018 Lokesh Mandvekar - 2:1.13.1-1.gitddee18e +- built docker @projectatomic/docker-1.13.1-rhel commit ddee18e +- built docker-novolume-plugin commit 385ec70 +- built rhel-push-plugin commit af9107b +- built docker-lvm-plugin commit 8647404 +- built docker-runc @projectatomic/docker-1.13.1-rhel commit 518736e +- built docker-containerd @projectatomic/docker-1.13.1-rhel commit 296f1f8 +- built docker-init commit 0effd37 +- built libnetwork commit 5ab4ab8 * Wed Dec 13 2017 Frantisek Kluknavsky - 2:1.12.6-71.git3e8e77d - rebased to 3e8e77dcb88db0530c839b249bea7d75f9cd01d7