diff --git a/.docker.metadata b/.docker.metadata
index 843bd49..92ef6a3 100644
--- a/.docker.metadata
+++ b/.docker.metadata
@@ -1,4 +1,10 @@
-2c797ff524192f7f42ecfdfc4002ab1b980616e3 SOURCES/ab77bdeb3e2c012f3b533c35205c7a322d742f94.tar.gz
+bf9ba387ce9370bef4e9459f64ecd4160c32d17e SOURCES/a46c31af70ca8d15521e312ad9ef7085cfe2fd3f.tar.gz
+7d706c08f937dcd01d21ddaf547cb05d533ac455 SOURCES/docker-lvm-plugin-3253f53.tar.gz
+2dddc870e61fcc8c241241732095b82745df66f6 SOURCES/docker-novolume-plugin-7715854.tar.gz
c21df049e5ca6d1a73889d4a1914c70d6a462839 SOURCES/docker-selinux-032bcda.tar.gz
-b0e0da091dd20fae0a530747368e8ac63ec63d36 SOURCES/docker-storage-setup-df2af94.tar.gz
+438281979dc1753204e4f0d3db374447d05d2252 SOURCES/docker-storage-setup-194eca2.tar.gz
42759a4937aecbd2cd1d00de8a54aa3615c3e7bc SOURCES/forward-journald-77e02a9.tar.gz
+aeb9c5327ae3bb13ab1225381aaaa101be07eb5a SOURCES/oci-register-machine-7d4ce65.tar.gz
+554d10567d678b74cd4b0879ddfaf3b98002d3ff SOURCES/oci-systemd-hook-41491a3.tar.gz
+d4af166d2fdf0fdab5b7bd89294372b836959b75 SOURCES/rhel-push-plugin-1a0046f.tar.gz
+ea4b3d96c46fccb6781d66a6c53c087b179c80fe SOURCES/v1.10-migrator-c417a6a.tar.gz
diff --git a/.gitignore b/.gitignore
index 1eb266b..e54e9de 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,10 @@
-SOURCES/ab77bdeb3e2c012f3b533c35205c7a322d742f94.tar.gz
+SOURCES/a46c31af70ca8d15521e312ad9ef7085cfe2fd3f.tar.gz
+SOURCES/docker-lvm-plugin-3253f53.tar.gz
+SOURCES/docker-novolume-plugin-7715854.tar.gz
SOURCES/docker-selinux-032bcda.tar.gz
-SOURCES/docker-storage-setup-df2af94.tar.gz
+SOURCES/docker-storage-setup-194eca2.tar.gz
SOURCES/forward-journald-77e02a9.tar.gz
+SOURCES/oci-register-machine-7d4ce65.tar.gz
+SOURCES/oci-systemd-hook-41491a3.tar.gz
+SOURCES/rhel-push-plugin-1a0046f.tar.gz
+SOURCES/v1.10-migrator-c417a6a.tar.gz
diff --git a/SOURCES/docker.service b/SOURCES/docker.service
index 5f85a23..98ae2e8 100644
--- a/SOURCES/docker.service
+++ b/SOURCES/docker.service
@@ -3,6 +3,7 @@ Description=Docker Application Container Engine
Documentation=http://docs.docker.com
After=network.target
Wants=docker-storage-setup.service
+Requires=rhel-push-plugin.socket
[Service]
Type=notify
@@ -11,7 +12,10 @@ EnvironmentFile=-/etc/sysconfig/docker
EnvironmentFile=-/etc/sysconfig/docker-storage
EnvironmentFile=-/etc/sysconfig/docker-network
Environment=GOTRACEBACK=crash
-ExecStart=/bin/sh -c '/usr/bin/docker-current daemon $OPTIONS \
+ExecStart=/bin/sh -c '/usr/bin/docker-current daemon \
+ --authorization-plugin=rhel-push-plugin \
+ --exec-opt native.cgroupdriver=systemd \
+ $OPTIONS \
$DOCKER_STORAGE_OPTIONS \
$DOCKER_NETWORK_OPTIONS \
$ADD_REGISTRY \
@@ -21,8 +25,8 @@ ExecStart=/bin/sh -c '/usr/bin/docker-current daemon $OPTIONS \
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity
-MountFlags=slave
TimeoutStartSec=0
+MountFlags=slave
Restart=on-abnormal
StandardOutput=null
StandardError=null
diff --git a/SOURCES/docker.sysconfig b/SOURCES/docker.sysconfig
index 04b81bb..77bfe74 100644
--- a/SOURCES/docker.sysconfig
+++ b/SOURCES/docker.sysconfig
@@ -1,15 +1,14 @@
# /etc/sysconfig/docker
# Modify these options if you want to change the way the docker daemon runs
-OPTIONS='--selinux-enabled'
-
+OPTIONS='--selinux-enabled --log-driver=journald'
DOCKER_CERT_PATH=/etc/docker
# If you want to add your own registry to be used for docker search and docker
# pull use the ADD_REGISTRY option to list a set of registries, each prepended
# with --add-registry flag. The first registry added will be the first registry
# searched.
-#ADD_REGISTRY='--add-registry registry.access.redhat.com'
+ADD_REGISTRY='--add-registry registry.access.redhat.com'
# If you want to block registries from being used, uncomment the BLOCK_REGISTRY
# option and give it a set of registries, each prepended with --block-registry
diff --git a/SOURCES/v1.10-migrator-helper b/SOURCES/v1.10-migrator-helper
new file mode 100644
index 0000000..2ab1727
--- /dev/null
+++ b/SOURCES/v1.10-migrator-helper
@@ -0,0 +1,65 @@
+#!/bin/bash
+
+# Copyright (C) 2016 Red Hat, Inc.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+
+set -euo pipefail
+IFS=$'\n\t'
+
+# This is a small wrapper script that automatically fetches
+# the storage options from the docker-storage sysconfig file
+# and passes them to the migrator.
+#
+# The script supports both in-container runs and direct
+# invocation.
+
+MIGRATOR=/usr/bin/v1.10-migrator-local
+STORAGE_FILE=/etc/sysconfig/docker-storage
+GRAPH=/var/lib/docker
+
+main() {
+
+ # are we in a container?
+ if [[ -n ${container-} ]]; then
+
+ if [[ ! -d /host ]]; then
+ echo "ERROR: Running inside a container, but /host not mounted." >&2
+ exit 1
+ fi
+
+ cp "$MIGRATOR" /host/tmp
+ MIGRATOR="chroot /host /tmp/$(basename $MIGRATOR)"
+ STORAGE_FILE=/host${STORAGE_FILE}
+ fi
+
+ if [ ! -d "$GRAPH" ]; then
+ echo "ERROR: Cannot find docker root dir at \"$GRAPH\"." >&2
+ exit 1
+ fi
+
+ # load storage opts if we can find the file
+ local storage_opts=
+ if [ -r "$STORAGE_FILE" ] && grep -q -E '^DOCKER_STORAGE_OPTIONS\s*=' "$STORAGE_FILE"; then
+ storage_opts=$(sed -n -e 's/^DOCKER_STORAGE_OPTIONS\s*=\s*// p' "$STORAGE_FILE")
+ storage_opts=${storage_opts#\"}
+ storage_opts=${storage_opts%\"}
+ fi
+
+ CMD="$MIGRATOR --graph $GRAPH $storage_opts"
+ echo "RUNNING: $CMD"
+ eval $CMD
+}
+
+main "$@"
diff --git a/SPECS/docker.spec b/SPECS/docker.spec
index 728cdb7..8d264cf 100644
--- a/SPECS/docker.spec
+++ b/SPECS/docker.spec
@@ -21,25 +21,57 @@
# docker
%global git0 https://github.com/projectatomic/docker
-%global commit0 ab77bdeb3e2c012f3b533c35205c7a322d742f94
+%global commit0 a46c31af70ca8d15521e312ad9ef7085cfe2fd3f
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
+# docker_branch used in %%check
+%global docker_branch rhel7-1.10.3
-# d-s-s
-%global git1 https://github.com/projectatomic/docker-storage-setup
-%global commit1 df2af9439577cedc2c502512d887c8df10a33cbf
+# docker-selinux
+%global git1 https://github.com/projectatomic/docker-selinux
+%global commit1 032bcda7b1eb6d9d75d3c0ce64d9d35cdb9c7b85
%global shortcommit1 %(c=%{commit1}; echo ${c:0:7})
-%global dss_libdir %{_exec_prefix}/lib/%{name}-storage-setup
-# docker-selinux
-%global git2 https://github.com/projectatomic/docker-selinux
-%global commit2 032bcda7b1eb6d9d75d3c0ce64d9d35cdb9c7b85
+# d-s-s
+%global git2 https://github.com/projectatomic/docker-storage-setup
+%global commit2 194eca25fd0d180b62f3ecf1b7b408992fd6a083
%global shortcommit2 %(c=%{commit2}; echo ${c:0:7})
+%global dss_libdir %{_exec_prefix}/lib/%{name}-storage-setup
# forward-journald
-%global git6 https://github.com/projectatomic/forward-journald
-%global commit6 77e02a9774a6ca054e41c27f6f319d701f1cbaea
+%global git3 https://github.com/projectatomic/forward-journald
+%global commit3 77e02a9774a6ca054e41c27f6f319d701f1cbaea
+%global shortcommit3 %(c=%{commit3}; echo ${c:0:7})
+
+# docker-novolume-plugin
+%global git4 https://github.com/projectatomic/%{repo}-novolume-plugin
+%global commit4 7715854b5f3ccfdbf005c9e95d6e9afcaae9376a
+%global shortcommit4 %(c=%{commit4}; echo ${c:0:7})
+
+# rhel-push-plugin
+%global git5 https://github.com/projectatomic/rhel-push-plugin
+%global commit5 1a0046fc57606e329223748391d90284f2346565
+%global shortcommit5 %(c=%{commit5}; echo ${c:0:7})
+
+# docker-lvm-plugin
+%global git6 https://github.com/projectatomic/%{repo}-lvm-plugin
+%global commit6 3253f53a791f61397fa77478904c87460a9258ca
%global shortcommit6 %(c=%{commit6}; echo ${c:0:7})
+# v1.10-migrator
+%global git7 https://github.com/%{repo}/v1.10-migrator
+%global commit7 c417a6a022c5023c111662e8280f885f6ac259be
+%global shortcommit7 %(c=%{commit7}; echo ${c:0:7})
+
+# oci-register-machine
+%global git16 https://github.com/projectatomic/oci-register-machine
+%global commit16 7d4ce654a2eaf282d16fd43f20130b3cf69b70c2
+%global shortcommit16 %(c=%{commit16}; echo ${c:0:7})
+
+# oci-systemd-hook
+%global git17 https://github.com/projectatomic/oci-systemd-hook
+%global commit17 41491a3c73193527487fb502026d41d3f0aad1aa
+%global shortcommit17 %(c=%{commit17}; echo ${c:0:7})
+
# %%{name}-selinux stuff (prefix with ds_ for version/release etc.)
# Some bits borrowed from the openstack-selinux package
%global selinuxtype targeted
@@ -62,29 +94,35 @@
%endif
Name: %{repo}
-Version: 1.9.1
-Release: 40%{?dist}
+Version: 1.10.3
+Release: 44%{?dist}
Summary: Automates deployment of containerized applications
License: ASL 2.0
URL: https://%{import_path}
# only x86_64 for now: https://%%{provider}.%%{provider_tld}/%%{name}/%%{name}/issues/136
ExclusiveArch: x86_64
# Branch used available at
-# https://%%{provider}.%%{provider_tld}/projectatomic/%%{name}/commits/rhel7-1.9
+# https://%%{provider}.%%{provider_tld}/projectatomic/%%{name}/commits/rhel7-1.10.3
Source0: %{git0}/archive/%{commit0}.tar.gz
-Source1: %{name}.service
-Source3: %{name}.sysconfig
-Source4: %{name}-storage.sysconfig
-Source5: %{name}-logrotate.sh
-Source6: README.%{name}-logrotate
-Source7: %{name}-network.sysconfig
-# Source12 is the source tarball for %%{name}-selinux
-Source12: %{git2}/archive/%{commit2}/%{name}-selinux-%{shortcommit2}.tar.gz
-# Source13 is the source tarball for %%{name}-storage-setup
-Source13: %{git1}/archive/%{commit1}/%{name}-storage-setup-%{shortcommit1}.tar.gz
-Source14: %{git6}/archive/%{commit6}/forward-journald-%{shortcommit6}.tar.gz
-Source15: %{name}-common.sh
-Source16: README-%{name}-common
+Source1: %{git1}/archive/%{commit1}/%{name}-selinux-%{shortcommit1}.tar.gz
+Source2: %{git2}/archive/%{commit2}/%{name}-storage-setup-%{shortcommit2}.tar.gz
+Source3: %{git3}/archive/%{commit3}/forward-journald-%{shortcommit3}.tar.gz
+Source4: %{git4}/archive/%{commit4}/%{name}-novolume-plugin-%{shortcommit4}.tar.gz
+Source5: %{git5}/archive/%{commit5}/rhel-push-plugin-%{shortcommit5}.tar.gz
+Source6: %{git6}/archive/%{commit6}/%{name}-lvm-plugin-%{shortcommit6}.tar.gz
+Source7: %{git7}/archive/%{commit7}/v1.10-migrator-%{shortcommit7}.tar.gz
+Source8: %{name}.service
+Source9: %{name}.sysconfig
+Source10: %{name}-storage.sysconfig
+Source11: %{name}-network.sysconfig
+Source12: %{name}-logrotate.sh
+Source13: README.%{name}-logrotate
+Source14: %{name}-common.sh
+Source15: README-%{name}-common
+Source16: %{git16}/archive/%{commit16}/oci-register-machine-%{shortcommit16}.tar.gz
+Source17: %{git17}/archive/%{commit17}/oci-systemd-hook-%{shortcommit17}.tar.gz
+Source18: v1.10-migrator-helper
+BuildRequires: git
BuildRequires: glibc-static
BuildRequires: golang >= 1.4.2
BuildRequires: device-mapper-devel
@@ -93,6 +131,7 @@ BuildRequires: btrfs-progs-devel
BuildRequires: sqlite-devel
BuildRequires: go-md2man >= 1.0.4
BuildRequires: pkgconfig(systemd)
+BuildRequires: libseccomp-devel
Requires: %{name}-common = %{version}-%{release}
Requires(post): systemd
Requires(preun): systemd
@@ -100,13 +139,18 @@ Requires(postun): systemd
# need xz to work with ubuntu images
Requires: xz
Requires: device-mapper-libs >= 7:1.02.97
-#Requires: subscription-manager
+Requires: subscription-manager
+Requires: %{name}-rhel-push-plugin = %{version}-%{release}
+Requires: oci-register-machine = %{version}-%{release}
+Requires: oci-systemd-hook = %{version}-%{release}
Provides: lxc-%{name} = %{version}-%{release}
Provides: %{name}-io = %{version}-%{release}
# RE: rhbz#1195804 - ensure min NVR for selinux-policy
Requires: selinux-policy >= 3.13.1-23
Requires(pre): %{name}-selinux >= %{version}-%{release}
+# rhbz#1300076
+Requires: %{name}-forward-journald = %{version}-%{release}
# rhbz#1214070 - update deps for d-s-s
Requires: lvm2 >= 2.02.112
@@ -115,8 +159,6 @@ Requires: xfsprogs
# rhbz#1282898 - obsolete docker-storage-setup
Obsoletes: %{name}-storage-setup <= 0.0.4-2
-# rhbz#1300076
-Requires: %{name}-forward-journald = %{version}-%{release}
%description
Docker is an open-source engine that automates the deployment of any
@@ -179,20 +221,145 @@ This package contains the common files %{_bindir}/%{name} which will point to
%{_bindir}/%{name}-current or %{_bindir}/%{name}-latest configurable via
%{_sysconfdir}/sysconfig/%{repo}
+%package novolume-plugin
+URL: %{git4}
+License: MIT
+Summary: Block container starts with local volumes defined
+Requires: %{name} = %{version}-%{release}
+
+%description novolume-plugin
+When a volume in provisioned via the `VOLUME` instruction in a Dockerfile or
+via `docker run -v volumename`, host's storage space is used. This could lead to
+an unexpected out of space issue which could bring down everything.
+There are situations where this is not an accepted behavior. PAAS, for
+instance, can't allow their users to run their own images without the risk of
+filling the entire storage space on a server. One solution to this is to deny users
+from running images with volumes. This way the only storage a user gets can be limited
+and PAAS can assign quota to it.
+
+This plugin solves this issue by disallowing starting a container with
+local volumes defined. In particular, the plugin will block `docker run` with:
+
+- `--volumes-from`
+- images that have `VOLUME`(s) defined
+- volumes early provisioned with `docker volume` command
+
+The only thing allowed will be just bind mounts.
+
+%package rhel-push-plugin
+License: GPLv2
+Summary: Avoids pushing a RHEL-based image to docker.io registry
+
+%description rhel-push-plugin
+In order to use this plugin you must be running at least Docker 1.10 which
+has support for authorization plugins.
+
+This plugin avoids any RHEL based image to be pushed to the default docker.io
+registry preventing users to violate the RH subscription agreement.
+
+%package lvm-plugin
+License: LGPLv3
+Summary: Docker volume driver for lvm volumes
+Requires: %{name} = %{version}-%{release}
+
+%description lvm-plugin
+Docker Volume Driver for lvm volumes.
+
+This plugin can be used to create lvm volumes of specified size, which can
+then be bind mounted into the container using `docker run` command.
+
+%package v1.10-migrator
+License: ASL 2.0 and CC-BY-SA
+Summary: Calculates SHA256 checksums for docker layer content
+
+%description v1.10-migrator
+Starting from v1.10 docker uses content addressable IDs for the images and
+layers instead of using generated ones. This tool calculates SHA256 checksums
+for docker layer content, so that they don't need to be recalculated when the
+daemon starts for the first time.
+
+The migration usually runs on daemon startup but it can be quite slow(usually
+100-200MB/s) and daemon will not be able to accept requests during
+that time. You can run this tool instead while the old daemon is still
+running and skip checksum calculation on startup.
+
+%package -n oci-register-machine
+License: ASL 2.0
+Summary: Golang binary to register OCI containers with systemd-machined
+
+%description -n oci-register-machine
+%{summary}
+
+%package -n oci-systemd-hook
+License: GPLv3+
+Summary: OCI systemd hook for docker
+BuildRequires: autoconf
+BuildRequires: automake
+BuildRequires: pkgconfig(yajl)
+BuildRequires: pkgconfig(libselinux)
+BuildRequires: pkgconfig(mount)
+BuildRequires: go-md2man
+
+%description -n oci-systemd-hook
+OCI systemd hooks enable running systemd in an OCI runc/docker container.
+
%prep
-%setup -qn %{name}-%{commit0}
-cp %{SOURCE6} .
+%autosetup -Sgit -n %{name}-%{commit0}
# unpack %%{name}-selinux
-tar zxf %{SOURCE12}
+tar zxf %{SOURCE1}
# untar d-s-s
-tar zxf %{SOURCE13}
+tar zxf %{SOURCE2}
# untar forward-journald
-tar zxf %{SOURCE14}
+tar zxf %{SOURCE3}
+
+# untar novolume-plugin
+tar zxf %{SOURCE4}
+
+# untar rhel-push-plugin
+tar zxf %{SOURCE5}
+
+# untar lvm-plugin
+tar zxf %{SOURCE6}
+pushd %{repo}-lvm-plugin-%{commit6}/vendor
+mkdir src
+mv g* src/
+popd
-cp %{SOURCE16} .
+# untar v1.10-migrator
+tar zxf %{SOURCE7}
+
+# systemd file
+cp %{SOURCE8} .
+
+# sysconfig file
+cp %{SOURCE9} .
+
+# storage sysconfig file
+cp %{SOURCE10} .
+
+# network sysconfig file
+cp %{SOURCE11} .
+
+# logrotate script
+cp %{SOURCE12} .
+
+# logrotate README
+cp %{SOURCE13} .
+
+# common exec script
+cp %{SOURCE14} .
+
+# common exec README
+cp %{SOURCE15} .
+
+# untar oci-register-machine
+tar zxf %{SOURCE16}
+
+# untar oci-systemd-hook
+tar zxf %{SOURCE17}
%build
mkdir _build
@@ -200,12 +367,27 @@ mkdir _build
pushd _build
mkdir -p src/%{provider}.%{provider_tld}/{%{name},projectatomic}
ln -s $(dirs +1 -l) src/%{import_path}
- ln -s $(dirs +1 -l)/forward-journald-%{commit6} src/%{provider}.%{provider_tld}/projectatomic/forward-journald
+ ln -s $(dirs +1 -l)/forward-journald-%{commit3} src/%{provider}.%{provider_tld}/projectatomic/forward-journald
+ ln -s $(dirs +1 -l)/%{repo}-novolume-plugin-%{commit4} src/%{provider}.%{provider_tld}/projectatomic/%{repo}-novolume-plugin
+ ln -s $(dirs +1 -l)/rhel-push-plugin-%{commit5} src/%{provider}.%{provider_tld}/projectatomic/rhel-push-plugin
+ ln -s $(dirs +1 -l)/%{repo}-lvm-plugin-%{commit6} src/%{provider}.%{provider_tld}/projectatomic/%{repo}-lvm-plugin
+ ln -s $(dirs +1 -l)/oci-register-machine-%{commit16} src/%{provider}.%{provider_tld}/projectatomic/oci-register-machine
+ ln -s $(dirs +1 -l)/oci-systemd-hook-%{commit17} src/%{provider}.%{provider_tld}/projectatomic/oci-systemd-hook
popd
export DOCKER_GITCOMMIT="%{shortcommit0}/%{version}"
-export DOCKER_BUILDTAGS='selinux'
-export GOPATH=$(pwd)/_build:$(pwd)/vendor:%{gopath}:$(pwd)/forward-journald-%{commit6}/vendor
+export DOCKER_BUILDTAGS='selinux seccomp'
+export GOPATH=$(pwd)/_build:$(pwd)/vendor:%{gopath}
+export GOPATH=$GOPATH:$(pwd)/_build:$(pwd)/forward-journald-%{commit3}/vendor
+export GOPATH=$GOPATH:$(pwd)/%{repo}-novolume-plugin-%{commit4}/Godeps/_workspace
+export GOPATH=$GOPATH:$(pwd)/rhel-push-plugin-%{commit5}/Godeps/_workspace
+export GOPATH=$GOPATH:$(pwd)/%{repo}-lvm-plugin-%{commit6}/vendor
+
+# build %%{name} manpages
+man/md2man-all.sh
+go-md2man -in %{repo}-novolume-plugin-%{commit4}/man/%{repo}-novolume-plugin.8.md -out %{repo}-novolume-plugin.8
+go-md2man -in rhel-push-plugin-%{commit5}/man/rhel-push-plugin.8.md -out rhel-push-plugin.8
+go-md2man -in %{repo}-lvm-plugin-%{commit6}/man/%{repo}-lvm-plugin.8.md -out %{repo}-lvm-plugin.8
# build %%{name} binary
sed -i '/LDFLAGS_STATIC/d' hack/make/.dockerinit
@@ -214,16 +396,37 @@ cp contrib/syntax/vim/LICENSE LICENSE-vim-syntax
cp contrib/syntax/vim/README.md README-vim-syntax.md
# build %%{name}-selinux
-pushd %{name}-selinux-%{commit2}
+pushd %{name}-selinux-%{commit1}
make SHARE="%{_datadir}" TARGETS="%{modulenames}"
popd
pushd $(pwd)/_build/src
-go build %{provider}.%{provider_tld}/projectatomic/forward-journald
+go build -ldflags "-B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n')" %{provider}.%{provider_tld}/projectatomic/forward-journald
+go build -ldflags "-B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n')" %{provider}.%{provider_tld}/projectatomic/%{repo}-novolume-plugin
+go build -ldflags "-B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n')" %{provider}.%{provider_tld}/projectatomic/rhel-push-plugin
+go build -ldflags "-B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n')" %{provider}.%{provider_tld}/projectatomic/%{repo}-lvm-plugin
popd
-# build %%{name} manpages
-man/md2man-all.sh
+# build v1.10-migrator
+pushd v1.10-migrator-%{commit7}
+export GOPATH=$GOPATH:$(pwd)/Godeps/_workspace
+sed -i 's/godep //g' Makefile
+make v1.10-migrator-local
+popd
+
+# build oci-register-machine
+pushd oci-register-machine-%{commit16}
+export GOPATH=$GOPATH:$(pwd)/Godeps/_workspace
+make %{?_smp_mflags}
+popd
+
+# build oci-systemd-hook
+pushd oci-systemd-hook-%{commit17}
+aclocal
+autoreconf -i
+%configure --libexecdir=%{_libexecdir}/oci/hooks.d/
+make %{?_smp_mflags}
+popd
%install
# install binary
@@ -258,7 +461,7 @@ install -p -m 644 contrib/completion/fish/%{name}.fish %{buildroot}%{_datadir}/f
# install container logrotate cron script
install -dp %{buildroot}%{_sysconfdir}/cron.daily/
-install -p -m 755 %{SOURCE5} %{buildroot}%{_sysconfdir}/cron.daily/%{name}-logrotate
+install -p -m 755 %{SOURCE12} %{buildroot}%{_sysconfdir}/cron.daily/%{name}-logrotate
# install vim syntax highlighting
install -d %{buildroot}%{_datadir}/vim/vimfiles/{doc,ftdetect,syntax}
@@ -279,23 +482,23 @@ install -d -m 700 %{buildroot}%{_sharedstatedir}/%{name}
# install systemd/init scripts
install -d %{buildroot}%{_unitdir}
-install -p -m 644 %{SOURCE1} %{buildroot}%{_unitdir}
+install -p -m 644 %{SOURCE8} %{buildroot}%{_unitdir}
# for additional args
install -d %{buildroot}%{_sysconfdir}/sysconfig/
-install -p -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sysconfig/%{name}
-install -p -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/%{name}-storage
-install -p -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/sysconfig/%{name}-network
+install -p -m 644 %{SOURCE9} %{buildroot}%{_sysconfdir}/sysconfig/%{name}
+install -p -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}/sysconfig/%{name}-storage
+install -p -m 644 %{SOURCE11} %{buildroot}%{_sysconfdir}/sysconfig/%{name}-network
# install SELinux interfaces
%_format INTERFACES $x.if
install -d %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}
-install -p -m 644 %{name}-selinux-%{commit2}/$INTERFACES %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}
+install -p -m 644 %{name}-selinux-%{commit1}/$INTERFACES %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}
# install policy modules
%_format MODULES $x.pp.bz2
install -d %{buildroot}%{_datadir}/selinux/packages
-install -m 0644 %{name}-selinux-%{commit2}/$MODULES %{buildroot}%{_datadir}/selinux/packages
+install -m 0644 %{name}-selinux-%{commit1}/$MODULES %{buildroot}%{_datadir}/selinux/packages
%if 0%{?with_unit_test}
install -d -m 0755 %{buildroot}%{_sharedstatedir}/%{name}-unit-test/
@@ -308,25 +511,24 @@ rm -rf %{buildroot}%{_sharedstatedir}/%{name}-unit-test/contrib/init/openrc/%{na
%endif
# remove %%{name}-selinux rpm spec file
-rm -rf %{name}-selinux-%{commit2}/%{name}-selinux.spec
+rm -rf %{name}-selinux-%{commit1}/%{name}-selinux.spec
-# don't install secrets dir
-# install -d -p -m 750 %{buildroot}/%{_datadir}/rhel/secrets
+# install secrets dir
+install -d -p -m 750 %{buildroot}/%{_datadir}/rhel/secrets
# rhbz#1110876 - update symlinks for subscription management
-#ln -s %{_sysconfdir}/pki/entitlement %{buildroot}%{_datadir}/rhel/secrets/etc-pki-entitlement
-#ln -s %{_sysconfdir}/rhsm %{buildroot}%{_datadir}/rhel/secrets/rhsm
-#ln -s %{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/rhel/secrets/rhel7.repo
+ln -s %{_sysconfdir}/pki/entitlement %{buildroot}%{_datadir}/rhel/secrets/etc-pki-entitlement
+ln -s %{_sysconfdir}/rhsm %{buildroot}%{_datadir}/rhel/secrets/rhsm
+ln -s %{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/rhel/secrets/rhel7.repo
-#mkdir -p %{buildroot}/etc/%{name}/certs.d/redhat.{com,io}
-#ln -s %{_sysconfdir}/rhsm/ca/redhat-uep.pem %{buildroot}/%{_sysconfdir}/%{name}/certs.d/redhat.com/redhat-ca.crt
-#ln -s %{_sysconfdir}/rhsm/ca/redhat-uep.pem %{buildroot}/%{_sysconfdir}/%{name}/certs.d/redhat.io/redhat-ca.crt
-mkdir -p %{buildroot}/etc/%{name}/certs.d
+mkdir -p %{buildroot}/etc/%{name}/certs.d/redhat.{com,io}
+ln -s %{_sysconfdir}/rhsm/ca/redhat-uep.pem %{buildroot}/%{_sysconfdir}/%{name}/certs.d/redhat.com/redhat-ca.crt
+ln -s %{_sysconfdir}/rhsm/ca/redhat-uep.pem %{buildroot}/%{_sysconfdir}/%{name}/certs.d/redhat.io/redhat-ca.crt
# install %%{name} config directory
install -dp %{buildroot}%{_sysconfdir}/%{name}/
# install %%{name}-storage-setup
-pushd %{name}-storage-setup-%{commit1}
+pushd %{name}-storage-setup-%{commit2}
install -d %{buildroot}%{_bindir}
install -p -m 755 %{name}-storage-setup.sh %{buildroot}%{_bindir}/%{name}-storage-setup
install -d %{buildroot}%{_unitdir}
@@ -346,13 +548,54 @@ install -p -m 700 _build/src/forward-journald %{buildroot}%{_bindir}
# install %%{_bindir}/%{name}
install -d %{buildroot}%{_bindir}
-install -p -m 755 %{SOURCE15} %{buildroot}%{_bindir}/%{name}
+install -p -m 755 %{SOURCE14} %{buildroot}%{_bindir}/%{name}
+
+# install novolume-plugin executable, unitfile, socket and man
+install -d %{buildroot}/%{_libexecdir}/%{repo}
+install -p -m 755 _build/src/%{repo}-novolume-plugin %{buildroot}/%{_libexecdir}/%{repo}/%{repo}-novolume-plugin
+install -p -m 644 %{repo}-novolume-plugin-%{commit4}/systemd/%{repo}-novolume-plugin.s* %{buildroot}%{_unitdir}
+install -d %{buildroot}%{_mandir}/man8
+install -p -m 644 %{repo}-novolume-plugin.8 %{buildroot}%{_mandir}/man8
+
+# install rhel-push-plugin executable, unitfile, socket and man
+install -d %{buildroot}%{_libexecdir}/%{repo}
+install -p -m 755 _build/src/rhel-push-plugin %{buildroot}%{_libexecdir}/%{repo}/rhel-push-plugin
+install -p -m 644 rhel-push-plugin-%{commit5}/systemd/rhel-push-plugin.service %{buildroot}%{_unitdir}/rhel-push-plugin.service
+install -p -m 644 rhel-push-plugin-%{commit5}/systemd/rhel-push-plugin.socket %{buildroot}%{_unitdir}/rhel-push-plugin.socket
+install -d %{buildroot}%{_mandir}/man8
+install -p -m 644 rhel-push-plugin.8 %{buildroot}%{_mandir}/man8
+
+# install %%{repo}-lvm-plugin executable, unitfile, socket and man
+install -d %{buildroot}/%{_libexecdir}/%{repo}
+install -p -m 755 _build/src/%{repo}-lvm-plugin %{buildroot}/%{_libexecdir}/%{repo}/%{repo}-lvm-plugin
+install -p -m 644 %{repo}-lvm-plugin-%{commit6}/systemd/%{repo}-lvm-plugin.s* %{buildroot}%{_unitdir}
+install -d %{buildroot}%{_mandir}/man8
+install -p -m 644 %{repo}-lvm-plugin.8 %{buildroot}%{_mandir}/man8
+mkdir -p %{buildroot}%{_sysconfdir}/%{repo}
+install -p -m 644 %{repo}-lvm-plugin-%{commit6}%{_sysconfdir}/%{repo}/%{repo}-lvm-plugin %{buildroot}%{_sysconfdir}/%{repo}/%{repo}-lvm-plugin
+
+# install v1.10-migrator
+install -d %{buildroot}%{_bindir}
+install -p -m 700 v1.10-migrator-%{commit7}/v1.10-migrator-local %{buildroot}%{_bindir}
+
+# install v1.10-migrator-helper
+install -p -m 700 %{SOURCE18} %{buildroot}%{_bindir}
+
+# install oci-register-machine
+pushd oci-register-machine-%{commit16}
+install -d -p %{buildroot}%{_bindir}
+make DESTDIR=%{buildroot} install
+popd
+
+# install oci-systemd-hook
+pushd oci-systemd-hook-%{commit17}
+%make_install
%check
[ ! -w /run/%{name}.sock ] || {
mkdir test_dir
pushd test_dir
- git clone https://github.com/projectatomic/docker.git -b rhel7-1.9
+ git clone https://github.com/projectatomic/docker.git -b %{docker_branch}
pushd %{name}
make test
popd
@@ -401,15 +644,15 @@ fi
%doc AUTHORS CHANGELOG.md CONTRIBUTING.md MAINTAINERS NOTICE README*.md
%config(noreplace) %{_sysconfdir}/sysconfig/%{name}-*
%dir %{_sysconfdir}/%{name}
-%{_sysconfdir}/%{name}/*
+%{_sysconfdir}/%{name}/certs.d
%{_mandir}/man1/%{name}*.1.gz
%{_mandir}/man5/*.5.gz
-%{_mandir}/man8/*.8.gz
+%{_mandir}/man8/%{name}-daemon.8.gz
%{_bindir}/%{name}-*
-#%dir %{_datadir}/rhel
-#%{_datadir}/rhel/*
-%{_libexecdir}/%{name}
-%{_unitdir}/%{name}*
+%dir %{_datadir}/rhel
+%{_datadir}/rhel/*
+%{_unitdir}/%{name}.service
+%{_unitdir}/%{name}-storage-setup.service
%{_datadir}/bash-completion/completions/%{name}
%dir %{_sharedstatedir}/%{name}
%{_udevrulesdir}/80-%{name}.rules
@@ -436,12 +679,12 @@ fi
%{_sysconfdir}/cron.daily/%{name}-logrotate
%files selinux
-%doc %{name}-selinux-%{commit2}/README.md
+%doc %{name}-selinux-%{commit1}/README.md
%{_datadir}/selinux/*
%files forward-journald
-%license forward-journald-%{commit6}/LICENSE
-%doc forward-journald-%{commit6}/README.md
+%license forward-journald-%{commit3}/LICENSE
+%doc forward-journald-%{commit3}/README.md
%{_bindir}/forward-journald
%files common
@@ -449,9 +692,155 @@ fi
%{_bindir}/%{name}
%config(noreplace) %{_sysconfdir}/sysconfig/%{name}
+%files novolume-plugin
+%license %{repo}-novolume-plugin-%{commit4}/LICENSE
+%doc %{repo}-novolume-plugin-%{commit4}/README.md
+%{_mandir}/man8/%{repo}-novolume-plugin.8.gz
+%{_libexecdir}/%{repo}/%{repo}-novolume-plugin
+%{_unitdir}/%{repo}-novolume-plugin.*
+
+%files rhel-push-plugin
+%license rhel-push-plugin-%{commit5}/LICENSE
+%doc rhel-push-plugin-%{commit5}/README.md
+%{_mandir}/man8/rhel-push-plugin.8.gz
+%{_libexecdir}/%{repo}/rhel-push-plugin
+%{_unitdir}/rhel-push-plugin.*
+
+%files lvm-plugin
+%license %{repo}-lvm-plugin-%{commit6}/LICENSE
+%doc %{repo}-lvm-plugin-%{commit6}/README.md
+%config(noreplace) %{_sysconfdir}/%{repo}/%{repo}-lvm-plugin
+%{_mandir}/man8/%{repo}-lvm-plugin.8.gz
+%{_libexecdir}/%{repo}/%{repo}-lvm-plugin
+%{_unitdir}/%{repo}-lvm-plugin.*
+
+%files v1.10-migrator
+%license v1.10-migrator-%{commit7}/LICENSE.{code,docs}
+%doc v1.10-migrator-%{commit7}/{CONTRIBUTING,README}.md
+%{_bindir}/v1.10-migrator-*
+
+%files -n oci-register-machine
+%license oci-register-machine-%{commit16}/LICENSE
+%doc oci-register-machine-%{commit16}/oci-register-machine.1.md
+%doc oci-register-machine-%{commit16}/README.md
+%dir %{_libexecdir}/oci
+%dir %{_libexecdir}/oci/hooks.d
+%{_libexecdir}/oci/hooks.d/oci-register-machine
+%{_mandir}/man1/oci-register-machine.1*
+
+%files -n oci-systemd-hook
+%license oci-systemd-hook-%{commit17}/LICENSE
+%doc oci-systemd-hook-%{commit17}/README.md
+%{_libexecdir}/oci/hooks.d/oci-systemd-hook
+%{_mandir}/man1/oci-systemd-hook.1*
+%dir %{_libexecdir}/oci
+%dir %{_libexecdir}/oci/hooks.d
+
%changelog
-* Mon May 16 2016 Johnny Hughes - 1.9.1-40
-- Manual CentOS debreanding
+* Fri Jun 17 2016 Lokesh Mandvekar - 1.10.3-44
+- Resolves: #1311544 (bz added, no other change since -43)
+
+* Fri Jun 17 2016 Lokesh Mandvekar - 1.10.3-43
+- add MountFlags=slave to unitfile
+
+* Mon Jun 13 2016 Lokesh Mandvekar - 1.10.3-42
+- Resolves: #1344448
+- built rhel-push-plugin commit 1a0046f
+
+* Mon Jun 13 2016 Lokesh Mandvekar - 1.10.3-41
+- Resolves: #1341171 - docker should require oci-register-machine and oci-systemd-hook
+- Resolves: #1342274 - docker doesn't own /etc/docker/docker-lvm-plugin
+
+* Thu Jun 09 2016 Lokesh Mandvekar - 1.10.3-40
+- bump release tag to make it consistent with docker-latest
+
+* Thu Jun 09 2016 Lokesh Mandvekar - 1.10.3-39
+- bump release tag to make it consistent with docker-latest
+
+* Thu Jun 09 2016 Lokesh Mandvekar - 1.10.3-38
+- built docker projectatomic/rhel7-1.10.3 commit a46c31a
+- fixes a panic
+
+* Wed Jun 08 2016 Lokesh Mandvekar - 1.10.3-37
+- migrator doesn't require docker at runtime either
+- From: Jonathan Lebon
+
+* Wed Jun 08 2016 Lokesh Mandvekar - 1.10.3-36
+- Do not run migrator script via %%triggerin
+- If the docker daemon is already running prior, the new daemon will be
+restarted which will handle migration
+- Remove migrator subpackage from docker runtime deps
+- From: Jonathan Lebon
+
+* Wed Jun 08 2016 Lokesh Mandvekar - 1.10.3-35
+- Resolves: #1338894, #1324150, #1343702, #1339146, #1304808, #1286787,
+#1323819, #1283891, #1339164, #1328917, #1317096,
+#1318690, #1309900, #1245325
+- same as previous build, bugs referenced
+
+* Tue Jun 07 2016 Lokesh Mandvekar - 1.10.3-34
+- Patch0 in previous build has been merged in projectatomic/docker rhel7-1.10.3 branch
+- built docker projectatomic/rhel7-1.10.3 commit 6baafd8
+- define docker_branch macro to be used in %%check
+
+* Tue Jun 07 2016 Lokesh Mandvekar - 1.10.3-33
+- Patch0 used in previous build updated
+
+* Mon Jun 06 2016 Lokesh Mandvekar - 1.10.3-32
+- Resolves: #1341906 - use RWMutex to acces container store
+
+* Thu Jun 02 2016 Lokesh Mandvekar - 1.10.3-31
+- Resolves: #1342274 - update file listings to avoid file ownerships by
+multiple subpackages
+- update docker.sysconfig to include --log-driver=journald in OPTIONS
+
+* Thu Jun 02 2016 Lokesh Mandvekar - 1.10.3-30
+- Resolves: #1342149 - v1.10-migrator shipped separately in both docker and
+docker-latest
+- The v1.10-migrator subpackage in docker-latest has executables prepended
+with 'docker-latest-', while there's no change in the ones shipped with
+docker (RE: #1342149)
+
+* Thu Jun 02 2016 Lokesh Mandvekar - 1.10.3-29
+- Resolves: #1342149 - docker-v1.10-migrator obsoletes
+docker-latest-v1.10-migrator
+
+* Wed Jun 01 2016 Lokesh Mandvekar - 1.10.3-28
+- Resolves: #1341789 - update unitfile to use systemd for cgroups
+
+* Wed Jun 01 2016 Lokesh Mandvekar - 1.10.3-27
+- Resolves: #1341328 - include v1.10-migrator-helper script in the migrator
+subpackage
+- Resolves: #1335635 - solve log spam issues
+- built docker projectatomic/rhel7-1.10.3 commit 4779225
+- built dss commit 194eca2
+
+* Sat May 14 2016 Lokesh Mandvekar - 1.10.3-26
+- Resolves: #1341171 - add oci-register-machine and oci-systemd-hook subpackages
+- built oci-register-machine commit 7d4ce65
+- built oci-systemd-hook commit 41491a3
+
+* Sat May 14 2016 Lokesh Mandvekar - 1.10.3-25
+- docker requires docker-rhel-push-plugin
+
+* Sat May 14 2016 Lokesh Mandvekar - 1.10.3-24
+- docker unitfile updates to include rhel-push-plugin
+
+* Tue May 03 2016 Lokesh Mandvekar - 1.10.3-23
+- bump release tag to obsolete packages in docker-latest
+
+* Tue May 03 2016 Lokesh Mandvekar - 1.10.3-1
+- Resolves: #1335597 - rebase to v1.10.3 + rh patches
+- add subpackages for novolume-plugin, lvm-plugin, rhel-push-plugin, v1.10-migrator
+- BR: libseccomp-devel
+- built docker @projectatomic/rhel7-1.10.3 commit 86bbf84
+- built docker-selinux @origin/rhel7-1.10 commit 032bcda
+- built d-s-s commit df2af94
+- built forward-journald commit 77e02a9
+- built novolume-plugin commit 7715854
+- built rhel-push-plugin commit 904c0ca
+- built lvm-plugin commit 3253f53
+- built v1.10-migrator commit c417a6a
* Tue May 03 2016 Lokesh Mandvekar - 1.9.1-40
- Resolves: #1332592 - requires docker-common = version-release