Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package docker for openSUSE:Factory checked in at 2022-12-08 16:49:57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/docker (Old) and /work/SRC/openSUSE:Factory/.docker.new.1835 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "docker" Thu Dec 8 16:49:57 2022 rev:126 rq:1040675 version:20.10.21_ce Changes: -------- --- /work/SRC/openSUSE:Factory/docker/docker.changes 2022-10-25 11:18:28.473932799 +0200 +++ /work/SRC/openSUSE:Factory/.docker.new.1835/docker.changes 2022-12-08 16:50:04.923144264 +0100 @@ -1,0 +2,18 @@ +Tue Dec 6 11:49:32 UTC 2022 - Aleksa Sarai <asa...@suse.com> + +- Update to Docker 20.10.21-ce. See upstream changelog online at + <https://docs.docker.com/engine/release-notes/#201021>. bsc#1206065 +- Rebase patches: + * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch + * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch + * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch + * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch + * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch + * 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch + * 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch +- The PRIVATE-REGISTRY patch will now output a warning if it is being used (in + preparation for removing the feature). This feature was never meant to be + used by users directly (and is only available in the -kubic/CaaSP version of + the package anyway) and thus should not affect any users. + +------------------------------------------------------------------- Old: ---- docker-20.10.17_ce_a89b84221c85.tar.xz docker-cli-20.10.17_ce.tar.xz docker-libnetwork-f6ccccb1c082a432c2a5814aaedaca56af33d9ea.tar.xz New: ---- docker-20.10.21_ce_3056208812eb.tar.xz docker-cli-20.10.21_ce.tar.xz docker-libnetwork-0dde5c895075df6e3630e76f750a447cf63f4789.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ docker.spec ++++++ --- /var/tmp/diff_new_pack.Vwuf4n/_old 2022-12-08 16:50:05.879149155 +0100 +++ /var/tmp/diff_new_pack.Vwuf4n/_new 2022-12-08 16:50:05.883149175 +0100 @@ -42,24 +42,25 @@ # helpfully injects into our build environment from the changelog). If you want # to generate a new git_commit_epoch, use this: # $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s' -%define git_version a89b84221c85 -%define git_commit_epoch 1654554758 +%define real_version 20.10.21 +%define git_version 3056208812eb +%define git_commit_epoch 1666698255 # We require a specific pin of libnetwork because it doesn't really do # versioning and minor version mismatches in libnetwork can break Docker # networking. All other key runtime dependencies (containerd, runc) are stable # enough that this isn't necessary. -%define libnetwork_version f6ccccb1c082a432c2a5814aaedaca56af33d9ea +%define libnetwork_version 0dde5c895075df6e3630e76f750a447cf63f4789 %define dist_builddir %{_builddir}/dist-suse %define cli_builddir %{dist_builddir}/src/github.com/docker/cli %define proxy_builddir %{dist_builddir}/src/github.com/docker/libnetwork Name: %{realname}%{name_suffix} -Version: 20.10.17_ce +Version: %{real_version}_ce # This "nice version" is so that docker --version gives a result that can be # parsed by other people. boo#1182476 -%define nice_version 20.10.17-ce +%define nice_version %{real_version}-ce Release: 0 Summary: The Moby-project Linux container runtime License: Apache-2.0 @@ -117,8 +118,8 @@ BuildRequires: pkgconfig(libsystemd) BuildRequires: sysuser-tools # Due to a limitation in openSUSE's Go packaging we cannot have a BuildRequires -# for 'golang(API) >= 1.17' here, so just require 1.17 exactly. bsc#1172608 -BuildRequires: go1.17 +# for 'golang(API) >= 1.18' here, so just require 1.18 exactly. bsc#1172608 +BuildRequires: go1.18 Requires: (apparmor-parser or container-selinux) Requires: ca-certificates-mozilla # The docker-proxy binary used to be in a separate package. We obsolete it, @@ -128,7 +129,7 @@ # Required to actually run containers. We require the minimum version that is # pinned by Docker, but in order to avoid headaches we allow for updates. Requires: runc >= 1.1.2 -Requires: containerd >= 1.6.6 +Requires: containerd >= 1.6.9 # Needed for --init support. We don't use "tini", we use our own implementation # which handles edge-cases better. Requires: catatonit ++++++ 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch ++++++ --- /var/tmp/diff_new_pack.Vwuf4n/_old 2022-12-08 16:50:05.911149319 +0100 +++ /var/tmp/diff_new_pack.Vwuf4n/_new 2022-12-08 16:50:05.911149319 +0100 @@ -1,7 +1,7 @@ -From 37dfb97c0016300dd6453fc718805ccdf341bfd6 Mon Sep 17 00:00:00 2001 +From 823bedd07fac6778a3d94b6f949ac16e6bd12638 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai <asa...@suse.de> Date: Wed, 8 Mar 2017 12:41:54 +1100 -Subject: [PATCH 1/6] SECRETS: daemon: allow directory creation in /run/secrets +Subject: [PATCH 1/7] SECRETS: daemon: allow directory creation in /run/secrets Since FileMode can have the directory bit set, allow a SecretStore implementation to return secrets that are actually directories. This is @@ -70,6 +70,6 @@ return errors.Wrap(err, "error setting ownership for secret") } -- -2.36.1 +2.38.1 ++++++ 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch ++++++ --- /var/tmp/diff_new_pack.Vwuf4n/_old 2022-12-08 16:50:05.923149380 +0100 +++ /var/tmp/diff_new_pack.Vwuf4n/_new 2022-12-08 16:50:05.927149401 +0100 @@ -1,7 +1,7 @@ -From 11ac23e5620ee53c9527334d2222b32ca5098876 Mon Sep 17 00:00:00 2001 +From fa24396cbecbb6cdc7c734559389486849c2268c Mon Sep 17 00:00:00 2001 From: Aleksa Sarai <asa...@suse.de> Date: Wed, 8 Mar 2017 11:43:29 +1100 -Subject: [PATCH 2/6] SECRETS: SUSE: implement SUSE container secrets +Subject: [PATCH 2/7] SECRETS: SUSE: implement SUSE container secrets This allows for us to pass in host credentials to a container, allowing for SUSEConnect to work with containers. @@ -451,6 +451,6 @@ + return nil +} -- -2.36.1 +2.38.1 ++++++ 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch ++++++ --- /var/tmp/diff_new_pack.Vwuf4n/_old 2022-12-08 16:50:05.939149462 +0100 +++ /var/tmp/diff_new_pack.Vwuf4n/_new 2022-12-08 16:50:05.939149462 +0100 @@ -1,7 +1,7 @@ -From cf3c6ccefda39c60dc656404674628ac48b55de9 Mon Sep 17 00:00:00 2001 +From 0fe6aba9612d2b483b29192c0605b1311b77a92b Mon Sep 17 00:00:00 2001 From: Valentin Rothberg <vrothb...@suse.com> Date: Mon, 2 Jul 2018 13:37:34 +0200 -Subject: [PATCH 3/6] PRIVATE-REGISTRY: add private-registry mirror support +Subject: [PATCH 3/7] PRIVATE-REGISTRY: add private-registry mirror support NOTE: This is a backport/downstream patch of the upstream pull-request for Moby, which is still subject to changes. Please visit @@ -72,12 +72,12 @@ distribution/pull.go | 2 +- distribution/pull_v2.go | 2 +- distribution/push.go | 2 +- - registry/config.go | 126 ++++++++++++++++++++++++++++- + registry/config.go | 133 +++++++++++++++++++++++++++++- registry/config_test.go | 142 ++++++++++++++++++++++++++++++++ registry/registry_test.go | 99 ++++++++++++++++++++--- registry/service.go | 43 +++++++--- - registry/service_v2.go | 64 +++++++++++---- - 12 files changed, 710 insertions(+), 46 deletions(-) + registry/service_v2.go | 63 +++++++++++---- + 12 files changed, 716 insertions(+), 46 deletions(-) diff --git a/api/types/registry/registry.go b/api/types/registry/registry.go index 53e47084c8d5..b4bb9ef805d3 100644 @@ -444,10 +444,10 @@ return err } diff --git a/distribution/pull_v2.go b/distribution/pull_v2.go -index 123abf6b497a..097ead45d0fd 100644 +index 5abd18b6cf7c..0796e7ea1d52 100644 --- a/distribution/pull_v2.go +++ b/distribution/pull_v2.go -@@ -432,7 +432,7 @@ func (p *v2Puller) pullV2Tag(ctx context.Context, ref reference.Named, platform +@@ -433,7 +433,7 @@ func (p *v2Puller) pullV2Tag(ctx context.Context, ref reference.Named, platform // the other side speaks the v2 protocol. p.confirmedV2 = true @@ -470,7 +470,7 @@ return err } diff --git a/registry/config.go b/registry/config.go -index 54b83fa40aab..e1ba24b83bdd 100644 +index 54b83fa40aab..5adc913e4344 100644 --- a/registry/config.go +++ b/registry/config.go @@ -14,11 +14,12 @@ import ( @@ -512,7 +512,7 @@ config := &serviceConfig{ ServiceConfig: registrytypes.ServiceConfig{ InsecureRegistryCIDRs: make([]*registrytypes.NetIPNet, 0), -@@ -78,10 +92,106 @@ func newServiceConfig(options ServiceOptions) (*serviceConfig, error) { +@@ -78,10 +92,113 @@ func newServiceConfig(options ServiceOptions) (*serviceConfig, error) { if err := config.LoadInsecureRegistries(options.InsecureRegistries); err != nil { return nil, err } @@ -531,6 +531,13 @@ +func (config *serviceConfig) checkRegistries() error { + inUse := make(map[string]string) // key: host, value: user + ++ if len(config.Registries) > 0 { ++ logrus.Errorf("[SUSE] You are currently using an unsupported and out-of-tree Docker feature intended for internal SUSE only.") ++ logrus.Errorf("[SUSE] If you see this warning (and you are not using CaaSP) please open a SUSE bug report to alert us of this.") ++ logrus.Errorf("[SUSE] This feature (registry mirrors) will be removed in a future Docker release on SUSE.") ++ logrus.Errorf("[SUSE] Please DO NOT submit an upstream bug report about this warning!") ++ } ++ + // make sure that each mirror serves only one registry + for _, reg := range config.Registries { + for _, mirror := range reg.Mirrors { @@ -619,7 +626,7 @@ // LoadAllowNondistributableArtifacts loads allow-nondistributable-artifacts registries into config. func (config *serviceConfig) LoadAllowNondistributableArtifacts(registries []string) error { cidrs := map[string]*registrytypes.NetIPNet{} -@@ -122,6 +232,10 @@ func (config *serviceConfig) LoadAllowNondistributableArtifacts(registries []str +@@ -122,6 +239,10 @@ func (config *serviceConfig) LoadAllowNondistributableArtifacts(registries []str // LoadMirrors loads mirrors to config, after removing duplicates. // Returns an error if mirrors contains an invalid mirror. func (config *serviceConfig) LoadMirrors(mirrors []string) error { @@ -630,7 +637,7 @@ mMap := map[string]struct{}{} unique := []string{} -@@ -151,6 +265,10 @@ func (config *serviceConfig) LoadMirrors(mirrors []string) error { +@@ -151,6 +272,10 @@ func (config *serviceConfig) LoadMirrors(mirrors []string) error { // LoadInsecureRegistries loads insecure registries to config func (config *serviceConfig) LoadInsecureRegistries(registries []string) error { @@ -1042,10 +1049,10 @@ for _, endpoint := range allEndpoints { if !endpoint.Mirror { diff --git a/registry/service_v2.go b/registry/service_v2.go -index 3e3a5b41ffbd..451a6f874bc1 100644 +index 154ac7c93e80..06f7d20de8f9 100644 --- a/registry/service_v2.go +++ b/registry/service_v2.go -@@ -1,39 +1,71 @@ +@@ -1,42 +1,73 @@ package registry // import "github.com/docker/docker/registry" import ( @@ -1060,17 +1067,7 @@ -func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndpoint, err error) { +func (s *DefaultService) lookupV2Endpoints(reference string) (endpoints []APIEndpoint, err error) { tlsConfig := tlsconfig.ServerDefault() -- if hostname == DefaultNamespace || hostname == IndexHostname { -- for _, mirror := range s.config.Mirrors { -- if !strings.HasPrefix(mirror, "http://";) && !strings.HasPrefix(mirror, "https://";) { -- mirror = "https://"; + mirror -- } -- mirrorURL, err := url.Parse(mirror) -- if err != nil { -- return nil, err -- } -- mirrorTLSConfig, err := s.tlsConfigForMirror(mirrorURL) -+ + + // extraxt the hostname from the reference + refURL := reference + if !strings.HasPrefix(refURL, "http://";) && !strings.HasPrefix(refURL, "https://";) { @@ -1085,6 +1082,18 @@ + return nil, fmt.Errorf("SUSE PATCH [lookupV2Endpoints]: cannot determine hostname of reference %s", reference) + } + + ana := allowNondistributableArtifacts(s.config, hostname) + +- if hostname == DefaultNamespace || hostname == IndexHostname { +- for _, mirror := range s.config.Mirrors { +- if !strings.HasPrefix(mirror, "http://";) && !strings.HasPrefix(mirror, "https://";) { +- mirror = "https://"; + mirror +- } +- mirrorURL, err := url.Parse(mirror) +- if err != nil { +- return nil, err +- } +- mirrorTLSConfig, err := s.tlsConfigForMirror(mirrorURL) + // create endpoints for official and configured registries + official := false + if hostname == "docker.io" { @@ -1131,8 +1140,8 @@ + Official: official, TrimHostname: true, TLSConfig: tlsConfig, - }) -@@ -45,7 +77,7 @@ func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp + +@@ -48,7 +79,7 @@ func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp tlsConfig, err = s.tlsConfig(hostname) if err != nil { @@ -1142,6 +1151,6 @@ endpoints = []APIEndpoint{ -- -2.36.1 +2.38.1 ++++++ 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch ++++++ --- /var/tmp/diff_new_pack.Vwuf4n/_old 2022-12-08 16:50:05.951149523 +0100 +++ /var/tmp/diff_new_pack.Vwuf4n/_new 2022-12-08 16:50:05.955149544 +0100 @@ -1,7 +1,7 @@ -From 5d2f7a37a37547663aae1538b2d3fd48dd7277c8 Mon Sep 17 00:00:00 2001 +From bc52d15141402d94eeaee618f1df0b540f527b98 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai <asa...@suse.de> Date: Fri, 29 Jun 2018 17:59:30 +1000 -Subject: [PATCH 4/6] bsc1073877: apparmor: clobber docker-default profile on +Subject: [PATCH 4/7] bsc1073877: apparmor: clobber docker-default profile on start In the process of making docker-default reloading far less expensive, @@ -69,10 +69,10 @@ return nil } diff --git a/daemon/daemon.go b/daemon/daemon.go -index 2a2fbbd52e19..0999ac3186b7 100644 +index f15a4b038498..2f0c23bc62c9 100644 --- a/daemon/daemon.go +++ b/daemon/daemon.go -@@ -855,8 +855,9 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S +@@ -857,8 +857,9 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S logrus.Warnf("Failed to configure golang's threads limit: %v", err) } @@ -85,6 +85,6 @@ } -- -2.36.1 +2.38.1 ++++++ 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch ++++++ --- /var/tmp/diff_new_pack.Vwuf4n/_old 2022-12-08 16:50:05.967149605 +0100 +++ /var/tmp/diff_new_pack.Vwuf4n/_new 2022-12-08 16:50:05.971149626 +0100 @@ -1,7 +1,7 @@ -From b54c6c7addcb163ddcef5e37fc7ed1c0afd0dbfa Mon Sep 17 00:00:00 2001 +From 57673ad5455b1b27e41716e33b67c9cd8099b580 Mon Sep 17 00:00:00 2001 From: Michal Rostecki <mroste...@opensuse.org> Date: Thu, 8 Apr 2021 14:42:02 +0100 -Subject: [PATCH 5/6] bsc1183855: btrfs: Do not disable quota on cleanup +Subject: [PATCH 5/7] bsc1183855: btrfs: Do not disable quota on cleanup Before this change, cleanup of the btrfs driver (occuring on each daemon shutdown) resulted in disabling quotas. It was done with an assumption @@ -140,6 +140,6 @@ } if err := subvolLimitQgroup(dir, size); err != nil { -- -2.36.1 +2.38.1 ++++++ 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch ++++++ --- /var/tmp/diff_new_pack.Vwuf4n/_old 2022-12-08 16:50:05.995149748 +0100 +++ /var/tmp/diff_new_pack.Vwuf4n/_new 2022-12-08 16:50:06.019149871 +0100 @@ -1,7 +1,7 @@ -From bb67252dfccb18dacc9e0c3463e7c52f32fb2900 Mon Sep 17 00:00:00 2001 +From dd265ac6cbe070f80a0c607ba147af35858ae5e9 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai <asa...@suse.de> Date: Fri, 29 Apr 2022 12:44:21 +1000 -Subject: [PATCH 6/6] bsc1193930: vendor: update golang.org/x/crypto +Subject: [PATCH 6/7] bsc1193930: vendor: update golang.org/x/crypto This is necessary to fix several security issues that Docker hasn't backported to their CE branch: @@ -354,10 +354,10 @@ create mode 100644 vendor/golang.org/x/crypto/xts/xts.go diff --git a/vendor.conf b/vendor.conf -index 54e97e4562d8..9ff95d499ef8 100644 +index a41471b57b71..2965c71c3709 100644 --- a/vendor.conf +++ b/vendor.conf -@@ -150,7 +150,7 @@ github.com/golang/protobuf 84668698ea25b64748563aa20726 +@@ -152,7 +152,7 @@ github.com/golang/protobuf 84668698ea25b64748563aa20726 github.com/cloudflare/cfssl 5d63dbd981b5c408effbb58c442d54761ff94fbd # 1.3.2 github.com/fernet/fernet-go 9eac43b88a5efb8651d24de9b68e87567e029736 github.com/google/certificate-transparency-go 37a384cd035e722ea46e55029093e26687138edf # v1.0.20 @@ -41068,6 +41068,6 @@ + } +} -- -2.36.1 +2.38.1 ++++++ 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch ++++++ --- /var/tmp/diff_new_pack.Vwuf4n/_old 2022-12-08 16:50:06.043149994 +0100 +++ /var/tmp/diff_new_pack.Vwuf4n/_new 2022-12-08 16:50:06.047150015 +0100 @@ -1,4 +1,4 @@ -From 078fbd36b8fecab42ac7faad973a16aed10ab28c Mon Sep 17 00:00:00 2001 +From 6451aa1559ce5a135f599682ab33721e116925bd Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn <git...@gone.nl> Date: Fri, 29 Jan 2021 14:55:08 +0100 Subject: [PATCH 7/7] bsc1200022: fifo.Close(): prevent possible panic if fifo @@ -52,6 +52,6 @@ case <-f.closed: f.handle.Close() -- -2.36.1 +2.38.1 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.Vwuf4n/_old 2022-12-08 16:50:06.107150322 +0100 +++ /var/tmp/diff_new_pack.Vwuf4n/_new 2022-12-08 16:50:06.119150383 +0100 @@ -3,16 +3,16 @@ <param name="url">https://github.com/moby/moby.git</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="versionformat">20.10.17_ce_%h</param> - <param name="revision">v20.10.17</param> + <param name="versionformat">20.10.21_ce_%h</param> + <param name="revision">v20.10.21</param> <param name="filename">docker</param> </service> <service name="tar_scm" mode="disabled"> <param name="url">https://github.com/docker/cli.git</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="versionformat">20.10.17_ce</param> - <param name="revision">v20.10.17</param> + <param name="versionformat">20.10.21_ce</param> + <param name="revision">v20.10.21</param> <param name="filename">docker-cli</param> </service> <service name="tar_scm" mode="disabled"> @@ -20,7 +20,7 @@ <param name="scm">git</param> <param name="exclude">.git</param> <param name="versionformat">%H</param> - <param name="revision">f6ccccb1c082a432c2a5814aaedaca56af33d9ea</param> + <param name="revision">0dde5c895075df6e3630e76f750a447cf63f4789</param> <param name="filename">docker-libnetwork</param> </service> <service name="recompress" mode="disabled"> ++++++ docker-20.10.17_ce_a89b84221c85.tar.xz -> docker-20.10.21_ce_3056208812eb.tar.xz ++++++ /work/SRC/openSUSE:Factory/docker/docker-20.10.17_ce_a89b84221c85.tar.xz /work/SRC/openSUSE:Factory/.docker.new.1835/docker-20.10.21_ce_3056208812eb.tar.xz differ: char 15, line 1 ++++++ docker-cli-20.10.17_ce.tar.xz -> docker-cli-20.10.21_ce.tar.xz ++++++ ++++ 4136 lines of diff (skipped) ++++++ docker-libnetwork-f6ccccb1c082a432c2a5814aaedaca56af33d9ea.tar.xz -> docker-libnetwork-0dde5c895075df6e3630e76f750a447cf63f4789.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/docker-libnetwork-f6ccccb1c082a432c2a5814aaedaca56af33d9ea/iptables/iptables.go new/docker-libnetwork-0dde5c895075df6e3630e76f750a447cf63f4789/iptables/iptables.go --- old/docker-libnetwork-f6ccccb1c082a432c2a5814aaedaca56af33d9ea/iptables/iptables.go 2022-06-01 20:45:24.000000000 +0200 +++ new/docker-libnetwork-0dde5c895075df6e3630e76f750a447cf63f4789/iptables/iptables.go 2022-07-16 09:26:57.000000000 +0200 @@ -11,6 +11,7 @@ "sync" "time" + "github.com/docker/docker/rootless" "github.com/sirupsen/logrus" ) @@ -102,6 +103,12 @@ } func initFirewalld() { + // When running with RootlessKit, firewalld is running as the root outside our network namespace + // https://github.com/moby/moby/issues/43781 + if rootless.RunningWithRootlessKit() { + logrus.Info("skipping firewalld management for rootless mode") + return + } if err := FirewalldInit(); err != nil { logrus.Debugf("Fail to initialize firewalld: %v, using raw iptables instead", err) } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/docker-libnetwork-f6ccccb1c082a432c2a5814aaedaca56af33d9ea/vendor/github.com/docker/docker/rootless/rootless.go new/docker-libnetwork-0dde5c895075df6e3630e76f750a447cf63f4789/vendor/github.com/docker/docker/rootless/rootless.go --- old/docker-libnetwork-f6ccccb1c082a432c2a5814aaedaca56af33d9ea/vendor/github.com/docker/docker/rootless/rootless.go 1970-01-01 01:00:00.000000000 +0100 +++ new/docker-libnetwork-0dde5c895075df6e3630e76f750a447cf63f4789/vendor/github.com/docker/docker/rootless/rootless.go 2022-07-16 09:26:57.000000000 +0200 @@ -0,0 +1,25 @@ +package rootless // import "github.com/docker/docker/rootless" + +import ( + "os" + "sync" +) + +const ( + // RootlessKitDockerProxyBinary is the binary name of rootlesskit-docker-proxy + RootlessKitDockerProxyBinary = "rootlesskit-docker-proxy" +) + +var ( + runningWithRootlessKit bool + runningWithRootlessKitOnce sync.Once +) + +// RunningWithRootlessKit returns true if running under RootlessKit namespaces. +func RunningWithRootlessKit() bool { + runningWithRootlessKitOnce.Do(func() { + u := os.Getenv("ROOTLESSKIT_STATE_DIR") + runningWithRootlessKit = u != "" + }) + return runningWithRootlessKit +}
