Bug#1012140: marked as done (bullseye-pu: package docker.io/20.10.5+dfsg1-1+deb11u2)

[Debian Bug Tracking System]

Your message dated Sat, 09 Jul 2022 11:47:43 +0100
with message-id 
<2280fe8c78e64b02a6c1d04c6dde5a32e342ba81.ca...@adam-barratt.org.uk>
and subject line Closing requests for updates included in 11.4
has caused the Debian Bug report #1012140,
regarding bullseye-pu: package docker.io/20.10.5+dfsg1-1+deb11u2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1012140: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012140
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian....@packages.debian.org
Usertags: pu

[ Reason ]
Docker uses containerd to manage containers but fails to setup the proper
dependencies in the systemd service.
https://bugs.debian.org/989490

[ Impact ]
On system shutdown Docker often is unable to properly shutdown containers
and just hangs. This delays shutdown until it reaches the timeout
(by default 90s).

[ Tests ]
I have been running these changes on a few hosts for a month and haven't
had any problems regarding start/shutdown since.

[ Risks ]
The changes only touch the systemd service and have been backported from
current upstream.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
* Order docker.service after containerd.service
* Explicitly pass the containerd socket path to dockerd to make sure it
  doesn't start containerd on its own.

diff -Nru docker.io-20.10.5+dfsg1/debian/changelog 
docker.io-20.10.5+dfsg1/debian/changelog
--- docker.io-20.10.5+dfsg1/debian/changelog    2021-12-04 11:53:03.000000000 
+0100
+++ docker.io-20.10.5+dfsg1/debian/changelog    2022-05-30 20:34:49.000000000 
+0200
@@ -1,3 +1,12 @@
+docker.io (20.10.5+dfsg1-1+deb11u2) bullseye; urgency=medium
+
+  * Order docker.service after containerd.service to fix shutdown of
+    containers (Closes: #989490)
+  * Explicitly pass the containerd socket path to dockerd to make sure it
+    doesn't start containerd on its own.
+
+ -- Felix Geyer <fge...@debian.org>  Mon, 30 May 2022 20:34:49 +0200
+
 docker.io (20.10.5+dfsg1-1+deb11u1) bullseye; urgency=medium
 
   * Backport patches for CVE-2021-41089 CVE-2021-41091 CVE-2021-41092
diff -Nru 
docker.io-20.10.5+dfsg1/debian/patches/engine-systemd-service-after-containerd.patch
 
docker.io-20.10.5+dfsg1/debian/patches/engine-systemd-service-after-containerd.patch
--- 
docker.io-20.10.5+dfsg1/debian/patches/engine-systemd-service-after-containerd.patch
        1970-01-01 01:00:00.000000000 +0100
+++ 
docker.io-20.10.5+dfsg1/debian/patches/engine-systemd-service-after-containerd.patch
        2022-05-30 20:09:40.000000000 +0200
@@ -0,0 +1,28 @@
+Description: Order docker.service after containerd.service
+ Fixes proper shutdown of containers.
+Origin: upstream, cherry-picked parts of 
https://github.com/moby/moby/pull/42373
+ and https://github.com/moby/moby/pull/42622
+Bug-Debian: https://bugs.debian.org/989490
+
+--- docker.io-20.10.11+dfsg1.orig/engine/contrib/init/systemd/docker.service
++++ docker.io-20.10.11+dfsg1/engine/contrib/init/systemd/docker.service
+@@ -1,8 +1,8 @@
+ [Unit]
+ Description=Docker Application Container Engine
+ Documentation=https://docs.docker.com
+-After=network-online.target docker.socket firewalld.service
+-Wants=network-online.target
++After=network-online.target docker.socket firewalld.service containerd.service
++Wants=network-online.target containerd.service
+ Requires=docker.socket
+ 
+ [Service]
+@@ -11,7 +11,7 @@ Type=notify
+ # exists and systemd currently does not support the cgroup feature set 
required
+ # for containers run by docker
+ EnvironmentFile=-/etc/default/docker
+-ExecStart=/usr/sbin/dockerd -H fd:// $DOCKER_OPTS
++ExecStart=/usr/sbin/dockerd -H fd:// 
--containerd=/run/containerd/containerd.sock $DOCKER_OPTS
+ ExecReload=/bin/kill -s HUP $MAINPID
+ LimitNOFILE=1048576
+ # Having non-zero Limit*s causes performance problems due to accounting 
overhead
diff -Nru docker.io-20.10.5+dfsg1/debian/patches/series 
docker.io-20.10.5+dfsg1/debian/patches/series
--- docker.io-20.10.5+dfsg1/debian/patches/series       2021-12-04 
11:53:03.000000000 +0100
+++ docker.io-20.10.5+dfsg1/debian/patches/series       2022-05-30 
20:10:09.000000000 +0200
@@ -11,6 +11,7 @@
 cli-dont-duplicate-authconfig.patch
 
 engine-add-go.mod-file.patch
+engine-systemd-service-after-containerd.patch
 
 libnetwork-add-go.mod-file.patch
 libnetwork_proto.patch

--- End Message ---

--- Begin Message ---

Package: release.debian.org
Version: 11.4

(re-sending with fixed bug numbers)

Hi,

The updates discussed in these bugs were included in today's bullseye
point release.

Regards,

Adam

--- End Message ---