On Sun, Dec 4, 2022 at 4:38 PM Adrian Freihofer <[email protected]> wrote: > > Bring docker on the kirkstone branch to the same commits as they are on > master-next. Just let me know if you think this is not the right way. I > can easily maintain this on my own layer. But there are some bugs and > CVEs in Docker which make this update kind of mandatory for the LTS > branch as well.
I need to have a closer look at the changelogs to confirm just bug fixes in the commits. I got bogged down in yocto summit things, which is why master-next has cooked longer than it normally does. I'm completing more updates now, so I'll clear the existing master next shortly, before staging more. > > Some findings: > * runc-docker RUNC_VERSION is on 1.1.2 on master-next. I set it to 1.1.4 > bcause this looks correct to me. I'm not sure where you are seeing this. I see one shortlog that is wrong, but the versions are 1.1.4 in both of the runc recipes in master-next as it sits on the server and locally. https://git.yoctoproject.org/meta-virtualization/commit/?h=master-next&id=6dba10357ce8906c95b81d3256e945c617999aa8 > * docker: SRCREV_moby is used by do_compile. For docker-ce the variable > is undefined on master-next. Here it is initialized to SRCREV_docker. Do you mean in the .inc ? That's been a bug for a while, I switched to a generic value on master-next: https://git.yoctoproject.org/meta-virtualization/commit/?h=master-next&id=d3acb1a378e644fe2784a8357390b19695640f78 > * docker: Upstream updated to go 1.8 which does no longer compile with > Yocto's go 1.7. There is a patch to revert the go update. It's working > but not sure how long this way will work. So only a problem on the older branch. We could carry a change for that, but it needs to be in a separate commit. That last comment leads me to a general comment. The series is fine in spirit, but the changes should be kept separate and should be cherry-picks whenever possible. i.e. the updates to the 3rd digit versions need to be separate, and be cherry picks from master. That means they include the git hash they are cherry picked from, as well as the original sign-offs. That obviously also means they cannot run ahead of the master version updates (unless I bump a major version in master). As I mentioned above, I'm going back through minor updates now, and will stack them on master-next once the current batch completes some final testing. Things that need to be done to adapt to cherry-picked commits to the older branches, need to be separate commits. Bruce > * Testing: docker-ce running on a arm64 device can run a Debian > container. We will do more tests in the future. But that's what I did > so far. > > Adrian Freihofer (3): > runc-docker: update to 1.1.4-tip > containerd-opencontainers: update to 1.6.9 > docker: update from 20.10.12 to 20.10.21 > > .../containerd-opencontainers_git.bb | 6 +- > recipes-containers/docker/docker-ce_git.bb | 30 +- > recipes-containers/docker/docker-moby_git.bb | 27 +- > recipes-containers/docker/docker.inc | 5 +- > .../files/0001-revert-go-1.8-update.patch | 1218 +++++++++++++++++ > ...efine-ActKillThread-equal-to-ActKill.patch | 90 -- > recipes-containers/runc/runc-docker_git.bb | 4 +- > .../runc/runc-opencontainers_git.bb | 6 +- > 8 files changed, 1261 insertions(+), 125 deletions(-) > create mode 100644 > recipes-containers/docker/files/0001-revert-go-1.8-update.patch > delete mode 100644 > recipes-containers/runc/files/0002-Define-ActKillThread-equal-to-ActKill.patch > > -- > 2.38.1 > > > > -- - Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end - "Use the force Harry" - Gandalf, Star Trek II
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#7748): https://lists.yoctoproject.org/g/meta-virtualization/message/7748 Mute This Topic: https://lists.yoctoproject.org/mt/95455895/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
