likewise, this is already in master-next (along with 24.0), and will be cherry picked to mickeldore once ready.
Bruce On Tue, Jun 6, 2023 at 3:43 AM Chen Qi via lists.yoctoproject.org <[email protected]> wrote: > > From: Chen Qi <[email protected]> > > Signed-off-by: Chen Qi <[email protected]> > --- > recipes-containers/docker/docker-moby_git.bb | 7 +- > ...Allow-for-xattr-copy-failure-for-vfs.patch | 113 ------------------ > 2 files changed, 3 insertions(+), 117 deletions(-) > delete mode 100644 > recipes-containers/docker/files/0001-Allow-for-xattr-copy-failure-for-vfs.patch > > diff --git a/recipes-containers/docker/docker-moby_git.bb > b/recipes-containers/docker/docker-moby_git.bb > index 7858bebf..507d968a 100644 > --- a/recipes-containers/docker/docker-moby_git.bb > +++ b/recipes-containers/docker/docker-moby_git.bb > @@ -44,9 +44,9 @@ DESCRIPTION = "Linux container runtime \ > # so we get that tag, and make it our SRCREVS: > # > > -SRCREV_moby = "219f21bf07502b447095649b5a2764661737f164" > +SRCREV_moby = "9dbdbd4b6d7681bd18c897a6ba0376073c2a72ff" > SRCREV_libnetwork = "25ec449c45d2075c85fb3688ef4c1730be0466e0" > -SRCREV_cli = "569dd73db13099a7c3104d73aa15117b359045bc" > +SRCREV_cli = "ef23cbc4315ae76c744e02d687c09548ede461bd" > SRCREV_FORMAT = "moby_libnetwork" > SRC_URI = "\ > git://github.com/moby/moby.git;branch=23.0;name=moby;protocol=https \ > @@ -56,7 +56,6 @@ SRC_URI = "\ > file://0001-libnetwork-use-GO-instead-of-go.patch \ > file://0001-cli-use-external-GO111MODULE-and-cross-compiler.patch \ > > file://0001-dynbinary-use-go-cross-compiler.patch;patchdir=src/import \ > - > file://0001-Allow-for-xattr-copy-failure-for-vfs.patch;patchdir=src/import \ > " > > DOCKER_COMMIT = "${SRCREV_moby}" > @@ -67,7 +66,7 @@ require docker.inc > LICENSE = "Apache-2.0" > LIC_FILES_CHKSUM = > "file://src/import/LICENSE;md5=4859e97a9c7780e77972d989f0823f28" > > -DOCKER_VERSION = "23.0.2" > +DOCKER_VERSION = "23.0.6" > PV = "${DOCKER_VERSION}+git${SRCREV_moby}" > > CVE_PRODUCT = "docker mobyproject:moby" > diff --git > a/recipes-containers/docker/files/0001-Allow-for-xattr-copy-failure-for-vfs.patch > > b/recipes-containers/docker/files/0001-Allow-for-xattr-copy-failure-for-vfs.patch > deleted file mode 100644 > index b657cafd..00000000 > --- > a/recipes-containers/docker/files/0001-Allow-for-xattr-copy-failure-for-vfs.patch > +++ /dev/null > @@ -1,113 +0,0 @@ > -From f0dbd4eaf1416074bc8845063f4b6fb285bf75bd Mon Sep 17 00:00:00 2001 > -From: Chen Qi <[email protected]> > -Date: Thu, 27 Apr 2023 00:42:19 -0700 > -Subject: [PATCH] Allow for xattr copy failure for vfs > - > -vfs is declared to work with any filesystem, but after > -https://github.com/moby/moby/commit/31f654a704f61768828d5950a13f30bb493d1239 > -it's no longer working with NFS. > - > -As the extended attribute support depends on filesystem and > -if we do copy it in vfs and do not allow failure, that would > -essentially mean that vfs does NOT support all filesystems but > -only those that support xattr. > - > -So we should just try to copy security.capabilities and allow > -for failure. In this way, vfs come back to the state of > -being able to run on any filesystem as declared in > -https://docs.docker.com/storage/storagedriver/select-storage-driver/. > - > -Fixes https://github.com/moby/moby/issues/45417 > - > -Upstream-Status: Submitted [https://github.com/moby/moby/pull/45420] > - > -Signed-off-by: Chen Qi <[email protected]> > ---- > - daemon/graphdriver/copy/copy.go | 6 ++++-- > - daemon/graphdriver/copy/copy_test.go | 4 ++-- > - daemon/graphdriver/overlay/overlay.go | 4 ++-- > - daemon/graphdriver/vfs/copy_linux.go | 2 +- > - 4 files changed, 9 insertions(+), 7 deletions(-) > - > -diff --git a/daemon/graphdriver/copy/copy.go > b/daemon/graphdriver/copy/copy.go > -index 0fb8a1a9d9..f6a5b74af5 100644 > ---- a/daemon/graphdriver/copy/copy.go > -+++ b/daemon/graphdriver/copy/copy.go > -@@ -116,7 +116,7 @@ type dirMtimeInfo struct { > - // > - // The copyOpaqueXattrs controls if "trusted.overlay.opaque" xattrs are > copied. > - // Passing false disables copying "trusted.overlay.opaque" xattrs. > --func DirCopy(srcDir, dstDir string, copyMode Mode, copyOpaqueXattrs bool) > error { > -+func DirCopy(srcDir, dstDir string, copyMode Mode, copyOpaqueXattrs bool, > allowXattrFailure bool) error { > - copyWithFileRange := true > - copyWithFileClone := true > - > -@@ -210,7 +210,9 @@ func DirCopy(srcDir, dstDir string, copyMode Mode, > copyOpaqueXattrs bool) error > - } > - > - if err := copyXattr(srcPath, dstPath, "security.capability"); > err != nil { > -- return err > -+ if !allowXattrFailure { > -+ return err > -+ } > - } > - > - if copyOpaqueXattrs { > -diff --git a/daemon/graphdriver/copy/copy_test.go > b/daemon/graphdriver/copy/copy_test.go > -index 8dcd8d9d56..340c715f5f 100644 > ---- a/daemon/graphdriver/copy/copy_test.go > -+++ b/daemon/graphdriver/copy/copy_test.go > -@@ -40,7 +40,7 @@ func TestCopyDir(t *testing.T) { > - assert.NilError(t, err) > - defer os.RemoveAll(dstDir) > - > -- assert.Check(t, DirCopy(srcDir, dstDir, Content, false)) > -+ assert.Check(t, DirCopy(srcDir, dstDir, Content, false, true)) > - assert.NilError(t, filepath.Walk(srcDir, func(srcPath string, f > os.FileInfo, err error) error { > - if err != nil { > - return err > -@@ -146,7 +146,7 @@ func TestCopyHardlink(t *testing.T) { > - assert.NilError(t, os.WriteFile(srcFile1, []byte{}, 0777)) > - assert.NilError(t, os.Link(srcFile1, srcFile2)) > - > -- assert.Check(t, DirCopy(srcDir, dstDir, Content, false)) > -+ assert.Check(t, DirCopy(srcDir, dstDir, Content, false, true)) > - > - assert.NilError(t, unix.Stat(srcFile1, &srcFile1FileInfo)) > - assert.NilError(t, unix.Stat(srcFile2, &srcFile2FileInfo)) > -diff --git a/daemon/graphdriver/overlay/overlay.go > b/daemon/graphdriver/overlay/overlay.go > -index 2ed53d82e9..909478963e 100644 > ---- a/daemon/graphdriver/overlay/overlay.go > -+++ b/daemon/graphdriver/overlay/overlay.go > -@@ -320,7 +320,7 @@ func (d *Driver) Create(id, parent string, opts > *graphdriver.CreateOpts) (retErr > - return err > - } > - > -- return copy.DirCopy(parentUpperDir, upperDir, copy.Content, true) > -+ return copy.DirCopy(parentUpperDir, upperDir, copy.Content, true, > false) > - } > - > - func (d *Driver) dir(id string) string { > -@@ -460,7 +460,7 @@ func (d *Driver) ApplyDiff(id string, parent string, > diff io.Reader) (size int64 > - } > - }() > - > -- if err = copy.DirCopy(parentRootDir, tmpRootDir, copy.Hardlink, > true); err != nil { > -+ if err = copy.DirCopy(parentRootDir, tmpRootDir, copy.Hardlink, true, > false); err != nil { > - return 0, err > - } > - > -diff --git a/daemon/graphdriver/vfs/copy_linux.go > b/daemon/graphdriver/vfs/copy_linux.go > -index 7276b3837f..592825c1a5 100644 > ---- a/daemon/graphdriver/vfs/copy_linux.go > -+++ b/daemon/graphdriver/vfs/copy_linux.go > -@@ -3,5 +3,5 @@ package vfs // import > "github.com/docker/docker/daemon/graphdriver/vfs" > - import "github.com/docker/docker/daemon/graphdriver/copy" > - > - func dirCopy(srcDir, dstDir string) error { > -- return copy.DirCopy(srcDir, dstDir, copy.Content, false) > -+ return copy.DirCopy(srcDir, dstDir, copy.Content, false, true) > - } > --- > -2.40.0 > - > -- > 2.40.0 > > > > -- - Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end - "Use the force Harry" - Gandalf, Star Trek II
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#8093): https://lists.yoctoproject.org/g/meta-virtualization/message/8093 Mute This Topic: https://lists.yoctoproject.org/mt/99358924/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/leave/6693005/21656/1014668956/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
