>From 37dcaff90e6bfac93dad78f9ddc077b210a28fc8 Mon Sep 17 00:00:00 2001 From: Amy Fong <[email protected]> Date: Thu, 9 Apr 2015 14:19:48 -0400 Subject: [PATCH] docker engine not running
In yocto builds, preprocessing of binaries can happen after the install phase. Some of these can modify the size/sha1sum of the binaries. e.g. A new .gnu_debuglink can happen docker will not start because of these modifications. Docker initially does a sha1sum of dockerinit to identify the dockerinit that it was built with, this is done for security and for compatibility reasons. Since this checking is disabled, we should rely on rpm tests for validation of the binary instead. Signed-off-by: Amy Fong <[email protected]> --- recipes-containers/docker/docker_git.bb | 1 + .../docker/files/disable_sha1sum_startup.patch | 57 ++++++++++++++++++++++ 2 files changed, 58 insertions(+) create mode 100644 recipes-containers/docker/files/disable_sha1sum_startup.patch diff --git a/recipes-containers/docker/docker_git.bb b/recipes-containers/docker/docker_git.bb index 8357ee8..8f86f70 100644 --- a/recipes-containers/docker/docker_git.bb +++ b/recipes-containers/docker/docker_git.bb @@ -23,6 +23,7 @@ SRC_URI = "\ git://github.com/docker/docker.git \ file://docker.service \ file://hi.Dockerfile \ + file://disable_sha1sum_startup.patch \ " # Apache-2.0 for docker diff --git a/recipes-containers/docker/files/disable_sha1sum_startup.patch b/recipes-containers/docker/files/disable_sha1sum_startup.patch new file mode 100644 index 0000000..cc6819b --- /dev/null +++ b/recipes-containers/docker/files/disable_sha1sum_startup.patch @@ -0,0 +1,57 @@ +docker engine not running + +In yocto builds, preprocessing of binaries can happen after the install phase. +Some of these can modify the size/sha1sum of the binaries. +e.g. A new .gnu_debuglink can happen + +docker will not start because of these modifications. Docker initially +does a sha1sum of dockerinit to identify the dockerinit that it was built +with, this is done for security and for compatibility reasons. Since +this checking is disabled, we should rely on rpm tests for validation +of the binary instead. + +Signed-off-by: Amy Fong <[email protected]> +--- + utils/utils.go | 17 +---------------- + 1 file changed, 1 insertion(+), 16 deletions(-) + +--- a/utils/utils.go ++++ b/utils/utils.go +@@ -4,7 +4,6 @@ + "bufio" + "bytes" + "crypto/rand" +- "crypto/sha1" + "crypto/sha256" + "encoding/hex" + "fmt" +@@ -76,20 +75,6 @@ + return path + } + +-func dockerInitSha1(target string) string { +- f, err := os.Open(target) +- if err != nil { +- return "" +- } +- defer f.Close() +- h := sha1.New() +- _, err = io.Copy(h, f) +- if err != nil { +- return "" +- } +- return hex.EncodeToString(h.Sum(nil)) +-} +- + func isValidDockerInitPath(target string, selfPath string) bool { // target and selfPath should be absolute (InitPath and SelfPath already do this) + if target == "" { + return false +@@ -111,7 +96,7 @@ + } + return os.SameFile(targetFileInfo, selfPathFileInfo) + } +- return dockerversion.INITSHA1 != "" && dockerInitSha1(target) == dockerversion.INITSHA1 ++ return true + } + + // Figure out the path of our dockerinit (which may be SelfPath()) -- 2.1.4 -- _______________________________________________ meta-virtualization mailing list [email protected] https://lists.yoctoproject.org/listinfo/meta-virtualization
