Hello community, here is the log from the commit of package docker for openSUSE:Factory checked in at 2017-11-30 12:41:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/docker (Old) and /work/SRC/openSUSE:Factory/.docker.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "docker" Thu Nov 30 12:41:35 2017 rev:64 rq:545292 version:17.07.0_ce Changes: -------- --- /work/SRC/openSUSE:Factory/docker/docker.changes 2017-11-10 14:42:50.823646548 +0100 +++ /work/SRC/openSUSE:Factory/.docker.new/docker.changes 2017-11-30 12:41:40.326031831 +0100 @@ -1,0 +2,19 @@ +Thu Nov 23 13:48:08 UTC 2017 - [email protected] + +- Replace references to /var/adm/fillup-templates with new + %_fillupdir macro (boo#1069468) + +------------------------------------------------------------------- +Tue Nov 14 22:39:56 UTC 2017 - [email protected] + +- Remove migration code for the v1.9.x -> v1.10.x migration. This has been + around for a while, and we no longer support migrating from such an old + version "nicely". Docker still has migration code that will run on + first-boot, we are merely removing all of the "nice" warnings which tell + users how to avoid issues during an upgrade that ocurred more than a year + ago. +- Drop un-needed files: + - docker-plugin-message.txt + - docker-update-message.txt + +------------------------------------------------------------------- @@ -37 +56 @@ -- Update to Docker v17.07-ce. Upstream changelog: +- Update to Docker v17.07-ce (bsc#1069758). Upstream changelog: Old: ---- docker-plugin-message.txt docker-update-message.txt ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ docker.spec ++++++ --- /var/tmp/diff_new_pack.bJySsx/_old 2017-11-30 12:41:41.166001291 +0100 +++ /var/tmp/diff_new_pack.bJySsx/_new 2017-11-30 12:41:41.170001146 +0100 @@ -17,12 +17,14 @@ # nodebuginfo -%global docker_store %{_localstatedir}/lib/docker -%global docker_migration_testfile %{docker_store}/.suse-image-migration-v1to2-complete -%global docker_migration_warnfile %{docker_store}/docker-update-message.txt -%global docker_plugin_warnfile %{docker_store}/docker-plugin-message.txt -%define docker_graph %{docker_store}/graph -%define __arch_install_post export NO_BRP_STRIP_DEBUG=true +# Where important update information will be stored, such that an administrator +# is guaranteed to see the relevant warning. +%define update_messages %{_localstatedir}/adm/update-messages/%{name}-%{version}-%{release} + +#Compat macro for new _fillupdir macro introduced in Nov 2017 +%if ! %{defined _fillupdir} + %define _fillupdir /var/adm/fillup-templates +%endif # Used when generating the "build" information for Docker version. The value of # git_commit_epoch is unused here (we use SOURCE_DATE_EPOCH, which rpm @@ -32,12 +34,6 @@ %define git_version 87847530f717 %define git_commit_epoch 1508266293 -# When upgrading to a new version requires the service not to be restarted -# Due to a long migration process update last_migration_version to the new version -# that will first perform the migration, last time this was needed was version -# 1.10.1 -%global last_migration_version 1.10.1 - Name: docker Version: 17.07.0_ce Release: 0 @@ -54,8 +50,6 @@ Source7: README_SUSE.md Source8: docker-audit.rules Source9: tests.sh -Source50: docker-update-message.txt -Source51: docker-plugin-message.txt # SUSE-FEATURE: Adds the /run/secrets mountpoint inside all Docker containers # which is not snapshotted when images are committed. Note that if you modify # this patch, please also modify the patch in the suse-secrets-v<version> @@ -124,8 +118,6 @@ Requires(post): %fillup_prereq Requires(post): udev Requires(post): shadow -# Not necessary, but must be installed to have a smooth upgrade. -Recommends: docker-image-migrator # Not necessary, but must be installed when the underlying system is # configured to use lvm and the user doesn't explicitly provide a # different storage-driver than devicemapper @@ -342,7 +334,7 @@ install -d %{buildroot}%{_bindir} install -D -m755 components/cli/build/docker %{buildroot}/%{_bindir}/docker install -D -m755 components/engine/bundles/latest/dynbinary-daemon/dockerd %{buildroot}/%{_bindir}/dockerd -install -d %{buildroot}/%{_prefix}/lib/docker +install -d %{buildroot}/%{_localstatedir}/lib/docker install -Dd -m 0755 \ %{buildroot}%{_sysconfdir}/init.d \ %{buildroot}%{_sbindir} @@ -370,7 +362,7 @@ install -D -m 0640 %{SOURCE8} %{buildroot}%{_sysconfdir}/audit/rules.d/%{name}.rules # sysconfig file -install -D -m 644 %{SOURCE4} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.docker +install -D -m 644 %{SOURCE4} %{buildroot}%{_fillupdir}/sysconfig.docker # install manpages (using the ones from the engine) install -d %{buildroot}%{_mandir}/man1 @@ -380,54 +372,13 @@ install -d %{buildroot}%{_mandir}/man8 install -p -m 644 components/cli/man/man8/*.8 %{buildroot}%{_mandir}/man8 -install -D -m 0644 %{SOURCE50} %{buildroot}%{docker_migration_warnfile} -install -D -m 0644 %{SOURCE51} %{buildroot}%{docker_plugin_warnfile} - %fdupes %{buildroot} %pre -# TODO: Remove this code in the near future. -# In order to make sure we don't print a scary warning when we shouldn't we -# need to test these things (in this order): -# 1. Check that %%{_localstatedir}/lib/docker actually exists (docker daemon has run). -# 2. Check that the migrator has *not* finished. -# 3. Check that %%{_localstatedir}/lib/docker/graph exists (this is a <=1.9.1 thing, but -# will stick around if it has been migrated -- which is why we need the -# MIGRATION_TESTFILE check). -# 4. Check that there are images in the graph/ directory. -if [[ -x %{_bindir}/docker && -d "%{docker_store}" && -n "$(find "%{docker_graph}" -maxdepth 1 -type d 2>/dev/null | grep -Ev '_tmp|^%{docker_graph}$')" ]]; then - # Check if currently installed version of docker is old enough to need migration. - CURRENT_DOCKER_VERSION=$(docker -v | sed 's/^.*[^0-9]\([0-9]*\.[0-9]*\.[0-9]*\).*$/\1/') - # This variable will contain the current docker version if migration is needed otherwise it will contain the upgrade point. - # Next time the docker package needs to be upgraded without restarting the service increase the 1.10.1 to the new version. - NEED_UPGRADE_VERSION=$(echo -e "$CURRENT_DOCKER_VERSION\n%{last_migration_version}" | sort -V | head -1) - - if [[ $CURRENT_DOCKER_VERSION == $NEED_UPGRADE_VERSION ]]; then - touch %{docker_migration_testfile} - fi -fi - getent group docker >/dev/null || groupadd -r docker %service_add_pre %{name}.service %post -if [ -e %{docker_migration_testfile} ]; then - cat %{docker_migration_warnfile} >> /var/adm/update-messages/docker-%{version}-%{release} -else - if [ -e %{docker_migration_warnfile} ]; then - rm %{docker_migration_warnfile} - fi -fi - -# TODO: Remove this code in the near future. -# If plugins.json is present, docker will fail to start. It should be noted -# that this was not supported by us, as it was only experimental at the time. -# But handle this migration anyway. https://github.com/docker/docker/releases/tag/v1.13.0 -if [ -e /var/lib/docker/plugins/plugins.json ];then - cat %{docker_plugin_warnfile} >> /var/adm/update-messages/docker-%{version}-%{release} - mv /var/lib/docker/plugins/plugins.json /var/lib/docker/plugins/_plugins.json.old -fi - %service_add_post %{name}.service %{fillup_only -n docker} @@ -435,10 +386,6 @@ %service_del_preun %{name}.service %postun -if [ -e %{docker_migration_testfile} ]; then - rm %{docker_migration_testfile} - export DISABLE_RESTART_ON_UPDATE=yes -fi %service_del_postun %{name}.service %files @@ -450,8 +397,8 @@ %{_unitdir}/%{name}.service %config %{_sysconfdir}/audit/rules.d/%{name}.rules %{_udevrulesdir}/80-%{name}.rules -%{_localstatedir}/adm/fillup-templates/sysconfig.docker -%{_localstatedir}/lib/docker/ +%{_fillupdir}/sysconfig.docker +%dir %{_localstatedir}/lib/docker/ %{_mandir}/man1/docker-*.1%{ext_man} %{_mandir}/man1/docker.1%{ext_man} %{_mandir}/man5/Dockerfile.5%{ext_man} ++++++ secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch ++++++ --- /var/tmp/diff_new_pack.bJySsx/_old 2017-11-30 12:41:41.305996201 +0100 +++ /var/tmp/diff_new_pack.bJySsx/_new 2017-11-30 12:41:41.309996056 +0100 @@ -70,5 +70,5 @@ return errors.Wrap(err, "error setting ownership for secret") } -- -2.14.2 +2.15.0 ++++++ secrets-0002-SUSE-implement-SUSE-container-secrets.patch ++++++ --- /var/tmp/diff_new_pack.bJySsx/_old 2017-11-30 12:41:41.329995328 +0100 +++ /var/tmp/diff_new_pack.bJySsx/_new 2017-11-30 12:41:41.333995183 +0100 @@ -1,4 +1,4 @@ -From afb202611a8330e0b3a7900aa2d68b7cc1d489fe Mon Sep 17 00:00:00 2001 +From 7c03750568cb9b67b763cd03f92ce45c567ca043 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai <[email protected]> Date: Wed, 8 Mar 2017 11:43:29 +1100 Subject: [PATCH 2/2] SUSE: implement SUSE container secrets @@ -13,8 +13,8 @@ Signed-off-by: Aleksa Sarai <[email protected]> --- daemon/start.go | 5 + - daemon/suse_secrets.go | 328 +++++++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 333 insertions(+) + daemon/suse_secrets.go | 331 +++++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 336 insertions(+) create mode 100644 daemon/suse_secrets.go diff --git a/daemon/start.go b/daemon/start.go @@ -35,10 +35,10 @@ return err diff --git a/daemon/suse_secrets.go b/daemon/suse_secrets.go new file mode 100644 -index 000000000000..b09ad96f01b0 +index 000000000000..b6914adf09ce --- /dev/null +++ b/daemon/suse_secrets.go -@@ -0,0 +1,328 @@ +@@ -0,0 +1,331 @@ +/* + * suse-secrets: patch for Docker to implement SUSE secrets + * Copyright (C) 2017 SUSE LLC. @@ -94,6 +94,9 @@ +} + +func (s SuseFakeFile) id() string { ++ // NOTE: It is _very_ important that this string always has a prefix of ++ // "suse". This is how we can ensure that we can operate on ++ // SecretReferences with a confidence that it was made by us. + return fmt.Sprintf("suse_%s_%s", digest.FromBytes(s.Data).Hex(), s.Path) +} + @@ -113,7 +116,7 @@ + // mapped). + ctrUser := idtools.IDPair{UID: s.Uid, GID: s.Gid} + hostUser := idMaps.RootPair() -+ if user, err := idMaps.ToHost(ctrUser); err != nil { ++ if user, err := idMaps.ToHost(ctrUser); err == nil { + hostUser = user + } + @@ -368,5 +371,5 @@ + return nil +} -- -2.14.2 +2.15.0
