Hello community, here is the log from the commit of package docker for openSUSE:Factory checked in at 2016-05-23 16:39:11 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/docker (Old) and /work/SRC/openSUSE:Factory/.docker.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "docker" Changes: -------- --- /work/SRC/openSUSE:Factory/docker/docker.changes 2016-05-04 08:20:17.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.docker.new/docker.changes 2016-05-23 16:39:12.000000000 +0200 @@ -1,0 +2,20 @@ +Fri May 20 10:26:39 UTC 2016 - [email protected] + +- Fix udev files ownership + +------------------------------------------------------------------- +Wed May 18 14:21:09 UTC 2016 - [email protected] + +* Make sure we *always* build unstripped Go binaries. + +------------------------------------------------------------------- +Mon May 16 13:55:07 UTC 2016 - [email protected] + +* Add a patch to fix database soft corruption issues if the Docker dameon dies + in a bad state. There is a PR upstream to vendor Docker to have this fix as + well, but it probably won't get in until 1.11.2. bnc#964673 + (https://github.com/docker/docker/pull/22765) + + + bnc964673-boltdb-metadata-recovery.patch + +------------------------------------------------------------------- New: ---- bnc964673-boltdb-metadata-recovery.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ docker.spec ++++++ --- /var/tmp/diff_new_pack.dHdJQB/_old 2016-05-23 16:39:13.000000000 +0200 +++ /var/tmp/diff_new_pack.dHdJQB/_new 2016-05-23 16:39:13.000000000 +0200 @@ -57,6 +57,11 @@ # This fixes bsc#976777. While the fix is upstream, it isn't in Docker 1.10.3 or # Docker 1.11.0. This patch was squashed and cherry-picked from runc#708. Patch301: cve-2016-3697-numeric-uid.patch +# This fixes bnc#964673. This fix is in boltdb upstream, but has yet to be +# merged into Docker (in a vendor commit). This patch was cherry-picked from +# bolt#555. +Patch302: bnc964673-boltdb-metadata-recovery.patch +Requires(post): udev BuildRequires: audit BuildRequires: bash-completion BuildRequires: device-mapper-devel >= 1.2.68 @@ -100,6 +105,13 @@ %endif ExcludeArch: ppc +# It's a bad idea to strip Go binaries (apart from making debugging impossible, +# it also is known to cause some interesting runtime bugs). However, rpmbuild +# will strip your binaries if it is creating debuginfo packages (as well as +# doing it by default). So we have to manually disable both of these things. +%undefine _build_create_debug +%define __arch_install_post export NO_BRP_STRIP_DEBUG=true + %description Docker complements LXC with a high-level API which operates at the process level. It runs unix processes with strong guarantees of isolation and @@ -167,6 +179,8 @@ %endif # bsc#976777 %patch301 -p1 +# bnc#964673 +%patch302 -p1 cp %{SOURCE7} . %build ++++++ bnc964673-boltdb-metadata-recovery.patch ++++++ >From 8f0e47cee034cdc08ca515d98a6733130908fc26 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai <[email protected]> Date: Mon, 16 May 2016 23:53:46 +1000 Subject: [PATCH] db: fix recovery from unsynced metadata Bolt stores the two latest transactions' metadata, but previously did not recover from validation failures in the latest by using the second latest. Fix this by correctly handling validation failures in db.go, as well as returning the metadata with highest txid which is also valid in DB.meta(). Signed-off-by: Aleksa Sarai <[email protected]> --- vendor/src/github.com/boltdb/bolt/db.go | 49 +++++++++++++++++++++++++-------- 1 file changed, 38 insertions(+), 11 deletions(-) diff --git a/vendor/src/github.com/boltdb/bolt/db.go b/vendor/src/github.com/boltdb/bolt/db.go index 501d36aac24a..f713485ffab6 100644 --- a/vendor/src/github.com/boltdb/bolt/db.go +++ b/vendor/src/github.com/boltdb/bolt/db.go @@ -200,9 +200,15 @@ func Open(path string, mode os.FileMode, options *Options) (*DB, error) { if _, err := db.file.ReadAt(buf[:], 0); err == nil { m := db.pageInBuffer(buf[:], 0).meta() if err := m.validate(); err != nil { - return nil, err + // If we can't read the page size, we can assume it's the same + // as the OS -- since that's how the page size was chosen in the + // first place. + // XXX: Does this cause issues with opening a database on a + // different OS than the one it was created on? + db.pageSize = os.Getpagesize() + } else { + db.pageSize = int(m.pageSize) } - db.pageSize = int(m.pageSize) } } @@ -262,12 +268,13 @@ func (db *DB) mmap(minsz int) error { db.meta0 = db.page(0).meta() db.meta1 = db.page(1).meta() - // Validate the meta pages. - if err := db.meta0.validate(); err != nil { - return err - } - if err := db.meta1.validate(); err != nil { - return err + // Validate the meta pages. We only return an error if both meta pages fail + // validation, since meta0 failing validation means that it wasn't saved + // properly -- but we can recover using meta1. And vice-versa. + err0 := db.meta0.validate() + err1 := db.meta1.validate() + if err0 != nil && err1 != nil { + return fmt.Errorf("meta0(%v) meta1(%v)", err0, err1) } return nil @@ -778,10 +785,30 @@ func (db *DB) pageInBuffer(b []byte, id pgid) *page { // meta retrieves the current meta page reference. func (db *DB) meta() *meta { - if db.meta0.txid > db.meta1.txid { - return db.meta0 + // We have to return the meta with the highest txid which doesn't fail + // validation. Otherwise, we can cause errors when in fact the database is + // in a consistent state. metaA is the one with the higher txid. + metaA := db.meta0 + metaB := db.meta1 + if db.meta1.txid > db.meta0.txid { + metaA = db.meta1 + metaB = db.meta0 } - return db.meta1 + + errA := metaA.validate() + errB := metaB.validate() + + if errA == nil { + return metaA + } + + if errB == nil { + return metaB + } + + // This should never be reached, because both meta1 and meta0 were validated + // on mmap() and we do fsync() on every write. + panic("both meta0 and meta1 could not be validated in DB.meta()!") } // allocate returns a contiguous block of memory starting at a given page. -- 2.8.2
