diff --git a/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/files/compat-wrapper.sh b/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/files/compat-wrapper.sh new file mode 100644 index 0000000000..122162deca --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/files/compat-wrapper.sh @@ -0,0 +1,33 @@ +#!/bin/bash +set -e + +bin=${0##*/} +seal=/run/metadata/torcx + +if [ -z "${bin}" ] +then + echo 'Failed to determine the executed program name.' 1>&2 + exit 1 +fi + +if [ -s "${seal}" ] +then + . "${seal}" +else + echo "The program ${bin} is managed by torcx, which did not run." 1>&2 + exit 1 +fi + +if [ -z "${TORCX_BINDIR-}" ] +then + echo "The torcx seal file ${seal} is invalid." 1>&2 + exit 1 +fi + +if [ ! -x "${TORCX_BINDIR}/${bin}" ] +then + echo "The current torcx profile did not install a ${bin} program." 1>&2 + exit 1 +fi + +PATH="${TORCX_BINDIR}${PATH:+:${PATH}}" exec "${TORCX_BINDIR}/${bin}" "$@" diff --git a/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/files/dockerd-wrapper.sh b/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/files/dockerd-wrapper.sh new file mode 100644 index 0000000000..2a94d06561 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/files/dockerd-wrapper.sh @@ -0,0 +1,41 @@ +#!/bin/bash +# Wrapper for launching docker daemons with selinux default on +# This wrapper script has been deprecated (euank: 2017-05-09) and is retained +# for backwards compatibility. + +set -e + +parse_docker_args() { + local flag + while [[ $# -gt 0 ]]; do + flag="$1" + shift + + # treat --flag=foo and --flag foo identically + if [[ "${flag}" == *=* ]]; then + set -- "${flag#*=}" "$@" + flag="${flag%=*}" + fi + + case "${flag}" in + --selinux-enabled) + ARG_SELINUX="$1" + shift + ;; + *) + # ignore everything else + ;; + esac + done +} + +parse_docker_args "$@" + +USE_SELINUX="" +# Do not override selinux if it is already explicitly configured. +if [[ -z "${ARG_SELINUX}" ]]; then + # If unspecified, default on + USE_SELINUX="--selinux-enabled" +fi + +exec dockerd "$@" ${USE_SELINUX} diff --git a/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/files/vendor.json b/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/files/vendor.json index e69de29bb2..4480c4e767 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/files/vendor.json +++ b/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/files/vendor.json @@ -0,0 +1,11 @@ +{ + "kind": "profile-manifest-v0", + "value": { + "images": [ + { + "name": "docker", + "reference": "com.coreos.cl" + } + ] + } +} diff --git a/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-0.1.0_alpha1.ebuild b/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-0.1.0_alpha2.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-0.1.0_alpha1.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-0.1.0_alpha2.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-9999.ebuild index 228da33af2..2cbca95b21 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-9999.ebuild @@ -11,7 +11,7 @@ COREOS_GO_VERSION="go1.8" if [[ "${PV}" == 9999 ]]; then KEYWORDS="~amd64 ~arm64" else - CROS_WORKON_COMMIT="1987d1c516c6925280fade659569d5062999a1db" # v0.1.0-alpha.1a + CROS_WORKON_COMMIT="72f5f2721b867b158f14657d0ebe97fad8019a7a" # v0.1.0-alpha.2a KEYWORDS="amd64 arm64" fi @@ -46,4 +46,12 @@ src_install() { insinto "${vendordir}/profiles" doins "${FILESDIR}/vendor.json" dodir "${vendordir}/store" + + # Preserve program paths for torcx packages. + newbin "${FILESDIR}/compat-wrapper.sh" docker + for link in {docker-,}{containerd{,-shim},runc} ctr docker-{init,proxy} dockerd tini + do ln -fns docker "${ED}/usr/bin/${link}" + done + exeinto /usr/lib/coreos + newexe "${FILESDIR}/dockerd-wrapper.sh" dockerd } diff --git a/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/docker-1.12.ebuild b/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/docker-1.12.ebuild new file mode 100644 index 0000000000..2878868b25 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/docker-1.12.ebuild @@ -0,0 +1,26 @@ +# Copyright (c) 2017 CoreOS, Inc.. All rights reserved. +# Distributed under the terms of the GNU General Public License v2 + +EAPI=2 + +DESCRIPTION="Packages to be installed in a torcx image for Docker" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 arm64" + +# Explicitly list all packages that will be built into the image. +RDEPEND=" + =app-emulation/docker-1.12.6-r5 + =app-emulation/containerd-0.2.5-r2 + =app-emulation/runc-1.0.0_rc2_p9 +" + +src_install() { + insinto /.torcx + newins "${FILESDIR}/${PN}-${PV}-manifest.json" manifest.json + + # Enable the Docker socket by default. + local unitdir=/usr/lib/systemd/system + dosym ../docker.socket "${unitdir}/sockets.target.wants/docker.socket" +} diff --git a/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/docker-17.05.ebuild b/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/docker-17.05.ebuild new file mode 100644 index 0000000000..8cbbc4830e --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/docker-17.05.ebuild @@ -0,0 +1,28 @@ +# Copyright (c) 2017 CoreOS, Inc.. All rights reserved. +# Distributed under the terms of the GNU General Public License v2 + +EAPI=2 + +DESCRIPTION="Packages to be installed in a torcx image for Docker" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 arm64" + +# Explicitly list all packages that will be built into the image. +RDEPEND=" + =app-emulation/docker-17.05.0 + =app-emulation/containerd-0.2.7_p2 + =app-emulation/docker-proxy-0.8.0_p20170410 + =app-emulation/runc-1.0.0_rc2_p137 + =sys-process/tini-0.13.2 +" + +src_install() { + insinto /.torcx + newins "${FILESDIR}/${PN}-${PV}-manifest.json" manifest.json + + # Enable the Docker socket by default. + local unitdir=/usr/lib/systemd/system + dosym ../docker.socket "${unitdir}/sockets.target.wants/docker.socket" +} diff --git a/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/files/docker-1.12-manifest.json b/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/files/docker-1.12-manifest.json new file mode 100644 index 0000000000..b8bdf18da4 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/files/docker-1.12-manifest.json @@ -0,0 +1,27 @@ +{ + "kind": "image-manifest-v0", + "value": { + "bin": [ + "/bin/containerd", + "/bin/containerd-shim", + "/bin/ctr", + "/bin/docker", + "/bin/docker-containerd", + "/bin/docker-containerd-shim", + "/bin/docker-proxy", + "/bin/docker-runc", + "/bin/dockerd", + "/bin/runc" + ], + "network": [ + "/lib/systemd/network/50-docker.network", + "/lib/systemd/network/90-docker-veth.network" + ], + "units": [ + "/lib/systemd/system/containerd.service", + "/lib/systemd/system/docker.service", + "/lib/systemd/system/docker.socket", + "/lib/systemd/system/sockets.target.wants" + ] + } +} diff --git a/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/files/docker-17.05-manifest.json b/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/files/docker-17.05-manifest.json new file mode 100644 index 0000000000..190f9e8538 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/files/docker-17.05-manifest.json @@ -0,0 +1,29 @@ +{ + "kind": "image-manifest-v0", + "value": { + "bin": [ + "/bin/containerd", + "/bin/containerd-shim", + "/bin/ctr", + "/bin/docker", + "/bin/docker-containerd", + "/bin/docker-containerd-shim", + "/bin/docker-init", + "/bin/docker-proxy", + "/bin/docker-runc", + "/bin/dockerd", + "/bin/runc", + "/bin/tini" + ], + "network": [ + "/lib/systemd/network/50-docker.network", + "/lib/systemd/network/90-docker-veth.network" + ], + "units": [ + "/lib/systemd/system/containerd.service", + "/lib/systemd/system/docker.service", + "/lib/systemd/system/docker.socket", + "/lib/systemd/system/sockets.target.wants" + ] + } +} diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-0.0.1-r143.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-0.0.1-r144.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-0.0.1-r143.ebuild rename to sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-0.0.1-r144.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-9999.ebuild index 3e579b5d7b..a6967152bf 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-9999.ebuild @@ -29,7 +29,6 @@ REQUIRED_USE="symlink-usr" # Daemons we enable here must installed during build/install in addition to # during runtime so the systemd unit enable step works. DEPEND=" - app-emulation/docker net-misc/openssh net-nds/rpcbind !