app-emulation/docker: bump to v1.6.0

this commit also removes a patch by brandon philips which was applied to
upstream docker.

sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild

@@ -15,7 +15,7 @@ if [[ ${PV} == *9999 ]]; then
 	DOCKER_GITCOMMIT=""
 	KEYWORDS=""
 else
-	CROS_WORKON_COMMIT="a8a31eff10544860d2188dddabdee4d727545796" # v1.5.0
+	CROS_WORKON_COMMIT="47496519da9664202d900d3635bb840509fa9647" # v1.6.0
 	DOCKER_GITCOMMIT="${CROS_WORKON_COMMIT:0:7}"
 	KEYWORDS="amd64"
 fi
@@ -24,7 +24,7 @@ inherit bash-completion-r1 linux-info multilib systemd udev user cros-workon
 
 LICENSE="Apache-2.0"
 SLOT="0"
-IUSE="aufs +btrfs contrib +device-mapper doc lxc vim-syntax zsh-completion"
+IUSE="aufs btrfs +contrib +device-mapper doc lxc overlay vim-syntax zsh-completion"
 
 # https://github.com/docker/docker/blob/master/hack/PACKAGERS.md#build-dependencies
 CDEPEND="
@@ -55,7 +55,7 @@ RDEPEND="
 	>=app-arch/xz-utils-4.9
 
 	lxc? (
-		>=app-emulation/lxc-1.0
+		>=app-emulation/lxc-1.0.7
 	)
 	aufs? (
 		|| (
@@ -71,20 +71,24 @@ RESTRICT="installsources strip"
 CONFIG_CHECK="
 	NAMESPACES NET_NS PID_NS IPC_NS UTS_NS
 	DEVPTS_MULTIPLE_INSTANCES
-	CGROUPS CGROUP_CPUACCT CGROUP_DEVICE CGROUP_FREEZER CGROUP_SCHED
+	CGROUPS CGROUP_CPUACCT CGROUP_DEVICE CGROUP_FREEZER CGROUP_SCHED CPUSETS
 	MACVLAN VETH BRIDGE
 	NF_NAT_IPV4 IP_NF_FILTER IP_NF_TARGET_MASQUERADE
 	NETFILTER_XT_MATCH_ADDRTYPE NETFILTER_XT_MATCH_CONNTRACK
 	NF_NAT NF_NAT_NEEDED
 
-	~MEMCG_SWAP
+	POSIX_MQUEUE
+
+	~MEMCG_SWAP ~MEMCG_SWAP_ENABLED
 	~RESOURCE_COUNTERS
 	~CGROUP_PERF
+	~CFS_BANDWIDTH
 "
 
 ERROR_MEMCG_SWAP="CONFIG_MEMCG_SWAP: is required if you wish to limit swap usage of containers"
 ERROR_RESOURCE_COUNTERS="CONFIG_RESOURCE_COUNTERS: is optional for container statistics gathering"
 ERROR_CGROUP_PERF="CONFIG_CGROUP_PERF: is optional for container statistics gathering"
+ERROR_CFS_BANDWIDTH="CONFIG_CFS_BANDWIDTH: is optional for container statistics gathering"
 
 pkg_setup() {
 	if kernel_is lt 3 8; then
@@ -112,6 +116,7 @@ pkg_setup() {
 	if use aufs; then
 		CONFIG_CHECK+="
 			~AUFS_FS
+			~EXT4_FS_POSIX_ACL ~EXT4_FS_SECURITY
 		"
 		# TODO there must be a way to detect "sys-kernel/aufs-sources" so we don't warn "sys-fs/aufs3" users about this
 		# an even better solution would be to check if the current kernel sources include CONFIG_AUFS_FS as an option, but that sounds hairy and error-prone
@@ -126,7 +131,13 @@ pkg_setup() {
 
 	if use device-mapper; then
 		CONFIG_CHECK+="
-			~BLK_DEV_DM ~DM_THIN_PROVISIONING ~EXT4_FS
+			~BLK_DEV_DM ~DM_THIN_PROVISIONING ~EXT4_FS ~EXT4_FS_POSIX_ACL ~EXT4_FS_SECURITY
+		"
+	fi
+
+	if use overlay; then
+		CONFIG_CHECK+="
+			~OVERLAY_FS ~EXT4_FS_SECURITY ~EXT4_FS_POSIX_ACL
 		"
 	fi
 
@@ -134,16 +145,8 @@ pkg_setup() {
 }
 
 src_prepare() {
-	# hack(philips): to keep the git commit from being dirty
-	if [[ -n "${DOCKER_GITCOMMIT}" ]]; then
-		.git .git.old
-	fi
-
 	# allow user patches (use sparingly - upstream won't support them)
 	epatch_user
-
-	# https://github.com/coreos/bugs/issues/186
-	epatch "${FILESDIR}"/0001-cgroups-systemd-set-DefaultDependencies-false-if-pos.patch
 }
 
 src_compile() {
@@ -163,13 +166,13 @@ src_compile() {
 		sed -i "s/EXTLDFLAGS_STATIC='/EXTLDFLAGS_STATIC='-fno-PIC /" hack/make.sh || die
 		grep -q -- '-fno-PIC' hack/make.sh || die 'hardened sed failed'
 
-		sed -i 's/LDFLAGS_STATIC_DOCKER="/LDFLAGS_STATIC_DOCKER="-extldflags -fno-PIC /' hack/make/dynbinary || die
+		sed -i "s/LDFLAGS_STATIC_DOCKER='/LDFLAGS_STATIC_DOCKER='-extldflags -fno-PIC /" hack/make/dynbinary || die
 		grep -q -- '-fno-PIC' hack/make/dynbinary || die 'hardened sed failed'
 	fi
 
 	# let's set up some optional features :)
 	export DOCKER_BUILDTAGS=''
-	for gd in aufs btrfs device-mapper; do
+	for gd in aufs btrfs device-mapper overlay; do
 		if ! use $gd; then
 			DOCKER_BUILDTAGS+=" exclude_graphdriver_${gd//-/}"
 		fi

sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/0001-cgroups-systemd-set-DefaultDependencies-false-if-pos.patch

@@ -1,88 +0,0 @@
-From be952432f3ba855f5a931137349a14ed4ca8bce9 Mon Sep 17 00:00:00 2001
-From: Brandon Philips <brandon.philips@coreos.com>
-Date: Tue, 3 Feb 2015 20:43:21 -0500
-Subject: [PATCH] cgroups: systemd: set DefaultDependencies=false if possible
-
-The root problem this fixes is the docker daemon uses DefaulDependencies
-for all of its scopes which means that the containers get killed by
-systemd before the docker daemon is notified to shutdown. This means
-that a docker run in a service file won't get ordered properly on
-shutdown! This has affected many CoreOS users and is documented in
-systemd as so:
-
-"Unless DefaultDependencies=false is used, scope units will implicitly
-have dependencies of type Conflicts= and Before= on shutdown.target."
-
-Unfortunately, systemd didn't allow setting DefaultDependencies=false on
-transient units until today:
-
-    systemd-run --scope --property="DefaultDependencies=false" /usr/bin/sleep 50000
-    Unknown assignment DefaultDependencies=false.
-    Failed to create message: Invalid argument
-
-Fixed here:
-http://cgit.freedesktop.org/systemd/systemd/commit/?id=261420ba2a20305ad271b6f5f380aa74c5c9dd50
-
-Discussion with systemd upstream:
-http://lists.freedesktop.org/archives/systemd-devel/2014-December/026313.html
-http://lists.freedesktop.org/archives/systemd-devel/2015-February/027890.html
-
-Tested with docker and systemd master as of today and it work for me.
-
-Signed-off-by: Brandon Philips <brandon.philips@coreos.com>
----
- cgroups/systemd/apply_systemd.go | 24 +++++++++++++++++++++---
- 1 file changed, 21 insertions(+), 3 deletions(-)
-
-diff --git a/vendor/src/github.com/docker/libcontainer/cgroups/systemd/apply_systemd.go b/vendor/src/github.com/docker/libcontainer/cgroups/systemd/apply_systemd.go
-index 3e7ad84..e250dd7 100644
---- a/vendor/src/github.com/docker/libcontainer/cgroups/systemd/apply_systemd.go
-+++ b/vendor/src/github.com/docker/libcontainer/cgroups/systemd/apply_systemd.go
-@@ -28,9 +28,10 @@ type subsystem interface {
- }
- 
- var (
--	connLock              sync.Mutex
--	theConn               *systemd.Conn
--	hasStartTransientUnit bool
-+	connLock                        sync.Mutex
-+	theConn                         *systemd.Conn
-+	hasStartTransientUnit           bool
-+	hasTransientDefaultDependencies bool
- )
- 
- func newProp(name string, units interface{}) systemd.Property {
-@@ -64,6 +65,18 @@ func UseSystemd() bool {
- 			if dbusError, ok := err.(dbus.Error); ok {
- 				if dbusError.Name == "org.freedesktop.DBus.Error.UnknownMethod" {
- 					hasStartTransientUnit = false
-+					return hasStartTransientUnit
-+				}
-+			}
-+		}
-+
-+		// Assume StartTransientUnit on a scope allows DefaultDependencies
-+		hasTransientDefaultDependencies = true
-+		ddf := newProp("DefaultDependencies", false)
-+		if _, err := theConn.StartTransientUnit("docker-systemd-test-default-dependencies.scope", "replace", ddf); err != nil {
-+			if dbusError, ok := err.(dbus.Error); ok {
-+				if dbusError.Name == "org.freedesktop.DBus.Error.PropertyReadOnly" {
-+					hasTransientDefaultDependencies = false
- 				}
- 			}
- 		}
-@@ -108,6 +121,11 @@ func Apply(c *vendor/src/github.com/docker/libcontainer/cgroups.Cgroup, pid int) (map[string]string, error) {
- 		newProp("CPUAccounting", true),
- 		newProp("BlockIOAccounting", true))
- 
-+	if hasTransientDefaultDependencies {
-+		properties = append(properties,
-+			newProp("DefaultDependencies", false))
-+	}
-+
- 	if c.Memory != 0 {
- 		properties = append(properties,
- 			newProp("MemoryLimit", uint64(c.Memory)))
--- 
-2.1.4
-