Merge pull request #1011 from marineam/docker

Add docker 1.4 and storage driver auto-detection for testing

sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.3.3-r1.ebuild

@@ -1 +0,0 @@
-docker-9999.ebuild

sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.3.3-r1.ebuild

@@ -0,0 +1,246 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+
+EAPI=5
+
+DESCRIPTION="Docker complements kernel namespacing with a high-level API which operates at the process level."
+HOMEPAGE="https://www.docker.io/"
+
+CROS_WORKON_PROJECT="dotcloud/docker"
+CROS_WORKON_LOCALNAME="docker"
+CROS_WORKON_REPO="git://github.com"
+
+GITHUB_URI="github.com/crosbymichael/docker"
+
+# TODO: Remove this logic once we cross the 1.4.0 threshold
+BTRFS_VER="0.20"
+
+if [[ ${PV} == *9999 ]]; then
+	DOCKER_GITCOMMIT="deadbee"
+	KEYWORDS="~amd64"
+	BTRFS_VER="3.16.1"
+else
+	CROS_WORKON_COMMIT="d3446258471733fe667f0abdf015ee3ebd2f3485" # v1.3.3
+	DOCKER_GITCOMMIT="${CROS_WORKON_COMMIT:0:7}"
+	KEYWORDS="amd64"
+fi
+
+inherit bash-completion-r1 linux-info systemd udev user cros-workon
+
+LICENSE="Apache-2.0"
+SLOT="0"
+IUSE="aufs +btrfs contrib +device-mapper doc lxc vim-syntax zsh-completion"
+
+CDEPEND="
+	>=dev-db/sqlite-3.7.9:3
+	device-mapper? (
+		sys-fs/lvm2[thin]
+	)
+"
+DEPEND="
+	${CDEPEND}
+	>=dev-lang/go-1.2
+	btrfs? (
+		>=sys-fs/btrfs-progs-${BTRFS_VER}
+	)
+	dev-vcs/git
+	dev-vcs/mercurial
+"
+RDEPEND="
+	${CDEPEND}
+	!app-emulation/docker-bin
+	>=net-firewall/iptables-1.4
+	lxc? (
+		>=app-emulation/lxc-1.0
+	)
+	>=dev-vcs/git-1.7
+	>=app-arch/xz-utils-4.9
+	aufs? (
+		|| (
+			sys-fs/aufs3
+			sys-kernel/aufs-sources
+		)
+	)
+"
+
+RESTRICT="installsources strip"
+
+pkg_setup() {
+	if kernel_is lt 3 8; then
+		ewarn ""
+		ewarn "Using Docker with kernels older than 3.8 is unstable and unsupported."
+		ewarn ""
+	fi
+
+	# many of these were borrowed from the app-emulation/lxc ebuild
+	CONFIG_CHECK+="
+		~CGROUPS
+		~CGROUP_CPUACCT
+		~CGROUP_DEVICE
+		~CGROUP_FREEZER
+		~CGROUP_SCHED
+		~CPUSETS
+		~MEMCG_SWAP
+		~RESOURCE_COUNTERS
+
+		~IPC_NS
+		~NAMESPACES
+		~PID_NS
+
+		~DEVPTS_MULTIPLE_INSTANCES
+		~MACVLAN
+		~NET_NS
+		~UTS_NS
+		~VETH
+
+		~!NETPRIO_CGROUP
+		~POSIX_MQUEUE
+
+		~BRIDGE
+		~IP_NF_TARGET_MASQUERADE
+		~NETFILTER_XT_MATCH_ADDRTYPE
+		~NETFILTER_XT_MATCH_CONNTRACK
+		~NF_NAT
+		~NF_NAT_NEEDED
+
+		~!GRKERNSEC_CHROOT_CAPS
+		~!GRKERNSEC_CHROOT_CHMOD
+		~!GRKERNSEC_CHROOT_DOUBLE
+		~!GRKERNSEC_CHROOT_MOUNT
+		~!GRKERNSEC_CHROOT_PIVOT
+	"
+
+	ERROR_MEMCG_SWAP="CONFIG_MEMCG_SWAP: is required if you wish to limit swap usage of containers"
+
+	for c in GRKERNSEC_CHROOT_MOUNT GRKERNSEC_CHROOT_DOUBLE GRKERNSEC_CHROOT_PIVOT GRKERNSEC_CHROOT_CHMOD; do
+		declare "ERROR_$c"="CONFIG_$c: see app-emulation/lxc postinst notes for why some GRSEC features make containers unusuable"
+	done
+
+	if use aufs; then
+		CONFIG_CHECK+="
+			~AUFS_FS
+		"
+		ERROR_AUFS_FS="CONFIG_AUFS_FS: is required to be set if and only if aufs-sources are used"
+	fi
+
+	if use btrfs; then
+		CONFIG_CHECK+="
+			~BTRFS_FS
+		"
+	fi
+
+	if use device-mapper; then
+		CONFIG_CHECK+="
+			~BLK_DEV_DM
+			~DM_THIN_PROVISIONING
+			~EXT4_FS
+		"
+	fi
+
+	check_extra_config
+}
+
+src_compile() {
+	# hack(philips): to keep the git commit from being dirty
+	mv .git .git.old
+
+	# if we treat them right, Docker's build scripts will set up a
+	# reasonable GOPATH for us
+	export AUTO_GOPATH=1
+
+	# setup CFLAGS and LDFLAGS for separate build target
+	# see https://github.com/tianon/docker-overlay/pull/10
+	export CGO_CFLAGS="-I${ROOT}/usr/include"
+	export CGO_LDFLAGS="-L${ROOT}/usr/lib"
+
+	# if we're building from a zip, we need the GITCOMMIT value
+	[ "$DOCKER_GITCOMMIT" ] && export DOCKER_GITCOMMIT
+
+	if gcc-specs-pie; then
+		sed -i "s/EXTLDFLAGS_STATIC='/EXTLDFLAGS_STATIC='-fno-PIC /" hack/make.sh || die
+		grep -q -- '-fno-PIC' hack/make.sh || die 'hardened sed failed'
+
+		sed -i 's/LDFLAGS_STATIC_DOCKER="/LDFLAGS_STATIC_DOCKER="-extldflags -fno-PIC /' hack/make/dynbinary || die
+		grep -q -- '-fno-PIC' hack/make/dynbinary || die 'hardened sed failed'
+	fi
+
+	# let's set up some optional features :)
+	export DOCKER_BUILDTAGS=''
+	for gd in aufs btrfs device-mapper; do
+		if ! use $gd; then
+			DOCKER_BUILDTAGS+=" exclude_graphdriver_${gd//-/}"
+		fi
+	done
+
+	# time to build!
+	./hack/make.sh dynbinary || die
+
+	# TODO pandoc the man pages using docs/man/md2man-all.sh
+}
+
+src_install() {
+	VERSION=$(cat VERSION)
+	newbin bundles/$VERSION/dynbinary/docker-$VERSION docker
+	exeinto /usr/libexec/docker
+	newexe bundles/$VERSION/dynbinary/dockerinit-$VERSION dockerinit
+
+	newinitd contrib/init/openrc/docker.initd docker
+	newconfd contrib/init/openrc/docker.confd docker
+
+	systemd_dounit "${FILESDIR}/docker.service"
+	systemd_dounit "${FILESDIR}/docker.socket"
+	systemd_dounit "${FILESDIR}/early-docker.service"
+	systemd_dounit "${FILESDIR}/early-docker.socket"
+	systemd_dounit "${FILESDIR}/early-docker.target"
+
+	insinto /usr/lib/systemd/network
+	doins "${FILESDIR}"/50-docker{,-veth}.network
+
+	udev_dorules contrib/udev/*.rules
+
+	dodoc AUTHORS CONTRIBUTING.md CHANGELOG.md NOTICE README.md
+	if use doc; then
+		# TODO doman contrib/man/man*/*
+
+		docompress -x /usr/share/doc/${PF}/md
+		docinto md
+		dodoc -r docs/sources/*
+	fi
+
+	dobashcomp contrib/completion/bash/*
+
+	if use zsh-completion; then
+		insinto /usr/share/zsh/site-functions
+		doins contrib/completion/zsh/*
+	fi
+
+	if use vim-syntax; then
+		insinto /usr/share/vim/vimfiles
+		doins -r contrib/syntax/vim/ftdetect
+		doins -r contrib/syntax/vim/syntax
+	fi
+
+	if use contrib; then
+		mkdir -p "${D}/usr/share/${PN}/contrib"
+		cp -R contrib/* "${D}/usr/share/${PN}/contrib"
+	fi
+}
+
+pkg_postinst() {
+	udev_reload
+
+	elog ""
+	elog "To use docker, the docker daemon must be running as root. To automatically"
+	elog "start the docker daemon at boot, add docker to the default runlevel:"
+	elog "  rc-update add docker default"
+	elog "Similarly for systemd:"
+	elog "  systemctl enable docker.service"
+	elog ""
+
+	# create docker group if the code checking for it in /etc/group exists
+	enewgroup docker
+
+	elog "To use docker as a non-root user, add yourself to the docker group."
+	elog ""
+}

sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.4.0.ebuild

@@ -0,0 +1 @@
+docker-9999.ebuild

sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild

@@ -1,61 +1,62 @@
 # Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: $
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/docker/docker-1.4.0.ebuild,v 1.1 2014/12/12 18:53:23 xarthisius Exp $
 
 EAPI=5
 
-DESCRIPTION="Docker complements kernel namespacing with a high-level API which operates at the process level."
-HOMEPAGE="https://www.docker.io/"
+DESCRIPTION="Docker complements kernel namespacing with a high-level API which operates at the process level"
+HOMEPAGE="https://www.docker.com"
 
 CROS_WORKON_PROJECT="dotcloud/docker"
 CROS_WORKON_LOCALNAME="docker"
 CROS_WORKON_REPO="git://github.com"
 
-GITHUB_URI="github.com/crosbymichael/docker"
-
-# TODO: Remove this logic once we cross the 1.4.0 threshold
-BTRFS_VER="0.20"
-
 if [[ ${PV} == *9999 ]]; then
-	DOCKER_GITCOMMIT="deadbee"
-	KEYWORDS="~amd64"
-	BTRFS_VER="3.16.1"
+	DOCKER_GITCOMMIT=""
+	KEYWORDS=""
 else
-	CROS_WORKON_COMMIT="d3446258471733fe667f0abdf015ee3ebd2f3485" # v1.3.3
+	CROS_WORKON_COMMIT="4595d4fb03093acf87b905bebc5ba4964d7c0707" # v1.4.0
 	DOCKER_GITCOMMIT="${CROS_WORKON_COMMIT:0:7}"
-	KEYWORDS="amd64"
+	KEYWORDS="~amd64"
 fi
 
-inherit bash-completion-r1 linux-info systemd udev user cros-workon
+inherit bash-completion-r1 linux-info multilib systemd udev user cros-workon
 
 LICENSE="Apache-2.0"
 SLOT="0"
 IUSE="aufs +btrfs contrib +device-mapper doc lxc vim-syntax zsh-completion"
 
+# https://github.com/docker/docker/blob/master/hack/PACKAGERS.md#build-dependencies
 CDEPEND="
+	>=sys-kernel/coreos-kernel-3.18.0
 	>=dev-db/sqlite-3.7.9:3
 	device-mapper? (
-		sys-fs/lvm2[thin]
+		>=sys-fs/lvm2-2.02.89[thin]
 	)
 "
+
 DEPEND="
 	${CDEPEND}
-	>=dev-lang/go-1.2
+	>=dev-lang/go-1.3
 	btrfs? (
-		>=sys-fs/btrfs-progs-${BTRFS_VER}
+		>=sys-fs/btrfs-progs-3.16.1
 	)
-	dev-vcs/git
-	dev-vcs/mercurial
 "
+
+# https://github.com/docker/docker/blob/master/hack/PACKAGERS.md#runtime-dependencies
+# https://github.com/docker/docker/blob/master/hack/PACKAGERS.md#optional-dependencies
 RDEPEND="
 	${CDEPEND}
+
 	!app-emulation/docker-bin
 	>=net-firewall/iptables-1.4
+	sys-process/procps
+	>=dev-vcs/git-1.7
+	>=app-arch/xz-utils-4.9
+
 	lxc? (
 		>=app-emulation/lxc-1.0
 	)
-	>=dev-vcs/git-1.7
-	>=app-arch/xz-utils-4.9
 	aufs? (
 		|| (
 			sys-fs/aufs3
@@ -66,61 +67,54 @@ RDEPEND="
 
 RESTRICT="installsources strip"
 
+# see "contrib/check-config.sh" from upstream's sources
+CONFIG_CHECK="
+	NAMESPACES NET_NS PID_NS IPC_NS UTS_NS
+	DEVPTS_MULTIPLE_INSTANCES
+	CGROUPS CGROUP_CPUACCT CGROUP_DEVICE CGROUP_FREEZER CGROUP_SCHED
+	MACVLAN VETH BRIDGE
+	NF_NAT_IPV4 IP_NF_FILTER IP_NF_TARGET_MASQUERADE
+	NETFILTER_XT_MATCH_ADDRTYPE NETFILTER_XT_MATCH_CONNTRACK
+	NF_NAT NF_NAT_NEEDED
+
+	~MEMCG_SWAP
+	~RESOURCE_COUNTERS
+	~CGROUP_PERF
+"
+
+ERROR_MEMCG_SWAP="CONFIG_MEMCG_SWAP: is required if you wish to limit swap usage of containers"
+ERROR_RESOURCE_COUNTERS="CONFIG_RESOURCE_COUNTERS: is optional for container statistics gathering"
+ERROR_CGROUP_PERF="CONFIG_CGROUP_PERF: is optional for container statistics gathering"
+
 pkg_setup() {
 	if kernel_is lt 3 8; then
-		ewarn ""
-		ewarn "Using Docker with kernels older than 3.8 is unstable and unsupported."
-		ewarn ""
+		eerror ""
+		eerror "Using Docker with kernels older than 3.8 is unstable and unsupported."
+		eerror " - http://docs.docker.com/installation/binaries/#check-kernel-dependencies"
+		die 'Kernel is too old - need 3.8 or above'
 	fi
 
-	# many of these were borrowed from the app-emulation/lxc ebuild
-	CONFIG_CHECK+="
-		~CGROUPS
-		~CGROUP_CPUACCT
-		~CGROUP_DEVICE
-		~CGROUP_FREEZER
-		~CGROUP_SCHED
-		~CPUSETS
-		~MEMCG_SWAP
-		~RESOURCE_COUNTERS
-
-		~IPC_NS
-		~NAMESPACES
-		~PID_NS
-
-		~DEVPTS_MULTIPLE_INSTANCES
-		~MACVLAN
-		~NET_NS
-		~UTS_NS
-		~VETH
-
-		~!NETPRIO_CGROUP
-		~POSIX_MQUEUE
-
-		~BRIDGE
-		~IP_NF_TARGET_MASQUERADE
-		~NETFILTER_XT_MATCH_ADDRTYPE
-		~NETFILTER_XT_MATCH_CONNTRACK
-		~NF_NAT
-		~NF_NAT_NEEDED
-
-		~!GRKERNSEC_CHROOT_CAPS
-		~!GRKERNSEC_CHROOT_CHMOD
-		~!GRKERNSEC_CHROOT_DOUBLE
-		~!GRKERNSEC_CHROOT_MOUNT
-		~!GRKERNSEC_CHROOT_PIVOT
-	"
-
-	ERROR_MEMCG_SWAP="CONFIG_MEMCG_SWAP: is required if you wish to limit swap usage of containers"
-
-	for c in GRKERNSEC_CHROOT_MOUNT GRKERNSEC_CHROOT_DOUBLE GRKERNSEC_CHROOT_PIVOT GRKERNSEC_CHROOT_CHMOD; do
-		declare "ERROR_$c"="CONFIG_$c: see app-emulation/lxc postinst notes for why some GRSEC features make containers unusuable"
-	done
+	# for where these kernel versions come from, see:
+	# https://www.google.com/search?q=945b2b2d259d1a4364a2799e80e8ff32f8c6ee6f+site%3Akernel.org%2Fpub%2Flinux%2Fkernel+file%3AChangeLog*
+	if ! {
+		kernel_is ge 3 16 \
+		|| { kernel_is 3 15 && kernel_is ge 3 15 5; } \
+		|| { kernel_is 3 14 && kernel_is ge 3 14 12; } \
+		|| { kernel_is 3 12 && kernel_is ge 3 12 25; }
+	}; then
+		ewarn ""
+		ewarn "There is a serious Docker-related kernel panic that has been fixed in 3.16+"
+		ewarn "  (and was backported to 3.15.5+, 3.14.12+, and 3.12.25+)"
+		ewarn ""
+		ewarn "See also https://github.com/docker/docker/issues/2960"
+	fi
 
 	if use aufs; then
 		CONFIG_CHECK+="
 			~AUFS_FS
 		"
+		# TODO there must be a way to detect "sys-kernel/aufs-sources" so we don't warn "sys-fs/aufs3" users about this
+		# an even better solution would be to check if the current kernel sources include CONFIG_AUFS_FS as an option, but that sounds hairy and error-prone
 		ERROR_AUFS_FS="CONFIG_AUFS_FS: is required to be set if and only if aufs-sources are used"
 	fi
 
@@ -132,19 +126,24 @@ pkg_setup() {
 
 	if use device-mapper; then
 		CONFIG_CHECK+="
-			~BLK_DEV_DM
-			~DM_THIN_PROVISIONING
-			~EXT4_FS
+			~BLK_DEV_DM ~DM_THIN_PROVISIONING ~EXT4_FS
 		"
 	fi
 
-	check_extra_config
+	linux-info_pkg_setup
+}
+
+src_prepare() {
+	# hack(philips): to keep the git commit from being dirty
+	if [[ -n "${DOCKER_GITCOMMIT}" ]]; then
+		.git .git.old
+	fi
+
+	# allow user patches (use sparingly - upstream won't support them)
+	epatch_user
 }
 
 src_compile() {
-	# hack(philips): to keep the git commit from being dirty
-	mv .git .git.old
-
 	# if we treat them right, Docker's build scripts will set up a
 	# reasonable GOPATH for us
 	export AUTO_GOPATH=1
@@ -152,7 +151,7 @@ src_compile() {
 	# setup CFLAGS and LDFLAGS for separate build target
 	# see https://github.com/tianon/docker-overlay/pull/10
 	export CGO_CFLAGS="-I${ROOT}/usr/include"
-	export CGO_LDFLAGS="-L${ROOT}/usr/lib"
+	export CGO_LDFLAGS="-L${ROOT}/usr/$(get_libdir)"
 
 	# if we're building from a zip, we need the GITCOMMIT value
 	[ "$DOCKER_GITCOMMIT" ] && export DOCKER_GITCOMMIT
@@ -174,9 +173,9 @@ src_compile() {
 	done
 
 	# time to build!
-	./hack/make.sh dynbinary || die
+	./hack/make.sh dynbinary || die 'dynbinary failed'
 
-	# TODO pandoc the man pages using docs/man/md2man-all.sh
+	# TODO get go-md2man and then include the man pages using docs/man/md2man-all.sh
 }
 
 src_install() {
@@ -188,9 +187,12 @@ src_install() {
 	newinitd contrib/init/openrc/docker.initd docker
 	newconfd contrib/init/openrc/docker.confd docker
 
-	systemd_dounit "${FILESDIR}/docker.service"
+	exeinto /usr/lib/coreos
+	doexe "${FILESDIR}/dockerd"
+
+	systemd_newunit "${FILESDIR}/docker.service-r1" "docker.service"
 	systemd_dounit "${FILESDIR}/docker.socket"
-	systemd_dounit "${FILESDIR}/early-docker.service"
+	systemd_newunit "${FILESDIR}/early-docker.service-r1" "early-docker.service"
 	systemd_dounit "${FILESDIR}/early-docker.socket"
 	systemd_dounit "${FILESDIR}/early-docker.target"
 
@@ -231,8 +233,8 @@ pkg_postinst() {
 	udev_reload
 
 	elog ""
-	elog "To use docker, the docker daemon must be running as root. To automatically"
-	elog "start the docker daemon at boot, add docker to the default runlevel:"
+	elog "To use Docker, the Docker daemon must be running as root. To automatically"
+	elog "start the Docker daemon at boot, add Docker to the default runlevel:"
 	elog "  rc-update add docker default"
 	elog "Similarly for systemd:"
 	elog "  systemctl enable docker.service"
@@ -241,6 +243,7 @@ pkg_postinst() {
 	# create docker group if the code checking for it in /etc/group exists
 	enewgroup docker
 
-	elog "To use docker as a non-root user, add yourself to the docker group."
+	elog "To use Docker as a non-root user, add yourself to the 'docker' group:"
+	elog "  usermod -aG docker youruser"
 	elog ""
 }

sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service-r1

@@ -0,0 +1,16 @@
+[Unit]
+Description=Docker Application Container Engine
+Documentation=http://docs.docker.com
+After=docker.socket early-docker.target network.target
+Requires=docker.socket early-docker.target
+
+[Service]
+Environment=TMPDIR=/var/tmp
+Environment=DOCKER_OPTS='--insecure-registry="0.0.0.0/0"'
+EnvironmentFile=-/run/docker_opts.env
+LimitNOFILE=1048576
+LimitNPROC=1048576
+ExecStart=/usr/lib/coreos/dockerd --daemon --host=fd:// $DOCKER_OPTS
+
+[Install]
+WantedBy=multi-user.target

sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/dockerd

@@ -0,0 +1,67 @@
+#!/bin/bash
+# Wrapper for launching docker daemons with an appropriate backend.
+
+set -e
+
+parse_docker_args() {
+    local flag value
+    while [[ $# -gt 0 ]]; do
+        flag="$1"
+        shift
+
+        # treat --flag=foo and --flag foo identically
+        if [[ "${flag}" == *=* ]]; then
+            flag="${flag%=*}"
+            set -- "${flag#*=}" "$@"
+        fi
+
+        case "${flag}" in
+            -g|--graph)
+                ARG_ROOT="$1"
+                shift
+                ;;
+            -s|--storage-driver)
+                ARG_DRIVER="$1"
+                shift
+                ;;
+            *)
+                # ignore everything else
+                ;;
+        esac
+    done
+}
+
+select_docker_driver() {
+    local fstype
+
+    # mimic docker's behavior to ensure we stat the right filesystem.
+    if [[ -L "${ARG_ROOT}" ]]; then
+        ARG_ROOT="$(readlink -f "${ARG_ROOT}")"
+    fi
+
+    mkdir --parents --mode=0700 "${ARG_ROOT}"
+    fstype=$(findmnt --noheadings --output FSTYPE --target "${ARG_ROOT}")
+
+    case "${fstype}" in
+        btrfs)
+            export DOCKER_DRIVER=btrfs
+            ;;
+        ext4|tmpfs) # As of 3.18
+            export DOCKER_DRIVER=overlay
+            ;;
+        *)
+            # Fall back to whatever docker's default behavior is.
+            ;;
+    esac
+}
+
+ARG_ROOT="/var/lib/docker"
+ARG_DRIVER=""
+parse_docker_args "$@"
+
+# Do not override the driver if it is already explicitly configured.
+if [[ -z "${ARG_DRIVER}" && -z "${DOCKER_DRIVER}" ]]; then
+    select_docker_driver
+fi
+
+exec docker "$@"

sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/early-docker.service-r1

@@ -0,0 +1,14 @@
+[Unit]
+Description=Early Docker Application Container Engine
+Documentation=http://docs.docker.com
+After=early-docker.socket
+Requires=early-docker.socket
+
+[Service]
+Environment=TMPDIR=/var/tmp
+LimitNOFILE=1048576
+LimitNPROC=1048576
+ExecStart=/usr/lib/coreos/dockerd --daemon --host=fd:// --bridge=none --iptables=false --ip-masq=false --graph=/var/lib/early-docker --pidfile=/var/run/early-docker.pid
+
+[Install]
+WantedBy=early-docker.target