From 63c8b705130b1b615b060b0125168a81d042ee35 Mon Sep 17 00:00:00 2001 From: Michael Marineau Date: Mon, 15 Dec 2014 14:17:33 -0800 Subject: [PATCH 1/2] docker: sync live ebuild with current upstream ebuild These changes are not applicable to 1.3.3 so that ebuild is now a copy instead of a symlink. This is in preparation for adding 1.4.0. --- .../docker/docker-1.3.3-r1.ebuild | 247 +++++++++++++++++- .../app-emulation/docker/docker-9999.ebuild | 163 ++++++------ .../docker/files/docker.service-r1 | 17 ++ .../docker/files/early-docker.service-r1 | 15 ++ 4 files changed, 359 insertions(+), 83 deletions(-) mode change 120000 => 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.3.3-r1.ebuild create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service-r1 create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/early-docker.service-r1 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.3.3-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.3.3-r1.ebuild deleted file mode 120000 index 5316ba320c..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.3.3-r1.ebuild +++ /dev/null @@ -1 +0,0 @@ -docker-9999.ebuild \ No newline at end of file diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.3.3-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.3.3-r1.ebuild new file mode 100644 index 0000000000..d97305664b --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.3.3-r1.ebuild @@ -0,0 +1,246 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: $ + +EAPI=5 + +DESCRIPTION="Docker complements kernel namespacing with a high-level API which operates at the process level." +HOMEPAGE="https://www.docker.io/" + +CROS_WORKON_PROJECT="dotcloud/docker" +CROS_WORKON_LOCALNAME="docker" +CROS_WORKON_REPO="git://github.com" + +GITHUB_URI="github.com/crosbymichael/docker" + +# TODO: Remove this logic once we cross the 1.4.0 threshold +BTRFS_VER="0.20" + +if [[ ${PV} == *9999 ]]; then + DOCKER_GITCOMMIT="deadbee" + KEYWORDS="~amd64" + BTRFS_VER="3.16.1" +else + CROS_WORKON_COMMIT="d3446258471733fe667f0abdf015ee3ebd2f3485" # v1.3.3 + DOCKER_GITCOMMIT="${CROS_WORKON_COMMIT:0:7}" + KEYWORDS="amd64" +fi + +inherit bash-completion-r1 linux-info systemd udev user cros-workon + +LICENSE="Apache-2.0" +SLOT="0" +IUSE="aufs +btrfs contrib +device-mapper doc lxc vim-syntax zsh-completion" + +CDEPEND=" + >=dev-db/sqlite-3.7.9:3 + device-mapper? ( + sys-fs/lvm2[thin] + ) +" +DEPEND=" + ${CDEPEND} + >=dev-lang/go-1.2 + btrfs? ( + >=sys-fs/btrfs-progs-${BTRFS_VER} + ) + dev-vcs/git + dev-vcs/mercurial +" +RDEPEND=" + ${CDEPEND} + !app-emulation/docker-bin + >=net-firewall/iptables-1.4 + lxc? ( + >=app-emulation/lxc-1.0 + ) + >=dev-vcs/git-1.7 + >=app-arch/xz-utils-4.9 + aufs? ( + || ( + sys-fs/aufs3 + sys-kernel/aufs-sources + ) + ) +" + +RESTRICT="installsources strip" + +pkg_setup() { + if kernel_is lt 3 8; then + ewarn "" + ewarn "Using Docker with kernels older than 3.8 is unstable and unsupported." + ewarn "" + fi + + # many of these were borrowed from the app-emulation/lxc ebuild + CONFIG_CHECK+=" + ~CGROUPS + ~CGROUP_CPUACCT + ~CGROUP_DEVICE + ~CGROUP_FREEZER + ~CGROUP_SCHED + ~CPUSETS + ~MEMCG_SWAP + ~RESOURCE_COUNTERS + + ~IPC_NS + ~NAMESPACES + ~PID_NS + + ~DEVPTS_MULTIPLE_INSTANCES + ~MACVLAN + ~NET_NS + ~UTS_NS + ~VETH + + ~!NETPRIO_CGROUP + ~POSIX_MQUEUE + + ~BRIDGE + ~IP_NF_TARGET_MASQUERADE + ~NETFILTER_XT_MATCH_ADDRTYPE + ~NETFILTER_XT_MATCH_CONNTRACK + ~NF_NAT + ~NF_NAT_NEEDED + + ~!GRKERNSEC_CHROOT_CAPS + ~!GRKERNSEC_CHROOT_CHMOD + ~!GRKERNSEC_CHROOT_DOUBLE + ~!GRKERNSEC_CHROOT_MOUNT + ~!GRKERNSEC_CHROOT_PIVOT + " + + ERROR_MEMCG_SWAP="CONFIG_MEMCG_SWAP: is required if you wish to limit swap usage of containers" + + for c in GRKERNSEC_CHROOT_MOUNT GRKERNSEC_CHROOT_DOUBLE GRKERNSEC_CHROOT_PIVOT GRKERNSEC_CHROOT_CHMOD; do + declare "ERROR_$c"="CONFIG_$c: see app-emulation/lxc postinst notes for why some GRSEC features make containers unusuable" + done + + if use aufs; then + CONFIG_CHECK+=" + ~AUFS_FS + " + ERROR_AUFS_FS="CONFIG_AUFS_FS: is required to be set if and only if aufs-sources are used" + fi + + if use btrfs; then + CONFIG_CHECK+=" + ~BTRFS_FS + " + fi + + if use device-mapper; then + CONFIG_CHECK+=" + ~BLK_DEV_DM + ~DM_THIN_PROVISIONING + ~EXT4_FS + " + fi + + check_extra_config +} + +src_compile() { + # hack(philips): to keep the git commit from being dirty + mv .git .git.old + + # if we treat them right, Docker's build scripts will set up a + # reasonable GOPATH for us + export AUTO_GOPATH=1 + + # setup CFLAGS and LDFLAGS for separate build target + # see https://github.com/tianon/docker-overlay/pull/10 + export CGO_CFLAGS="-I${ROOT}/usr/include" + export CGO_LDFLAGS="-L${ROOT}/usr/lib" + + # if we're building from a zip, we need the GITCOMMIT value + [ "$DOCKER_GITCOMMIT" ] && export DOCKER_GITCOMMIT + + if gcc-specs-pie; then + sed -i "s/EXTLDFLAGS_STATIC='/EXTLDFLAGS_STATIC='-fno-PIC /" hack/make.sh || die + grep -q -- '-fno-PIC' hack/make.sh || die 'hardened sed failed' + + sed -i 's/LDFLAGS_STATIC_DOCKER="/LDFLAGS_STATIC_DOCKER="-extldflags -fno-PIC /' hack/make/dynbinary || die + grep -q -- '-fno-PIC' hack/make/dynbinary || die 'hardened sed failed' + fi + + # let's set up some optional features :) + export DOCKER_BUILDTAGS='' + for gd in aufs btrfs device-mapper; do + if ! use $gd; then + DOCKER_BUILDTAGS+=" exclude_graphdriver_${gd//-/}" + fi + done + + # time to build! + ./hack/make.sh dynbinary || die + + # TODO pandoc the man pages using docs/man/md2man-all.sh +} + +src_install() { + VERSION=$(cat VERSION) + newbin bundles/$VERSION/dynbinary/docker-$VERSION docker + exeinto /usr/libexec/docker + newexe bundles/$VERSION/dynbinary/dockerinit-$VERSION dockerinit + + newinitd contrib/init/openrc/docker.initd docker + newconfd contrib/init/openrc/docker.confd docker + + systemd_dounit "${FILESDIR}/docker.service" + systemd_dounit "${FILESDIR}/docker.socket" + systemd_dounit "${FILESDIR}/early-docker.service" + systemd_dounit "${FILESDIR}/early-docker.socket" + systemd_dounit "${FILESDIR}/early-docker.target" + + insinto /usr/lib/systemd/network + doins "${FILESDIR}"/50-docker{,-veth}.network + + udev_dorules contrib/udev/*.rules + + dodoc AUTHORS CONTRIBUTING.md CHANGELOG.md NOTICE README.md + if use doc; then + # TODO doman contrib/man/man*/* + + docompress -x /usr/share/doc/${PF}/md + docinto md + dodoc -r docs/sources/* + fi + + dobashcomp contrib/completion/bash/* + + if use zsh-completion; then + insinto /usr/share/zsh/site-functions + doins contrib/completion/zsh/* + fi + + if use vim-syntax; then + insinto /usr/share/vim/vimfiles + doins -r contrib/syntax/vim/ftdetect + doins -r contrib/syntax/vim/syntax + fi + + if use contrib; then + mkdir -p "${D}/usr/share/${PN}/contrib" + cp -R contrib/* "${D}/usr/share/${PN}/contrib" + fi +} + +pkg_postinst() { + udev_reload + + elog "" + elog "To use docker, the docker daemon must be running as root. To automatically" + elog "start the docker daemon at boot, add docker to the default runlevel:" + elog " rc-update add docker default" + elog "Similarly for systemd:" + elog " systemctl enable docker.service" + elog "" + + # create docker group if the code checking for it in /etc/group exists + enewgroup docker + + elog "To use docker as a non-root user, add yourself to the docker group." + elog "" +} diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild index d97305664b..b8eeec0fe6 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild @@ -1,61 +1,61 @@ # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/docker/docker-1.4.0.ebuild,v 1.1 2014/12/12 18:53:23 xarthisius Exp $ EAPI=5 -DESCRIPTION="Docker complements kernel namespacing with a high-level API which operates at the process level." -HOMEPAGE="https://www.docker.io/" +DESCRIPTION="Docker complements kernel namespacing with a high-level API which operates at the process level" +HOMEPAGE="https://www.docker.com" CROS_WORKON_PROJECT="dotcloud/docker" CROS_WORKON_LOCALNAME="docker" CROS_WORKON_REPO="git://github.com" -GITHUB_URI="github.com/crosbymichael/docker" - -# TODO: Remove this logic once we cross the 1.4.0 threshold -BTRFS_VER="0.20" - if [[ ${PV} == *9999 ]]; then - DOCKER_GITCOMMIT="deadbee" - KEYWORDS="~amd64" - BTRFS_VER="3.16.1" + DOCKER_GITCOMMIT="" + KEYWORDS="" else - CROS_WORKON_COMMIT="d3446258471733fe667f0abdf015ee3ebd2f3485" # v1.3.3 + CROS_WORKON_COMMIT="4595d4fb03093acf87b905bebc5ba4964d7c0707" # v1.4.0 DOCKER_GITCOMMIT="${CROS_WORKON_COMMIT:0:7}" - KEYWORDS="amd64" + KEYWORDS="~amd64" fi -inherit bash-completion-r1 linux-info systemd udev user cros-workon +inherit bash-completion-r1 linux-info multilib systemd udev user cros-workon LICENSE="Apache-2.0" SLOT="0" IUSE="aufs +btrfs contrib +device-mapper doc lxc vim-syntax zsh-completion" +# https://github.com/docker/docker/blob/master/hack/PACKAGERS.md#build-dependencies CDEPEND=" >=dev-db/sqlite-3.7.9:3 device-mapper? ( - sys-fs/lvm2[thin] + >=sys-fs/lvm2-2.02.89[thin] ) " + DEPEND=" ${CDEPEND} - >=dev-lang/go-1.2 + >=dev-lang/go-1.3 btrfs? ( - >=sys-fs/btrfs-progs-${BTRFS_VER} + >=sys-fs/btrfs-progs-3.16.1 ) - dev-vcs/git - dev-vcs/mercurial " + +# https://github.com/docker/docker/blob/master/hack/PACKAGERS.md#runtime-dependencies +# https://github.com/docker/docker/blob/master/hack/PACKAGERS.md#optional-dependencies RDEPEND=" ${CDEPEND} + !app-emulation/docker-bin >=net-firewall/iptables-1.4 + sys-process/procps + >=dev-vcs/git-1.7 + >=app-arch/xz-utils-4.9 + lxc? ( >=app-emulation/lxc-1.0 ) - >=dev-vcs/git-1.7 - >=app-arch/xz-utils-4.9 aufs? ( || ( sys-fs/aufs3 @@ -66,61 +66,54 @@ RDEPEND=" RESTRICT="installsources strip" +# see "contrib/check-config.sh" from upstream's sources +CONFIG_CHECK=" + NAMESPACES NET_NS PID_NS IPC_NS UTS_NS + DEVPTS_MULTIPLE_INSTANCES + CGROUPS CGROUP_CPUACCT CGROUP_DEVICE CGROUP_FREEZER CGROUP_SCHED + MACVLAN VETH BRIDGE + NF_NAT_IPV4 IP_NF_FILTER IP_NF_TARGET_MASQUERADE + NETFILTER_XT_MATCH_ADDRTYPE NETFILTER_XT_MATCH_CONNTRACK + NF_NAT NF_NAT_NEEDED + + ~MEMCG_SWAP + ~RESOURCE_COUNTERS + ~CGROUP_PERF +" + +ERROR_MEMCG_SWAP="CONFIG_MEMCG_SWAP: is required if you wish to limit swap usage of containers" +ERROR_RESOURCE_COUNTERS="CONFIG_RESOURCE_COUNTERS: is optional for container statistics gathering" +ERROR_CGROUP_PERF="CONFIG_CGROUP_PERF: is optional for container statistics gathering" + pkg_setup() { if kernel_is lt 3 8; then - ewarn "" - ewarn "Using Docker with kernels older than 3.8 is unstable and unsupported." - ewarn "" + eerror "" + eerror "Using Docker with kernels older than 3.8 is unstable and unsupported." + eerror " - http://docs.docker.com/installation/binaries/#check-kernel-dependencies" + die 'Kernel is too old - need 3.8 or above' fi - # many of these were borrowed from the app-emulation/lxc ebuild - CONFIG_CHECK+=" - ~CGROUPS - ~CGROUP_CPUACCT - ~CGROUP_DEVICE - ~CGROUP_FREEZER - ~CGROUP_SCHED - ~CPUSETS - ~MEMCG_SWAP - ~RESOURCE_COUNTERS - - ~IPC_NS - ~NAMESPACES - ~PID_NS - - ~DEVPTS_MULTIPLE_INSTANCES - ~MACVLAN - ~NET_NS - ~UTS_NS - ~VETH - - ~!NETPRIO_CGROUP - ~POSIX_MQUEUE - - ~BRIDGE - ~IP_NF_TARGET_MASQUERADE - ~NETFILTER_XT_MATCH_ADDRTYPE - ~NETFILTER_XT_MATCH_CONNTRACK - ~NF_NAT - ~NF_NAT_NEEDED - - ~!GRKERNSEC_CHROOT_CAPS - ~!GRKERNSEC_CHROOT_CHMOD - ~!GRKERNSEC_CHROOT_DOUBLE - ~!GRKERNSEC_CHROOT_MOUNT - ~!GRKERNSEC_CHROOT_PIVOT - " - - ERROR_MEMCG_SWAP="CONFIG_MEMCG_SWAP: is required if you wish to limit swap usage of containers" - - for c in GRKERNSEC_CHROOT_MOUNT GRKERNSEC_CHROOT_DOUBLE GRKERNSEC_CHROOT_PIVOT GRKERNSEC_CHROOT_CHMOD; do - declare "ERROR_$c"="CONFIG_$c: see app-emulation/lxc postinst notes for why some GRSEC features make containers unusuable" - done + # for where these kernel versions come from, see: + # https://www.google.com/search?q=945b2b2d259d1a4364a2799e80e8ff32f8c6ee6f+site%3Akernel.org%2Fpub%2Flinux%2Fkernel+file%3AChangeLog* + if ! { + kernel_is ge 3 16 \ + || { kernel_is 3 15 && kernel_is ge 3 15 5; } \ + || { kernel_is 3 14 && kernel_is ge 3 14 12; } \ + || { kernel_is 3 12 && kernel_is ge 3 12 25; } + }; then + ewarn "" + ewarn "There is a serious Docker-related kernel panic that has been fixed in 3.16+" + ewarn " (and was backported to 3.15.5+, 3.14.12+, and 3.12.25+)" + ewarn "" + ewarn "See also https://github.com/docker/docker/issues/2960" + fi if use aufs; then CONFIG_CHECK+=" ~AUFS_FS " + # TODO there must be a way to detect "sys-kernel/aufs-sources" so we don't warn "sys-fs/aufs3" users about this + # an even better solution would be to check if the current kernel sources include CONFIG_AUFS_FS as an option, but that sounds hairy and error-prone ERROR_AUFS_FS="CONFIG_AUFS_FS: is required to be set if and only if aufs-sources are used" fi @@ -132,19 +125,24 @@ pkg_setup() { if use device-mapper; then CONFIG_CHECK+=" - ~BLK_DEV_DM - ~DM_THIN_PROVISIONING - ~EXT4_FS + ~BLK_DEV_DM ~DM_THIN_PROVISIONING ~EXT4_FS " fi - check_extra_config + linux-info_pkg_setup +} + +src_prepare() { + # hack(philips): to keep the git commit from being dirty + if [[ -n "${DOCKER_GITCOMMIT}" ]]; then + .git .git.old + fi + + # allow user patches (use sparingly - upstream won't support them) + epatch_user } src_compile() { - # hack(philips): to keep the git commit from being dirty - mv .git .git.old - # if we treat them right, Docker's build scripts will set up a # reasonable GOPATH for us export AUTO_GOPATH=1 @@ -152,7 +150,7 @@ src_compile() { # setup CFLAGS and LDFLAGS for separate build target # see https://github.com/tianon/docker-overlay/pull/10 export CGO_CFLAGS="-I${ROOT}/usr/include" - export CGO_LDFLAGS="-L${ROOT}/usr/lib" + export CGO_LDFLAGS="-L${ROOT}/usr/$(get_libdir)" # if we're building from a zip, we need the GITCOMMIT value [ "$DOCKER_GITCOMMIT" ] && export DOCKER_GITCOMMIT @@ -174,9 +172,9 @@ src_compile() { done # time to build! - ./hack/make.sh dynbinary || die + ./hack/make.sh dynbinary || die 'dynbinary failed' - # TODO pandoc the man pages using docs/man/md2man-all.sh + # TODO get go-md2man and then include the man pages using docs/man/md2man-all.sh } src_install() { @@ -188,9 +186,9 @@ src_install() { newinitd contrib/init/openrc/docker.initd docker newconfd contrib/init/openrc/docker.confd docker - systemd_dounit "${FILESDIR}/docker.service" + systemd_newunit "${FILESDIR}/docker.service-r1" "docker.service" systemd_dounit "${FILESDIR}/docker.socket" - systemd_dounit "${FILESDIR}/early-docker.service" + systemd_newunit "${FILESDIR}/early-docker.service-r1" "early-docker.service" systemd_dounit "${FILESDIR}/early-docker.socket" systemd_dounit "${FILESDIR}/early-docker.target" @@ -231,8 +229,8 @@ pkg_postinst() { udev_reload elog "" - elog "To use docker, the docker daemon must be running as root. To automatically" - elog "start the docker daemon at boot, add docker to the default runlevel:" + elog "To use Docker, the Docker daemon must be running as root. To automatically" + elog "start the Docker daemon at boot, add Docker to the default runlevel:" elog " rc-update add docker default" elog "Similarly for systemd:" elog " systemctl enable docker.service" @@ -241,6 +239,7 @@ pkg_postinst() { # create docker group if the code checking for it in /etc/group exists enewgroup docker - elog "To use docker as a non-root user, add yourself to the docker group." + elog "To use Docker as a non-root user, add yourself to the 'docker' group:" + elog " usermod -aG docker youruser" elog "" } diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service-r1 b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service-r1 new file mode 100644 index 0000000000..d06b1a500a --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service-r1 @@ -0,0 +1,17 @@ +[Unit] +Description=Docker Application Container Engine +Documentation=http://docs.docker.com +After=docker.socket early-docker.target network.target +Requires=docker.socket early-docker.target + +[Service] +Environment=TMPDIR=/var/tmp +Environment=DOCKER_DRIVER=btrfs +Environment=DOCKER_OPTS='--insecure-registry="0.0.0.0/0"' +EnvironmentFile=-/run/docker_opts.env +LimitNOFILE=1048576 +LimitNPROC=1048576 +ExecStart=/usr/bin/docker --daemon --host=fd:// $DOCKER_OPTS + +[Install] +WantedBy=multi-user.target diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/early-docker.service-r1 b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/early-docker.service-r1 new file mode 100644 index 0000000000..7575618a79 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/early-docker.service-r1 @@ -0,0 +1,15 @@ +[Unit] +Description=Early Docker Application Container Engine +Documentation=http://docs.docker.com +After=early-docker.socket +Requires=early-docker.socket + +[Service] +Environment=TMPDIR=/var/tmp +Environment=DOCKER_DRIVER=btrfs +LimitNOFILE=1048576 +LimitNPROC=1048576 +ExecStart=/usr/bin/docker --daemon --host=fd:// --bridge=none --iptables=false --ip-masq=false --graph=/var/lib/early-docker --pidfile=/var/run/early-docker.pid + +[Install] +WantedBy=early-docker.target From 80c75cf4b50695bff4aad36861e4437e3a329fc9 Mon Sep 17 00:00:00 2001 From: Michael Marineau Date: Mon, 15 Dec 2014 16:40:07 -0800 Subject: [PATCH 2/2] docker: add wrapper for detecting storage driver and bump to 1.4 The new dockerd wrapper script does its best to select between the btrfs and overlay backends based on the filesystem mounted at /var/lib/docker. The new 1.4 version will remain marked as ~amd64 for testing purposes until we stabilize its dependencies, including Linux 3.18.x. --- .../app-emulation/docker/docker-1.4.0.ebuild | 1 + .../app-emulation/docker/docker-9999.ebuild | 4 ++ .../docker/files/docker.service-r1 | 3 +- .../app-emulation/docker/files/dockerd | 67 +++++++++++++++++++ .../docker/files/early-docker.service-r1 | 3 +- 5 files changed, 74 insertions(+), 4 deletions(-) create mode 120000 sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.4.0.ebuild create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/dockerd diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.4.0.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.4.0.ebuild new file mode 120000 index 0000000000..5316ba320c --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.4.0.ebuild @@ -0,0 +1 @@ +docker-9999.ebuild \ No newline at end of file diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild index b8eeec0fe6..a128501970 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild @@ -28,6 +28,7 @@ IUSE="aufs +btrfs contrib +device-mapper doc lxc vim-syntax zsh-completion" # https://github.com/docker/docker/blob/master/hack/PACKAGERS.md#build-dependencies CDEPEND=" + >=sys-kernel/coreos-kernel-3.18.0 >=dev-db/sqlite-3.7.9:3 device-mapper? ( >=sys-fs/lvm2-2.02.89[thin] @@ -186,6 +187,9 @@ src_install() { newinitd contrib/init/openrc/docker.initd docker newconfd contrib/init/openrc/docker.confd docker + exeinto /usr/lib/coreos + doexe "${FILESDIR}/dockerd" + systemd_newunit "${FILESDIR}/docker.service-r1" "docker.service" systemd_dounit "${FILESDIR}/docker.socket" systemd_newunit "${FILESDIR}/early-docker.service-r1" "early-docker.service" diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service-r1 b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service-r1 index d06b1a500a..73049fce68 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service-r1 +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service-r1 @@ -6,12 +6,11 @@ Requires=docker.socket early-docker.target [Service] Environment=TMPDIR=/var/tmp -Environment=DOCKER_DRIVER=btrfs Environment=DOCKER_OPTS='--insecure-registry="0.0.0.0/0"' EnvironmentFile=-/run/docker_opts.env LimitNOFILE=1048576 LimitNPROC=1048576 -ExecStart=/usr/bin/docker --daemon --host=fd:// $DOCKER_OPTS +ExecStart=/usr/lib/coreos/dockerd --daemon --host=fd:// $DOCKER_OPTS [Install] WantedBy=multi-user.target diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/dockerd b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/dockerd new file mode 100644 index 0000000000..f4730cf8d0 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/dockerd @@ -0,0 +1,67 @@ +#!/bin/bash +# Wrapper for launching docker daemons with an appropriate backend. + +set -e + +parse_docker_args() { + local flag value + while [[ $# -gt 0 ]]; do + flag="$1" + shift + + # treat --flag=foo and --flag foo identically + if [[ "${flag}" == *=* ]]; then + flag="${flag%=*}" + set -- "${flag#*=}" "$@" + fi + + case "${flag}" in + -g|--graph) + ARG_ROOT="$1" + shift + ;; + -s|--storage-driver) + ARG_DRIVER="$1" + shift + ;; + *) + # ignore everything else + ;; + esac + done +} + +select_docker_driver() { + local fstype + + # mimic docker's behavior to ensure we stat the right filesystem. + if [[ -L "${ARG_ROOT}" ]]; then + ARG_ROOT="$(readlink -f "${ARG_ROOT}")" + fi + + mkdir --parents --mode=0700 "${ARG_ROOT}" + fstype=$(findmnt --noheadings --output FSTYPE --target "${ARG_ROOT}") + + case "${fstype}" in + btrfs) + export DOCKER_DRIVER=btrfs + ;; + ext4|tmpfs) # As of 3.18 + export DOCKER_DRIVER=overlay + ;; + *) + # Fall back to whatever docker's default behavior is. + ;; + esac +} + +ARG_ROOT="/var/lib/docker" +ARG_DRIVER="" +parse_docker_args "$@" + +# Do not override the driver if it is already explicitly configured. +if [[ -z "${ARG_DRIVER}" && -z "${DOCKER_DRIVER}" ]]; then + select_docker_driver +fi + +exec docker "$@" diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/early-docker.service-r1 b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/early-docker.service-r1 index 7575618a79..4f9d9dda42 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/early-docker.service-r1 +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/early-docker.service-r1 @@ -6,10 +6,9 @@ Requires=early-docker.socket [Service] Environment=TMPDIR=/var/tmp -Environment=DOCKER_DRIVER=btrfs LimitNOFILE=1048576 LimitNPROC=1048576 -ExecStart=/usr/bin/docker --daemon --host=fd:// --bridge=none --iptables=false --ip-masq=false --graph=/var/lib/early-docker --pidfile=/var/run/early-docker.pid +ExecStart=/usr/lib/coreos/dockerd --daemon --host=fd:// --bridge=none --iptables=false --ip-masq=false --graph=/var/lib/early-docker --pidfile=/var/run/early-docker.pid [Install] WantedBy=early-docker.target