docker: sync live ebuild with current upstream ebuild

These changes are not applicable to 1.3.3 so that ebuild is now a copy
instead of a symlink. This is in preparation for adding 1.4.0.

sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.3.3-r1.ebuild

@@ -1 +0,0 @@
-docker-9999.ebuild

sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.3.3-r1.ebuild

@@ -0,0 +1,246 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+
+EAPI=5
+
+DESCRIPTION="Docker complements kernel namespacing with a high-level API which operates at the process level."
+HOMEPAGE="https://www.docker.io/"
+
+CROS_WORKON_PROJECT="dotcloud/docker"
+CROS_WORKON_LOCALNAME="docker"
+CROS_WORKON_REPO="git://github.com"
+
+GITHUB_URI="github.com/crosbymichael/docker"
+
+# TODO: Remove this logic once we cross the 1.4.0 threshold
+BTRFS_VER="0.20"
+
+if [[ ${PV} == *9999 ]]; then
+	DOCKER_GITCOMMIT="deadbee"
+	KEYWORDS="~amd64"
+	BTRFS_VER="3.16.1"
+else
+	CROS_WORKON_COMMIT="d3446258471733fe667f0abdf015ee3ebd2f3485" # v1.3.3
+	DOCKER_GITCOMMIT="${CROS_WORKON_COMMIT:0:7}"
+	KEYWORDS="amd64"
+fi
+
+inherit bash-completion-r1 linux-info systemd udev user cros-workon
+
+LICENSE="Apache-2.0"
+SLOT="0"
+IUSE="aufs +btrfs contrib +device-mapper doc lxc vim-syntax zsh-completion"
+
+CDEPEND="
+	>=dev-db/sqlite-3.7.9:3
+	device-mapper? (
+		sys-fs/lvm2[thin]
+	)
+"
+DEPEND="
+	${CDEPEND}
+	>=dev-lang/go-1.2
+	btrfs? (
+		>=sys-fs/btrfs-progs-${BTRFS_VER}
+	)
+	dev-vcs/git
+	dev-vcs/mercurial
+"
+RDEPEND="
+	${CDEPEND}
+	!app-emulation/docker-bin
+	>=net-firewall/iptables-1.4
+	lxc? (
+		>=app-emulation/lxc-1.0
+	)
+	>=dev-vcs/git-1.7
+	>=app-arch/xz-utils-4.9
+	aufs? (
+		|| (
+			sys-fs/aufs3
+			sys-kernel/aufs-sources
+		)
+	)
+"
+
+RESTRICT="installsources strip"
+
+pkg_setup() {
+	if kernel_is lt 3 8; then
+		ewarn ""
+		ewarn "Using Docker with kernels older than 3.8 is unstable and unsupported."
+		ewarn ""
+	fi
+
+	# many of these were borrowed from the app-emulation/lxc ebuild
+	CONFIG_CHECK+="
+		~CGROUPS
+		~CGROUP_CPUACCT
+		~CGROUP_DEVICE
+		~CGROUP_FREEZER
+		~CGROUP_SCHED
+		~CPUSETS
+		~MEMCG_SWAP
+		~RESOURCE_COUNTERS
+
+		~IPC_NS
+		~NAMESPACES
+		~PID_NS
+
+		~DEVPTS_MULTIPLE_INSTANCES
+		~MACVLAN
+		~NET_NS
+		~UTS_NS
+		~VETH
+
+		~!NETPRIO_CGROUP
+		~POSIX_MQUEUE
+
+		~BRIDGE
+		~IP_NF_TARGET_MASQUERADE
+		~NETFILTER_XT_MATCH_ADDRTYPE
+		~NETFILTER_XT_MATCH_CONNTRACK
+		~NF_NAT
+		~NF_NAT_NEEDED
+
+		~!GRKERNSEC_CHROOT_CAPS
+		~!GRKERNSEC_CHROOT_CHMOD
+		~!GRKERNSEC_CHROOT_DOUBLE
+		~!GRKERNSEC_CHROOT_MOUNT
+		~!GRKERNSEC_CHROOT_PIVOT
+	"
+
+	ERROR_MEMCG_SWAP="CONFIG_MEMCG_SWAP: is required if you wish to limit swap usage of containers"
+
+	for c in GRKERNSEC_CHROOT_MOUNT GRKERNSEC_CHROOT_DOUBLE GRKERNSEC_CHROOT_PIVOT GRKERNSEC_CHROOT_CHMOD; do
+		declare "ERROR_$c"="CONFIG_$c: see app-emulation/lxc postinst notes for why some GRSEC features make containers unusuable"
+	done
+
+	if use aufs; then
+		CONFIG_CHECK+="
+			~AUFS_FS
+		"
+		ERROR_AUFS_FS="CONFIG_AUFS_FS: is required to be set if and only if aufs-sources are used"
+	fi
+
+	if use btrfs; then
+		CONFIG_CHECK+="
+			~BTRFS_FS
+		"
+	fi
+
+	if use device-mapper; then
+		CONFIG_CHECK+="
+			~BLK_DEV_DM
+			~DM_THIN_PROVISIONING
+			~EXT4_FS
+		"
+	fi
+
+	check_extra_config
+}
+
+src_compile() {
+	# hack(philips): to keep the git commit from being dirty
+	mv .git .git.old
+
+	# if we treat them right, Docker's build scripts will set up a
+	# reasonable GOPATH for us
+	export AUTO_GOPATH=1
+
+	# setup CFLAGS and LDFLAGS for separate build target
+	# see https://github.com/tianon/docker-overlay/pull/10
+	export CGO_CFLAGS="-I${ROOT}/usr/include"
+	export CGO_LDFLAGS="-L${ROOT}/usr/lib"
+
+	# if we're building from a zip, we need the GITCOMMIT value
+	[ "$DOCKER_GITCOMMIT" ] && export DOCKER_GITCOMMIT
+
+	if gcc-specs-pie; then
+		sed -i "s/EXTLDFLAGS_STATIC='/EXTLDFLAGS_STATIC='-fno-PIC /" hack/make.sh || die
+		grep -q -- '-fno-PIC' hack/make.sh || die 'hardened sed failed'
+
+		sed -i 's/LDFLAGS_STATIC_DOCKER="/LDFLAGS_STATIC_DOCKER="-extldflags -fno-PIC /' hack/make/dynbinary || die
+		grep -q -- '-fno-PIC' hack/make/dynbinary || die 'hardened sed failed'
+	fi
+
+	# let's set up some optional features :)
+	export DOCKER_BUILDTAGS=''
+	for gd in aufs btrfs device-mapper; do
+		if ! use $gd; then
+			DOCKER_BUILDTAGS+=" exclude_graphdriver_${gd//-/}"
+		fi
+	done
+
+	# time to build!
+	./hack/make.sh dynbinary || die
+
+	# TODO pandoc the man pages using docs/man/md2man-all.sh
+}
+
+src_install() {
+	VERSION=$(cat VERSION)
+	newbin bundles/$VERSION/dynbinary/docker-$VERSION docker
+	exeinto /usr/libexec/docker
+	newexe bundles/$VERSION/dynbinary/dockerinit-$VERSION dockerinit
+
+	newinitd contrib/init/openrc/docker.initd docker
+	newconfd contrib/init/openrc/docker.confd docker
+
+	systemd_dounit "${FILESDIR}/docker.service"
+	systemd_dounit "${FILESDIR}/docker.socket"
+	systemd_dounit "${FILESDIR}/early-docker.service"
+	systemd_dounit "${FILESDIR}/early-docker.socket"
+	systemd_dounit "${FILESDIR}/early-docker.target"
+
+	insinto /usr/lib/systemd/network
+	doins "${FILESDIR}"/50-docker{,-veth}.network
+
+	udev_dorules contrib/udev/*.rules
+
+	dodoc AUTHORS CONTRIBUTING.md CHANGELOG.md NOTICE README.md
+	if use doc; then
+		# TODO doman contrib/man/man*/*
+
+		docompress -x /usr/share/doc/${PF}/md
+		docinto md
+		dodoc -r docs/sources/*
+	fi
+
+	dobashcomp contrib/completion/bash/*
+
+	if use zsh-completion; then
+		insinto /usr/share/zsh/site-functions
+		doins contrib/completion/zsh/*
+	fi
+
+	if use vim-syntax; then
+		insinto /usr/share/vim/vimfiles
+		doins -r contrib/syntax/vim/ftdetect
+		doins -r contrib/syntax/vim/syntax
+	fi
+
+	if use contrib; then
+		mkdir -p "${D}/usr/share/${PN}/contrib"
+		cp -R contrib/* "${D}/usr/share/${PN}/contrib"
+	fi
+}
+
+pkg_postinst() {
+	udev_reload
+
+	elog ""
+	elog "To use docker, the docker daemon must be running as root. To automatically"
+	elog "start the docker daemon at boot, add docker to the default runlevel:"
+	elog "  rc-update add docker default"
+	elog "Similarly for systemd:"
+	elog "  systemctl enable docker.service"
+	elog ""
+
+	# create docker group if the code checking for it in /etc/group exists
+	enewgroup docker
+
+	elog "To use docker as a non-root user, add yourself to the docker group."
+	elog ""
+}

sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild

@@ -1,61 +1,61 @@
 # Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: $
+# $Header: /var/cvsroot/gentoo-x86/app-emulation/docker/docker-1.4.0.ebuild,v 1.1 2014/12/12 18:53:23 xarthisius Exp $
 
 EAPI=5
 
-DESCRIPTION="Docker complements kernel namespacing with a high-level API which operates at the process level."
-HOMEPAGE="https://www.docker.io/"
+DESCRIPTION="Docker complements kernel namespacing with a high-level API which operates at the process level"
+HOMEPAGE="https://www.docker.com"
 
 CROS_WORKON_PROJECT="dotcloud/docker"
 CROS_WORKON_LOCALNAME="docker"
 CROS_WORKON_REPO="git://github.com"
 
-GITHUB_URI="github.com/crosbymichael/docker"
-
-# TODO: Remove this logic once we cross the 1.4.0 threshold
-BTRFS_VER="0.20"
-
 if [[ ${PV} == *9999 ]]; then
-	DOCKER_GITCOMMIT="deadbee"
-	KEYWORDS="~amd64"
-	BTRFS_VER="3.16.1"
+	DOCKER_GITCOMMIT=""
+	KEYWORDS=""
 else
-	CROS_WORKON_COMMIT="d3446258471733fe667f0abdf015ee3ebd2f3485" # v1.3.3
+	CROS_WORKON_COMMIT="4595d4fb03093acf87b905bebc5ba4964d7c0707" # v1.4.0
 	DOCKER_GITCOMMIT="${CROS_WORKON_COMMIT:0:7}"
-	KEYWORDS="amd64"
+	KEYWORDS="~amd64"
 fi
 
-inherit bash-completion-r1 linux-info systemd udev user cros-workon
+inherit bash-completion-r1 linux-info multilib systemd udev user cros-workon
 
 LICENSE="Apache-2.0"
 SLOT="0"
 IUSE="aufs +btrfs contrib +device-mapper doc lxc vim-syntax zsh-completion"
 
+# https://github.com/docker/docker/blob/master/hack/PACKAGERS.md#build-dependencies
 CDEPEND="
 	>=dev-db/sqlite-3.7.9:3
 	device-mapper? (
-		sys-fs/lvm2[thin]
+		>=sys-fs/lvm2-2.02.89[thin]
 	)
 "
+
 DEPEND="
 	${CDEPEND}
-	>=dev-lang/go-1.2
+	>=dev-lang/go-1.3
 	btrfs? (
-		>=sys-fs/btrfs-progs-${BTRFS_VER}
+		>=sys-fs/btrfs-progs-3.16.1
 	)
-	dev-vcs/git
-	dev-vcs/mercurial
 "
+
+# https://github.com/docker/docker/blob/master/hack/PACKAGERS.md#runtime-dependencies
+# https://github.com/docker/docker/blob/master/hack/PACKAGERS.md#optional-dependencies
 RDEPEND="
 	${CDEPEND}
+
 	!app-emulation/docker-bin
 	>=net-firewall/iptables-1.4
+	sys-process/procps
+	>=dev-vcs/git-1.7
+	>=app-arch/xz-utils-4.9
+
 	lxc? (
 		>=app-emulation/lxc-1.0
 	)
-	>=dev-vcs/git-1.7
-	>=app-arch/xz-utils-4.9
 	aufs? (
 		|| (
 			sys-fs/aufs3
@@ -66,61 +66,54 @@ RDEPEND="
 
 RESTRICT="installsources strip"
 
+# see "contrib/check-config.sh" from upstream's sources
+CONFIG_CHECK="
+	NAMESPACES NET_NS PID_NS IPC_NS UTS_NS
+	DEVPTS_MULTIPLE_INSTANCES
+	CGROUPS CGROUP_CPUACCT CGROUP_DEVICE CGROUP_FREEZER CGROUP_SCHED
+	MACVLAN VETH BRIDGE
+	NF_NAT_IPV4 IP_NF_FILTER IP_NF_TARGET_MASQUERADE
+	NETFILTER_XT_MATCH_ADDRTYPE NETFILTER_XT_MATCH_CONNTRACK
+	NF_NAT NF_NAT_NEEDED
+
+	~MEMCG_SWAP
+	~RESOURCE_COUNTERS
+	~CGROUP_PERF
+"
+
+ERROR_MEMCG_SWAP="CONFIG_MEMCG_SWAP: is required if you wish to limit swap usage of containers"
+ERROR_RESOURCE_COUNTERS="CONFIG_RESOURCE_COUNTERS: is optional for container statistics gathering"
+ERROR_CGROUP_PERF="CONFIG_CGROUP_PERF: is optional for container statistics gathering"
+
 pkg_setup() {
 	if kernel_is lt 3 8; then
-		ewarn ""
-		ewarn "Using Docker with kernels older than 3.8 is unstable and unsupported."
-		ewarn ""
+		eerror ""
+		eerror "Using Docker with kernels older than 3.8 is unstable and unsupported."
+		eerror " - http://docs.docker.com/installation/binaries/#check-kernel-dependencies"
+		die 'Kernel is too old - need 3.8 or above'
 	fi
 
-	# many of these were borrowed from the app-emulation/lxc ebuild
-	CONFIG_CHECK+="
-		~CGROUPS
-		~CGROUP_CPUACCT
-		~CGROUP_DEVICE
-		~CGROUP_FREEZER
-		~CGROUP_SCHED
-		~CPUSETS
-		~MEMCG_SWAP
-		~RESOURCE_COUNTERS
-
-		~IPC_NS
-		~NAMESPACES
-		~PID_NS
-
-		~DEVPTS_MULTIPLE_INSTANCES
-		~MACVLAN
-		~NET_NS
-		~UTS_NS
-		~VETH
-
-		~!NETPRIO_CGROUP
-		~POSIX_MQUEUE
-
-		~BRIDGE
-		~IP_NF_TARGET_MASQUERADE
-		~NETFILTER_XT_MATCH_ADDRTYPE
-		~NETFILTER_XT_MATCH_CONNTRACK
-		~NF_NAT
-		~NF_NAT_NEEDED
-
-		~!GRKERNSEC_CHROOT_CAPS
-		~!GRKERNSEC_CHROOT_CHMOD
-		~!GRKERNSEC_CHROOT_DOUBLE
-		~!GRKERNSEC_CHROOT_MOUNT
-		~!GRKERNSEC_CHROOT_PIVOT
-	"
-
-	ERROR_MEMCG_SWAP="CONFIG_MEMCG_SWAP: is required if you wish to limit swap usage of containers"
-
-	for c in GRKERNSEC_CHROOT_MOUNT GRKERNSEC_CHROOT_DOUBLE GRKERNSEC_CHROOT_PIVOT GRKERNSEC_CHROOT_CHMOD; do
-		declare "ERROR_$c"="CONFIG_$c: see app-emulation/lxc postinst notes for why some GRSEC features make containers unusuable"
-	done
+	# for where these kernel versions come from, see:
+	# https://www.google.com/search?q=945b2b2d259d1a4364a2799e80e8ff32f8c6ee6f+site%3Akernel.org%2Fpub%2Flinux%2Fkernel+file%3AChangeLog*
+	if ! {
+		kernel_is ge 3 16 \
+		|| { kernel_is 3 15 && kernel_is ge 3 15 5; } \
+		|| { kernel_is 3 14 && kernel_is ge 3 14 12; } \
+		|| { kernel_is 3 12 && kernel_is ge 3 12 25; }
+	}; then
+		ewarn ""
+		ewarn "There is a serious Docker-related kernel panic that has been fixed in 3.16+"
+		ewarn "  (and was backported to 3.15.5+, 3.14.12+, and 3.12.25+)"
+		ewarn ""
+		ewarn "See also https://github.com/docker/docker/issues/2960"
+	fi
 
 	if use aufs; then
 		CONFIG_CHECK+="
 			~AUFS_FS
 		"
+		# TODO there must be a way to detect "sys-kernel/aufs-sources" so we don't warn "sys-fs/aufs3" users about this
+		# an even better solution would be to check if the current kernel sources include CONFIG_AUFS_FS as an option, but that sounds hairy and error-prone
 		ERROR_AUFS_FS="CONFIG_AUFS_FS: is required to be set if and only if aufs-sources are used"
 	fi
 
@@ -132,19 +125,24 @@ pkg_setup() {
 
 	if use device-mapper; then
 		CONFIG_CHECK+="
-			~BLK_DEV_DM
-			~DM_THIN_PROVISIONING
-			~EXT4_FS
+			~BLK_DEV_DM ~DM_THIN_PROVISIONING ~EXT4_FS
 		"
 	fi
 
-	check_extra_config
+	linux-info_pkg_setup
+}
+
+src_prepare() {
+	# hack(philips): to keep the git commit from being dirty
+	if [[ -n "${DOCKER_GITCOMMIT}" ]]; then
+		.git .git.old
+	fi
+
+	# allow user patches (use sparingly - upstream won't support them)
+	epatch_user
 }
 
 src_compile() {
-	# hack(philips): to keep the git commit from being dirty
-	mv .git .git.old
-
 	# if we treat them right, Docker's build scripts will set up a
 	# reasonable GOPATH for us
 	export AUTO_GOPATH=1
@@ -152,7 +150,7 @@ src_compile() {
 	# setup CFLAGS and LDFLAGS for separate build target
 	# see https://github.com/tianon/docker-overlay/pull/10
 	export CGO_CFLAGS="-I${ROOT}/usr/include"
-	export CGO_LDFLAGS="-L${ROOT}/usr/lib"
+	export CGO_LDFLAGS="-L${ROOT}/usr/$(get_libdir)"
 
 	# if we're building from a zip, we need the GITCOMMIT value
 	[ "$DOCKER_GITCOMMIT" ] && export DOCKER_GITCOMMIT
@@ -174,9 +172,9 @@ src_compile() {
 	done
 
 	# time to build!
-	./hack/make.sh dynbinary || die
+	./hack/make.sh dynbinary || die 'dynbinary failed'
 
-	# TODO pandoc the man pages using docs/man/md2man-all.sh
+	# TODO get go-md2man and then include the man pages using docs/man/md2man-all.sh
 }
 
 src_install() {
@@ -188,9 +186,9 @@ src_install() {
 	newinitd contrib/init/openrc/docker.initd docker
 	newconfd contrib/init/openrc/docker.confd docker
 
-	systemd_dounit "${FILESDIR}/docker.service"
+	systemd_newunit "${FILESDIR}/docker.service-r1" "docker.service"
 	systemd_dounit "${FILESDIR}/docker.socket"
-	systemd_dounit "${FILESDIR}/early-docker.service"
+	systemd_newunit "${FILESDIR}/early-docker.service-r1" "early-docker.service"
 	systemd_dounit "${FILESDIR}/early-docker.socket"
 	systemd_dounit "${FILESDIR}/early-docker.target"
 
@@ -231,8 +229,8 @@ pkg_postinst() {
 	udev_reload
 
 	elog ""
-	elog "To use docker, the docker daemon must be running as root. To automatically"
-	elog "start the docker daemon at boot, add docker to the default runlevel:"
+	elog "To use Docker, the Docker daemon must be running as root. To automatically"
+	elog "start the Docker daemon at boot, add Docker to the default runlevel:"
 	elog "  rc-update add docker default"
 	elog "Similarly for systemd:"
 	elog "  systemctl enable docker.service"
@@ -241,6 +239,7 @@ pkg_postinst() {
 	# create docker group if the code checking for it in /etc/group exists
 	enewgroup docker
 
-	elog "To use docker as a non-root user, add yourself to the docker group."
+	elog "To use Docker as a non-root user, add yourself to the 'docker' group:"
+	elog "  usermod -aG docker youruser"
 	elog ""
 }

sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service-r1

@@ -0,0 +1,17 @@
+[Unit]
+Description=Docker Application Container Engine
+Documentation=http://docs.docker.com
+After=docker.socket early-docker.target network.target
+Requires=docker.socket early-docker.target
+
+[Service]
+Environment=TMPDIR=/var/tmp
+Environment=DOCKER_DRIVER=btrfs
+Environment=DOCKER_OPTS='--insecure-registry="0.0.0.0/0"'
+EnvironmentFile=-/run/docker_opts.env
+LimitNOFILE=1048576
+LimitNPROC=1048576
+ExecStart=/usr/bin/docker --daemon --host=fd:// $DOCKER_OPTS
+
+[Install]
+WantedBy=multi-user.target

sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/early-docker.service-r1

@@ -0,0 +1,15 @@
+[Unit]
+Description=Early Docker Application Container Engine
+Documentation=http://docs.docker.com
+After=early-docker.socket
+Requires=early-docker.socket
+
+[Service]
+Environment=TMPDIR=/var/tmp
+Environment=DOCKER_DRIVER=btrfs
+LimitNOFILE=1048576
+LimitNPROC=1048576
+ExecStart=/usr/bin/docker --daemon --host=fd:// --bridge=none --iptables=false --ip-masq=false --graph=/var/lib/early-docker --pidfile=/var/run/early-docker.pid
+
+[Install]
+WantedBy=early-docker.target