diff --git a/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/files/compat-wrapper.sh b/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/files/compat-wrapper.sh new file mode 100644 index 0000000000..122162deca --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/files/compat-wrapper.sh @@ -0,0 +1,33 @@ +#!/bin/bash +set -e + +bin=${0##*/} +seal=/run/metadata/torcx + +if [ -z "${bin}" ] +then + echo 'Failed to determine the executed program name.' 1>&2 + exit 1 +fi + +if [ -s "${seal}" ] +then + . "${seal}" +else + echo "The program ${bin} is managed by torcx, which did not run." 1>&2 + exit 1 +fi + +if [ -z "${TORCX_BINDIR-}" ] +then + echo "The torcx seal file ${seal} is invalid." 1>&2 + exit 1 +fi + +if [ ! -x "${TORCX_BINDIR}/${bin}" ] +then + echo "The current torcx profile did not install a ${bin} program." 1>&2 + exit 1 +fi + +PATH="${TORCX_BINDIR}${PATH:+:${PATH}}" exec "${TORCX_BINDIR}/${bin}" "$@" diff --git a/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/files/dockerd-wrapper.sh b/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/files/dockerd-wrapper.sh new file mode 100644 index 0000000000..2a94d06561 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/files/dockerd-wrapper.sh @@ -0,0 +1,41 @@ +#!/bin/bash +# Wrapper for launching docker daemons with selinux default on +# This wrapper script has been deprecated (euank: 2017-05-09) and is retained +# for backwards compatibility. + +set -e + +parse_docker_args() { + local flag + while [[ $# -gt 0 ]]; do + flag="$1" + shift + + # treat --flag=foo and --flag foo identically + if [[ "${flag}" == *=* ]]; then + set -- "${flag#*=}" "$@" + flag="${flag%=*}" + fi + + case "${flag}" in + --selinux-enabled) + ARG_SELINUX="$1" + shift + ;; + *) + # ignore everything else + ;; + esac + done +} + +parse_docker_args "$@" + +USE_SELINUX="" +# Do not override selinux if it is already explicitly configured. +if [[ -z "${ARG_SELINUX}" ]]; then + # If unspecified, default on + USE_SELINUX="--selinux-enabled" +fi + +exec dockerd "$@" ${USE_SELINUX} diff --git a/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/files/vendor.json b/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/files/vendor.json index e69de29bb2..4480c4e767 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/files/vendor.json +++ b/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/files/vendor.json @@ -0,0 +1,11 @@ +{ + "kind": "profile-manifest-v0", + "value": { + "images": [ + { + "name": "docker", + "reference": "com.coreos.cl" + } + ] + } +} diff --git a/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-9999.ebuild index 228da33af2..f603802656 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-9999.ebuild @@ -46,4 +46,12 @@ src_install() { insinto "${vendordir}/profiles" doins "${FILESDIR}/vendor.json" dodir "${vendordir}/store" + + # Preserve program paths for torcx packages. + newbin "${FILESDIR}/compat-wrapper.sh" docker + for link in {docker-,}{containerd{,-shim},runc} ctr docker-{init,proxy} dockerd tini + do ln -fns docker "${ED}/usr/bin/${link}" + done + exeinto /usr/lib/coreos + newexe "${FILESDIR}/dockerd-wrapper.sh" dockerd }