From 9492b0b1edcd93646f39fa5cf721b38f2137229b Mon Sep 17 00:00:00 2001 From: David Michael Date: Fri, 18 Aug 2017 18:18:50 -0700 Subject: [PATCH] app-emulation/docker: Sync with upstream, bump to 17.06.1 / Go 1.8 This switches to the new Docker CE repo structure. It points to the docker/docker-ce GitHub repo directly now, not the CoreOS fork. The cros_workon code was dropped, so we are building unmodified upstream releases now. If fixes need to be backported, patch files can just be added to the PATCHES array since this uses EAPI=6. LDFLAGS are tacked onto the -extldflags option to support torcx. A special RPATH is added for torcx support, which is passed through the LDFLAGS environment variable. The value is applied along with the "hardened" USE flag's options, so note that torcx will not work if that flag is disabled. --- .../app-emulation/docker/Manifest | 1 + ...7.05.0-r1.ebuild => docker-17.06.1.ebuild} | 0 .../app-emulation/docker/docker-9999.ebuild | 148 ++++++++++-------- .../app-emulation/docker/metadata.xml | 30 ++-- 4 files changed, 96 insertions(+), 83 deletions(-) create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/docker/Manifest rename sdk_container/src/third_party/coreos-overlay/app-emulation/docker/{docker-17.05.0-r1.ebuild => docker-17.06.1.ebuild} (100%) diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/Manifest b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/Manifest new file mode 100644 index 0000000000..924b6e7011 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/Manifest @@ -0,0 +1 @@ +DIST docker-17.06.1.tar.gz 9682381 SHA256 2ca8615162873b32d9565f95a4b2977d025fd44c69e087046e004f5dfb1ce30c SHA512 0a7dd578b3f5aa2be9e8df270b74cc5ad698b9c00ed4c314ecfea588cddddef26c0696265978d09abc5799f22f8bd8013b4f1a818e78eb7f7a4e7c15e082b5d0 WHIRLPOOL f6cf32cca15b36b4fa17239ee800d7e9347fc5f97050eca3590c75a76ab4d36ffff676508e7240aef5bd440795a870aa4349f7cede4e9fb4d610a3146693f8d7 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-17.05.0-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-17.06.1.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-17.05.0-r1.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-17.06.1.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild index 156995c21d..2b63b648bb 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild @@ -1,39 +1,45 @@ # Copyright 1999-2017 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -EAPI=5 +EAPI=6 -CROS_WORKON_PROJECT="coreos/docker" -CROS_WORKON_LOCALNAME="docker" -CROS_WORKON_REPO="git://github.com" -COREOS_GO_VERSION="go1.7" +COREOS_GO_PACKAGE="github.com/docker/docker-ce" +COREOS_GO_VERSION="go1.8" -if [[ ${PV} == *9999 ]]; then - DOCKER_GITCOMMIT="unknown" +if [[ ${PV} = *9999* ]]; then + # Docker cannot be fetched via "go get", thanks to autogenerated code + EGIT_REPO_URI="https://${COREOS_GO_PACKAGE}.git" + EGIT_CHECKOUT_DIR="${WORKDIR}/${P}/src/${COREOS_GO_PACKAGE}" + inherit git-r3 KEYWORDS="~amd64 ~arm64" else - CROS_WORKON_COMMIT="89658bed64c2a8fe05a978e5b87dbec409d57a0f" # coreos-17.05.0-ce - DOCKER_GITCOMMIT="${CROS_WORKON_COMMIT:0:7}" + inherit versionator + if [ "$(get_version_component_count)" = 4 ]; then + MY_PV="$(replace_version_separator 3 '-ce-')" + else + MY_PV="$PV-ce" + fi + DOCKER_GITCOMMIT="874a737" + SRC_URI="https://${COREOS_GO_PACKAGE}/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz" KEYWORDS="amd64 arm64" + [ "$DOCKER_GITCOMMIT" ] || die "DOCKER_GITCOMMIT must be added manually for each bump!" fi +inherit bash-completion-r1 coreos-go-depend linux-info systemd udev user -inherit bash-completion-r1 eutils linux-info multilib systemd udev user cros-workon coreos-go-depend - -DESCRIPTION="Docker complements kernel namespacing with a high-level API which operates at the process level" +DESCRIPTION="The core functions you need to create Docker images and run Docker containers" HOMEPAGE="https://dockerproject.org" LICENSE="Apache-2.0" SLOT="0" -IUSE="apparmor aufs +btrfs +container-init +device-mapper +overlay pkcs11 +journald seccomp +selinux vim-syntax zsh-completion" +IUSE="apparmor aufs +btrfs +container-init +device-mapper hardened +overlay pkcs11 seccomp +journald +selinux" -# https://github.com/docker/docker/blob/v17.05.0-ce/project/PACKAGERS.md#build-dependencies +# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#build-dependencies CDEPEND=" >=dev-db/sqlite-3.7.9:3 device-mapper? ( >=sys-fs/lvm2-2.02.89[thin] ) - seccomp? ( - >=sys-libs/libseccomp-2.2.1[static-libs] - ) + seccomp? ( >=sys-libs/libseccomp-2.2.1[static-libs] ) + apparmor? ( sys-libs/libapparmor ) " DEPEND=" @@ -49,26 +55,25 @@ DEPEND=" # or an explicit copy when installing binary packages. See coreos-kernel.eclass DEPEND+="sys-kernel/coreos-kernel" -# https://github.com/docker/docker/blob/master/hack/PACKAGERS.md#runtime-dependencies -# https://github.com/docker/docker/blob/master/hack/PACKAGERS.md#optional-dependencies +# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#runtime-dependencies +# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#optional-dependencies RDEPEND=" ${CDEPEND} - - !app-emulation/docker-bin >=net-firewall/iptables-1.4 sys-process/procps >=dev-vcs/git-1.7 >=app-arch/xz-utils-4.9 - >=sys-apps/shadow-4.4 - >=app-emulation/containerd-0.2.7_p2-r1[seccomp?] - =app-emulation/runc-1.0.0_rc2_p137[apparmor?,seccomp?] + =app-emulation/containerd-0.2.9_p7[seccomp?] + =app-emulation/docker-runc-1.0.0_rc3_p53[apparmor?,seccomp?] app-emulation/docker-proxy container-init? ( >=sys-process/tini-0.13.1 ) " RESTRICT="installsources strip" +S="${WORKDIR}/${P}/src/${COREOS_GO_PACKAGE}" + # see "contrib/check-config.sh" from upstream's sources CONFIG_CHECK=" ~NAMESPACES ~NET_NS ~PID_NS ~IPC_NS ~UTS_NS @@ -193,34 +198,30 @@ pkg_setup() { enewgroup docker } -src_prepare() { - # allow user patches (use sparingly - upstream won't support them) - epatch_user - - # remove the .git directory so that hack/make.sh uses DOCKER_GITCOMMIT - # for the commit hash. - rm --recursive --force .git +src_unpack() { + if [ -n "$DOCKER_GITCOMMIT" ]; then + mkdir -p "${S}" + tar --strip-components=1 -C "${S}" -xf "${DISTDIR}/${A}" + else + git-r3_src_unpack + DOCKER_GITCOMMIT=$(git -C "${S}" rev-parse HEAD | head -c 7) + fi } src_compile() { - # if we treat them right, Docker's build scripts will set up a - # reasonable GOPATH for us - export AUTO_GOPATH=1 + export GOPATH="${WORKDIR}/${P}" - # if we're building from a zip, we need the GITCOMMIT value + # setup CFLAGS and LDFLAGS for separate build target + # see https://github.com/tianon/docker-overlay/pull/10 + export CGO_CFLAGS="-I${ROOT}/usr/include" + export CGO_LDFLAGS="-L${ROOT}/usr/$(get_libdir)" + + # if we're building from a tarball, we need the GITCOMMIT value [ "$DOCKER_GITCOMMIT" ] && export DOCKER_GITCOMMIT - if gcc-specs-pie; then - sed -i "s/EXTLDFLAGS_STATIC='/&-fno-PIC /" hack/make.sh || die - grep -q -- '-fno-PIC' hack/make.sh || die 'hardened sed failed' - - sed "s/LDFLAGS_STATIC_DOCKER='/&-extldflags -fno-PIC /" \ - -i hack/make/dynbinary-client || die - sed "s/LDFLAGS_STATIC_DOCKER='/&-extldflags -fno-PIC /" \ - -i hack/make/dynbinary-daemon || die - grep -q -- '-fno-PIC' hack/make/dynbinary-daemon || die 'hardened sed failed' - grep -q -- '-fno-PIC' hack/make/dynbinary-client || die 'hardened sed failed' - fi + # fake golang layout + ln -s docker-ce/components/engine ../docker || die + ln -s docker-ce/components/cli ../cli || die # let's set up some optional features :) export DOCKER_BUILDTAGS='' @@ -236,24 +237,42 @@ src_compile() { fi done - go_export + pushd components/engine || die - # verbose building - export BUILDFLAGS="-x -v" + if use hardened; then + sed -i "s#EXTLDFLAGS_STATIC='#&-fno-PIC $LDFLAGS #" hack/make.sh || die + grep -q -- '-fno-PIC' hack/make.sh || die 'hardened sed failed' + sed "s#LDFLAGS_STATIC_DOCKER='#&-extldflags \"-fno-PIC $LDFLAGS\" #" \ + -i hack/make/dynbinary-daemon || die + grep -q -- '-fno-PIC' hack/make/dynbinary-daemon || die 'hardened sed failed' + fi - # time to build! + # build daemon ./hack/make.sh dynbinary || die 'dynbinary failed' + + popd || die # components/engine + + pushd components/cli || die + + # build cli + emake \ + LDFLAGS="$(usex hardened "-extldflags \"-fno-PIC $LDFLAGS\"" '')" \ + VERSION="$(cat ../../VERSION)" \ + GITCOMMIT="${DOCKER_GITCOMMIT}" \ + dynbinary || die + + popd || die # components/cli } src_install() { - VERSION="$(cat VERSION)" - newbin "bundles/$VERSION/dynbinary-client/docker-$VERSION" docker - newbin "bundles/$VERSION/dynbinary-daemon/dockerd-$VERSION" dockerd dosym containerd /usr/bin/docker-containerd dosym containerd-shim /usr/bin/docker-containerd-shim dosym runc /usr/bin/docker-runc use container-init && dosym tini /usr/bin/docker-init + pushd components/engine || die + newbin "$(readlink -f bundles/latest/dynbinary-daemon/dockerd)" dockerd + newinitd contrib/init/openrc/docker.initd docker newconfd contrib/init/openrc/docker.confd docker @@ -273,18 +292,19 @@ src_install() { dodoc AUTHORS CONTRIBUTING.md CHANGELOG.md NOTICE README.md dodoc -r docs/* + insinto /usr/share/vim/vimfiles + doins -r contrib/syntax/vim/ftdetect + doins -r contrib/syntax/vim/syntax + popd || die # components/engine + + pushd components/cli || die + + newbin build/docker-* docker + dobashcomp contrib/completion/bash/* - - if use zsh-completion; then - insinto /usr/share/zsh/site-functions - doins contrib/completion/zsh/* - fi - - if use vim-syntax; then - insinto /usr/share/vim/vimfiles - doins -r contrib/syntax/vim/ftdetect - doins -r contrib/syntax/vim/syntax - fi + insinto /usr/share/zsh/site-functions + doins contrib/completion/zsh/_* + popd || die # components/cli } pkg_postinst() { diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/metadata.xml b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/metadata.xml index 907d5d1da2..16f7009d5e 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/metadata.xml +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/metadata.xml @@ -8,23 +8,18 @@ scale, in production, on VMs, bare metal, OpenStack clusters, public clouds and more. - proxy-maintainers - + admwiggin@gmail.com Tianon - - xarthisius@gentoo.org - Kacper Kowalik - - - alunduil@gentoo.org - Alex Brandt - - + williamh@gentoo.org William Hubbs + + mrueg@gentoo.org + Manuel RĂ¼ger + Enables dependencies for the "aufs" graph driver, including @@ -37,23 +32,20 @@ Enables dependencies for the "btrfs" graph driver, including necessary kernel flags. - - Install additional contrib scripts and components. + + Makes the a staticly-linked init system tini available inside a + container. Enables dependencies for the "devicemapper" graph driver, including necessary kernel flags. - - Enable features labelled by upstream to be of "experimental" - quality and not yet ready for general consumption. - Enables dependencies for the "overlay" graph driver, including necessary kernel flags. - - Enables dependencies for the "lxc" execution driver. + + Enables pkcs-11 support.