mirror of
https://github.com/flatcar/scripts.git
synced 2025-08-22 15:01:00 +02:00
app-emulation/docker: Sync with upstream, bump to 17.06.1 / Go 1.8
This switches to the new Docker CE repo structure. It points to the docker/docker-ce GitHub repo directly now, not the CoreOS fork. The cros_workon code was dropped, so we are building unmodified upstream releases now. If fixes need to be backported, patch files can just be added to the PATCHES array since this uses EAPI=6. LDFLAGS are tacked onto the -extldflags option to support torcx. A special RPATH is added for torcx support, which is passed through the LDFLAGS environment variable. The value is applied along with the "hardened" USE flag's options, so note that torcx will not work if that flag is disabled.
This commit is contained in:
parent
d97cc4a139
commit
9492b0b1ed
1
sdk_container/src/third_party/coreos-overlay/app-emulation/docker/Manifest
vendored
Normal file
1
sdk_container/src/third_party/coreos-overlay/app-emulation/docker/Manifest
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
DIST docker-17.06.1.tar.gz 9682381 SHA256 2ca8615162873b32d9565f95a4b2977d025fd44c69e087046e004f5dfb1ce30c SHA512 0a7dd578b3f5aa2be9e8df270b74cc5ad698b9c00ed4c314ecfea588cddddef26c0696265978d09abc5799f22f8bd8013b4f1a818e78eb7f7a4e7c15e082b5d0 WHIRLPOOL f6cf32cca15b36b4fa17239ee800d7e9347fc5f97050eca3590c75a76ab4d36ffff676508e7240aef5bd440795a870aa4349f7cede4e9fb4d610a3146693f8d7
|
@ -1,39 +1,45 @@
|
|||||||
# Copyright 1999-2017 Gentoo Foundation
|
# Copyright 1999-2017 Gentoo Foundation
|
||||||
# Distributed under the terms of the GNU General Public License v2
|
# Distributed under the terms of the GNU General Public License v2
|
||||||
|
|
||||||
EAPI=5
|
EAPI=6
|
||||||
|
|
||||||
CROS_WORKON_PROJECT="coreos/docker"
|
COREOS_GO_PACKAGE="github.com/docker/docker-ce"
|
||||||
CROS_WORKON_LOCALNAME="docker"
|
COREOS_GO_VERSION="go1.8"
|
||||||
CROS_WORKON_REPO="git://github.com"
|
|
||||||
COREOS_GO_VERSION="go1.7"
|
|
||||||
|
|
||||||
if [[ ${PV} == *9999 ]]; then
|
if [[ ${PV} = *9999* ]]; then
|
||||||
DOCKER_GITCOMMIT="unknown"
|
# Docker cannot be fetched via "go get", thanks to autogenerated code
|
||||||
|
EGIT_REPO_URI="https://${COREOS_GO_PACKAGE}.git"
|
||||||
|
EGIT_CHECKOUT_DIR="${WORKDIR}/${P}/src/${COREOS_GO_PACKAGE}"
|
||||||
|
inherit git-r3
|
||||||
KEYWORDS="~amd64 ~arm64"
|
KEYWORDS="~amd64 ~arm64"
|
||||||
else
|
else
|
||||||
CROS_WORKON_COMMIT="89658bed64c2a8fe05a978e5b87dbec409d57a0f" # coreos-17.05.0-ce
|
inherit versionator
|
||||||
DOCKER_GITCOMMIT="${CROS_WORKON_COMMIT:0:7}"
|
if [ "$(get_version_component_count)" = 4 ]; then
|
||||||
KEYWORDS="amd64 arm64"
|
MY_PV="$(replace_version_separator 3 '-ce-')"
|
||||||
|
else
|
||||||
|
MY_PV="$PV-ce"
|
||||||
fi
|
fi
|
||||||
|
DOCKER_GITCOMMIT="874a737"
|
||||||
|
SRC_URI="https://${COREOS_GO_PACKAGE}/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz"
|
||||||
|
KEYWORDS="amd64 arm64"
|
||||||
|
[ "$DOCKER_GITCOMMIT" ] || die "DOCKER_GITCOMMIT must be added manually for each bump!"
|
||||||
|
fi
|
||||||
|
inherit bash-completion-r1 coreos-go-depend linux-info systemd udev user
|
||||||
|
|
||||||
inherit bash-completion-r1 eutils linux-info multilib systemd udev user cros-workon coreos-go-depend
|
DESCRIPTION="The core functions you need to create Docker images and run Docker containers"
|
||||||
|
|
||||||
DESCRIPTION="Docker complements kernel namespacing with a high-level API which operates at the process level"
|
|
||||||
HOMEPAGE="https://dockerproject.org"
|
HOMEPAGE="https://dockerproject.org"
|
||||||
LICENSE="Apache-2.0"
|
LICENSE="Apache-2.0"
|
||||||
SLOT="0"
|
SLOT="0"
|
||||||
IUSE="apparmor aufs +btrfs +container-init +device-mapper +overlay pkcs11 +journald seccomp +selinux vim-syntax zsh-completion"
|
IUSE="apparmor aufs +btrfs +container-init +device-mapper hardened +overlay pkcs11 seccomp +journald +selinux"
|
||||||
|
|
||||||
# https://github.com/docker/docker/blob/v17.05.0-ce/project/PACKAGERS.md#build-dependencies
|
# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#build-dependencies
|
||||||
CDEPEND="
|
CDEPEND="
|
||||||
>=dev-db/sqlite-3.7.9:3
|
>=dev-db/sqlite-3.7.9:3
|
||||||
device-mapper? (
|
device-mapper? (
|
||||||
>=sys-fs/lvm2-2.02.89[thin]
|
>=sys-fs/lvm2-2.02.89[thin]
|
||||||
)
|
)
|
||||||
seccomp? (
|
seccomp? ( >=sys-libs/libseccomp-2.2.1[static-libs] )
|
||||||
>=sys-libs/libseccomp-2.2.1[static-libs]
|
apparmor? ( sys-libs/libapparmor )
|
||||||
)
|
|
||||||
"
|
"
|
||||||
|
|
||||||
DEPEND="
|
DEPEND="
|
||||||
@ -49,26 +55,25 @@ DEPEND="
|
|||||||
# or an explicit copy when installing binary packages. See coreos-kernel.eclass
|
# or an explicit copy when installing binary packages. See coreos-kernel.eclass
|
||||||
DEPEND+="sys-kernel/coreos-kernel"
|
DEPEND+="sys-kernel/coreos-kernel"
|
||||||
|
|
||||||
# https://github.com/docker/docker/blob/master/hack/PACKAGERS.md#runtime-dependencies
|
# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#runtime-dependencies
|
||||||
# https://github.com/docker/docker/blob/master/hack/PACKAGERS.md#optional-dependencies
|
# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#optional-dependencies
|
||||||
RDEPEND="
|
RDEPEND="
|
||||||
${CDEPEND}
|
${CDEPEND}
|
||||||
|
|
||||||
!app-emulation/docker-bin
|
|
||||||
>=net-firewall/iptables-1.4
|
>=net-firewall/iptables-1.4
|
||||||
sys-process/procps
|
sys-process/procps
|
||||||
>=dev-vcs/git-1.7
|
>=dev-vcs/git-1.7
|
||||||
>=app-arch/xz-utils-4.9
|
>=app-arch/xz-utils-4.9
|
||||||
>=sys-apps/shadow-4.4
|
|
||||||
|
|
||||||
>=app-emulation/containerd-0.2.7_p2-r1[seccomp?]
|
=app-emulation/containerd-0.2.9_p7[seccomp?]
|
||||||
=app-emulation/runc-1.0.0_rc2_p137[apparmor?,seccomp?]
|
=app-emulation/docker-runc-1.0.0_rc3_p53[apparmor?,seccomp?]
|
||||||
app-emulation/docker-proxy
|
app-emulation/docker-proxy
|
||||||
container-init? ( >=sys-process/tini-0.13.1 )
|
container-init? ( >=sys-process/tini-0.13.1 )
|
||||||
"
|
"
|
||||||
|
|
||||||
RESTRICT="installsources strip"
|
RESTRICT="installsources strip"
|
||||||
|
|
||||||
|
S="${WORKDIR}/${P}/src/${COREOS_GO_PACKAGE}"
|
||||||
|
|
||||||
# see "contrib/check-config.sh" from upstream's sources
|
# see "contrib/check-config.sh" from upstream's sources
|
||||||
CONFIG_CHECK="
|
CONFIG_CHECK="
|
||||||
~NAMESPACES ~NET_NS ~PID_NS ~IPC_NS ~UTS_NS
|
~NAMESPACES ~NET_NS ~PID_NS ~IPC_NS ~UTS_NS
|
||||||
@ -193,34 +198,30 @@ pkg_setup() {
|
|||||||
enewgroup docker
|
enewgroup docker
|
||||||
}
|
}
|
||||||
|
|
||||||
src_prepare() {
|
src_unpack() {
|
||||||
# allow user patches (use sparingly - upstream won't support them)
|
if [ -n "$DOCKER_GITCOMMIT" ]; then
|
||||||
epatch_user
|
mkdir -p "${S}"
|
||||||
|
tar --strip-components=1 -C "${S}" -xf "${DISTDIR}/${A}"
|
||||||
# remove the .git directory so that hack/make.sh uses DOCKER_GITCOMMIT
|
else
|
||||||
# for the commit hash.
|
git-r3_src_unpack
|
||||||
rm --recursive --force .git
|
DOCKER_GITCOMMIT=$(git -C "${S}" rev-parse HEAD | head -c 7)
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
src_compile() {
|
src_compile() {
|
||||||
# if we treat them right, Docker's build scripts will set up a
|
export GOPATH="${WORKDIR}/${P}"
|
||||||
# reasonable GOPATH for us
|
|
||||||
export AUTO_GOPATH=1
|
|
||||||
|
|
||||||
# if we're building from a zip, we need the GITCOMMIT value
|
# setup CFLAGS and LDFLAGS for separate build target
|
||||||
|
# see https://github.com/tianon/docker-overlay/pull/10
|
||||||
|
export CGO_CFLAGS="-I${ROOT}/usr/include"
|
||||||
|
export CGO_LDFLAGS="-L${ROOT}/usr/$(get_libdir)"
|
||||||
|
|
||||||
|
# if we're building from a tarball, we need the GITCOMMIT value
|
||||||
[ "$DOCKER_GITCOMMIT" ] && export DOCKER_GITCOMMIT
|
[ "$DOCKER_GITCOMMIT" ] && export DOCKER_GITCOMMIT
|
||||||
|
|
||||||
if gcc-specs-pie; then
|
# fake golang layout
|
||||||
sed -i "s/EXTLDFLAGS_STATIC='/&-fno-PIC /" hack/make.sh || die
|
ln -s docker-ce/components/engine ../docker || die
|
||||||
grep -q -- '-fno-PIC' hack/make.sh || die 'hardened sed failed'
|
ln -s docker-ce/components/cli ../cli || die
|
||||||
|
|
||||||
sed "s/LDFLAGS_STATIC_DOCKER='/&-extldflags -fno-PIC /" \
|
|
||||||
-i hack/make/dynbinary-client || die
|
|
||||||
sed "s/LDFLAGS_STATIC_DOCKER='/&-extldflags -fno-PIC /" \
|
|
||||||
-i hack/make/dynbinary-daemon || die
|
|
||||||
grep -q -- '-fno-PIC' hack/make/dynbinary-daemon || die 'hardened sed failed'
|
|
||||||
grep -q -- '-fno-PIC' hack/make/dynbinary-client || die 'hardened sed failed'
|
|
||||||
fi
|
|
||||||
|
|
||||||
# let's set up some optional features :)
|
# let's set up some optional features :)
|
||||||
export DOCKER_BUILDTAGS=''
|
export DOCKER_BUILDTAGS=''
|
||||||
@ -236,24 +237,42 @@ src_compile() {
|
|||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
go_export
|
pushd components/engine || die
|
||||||
|
|
||||||
# verbose building
|
if use hardened; then
|
||||||
export BUILDFLAGS="-x -v"
|
sed -i "s#EXTLDFLAGS_STATIC='#&-fno-PIC $LDFLAGS #" hack/make.sh || die
|
||||||
|
grep -q -- '-fno-PIC' hack/make.sh || die 'hardened sed failed'
|
||||||
|
sed "s#LDFLAGS_STATIC_DOCKER='#&-extldflags \"-fno-PIC $LDFLAGS\" #" \
|
||||||
|
-i hack/make/dynbinary-daemon || die
|
||||||
|
grep -q -- '-fno-PIC' hack/make/dynbinary-daemon || die 'hardened sed failed'
|
||||||
|
fi
|
||||||
|
|
||||||
# time to build!
|
# build daemon
|
||||||
./hack/make.sh dynbinary || die 'dynbinary failed'
|
./hack/make.sh dynbinary || die 'dynbinary failed'
|
||||||
|
|
||||||
|
popd || die # components/engine
|
||||||
|
|
||||||
|
pushd components/cli || die
|
||||||
|
|
||||||
|
# build cli
|
||||||
|
emake \
|
||||||
|
LDFLAGS="$(usex hardened "-extldflags \"-fno-PIC $LDFLAGS\"" '')" \
|
||||||
|
VERSION="$(cat ../../VERSION)" \
|
||||||
|
GITCOMMIT="${DOCKER_GITCOMMIT}" \
|
||||||
|
dynbinary || die
|
||||||
|
|
||||||
|
popd || die # components/cli
|
||||||
}
|
}
|
||||||
|
|
||||||
src_install() {
|
src_install() {
|
||||||
VERSION="$(cat VERSION)"
|
|
||||||
newbin "bundles/$VERSION/dynbinary-client/docker-$VERSION" docker
|
|
||||||
newbin "bundles/$VERSION/dynbinary-daemon/dockerd-$VERSION" dockerd
|
|
||||||
dosym containerd /usr/bin/docker-containerd
|
dosym containerd /usr/bin/docker-containerd
|
||||||
dosym containerd-shim /usr/bin/docker-containerd-shim
|
dosym containerd-shim /usr/bin/docker-containerd-shim
|
||||||
dosym runc /usr/bin/docker-runc
|
dosym runc /usr/bin/docker-runc
|
||||||
use container-init && dosym tini /usr/bin/docker-init
|
use container-init && dosym tini /usr/bin/docker-init
|
||||||
|
|
||||||
|
pushd components/engine || die
|
||||||
|
newbin "$(readlink -f bundles/latest/dynbinary-daemon/dockerd)" dockerd
|
||||||
|
|
||||||
newinitd contrib/init/openrc/docker.initd docker
|
newinitd contrib/init/openrc/docker.initd docker
|
||||||
newconfd contrib/init/openrc/docker.confd docker
|
newconfd contrib/init/openrc/docker.confd docker
|
||||||
|
|
||||||
@ -273,18 +292,19 @@ src_install() {
|
|||||||
dodoc AUTHORS CONTRIBUTING.md CHANGELOG.md NOTICE README.md
|
dodoc AUTHORS CONTRIBUTING.md CHANGELOG.md NOTICE README.md
|
||||||
dodoc -r docs/*
|
dodoc -r docs/*
|
||||||
|
|
||||||
dobashcomp contrib/completion/bash/*
|
|
||||||
|
|
||||||
if use zsh-completion; then
|
|
||||||
insinto /usr/share/zsh/site-functions
|
|
||||||
doins contrib/completion/zsh/*
|
|
||||||
fi
|
|
||||||
|
|
||||||
if use vim-syntax; then
|
|
||||||
insinto /usr/share/vim/vimfiles
|
insinto /usr/share/vim/vimfiles
|
||||||
doins -r contrib/syntax/vim/ftdetect
|
doins -r contrib/syntax/vim/ftdetect
|
||||||
doins -r contrib/syntax/vim/syntax
|
doins -r contrib/syntax/vim/syntax
|
||||||
fi
|
popd || die # components/engine
|
||||||
|
|
||||||
|
pushd components/cli || die
|
||||||
|
|
||||||
|
newbin build/docker-* docker
|
||||||
|
|
||||||
|
dobashcomp contrib/completion/bash/*
|
||||||
|
insinto /usr/share/zsh/site-functions
|
||||||
|
doins contrib/completion/zsh/_*
|
||||||
|
popd || die # components/cli
|
||||||
}
|
}
|
||||||
|
|
||||||
pkg_postinst() {
|
pkg_postinst() {
|
||||||
|
@ -8,23 +8,18 @@
|
|||||||
scale, in production, on VMs, bare metal, OpenStack clusters, public
|
scale, in production, on VMs, bare metal, OpenStack clusters, public
|
||||||
clouds and more.
|
clouds and more.
|
||||||
</longdescription>
|
</longdescription>
|
||||||
<herd>proxy-maintainers</herd>
|
<maintainer type="person">
|
||||||
<maintainer status="active">
|
|
||||||
<email>admwiggin@gmail.com</email>
|
<email>admwiggin@gmail.com</email>
|
||||||
<name>Tianon</name>
|
<name>Tianon</name>
|
||||||
</maintainer>
|
</maintainer>
|
||||||
<maintainer>
|
<maintainer type="person">
|
||||||
<email>xarthisius@gentoo.org</email>
|
|
||||||
<name>Kacper Kowalik</name>
|
|
||||||
</maintainer>
|
|
||||||
<maintainer>
|
|
||||||
<email>alunduil@gentoo.org</email>
|
|
||||||
<name>Alex Brandt</name>
|
|
||||||
</maintainer>
|
|
||||||
<maintainer>
|
|
||||||
<email>williamh@gentoo.org</email>
|
<email>williamh@gentoo.org</email>
|
||||||
<name>William Hubbs</name>
|
<name>William Hubbs</name>
|
||||||
</maintainer>
|
</maintainer>
|
||||||
|
<maintainer type="person">
|
||||||
|
<email>mrueg@gentoo.org</email>
|
||||||
|
<name>Manuel Rüger</name>
|
||||||
|
</maintainer>
|
||||||
<use>
|
<use>
|
||||||
<flag name="aufs">
|
<flag name="aufs">
|
||||||
Enables dependencies for the "aufs" graph driver, including
|
Enables dependencies for the "aufs" graph driver, including
|
||||||
@ -37,23 +32,20 @@
|
|||||||
Enables dependencies for the "btrfs" graph driver, including
|
Enables dependencies for the "btrfs" graph driver, including
|
||||||
necessary kernel flags.
|
necessary kernel flags.
|
||||||
</flag>
|
</flag>
|
||||||
<flag name="contrib">
|
<flag name="container-init">
|
||||||
Install additional contrib scripts and components.
|
Makes the a staticly-linked init system tini available inside a
|
||||||
|
container.
|
||||||
</flag>
|
</flag>
|
||||||
<flag name="device-mapper">
|
<flag name="device-mapper">
|
||||||
Enables dependencies for the "devicemapper" graph driver, including
|
Enables dependencies for the "devicemapper" graph driver, including
|
||||||
necessary kernel flags.
|
necessary kernel flags.
|
||||||
</flag>
|
</flag>
|
||||||
<flag name="experimental">
|
|
||||||
Enable features labelled by upstream to be of "experimental"
|
|
||||||
quality and not yet ready for general consumption.
|
|
||||||
</flag>
|
|
||||||
<flag name="overlay">
|
<flag name="overlay">
|
||||||
Enables dependencies for the "overlay" graph driver, including
|
Enables dependencies for the "overlay" graph driver, including
|
||||||
necessary kernel flags.
|
necessary kernel flags.
|
||||||
</flag>
|
</flag>
|
||||||
<flag name="lxc">
|
<flag name="pkcs11">
|
||||||
Enables dependencies for the "lxc" execution driver.
|
Enables pkcs-11 support.
|
||||||
</flag>
|
</flag>
|
||||||
</use>
|
</use>
|
||||||
<upstream>
|
<upstream>
|
||||||
|
Loading…
x
Reference in New Issue
Block a user