app-emulation/docker: Sync with upstream, bump to 17.06.1 / Go 1.8

This switches to the new Docker CE repo structure. It points to the docker/docker-ce GitHub repo directly now, not the CoreOS fork. The cros_workon code was dropped, so we are building unmodified upstream releases now. If fixes need to be backported, patch files can just be added to the PATCHES array since this uses EAPI=6. LDFLAGS are tacked onto the -extldflags option to support torcx. A special RPATH is added for torcx support, which is passed through the LDFLAGS environment variable. The value is applied along with the "hardened" USE flag's options, so note that torcx will not work if that flag is disabled.
2025-08-22 06:51:26 +02:00 · 2017-08-18 18:18:50 -07:00 · 2017-08-18 18:18:50 -07:00 · 9492b0b1ed
commit 9492b0b1ed
parent d97cc4a139
4 changed files with 96 additions and 83 deletions
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/Manifest
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/Manifest
@ -0,0 +1 @@
+DIST docker-17.06.1.tar.gz 9682381 SHA256 2ca8615162873b32d9565f95a4b2977d025fd44c69e087046e004f5dfb1ce30c SHA512 0a7dd578b3f5aa2be9e8df270b74cc5ad698b9c00ed4c314ecfea588cddddef26c0696265978d09abc5799f22f8bd8013b4f1a818e78eb7f7a4e7c15e082b5d0 WHIRLPOOL f6cf32cca15b36b4fa17239ee800d7e9347fc5f97050eca3590c75a76ab4d36ffff676508e7240aef5bd440795a870aa4349f7cede4e9fb4d610a3146693f8d7
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-17.05.0-r1.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-17.05.0-r1.ebuild
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild
@ -1,39 +1,45 @@
 # Copyright 1999-2017 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2

-EAPI=5
+EAPI=6

-CROS_WORKON_PROJECT="coreos/docker"
-CROS_WORKON_LOCALNAME="docker"
-CROS_WORKON_REPO="git://github.com"
-COREOS_GO_VERSION="go1.7"
+COREOS_GO_PACKAGE="github.com/docker/docker-ce"
+COREOS_GO_VERSION="go1.8"

-if [[ ${PV} == *9999 ]]; then
-	DOCKER_GITCOMMIT="unknown"
+if [[ ${PV} = *9999* ]]; then
+	# Docker cannot be fetched via "go get", thanks to autogenerated code
+	EGIT_REPO_URI="https://${COREOS_GO_PACKAGE}.git"
+	EGIT_CHECKOUT_DIR="${WORKDIR}/${P}/src/${COREOS_GO_PACKAGE}"
+	inherit git-r3
 	KEYWORDS="~amd64 ~arm64"
 else
-	CROS_WORKON_COMMIT="89658bed64c2a8fe05a978e5b87dbec409d57a0f" # coreos-17.05.0-ce
-	DOCKER_GITCOMMIT="${CROS_WORKON_COMMIT:0:7}"
+	inherit versionator
+	if [ "$(get_version_component_count)" = 4 ]; then
+		MY_PV="$(replace_version_separator 3 '-ce-')"
+	else
+		MY_PV="$PV-ce"
+	fi
+	DOCKER_GITCOMMIT="874a737"
+	SRC_URI="https://${COREOS_GO_PACKAGE}/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz"
 	KEYWORDS="amd64 arm64"
+	[ "$DOCKER_GITCOMMIT" ] || die "DOCKER_GITCOMMIT must be added manually for each bump!"
 fi
+inherit bash-completion-r1 coreos-go-depend linux-info systemd udev user

-inherit bash-completion-r1 eutils linux-info multilib systemd udev user cros-workon coreos-go-depend
-
-DESCRIPTION="Docker complements kernel namespacing with a high-level API which operates at the process level"
+DESCRIPTION="The core functions you need to create Docker images and run Docker containers"
 HOMEPAGE="https://dockerproject.org"
 LICENSE="Apache-2.0"
 SLOT="0"
-IUSE="apparmor aufs +btrfs +container-init +device-mapper +overlay pkcs11 +journald seccomp +selinux vim-syntax zsh-completion"
+IUSE="apparmor aufs +btrfs +container-init +device-mapper hardened +overlay pkcs11 seccomp +journald +selinux"

-# https://github.com/docker/docker/blob/v17.05.0-ce/project/PACKAGERS.md#build-dependencies
+# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#build-dependencies
 CDEPEND="
 	>=dev-db/sqlite-3.7.9:3
 	device-mapper? (
 		>=sys-fs/lvm2-2.02.89[thin]
 	)
-	seccomp? (
-		>=sys-libs/libseccomp-2.2.1[static-libs]
-	)
+	seccomp? ( >=sys-libs/libseccomp-2.2.1[static-libs] )
+	apparmor? ( sys-libs/libapparmor )
 "

 DEPEND="
@ -49,26 +55,25 @@ DEPEND="
 # or an explicit copy when installing binary packages. See coreos-kernel.eclass
 DEPEND+="sys-kernel/coreos-kernel"

-# https://github.com/docker/docker/blob/master/hack/PACKAGERS.md#runtime-dependencies
-# https://github.com/docker/docker/blob/master/hack/PACKAGERS.md#optional-dependencies
+# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#runtime-dependencies
+# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#optional-dependencies
 RDEPEND="
 	${CDEPEND}
-
-	!app-emulation/docker-bin
 	>=net-firewall/iptables-1.4
 	sys-process/procps
 	>=dev-vcs/git-1.7
 	>=app-arch/xz-utils-4.9
-	>=sys-apps/shadow-4.4

-	>=app-emulation/containerd-0.2.7_p2-r1[seccomp?]
-	=app-emulation/runc-1.0.0_rc2_p137[apparmor?,seccomp?]
+	=app-emulation/containerd-0.2.9_p7[seccomp?]
+	=app-emulation/docker-runc-1.0.0_rc3_p53[apparmor?,seccomp?]
 	app-emulation/docker-proxy
 	container-init? ( >=sys-process/tini-0.13.1 )
 "

 RESTRICT="installsources strip"

+S="${WORKDIR}/${P}/src/${COREOS_GO_PACKAGE}"
+
 # see "contrib/check-config.sh" from upstream's sources
 CONFIG_CHECK="
 	~NAMESPACES ~NET_NS ~PID_NS ~IPC_NS ~UTS_NS
@ -193,34 +198,30 @@ pkg_setup() {
 	enewgroup docker
 }

-src_prepare() {
-	# allow user patches (use sparingly - upstream won't support them)
-	epatch_user
-
-	# remove the .git directory so that hack/make.sh uses DOCKER_GITCOMMIT
-	# for the commit hash.
-	rm --recursive --force .git
+src_unpack() {
+	if [ -n "$DOCKER_GITCOMMIT" ]; then
+		mkdir -p "${S}"
+		tar --strip-components=1 -C "${S}" -xf "${DISTDIR}/${A}"
+	else
+		git-r3_src_unpack
+		DOCKER_GITCOMMIT=$(git -C "${S}" rev-parse HEAD | head -c 7)
+	fi
 }

 src_compile() {
-	# if we treat them right, Docker's build scripts will set up a
-	# reasonable GOPATH for us
-	export AUTO_GOPATH=1
+	export GOPATH="${WORKDIR}/${P}"

-	# if we're building from a zip, we need the GITCOMMIT value
+	# setup CFLAGS and LDFLAGS for separate build target
+	# see https://github.com/tianon/docker-overlay/pull/10
+	export CGO_CFLAGS="-I${ROOT}/usr/include"
+	export CGO_LDFLAGS="-L${ROOT}/usr/$(get_libdir)"
+
+	# if we're building from a tarball, we need the GITCOMMIT value
 	[ "$DOCKER_GITCOMMIT" ] && export DOCKER_GITCOMMIT

-	if gcc-specs-pie; then
-		sed -i "s/EXTLDFLAGS_STATIC='/&-fno-PIC /" hack/make.sh || die
-		grep -q -- '-fno-PIC' hack/make.sh || die 'hardened sed failed'
-
-		sed  "s/LDFLAGS_STATIC_DOCKER='/&-extldflags -fno-PIC /" \
-			-i hack/make/dynbinary-client || die
-		sed  "s/LDFLAGS_STATIC_DOCKER='/&-extldflags -fno-PIC /" \
-			-i hack/make/dynbinary-daemon || die
-		grep -q -- '-fno-PIC' hack/make/dynbinary-daemon || die 'hardened sed failed'
-		grep -q -- '-fno-PIC' hack/make/dynbinary-client || die 'hardened sed failed'
-	fi
+	# fake golang layout
+	ln -s docker-ce/components/engine ../docker || die
+	ln -s docker-ce/components/cli ../cli || die

 	# let's set up some optional features :)
 	export DOCKER_BUILDTAGS=''
@ -236,24 +237,42 @@ src_compile() {
 		fi
 	done

-	go_export
+	pushd components/engine || die

-	# verbose building
-	export BUILDFLAGS="-x -v"
+	if use hardened; then
+		sed -i "s#EXTLDFLAGS_STATIC='#&-fno-PIC $LDFLAGS #" hack/make.sh || die
+		grep -q -- '-fno-PIC' hack/make.sh || die 'hardened sed failed'
+		sed  "s#LDFLAGS_STATIC_DOCKER='#&-extldflags \"-fno-PIC $LDFLAGS\" #" \
+			-i hack/make/dynbinary-daemon || die
+		grep -q -- '-fno-PIC' hack/make/dynbinary-daemon || die 'hardened sed failed'
+	fi

-	# time to build!
+	# build daemon
 	./hack/make.sh dynbinary || die 'dynbinary failed'
+
+	popd || die # components/engine
+
+	pushd components/cli || die
+
+	# build cli
+	emake \
+		LDFLAGS="$(usex hardened "-extldflags \"-fno-PIC $LDFLAGS\"" '')" \
+		VERSION="$(cat ../../VERSION)" \
+		GITCOMMIT="${DOCKER_GITCOMMIT}" \
+		dynbinary || die
+
+	popd || die # components/cli
 }

 src_install() {
-	VERSION="$(cat VERSION)"
-	newbin "bundles/$VERSION/dynbinary-client/docker-$VERSION" docker
-	newbin "bundles/$VERSION/dynbinary-daemon/dockerd-$VERSION" dockerd
 	dosym containerd /usr/bin/docker-containerd
 	dosym containerd-shim /usr/bin/docker-containerd-shim
 	dosym runc /usr/bin/docker-runc
 	use container-init && dosym tini /usr/bin/docker-init

+	pushd components/engine || die
+	newbin "$(readlink -f bundles/latest/dynbinary-daemon/dockerd)" dockerd
+
 	newinitd contrib/init/openrc/docker.initd docker
 	newconfd contrib/init/openrc/docker.confd docker

@ -273,18 +292,19 @@ src_install() {
 	dodoc AUTHORS CONTRIBUTING.md CHANGELOG.md NOTICE README.md
 	dodoc -r docs/*

+	insinto /usr/share/vim/vimfiles
+	doins -r contrib/syntax/vim/ftdetect
+	doins -r contrib/syntax/vim/syntax
+	popd || die # components/engine
+
+	pushd components/cli || die
+
+	newbin build/docker-* docker
+
 	dobashcomp contrib/completion/bash/*
-
-	if use zsh-completion; then
-		insinto /usr/share/zsh/site-functions
-		doins contrib/completion/zsh/*
-	fi
-
-	if use vim-syntax; then
-		insinto /usr/share/vim/vimfiles
-		doins -r contrib/syntax/vim/ftdetect
-		doins -r contrib/syntax/vim/syntax
-	fi
+	insinto /usr/share/zsh/site-functions
+	doins contrib/completion/zsh/_*
+	popd || die # components/cli
 }

 pkg_postinst() {
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/metadata.xml
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/metadata.xml
@ -8,23 +8,18 @@
 		scale, in production, on VMs, bare metal, OpenStack clusters, public
 		clouds and more.
 	</longdescription>
-	<herd>proxy-maintainers</herd>
-	<maintainer status="active">
+	<maintainer type="person">
 		<email>admwiggin@gmail.com</email>
 		<name>Tianon</name>
 	</maintainer>
-	<maintainer>
-		<email>xarthisius@gentoo.org</email>
-		<name>Kacper Kowalik</name>
-	</maintainer>
-	<maintainer>
-		<email>alunduil@gentoo.org</email>
-		<name>Alex Brandt</name>
-	</maintainer>
-	<maintainer>
+	<maintainer type="person">
 		<email>williamh@gentoo.org</email>
 		<name>William Hubbs</name>
 	</maintainer>
+	<maintainer type="person">
+		<email>mrueg@gentoo.org</email>
+		<name>Manuel Rüger</name>
+	</maintainer>
 	<use>
 		<flag name="aufs">
 			Enables dependencies for the "aufs" graph driver, including
@ -37,23 +32,20 @@
 			Enables dependencies for the "btrfs" graph driver, including
 			necessary kernel flags.
 		</flag>
-		<flag name="contrib">
-			Install additional contrib scripts and components.
+		<flag name="container-init">
+			Makes the a staticly-linked init system tini available inside a
+			container.
 		</flag>
 		<flag name="device-mapper">
 			Enables dependencies for the "devicemapper" graph driver, including
 			necessary kernel flags.
 		</flag>
-		<flag name="experimental">
-			Enable features labelled by upstream to be of "experimental"
-			quality and not yet ready for general consumption.
-		</flag>
 		<flag name="overlay">
 			Enables dependencies for the "overlay" graph driver, including
 			necessary kernel flags.
 		</flag>
-		<flag name="lxc">
-			Enables dependencies for the "lxc" execution driver.
+		<flag name="pkcs11">
+			Enables pkcs-11 support.
 		</flag>
 	</use>
 	<upstream>
				`@ -0,0 +1 @@`
				`DIST docker-17.06.1.tar.gz 9682381 SHA256 2ca8615162873b32d9565f95a4b2977d025fd44c69e087046e004f5dfb1ce30c SHA512 0a7dd578b3f5aa2be9e8df270b74cc5ad698b9c00ed4c314ecfea588cddddef26c0696265978d09abc5799f22f8bd8013b4f1a818e78eb7f7a4e7c15e082b5d0 WHIRLPOOL f6cf32cca15b36b4fa17239ee800d7e9347fc5f97050eca3590c75a76ab4d36ffff676508e7240aef5bd440795a870aa4349f7cede4e9fb4d610a3146693f8d7`