mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-09-23 14:41:31 +02:00
Code Issues Packages Projects Releases Wiki Activity

overlay app-emulation/docker: "Sync" with Gentoo

Browse Source 
This is a kinda-sorta sync, because Gentoo has already dropped docker
20.x.y at 20.10.22, whereas we have 20.10.24. I updated our ebuild
based on the older version of Gentoo's and adapted the dependency
versions to ones mentioned on moby github page. The reason behind this
"syncing" is to pull in changes in the kernel config changes as there
are changes relevant to kernel 6.1.
This commit is contained in:
Krzesimir Nowak 2023-03-24 15:41:01 +01:00
parent aeb9d8e2b9
commit 964117a9a2
9 changed files with 74 additions and 167 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-20.10.24.ebuild vendored
View File

@ -1,25 +1,21 @@
# Copyright 1999-2021 Gentoo Authors # Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2 # Distributed under the terms of the GNU General Public License v2
EAPI=7 EAPI=7
EGO_PN=github.com/docker/docker EGO_PN=github.com/docker/docker
MY_PV=${PV/_/-}
GIT_COMMIT=d6cbf44b8c GIT_COMMIT=d6cbf44b8c
COREOS_GO_VERSION="go1.18" inherit linux-info systemd udev golang-vcs-snapshot
COREOS_GO_GO111MODULE="off"
inherit bash-completion-r1 linux-info systemd udev golang-vcs-snapshot
inherit coreos-go-depend
DESCRIPTION="The core functions you need to create Docker images and run Docker containers" DESCRIPTION="The core functions you need to create Docker images and run Docker containers"
HOMEPAGE="https://www.docker.com/" HOMEPAGE="https://www.docker.com/"
MY_PV=${PV/_/-}
SRC_URI="https://github.com/moby/moby/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz" SRC_URI="https://github.com/moby/moby/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz"
LICENSE="Apache-2.0" LICENSE="Apache-2.0"
SLOT="0" SLOT="0"
KEYWORDS="amd64 ~arm arm64 ppc64 ~x86" KEYWORDS="amd64 ~arm arm64 ppc64 ~riscv ~x86"
# Flatcar: default enable required USE flags IUSE="apparmor aufs btrfs +cli +container-init device-mapper hardened
IUSE="apparmor aufs +btrfs +cli +container-init +device-mapper +hardened +overlay +seccomp +journald" overlay seccomp selinux"
DEPEND=" DEPEND="
acct-group/docker acct-group/docker
@ -30,20 +26,11 @@ DEPEND="
seccomp? ( >=sys-libs/libseccomp-2.2.1 ) seccomp? ( >=sys-libs/libseccomp-2.2.1 )
" "
# Flatcar:
# For CoreOS builds coreos-kernel must be installed because this ebuild
# checks the kernel config. The kernel config is left by the kernel compile
# or an explicit copy when installing binary packages. See coreos-kernel.eclass
DEPEND+="sys-kernel/coreos-kernel"
# https://github.com/moby/moby/blob/master/project/PACKAGERS.md#runtime-dependencies # https://github.com/moby/moby/blob/master/project/PACKAGERS.md#runtime-dependencies
# https://github.com/moby/moby/blob/master/project/PACKAGERS.md#optional-dependencies # https://github.com/moby/moby/blob/master/project/PACKAGERS.md#optional-dependencies
# https://github.com/moby/moby/tree/master//hack/dockerfile/install # https://github.com/moby/moby/tree/master//hack/dockerfile/install
# make sure docker-proxy is pinned to exact version from ^, # make sure docker-proxy is pinned to exact version from ^,
# for appropriate branchch/version of course # for appropriate branchch/version of course
# Flatcar:
# containerd ebuild doesn't support apparmor, device-mapper and seccomp use flags
# tini ebuild doesn't support static use flag
RDEPEND=" RDEPEND="
${DEPEND} ${DEPEND}
>=net-firewall/iptables-1.4 >=net-firewall/iptables-1.4
@ -51,16 +38,17 @@ RDEPEND="
>=dev-vcs/git-1.7 >=dev-vcs/git-1.7
>=app-arch/xz-utils-4.9 >=app-arch/xz-utils-4.9
dev-libs/libltdl dev-libs/libltdl
>=app-emulation/containerd-1.4.6[btrfs?] >=app-containers/containerd-1.6.16[apparmor?,btrfs?,device-mapper?,seccomp?]
~app-emulation/docker-proxy-0.8.0_p20210525 ~app-containers/docker-proxy-0.8.0_p20230118
cli? ( app-emulation/docker-cli ) cli? ( ~app-containers/docker-cli-${PV} )
container-init? ( >=sys-process/tini-0.19.0 ) container-init? ( >=sys-process/tini-0.19.0[static] )
selinux? ( sec-policy/selinux-docker )
" "
# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#build-dependencies # https://github.com/docker/docker/blob/master/project/PACKAGERS.md#build-dependencies
# Flatcar: drop go-md2man
BDEPEND=" BDEPEND="
>=dev-lang/go-1.13.12 >=dev-lang/go-1.16.12
dev-go/go-md2man
virtual/pkgconfig virtual/pkgconfig
" "
# tests require running dockerd as root and downloading containers # tests require running dockerd as root and downloading containers
@ -68,8 +56,10 @@ RESTRICT="installsources strip test"
S="${WORKDIR}/${P}/src/${EGO_PN}" S="${WORKDIR}/${P}/src/${EGO_PN}"
# https://bugs.gentoo.org/748984 https://github.com/etcd-io/etcd/pull/12552
PATCHES=( PATCHES=(
"${FILESDIR}/ppc64-buildmode.patch" "${FILESDIR}/ppc64-buildmode.patch"
"${FILESDIR}/0001-Openrc-Depend-on-containerd-init-script.patch"
) )
# see "contrib/check-config.sh" from upstream's sources # see "contrib/check-config.sh" from upstream's sources
@ -87,7 +77,6 @@ CONFIG_CHECK="
~USER_NS ~USER_NS
~SECCOMP ~SECCOMP
~CGROUP_PIDS ~CGROUP_PIDS
~MEMCG_SWAP
~BLK_CGROUP ~BLK_DEV_THROTTLING ~BLK_CGROUP ~BLK_DEV_THROTTLING
~CGROUP_PERF ~CGROUP_PERF
@ -152,6 +141,12 @@ pkg_setup() {
" "
fi fi
if kernel_is lt 6 1; then
CONFIG_CHECK+="
~MEMCG_SWAP
"
fi
if use aufs; then if use aufs; then
CONFIG_CHECK+=" CONFIG_CHECK+="
~AUFS_FS ~AUFS_FS
@ -177,17 +172,14 @@ pkg_setup() {
} }
src_compile() { src_compile() {
# Flatcar: for cross-compilation
go_export
export DOCKER_GITCOMMIT="${GIT_COMMIT}" export DOCKER_GITCOMMIT="${GIT_COMMIT}"
export GOPATH="${WORKDIR}/${P}" export GOPATH="${WORKDIR}/${P}"
export VERSION=${PV} export VERSION=${PV}
# setup CFLAGS and LDFLAGS for separate build target # setup CFLAGS and LDFLAGS for separate build target
# see https://github.com/tianon/docker-overlay/pull/10 # see https://github.com/tianon/docker-overlay/pull/10
# Flatcar: allow injecting CFLAGS/LDFLAGS, which is needed for torcx rpath export CGO_CFLAGS="-I${ESYSROOT}/usr/include"
export CGO_CFLAGS="${CGO_CFLAGS} -I${ESYSROOT}/usr/include" export CGO_LDFLAGS="-L${ESYSROOT}/usr/$(get_libdir)"
export CGO_LDFLAGS="${CGO_LDFLAGS} -L${ESYSROOT}/usr/$(get_libdir)"
# let's set up some optional features :) # let's set up some optional features :)
export DOCKER_BUILDTAGS='' export DOCKER_BUILDTAGS=''
@ -197,18 +189,16 @@ src_compile() {
fi fi
done done
for tag in apparmor seccomp journald; do for tag in apparmor seccomp; do
if use $tag; then if use $tag; then
DOCKER_BUILDTAGS+=" $tag" DOCKER_BUILDTAGS+=" $tag"
fi fi
done done
# Flatcar:
# inject LDFLAGS for torcx
if use hardened; then if use hardened; then
sed -i "s#EXTLDFLAGS_STATIC='#&-fno-PIC $LDFLAGS #" hack/make.sh || die sed -i "s/EXTLDFLAGS_STATIC='/&-fno-PIC /" hack/make.sh || die
grep -q -- '-fno-PIC' hack/make.sh || die 'hardened sed failed' grep -q -- '-fno-PIC' hack/make.sh || die 'hardened sed failed'
sed "s#LDFLAGS_STATIC_DOCKER='#&-extldflags \"-fno-PIC $LDFLAGS\" #" \ sed "s/LDFLAGS_STATIC_DOCKER='/&-extldflags -fno-PIC /" \
-i hack/make/dynbinary-daemon || die -i hack/make/dynbinary-daemon || die
grep -q -- '-fno-PIC' hack/make/dynbinary-daemon || die 'hardened sed failed' grep -q -- '-fno-PIC' hack/make/dynbinary-daemon || die 'hardened sed failed'
fi fi
@ -227,26 +217,16 @@ src_install() {
newinitd contrib/init/openrc/docker.initd docker newinitd contrib/init/openrc/docker.initd docker
newconfd contrib/init/openrc/docker.confd docker newconfd contrib/init/openrc/docker.confd docker
# Flatcar: systemd_dounit contrib/init/systemd/docker.{service,socket}
# install our systemd units/network config and our wrapper into
# /usr/lib/flatcar/docker for backwards compatibility
exeinto /usr/lib/flatcar
doexe "${FILESDIR}/dockerd"
systemd_dounit "${FILESDIR}/docker.service"
systemd_dounit "${FILESDIR}/docker.socket"
insinto /usr/lib/systemd/network
doins "${FILESDIR}/50-docker.network"
doins "${FILESDIR}/90-docker-veth.network"
udev_dorules contrib/udev/*.rules udev_dorules contrib/udev/*.rules
dodoc AUTHORS CONTRIBUTING.md CHANGELOG.md NOTICE README.md dodoc AUTHORS CONTRIBUTING.md CHANGELOG.md NOTICE README.md
dodoc -r docs/* dodoc -r docs/*
# Flatcar: # note: intentionally not using "doins" so that we preserve +x bits
# don't install contrib bits dodir /usr/share/${PN}/contrib
cp -R contrib/* "${ED}/usr/share/${PN}/contrib"
} }
pkg_postinst() { pkg_postinst() {
@ -287,15 +267,15 @@ pkg_postinst() {
ewarn "Starting with docker 20.10.2, docker has been split into" ewarn "Starting with docker 20.10.2, docker has been split into"
ewarn "two packages upstream, so Gentoo has followed suit." ewarn "two packages upstream, so Gentoo has followed suit."
ewarn ewarn
ewarn "app-emulation/docker contains the daemon and" ewarn "app-containers/docker contains the daemon and"
ewarn "app-emulation/docker-cli contains the docker command." ewarn "app-containers/docker-cli contains the docker command."
ewarn ewarn
ewarn "docker currently installs docker-cli using the cli use flag." ewarn "docker currently installs docker-cli using the cli use flag."
ewarn ewarn
ewarn "This use flag is temporary, so you need to take the" ewarn "This use flag is temporary, so you need to take the"
ewarn "following actions:" ewarn "following actions:"
ewarn ewarn
ewarn "First, disable the cli use flag for app-emulation/docker" ewarn "First, disable the cli use flag for app-containers/docker"
ewarn ewarn
ewarn "Then, if you need docker-cli and docker on the same machine," ewarn "Then, if you need docker-cli and docker on the same machine,"
ewarn "run the following command:" ewarn "run the following command:"
@ -304,3 +284,7 @@ pkg_postinst() {
ewarn ewarn
fi fi
} }
pkg_postrm() {
udev_reload
}

28
sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/0001-Openrc-Depend-on-containerd-init-script.patch vendored Normal file
View File

@ -0,0 +1,28 @@
From bb69104381805014eb7675682d204fe460a52388 Mon Sep 17 00:00:00 2001
From: Jan Breig <git@pygos.space>
Date: Mon, 16 May 2022 14:58:36 +0200
Subject: [PATCH] Openrc: Depend on containerd init script
Signed-off-by: Jan Breig <git@pygos.space>
---
contrib/init/openrc/docker.initd | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/contrib/init/openrc/docker.initd b/contrib/init/openrc/docker.initd
index 3229223bad..57defb8f57 100644
--- a/contrib/init/openrc/docker.initd
+++ b/contrib/init/openrc/docker.initd
@@ -17,6 +17,10 @@ rc_ulimit="${DOCKER_ULIMIT:--c unlimited -n 1048576 -u unlimited}"
retry="${DOCKER_RETRY:-TERM/60/KILL/10}"
+depend() {
+ need containerd
+}
+
start_pre() {
checkpath -f -m 0644 -o root:docker "$DOCKER_LOGFILE"
}
--
2.35.1

6
sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/50-docker.network vendored
View File

@ -1,6 +0,0 @@
[Match]
Type=bridge
Name=docker* br-*
[Link]
Unmanaged=yes

5
sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/90-docker-veth.network vendored
View File

@ -1,5 +0,0 @@
[Match]
Driver=veth
[Link]
Unmanaged=yes

37
sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service vendored
View File

@ -1,37 +0,0 @@
[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.com
After=containerd.service docker.socket network-online.target
Wants=network-online.target
Requires=containerd.service docker.socket
[Service]
Type=notify
EnvironmentFile=-/run/flannel/flannel_docker_opts.env
Environment=DOCKER_SELINUX=--selinux-enabled=true
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd --host=fd:// --containerd=/var/run/docker/libcontainerd/docker-containerd.sock $DOCKER_SELINUX $DOCKER_OPTS $DOCKER_CGROUPS $DOCKER_OPT_BIP $DOCKER_OPT_MTU $DOCKER_OPT_IPMASQ
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=1048576
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
[Install]
WantedBy=multi-user.target

13
sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.socket vendored
View File

@ -1,13 +0,0 @@
[Unit]
Description=Docker Socket for the API
PartOf=docker.service
[Socket]
ListenStream=/var/run/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
[Install]
WantedBy=sockets.target

41
sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/dockerd vendored
View File

@ -1,41 +0,0 @@
#!/bin/bash
# Wrapper for launching docker daemons with selinux default on
# This wrapper script has been deprecated (euank: 2017-05-09) and is retained
# for backwards compatibility.
set -e
parse_docker_args() {
local flag
while [[ $# -gt 0 ]]; do
flag="$1"
shift
# treat --flag=foo and --flag foo identically
if [[ "${flag}" == *=* ]]; then
set -- "${flag#*=}" "$@"
flag="${flag%=*}"
fi
case "${flag}" in
--selinux-enabled)
ARG_SELINUX="$1"
shift
;;
*)
# ignore everything else
;;
esac
done
}
parse_docker_args "$@"
USE_SELINUX=""
# Do not override selinux if it is already explicitly configured.
if [[ -z "${ARG_SELINUX}" ]]; then
# If unspecified, default off
USE_SELINUX="--selinux-enabled=false"
fi
exec dockerd "$@" ${USE_SELINUX}

14
sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/ppc64-buildmode.patch vendored
View File

@ -17,14 +17,14 @@ index 5ea3e373f2..7a911de15a 100644
--- a/hack/make/.binary --- a/hack/make/.binary
+++ b/hack/make/.binary +++ b/hack/make/.binary
@@ -70,7 +70,7 @@ hash_files() { @@ -70,7 +70,7 @@ hash_files() {
if [[ " $BUILDFLAGS " != *" -race "* ]]; then
# -buildmode=pie is not supported on Windows and Linux on mips and riscv64.
case "$(go env GOOS)/$(go env GOARCH)" in
- windows/* | linux/mips* | linux/riscv*) ;;
+ windows/* | linux/mips* | linux/riscv* | linux/ppc64) ;;
*) # -buildmode=pie is not supported on Windows and Linux on mips and riscv64.
BUILDFLAGS+=("-buildmode=pie") case "$(go env GOOS)/$(go env GOARCH)" in
- windows/* | linux/mips* | linux/riscv*) ;;
+ windows/* | linux/mips* | linux/riscv* | linux/ppc64) ;;
*)
BUILDFLAGS+=("-buildmode=pie")
-- --
2.32.0 2.32.0

7
sdk_container/src/third_party/coreos-overlay/app-emulation/docker/metadata.xml vendored
View File

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> <!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata> <pkgmetadata>
<longdescription> <longdescription>
Docker is an open-source project to easily create lightweight, Docker is an open-source project to easily create lightweight,
@ -21,16 +21,13 @@
Enables dependencies for the "aufs" graph driver, including Enables dependencies for the "aufs" graph driver, including
necessary kernel flags. necessary kernel flags.
</flag> </flag>
<flag name="apparmor">
Enable AppArmor support.
</flag>
<flag name="btrfs"> <flag name="btrfs">
Enables dependencies for the "btrfs" graph driver, including Enables dependencies for the "btrfs" graph driver, including
necessary kernel flags. necessary kernel flags.
</flag> </flag>
<flag name="cli"> <flag name="cli">
This is a temporary use flag which pulls in This is a temporary use flag which pulls in
app-emulation/docker-cli, the docker command line client. <pkg>app-containers/docker-cli</pkg>, the docker command line client.
This flag is here to assist in the transition to split packages This flag is here to assist in the transition to split packages
and will be removed in a future release. and will be removed in a future release.
</flag> </flag>