From 28efe488ac414d0a54e185175c95317480b4bbca Mon Sep 17 00:00:00 2001 From: David Michael Date: Thu, 28 Sep 2017 14:13:30 -0700 Subject: [PATCH 01/11] app-emulation/docker-runc: Bump for Docker 17.09 This also includes some minor shifting around to reduce the diff with current Gentoo ebuilds. --- .../app-emulation/docker-runc/Manifest | 2 +- ...53-r1.ebuild => docker-runc-1.0.0_rc4_p25.ebuild} | 12 ++++++------ ...ntainer-default-mount-propagation-correctly.patch | 10 +++++----- 3 files changed, 12 insertions(+), 12 deletions(-) rename sdk_container/src/third_party/coreos-overlay/app-emulation/docker-runc/{docker-runc-1.0.0_rc3_p53-r1.ebuild => docker-runc-1.0.0_rc4_p25.ebuild} (84%) diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-runc/Manifest b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-runc/Manifest index 415ffda7c8..04f8342547 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-runc/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-runc/Manifest @@ -1 +1 @@ -DIST docker-runc-1.0.0_rc3_p53.tar.gz 1042839 SHA256 d09b31b9a5adf0a3295d10b20e5f65ec8e1c52a371d463218694c37e075829e9 SHA512 8e937e8ccaa114913d61a450b030496668c1e2d80eecccf5e4914c5685d7dde9a0d50bc2aef9be844dc69eab81621aa1c043abbc72ba28ab6bdb9db5e86daeaf WHIRLPOOL bec7b506a6b2522d401733b32a9f500aec69920dc6d8072ab434c7bfbb1c88a6fb00afa1d2728f78fbaac1d58f890a2b5932fdbe2b0e87b749293f2b48ed2e8a +DIST docker-runc-1.0.0_rc4_p25.tar.gz 1094599 SHA256 d5820f1c655061be79441bd57efea4e5b60b25b6a451214b64172395b9fda383 SHA512 0cb0748812296294a87dda257dbf0947897a1ada2aa861ff3e65309a6bbecebbe798929845fca6f23b66fd0dc019bca0a032737c7192fe20618d8e1849866f3d WHIRLPOOL ed34894a3878c0cae50888c936eba1dad8d58da8d7042d5e421f06e4e98c1d7701a5c877baaba14a46d588b2ee3354e19d72bb141d5d8e7f6c0bed2d3a6b71b6 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-runc/docker-runc-1.0.0_rc3_p53-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-runc/docker-runc-1.0.0_rc4_p25.ebuild similarity index 84% rename from sdk_container/src/third_party/coreos-overlay/app-emulation/docker-runc/docker-runc-1.0.0_rc3_p53-r1.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-emulation/docker-runc/docker-runc-1.0.0_rc4_p25.ebuild index 0a7f6c700e..22d144891a 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-runc/docker-runc-1.0.0_rc3_p53-r1.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-runc/docker-runc-1.0.0_rc4_p25.ebuild @@ -7,13 +7,13 @@ GITHUB_URI="github.com/opencontainers/runc" COREOS_GO_PACKAGE="${GITHUB_URI}" COREOS_GO_VERSION="go1.8" # the commit of runc that docker uses. -# see https://github.com/docker/docker-ce/blob/v17.06.2-ce/components/engine/hack/dockerfile/binaries-commits#L6 -# Note: this commit is only really present in `docker/runc` in the 'docker/17.06' branch +# see https://github.com/docker/docker-ce/blob/v17.09.0-ce/components/engine/hack/dockerfile/binaries-commits#L6 +# Note: this commit is only really present in the `docker/runc` repository. # Update the patch number when this commit is changed (i.e. the _p in the ebuild). # The patch version is arbitrarily the number of commits since the tag version # spcified in the ebuild name. For example: -# $ git log --oneline v1.0.0-rc3..${COMMIT_ID} | wc -l -COMMIT_ID="810190ceaa507aa2727d7ae6f4790c76ec150bd2" +# $ git log --oneline v1.0.0-rc4..${COMMIT_ID} | wc -l +COMMIT_ID="3f2f8b84a77f73d38244dd690525642a72156c64" inherit eutils flag-o-matic coreos-go vcs-snapshot @@ -25,7 +25,7 @@ HOMEPAGE="http://runc.io" LICENSE="Apache-2.0" SLOT="0" -IUSE="apparmor ambient hardened +seccomp selinux" +IUSE="ambient apparmor hardened +seccomp selinux" RDEPEND=" apparmor? ( sys-libs/libapparmor ) @@ -55,8 +55,8 @@ src_compile() { # build up optional flags local options=( - $(usex apparmor 'apparmor' '') $(usex ambient 'ambient' '') + $(usex apparmor 'apparmor' '') $(usex seccomp 'seccomp' '') $(usex selinux 'selinux' '') ) diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-runc/files/0002-libcontainer-default-mount-propagation-correctly.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-runc/files/0002-libcontainer-default-mount-propagation-correctly.patch index c284e9972d..d67c6951e2 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-runc/files/0002-libcontainer-default-mount-propagation-correctly.patch +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-runc/files/0002-libcontainer-default-mount-propagation-correctly.patch @@ -27,11 +27,11 @@ diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_li index 1575ae03..8a2947f6 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go -@@ -36,7 +36,7 @@ var mountPropagationMapping = map[string]int{ - "slave": syscall.MS_SLAVE, - "rshared": syscall.MS_SHARED | syscall.MS_REC, - "shared": syscall.MS_SHARED, -- "": syscall.MS_PRIVATE | syscall.MS_REC, +@@ -37,7 +37,7 @@ var mountPropagationMapping = map[string]int{ + "slave": unix.MS_SLAVE, + "rshared": unix.MS_SHARED | unix.MS_REC, + "shared": unix.MS_SHARED, +- "": unix.MS_PRIVATE | unix.MS_REC, + "": 0, } From 60a82dfae56f65e999620574afea7a5b36836ca8 Mon Sep 17 00:00:00 2001 From: David Michael Date: Thu, 28 Sep 2017 14:30:08 -0700 Subject: [PATCH 02/11] app-emulation/containerd: Bump for Docker 17.09 --- .../coreos-overlay/app-emulation/containerd/Manifest | 2 +- ...containerd-0.2.9_p7.ebuild => containerd-0.2.9_p27.ebuild} | 0 .../app-emulation/containerd/containerd-9999.ebuild | 4 ++-- 3 files changed, 3 insertions(+), 3 deletions(-) rename sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/{containerd-0.2.9_p7.ebuild => containerd-0.2.9_p27.ebuild} (100%) diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/Manifest b/sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/Manifest index f6fa6c9be2..301b1e7992 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/Manifest @@ -1,2 +1,2 @@ DIST containerd-0.2.5.tar.gz 1003500 SHA256 88e099af66b50abe7f2159f13bdab793fa5199d8d5b9a9ef7a68171abb4359be SHA512 ba1e074bb7556a7c4be4d68dc62aa2fa4b823682c209d1609c1f11518a7b7167139ea159d31e0b21ba190d83115a67e5e45b54b6a4770742d49e9e561309551f WHIRLPOOL eb3622ba99c4d4806bda9a45853422a5b0b884869ed3be4c3caec4c20f49027e8db78b9885eca7bc83a0f3b08e9a66eca950390f0eda1ef2535fd3ab41623bf4 -DIST containerd-0.2.9_p7.tar.gz 1229549 SHA256 c506121c49e3bfea27018aa77e09e4734067f84ae85b6ef75ec31b488a91ae54 SHA512 900cf9c251c4de0f9848fb5bf26537226c1361d1a64a0fba853bda3805cb141fc2a849442fe885f0ee228b3e3a7018440af18898b484a54a7b75b4a86538aaa9 WHIRLPOOL 880f19a994f623b7cd8c3f771b5c56468681de349ae4196e60ffcb5a34d42ef423d8eefc82c07134c9e50c33bc0ecbfc1a9e47c3df987050d8dcb82da0178d80 +DIST containerd-0.2.9_p27.tar.gz 1140788 SHA256 4d2b6e30bcc6c4bb901d6b9f19b5ac1d4a2d9b17075a9b1f110102920d01f64a SHA512 c749bda691197ec8a7603db9ad92f2800a3f065143430a660333b7862518deb4c158a1c1fd01671dff438b40988d4a64d8f06bab05496b8728c6e2f57cd7da0a WHIRLPOOL 75cb3467a94af50bef52377f309d7c85386475789fab3d2758679f022b516735728a1ac2c54307954a14100c4f84059d8fd5e8376270fdd69e572cff43453fa0 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/containerd-0.2.9_p7.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/containerd-0.2.9_p27.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/containerd-0.2.9_p7.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/containerd-0.2.9_p27.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/containerd-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/containerd-9999.ebuild index 7e9f0a80e4..cfb8774648 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/containerd-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/containerd-9999.ebuild @@ -15,7 +15,7 @@ else # The patch number is arbitrarily chosen as the number of commits since the # tagged version. # e.g. git log --oneline v0.2.9..${EGIT_COMMIT} | wc -l - EGIT_COMMIT="6e23458c129b551d5c9871e5174f6b1b7f6d1170" + EGIT_COMMIT="06b9cb35161009dcb7123345749fef02f7cea8e0" SRC_URI="https://${GITHUB_URI}/archive/${EGIT_COMMIT}.tar.gz -> ${P}.tar.gz" KEYWORDS="amd64 arm64" inherit vcs-snapshot @@ -31,7 +31,7 @@ SLOT="0" IUSE="hardened +seccomp" DEPEND="" -RDEPEND=">=app-emulation/docker-runc-1.0.0_rc3 +RDEPEND=">=app-emulation/docker-runc-1.0.0_rc4 seccomp? ( sys-libs/libseccomp )" S=${WORKDIR}/${P}/src/${COREOS_GO_PACKAGE} From dbf9146671d59454e7ec0ea1707d1b7042adba69 Mon Sep 17 00:00:00 2001 From: David Michael Date: Thu, 28 Sep 2017 14:33:59 -0700 Subject: [PATCH 03/11] app-emulation/docker: Bump to Docker 17.09.0 The build date patch is included upstream. --- .../app-emulation/docker/Manifest | 2 +- ...7.06.2-r3.ebuild => docker-17.09.0.ebuild} | 0 .../app-emulation/docker/docker-9999.ebuild | 12 ++++---- .../patches/allow-override-build-date.patch | 30 ------------------- 4 files changed, 6 insertions(+), 38 deletions(-) rename sdk_container/src/third_party/coreos-overlay/app-emulation/docker/{docker-17.06.2-r3.ebuild => docker-17.09.0.ebuild} (100%) delete mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/patches/allow-override-build-date.patch diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/Manifest b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/Manifest index 71be469b43..b4427d1bef 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/Manifest @@ -1 +1 @@ -DIST docker-17.06.2.tar.gz 9684548 SHA256 cfcb5646db32f52c4c394bc688fff405e585beab4ded64251958804a102a5269 SHA512 0a9b7b122aadef911141ec1f606759e892c0673821ddf5f3247a5b2d4476a20018add84a22c5aca32f0f91c1046e5be6d8d3f9ce65c3e4244896bf061b1eac6b WHIRLPOOL d0cc166319dbf735d67796df3836f79b24b9108327276ca0ba272398cdc70d6fae4649d9097b6dd29e62633ee636a216343e0d3ffd781cf63ef4c7a7c8cea259 +DIST docker-17.09.0.tar.gz 10132253 SHA256 ef1d7f2c48824495e4109426ba85b75c09cc9463b9ba92703e25ffcbe14536ae SHA512 d96570825fb3dc24516b3b9666e935d5277674221452d8a23e6bcd1116f0bb3a2b8b315f47b98f52e681ab79309c099bb3b5c437af942539708ff3126c993638 WHIRLPOOL ca96166ff3573138713d3d45fcfc42cfed99a70e9db17a1763a9e157e6ce3f301fd01ab3c579aacfcbcab7639986e97bbbbc680fbc65edd76047aee079239b6b diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-17.06.2-r3.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-17.09.0.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-17.06.2-r3.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-17.09.0.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild index a2f654e7b4..5b7d221118 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild @@ -19,7 +19,7 @@ else else MY_PV="$PV-ce" fi - DOCKER_GITCOMMIT="cec0b72" + DOCKER_GITCOMMIT="afdb6d4" SRC_URI="https://${COREOS_GO_PACKAGE}/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz" KEYWORDS="amd64 arm64" [ "$DOCKER_GITCOMMIT" ] || die "DOCKER_GITCOMMIT must be added manually for each bump!" @@ -74,9 +74,6 @@ RESTRICT="installsources strip" S="${WORKDIR}/${P}/src/${COREOS_GO_PACKAGE}" -PATCHES=( - "${FILESDIR}/patches/allow-override-build-date.patch" -) ENGINE_PATCHES=( "${FILESDIR}/patches/engine/revert-make-overlay-home-dir-private.patch" ) @@ -259,14 +256,14 @@ src_compile() { fi # build daemon - SOURCE_DATE_EPOCH="${DOCKER_BUILD_DATE}" ./hack/make.sh dynbinary || die 'dynbinary failed' + SOURCE_DATE_EPOCH="${DOCKER_BUILD_DATE}" \ + ./hack/make.sh dynbinary || die 'dynbinary failed' popd || die # components/engine pushd components/cli || die - - # Imitating https://github.com/docker/docker-ce/blob/v17.06.2-ce/components/cli/scripts/build/.variables#L7 + # Imitating https://github.com/docker/docker-ce/blob/v17.09.0-ce/components/cli/scripts/build/.variables#L6 CLI_BUILDTIME="$(date -d "@${DOCKER_BUILD_DATE}" --utc --rfc-3339 ns 2> /dev/null | sed -e 's/ /T/')" # build cli emake \ @@ -274,6 +271,7 @@ src_compile() { LDFLAGS="$(usex hardened "-extldflags \"-fno-PIC $LDFLAGS\"" '')" \ VERSION="$(cat ../../VERSION)" \ GITCOMMIT="${DOCKER_GITCOMMIT}" \ + DISABLE_WARN_OUTSIDE_CONTAINER=1 \ dynbinary || die popd || die # components/cli diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/patches/allow-override-build-date.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/patches/allow-override-build-date.patch deleted file mode 100644 index 38e0606779..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/patches/allow-override-build-date.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 336f19edea1f15d9a96ebee604f160df43653503 Mon Sep 17 00:00:00 2001 -From: "Bernhard M. Wiedemann" -Date: Wed, 19 Jul 2017 06:17:19 +0200 -Subject: [PATCH] Allow to override build date - -in order to make builds reproducible. -See https://reproducible-builds.org/ for why this is good -and https://reproducible-builds.org/specs/source-date-epoch/ -for the definition of this variable. - -Signed-off-by: Bernhard M. Wiedemann -Upstream-commit: 760763e9957840f1983a5006f4e66d6920ec496e -Component: engine ---- - components/engine/hack/make.sh | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/components/engine/hack/make.sh b/components/engine/hack/make.sh -index b7d59ba94a..7d18d649b5 100755 ---- a/components/engine/hack/make.sh -+++ b/components/engine/hack/make.sh -@@ -68,7 +68,7 @@ DEFAULT_BUNDLES=( - ) - - VERSION=$(< ./VERSION) --! BUILDTIME=$(date --rfc-3339 ns 2> /dev/null | sed -e 's/ /T/') -+! BUILDTIME=$(date -u -d "@${SOURCE_DATE_EPOCH:-$(date +%s)}" --rfc-3339 ns 2> /dev/null | sed -e 's/ /T/') - if [ "$DOCKER_GITCOMMIT" ]; then - GITCOMMIT="$DOCKER_GITCOMMIT" - elif command -v git &> /dev/null && [ -d .git ] && git rev-parse &> /dev/null; then From cc98b79640fe7e4118d1ebb4b4cec3fc95c0b842 Mon Sep 17 00:00:00 2001 From: David Michael Date: Thu, 28 Sep 2017 18:39:07 -0700 Subject: [PATCH 04/11] app-emulation/docker-proxy: Sync with Gentoo This does not change the commit that gets built, which still matches the version used in Docker 17.09. --- .../coreos-overlay/app-emulation/docker-proxy/Manifest | 2 +- ...0-r1.ebuild => docker-proxy-0.8.0_p20170917.ebuild} | 0 .../docker-proxy/docker-proxy-9999.ebuild | 10 ++++++---- 3 files changed, 7 insertions(+), 5 deletions(-) rename sdk_container/src/third_party/coreos-overlay/app-emulation/docker-proxy/{docker-proxy-0.8.0_p20170410-r1.ebuild => docker-proxy-0.8.0_p20170917.ebuild} (100%) diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-proxy/Manifest b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-proxy/Manifest index 1458d3074b..b1a6bc67c2 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-proxy/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-proxy/Manifest @@ -1 +1 @@ -DIST docker-proxy-0.8.0_p20170410.tar.gz 2176893 SHA256 49d31e8b386b88d45d9c417d8d775fa647ecdc66f8e2a93a35f401c7bc8c9c1c SHA512 6bd82d64d2847a01feb6004ad180f77e767d4a27ca742a66c411f2824f50ca4439974010e32a18a6b03bc1f6186ee7a7c5f86f6c9cbbd8c275fb7fdd345b7bc1 WHIRLPOOL 575e0c9476fdfbbafc35ef29c43725f51dc00e00517293d3fc4218e5cbc6fe1056a1b1e5498c981856af17e2add7df9841485b4f20b49f8cbefe1f20f1e4c68c +DIST docker-proxy-0.8.0_p20170917.tar.gz 2177045 SHA256 2eee331b6ded567a36e7db708405b34032b93938682cf049025f48b96d755bf6 SHA512 673ea638fa5c560d8238d7c1d88f114430f9d8efe701804bfe30044d0c059a688cbf6b62922be50834e16ee055ef6cf015f6232f76f0d942768f9e84e95496cd WHIRLPOOL 27b33b36bbdeaff3d25977b50aa11fc5a4708482f44efe583223c1aab40091e28824eda6eb5ac8a7f20be24ef4ddcf9b6e4a043c52c9e6953ec2c95f266fb296 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-proxy/docker-proxy-0.8.0_p20170410-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-proxy/docker-proxy-0.8.0_p20170917.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/app-emulation/docker-proxy/docker-proxy-0.8.0_p20170410-r1.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-emulation/docker-proxy/docker-proxy-0.8.0_p20170917.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-proxy/docker-proxy-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-proxy/docker-proxy-9999.ebuild index df42f2750c..6b26f5b4a1 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-proxy/docker-proxy-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-proxy/docker-proxy-9999.ebuild @@ -1,6 +1,5 @@ -# Copyright 1999-2016 Gentoo Foundation +# Copyright 1999-2017 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Id$ EAPI=6 EGO_PN="github.com/docker/libnetwork" @@ -21,7 +20,7 @@ fi inherit coreos-go DESCRIPTION="Docker container networking" -HOMEPAGE="http://github.com/docker/libnetwork" +HOMEPAGE="https://github.com/docker/libnetwork" LICENSE="Apache-2.0" SLOT="0" @@ -29,12 +28,15 @@ IUSE="" S=${WORKDIR}/${P}/src/${EGO_PN} -RDEPEND="! Date: Thu, 28 Sep 2017 14:35:44 -0700 Subject: [PATCH 05/11] app-torcx/docker: Bump the 17.06 package to 17.09 --- .../docker/{docker-17.06.ebuild => docker-17.09.ebuild} | 8 ++++---- ...ker-17.06-manifest.json => docker-17.09-manifest.json} | 0 2 files changed, 4 insertions(+), 4 deletions(-) rename sdk_container/src/third_party/coreos-overlay/app-torcx/docker/{docker-17.06.ebuild => docker-17.09.ebuild} (79%) rename sdk_container/src/third_party/coreos-overlay/app-torcx/docker/files/{docker-17.06-manifest.json => docker-17.09-manifest.json} (100%) diff --git a/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/docker-17.06.ebuild b/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/docker-17.09.ebuild similarity index 79% rename from sdk_container/src/third_party/coreos-overlay/app-torcx/docker/docker-17.06.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-torcx/docker/docker-17.09.ebuild index b518b943f3..5766885de9 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/docker-17.06.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/docker-17.09.ebuild @@ -11,10 +11,10 @@ KEYWORDS="amd64 arm64" # Explicitly list all packages that will be built into the image. RDEPEND=" - =app-emulation/docker-17.06.2-r3 - =app-emulation/containerd-0.2.9_p7 - =app-emulation/docker-proxy-0.8.0_p20170410-r1 - =app-emulation/docker-runc-1.0.0_rc3_p53-r1 + =app-emulation/docker-17.09.0 + =app-emulation/containerd-0.2.9_p27 + =app-emulation/docker-proxy-0.8.0_p20170917 + =app-emulation/docker-runc-1.0.0_rc4_p25 =dev-libs/libltdl-2.4.6 =sys-process/tini-0.13.2 " diff --git a/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/files/docker-17.06-manifest.json b/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/files/docker-17.09-manifest.json similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/app-torcx/docker/files/docker-17.06-manifest.json rename to sdk_container/src/third_party/coreos-overlay/app-torcx/docker/files/docker-17.09-manifest.json From b1cc45001ce1319000c6661ee172cbf4c968e01e Mon Sep 17 00:00:00 2001 From: David Michael Date: Thu, 28 Sep 2017 14:37:09 -0700 Subject: [PATCH 06/11] app-arch/torcx: Use Docker 17.09 in the non-1.12 profile --- .../coreos-overlay/app-arch/torcx/files/docker-1.12-no.json | 2 +- .../torcx/{torcx-0.1.2.ebuild => torcx-0.1.2-r1.ebuild} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename sdk_container/src/third_party/coreos-overlay/app-arch/torcx/{torcx-0.1.2.ebuild => torcx-0.1.2-r1.ebuild} (100%) diff --git a/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/files/docker-1.12-no.json b/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/files/docker-1.12-no.json index 53da6252bf..bc5b77291f 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/files/docker-1.12-no.json +++ b/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/files/docker-1.12-no.json @@ -4,7 +4,7 @@ "images": [ { "name": "docker", - "reference": "17.06" + "reference": "17.09" } ] } diff --git a/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-0.1.2.ebuild b/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-0.1.2-r1.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-0.1.2.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-0.1.2-r1.ebuild From 23db752fa9f37f2e6792b790d11c357706657003 Mon Sep 17 00:00:00 2001 From: David Michael Date: Thu, 28 Sep 2017 18:47:38 -0700 Subject: [PATCH 07/11] app-emulation/docker-proxy: Add an ebuild for Docker 17.03 --- .../app-emulation/docker-proxy/Manifest | 1 + .../docker-proxy-0.8.0_p20161019.ebuild | 42 +++++++++++++++++++ 2 files changed, 43 insertions(+) create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/docker-proxy/docker-proxy-0.8.0_p20161019.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-proxy/Manifest b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-proxy/Manifest index b1a6bc67c2..ab099ca0a6 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-proxy/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-proxy/Manifest @@ -1 +1,2 @@ +DIST docker-proxy-0.8.0_p20161019.tar.gz 2112423 SHA256 170d355ad613cc28245a6d9501bcaba930cb594a632fdd9bd52a4fa90b406932 SHA512 a7b040cdeaf15054d436b184370af0f9b23a5b6d0b2c01530b7ad539040186888bb030309e18a1a02ad252753cf4f08aa5e5ec504480a8ffb7050db76764db5b WHIRLPOOL 83fed4162e1fbe2a640dfb720ca85583f923166d0f7da3e397ec20a333dddc42d7def2231de8877569cb63bb37435d23f772413ffd6d82f8a4a8c453d75f669c DIST docker-proxy-0.8.0_p20170917.tar.gz 2177045 SHA256 2eee331b6ded567a36e7db708405b34032b93938682cf049025f48b96d755bf6 SHA512 673ea638fa5c560d8238d7c1d88f114430f9d8efe701804bfe30044d0c059a688cbf6b62922be50834e16ee055ef6cf015f6232f76f0d942768f9e84e95496cd WHIRLPOOL 27b33b36bbdeaff3d25977b50aa11fc5a4708482f44efe583223c1aab40091e28824eda6eb5ac8a7f20be24ef4ddcf9b6e4a043c52c9e6953ec2c95f266fb296 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-proxy/docker-proxy-0.8.0_p20161019.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-proxy/docker-proxy-0.8.0_p20161019.ebuild new file mode 100644 index 0000000000..b0f33d7708 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-proxy/docker-proxy-0.8.0_p20161019.ebuild @@ -0,0 +1,42 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +EGO_PN="github.com/docker/libnetwork" + +COREOS_GO_PACKAGE="${EGO_PN}" +COREOS_GO_VERSION="go1.7" + +if [[ ${PV} == *9999 ]]; then + KEYWORDS="~amd64 ~arm64" + inherit golang-vcs +else + EGIT_COMMIT="0f534354b813003a754606689722fe253101bc4e" + SRC_URI="https://${EGO_PN}/archive/${EGIT_COMMIT}.tar.gz -> ${P}.tar.gz" + KEYWORDS="amd64 arm64" + inherit golang-vcs-snapshot +fi + +inherit coreos-go + +DESCRIPTION="Docker container networking" +HOMEPAGE="https://github.com/docker/libnetwork" + +LICENSE="Apache-2.0" +SLOT="0" +IUSE="" + +S=${WORKDIR}/${P}/src/${EGO_PN} + +RDEPEND="! Date: Thu, 28 Sep 2017 19:13:16 -0700 Subject: [PATCH 08/11] app-emulation/docker-runc: Add an ebuild for Docker 17.03 This ebuild is a mix of the upstream ebuild and the existing one. --- .../app-emulation/docker-runc/Manifest | 1 + .../docker-runc-1.0.0_rc2_p136.ebuild | 71 +++++++++++++++++++ ...ker-runc-1.0.0_rc2-mount-propagation.patch | 41 +++++++++++ 3 files changed, 113 insertions(+) create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/docker-runc/docker-runc-1.0.0_rc2_p136.ebuild create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/docker-runc/files/docker-runc-1.0.0_rc2-mount-propagation.patch diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-runc/Manifest b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-runc/Manifest index 04f8342547..ba5a6ef23c 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-runc/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-runc/Manifest @@ -1 +1,2 @@ +DIST docker-runc-1.0.0_rc2_p136.tar.gz 561705 SHA256 2954cb6b468b3806a08c45656acc2019035bc9994c2a9b4249cfde4d9b3a7c93 SHA512 6052b95042082c3345caf25d3646f47b82c151ff3aca2ca4510dbf72ee80056d8c4077f2a1b48a9f4178c41185835ff51461e52ad47969534ea6febf7cac74f1 WHIRLPOOL ede821987006a54e7a87f88d9a5104d4a4ecc05a614e111fefa669f5ae436c11004debfe919bec0808194f2d96442775718a0208a1a374a9dd56a896f7dd8640 DIST docker-runc-1.0.0_rc4_p25.tar.gz 1094599 SHA256 d5820f1c655061be79441bd57efea4e5b60b25b6a451214b64172395b9fda383 SHA512 0cb0748812296294a87dda257dbf0947897a1ada2aa861ff3e65309a6bbecebbe798929845fca6f23b66fd0dc019bca0a032737c7192fe20618d8e1849866f3d WHIRLPOOL ed34894a3878c0cae50888c936eba1dad8d58da8d7042d5e421f06e4e98c1d7701a5c877baaba14a46d588b2ee3354e19d72bb141d5d8e7f6c0bed2d3a6b71b6 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-runc/docker-runc-1.0.0_rc2_p136.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-runc/docker-runc-1.0.0_rc2_p136.ebuild new file mode 100644 index 0000000000..c2fc52072f --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-runc/docker-runc-1.0.0_rc2_p136.ebuild @@ -0,0 +1,71 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +GITHUB_URI="github.com/docker/runc" +COREOS_GO_PACKAGE="${GITHUB_URI}" +COREOS_GO_VERSION="go1.7" +# the commit of runc that docker uses. +# see https://github.com/moby/moby/blob/v17.03.2-ce/hack/dockerfile/binaries-commits#L6 +# Note: this commit is only really present in the `docker/runc` repository. +# Update the patch number when this commit is changed (i.e. the _p in the ebuild). +# The patch version is arbitrarily the number of commits since the tag version +# spcified in the ebuild name. For example: +# $ git log --oneline v1.0.0-rc2..${COMMIT_ID} | wc -l +COMMIT_ID="54296cf40ad8143b62dbcaa1d90e520a2136ddfe" + +inherit eutils flag-o-matic coreos-go vcs-snapshot + +SRC_URI="https://${GITHUB_URI}/archive/${COMMIT_ID}.tar.gz -> ${P}.tar.gz" +KEYWORDS="amd64 arm64" + +DESCRIPTION="runc container cli tools (docker fork)" +HOMEPAGE="http://runc.io" + +LICENSE="Apache-2.0" +SLOT="0" +IUSE="apparmor hardened +seccomp selinux" + +RDEPEND=" + apparmor? ( sys-libs/libapparmor ) + seccomp? ( sys-libs/libseccomp ) + !app-emulation/runc +" + +S=${WORKDIR}/${P}/src/${COREOS_GO_PACKAGE} + +RESTRICT="test" + +src_unpack() { + mkdir -p "${S}" + tar --strip-components=1 -C "${S}" -xf "${DISTDIR}/${A}" +} + +PATCHES=( + "${FILESDIR}/${PN}-1.0.0_rc2-mount-propagation.patch" +) + +src_compile() { + # Taken from app-emulation/docker-1.7.0-r1 + export CGO_CFLAGS="-I${ROOT}/usr/include" + export CGO_LDFLAGS="$(usex hardened '-fno-PIC ' '') + -L${ROOT}/usr/$(get_libdir)" + + # build up optional flags + local options=( + $(usex apparmor 'apparmor') + $(usex seccomp 'seccomp') + $(usex selinux 'selinux') + ) + + # CoreOS: Don't try to install dependencies. + sed -i 's/go build -i /go build /' Makefile + + emake BUILDTAGS="${options[*]}" \ + COMMIT="${COMMIT_ID}" +} + +src_install() { + dobin runc +} diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-runc/files/docker-runc-1.0.0_rc2-mount-propagation.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-runc/files/docker-runc-1.0.0_rc2-mount-propagation.patch new file mode 100644 index 0000000000..c284e9972d --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker-runc/files/docker-runc-1.0.0_rc2-mount-propagation.patch @@ -0,0 +1,41 @@ +From db55cd4f29298ae08b20f92b8953735723ee2167 Mon Sep 17 00:00:00 2001 +From: Euan Kemp +Date: Fri, 22 Sep 2017 02:31:17 -0700 +Subject: [PATCH] libcontainer: default mount propagation correctly + +The code in prepareRoot (https://github.com/opencontainers/runc/blob/e385f67a0e45fa1d8ef8154e2aea5128ea1d331b/libcontainer/rootfs_linux.go#L599-L605) +attempts to default the rootfs mount to `rslave`. However, since the spec +conversion has already defaulted it to `rprivate`, that code doesn't +actually ever do anything. + +This changes the spec conversion code to accept "" and treat it as 0. + +Implicitly, this makes rootfs propagation default to `rslave`, which is +a part of fixing the moby bug https://github.com/moby/moby/issues/34672 + +Alternate implementatoins include changing this defaulting to be +`rslave` and removing the defaulting code in prepareRoot, or skipping +the mapping entirely for "", but I think this change is the cleanest of +those options. + +Signed-off-by: Euan Kemp +--- + libcontainer/specconv/spec_linux.go | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go +index 1575ae03..8a2947f6 100644 +--- a/libcontainer/specconv/spec_linux.go ++++ b/libcontainer/specconv/spec_linux.go +@@ -36,7 +36,7 @@ var mountPropagationMapping = map[string]int{ + "slave": syscall.MS_SLAVE, + "rshared": syscall.MS_SHARED | syscall.MS_REC, + "shared": syscall.MS_SHARED, +- "": syscall.MS_PRIVATE | syscall.MS_REC, ++ "": 0, + } + + var allowedDevices = []*configs.Device{ +-- +2.13.5 + From 7764732a35d5356bd65a4e6410f7c1b384b3d09e Mon Sep 17 00:00:00 2001 From: David Michael Date: Thu, 28 Sep 2017 19:28:07 -0700 Subject: [PATCH 09/11] app-emulation/containerd: Add an ebuild for Docker 17.03 --- .../app-emulation/containerd/Manifest | 1 + .../containerd/containerd-0.2.6.ebuild | 45 +++++++++++++++++++ 2 files changed, 46 insertions(+) create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/containerd-0.2.6.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/Manifest b/sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/Manifest index 301b1e7992..eb175be3c5 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/Manifest @@ -1,2 +1,3 @@ DIST containerd-0.2.5.tar.gz 1003500 SHA256 88e099af66b50abe7f2159f13bdab793fa5199d8d5b9a9ef7a68171abb4359be SHA512 ba1e074bb7556a7c4be4d68dc62aa2fa4b823682c209d1609c1f11518a7b7167139ea159d31e0b21ba190d83115a67e5e45b54b6a4770742d49e9e561309551f WHIRLPOOL eb3622ba99c4d4806bda9a45853422a5b0b884869ed3be4c3caec4c20f49027e8db78b9885eca7bc83a0f3b08e9a66eca950390f0eda1ef2535fd3ab41623bf4 +DIST containerd-0.2.6.tar.gz 1020572 SHA256 a67c4153ac5ae26b9d11daac133b90cba059ba16de7579e39c3e82bcda856493 SHA512 41018bda556a3ddfb1bd3a16e642548ba06f413b13fd1488e731896e277ba6c84a393ebd5de067ecaeccc695297a2b74edf22e5a3fe8f2e3eadf78d080bdeff6 WHIRLPOOL 98f64c888ea580074e51b91311ab186291cb2d3ecc9f178d828687dbb60b35104237041699b6125cf026edd245459a052fda1801ac3cd7e1efe34606c3d9a4eb DIST containerd-0.2.9_p27.tar.gz 1140788 SHA256 4d2b6e30bcc6c4bb901d6b9f19b5ac1d4a2d9b17075a9b1f110102920d01f64a SHA512 c749bda691197ec8a7603db9ad92f2800a3f065143430a660333b7862518deb4c158a1c1fd01671dff438b40988d4a64d8f06bab05496b8728c6e2f57cd7da0a WHIRLPOOL 75cb3467a94af50bef52377f309d7c85386475789fab3d2758679f022b516735728a1ac2c54307954a14100c4f84059d8fd5e8376270fdd69e572cff43453fa0 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/containerd-0.2.6.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/containerd-0.2.6.ebuild new file mode 100644 index 0000000000..1bb88241de --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/containerd-0.2.6.ebuild @@ -0,0 +1,45 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +GITHUB_URI="github.com/docker/containerd" +COREOS_GO_PACKAGE="${GITHUB_URI}" +COREOS_GO_VERSION="go1.7" + +EGIT_COMMIT="4ab9917febca54791c5f071a9d1f404867857fcc" # v0.2.6 +SRC_URI="https://${GITHUB_URI}/archive/v${PV}.tar.gz -> ${P}.tar.gz" +KEYWORDS="amd64 arm64" + +inherit coreos-go systemd + +DESCRIPTION="A daemon to control runC" +HOMEPAGE="https://containerd.tools" + +LICENSE="Apache-2.0" +SLOT="0" +IUSE="hardened +seccomp" + +DEPEND="" +RDEPEND=">=app-emulation/docker-runc-1.0.0_rc2 + seccomp? ( sys-libs/libseccomp )" + +S=${WORKDIR}/${P}/src/${COREOS_GO_PACKAGE} + +RESTRICT="test" + +src_unpack() { + mkdir -p "${S}" + tar --strip-components=1 -C "${S}" -xf "${DISTDIR}/${A}" +} + +src_compile() { + local options=( $(usex seccomp "seccomp" '') ) + export GOPATH="${WORKDIR}/${P}" # ${PWD}/vendor + LDFLAGS=$(usex hardened '-extldflags -fno-PIC' '') emake GIT_COMMIT="$EGIT_COMMIT" BUILDTAGS="${options[@]}" +} + +src_install() { + dobin bin/containerd* bin/ctr + systemd_dounit "${FILESDIR}/containerd.service" +} From 79fd18f518826197b6babc7adff10329fc77052e Mon Sep 17 00:00:00 2001 From: David Michael Date: Thu, 28 Sep 2017 19:51:40 -0700 Subject: [PATCH 10/11] app-emulation/docker: Add an ebuild for Docker 17.03 --- .../docker/docker-17.03.2.ebuild | 292 ++++++++++++++++++ 1 file changed, 292 insertions(+) create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-17.03.2.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-17.03.2.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-17.03.2.ebuild new file mode 100644 index 0000000000..6ef3ede90f --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-17.03.2.ebuild @@ -0,0 +1,292 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +CROS_WORKON_PROJECT="coreos/docker" +CROS_WORKON_LOCALNAME="docker" +CROS_WORKON_REPO="git://github.com" +COREOS_GO_VERSION="go1.7" + +if [[ ${PV} == *9999 ]]; then + DOCKER_GITCOMMIT="unknown" + KEYWORDS="~amd64 ~arm64" +else + CROS_WORKON_COMMIT="a662a4c026af44b573f6f7851ae467d8e86f2162" # coreos-17.03.2-ce + DOCKER_GITCOMMIT="${CROS_WORKON_COMMIT:0:7}" + KEYWORDS="amd64 arm64" +fi + +inherit bash-completion-r1 eutils linux-info multilib systemd udev user cros-workon coreos-go-depend + +DESCRIPTION="The core functions you need to create Docker images and run Docker containers" +HOMEPAGE="https://dockerproject.org" +LICENSE="Apache-2.0" +SLOT="0" +IUSE="apparmor aufs +btrfs +container-init +device-mapper hardened +overlay pkcs11 seccomp +journald +selinux" + +# https://github.com/moby/moby/blob/v17.03.2-ce/project/PACKAGERS.md#build-dependencies +CDEPEND=" + >=dev-db/sqlite-3.7.9:3 + device-mapper? ( + >=sys-fs/lvm2-2.02.89[thin] + ) + journald? ( >=sys-apps/systemd-225 ) + seccomp? ( >=sys-libs/libseccomp-2.2.1[static-libs] ) + apparmor? ( sys-libs/libapparmor ) +" + +DEPEND=" + ${CDEPEND} + + btrfs? ( + >=sys-fs/btrfs-progs-3.16.1 + ) +" + +# For CoreOS builds coreos-kernel must be installed because this ebuild +# checks the kernel config. The kernel config is left by the kernel compile +# or an explicit copy when installing binary packages. See coreos-kernel.eclass +DEPEND+="sys-kernel/coreos-kernel" + +# https://github.com/moby/moby/blob/v17.03.2-ce/project/PACKAGERS.md#runtime-dependencies +# https://github.com/moby/moby/blob/v17.03.2-ce/project/PACKAGERS.md#optional-dependencies +# Runc/Containerd: Unfortunately docker does not version the releases, in order to avoid +# incompatiblities we depend on snapshots +RDEPEND=" + ${CDEPEND} + + !app-emulation/docker-bin + >=net-firewall/iptables-1.4 + sys-process/procps + >=dev-vcs/git-1.7 + >=app-arch/xz-utils-4.9 + + =app-emulation/containerd-0.2.6[seccomp?] + =app-emulation/docker-runc-1.0.0_rc2_p136[apparmor?,seccomp?] + =app-emulation/docker-proxy-0.8.0_p20161019 + container-init? ( >=sys-process/tini-0.13.0 ) +" + +RESTRICT="installsources strip" + +# see "contrib/check-config.sh" from upstream's sources +CONFIG_CHECK=" + ~NAMESPACES ~NET_NS ~PID_NS ~IPC_NS ~UTS_NS + ~CGROUPS ~CGROUP_CPUACCT ~CGROUP_DEVICE ~CGROUP_FREEZER ~CGROUP_SCHED ~CPUSETS ~MEMCG + ~KEYS + ~VETH ~BRIDGE ~BRIDGE_NETFILTER + ~NF_NAT_IPV4 ~IP_NF_FILTER ~IP_NF_TARGET_MASQUERADE + ~NETFILTER_XT_MATCH_ADDRTYPE ~NETFILTER_XT_MATCH_CONNTRACK + ~NF_NAT ~NF_NAT_NEEDED + ~POSIX_MQUEUE + + ~USER_NS + ~SECCOMP + ~CGROUP_PIDS + ~MEMCG_SWAP ~MEMCG_SWAP_ENABLED + + ~BLK_CGROUP ~BLK_DEV_THROTTLING ~IOSCHED_CFQ ~CFQ_GROUP_IOSCHED + ~CGROUP_PERF + ~CGROUP_HUGETLB + ~NET_CLS_CGROUP + ~CFS_BANDWIDTH ~FAIR_GROUP_SCHED ~RT_GROUP_SCHED + ~IP_VS ~IP_VS_PROTO_TCP ~IP_VS_PROTO_UDP ~IP_VS_NFCT ~IP_VS_RR + + ~VXLAN + ~XFRM_ALGO ~XFRM_USER + ~IPVLAN + ~MACVLAN ~DUMMY +" + +ERROR_KEYS="CONFIG_KEYS: is mandatory" +ERROR_MEMCG_SWAP="CONFIG_MEMCG_SWAP: is required if you wish to limit swap usage of containers" +ERROR_RESOURCE_COUNTERS="CONFIG_RESOURCE_COUNTERS: is optional for container statistics gathering" + +ERROR_BLK_CGROUP="CONFIG_BLK_CGROUP: is optional for container statistics gathering" +ERROR_IOSCHED_CFQ="CONFIG_IOSCHED_CFQ: is optional for container statistics gathering" +ERROR_CGROUP_PERF="CONFIG_CGROUP_PERF: is optional for container statistics gathering" +ERROR_CFS_BANDWIDTH="CONFIG_CFS_BANDWIDTH: is optional for container statistics gathering" +ERROR_XFRM_ALGO="CONFIG_XFRM_ALGO: is optional for secure networks" +ERROR_XFRM_USER="CONFIG_XFRM_USER: is optional for secure networks" + +pkg_setup() { + if kernel_is lt 3 10; then + ewarn "" + ewarn "Using Docker with kernels older than 3.10 is unstable and unsupported." + ewarn " - http://docs.docker.com/engine/installation/binaries/#check-kernel-dependencies" + fi + + # for where these kernel versions come from, see: + # https://www.google.com/search?q=945b2b2d259d1a4364a2799e80e8ff32f8c6ee6f+site%3Akernel.org%2Fpub%2Flinux%2Fkernel+file%3AChangeLog* + if ! { + kernel_is ge 3 16 \ + || { kernel_is 3 15 && kernel_is ge 3 15 5; } \ + || { kernel_is 3 14 && kernel_is ge 3 14 12; } \ + || { kernel_is 3 12 && kernel_is ge 3 12 25; } + }; then + ewarn "" + ewarn "There is a serious Docker-related kernel panic that has been fixed in 3.16+" + ewarn " (and was backported to 3.15.5+, 3.14.12+, and 3.12.25+)" + ewarn "" + ewarn "See also https://github.com/docker/docker/issues/2960" + fi + + if kernel_is le 3 18; then + CONFIG_CHECK+=" + ~RESOURCE_COUNTERS + " + fi + + if kernel_is le 3 13; then + CONFIG_CHECK+=" + ~NETPRIO_CGROUP + " + else + CONFIG_CHECK+=" + ~CGROUP_NET_PRIO + " + fi + + if kernel_is lt 4 5; then + CONFIG_CHECK+=" + ~MEMCG_KMEM + " + ERROR_MEMCG_KMEM="CONFIG_MEMCG_KMEM: is optional" + fi + + if kernel_is lt 4 7; then + CONFIG_CHECK+=" + ~DEVPTS_MULTIPLE_INSTANCES + " + fi + + if use aufs; then + CONFIG_CHECK+=" + ~AUFS_FS + ~EXT4_FS_POSIX_ACL ~EXT4_FS_SECURITY + " + ERROR_AUFS_FS="CONFIG_AUFS_FS: is required to be set if and only if aufs-sources are used instead of aufs4/aufs3" + fi + + if use btrfs; then + CONFIG_CHECK+=" + ~BTRFS_FS + ~BTRFS_FS_POSIX_ACL + " + fi + + if use device-mapper; then + CONFIG_CHECK+=" + ~BLK_DEV_DM ~DM_THIN_PROVISIONING ~EXT4_FS ~EXT4_FS_POSIX_ACL ~EXT4_FS_SECURITY + " + fi + + if use overlay; then + CONFIG_CHECK+=" + ~OVERLAY_FS ~EXT4_FS_SECURITY ~EXT4_FS_POSIX_ACL + " + fi + + linux-info_pkg_setup + + # create docker group for the code checking for it in /etc/group + enewgroup docker +} + +src_compile() { + go_export + + # if we treat them right, Docker's build scripts will set up a + # reasonable GOPATH for us + export AUTO_GOPATH=1 + + # setup CFLAGS and LDFLAGS for separate build target + # see https://github.com/tianon/docker-overlay/pull/10 + export CGO_CFLAGS="${CGO_CFLAGS} -I${ROOT}/usr/include" + export CGO_LDFLAGS="${CGO_LDFLAGS} -L${ROOT}/usr/$(get_libdir)" + + # if we're building from a tarball, we need the GITCOMMIT value + [ "$DOCKER_GITCOMMIT" ] && export DOCKER_GITCOMMIT + + if use hardened; then + sed -i "s#EXTLDFLAGS_STATIC='#&-fno-PIC $LDFLAGS #" hack/make.sh || die + grep -q -- '-fno-PIC' hack/make.sh || die 'hardened sed failed' + + sed "s#LDFLAGS_STATIC_DOCKER='#&-extldflags \"-fno-PIC $LDFLAGS\" #" \ + -i hack/make/dynbinary-client || die + sed "s#LDFLAGS_STATIC_DOCKER='#&-extldflags \"-fno-PIC $LDFLAGS\" #" \ + -i hack/make/dynbinary-daemon || die + grep -q -- '-fno-PIC' hack/make/dynbinary-daemon || die 'hardened sed failed' + grep -q -- '-fno-PIC' hack/make/dynbinary-client || die 'hardened sed failed' + fi + + # let's set up some optional features :) + export DOCKER_BUILDTAGS='' + for gd in aufs btrfs device-mapper overlay; do + if ! use $gd; then + DOCKER_BUILDTAGS+=" exclude_graphdriver_${gd//-/}" + fi + done + + for tag in apparmor pkcs11 seccomp selinux journald; do + if use $tag; then + DOCKER_BUILDTAGS+=" $tag" + fi + done + + # time to build! + ./hack/make.sh dynbinary || die 'dynbinary failed' +} + +src_install() { + VERSION="$(cat VERSION)" + newbin "bundles/$VERSION/dynbinary-client/docker-$VERSION" docker + newbin "bundles/$VERSION/dynbinary-daemon/dockerd-$VERSION" dockerd + dosym containerd /usr/bin/docker-containerd + dosym containerd-shim /usr/bin/docker-containerd-shim + dosym runc /usr/bin/docker-runc + use container-init && dosym tini /usr/bin/docker-init + + newinitd contrib/init/openrc/docker.initd docker + newconfd contrib/init/openrc/docker.confd docker + + exeinto /usr/lib/coreos + doexe "${FILESDIR}/dockerd" + + systemd_dounit "${FILESDIR}/docker.service" + systemd_dounit "${FILESDIR}/docker.socket" + + insinto /usr/lib/systemd/network + doins "${FILESDIR}"/50-docker.network + doins "${FILESDIR}"/90-docker-veth.network + + udev_dorules contrib/udev/*.rules + + dodoc AUTHORS CONTRIBUTING.md CHANGELOG.md NOTICE README.md + dodoc -r docs/* + + dobashcomp contrib/completion/bash/* + + insinto /usr/share/zsh/site-functions + doins contrib/completion/zsh/_* + + insinto /usr/share/vim/vimfiles + doins -r contrib/syntax/vim/ftdetect + doins -r contrib/syntax/vim/syntax +} + +pkg_postinst() { + udev_reload + + elog + elog "To use Docker, the Docker daemon must be running as root. To automatically" + elog "start the Docker daemon at boot, add Docker to the default runlevel:" + elog " rc-update add docker default" + elog "Similarly for systemd:" + elog " systemctl enable docker.service" + elog + elog "To use Docker as a non-root user, add yourself to the 'docker' group:" + elog " usermod -aG docker youruser" + elog +} From bd565d63682e48073b2e86ff98458da4ff2feb22 Mon Sep 17 00:00:00 2001 From: David Michael Date: Thu, 28 Sep 2017 19:52:16 -0700 Subject: [PATCH 11/11] app-torcx/docker: Add a Docker 17.03 torcx image --- .../app-torcx/docker/docker-17.03.ebuild | 28 ++++++++++++++++++ .../docker/files/docker-17.03-manifest.json | 29 +++++++++++++++++++ 2 files changed, 57 insertions(+) create mode 100644 sdk_container/src/third_party/coreos-overlay/app-torcx/docker/docker-17.03.ebuild create mode 100644 sdk_container/src/third_party/coreos-overlay/app-torcx/docker/files/docker-17.03-manifest.json diff --git a/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/docker-17.03.ebuild b/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/docker-17.03.ebuild new file mode 100644 index 0000000000..0cb31a14d9 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/docker-17.03.ebuild @@ -0,0 +1,28 @@ +# Copyright (c) 2017 CoreOS, Inc.. All rights reserved. +# Distributed under the terms of the GNU General Public License v2 + +EAPI=2 + +DESCRIPTION="Packages to be installed in a torcx image for Docker" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 arm64" + +# Explicitly list all packages that will be built into the image. +RDEPEND=" + =app-emulation/docker-17.03.2 + =app-emulation/containerd-0.2.6 + =app-emulation/docker-proxy-0.8.0_p20161019 + =app-emulation/docker-runc-1.0.0_rc2_p136 + =sys-process/tini-0.13.2 +" + +src_install() { + insinto /.torcx + newins "${FILESDIR}/${PN}-${PV}-manifest.json" manifest.json + + # Enable the Docker socket by default. + local unitdir=/usr/lib/systemd/system + dosym ../docker.socket "${unitdir}/sockets.target.wants/docker.socket" +} diff --git a/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/files/docker-17.03-manifest.json b/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/files/docker-17.03-manifest.json new file mode 100644 index 0000000000..190f9e8538 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/files/docker-17.03-manifest.json @@ -0,0 +1,29 @@ +{ + "kind": "image-manifest-v0", + "value": { + "bin": [ + "/bin/containerd", + "/bin/containerd-shim", + "/bin/ctr", + "/bin/docker", + "/bin/docker-containerd", + "/bin/docker-containerd-shim", + "/bin/docker-init", + "/bin/docker-proxy", + "/bin/docker-runc", + "/bin/dockerd", + "/bin/runc", + "/bin/tini" + ], + "network": [ + "/lib/systemd/network/50-docker.network", + "/lib/systemd/network/90-docker-veth.network" + ], + "units": [ + "/lib/systemd/system/containerd.service", + "/lib/systemd/system/docker.service", + "/lib/systemd/system/docker.socket", + "/lib/systemd/system/sockets.target.wants" + ] + } +}