From 14b1cba4dd89a679648d80dcc5070183f29f616b Mon Sep 17 00:00:00 2001 From: Alex Crawford Date: Tue, 13 Jan 2015 14:26:27 -0800 Subject: [PATCH 1/2] app-emulation/docker: prune 1.3.3 ebuild --- .../docker/docker-1.3.3-r1.ebuild | 246 ------------------ .../app-emulation/docker/docker-9999.ebuild | 4 +- .../app-emulation/docker/files/docker.service | 10 +- .../docker/files/docker.service-r1 | 16 -- .../docker/files/early-docker.service | 8 +- .../docker/files/early-docker.service-r1 | 14 - 6 files changed, 7 insertions(+), 291 deletions(-) delete mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.3.3-r1.ebuild delete mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service-r1 delete mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/early-docker.service-r1 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.3.3-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.3.3-r1.ebuild deleted file mode 100644 index d97305664b..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.3.3-r1.ebuild +++ /dev/null @@ -1,246 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: $ - -EAPI=5 - -DESCRIPTION="Docker complements kernel namespacing with a high-level API which operates at the process level." -HOMEPAGE="https://www.docker.io/" - -CROS_WORKON_PROJECT="dotcloud/docker" -CROS_WORKON_LOCALNAME="docker" -CROS_WORKON_REPO="git://github.com" - -GITHUB_URI="github.com/crosbymichael/docker" - -# TODO: Remove this logic once we cross the 1.4.0 threshold -BTRFS_VER="0.20" - -if [[ ${PV} == *9999 ]]; then - DOCKER_GITCOMMIT="deadbee" - KEYWORDS="~amd64" - BTRFS_VER="3.16.1" -else - CROS_WORKON_COMMIT="d3446258471733fe667f0abdf015ee3ebd2f3485" # v1.3.3 - DOCKER_GITCOMMIT="${CROS_WORKON_COMMIT:0:7}" - KEYWORDS="amd64" -fi - -inherit bash-completion-r1 linux-info systemd udev user cros-workon - -LICENSE="Apache-2.0" -SLOT="0" -IUSE="aufs +btrfs contrib +device-mapper doc lxc vim-syntax zsh-completion" - -CDEPEND=" - >=dev-db/sqlite-3.7.9:3 - device-mapper? ( - sys-fs/lvm2[thin] - ) -" -DEPEND=" - ${CDEPEND} - >=dev-lang/go-1.2 - btrfs? ( - >=sys-fs/btrfs-progs-${BTRFS_VER} - ) - dev-vcs/git - dev-vcs/mercurial -" -RDEPEND=" - ${CDEPEND} - !app-emulation/docker-bin - >=net-firewall/iptables-1.4 - lxc? ( - >=app-emulation/lxc-1.0 - ) - >=dev-vcs/git-1.7 - >=app-arch/xz-utils-4.9 - aufs? ( - || ( - sys-fs/aufs3 - sys-kernel/aufs-sources - ) - ) -" - -RESTRICT="installsources strip" - -pkg_setup() { - if kernel_is lt 3 8; then - ewarn "" - ewarn "Using Docker with kernels older than 3.8 is unstable and unsupported." - ewarn "" - fi - - # many of these were borrowed from the app-emulation/lxc ebuild - CONFIG_CHECK+=" - ~CGROUPS - ~CGROUP_CPUACCT - ~CGROUP_DEVICE - ~CGROUP_FREEZER - ~CGROUP_SCHED - ~CPUSETS - ~MEMCG_SWAP - ~RESOURCE_COUNTERS - - ~IPC_NS - ~NAMESPACES - ~PID_NS - - ~DEVPTS_MULTIPLE_INSTANCES - ~MACVLAN - ~NET_NS - ~UTS_NS - ~VETH - - ~!NETPRIO_CGROUP - ~POSIX_MQUEUE - - ~BRIDGE - ~IP_NF_TARGET_MASQUERADE - ~NETFILTER_XT_MATCH_ADDRTYPE - ~NETFILTER_XT_MATCH_CONNTRACK - ~NF_NAT - ~NF_NAT_NEEDED - - ~!GRKERNSEC_CHROOT_CAPS - ~!GRKERNSEC_CHROOT_CHMOD - ~!GRKERNSEC_CHROOT_DOUBLE - ~!GRKERNSEC_CHROOT_MOUNT - ~!GRKERNSEC_CHROOT_PIVOT - " - - ERROR_MEMCG_SWAP="CONFIG_MEMCG_SWAP: is required if you wish to limit swap usage of containers" - - for c in GRKERNSEC_CHROOT_MOUNT GRKERNSEC_CHROOT_DOUBLE GRKERNSEC_CHROOT_PIVOT GRKERNSEC_CHROOT_CHMOD; do - declare "ERROR_$c"="CONFIG_$c: see app-emulation/lxc postinst notes for why some GRSEC features make containers unusuable" - done - - if use aufs; then - CONFIG_CHECK+=" - ~AUFS_FS - " - ERROR_AUFS_FS="CONFIG_AUFS_FS: is required to be set if and only if aufs-sources are used" - fi - - if use btrfs; then - CONFIG_CHECK+=" - ~BTRFS_FS - " - fi - - if use device-mapper; then - CONFIG_CHECK+=" - ~BLK_DEV_DM - ~DM_THIN_PROVISIONING - ~EXT4_FS - " - fi - - check_extra_config -} - -src_compile() { - # hack(philips): to keep the git commit from being dirty - mv .git .git.old - - # if we treat them right, Docker's build scripts will set up a - # reasonable GOPATH for us - export AUTO_GOPATH=1 - - # setup CFLAGS and LDFLAGS for separate build target - # see https://github.com/tianon/docker-overlay/pull/10 - export CGO_CFLAGS="-I${ROOT}/usr/include" - export CGO_LDFLAGS="-L${ROOT}/usr/lib" - - # if we're building from a zip, we need the GITCOMMIT value - [ "$DOCKER_GITCOMMIT" ] && export DOCKER_GITCOMMIT - - if gcc-specs-pie; then - sed -i "s/EXTLDFLAGS_STATIC='/EXTLDFLAGS_STATIC='-fno-PIC /" hack/make.sh || die - grep -q -- '-fno-PIC' hack/make.sh || die 'hardened sed failed' - - sed -i 's/LDFLAGS_STATIC_DOCKER="/LDFLAGS_STATIC_DOCKER="-extldflags -fno-PIC /' hack/make/dynbinary || die - grep -q -- '-fno-PIC' hack/make/dynbinary || die 'hardened sed failed' - fi - - # let's set up some optional features :) - export DOCKER_BUILDTAGS='' - for gd in aufs btrfs device-mapper; do - if ! use $gd; then - DOCKER_BUILDTAGS+=" exclude_graphdriver_${gd//-/}" - fi - done - - # time to build! - ./hack/make.sh dynbinary || die - - # TODO pandoc the man pages using docs/man/md2man-all.sh -} - -src_install() { - VERSION=$(cat VERSION) - newbin bundles/$VERSION/dynbinary/docker-$VERSION docker - exeinto /usr/libexec/docker - newexe bundles/$VERSION/dynbinary/dockerinit-$VERSION dockerinit - - newinitd contrib/init/openrc/docker.initd docker - newconfd contrib/init/openrc/docker.confd docker - - systemd_dounit "${FILESDIR}/docker.service" - systemd_dounit "${FILESDIR}/docker.socket" - systemd_dounit "${FILESDIR}/early-docker.service" - systemd_dounit "${FILESDIR}/early-docker.socket" - systemd_dounit "${FILESDIR}/early-docker.target" - - insinto /usr/lib/systemd/network - doins "${FILESDIR}"/50-docker{,-veth}.network - - udev_dorules contrib/udev/*.rules - - dodoc AUTHORS CONTRIBUTING.md CHANGELOG.md NOTICE README.md - if use doc; then - # TODO doman contrib/man/man*/* - - docompress -x /usr/share/doc/${PF}/md - docinto md - dodoc -r docs/sources/* - fi - - dobashcomp contrib/completion/bash/* - - if use zsh-completion; then - insinto /usr/share/zsh/site-functions - doins contrib/completion/zsh/* - fi - - if use vim-syntax; then - insinto /usr/share/vim/vimfiles - doins -r contrib/syntax/vim/ftdetect - doins -r contrib/syntax/vim/syntax - fi - - if use contrib; then - mkdir -p "${D}/usr/share/${PN}/contrib" - cp -R contrib/* "${D}/usr/share/${PN}/contrib" - fi -} - -pkg_postinst() { - udev_reload - - elog "" - elog "To use docker, the docker daemon must be running as root. To automatically" - elog "start the docker daemon at boot, add docker to the default runlevel:" - elog " rc-update add docker default" - elog "Similarly for systemd:" - elog " systemctl enable docker.service" - elog "" - - # create docker group if the code checking for it in /etc/group exists - enewgroup docker - - elog "To use docker as a non-root user, add yourself to the docker group." - elog "" -} diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild index 485d5a464e..949ac23819 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-9999.ebuild @@ -190,9 +190,9 @@ src_install() { exeinto /usr/lib/coreos doexe "${FILESDIR}/dockerd" - systemd_newunit "${FILESDIR}/docker.service-r1" "docker.service" + systemd_dounit "${FILESDIR}/docker.service" systemd_dounit "${FILESDIR}/docker.socket" - systemd_newunit "${FILESDIR}/early-docker.service-r1" "early-docker.service" + systemd_dounit "${FILESDIR}/early-docker.service" systemd_dounit "${FILESDIR}/early-docker.socket" systemd_dounit "${FILESDIR}/early-docker.target" diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service index 275f63557e..73049fce68 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service @@ -1,20 +1,16 @@ [Unit] Description=Docker Application Container Engine -Documentation=http://docs.docker.io -After=docker.socket early-docker.target +Documentation=http://docs.docker.com +After=docker.socket early-docker.target network.target Requires=docker.socket early-docker.target [Service] Environment=TMPDIR=/var/tmp -Environment=DOCKER_DRIVER=btrfs Environment=DOCKER_OPTS='--insecure-registry="0.0.0.0/0"' EnvironmentFile=-/run/docker_opts.env LimitNOFILE=1048576 LimitNPROC=1048576 -ExecStartPre=/bin/mount --make-rprivate / -# Run docker but don't have docker automatically restart -# containers. This is a job for systemd and unit files. -ExecStart=/usr/bin/docker --daemon --host=fd:// $DOCKER_OPTS +ExecStart=/usr/lib/coreos/dockerd --daemon --host=fd:// $DOCKER_OPTS [Install] WantedBy=multi-user.target diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service-r1 b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service-r1 deleted file mode 100644 index 73049fce68..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service-r1 +++ /dev/null @@ -1,16 +0,0 @@ -[Unit] -Description=Docker Application Container Engine -Documentation=http://docs.docker.com -After=docker.socket early-docker.target network.target -Requires=docker.socket early-docker.target - -[Service] -Environment=TMPDIR=/var/tmp -Environment=DOCKER_OPTS='--insecure-registry="0.0.0.0/0"' -EnvironmentFile=-/run/docker_opts.env -LimitNOFILE=1048576 -LimitNPROC=1048576 -ExecStart=/usr/lib/coreos/dockerd --daemon --host=fd:// $DOCKER_OPTS - -[Install] -WantedBy=multi-user.target diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/early-docker.service b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/early-docker.service index 5f8a9f3907..4f9d9dda42 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/early-docker.service +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/early-docker.service @@ -1,18 +1,14 @@ [Unit] Description=Early Docker Application Container Engine -Documentation=http://docs.docker.io +Documentation=http://docs.docker.com After=early-docker.socket Requires=early-docker.socket [Service] Environment=TMPDIR=/var/tmp -Environment=DOCKER_DRIVER=btrfs -ExecStartPre=/bin/mount --make-rprivate / LimitNOFILE=1048576 LimitNPROC=1048576 -# Run docker but don't have docker automatically restart -# containers. This is a job for systemd and unit files. -ExecStart=/usr/bin/docker --daemon --host=fd:// --bridge=none --iptables=false --ip-masq=false --graph=/var/lib/early-docker --pidfile=/var/run/early-docker.pid +ExecStart=/usr/lib/coreos/dockerd --daemon --host=fd:// --bridge=none --iptables=false --ip-masq=false --graph=/var/lib/early-docker --pidfile=/var/run/early-docker.pid [Install] WantedBy=early-docker.target diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/early-docker.service-r1 b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/early-docker.service-r1 deleted file mode 100644 index 4f9d9dda42..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/early-docker.service-r1 +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=Early Docker Application Container Engine -Documentation=http://docs.docker.com -After=early-docker.socket -Requires=early-docker.socket - -[Service] -Environment=TMPDIR=/var/tmp -LimitNOFILE=1048576 -LimitNPROC=1048576 -ExecStart=/usr/lib/coreos/dockerd --daemon --host=fd:// --bridge=none --iptables=false --ip-masq=false --graph=/var/lib/early-docker --pidfile=/var/run/early-docker.pid - -[Install] -WantedBy=early-docker.target From 0ff1c04f81aa3f21872c06b1d79abe20908f51bd Mon Sep 17 00:00:00 2001 From: Alex Crawford Date: Tue, 13 Jan 2015 14:27:42 -0800 Subject: [PATCH 2/2] app-emulation/docker: drop insecure registry flag --- .../docker/{docker-1.4.1-r1.ebuild => docker-1.4.1-r2.ebuild} | 0 .../coreos-overlay/app-emulation/docker/files/docker.service | 1 - 2 files changed, 1 deletion(-) rename sdk_container/src/third_party/coreos-overlay/app-emulation/docker/{docker-1.4.1-r1.ebuild => docker-1.4.1-r2.ebuild} (100%) diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.4.1-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.4.1-r2.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.4.1-r1.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-emulation/docker/docker-1.4.1-r2.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service index 73049fce68..3cd3201763 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/docker/files/docker.service @@ -6,7 +6,6 @@ Requires=docker.socket early-docker.target [Service] Environment=TMPDIR=/var/tmp -Environment=DOCKER_OPTS='--insecure-registry="0.0.0.0/0"' EnvironmentFile=-/run/docker_opts.env LimitNOFILE=1048576 LimitNPROC=1048576