diff --git a/.gitignore b/.gitignore deleted file mode 100644 index ba7acb1..0000000 --- a/.gitignore +++ /dev/null @@ -1,32 +0,0 @@ -/containerd-837e8c5.tar.gz -/docker-222ea44.tar.gz -/docker-storage-setup-194eca2.tar.gz -/grimes-15ecf94.tar.gz -/runc-02f8fa7.tar.gz -/v1.10-migrator-994c35c.tar.gz -/docker-storage-setup-96594f9.tar.gz -/containerd-52ef1ce.tar.gz -/docker-3625f73.tar.gz -/docker-storage-setup-abe18de.tar.gz -/grimes-74341e9.tar.gz -/docker-99476ca.tar.gz -/docker-storage-setup-308c5e3.tar.gz -/libnetwork-0f53435.tar.gz -/runc-6b13ece.tar.gz -/docker-storage-setup-ba0dcf3.tar.gz -/docker-storage-setup-c9faba1.tar.gz -/docker-b5f2bae.tar.gz -/docker-6cd0bbe.tar.gz -/tini-v0.13.0.tar.gz -/tini-4a92b9e.tar.gz -/containerd-8517738.tar.gz -/runc-2f7393a.tar.gz -/docker-51eb16e.tar.gz -/docker-27e468e.tar.gz -/runc-d90fcb7.tar.gz -/containerd-42e825a.tar.gz -/docker-9cb56fd.tar.gz -/libnetwork-d00ceed.tar.gz -/runc-b425831.tar.gz -/docker-1185cfd.tar.gz -/runc-e4ffe43.tar.gz diff --git a/0001-nsenter-clone-proc-self-exe-to-avoid-exposing-host-b.patch b/0001-nsenter-clone-proc-self-exe-to-avoid-exposing-host-b.patch deleted file mode 100644 index 59bbcf5..0000000 --- a/0001-nsenter-clone-proc-self-exe-to-avoid-exposing-host-b.patch +++ /dev/null @@ -1,290 +0,0 @@ -From 2a03a0c265d5bd3e77bc22e7d1fbb57388984727 Mon Sep 17 00:00:00 2001 -From: Aleksa Sarai -Date: Wed, 9 Jan 2019 13:40:01 +1100 -Subject: [PATCH 1/1] nsenter: clone /proc/self/exe to avoid exposing host - binary to container - -There are quite a few circumstances where /proc/self/exe pointing to a -pretty important container binary is a _bad_ thing, so to avoid this we -have to make a copy (preferably doing self-clean-up and not being -writeable). - -As a hotfix we require memfd_create(2), but we can always extend this to -use a scratch MNT_DETACH overlayfs or tmpfs. The main downside to this -approach is no page-cache sharing for the runc binary (which overlayfs -would give us) but this is far less complicated. - -This is only done during nsenter so that it happens transparently to the -Go code, and any libcontainer users benefit from it. This also makes -ExtraFiles and --preserve-fds handling trivial (because we don't need to -worry about it). - -Fixes: CVE-2019-5736 -Co-developed-by: Christian Brauner -Signed-off-by: Aleksa Sarai -Signed-off-by: Mrunal Patel ---- - libcontainer/nsenter/cloned_binary.c | 221 +++++++++++++++++++++++++++ - libcontainer/nsenter/nsexec.c | 11 ++ - 2 files changed, 232 insertions(+) - create mode 100644 libcontainer/nsenter/cloned_binary.c - -diff --git a/libcontainer/nsenter/cloned_binary.c b/libcontainer/nsenter/cloned_binary.c -new file mode 100644 -index 00000000..d9f6093a ---- /dev/null -+++ b/libcontainer/nsenter/cloned_binary.c -@@ -0,0 +1,221 @@ -+#define _GNU_SOURCE -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#include -+#include -+ -+/* Use our own wrapper for memfd_create. */ -+#if !defined(SYS_memfd_create) && defined(__NR_memfd_create) -+# define SYS_memfd_create __NR_memfd_create -+#endif -+#ifndef SYS_memfd_create -+# error "memfd_create(2) syscall not supported by this glibc version" -+#endif -+int memfd_create(const char *name, unsigned int flags) -+{ -+ return syscall(SYS_memfd_create, name, flags); -+} -+ -+/* This comes directly from . */ -+#ifndef F_LINUX_SPECIFIC_BASE -+# define F_LINUX_SPECIFIC_BASE 1024 -+#endif -+#ifndef F_ADD_SEALS -+# define F_ADD_SEALS (F_LINUX_SPECIFIC_BASE + 9) -+# define F_GET_SEALS (F_LINUX_SPECIFIC_BASE + 10) -+#endif -+#ifndef F_SEAL_SEAL -+# define F_SEAL_SEAL 0x0001 /* prevent further seals from being set */ -+# define F_SEAL_SHRINK 0x0002 /* prevent file from shrinking */ -+# define F_SEAL_GROW 0x0004 /* prevent file from growing */ -+# define F_SEAL_WRITE 0x0008 /* prevent writes */ -+#endif -+ -+ -+#define OUR_MEMFD_COMMENT "runc_cloned:/proc/self/exe" -+#define OUR_MEMFD_SEALS \ -+ (F_SEAL_SEAL | F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE) -+ -+static void *must_realloc(void *ptr, size_t size) -+{ -+ void *old = ptr; -+ do { -+ ptr = realloc(old, size); -+ } while(!ptr); -+ return ptr; -+} -+ -+/* -+ * Verify whether we are currently in a self-cloned program (namely, is -+ * /proc/self/exe a memfd). F_GET_SEALS will only succeed for memfds (or rather -+ * for shmem files), and we want to be sure it's actually sealed. -+ */ -+static int is_self_cloned(void) -+{ -+ int fd, seals; -+ -+ fd = open("/proc/self/exe", O_RDONLY|O_CLOEXEC); -+ if (fd < 0) -+ return -ENOTRECOVERABLE; -+ -+ seals = fcntl(fd, F_GET_SEALS); -+ close(fd); -+ return seals == OUR_MEMFD_SEALS; -+} -+ -+/* -+ * Basic wrapper around mmap(2) that gives you the file length so you can -+ * safely treat it as an ordinary buffer. Only gives you read access. -+ */ -+static char *read_file(char *path, size_t *length) -+{ -+ int fd; -+ char buf[4096], *copy = NULL; -+ -+ if (!length) -+ return NULL; -+ -+ fd = open(path, O_RDONLY | O_CLOEXEC); -+ if (fd < 0) -+ return NULL; -+ -+ *length = 0; -+ for (;;) { -+ int n; -+ -+ n = read(fd, buf, sizeof(buf)); -+ if (n < 0) -+ goto error; -+ if (!n) -+ break; -+ -+ copy = must_realloc(copy, (*length + n) * sizeof(*copy)); -+ memcpy(copy + *length, buf, n); -+ *length += n; -+ } -+ close(fd); -+ return copy; -+ -+error: -+ close(fd); -+ free(copy); -+ return NULL; -+} -+ -+/* -+ * A poor-man's version of "xargs -0". Basically parses a given block of -+ * NUL-delimited data, within the given length and adds a pointer to each entry -+ * to the array of pointers. -+ */ -+static int parse_xargs(char *data, int data_length, char ***output) -+{ -+ int num = 0; -+ char *cur = data; -+ -+ if (!data || *output != NULL) -+ return -1; -+ -+ while (cur < data + data_length) { -+ num++; -+ *output = must_realloc(*output, (num + 1) * sizeof(**output)); -+ (*output)[num - 1] = cur; -+ cur += strlen(cur) + 1; -+ } -+ (*output)[num] = NULL; -+ return num; -+} -+ -+/* -+ * "Parse" out argv and envp from /proc/self/cmdline and /proc/self/environ. -+ * This is necessary because we are running in a context where we don't have a -+ * main() that we can just get the arguments from. -+ */ -+static int fetchve(char ***argv, char ***envp) -+{ -+ char *cmdline = NULL, *environ = NULL; -+ size_t cmdline_size, environ_size; -+ -+ cmdline = read_file("/proc/self/cmdline", &cmdline_size); -+ if (!cmdline) -+ goto error; -+ environ = read_file("/proc/self/environ", &environ_size); -+ if (!environ) -+ goto error; -+ -+ if (parse_xargs(cmdline, cmdline_size, argv) <= 0) -+ goto error; -+ if (parse_xargs(environ, environ_size, envp) <= 0) -+ goto error; -+ -+ return 0; -+ -+error: -+ free(environ); -+ free(cmdline); -+ return -EINVAL; -+} -+ -+#define SENDFILE_MAX 0x7FFFF000 /* sendfile(2) is limited to 2GB. */ -+static int clone_binary(void) -+{ -+ int binfd, memfd, err; -+ ssize_t sent = 0; -+ -+ memfd = memfd_create(OUR_MEMFD_COMMENT, MFD_CLOEXEC | MFD_ALLOW_SEALING); -+ if (memfd < 0) -+ return -ENOTRECOVERABLE; -+ -+ binfd = open("/proc/self/exe", O_RDONLY | O_CLOEXEC); -+ if (binfd < 0) -+ goto error; -+ -+ sent = sendfile(memfd, binfd, NULL, SENDFILE_MAX); -+ close(binfd); -+ if (sent < 0) -+ goto error; -+ -+ err = fcntl(memfd, F_ADD_SEALS, OUR_MEMFD_SEALS); -+ if (err < 0) -+ goto error; -+ -+ return memfd; -+ -+error: -+ close(memfd); -+ return -EIO; -+} -+ -+int ensure_cloned_binary(void) -+{ -+ int execfd; -+ char **argv = NULL, **envp = NULL; -+ -+ /* Check that we're not self-cloned, and if we are then bail. */ -+ int cloned = is_self_cloned(); -+ if (cloned > 0 || cloned == -ENOTRECOVERABLE) -+ return cloned; -+ -+ if (fetchve(&argv, &envp) < 0) -+ return -EINVAL; -+ -+ execfd = clone_binary(); -+ if (execfd < 0) -+ return -EIO; -+ -+ fexecve(execfd, argv, envp); -+ return -ENOEXEC; -+} -diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c -index 0a10f802..814c738d 100644 ---- a/libcontainer/nsenter/nsexec.c -+++ b/libcontainer/nsenter/nsexec.c -@@ -420,6 +420,9 @@ void join_namespaces(char *nslist) - free(namespaces); - } - -+/* Defined in cloned_binary.c. */ -+int ensure_cloned_binary(void); -+ - void nsexec(void) - { - int pipenum; -@@ -435,6 +438,14 @@ void nsexec(void) - if (pipenum == -1) - return; - -+ /* -+ * We need to re-exec if we are not in a cloned binary. This is necessary -+ * to ensure that containers won't be able to access the host binary -+ * through /proc/self/exe. See CVE-2019-5736. -+ */ -+ if (ensure_cloned_binary() < 0) -+ bail("could not ensure we are a cloned binary"); -+ - /* make the process non-dumpable */ - if (prctl(PR_SET_DUMPABLE, 0, 0, 0, 0) != 0) { - bail("failed to set process as non-dumpable"); --- -2.20.1 - diff --git a/README.docker-latest-logrotate b/README.docker-latest-logrotate deleted file mode 100644 index e142ad1..0000000 --- a/README.docker-latest-logrotate +++ /dev/null @@ -1,17 +0,0 @@ -This package will install the 'docker-logrotate' script to -/etc/cron.daily. This script will run logrotate on all running -containers and ignore all failures. - -This script is enabled by default. To disable it, -uncomment the line "LOGROTATE=false" in /etc/sysconfig/docker. - -Possible issues: -1. This assumes that logrotate is installed on containers to run -successfully. - -2. A race condition occurs if a container exits before 'docker -exec' run (though it's ignored) - -3. Not all containers may need this (whether logrotate is installed or not) - -Suggestions to improve this are welcome. diff --git a/dead.package b/dead.package new file mode 100644 index 0000000..3771ab9 --- /dev/null +++ b/dead.package @@ -0,0 +1 @@ +switch to podman-docker or moby-engine diff --git a/docker-latest-containerd.service b/docker-latest-containerd.service deleted file mode 100644 index 7f20f7e..0000000 --- a/docker-latest-containerd.service +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=Containerd Standalone OCI Container Daemon -Documentation=https://containerd.tools/ -After=network.target - -[Service] -ExecStart=/usr/libexec/docker/docker-containerd-latest --listen unix:///run/containerd.sock --shim /usr/libexec/docker/docker-containerd-shim-latest -TasksMax=8192 -LimitNOFILE=1048576 -LimitNPROC=1048576 -LimitCORE=infinity - -[Install] -WantedBy=multi-user.target diff --git a/docker-latest-containerd.service.centos b/docker-latest-containerd.service.centos deleted file mode 100644 index d615c13..0000000 --- a/docker-latest-containerd.service.centos +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=Containerd Standalone OCI Container Daemon -Documentation=https://containerd.tools/ -After=network.target - -[Service] -ExecStart=/usr/libexec/docker/docker-containerd-latest --listen unix:///run/containerd.sock --shim /usr/libexec/docker/docker-containerd-shim-latest -LimitNOFILE=1048576 -LimitNPROC=1048576 -LimitCORE=infinity - -[Install] -WantedBy=multi-user.target diff --git a/docker-latest-logrotate.sh b/docker-latest-logrotate.sh deleted file mode 100644 index cf7825d..0000000 --- a/docker-latest-logrotate.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh - -LOGROTATE=true -[ -f /etc/sysconfig/docker-latest ] && source /etc/sysconfig/docker-latest - -if [ $LOGROTATE == true ]; then - for id in $(docker-latest ps -q); do - exec $(docker-latest exec $id logrotate -s /var/log/logstatus /etc/logrotate.conf > /dev/null 2>&1) - done -fi -exit 0 diff --git a/docker-latest-network.sysconfig b/docker-latest-network.sysconfig deleted file mode 100644 index 048d158..0000000 --- a/docker-latest-network.sysconfig +++ /dev/null @@ -1,2 +0,0 @@ -# /etc/sysconfig/docker-network -DOCKER_NETWORK_OPTIONS= diff --git a/docker-latest-storage.sysconfig b/docker-latest-storage.sysconfig deleted file mode 100644 index d5908cf..0000000 --- a/docker-latest-storage.sysconfig +++ /dev/null @@ -1,2 +0,0 @@ -# Do not edit. This file is auto-generated by docker-storage-setup. -DOCKER_STORAGE_OPTIONS= diff --git a/docker-latest.service b/docker-latest.service deleted file mode 100644 index 014ae0d..0000000 --- a/docker-latest.service +++ /dev/null @@ -1,39 +0,0 @@ -[Unit] -Description=Docker Application Container Engine -Documentation=http://docs.docker.com -After=network.target docker-latest-containerd.service -Wants=docker-latest-storage-setup.service -Requires=docker-latest-containerd.service - -[Service] -Type=notify -EnvironmentFile=-/etc/sysconfig/docker-latest -EnvironmentFile=-/etc/sysconfig/docker-latest-storage -EnvironmentFile=-/etc/sysconfig/docker-latest-network -Environment=GOTRACEBACK=crash -ExecStart=/usr/bin/dockerd-latest \ - --seccomp-profile=/etc/docker-latest/seccomp.json \ - --add-runtime oci=/usr/libexec/docker/docker-runc-latest \ - --default-runtime=oci \ - --containerd /run/containerd.sock \ - --exec-opt native.cgroupdriver=systemd \ - --userland-proxy-path=/usr/libexec/docker/docker-proxy-latest \ - --init-path=/usr/libexec/docker/docker-init-latest \ - --seccomp-profile=/etc/docker-latest/seccomp.json \ - -g /var/lib/docker-latest \ - $OPTIONS \ - $DOCKER_STORAGE_OPTIONS \ - $DOCKER_NETWORK_OPTIONS \ - $ADD_REGISTRY \ - $BLOCK_REGISTRY \ - $INSECURE_REGISTRY -ExecReload=/bin/kill -s HUP $MAINPID -TasksMax=8192 -LimitNOFILE=1048576 -LimitNPROC=1048576 -LimitCORE=infinity -TimeoutStartSec=0 -Restart=on-abnormal - -[Install] -WantedBy=multi-user.target diff --git a/docker-latest.service.centos b/docker-latest.service.centos deleted file mode 100644 index dcf153c..0000000 --- a/docker-latest.service.centos +++ /dev/null @@ -1,38 +0,0 @@ -[Unit] -Description=Docker Application Container Engine -Documentation=http://docs.docker.com -After=network.target docker-latest-containerd.service -Wants=docker-latest-storage-setup.service -Requires=docker-latest-containerd.service - -[Service] -Type=notify -EnvironmentFile=-/etc/sysconfig/docker-latest -EnvironmentFile=-/etc/sysconfig/docker-latest-storage -EnvironmentFile=-/etc/sysconfig/docker-latest-network -Environment=GOTRACEBACK=crash -ExecStart=/usr/bin/dockerd-latest \ - --seccomp-profile=/etc/docker-latest/seccomp.json \ - --add-runtime oci=/usr/libexec/docker/docker-runc-latest \ - --default-runtime=oci \ - --containerd /run/containerd.sock \ - --exec-opt native.cgroupdriver=systemd \ - --userland-proxy-path=/usr/libexec/docker/docker-proxy-latest \ - --init-path=/usr/libexec/docker/docker-init-latest \ - --seccomp-profile=/etc/docker-latest/seccomp.json \ - -g /var/lib/docker-latest \ - $OPTIONS \ - $DOCKER_STORAGE_OPTIONS \ - $DOCKER_NETWORK_OPTIONS \ - $ADD_REGISTRY \ - $BLOCK_REGISTRY \ - $INSECURE_REGISTRY -ExecReload=/bin/kill -s HUP $MAINPID -LimitNOFILE=1048576 -LimitNPROC=1048576 -LimitCORE=infinity -TimeoutStartSec=0 -Restart=on-abnormal - -[Install] -WantedBy=multi-user.target diff --git a/docker-latest.spec b/docker-latest.spec deleted file mode 100644 index 17ee529..0000000 --- a/docker-latest.spec +++ /dev/null @@ -1,2460 +0,0 @@ -%if 0%{?fedora} -%global with_devel 1 -%global with_debug 1 -%global with_unit_test 1 -%else -%global with_devel 0 -%global with_debug 0 -%global with_unit_test 0 -%endif - -%global with_migrator 0 - -# modifying the dockerinit binary breaks the SHA1 sum check by docker -%global __os_install_post %{_rpmconfigdir}/brp-compress - -# docker builds in a checksum of dockerinit into docker, -# so stripping the binaries breaks docker -%if 0%{?with_debug} -# https://bugzilla.redhat.com/show_bug.cgi?id=995136#c12 -%global _dwz_low_mem_die_limit 0 -%else -%global debug_package %{nil} -%endif -%global provider github -%global provider_tld com -%global project docker -%global repo %{project} - -%global import_path %{provider}.%{provider_tld}/%{project}/%{repo} - -# docker -%global git_docker https://github.com/projectatomic/docker -%global commit_docker 1185cfdf0469a0434e9227c973f8783412237b82 -%global shortcommit_docker %(c=%{commit_docker}; echo ${c:0:7}) -# docker_branch used in %%check -%global docker_branch docker-1.13.1 - -# d-s-s -%global git_dss https://github.com/projectatomic/container-storage-setup/ -%global commit_dss c9faba1908b8e77f7c7c443f26e3b3cb1450d1a0 -%global shortcommit_dss %(c=%{commit_dss}; echo ${c:0:7}) -%global dss_libdir %{_exec_prefix}/lib/%{name}-storage-setup - -%if %{with_migrator} -# v1.10-migrator -%global git_migrator https://github.com/%{repo}/v1.10-migrator -%global commit_migrator 994c35cbf7ae094d4cb1230b85631ecedd77b0d8 -%global shortcommit_migrator %(c=%{commit_migrator}; echo ${c:0:7}) -%endif # with_migrator - -# docker-runc -%global git_runc https://github.com/projectatomic/runc/ -%global commit_runc e4ffe43a03ac84e6bfd1156f1612338b2ed2c0a3 -%global shortcommit_runc %(c=%{commit_runc}; echo ${c:0:7}) - -# docker-containerd -%global git_containerd https://github.com/projectatomic/containerd -%global commit_containerd 42e825ab88335a141566a91ae2659b6b1d80ee19 -%global shortcommit_containerd %(c=%{commit_containerd}; echo ${c:0:7}) - -# docker-init -%global git_init https://github.com/krallin/tini -%global commit_init 4a92b9e20194701a37f34c2822afe94ddd733d17 -%global shortcommit_init %(c=%{commit_init}; echo ${c:0:7}) - -# docker-proxy -%global git_libnetwork https://github.com/docker/libnetwork -%global commit_libnetwork d00ceed44cc447c77f25cdf5d59e83163bdcb4c9 -%global shortcommit_libnetwork %(c=%{commit_libnetwork}; echo ${c:0:7}) - -Name: %{repo}-latest -%if 0%{?fedora} || 0%{?centos} -Epoch: 2 -%else -Epoch: 0 -%endif -Version: 1.13.1 -Release: 42.git%{shortcommit_docker}%{?dist} -Summary: Automates deployment of containerized applications -License: ASL 2.0 -URL: https://%{provider}.%{provider_tld}/projectatomic/%{repo} -# Temp fix for rhbz#1315903 -#ExclusiveArch: %%{go_arches} -ExclusiveArch: %{ix86} x86_64 %{arm} aarch64 ppc64le s390x %{mips} -Source0: %{git_docker}/archive/%{commit_docker}/%{repo}-%{shortcommit_docker}.tar.gz -Source1: %{git_dss}/archive/%{commit_dss}/%{repo}-storage-setup-%{shortcommit_dss}.tar.gz -Source5: %{name}.service -Source6: %{name}.sysconfig -# remember to sync this json with docker's one upstream!!! there are syscalls -# enabled in our seccomp.json for systemd for instance, while upstream doesn't -# have them. -Source7: seccomp.json -Source8: %{name}-logrotate.sh -Source9: README.%{name}-logrotate -Source10: %{name}-network.sysconfig -%if %{with_migrator} -Source11: %{git_migrator}/archive/%{commit_migrator}/v1.10-migrator-%{shortcommit_migrator}.tar.gz -%endif # with_migrator -Source12: %{git_runc}/archive/%{commit_runc}/runc-%{shortcommit_runc}.tar.gz -Source13: %{git_containerd}/archive/%{commit_containerd}/containerd-%{shortcommit_containerd}.tar.gz -Source14: %{name}-containerd.service -%if %{with_migrator} -Source15: v1.10-migrator-helper -%endif # with_migrator -Source16: %{git_init}/archive/%{commit_init}/tini-%{shortcommit_init}.tar.gz -Source17: %{git_libnetwork}/archive/%{commit_libnetwork}/libnetwork-%{shortcommit_libnetwork}.tar.gz -Source18: %{name}-storage.sysconfig -Source19: %{name}.service.centos -Source20: %{name}-containerd.service.centos -Patch0: 0001-nsenter-clone-proc-self-exe-to-avoid-exposing-host-b.patch - -%if 0%{?with_debug} -# Build with debug -#Patch0: build-with-debug-info.patch -%endif - -BuildRequires: cmake -BuildRequires: vim-common -BuildRequires: glibc-static -BuildRequires: gpgme-devel -BuildRequires: libassuan-devel -BuildRequires: %{?go_compiler:compiler(go-compiler)}%{!?go_compiler:golang >= 1.6.2} -BuildRequires: go-md2man -BuildRequires: device-mapper-devel -%if 0%{?fedora} -BuildRequires: dep -BuildRequires: libseccomp-static >= 2.3.0 -%else %if 0%{?centos} -BuildRequires: libseccomp-devel -%endif -BuildRequires: pkgconfig(audit) -BuildRequires: btrfs-progs-devel -BuildRequires: sqlite-devel -BuildRequires: pkgconfig(systemd) -%if 0%{?fedora} >= 21 -# Resolves: rhbz#1165615 -Requires: device-mapper-libs >= 1.02.90-1 -%endif - -Requires: skopeo-containers -Requires: gnupg - -%global docker_ver 1.12.2 -%global docker_commit 15c82b8be1843ef8f2e7e4c1ee639e9ef622face -%global docker_shortcommit %(c=%{docker_commit}; echo ${c:0:7}) -%global docker_rel 3.git%{docker_shortcommit}%{?dist} - -# Resolves: #1379184 - include epoch -Requires: %{repo}-common >= %{epoch}:%{docker_ver}-%{docker_rel} - -Requires(pre): container-selinux >= 2:2.2-2 - -# Resolves: rhbz#1045220 -Requires: xz -Provides: lxc-%{name} = %{epoch}:%{version}-%{release} - -# Match with upstream name - include epoch as well -Provides: %{name}-engine = %{epoch}:%{version}-%{release} - -# needs tar to be able to run containers -Requires: tar - -# BZ1327809 -Requires: iptables - -# permitted by https://fedorahosted.org/fpc/ticket/341#comment:7 -# In F22, the whole package should be renamed to be just "docker" and -# this changed to "Provides: docker-io". -%if 0%{?fedora} >= 22 -Provides: %{repo}-io = %{epoch}:%{version}-%{release} -Obsoletes: %{repo}-io <= 1.5.0-19 -%endif - -# include d-s-s into main docker package and obsolete existing d-s-s rpm -# also update BRs and Rs -Requires: lvm2 -Requires: xfsprogs -Obsoletes: %{repo}-storage-setup <= 0.5-3 - -Requires: libseccomp >= 2.3.0 - -%if 0%{?fedora} -Recommends: oci-register-machine -Recommends: oci-systemd-hook -%else -Requires: oci-register-machine -Requires: oci-systemd-hook -%endif - -Requires: oci-umount - -%description -Docker is an open-source engine that automates the deployment of any -application as a lightweight, portable, self-sufficient container that will -run virtually anywhere. - -Docker containers can encapsulate any payload, and will run consistently on -and between virtually any server. The same container that a developer builds -and tests on a laptop will run at scale, in production*, on VMs, bare-metal -servers, OpenStack clusters, public instances, or combinations of the above. - -%if 0%{?with_devel} -%package devel -BuildArch: noarch -Provides: %{repo}-io-devel = %{epoch}:%{version}-%{release} -Provides: %{repo}-pkg-devel = %{epoch}:%{version}-%{release} -Provides: %{repo}-io-pkg-devel = %{epoch}:%{version}-%{release} -Summary: A golang registry for global request variables (source libraries) - -Provides: golang(%{import_path}/api) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/api/client) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/api/client/formatter) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/api/client/inspect) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/api/server) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/api/server/httputils) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/api/server/middleware) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/api/server/router) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/api/server/router/build) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/api/server/router/container) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/api/server/router/image) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/api/server/router/network) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/api/server/router/system) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/api/server/router/volume) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/api/types/backend) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/builder) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/builder/dockerfile) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/builder/dockerfile/command) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/builder/dockerfile/parser) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/builder/dockerignore) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/cli) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/cliconfig) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/cliconfig/credentials) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/container) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/daemon) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/daemon/caps) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/daemon/dockerhooks) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/daemon/events) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/daemon/events/testutils) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/daemon/exec) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/daemon/graphdriver) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/daemon/graphdriver/aufs) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/daemon/graphdriver/btrfs) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/daemon/graphdriver/devmapper) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/daemon/graphdriver/graphtest) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/daemon/graphdriver/overlay) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/daemon/graphdriver/register) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/daemon/graphdriver/vfs) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/daemon/graphdriver/windows) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/daemon/graphdriver/zfs) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/daemon/links) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/daemon/logger) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/daemon/logger/awslogs) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/daemon/logger/etwlogs) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/daemon/logger/fluentd) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/daemon/logger/gcplogs) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/daemon/logger/gelf) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/daemon/logger/journald) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/daemon/logger/jsonfilelog) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/daemon/logger/loggerutils) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/daemon/logger/splunk) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/daemon/logger/syslog) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/daemon/network) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/distribution) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/distribution/metadata) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/distribution/xfer) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/docker/hack) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/docker/listeners) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/dockerversion) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/errors) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/image) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/image/tarexport) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/image/v1) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/layer) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/libcontainerd) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/libcontainerd/windowsoci) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/migrate/v1) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/oci) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/opts) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/aaparser) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/archive) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/audit) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/authorization) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/broadcaster) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/chrootarchive) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/devicemapper) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/directory) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/discovery) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/discovery/file) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/discovery/kv) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/discovery/memory) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/discovery/nodes) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/filenotify) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/fileutils) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/gitutils) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/graphdb) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/homedir) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/httputils) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/idtools) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/integration) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/integration/checker) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/ioutils) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/jsonlog) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/jsonmessage) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/locker) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/longpath) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/loopback) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/mflag) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/mount) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/namesgenerator) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/parsers) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/parsers/kernel) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/parsers/operatingsystem) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/pidfile) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/platform) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/plugins) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/plugins/pluginrpc-gen/fixtures) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/plugins/transport) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/pools) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/progress) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/promise) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/proxy) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/pubsub) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/random) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/reexec) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/registrar) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/rpm) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/signal) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/stdcopy) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/streamformatter) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/stringid) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/stringutils) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/symlink) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/sysinfo) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/system) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/tailfile) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/tarsum) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/term) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/term/windows) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/tlsconfig) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/truncindex) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/urlutil) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/useragent) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/pkg/version) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/profiles/apparmor) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/profiles/seccomp) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/reference) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/registry) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/restartmanager) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/runconfig) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/runconfig/opts) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/utils) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/utils/templates) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/volume) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/volume/drivers) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/volume/local) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/volume/store) = %{epoch}:%{version}-%{release} -Provides: golang(%{import_path}/volume/testutils) = %{epoch}:%{version}-%{release} - -%description devel -%{summary} - -This package provides the source libraries for Docker. -%endif - -%if 0%{?with_unit_test} -%package unit-test -Summary: %{summary} - for running unit tests - -%description unit-test -%{summary} - for running unit tests -%endif - -%package fish-completion -Summary: fish completion files for Docker -Requires: %{name} = %{epoch}:%{version}-%{release} -Requires: fish -Provides: %{name}-io-fish-completion = %{epoch}:%{version}-%{release} - -%description fish-completion -This package installs %{summary}. - -%package logrotate -Summary: cron job to run logrotate on Docker containers -Requires: %{name} = %{epoch}:%{version}-%{release} -Provides: %{name}-io-logrotate = %{epoch}:%{version}-%{release} - -%description logrotate -This package installs %{summary}. logrotate is assumed to be installed on -containers for this to work, failures are silently ignored. - -%package vim -Summary: vim syntax highlighting files for Docker -Requires: %{name} = %{epoch}:%{version}-%{release} -Requires: vim -Provides: %{name}-io-vim = %{epoch}:%{version}-%{release} - -%description vim -This package installs %{summary}. - -%package zsh-completion -Summary: zsh completion files for Docker -Requires: %{name} = %{epoch}:%{version}-%{release} -Requires: zsh -Provides: %{name}-io-zsh-completion = %{epoch}:%{version}-%{release} - -%description zsh-completion -This package installs %{summary}. - -%if %{with_migrator} -%package v1.10-migrator -Summary: Calculates SHA256 checksums for docker layer content -License: ASL 2.0 and CC-BY-SA - -%description v1.10-migrator -Starting from v1.10 docker uses content addressable IDs for the images and -layers instead of using generated ones. This tool calculates SHA256 checksums -for docker layer content, so that they don't need to be recalculated when the -daemon starts for the first time. - -The migration usually runs on daemon startup but it can be quite slow(usually -100-200MB/s) and daemon will not be able to accept requests during -that time. You can run this tool instead while the old daemon is still -running and skip checksum calculation on startup. -%endif - -%package rhsubscription -Summary: Red Hat subscription management files needed on the host to enable RHEL containers -Requires: %{name} = %{epoch}:%{version}-%{release} -Requires: subscription-manager-plugin-container -Provides: %{name}-io-rhsubscription = %{version}-%{release} - -%description rhsubscription -In order to work with RHEL containers, the host (RHEL, or other) must export susbcription information to the container. - -%prep -%setup -q -n %{repo}-%{commit_docker} - -# here keep the new line above otherwise autosetup fails when applying patch -cp %{SOURCE9} . - -# untar d-s-s -tar zxf %{SOURCE1} -pushd container-storage-setup-%{commit_dss} -sed -i 's/%{repo}/%{name}/g' %{repo}-storage-setup* -mv %{repo}-storage-setup.sh %{name}-storage-setup.sh -mv %{repo}-storage-setup-override.conf %{name}-storage-setup-override.conf -mv %{repo}-storage-setup.1 %{name}-storage-setup.1 -mv %{repo}-storage-setup.conf %{name}-storage-setup.conf -mv %{repo}-storage-setup.service %{name}-storage-setup.service -sed -i 's/%{name}_devmapper_meta_dir/%{repo}_devmapper_meta_dir/g' %{repo}-storage-setup* -popd - -%if %{with_migrator} -# untar v1.10-migrator -tar zxf %{SOURCE11} -%endif - -# untar docker-runc -tar zxf %{SOURCE12} -pushd runc-%{commit_runc} -%patch0 -p1 -popd - -# untar docker-containerd -tar zxf %{SOURCE13} - -# untar docker-init -tar zxf %{SOURCE16} - -# untar docker-proxy -tar zxf %{SOURCE17} - -%build -# set up temporary build gopath, and put our directory there -mkdir _build -pushd _build -mkdir -p src/%{provider}.%{provider_tld}/{%{repo},projectatomic} -ln -s $(dirs +1 -l) src/%{import_path} -ln -s $(dirs +1 -l)/containerd-%{commit_containerd} src/%{provider}.%{provider_tld}/docker/containerd -popd - -# compile docker-proxy first - otherwise deps in gopath conflict with the others below and this fails. Remove libnetwork libs then. -pushd libnetwork-%{commit_libnetwork} -mkdir -p src/github.com/docker/libnetwork -ln -s $(pwd)/* src/github.com/docker/libnetwork -export GOPATH=$(pwd) -go build -ldflags="-linkmode=external" -o docker-proxy github.com/docker/libnetwork/cmd/proxy -popd - -export DOCKER_GITCOMMIT="%{shortcommit_docker}/%{version}" -export DOCKER_BUILDTAGS="selinux seccomp" -export GOPATH=$(pwd)/_build:$(pwd)/vendor:%{gopath}:$(pwd)/containerd-%{commit_containerd}/vendor - -DOCKER_DEBUG=1 bash -x hack/make.sh dynbinary -man/md2man-all.sh -pushd man/man1 -rename %{repo} %{name} * -popd -pushd man/man5 -rename %{repo} %{name} * -popd -pushd man/man8 -mv %{repo}d.8 %{repo}d-latest.8 -popd -cp contrib/syntax/vim/LICENSE LICENSE-vim-syntax -cp contrib/syntax/vim/README.md README-vim-syntax.md - -%if %{with_migrator} -# build v1.10-migrator -pushd v1.10-migrator-%{commit_migrator} -go build -o v1.10-migrator-local . -popd -%endif # with_migrator - -# build docker-runc -pushd runc-%{commit_runc} -make BUILDTAGS="seccomp selinux" -popd - -# build docker-containerd -pushd containerd-%{commit_containerd} -make -popd - -# build docker-init -pushd tini-%{commit_init} -cmake -DMINIMAL=ON . -make tini-static -popd - -%install -# install binary -install -d %{buildroot}%{_bindir} -rm bundles/latest/dynbinary-client/*.md5 bundles/latest/dynbinary-client/*.sha256 -rm bundles/latest/dynbinary-daemon/*.md5 bundles/latest/dynbinary-daemon/*.sha256 -install -p -m 755 bundles/latest/dynbinary-client/%{repo}-%{version}* %{buildroot}%{_bindir}/%{repo}-latest -install -p -m 755 bundles/latest/dynbinary-daemon/%{repo}d-%{version}* %{buildroot}%{_bindir}/%{repo}d-latest - -#install docker-proxy -install -d %{buildroot}%{_libexecdir}/%{repo} -install -p -m 755 libnetwork-%{commit_libnetwork}/docker-proxy %{buildroot}%{_libexecdir}/%{repo}/%{repo}-proxy-latest - -# install manpages -install -d %{buildroot}%{_mandir}/man1 -install -p -m 644 man/man1/%{name}*.1 %{buildroot}%{_mandir}/man1 -install -d %{buildroot}%{_mandir}/man5 -install -p -m 644 man/man5/*.5 %{buildroot}%{_mandir}/man5 -install -d %{buildroot}%{_mandir}/man8 -install -p -m 644 man/man8/%{repo}*.8 %{buildroot}%{_mandir}/man8 - -# install bash completion -install -dp %{buildroot}%{_datadir}/bash-completion/completions -install -p -m 644 contrib/completion/bash/%{repo} %{buildroot}%{_datadir}/bash-completion/completions/%{name} - -# install fish completion -# create, install and own /usr/share/fish/vendor_completions.d until -# upstream fish provides it -install -dp %{buildroot}%{_datadir}/fish/vendor_completions.d -install -p -m 644 contrib/completion/fish/%{repo}.fish %{buildroot}%{_datadir}/fish/vendor_completions.d/%{name}.fish - -# install container logrotate cron script -install -dp %{buildroot}%{_sysconfdir}/cron.daily/ -install -p -m 755 %{SOURCE8} %{buildroot}%{_sysconfdir}/cron.daily/%{name}-logrotate - -# install vim syntax highlighting -install -d %{buildroot}%{_datadir}/vim/vimfiles/{doc,ftdetect,syntax} -install -p -m 644 contrib/syntax/vim/doc/%{repo}file.txt %{buildroot}%{_datadir}/vim/vimfiles/doc -install -p -m 644 contrib/syntax/vim/ftdetect/%{repo}file.vim %{buildroot}%{_datadir}/vim/vimfiles/ftdetect -install -p -m 644 contrib/syntax/vim/syntax/%{repo}file.vim %{buildroot}%{_datadir}/vim/vimfiles/syntax - -# install zsh completion -install -d %{buildroot}%{_datadir}/zsh/site-functions -install -p -m 644 contrib/completion/zsh/_%{repo} %{buildroot}%{_datadir}/zsh/site-functions/_%{name} - -# install udev rules -install -d %{buildroot}%{_udevrulesdir} -install -p contrib/udev/80-%{repo}.rules %{buildroot}%{_udevrulesdir}/80-%{name}.rules - -# install storage dir -install -d %{buildroot}%{_sharedstatedir}/%{name} - -# install secret patch directory -install -d %{buildroot}%{_datadir}/rhel/secrets - -# install systemd/init scripts -install -d %{buildroot}%{_unitdir} -%if 0%{?fedora} -install -p -m 644 %{SOURCE5} %{buildroot}%{_unitdir} -install -p -m 644 %{SOURCE14} %{buildroot}%{_unitdir} -%else -install -p -m 644 %{SOURCE19} %{buildroot}%{_unitdir}/%{name}.service -install -p -m 644 %{SOURCE20} %{buildroot}%{_unitdir}/%{name}-containerd.service -%endif - -# install docker-runc -install -d %{buildroot}%{_libexecdir}/%{repo} -install -p -m 755 runc-%{commit_runc}/runc %{buildroot}%{_libexecdir}/%{repo}/%{repo}-runc-latest - -#install docker-containerd -install -d %{buildroot}%{_libexecdir}/%{repo} -install -p -m 755 containerd-%{commit_containerd}/bin/containerd %{buildroot}%{_libexecdir}/%{repo}/%{repo}-containerd-latest -install -p -m 755 containerd-%{commit_containerd}/bin/containerd-shim %{buildroot}%{_libexecdir}/%{repo}/%{repo}-containerd-shim-latest -install -p -m 755 containerd-%{commit_containerd}/bin/ctr %{buildroot}%{_libexecdir}/%{repo}/%{repo}-ctr-latest - -#install tini -install -d %{buildroot}%{_libexecdir}/%{repo} -install -p -m 755 tini-%{commit_init}/tini-static %{buildroot}%{_libexecdir}/%{repo}/%{repo}-init-latest - -# for additional args -install -d %{buildroot}%{_sysconfdir}/sysconfig/ -install -p -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/sysconfig/%{name} -install -p -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}/sysconfig/%{name}-network -install -p -m 644 %{SOURCE18} %{buildroot}%{_sysconfdir}/sysconfig/%{name}-storage - -%if 0%{?with_unit_test} -install -d -m 0755 %{buildroot}%{_sharedstatedir}/%{name}-unit-test/ -cp -pav VERSION Dockerfile %{buildroot}%{_sharedstatedir}/%{name}-unit-test/. -for d in */ ; do - cp -rpav $d %{buildroot}%{_sharedstatedir}/%{name}-unit-test/ -done -# remove docker.initd as it requires /sbin/runtime no packages in Fedora -rm -rf %{buildroot}%{_sharedstatedir}/%{name}-unit-test/contrib/init/openrc/%{name}.initd -%endif - -# source codes for building projects -%if 0%{?with_devel} -install -d -p %{buildroot}/%{gopath}/src/%{import_path}/ -echo "%%dir %%{gopath}/src/%%{import_path}/." >> devel.file-list -# find all *.go but no *_test.go files and generate devel.file-list -for file in $(find . -iname "*.go" \! -iname "*_test.go") ; do - echo "%%dir %%{gopath}/src/%%{import_path}/$(dirname $file)" >> devel.file-list - install -d -p %{buildroot}/%{gopath}/src/%{import_path}/$(dirname $file) - cp -pav $file %{buildroot}/%{gopath}/src/%{import_path}/$file - echo "%%{gopath}/src/%%{import_path}/$file" >> devel.file-list -done -%endif - -# install %%{repo} config directory -install -dp %{buildroot}%{_sysconfdir}/%{name} -# install defalut seccomp profile -install -p -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/%{name}/seccomp.json - -# install d-s-s -pushd container-storage-setup-%{commit_dss} -make install DESTDIR=%{buildroot} DOCKER=%{name} DSSLIBDIR=%{buildroot}%{dss_libdir} -popd - -%if %{with_migrator} -# install v1.10-migrator -install -d %{buildroot}%{_bindir} -install -p -m 700 v1.10-migrator-%{commit_migrator}/v1.10-migrator-local %{buildroot}%{_bindir}/%{name}-v1.10-migrator-local - -# install v1.10-migrator-helper -install -p -m 700 %{SOURCE15} %{buildroot}%{_bindir}/%{name}-v1.10-migrator-helper -%endif # with_migrator - -# install secrets patch directory -install -d -p -m 750 %{buildroot}/%{_datadir}/rhel/secrets -# rhbz#1110876 - update symlinks for subscription management -ln -s %{_sysconfdir}/pki/entitlement %{buildroot}%{_datadir}/rhel/secrets/etc-pki-entitlement -ln -s %{_sysconfdir}/rhsm %{buildroot}%{_datadir}/rhel/secrets/rhsm -ln -s %{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/rhel/secrets/rhel7.repo -mkdir -p %{buildroot}/etc/%{name}/certs.d/redhat.{com,io} -ln -s %{_sysconfdir}/rhsm/ca/redhat-uep.pem %{buildroot}/%{_sysconfdir}/%{name}/certs.d/redhat.com/redhat-ca.crt -ln -s %{_sysconfdir}/rhsm/ca/redhat-uep.pem %{buildroot}/%{_sysconfdir}/%{name}/certs.d/redhat.io/redhat-ca.crt - -%check -[ ! -w /run/%{name}.sock ] || { - mkdir test_dir - pushd test_dir - git clone https://github.com/projectatomic/%{name}.git -b %{docker_branch} - pushd %{repo} - make test - popd - popd -} - -%post -%systemd_post %{repo} - -%preun -%systemd_preun %{repo} - -%postun -%systemd_postun_with_restart %{repo} - -#define license tag if not already defined -%{!?_licensedir:%global license %doc} - -%files -%license LICENSE LICENSE-vim-syntax -%doc AUTHORS CHANGELOG.md CONTRIBUTING.md MAINTAINERS NOTICE README.md -%doc README-vim-syntax.md -%config(noreplace) %{_sysconfdir}/sysconfig/%{name}* -%{_mandir}/man1/%{name}*.1.gz -# FIXME(runcom): man5 install above -%{_mandir}/man5/*.5.gz -%{_mandir}/man8/%{repo}d-latest.8.gz -%{_bindir}/%{name} -%{_bindir}/%{repo}d-latest -%{_unitdir}/%{name}.service -%{_unitdir}/%{name}-containerd.service -%{_datadir}/bash-completion/completions/%{name} -%dir %{_datadir}/rhel/secrets -%dir %{_sharedstatedir}/%{name} -%{_udevrulesdir}/80-%{name}.rules -%{_sysconfdir}/%{name} -%{_sysconfdir}/%{name}/seccomp.json -# d-s-s specific -%config(noreplace) %{_sysconfdir}/sysconfig/%{name}-storage-setup -%{_unitdir}/%{name}-storage-setup.service -%{_bindir}/%{name}-storage-setup -%dir %{dss_libdir} -%{dss_libdir}/* -# >= 1.11 specific -%{_libexecdir}/%{repo}/%{repo}-runc-latest -%{_libexecdir}/%{repo}/%{repo}-containerd-latest -%{_libexecdir}/%{repo}/%{repo}-containerd-shim-latest -%{_libexecdir}/%{repo}/%{repo}-ctr-latest -%{_libexecdir}/%{repo}/%{repo}-proxy-latest -%{_libexecdir}/%{repo}/%{repo}-init-latest - -%if 0%{?with_devel} -%files devel -f devel.file-list -%license LICENSE -%doc AUTHORS CHANGELOG.md CONTRIBUTING.md MAINTAINERS NOTICE README.md -%endif - -%if 0%{?with_unit_test} -%files unit-test -%{_sharedstatedir}/%{name}-unit-test/ -%endif - -%files fish-completion -%dir %{_datadir}/fish/vendor_completions.d/ -%{_datadir}/fish/vendor_completions.d/%{name}.fish - -%files logrotate -%doc README.%{name}-logrotate -%{_sysconfdir}/cron.daily/%{name}-logrotate - -%files vim -%{_datadir}/vim/vimfiles/doc/%{repo}file.txt -%{_datadir}/vim/vimfiles/ftdetect/%{repo}file.vim -%{_datadir}/vim/vimfiles/syntax/%{repo}file.vim - -%files zsh-completion -%{_datadir}/zsh/site-functions/_%{name} - -%if %{with_migrator} -%files v1.10-migrator -%license v1.10-migrator-%{commit_migrator}/LICENSE.{code,docs} -%doc v1.10-migrator-%{commit_migrator}/{CONTRIBUTING,README}.md -%{_bindir}/%{name}-v1.10-migrator-* -%endif # with_migrator - -%files rhsubscription -%{_datadir}/rhel/secrets/etc-pki-entitlement -%{_datadir}/rhel/secrets/rhel7.repo -%{_datadir}/rhel/secrets/rhsm - -%changelog -* Wed Feb 13 2019 Lokesh Mandvekar - 2:1.13.1-42.git1185cfd -- Resolves: #1664908, #1676798 - Security fix for CVE-2019-5736 - -* Thu Jan 31 2019 Fedora Release Engineering - 2:1.13.1-41.git1185cfd -- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild - -* Sat Jan 19 2019 Lokesh Mandvekar - 2:1.13.1-40.git1185cfd -- Resolves: #1666565, #1667625 - CVE-2018-20699 -- Resolves: #1663068, #1667626 - umount all procfs and sysfs with --no-pivot -- built docker @projectatomic/docker-1.13.1 commit 1185cfd -- built docker-runc @projectatomic/docker-1.13.1 commit e4ffe43 - -* Thu Jul 12 2018 Fedora Release Engineering - 2:1.13.1-38.git9cb56fd -- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - -* Sun Jul 08 2018 Lokesh Mandvekar - 2:1.13.1-37.git9cb56fd -- Resolves: #1598581, #1598582 - CVE-2018-10892 -- built docker @projectatomic/docker-1.13.1 commit 9cb56fd -- built docker-runc @projectatomic/docker-1.13.1 commit b425831 -- built docker-containerd @projectatomic/docker-1.13.1 commit 42e825a -- built docker-init commit fec3683 -- built libnetwork commit d00ceed - -* Wed Feb 07 2018 Fedora Release Engineering - 2:1.13-36.git27e468e -- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - -* Tue Jan 23 2018 Karsten Hopp - 1.13-35.git -- make sure epoch is always defined before using it - -* Wed Aug 02 2017 Fedora Release Engineering - 2:1.13-34.git27e468e -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild - -* Wed Jul 26 2017 Fedora Release Engineering - 2:1.13-33.git27e468e -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild - -* Tue Jul 18 2017 fkluknav - 2:1.13-32.git27e468e -- rebased runc to d90fcb78c3886d01d48829a11fb481af5db08372 - -* Thu Jun 15 2017 Frantisek Kluknavsky - 2:1.13-31.git27e468e -- rebase - -* Sun May 28 2017 Frantisek Kluknavsky - 2:1.13-29.git51eb16e -- rebase -- depend on oci-umount - -* Fri May 19 2017 Frantisek Kluknavsky - 2:1.13-29.git6cd0bbe -- explicitly use seccomp profile in systemd unitfile -- https://bugzilla.redhat.com/show_bug.cgi?id=1452751 - -* Fri Feb 10 2017 Fedora Release Engineering - 2:1.13-28.git6cd0bbe -- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild - -* Tue Jan 17 2017 Lokesh Mandvekar - 2:1.13-27.git6cd0bbe -- use centos' version of docker-containerd.service on centos7 (without "TasksMax") - -* Fri Jan 13 2017 Lokesh Mandvekar - 2:1.13-26.git6cd0bbe -- Resolves: CVE-2016-9962 -- built docker-runc @projectatomic/docker-1.13 commit 2f7393a -- change install location from /usr/lib/docker-storage-setup to -/usr/lib/docker-latest-storage-setup - -* Sat Jan 07 2017 Lokesh Mandvekar - 2:1.13-25.git6cd0bbe -- require container-selinux >= 2:2.2-2 with relabeling support for -docker-latest files - -* Fri Jan 06 2017 Lokesh Mandvekar - 2:1.13-24.git6cd0bbe -- require container-selinux >= 2:2.0-2 (now an independent package) - -* Sat Dec 10 2016 Igor Gnatenko - 2:1.13-23.git6cd0bbe -- Rebuild for gpgme 1.18 - -* Thu Nov 10 2016 Antonio Murdaca - 2:1.13-22.git6cd0bbe -- built docker @projectatomic/docker-1.13 commit 6cd0bbe -- built docker-selinux commit -- built d-s-s commit c9faba1 -- built docker-novolume-plugin commit -- built docker-runc @projectatomic/runc-1.13 commit 6b13ece -- built docker-utils commit -- built docker-containerd commit 8517738 -- built docker-v1.10-migrator commit 994c35c - -* Thu Nov 10 2016 Antonio Murdaca - 2:1.13-21.git6cd0bbe -- built docker @projectatomic/docker-1.13 commit 6cd0bbe -- built docker-selinux commit -- built d-s-s commit c9faba1 -- built docker-novolume-plugin commit -- built docker-runc @projectatomic/runc-1.13 commit 6b13ece -- built docker-utils commit -- built docker-containerd commit 8517738 -- built docker-v1.10-migrator commit 994c35c - -* Thu Nov 10 2016 Antonio Murdaca - 2:1.13-20.git6cd0bbe -- built docker @projectatomic/docker-1.13 commit 6cd0bbe -- built docker-selinux commit -- built d-s-s commit c9faba1 -- built docker-novolume-plugin commit -- built docker-runc @projectatomic/runc-1.13 commit ac031b5 -- built docker-utils commit -- built docker-containerd commit 8517738 -- built docker-v1.10-migrator commit 994c35c - -* Thu Nov 10 2016 Antonio Murdaca - 2:1.13-19.git6cd0bbe -- built docker @projectatomic/docker-1.13 commit 6cd0bbe -- built docker-selinux commit -- built d-s-s commit c9faba1 -- built docker-novolume-plugin commit -- built docker-runc @projectatomic/runc-1.13 commit 6b13ece -- built docker-utils commit -- built docker-containerd commit 52ef1ce -- built docker-v1.10-migrator commit 994c35c - -* Thu Nov 10 2016 Antonio Murdaca - 2:1.13-18.git6cd0bbe -- built docker @projectatomic/docker-1.13 commit 6cd0bbe -- built docker-selinux commit -- built d-s-s commit c9faba1 -- built docker-novolume-plugin commit -- built docker-runc @projectatomic/runc-1.13 commit 6b13ece -- built docker-utils commit -- built docker-containerd commit 52ef1ce -- built docker-v1.10-migrator commit 994c35c - -* Thu Nov 10 2016 Antonio Murdaca - 2:1.13-17.git6cd0bbe -- built docker @projectatomic/docker-1.13 commit 6cd0bbe -- built docker-selinux commit -- built d-s-s commit c9faba1 -- built docker-novolume-plugin commit -- built docker-runc @projectatomic/runc-1.13 commit 6b13ece -- built docker-utils commit -- built docker-containerd commit 52ef1ce -- built docker-v1.10-migrator commit 994c35c - -* Sat Nov 05 2016 Antonio Murdaca - 2:1.13-16.gitb5f2bae -- built docker @projectatomic/docker-1.13 commit b5f2bae -- built docker-selinux commit -- built d-s-s commit c9faba1 -- built docker-novolume-plugin commit -- built docker-runc @projectatomic/runc-1.13 commit 6b13ece -- built docker-utils commit -- built docker-containerd commit 52ef1ce -- built docker-v1.10-migrator commit 994c35c - -* Fri Nov 04 2016 Antonio Murdaca - 2:1.13-15.git99476ca -- built docker @projectatomic/docker-1.13 commit 99476ca -- built docker-selinux commit -- built d-s-s commit c9faba1 -- built docker-novolume-plugin commit -- built docker-runc @projectatomic/runc-1.13 commit 6b13ece -- built docker-utils commit -- built docker-containerd commit 52ef1ce -- built docker-v1.10-migrator commit 994c35c - -* Fri Nov 04 2016 Antonio Murdaca - 2:1.13-14.git99476ca -- built docker @projectatomic/docker-1.13 commit 99476ca -- built docker-selinux commit -- built d-s-s commit c9faba1 -- built docker-novolume-plugin commit -- built docker-runc @projectatomic/runc-1.13 commit 6b13ece -- built docker-utils commit -- built docker-containerd commit 52ef1ce -- built docker-v1.10-migrator commit 994c35c - -* Wed Nov 02 2016 Antonio Murdaca - 2:1.13-13.git99476ca -- built docker @projectatomic/docker-1.13 commit 99476ca -- built docker-selinux commit -- built d-s-s commit ba0dcf3 -- built docker-novolume-plugin commit -- built docker-runc @projectatomic/runc-1.13 commit 6b13ece -- built docker-utils commit -- built docker-containerd commit 52ef1ce -- built docker-v1.10-migrator commit 994c35c - -* Mon Oct 31 2016 Antonio Murdaca - 2:1.13-12.git99476ca -- built docker @projectatomic/docker-1.13 commit 99476ca -- built docker-selinux commit -- built d-s-s commit 308c5e3 -- built docker-novolume-plugin commit -- built docker-runc @projectatomic/runc-1.13 commit 6b13ece -- built docker-utils commit -- built docker-containerd commit 52ef1ce -- built docker-v1.10-migrator commit 994c35c - -* Mon Oct 31 2016 Antonio Murdaca - 2:1.13-11.git99476ca -- built docker @projectatomic/docker-1.13 commit 99476ca -- built docker-selinux commit -- built d-s-s commit 308c5e3 -- built docker-novolume-plugin commit -- built docker-runc @projectatomic/runc-1.13 commit 6b13ece -- built docker-utils commit -- built docker-containerd commit 52ef1ce -- built docker-v1.10-migrator commit 994c35c - -* Mon Oct 31 2016 Antonio Murdaca - 2:1.13-10.git99476ca -- built docker @projectatomic/docker-1.13 commit 99476ca -- built docker-selinux commit -- built d-s-s commit 308c5e3 -- built docker-novolume-plugin commit -- built docker-runc @projectatomic/runc-1.13 commit 6b13ece -- built docker-utils commit -- built docker-containerd commit 52ef1ce -- built docker-v1.10-migrator commit 994c35c - -* Mon Oct 31 2016 Antonio Murdaca - 2:1.13-9.git99476ca -- built docker @projectatomic/docker-1.13 commit 99476ca -- built docker-selinux commit -- built d-s-s commit 308c5e3 -- built docker-novolume-plugin commit -- built docker-runc @projectatomic/runc-1.13 commit 6b13ece -- built docker-utils commit -- built docker-containerd commit 52ef1ce -- built docker-v1.10-migrator commit 994c35c - -* Wed Oct 26 2016 Antonio Murdaca - 2:1.13-8.git3625f73 -- built docker @projectatomic/docker-1.13 commit 3625f73 -- built docker-selinux commit -- built d-s-s commit abe18de -- built docker-novolume-plugin commit -- built docker-runc @projectatomic/runc-1.13 commit 02f8fa7 -- built docker-utils commit -- built docker-containerd commit 52ef1ce -- built docker-v1.10-migrator commit 994c35c - -* Fri Oct 21 2016 Antonio Murdaca - 2:1.13-7.git3625f73 -- built docker @projectatomic/docker-1.13 commit 3625f73 -- built docker-selinux commit -- built d-s-s commit abe18de -- built docker-novolume-plugin commit -- built docker-runc @projectatomic/runc-1.13 commit 02f8fa7 -- built docker-utils commit -- built docker-containerd commit 52ef1ce -- built docker-v1.10-migrator commit 994c35c - -* Mon Oct 17 2016 Antonio Murdaca - 2:1.13-6.git222ea44 -- built docker @projectatomic/docker-1.13 commit 222ea44 -- built docker-selinux commit -- built d-s-s commit 96594f9 -- built docker-novolume-plugin commit -- built docker-runc @projectatomic/runc-1.13 commit 02f8fa7 -- built docker-utils commit -- built docker-containerd commit 837e8c5 -- built docker-v1.10-migrator commit 994c35c - -* Mon Oct 10 2016 Antonio Murdaca - 2:1.13-5.git222ea44 -- built docker @projectatomic/docker-1.13 commit 222ea44 -- built docker-selinux commit -- built d-s-s commit 194eca2 -- built docker-novolume-plugin commit -- built docker-runc @projectatomic/runc-1.13 commit 02f8fa7 -- built docker-utils commit -- built docker-containerd commit 837e8c5 -- built docker-v1.10-migrator commit 994c35c - -* Mon Oct 10 2016 Antonio Murdaca - 2:1.13-4.git222ea44 -- built docker @projectatomic/docker-1.13 commit 222ea44 -- built docker-selinux commit -- built d-s-s commit 194eca2 -- built docker-novolume-plugin commit -- built docker-runc @projectatomic/runc-1.13 commit 02f8fa7 -- built docker-utils commit -- built docker-containerd commit 837e8c5 -- built docker-v1.10-migrator commit 994c35c - -* Mon Oct 10 2016 Antonio Murdaca - 2:1.13-3.git222ea44 -- built docker @projectatomic/docker-1.13 commit 222ea44 -- built docker-selinux commit -- built d-s-s commit 194eca2 -- built docker-novolume-plugin commit -- built docker-runc @projectatomic/runc-1.13 commit 02f8fa7 -- built docker-utils commit -- built docker-containerd commit 837e8c5 -- built docker-v1.10-migrator commit 994c35c - -* Sun Oct 09 2016 Antonio Murdaca - 2:1.13-2.git222ea44 -- built docker @projectatomic/docker-1.13 commit 222ea44 -- built docker-selinux commit -- built d-s-s commit 194eca2 -- built docker-novolume-plugin commit -- built docker-runc @projectatomic/runc-1.13 commit 02f8fa7 -- built docker-utils commit -- built docker-containerd commit 837e8c5 -- built docker-v1.10-migrator commit 994c35c - -* Sun Oct 09 2016 Antonio Murdaca - 2:1.12.1-31.gite90aaf2 -- built docker @projectatomic/docker-1.12 commit e90aaf2 -- built docker-selinux commit a9e875a -- built d-s-s commit 194eca2 -- built docker-novolume-plugin commit c521254 -- built docker-runc @projectatomic/runc-1.12 commit f509e50 -- built docker-utils commit -- built docker-containerd commit 0ac3cd1 -- built docker-v1.10-migrator commit 994c35c - -* Mon Oct 03 2016 Lokesh Mandvekar - 2:1.12.1-30.git9a3752d -- s/docker-selinux/container-selinux/g -- built container-selinux commit a9e875a - -* Mon Oct 03 2016 Lokesh Mandvekar - 2:1.12.1-29.git9a3752d -- built lsm5/docker-selinux commit 5da3ac0 - -* Tue Sep 27 2016 Antonio Murdaca - 2:1.12.1-28.git9a3752d -- built docker @projectatomic/docker-1.12 commit 9a3752d -- built docker-selinux commit 346ed1d -- built d-s-s commit 194eca2 -- built docker-novolume-plugin commit c521254 -- built docker-runc @projectatomic/runc-1.12 commit f509e50 -- built docker-utils commit -- built docker-containerd commit 0ac3cd1 -- built docker-v1.10-migrator commit 994c35c -- Fix BZ#1379706 - -* Sun Sep 25 2016 Lokesh Mandvekar - 2:1.12.1-27.git9a3752d -- Resolves: #1379184 - include epoch in docker-common requirement - -* Sat Sep 24 2016 Antonio Murdaca - 2:1.12.1-26.git9a3752d -- built docker @projectatomic/docker-1.12 commit 9a3752d -- built docker-selinux commit 346ed1d -- built d-s-s commit 194eca2 -- built docker-novolume-plugin commit c521254 -- built docker-runc @projectatomic/runc-1.12 commit f509e50 -- built docker-utils commit -- built docker-containerd commit 0ac3cd1 -- built docker-v1.10-migrator commit 994c35c - -* Sat Sep 24 2016 Antonio Murdaca - 2:1.12.1-25.git9a3752d -- built docker @projectatomic/docker-1.12 commit 9a3752d -- built docker-selinux commit 346ed1d -- built d-s-s commit 194eca2 -- built docker-novolume-plugin commit c521254 -- built docker-runc @projectatomic/runc-1.12 commit f509e50 -- built docker-utils commit -- built docker-containerd commit 0ac3cd1 -- built docker-v1.10-migrator commit 994c35c -- add docker-common pkg (needed for docker-latest) - -* Sat Sep 17 2016 Antonio Murdaca - 2:1.12.1-24.git9a3752d -- built docker @projectatomic/docker-1.12 commit 9a3752d -- built docker-selinux commit 346ed1d -- built d-s-s commit 194eca2 -- built docker-novolume-plugin commit c521254 -- built docker-runc @projectatomic/runc-1.12 commit f509e50 -- built docker-utils commit -- built docker-containerd commit 0ac3cd1 -- built docker-v1.10-migrator commit 994c35c - -* Mon Sep 12 2016 Antonio Murdaca - 2:1.12.1-23.git9a3752d -- built docker @projectatomic/docker-1.12 commit 9a3752d -- built docker-selinux commit 346ed1d -- built d-s-s commit 194eca2 -- built docker-novolume-plugin commit 7715854 -- built docker-v1.10-migrator commit 994c35 -- build docker-runc @projectatomic/runc-1.12 commit f509e50 -- build docker-containerd commit 0ac3cd1 - -* Fri Sep 09 2016 Antonio Murdaca - 2:1.12.1-22.git9a3752d -- built docker @projectatomic/docker-1.12 commit 9a3752d -- built docker-selinux commit bcd6528 -- built d-s-s commit 194eca2 -- built docker-novolume-plugin commit 7715854 -- built docker-v1.10-migrator commit 994c35 -- build docker-runc @projectatomic/runc-1.12 commit f509e50 -- build docker-containerd commit 0ac3cd1 - -* Fri Sep 02 2016 Lokesh Mandvekar - 2:1.12.1-21.git2649fe1 -- built docker-selinux commit fd38eaf -- require selinux-policy >= 3.13.1-213 - -* Fri Sep 02 2016 Antonio Murdaca - 2:1.12.1-20.git2649fe1 -- bump release to ensure stable upgrade path from f25 to Rawhide - -* Fri Sep 02 2016 Antonio Murdaca - 2:1.12.1-7.git2649fe1 -- built docker @projectatomic/docker-1.12 commit 2649fe1 -- built docker-selinux commit bcd6528 -- built d-s-s commit 194eca2 -- built docker-novolume-plugin commit 7715854 -- built docker-v1.10-migrator commit 994c35 -- build docker-runc @projectatomic/runc-1.12 commit f509e50 -- build docker-containerd commit 0ac3cd1 - -* Mon Aug 29 2016 Antonio Murdaca - 2:1.12.1-6.gitf1040da -- Fix systemd cgroup -- Fix docker.service, docker-containerd.service - -* Thu Aug 25 2016 Antonio Murdaca - 2:1.12.1-5.git49151a1 -- bump runc commit to fix init.scope - -* Wed Aug 24 2016 Antonio Murdaca - 2:1.12.1-4.git49151a1 -- Fix BZ#1368999 - -* Tue Aug 23 2016 Antonio Murdaca - 2:1.12.1-3.git8ea583f -- use our forked projectatomic/runc instead of upstream - -* Mon Aug 22 2016 Antonio Murdaca - 2:1.12.1-2.git8ea583f -- Bump to 1.12.1 -- Fix BZ#1311750 - -* Mon Aug 08 2016 Dan Horák - 2:1.12.0-7.gitad4812e -- drop workaround for gcc-go based build on s390x, we have golang in F-25 and up - -* Wed Aug 03 2016 Antonio Murdaca - 2:1.12.0-6.gitad4812e -- rebuilt to fix docker.service unit for custom runtime - -* Wed Aug 03 2016 Antonio Murdaca - 2:1.12.0-5.gitad4812e -- rebuilt to use custom containerd-shim - -* Wed Aug 03 2016 Antonio Murdaca - 2:1.12.0-4.gitad4812e -- Resolves: #1362623 - -* Tue Aug 02 2016 Antonio Murdaca - 2:1.12.0-3.gitad4812e -- Fix containerd listen address - -* Fri Jul 29 2016 Antonio Murdaca - 2:1.12.0-2.gitad4812e -- Bump to 1.12.0 - -* Thu Jul 21 2016 Fedora Release Engineering - 2:1.11.2-13.git4ddbd3d -- https://fedoraproject.org/wiki/Changes/golang1.7 - -* Fri Jul 01 2016 Antonio Murdaca - 2:1.11.2-12.git4ddbd3d -- BZ#1350418 - Fix build broken for gcc-go - -* Thu Jun 30 2016 Antonio Murdaca - 2:1.11.2-11.git4ddbd3d -- rebuilt with runc with selinux - -* Sat Jun 25 2016 Lokesh Mandvekar - 2:1.11.2-10.git4ddbd3d -- built docker-selinux commit 7c94597 (for fedora) -- built docker-selinux commit 032bcda (for centos7) - -* Mon Jun 20 2016 Lokesh Mandvekar - 2:1.11.2-9.git4ddbd3d -- built docker-selinux commit 7c94597 - -* Mon Jun 20 2016 Lokesh Mandvekar - 2:1.11.2-8.git4ddbd3d -- Do not run migrator script via %%triggerin. If the docker daemon is already -running prior, the new daemon will be restarted which will handle migration. -Remove migrator subpackage from docker runtime deps -- From: Jonathan Lebon -- Versioned provides for docker-rhel-subscription -- Remove docker-utils subpackage - -* Mon Jun 20 2016 Lokesh Mandvekar - 2:1.11.2-7.git4ddbd3d -- Requires instead of Recommends if not fedora -- Remove docker-master name tag for centos - -* Mon Jun 20 2016 Antonio Murdaca - 2:1.11.2-6.git4ddbd3d -- requires iptables not firewalld - -* Thu Jun 09 2016 Antonio Murdaca - 2:1.11.2-5.git4ddbd3d -- built docker @projectatomic/docker-1.11 commit 4ddbd3d -- built docker-selinux commit f08f06d -- built d-s-s commit 194eca2 -- built docker-utils commit b851c03 -- built docker-novolume-plugin commit 7715854 -- built docker-v1.10-migrator commit 994c35 - -* Thu Jun 09 2016 Antonio Murdaca - 2:1.11.2-4.git40ea190 -- rebuilt - -* Thu Jun 09 2016 Sinny Kumari - 2:1.11.2-3.git40ea190 -- BZ#1326896 - Fix build issue on s390x architecture - -* Mon Jun 06 2016 Antonio Murdaca - 2:1.11.2-2.git40ea190 -- Resolves: #1327809 -- Resolves: #1330442 -- Resolves: #1340940 -- Resolves: #1316711 -- Resolves: #1317561 - -* Fri Jun 03 2016 Antonio Murdaca - 2:1.11.2-1.git40ea190 -- bump to docker 1.11.2 -- built docker @projectatomic/docker-1.11 commit 40ea190 -- built docker-selinux commit f08f06d -- built d-s-s commit 194eca2 -- built docker-utils commit b851c03 -- built docker-novolume-plugin commit 7715854 -- built docker-v1.10-migrator commit 994c35 - -* Thu May 26 2016 Lokesh Mandvekar - 2:1.11.1-5.git9dea74f -- Resolves: #1335649 - enable Red Hat subscription use in Docker containers on Fedora -- From: Daniel Riek - -* Sat May 21 2016 jchaloup - 2:1.11.1-4.git9dea74f -- Update devel subpackage - -* Fri May 20 2016 Antonio Murdaca - 2:1.11.1-3.git9dea74f -- built docker @projectatomic/docker-1.11 commit 9dea74f -- built docker-selinux commit 5b4f257 -- built d-s-s commit f087cb1 -- built docker-utils commit b851c03 -- built docker-novolume-plugin commit 7715854 -- built docker-v1.10-migrator commit 994c35 - -* Wed Apr 27 2016 Antonio Murdaca - 2:1.11.1-2.gitaaa9488 -- built docker @projectatomic/docker-1.11 commit#aaa9488 -- built docker-selinux commit#5b4f257 -- built d-s-s commit#f087cb1 -- built docker-utils commit#b851c03 -- built docker-novolume-plugin commit#7715854 -- built docker-v1.10-migrator commit#994c35 - -* Mon Apr 18 2016 Antonio Murdaca - 2:1.11-6.git69e6294 -- built docker @projectatomic/fedora-1.11 commit#69e6294 -- built docker-selinux commit#5b4f257 -- built d-s-s commit#f087cb1 -- built docker-utils commit#b851c03 -- built docker-novolume-plugin commit#7715854 -- built docker-v1.10-migrator commit#994c35 - -* Sat Apr 16 2016 Antonio Murdaca - 2:1.11-5.git69e6294 -- fixed containerd unit file - -* Fri Apr 15 2016 Antonio Murdaca - 2:1.11-4.git69e6294 -- fix containerd socket location - -* Fri Apr 15 2016 Antonio Murdaca - 2:1.11-3.git69e6294 -- rebuilt with fixes to unit files and re-enable debug - -* Thu Apr 14 2016 Antonio Murdaca - 2:1.11-2.git69e6294 -- built docker @projectatomic/fedora-1.11 commit#69e6294 -- built docker-selinux commit#2bc84ec -- built d-s-s commit#f087cb1 -- built docker-utils commit#b851c03 -- built docker-novolume-plugin commit#7715854 -- built docker-v1.10-migrator commit#994c35 - -* Tue Mar 29 2016 Lokesh Mandvekar - 2:1.10.3-4.gitf8a9a2a -- built docker @projectatomic/fedora-1.10.3 commit#f8a9a2a -- built docker-selinux commit#2bc84ec -- built d-s-s commit#f087cb1 -- built docker-utils commit#b851c03 -- built forward-journald commit#77e02a9 - -* Wed Mar 16 2016 Antonio Murdaca - 1:1.10.3-3.gitd93ee51 -- built docker @projectatomic/fedora-1.10.3 commit#d93ee51 -- built d-s-s commit#1c2b95b -- built docker-selinux commit#afc876c -- built docker-utils commit#dab51ac -- built docker-novolume-plugin commit#77a55c1 -- built docker-v1.10-migrator commit#994c35 - -* Wed Mar 16 2016 Antonio Murdaca - 1:1.10.3-2.gitc3689c7 -- built docker @projectatomic/fedora-1.10.3 commit#c3689c7 -- built d-s-s commit#1c2b95b -- built docker-selinux commit#afc876c -- built docker-utils commit#dab51ac -- built docker-novolume-plugin commit#77a55c1 -- built docker-v1.10-migrator commit#994c35 - -* Fri Mar 11 2016 Antonio Murdaca - 1:1.10.3-1.gite949a81 -- built docker @projectatomic/fedora-1.10.3 commit#e949a81 -- built d-s-s commit#1c2b95b -- built docker-selinux commit#afc876c -- built docker-utils commit#dab51ac -- built docker-novolume-plugin commit#77a55c1 -- built docker-v1.10-migrator commit#994c35 - -* Thu Mar 10 2016 Lokesh Mandvekar - 1:1.10.2-12.gitddbb15a -- Tmp Resolves: rhbz#1315903 - disable ppc64 build - -* Mon Mar 07 2016 Antonio Murdaca - 1:1.10.2-11.gitddbb15a -- built docker @projectatomic/fedora-1.10.2 commit#ddbb15a -- built d-s-s commit#1c2b95b -- built docker-selinux commit#afc876c -- built docker-utils commit#dab51ac -- built docker-novolume-plugin commit#77a55c1 -- built docker-v1.10-migrator commit#994c35 - -* Thu Mar 03 2016 Antonio Murdaca - 1:1.10.2-10.gitddbb15a -- built docker @projectatomic/fedora-1.10.2 commit#ddbb15a -- built d-s-s commit#1c2b95b -- built docker-selinux commit#afc876c -- built docker-utils commit#dab51ac -- built docker-novolume-plugin commit#e478a5c -- built docker-v1.10-migrator commit#994c35 - -* Wed Mar 02 2016 jchaloup 1:1.10.2-9.git0f5ac89 -- Update list of provided packages in devel subpackage - -* Tue Mar 1 2016 Peter Robinson 1:1.10.2-8.git0f5ac89 -- Power64 and s390(x) now have libseccomp support - -* Fri Feb 26 2016 Antonio Murdaca - 1:1.10.2-7.git0f5ac89 -- rebuilt to remove dockerroot user creation - -* Tue Feb 23 2016 Antonio Murdaca - 1:1.10.2-6.git0f5ac89 -- rebuilt to include dss_libdir directory - -* Mon Feb 22 2016 Antonio Murdaca - 1:1.10.2-5.git0f5ac89 -- built docker @projectatomic/fedora-1.10.2 commit#0f5ac89 -- built d-s-s commit#1c2b95b -- built docker-selinux commit#b8aae8f -- built docker-utils commit#dab51ac -- built docker-novolume-plugin commit#e478a5c -- built docker-v1.10-migrator commit#994c35 - -* Mon Feb 22 2016 Antonio Murdaca - 1:1.10.2-4.git86e59a5 -- rebuilt to include /usr/share/rhel/secrets for the secret patch we're carrying - -* Mon Feb 22 2016 Fedora Release Engineering - 1:1.10.2-3.git86e59a5 -- https://fedoraproject.org/wiki/Changes/golang1.6 - -* Mon Feb 22 2016 Antonio Murdaca - 1:1.10.2-2.git86e59a5 -- rebuilt with Recommends: oci-register-machine - -* Mon Feb 22 2016 Antonio Murdaca - 1:1.10.2-1.git86e59a5 -- built docker @projectatomic/fedora-1.10.2 commit#86e59a5 -- built d-s-s commit#1c2b95b -- built docker-selinux commit#b8aae8f -- built docker-utils commit#dab51ac -- built docker-novolume-plugin commit#e478a5c -- built docker-v1.10-migrator commit#994c35 - -* Thu Feb 18 2016 Antonio Murdaca - 1:1.10.1-8.git6c71d8f -- remove journald duplicated tag - -* Thu Feb 18 2016 Antonio Murdaca - 1:1.10.1-7.git6c71d8f -- BuildRequires libseccomp-static to compile -- Requires libseccomp - -* Thu Feb 18 2016 Antonio Murdaca - 1:1.10.1-6.git6c71d8f -- enable seccomp - -* Tue Feb 16 2016 Antonio Murdaca - 1:1.10.1-5.git6c71d8f -- built docker @projectatomic/fedora-1.10.1 commit#6c71d8f -- built d-s-s commit#1c2b95b -- built docker-selinux commit#b8aae8f -- built docker-utils commit#dab51ac -- built docker-novolume-plugin commit#e478a5c -- built docker-v1.10-migrator commit#994c35 - -* Tue Feb 16 2016 Antonio Murdaca - 1:1.10.1-4.git6c71d8f -- built docker @projectatomic/fedora-1.10.1 commit#6c71d8f -- built d-s-s commit#1c2b95b -- built docker-selinux commit#b8aae8f -- built docker-utils commit#dab51ac -- built docker-novolume-plugin commit#2103b9e -- built docker-v1.10-migrator commit#994c35 - -* Fri Feb 12 2016 Antonio Murdaca - 1:1.10.1-3.git49805e4 -- built docker @projectatomic/fedora-1.10.1 commit#49805e4 -- built d-s-s commit#1c2b95b -- built docker-selinux commit#b8aae8f -- built docker-utils commit#dab51ac -- built docker-novolume-plugin commit#d1a7f4a -- built docker-v1.10-migrator commit#994c35 - -* Fri Feb 12 2016 Antonio Murdaca - 1:1.10.1-2.git9c1310f -- built docker @projectatomic/fedora-1.10.1 commit#9c1310f -- built d-s-s commit#1c2b95b -- built docker-selinux commit#b8aae8f -- built docker-utils commit#dab51ac -- built docker-novolume-plugin commit#d1a7f4a -- built docker-v1.10-migrator commit#994c35 - -* Thu Feb 11 2016 Antonio Murdaca - 1:1.10.1-1.git1b79038 -- built docker @projectatomic/fedora-1.10.1 commit#1b79038 -- built d-s-s commit#1c2b95b -- built docker-selinux commit#b8aae8f -- built docker-utils commit#dab51ac -- built docker-novolume-plugin commit#d1a7f4a -- built docker-v1.10-migrator commit#994c35 - -* Thu Feb 11 2016 Antonio Murdaca - 1:1.10.0-29.git1b79038 -- built docker @projectatomic/fedora-1.10.1 commit#1b79038 -- built d-s-s commit#1c2b95b -- built docker-selinux commit#b8aae8f -- built docker-utils commit#dab51ac -- built docker-novolume-plugin commit#04307f5b -- built docker-v1.10-migrator commit#994c35 - -* Sat Feb 06 2016 Antonio Murdaca - 1:1.10.0-28.gitf392451 -- built docker @projectatomic/fedora-1.10 commit#f392451 -- built d-s-s commit#1c2b95b -- built docker-selinux commit#b8aae8f -- built docker-utils commit#dab51ac -- built docker-novolume-plugin commit#60b3a94 -- built docker-v1.10-migrator commit#994c35 - -* Fri Feb 05 2016 Antonio Murdaca - 1:1.10.0-27.gitf392451 -- built docker @projectatomic/fedora-1.10 commit#f392451 -- built d-s-s commit#1c2b95b -- built docker-selinux commit#b8aae8f -- built docker-utils commit#dab51ac -- built docker-novolume-plugin commit#1c2b95b -- built docker-v1.10-migrator commit#994c35c - -* Fri Feb 05 2016 Antonio Murdaca - 1:1.10.0-26.gitf2e80b0 -- built docker @projectatomic/fedora-1.10 commit#f2e80b0 -- built d-s-s commit#1c2b95b -- built docker-selinux commit#b8aae8f -- built docker-utils commit#dab51ac -- built docker-novolume-plugin commit#1c2b95b -- built docker-v1.10-migrator commit#994c35c - -* Thu Feb 04 2016 Lokesh Mandvekar - 1:1.10.0-24.gitd25c9e5 -- built docker @projectatomic/fedora-1.10 commit#d25c9e5 -- built d-s-s commit#1c2b95b -- built docker-selinux commit#b8aae8f -- built docker-utils commit#dab51ac -- built docker-novolume-plugin commit#1c2b95b -- built docker-v1.10-migrator commit#994c35c - -* Thu Feb 04 2016 Antonio Murdaca - 1:1.10.0-24.gitd25c9e5 -- built docker @projectatomic/fedora-1.10 commit#d25c9e5 -- built d-s-s commit#1c2b95b -- built docker-selinux commit#b8aae8f -- built docker-utils commit#dab51ac -- built docker-novolume-plugin commit#dab51ac - -* Wed Feb 03 2016 Fedora Release Engineering - 1:1.10.0-23.gitfb1a123 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild - -* Wed Feb 03 2016 Antonio Murdaca - 1:1.10.0-22.gitfb1a123 -- built docker @projectatomic/fedora-1.10 commit#fb1a123 -- built d-s-s commit#1c2b95b -- built docker-selinux commit#b8aae8f -- built docker-utils commit#dab51ac -- built docker-novolume-plugin commit#dab51ac - -* Mon Feb 01 2016 Lokesh Mandvekar - 1:1.10.0-21.gitd3f4a34 -- built docker @projectatomic/fedora-1.10 commit#d3f4a34 -- built docker-selinux commit#be16da7 -- built d-s-s commit#1c2b95b -- built docker-utils commit#dab51ac -- built docker-novolume-plugin commit#dab51ac - -* Fri Jan 29 2016 Lokesh Mandvekar - 1:1.10.0-20.gitd3f4a34 -- Resolves: rhbz#1303105 - own /usr/lib/docker-storage-setup -- create docker-novolume-plugin subpackage -- built docker @projectatomic/fedora-1.10 commit#d3f4a34 -- built docker-selinux commit#be16da7 -- built d-s-s commit#1c2b95b -- built docker-utils commit#dab51ac -- built docker-novolume-plugin commit#dab51ac - -* Wed Jan 27 2016 Lokesh Mandvekar - 1:1.10.0-19.gitb8b1153 -- built docker @projectatomic/fedora-1.10 commit#b8b1153 -- built docker-selinux commit#d9b67f9 -- built d-s-s commit#1c2b95b -- built docker-utils commit#dab51ac - -* Mon Jan 25 2016 Lokesh Mandvekar - 1:1.10.0-18.git314b2a0 -- Resolves: rhbz#1301198 - do not append distro tag to docker version -- built docker @projectatomic/fedora-1.10 commit#314b2a0 -- built docker-selinux commit#d9b67f9 -- built d-s-s commit#1c2b95b -- built docker-utils commit#dab51ac - -* Fri Jan 22 2016 Lokesh Mandvekar - 1:1.10.0-17.git5587979 -- built docker @projectatomic/fedora-1.10 commit#5587979 -- built docker-selinux commit#d9b67f9 -- built d-s-s commit#1c2b95b -- built docker-utils commit#dab51ac - -* Wed Jan 20 2016 Lokesh Mandvekar - 1:1.10.0-16.git9252953 -- built docker @projectatomic/fedora-1.10 commit#9252953 -- built docker-selinux commit#d9b67f9 -- built d-s-s commit#1c2b95b -- built docker-utils commit#dab51ac - -* Mon Jan 11 2016 Lokesh Mandvekar - 1:1.10.0-15.gite38a363 -- built docker @projectatomic/fedora-1.10 commit#e38a363 -- built docker-selinux commit#d9b67f9 -- built d-s-s commit#1c2b95b -- built docker-utils commit#dab51ac - -* Thu Jan 07 2016 Lokesh Mandvekar - 1:1.10.0-14.gite38a363 -- built docker @projectatomic/fedora-1.10 commit#e38a363 -- built docker-selinux commit#d9b67f9 -- built d-s-s commit#5bda7f8 -- built docker-utils commit#dab51ac - -* Thu Jan 07 2016 jchaloup - 1:1.10.0-13.gitc3726aa -- built with debug info - resolves: #1236317 - -* Thu Dec 10 2015 Lokesh Mandvekar - 1:1.10.0-12.gitc3726aa -- built docker @projectatomic/fedora-1.10 commit#c3726aa -- built docker-selinux commit#d9b67f9 -- built d-s-s commit#f399708 -- built docker-utils commit#dab51ac - -* Wed Dec 09 2015 Lokesh Mandvekar - 1:1.10.0-11.gitc3726aa -- built docker @projectatomic/fedora-1.10 commit#c3726aa -- built docker-selinux commit#d9b67f9 -- built d-s-s commit#e193b3b -- built docker-utils commit#dab51ac - -* Tue Dec 08 2015 Colin Walters - 1:1.10.0-10.git6d8d26a -- Use new standardized source format -- Resolves: https://bugzilla.redhat.com/1284150 - -* Wed Dec 02 2015 Lokesh Mandvekar - 1:1.10.0-9.git6d8d26a -- built docker @projectatomic/fedora-1.10 commit#6d8d26a -- built docker-selinux commit#d9b67f9 -- built d-s-s commit#0814c26 -- built docker-utils commit#dab51ac - -* Tue Dec 01 2015 Lokesh Mandvekar - 1:1.10.0-8.gita7f4806 -- use CAS for images and layers, upstream gh pr#17924 -- built docker @projectatomic/fedora-1.10 commit#a7f4806 -- built docker-selinux commit#d9b67f9 -- built d-s-s commit#0814c26 -- built docker-utils commit#dab51ac - -* Mon Nov 30 2015 Lokesh Mandvekar - 1:1.10.0-7.git42850f5 -- built docker @projectatomic/fedora-1.10 commit#42850f5 -- built docker-selinux commit#e522191 -- built d-s-s commit#0814c26 -- built docker-utils commit#dab51ac - -* Mon Nov 23 2015 Lokesh Mandvekar - 1:1.10.0-6.git39f99b6 -- built docker @projectatomic/fedora-1.10 commit#39f99b6 -- built docker-selinux commit#e522191 -- built d-s-s commit#0814c26 -- built docker-utils commit#dab51ac - -* Fri Nov 20 2015 Lokesh Mandvekar - 1:1.10.0-5.git0a9a759 -- built docker @projectatomic/fedora-1.10 commit#0a9a759 -- built docker-selinux commit#e522191 -- built d-s-s commit#0814c26 -- built docker-utils commit#dab51ac - -* Thu Nov 19 2015 Lokesh Mandvekar - 1:1.10.0-4.git8b9d2a6 -- built docker @projectatomic/fedora-1.10 commit#8b9d2a6 -- built docker-selinux commit#e522191 -- built d-s-s commit#0814c26 -- built docker-utils commit#dab51ac - -* Thu Nov 19 2015 Lokesh Mandvekar - 1:1.10.0-3.git8b9d2a6 -- built docker @projectatomic/fedora-1.10 commit#8b9d2a6 -- built docker-selinux commit#e522191 -- built d-s-s commit#c638a60 -- built docker-utils commit#dab51ac - -* Mon Nov 16 2015 Lokesh Mandvekar - 1:1.10.0-2.git6669c1a -- built docker @projectatomic/fedora-1.10 commit#6669c1a -- built docker-selinux commit#e522191 -- built d-s-s commit#c638a60 -- built docker-utils commit#dab51ac - -* Mon Nov 16 2015 Lokesh Mandvekar - 1:1.9.0-15.git6669c1a -- built docker @projectatomic/fedora-1.10 commit#6669c1a -- built docker-selinux commit#e522191 -- built d-s-s commit#c638a60 -- built docker-utils commit#dab51ac - -* Fri Nov 13 2015 Lokesh Mandvekar - 1:1.9.0-14.gite08c5ef -- built docker @projectatomic/fedora-1.10 commit#e08c5ef -- built docker-selinux commit#e522191 -- built d-s-s commit#e9722cc -- built docker-utils commit#dab51ac - -* Fri Nov 13 2015 Lokesh Mandvekar - 1:1.9.0-13.gite08c5ef -- built docker @projectatomic/fedora-1.10 commit#e08c5ef -- built docker-selinux commit#e522191 -- built d-s-s commit#e9722cc -- built docker-utils commit#dab51ac - -* Thu Nov 12 2015 Lokesh Mandvekar - 1:1.9.0-12.git1c1e196 -- Resolves: rhbz#1273893 -- From: Dan Walsh - -* Thu Nov 12 2015 Jakub Čajka - 1:1.9.0-11.git1c1e196 -- clean up macros overrides - -* Wed Nov 04 2015 Lokesh Mandvekar - 1:1.9.0-10.git1c1e196 -- built docker @projectatomic/fedora-1.9 commit#1c1e196 -- built docker-selinux commit#e522191 -- Dependency changes -- For docker: Requires: docker-selinux -- For docker-selinux: Requires(post): docker -- From: Dusty Mabe - -* Tue Oct 20 2015 Lokesh Mandvekar - 1:1.9.0-9.gitc743657 -- built docker @projectatomic/fedora-1.9 commit#c743657 -- built docker-selinux master commit#291bbab -- built d-s-s master commit#01df512 -- built docker-utils master commit#dab51ac - -* Wed Oct 14 2015 Lokesh Mandvekar - 1:1.9.0-8.git6024859 -- built docker @projectatomic/fedora-1.9 commit#6024859 -- built docker-selinux master commit#44abd21 -- built d-s-s master commit#6898d43 -- built docker-utils master commit#dab51ac - -* Mon Sep 21 2015 Lokesh Mandvekar - 1:1.9.0-7.git9107cd3 -- build docker @rhatdan/fedora-1.9 commit#9107cd3 -- built docker-selinux master commit#d6560f8 - -* Thu Sep 17 2015 Lokesh Mandvekar - 1:1.9.0-6.git05653f9 -- built docker @rhatdan/fedora-1.9 commit#05653f9 -- Resolves: rhbz#1264193, rhbz#1260392, rhbz#1264196 - -* Thu Sep 10 2015 Lokesh Mandvekar - 1:1.9.0-5.git11b81f9 -- built docker @rhatdan/fedora-1.9 commit#11b81f9 -- built d-s-s master commit#6898d43 -- built docker-selinux master commit#b5281b7 - -* Wed Sep 02 2015 Lokesh Mandvekar - 1:1.9.0-4.git566d2be -- Resolves: rhbz#1259427 - -* Mon Aug 24 2015 Lokesh Mandvekar - 1:1.9.0-3.git566d2be -- built docker @rhatdan/ commit#566d2be -- built d-s-s master commit#d3b9ba7 -- built docker-selinux master commit#6267b83 -- built docker-utils master commit#dab51ac - -* Fri Aug 14 2015 Lokesh Mandvekar - 1:1.9.0-2.gitf8950e0 -- built docker @rhatdan/fedora-1.9 commit#f8950e0 -- built d-s-s master commit#ac1b30e -- built docker-selinux master commit#16ebd81 -- built docker-utils master commit#dab51ac - -* Thu Aug 13 2015 Lokesh Mandvekar - 1:1.9.0-1 -- built docker @rhatdan/fedora-1.9 commit#b4e2cc5 -- built d-s-s master commit#ac1b30e -- built docker-selinux master commit#16ebd81 -- built docker-utils master commit#dab51ac - -* Thu Aug 06 2015 Lokesh Mandvekar - 1:1.8.0-11.git59a228f -- built docker @lsm5/fedora commit#59a228f - -* Mon Aug 03 2015 Lokesh Mandvekar - 1:1.8.0-10.gitba026e3 -- built docker @rhatdan/fedora-1.8 commit#ba026e3 -- built d-s-s master commit#b152398 -- built docker-selinux master commit#16ebd81 - -* Mon Aug 03 2015 Lokesh Mandvekar - 1:1.8.0-9.gitc7eed6c -- built docker @lsm5/fedora commit#c7eed6c - -* Thu Jul 30 2015 Lokesh Mandvekar - 1:1.8.0-8.git2df828d -- built docker @rhatdan/fedora-1.8 commit#2df828d -- built d-s-s master commit#b152398 -- built docker-selinux master commit#16ebd81 - -* Tue Jul 28 2015 Lokesh Mandvekar - 1.8.0-7.git5062080 -- include epoch for downgrading purposes - -* Fri Jul 24 2015 Tomas Radej - 1.8.0-6.git5062080 -- Updated dep on policycoreutils-python-utils - -* Fri Jul 17 2015 Lokesh Mandvekar - 1.8.0-6.git5062080 -- package provides: docker-engine - -* Thu Jul 02 2015 Lokesh Mandvekar - 1.8.0-6.git5062080 -- built docker @lsm5/fedora-1.8 commit#6c23e87 -- enable non-x86_64 builds again - -* Tue Jun 30 2015 Lokesh Mandvekar - 1.8.0-5.git6d5bfe5 -- built docker @lsm5/fedora-1.8 commit#6d5bfe5 -- make test-unit and make test-docker-py successful - -* Mon Jun 29 2015 Lokesh Mandvekar - 1.8.0-4.git0d8fd7c -- build docker @lsm5/fedora-1.8 commit#0d8fd7c -- disable non-x86_64 for this build -- use same distro as host for running tests -- docker.service Wants docker-storage-setup.service - -* Mon Jun 29 2015 Lokesh Mandvekar - 1.8.0-3.gita2f1a81 -- built docker @lsm5/fedora commit#a2f1a81 - -* Sat Jun 27 2015 Lokesh Mandvekar - 1.8.0-2.git1cad29d -- built docker @lsm5/fedora commit#1cad29d - -* Fri Jun 26 2015 Lokesh Mandvekar - 1.8.0-1 -- New version: 1.8.0, built docker @lsm5/commit#96ebfd2 - -* Fri Jun 26 2015 Lokesh Mandvekar - 1.7.0-21.gitdcff4e1 -- build dss master commit#90f4a5f -- build docker-selinux master commit#bebf349 -- update manpage build script path - -* Wed Jun 17 2015 Fedora Release Engineering - 1.7.0-20.gitdcff4e1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild - -* Mon Jun 15 2015 jchaloup - 1.7.0-19.gitdcff4e1 -- Remove docker.initd as it requires /sbin/runtime no packages in Fedora - -* Fri Jun 12 2015 jchaloup - 1.7.0-18.gitdcff4e1 -- Add docker-unit-test subpackage for CI testing -- Add with_devel and with_unit_test macros -- Remove devel's runtime deps on golang - -* Tue Jun 09 2015 Lokesh Mandvekar - 1.7.0-17.gitdcff4e1 -- Include d-s-s into the main docker package -- Obsolete docker-storage-setup <= 0.5-3 - -* Mon Jun 08 2015 Lokesh Mandvekar - 1.7.0-16.gitdcff4e1 -- Resolves: rhbz#1229433 - update docker-selinux to commit#99c4c7 - -* Mon Jun 08 2015 Lokesh Mandvekar - 1.7.0-15.gitdcff4e1 -- disable debuginfo because it breaks docker - -* Sun Jun 07 2015 Dennis Gilmore - 1.7.0-14.gitdcff4e1 -- enable %%{ix86} -- remove vishvananda/netns/netns_linux_amd.go file if %%{ix86} architecture is used - -* Fri Jun 05 2015 Lokesh Mandvekar - 1.7.0-13.gitdcff4e1 -- built docker @lsm5/fedora commit#dcff4e1 - -* Thu Jun 04 2015 Lokesh Mandvekar - 1.7.0-12.git9910a0c -- built docker @lsm5/fedora commit#9910a0c - -* Tue Jun 02 2015 jchaloup - 1.7.0-11.gita53a6e6 -- remove vishvananda/netns/netns_linux_amd.go file if arm architecture is used -- add debug info - -* Mon Jun 01 2015 Lokesh Mandvekar - 1.7.0-10.gita53a6e6 -- built docker @lsm5/fedora commit#a53a6e6 - -* Sat May 30 2015 Lokesh Mandvekar - 1.7.0-9.git49d9a3f -- built docker @lsm5/fedora commit#49d9a3f - -* Fri May 29 2015 Lokesh Mandvekar - 1.7.0-8.git0d35ceb -- built docker @lsm5/fedora commit#0d35ceb - -* Thu May 28 2015 Lokesh Mandvekar - 1.7.0-7.git6d76e4c -- built docker @rhatdan/fedora-1.7 commit#6d76e4c -- built docker-selinux master commit#e86b2bc - -* Fri May 08 2015 Lokesh Mandvekar - 1.7.0-6.git56481a3 -- include distro tag in VERSION - -* Thu Apr 30 2015 Lokesh Mandvekar - 1.7.0-5.git56481a3 -- include docker-selinux for centos7 and rhel7 - -* Thu Apr 30 2015 Lokesh Mandvekar - 1.7.0-4.git56481a3 -- increment release tag to sync with docker-master on centos7 - -* Thu Apr 30 2015 Lokesh Mandvekar - 1.7.0-3.git56481a3 -- built docker @lsm5/fedora commit#56481a3 - -* Mon Apr 20 2015 Lokesh Mandvekar - 1.7.0-2.git50ef691 -- built docker @lsm5/fedora commit#50ef691 - -* Mon Apr 20 2015 Lokesh Mandvekar - 1.7.0-1 -- New version: 1.7.0, built docker @lsm5/commit#50ef691 - -* Sat Apr 11 2015 Lokesh Mandvekar - 1.5.0-33.git1dcc59a -- built docker @lsm5/fedora commit#1dcc59a - -* Thu Apr 09 2015 Lokesh Mandvekar - 1.5.0-32.gitf7125f9 -- built docker @lsm5/fedora commit#f7125f9 - -* Wed Apr 08 2015 Lokesh Mandvekar - 1.5.0-31.git7091837 -- built docker @lsm5/fedora commit#7091837 - -* Wed Apr 01 2015 Lokesh Mandvekar - 1.5.0-30.gitece2f2d -- built docker @lsm5/fedora commit#ece2f2d - -* Mon Mar 30 2015 Lokesh Mandvekar - 1.5.0-29.gitc9c16a3 -- built docker @lsm5/fedora commit#c9c16a3 - -* Mon Mar 30 2015 Lokesh Mandvekar - 1.5.0-28.git39c97c2 -- built docker @lsm5/fedora commit#39c97c2 - -* Sun Mar 29 2015 Lokesh Mandvekar - 1.5.0-27.git937f8fc -- built docker @lsm5/fedora commit#937f8fc - -* Sat Mar 28 2015 Lokesh Mandvekar - 1.5.0-26.gitbbc21e4 -- built docker @lsm5/fedora commit#bbc21e4 - -* Tue Mar 24 2015 Lokesh Mandvekar - 1.5.0-25.git5ebfacd -- move selinux post/postun to its own subpackage -- correct docker-selinux min nvr for docker main package - -* Tue Mar 24 2015 Lokesh Mandvekar - 1.5.0-24.git5ebfacd -- docker-selinux shouldn't require docker -- move docker-selinux's post and postun to docker's - -* Sun Mar 22 2015 Lokesh Mandvekar - 1.5.0-23.git5ebfacd -- increment release tag as -22 was already built without conditionals for f23 -and docker-selinux -- Source7 only for f23+ - -* Sun Mar 22 2015 Lokesh Mandvekar - 1.5.0-22.git5ebfacd -- Rename package to 'docker', metaprovide: docker-io* -- Obsolete docker-io release 21 -- no separate version tag for docker-selinux -- docker-selinux only for f23+ - -* Fri Mar 20 2015 Lokesh Mandvekar - 1.5.0-21.git5ebfacd -- selinux specific rpm code from Lukas Vrabec -- use spaces instead of tabs - -* Tue Mar 17 2015 Lokesh Mandvekar - 1.5.0-20.git5ebfacd -- built commit#5ebfacd - -* Mon Mar 16 2015 Lokesh Mandvekar - 1.5.0-19.git5d7adce -- built commit#5d7adce - -* Thu Mar 05 2015 Lokesh Mandvekar - 1.5.0-18.git92e632c -- built commit#92e632c - -* Wed Mar 04 2015 Lokesh Mandvekar - 1.5.0-17.git0f6704f -- built commit#0f6704f - -* Tue Mar 03 2015 Lokesh Mandvekar - 1.5.0-16.git8e107a9 -- built commit#8e107a9 - -* Sun Mar 01 2015 Lokesh Mandvekar - 1.5.0-15.gita61716e -- built commit#a61716e - -* Sat Feb 28 2015 Lokesh Mandvekar - 1.5.0-14.gitb52a2cf -- built commit#b52a2cf - -* Fri Feb 27 2015 Lokesh Mandvekar - 1.5.0-13.gitf5850e8 -- built commit#f5850e8 - -* Thu Feb 26 2015 Lokesh Mandvekar - 1.5.0-12.git7e2328b -- built commit#7e2328b - -* Wed Feb 25 2015 Lokesh Mandvekar - 1.5.0-11.git09b785f -- remove add-X-flag.patch -- require selinux-policy >= 3.13.1-114 for fedora >= 23 (RE: rhbz#1195804) - -* Mon Feb 23 2015 Lokesh Mandvekar - 1.5.0-10.git09b785f -- Resolves: rhbz#1195328 - solve build failures by adding -X flag back -also see (https://github.com/docker/docker/issues/9207#issuecomment-75578730) - -* Wed Feb 18 2015 Lokesh Mandvekar - 1.5.0-9.git09b785f -- built commit#09b785f - -* Tue Feb 17 2015 Lokesh Mandvekar - 1.5.0-8.git2243e32 -- re-add detailed provides in -devel package -NOTE: (only providing the root path doesn't help in building packages like -kubernetes) - -* Tue Feb 17 2015 Lokesh Mandvekar - 1.5.0-7.git2243e32 -- built commit#2243e32 - -* Tue Feb 17 2015 Lokesh Mandvekar - 1.5.0-6.git2243e32 -- built commit#2243e32 - -* Sun Feb 15 2015 Lokesh Mandvekar - 1.5.0-5.git028968f -- built commit#028968f - -* Sat Feb 14 2015 Lokesh Mandvekar - 1.5.0-4.git9456a25 -- built commit#9456a25 - -* Thu Feb 12 2015 Lokesh Mandvekar - 1.5.0-3.git802802b -- built commit#802802b - -* Wed Feb 11 2015 Lokesh Mandvekar - 1.5.0-2.git54b59c2 -- provide golang paths only upto the repo's root dir -- merge pkg-devel into devel - -* Wed Feb 11 2015 Lokesh Mandvekar - 1.5.0-1 -- New version: 1.5.0, built commit#54b59c2 - -* Tue Feb 10 2015 Lokesh Mandvekar - 1.4.1-27.git76baa35 -- daily rebuild - Tue Feb 10 01:19:10 CET 2015 - -* Mon Feb 09 2015 Lokesh Mandvekar - 1.4.1-26.gitc03d6f5 -- add config variable for insecure registry - -* Sat Feb 07 2015 Lokesh Mandvekar - 1.4.1-25.gitc03d6f5 -- daily rebuild - Sat Feb 7 02:53:34 UTC 2015 - -* Fri Feb 06 2015 Lokesh Mandvekar - 1.4.1-24.git68b0ed5 -- daily rebuild - Fri Feb 6 04:27:54 UTC 2015 - -* Wed Feb 04 2015 Lokesh Mandvekar - 1.4.1-23.git7cc9858 -- daily rebuild - Wed Feb 4 22:08:05 UTC 2015 - -* Wed Feb 04 2015 Lokesh Mandvekar - 1.4.1-22.git165ea5c -- daily rebuild - Wed Feb 4 03:10:41 UTC 2015 - -* Wed Feb 04 2015 Lokesh Mandvekar - 1.4.1-21.git165ea5c -- daily rebuild - Wed Feb 4 03:09:20 UTC 2015 - -* Tue Feb 03 2015 Lokesh Mandvekar - 1.4.1-20.git662dffe -- Resolves: rhbz#1184266 - enable debugging -- Resolves: rhbz#1190748 - enable core dumps with no size limit - -* Tue Feb 03 2015 Lokesh Mandvekar - 1.4.1-19.git662dffe -- daily rebuild - Tue Feb 3 04:56:36 UTC 2015 - -* Mon Feb 02 2015 Dennis Gilmore 1.4.1-18.git9273040 -- enable building on %%{arm} - -* Mon Feb 02 2015 Lokesh Mandvekar - 1.4.1-17.git9273040 -- daily rebuild - Mon Feb 2 00:08:17 UTC 2015 - -* Sun Feb 01 2015 Lokesh Mandvekar - 1.4.1-16.git01864d3 -- daily rebuild - Sun Feb 1 00:00:57 UTC 2015 - -* Sat Jan 31 2015 Lokesh Mandvekar - 1.4.1-15.gitd400ac7 -- daily rebuild - Sat Jan 31 05:08:46 UTC 2015 - -* Sat Jan 31 2015 Lokesh Mandvekar - 1.4.1-14.gitd400ac7 -- daily rebuild - Sat Jan 31 05:07:37 UTC 2015 - -* Thu Jan 29 2015 Lokesh Mandvekar - 1.4.1-13.gitd400ac7 -- daily rebuild - Thu Jan 29 14:13:04 UTC 2015 - -* Wed Jan 28 2015 Lokesh Mandvekar - 1.4.1-12.gitde52a19 -- daily rebuild - Wed Jan 28 02:17:47 UTC 2015 - -* Tue Jan 27 2015 Lokesh Mandvekar - 1.4.1-11.gitacb8e08 -- daily rebuild - Tue Jan 27 02:37:34 UTC 2015 - -* Sun Jan 25 2015 Lokesh Mandvekar - 1.4.1-10.gitb1f2fde -- daily rebuild - Sun Jan 25 21:44:48 UTC 2015 - -* Sun Jan 25 2015 Lokesh Mandvekar - 1.4.1-9 -- use vendored sources (not built) - -* Fri Jan 23 2015 Lokesh Mandvekar - 1.4.1-8 -- Resolves:rhbz#1185423 - MountFlags=slave in unitfile -- use golang(github.com/coreos/go-systemd/activation) - -* Fri Jan 16 2015 Lokesh Mandvekar - 1.4.1-7 -- docker group no longer used or created -- no socket activation -- config file updates to include info about docker_transition_unconfined -boolean - -* Fri Jan 16 2015 Lokesh Mandvekar - 1.4.1-6 -- run tests inside a docker repo (doesn't affect koji builds - not built) - -* Tue Jan 13 2015 Lokesh Mandvekar - 1.4.1-5 -- Resolves: rhbz#1169593 patch to set DOCKER_CERT_PATH regardless of config file - -* Thu Jan 08 2015 Lokesh Mandvekar - 1.4.1-4 -- allow unitfile to use /etc/sysconfig/docker-network -- MountFlags private - -* Fri Dec 19 2014 Dan Walsh - 1.4.1-3 -- Add check to run unit tests - -* Thu Dec 18 2014 Lokesh Mandvekar - 1.4.1-2 -- update and rename logrotate cron script -- install /etc/sysconfig/docker-network - -* Wed Dec 17 2014 Lokesh Mandvekar - 1.4.1-1 -- Resolves: rhbz#1175144 - update to upstream v1.4.1 -- Resolves: rhbz#1175097, rhbz#1127570 - subpackages -for fish and zsh completion and vim syntax highlighting -- Provide subpackage to run logrotate on running containers as a daily cron -job - -* Thu Dec 11 2014 Lokesh Mandvekar - 1.4.0-2 -- update metaprovides - -* Thu Dec 11 2014 Lokesh Mandvekar - 1.4.0-1 -- Resolves: rhbz#1173324 -- Resolves: rhbz#1172761 - CVE-2014-9356 -- Resolves: rhbz#1172782 - CVE-2014-9357 -- Resolves: rhbz#1172787 - CVE-2014-9358 -- update to upstream v1.4.0 -- override DOCKER_CERT_PATH in sysconfig instead of patching the source -- create dockerroot user if doesn't exist prior - -* Tue Dec 09 2014 Lokesh Mandvekar - 1.3.2-6.gitbb24f99 -- use /etc/docker instead of /.docker -- use upstream master commit bb24f99d741cd8d6a8b882afc929c15c633c39cb -- include DOCKER_TMPDIR variable in /etc/sysconfig/docker - -* Mon Dec 08 2014 Lokesh Mandvekar - 1.3.2-5 -- Revert to using upstream release 1.3.2 - -* Tue Dec 02 2014 Lokesh Mandvekar - 1.3.2-4.git353ff40 -- Resolves: rhbz#1169151, rhbz#1169334 - -* Sun Nov 30 2014 Lokesh Mandvekar - 1.3.2-3.git353ff40 -- Resolves: rhbz#1169035, rhbz#1169151 -- bring back golang deps (except libcontainer) - -* Tue Nov 25 2014 Lokesh Mandvekar - 1.3.2-2 -- install sources skipped prior - -* Tue Nov 25 2014 Lokesh Mandvekar - 1.3.2-1 -- Resolves: rhbz#1167642 - Update to upstream v1.3.2 -- Resolves: rhbz#1167505, rhbz#1167507 - CVE-2014-6407 -- Resolves: rhbz#1167506 - CVE-2014-6408 -- use vendor/ dir for golang deps for this NVR (fix deps soon after) - -* Wed Nov 19 2014 Lokesh Mandvekar - 1.3.1-3 -- Resolves: rhbz#1165615 - -* Fri Oct 31 2014 Lokesh Mandvekar - 1.3.1-2 -- Remove pandoc from build reqs - -* Fri Oct 31 2014 Lokesh Mandvekar - 1.3.1-1 -- update to v1.3.1 - -* Mon Oct 20 2014 Lokesh Mandvekar - 1.3.0-1 -- Resolves: rhbz#1153936 - update to v1.3.0 -- don't install zsh files -- iptables=false => ip-masq=false - -* Wed Oct 08 2014 Lokesh Mandvekar - 1.2.0-5 -- Resolves: rhbz#1149882 - systemd unit and socket file updates - -* Tue Sep 30 2014 Lokesh Mandvekar - 1.2.0-4 -- Resolves: rhbz#1139415 - correct path for bash completion - /usr/share/bash-completion/completions -- versioned provides for docker -- golang versioned requirements for devel and pkg-devel -- remove macros from changelog -- don't own dirs owned by vim, systemd, bash - -* Thu Sep 25 2014 Lokesh Mandvekar - 1.2.0-3 -- Resolves: rhbz#1145660 - support /etc/sysconfig/docker-storage - From: Colin Walters -- patch to ignore selinux if it's disabled - https://github.com/docker/docker/commit/9e2eb0f1cc3c4ef000e139f1d85a20f0e00971e6 - From: Dan Walsh - -* Sun Aug 24 2014 Lokesh Mandvekar - 1.2.0-2 -- Provides docker only for f21 and above - -* Sat Aug 23 2014 Lokesh Mandvekar - 1.2.0-1 -- Resolves: rhbz#1132824 - update to v1.2.0 - -* Sat Aug 16 2014 Fedora Release Engineering - 1.1.2-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild - -* Fri Aug 01 2014 Lokesh Mandvekar - 1.1.2-2 -- change conditionals - -* Thu Jul 31 2014 Lokesh Mandvekar - 1.1.2-1 -- Resolves: rhbz#1124036 - update to upstream v1.1.2 - -* Mon Jul 28 2014 Vincent Batts - 1.0.0-10 -- split out the import_path/pkg/... libraries, to avoid cyclic deps with libcontainer - -* Thu Jul 24 2014 Lokesh Mandvekar - 1.0.0-9 -- /etc/sysconfig/docker should be config(noreplace) - -* Wed Jul 23 2014 Lokesh Mandvekar - 1.0.0-8 -- Resolves: rhbz#1119849 -- Resolves: rhbz#1119413 - min delta between upstream and packaged unitfiles -- devel package owns directories it creates -- ensure min NVRs used for systemd contain fixes RE: CVE-2014-3499 - -* Wed Jul 16 2014 Vincent Batts - 1.0.0-7 -- clean up gopath -- add Provides for docker libraries -- produce a -devel with docker source libraries -- accomodate golang rpm macros - -* Tue Jul 01 2014 Lokesh Mandvekar - 1.0.0-6 -- Resolves: rhbz#1114810 - CVE-2014-3499 (correct bz#) - -* Tue Jul 01 2014 Lokesh Mandvekar - 1.0.0-5 -- Resolves: rhbz#11114810 - CVE-2014-3499 - -* Tue Jun 24 2014 Lokesh Mandvekar - 1.0.0-4 -- Set mode,user,group in docker.socket file - -* Sat Jun 14 2014 Lokesh Mandvekar - 1.0.0-3 -- correct bogus date - -* Sat Jun 14 2014 Lokesh Mandvekar - 1.0.0-2 -- RHBZ#1109533 patch libcontainer for finalize namespace error -- RHBZ#1109039 build with updated golang-github-syndtr-gocapability -- install Dockerfile.5 manpage - -* Mon Jun 09 2014 Lokesh Mandvekar - 1.0.0-1 -- upstream version bump to v1.0.0 - -* Mon Jun 09 2014 Lokesh Mandvekar - 0.12.0-1 -- RHBZ#1105789 Upstream bump to 0.12.0 - -* Sat Jun 07 2014 Fedora Release Engineering - 0.11.1-12 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild - -* Thu Jun 05 2014 Lokesh Mandvekar - 0.11.1-11 -- unitfile should Require socket file (revert change in release 10) - -* Fri May 30 2014 Lokesh Mandvekar - 0.11.1-10 -- do not require docker.socket in unitfile - -* Thu May 29 2014 Lokesh Mandvekar - 0.11.1-9 -- BZ: change systemd service type to 'notify' - -* Thu May 29 2014 Lokesh Mandvekar - 0.11.1-8 -- use systemd socket-activation version - -* Thu May 29 2014 Lokesh Mandvekar - 0.11.1-7 -- add "Provides: docker" as per FPC exception (Matthew Miller - ) - -* Thu May 29 2014 Lokesh Mandvekar - 0.11.1-6 -- don't use docker.sysconfig meant for sysvinit (just to avoid confusion) - -* Thu May 29 2014 Lokesh Mandvekar - 0.11.1-5 -- Bug 1084232 - add /etc/sysconfig/docker for additional args - -* Tue May 27 2014 Lokesh Mandvekar - 0.11.1-4 -- patches for BZ 1088125, 1096375 - -* Fri May 09 2014 Lokesh Mandvekar - 0.11.1-3 -- add selinux buildtag -- enable selinux in unitfile - -* Fri May 09 2014 Lokesh Mandvekar - 0.11.1-2 -- get rid of conditionals, separate out spec for each branch - -* Thu May 08 2014 Lokesh Mandvekar - 0.11.1-1 -- Bug 1095616 - upstream bump to 0.11.1 -- manpages via pandoc - -* Mon Apr 14 2014 Lokesh Mandvekar - 0.10.0-2 -- regenerate btrfs removal patch -- update commit value - -* Mon Apr 14 2014 Lokesh Mandvekar - 0.10.0-1 -- include manpages from contrib - -* Wed Apr 09 2014 Bobby Powers - 0.10.0-1 -- Upstream version bump - -* Thu Mar 27 2014 Lokesh Mandvekar - 0.9.1-1 -- BZ 1080799 - upstream version bump - -* Thu Mar 13 2014 Adam Miller - 0.9.0-3 -- Add lxc requirement for EPEL6 and patch init script to use lxc driver -- Remove tar dep, no longer needed -- Require libcgroup only for EPEL6 - -* Tue Mar 11 2014 Lokesh Mandvekar - 0.9.0-2 -- lxc removed (optional) - http://blog.docker.io/2014/03/docker-0-9-introducing-execution-drivers-and-libcontainer/ - -* Tue Mar 11 2014 Lokesh Mandvekar - 0.9.0-1 -- BZ 1074880 - upstream version bump to v0.9.0 - -* Wed Feb 19 2014 Lokesh Mandvekar - 0.8.1-1 -- Bug 1066841 - upstream version bump to v0.8.1 -- use sysvinit files from upstream contrib -- BR golang >= 1.2-7 - -* Thu Feb 13 2014 Adam Miller - 0.8.0-3 -- Remove unneeded sysctl settings in initscript - https://github.com/dotcloud/docker/pull/4125 - -* Sat Feb 08 2014 Lokesh Mandvekar - 0.8.0-2 -- ignore btrfs for rhel7 and clones for now -- include vim syntax highlighting from contrib/syntax/vim - -* Wed Feb 05 2014 Lokesh Mandvekar - 0.8.0-1 -- upstream version bump -- don't use btrfs for rhel6 and clones (yet) - -* Mon Jan 20 2014 Lokesh Mandvekar - 0.7.6-2 -- bridge-utils only for rhel < 7 -- discard freespace when image is removed - -* Thu Jan 16 2014 Lokesh Mandvekar - 0.7.6-1 -- upstream version bump v0.7.6 -- built with golang >= 1.2 - -* Thu Jan 09 2014 Lokesh Mandvekar - 0.7.5-1 -- upstream version bump to 0.7.5 - -* Thu Jan 09 2014 Lokesh Mandvekar - 0.7.4-1 -- upstream version bump to 0.7.4 (BZ #1049793) -- udev rules file from upstream contrib -- unit file firewalld not used, description changes - -* Mon Jan 06 2014 Lokesh Mandvekar - 0.7.3-3 -- udev rules typo fixed (BZ 1048775) - -* Sat Jan 04 2014 Lokesh Mandvekar - 0.7.3-2 -- missed commit value in release 1, updated now -- upstream release monitoring (BZ 1048441) - -* Sat Jan 04 2014 Lokesh Mandvekar - 0.7.3-1 -- upstream release bump to v0.7.3 - -* Thu Dec 19 2013 Lokesh Mandvekar - 0.7.2-2 -- require xz to work with ubuntu images (BZ #1045220) - -* Wed Dec 18 2013 Lokesh Mandvekar - 0.7.2-1 -- upstream release bump to v0.7.2 - -* Fri Dec 06 2013 Vincent Batts - 0.7.1-1 -- upstream release of v0.7.1 - -* Mon Dec 02 2013 Lokesh Mandvekar - 0.7.0-14 -- sysvinit patch corrected (epel only) -- 80-docker.rules unified for udisks1 and udisks2 - -* Mon Dec 02 2013 Lokesh Mandvekar - 0.7.0-13 -- removed firewall-cmd --add-masquerade - -* Sat Nov 30 2013 Lokesh Mandvekar - 0.7.0-12 -- systemd for fedora >= 18 -- firewalld in unit file changed from Requires to Wants -- firewall-cmd --add-masquerade after docker daemon start in unit file - (Michal Fojtik ), continue if not present (Michael Young - ) -- 80-docker.rules included for epel too, ENV variables need to be changed for - udisks1 - -* Fri Nov 29 2013 Marek Goldmann - 0.7.0-11 -- Redirect docker log to /var/log/docker (epel only) -- Removed the '-b none' parameter from sysconfig, it's unnecessary since - we create the bridge now automatically (epel only) -- Make sure we have the cgconfig service started before we start docker, - RHBZ#1034919 (epel only) - -* Thu Nov 28 2013 Lokesh Mandvekar - 0.7.0-10 -- udev rules added for fedora >= 19 BZ 1034095 -- epel testing pending - -* Thu Nov 28 2013 Lokesh Mandvekar - 0.7.0-9 -- requires and started after firewalld - -* Thu Nov 28 2013 Lokesh Mandvekar - 0.7.0-8 -- iptables-fix patch corrected - -* Thu Nov 28 2013 Lokesh Mandvekar - 0.7.0-7 -- use upstream tarball and patch with mgoldman's commit - -* Thu Nov 28 2013 Lokesh Mandvekar - 0.7.0-6 -- using mgoldman's shortcommit value 0ff9bc1 for package (BZ #1033606) -- https://github.com/dotcloud/docker/pull/2907 - -* Wed Nov 27 2013 Adam Miller - 0.7.0-5 -- Fix up EL6 preun/postun to not fail on postun scripts - -* Wed Nov 27 2013 Lokesh Mandvekar - 0.7.0-4 -- brctl patch for rhel <= 7 - -* Wed Nov 27 2013 Vincent Batts - 0.7.0-3 -- Patch how the bridge network is set up on RHEL (BZ #1035436) - -* Wed Nov 27 2013 Vincent Batts - 0.7.0-2 -- add libcgroup require (BZ #1034919) - -* Tue Nov 26 2013 Marek Goldmann - 0.7.0-1 -- Upstream release 0.7.0 -- Using upstream script to build the binary - -* Mon Nov 25 2013 Vincent Batts - 0.7-0.20.rc7 -- correct the build time defines (bz#1026545). Thanks dan-fedora. - -* Fri Nov 22 2013 Adam Miller - 0.7-0.19.rc7 -- Remove xinetd entry, added sysvinit - -* Fri Nov 22 2013 Lokesh Mandvekar - 0.7-0.18.rc7 -- rc version bump - -* Wed Nov 20 2013 Lokesh Mandvekar - 0.7-0.17.rc6 -- removed ExecStartPost lines from docker.service (BZ #1026045) -- dockerinit listed in files - -* Wed Nov 20 2013 Vincent Batts - 0.7-0.16.rc6 -- adding back the none bridge patch - -* Wed Nov 20 2013 Vincent Batts - 0.7-0.15.rc6 -- update docker source to crosbymichael/0.7.0-rc6 -- bridge-patch is not needed on this branch - -* Tue Nov 19 2013 Vincent Batts - 0.7-0.14.rc5 -- update docker source to crosbymichael/0.7-rc5 -- update docker source to 457375ea370a2da0df301d35b1aaa8f5964dabfe -- static magic -- place dockerinit in a libexec -- add sqlite dependency - -* Sat Nov 02 2013 Lokesh Mandvekar - 0.7-0.13.dm -- docker.service file sets iptables rules to allow container networking, this - is a stopgap approach, relevant pull request here: - https://github.com/dotcloud/docker/pull/2527 - -* Sat Oct 26 2013 Lokesh Mandvekar - 0.7-0.12.dm -- dm branch -- dockerinit -> docker-init - -* Tue Oct 22 2013 Lokesh Mandvekar - 0.7-0.11.rc4 -- passing version information for docker build BZ #1017186 - -* Sat Oct 19 2013 Lokesh Mandvekar - 0.7-0.10.rc4 -- rc version bump -- docker-init -> dockerinit -- zsh completion script installed to /usr/share/zsh/site-functions - -* Fri Oct 18 2013 Lokesh Mandvekar - 0.7-0.9.rc3 -- lxc-docker version matches package version - -* Fri Oct 18 2013 Lokesh Mandvekar - 0.7-0.8.rc3 -- double quotes removed from buildrequires as per existing golang rules - -* Fri Oct 11 2013 Lokesh Mandvekar - 0.7-0.7.rc3 -- xinetd file renamed to docker.xinetd for clarity - -* Thu Oct 10 2013 Lokesh Mandvekar - 0.7-0.6.rc3 -- patched for el6 to use sphinx-1.0-build - -* Wed Oct 09 2013 Lokesh Mandvekar - 0.7-0.5.rc3 -- rc3 version bump -- exclusivearch x86_64 - -* Wed Oct 09 2013 Lokesh Mandvekar - 0.7-0.4.rc2 -- debuginfo not Go-ready yet, skipped - -* Wed Oct 09 2013 Lokesh Mandvekar - 0.7-0.3.rc2 -- debuginfo package generated -- buildrequires listed with versions where needed -- conditionals changed to reflect systemd or not -- docker commit value not needed -- versioned provides lxc-docker - -* Mon Oct 07 2013 Lokesh Mandvekar - 0.7-2.rc2 -- rc branch includes devmapper -- el6 BZ #1015865 fix included - -* Sun Oct 06 2013 Lokesh Mandvekar - 0.7-1 -- version bump, includes devicemapper -- epel conditionals included -- buildrequires sqlite-devel - -* Fri Oct 04 2013 Lokesh Mandvekar - 0.6.3-4.devicemapper -- docker-io service enables IPv4 and IPv6 forwarding -- docker user not needed -- golang not supported on ppc64, docker-io excluded too - -* Thu Oct 03 2013 Lokesh Mandvekar - 0.6.3-3.devicemapper -- Docker rebuilt with latest kr/pty, first run issue solved - -* Fri Sep 27 2013 Marek Goldmann - 0.6.3-2.devicemapper -- Remove setfcap from lxc.cap.drop to make setxattr() calls working in the - containers, RHBZ#1012952 - -* Thu Sep 26 2013 Lokesh Mandvekar 0.6.3-1.devicemapper -- version bump -- new version solves docker push issues - -* Tue Sep 24 2013 Lokesh Mandvekar 0.6.2-14.devicemapper -- package requires lxc - -* Tue Sep 24 2013 Lokesh Mandvekar 0.6.2-13.devicemapper -- package requires tar - -* Tue Sep 24 2013 Lokesh Mandvekar 0.6.2-12.devicemapper -- /var/lib/docker installed -- package also provides lxc-docker - -* Mon Sep 23 2013 Lokesh Mandvekar 0.6.2-11.devicemapper -- better looking url - -* Mon Sep 23 2013 Lokesh Mandvekar 0.6.2-10.devicemapper -- release tag changed to denote devicemapper patch - -* Mon Sep 23 2013 Lokesh Mandvekar 0.6.2-9 -- device-mapper-devel is a buildrequires for alex's code -- docker.service listed as a separate source file - -* Sun Sep 22 2013 Matthew Miller 0.6.2-8 -- install bash completion -- use -v for go build to show progress - -* Sun Sep 22 2013 Matthew Miller 0.6.2-7 -- build and install separate docker-init - -* Sun Sep 22 2013 Matthew Miller 0.6.2-4 -- update to use new source-only golang lib packages - -* Sat Sep 21 2013 Lokesh Mandvekar 0.6.2-3 -- man page generation from docs/. -- systemd service file created -- dotcloud/tar no longer required - -* Fri Sep 20 2013 Lokesh Mandvekar 0.6.2-2 -- patched with alex larsson's devmapper code - -* Wed Sep 18 2013 Lokesh Mandvekar 0.6.2-1 -- Version bump - -* Tue Sep 10 2013 Lokesh Mandvekar 0.6.1-2 -- buildrequires updated -- package renamed to docker-io - -* Fri Aug 30 2013 Lokesh Mandvekar 0.6.1-1 -- Version bump -- Package name change from lxc-docker to docker -- Makefile patched from 0.5.3 - -* Wed Aug 28 2013 Lokesh Mandvekar 0.5.3-5 -- File permissions settings included - -* Wed Aug 28 2013 Lokesh Mandvekar 0.5.3-4 -- Credits in changelog modified as per reference's request - -* Tue Aug 27 2013 Lokesh Mandvekar 0.5.3-3 -- Dependencies listed as rpm packages instead of tars -- Install section added - -* Mon Aug 26 2013 Lokesh Mandvekar 0.5.3-2 -- Github packaging -- Deps not downloaded at build time courtesy Elan Ruusamäe -- Manpage and other docs installed - -* Fri Aug 23 2013 Lokesh Mandvekar 0.5.3-1 -- Initial fedora package -- Some credit to Elan Ruusamäe (glen@pld-linux.org) diff --git a/docker-latest.sysconfig b/docker-latest.sysconfig deleted file mode 100644 index cc3e3ee..0000000 --- a/docker-latest.sysconfig +++ /dev/null @@ -1,36 +0,0 @@ -# /etc/sysconfig/docker - -# Modify these options if you want to change the way the docker daemon runs -OPTIONS='--selinux-enabled --log-driver=journald' -DOCKER_CERT_PATH=/etc/docker - -# If you want to add your own registry to be used for docker search and docker -# pull use the ADD_REGISTRY option to list a set of registries, each prepended -# with --add-registry flag. The first registry added will be the first registry -# searched. -# ADD_REGISTRY='--add-registry' - -# If you want to block registries from being used, uncomment the BLOCK_REGISTRY -# option and give it a set of registries, each prepended with --block-registry -# flag. For example adding docker.io will stop users from downloading images -# from docker.io -# BLOCK_REGISTRY='--block-registry' - -# If you have a registry secured with https but do not have proper certs -# distributed, you can tell docker to not look for full authorization by -# adding the registry to the INSECURE_REGISTRY line and uncommenting it. -# INSECURE_REGISTRY='--insecure-registry' - -# On an SELinux system, if you remove the --selinux-enabled option, you -# also need to turn on the docker_transition_unconfined boolean. -# setsebool -P docker_transition_unconfined 1 - -# Location used for temporary files, such as those created by -# docker load and build operations. Default is /var/lib/docker/tmp -# Can be overriden by setting the following environment variable. -# DOCKER_TMPDIR=/var/tmp - -# Controls the /etc/cron.daily/docker-logrotate cron job status. -# To disable, uncomment the line below. -# LOGROTATE=false -# diff --git a/seccomp.json b/seccomp.json deleted file mode 100644 index b9a4564..0000000 --- a/seccomp.json +++ /dev/null @@ -1,701 +0,0 @@ -{ - "defaultAction": "SCMP_ACT_ERRNO", - "archMap": [ - { - "architecture": "SCMP_ARCH_X86_64", - "subArchitectures": [ - "SCMP_ARCH_X86", - "SCMP_ARCH_X32" - ] - }, - { - "architecture": "SCMP_ARCH_AARCH64", - "subArchitectures": [ - "SCMP_ARCH_ARM" - ] - }, - { - "architecture": "SCMP_ARCH_MIPS64", - "subArchitectures": [ - "SCMP_ARCH_MIPS", - "SCMP_ARCH_MIPS64N32" - ] - }, - { - "architecture": "SCMP_ARCH_MIPS64N32", - "subArchitectures": [ - "SCMP_ARCH_MIPS", - "SCMP_ARCH_MIPS64" - ] - }, - { - "architecture": "SCMP_ARCH_MIPSEL64", - "subArchitectures": [ - "SCMP_ARCH_MIPSEL", - "SCMP_ARCH_MIPSEL64N32" - ] - }, - { - "architecture": "SCMP_ARCH_MIPSEL64N32", - "subArchitectures": [ - "SCMP_ARCH_MIPSEL", - "SCMP_ARCH_MIPSEL64" - ] - }, - { - "architecture": "SCMP_ARCH_S390X", - "subArchitectures": [ - "SCMP_ARCH_S390" - ] - } - ], - "syscalls": [ - { - "names": [ - "accept", - "accept4", - "access", - "alarm", - "alarm", - "bind", - "brk", - "capget", - "capset", - "chdir", - "chmod", - "chown", - "chown32", - "clock_getres", - "clock_gettime", - "clock_nanosleep", - "close", - "connect", - "copy_file_range", - "creat", - "dup", - "dup2", - "dup3", - "epoll_create", - "epoll_create1", - "epoll_ctl", - "epoll_ctl_old", - "epoll_pwait", - "epoll_wait", - "epoll_wait_old", - "eventfd", - "eventfd2", - "execve", - "execveat", - "exit", - "exit_group", - "faccessat", - "fadvise64", - "fadvise64_64", - "fallocate", - "fanotify_mark", - "fchdir", - "fchmod", - "fchmodat", - "fchown", - "fchown32", - "fchownat", - "fcntl", - "fcntl64", - "fdatasync", - "fgetxattr", - "flistxattr", - "flock", - "fork", - "fremovexattr", - "fsetxattr", - "fstat", - "fstat64", - "fstatat64", - "fstatfs", - "fstatfs64", - "fsync", - "ftruncate", - "ftruncate64", - "futex", - "futimesat", - "getcpu", - "getcwd", - "getdents", - "getdents64", - "getegid", - "getegid32", - "geteuid", - "geteuid32", - "getgid", - "getgid32", - "getgroups", - "getgroups32", - "getitimer", - "getpeername", - "getpgid", - "getpgrp", - "getpid", - "getppid", - "getpriority", - "getrandom", - "getresgid", - "getresgid32", - "getresuid", - "getresuid32", - "getrlimit", - "get_robust_list", - "getrusage", - "getsid", - "getsockname", - "getsockopt", - "get_thread_area", - "gettid", - "gettimeofday", - "getuid", - "getuid32", - "getxattr", - "inotify_add_watch", - "inotify_init", - "inotify_init1", - "inotify_rm_watch", - "io_cancel", - "ioctl", - "io_destroy", - "io_getevents", - "ioprio_get", - "ioprio_set", - "io_setup", - "io_submit", - "ipc", - "kill", - "lchown", - "lchown32", - "lgetxattr", - "link", - "linkat", - "listen", - "listxattr", - "llistxattr", - "_llseek", - "lremovexattr", - "lseek", - "lsetxattr", - "lstat", - "lstat64", - "madvise", - "memfd_create", - "mincore", - "mkdir", - "mkdirat", - "mknod", - "mknodat", - "mlock", - "mlock2", - "mlockall", - "mmap", - "mmap2", - "mprotect", - "mq_getsetattr", - "mq_notify", - "mq_open", - "mq_timedreceive", - "mq_timedsend", - "mq_unlink", - "mremap", - "msgctl", - "msgget", - "msgrcv", - "msgsnd", - "msync", - "munlock", - "munlockall", - "munmap", - "nanosleep", - "newfstatat", - "_newselect", - "open", - "openat", - "pause", - "pipe", - "pipe2", - "poll", - "ppoll", - "prctl", - "pread64", - "preadv", - "prlimit64", - "pselect6", - "pwrite64", - "pwritev", - "read", - "readahead", - "readlink", - "readlinkat", - "readv", - "recv", - "recvfrom", - "recvmmsg", - "recvmsg", - "remap_file_pages", - "removexattr", - "rename", - "renameat", - "renameat2", - "restart_syscall", - "rmdir", - "rt_sigaction", - "rt_sigpending", - "rt_sigprocmask", - "rt_sigqueueinfo", - "rt_sigreturn", - "rt_sigsuspend", - "rt_sigtimedwait", - "rt_tgsigqueueinfo", - "sched_getaffinity", - "sched_getattr", - "sched_getparam", - "sched_get_priority_max", - "sched_get_priority_min", - "sched_getscheduler", - "sched_rr_get_interval", - "sched_setaffinity", - "sched_setattr", - "sched_setparam", - "sched_setscheduler", - "sched_yield", - "seccomp", - "select", - "semctl", - "semget", - "semop", - "semtimedop", - "send", - "sendfile", - "sendfile64", - "sendmmsg", - "sendmsg", - "sendto", - "setfsgid", - "setfsgid32", - "setfsuid", - "setfsuid32", - "setgid", - "setgid32", - "setgroups", - "setgroups32", - "setitimer", - "setpgid", - "setpriority", - "setregid", - "setregid32", - "setresgid", - "setresgid32", - "setresuid", - "setresuid32", - "setreuid", - "setreuid32", - "setrlimit", - "set_robust_list", - "setsid", - "setsockopt", - "set_thread_area", - "set_tid_address", - "setuid", - "setuid32", - "setxattr", - "shmat", - "shmctl", - "shmdt", - "shmget", - "shutdown", - "sigaltstack", - "signalfd", - "signalfd4", - "sigreturn", - "socket", - "socketcall", - "socketpair", - "splice", - "stat", - "stat64", - "statfs", - "statfs64", - "symlink", - "symlinkat", - "sync", - "sync_file_range", - "syncfs", - "sysinfo", - "syslog", - "tee", - "tgkill", - "time", - "timer_create", - "timer_delete", - "timerfd_create", - "timerfd_gettime", - "timerfd_settime", - "timer_getoverrun", - "timer_gettime", - "timer_settime", - "times", - "tkill", - "truncate", - "truncate64", - "ugetrlimit", - "umask", - "uname", - "unlink", - "unlinkat", - "utime", - "utimensat", - "utimes", - "vfork", - "vmsplice", - "wait4", - "waitid", - "waitpid", - "write", - "writev", - "mount", - "umount2", - "reboot", - "name_to_handle_at", - "unshare" - ], - "action": "SCMP_ACT_ALLOW", - "args": [], - "comment": "", - "includes": {}, - "excludes": {} - }, - { - "names": [ - "personality" - ], - "action": "SCMP_ACT_ALLOW", - "args": [ - { - "index": 0, - "value": 0, - "valueTwo": 0, - "op": "SCMP_CMP_EQ" - } - ], - "comment": "", - "includes": {}, - "excludes": {} - }, - { - "names": [ - "personality" - ], - "action": "SCMP_ACT_ALLOW", - "args": [ - { - "index": 0, - "value": 8, - "valueTwo": 0, - "op": "SCMP_CMP_EQ" - } - ], - "comment": "", - "includes": {}, - "excludes": {} - }, - { - "names": [ - "personality" - ], - "action": "SCMP_ACT_ALLOW", - "args": [ - { - "index": 0, - "value": 4294967295, - "valueTwo": 0, - "op": "SCMP_CMP_EQ" - } - ], - "comment": "", - "includes": {}, - "excludes": {} - }, - { - "names": [ - "breakpoint", - "cacheflush", - "set_tls" - ], - "action": "SCMP_ACT_ALLOW", - "args": [], - "comment": "", - "includes": { - "arches": [ - "arm", - "arm64" - ] - }, - "excludes": {} - }, - { - "names": [ - "arch_prctl" - ], - "action": "SCMP_ACT_ALLOW", - "args": [], - "comment": "", - "includes": { - "arches": [ - "amd64", - "x32" - ] - }, - "excludes": {} - }, - { - "names": [ - "modify_ldt" - ], - "action": "SCMP_ACT_ALLOW", - "args": [], - "comment": "", - "includes": { - "arches": [ - "amd64", - "x32", - "x86" - ] - }, - "excludes": {} - }, - { - "names": [ - "s390_pci_mmio_read", - "s390_pci_mmio_write", - "s390_runtime_instr" - ], - "action": "SCMP_ACT_ALLOW", - "args": [], - "comment": "", - "includes": { - "arches": [ - "s390", - "s390x" - ] - }, - "excludes": {} - }, - { - "names": [ - "open_by_handle_at" - ], - "action": "SCMP_ACT_ALLOW", - "args": [], - "comment": "", - "includes": { - "caps": [ - "CAP_DAC_READ_SEARCH" - ] - }, - "excludes": {} - }, - { - "names": [ - "bpf", - "clone", - "fanotify_init", - "lookup_dcookie", - "mount", - "name_to_handle_at", - "perf_event_open", - "setdomainname", - "sethostname", - "setns", - "umount", - "umount2", - "unshare" - ], - "action": "SCMP_ACT_ALLOW", - "args": [], - "comment": "", - "includes": { - "caps": [ - "CAP_SYS_ADMIN" - ] - }, - "excludes": {} - }, - { - "names": [ - "clone" - ], - "action": "SCMP_ACT_ALLOW", - "args": [ - { - "index": 0, - "value": 2080505856, - "valueTwo": 0, - "op": "SCMP_CMP_MASKED_EQ" - } - ], - "comment": "", - "includes": {}, - "excludes": { - "caps": [ - "CAP_SYS_ADMIN" - ], - "arches": [ - "s390", - "s390x" - ] - } - }, - { - "names": [ - "clone" - ], - "action": "SCMP_ACT_ALLOW", - "args": [ - { - "index": 1, - "value": 2080505856, - "valueTwo": 0, - "op": "SCMP_CMP_MASKED_EQ" - } - ], - "comment": "s390 parameter ordering for clone is different", - "includes": { - "arches": [ - "s390", - "s390x" - ] - }, - "excludes": { - "caps": [ - "CAP_SYS_ADMIN" - ] - } - }, - { - "names": [ - "reboot" - ], - "action": "SCMP_ACT_ALLOW", - "args": [], - "comment": "", - "includes": { - "caps": [ - "CAP_SYS_BOOT" - ] - }, - "excludes": {} - }, - { - "names": [ - "chroot" - ], - "action": "SCMP_ACT_ALLOW", - "args": [], - "comment": "", - "includes": { - "caps": [ - "CAP_SYS_CHROOT" - ] - }, - "excludes": {} - }, - { - "names": [ - "delete_module", - "init_module", - "finit_module", - "query_module" - ], - "action": "SCMP_ACT_ALLOW", - "args": [], - "comment": "", - "includes": { - "caps": [ - "CAP_SYS_MODULE" - ] - }, - "excludes": {} - }, - { - "names": [ - "acct" - ], - "action": "SCMP_ACT_ALLOW", - "args": [], - "comment": "", - "includes": { - "caps": [ - "CAP_SYS_PACCT" - ] - }, - "excludes": {} - }, - { - "names": [ - "kcmp", - "process_vm_readv", - "process_vm_writev", - "ptrace" - ], - "action": "SCMP_ACT_ALLOW", - "args": [], - "comment": "", - "includes": { - "caps": [ - "CAP_SYS_PTRACE" - ] - }, - "excludes": {} - }, - { - "names": [ - "iopl", - "ioperm" - ], - "action": "SCMP_ACT_ALLOW", - "args": [], - "comment": "", - "includes": { - "caps": [ - "CAP_SYS_RAWIO" - ] - }, - "excludes": {} - }, - { - "names": [ - "settimeofday", - "stime", - "adjtimex" - ], - "action": "SCMP_ACT_ALLOW", - "args": [], - "comment": "", - "includes": { - "caps": [ - "CAP_SYS_TIME" - ] - }, - "excludes": {} - }, - { - "names": [ - "vhangup" - ], - "action": "SCMP_ACT_ALLOW", - "args": [], - "comment": "", - "includes": { - "caps": [ - "CAP_SYS_TTY_CONFIG" - ] - }, - "excludes": {} - } - ] -} \ No newline at end of file diff --git a/sources b/sources deleted file mode 100644 index 6e26092..0000000 --- a/sources +++ /dev/null @@ -1,7 +0,0 @@ -SHA512 (containerd-42e825a.tar.gz) = f06b5b5b19b2c5bd5e188ec2fb010bc55567ae91ed6021e74ee549836e2d4f4657db27ce129737bfb2d5b7abcbf2ee18e7d5ff4c8319fbfa512e0498dea614b0 -SHA512 (docker-1185cfd.tar.gz) = ad10e8e54ed9ce87a769312c8e2d65872af5d4f61970aee2247c79e17f890482270527ce0b140a53e563d4e2544b6317dd7adc6934d472155dab6ffb2d4d6708 -SHA512 (docker-storage-setup-c9faba1.tar.gz) = 3118802751d27a726bbe50e67f3db7b2ce4c50d1f0d92034679483537de63e4a39da5c4af8a832e219ffe1c1c73681faccb118bf705433b909eaeec87c99a0e9 -SHA512 (libnetwork-d00ceed.tar.gz) = 8da8a78c034929b7cc3cc5f79369ef7e64040876be6b74172a244608a1fdd3e20c0bc9a3d4338fe53f0e85c6dc33b1ca72626b7bf68bf00b4dbe810fc57365f8 -SHA512 (runc-e4ffe43.tar.gz) = f9bd922615d5d9f709fbdbd6fcd9850d1b11bc733aa4958983a568bb7465d519dbcc4da9c8cc4d2ec3cb2f2c55ecb96aebb2f341ff036d8820a80073b55679ab -SHA512 (tini-4a92b9e.tar.gz) = 8e56c24193507b0d0c80ecc8e61a06d6cc4f9b941123c50120c5218a5c37f7e8ebe3030db354541d30147a4a8293a5321975fc0fcc0dba79b9fa323be3035e00 -SHA512 (v1.10-migrator-994c35c.tar.gz) = 523e4c107af0c20bd3f4a458bbdac1ccad08fda649865db5507021d3aa2dc443fa9e4d3bcb029b9c14d1e5cfff049871f7b0bfa1e8adfa8268f48e05d5a995d0 diff --git a/v1.10-migrator-helper b/v1.10-migrator-helper deleted file mode 100644 index 2ab1727..0000000 --- a/v1.10-migrator-helper +++ /dev/null @@ -1,65 +0,0 @@ -#!/bin/bash - -# Copyright (C) 2016 Red Hat, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -set -euo pipefail -IFS=$'\n\t' - -# This is a small wrapper script that automatically fetches -# the storage options from the docker-storage sysconfig file -# and passes them to the migrator. -# -# The script supports both in-container runs and direct -# invocation. - -MIGRATOR=/usr/bin/v1.10-migrator-local -STORAGE_FILE=/etc/sysconfig/docker-storage -GRAPH=/var/lib/docker - -main() { - - # are we in a container? - if [[ -n ${container-} ]]; then - - if [[ ! -d /host ]]; then - echo "ERROR: Running inside a container, but /host not mounted." >&2 - exit 1 - fi - - cp "$MIGRATOR" /host/tmp - MIGRATOR="chroot /host /tmp/$(basename $MIGRATOR)" - STORAGE_FILE=/host${STORAGE_FILE} - fi - - if [ ! -d "$GRAPH" ]; then - echo "ERROR: Cannot find docker root dir at \"$GRAPH\"." >&2 - exit 1 - fi - - # load storage opts if we can find the file - local storage_opts= - if [ -r "$STORAGE_FILE" ] && grep -q -E '^DOCKER_STORAGE_OPTIONS\s*=' "$STORAGE_FILE"; then - storage_opts=$(sed -n -e 's/^DOCKER_STORAGE_OPTIONS\s*=\s*// p' "$STORAGE_FILE") - storage_opts=${storage_opts#\"} - storage_opts=${storage_opts%\"} - fi - - CMD="$MIGRATOR --graph $GRAPH $storage_opts" - echo "RUNNING: $CMD" - eval $CMD -} - -main "$@"