diff --git a/.docker.metadata b/.docker.metadata index 7559a0b..b0efa80 100644 --- a/.docker.metadata +++ b/.docker.metadata @@ -1,10 +1,10 @@ -2cb8176bc19f75a8d9be33fa186070ed6ce8d7f6 SOURCES/0be3e217c42ecf554bf5117bec9c832bd3f3b6fd.tar.gz +7322f7b613ce3bffa5e52105b24cb6cd1a4f5e4f SOURCES/90b71710023d1e768e6ec8e3e93d9eaaf6cb2049.tar.gz e21d6c1b9e04650915499946bb4e6a01727c7d54 SOURCES/container-storage-setup-413b408.tar.gz -0ab6f850918d4bca8b11a06d067e37e6a146d9a0 SOURCES/containerd-9c53e35.tar.gz +4934effe20b08f2ce066c10f3dddf1fd919410c0 SOURCES/containerd-96a2023.tar.gz c5e6169ea101c97d94257f48fa227f5ff0501454 SOURCES/docker-lvm-plugin-20a1f68.tar.gz 0beb6283e30f1e87e907576f4571ccb0a48b6be5 SOURCES/docker-novolume-plugin-385ec70.tar.gz 656b1d1605dc43d7f5c00cedadd686dbd418d285 SOURCES/libnetwork-c5d66a0.tar.gz 965d64f5a81c3a428ca3b29495ecf66748c67c1f SOURCES/rhel-push-plugin-af9107b.tar.gz -76c0a865f850368f23bbb8e862e8b7aff171fbcc SOURCES/runc-66aedde.tar.gz +c704c6f82573f965c6b237b429ee6c85294093b7 SOURCES/runc-378abb0.tar.gz 7941233b1ed34afdc074e74ab26a86dea20ee7d4 SOURCES/tini-fec3683.tar.gz 496f9927f4254508ea1cd94f473b5b9321d41245 SOURCES/v1.10-migrator-c417a6a.tar.gz diff --git a/.gitignore b/.gitignore index dee31b9..7edce24 100644 --- a/.gitignore +++ b/.gitignore @@ -1,10 +1,10 @@ -SOURCES/0be3e217c42ecf554bf5117bec9c832bd3f3b6fd.tar.gz +SOURCES/90b71710023d1e768e6ec8e3e93d9eaaf6cb2049.tar.gz SOURCES/container-storage-setup-413b408.tar.gz -SOURCES/containerd-9c53e35.tar.gz +SOURCES/containerd-96a2023.tar.gz SOURCES/docker-lvm-plugin-20a1f68.tar.gz SOURCES/docker-novolume-plugin-385ec70.tar.gz SOURCES/libnetwork-c5d66a0.tar.gz SOURCES/rhel-push-plugin-af9107b.tar.gz -SOURCES/runc-66aedde.tar.gz +SOURCES/runc-378abb0.tar.gz SOURCES/tini-fec3683.tar.gz SOURCES/v1.10-migrator-c417a6a.tar.gz diff --git a/SOURCES/30.patch b/SOURCES/30.patch deleted file mode 100644 index db8fee1..0000000 --- a/SOURCES/30.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 44f6033c48968945353109af69114b5d0a1700de Mon Sep 17 00:00:00 2001 -From: Jhon Honce -Date: Fri, 11 Oct 2019 16:08:59 -0700 -Subject: [PATCH] Check for both nil and zero length - -Signed-off-by: Jhon Honce ---- - libcontainer/generic_error.go | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/libcontainer/generic_error.go b/libcontainer/generic_error.go -index de37715c..0f90369b 100644 ---- a/runc-66aedde759f33c190954815fb765eedc1d782dd9/libcontainer/generic_error.go -+++ b/runc-66aedde759f33c190954815fb765eedc1d782dd9/libcontainer/generic_error.go -@@ -93,6 +93,10 @@ func (e *genericError) Error() string { - if e.Cause == "" { - return e.Message - } -+ -+ if len(e.Stack.Frames) == 0 { -+ return fmt.Sprintf(":: %s caused %q", e.Cause, e.Message) -+ } - frame := e.Stack.Frames[0] - return fmt.Sprintf("%s:%d: %s caused %q", frame.File, frame.Line, e.Cause, e.Message) - } diff --git a/SOURCES/69518f0bbdb1f11113f46a4d794e09e2f21f5e91.patch b/SOURCES/69518f0bbdb1f11113f46a4d794e09e2f21f5e91.patch deleted file mode 100644 index 90ce818..0000000 --- a/SOURCES/69518f0bbdb1f11113f46a4d794e09e2f21f5e91.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 69518f0bbdb1f11113f46a4d794e09e2f21f5e91 Mon Sep 17 00:00:00 2001 -From: Ulrich Obergfell -Date: Thu, 10 Oct 2019 11:59:44 +0200 -Subject: [PATCH] fix error handling in restore() function - version 2 - -If runtime.Load() returns an error, the restore() function removes the -/run/docker/libcontainerd/containerd/CONTAINERID directory recursively. -However, this is wrong if the error is not related to the init process -of the container. - -This patch introduces the following changes to the runtime.Load() function: - -- runtime.Load() handles errors from readProcessState() autonomously. The - /run/docker/libcontainerd/containerd/CONTAINERID/PROCESSID directory will - be removed recursively, and a warning message will be logged. - -- Errors returned by runtime.Load() are always related to the init process, - so restore() may remove /run/docker/libcontainerd/containerd/CONTAINERID. - -Signed-off-by: Ulrich Obergfell ---- - runtime/container.go | 9 ++++++--- - 1 file changed, 6 insertions(+), 3 deletions(-) - -diff --git a/runtime/container.go b/runtime/container.go -index 2e9e663..489e407 100644 ---- a/runtime/container.go -+++ b/runtime/container.go -@@ -182,11 +182,14 @@ func Load(root, id, shimName string, timeout time.Duration) (Container, error) { - continue - } - pid := d.Name() -- s, err := readProcessState(filepath.Join(root, id, pid)) -+ processStateDir := filepath.Join(root, id, pid) -+ s, err := readProcessState(processStateDir) - if err != nil { -- return nil, err -+ logrus.WithFields(logrus.Fields{"error": err, "pid": pid}).Warnf("containerd: failed to load exec process,removing state directory.") -+ os.RemoveAll(processStateDir) -+ continue - } -- p, err := loadProcess(filepath.Join(root, id, pid), pid, c, s) -+ p, err := loadProcess(processStateDir, pid, c, s) - if err != nil { - logrus.WithField("id", id).WithField("pid", pid).Debugf("containerd: error loading process %s", err) - continue diff --git a/SOURCES/97eff6cf6c9b58f8239b28be2f080e23c9da62c0.patch b/SOURCES/97eff6cf6c9b58f8239b28be2f080e23c9da62c0.patch deleted file mode 100644 index 2134937..0000000 --- a/SOURCES/97eff6cf6c9b58f8239b28be2f080e23c9da62c0.patch +++ /dev/null @@ -1,103 +0,0 @@ -From 97eff6cf6c9b58f8239b28be2f080e23c9da62c0 Mon Sep 17 00:00:00 2001 -From: Ulrich Obergfell -Date: Thu, 11 Jul 2019 14:33:55 +0200 -Subject: [PATCH] fix deadlock in restore() function - -When containerd starts up, the restore() function walks through the directory -hierarchy under /run/docker/libcontainerd/containerd and imports the state of -processes from files in /run/docker/libcontainerd/containerd/CONTAINERID and -in /run/docker/libcontainerd/containerd/CONTAINERID/PROCESSID. The restore() -function adds an ExitTask entry to the s.tasks queue for each process that is -no longer in state 'running'. The size of the s.tasks queue is hard-coded and -limited to 2048 (defaultBufferSize). If more than 2048 ExitTask entries need -to be added to the queue, the restore() function gets blocked (queue is full). -If this happens, containerd is in a kind of deadlock situation because the -handleTask() function (which would drain the ExitTask entries from the queue) -has not been started in a separate goroutine yet, and the main goroutine is -blocked in the restore() function (unable to start the handleTask() function). - -This patch introduces the dynamically allocated restoreExitTasks slice which -the restore() function uses to store the ExitTask entries separately instead -of adding them to the s.tasks queue. The task handler goroutine subsequently -drains all entries from restoreExitTasks frist before it enters the loop that -handles entries from the s.tasks queue. - -Signed-off-by: Ulrich Obergfell ---- - supervisor/supervisor.go | 35 +++++++++++++++++++++++++++++++++-- - 1 file changed, 33 insertions(+), 2 deletions(-) - -diff --git a/supervisor/supervisor.go b/supervisor/supervisor.go -index 8a26af0..d92de8a 100644 ---- a/supervisor/supervisor.go -+++ b/supervisor/supervisor.go -@@ -18,6 +18,16 @@ const ( - defaultBufferSize = 2048 // size of queue in eventloop - ) - -+// Pointers to all ExitTask that are created by the restore() function are stored in this slice. -+var restoreExitTasks []*ExitTask -+ -+func max(x, y int) int { -+ if x < y { -+ return y -+ } -+ return x -+} -+ - // New returns an initialized Process supervisor. - func New(stateDir string, runtimeName, shimName string, runtimeArgs []string, timeout time.Duration, retainCount int) (*Supervisor, error) { - startTasks := make(chan *startTask, 10) -@@ -207,7 +217,9 @@ type eventV1 struct { - // Events returns an event channel that external consumers can use to receive updates - // on container events - func (s *Supervisor) Events(from time.Time, storedOnly bool, id string) chan Event { -- c := make(chan Event, defaultBufferSize) -+ var c chan Event -+ -+ c = make(chan Event, defaultBufferSize) - if storedOnly { - defer s.Unsubscribe(c) - } -@@ -216,6 +228,9 @@ func (s *Supervisor) Events(from time.Time, storedOnly bool, id string) chan Eve - if !from.IsZero() { - // replay old event - s.eventLock.Lock() -+ close(c) -+ // Allocate a channel that has enough space for the entire event log. -+ c = make(chan Event, max(defaultBufferSize, len(s.eventLog))) - past := s.eventLog[:] - s.eventLock.Unlock() - for _, e := range past { -@@ -276,6 +291,21 @@ func (s *Supervisor) Start() error { - "cpus": s.machine.Cpus, - }).Debug("containerd: supervisor running") - go func() { -+ if (len(restoreExitTasks) > 0) { -+ logrus.Infof("containerd: found %d exited processes after restart", len(restoreExitTasks)) -+ // -+ // If the restore() function stored any ExitTask in the dedicated slice, -+ // then handle those tasks first. The purpose of the one second delay is -+ // to give dockerd a chance to establish its event stream connection to -+ // containerd. If the connection is established before the ExitTask are -+ // being handled, then dockerd can receive exit notifications directly -+ // (rather than having to replay the notifications from the event log). -+ // -+ time.Sleep(time.Second) -+ for _, e := range restoreExitTasks { -+ s.handleTask(e) -+ } -+ } - for i := range s.tasks { - s.handleTask(i) - } -@@ -385,7 +415,8 @@ func (s *Supervisor) restore() error { - Process: p, - } - e.WithContext(context.Background()) -- s.SendTask(e) -+ // Store pointer to ExitTask in dedicated slice. -+ restoreExitTasks = append(restoreExitTasks, e) - } - } - } diff --git a/SOURCES/docker-1879425.patch b/SOURCES/docker-1879425.patch deleted file mode 100644 index 149cc33..0000000 --- a/SOURCES/docker-1879425.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 0f90cc1ecb2db92e5388e07b8662b6c4a3a64f6c Mon Sep 17 00:00:00 2001 -From: Kir Kolyshkin -Date: Tue, 15 Sep 2020 21:46:32 -0700 -Subject: [PATCH] runc run: fix panic on error - -In case (*initProcess).start did not set sentRun, and ierr is nil, -runc run panics: - -``` -panic: runtime error: invalid memory address or nil pointer dereference [recovered] - panic: runtime error: invalid memory address or nil pointer dereference -[signal SIGSEGV: segmentation violation code=0x1 addr=0x38 pc=0x68a117] - -goroutine 1 [running]: -github.com/urfave/cli.HandleAction.func1(0xc0002277d8) - /home/kir/go/src/github.com/projectatomic/runc/Godeps/_workspace/src/github.com/urfave/cli/app.go:478 +0x22d -panic(0x730b60, 0xa06fc0) - /usr/lib/golang/src/runtime/panic.go:969 +0x166 -github.com/opencontainers/runc/libcontainer.(*genericError).Error(0x0, 0xc0002ca0e0, 0xe) - /home/kir/go/src/github.com/projectatomic/runc/Godeps/_workspace/src/github.com/opencontainers/runc/libcontainer/generic_error.go:93 +0x37 -github.com/opencontainers/runc/libcontainer.createSystemError(0x7fcd20, 0x0, 0x78c23e, 0xe, 0xc000098050, 0x0) - /home/kir/go/src/github.com/projectatomic/runc/Godeps/_workspace/src/github.com/opencontainers/runc/libcontainer/generic_error.go:78 +0x14c -github.com/opencontainers/runc/libcontainer.newSystemErrorWithCause(...) - /home/kir/go/src/github.com/projectatomic/runc/Godeps/_workspace/src/github.com/opencontainers/runc/libcontainer/generic_error.go:63 -github.com/opencontainers/runc/libcontainer.(*initProcess).start(0xc000298000, 0x0, 0x0) - /home/kir/go/src/github.com/projectatomic/runc/Godeps/_workspace/src/github.com/opencontainers/runc/libcontainer/process_linux.go:361 +0x94b -.... -``` - -This is caused by the fact that `ierr` is a typed variable (rather than a -generic `error`), and when `newSystemErrorWithCause(ierr, ...)` is called -with a typed variable, the check `if err != nil` in `createSystemError` -does not work, since err has a type. This Golang peculiarity is described -in https://golang.org/doc/faq#nil_error. - -After this patch (tested by temporarily modifying the source to set -`sentRun` to `false`) it no longer panics, instead we get: - -``` -container_linux.go:247: starting container process caused "container init failed" -``` - -Signed-off-by: Kir Kolyshkin ---- - libcontainer/process_linux.go | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go -index 7c92c93a..53df9fa5 100644 ---- docker-0be3e217c42ecf554bf5117bec9c832bd3f3b6fd/runc-66aedde759f33c190954815fb765eedc1d782dd9/libcontainer/process_linux.go -+++ docker-0be3e217c42ecf554bf5117bec9c832bd3f3b6fd/runc-66aedde759f33c190954815fb765eedc1d782dd9/libcontainer/process_linux.go -@@ -364,7 +364,10 @@ loop: - return newSystemError(fmt.Errorf("container init exited prematurely")) - } - if !sentRun { -- return newSystemErrorWithCause(ierr, "container init") -+ if ierr != nil { -+ return newSystemErrorWithCause(ierr, "container init") -+ } -+ return newSystemError(errors.New("container init failed")) - } - if p.config.Config.Namespaces.Contains(configs.NEWNS) && !sentResume { - return newSystemError(fmt.Errorf("could not synchronise after executing prestart hooks with container process")) diff --git a/SOURCES/docker-collectmode.patch b/SOURCES/docker-collectmode.patch index b938b08..876fc6c 100644 --- a/SOURCES/docker-collectmode.patch +++ b/SOURCES/docker-collectmode.patch @@ -1,6 +1,6 @@ -diff -up docker-cccb291d3613ade11e2c0b82541452e9db87b835/runc-66aedde759f33c190954815fb765eedc1d782dd9/libcontainer/cgroups/systemd/apply_systemd.go.collectmode docker-cccb291d3613ade11e2c0b82541452e9db87b835/runc-66aedde759f33c190954815fb765eedc1d782dd9/libcontainer/cgroups/systemd/apply_systemd.go ---- docker-cccb291d3613ade11e2c0b82541452e9db87b835/runc-66aedde759f33c190954815fb765eedc1d782dd9/libcontainer/cgroups/systemd/apply_systemd.go.collectmode 2020-01-23 17:04:43.761004295 +0100 -+++ docker-cccb291d3613ade11e2c0b82541452e9db87b835/runc-66aedde759f33c190954815fb765eedc1d782dd9/libcontainer/cgroups/systemd/apply_systemd.go 2020-01-23 17:04:55.584168909 +0100 +diff -up docker-cccb291d3613ade11e2c0b82541452e9db87b835/ppa-runc-378abb0a6ec8c8cf87bd2ed0fa723eafebae5d1b/libcontainer/cgroups/systemd/apply_systemd.go.collectmode docker-cccb291d3613ade11e2c0b82541452e9db87b835/ppa-runc-378abb0a6ec8c8cf87bd2ed0fa723eafebae5d1b/libcontainer/cgroups/systemd/apply_systemd.go +--- docker-cccb291d3613ade11e2c0b82541452e9db87b835/ppa-runc-378abb0a6ec8c8cf87bd2ed0fa723eafebae5d1b/libcontainer/cgroups/systemd/apply_systemd.go.collectmode 2020-01-23 17:04:43.761004295 +0100 ++++ docker-cccb291d3613ade11e2c0b82541452e9db87b835/ppa-runc-378abb0a6ec8c8cf87bd2ed0fa723eafebae5d1b/libcontainer/cgroups/systemd/apply_systemd.go 2020-01-23 17:04:55.584168909 +0100 @@ -130,8 +130,6 @@ func (m *Manager) Apply(pid int) error { properties = append(properties, newProp("PIDs", []uint32{uint32(pid)})) } diff --git a/SOURCES/f9a2eeb64054e740fb1ae3048dde153c257113c8.patch b/SOURCES/f9a2eeb64054e740fb1ae3048dde153c257113c8.patch deleted file mode 100644 index 1bd4019..0000000 --- a/SOURCES/f9a2eeb64054e740fb1ae3048dde153c257113c8.patch +++ /dev/null @@ -1,86 +0,0 @@ -From f9a2eeb64054e740fb1ae3048dde153c257113c8 Mon Sep 17 00:00:00 2001 -From: Ulrich Obergfell -Date: Thu, 10 Oct 2019 11:16:50 +0200 -Subject: [PATCH] revert changes introduced by "fix error handling in restore() - function", commit e96a10aef66e - (https://github.com/projectatomic/containerd/pull/10) - -Signed-off-by: Ulrich Obergfell ---- - runtime/container.go | 12 ++++++------ - supervisor/supervisor.go | 11 +++-------- - 2 files changed, 9 insertions(+), 14 deletions(-) - -diff --git a/runtime/container.go b/runtime/container.go -index 14002fc..2e9e663 100644 ---- a/runtime/container.go -+++ b/runtime/container.go -@@ -146,15 +146,15 @@ func New(opts ContainerOpts) (Container, error) { - } - - // Load return a new container from the matchin state file on disk. --func Load(root, id, shimName string, timeout time.Duration) (Container, error, string) { -+func Load(root, id, shimName string, timeout time.Duration) (Container, error) { - var s state - f, err := os.Open(filepath.Join(root, id, StateFile)) - if err != nil { -- return nil, err, "init" -+ return nil, err - } - defer f.Close() - if err := json.NewDecoder(f).Decode(&s); err != nil { -- return nil, err, "init" -+ return nil, err - } - c := &container{ - root: root, -@@ -175,7 +175,7 @@ func Load(root, id, shimName string, timeout time.Duration) (Container, error, s - - dirs, err := ioutil.ReadDir(filepath.Join(root, id)) - if err != nil { -- return nil, err, "init" -+ return nil, err - } - for _, d := range dirs { - if !d.IsDir() { -@@ -184,7 +184,7 @@ func Load(root, id, shimName string, timeout time.Duration) (Container, error, s - pid := d.Name() - s, err := readProcessState(filepath.Join(root, id, pid)) - if err != nil { -- return nil, err, pid -+ return nil, err - } - p, err := loadProcess(filepath.Join(root, id, pid), pid, c, s) - if err != nil { -@@ -193,7 +193,7 @@ func Load(root, id, shimName string, timeout time.Duration) (Container, error, s - } - c.processes[pid] = p - } -- return c, nil, "" -+ return c, nil - } - - func readProcessState(dir string) (*ProcessState, error) { -diff --git a/supervisor/supervisor.go b/supervisor/supervisor.go -index d92de8a..e21ae7b 100644 ---- a/supervisor/supervisor.go -+++ b/supervisor/supervisor.go -@@ -364,15 +364,10 @@ func (s *Supervisor) restore() error { - continue - } - id := d.Name() -- container, err, pid := runtime.Load(s.stateDir, id, s.shim, s.timeout) -+ container, err := runtime.Load(s.stateDir, id, s.shim, s.timeout) - if err != nil { -- if (pid == "init") { -- logrus.WithFields(logrus.Fields{"error": err, "id": id}).Warnf("containerd: failed to load container,removing state directory.") -- os.RemoveAll(filepath.Join(s.stateDir, id)) -- } else { -- logrus.WithFields(logrus.Fields{"error": err, "pid": pid}).Warnf("containerd: failed to load exec process,removing state directory.") -- os.RemoveAll(filepath.Join(s.stateDir, id, pid)) -- } -+ logrus.WithFields(logrus.Fields{"error": err, "id": id}).Warnf("containerd: failed to load container,removing state directory.") -+ os.RemoveAll(filepath.Join(s.stateDir, id)) - continue - } - processes, err := container.Processes() diff --git a/SPECS/docker.spec b/SPECS/docker.spec index 4eb29f3..09e1233 100644 --- a/SPECS/docker.spec +++ b/SPECS/docker.spec @@ -22,8 +22,8 @@ %define gobuild(o:) go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${GO_LDFLAGS:-} ${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld'" -a -v -x %{?**}; # docker -%global git_docker https://github.com/projectatomic/docker -%global commit_docker 0be3e217c42ecf554bf5117bec9c832bd3f3b6fd +%global git_docker https://github.com/likan999/ppa-docker +%global commit_docker 90b71710023d1e768e6ec8e3e93d9eaaf6cb2049 %global shortcommit_docker %(c=%{commit_docker}; echo ${c:0:7}) # docker_branch used in %%check %global docker_branch %{name}-%{version} @@ -55,13 +55,13 @@ %global shortcommit_lvm %(c=%{commit_lvm}; echo ${c:0:7}) # docker-runc -%global git_runc https://github.com/projectatomic/runc -%global commit_runc 66aedde759f33c190954815fb765eedc1d782dd9 +%global git_runc https://github.com/likan999/ppa-runc +%global commit_runc 378abb0a6ec8c8cf87bd2ed0fa723eafebae5d1b %global shortcommit_runc %(c=%{commit_runc}; echo ${c:0:7}) # docker-containerd -%global git_containerd https://github.com/projectatomic/containerd -%global commit_containerd 9c53e35c39f214b128beed3dfb670ccf751c4173 +%global git_containerd https://github.com/likan999/ppa-containerd +%global commit_containerd 96a2023276b9358bd7269cb8e6d077e9464a58a0 %global shortcommit_containerd %(c=%{commit_containerd}; echo ${c:0:7}) # docker-init @@ -109,23 +109,13 @@ Source29: 99-docker.conf Source30: %{git_tini}/archive/%{commit_tini}/tini-%{shortcommit_tini}.tar.gz Source31: %{git_libnetwork}/archive/%{commit_libnetwork}/libnetwork-%{shortcommit_libnetwork}.tar.gz Source32: seccomp.json -# https://bugzilla.redhat.com/show_bug.cgi?id=1636244 -Patch0: https://github.com/projectatomic/containerd/pull/11/commits/97eff6cf6c9b58f8239b28be2f080e23c9da62c0.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=1653292 -Patch1: https://github.com/projectatomic/containerd/pull/12/commits/f9a2eeb64054e740fb1ae3048dde153c257113c8.patch -Patch2: https://github.com/projectatomic/containerd/pull/12/commits/69518f0bbdb1f11113f46a4d794e09e2f21f5e91.patch # related: https://bugzilla.redhat.com/show_bug.cgi?id=1766665 there is no CollectMode property in RHEL7 systemd Patch3: docker-collectmode.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1784228 Patch4: bz1784228.patch Patch5: docker-1792243.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=1718441 -Patch6: https://patch-diff.githubusercontent.com/raw/projectatomic/runc/pull/30.patch # https://patch-diff.githubusercontent.com/raw/projectatomic/docker/pull/369.patch Patch7: docker-CVE-2020-8945.patch -# related bug: https://bugzilla.redhat.com/show_bug.cgi?id=1879425 -# patch: https://github.com/projectatomic/runc/pull/33.patch -Patch8: docker-1879425.patch BuildRequires: cmake BuildRequires: sed BuildRequires: git @@ -281,7 +271,7 @@ then be bind mounted into the container using `docker run` command. %{?enable_gotoolset110} %prep -%setup -q -n %{name}-%{commit_docker} +%setup -q -n ppa-docker-%{commit_docker} # untar d-s-s tar zxf %{SOURCE2} @@ -329,20 +319,11 @@ tar zxf %{SOURCE30} # untar libnetwork tar zxf %{SOURCE31} -cd containerd* -%patch0 -p1 -%patch1 -p1 -%patch2 -p1 -cd - %patch3 -p1 %patch4 -p1 %patch5 -p1 -%patch6 -p1 %patch7 -p1 -# https://bugzilla.redhat.com/show_bug.cgi?id=1879425 -%patch8 -p1 - %build # compile docker-proxy first - otherwise deps in gopath conflict with the others below and this fails. Remove libnetwork libs then. pushd libnetwork-%{commit_libnetwork} @@ -382,7 +363,7 @@ pushd $(pwd)/_build/src %gobuild %{provider}.%{provider_tld}/projectatomic/%{repo}-lvm-plugin popd -pushd containerd-%{commit_containerd} +pushd ppa-containerd-%{commit_containerd} mkdir -p vendor/src/%(dirname github.com/docker/containerd) ln -s ../../../.. vendor/src/github.com/docker/containerd export GOPATH=$(pwd)/vendor @@ -414,7 +395,7 @@ make v1.10-migrator-local popd # build %%{repo}-runc -pushd runc-%{commit_runc} +pushd ppa-runc-%{commit_runc} export RUNC_VERSION=$(cat ./VERSION) mkdir -p GOPATH pushd GOPATH @@ -588,12 +569,12 @@ install -p -m 700 %{SOURCE18} %{buildroot}%{_bindir}/%{name}-v1.10-migrator-help # install docker-runc install -d %{buildroot}%{_libexecdir}/%{repo} -install -p -m 755 runc-%{commit_runc}/runc %{buildroot}%{_libexecdir}/%{repo}/%{repo}-runc-current +install -p -m 755 ppa-runc-%{commit_runc}/runc %{buildroot}%{_libexecdir}/%{repo}/%{repo}-runc-current #install docker-containerd -install -p -m 755 containerd-%{commit_containerd}/bin/containerd %{buildroot}%{_bindir}/%{repo}-containerd-current -install -p -m 755 containerd-%{commit_containerd}/bin/containerd-shim %{buildroot}%{_bindir}/%{repo}-containerd-shim-current -install -p -m 755 containerd-%{commit_containerd}/bin/ctr %{buildroot}%{_bindir}/%{repo}-ctr-current +install -p -m 755 ppa-containerd-%{commit_containerd}/bin/containerd %{buildroot}%{_bindir}/%{repo}-containerd-current +install -p -m 755 ppa-containerd-%{commit_containerd}/bin/containerd-shim %{buildroot}%{_bindir}/%{repo}-containerd-shim-current +install -p -m 755 ppa-containerd-%{commit_containerd}/bin/ctr %{buildroot}%{_bindir}/%{repo}-ctr-current #install sysctl knob install -d -p %{buildroot}%{_usr}/lib/sysctl.d