diff --git a/.docker-latest.metadata b/.docker-latest.metadata index 96469d5..e575095 100644 --- a/.docker-latest.metadata +++ b/.docker-latest.metadata @@ -1,3 +1,5 @@ -3bb36af0c03466afa5df665edf9d529f6f69a227 SOURCES/docker-f9d4a2c.tar.gz -592dcfc581b1edc99f8c76234ccdab674397f022 SOURCES/docker-storage-setup-338cf62.tar.gz +881c2f10ded4ff4ef6e79370c3810cec54950d31 SOURCES/containerd-0ac3cd1.tar.gz +a84215682d8d5d3f82f837b12c74b7a9f2fdc59e SOURCES/docker-f1040da.tar.gz +4436cb79f58f8fa8206ec1eddf541cafa3f013f7 SOURCES/docker-storage-setup-d642523.tar.gz +66fa30802244a12e8364828ba4be2d31bd9d1f4f SOURCES/runc-f509e50.tar.gz ea4b3d96c46fccb6781d66a6c53c087b179c80fe SOURCES/v1.10-migrator-c417a6a.tar.gz diff --git a/.gitignore b/.gitignore index 566338b..0779eac 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,5 @@ -SOURCES/docker-f9d4a2c.tar.gz -SOURCES/docker-storage-setup-338cf62.tar.gz +SOURCES/containerd-0ac3cd1.tar.gz +SOURCES/docker-f1040da.tar.gz +SOURCES/docker-storage-setup-d642523.tar.gz +SOURCES/runc-f509e50.tar.gz SOURCES/v1.10-migrator-c417a6a.tar.gz diff --git a/SOURCES/docker-latest.service b/SOURCES/docker-latest.service index 3f7d076..81376eb 100644 --- a/SOURCES/docker-latest.service +++ b/SOURCES/docker-latest.service @@ -3,6 +3,7 @@ Description=Docker Application Container Engine Documentation=http://docs.docker.com After=network.target rhel-push-plugin.socket Wants=docker-latest-storage-setup.service +Requires=rhel-push-plugin.socket [Service] Type=notify @@ -11,7 +12,12 @@ EnvironmentFile=-/etc/sysconfig/docker-latest EnvironmentFile=-/etc/sysconfig/docker-latest-storage EnvironmentFile=-/etc/sysconfig/docker-latest-network Environment=GOTRACEBACK=crash -ExecStart=/usr/bin/docker-latest daemon \ +Environment=DOCKER_HTTP_HOST_COMPAT=1 +Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbin +ExecStart=/usr/bin/dockerd-latest \ + --add-runtime docker-runc=/usr/libexec/docker/docker-runc \ + --default-runtime=docker-runc \ + --authorization-plugin=rhel-push-plugin \ --exec-opt native.cgroupdriver=systemd \ -g /var/lib/docker-latest \ $OPTIONS \ @@ -20,12 +26,14 @@ ExecStart=/usr/bin/docker-latest daemon \ $ADD_REGISTRY \ $BLOCK_REGISTRY \ $INSECURE_REGISTRY +ExecReload=/bin/kill -s HUP $MAINPID +TasksMax=infinity LimitNOFILE=1048576 LimitNPROC=1048576 LimitCORE=infinity TimeoutStartSec=0 -MountFlags=slave Restart=on-abnormal +MountFlags=slave [Install] WantedBy=multi-user.target diff --git a/SOURCES/docker-latest.sysconfig b/SOURCES/docker-latest.sysconfig index eb3cf96..5ea3677 100644 --- a/SOURCES/docker-latest.sysconfig +++ b/SOURCES/docker-latest.sysconfig @@ -5,10 +5,10 @@ OPTIONS='--selinux-enabled --log-driver=journald' DOCKER_CERT_PATH=/etc/docker # If you want to add your own registry to be used for docker search and docker -# pull use the ADD_REGISTRY option to list a set of registries, each prepended +# pull use the #ADD_REGISTRY option to list a set of registries, each prepended # with --add-registry flag. The first registry added will be the first registry # searched. -#ADD_REGISTRY='--add-registry registry.access.redhat.com' +ADD_REGISTRY='--add-registry registry.access.redhat.com' # If you want to block registries from being used, uncomment the BLOCK_REGISTRY # option and give it a set of registries, each prepended with --block-registry diff --git a/SPECS/docker-latest.spec b/SPECS/docker-latest.spec index 11fb09e..78fa31d 100644 --- a/SPECS/docker-latest.spec +++ b/SPECS/docker-latest.spec @@ -26,14 +26,14 @@ # docker %global git0 https://github.com/projectatomic/%{repo} -%global commit0 f9d4a2c183cb4ba202babc9f8649ea043d8c84d0 +%global commit0 f1040da127b7f1167ab351cb429ac5faa421c7cf %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # docker_branch used in %%check -%global docker_branch rhel7-1.10.3 +%global docker_branch docker-1.12 # d-s-s %global git1 https://github.com/projectatomic/%{repo}-storage-setup/ -%global commit1 338cf6237b9613a4c674f8563473e0dc4d61c5fe +%global commit1 d642523c163820137c9ef07f4cbcb148c98aacf5 %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) %global dss_libdir %{_exec_prefix}/lib/%{name}-storage-setup @@ -42,6 +42,16 @@ %global commit2 c417a6a022c5023c111662e8280f885f6ac259be %global shortcommit2 %(c=%{commit2}; echo ${c:0:7}) +# docker-runc +%global git8 https://github.com/projectatomic/runc +%global commit8 f509e5094de84a919e2e8ae316373689fb66c513 +%global shortcommit8 %(c=%{commit8}; echo ${c:0:7}) + +# docker-containerd +%global git9 https://github.com/docker/containerd +%global commit9 0ac3cd1be170d180b2baed755e8f0da547ceb267 +%global shortcommit9 %(c=%{commit9}; echo ${c:0:7}) + # Version of SELinux %if 0%{?fedora} >= 22 %global selinux_policyver 3.13.1-119 @@ -50,8 +60,8 @@ %endif Name: %{repo}-latest -Version: 1.10.3 -Release: 46%{?dist}.10 +Version: 1.12.1 +Release: 2%{?dist} Summary: Automates deployment of containerized applications License: ASL 2.0 URL: https://%{provider}.%{provider_tld}/projectatomic/%{repo} @@ -66,6 +76,9 @@ Source7: %{name}-storage.sysconfig Source8: %{name}-logrotate.sh Source9: README.%{name}-logrotate Source10: %{name}-network.sysconfig +Source11: %{git8}/archive/%{commit8}/runc-%{shortcommit8}.tar.gz +Source12: %{git9}/archive/%{commit9}/containerd-%{shortcommit9}.tar.gz +#Source13: %%{repo}-containerd.service BuildRequires: git BuildRequires: glibc-static BuildRequires: %{?go_compiler:compiler(go-compiler)}%{!?go_compiler:golang} >= 1.6.2 @@ -79,16 +92,16 @@ BuildRequires: pkgconfig(systemd) Requires: device-mapper-libs >= 7:1.02.97 # RE: rhbz#1195804 - ensure min NVR for selinux-policy -Requires: selinux-policy >= %{selinux_policyver} +Requires(pre): selinux-policy >= %{selinux_policyver} # macros for 'docker' package VR -%global docker_ver %{version} -%global docker_rel %{release} +%global docker_ver 1.10.3 +%global docker_rel 46%{?dist}.12 Requires: %{repo}-selinux >= %{docker_ver}-%{docker_rel} Requires: %{repo}-common >= %{docker_ver}-%{docker_rel} -#Requires: %{repo}-rhel-push-plugin >= %{docker_ver}-%{docker_rel} -Requires: oci-register-machine >= 1:0-1.7 +Requires: %{repo}-rhel-push-plugin >= %{docker_ver}-%{docker_rel} +Requires: oci-register-machine >= 1:0-1.8 Requires: oci-systemd-hook >= 1:0.1.4-4 # Resolves: rhbz#1045220 @@ -101,6 +114,8 @@ Provides: %{name}-engine = %{version}-%{release} # needs tar to be able to run containers Requires: tar +Requires: subscription-manager-plugin-container + # include d-s-s into main docker package and obsolete existing d-s-s rpm # also update BRs and Rs Requires: lvm2 >= 7:1.02.97 @@ -155,6 +170,11 @@ running and skip checksum calculation on startup. # here keep the new line above otherwise autosetup fails when applying patch cp %{SOURCE9} . +# rhel debranding for centos +%if 0%{?centos} +sed -i 's/ADD_REGISTRY/#ADD_REGISTRY/' %{SOURCE6} +%endif + # untar d-s-s tar zxf %{SOURCE1} pushd %{repo}-storage-setup-%{commit1} @@ -165,6 +185,16 @@ popd # untar v1.10-migrator tar zxf %{SOURCE2} +# untar docker-runc +tar zxf %{SOURCE11} + +# untar docker-containerd +tar zxf %{SOURCE12} + +# docker-containerd unitfile +#cp %%{SOURCE13} . + + %build # set up temporary build gopath, and put our directory there mkdir _build @@ -177,7 +207,7 @@ export DOCKER_GITCOMMIT="%{shortcommit0}/%{version}" export DOCKER_BUILDTAGS="selinux seccomp" export GOPATH=$(pwd)/_build:$(pwd)/vendor:%{gopath} -sed -i '/LDFLAGS_STATIC/d' hack/make/.dockerinit +#sed -i '/LDFLAGS_STATIC/d' hack/make/.dockerinit IAMSTATIC=false DOCKER_DEBUG=1 bash -x hack/make.sh dynbinary man/md2man-all.sh pushd man/man1 @@ -187,7 +217,7 @@ pushd man/man5 rename %{repo} %{name} * popd pushd man/man8 -rename %{repo} %{name} * +mv %{repo}d.8 %{repo}d-latest.8 popd cp contrib/syntax/vim/LICENSE LICENSE-vim-syntax cp contrib/syntax/vim/README.md README-vim-syntax.md @@ -199,24 +229,48 @@ sed -i 's/godep //g' Makefile make v1.10-migrator-local popd +# build %%{repo}-runc +pushd runc-%{commit8} +make BUILDTAGS="seccomp selinux" +popd + +# build %%{name}-containerd +pushd _build +ln -s $(dirs +1 -l)/containerd-%{commit9} src/%{provider}.%{provider_tld}/%{repo}/containerd +popd +pushd containerd-%{commit9} +make +popd + %install # install binary install -d %{buildroot}%{_bindir} for x in bundles/latest; do - if ! test -d $x/dynbinary; then + if ! test -d $x/dynbinary-client; then + continue + fi + rm $x/dynbinary-client/*.{md5,sha256} + install -p -m 755 $x/dynbinary-client/%{repo}-%{version}* %{buildroot}%{_bindir}/%{name} + break +done + +for x in bundles/latest; do + if ! test -d $x/dynbinary-daemon; then continue fi - rm $x/dynbinary/*.md5 $x/dynbinary/*.sha256 - install -p -m 755 $x/dynbinary/%{repo}-%{version}* %{buildroot}%{_bindir}/%{name} + rm $x/dynbinary-daemon/*.{md5,sha256} + install -p -m 755 $x/dynbinary-daemon/%{repo}-proxy-* %{buildroot}%{_bindir}/%{repo}-proxy + install -p -m 755 $x/dynbinary-daemon/%{repo}d-* %{buildroot}%{_bindir}/%{repo}d-latest break done + # install manpages install -d %{buildroot}%{_mandir}/man1 install -p -m 644 man/man1/%{name}*.1 %{buildroot}%{_mandir}/man1 install -d %{buildroot}%{_mandir}/man8 -install -p -m 644 man/man8/%{name}*.8 %{buildroot}%{_mandir}/man8 +install -p -m 644 man/man8/%{repo}*.8 %{buildroot}%{_mandir}/man8 install -d %{buildroot}%{_mandir}/man5 install -p -m 644 man/man5/Dockerfile.5 %{buildroot}%{_mandir}/man5/Dockerfile-latest.5 @@ -252,11 +306,11 @@ install -p contrib/udev/80-%{repo}.rules %{buildroot}%{_udevrulesdir}/80-%{name} install -d %{buildroot}%{_sharedstatedir}/%{name} # install secret patch directory -#install -d -p -m 750 %{buildroot}/%{_datadir}/rhel/secrets +install -d -p -m 750 %{buildroot}/%{_datadir}/rhel/secrets # rhbz#1110876 - update symlinks for subscription management -#ln -s %{_sysconfdir}/pki/entitlement %{buildroot}%{_datadir}/rhel/secrets/etc-pki-entitlement -#ln -s %{_sysconfdir}/rhsm %{buildroot}%{_datadir}/rhel/secrets/rhsm -#ln -s %{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/rhel/secrets/rhel7.repo +ln -s %{_sysconfdir}/pki/entitlement %{buildroot}%{_datadir}/rhel/secrets/etc-pki-entitlement +ln -s %{_sysconfdir}/rhsm %{buildroot}%{_datadir}/rhel/secrets/rhsm +ln -s %{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/rhel/secrets/rhel7.repo mkdir -p %{buildroot}%{_sysconfdir}/%{name}/certs.d/redhat.{com,io} ln -s %{_sysconfdir}/rhsm/ca/redhat-uep.pem %{buildroot}%{_sysconfdir}/%{name}/certs.d/redhat.com/redhat-ca.crt @@ -321,6 +375,18 @@ install -p -m 700 v1.10-migrator-%{commit2}/v1.10-migrator-local %{buildroot}%{_ # install v1.10-migrator-helper install -p -m 700 %{SOURCE3} %{buildroot}%{_bindir}/%{name}-v1.10-migrator-helper +# install docker-runc +install -d %{buildroot}%{_libexecdir}/%{repo} +install -p -m 755 runc-%{commit8}/runc %{buildroot}%{_libexecdir}/%{repo}/%{repo}-runc + +#install docker-containerd +install -d %%{buildroot}%%{_libexecdir}/%%{repo} +install -p -m 755 containerd-%{commit9}/bin/containerd %{buildroot}%{_libexecdir}/%{repo}/%{repo}-containerd +install -p -m 755 containerd-%{commit9}/bin/containerd-shim %{buildroot}%{_libexecdir}/%{repo}/%{repo}-containerd-shim +install -p -m 755 containerd-%{commit9}/bin/ctr %{buildroot}%{_libexecdir}/%{repo}/%{repo}-ctr +# docker-containerd unitfile +#install -p -m 644 %%{SOURCE13} %%{buildroot}%%{_unitdir} + %check [ ! -w /run/%{name}.sock ] || { mkdir test_dir @@ -354,14 +420,16 @@ exit 0 %config(noreplace) %{_sysconfdir}/sysconfig/%{name}* %{_mandir}/man1/%{name}*.1.gz %{_mandir}/man5/Dockerfile-latest.5.gz -%{_mandir}/man8/%{name}-daemon.8.gz +%{_mandir}/man8/%{repo}d-latest.8.gz %{_bindir}/%{name} +%{_bindir}/%{repo}d-latest +%{_bindir}/%{repo}-proxy %{_bindir}/%{name}-storage-setup %{_unitdir}/%{name}.service %{_unitdir}/%{name}-storage-setup.service %{_datadir}/bash-completion/completions/%{name} -#%dir %{_datadir}/rhel -#%{_datadir}/rhel/* +%dir %{_datadir}/rhel +%{_datadir}/rhel/* %dir %{_sharedstatedir}/%{name} %{_udevrulesdir}/80-%{name}.rules %{_sysconfdir}/%{name} @@ -373,6 +441,13 @@ exit 0 %dir %{_datadir}/fish/vendor_completions.d/ %{_datadir}/fish/vendor_completions.d/%{name}.fish %{_datadir}/zsh/site-functions/_%{name} +# 1.12 specific +%dir %{_libexecdir}/%{repo} +%{_libexecdir}/%{repo}/%{repo}-runc +%{_libexecdir}/%{repo}/%{repo}-containerd +%{_libexecdir}/%{repo}/%{repo}-containerd-shim +%{_libexecdir}/%{repo}/%{repo}-ctr +#%%{_unitdir}/%%{repo}-containerd.service %if 0%{?with_devel} %files devel @@ -396,10 +471,83 @@ exit 0 %doc v1.10-migrator-%{commit2}/{CONTRIBUTING,README}.md %{_bindir}/%{name}-v1.10-migrator-* - %changelog -* Thu Aug 04 2016 Johnny Hughes - 1.10.3-46.10 -- Manual CentOS Debranding +* Mon Aug 29 2016 Lokesh Mandvekar - 1.12.1-2 +- Resolves: #1368284 +- adding bz for references, no change in commits used + +* Mon Aug 29 2016 Lokesh Mandvekar - 1.12.1-1 +- Resolves: #1371266 +- bump docker to v1.12.1 +- built docker projectatomic/docker-1.12 commit f1040da + +* Fri Aug 26 2016 Lokesh Mandvekar - 1.12.0-16 +- correct oci-register-machine requirements + +* Fri Aug 26 2016 Lokesh Mandvekar - 1.12.0-15 +- Resolves: #1368267 - depend on oci-register-machine at runtime +- oci-register-machine is disabled by default in +/etc/oci-register-machine.conf + +* Wed Aug 24 2016 Lokesh Mandvekar - 1.12.0-14 +- Resolves: #1368267 - obsolete oci-register-machine +- Previous builds had incomplete fixes for this bug +- built docker-runc projectatomic/docker-1.12 commit f509e50 + +* Tue Aug 23 2016 Lokesh Mandvekar - 1.12.0-13 +- Resolves: #1368267 - conflicts with oci-register-machine +- From: Ed Santiago + +* Tue Aug 23 2016 Lokesh Mandvekar - 1.12.0-12 +- Resolves: #1368267 - do not depend on oci-register-machine +- selinux-policy NVR is a pre-req + +* Tue Aug 23 2016 Lokesh Mandvekar - 1.12.0-11 +- Resolves: #1343139 - start containers when using user ns and selinux +- Resolves: #1369237 - d-s-s should detect overlay2 driver +- built docker-runc commit ee10b44 +- built d-s-s commit d642523 + +* Sat Aug 20 2016 Lokesh Mandvekar - 1.12.0-10 +- RHEL debranding for CentOS - comment out ADD_REGISTRY in sysconfig + +* Thu Aug 18 2016 Lokesh Mandvekar - 1.12.0-9 +- Resolves: #1368217 - update containerd +- built docker projectatomic/docker-1.12 commit 8fdcf30 +- built docker-runc commit cc29e3d +- built docker-containerd commit 0ac3cd1 +- ship docker-containerd, only skip the unitfile + +* Thu Aug 18 2016 Lokesh Mandvekar - 1.12.0-8 +- Resolves: #1367927 - run daemon in slave mount namespace + +* Thu Aug 18 2016 Lokesh Mandvekar - 1.12.0-7 +- Related oci-register-machine bz: #1366268 +- do not use docker-containerd.service for now + +* Wed Aug 17 2016 Lokesh Mandvekar - 1.12.0-6 +- Resolves: #1367854 - requires subscription-manager-plugin-container +- built docker projectatomic/docker-1.12 commit 0fd43cf +- built d-s-s commit c818aeb + +* Thu Aug 11 2016 Lokesh Mandvekar - 1.12.0-5 +- Resolves: #1366268 - remove MountFlags=slave from unitfile + +* Wed Aug 10 2016 Lokesh Mandvekar - 1.12.0-4 +- dockerd-latest needs --containerd option in unitfile +- do not append -latest to docker-proxy + +* Mon Aug 08 2016 Lokesh Mandvekar - 1.12.0-3 +- Resolves: #1365207 - dockerd-latest doesn't need arguments + +* Mon Aug 08 2016 Lokesh Mandvekar - 1.12.0-2 +- use correct release tag format for docker_rel macro + +* Fri Aug 05 2016 Lokesh Mandvekar - 1.12.0-1 +- Resolves: #1364509 - ship v1.12.0 + projectatomic patches +- built docker projectatomic/docker-1.12 commit ad4812e +- built docker-runc commit baf6536 +- built docker-containerd commit 9dc2b32 * Tue Jul 26 2016 Lokesh Mandvekar - 1.10.3-46.10 - Resolves: #1361674 - update unitfile to remove the need for