diff --git a/.docker.metadata b/.docker.metadata index d4389c7..658cf33 100644 --- a/.docker.metadata +++ b/.docker.metadata @@ -1,2 +1,2 @@ -457742dc6415835983d62716688efb8132200dff SOURCES/docker-02d20af.tar.gz -46e8e37afb0adf79d0668c552cb3520b499be570 SOURCES/docker-man-1.tar.gz +3f7364d513ba69e8adf6993e6d125e9d956f22b5 SOURCES/docker-d84a070.tar.gz +4a2408e3e452c09c9e41844d53257c51eb0080d4 SOURCES/docker-man-3.tar.gz diff --git a/.gitignore b/.gitignore index 5501697..54ebd3f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/docker-02d20af.tar.gz -SOURCES/docker-man-1.tar.gz +SOURCES/docker-d84a070.tar.gz +SOURCES/docker-man-3.tar.gz diff --git a/SOURCES/docker-0.11-remove-subscription-dependency.patch b/SOURCES/docker-0.11-remove-subscription-dependency.patch deleted file mode 100644 index a31c170..0000000 --- a/SOURCES/docker-0.11-remove-subscription-dependency.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 248d8fe6b6b4b4706d5c8b14035d5a6847e88721 Mon Sep 17 00:00:00 2001 -From: Jim Perrin -Date: Thu, 26 Jun 2014 09:23:14 -0500 -Subject: [PATCH] remove subscription manager sharing between container and - host - ---- - daemon/container.go | 12 ++++++------ - daemon/volumes.go | 2 +- - graph/graph.go | 2 +- - 3 files changed, 8 insertions(+), 8 deletions(-) - -diff --git a/daemon/container.go b/daemon/container.go -index ce84057..c182009 100644 ---- a/daemon/container.go -+++ b/daemon/container.go -@@ -290,9 +290,9 @@ func (container *Container) Start() (err error) { - if err := populateCommand(container, env); err != nil { - return err - } -- if err := container.setupSecretFiles(); err != nil { -- return err -- } -+// if err := container.setupSecretFiles(); err != nil { -+// return err -+// } - if err := setupMountsForContainer(container); err != nil { - return err - } -@@ -308,9 +308,9 @@ func (container *Container) Start() (err error) { - } - - // Now the container is running, unmount the secrets on the host -- if err := system.Unmount(container.secretsPath(), syscall.MNT_DETACH); err != nil { -- return err -- } -+// if err := system.Unmount(container.secretsPath(), syscall.MNT_DETACH); err != nil { -+// return err -+// } - - return nil - } -diff --git a/daemon/volumes.go b/daemon/volumes.go -index 7d92baf..7e9cadd 100644 ---- a/daemon/volumes.go -+++ b/daemon/volumes.go -@@ -38,7 +38,7 @@ func setupMountsForContainer(container *Container) error { - mounts := []execdriver.Mount{ - {container.daemon.sysInitPath, "/.dockerinit", false, true}, - {container.ResolvConfPath, "/etc/resolv.conf", false, true}, -- {container.secretsPath(), "/run/secrets", true, true}, -+// {container.secretsPath(), "/run/secrets", true, true}, - } - - if container.HostnamePath != "" { -diff --git a/graph/graph.go b/graph/graph.go -index f578ad9..06d714b 100644 ---- a/graph/graph.go -+++ b/graph/graph.go -@@ -257,7 +257,7 @@ func SetupInitLayer(initLayer string) error { - "/dev/pts": "dir", - "/dev/shm": "dir", - "/proc": "dir", -- "/run/secrets": "dir", -+ //"/run/secrets": "dir", - "/sys": "dir", - "/.dockerinit": "file", - "/.dockerenv": "file", --- -1.8.3.1 - diff --git a/SOURCES/docker-Super-minimal-host-based-secrets.patch b/SOURCES/docker-Super-minimal-host-based-secrets.patch new file mode 100644 index 0000000..95cfb5c --- /dev/null +++ b/SOURCES/docker-Super-minimal-host-based-secrets.patch @@ -0,0 +1,197 @@ +diff -up docker-d84a070e476ce923dd03e28232564a87704613ab/daemon/container.go.secrets docker-d84a070e476ce923dd03e28232564a87704613ab/daemon/container.go +--- docker-d84a070e476ce923dd03e28232564a87704613ab/daemon/container.go.secrets 2014-07-22 20:29:56.000000000 -0400 ++++ docker-d84a070e476ce923dd03e28232564a87704613ab/daemon/container.go 2014-09-10 16:34:28.489624522 -0400 +@@ -277,6 +277,9 @@ func (container *Container) Start() (err + if err := populateCommand(container, env); err != nil { + return err + } ++ if err := container.setupSecretFiles(); err != nil { ++ return err ++ } + if err := setupMountsForContainer(container); err != nil { + return err + } +@@ -284,7 +287,21 @@ func (container *Container) Start() (err + return err + } + +- return container.waitForStart() ++ if err := container.waitForStart(); err != nil { ++ return err ++ } ++ ++ // Now the container is running, unmount the secrets on the host ++ secretsPath, err := container.secretsPath() ++ if err != nil { ++ return err ++ } ++ ++ if err := syscall.Unmount(secretsPath, syscall.MNT_DETACH); err != nil { ++ return err ++ } ++ ++ return nil + } + + func (container *Container) Run() error { +@@ -711,6 +728,10 @@ func (container *Container) jsonPath() ( + return container.getRootResourcePath("config.json") + } + ++func (container *Container) secretsPath() (string, error) { ++ return container.getRootResourcePath("secrets") ++} ++ + // This method must be exported to be used from the lxc template + // This directory is only usable when the container is running + func (container *Container) RootfsPath() string { +@@ -962,6 +983,31 @@ func (container *Container) verifyDaemon + } + } + ++func (container *Container) setupSecretFiles() error { ++ secretsPath, err := container.secretsPath() ++ if err != nil { ++ return err ++ } ++ ++ if err := os.MkdirAll(secretsPath, 0700); err != nil { ++ return err ++ } ++ ++ if err := syscall.Mount("tmpfs", secretsPath, "tmpfs", uintptr(syscall.MS_NOEXEC|syscall.MS_NOSUID|syscall.MS_NODEV), label.FormatMountLabel("", container.GetMountLabel())); err != nil { ++ return fmt.Errorf("mounting secret tmpfs: %s", err) ++ } ++ ++ data, err := getHostSecretData() ++ if err != nil { ++ return err ++ } ++ for _, s := range data { ++ s.SaveTo(secretsPath) ++ } ++ ++ return nil ++} ++ + func (container *Container) setupLinkedContainers() ([]string, error) { + var ( + env []string +diff -up docker-d84a070e476ce923dd03e28232564a87704613ab/daemon/secrets.go.secrets docker-d84a070e476ce923dd03e28232564a87704613ab/daemon/secrets.go +--- docker-d84a070e476ce923dd03e28232564a87704613ab/daemon/secrets.go.secrets 2014-09-10 16:28:26.922130421 -0400 ++++ docker-d84a070e476ce923dd03e28232564a87704613ab/daemon/secrets.go 2014-09-10 16:28:26.922130421 -0400 +@@ -0,0 +1,86 @@ ++package daemon ++ ++import ( ++ "io/ioutil" ++ "os" ++ "path/filepath" ++) ++ ++type Secret struct { ++ Name string ++ IsDir bool ++ HostBased bool ++} ++ ++type SecretData struct { ++ Name string ++ Data []byte ++} ++ ++func (s SecretData) SaveTo(dir string) error { ++ path := filepath.Join(dir, s.Name) ++ if err := os.MkdirAll(filepath.Dir(path), 0755); err != nil && !os.IsExist(err) { ++ return err ++ } ++ if err := ioutil.WriteFile(path, s.Data, 0755); err != nil { ++ return err ++ } ++ return nil ++} ++ ++func readAll(root, prefix string) ([]SecretData, error) { ++ path := filepath.Join(root, prefix) ++ ++ data := []SecretData{} ++ ++ files, err := ioutil.ReadDir(path) ++ if err != nil { ++ if os.IsNotExist(err) { ++ return data, nil ++ } ++ ++ return nil, err ++ } ++ ++ for _, f := range files { ++ fileData, err := readFile(root, filepath.Join(prefix, f.Name())) ++ if err != nil { ++ // If the file did not exist, might be a dangling symlink ++ // Ignore the error ++ if os.IsNotExist(err) { ++ continue ++ } ++ return nil, err ++ } ++ data = append(data, fileData...) ++ } ++ ++ return data, nil ++} ++ ++func readFile(root, name string) ([]SecretData, error) { ++ path := filepath.Join(root, name) ++ ++ s, err := os.Stat(path) ++ if err != nil { ++ return nil, err ++ } ++ ++ if s.IsDir() { ++ dirData, err := readAll(root, name) ++ if err != nil { ++ return nil, err ++ } ++ return dirData, nil ++ } else { ++ bytes, err := ioutil.ReadFile(path) ++ if err != nil { ++ return nil, err ++ } ++ return []SecretData{{Name: name, Data: bytes}}, nil ++ } ++} ++ ++func getHostSecretData() ([]SecretData, error) { ++ return readAll("/usr/share/rhel/secrets", "") ++} +diff -up docker-d84a070e476ce923dd03e28232564a87704613ab/daemon/volumes.go.secrets docker-d84a070e476ce923dd03e28232564a87704613ab/daemon/volumes.go +--- docker-d84a070e476ce923dd03e28232564a87704613ab/daemon/volumes.go.secrets 2014-09-10 16:28:26.922130421 -0400 ++++ docker-d84a070e476ce923dd03e28232564a87704613ab/daemon/volumes.go 2014-09-10 16:40:34.683228046 -0400 +@@ -48,6 +48,13 @@ func setupMountsForContainer(container * + mounts = append(mounts, execdriver.Mount{container.HostsPath, "/etc/hosts", false, true}) + } + ++ secretsPath, err := container.secretsPath() ++ if err != nil { ++ return err ++ } ++ ++ mounts = append(mounts, execdriver.Mount{secretsPath, "/run/secrets", true, true}) ++ + // Mount user specified volumes + // Note, these are not private because you may want propagation of (un)mounts from host + // volumes. For instance if you use -v /usr:/usr and the host later mounts /usr/share you +diff -up docker-d84a070e476ce923dd03e28232564a87704613ab/graph/graph.go.secrets docker-d84a070e476ce923dd03e28232564a87704613ab/graph/graph.go +--- docker-d84a070e476ce923dd03e28232564a87704613ab/graph/graph.go.secrets 2014-07-22 20:29:56.000000000 -0400 ++++ docker-d84a070e476ce923dd03e28232564a87704613ab/graph/graph.go 2014-09-10 16:28:26.923130420 -0400 +@@ -266,6 +266,7 @@ func SetupInitLayer(initLayer string) er + "/etc/hostname": "file", + "/dev/console": "file", + "/etc/mtab": "/proc/mounts", ++ "/run/secrets": "dir", + } { + parts := strings.Split(pth, "/") + prev := "/" diff --git a/SOURCES/docker.service b/SOURCES/docker.service index e66579b..739d599 100644 --- a/SOURCES/docker.service +++ b/SOURCES/docker.service @@ -2,11 +2,12 @@ Description=Docker Application Container Engine Documentation=http://docs.docker.io After=network.target +Requires=docker.socket [Service] Type=notify EnvironmentFile=-/etc/sysconfig/docker -ExecStart=/usr/bin/docker -d --selinux-enabled +ExecStart=/usr/bin/docker -d $OPTIONS Restart=on-failure LimitNOFILE=1048576 LimitNPROC=1048576 diff --git a/SOURCES/docker.sysconfig b/SOURCES/docker.sysconfig index a2fd2af..efa5af1 100644 --- a/SOURCES/docker.sysconfig +++ b/SOURCES/docker.sysconfig @@ -1 +1,4 @@ # /etc/sysconfig/docker + +# Modify these options if you want to change the way the docker daemon runs +OPTIONS=--selinux-enabled -H fd:// diff --git a/SOURCES/remove-vendored-tar.patch b/SOURCES/remove-vendored-tar.patch deleted file mode 100644 index d1d0fa1..0000000 --- a/SOURCES/remove-vendored-tar.patch +++ /dev/null @@ -1,120 +0,0 @@ -diff -uNr docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c/archive/archive.go docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c-1/archive/archive.go ---- docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c/archive/archive.go 2014-06-05 19:32:24.000000000 -0400 -+++ docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c-1/archive/archive.go 2014-06-05 19:38:04.963219406 -0400 -@@ -18,7 +18,7 @@ - - "github.com/dotcloud/docker/pkg/system" - "github.com/dotcloud/docker/utils" -- "github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar" -+ "archive/tar" - ) - - type ( -diff -uNr docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c/archive/archive_test.go docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c-1/archive/archive_test.go ---- docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c/archive/archive_test.go 2014-06-05 19:32:24.000000000 -0400 -+++ docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c-1/archive/archive_test.go 2014-06-05 19:37:59.555194220 -0400 -@@ -11,7 +11,7 @@ - "testing" - "time" - -- "github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar" -+ "archive/tar" - ) - - func TestCmdStreamLargeStderr(t *testing.T) { -diff -uNr docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c/archive/changes.go docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c-1/archive/changes.go ---- docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c/archive/changes.go 2014-06-05 19:32:24.000000000 -0400 -+++ docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c-1/archive/changes.go 2014-06-05 19:37:52.204159915 -0400 -@@ -12,7 +12,7 @@ - - "github.com/dotcloud/docker/pkg/system" - "github.com/dotcloud/docker/utils" -- "github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar" -+ "archive/tar" - ) - - type ChangeType int -diff -uNr docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c/archive/diff.go docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c-1/archive/diff.go ---- docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c/archive/diff.go 2014-06-05 19:32:24.000000000 -0400 -+++ docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c-1/archive/diff.go 2014-06-05 19:37:46.082131408 -0400 -@@ -9,7 +9,7 @@ - "strings" - "syscall" - -- "github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar" -+ "archive/tar" - ) - - // Linux device nodes are a bit weird due to backwards compat with 16 bit device nodes. -diff -uNr docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c/archive/wrap.go docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c-1/archive/wrap.go ---- docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c/archive/wrap.go 2014-06-05 19:32:24.000000000 -0400 -+++ docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c-1/archive/wrap.go 2014-06-05 19:38:11.126248130 -0400 -@@ -2,7 +2,7 @@ - - import ( - "bytes" -- "github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar" -+ "archive/tar" - "io/ioutil" - ) - -diff -uNr docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c/graph/tags_unit_test.go docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c-1/graph/tags_unit_test.go ---- docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c/graph/tags_unit_test.go 2014-06-05 19:32:24.000000000 -0400 -+++ docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c-1/graph/tags_unit_test.go 2014-06-05 19:38:18.400282065 -0400 -@@ -6,7 +6,7 @@ - _ "github.com/dotcloud/docker/daemon/graphdriver/vfs" // import the vfs driver so it is used in the tests - "github.com/dotcloud/docker/image" - "github.com/dotcloud/docker/utils" -- "github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar" -+ "archive/tar" - "io" - "os" - "path" -diff -uNr docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c/integration/api_test.go docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c-1/integration/api_test.go ---- docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c/integration/api_test.go 2014-06-05 19:32:24.000000000 -0400 -+++ docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c-1/integration/api_test.go 2014-06-05 19:38:35.927363757 -0400 -@@ -21,7 +21,7 @@ - "github.com/dotcloud/docker/image" - "github.com/dotcloud/docker/runconfig" - "github.com/dotcloud/docker/utils" -- "github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar" -+ "archive/tar" - ) - - func TestGetEvents(t *testing.T) { -diff -uNr docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c/integration/utils_test.go docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c-1/integration/utils_test.go ---- docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c/integration/utils_test.go 2014-06-05 19:32:24.000000000 -0400 -+++ docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c-1/integration/utils_test.go 2014-06-05 19:38:28.829330804 -0400 -@@ -13,7 +13,7 @@ - "testing" - "time" - -- "github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar" -+ "archive/tar" - - "github.com/dotcloud/docker/builtins" - "github.com/dotcloud/docker/daemon" -diff -uNr docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c/utils/tarsum.go docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c-1/utils/tarsum.go ---- docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c/utils/tarsum.go 2014-06-05 19:32:24.000000000 -0400 -+++ docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c-1/utils/tarsum.go 2014-06-05 19:38:51.793437630 -0400 -@@ -5,7 +5,7 @@ - "compress/gzip" - "crypto/sha256" - "encoding/hex" -- "github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar" -+ "archive/tar" - "hash" - "io" - "sort" -diff -uNr docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c/utils/tarsum_test.go docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c-1/utils/tarsum_test.go ---- docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c/utils/tarsum_test.go 2014-06-05 19:32:24.000000000 -0400 -+++ docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c-1/utils/tarsum_test.go 2014-06-05 19:38:43.581399426 -0400 -@@ -4,7 +4,7 @@ - "bytes" - "crypto/rand" - "fmt" -- "github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar" -+ "archive/tar" - "io" - "io/ioutil" - "os" diff --git a/SPECS/docker.spec b/SPECS/docker.spec index 0f58b5f..199a745 100644 --- a/SPECS/docker.spec +++ b/SPECS/docker.spec @@ -5,49 +5,43 @@ %global debug_package %{nil} %global gopath %{_datadir}/gocode -%global commit 02d20af7db1e154290eb5128525dd6831bd4c014 +%global commit d84a070e476ce923dd03e28232564a87704613ab %global shortcommit %(c=%{commit}; echo ${c:0:7}) Name: docker -Version: 0.11.1 -Release: 22%{?dist} +Version: 1.1.2 +Release: 13%{?dist} Summary: Automates deployment of containerized applications License: ASL 2.0 -Patch0: remove-vendored-tar.patch -Patch1: docker-0.11-remove-subscription-dependency.patch - URL: http://www.docker.io -# only x86_64 for now: https://github.com/dotcloud/docker/issues/136 ExclusiveArch: x86_64 -#use branch: https://github.com/lsm5/docker/commits/2014-06-06-2 -Source0: https://github.com/lsm5/docker/archive/%{commit}/docker-%{shortcommit}.tar.gz +Source0: https://github.com/rhatdan/docker/archive/%{commit}/docker-%{shortcommit}.tar.gz +Patch1: docker-Super-minimal-host-based-secrets.patch # though final name for sysconf/sysvinit files is simply 'docker', # having .sysvinit and .sysconfig makes things clear Source1: docker.service -Source2: docker-man-1.tar.gz +Source2: docker-man-3.tar.gz Source3: docker.sysconfig -# Resolves: rhbz#1111760 - CVE-2014-3499 +# docker: systemd socket activation results in privilege escalation Source4: docker.socket BuildRequires: gcc BuildRequires: glibc-static # ensure build uses golang 1.2-7 and above # http://code.google.com/p/go/source/detail?r=a15f344a9efa35ef168c8feaa92a15a1cdc93db5 BuildRequires: golang >= 1.2-7 -BuildRequires: golang(github.com/gorilla/mux) -BuildRequires: golang(github.com/kr/pty) +BuildRequires: golang(github.com/gorilla/mux) >= 0-0.12 +BuildRequires: golang(github.com/kr/pty) >= 0-0.20 BuildRequires: golang(code.google.com/p/go.net/websocket) BuildRequires: golang(code.google.com/p/gosqlite/sqlite3) -BuildRequires: golang(github.com/syndtr/gocapability/capability) +BuildRequires: golang(github.com/syndtr/gocapability/capability) >= 0-0.6 BuildRequires: golang(github.com/godbus/dbus) -BuildRequires: golang(github.com/coreos/go-systemd/activation) +BuildRequires: golang(github.com/coreos/go-systemd/activation) >= 2-2 BuildRequires: device-mapper-devel -# btrfs not available for rhel yet BuildRequires: btrfs-progs-devel BuildRequires: pkgconfig(systemd) Requires: systemd-units # need xz to work with ubuntu images -# https://bugzilla.redhat.com/show_bug.cgi?id=1045220 Requires: xz Provides: lxc-docker = %{version} @@ -65,10 +59,7 @@ servers, OpenStack clusters, public instances, or combinations of the above. %prep %setup -q -n docker-%{commit} -rm -rf vendor -%patch0 -p1 -b remove-vendored-tar -%patch1 -p1 -b remove-subscription-dependency - +%patch1 -p1 -b .secrets tar zxf %{SOURCE2} %build @@ -81,7 +72,7 @@ popd export DOCKER_GITCOMMIT="%{shortcommit}/%{version}" export DOCKER_BUILDTAGS='selinux' -export GOPATH=$(pwd)/_build:%{gopath} +export GOPATH=$(pwd)/_build:$(pwd)/vendor hack/make.sh dynbinary cp contrib/syntax/vim/LICENSE LICENSE-vim-syntax @@ -90,11 +81,11 @@ cp contrib/syntax/vim/README.md README-vim-syntax.md %install # install binary install -d %{buildroot}%{_bindir} -install -p -m 755 bundles/%{version}-dev/dynbinary/docker-%{version}-dev %{buildroot}%{_bindir}/docker +install -p -m 755 bundles/%{version}/dynbinary/docker-%{version} %{buildroot}%{_bindir}/docker # install dockerinit install -d %{buildroot}%{_libexecdir}/docker -install -p -m 755 bundles/%{version}-dev/dynbinary/dockerinit-%{version}-dev %{buildroot}%{_libexecdir}/docker/dockerinit +install -p -m 755 bundles/%{version}/dynbinary/dockerinit-%{version} %{buildroot}%{_libexecdir}/docker/dockerinit # install manpages install -d %{buildroot}%{_mandir}/man1 @@ -103,8 +94,8 @@ install -d %{buildroot}%{_mandir}/man5 install -p -m 644 man5/* %{buildroot}%{_mandir}/man5 # install bash completion -install -d %{buildroot}%{_sysconfdir}/bash_completion.d -install -p -m 644 contrib/completion/bash/docker %{buildroot}%{_sysconfdir}/bash_completion.d/docker.bash +install -d %{buildroot}%{_datadir}/bash-completion/completions/ +install -p -m 644 contrib/completion/bash/docker %{buildroot}%{_datadir}/bash-completion/completions/ # install zsh completion install -d %{buildroot}%{_datadir}/zsh/site-functions @@ -126,15 +117,17 @@ install -d -m 700 %{buildroot}%{_sharedstatedir}/docker # install systemd/init scripts install -d %{buildroot}%{_unitdir} install -p -m 644 %{SOURCE1} %{buildroot}%{_unitdir} -#install -p -m 644 %{SOURCE4} %{buildroot}%{_unitdir} +install -p -m 644 %{SOURCE4} %{buildroot}%{_unitdir} # for additional args install -d %{buildroot}%{_sysconfdir}/sysconfig/ install -p -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sysconfig/docker -# don't install secrets dir -# install -d -p -m 750 %{buildroot}/%{_datadir}/rhel/secrets -# ln -s %{_sysconfdir}/pki/entitlement %{buildroot}%{_datadir}/rhel/secrets/etc-pki-entitlement -# ln -s %{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/rhel/secrets/rhel7.repo +# install secrets dir +install -d -p -m 750 %{buildroot}/%{_datadir}/rhel/secrets +# rhbz#1110876 - update symlinks for subscription management +ln -s %{_sysconfdir}/pki/entitlement %{buildroot}%{_datadir}/rhel/secrets/etc-pki-entitlement +ln -s %{_sysconfdir}/rhsm %{buildroot}%{_datadir}/rhel/secrets/rhsm +ln -s %{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/rhel/secrets/rhel7.repo %pre getent group docker > /dev/null || %{_sbindir}/groupadd -r docker @@ -156,17 +149,17 @@ exit 0 %{_mandir}/man1/* %{_mandir}/man5/* %{_bindir}/docker -#%dir %{_datadir}/rhel -#%dir %{_datadir}/rhel/secrets -#%{_datadir}/rhel/secrets/etc-pki-entitlement -#%{_datadir}/rhel/secrets/rhel7.repo +%dir %{_datadir}/rhel +%dir %{_datadir}/rhel/secrets +%{_datadir}/rhel/secrets/etc-pki-entitlement +%{_datadir}/rhel/secrets/rhel7.repo +%{_datadir}/rhel/secrets/rhsm %dir %{_libexecdir}/docker %{_libexecdir}/docker/dockerinit %{_unitdir}/docker.service -#%{_unitdir}/docker.socket -%{_sysconfdir}/sysconfig/docker -%dir %{_sysconfdir}/bash_completion.d -%{_sysconfdir}/bash_completion.d/docker.bash +%{_unitdir}/docker.socket +%config(noreplace) %{_sysconfdir}/sysconfig/docker +%{_datadir}/bash-completion/completions/docker %{_datadir}/zsh/site-functions/_docker %dir %{_sharedstatedir}/docker %dir %{_sysconfdir}/udev/rules.d @@ -179,16 +172,100 @@ exit 0 %{_datadir}/vim/vimfiles/syntax/dockerfile.vim %changelog -* Wed Jul 2 2014 Johnny Hughes - 0.11.1-22.el7.centos -- Roll in CentOS Branding -- Remove subscription dependency for docker operation - -* Thu Jun 26 2014 Dan Walsh - 0.11.1-22 -- Resolves: rhbz#1111760 - CVE-2014-3499 -- Remove docker.socket unit file until docker-1.0 - -* Tue Jun 24 2014 Lokesh Mandvekar - 0.11.1-20 -- Resolves: rhbz#1111760 - CVE-2014-3499 +* Fri Sep 12 2014 Dan Walsh - 1.1.2-13 +- Fix sysconfig and docker.service script to allow $OPTIONS + +* Wed Sep 10 2014 Dan Walsh - 1.1.2-12 +- Remove extra patches and ship only v1.1.2 plus secrets patch + +* Tue Sep 2 2014 Dan Walsh - 1.1.2-10 +- Add docker client entitlement certs + +* Fri Aug 8 2014 Dan Walsh - 1.1.2-9 +- Add Matt Heon patch to allow containers to work if machine is not entitled + +* Thu Aug 7 2014 Dan Walsh - 1.1.2-8 +- Fix handing of rhel repos + +* Mon Aug 4 2014 Dan Walsh - 1.1.2-6 +- Update man pages + +* Mon Jul 28 2014 Dan Walsh - 1.1.2-5 +- Fix environment patch +- Add /etc/machine-id patch + +* Fri Jul 25 2014 Dan Walsh - 1.1.2-4 +- Add Secrets Patch back in + +* Fri Jul 25 2014 Dan Walsh - 1.1.2-3 +- Pull in latest docker-1.1.2 code + +* Fri Jul 25 2014 Dan Walsh - 1.1.2-2 +- Update to the latest from upstream +- Add comment and envoroment patches to allow setting of comments and +- enviroment variables from docker import + +* Wed Jul 23 2014 Dan Walsh - 1.1.1-3 +- Install docker bash completions in proper location +- Add audit_write as a default capability + +* Tue Jul 22 2014 Dan Walsh - 1.1.1-2 +- Update man pages +- Fix docker pull registry/repo + +* Fri Jul 18 2014 Dan Walsh - 1.1.1-1 +- Update to latest from upstream + +* Mon Jul 14 2014 Dan Walsh - 1.0.0-10 +- Pass otions from /etc/sysconfig/docker into docker.service unit file + +* Thu Jul 10 2014 Dan Walsh - 1.0.0-9 +- Fix docker-registry patch to handle search + +* Thu Jul 10 2014 Dan Walsh - 1.0.0-8 +- Re-add %{_datadir}/rhel/secrets/rhel7.repo + +* Wed Jul 9 2014 Dan Walsh - 1.0.0-7 +- Patch: Save "COMMENT" field in Dockerfile into image content. +- Patch: Update documentation noting that SIGCHLD is not proxied. +- Patch: Escape control and nonprintable characters in docker ps +- Patch: machine-id: add container id access +- Patch: Report child error better (and later) +- Patch: Fix invalid fd race +- Patch: Super minimal host based secrets +- Patch: libcontainer: Mount cgroups in the container +- Patch: pkg/cgroups Add GetMounts() and GetAllSubsystems() +- Patch: New implementation of /run support +- Patch: Error if Docker daemon starts with BTRFS graph driver and SELinux enabled +- Patch: Updated CLI documentation for docker pull with notes on specifying URL +- Patch: Updated docker pull manpage to reflect ability to specify URL of registry. +- Patch: Docker should use /var/tmp for large temporary files. +- Patch: Add --registry-append and --registry-replace qualifier to docker daemon +- Patch: Increase size of buffer for signals +- Patch: Update documentation noting that SIGCHLD is not proxied. +- Patch: Escape control and nonprintable characters in docker ps + +* Tue Jun 24 2014 Lokesh Mandvekar - 1.0.0-4 +- Documentation update for --sig-proxy +- increase size of buffer for signals +- escape control and nonprintable characters in docker ps + +* Tue Jun 24 2014 Lokesh Mandvekar - 1.0.0-3 +- Resolves: rhbz#1111769 - CVE-2014-3499 + +* Thu Jun 19 2014 Lokesh Mandvekar - 1.0.0-2 +- Resolves: rhbz#1109938 - upgrade to upstream version 1.0.0 + patches + use repo: https://github.com/lsm5/docker/commits/htb2 +- Resolves: rhbz#1109858 - fix race condition with secrets +- add machine-id patch: +https://github.com/vbatts/docker/commit/4f51757a50349bbbd2282953aaa3fc0e9a989741 + +* Wed Jun 18 2014 Lokesh Mandvekar - 1.0.0-1 +- Resolves: rhbz#1109938 - upgrade to upstream version 1.0.0 + patches + use repo: https://github.com/lsm5/docker/commits/2014-06-18-htb2 +- Resolves: rhbz#1110876 - secrets changes required for subscription +management +- btrfs now available (remove old comment) * Fri Jun 06 2014 Lokesh Mandvekar - 0.11.1-19 - build with golang-github-kr-pty-0-0.19.git98c7b80.el7