diff options
| -rw-r--r-- | .gitignore | 3 | ||||
| -rw-r--r-- | 0003-add-loongarch64-seccomp-support.patch | 91 | ||||
| -rw-r--r-- | 0004-fix-docker-swarm-run-failed-for-loongarch64.patch | 30 | ||||
| -rw-r--r-- | docker.service | 48 | ||||
| -rw-r--r-- | docker.socket | 11 | ||||
| -rw-r--r-- | docker.spec | 421 | ||||
| -rw-r--r-- | docker.sysconfig | 7 | ||||
| -rw-r--r-- | moby.spec | 283 | ||||
| -rw-r--r-- | sources | 4 |
9 files changed, 476 insertions, 422 deletions
@@ -1 +1,4 @@ /v27.2.1.tar.gz +/cli-27.2.1.tar.gz +/moby-27.2.1.tar.gz +/tini-0.19.0.tar.gz diff --git a/0003-add-loongarch64-seccomp-support.patch b/0003-add-loongarch64-seccomp-support.patch new file mode 100644 index 0000000..e2b320f --- /dev/null +++ b/0003-add-loongarch64-seccomp-support.patch @@ -0,0 +1,91 @@ +diff --git a/oci/fixtures/default.json b/oci/fixtures/default.json +index 8d4d211..b63bfc9 100644 +--- a/oci/fixtures/default.json ++++ b/oci/fixtures/default.json +@@ -47,6 +47,10 @@ + "subArchitectures": [ + "SCMP_ARCH_S390" + ] ++ }, ++ { ++ "architecture": "SCMP_ARCH_LOONGARCH64", ++ "subArchitectures": null + } + ], + "syscalls": [ +@@ -810,4 +814,4 @@ + "excludes": {} + } + ] +-} +\ No newline at end of file ++} +diff --git a/profiles/seccomp/default.json b/profiles/seccomp/default.json +index c4d9110..3501693 100644 +--- a/profiles/seccomp/default.json ++++ b/profiles/seccomp/default.json +@@ -52,6 +52,10 @@ + { + "architecture": "SCMP_ARCH_RISCV64", + "subArchitectures": null ++ }, ++ { ++ "architecture": "SCMP_ARCH_LOONGARCH64", ++ "subArchitectures": null + } + ], + "syscalls": [ +@@ -830,4 +834,4 @@ + } + } + ] +-} +\ No newline at end of file ++} +diff --git a/profiles/seccomp/default_linux.go b/profiles/seccomp/default_linux.go +index 09fb337..3834bab 100644 +--- a/profiles/seccomp/default_linux.go ++++ b/profiles/seccomp/default_linux.go +@@ -38,6 +38,10 @@ func arches() []Architecture { + { + Arch: specs.ArchRISCV64, + SubArches: nil, ++ }, ++ { ++ Arch: specs.ArchLOONGARCH64, ++ SubArches: nil, + }, + } + } +diff --git a/profiles/seccomp/seccomp_linux.go b/profiles/seccomp/seccomp_linux.go +index 4d8fed6..9eb0741 100644 +--- a/profiles/seccomp/seccomp_linux.go ++++ b/profiles/seccomp/seccomp_linux.go +@@ -41,6 +41,7 @@ var nativeToSeccomp = map[string]specs.Arch{ + "ppc64le": specs.ArchPPC64LE, + "s390": specs.ArchS390, + "s390x": specs.ArchS390X, ++ "loong64": specs.ArchLOONGARCH64, + } + + // GOARCH => libseccomp string +@@ -59,6 +60,7 @@ var goToNative = map[string]string{ + "ppc64le": "ppc64le", + "s390": "s390", + "s390x": "s390x", ++ "loong64": "loong64", + } + + // inSlice tests whether a string is contained in a slice of strings or not. +diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go +index 4e7717d..96e04af 100644 +--- a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go ++++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go +@@ -741,6 +741,7 @@ const ( + ArchPARISC Arch = "SCMP_ARCH_PARISC" + ArchPARISC64 Arch = "SCMP_ARCH_PARISC64" + ArchRISCV64 Arch = "SCMP_ARCH_RISCV64" ++ ArchLOONGARCH64 Arch = "SCMP_ARCH_LOONGARCH64" + ) + + // LinuxSeccompAction taken upon Seccomp rule match diff --git a/0004-fix-docker-swarm-run-failed-for-loongarch64.patch b/0004-fix-docker-swarm-run-failed-for-loongarch64.patch new file mode 100644 index 0000000..97f621c --- /dev/null +++ b/0004-fix-docker-swarm-run-failed-for-loongarch64.patch @@ -0,0 +1,30 @@ +From d982ada96908ceef19f30d88ffda5e7956c2809e Mon Sep 17 00:00:00 2001 +From: Super User <root@localhost.localdomain> +Date: Wed, 10 Jul 2024 17:27:20 +0800 +Subject: [PATCH] fix docker swarm run failed for loongarch64 + +--- + .../moby/swarmkit/v2/manager/scheduler/filter.go | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/vendor/github.com/moby/swarmkit/v2/manager/scheduler/filter.go b/vendor/github.com/moby/swarmkit/v2/manager/scheduler/filter.go +index 4e0bb9f..97847e1 100644 +--- a/vendor/github.com/moby/swarmkit/v2/manager/scheduler/filter.go ++++ b/vendor/github.com/moby/swarmkit/v2/manager/scheduler/filter.go +@@ -305,6 +305,14 @@ func (f *PlatformFilter) platformEqual(imgPlatform, nodePlatform api.Platform) b + nodePlatform.Architecture = "arm64" + } + ++ // normalize "loongarch64" architectures to "loong64" ++ if imgPlatform.Architecture == "loongarch64" { ++ imgPlatform.Architecture = "loong64" ++ } ++ if nodePlatform.Architecture == "loongarch64" { ++ nodePlatform.Architecture = "loong64" ++ } ++ + if (imgPlatform.Architecture == "" || imgPlatform.Architecture == nodePlatform.Architecture) && (imgPlatform.OS == "" || imgPlatform.OS == nodePlatform.OS) { + return true + } +-- +2.43.0 diff --git a/docker.service b/docker.service new file mode 100644 index 0000000..f3da344 --- /dev/null +++ b/docker.service @@ -0,0 +1,48 @@ +[Unit] +Description=Docker Application Container Engine +Documentation=https://docs.docker.com +After=network-online.target docker.socket firewalld.service +Wants=network-online.target +Requires=docker.socket + +[Service] +Type=notify +EnvironmentFile=-/etc/sysconfig/docker +# the default is not to use systemd for cgroups because the delegate issues still +# exists and systemd currently does not support the cgroup feature set required +# for containers run by docker +ExecStart=/usr/bin/dockerd -H fd:// $OPTIONS +ExecReload=/bin/kill -s HUP $MAINPID +TimeoutSec=0 +RestartSec=2 +Restart=always + +# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229. +# Both the old, and new location are accepted by systemd 229 and up, so using the old location +# to make them work for either version of systemd. +StartLimitBurst=3 + +# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230. +# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make +# this option work for either version of systemd. +StartLimitInterval=5s + +# Having non-zero Limit*s causes performance problems due to accounting overhead +# in the kernel. We recommend using cgroups to do container-local accounting. +LimitNOFILE=infinity +LimitNPROC=infinity +LimitCORE=infinity + +# Comment TasksMax if your systemd version does not support it. +# Only systemd 226 and above support this option. +TasksMax=infinity + +# set delegate yes so that systemd does not reset the cgroups of docker containers +Delegate=yes + +# kill only the docker process, not all processes in the cgroup +KillMode=process +OOMScoreAdjust=-500 + +[Install] +WantedBy=multi-user.target diff --git a/docker.socket b/docker.socket new file mode 100644 index 0000000..9db5049 --- /dev/null +++ b/docker.socket @@ -0,0 +1,11 @@ +[Unit] +Description=Docker Socket for the API + +[Socket] +ListenStream=/var/run/docker.sock +SocketMode=0660 +SocketUser=root +SocketGroup=docker + +[Install] +WantedBy=sockets.target diff --git a/docker.spec b/docker.spec deleted file mode 100644 index ad6dafc..0000000 --- a/docker.spec +++ /dev/null @@ -1,421 +0,0 @@ -Name: docker -Version: 27.2.1 -Release: 1 -Epoch: 2 -Summary: The open-source application container engine - -License: Apache-2.0 -Source0: https://github.com/docker/cli/archive/refs/tags/v%{version}.tar.gz - -URL: https://www.docker.com - -# required packages for build -# most are already in the container (see contrib/builder/rpm/ARCH/generate.sh) -BuildRequires: pkgconfig(systemd) golang >= 1.8.3 btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel -BuildRequires: libselinux-devel libtool-ltdl-devel pkgconfig selinux-policy selinux-policy-devel sqlite-devel systemd-devel -BuildRequires: tar containerd runc docker-proxy git - -# required packages on install -Requires: /bin/sh iptables tar xz device-mapper-libs >= 1.02.90-1 systemd-units - -# conflicting packages -Provides: docker -Conflicts: docker-io -Conflicts: docker-engine-cs - -%description -Docker is an open source project to build, ship and run any application as a -lightweight container. - -Docker containers are both hardware-agnostic and platform-agnostic. This means -they can run anywhere, from your laptop to the largest EC2 compute instance and -everything in between - and they don't require you to use a particular -language, framework or packaging system. That makes them great building blocks -for deploying and scaling web apps, databases, and backend services without -depending on a particular stack or provider. - -%prep -%autosetup -p1 -n cli-%{version} - -%build -export GOPATH="$srcdir" -export PATH="$GOPATH/bin:$PATH" -export CGO_CPPFLAGS="${CPPFLAGS}" -export CGO_CFLAGS="${CFLAGS}" -export CGO_CXXFLAGS="${CXXFLAGS}" -export CGO_LDFLAGS="${LDFLAGS}" -export LDFLAGS='' -export GOFLAGS='-buildmode=pie -trimpath -mod=readonly -modcacherw -ldflags=-linkmode=external -ldflags=-compressdwarf=false -ldflags=-B=gobuildid' -export GO111MODULE=off -export DISABLE_WARN_OUTSIDE_CONTAINER=1 - -make VERSION=%{version} dynbinary -make manpages - -%install - -# list files owned by the package here -%files - -%changelog -* Thu Sep 12 2024 Funda Wang <fundawang@yeah.net> - 2:27.2.1-1 -- update to 27.2.1 - -* Sat Aug 31 2024 zhongjiawei<zhongjiawei1@huawei.com> - 2:18.09.0-341 -- Type:bugfix -- CVE:NA -- SUG:NA -- DESC:try to reconnect when containerd grpc return unexpected EOF - -* Fri Aug 02 2024 zhongjiawei<zhongjiawei1@huawei.com> - 2:18.09.0-340 -- Type:bugfix -- CVE:NA -- SUG:NA -- DESC:add clone3 seccomp whitelist for arm64 - -* Fri Jul 26 2024 zhongjiawei<zhongjiawei1@huawei.com> - 18.09.0-339 -- Type:CVE -- CVE:CVE-2024-41110 -- SUG:NA -- DESC:fix CVE-2024-41110 - -* Mon Jul 15 2024 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-338 -- Type:bugfix -- CVE:NA -- SUG:NA -- DESC:Ignore SIGURG on Linux - -* Fri Jun 07 2024 suoxiaocong <suoxiaocong@kylinos.cn> - 18.09.0-337 -- Type:BUG -- CVE:NA -- SUG:NA -- DESC:remove ifarch condition check when addding source, this causes src.rpm missing files - -* Wed May 08 2024 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-336 -- Type:CVE -- CVE:CVE-2024-32473 -- SUG:NA -- DESC:fix CVE-2024-32473 - -* Fri Apr 12 2024 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-335 -- Type:CVE -- CVE:CVE-2024-29018 -- SUG:NA -- DESC:fix CVE-2024-29018 - -* Tue Mar 19 2024 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-334 -- Type:CVE -- CVE:CVE-2024-24557 -- SUG:NA -- DESC:fix CVE-2024-24557 - -* Fri Dec 22 2023 Lu Jingxiao<lujingxiao@huawei.com> - 2:18.09.0-333 -- Type:bugfix -- CVE:NA -- SUG:NA -- DESC:sync patches from upstream - -* Fri Nov 17 2023 zhongjiawei<zhongjiawei1@huawei.com> - 2:18.09.0-332 -- Type:bugfix -- CVE:NA -- SUG:NA -- DESC:modify runc rpm package name to runc - -* Thu Oct 12 2023 zhongjiawei<zhongjiawei1@huawei.com> - 18.09.0-331 -- Type:bugfix -- CVE:NA -- SUG:NA -- DESC:add delay after freeze - -* Mon Oct 09 2023 Lu Jingxiao<lujingxiao@huawei.com> - 18.09.0-330 -- Type:bugfix -- CVE:NA -- SUG:NA -- DESC:fix COPY --from should preserve ownership - -* Sat Aug 26 2023 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-329 -- Type:bugfix -- CVE:NA -- SUG:NA -- DESC:remove useless mount point dir - -* Fri Jul 28 2023 jingxiaolu<lujingxiao@huawei.com> - 18.09.0-328 -- Type:bugfix -- CVE:NA -- SUG:NA -- DESC:define a dummy hostname to use for local connections - -* Wed Jul 12 2023 zhongjiawei<zhongjiawei1@huawei.com> - 18.09.0-327 -- Type:bugfix -- CVE:NA -- SUG:NA -- DESC:remove invalid libcgroup dependencies - -* Thu Jun 29 2023 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-326 -- Type:bugfix -- CVE:NA -- SUG:NA -- DESC:repalce unix.Rmdir with os.RemoveAll when remove mount point dir - -* Tue Jun 27 2023 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-325 -- Type:bugfix -- CVE:NA -- SUG:NA -- DESC:fix blockThreshold full bug - -* Thu Jun 08 2023 zhongjiawei<zhongjiawei1@huawei.com> - 18.09.0-324 -- Type:bugfix -- CVE:NA -- SUG:NA -- DESC:thinpool full because docker daemon restart when docker pull - -* Thu Apr 06 2023 zhongjiawei<zhongjiawei1@huawei.com> - 18.09.0-323 -- Type:CVE -- CVE:CVE-2023-28840,CVE-2023-28841,CVE-2023-28842 -- SUG:NA -- DESC:fix CVE-2023-28840,CVE-2023-28841,CVE-2023-28842 - -* Wed Mar 29 2023 zhongjiawei<zhongjiawei1@huawei.com> - 18.09.0-322 -- Type:bugfix -- CVE:NA -- SUG:NA -- DESC:sync some patches - -* Thu Mar 16 2023 zhaozhen <zhaozhen@loongson.cn> - 2:18.09.0-321 -- Type:feature -- CVE:NA -- SUG:NA -- DESC:add loongarch64 support for docker - -* Wed Mar 15 2023 zhongjiawei<zhongjiawei1@huawei.com> - 18.09.0-320 -- Type:bugfix -- CVE:NA -- SUG:NA -- DESC:try http for docker manifest insecure - -* Tue Mar 14 2023 JackChan8<chenjiankun1@huawei.com> - 18.09.0-319 -- Type:bugfix -- CVE:NA -- SUG:NA -- DESC:fix container missing after restarting dockerd twice - -* Fri Mar 10 2023 Song Zhang<zhangsong34@huawei.com> - 18.09.0-318 -- Type:bugfix -- CVE:NA -- SUG:NA -- DESC:docker stats: fix 'panic: close of closed channel' - -* Fri Feb 17 2023 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-317 -- Type:bugfix -- CVE:NA -- SUG:NA -- DESC:set freezer.state to Thawed to increase freeze chances - -* Thu Dec 01 2022 zhongjiawei<zhongjiawei1@huawei.com> - 18.09.0-316 -- Type:bugfix -- CVE:NA -- SUG:NA -- DESC:do not stop health check before sending signal - -* Thu Nov 24 2022 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-315 -- Type:bugfix -- CVE:NA -- SUG:NA -- DESC:using VERSION-vendor to record version - -* Tue Nov 22 2022 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-314 -- Type:bugfix -- CVE:NA -- SUG:NA -- DESC:fix dockerd core when release network - -* Tue Nov 22 2022 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-313 -- Type:bugfix -- CVE:NA -- SUG:NA -- DESC:cleanup netns file when stop docker daemon - -* Mon Oct 17 2022 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-312 -- Type:bugfix -- CVE:NA -- SUG:NA -- DESC:change runc original install location (/usr/local/bin --> /usr/bin) to fix compile problem - -* Wed Sep 21 2022 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-311 -- Type:bugfix -- CVE:NA -- SUG:NA -- DESC:add epoch for easy upgrade - -* Thu Sep 15 2022 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-310 -- Type:bugfix -- CVE:NA -- SUG:NA -- DESC:ensure layer digest folder removed if ls.driver.Remove fails - -* Thu Sep 15 2022 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-309 -- Type:CVE -- CVE:CVE-2022-36109 -- SUG:NA -- DESC:fix CVE-2022-36109 - -* Tue Sep 13 2022 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-308 -- Type:bugfix -- CVE:NA -- SUG:NA -- DESC:Add an ExitPid field for State struct to record exit process id - -* Tue Sep 13 2022 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-307 -- Type:bugfix -- CVE:NA -- SUG:NA -- DESC:fix terminal abnormal after docker run - -* Wed Jun 29 2022 zjw<zhongjiawei1@huawei.com> - 18.09.0-306 -- Type:CVE -- CVE:CVE-2021-41092 -- SUG:NA -- DESC:fix CVE-2021-41092 - -* Wed Jun 29 2022 zjw<zhongjiawei1@huawei.com> - 18.09.0-305 -- Type:CVE -- CVE:CVE-2021-41091 -- SUG:NA -- DESC:fix CVE-2021-41091 - -* Wed Jun 29 2022 zjw<zhongjiawei1@huawei.com> - 18.09.0-304 -- Type:CVE -- CVE:CVE-2021-41089 -- SUG:NA -- DESC:fix CVE-2021-41089 - -* Wed Jun 29 2022 zjw<zhongjiawei1@huawei.com> - 18.09.0-303 -- Type:bugfix -- CVE:NA -- SUG:NA -- DESC:close channel in write side to avoid panic in docker stats - -* Tue Jun 28 2022 zjw<zhongjiawei1@huawei.com> - 18.09.0-302 -- Type:bugfix -- CVE:NA -- SUG:NA -- DESC:fix status inconsistent after restart container - -* Thu Jun 16 2022 duyiwei <duyiwei@kylinos.cn> - 18.09.0-301 -- Type:bugfix -- CVE:CVE-2022-24769 -- SUG:NA -- DESC:fix CVE-2022-24769 - -* Tue Mar 22 2022 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-300 -- Type:bugfix -- CVE:NA -- SUG:NA -- DESC:sync from internal - -* Wed Mar 02 2022 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-120 -- Type:bugfix -- CVE:NA -- SUG:NA -- DESC:Use original process spec for execs - -* Tue Dec 28 2021 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-119 -- Type:bugfix -- CVE:NA -- SUG:NA -- DESC:disable go module build - -* Sun Sep 26 2021 xiadanni<xiadanni1@huawei.com> - 18.09.0-118 -- Type:bugfix -- CVE:NA -- SUG:NA -- DESC:update seccomp whitelist to Linux 5.10 syscall list - -* Wed Sep 08 2021 xiadanni<xiadanni1@huawei.com> - 18.09.0-117 -- Type:bugfix -- CVE:NA -- SUG:NA -- DESC:add clone3 to seccomp whitelist to fix curl failed in X86 - -* Fri Sep 03 2021 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-116 -- Type:bugfix -- CVE:NA -- SUG:NA -- DESC:enable debuginfo - -* Thu Apr 01 2021 wangfengtu<wangfengtu@huawei.com> - 18.09.0-115 -- Type:bugfix -- CVE:NA -- SUG:NA -- DESC:rollback if docker restart when doing BlkDiscard - -* Thu Mar 18 2021 xiadanni<xiadanni1@huawei.com> - 18.09.0-114 -- Type:bugfix -- CVE:CVE-2021-21284,CVE-2021-21285 -- SUG:NA -- DESC:sync bugfix, include: - 1.fix execCommands leak in health-check - 2.check containerd pid before kill it - 3.fix CVE-2021-21284 - 4.fix CVE-2021-21285 - -* Tue Feb 09 2021 lixiang<lixiang172@huawei.com> - 18.09.0-113 -- Type:enhancement -- CVE:NA -- SUG:restart -- DESC:remove go-md2man build require - -* Mon Jan 18 2021 yangyanchao<yangyanchao6@huawei.com> - 18.09.0-111 -- Type:requirement -- ID:NA -- CVE:NA -- SUG:restart -- docker:components:add config files for riscv - -* Mon Jan 4 2021 jingrui<jingrui@huawei.com> - 18.09.0-107 -- Type:bugfix -- ID:NA -- SUG:NA -- DESC:sync bugfix include - 1. fix image cleanup failed. - 2. cleanup load tmp files. - 3. kill residual container process. - 4. resume suspend dm device. - 5. dont kill containerd during dockerd starting. - 6. handle exit event for restore failed container. - 7. wait io with timeout when start failed. - 8. support hostname mirror registry. - 9. mask unused proc files. - -* Tue Dec 8 2020 xiadanni<xiadanni1@huawei.com> - 18.09.0-104 -- Type:bugfix -- ID:NA -- SUG:NA -- DESC:runc don't deny all devices when update cgroup resource - -* Thu Dec 3 2020 xiadanni<xiadanni1@huawei.com> - 18.09.0-103 -- Type:bugfix -- ID:NA -- SUG:restart -- DESC:containerd fix CVE-2020-15257 - -* Fri Nov 27 2020 liuzekun<liuzekun@huawei.com> - 18.09.0-102 -- Type:bugfix -- ID:NA -- CVE:NA -- SUG:restart -- DESC: -1.delete stale containerd object on start failure -2.remove redundant word item -3.delete event is not need to process -4.stat process exit file when kill process dire -5.sync cli vendor -6.fix CVE-2020-13401 -7.do not add w to LDFLAGS -8.add files in proc for mask -9.fix docker load files leak -10.do not sync if BYPAAS_SYNC is false -11.fix panic on single character volumes -12.fix stats memory usage display error -13.add more messages for ops when device not found -14.mask proc pin_memory diff --git a/docker.sysconfig b/docker.sysconfig new file mode 100644 index 0000000..426ec3c --- /dev/null +++ b/docker.sysconfig @@ -0,0 +1,7 @@ +# /etc/sysconfig/docker + +# Modify these options if you want to change the way the docker daemon runs +OPTIONS="--log-driver=journald \ + --live-restore \ + --default-ulimit nofile=1024:1024 \ +" diff --git a/moby.spec b/moby.spec new file mode 100644 index 0000000..5ecbe8d --- /dev/null +++ b/moby.spec @@ -0,0 +1,283 @@ +%global _gitcommit_engine f417435 +%global _gitcommit_cli 4debf41 +%global _source_engine moby-%{version} +%global _source_client cli-%{version} +%global _source_docker_init tini-0.19.0 +%define _debugsource_template %{nil} + +Name: docker +Version: 27.2.1 +Release: 1 +Summary: The open-source application container engine +License: ASL 2.0 +URL: https://www.docker.com +# https://github.com/docker/cli/archive/refs/tags/v25.0.3.tar.gz +Source0: cli-%{version}.tar.gz +# https://github.com/moby/moby/archive/refs/tags/v25.0.3.tar.gz +Source1: moby-%{version}.tar.gz +# https://github.com/krallin/tini/archive/refs/tags/v0.19.0.tar.gz +Source2: tini-0.19.0.tar.gz +Source3: docker.service +Source4: docker.socket +Source5: docker.sysconfig +Patch0002: 0003-add-loongarch64-seccomp-support.patch +Patch0003: 0004-fix-docker-swarm-run-failed-for-loongarch64.patch + +Requires: %{name}-engine = %{version}-%{release} +Requires: %{name}-client = %{version}-%{release} + +# conflicting packages +Conflicts: docker-ce +Conflicts: docker-io +Conflicts: docker-engine-cs +Conflicts: docker-ee + +%description +Docker is a product for you to build, ship and run any application as a +lightweight container. + +%package engine +Summary: Docker daemon binary and related utilities + +Requires: /usr/sbin/groupadd +Requires: runc +Requires: container-selinux >= 2:2.74 +Requires: libseccomp >= 2.3 +Requires: systemd +Requires: iptables +Requires: libcgroup +Requires: containerd +Requires: tar +Requires: xz + +BuildRequires: bash +BuildRequires: ca-certificates +BuildRequires: cmake +BuildRequires: device-mapper-devel +BuildRequires: gcc +BuildRequires: git +BuildRequires: glibc-static +BuildRequires: libarchive +BuildRequires: libseccomp-devel +BuildRequires: libselinux-devel +BuildRequires: libtool +BuildRequires: libtool-ltdl-devel +BuildRequires: make +BuildRequires: pkgconfig +BuildRequires: pkgconfig(systemd) +BuildRequires: selinux-policy-devel +BuildRequires: systemd-devel +BuildRequires: tar +BuildRequires: which +BuildRequires: golang >= 1.18.0 + +%description engine +Docker daemon binary and related utilities + +%package client +Summary: Docker client binary and related utilities + +Requires: /bin/sh +BuildRequires: libtool-ltdl-devel + +%description client +Docker client binary and related utilities + +%prep +%setup -q -n %{_source_client} +%setup -q -T -n %{_source_engine} -b 1 +%patch -P0002 -p1 +%patch -P0003 -p1 +%setup -q -T -n %{_source_docker_init} -b 2 + +%build +export GO111MODULE=off +# build docker daemon +export DOCKER_GITCOMMIT=%{_gitcommit_engine} +export DOCKER_BUILDTAGS="exclude_graphdriver_btrfs" + +pushd %{_builddir}/%{_source_engine} +AUTO_GOPATH=1 VERSION=%{version} PRODUCT=docker hack/make.sh dynbinary +popd + +# build docker-tini +pushd %{_builddir}/%{_source_docker_init} +cmake . +make tini-static +popd + +# build cli +pushd %{_builddir}/%{_source_client} +mkdir -p .gopath/src/github.com/docker/cli +export GOPATH=`pwd`/.gopath +rm -rf .gopath/src/github.com/docker/cli +ln -s %{_builddir}/%{_source_client} .gopath/src/github.com/docker/cli +pushd .gopath/src/github.com/docker/cli +DISABLE_WARN_OUTSIDE_CONTAINER=1 make VERSION=%{version} GITCOMMIT=%{_gitcommit_cli} dynbinary +popd +popd + +%check +# check for daemon +ver="$(%{_builddir}/%{_source_engine}/bundles/dynbinary-daemon/dockerd --version)"; \ + test "$ver" = "Docker version %{version}, build %{_gitcommit_engine}" && echo "PASS: daemon version OK" || (echo "FAIL: daemon version ($ver) did not match" && exit 1) +# check for client +ver="$(%{_builddir}/%{_source_client}/build/docker --version)"; \ + test "$ver" = "Docker version %{version}, build %{_gitcommit_cli}" && echo "PASS: cli version OK" || (echo "FAIL: cli version ($ver) did not match" && exit 1) + + +%install +# install daemon binary +install -D -p -m 0755 $(readlink -f %{_builddir}/%{_source_engine}/bundles/dynbinary-daemon/dockerd) %{buildroot}%{_bindir}/dockerd + +# install proxy +install -D -p -m 0755 %{_builddir}/%{_source_engine}/bundles/dynbinary-daemon/docker-proxy %{buildroot}%{_bindir}/docker-proxy + +# install tini +install -D -p -m 755 %{_builddir}/%{_source_docker_init}/tini-static %{buildroot}%{_bindir}/docker-init + +# install systemd scripts +install -D -m 0644 %{SOURCE3} %{buildroot}%{_unitdir}/docker.service +install -D -m 0644 %{SOURCE4} %{buildroot}%{_unitdir}/docker.socket + +# for additional args +install -Dpm 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/sysconfig/docker + +# install docker client +install -p -m 0755 $(readlink -f %{_builddir}/%{_source_client}/build/docker) %{buildroot}%{_bindir}/docker + +# add bash, zsh, and fish completions +install -d %{buildroot}%{_datadir}/bash-completion/completions +install -d %{buildroot}%{_datadir}/zsh/vendor-completions +install -d %{buildroot}%{_datadir}/fish/vendor_completions.d +install -p -m 644 %{_builddir}/%{_source_client}/contrib/completion/bash/docker %{buildroot}%{_datadir}/bash-completion/completions/docker +install -p -m 644 %{_builddir}/%{_source_client}/contrib/completion/zsh/_docker %{buildroot}%{_datadir}/zsh/vendor-completions/_docker +install -p -m 644 %{_builddir}/%{_source_client}/contrib/completion/fish/docker.fish %{buildroot}%{_datadir}/fish/vendor_completions.d/docker.fish + +# add docs +install -d %{buildroot}%{_pkgdocdir} +install -p -m 644 %{_builddir}/%{_source_client}/{LICENSE,MAINTAINERS,NOTICE,README.md} %{buildroot}%{_pkgdocdir} + +%files +# empty as it depends on engine and client + +%files engine +%config(noreplace) %{_sysconfdir}/sysconfig/docker +%{_bindir}/dockerd +%{_bindir}/docker-proxy +%{_bindir}/docker-init +%{_unitdir}/docker.service +%{_unitdir}/docker.socket + +%files client +%{_bindir}/docker +%{_datadir}/bash-completion/completions/docker +%{_datadir}/zsh/vendor-completions/_docker +%{_datadir}/fish/vendor_completions.d/docker.fish +%doc %{_pkgdocdir} + +%post +%systemd_post docker.service +if ! getent group docker > /dev/null; then + groupadd --system docker +fi + +%preun +%systemd_preun docker.service docker.socket + +%postun +%systemd_postun_with_restart docker.service + +%changelog +* Thu Sep 12 2024 Funda Wang <fundawang@yeah.net> - 27.2.1-1 +- update to version 27.2.1 + +* Fri Jul 26 2024 zhangxianting <zhangxianting@uniontechc.om> - 25.0.3-10 +- Type:CVE +- ID:NA +- SUG:NA +- DESC:fix CVE-2024-41110 + +* Fri Jul 12 2024 lvxiangcong <lvxiangcong@kylinos.cn> - 25.0.3-9 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix docker swarm run failed for loongarch64 + +* Tue Jul 02 2024 zhangbowei<zhangbowei@kylinos.cn> - 25.0.3-8 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix bug by using docker-proxy in the source file to get better compatibility + +* Fri Jun 28 2024 shechenglong<shechenglong@xfusion.com> - 25.0.3-7 +- DESC:software package name moby is changed to docker + +* Fri Jun 14 2024 zhaixiaojuan<zhaixiaojuan@loongson.cn> - 25.0.3-6 +- DESC:add loongarch64 seccomp support + +* Tue May 14 2024 wanglimin<wanglimin@xfusion.com> - 25.0.3-5 +- DESC:clean dependency between engine and cli + +* Sat May 11 2024 lvxiangcong<lvxiangcong@kylinos.cn> - 25.0.3-4 +- DESC:fix install error failed to docker.service does not exit + +* Mon Apr 22 2024 lvxiangcong<lvxiangcong@kylinos.cn> - 25.0.3-3 +- DESC:fix cve-2024-32473 + +* Wed Apr 17 2024 lvxiangcong<lvxiangcong@kylinos.cn> - 25.0.3-2 +- DESC:fix cve-2024-29018 + +* Tue Feb 06 2024 shechenglong<shechenglong@xfusion.com> - 25.0.3-1 +- DESC:update to 25.0.3 + +* Thu Dec 28 2023 maokecheng<maokecheng@xfusion.com> - 20.10.24-7 +- Adapt docker-runc to be changed to runc + +* Tue Sep 26 2023 xulei<xulei@xfusion.com> - 20.10.24-6 +- Fix the missing socketGroup permissions for only installing moby-engine + +* Mon Sep 18 2023 xulei<xulei@xfusion.com> - 20.10.24-5 +- Optimize the apply patch method + +* Thu Sep 14 2023 xulei<xulei@xfusion.com> - 20.10.24-4 +- DESC: Fix missing runc dependencies + The declaration conflicts with the installation of docker-engine + +* Mon Sep 4 2023 xulei<xulei@xfusion.com> - 20.10.24-3 +- Fix the conflict libnetwork installation + +* Sun Jul 16 2023 xulei<xulei@xfusion.com> - 20.10.24-2 +- DESC: fix non-blocking awslogs log drop bug + fix panic if mount is not a volume + +* Mon Apr 10 2023 xulei<xulei@xfusion.com> - 20.10.24-1 +- DESC: update to 20.10.24 + +* Tue Apr 4 2023 zhangzhihui<zhangzhihui@xfusion.com> - 20.10.23-3 +- DESC: sync upstream patch + Dockerfile: configure code dir as "safe" directory + +* Fri Mar 31 2023 zhangzhihui<zhangzhihui@xfusion.com> - 20.10.23-2 +- DESC: sync upstream patch to update containerd to v1.6.16 + +* Wed Mar 29 2023 xulei<xulei@xfusion.com> - 20.10.23-1 +- DESC:update to 20.10.23 + +* Wed Mar 8 2023 xulei<xulei@xfusion.com> - 20.10.21-4 +- DESC: enhance container behavior + 1.stop docker.socket before uninstall docker. + 2.container keep running when restart docker service. + 3.when containerd exits abnormally, it can be automatically pulled up. + 4.add some dockerd options. + 5.change to BuildRequires golang-1.18.0 + +* Wed Dec 28 2022 xulei<xulei@xfusion.com> - 20.10.21-3 +- DESC: change to BuildRequires golang-1.17.3 + +* Wed Dec 21 2022 wanglimin<wanglimin@xfusion.com> - 20.10.21-2 +- DESC: revert any to interface{} temporarily to allow builtable with golang-1.17.x +- it will be withdrawed if golang upgrade to 1.18.x in the branch + +* Thu Dec 14 2022 wanglimin<wanglimin@xfusion.com> - 20.10.21-1 +- DESC: initial docker-20.10.21-1 @@ -1 +1,3 @@ -43e4a95623054436bd6e690d9ceaf26c v27.2.1.tar.gz +43e4a95623054436bd6e690d9ceaf26c cli-27.2.1.tar.gz +bbb7eae4f0c407f2f11df26d90d02bd0 moby-27.2.1.tar.gz +72935bca9232313409a052833068fb1d tini-0.19.0.tar.gz |