automatic import of docker

8 files changed, 476 insertions, 0 deletions

diff --git a/.gitignore b/.gitignore
index e69de29..041479c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,3 @@
+/cli-27.2.1.tar.gz
+/moby-27.2.1.tar.gz
+/tini-0.19.0.tar.gz
diff --git a/0003-add-loongarch64-seccomp-support.patch b/0003-add-loongarch64-seccomp-support.patch
new file mode 100644
index 0000000..e2b320f
--- /dev/null
+++ b/0003-add-loongarch64-seccomp-support.patch
@@ -0,0 +1,91 @@
+diff --git a/oci/fixtures/default.json b/oci/fixtures/default.json
+index 8d4d211..b63bfc9 100644
+--- a/oci/fixtures/default.json
++++ b/oci/fixtures/default.json
+@@ -47,6 +47,10 @@
+ 			"subArchitectures": [
+ 				"SCMP_ARCH_S390"
+ 			]
++		},
++		{
++			"architecture": "SCMP_ARCH_LOONGARCH64",
++			"subArchitectures": null
+ 		}
+ 	],
+ 	"syscalls": [
+@@ -810,4 +814,4 @@
+ 			"excludes": {}
+ 		}
+ 	]
+-}
+\ No newline at end of file
++}
+diff --git a/profiles/seccomp/default.json b/profiles/seccomp/default.json
+index c4d9110..3501693 100644
+--- a/profiles/seccomp/default.json
++++ b/profiles/seccomp/default.json
+@@ -52,6 +52,10 @@
+ 		{
+ 			"architecture": "SCMP_ARCH_RISCV64",
+ 			"subArchitectures": null
++		},
++		{
++			"architecture": "SCMP_ARCH_LOONGARCH64",
++			"subArchitectures": null
+ 		}
+ 	],
+ 	"syscalls": [
+@@ -830,4 +834,4 @@
+ 			}
+ 		}
+ 	]
+-}
+\ No newline at end of file
++}
+diff --git a/profiles/seccomp/default_linux.go b/profiles/seccomp/default_linux.go
+index 09fb337..3834bab 100644
+--- a/profiles/seccomp/default_linux.go
++++ b/profiles/seccomp/default_linux.go
+@@ -38,6 +38,10 @@ func arches() []Architecture {
+ 		{
+ 			Arch:      specs.ArchRISCV64,
+ 			SubArches: nil,
++		},
++				{
++			Arch:      specs.ArchLOONGARCH64,
++			SubArches: nil,
+ 		},
+ 	}
+ }
+diff --git a/profiles/seccomp/seccomp_linux.go b/profiles/seccomp/seccomp_linux.go
+index 4d8fed6..9eb0741 100644
+--- a/profiles/seccomp/seccomp_linux.go
++++ b/profiles/seccomp/seccomp_linux.go
+@@ -41,6 +41,7 @@ var nativeToSeccomp = map[string]specs.Arch{
+ 	"ppc64le":     specs.ArchPPC64LE,
+ 	"s390":        specs.ArchS390,
+ 	"s390x":       specs.ArchS390X,
++	"loong64":     specs.ArchLOONGARCH64,
+ }
+ 
+ // GOARCH => libseccomp string
+@@ -59,6 +60,7 @@ var goToNative = map[string]string{
+ 	"ppc64le":     "ppc64le",
+ 	"s390":        "s390",
+ 	"s390x":       "s390x",
++	"loong64":     "loong64",
+ }
+ 
+ // inSlice tests whether a string is contained in a slice of strings or not.
+diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
+index 4e7717d..96e04af 100644
+--- a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
++++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
+@@ -741,6 +741,7 @@ const (
+ 	ArchPARISC      Arch = "SCMP_ARCH_PARISC"
+ 	ArchPARISC64    Arch = "SCMP_ARCH_PARISC64"
+ 	ArchRISCV64     Arch = "SCMP_ARCH_RISCV64"
++	ArchLOONGARCH64 Arch = "SCMP_ARCH_LOONGARCH64"
+ )
+ 
+ // LinuxSeccompAction taken upon Seccomp rule match
diff --git a/0004-fix-docker-swarm-run-failed-for-loongarch64.patch b/0004-fix-docker-swarm-run-failed-for-loongarch64.patch
new file mode 100644
index 0000000..97f621c
--- /dev/null
+++ b/0004-fix-docker-swarm-run-failed-for-loongarch64.patch
@@ -0,0 +1,30 @@
+From d982ada96908ceef19f30d88ffda5e7956c2809e Mon Sep 17 00:00:00 2001
+From: Super User <root@localhost.localdomain>
+Date: Wed, 10 Jul 2024 17:27:20 +0800
+Subject: [PATCH] fix docker swarm run failed for loongarch64
+
+---
+ .../moby/swarmkit/v2/manager/scheduler/filter.go          | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/vendor/github.com/moby/swarmkit/v2/manager/scheduler/filter.go b/vendor/github.com/moby/swarmkit/v2/manager/scheduler/filter.go
+index 4e0bb9f..97847e1 100644
+--- a/vendor/github.com/moby/swarmkit/v2/manager/scheduler/filter.go
++++ b/vendor/github.com/moby/swarmkit/v2/manager/scheduler/filter.go
+@@ -305,6 +305,14 @@ func (f *PlatformFilter) platformEqual(imgPlatform, nodePlatform api.Platform) b
+ 		nodePlatform.Architecture = "arm64"
+ 	}
+ 
++	// normalize "loongarch64" architectures to "loong64"
++        if imgPlatform.Architecture == "loongarch64" {
++                imgPlatform.Architecture = "loong64"
++        }
++        if nodePlatform.Architecture == "loongarch64" {
++                nodePlatform.Architecture = "loong64"
++        }
++
+ 	if (imgPlatform.Architecture == "" || imgPlatform.Architecture == nodePlatform.Architecture) && (imgPlatform.OS == "" || imgPlatform.OS == nodePlatform.OS) {
+ 		return true
+ 	}
+-- 
+2.43.0
diff --git a/docker.service b/docker.service
new file mode 100644
index 0000000..f3da344
--- /dev/null
+++ b/docker.service
@@ -0,0 +1,48 @@
+[Unit]
+Description=Docker Application Container Engine
+Documentation=https://docs.docker.com
+After=network-online.target docker.socket firewalld.service
+Wants=network-online.target
+Requires=docker.socket
+
+[Service]
+Type=notify
+EnvironmentFile=-/etc/sysconfig/docker
+# the default is not to use systemd for cgroups because the delegate issues still
+# exists and systemd currently does not support the cgroup feature set required
+# for containers run by docker
+ExecStart=/usr/bin/dockerd -H fd:// $OPTIONS
+ExecReload=/bin/kill -s HUP $MAINPID
+TimeoutSec=0
+RestartSec=2
+Restart=always
+
+# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
+# Both the old, and new location are accepted by systemd 229 and up, so using the old location
+# to make them work for either version of systemd.
+StartLimitBurst=3
+
+# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
+# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
+# this option work for either version of systemd.
+StartLimitInterval=5s
+
+# Having non-zero Limit*s causes performance problems due to accounting overhead
+# in the kernel. We recommend using cgroups to do container-local accounting.
+LimitNOFILE=infinity
+LimitNPROC=infinity
+LimitCORE=infinity
+
+# Comment TasksMax if your systemd version does not support it.
+# Only systemd 226 and above support this option.
+TasksMax=infinity
+
+# set delegate yes so that systemd does not reset the cgroups of docker containers
+Delegate=yes
+
+# kill only the docker process, not all processes in the cgroup
+KillMode=process
+OOMScoreAdjust=-500
+
+[Install]
+WantedBy=multi-user.target
diff --git a/docker.socket b/docker.socket
new file mode 100644
index 0000000..9db5049
--- /dev/null
+++ b/docker.socket
@@ -0,0 +1,11 @@
+[Unit]
+Description=Docker Socket for the API
+
+[Socket]
+ListenStream=/var/run/docker.sock
+SocketMode=0660
+SocketUser=root
+SocketGroup=docker
+
+[Install]
+WantedBy=sockets.target
diff --git a/docker.sysconfig b/docker.sysconfig
new file mode 100644
index 0000000..426ec3c
--- /dev/null
+++ b/docker.sysconfig
@@ -0,0 +1,7 @@
+# /etc/sysconfig/docker
+ 
+# Modify these options if you want to change the way the docker daemon runs
+OPTIONS="--log-driver=journald \
+  --live-restore \
+  --default-ulimit nofile=1024:1024 \
+"
diff --git a/moby.spec b/moby.spec
new file mode 100644
index 0000000..08d0333
--- /dev/null
+++ b/moby.spec
@@ -0,0 +1,283 @@
+%global _gitcommit_engine f417435 
+%global _gitcommit_cli 4debf41
+%global _source_engine moby-%{version}
+%global _source_client cli-%{version}
+%global _source_docker_init tini-0.19.0
+%define _debugsource_template %{nil}
+
+Name: 	  docker
+Version:  27.2.1
+Release:  1
+Summary:  The open-source application container engine
+License:  ASL 2.0
+URL:	  https://www.docker.com
+# https://github.com/docker/cli/archive/refs/tags/v25.0.3.tar.gz
+Source0:  cli-%{version}.tar.gz
+# https://github.com/moby/moby/archive/refs/tags/v25.0.3.tar.gz
+Source1:  moby-%{version}.tar.gz
+# https://github.com/krallin/tini/archive/refs/tags/v0.19.0.tar.gz
+Source2:  tini-0.19.0.tar.gz
+Source3:  docker.service
+Source4:  docker.socket
+Source5:  docker.sysconfig
+Patch0002:  0003-add-loongarch64-seccomp-support.patch
+Patch0003:  0004-fix-docker-swarm-run-failed-for-loongarch64.patch
+
+Requires: %{name}-engine = %{version}-%{release}
+Requires: %{name}-client = %{version}-%{release}
+
+# conflicting packages
+Conflicts: docker-ce
+Conflicts: docker-io
+Conflicts: docker-engine-cs
+Conflicts: docker-ee
+
+%description
+Docker is a product for you to build, ship and run any application as a
+lightweight container.
+
+%package engine
+Summary: Docker daemon binary and related utilities
+
+Requires: /usr/sbin/groupadd
+Requires: runc
+Requires: container-selinux >= 2:2.74
+Requires: libseccomp >= 2.3
+Requires: systemd
+Requires: iptables
+Requires: libcgroup
+Requires: containerd
+Requires: tar
+Requires: xz
+
+BuildRequires: bash
+BuildRequires: ca-certificates
+BuildRequires: cmake
+BuildRequires: device-mapper-devel
+BuildRequires: gcc
+BuildRequires: git
+BuildRequires: glibc-static
+BuildRequires: libarchive
+BuildRequires: libseccomp-devel
+BuildRequires: libselinux-devel
+BuildRequires: libtool
+BuildRequires: libtool-ltdl-devel
+BuildRequires: make
+BuildRequires: pkgconfig
+BuildRequires: pkgconfig(systemd)
+BuildRequires: selinux-policy-devel
+BuildRequires: systemd-devel
+BuildRequires: tar
+BuildRequires: which
+BuildRequires: golang  >= 1.21.0
+
+%description engine
+Docker daemon binary and related utilities
+
+%package client
+Summary: Docker client binary and related utilities
+
+Requires: /bin/sh
+BuildRequires: libtool-ltdl-devel
+
+%description client
+Docker client binary and related utilities
+
+%prep
+%setup -q -n %{_source_client}
+%setup -q -T -n %{_source_engine} -b 1
+%patch -P0002 -p1
+%patch -P0003 -p1
+%setup -q -T -n %{_source_docker_init} -b 2
+
+%build
+export GO111MODULE=off
+# build docker daemon
+export DOCKER_GITCOMMIT=%{_gitcommit_engine}
+export DOCKER_BUILDTAGS="exclude_graphdriver_btrfs"
+
+pushd %{_builddir}/%{_source_engine}
+AUTO_GOPATH=1 VERSION=%{version} PRODUCT=docker hack/make.sh dynbinary
+popd
+
+# build docker-tini
+pushd %{_builddir}/%{_source_docker_init}
+cmake .
+make tini-static
+popd
+
+# build cli
+pushd %{_builddir}/%{_source_client}
+mkdir -p .gopath/src/github.com/docker/cli
+export GOPATH=`pwd`/.gopath
+rm -rf .gopath/src/github.com/docker/cli
+ln -s %{_builddir}/%{_source_client} .gopath/src/github.com/docker/cli
+pushd .gopath/src/github.com/docker/cli
+DISABLE_WARN_OUTSIDE_CONTAINER=1 make VERSION=%{version} GITCOMMIT=%{_gitcommit_cli} dynbinary
+popd
+popd
+
+%check
+# check for daemon
+ver="$(%{_builddir}/%{_source_engine}/bundles/dynbinary-daemon/dockerd --version)"; \
+    test "$ver" = "Docker version %{version}, build %{_gitcommit_engine}" && echo "PASS: daemon version OK" || (echo "FAIL: daemon version ($ver) did not match" && exit 1)
+# check for client
+ver="$(%{_builddir}/%{_source_client}/build/docker --version)"; \
+    test "$ver" = "Docker version %{version}, build %{_gitcommit_cli}" && echo "PASS: cli version OK" || (echo "FAIL: cli version ($ver) did not match" && exit 1)
+
+
+%install
+# install daemon binary
+install -D -p -m 0755 $(readlink -f %{_builddir}/%{_source_engine}/bundles/dynbinary-daemon/dockerd) %{buildroot}%{_bindir}/dockerd
+
+# install proxy
+install -D -p -m 0755 %{_builddir}/%{_source_engine}/bundles/dynbinary-daemon/docker-proxy %{buildroot}%{_bindir}/docker-proxy
+
+# install tini
+install -D -p -m 755 %{_builddir}/%{_source_docker_init}/tini-static %{buildroot}%{_bindir}/docker-init
+
+# install systemd scripts
+install -D -m 0644 %{SOURCE3} %{buildroot}%{_unitdir}/docker.service
+install -D -m 0644 %{SOURCE4} %{buildroot}%{_unitdir}/docker.socket
+
+# for additional args
+install -Dpm 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/sysconfig/docker
+
+# install docker client
+install -p -m 0755 $(readlink -f %{_builddir}/%{_source_client}/build/docker) %{buildroot}%{_bindir}/docker
+
+# add bash, zsh, and fish completions
+install -d %{buildroot}%{_datadir}/bash-completion/completions
+install -d %{buildroot}%{_datadir}/zsh/vendor-completions
+install -d %{buildroot}%{_datadir}/fish/vendor_completions.d
+install -p -m 644 %{_builddir}/%{_source_client}/contrib/completion/bash/docker %{buildroot}%{_datadir}/bash-completion/completions/docker
+install -p -m 644 %{_builddir}/%{_source_client}/contrib/completion/zsh/_docker %{buildroot}%{_datadir}/zsh/vendor-completions/_docker
+install -p -m 644 %{_builddir}/%{_source_client}/contrib/completion/fish/docker.fish %{buildroot}%{_datadir}/fish/vendor_completions.d/docker.fish
+
+# add docs
+install -d %{buildroot}%{_pkgdocdir}
+install -p -m 644 %{_builddir}/%{_source_client}/{LICENSE,MAINTAINERS,NOTICE,README.md} %{buildroot}%{_pkgdocdir}
+
+%files
+# empty as it depends on engine and client
+
+%files engine
+%config(noreplace) %{_sysconfdir}/sysconfig/docker
+%{_bindir}/dockerd
+%{_bindir}/docker-proxy
+%{_bindir}/docker-init
+%{_unitdir}/docker.service
+%{_unitdir}/docker.socket
+
+%files client
+%{_bindir}/docker
+%{_datadir}/bash-completion/completions/docker
+%{_datadir}/zsh/vendor-completions/_docker
+%{_datadir}/fish/vendor_completions.d/docker.fish
+%doc %{_pkgdocdir}
+
+%post
+%systemd_post docker.service
+if ! getent group docker > /dev/null; then
+    groupadd --system docker
+fi
+
+%preun
+%systemd_preun docker.service docker.socket
+
+%postun
+%systemd_postun_with_restart docker.service
+
+%changelog
+* Thu Sep 12 2024 Funda Wang <fundawang@yeah.net> - 27.2.1-1
+- update to version 27.2.1
+
+* Fri Jul 26 2024 zhangxianting <zhangxianting@uniontechc.om> - 25.0.3-10
+- Type:CVE
+- ID:NA
+- SUG:NA
+- DESC:fix CVE-2024-41110
+
+* Fri Jul 12 2024 lvxiangcong <lvxiangcong@kylinos.cn> - 25.0.3-9
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:fix docker swarm run failed for loongarch64
+
+* Tue Jul 02 2024 zhangbowei<zhangbowei@kylinos.cn> - 25.0.3-8
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:fix bug by using docker-proxy in the source file to get better compatibility
+
+* Fri Jun 28 2024 shechenglong<shechenglong@xfusion.com> - 25.0.3-7
+- DESC:software package name moby is changed to docker
+
+* Fri Jun 14 2024 zhaixiaojuan<zhaixiaojuan@loongson.cn> - 25.0.3-6
+- DESC:add loongarch64 seccomp support
+
+* Tue May 14 2024 wanglimin<wanglimin@xfusion.com> - 25.0.3-5
+- DESC:clean dependency between engine and cli
+
+* Sat May 11 2024 lvxiangcong<lvxiangcong@kylinos.cn> - 25.0.3-4
+- DESC:fix install error failed to docker.service does not exit
+
+* Mon Apr 22 2024 lvxiangcong<lvxiangcong@kylinos.cn> - 25.0.3-3
+- DESC:fix cve-2024-32473
+
+* Wed Apr 17 2024 lvxiangcong<lvxiangcong@kylinos.cn> - 25.0.3-2
+- DESC:fix cve-2024-29018
+
+* Tue Feb 06 2024 shechenglong<shechenglong@xfusion.com> - 25.0.3-1
+- DESC:update to 25.0.3
+
+* Thu Dec 28 2023 maokecheng<maokecheng@xfusion.com> - 20.10.24-7
+- Adapt docker-runc to be changed to runc
+
+* Tue Sep 26 2023 xulei<xulei@xfusion.com> - 20.10.24-6
+- Fix the missing socketGroup permissions for only installing moby-engine
+
+* Mon Sep 18 2023 xulei<xulei@xfusion.com> - 20.10.24-5
+- Optimize the apply patch method
+
+* Thu Sep 14 2023 xulei<xulei@xfusion.com> - 20.10.24-4
+- DESC: Fix missing runc dependencies
+        The declaration conflicts with the installation of docker-engine
+
+* Mon Sep 4 2023 xulei<xulei@xfusion.com> - 20.10.24-3
+- Fix the conflict libnetwork installation
+
+* Sun Jul 16 2023 xulei<xulei@xfusion.com> - 20.10.24-2
+- DESC: fix non-blocking awslogs log drop bug
+        fix panic if mount is not a volume
+
+* Mon Apr 10 2023 xulei<xulei@xfusion.com> - 20.10.24-1
+- DESC: update to 20.10.24
+
+* Tue Apr 4 2023 zhangzhihui<zhangzhihui@xfusion.com> - 20.10.23-3
+- DESC: sync upstream patch
+        Dockerfile: configure code dir as "safe" directory
+
+* Fri Mar 31 2023 zhangzhihui<zhangzhihui@xfusion.com> - 20.10.23-2
+- DESC: sync upstream patch to update containerd to v1.6.16
+
+* Wed Mar 29 2023 xulei<xulei@xfusion.com> - 20.10.23-1
+- DESC:update to 20.10.23
+
+* Wed Mar 8 2023 xulei<xulei@xfusion.com> - 20.10.21-4
+- DESC: enhance container behavior
+        1.stop docker.socket before uninstall docker.
+        2.container keep running when restart docker service.
+        3.when containerd exits abnormally, it can be automatically pulled up.
+        4.add some dockerd options.
+        5.change to BuildRequires golang-1.18.0
+
+* Wed Dec 28 2022 xulei<xulei@xfusion.com> - 20.10.21-3
+- DESC: change to BuildRequires golang-1.17.3
+
+* Wed Dec 21 2022 wanglimin<wanglimin@xfusion.com> - 20.10.21-2
+- DESC: revert any to interface{} temporarily to allow builtable with golang-1.17.x
+-       it will be withdrawed if golang upgrade to 1.18.x in the branch
+
+* Thu Dec 14 2022 wanglimin<wanglimin@xfusion.com> - 20.10.21-1
+- DESC: initial docker-20.10.21-1
diff --git a/sources b/sources
new file mode 100644
index 0000000..b9c0010
--- /dev/null
+++ b/sources
@@ -0,0 +1,3 @@
+43e4a95623054436bd6e690d9ceaf26c  cli-27.2.1.tar.gz
+bbb7eae4f0c407f2f11df26d90d02bd0  moby-27.2.1.tar.gz
+72935bca9232313409a052833068fb1d  tini-0.19.0.tar.gz