[dgit import tarball docker.io 18.09.1+dfsg1-7.1+deb10u2 docker.io_18.09.1+dfsg1-7.1+deb10u2.debian.tar.xz]
--- /dev/null
+FROM tianon/debian-devel
+
+RUN echo 'deb http://incoming.debian.org/debian-buildd buildd-unstable main contrib non-free' > /etc/apt/sources.list.d/incoming.list
+
+# start by adding just "debian/control" so we can get mk-build-deps with maximum caching
+COPY control /usr/src/docker.io/debian/
+WORKDIR /usr/src/docker.io
+
+# get all the build deps of _this_ package in a nice repeatable way
+RUN apt-get update && mk-build-deps -irt'apt-get --no-install-recommends -yV' debian/control && dpkg-checkbuilddeps
+
+# need our debian/ directory to compile _this_ package
+COPY . /usr/src/docker.io/debian
+
+# go download and unpack our upstream source
+RUN uscan --force-download --verbose --download-current-version
+RUN DOCKER_TARBALLS=.. ./debian/helpers/download-libcontainer
+RUN /tianon/extract-origtargz.sh
+
+# tianon is _really_ lazy, and likes a preseeded bash history
+RUN echo '/tianon/extract-origtargz.sh && dpkg-buildpackage -us -uc && lintian -EvIL+pedantic' >> /root/.bash_history
--- /dev/null
+Docker on Debian
+================
+
+Please refer to upstream's documentation for information about what Docker is,
+how it works, and how to use it: https://docs.docker.com/
+
+The following notes are things that may have impact specifically to use of the
+Docker package in Debian.
+
+--
+
+To enable docker memory limitation, the kernel needs to be loaded with
+boot parameters: cgroup_enable=memory swapaccount=1.
+
+This is because enabling memory cgroup support has some run-time overhead,
+and kernel maintainers don't want to slow down systems unnecessarily.
+
+http://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg764104.html
+https://github.com/docker/docker/issues/396
+
+To instruct the kernel to enable memory cgroup support, edit
+/etc/default/grub and extend GRUB_CMDLINE_LINUX_DEFAULT like:
+
+GRUB_CMDLINE_LINUX_DEFAULT="cgroup_enable=memory swapaccount=1"
+
+Then run update-grub, and reboot.
+
+---
+
+It's worth pointing out that upstream maintains a "check-config.sh" script for
+verifying not only proper kernel configuration (which isn't terribly relevant in
+the Debian context), but also the host system configuration, especially and
+including whether a properly mounted cgroup hierarchy can be found. If you're
+using cgroupfs-mount or systemd, chances are very high that you have one, but if
+not, you're likely to see strange behavior.
+
+In the docker.io package, one can find the "check-config.sh" script under
+"/usr/share/docker.io/contrib/check-config.sh", which when run (does NOT require
+root/sudo) will report on problems with your installation/configuration.
+
+---
+
+As noted in the upstream documentation (https://docs.docker.io), Docker will
+allow non-root users in the "docker" group to access "docker.sock" and thus
+communicate with the daemon. To add yourself to the "docker" group, use
+something like:
+
+adduser YOURUSER docker
+
+As also noted in the upstream documentation, the "docker" group (and any other
+means of accessing the Docker API) is root-equivalent. If you don't trust a
+user with root on your box, you shouldn't trust them with Docker either.
+If you are interested in further information about the security aspects of
+Docker, please be sure to read the "Docker Security" article in the
+upstream documentation:
+
+ https://docs.docker.com/engine/security/security/
+
+---
+
+ rpc error: code = 2 desc = "oci runtime error: could not synchronise with
+ container process: no subsystem for mount"
+
+This message is very likely related to https://bugs.debian.org/843530, and thus
+https://github.com/opencontainers/runc/issues/1175.
+
+Adding "systemd.legacy_systemd_cgroup_controller=yes" to your system boot
+parameters (in Grub, etc) is probably necessary to resolve it.
+
+---
+
+Support for the logentries.com log driver has been removed from the
+Debian version as it contains no license information and is therefore
+not redistributable.
+
+Github issues have been filed upstream:
+
+https://github.com/bsphere/le_go/issues/14
+https://github.com/docker/docker/issues/31020
+
+---
+
+## Restart dilemma
+
+Restarting Docker daemon terminates all running containers. Therefore
+automatic restart is not an option as containers may be killed during
+unattended upgrade, etc.
+
+This is Docker's design flaw and upstream gave up on idea of restoring
+state of running containers on upgrade, bluntly stating "You must stop all
+containers and plugins BEFORE upgrading" in release notes.
+
+** "rkt" container runtime is free from that flaw. **
+
+Not restarting Docker daemon on upgrade can make CLI unusable until daemon
+restart due to mismatch between CLI and running Daemon versions.
+
+Fortunately recommended "needrestart" package show interactive prompt to
+restart Docker daemon after upgrade.
--- /dev/null
+## "stable" versus "edge" releases
+
+As per [1], starting with Docker 18.09, CE "stable" releases will be
+supported for 7 months. See [2] for details.
+
+This package should only ever ship "stable" Community Edition (CE)
+releases.
+
+Docker version numbers are derived from date, e.g. `date +%g.%m`.
+
+The every-month releases are "edge" (17.04, 17.05, etc), are only supported
+for the duration of their release month. Stable releases have longer
+support cycles. Monthly "Edge" releases should be avoided.
+
+[1]: https://docs.docker.com/install/
+[2]: https://docs.docker.com/release-notes/docker-ce/
+
+
+## Incompetent upstream release process
+
+Upstream is notorious for incredibly sloppy versioning. Docker components
+are inconsistently versioned; don't depend on same version of common
+libraries and different revisions of dependency libraries are privately
+vendored. Basically upstream couldn't care less about consistent, semantic
+versioning and re-usable components. Shameful abomination of good software
+development practices... :(
+
+**An overview of the various docker repositories**
+
+Some repositories used to release on a regular basis, then stopped:
+
+ * https://github.com/moby/moby : last release on Jun 28, 2017
+ * https://github.com/docker/distribution: last release on Jul 21, 2017
+ * https://github.com/docker/libnetwork : last release on May 8, 2016
+
+This seem to be due to the split between Moby and Docker, although it is highly
+undocumented. For the Moby repository, you have to dig up this kind of thread:
+"https://github.com/moby/moby/issues/33951#issuecomment-312995683"
+
+Some repositories never really had any releases:
+
+ * https://github.com/docker/cli
+ * https://github.com/docker/go-events
+ * https://github.com/docker/swarmkit
+
+**The docker-ce super repository**
+
+docker-ce is the super repository from where Docker Community Edition is
+produced, and this is where things get messy.
+
+Basically this is where the code from the docker engine (github.com/moby/moby)
+docker client (github.com/docker/cli) is pulled together. But how? Looking at
+the git history, we can see cherry-picked commits, merge requests, standalone
+commits, and probably other things... In the end, when a docker-ce version is
+released, it doesn't seem to correspond to a particular commit of moby/moby or
+docker/cli.
+
+At some point I thought we should ignore docker-ce, and instead package
+moby/moby and docker/cli separately. But because of the workflow described
+above, I now think it's a very bad idea. We have no idea of which version of
+moby/moby and docker/cli work together (no semantic versions), and we can't
+really find this information from a tag in docker-ce.
+
+So we'd better package docker-ce instead.
+
+**Docker-ce releases**
+
+Upstream tags releases in "github.com/docker/docker-ce" and we have to ship
+matching bundle of Docker engine, and Docker CLI from that repository.
+
+Docker-ce releases monthly, with a 2 or 3 release candidates before the
+final release. Other than quarterly "stable" releases there doesn't seem to
+be any long-term releases. The fact that there are release candidates
+probably indicates that bugs are reported, test suites are run, and things
+are fixed between various rc (hopefully).
+
+On top of that Docker depends on very particular commits of
+
+ * github.com/containerd/containerd
+ * github.com/docker/libnetwork
+ * github.com/docker/swarmkit
+
+None of the above repositories have relevant tags.
+
+**Docker code base is spread among several name spaces.**
+
+We've made a mistake trying to treat it as several reusable components.
+
+Upstream abuse of versioning practices is a shameful and incompetent
+disgrace. Docker people, if you are reading this I hope you feel sorry.
+I, Dmitry Smirnov <onlyjob@debian.org>, find it difficult to politely
+express how much I despise your release process.
+
+
+## Circular dependencies
+
+Let me explain practical problem with dependencies. Docker and Libnetwork
+both depend on each other and on "sirupsen/logrus". When in the 2018 the
+latter exhibited minor/trivial problem I could not upload neither Docker
+nor Libnetwork because each FTBFS in the "other" dependency. That's why
+starting with 17.12.1 libnetwork has been incorporated into "docker.io".
+
+
+## Docker package vendoring policy
+
+As highlighted above, it is unsustainable and impractical to package
+individual Docker "components". Many libraries of Docker name space are
+only ever used by Docker and depend on "github.com/docker/docker" which
+makes them part of Docker code base.
+
+Combined with upstream resistance to good versioning practices, we have to
+ship Docker bundle producing (only) reusable package from multi upstream
+tarball (MUT) source package.
+
+Some vendored microlibraries, unless semantically versioned, are not
+worth to be introduced as standalone source package.
+
+Therefore "docker.io" source package will ship all essential Docker
+dependencies to avoid circular dependencies. Main criteria for inclusion of
+a dependency library into "docker.io" source package is dependency on
+"github.com/docker/docker". Additional criteria is assessment whether
+Docker dependency is reusable (e.g. semantically versioned and used by
+other packages). Age of tags is to be considered as Docker team stopped
+tagging most of their dependencies in favour of vendoring them by some
+random commit.
+
+
+## Bundled versus external libraries
+
+### runc
+
+We should make an effort to use "runc" package which no longer depends on
+Docker since 1.0.0~rc5 (no circular/mutual dependency). runc upstream is
+tagging releases so it satisfies non-bundling criteria mentioned above.
+
+In 2017 all reverse build-deps of runc-dev were broken when Balint Reczey
+<rbalint@ubuntu.com> forked "runc" source package as "docker-runc"
+versioned to match Docker expectations.
+New package "golang-github-opencontainers-docker-runc-dev" had explicit
+Conflits with "golang-github-opencontainers-runc-dev" effectively hijacking
+runc because all packages depending on runc-dev also depend on docker-dev
+(which depends on docker-runc-dev) hence runc-dev could not be installed
+together with docker-runc-dev. Maintainer of reverse runc-dev build-deps
+was very unhappy...
+
+Let me stress it again: Docker should not hijack runc's name space
+"github.com/opencontainers/runc". Docker's fork of the latter have its
+own name space: "github.com/docker/runc".
+
+In the unfortunate situation if we ever have to use bundled runc in Docker,
+we should NOT provide docker-runc-dev package ever again (or at least avoid
+Conflicts with runc-dev at all costs). I suggest testing runc package for
+run-time compatibility with Docker. That works well with Docker 17.12.1.
+
+Do not be mislead by particular (random) RUNC_COMMIT that Docker expects
+(e.g. `docker info`, "engine/vendor.conf") - we can/should not comply with
+upstream's systematic abuse of versioning.
+
+Perhaps expected commits are not to be trusted at all: for instance in
+17.12.1, CONTAINERD_COMMIT in "engine/hack/dockerfile/binaries-commits"
+does not match any of containerd commits in "engine/vendor.conf".
+
+
+## Notable upstream bugs
+
+ https://github.com/moby/moby/issues/37272
+ https://github.com/docker/distribution/issues/2623
+ https://github.com/docker/distribution/issues/2609
--- /dev/null
+
+## testing
+
+ Better testing of components
+
+
+## full rebuild of components
+
+ Currently re-build is partial.
+
+
+## switch packages from docker-runc-dev to opencontainers-runc-dev
+
+ * kubernetes [partially done, needs more work]
+
+
+## request removal of
+
+ * docker-runc [#902059]
+ * docker-containerd [#902087]
+ * golang-libnetwork [#902058]
+ * swarmkit [#902086]
--- /dev/null
+docker.io (18.09.1+dfsg1-7.1+deb10u2) buster-security; urgency=medium
+
+ * Add upstream patch for CVE-2020-13401 (Closes: #962141)
+
+ -- Felix Geyer <fgeyer@debian.org> Sun, 14 Jun 2020 22:12:29 +0200
+
+docker.io (18.09.1+dfsg1-7.1+deb10u1) buster-security; urgency=medium
+
+ [ Arnaud Rebillout ]
+ * Add upstream patch for CVE-2019-13139 (Closes: #933002).
+ * Add upstream patches for CVE-2019-13509 (Closes: #932673).
+
+ [ Felix Geyer ]
+ * Add upstream patch for CVE-2019-14271
+ * Cherry-pick upstream commits to fix test failures with
+ golang >= 1.11.6-1+deb10u1
+
+ -- Felix Geyer <fgeyer@debian.org> Tue, 03 Sep 2019 19:59:35 +0200
+
+docker.io (18.09.1+dfsg1-7.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+
+ [ Hideki Yamane ]
+ * upstream site moved to mobyproject.org
+
+ [ Arnaud Rebillout ]
+ * Add patch for CVE-2018-15664 (Closes: #929662).
+
+ -- Shengjing Zhu <zhsj@debian.org> Sun, 23 Jun 2019 01:25:10 +0800
+
+docker.io (18.09.1+dfsg1-7) unstable; urgency=medium
+
+ * Add patch to revert using iptables-legacy (Closes: #921600).
+
+ -- Arnaud Rebillout <arnaud.rebillout@collabora.com> Mon, 13 May 2019 09:34:45 +0700
+
+docker.io (18.09.1+dfsg1-6) unstable; urgency=medium
+
+ * Add patch to fix Debian security presence check (Closes: #925224).
+
+ -- Arnaud Rebillout <arnaud.rebillout@collabora.com> Tue, 16 Apr 2019 09:56:17 +0700
+
+docker.io (18.09.1+dfsg1-5) unstable; urgency=medium
+
+ * Install "containerd-shim" as "docker-containerd-shim" (Closes: #920935).
+ * Update containerd-name patch.
+
+ -- Arnaud Rebillout <arnaud.rebillout@collabora.com> Sat, 02 Feb 2019 10:00:35 +1100
+
+docker.io (18.09.1+dfsg1-4) unstable; urgency=medium
+
+ * Updated "containerd" executable name patch;
+ renamed "containerd-shim" executable (Closes: #920597).
+
+ -- Dmitry Smirnov <onlyjob@debian.org> Mon, 28 Jan 2019 10:16:28 +1100
+
+docker.io (18.09.1+dfsg1-3) unstable; urgency=medium
+
+ * New patch to fix name of the "containerd" executable (Closes: #920597).
+
+ -- Dmitry Smirnov <onlyjob@debian.org> Sun, 27 Jan 2019 23:43:53 +1100
+
+docker.io (18.09.1+dfsg1-2) unstable; urgency=medium
+
+ [ Dmitry Smirnov ]
+ * Standards-Version: 4.3.0.
+ * Upload to unstable.
+
+ [ Arnaud Rebillout ]
+ * Bump runc requirement to 1.0.0~rc6.
+ * Add patch to skip flaky test.
+ * Tidy up patches.
+
+ -- Arnaud Rebillout <arnaud.rebillout@collabora.com> Sat, 26 Jan 2019 10:58:39 +1100
+
+docker.io (18.09.1+dfsg1-1) experimental; urgency=medium
+
+ * New upstream release [January 2019].
+ * Remove obsolete patches, refresh remaining ones.
+ * New notable patches:
+ - build against the runc debian package.
+ - build against google-grpc 1.11.
+ - attempt to fix mips build.
+ - disable a test file that fails to build (known issue upstream).
+ * Remove various build dependencies, add new ones.
+ * Bump some build dependencies:
+ - golang-github-coreos-bbolt-dev (>= 1.3.1-coreos.5-3~).
+ * Vendor some build dependencies:
+ - docker/licensing (no debian package, no upstream release).
+ - golang-github-spf13-cobra/pflag-dev (docker has internal fork).
+
+ -- Arnaud Rebillout <arnaud.rebillout@collabora.com> Tue, 22 Jan 2019 19:48:15 +1100
+
+docker.io (18.06.1+dfsg1-3) unstable; urgency=medium
+
+ * Import upstream patch to use iptables-legacy (Closes: #911808).
+ * Un-vendor opencontainers-runtime-tools.
+ * Import numerous patches from upstream for go 1.11.
+
+ -- Arnaud Rebillout <arnaud.rebillout@collabora.com> Thu, 17 Jan 2019 15:37:54 +1100
+
+docker.io (18.06.1+dfsg1-2) unstable; urgency=medium
+
+ * Tighten versioned dependency on "runc".
+ * dev: install "libnetwork/ipamutils".
+
+ -- Dmitry Smirnov <onlyjob@debian.org> Sun, 16 Sep 2018 13:21:33 +1000
+
+docker.io (18.06.1+dfsg1-1) unstable; urgency=medium
+
+ [ Dmitry Smirnov ]
+ * New upstream release [August 2018].
+ * Upload to unstable (Closes: #906999).
+
+ [ Arnaud Rebillout ]
+ * Cleanup /etc/init/docker.conf (Closes: #907455)
+
+ -- Dmitry Smirnov <onlyjob@debian.org> Tue, 11 Sep 2018 14:03:46 +1000
+
+docker.io (18.06.0+dfsg1-1) experimental; urgency=medium
+
+ * New upstream release [July 2018].
+
+ [ Arnaud Rebillout ]
+ * get-orig-source: print the list of directories vendored by upstream.
+
+ [ Dmitry Smirnov ]
+ * README.source: noted duration of upstream support.
+ * README.Debian: added note about restart dilemma.
+
+ -- Dmitry Smirnov <onlyjob@debian.org> Fri, 10 Aug 2018 19:07:41 +1000
+
+docker.io (18.03.1+dfsg1-6) unstable; urgency=medium
+
+ * Removed obsolete "golang-ed25519-dev" from Build-Depends.
+ * Standards-Version: 4.1.5.
+
+ -- Dmitry Smirnov <onlyjob@debian.org> Wed, 11 Jul 2018 20:15:24 +1000
+
+docker.io (18.03.1+dfsg1-5) unstable; urgency=medium
+
+ * New upstream patch to prevent needless calls to `pass` (Closes: #902258).
+ * Do not automatically restart daemon on upgrade (Closes: #786724).
+ * Recommends += "needrestart".
+
+ "needrestart" prompts to restart "docker" daemon on upgrade. This way
+ running containers won't be killed on upgrade until user choses to
+ restart Docker.
+ Not restarting Docker on upgrade may break CLI when it disagrees with
+ running daemon regarding API version.
+
+ -- Dmitry Smirnov <onlyjob@debian.org> Mon, 02 Jul 2018 14:56:46 +1000
+
+docker.io (18.03.1+dfsg1-4) unstable; urgency=medium
+
+ * Suggests += "e2fsprogs, xfsprogs" (Closes: #887222).
+ * rules: fixed test failure on binary-indep build (Closes: #902206).
+ Thanks, Santiago Vila.
+
+ -- Dmitry Smirnov <onlyjob@debian.org> Sun, 24 Jun 2018 23:22:51 +1000
+
+docker.io (18.03.1+dfsg1-3) unstable; urgency=medium
+
+ [ Dmitry Smirnov ]
+ * Replaced upstream SysV init file with an improved one.
+ * --remove-pidfile on stop (Closes: #764921)
+ * don't fail when removed (Closes: #841282)
+ * fixed exit status:
+ + don't fail to stop when already stopped
+ + don't fail to start when already started
+ * removed useless check_init()
+ Thanks, Sam Morris.
+ * postinst: create "docker" group when needed (Closes: #821078).
+ * README.source: added comment to clarify upstream version numbering.
+ Thanks, Tianon Gravi
+ * README.source: added link describing upstream life cycle & release
+ policy. Thanks, Tianon Gravi.
+
+ [ Arnaud Rebillout ]
+ * Added myself to uploaders.
+ * Bumped compat to 11 to allow installling the systemd socket
+ file automatically with dh_installsystemd.
+ * Installed systemd socket through dh_installsystemd.
+
+ -- Dmitry Smirnov <onlyjob@debian.org> Thu, 21 Jun 2018 21:27:32 +1000
+
+docker.io (18.03.1+dfsg1-2) unstable; urgency=medium
+
+ [ Dmitry Smirnov ]
+ * Upload to unstable.
+ * Un-bundle "googleapis-gnostic-dev" and "docker-notary-dev".
+ * Removed "golang-github-hashicorp-consul-dev" from Build-Depends.
+
+ [ Arnaud Rebillout ]
+ * Fix bash completion install.
+ * d/control: depend on golang-any.
+ * d/README.source: re-write part about docker-ce upstream workflow.
+ * Set required version for imdario-mergo and hashicorp-memberlist.
+
+ -- Dmitry Smirnov <onlyjob@debian.org> Wed, 20 Jun 2018 23:40:47 +1000
+
+docker.io (18.03.1+dfsg-1) experimental; urgency=medium
+
+ * New upstream release [April 2018].
+ * rules:
+ + properly pass daemon version.
+ + re-work override_dh_auto_configure with important fixes.
+ * New patch to disable unreliable TestAdapterReadLogs.
+ * Use packaged "tini", don't build it.
+ Thanks, Arnaud Rebillout.
+
+ -- Dmitry Smirnov <onlyjob@debian.org> Tue, 19 Jun 2018 13:43:57 +1000
+
+docker.io (17.12.1+dfsg-4) experimental; urgency=medium
+
+ * golang-github-docker-docker-dev:
+ + install only selected "libnetwork" components.
+ + install missing "docker/cli" components.
+ + install "docker/docker/cli".
+
+ -- Dmitry Smirnov <onlyjob@debian.org> Mon, 18 Jun 2018 19:32:51 +1000
+
+docker.io (17.12.1+dfsg-3) experimental; urgency=medium
+
+ * Removed versioning from -dev Breaks/Replaces: libnetwork-dev
+ (Closes: #901694).
+ * Build with consistent tags "apparmor seccomp selinux ambient"
+ (Closes: #901743).
+ Thanks, Laurent Bigonville.
+ * New patch to fix FTBFS on mips* architectures.
+
+ -- Dmitry Smirnov <onlyjob@debian.org> Mon, 18 Jun 2018 12:05:10 +1000
+
+docker.io (17.12.1+dfsg-2) experimental; urgency=medium
+
+ * New patch to disable TestGetRootUIDGID, failing in sbuild.
+
+ -- Dmitry Smirnov <onlyjob@debian.org> Sat, 16 Jun 2018 21:31:51 +1000
+
+docker.io (17.12.1+dfsg-1) experimental; urgency=medium
+
+ * Team upload.
+ * New upstream release [February 2018] (Closes: #850753).
+ * Restart on upgrade, like most daemons (Closes: #792327).
+ Docker's upgrade tip from 17.12.0 release notes:
+ "You must stop all containers and plugins BEFORE upgrading".
+ * New multi-upstream-tarball (MUT) layout, building all docker components
+ (containerd, libnetwork, swarmkit) at once;
+ incorporated binaries of docker-containerd and libnetwork.
+ * docker-dev to provide libnetwork-dev (a part of Docker).
+ * New patches to build on go-1.10; build with latest Go compiler.
+ * Declared myself as Maintainer.
+
+ -- Dmitry Smirnov <onlyjob@debian.org> Sat, 16 Jun 2018 20:05:48 +1000
+
+docker.io (1.13.1~ds3-4) unstable; urgency=medium
+
+ * Build with go-1.7 as later versions cause [archive,tarsum] failures
+ (Closes: #901317).
+ * Re-enabled [archive,tarsum] tests.
+ * Build-Depends:
+ = golang-1.7-go | golang-go (>= 2:1.6~)
+
+ -- Dmitry Smirnov <onlyjob@debian.org> Tue, 12 Jun 2018 00:02:27 +1000
+
+docker.io (1.13.1~ds3-3) unstable; urgency=medium
+
+ * Removed invalid team email from Uploaders (Closes: #899285).
+ * B-D: "libbtrfs-dev | btrfs-progs (<< 4.16.1~)" (Closes: #898876).
+ Thanks, Dimitri John Ledkov.
+ * (Build-)Depends:
+ - removed unused "golang-github-aanand-compose-file-dev".
+ - removed needless versioning and unknown alternatives.
+ * dev: install "runconfig" (used by "github.com/aanand/compose-file").
+ * repack.sh: use correct compression type, depending on file name.
+ * watch file to version 4; updated "repack.sh".
+
+ -- Dmitry Smirnov <onlyjob@debian.org> Sun, 10 Jun 2018 19:49:42 +1000
+
+docker.io (1.13.1~ds3-2) unstable; urgency=medium
+
+ * Team upload.
+ * Install -dev files from build directory.
+
+ -- Dmitry Smirnov <onlyjob@debian.org> Sat, 09 Jun 2018 20:20:53 +1000
+
+docker.io (1.13.1~ds3-1) unstable; urgency=medium
+
+ * Team upload.
+
+ [ Tianon Gravi ]
+ * Remove gccgo support.
+ Removed upstream in commit eda90f63446253f97d2011926555306f2417d208
+ (https://github.com/moby/moby/pull/25978)
+ * Update upstream-version-gitcommits with more upstream versions
+
+ [ Dmitry Smirnov ]
+ * New patch to fix CVE-2017-16539 (Closes: #900140).
+ * New patch to remove 10 seconds delay on purge (Closes: #853258).
+ * debhelper to version 11; compat to version 10.
+ * copyright format URL to HTTPS; bump copyright years.
+ * Standards-Version: 4.1.4.
+ * Vcs URLs to Salsa.
+ * Included "cliconfig" to -dev package (used by "gitlab-runner").
+ * Included "reference" and "registry" into -dev package (used by "nomad").
+ * Removed obsolete "golang-github-docker-engine-api-dev" from Build-Depends.
+ * Use more private libraries to fix build and break circular dependencies:
+ + github.com/docker/swarmkit
+ + github.com/docker/libnetwork
+ + github.com/docker/go-events
+ + github.com/docker/go-metrics
+ * Removed Upstart .conf file.
+ * rules:
+ + better clean, remove generated file(s).
+ + fixed "sirupsen/logrus" imports.
+ + DH_GOLANG_GO_GENERATE = 1
+
+ -- Dmitry Smirnov <onlyjob@debian.org> Sat, 09 Jun 2018 14:50:13 +1000
+
+docker.io (1.13.1~ds2-3) unstable; urgency=medium
+
+ * Switch from "runc" to "docker-runc" and "containerd" to
+ "docker-containerd", removing prefix-removing patch
+ (Closes: #877329, #877892)
+ * Update patches, especially test-disablers
+
+ -- Tianon Gravi <tianon@debian.org> Sat, 14 Oct 2017 08:58:11 -0700
+
+docker.io (1.13.1~ds1-2) unstable; urgency=medium
+
+ * Make test suite pass by using assorted patches to fix or disable
+ tests that don't work under pbuilder. (Closes: #858269)
+ * Suppress some unfixable Lintian warnings.
+ * Verify CVE-2016-9962 is fixed. (Closes: #850952)
+
+ -- Tim Potter <tpot@hpe.com> Wed, 07 Jun 2017 11:43:14 +1000
+
+docker.io (1.13.1~ds1-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Tim Potter <tpot@hpe.com> Wed, 24 May 2017 11:44:10 +1000
+
+docker.io (1.13.0~ds1-3) unstable; urgency=medium
+
+ * Add api and client directories to dev package.
+
+ -- Tim Potter <tpot@hpe.com> Mon, 24 Apr 2017 16:02:32 +1000
+
+docker.io (1.13.0~ds1-2) unstable; urgency=medium
+
+ * Re-enable logfiles.com logging support after upstream license
+ change.
+ * Run nuke-graph-directory.sh using bash instead of regular sh.
+ * Fix dockerd location for sysvinit and upstart scripts. (Closes: #858249)
+
+ -- Tim Potter <tpot@hpe.com> Tue, 28 Mar 2017 15:41:55 +1100
+
+docker.io (1.13.0~ds1-1) experimental; urgency=medium
+
+ [ Paul Tagliamonte ]
+ * Remove myself as maintainer, and swap out tpot. Sadly, these days, I'm
+ mostly just in the way, and not actually helping all that much with
+ the Docker packaging. My last upload was basically forever ago, and
+ tianon and tpot have been doing all the work since than. As such, I'm
+ going to make an unilateral executive decision to tell everyone who
+ listens to actually just listen to tpot. I plan to continue to be around in
+ the form of cruft and chaos monkey. You should also listen to tianon.
+
+ [ Tianon Gravi ]
+ * Update basic-smoke test with "set -x" for debuggability and proper Depends
+ * Build from within GOPATH so Go packages are resolved properly
+ * Split "dh_auto_build-arch" from "dh_auto_build-indep"
+ * Update "debian/watch" to use "uscan.tianon.xyz" so older versions are still
+ easily fetchable without excess work outside uscan
+ * Fix d/copyright text about Apache version 2.0 being in
+ "/usr/share/common-licenses/GPL-2" (Closes: #835440); thanks cascardo!
+ * Add Tim Potter to Uploaders ♥
+ * Add a bit more formatting to README.Debian (and a short intro to explain
+ what kinds of things this file includes)
+ * Add an explicit note about "systemd.legacy_systemd_cgroup_controller=yes"
+ in README.Debian (Closes: #843530)
+ * Add explicit new "golang-golang-x-oauth2-google-dev" package to Depends
+
+ [ Tim Potter ]
+ * Add missing "golang-github-docker-go-events-dev" B-D (Closes: #850793)
+ * New upstream version.
+ * Refresh patches and remove obsolete ones.
+ * Remove logentries.com log driver as upstream module is unlicensed.
+
+ -- Tianon Gravi <tianon@debian.org> Fri, 19 Aug 2016 12:52:55 -0700
+
+docker.io (1.11.2~ds1-6) unstable; urgency=medium
+
+ [ Tianon Gravi ]
+ * Add DEP-3 headers for "skip-racy-unit-tests.patch"
+ * Add a note about "check-config.sh" to README.Debian; thanks Tincho!
+ * Add "docker-doc" to Suggests (Closes: #831748); thanks Ben!
+ * Remove "lxc" from Suggests (no longer a supported execution backend)
+
+ [ Nicolas Braud-Santoni ]
+ * Fix /etc/docker permissions (Closes: #831324)
+
+ -- Tianon Gravi <tianon@debian.org> Wed, 20 Jul 2016 16:34:52 -0700
+
+docker.io (1.11.2~ds1-5) unstable; urgency=medium
+
+ * Skip racy "TestRunCommandWithOutputAndTimeoutKilled" during build (see also
+ https://github.com/docker/docker/issues/22965)
+
+ -- Tianon Gravi <tianon@debian.org> Tue, 12 Jul 2016 07:46:35 -0700
+
+docker.io (1.11.2~ds1-4) unstable; urgency=medium
+
+ [ Tianon Gravi ]
+ * Add new script to generate Build-Depends based on "go list" instead of
+ "hack/vendor.sh" (and update Build-Depends using it)
+ * Update "/etc/default/docker" text to aggressively discourage use, linking to
+ upstream's documentation for the recommended alternatives
+ ("/etc/docker/daemon.json" and systemd drop-ins)
+ * Update gbp.conf for pristine-tar usage now that we're no longer multi-orig
+ * Remove "/var/lib/docker" upon purge (Closes: #739257)
+
+ [ Dmitry Smirnov ]
+ * Add support for DEB_BUILD_OPTIONS=nocheck in debian/rules
+
+ -- Tianon Gravi <tianon@debian.org> Mon, 11 Jul 2016 22:09:01 -0700
+
+docker.io (1.11.2~ds1-3) unstable; urgency=medium
+
+ * Team upload.
+ * Updated "skip-privileged-unit-tests.patch" to skip more privileged
+ tests in order to fix FTBFS in pbuilder.
+ * Install "opts" directory to -dev package.
+
+ -- Dmitry Smirnov <onlyjob@debian.org> Sat, 09 Jul 2016 13:49:02 +1000
+
+docker.io (1.11.2~ds1-2) unstable; urgency=medium
+
+ * Add Tim Potter (tpot) and Dmitry Smirnov (onlyjob) to debian/copyright; they
+ were instrumental in getting 1.11 into the archive!
+ * Fix golang-github-docker-docker-dev install location (Closes: #830478);
+ thanks nicoo!
+
+ -- Tianon Gravi <tianon@debian.org> Fri, 08 Jul 2016 08:47:44 -0700
+
+docker.io (1.11.2~ds1-1) unstable; urgency=medium
+
+ * Update to 1.11.2 upstream release
+ (Closes: #806887, #820149, #822628, #812838)
+ * Add NEWS file describing the AUFS issue and the unfortunate possible
+ "solutions" (Closes: #799386, #805725)
+ * Add "/etc/docker" to the directories explicitly installed by the package
+ to help combat issues like #806261
+ * Update "Homepage" to "dockerproject.org" (versus ".com" which now redirects)
+ * Update "Vcs-Browser" to use https
+ * Shrink the Ubuntu delta by pulling in many of the changes
+ * Replace "btrfs-tools" relations with "btrfs-progs" (Closes: #824833)
+ * Adjust "repack.sh" to allow keeping minor bits of vendor/
+ * Fix bad URL in README (Closes: #816844); thanks Clint!
+ * Move documentation to dedicated "docker-doc" package
+ * Refresh patches, add minor patch to get unit tests running
+ * Use gccgo on non-golang architectures (Closes: #785093)
+ * Use "dh-golang" to calculate "Built-Using" more accurately
+ * Add simple "basic-smoke" DEP8 test
+
+ -- Tianon Gravi <tianon@debian.org> Mon, 04 Jul 2016 09:59:44 -0700
+
+docker.io (1.8.3~ds1-2) unstable; urgency=medium
+
+ * Move "overlay" higher in priority (Closes: #799087)
+ * Adjust "native.cgroupdriver" to default to "cgroupfs" (Closes: #798778)
+
+ -- Tianon Gravi <tianon@debian.org> Wed, 04 Nov 2015 00:09:02 -0800
+
+docker.io (1.8.3~ds1-1) unstable; urgency=medium
+
+ * Update to 1.8.3 upstream release (CVE-2014-8178, CVE-2014-8179)
+
+ -- Tianon Gravi <tianon@debian.org> Thu, 29 Oct 2015 19:40:51 -0700
+
+docker.io (1.8.2~ds1-2) unstable; urgency=medium
+
+ * Swap Build-Depends order to appease buildds (Closes: #803136)
+
+ -- Tianon Gravi <tianon@debian.org> Thu, 29 Oct 2015 07:23:10 -0700
+
+docker.io (1.8.2~ds1-1) unstable; urgency=medium
+
+ * Update to 1.8.2 upstream release
+ * Rename golang-docker-dev package to golang-github-docker-docker-dev
+ * Add SELinux support (Closes: #799620)
+
+ -- Tianon Gravi <tianon@debian.org> Wed, 28 Oct 2015 14:21:00 -0700
+
+docker.io (1.7.1~dfsg1-1) unstable; urgency=medium
+
+ * Update to 1.7.1 upstream release
+ * Remove patches applied upstream; refresh other patches
+ * Update Build-Depends
+
+ -- Tianon Gravi <tianon@debian.org> Wed, 26 Aug 2015 10:13:48 -0700
+
+docker.io (1.6.2~dfsg1-2) unstable; urgency=medium
+
+ * Add DEP8 tests
+ - integration: runs upstream's integration tests
+ * Replace "code.google.com/p/go.net" with canonical "golang.org/x/net"
+ (Closes: #789736)
+
+ -- Tianon Gravi <admwiggin@gmail.com> Wed, 01 Jul 2015 07:45:19 -0600
+
+docker.io (1.6.2~dfsg1-1) unstable; urgency=medium
+
+ * Update to 1.6.2 upstream release
+ * Update deps in d/control to match upstream's hack/vendor.sh specifications
+
+ -- Tianon Gravi <admwiggin@gmail.com> Thu, 21 May 2015 00:47:43 -0600
+
+docker.io (1.6.1+dfsg1-2) unstable; urgency=medium
+
+ * Add --no-restart-on-upgrade to dh_installinit so that we don't force
+ a stop on upgrade, which can cause other units to fall over. Many thanks
+ to Michael Stapelberg (sECuRE) for the tip!
+
+ -- Paul Tagliamonte <paultag@debian.org> Sun, 10 May 2015 13:02:54 -0400
+
+docker.io (1.6.1+dfsg1-1) unstable; urgency=high
+
+ * Update to 1.6.1 upstream release (Closes: #784726)
+ - CVE-2015-3627
+ Insecure opening of file-descriptor 1 leading to privilege escalation
+ - CVE-2015-3629
+ Symlink traversal on container respawn allows local privilege escalation
+ - CVE-2015-3630
+ Read/write proc paths allow host modification & information disclosure
+ - CVE-2015-3631
+ Volume mounts allow LSM profile escalation
+
+ -- Tianon Gravi <admwiggin@gmail.com> Fri, 08 May 2015 17:57:10 -0600
+
+docker.io (1.6.0+dfsg1-1) unstable; urgency=medium
+
+ * Upload to unstable
+ * Backport PR 12943 to support golang-go-patricia 2.*
+ * Remove convenience copies of cgroupfs-mount in init.d / upstart scripts
+ (Re: #783143)
+
+ -- Tianon Gravi <admwiggin@gmail.com> Tue, 05 May 2015 15:10:49 -0600
+
+docker.io (1.6.0+dfsg1-1~exp1) experimental; urgency=medium
+
+ * Update to 1.6.0 upstream release
+ * Adjust "repack.sh" to be more tolerant of "dfsg" suffixes
+
+ -- Tianon Gravi <admwiggin@gmail.com> Thu, 16 Apr 2015 18:00:21 -0600
+
+docker.io (1.6.0~rc7~dfsg1-1~exp1) experimental; urgency=low
+
+ * Update to 1.6.0-rc7 upstream release
+
+ -- Tianon Gravi <admwiggin@gmail.com> Wed, 15 Apr 2015 19:35:46 -0600
+
+docker.io (1.6.0~rc4~dfsg1-1) experimental; urgency=low
+
+ [ Tianon Gravi ]
+ * Update to 1.6.0-rc4 upstream release
+ - drop golang 1.2 support (no longer supported upstream)
+ - update Homepage to https://dockerproject.com
+ - add check-config.sh to /usr/share/docker.io/contrib
+ - add "distribution" as a new multitarball orig
+ - backport auto "btrfs_noversion" patch from
+ https://github.com/docker/docker/pull/12048
+ (simplifying our logic for detecting whether to use it)
+ - switch from dh-golang to direct install since we're not actually using the
+ features it offers (due to upstream's build system)
+ - enable "docker.service" on boot by default for restart policies to work
+
+ [ Felipe Sateler ]
+ * Add Built-Using for glibc (Closes: #769351).
+
+ -- Tianon Gravi <admwiggin@gmail.com> Mon, 06 Apr 2015 17:11:33 -0600
+
+docker.io (1.5.0~dfsg1-1) experimental; urgency=low
+
+ * Update to 1.5.0 upstream release (Closes: #773495)
+ * Remove several patches applied upstream!
+ - 9637-fix-nuke-bashism.patch
+ - enable-non-amd64-arches.patch
+ * Fix btrfs-tools handling to allow for building with btrfs-tools < 1.16.1
+
+ -- Tianon Gravi <admwiggin@gmail.com> Tue, 10 Mar 2015 22:58:49 -0600
+
+docker.io (1.3.3~dfsg1-2) unstable; urgency=medium
+
+ * Add fatal-error-old-kernels.patch to make Docker refuse to start on old,
+ unsupported kernels (Closes: #774376)
+ * Fix dh_auto_clean to clean up after the build properly, especially to avoid
+ FTBFS when built twice (Closes: #774482)
+
+ -- Tianon Gravi <admwiggin@gmail.com> Sat, 03 Jan 2015 00:11:47 -0700
+
+docker.io (1.3.3~dfsg1-1) unstable; urgency=medium
+
+ [ Tianon Gravi ]
+ * Update to 1.3.3 upstream release (Closes: #772909)
+ - Fix for CVE-2014-9356 (Path traversal during processing of absolute
+ symlinks)
+ - Fix for CVE-2014-9357 (Escalation of privileges during decompression of
+ LZMA (.xz) archives)
+ - Fix for CVE-2014-9358 (Path traversal and spoofing opportunities presented
+ through image identifiers)
+ * Fix bashism in nuke-graph-directory.sh (Closes: #772261)
+
+ [ Didier Roche ]
+ * Support starting systemd service without /etc/default/docker
+ (Closes: #770293)
+
+ -- Tianon Gravi <admwiggin@gmail.com> Thu, 18 Dec 2014 21:54:12 -0700
+
+docker.io (1.3.2~dfsg1-1) unstable; urgency=high
+
+ * Severity is set to high due to the sensitive nature of the CVEs this
+ upload fixes.
+ * Update to 1.3.2 upstream release
+ - Fix for CVE-2014-6407 (Archive extraction host privilege escalation)
+ - Fix for CVE-2014-6408 (Security options applied to image could lead
+ to container escalation)
+ * Remove Daniel Mizyrycki from Uploaders. Thanks for all your work!
+
+ -- Paul Tagliamonte <paultag@debian.org> Mon, 24 Nov 2014 19:14:28 -0500
+
+docker.io (1.3.1~dfsg1-2) unstable; urgency=medium
+
+ * Remove deprecated /usr/bin/docker.io symlink
+ - added as a temporary shim in 1.0.0~dfsg1-1 (13 Jun 2014)
+ - unused by package-installed files in 1.2.0~dfsg1-1 (13 Sep 2014)
+
+ -- Tianon Gravi <admwiggin@gmail.com> Fri, 07 Nov 2014 13:11:34 -0700
+
+docker.io (1.3.1~dfsg1-1) unstable; urgency=high
+
+ * Update to 1.3.1 upstream release
+ - fix for CVE-2014-5277
+ - https://groups.google.com/d/topic/docker-user/oYm0i3xShJU/discussion
+
+ -- Tianon Gravi <admwiggin@gmail.com> Mon, 03 Nov 2014 08:26:29 -0700
+
+docker.io (1.3.0~dfsg1-1) unstable; urgency=medium
+
+ * Updated to 1.3.0 upstream release.
+ * Enable systemd socket activation (Closes: #752555).
+
+ -- Tianon Gravi <admwiggin@gmail.com> Fri, 17 Oct 2014 00:56:07 -0600
+
+docker.io (1.2.0~dfsg1-2) unstable; urgency=medium
+
+ * Added "golang-docker-dev" package for the reusable bits of Docker's source.
+
+ -- Tianon Gravi <admwiggin@gmail.com> Thu, 09 Oct 2014 00:08:11 +0000
+
+docker.io (1.2.0~dfsg1-1) unstable; urgency=medium
+
+ * Updated to 1.2.0 upstream release (Closes: #757183, #757023, #757024).
+ * Added upstream man pages.
+ * Updated bash and zsh completions to be installed as "docker" and "_docker".
+ * Updated init scripts to also be installed as "docker".
+ * Fixed "equivalent" typo in README.Debian (Closes: #756395). Thanks Reuben!
+ * Removed "docker.io" mention in README.Debian (Closes: #756290). Thanks
+ Olivier!
+
+ -- Tianon Gravi <admwiggin@gmail.com> Sat, 13 Sep 2014 11:43:17 -0600
+
+docker.io (1.0.0~dfsg1-1) unstable; urgency=medium
+
+ * Updated to 1.0.0 upstream release. Huzzah!
+ * I've removed what is commonly called a `button' of patches against
+ the docker package. Exact patches:
+ - bash-completion-docker.io.patch
+ - systemd-docker.io.patch
+ - sysvinit-provides-docker.io.patch
+ - zsh-completion-docker.io.patch
+ - mkimage-docker.io.patch
+ * I know y'all are guessing why; and the answer's pretty simple -- we're
+ no longer docker.io(1). Since the src:docker package now ships wmdocker(1),
+ we can safely declare a breaks/replaces on the pre-wmdocker version of the
+ package, allowing existing users to safely update, both src:docker and
+ src:docker.io side. This brings us into line with other distros, which
+ now ship wmdocker(1) and docker(1).
+ * As a stop-gap, I'm still shipping a docker.io(1) symlink to allow
+ migration away.
+
+ -- Paul Tagliamonte <paultag@debian.org> Fri, 13 Jun 2014 21:04:53 -0400
+
+docker.io (0.11.1~dfsg1-1) unstable; urgency=medium
+
+ [ Paul Tagliamonte ]
+ * Use EnvironmentFile with the systemd unit file. (Closes: #746774)
+ * Patch out version checking code. (Closes: #747140)
+ * Remove all host checking for non-amd64 host arches. Let docker build
+ and run on all platforms now. (Closes: #747139, #739914)
+
+ [ Tianon Gravi ]
+ * Updated to 0.11.1 upstream release.
+ * Added backported upstream patch for removing RemoteAddr assumptions
+ that cause events to not be delivered to more than one unix socket
+ listener.
+
+ -- Tianon Gravi <admwiggin@gmail.com> Fri, 09 May 2014 17:30:45 -0400
+
+docker.io (0.9.1~dfsg1-2) unstable; urgency=medium
+
+ * Added upstream apparmor patch to fix newer apparmor versions (such as the
+ version appearing in Ubuntu 14.04).
+ * Added mkimage-* docker.io binary name patches (Closes: #740855).
+
+ -- Tianon Gravi <admwiggin@gmail.com> Tue, 08 Apr 2014 23:19:08 -0400
+
+docker.io (0.9.1~dfsg1-1) unstable; urgency=medium
+
+ * Updated to 0.9.1 upstream release (Closes: #743424).
+ * Added cgroupfs-mount dependency (Closes: #742641).
+ * Added Suggests entries for optional features, chiefly lxc (Closes: #742081).
+ * Added notes about "root-equivalence" to README.Debian (Closes: #742387).
+
+ -- Tianon Gravi <admwiggin@gmail.com> Thu, 03 Apr 2014 21:38:30 -0400
+
+docker.io (0.9.0+dfsg1-1) unstable; urgency=medium
+
+ * Updated README.Debian to not be quite so outdated (Closes: #740850).
+ * Updated to 0.9.0 upstream release.
+
+ -- Tianon Gravi <admwiggin@gmail.com> Tue, 11 Mar 2014 22:24:31 -0400
+
+docker.io (0.8.1+dfsg1-1) unstable; urgency=medium
+
+ * Updated to 0.8.1 upstream release.
+
+ -- Tianon Gravi <admwiggin@gmail.com> Tue, 25 Feb 2014 20:56:31 -0500
+
+docker.io (0.8.0+dfsg1-2) unstable; urgency=medium
+
+ [ Tianon Gravi ]
+ * Added more license notes to debian/copyright (Closes: #738627).
+
+ -- Tianon Gravi <admwiggin@gmail.com> Sat, 15 Feb 2014 17:51:58 -0500
+
+docker.io (0.8.0+dfsg1-1) unstable; urgency=medium
+
+ [ Prach Pongpanich ]
+ * Added zsh completion.
+
+ [ Tianon Gravi ]
+ * Updated to 0.8.0 upstream release.
+ * Added vim syntax files in new vim-syntax-docker package.
+ * Added note about minimum recommended kernel version to Description.
+ * Added contrib/*-integration files in /usr/share/docker.io/contrib.
+
+ -- Tianon Gravi <admwiggin@gmail.com> Mon, 10 Feb 2014 20:41:10 -0500
+
+docker.io (0.7.6+dfsg1-1) unstable; urgency=medium
+
+ [ Johan Euphrosine ]
+ * Updated to 0.7.6.
+ * Added dependency to gocapability.
+ * Clean patches.
+
+ [ Tianon Gravi ]
+ * Added contrib/mk* scripts from upstream into /usr/share/docker.io/contrib
+ (Closes: #736068).
+ * Added upstream udev rules file to stop device-mapper devices and mounts from
+ appearing in desktop environments through udisks.
+
+ -- Johan Euphrosine <proppy@google.com> Wed, 22 Jan 2014 22:50:47 -0500
+
+docker.io (0.7.1+dfsg1-1) unstable; urgency=medium
+
+ [ Prach Pongpanich ]
+ * Fixed "docker: command not found" errors while using bash tab completion
+ (Closes: #735372).
+
+ [ Tianon Gravi ]
+ * Updated to 0.7.1 upstream release (while we wait for gocapability to be
+ packaged).
+ * Added xz-utils recommend which is required for decompressing certain images
+ from the index.
+
+ -- Tianon Gravi <admwiggin@gmail.com> Wed, 15 Jan 2014 20:22:34 -0500
+
+docker.io (0.6.7+dfsg1-3) unstable; urgency=medium
+
+ * Fixed FTBFS on non-amd64 platforms by setting the correct GOPATH.
+ * Fixed issues with Docker finding a valid dockerinit (Closes: #734758).
+ * Added aufs-tools dependency.
+
+ -- Tianon Gravi <admwiggin@gmail.com> Thu, 09 Jan 2014 20:10:20 -0500
+
+docker.io (0.6.7+dfsg1-2) unstable; urgency=medium
+
+ * Added iptables dependency required for Docker to start.
+ * Added ca-certificates recommend required for pulling from the index.
+
+ -- Tianon Gravi <admwiggin@gmail.com> Wed, 08 Jan 2014 19:14:02 -0500
+
+docker.io (0.6.7+dfsg1-1) unstable; urgency=medium
+
+ * Initial release (Closes: #706060, #730569)
+ * Document missing licenses in the source tree. Bad, paultag. Thanks
+ alteholz.
+
+ -- Paul Tagliamonte <paultag@debian.org> Tue, 07 Jan 2014 21:06:10 -0500
--- /dev/null
+## Debian CI:
+debian/.gitlab-ci.yml
+debian/.yamllint
+
+## Useless non-doc files:
+engine/docs/.gitignore
+engine/docs/Dockerfile
+engine/docs/Makefile
+engine/docs/touch-up.sh
+
+## generated:
+engine/dockerversion/version_autogen_unix.go
+engine/dockerversion/version_autogen.go
+
+## Tests that cause issues: (and are difficult to patch instead of removing)
+daemon/graphdriver/devmapper/*_test.go
+cmd/docker/daemon_none_test.go
+
+## Privileged tests:
+cli/cli/command/image/build_linux_test.go
+engine/builder/remotecontext/tarsum_test.go
+engine/daemon/graphdriver/devmapper/devmapper_test.go
+engine/daemon/graphdriver/quota/projectquota_test.go
+engine/daemon/graphdriver/vfs/vfs_test.go
+engine/pkg/chrootarchive/archive_test.go
+engine/plugin/manager_linux_test.go
--- /dev/null
+Source: docker.io
+Section: admin
+Priority: optional
+Standards-Version: 4.3.0
+Maintainer: Dmitry Smirnov <onlyjob@debian.org>
+Uploaders: Arnaud Rebillout <arnaud.rebillout@collabora.com>
+ ,Tim Potter <tpot@hpe.com>
+ ,Tianon Gravi <tianon@debian.org>
+ ,Paul Tagliamonte <paultag@debian.org>
+#Build-Conflicts: golang-github-docker-docker-dev
+Build-Depends: debhelper (>= 11~) ,dh-exec ,dh-golang (>= 1.14~)
+ ,bash-completion,
+ ,ca-certificates
+ ,git
+ ,golang-any (>= 2:1.10~)
+ ,go-md2man (>= 1.0.3~)
+ ,gogoprotobuf, libprotobuf-dev
+ ,golang-dbus-dev (>= 4.1.0~)
+ ,golang-etcd-server-dev
+# ,golang-github-appc-cni-dev (>= 0.6.0~)
+ ,golang-github-armon-go-metrics-dev
+ ,golang-github-asaskevich-govalidator-dev
+ ,golang-github-aws-aws-sdk-go-dev
+ ,golang-github-azure-go-ansiterm-dev
+ ,golang-github-blang-semver-dev
+ ,golang-github-boltdb-bolt-dev
+ ,golang-github-bshuster-repo-logrus-logstash-hook-dev
+ ,golang-github-bsphere-le-go-dev
+ ,golang-github-burntsushi-toml-dev
+ ,golang-github-cloudflare-cfssl-dev
+ ,golang-github-containerd-btrfs-dev (>= 0.0~git20180306~)
+ ,golang-github-containerd-cgroups-dev
+ ,golang-github-containerd-console-dev
+ ,golang-github-containerd-fifo-dev
+ ,golang-github-containerd-go-runc-dev
+ ,golang-github-containerd-typeurl-dev
+ ,golang-github-coreos-bbolt-dev (>= 1.3.1-coreos.5-3~)
+ ,golang-github-coreos-go-systemd-dev (>= 17~)
+ ,golang-github-davecgh-go-spew-dev
+ ,golang-github-deckarep-golang-set-dev
+ ,golang-github-denverdino-aliyungo-dev
+ ,golang-github-dgrijalva-jwt-go-dev
+ ,golang-github-dgrijalva-jwt-go-v3-dev
+ ,golang-github-docker-docker-credential-helpers-dev (>= 0.6.1~)
+ ,golang-github-docker-goamz-dev
+ ,golang-github-docker-go-connections-dev (>= 0.3.0~)
+ ,golang-github-docker-go-dev
+ ,golang-github-docker-go-units-dev (>= 0.3.1+git20161130.10.e30f1e7)
+ ,golang-github-docker-libkv-dev
+ ,golang-github-docker-libtrust-dev
+ ,golang-github-docker-notary-dev (>= 0.6.1~) | golang-github-theupdateframework-notary-dev
+ ,golang-github-docker-spdystream-dev
+ ,golang-github-emicklei-go-restful-dev
+ ,golang-github-fluent-fluent-logger-golang-dev (>= 1.3.0~)
+ ,golang-github-flynn-archive-go-shlex-dev
+ ,golang-github-fsnotify-fsnotify-dev
+ ,golang-github-garyburd-redigo-dev
+ ,golang-github-ghodss-yaml-dev
+ ,golang-github-gogo-googleapis-dev
+ ,golang-github-googleapis-gax-go-dev
+ ,golang-github-googleapis-gnostic-dev
+ ,golang-github-google-go-cmp-dev (>= 0.2.0~)
+ ,golang-github-google-gofuzz-dev
+ ,golang-github-google-shlex-dev
+ ,golang-github-gorilla-mux-dev
+ ,golang-github-gotestyourself-gotest.tools-dev
+ ,golang-github-graylog2-go-gelf-dev
+ ,golang-github-gregjones-httpcache-dev
+ ,golang-github-grpc-ecosystem-go-grpc-prometheus-dev
+# ,golang-github-grpc-ecosystem-grpc-gateway-dev
+ ,golang-github-hashicorp-go-msgpack-dev
+ ,golang-github-hashicorp-go-version-dev
+ ,golang-github-hashicorp-memberlist-dev (>= 0.1.0~)
+ ,golang-github-hashicorp-serf-dev
+ ,golang-github-imdario-mergo-dev (>= 0.3.3~)
+ ,golang-github-json-iterator-go-dev (>= 1.1.4~)
+ ,golang-github-kr-pty-dev
+ ,golang-github-mattn-go-shellwords-dev
+ ,golang-github-mattn-go-sqlite3-dev
+ ,golang-github-miekg-dns-dev
+ ,golang-github-miekg-pkcs11-dev
+ ,golang-github-mitchellh-hashstructure-dev
+# ,golang-github-modern-go-concurrent-dev
+ ,golang-github-modern-go-reflect2-dev
+ ,golang-github-mrunalp-fileutils-dev
+ ,golang-github-ncw-swift-dev
+#~ ,golang-github-nvveen-gotty-dev
+ ,golang-github-opencontainers-go-digest-dev
+ ,golang-github-opencontainers-image-spec-dev (>= 1.0.1~)
+ ,golang-github-opencontainers-runc-dev (>= 1.0.0~rc6~)
+ ,golang-github-opencontainers-runtime-tools-dev
+ ,golang-github-opencontainers-selinux-dev
+ ,golang-github-opencontainers-specs-dev (>= 1.0.1~)
+ ,golang-github-opentracing-contrib-go-stdlib-dev
+ ,golang-github-opentracing-opentracing-go-dev
+ ,golang-github-pborman-uuid-dev
+ ,golang-github-peterbourgon-diskv-dev (>= 2.0.1~)
+ ,golang-github-philhofer-fwd-dev
+ ,golang-github-pivotal-golang-clock-dev
+ ,golang-github-pmezard-go-difflib-dev
+ ,golang-github-prometheus-client-golang-dev (>= 0.9.0~)
+ ,golang-github-racksec-srslog-dev
+ ,golang-github-rcrowley-go-metrics-dev
+ ,golang-github-rsc-letsencrypt-dev
+ ,golang-github-samuel-go-zookeeper-dev
+ ,golang-github-satori-go.uuid-dev
+ ,golang-github-seccomp-libseccomp-golang-dev (>= 0.9.0)
+ ,golang-github-sirupsen-logrus-dev (>= 1.0.2~)
+# ,golang-github-spf13-cobra-dev (>= 0.0.2~)
+# ,golang-github-spf13-pflag-dev
+ ,golang-github-stevvooe-ttrpc-dev
+ ,golang-github-tchap-go-patricia-dev
+ ,golang-github-tinylib-msgp-dev
+ ,golang-github-tonistiigi-fifo-dev
+ ,golang-github-ugorji-go-codec-dev
+ ,golang-github-urfave-cli-dev (>= 1.20.0~)
+ ,golang-github-vaughan0-go-ini-dev
+ ,golang-github-vbatts-tar-split-dev
+ ,golang-github-vdemeester-shakers-dev
+ ,golang-github-vishvananda-netlink-dev (>= 1.0.0~)
+ ,golang-github-vishvananda-netns-dev (>= 0.0~git20170707~)
+ ,golang-github-xenolf-lego-dev
+# ,golang-glog-dev
+ ,golang-gocapability-dev
+ ,golang-golang-x-net-dev
+ ,golang-golang-x-oauth2-google-dev | golang-golang-x-oauth2-dev
+ ,golang-golang-x-time-dev
+ ,golang-google-api-dev
+ ,golang-google-cloud-dev
+ ,golang-google-grpc-dev
+ ,golang-gopkg-check.v1-dev
+ ,golang-gopkg-inf.v0-dev
+ ,golang-goprotobuf-dev (>= 0.0~git20151207~)
+ ,golang-go-zfs-dev
+ ,golang-protobuf-extensions-dev
+ ,libapparmor-dev
+ ,libbtrfs-dev | btrfs-progs (<< 4.16.1~)
+ ,libdevmapper-dev
+ ,pkg-config
+ ,procps
+ ,tzdata
+Homepage: https://mobyproject.org
+Vcs-Browser: https://salsa.debian.org/docker-team/docker
+Vcs-Git: https://salsa.debian.org/docker-team/docker.git
+XS-Go-Import-Path: github.com/docker/docker
+
+Package: docker.io
+Architecture: linux-any
+Depends: ${misc:Depends} ,${perl:Depends} ,${shlibs:Depends}
+ ,adduser
+ ,iptables
+ ,lsb-base
+ ,runc (>= 1.0.0~rc6~)
+ ,tini
+Recommends: ${apparmor:Recommends}
+ ,ca-certificates
+ ,cgroupfs-mount
+ ,git
+ ,needrestart (>= 3.1~)
+ ,xz-utils
+Replaces: docker (<< 1.5~) ,docker-containerd ,docker-runc ,golang-libnetwork
+Breaks: docker (<< 1.5~) ,docker-containerd ,docker-runc ,golang-libnetwork
+Conflicts: docker-containerd ,docker-runc ,golang-libnetwork
+Suggests: docker-doc
+ ,aufs-tools
+ ,btrfs-progs
+ ,debootstrap
+ ,e2fsprogs
+ ,rinse
+ ,xfsprogs
+ ,zfs-fuse | zfsutils
+Built-Using: ${libc:Built-Using}, ${misc:Built-Using}
+Description: Linux container runtime
+ Docker complements kernel namespacing with a high-level API which operates at
+ the process level. It runs unix processes with strong guarantees of isolation
+ and repeatability across servers.
+ .
+ Docker is a great building block for automating distributed systems:
+ large-scale web deployments, database clusters, continuous deployment systems,
+ private PaaS, service-oriented architectures, etc.
+ .
+ This package contains the daemon and client. Using docker.io on non-amd64 hosts
+ is not supported at this time. Please be careful when using it on anything
+ besides amd64.
+ .
+ Also, note that kernel version 3.8 or above is required for proper operation of
+ the daemon process, and that any lower versions may have subtle and/or glaring
+ issues.
+
+Package: vim-syntax-docker
+Architecture: all
+Depends: vim, ${misc:Depends}
+Recommends: vim-addon-manager
+Suggests: docker.io
+Description: Docker container engine - Vim highlighting syntax files
+ This package provides syntax files for the Vim editor for editing Dockerfiles
+ from the Docker container engine.
+
+Package: golang-github-docker-docker-dev
+Architecture: all
+Depends: ${misc:Depends}
+ ,golang-github-azure-go-ansiterm-dev
+ ,golang-github-docker-distribution-dev
+ ,golang-github-docker-docker-credential-helpers-dev (>= 0.6.1~)
+ ,golang-github-docker-go-connections-dev
+ ,golang-github-docker-go-units-dev
+ ,golang-github-docker-libkv-dev
+ ,golang-github-fsnotify-fsnotify-dev
+ ,golang-github-gorilla-mux-dev
+ ,golang-github-mattn-go-shellwords-dev
+ ,golang-github-opencontainers-go-digest-dev
+ ,golang-github-opencontainers-image-spec-dev
+ ,golang-github-opencontainers-runc-dev (>= 1.0.0~rc6~)
+ ,golang-github-opencontainers-selinux-dev
+ ,golang-github-pkg-errors-dev
+ ,golang-github-sirupsen-logrus-dev (>= 1.0.2~)
+ ,golang-github-stretchr-testify-dev
+ ,golang-github-tchap-go-patricia-dev
+ ,golang-golang-x-net-dev
+ ,golang-golang-x-sys-dev
+ ,golang-google-grpc-dev
+ ,golang-gopkg-check.v1-dev
+# libnetwork:
+ ,golang-dbus-dev (>= 3~)
+ ,golang-github-burntsushi-toml-dev
+ ,golang-github-deckarep-golang-set-dev
+ ,golang-github-docker-go-events-dev
+ ,golang-github-gogo-protobuf-dev
+ ,golang-github-hashicorp-memberlist-dev (>= 0.1.0~)
+ ,golang-github-hashicorp-serf-dev
+ ,golang-github-vishvananda-netlink-dev (>= 1.0.0~)
+ ,golang-github-vishvananda-netns-dev
+Replaces: golang-docker-dev (<< 1.8.2~ds1-1~)
+ ,golang-github-docker-libnetwork-dev
+Breaks: golang-docker-dev (<< 1.8.2~ds1-1~)
+ ,golang-github-docker-libnetwork-dev
+Provides: golang-github-docker-libnetwork-dev
+Description: reusable Go packages included with Docker
+ These packages are intentionally developed by upstream in such a way that they
+ are reusable to projects outside Docker and only rely on each other or other
+ external dependencies to be built.
+
+Package: golang-docker-dev
+Section: oldlibs
+Architecture: all
+Depends: golang-github-docker-docker-dev, ${misc:Depends}
+Description: Transitional package for golang-github-docker-docker-dev
+ This is a transitional package to ease upgrades to the
+ golang-github-docker-docker-dev package. It can safely be removed.
+
+#Package: golang-github-opencontainers-docker-runc-dev
+#Section: oldlibs
+#Architecture: all
+#Depends: ${misc:Depends}
+# ,golang-github-opencontainers-runc-dev (>= 1.0.0~)
+#Description: Open Container Project - development files (Docker's version)
+# This is a transitional package to ease upgrades to the
+# "golang-github-opencontainers-runc-dev" package. It can safely be removed.
+
+Package: docker-doc
+Provides: docker.io-doc
+Section: doc
+Architecture: all
+Depends: ${misc:Depends}
+Description: Linux container runtime -- documentation
+ Docker complements kernel namespacing with a high-level API which operates at
+ the process level. It runs unix processes with strong guarantees of isolation
+ and repeatability across servers.
+ .
+ Docker is a great building block for automating distributed systems:
+ large-scale web deployments, database clusters, continuous deployment systems,
+ private PaaS, service-oriented architectures, etc.
+ .
+ This package contains the daemon and client. Using docker.io on non-amd64 hosts
+ is not supported at this time. Please be careful when using it on anything
+ besides amd64.
+ .
+ Also, note that kernel version 3.8 or above is required for proper operation of
+ the daemon process, and that any lower versions may have subtle and/or glaring
+ issues.
+ .
+ This package provides documentation for Docker.
--- /dev/null
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: Docker
+Upstream-Contact: Docker, Inc. <support@docker.com>
+Source: https://github.com/docker/docker
+Files-Excluded:
+ .github
+ .gitignore
+ components/packaging
+ vendor/k8s.io/*/third_party/protobuf
+ vendor/archive
+ vendor/cloud.google.com
+ vendor/github.com/agl/ed25519
+ vendor/github.com/armon/go-metrics
+ vendor/github.com/armon/go-radix
+ vendor/github.com/asaskevich/govalidator
+ vendor/github.com/aws/aws-sdk-go
+ vendor/github.com/Azure/azure-sdk-for-go
+ vendor/github.com/Azure/go-ansiterm
+ vendor/github.com/Azure/go-autorest
+ vendor/github.com/beorn7/perks
+ vendor/github.com/blang/semver
+ vendor/github.com/boltdb/bolt
+ vendor/github.com/bshuster-repo/logrus-logstash-hook
+ vendor/github.com/bsphere/le_go
+ vendor/github.com/bugsnag/bugsnag-go
+ vendor/github.com/bugsnag/osext
+ vendor/github.com/bugsnag/panicwrap
+ vendor/github.com/BurntSushi/toml
+ vendor/github.com/cloudflare/cfssl
+ vendor/github.com/codegangsta/cli
+ ~~vendor/github.com/containerd/aufs
+ vendor/github.com/containerd/btrfs
+ vendor/github.com/containerd/cgroups
+ vendor/github.com/containerd/console
+ vendor/github.com/containerd/containerd
+ ~~vendor/github.com/containerd/continuity
+ ~~vendor/github.com/containerd/cri
+ vendor/github.com/containerd/fifo
+ ~~vendor/github.com/containerd/go-cni
+ ~~vendor/github.com/containerd/go-runc
+ ~~vendor/github.com/containerd/ttrpc
+ vendor/github.com/containerd/typeurl
+ ~~vendor/github.com/containerd/zfs
+ ~~vendor/github.com/containernetworking/cni
+ ~~vendor/github.com/containernetworking/plugins
+ vendor/github.com/coreos/etcd
+ vendor/github.com/coreos/go-semver
+ vendor/github.com/coreos/go-systemd
+ vendor/github.com/coreos/pkg
+ vendor/github.com/cpuguy83/go-md2man
+ vendor/github.com/davecgh/go-spew
+ vendor/github.com/deckarep/golang-set
+ vendor/github.com/denverdino/aliyungo
+ vendor/github.com/dgrijalva/jwt-go
+ vendor/github.com/docker/distribution
+ vendor/github.com/docker/docker
+ vendor/github.com/docker/docker-credential-helpers
+ vendor/github.com/docker/go
+ vendor/github.com/docker/goamz
+ vendor/github.com/docker/go-connections
+ vendor/github.com/docker/go-events
+ vendor/github.com/docker/go-metrics
+ vendor/github.com/docker/go-units
+ vendor/github.com/docker/libkv
+ vendor/github.com/docker/libnetwork
+ vendor/github.com/docker/libtrust
+ ~~vendor/github.com/docker/licensing
+ vendor/github.com/docker/spdystream
+ vendor/github.com/docker/swarmkit
+ vendor/github.com/dustin/go-humanize
+ vendor/github.com/emicklei/go-restful
+ ~~vendor/github.com/fernet/fernet-go
+ vendor/github.com/fluent/fluent-logger-golang
+ vendor/github.com/flynn-archive/go-shlex
+ vendor/github.com/fsnotify/fsnotify
+ vendor/github.com/garyburd/redigo
+ vendor/github.com/ghodss/yaml
+ vendor/github.com/go-check/check
+ vendor/github.com/godbus/dbus
+ vendor/github.com/gogo/googleapis
+ vendor/github.com/gogo/protobuf
+ vendor/github.com/go-ini/ini
+ ~~vendor/github.com/golang/gddo
+ vendor/github.com/golang/glog
+ vendor/github.com/golang/protobuf
+ vendor/github.com/googleapis/gax-go
+ vendor/github.com/googleapis/gnostic
+ vendor/github.com/google/btree
+ vendor/github.com/google/certificate-transparency-go
+ vendor/github.com/google/go-cmp
+ vendor/github.com/google/gofuzz
+ vendor/github.com/google/shlex
+ vendor/github.com/gorilla/context
+ vendor/github.com/gorilla/handlers
+ vendor/github.com/gorilla/mux
+ ~~vendor/github.com/Graylog2/go-gelf
+ vendor/github.com/gregjones/httpcache
+ vendor/github.com/grpc-ecosystem/go-grpc-prometheus
+ vendor/github.com/grpc-ecosystem/grpc-gateway
+ ~~vendor/github.com/grpc-ecosystem/grpc-opentracing
+ vendor/github.com/hashicorp/consul
+ vendor/github.com/hashicorp/errwrap
+ ~~vendor/github.com/hashicorp/go-immutable-radix
+ vendor/github.com/hashicorp/golang-lru
+ vendor/github.com/hashicorp/go-memdb
+ vendor/github.com/hashicorp/go-msgpack
+ vendor/github.com/hashicorp/go-multierror
+ vendor/github.com/hashicorp/go-sockaddr
+ vendor/github.com/hashicorp/go-version
+ vendor/github.com/hashicorp/memberlist
+ vendor/github.com/hashicorp/serf
+ vendor/github.com/imdario/mergo
+ vendor/github.com/inconshreveable/mousetrap
+ ~~vendor/github.com/ishidawataru/sctp
+ vendor/github.com/jmespath/go-jmespath
+ vendor/github.com/json-iterator/go
+ vendor/github.com/kr/pty
+ vendor/github.com/mattn/go-shellwords
+ vendor/github.com/matttproud/golang_protobuf_extensions
+ vendor/github.com/Microsoft/go-winio
+ vendor/github.com/Microsoft/hcsshim
+ vendor/github.com/Microsoft/opengcs
+ vendor/github.com/miekg/dns
+ vendor/github.com/miekg/pkcs11
+ vendor/github.com/mistifyio/go-zfs
+ vendor/github.com/mitchellh/hashstructure
+ vendor/github.com/mitchellh/mapstructure
+ ~~vendor/github.com/moby/buildkit
+ vendor/github.com/modern-go/concurrent
+ vendor/github.com/modern-go/reflect2
+ ~~vendor/github.com/morikuni/aec
+ vendor/github.com/ncw/swift
+ ~~vendor/github.com/Nvveen/Gotty
+ vendor/github.com/opencontainers/go-digest
+ vendor/github.com/opencontainers/image-spec
+ vendor/github.com/opencontainers/runc
+ vendor/github.com/opencontainers/runtime-spec
+ vendor/github.com/opencontainers/runtime-tools
+ vendor/github.com/opencontainers/selinux
+ vendor/github.com/opentracing-contrib/go-stdlib
+ vendor/github.com/opentracing/opentracing-go
+ vendor/github.com/pborman/uuid
+ vendor/github.com/peterbourgon/diskv
+ ~~vendor/github.com/phayes/permbits
+ vendor/github.com/philhofer/fwd
+ vendor/github.com/pivotal-golang/clock
+ vendor/github.com/pkg/errors
+ vendor/github.com/pmezard/go-difflib
+ vendor/github.com/prometheus/client_golang
+ vendor/github.com/prometheus/client_model
+ vendor/github.com/prometheus/common
+ vendor/github.com/prometheus/procfs
+ vendor/github.com/RackSec/srslog
+ vendor/github.com/rcrowley/go-metrics
+ vendor/github.com/russross/blackfriday
+ vendor/github.com/samuel/go-zookeeper
+ vendor/github.com/satori/go.uuid
+ vendor/github.com/sean-/seed
+ vendor/github.com/seccomp/libseccomp-golang
+ vendor/github.com/shurcooL/sanitized_anchor_name
+ vendor/github.com/sirupsen/logrus
+ ~~vendor/github.com/spf13/cobra
+ ~~vendor/github.com/spf13/pflag
+ vendor/github.com/stevvooe/resumable
+ vendor/github.com/stretchr/testify
+ vendor/github.com/syndtr/gocapability
+ vendor/github.com/tchap/go-patricia
+ vendor/github.com/theupdateframework/notary
+ vendor/github.com/tinylib/msgp
+ ~~vendor/github.com/tonistiigi/fsutil
+ ~~vendor/github.com/tonistiigi/units
+ vendor/github.com/ugorji/go
+ vendor/github.com/urfave/cli
+ vendor/github.com/vbatts/tar-split
+ vendor/github.com/vdemeester/shakers
+ vendor/github.com/vishvananda/netlink
+ vendor/github.com/vishvananda/netns
+ vendor/github.com/xeipuuv/gojsonpointer
+ vendor/github.com/xeipuuv/gojsonreference
+ vendor/github.com/xeipuuv/gojsonschema
+ vendor/github.com/xenolf/lego
+ vendor/github.com/yvasiyarov/go-metrics
+ vendor/github.com/yvasiyarov/gorelic
+ vendor/github.com/yvasiyarov/newrelic_platform_go
+ vendor/go.etcd.io
+ vendor/golang.org
+ vendor/google.golang.org
+ vendor/go.opencensus.io
+ vendor/gopkg.in
+ vendor/gotest.tools
+ ~~vendor/k8s.io
+ vendor/rsc.io
+ ~~vendor/vbom.ml
+Files-Excluded-containerd:
+ */docs
+Files-Excluded-distribution:
+ */docs
+Comment:
+ Thanks to custom repack script, Files-Excluded section is applied to all
+ components otherwise individual Files-Excluded-{component} sections would
+ contain too much duplication.
+
+Files: *
+Copyright: 2012-2018 Docker, Inc. <support@docker.com>
+License: Apache-2.0
+
+Files:
+ cli/contrib/completion/zsh/*
+Copyright: 2013-2014 Felix Riedel
+License: BSD-3-clause-Generic
+
+Files:
+ engine/contrib/init/openrc/docker.initd
+Copyright: 1999-2013 Gentoo Foundation
+License: GPL-2
+
+Files:
+ engine/contrib/selinux-fedora-24/docker-engine-selinux/*
+ engine/contrib/selinux-oraclelinux-7/docker-engine-selinux/*
+Copyright: 2012-2016 Docker Inc.
+License: GPL-2
+Comment: No explicit copyright statement; assuming upstream copyright.
+
+Files:
+ engine/contrib/syntax/vim/*
+Copyright: 2013 Honza Pokorny
+License: BSD-2-clause
+
+Files:
+ engine/pkg/symlink/fs.go
+Copyright: 2014-2016 The Docker & Go Authors
+License: BSD-3-clause-Google
+
+Files:
+ */vendor/github.com/bugsnag/osext/osext*
+ */vendor/github.com/containerd/continuity/sysx/asm.s
+Copyright:
+ 2008 Google Inc.
+ 2014-2016 The Go Authors
+License: BSD-3-clause-Google
+
+Files:
+ */vendor/github.com/containernetworking/plugins/*
+Copyright: 2015-2017 CNI authors
+License: Apache-2.0
+
+Files:
+ */vendor/github.com/docker/licensing
+Copyright: 2013-2017 Docker, Inc.
+License: Apache-2.0
+
+Files:
+ */vendor/github.com/fernet/fernet-go/*
+Copyright: 2013 Keith Rarick
+License: Expat
+
+Files:
+ */vendor/github.com/Graylog2/go-gelf/*
+Copyright: 2012 SocialCode
+License: Expat
+
+Files:
+ */vendor/github.com/grpc-ecosystem/grpc-opentracing/*
+Copyright: 2016, gRPC Ecosystem
+License: BSD-3-clause-GRPC-Opentracing
+
+Files:
+ */vendor/github.com/ishidawataru/sctp/*
+Copyright: N/A
+License: Apache-2.0
+Comment: The upstream distribution does not contain an explicit statement of
+ copyright ownership. Pursuant to the Berne Convention for the Protection of
+ Literary and Artistic Works, it is assumed that all content is copyright by
+ its respective authors unless otherwise stated.
+ .
+ https://github.com/ishidawataru/sctp/issues/23
+
+Files:
+ vendor/github.com/morikuni/aec/*
+Copyright: 2016 Taihei Morikuni
+License: Expat
+
+Files:
+ */vendor/github.com/Nvveen/Gotty/*
+Copyright: 2012 Neal van Veen <nealvanveen@gmail.com>
+License: BSD-2-clause~freebsd
+
+Files:
+ */vendor/github.com/phayes/permbits/*
+Copyright: 2016 Patrick D Hayes
+License: Expat
+
+Files:
+ */vendor/github.com/spf13/cobra/*
+Copyright:
+ 2013 Steve Francia <spf@spf13.com>
+ 2015 Red Hat Inc.
+ 2016 French Ben
+License: Apache-2.0
+
+Files:
+ */vendor/github.com/spf13/pflag/*
+Copyright:
+ 2012 The Go Authors
+ 2012–2015 Alex Ogier <alex.ogier@gmail.com>
+License: BSD-3-clause-Google
+
+Files:
+ */vendor/github.com/tonistiigi/fsutil/*
+Copyright: 2017 Tõnis Tiigi <tonistiigi@gmail.com>
+License: Expat
+
+Files:
+ */vendor/github.com/yvasiyarov/*
+Copyright:
+ 2012 Richard Crowley
+ 2013 Yuriy Vasiyarov
+License: BSD-2-clause
+
+Files:
+ vendor/gotest.tools/*
+Copyright: 2018 gotest.tools authors
+License: Apache-2.0
+
+Files:
+ vendor/gotest.tools/internal/difflib/*
+Copyright: 2013 Patrick Mezard
+License: BSD-3-clause-Generic
+
+Files:
+ */vendor/k8s.io/*
+Copyright: 2014-2018 The Kubernetes Authors.
+License: Apache-2.0
+
+Files:
+ */vendor/k8s.io/apimachinery/third_party/forked/golang/reflect/deep_equal.go
+Copyright: 2009 The Go Authors
+License: BSD-3-clause-Google
+
+Files:
+ */vendor/vbom.ml/util/*
+Copyright: 2015 Frits van Bommel
+License: Expat
+
+Files: debian/*
+Copyright:
+ 2016-2018 Dmitry Smirnov <onlyjob@debian.org>
+ 2013-2014 Daniel Mizyrycki <daniel@docker.com>
+ 2013-2014 Paul Tagliamonte <paultag@debian.org>
+ 2012-2014 Michael Stapelberg <stapelberg@debian.org>
+ 2013-2016 Tianon Gravi <tianon@debian.org>
+ 2013-2014 Johan Euphrosine <proppy@google.com>
+ 2014 Prach Pongpanich <prachpub@gmail.com>
+ 2016 Tim Potter <timothy.potter@hpe.com>
+ 2016 Michael Hudson-Doyle <michael.hudson@ubuntu.com>
+License: Apache-2.0
+
+License: Apache-2.0
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+ http://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian systems, the complete text of the Apache version 2.0 license
+ can be found in "/usr/share/common-licenses/Apache-2.0".
+
+License: BSD-2-clause
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+ .
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+License: BSD-2-clause~freebsd
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+ .
+ 1. Redistributions of source code must retain the above copyright notice, this
+ list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ .
+ The views and conclusions contained in the software and documentation are those
+ of the authors and should not be interpreted as representing official policies,
+ either expressed or implied, of the FreeBSD Project.
+
+License: BSD-3-clause-Generic
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ * Neither the name of the <organization> nor the
+ names of its contributors may be used to endorse or promote products
+ derived from this software without specific prior written permission.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY
+ DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+License: BSD-3-clause-Google
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are
+ met:
+ .
+ * Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above
+ copyright notice, this list of conditions and the following disclaimer
+ in the documentation and/or other materials provided with the
+ distribution.
+ * Neither the name of Google Inc. nor the names of its
+ contributors may be used to endorse or promote products derived from
+ this software without specific prior written permission.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+License: BSD-3-clause-GRPC-Opentracing
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+ .
+ * Redistributions of source code must retain the above copyright notice, this
+ list of conditions and the following disclaimer.
+ .
+ * Redistributions in binary form must reproduce the above copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+ .
+ * Neither the name of grpc-opentracing nor the names of its
+ contributors may be used to endorse or promote products derived from
+ this software without specific prior written permission.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+License: Expat
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+ of this software and associated documentation files (the "Software"), to deal
+ in the Software without restriction, including without limitation the rights
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ copies of the Software, and to permit persons to whom the Software is
+ furnished to do so, subject to the following conditions:
+ .
+ The above copyright notice and this permission notice shall be included in
+ all copies or substantial portions of the Software.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ THE SOFTWARE.
+
+License: GPL-2
+ This file is part of Buildbot. Buildbot is free software: you can
+ redistribute it and/or modify it under the terms of the GNU General Public
+ License as published by the Free Software Foundation, version 2.
+ .
+ This program is distributed in the hope that it will be useful, but WITHOUT
+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ details.
+ .
+ You should have received a copy of the GNU General Public License along with
+ this program; if not, write to the Free Software Foundation, Inc., 51
+ Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ .
+ On Debian systems, the complete text of the GNU GPL v2 license can be found in
+ "/usr/share/common-licenses/GPL-2".
+
+License: ISC
+ Permission to use, copy, modify, and/or distribute this software for
+ any purpose with or without fee is hereby granted, provided that the
+ above copyright notice and this permission notice appear in all
+ copies.
+ ․
+ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
--- /dev/null
+cli/docs/*
+engine/docs/*
+cli/NOTICE containerd/NOTICE engine/NOTICE go-metrics/NOTICE
--- /dev/null
+docker.io (1.11.2~ds1-1) unstable; urgency=medium
+
+ As of src:linux 4.0+ (specifically, >= 3.18-1~exp1), AUFS support is no longer
+ included in official Debian-compiled kernels. What this means to Docker users
+ is that if your existing images are stored within the "AUFS" graph driver that
+ once you update your kernel, your images (and containers) will become
+ inaccessible (due to the kernel not having the necessary aufs modules to mount
+ them). To recover from this, there are a couple options (detailed below).
+
+ 1. Use the included nuke script to blow away your existing "/var/lib/docker"
+ contents and start fresh with Linux 4.0+:
+
+ service docker stop
+ /usr/share/docker.io/contrib/nuke-graph-directory.sh /var/lib/docker
+ service docker start
+
+ 2. Use "docker save" (see "docker help save" for usage) before booting 4.0+ to
+ preserve your images on-disk as tar files, then follow the nuke step from
+ the previous option followed by using "docker load" to re-load your images.
+
+ 3. Update to src:linux >= 4.1.1-1~exp1 ("aufs: Apply patches to enable
+ building aufs out-of-tree"), and then compile the aufs modules out-of-tree
+ (a package for doing this module compilation automatically doesn't yet
+ exist at the time of this writing, but might in the future).
+
+ -- Tianon Gravi <tianon@debian.org> Tue, 01 Dec 2015 01:02:44 -0800
--- /dev/null
+cli/contrib/completion/bash/docker
--- /dev/null
+etc/docker
--- /dev/null
+# Here in Debian, this file is sourced by:
+# - /etc/init.d/docker (sysvinit)
+# - /etc/init/docker (upstart)
+# - systemd's docker.service
+
+# Use of this file for configuring your Docker daemon is discouraged.
+
+# The recommended alternative is "/etc/docker/daemon.json", as described in:
+# https://docs.docker.com/v1.11/engine/reference/commandline/daemon/#daemon-configuration-file
+
+# If that does not suit your needs, try a systemd drop-in file, as described in:
+# https://docs.docker.com/v1.11/engine/admin/systemd/#custom-docker-daemon-options
--- /dev/null
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: docker
+# Required-Start: $syslog $remote_fs
+# Required-Stop: $syslog $remote_fs
+# Should-Start: cgroupfs-mount cgroup-lite
+# Should-Stop: cgroupfs-mount cgroup-lite
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Create lightweight, portable, self-sufficient containers.
+# Description:
+# Docker is an open-source project to easily create lightweight, portable,
+# self-sufficient containers from any application. The same container that a
+# developer builds and tests on a laptop can run at scale, in production, on
+# VMs, bare metal, OpenStack clusters, public clouds and more.
+### END INIT INFO
+
+NAME=$(basename $(readlink -f "$0"))
+DAEMON=/usr/sbin/dockerd
+# This is the pid file managed by docker itself
+DOCKER_PIDFILE=/var/run/$NAME.pid
+# This is the pid file created/managed by start-stop-daemon
+DOCKER_SSD_PIDFILE=/var/run/$NAME-ssd.pid
+DOCKER_LOGFILE=/var/log/$NAME.log
+DOCKER_OPTS=
+DOCKER_DESC="Docker"
+
+# Exit if executable is not installed
+[ -x "$DAEMON" ] || exit 0
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
+# Define LSB log_* functions.
+. /lib/lsb/init-functions || exit 1
+
+fail_unless_root() {
+ if [ "$(id -u)" != '0' ]; then
+ log_failure_msg "$DOCKER_DESC must be run as root"
+ exit 1
+ fi
+}
+
+cgroupfs_mount() {
+ # see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount
+ if grep -v '^#' /etc/fstab | grep -q cgroup \
+ || [ ! -e /proc/cgroups ] \
+ || [ ! -d /sys/fs/cgroup ]; then
+ return
+ fi
+ if ! mountpoint -q /sys/fs/cgroup; then
+ mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup
+ fi
+ (
+ cd /sys/fs/cgroup
+ for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do
+ mkdir -p $sys
+ if ! mountpoint -q $sys; then
+ if ! mount -n -t cgroup -o $sys cgroup $sys; then
+ rmdir $sys || true
+ fi
+ fi
+ done
+ )
+}
+
+case "$1" in
+ start)
+ fail_unless_root
+
+ cgroupfs_mount
+
+ touch "$DOCKER_LOGFILE"
+ chgrp docker "$DOCKER_LOGFILE"
+
+ ulimit -n 1048576
+
+ # Having non-zero limits causes performance problems due to accounting overhead
+ # in the kernel. We recommend using cgroups to do container-local accounting.
+ if [ "$BASH" ]; then
+ ulimit -u unlimited
+ else
+ ulimit -p unlimited
+ fi
+
+ log_begin_msg "Starting $DOCKER_DESC: $NAME"
+ $0 status >>/dev/null \
+ || start-stop-daemon --start --background \
+ --no-close \
+ --exec "$DAEMON" \
+ --pidfile "$DOCKER_SSD_PIDFILE" \
+ --make-pidfile \
+ -- \
+ -p "$DOCKER_PIDFILE" \
+ $DOCKER_OPTS \
+ >> "$DOCKER_LOGFILE" 2>&1
+ log_end_msg $?
+ ;;
+
+ stop)
+ fail_unless_root
+ if [ -f "$DOCKER_SSD_PIDFILE" ]; then
+ log_begin_msg "Stopping $DOCKER_DESC: $NAME"
+ start-stop-daemon --stop --pidfile "$DOCKER_SSD_PIDFILE" --remove-pidfile --retry 10
+ log_end_msg $?
+ else
+ log_warning_msg "Docker already stopped - file $DOCKER_SSD_PIDFILE not found."
+ fi
+ ;;
+
+ restart)
+ fail_unless_root
+ docker_pid=`cat "$DOCKER_SSD_PIDFILE" 2>/dev/null`
+ [ -n "$docker_pid" ] \
+ && ps -p $docker_pid > /dev/null 2>&1 \
+ && $0 stop
+ $0 start
+ ;;
+
+ force-reload)
+ fail_unless_root
+ $0 restart
+ ;;
+
+ status)
+ status_of_proc -p "$DOCKER_SSD_PIDFILE" "$DAEMON" "$DOCKER_DESC"
+ ;;
+
+ *)
+ echo "Usage: service docker {start|stop|restart|status}"
+ exit 1
+ ;;
+esac
--- /dev/null
+../engine/contrib/init/systemd/docker.service
\ No newline at end of file
--- /dev/null
+../engine/contrib/init/systemd/docker.socket
\ No newline at end of file
--- /dev/null
+../engine/contrib/udev/80-docker.rules
\ No newline at end of file
--- /dev/null
+engine/README.md
+engine/ROADMAP.md
--- /dev/null
+#!/usr/bin/dh-exec
+
+.gopath/src/github.com/docker/cli/build/* /usr/bin/
+.gopath/src/github.com/docker/docker/bundles/dynbinary-daemon/dockerd-${DOCKER_VERSION} => usr/sbin/dockerd
+
+engine/contrib/*-integration usr/share/docker.io/contrib/
+engine/contrib/check-config.sh usr/share/docker.io/contrib/
+engine/contrib/mk* usr/share/docker.io/contrib/
+engine/contrib/nuke-graph-directory.sh usr/share/docker.io/contrib/
+
+cli/contrib/completion/zsh/_docker usr/share/zsh/vendor-completions/
+
+
+## libnetwork
+.gopath/bin/proxy => usr/sbin/docker-proxy
+.gopath/bin/ovrouter usr/sbin
+.gopath/bin/dnet usr/bin
+
+## containerd:
+.gopath/bin/containerd => usr/bin/docker-containerd
+.gopath/bin/containerd-shim => usr/bin/docker-containerd-shim
+.gopath/bin/ctr => usr/bin/docker-containerd-ctr
+
+## runc
+##.gopath/bin/runc => usr/bin/docker-runc
--- /dev/null
+/usr/sbin/runc /usr/sbin/docker-runc
+/usr/bin/tini-static /usr/bin/docker-init
--- /dev/null
+docker.io: spelling-error-in-binary
+docker.io: spelling-error-in-manpage
+docker.io: manpage-has-errors-from-man
--- /dev/null
+mv_conffile /etc/bash_completion.d/docker.io /etc/bash_completion.d/docker 1.2.0~
+mv_conffile /etc/default/docker.io /etc/default/docker 1.2.0~
+mv_conffile /etc/init.d/docker.io /etc/init.d/docker 1.2.0~
+mv_conffile /etc/init/docker.io.conf /etc/init/docker.conf 1.2.0~
+rm_conffile /etc/bash_completion.d/docker 1.11.2~
+rm_conffile /etc/init/docker.conf 18.06.0~
--- /dev/null
+.gopath/src/github.com/docker/cli/man/man*/*
--- /dev/null
+#!/bin/sh
+set -e
+
+case "$1" in
+ configure)
+ if [ -z "$2" ]; then
+ if ! getent group docker >>/dev/null 2>&1 ; then
+ addgroup --quiet --system docker
+ fi
+ fi
+
+ # Ensure config directory permissions
+ # On a fresh install, $2 = '' and dpkg "le-nl" treat that as a
+ # greater version, so the body is not executed.
+ if dpkg --compare-versions "$2" le-nl '1.11.2~ds1-1'; then
+ if [ "$(stat -c '%a' /etc/docker)" = '700' ]; then
+ chmod 0755 /etc/docker
+ fi
+ fi
+ ;;
+ abort-*)
+ # How'd we get here??
+ exit 1
+ ;;
+ *)
+ ;;
+esac
+
+#DEBHELPER#
--- /dev/null
+#!/bin/sh
+set -e
+
+#DEBHELPER#
+
+case "$1" in
+ purge)
+ # if we have our saved "nuke-graph-directory.sh", let's use it
+ # see also docker.io.prerm
+ if [ -x /var/lib/docker/nuke-graph-directory.sh ]; then
+ /var/lib/docker/nuke-graph-directory.sh /var/lib/docker
+ fi
+ ;;
+
+ *)
+ ;;
+esac
--- /dev/null
+#!/bin/sh
+set -e
+
+case "$1" in
+ remove)
+ # if we're removing, we need to save "nuke-graph-directory.sh" so that
+ # we can still purge "/var/lib/docker" later if necessary
+ # see also docker.io.postrm
+ if \
+ [ -d /var/lib/docker ] \
+ && [ -x /usr/share/docker.io/contrib/nuke-graph-directory.sh ] \
+ ; then
+ if cp -v /usr/share/docker.io/contrib/nuke-graph-directory.sh /var/lib/docker/; then
+ chmod +x /var/lib/docker/nuke-graph-directory.sh || :
+ fi
+ fi
+ ;;
+
+ *)
+ ;;
+esac
+
+#DEBHELPER#
--- /dev/null
+[DEFAULT]
+cleaner = fakeroot debian/rules clean
+pristine-tar = True
+merge = False
+debian-tag = %(version)s
+
+[buildpackage]
+export-dir = ../build-area/
+tarball-dir = ../tarballs/
+
+[dch]
+id-length = 0
+meta = True
+auto = True
+full = True
--- /dev/null
+#!/bin/bash
+: <<=cut
+
+=head1 DESCRIPTION
+
+This script is called by uscan(1) as per "debian/watch" to download Multi
+Upstream Tarball (MUT) components.
+
+=head1 COPYRIGHT
+
+Copyright: 2018 Dmitry Smirnov <onlyjob@member.fsf.org>
+
+=head1 LICENSE
+
+License: GPL-3+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+ .
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+=cut
+
+set -e
+set -u
+
+if [ "$1" = '--upstream-version' ]; then
+ version="$2"
+else
+ printf "E: missing argument '--upstream-version'.\n" 1>&2
+ exit 1
+fi
+
+export XZ_OPT="-6v"
+DEB_SOURCE="$( dpkg-parsechangelog -SSource )"
+#DEB_VERSION="$( dpkg-parsechangelog -SVersion )"
+filename="$( readlink -f ../${DEB_SOURCE}_${version}.orig.tar.xz )"
+[ -s "${filename}" ] || exit 1
+
+get_vendor_tree() {
+ # Get the list of vendor directories. For github.com repositories, we want to descend
+ # 2 levels down the directory, so that we get a list of go packages.
+ local top_dirs=""
+ local github_dirs=""
+
+ for dir in "$@"; do
+ if [ -d $dir ]; then
+ top_dirs="$top_dirs $dir"
+ fi
+ if [ -d $dir/github.com ]; then
+ github_dirs="$github_dirs $dir/github.com"
+ fi
+ done
+
+ local top_vendored_dirs=$( find $top_dirs -mindepth 1 -maxdepth 1 -type d | grep -v 'github.com' )
+ local github_vendored_dirs=$( find $github_dirs -mindepth 2 -maxdepth 2 -type d )
+ printf "${top_vendored_dirs}\n${github_vendored_dirs}" \
+ | sed 's;^.*/vendor/;vendor/;' \
+ | sort
+}
+
+drop_files_excluded() {
+ local work_dir
+ for work_dir in $@; do
+ perl -0nE 'say $1 if m{^Files\-Excluded:\s*(.*?)(?:\n\n|^Files|^Comment)}sm;' debian/copyright \
+ | ( cd "${work_dir}" && xargs --no-run-if-empty rm -rf )
+ done
+ if [ -d "${work_dir}"/vendor ]; then
+ find "${work_dir}"/vendor -mindepth 1 -type d -empty -delete -printf 'removed %p\n'
+ fi
+}
+
+## extract main tarball:
+work_dir="$( mktemp -d -t get-orig-source_${DEB_SOURCE}_XXXXXXXX )"
+trap "rm -rf '${work_dir}'" EXIT
+tar -xf "${filename}" -C "${work_dir}"
+
+## Docker specific:
+vendored_dirs="$(get_vendor_tree ${work_dir}/*/components/*/vendor)"
+drop_files_excluded "${work_dir}"/*/components/*
+
+#### Move components one level up
+( cd "${work_dir}"/*/components && mv * ../ ) \
+&& rmdir "${work_dir}"/*/components
+
+( cd "${work_dir}" && tar -caf "${filename}" . )
+
+## fetch Docker components:
+for I in docker/go-events docker/go-metrics docker/libnetwork docker/distribution docker/swarmkit containerd/containerd; do
+ printf ":: Processing ${I}\n" 1>&2
+ URL="github.com/${I}"
+ REV=$( grep "${URL}" "${work_dir}"/*/engine/vendor.conf | head -1 | awk '{print $2}' )
+ if [ -z "${REV}" ]; then
+ printf "E: could not find commit for ${I}\n" 1>&2
+ exit 1
+ fi
+ component=${I##*/}
+ FN="$( readlink -f ../${DEB_SOURCE}_${version}.orig-${component}.tar.gz )"
+
+ if [ ! -s "${FN}" ]; then
+ wget --tries=3 --timeout=40 --read-timeout=40 --continue \
+ -O "${FN}" "https://${URL}/archive/${REV}.tar.gz" \
+ || rm -f "${FN}"
+
+ component_dir="$( mktemp -d -t get-orig-source_XXXXXXXX )"
+ mkdir "${component_dir}"/${component}
+ tar -xf "${FN}" -C "${component_dir}"/${component} --strip-components=1
+
+ if [ -d "${component_dir}"/${component}/vendor ]; then
+ vendored_dirs="$(printf '%s\n' ${vendored_dirs} $(get_vendor_tree ${component_dir}/${component}/vendor))"
+ fi
+ drop_files_excluded "${component_dir}"/${component}
+
+ ( cd "${component_dir}" && tar -caf "${FN}" . )
+ rm -rf "${component_dir}"
+
+ mk-origtargz --package ${DEB_SOURCE} --version ${version} \
+ --rename --repack --compression xz --directory .. \
+ --component ${component} --copyright-file debian/copyright \
+ "${FN}"
+ fi
+done
+#####
+
+echo ""
+echo "Here's a tentative list for your Files-Excluded list, in d/copyright."
+echo "Use it with care"
+echo ""
+
+echo "Files-Excluded:"
+echo "${vendored_dirs}" | sort | uniq | sed 's/^/ /'
+
+rm -rf "${work_dir}"
--- /dev/null
+## CLI:
+.gopath/src/github.com/docker/cli/cli/config usr/share/gocode/src/github.com/docker/cli/cli/
+.gopath/src/github.com/docker/cli/opts usr/share/gocode/src/github.com/docker/cli/
+
+
+## Legacy / compatibility with older Docker:
+.gopath/src/github.com/docker/cli/cli/config/* usr/share/gocode/src/github.com/docker/docker/cliconfig/
+#.gopath/src/github.com/docker/cli/cli/config/* usr/share/gocode/src/github.com/docker/docker/cli/config/
+
+
+## Engine
+engine/dockerversion usr/share/gocode/src/github.com/docker/docker/
+.gopath/src/github.com/docker/docker/api usr/share/gocode/src/github.com/docker/docker/
+.gopath/src/github.com/docker/docker/cli usr/share/gocode/src/github.com/docker/docker/
+.gopath/src/github.com/docker/docker/client usr/share/gocode/src/github.com/docker/docker/
+.gopath/src/github.com/docker/docker/errdefs usr/share/gocode/src/github.com/docker/docker/
+.gopath/src/github.com/docker/docker/opts usr/share/gocode/src/github.com/docker/docker/
+.gopath/src/github.com/docker/docker/pkg usr/share/gocode/src/github.com/docker/docker/
+.gopath/src/github.com/docker/docker/reference usr/share/gocode/src/github.com/docker/docker/
+.gopath/src/github.com/docker/docker/registry usr/share/gocode/src/github.com/docker/docker/
+.gopath/src/github.com/docker/docker/runconfig usr/share/gocode/src/github.com/docker/docker/
+
+
+## Libnetwork:
+.gopath/src/github.com/docker/libnetwork/datastore usr/share/gocode/src/github.com/docker/libnetwork/
+.gopath/src/github.com/docker/libnetwork/discoverapi usr/share/gocode/src/github.com/docker/libnetwork/
+.gopath/src/github.com/docker/libnetwork/ipamutils usr/share/gocode/src/github.com/docker/libnetwork/
+.gopath/src/github.com/docker/libnetwork/ns usr/share/gocode/src/github.com/docker/libnetwork/
+.gopath/src/github.com/docker/libnetwork/options usr/share/gocode/src/github.com/docker/libnetwork/
+.gopath/src/github.com/docker/libnetwork/testutils usr/share/gocode/src/github.com/docker/libnetwork/
+.gopath/src/github.com/docker/libnetwork/types usr/share/gocode/src/github.com/docker/libnetwork/
+
+
+## Sub-vendoring:
+engine/vendor/github.com/containerd/continuity/driver usr/share/gocode/src/github.com/docker/docker/vendor/github.com/containerd/continuity/
+engine/vendor/github.com/containerd/continuity/pathdriver usr/share/gocode/src/github.com/docker/docker/vendor/github.com/containerd/continuity/
+
+engine/vendor/github.com/Nvveen/Gotty usr/share/gocode/src/github.com/docker/docker/vendor/github.com/Nvveen/
+
+distribution/reference usr/share/gocode/src/github.com/docker/docker/vendor/github.com/docker/distribution/
+distribution/digestset usr/share/gocode/src/github.com/docker/docker/vendor/github.com/docker/distribution/
--- /dev/null
+#!/bin/bash
+set -eu
+set -o pipefail
+
+goBuildTags='apparmor cgo daemon pkcs11 selinux'
+
+debDir="$PWD/debian"
+
+debVer="$(dpkg-parsechangelog -SVersion)"
+origVer="${debVer%-*}" # strip everything from the last dash
+origVer="$(echo "$origVer" | sed -r 's/^[0-9]+://')" # strip epoch
+upstreamVer="${origVer%%[+~]ds*}"
+upstreamVer="${upstreamVer//[~]/-}"
+
+goImportPath="$(awk -F ': ' '$1 == "XS-Go-Import-Path" { print $2; exit }' debian/control)"
+[ "$goImportPath" ]
+
+upstreamArchiveUri="https://$goImportPath/archive/v${upstreamVer}.tar.gz"
+
+tempDir="$(mktemp -d -t debian-docker-gen-build-depends-XXXXXXXXXX)"
+trap "rm -rf '$tempDir'" EXIT
+cd "$tempDir"
+
+mkdir -p "gopath/src/$goImportPath"
+wget -qO archive.tar.gz "$upstreamArchiveUri"
+tar \
+ --extract \
+ --file archive.tar.gz \
+ --directory "gopath/src/$goImportPath" \
+ --strip-components 1
+export GOPATH="$PWD/gopath:$PWD/gopath/src/$goImportPath/vendor"
+cd "gopath/src/$goImportPath"
+
+IFS=$'\n'
+# get the full list of "docker/docker" Go packages
+goPkgs=( $(go list "$goImportPath/..." | grep -vE "^$goImportPath/vendor/") )
+# get the list of their dependencies, normalized:
+# - skip stdlib, docker/docker
+# - adjust known hosting locations for their top-level repos
+goDeps=( $(
+ go list \
+ -e \
+ -tags "$goBuildTags" \
+ -f '{{ join .Deps "\n" }}{{ "\n" }}{{ join .TestImports "\n" }}' \
+ "${goPkgs[@]}" \
+ | grep -vE '^$' \
+ | grep -vE '^[^/]+$' \
+ | grep -vE "^$goImportPath/" \
+ | sort -u \
+ | xargs \
+ go list \
+ -e \
+ -f '{{ if not .Standard }}{{ .ImportPath }}{{ end }}' \
+ | grep -vE '^$' \
+ | sed -r \
+ -e 's!^(github.com/[^/]+/[^/]+)/.*$!\1!' \
+ -e 's!^(golang.org/x/[^/]+)/.*$!\1!' \
+ -e 's!^(google.golang.org/[^/]+)/.*$!\1!' \
+ -e 's!^(gopkg.in/[^/]+)/.*$!\1!' \
+ | sort -u
+) )
+unset IFS
+
+# converts a given "goPkg" into the relevant Debian "-dev" package name
+debian_pkg() {
+ local goPkg="$1"
+ local domain="${goPkg%%/*}"
+ domain="${domain%%.*}"
+ local goPkgPath="${goPkg#*/}"
+ local package="golang-$domain-${goPkgPath//\//-}-dev"
+ package="${package,,}"
+ echo "$package"
+}
+
+# converts "gitRepo" and "gitRef" into a concrete version number
+git_version() {
+ local goPkg="$1"; shift
+ local gitRepo="$1"; shift
+ local gitRef="$1"; shift
+
+ [ "$gitRef" ] || return
+
+ local gitSnapshotPrefix='0.0~git'
+
+ # normalize a few "special" cases
+ case "$goPkg=$gitRef" in
+ github.com/docker/go=*-*-*-*)
+ # turn "v1.5.1-1-1-gbaf439e" into "v1.5.1-1" so we can "ls-remote" and generate via commit instead of version
+ local remoteCommit="$(git ls-remote "$gitRepo" "refs/tags/${gitRef%-*-*}" | cut -d$'\t' -f1)"
+ if [ "$remoteCommit" ]; then
+ gitRef="$remoteCommit"
+ fi
+ ;;
+
+ github.com/docker/libnetwork=v0.7.2-rc.1)
+ # TODO get newer version in the archive
+ gitRef='v0.7.0~rc.6'
+ ;;
+
+ github.com/docker/distribution=467fc068d88aa6610691b7f1a677271a3fac4aac)
+ # TODO get newer version in the archive (467fc068d88aa6610691b7f1a677271a3fac4aac really corresponds to v2.5.0-rc.1+)
+ gitRef='v2.4.1'
+ ;;
+
+ github.com/agl/ed25519=*)
+ gitSnapshotPrefix='0~'
+ ;;
+
+ github.com/docker/containerd=*|github.com/opencontainers/runc=*)
+ # attempt to resolve commit to tag
+ local remoteTag="$(git ls-remote --tags "$gitRepo" | awk -F '[\t/]' '$1 == "'"$gitRef"'" { print $4; exit }')"
+ if [ "$remoteTag" ]; then
+ gitRef="$remoteTag"
+ fi
+ # TODO get newer (compatible) versions of each of these into the archive
+ case "$goPkg" in
+ github.com/docker/containerd)
+ gitRef='v0.2.1'
+ ;;
+ github.com/opencontainers/runc)
+ gitRef='v0.1.0'
+ ;;
+ esac
+ ;;
+ esac
+
+ case "$gitRef" in
+ v[0-9]*|[0-9].*)
+ echo "${gitRef#v}"
+ return
+ ;;
+ esac
+
+ local commitDate
+ case "$goPkg" in
+ github.com/*)
+ # for GitHub repos, we can shortcut the date calculation (saves a _lot_ of time)
+ local githubPatchUri="https://$goPkg/commit/$gitRef.patch"
+ commitDate="$(wget -qO- "$githubPatchUri" | awk -F ': ' '$1 == "Date" { print $2 }' | tail -1)"
+ # ".patch" returns potentially multiple commits, so we want the final "Date:" value, hence the "tail -1"
+ ;;
+
+ *)
+ mkdir -p "$tempDir/git/$goPkg"
+ git clone --quiet "$gitRepo" "$tempDir/git/$goPkg"
+ local commitUnix="$(git -C "$tempDir/git/$goPkg" log -1 --format='%at' "$gitRef" --)"
+ commitDate="@$commitUnix"
+ ;;
+ esac
+ [ "$commitDate" ]
+ commitDate="$(TZ=UTC date --date="$commitDate" +'%Y%m%d')"
+ echo "$gitSnapshotPrefix$commitDate"
+}
+
+declare -A transitionals=(
+ [golang-github-agl-ed25519-dev]='golang-ed25519-dev'
+ [golang-github-coreos-etcd-dev]='golang-etcd-server-dev'
+ [golang-github-go-check-check-dev]='golang-gopkg-check.v1-dev'
+ [golang-github-godbus-dbus-dev]='golang-dbus-dev'
+ [golang-github-golang-protobuf-dev]='golang-goprotobuf-dev'
+ [golang-github-miekg-dns-dev]='golang-dns-dev'
+ [golang-github-mistifyio-go-zfs-dev]='golang-go-zfs-dev'
+ [golang-github-syndtr-gocapability-dev]='golang-gocapability-dev'
+ [golang-github-ugorji-go-dev]='golang-github-ugorji-go-codec-dev'
+ [golang-gopkg-fsnotify.v1-dev]='golang-github-fsnotify-fsnotify-dev'
+
+ # golang-golang-x-oauth2 version 0.0~git20161103.0.36bc617-2 introduced a separate google/ package
+ [golang-golang-x-oauth2-dev]='golang-golang-x-oauth2-google-dev'
+)
+
+for goDep in "${goDeps[@]}"; do
+ if grep -q "^vendor/src/$goDep\$" "$debDir"/repack/keep/* 2>/dev/null; then
+ # skip vendored deps we don't remove
+ continue
+ fi
+
+ debPkg="$(debian_pkg "$goDep")"
+
+ gitRepoRef="$(awk '$1 == "clone" && $2 == "git" && $3 == "'"$goDep"'" { print ($5 && $5 != "#" ? $5 : "") "=" $4; exit }' hack/vendor.sh)"
+ gitRepo="${gitRepoRef%=*}"
+ gitRef="${gitRepoRef##$gitRepo=}"
+ : "${gitRepo:=https://$goDep}"
+
+ debVer="$(git_version "$goDep" "$gitRepo" "$gitRef")"
+
+ # deal with "golang-dns-dev" and friends of that nature
+ transitional="${transitionals[$debPkg]:-}"
+ if [ "$transitional" ]; then
+ echo -n "$transitional${debVer:+ (>= ${debVer}~)} | "
+ fi
+
+ echo "$debPkg${debVer:+ (>= ${debVer}~)},"
+done | sort
--- /dev/null
+#!/bin/bash
+set -e
+
+uVersion="$1"
+dVersion="$2"
+
+if [ -z "$uVersion" ]; then
+ uVersion="$(cat VERSION)"
+fi
+if [ -z "$dVersion" ]; then
+ dVersion="$(dpkg-parsechangelog --show-field Version)"
+fi
+
+if [ "${uVersion%-dev}" = "$uVersion" ]; then
+ # this is a straight-up release! easy-peasy
+ exec awk -F ': ' '$1 == "'"$uVersion"'" { print $2 }' debian/upstream-version-gitcommits
+fi
+
+# must be a nightly, so let's look for clues about what the git commit is
+
+if git rev-parse &> /dev/null; then
+ # well, this will be easy ;)
+ exec git rev-parse --short HEAD
+fi
+
+if [ "${dVersion#*+*+}" != "$dVersion" ]; then
+ # must be something like "1.1.2+10013+8c38a3d-1~utopic1" (nightly!)
+ commit="${dVersion#*+*+}"
+ commit="${commit%%-*}"
+ exec echo "$commit"
+fi
+
+# unknown...
+echo >&2 'warning: unable to determine DOCKER_GITCOMMIT'
--- /dev/null
+From: Arnaud Rebillout <arnaud.rebillout@collabora.com>
+Date: Tue, 22 Jan 2019 12:22:52 +0700
+Subject: Build against google-grpc 1.11, where md.Get() does not exist.
+
+This patch is based on the commit that introduced md.Get() in google-grpc:
+<https://github.com/grpc/grpc-go/commit/291de7f0>.
+
+Please drop this patch as soon as we build docker against google-grpc >= 1.12.
+
+Origin: vendor, Debian
+Forwarded: not-needed, Debian-specific
+Signed-off-by: Arnaud Rebillout <arnaud.rebillout@collabora.com>
+---
+ client/buildid/metadata.go | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/cli/vendor/github.com/moby/buildkit/client/buildid/metadata.go
++++ b/cli/vendor/github.com/moby/buildkit/client/buildid/metadata.go
+@@ -2,6 +2,7 @@
+
+ import (
+ "context"
++ "strings"
+
+ "google.golang.org/grpc/metadata"
+ )
+@@ -21,7 +22,8 @@
+ return ""
+ }
+
+- if ids := md.Get(metadataKey); len(ids) == 1 {
++ k := strings.ToLower(metadataKey)
++ if ids := md[k]; len(ids) == 1 {
+ return ids[0]
+ }
+
+--- a/engine/vendor/github.com/moby/buildkit/client/buildid/metadata.go
++++ b/engine/vendor/github.com/moby/buildkit/client/buildid/metadata.go
+@@ -2,6 +2,7 @@
+
+ import (
+ "context"
++ "strings"
+
+ "google.golang.org/grpc/metadata"
+ )
+@@ -21,7 +22,8 @@
+ return ""
+ }
+
+- if ids := md.Get(metadataKey); len(ids) == 1 {
++ k := strings.ToLower(metadataKey)
++ if ids := md[k]; len(ids) == 1 {
+ return ids[0]
+ }
+
--- /dev/null
+Description: fix man pages build
+Author: Arnaud Rebillout <arnaud.rebillout@collabora.com>
+Forwarded: not-needed
+Last-Update: 2018-04-03
+
+--- a/cli/scripts/docs/generate-man.sh
++++ b/cli/scripts/docs/generate-man.sh
+@@ -3,9 +3,9 @@
+ set -eu -o pipefail
+
+ mkdir -p ./man/man1
+
+-go install ./vendor/github.com/cpuguy83/go-md2man
++#go install ./vendor/github.com/cpuguy83/go-md2man
+
+ # Generate man pages from cobra commands
+ go build -o /tmp/gen-manpages github.com/docker/cli/man
+ /tmp/gen-manpages --root "$(pwd)" --target "$(pwd)/man/man1"
--- /dev/null
+From: Kir Kolyshkin <kolyshkin@gmail.com>
+Date: Tue, 9 Oct 2018 23:36:04 -0700
+Subject: [PATCH] cli/registry: fix a Debugf statement
+
+Fix this warning from go-1.11
+
+> cli/registry/client/fetcher.go:234: Debugf format %s has arg
+> repoEndpoint of wrong type client.repositoryEndpoint
+
+Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
+Origin: upstream, https://github.com/docker/cli/commit/51848bf
+---
+ cli/registry/client/fetcher.go | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/cli/cli/registry/client/fetcher.go
++++ b/cli/cli/registry/client/fetcher.go
+@@ -231,7 +231,7 @@
+ repoEndpoint := repositoryEndpoint{endpoint: endpoint, info: repoInfo}
+ repo, err := c.getRepositoryForReference(ctx, namedRef, repoEndpoint)
+ if err != nil {
+- logrus.Debugf("error with repo endpoint %s: %s", repoEndpoint, err)
++ logrus.Debugf("error %s with repo endpoint %+v", err, repoEndpoint)
+ if _, ok := err.(ErrHTTPProto); ok {
+ continue
+ }
--- /dev/null
+From: Brian Goff <cpuguy83@gmail.com>
+Date: Thu, 30 May 2019 11:15:09 -0700
+Subject: [PATCH] Pass root to chroot to for chroot Untar
+
+This is useful for preventing CVE-2018-15664 where a malicious container
+process can take advantage of a race on symlink resolution/sanitization.
+
+Before this change chrootarchive would chroot to the destination
+directory which is attacker controlled. With this patch we always chroot
+to the container's root which is not attacker controlled.
+
+Signed-off-by: Brian Goff <cpuguy83@gmail.com>
+Origin: upstream, https://github.com/moby/moby/pull/39292
+---
+ daemon/archive.go | 7 ++-
+ pkg/chrootarchive/archive.go | 24 ++++++--
+ pkg/chrootarchive/archive_unix.go | 34 ++++++++++--
+ pkg/chrootarchive/archive_windows.go | 2 +-
+ 5 files changed, 55 insertions(+), 12 deletions(-)
+
+diff --git a/engine/daemon/archive.go b/engine/daemon/archive.go
+index 9c7971b56ea3..9f56ca750392 100644
+--- a/engine/daemon/archive.go
++++ b/engine/daemon/archive.go
+@@ -31,11 +31,12 @@ type archiver interface {
+ }
+
+ // helper functions to extract or archive
+-func extractArchive(i interface{}, src io.Reader, dst string, opts *archive.TarOptions) error {
++func extractArchive(i interface{}, src io.Reader, dst string, opts *archive.TarOptions, root string) error {
+ if ea, ok := i.(extractor); ok {
+ return ea.ExtractArchive(src, dst, opts)
+ }
+- return chrootarchive.Untar(src, dst, opts)
++
++ return chrootarchive.UntarWithRoot(src, dst, opts, root)
+ }
+
+ func archivePath(i interface{}, src string, opts *archive.TarOptions) (io.ReadCloser, error) {
+@@ -367,7 +368,7 @@ func (daemon *Daemon) containerExtractToDir(container *container.Container, path
+ }
+ }
+
+- if err := extractArchive(driver, content, resolvedPath, options); err != nil {
++ if err := extractArchive(driver, content, resolvedPath, options, container.BaseFS.Path()); err != nil {
+ return err
+ }
+
+diff --git a/engine/pkg/chrootarchive/archive.go b/engine/pkg/chrootarchive/archive.go
+index 2d9d662830b7..7ebca3774c3d 100644
+--- a/engine/pkg/chrootarchive/archive.go
++++ b/engine/pkg/chrootarchive/archive.go
+@@ -27,18 +27,34 @@ func NewArchiver(idMapping *idtools.IdentityMapping) *archive.Archiver {
+ // The archive may be compressed with one of the following algorithms:
+ // identity (uncompressed), gzip, bzip2, xz.
+ func Untar(tarArchive io.Reader, dest string, options *archive.TarOptions) error {
+- return untarHandler(tarArchive, dest, options, true)
++ return untarHandler(tarArchive, dest, options, true, dest)
++}
++
++// UntarWithRoot is the same as `Untar`, but allows you to pass in a root directory
++// The root directory is the directory that will be chrooted to.
++// `dest` must be a path within `root`, if it is not an error will be returned.
++//
++// `root` should set to a directory which is not controlled by any potentially
++// malicious process.
++//
++// This should be used to prevent a potential attacker from manipulating `dest`
++// such that it would provide access to files outside of `dest` through things
++// like symlinks. Normally `ResolveSymlinksInScope` would handle this, however
++// sanitizing symlinks in this manner is inherrently racey:
++// ref: CVE-2018-15664
++func UntarWithRoot(tarArchive io.Reader, dest string, options *archive.TarOptions, root string) error {
++ return untarHandler(tarArchive, dest, options, true, root)
+ }
+
+ // UntarUncompressed reads a stream of bytes from `archive`, parses it as a tar archive,
+ // and unpacks it into the directory at `dest`.
+ // The archive must be an uncompressed stream.
+ func UntarUncompressed(tarArchive io.Reader, dest string, options *archive.TarOptions) error {
+- return untarHandler(tarArchive, dest, options, false)
++ return untarHandler(tarArchive, dest, options, false, dest)
+ }
+
+ // Handler for teasing out the automatic decompression
+-func untarHandler(tarArchive io.Reader, dest string, options *archive.TarOptions, decompress bool) error {
++func untarHandler(tarArchive io.Reader, dest string, options *archive.TarOptions, decompress bool, root string) error {
+ if tarArchive == nil {
+ return fmt.Errorf("Empty archive")
+ }
+@@ -69,5 +85,5 @@ func untarHandler(tarArchive io.Reader, dest string, options *archive.TarOptions
+ r = decompressedArchive
+ }
+
+- return invokeUnpack(r, dest, options)
++ return invokeUnpack(r, dest, options, root)
+ }
+diff --git a/engine/pkg/chrootarchive/archive_unix.go b/engine/pkg/chrootarchive/archive_unix.go
+index 5df8afd66205..96f07c4bb4d6 100644
+--- a/engine/pkg/chrootarchive/archive_unix.go
++++ b/engine/pkg/chrootarchive/archive_unix.go
+@@ -10,6 +10,7 @@ import (
+ "io"
+ "io/ioutil"
+ "os"
++ "path/filepath"
+ "runtime"
+
+ "github.com/docker/docker/pkg/archive"
+@@ -30,11 +31,21 @@ func untar() {
+ fatal(err)
+ }
+
+- if err := chroot(flag.Arg(0)); err != nil {
++ dst := flag.Arg(0)
++ var root string
++ if len(flag.Args()) > 1 {
++ root = flag.Arg(1)
++ }
++
++ if root == "" {
++ root = dst
++ }
++
++ if err := chroot(root); err != nil {
+ fatal(err)
+ }
+
+- if err := archive.Unpack(os.Stdin, "/", options); err != nil {
++ if err := archive.Unpack(os.Stdin, dst, options); err != nil {
+ fatal(err)
+ }
+ // fully consume stdin in case it is zero padded
+@@ -45,7 +56,7 @@ func untar() {
+ os.Exit(0)
+ }
+
+-func invokeUnpack(decompressedArchive io.Reader, dest string, options *archive.TarOptions) error {
++func invokeUnpack(decompressedArchive io.Reader, dest string, options *archive.TarOptions, root string) error {
+
+ // We can't pass a potentially large exclude list directly via cmd line
+ // because we easily overrun the kernel's max argument/environment size
+@@ -57,7 +68,21 @@ func invokeUnpack(decompressedArchive io.Reader, dest string, options *archive.T
+ return fmt.Errorf("Untar pipe failure: %v", err)
+ }
+
+- cmd := reexec.Command("docker-untar", dest)
++ if root != "" {
++ relDest, err := filepath.Rel(root, dest)
++ if err != nil {
++ return err
++ }
++ if relDest == "." {
++ relDest = "/"
++ }
++ if relDest[0] != '/' {
++ relDest = "/" + relDest
++ }
++ dest = relDest
++ }
++
++ cmd := reexec.Command("docker-untar", dest, root)
+ cmd.Stdin = decompressedArchive
+
+ cmd.ExtraFiles = append(cmd.ExtraFiles, r)
+@@ -69,6 +94,7 @@ func invokeUnpack(decompressedArchive io.Reader, dest string, options *archive.T
+ w.Close()
+ return fmt.Errorf("Untar error on re-exec cmd: %v", err)
+ }
++
+ //write the options to the pipe for the untar exec to read
+ if err := json.NewEncoder(w).Encode(options); err != nil {
+ w.Close()
+diff --git a/engine/pkg/chrootarchive/archive_windows.go b/engine/pkg/chrootarchive/archive_windows.go
+index f2973132a391..bd5712c5c04c 100644
+--- a/engine/pkg/chrootarchive/archive_windows.go
++++ b/engine/pkg/chrootarchive/archive_windows.go
+@@ -14,7 +14,7 @@ func chroot(path string) error {
+
+ func invokeUnpack(decompressedArchive io.ReadCloser,
+ dest string,
+- options *archive.TarOptions) error {
++ options *archive.TarOptions, root string) error {
+ // Windows is different to Linux here because Windows does not support
+ // chroot. Hence there is no point sandboxing a chrooted process to
+ // do the unpack. We call inline instead within the daemon process.
--- /dev/null
+From: Brian Goff <cpuguy83@gmail.com>
+Date: Thu, 30 May 2019 14:55:52 -0700
+Subject: [PATCH] Add chroot for tar packing operations
+
+Previously only unpack operations were supported with chroot.
+This adds chroot support for packing operations.
+This prevents potential breakouts when copying data from a container.
+
+Signed-off-by: Brian Goff <cpuguy83@gmail.com>
+Origin: upstream, https://github.com/moby/moby/pull/39292
+---
+ daemon/archive.go | 8 +--
+ daemon/export.go | 2 +-
+ pkg/chrootarchive/archive.go | 8 +++
+ pkg/chrootarchive/archive_unix.go | 98 +++++++++++++++++++++++++-
+ pkg/chrootarchive/archive_windows.go | 7 ++
+ pkg/chrootarchive/init_unix.go | 1 +
+ 6 files changed, 117 insertions(+), 7 deletions(-)
+
+diff --git a/engine/daemon/archive.go b/engine/daemon/archive.go
+index 9f56ca750392..109376b4b566 100644
+--- a/engine/daemon/archive.go
++++ b/engine/daemon/archive.go
+@@ -39,11 +39,11 @@ func extractArchive(i interface{}, src io.Reader, dst string, opts *archive.TarO
+ return chrootarchive.UntarWithRoot(src, dst, opts, root)
+ }
+
+-func archivePath(i interface{}, src string, opts *archive.TarOptions) (io.ReadCloser, error) {
++func archivePath(i interface{}, src string, opts *archive.TarOptions, root string) (io.ReadCloser, error) {
+ if ap, ok := i.(archiver); ok {
+ return ap.ArchivePath(src, opts)
+ }
+- return archive.TarWithOptions(src, opts)
++ return chrootarchive.Tar(src, opts, root)
+ }
+
+ // ContainerCopy performs a deprecated operation of archiving the resource at
+@@ -239,7 +239,7 @@ func (daemon *Daemon) containerArchivePath(container *container.Container, path
+ sourceDir, sourceBase := driver.Dir(resolvedPath), driver.Base(resolvedPath)
+ opts := archive.TarResourceRebaseOpts(sourceBase, driver.Base(absPath))
+
+- data, err := archivePath(driver, sourceDir, opts)
++ data, err := archivePath(driver, sourceDir, opts, container.BaseFS.Path())
+ if err != nil {
+ return nil, nil, err
+ }
+@@ -433,7 +433,7 @@ func (daemon *Daemon) containerCopy(container *container.Container, resource str
+ archive, err := archivePath(driver, basePath, &archive.TarOptions{
+ Compression: archive.Uncompressed,
+ IncludeFiles: filter,
+- })
++ }, container.BaseFS.Path())
+ if err != nil {
+ return nil, err
+ }
+diff --git a/engine/daemon/export.go b/engine/daemon/export.go
+index 27bc35967d22..01593f4e8a4f 100644
+--- a/engine/daemon/export.go
++++ b/engine/daemon/export.go
+@@ -70,7 +70,7 @@ func (daemon *Daemon) containerExport(container *container.Container) (arch io.R
+ Compression: archive.Uncompressed,
+ UIDMaps: daemon.idMapping.UIDs(),
+ GIDMaps: daemon.idMapping.GIDs(),
+- })
++ }, basefs.Path())
+ if err != nil {
+ rwlayer.Unmount()
+ return nil, err
+diff --git a/engine/pkg/chrootarchive/archive.go b/engine/pkg/chrootarchive/archive.go
+index 7ebca3774c3d..6ff61e6a767a 100644
+--- a/engine/pkg/chrootarchive/archive.go
++++ b/engine/pkg/chrootarchive/archive.go
+@@ -87,3 +87,11 @@ func untarHandler(tarArchive io.Reader, dest string, options *archive.TarOptions
+
+ return invokeUnpack(r, dest, options, root)
+ }
++
++// Tar tars the requested path while chrooted to the specified root.
++func Tar(srcPath string, options *archive.TarOptions, root string) (io.ReadCloser, error) {
++ if options == nil {
++ options = &archive.TarOptions{}
++ }
++ return invokePack(srcPath, options, root)
++}
+diff --git a/engine/pkg/chrootarchive/archive_unix.go b/engine/pkg/chrootarchive/archive_unix.go
+index 96f07c4bb4d6..ea2879dc002f 100644
+--- a/engine/pkg/chrootarchive/archive_unix.go
++++ b/engine/pkg/chrootarchive/archive_unix.go
+@@ -12,9 +12,11 @@ import (
+ "os"
+ "path/filepath"
+ "runtime"
++ "strings"
+
+ "github.com/docker/docker/pkg/archive"
+ "github.com/docker/docker/pkg/reexec"
++ "github.com/pkg/errors"
+ )
+
+ // untar is the entry-point for docker-untar on re-exec. This is not used on
+@@ -24,7 +26,7 @@ func untar() {
+ runtime.LockOSThread()
+ flag.Parse()
+
+- var options *archive.TarOptions
++ var options archive.TarOptions
+
+ //read the options from the pipe "ExtraFiles"
+ if err := json.NewDecoder(os.NewFile(3, "options")).Decode(&options); err != nil {
+@@ -45,7 +47,7 @@ func untar() {
+ fatal(err)
+ }
+
+- if err := archive.Unpack(os.Stdin, dst, options); err != nil {
++ if err := archive.Unpack(os.Stdin, dst, &options); err != nil {
+ fatal(err)
+ }
+ // fully consume stdin in case it is zero padded
+@@ -57,6 +59,9 @@ func untar() {
+ }
+
+ func invokeUnpack(decompressedArchive io.Reader, dest string, options *archive.TarOptions, root string) error {
++ if root == "" {
++ return errors.New("must specify a root to chroot to")
++ }
+
+ // We can't pass a potentially large exclude list directly via cmd line
+ // because we easily overrun the kernel's max argument/environment size
+@@ -112,3 +117,92 @@ func invokeUnpack(decompressedArchive io.Reader, dest string, options *archive.T
+ }
+ return nil
+ }
++
++func tar() {
++ runtime.LockOSThread()
++ flag.Parse()
++
++ src := flag.Arg(0)
++ var root string
++ if len(flag.Args()) > 1 {
++ root = flag.Arg(1)
++ }
++
++ if root == "" {
++ root = src
++ }
++
++ if err := realChroot(root); err != nil {
++ fatal(err)
++ }
++
++ var options archive.TarOptions
++ if err := json.NewDecoder(os.Stdin).Decode(&options); err != nil {
++ fatal(err)
++ }
++
++ rdr, err := archive.TarWithOptions(src, &options)
++ if err != nil {
++ fatal(err)
++ }
++ defer rdr.Close()
++
++ if _, err := io.Copy(os.Stdout, rdr); err != nil {
++ fatal(err)
++ }
++
++ os.Exit(0)
++}
++
++func invokePack(srcPath string, options *archive.TarOptions, root string) (io.ReadCloser, error) {
++ if root == "" {
++ return nil, errors.New("root path must not be empty")
++ }
++
++ relSrc, err := filepath.Rel(root, srcPath)
++ if err != nil {
++ return nil, err
++ }
++ if relSrc == "." {
++ relSrc = "/"
++ }
++ if relSrc[0] != '/' {
++ relSrc = "/" + relSrc
++ }
++
++ // make sure we didn't trim a trailing slash with the call to `Rel`
++ if strings.HasSuffix(srcPath, "/") && !strings.HasSuffix(relSrc, "/") {
++ relSrc += "/"
++ }
++
++ cmd := reexec.Command("docker-tar", relSrc, root)
++
++ errBuff := bytes.NewBuffer(nil)
++ cmd.Stderr = errBuff
++
++ tarR, tarW := io.Pipe()
++ cmd.Stdout = tarW
++
++ stdin, err := cmd.StdinPipe()
++ if err != nil {
++ return nil, errors.Wrap(err, "error getting options pipe for tar process")
++ }
++
++ if err := cmd.Start(); err != nil {
++ return nil, errors.Wrap(err, "tar error on re-exec cmd")
++ }
++
++ go func() {
++ err := cmd.Wait()
++ err = errors.Wrapf(err, "error processing tar file: %s", errBuff)
++ tarW.CloseWithError(err)
++ }()
++
++ if err := json.NewEncoder(stdin).Encode(options); err != nil {
++ stdin.Close()
++ return nil, errors.Wrap(err, "tar json encode to pipe failed")
++ }
++ stdin.Close()
++
++ return tarR, nil
++}
+diff --git a/engine/pkg/chrootarchive/archive_windows.go b/engine/pkg/chrootarchive/archive_windows.go
+index bd5712c5c04c..de87113e9544 100644
+--- a/engine/pkg/chrootarchive/archive_windows.go
++++ b/engine/pkg/chrootarchive/archive_windows.go
+@@ -20,3 +20,10 @@ func invokeUnpack(decompressedArchive io.ReadCloser,
+ // do the unpack. We call inline instead within the daemon process.
+ return archive.Unpack(decompressedArchive, longpath.AddPrefix(dest), options)
+ }
++
++func invokePack(srcPath string, options *archive.TarOptions, root string) (io.ReadCloser, error) {
++ // Windows is different to Linux here because Windows does not support
++ // chroot. Hence there is no point sandboxing a chrooted process to
++ // do the pack. We call inline instead within the daemon process.
++ return archive.TarWithOptions(srcPath, options)
++}
+diff --git a/engine/pkg/chrootarchive/init_unix.go b/engine/pkg/chrootarchive/init_unix.go
+index a15e4bb83c40..c24fea7d9c13 100644
+--- a/engine/pkg/chrootarchive/init_unix.go
++++ b/engine/pkg/chrootarchive/init_unix.go
+@@ -14,6 +14,7 @@ import (
+ func init() {
+ reexec.Register("docker-applyLayer", applyLayer)
+ reexec.Register("docker-untar", untar)
++ reexec.Register("docker-tar", tar)
+ }
+
+ func fatal(err error) {
--- /dev/null
+From: Tonis Tiigi <tonistiigi@gmail.com>
+Date: Wed, 6 Feb 2019 11:58:40 -0800
+Subject: [PATCH] gitutils: add validation for ref
+
+Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
+(cherry picked from commit 723b107ca4fba14580a6cd971e63d8af2e7d2bbe)
+Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
+Origin: upstream, https://github.com/moby/moby/pull/38944
+---
+ builder/remotecontext/git/gitutils.go | 7 ++++++-
+ builder/remotecontext/git/gitutils_test.go | 21 ++++++++++++++++++---
+ 2 files changed, 24 insertions(+), 4 deletions(-)
+
+diff --git a/engine/builder/remotecontext/git/gitutils.go b/engine/builder/remotecontext/git/gitutils.go
+index 77a45beff31c..6213963db2e1 100644
+--- a/engine/builder/remotecontext/git/gitutils.go
++++ b/engine/builder/remotecontext/git/gitutils.go
+@@ -102,6 +102,11 @@ func parseRemoteURL(remoteURL string) (gitRepo, error) {
+ u.Fragment = ""
+ repo.remote = u.String()
+ }
++
++ if strings.HasPrefix(repo.ref, "-") {
++ return gitRepo{}, errors.Errorf("invalid refspec: %s", repo.ref)
++ }
++
+ return repo, nil
+ }
+
+@@ -124,7 +129,7 @@ func fetchArgs(remoteURL string, ref string) []string {
+ args = append(args, "--depth", "1")
+ }
+
+- return append(args, "origin", ref)
++ return append(args, "origin", "--", ref)
+ }
+
+ // Check if a given git URL supports a shallow git clone,
+diff --git a/engine/builder/remotecontext/git/gitutils_test.go b/engine/builder/remotecontext/git/gitutils_test.go
+index 8c39679081f1..34dd495b5ca3 100644
+--- a/engine/builder/remotecontext/git/gitutils_test.go
++++ b/engine/builder/remotecontext/git/gitutils_test.go
+@@ -59,7 +59,7 @@ func TestCloneArgsSmartHttp(t *testing.T) {
+ })
+
+ args := fetchArgs(serverURL.String(), "master")
+- exp := []string{"fetch", "--depth", "1", "origin", "master"}
++ exp := []string{"fetch", "--depth", "1", "origin", "--", "master"}
+ assert.Check(t, is.DeepEqual(exp, args))
+ }
+
+@@ -75,13 +75,13 @@ func TestCloneArgsDumbHttp(t *testing.T) {
+ })
+
+ args := fetchArgs(serverURL.String(), "master")
+- exp := []string{"fetch", "origin", "master"}
++ exp := []string{"fetch", "origin", "--", "master"}
+ assert.Check(t, is.DeepEqual(exp, args))
+ }
+
+ func TestCloneArgsGit(t *testing.T) {
+ args := fetchArgs("git://github.com/docker/docker", "master")
+- exp := []string{"fetch", "--depth", "1", "origin", "master"}
++ exp := []string{"fetch", "--depth", "1", "origin", "--", "master"}
+ assert.Check(t, is.DeepEqual(exp, args))
+ }
+
+@@ -276,3 +276,18 @@ func TestValidGitTransport(t *testing.T) {
+ }
+ }
+ }
++
++func TestGitInvalidRef(t *testing.T) {
++ gitUrls := []string{
++ "git://github.com/moby/moby#--foo bar",
++ "git@github.com/moby/moby#--upload-pack=sleep;:",
++ "git@g.com:a/b.git#-B",
++ "git@g.com:a/b.git#with space",
++ }
++
++ for _, url := range gitUrls {
++ _, err := Clone(url)
++ assert.Assert(t, err != nil)
++ assert.Check(t, is.Contains(strings.ToLower(err.Error()), "invalid refspec"))
++ }
++}
--- /dev/null
+From: Sebastiaan van Stijn <github@gone.nl>
+Date: Tue, 2 Jul 2019 13:21:04 +0200
+Subject: [PATCH] TestMaskSecretKeys: add more test-cases
+
+Add tests for
+
+- case-insensitive matching of fields
+- recursive masking
+
+Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
+(cherry picked from commit db5f811216e70bcb4a10e477c1558d6c68f618c5)
+Signed-off-by: Tibor Vass <tibor@docker.com>
+(cherry picked from commit 18dac2cf32faeaada3bd4e8e2bffa576ad4329fe)
+Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
+Origin: upstream, https://github.com/docker/engine/pull/298
+---
+ api/server/middleware/debug_test.go | 30 ++++++++++++++++++++++++++---
+ 1 file changed, 27 insertions(+), 3 deletions(-)
+
+diff --git a/engine/api/server/middleware/debug_test.go b/engine/api/server/middleware/debug_test.go
+index a64b73e0d718..3d78d7e08450 100644
+--- a/engine/api/server/middleware/debug_test.go
++++ b/engine/api/server/middleware/debug_test.go
+@@ -23,7 +23,6 @@ func TestMaskSecretKeys(t *testing.T) {
+ input: map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
+ expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
+ },
+-
+ {
+ path: "/secrets/create?key=val",
+ input: map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
+@@ -32,8 +31,13 @@ func TestMaskSecretKeys(t *testing.T) {
+ {
+ path: "/v1.30/some/other/path",
+ input: map[string]interface{}{
+- "password": "pass",
++ "password": "pass",
++ "secret": "secret",
++ "jointoken": "jointoken",
++ "unlockkey": "unlockkey",
++ "signingcakey": "signingcakey",
+ "other": map[string]interface{}{
++ "password": "pass",
+ "secret": "secret",
+ "jointoken": "jointoken",
+ "unlockkey": "unlockkey",
+@@ -41,8 +45,13 @@ func TestMaskSecretKeys(t *testing.T) {
+ },
+ },
+ expected: map[string]interface{}{
+- "password": "*****",
++ "password": "*****",
++ "secret": "*****",
++ "jointoken": "*****",
++ "unlockkey": "*****",
++ "signingcakey": "*****",
+ "other": map[string]interface{}{
++ "password": "*****",
+ "secret": "*****",
+ "jointoken": "*****",
+ "unlockkey": "*****",
+@@ -50,6 +59,21 @@ func TestMaskSecretKeys(t *testing.T) {
+ },
+ },
+ },
++ {
++ path: "/v1.30/some/other/path",
++ input: map[string]interface{}{
++ "PASSWORD": "pass",
++ "other": map[string]interface{}{
++ "PASSWORD": "pass",
++ },
++ },
++ expected: map[string]interface{}{
++ "PASSWORD": "*****",
++ "other": map[string]interface{}{
++ "PASSWORD": "*****",
++ },
++ },
++ },
+ }
+
+ for _, testcase := range tests {
--- /dev/null
+From: Sebastiaan van Stijn <github@gone.nl>
+Date: Tue, 2 Jul 2019 13:29:24 +0200
+Subject: [PATCH] TestMaskSecretKeys: use subtests
+
+Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
+(cherry picked from commit 32d70c7e21631224674cd60021d3ec908c2d888c)
+Signed-off-by: Tibor Vass <tibor@docker.com>
+(cherry picked from commit ebb542b3f88d7f5551f6b6e1d8d2774a2c166409)
+Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
+Origin: https://github.com/docker/engine/pull/298
+---
+ api/server/middleware/debug_test.go | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/engine/api/server/middleware/debug_test.go b/engine/api/server/middleware/debug_test.go
+index 3d78d7e08450..e19a0ced2fbd 100644
+--- a/engine/api/server/middleware/debug_test.go
++++ b/engine/api/server/middleware/debug_test.go
+@@ -9,26 +9,31 @@ import (
+
+ func TestMaskSecretKeys(t *testing.T) {
+ tests := []struct {
++ doc string
+ path string
+ input map[string]interface{}
+ expected map[string]interface{}
+ }{
+ {
++ doc: "secret create with API version",
+ path: "/v1.30/secrets/create",
+ input: map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
+ expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
+ },
+ {
++ doc: "secret create with API version and trailing slashes",
+ path: "/v1.30/secrets/create//",
+ input: map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
+ expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
+ },
+ {
++ doc: "secret create with query param",
+ path: "/secrets/create?key=val",
+ input: map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
+ expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
+ },
+ {
++ doc: "other paths with API version",
+ path: "/v1.30/some/other/path",
+ input: map[string]interface{}{
+ "password": "pass",
+@@ -60,6 +65,7 @@ func TestMaskSecretKeys(t *testing.T) {
+ },
+ },
+ {
++ doc: "other paths with API version case insensitive",
+ path: "/v1.30/some/other/path",
+ input: map[string]interface{}{
+ "PASSWORD": "pass",
+@@ -77,7 +83,9 @@ func TestMaskSecretKeys(t *testing.T) {
+ }
+
+ for _, testcase := range tests {
+- maskSecretKeys(testcase.input, testcase.path)
+- assert.Check(t, is.DeepEqual(testcase.expected, testcase.input))
++ t.Run(testcase.doc, func(t *testing.T) {
++ maskSecretKeys(testcase.input, testcase.path)
++ assert.Check(t, is.DeepEqual(testcase.expected, testcase.input))
++ })
+ }
+ }
--- /dev/null
+From: Sebastiaan van Stijn <github@gone.nl>
+Date: Tue, 2 Jul 2019 14:21:03 +0200
+Subject: [PATCH] DebugRequestMiddleware: unconditionally scrub data field
+
+Commit 77b8465d7e68ca102d7aae839c7b3fe0ecd28398 added a secret update
+endpoint to allow updating labels on existing secrets. However, when
+implementing the endpoint, the DebugRequestMiddleware was not updated
+to scrub the Data field (as is being done when creating a secret).
+
+When updating a secret (to set labels), the Data field should be either
+`nil` (not set), or contain the same value as the existing secret. In
+situations where the Data field is set, and the `dockerd` daemon is
+running with debugging enabled / log-level debug, the base64-encoded
+value of the secret is printed to the daemon logs.
+
+The docker cli does not have a `docker secret update` command, but
+when using `docker stack deploy`, the docker cli sends the secret
+data both when _creating_ a stack, and when _updating_ a stack, thus
+leaking the secret data if the daemon runs with debug enabled:
+
+1. Start the daemon in debug-mode
+
+ dockerd --debug
+
+2. Initialize swarm
+
+ docker swarm init
+
+3. Create a file containing a secret
+
+ echo secret > my_secret.txt
+
+4. Create a docker-compose file using that secret
+
+ cat > docker-compose.yml <<'EOF'
+ version: "3.3"
+ services:
+ web:
+ image: nginx:alpine
+ secrets:
+ - my_secret
+ secrets:
+ my_secret:
+ file: ./my_secret.txt
+ EOF
+
+5. Deploy the stack
+
+ docker stack deploy -c docker-compose.yml test
+
+6. Verify that the secret is scrubbed in the daemon logs
+
+ DEBU[2019-07-01T22:36:08.170617400Z] Calling POST /v1.30/secrets/create
+ DEBU[2019-07-01T22:36:08.171364900Z] form data: {"Data":"*****","Labels":{"com.docker.stack.namespace":"test"},"Name":"test_my_secret"}
+
+7. Re-deploy the stack to trigger an "update"
+
+ docker stack deploy -c docker-compose.yml test
+
+8. Notice that this time, the Data field is not scrubbed, and the base64-encoded secret is logged
+
+ DEBU[2019-07-01T22:37:35.828819400Z] Calling POST /v1.30/secrets/w3hgvwpzl8yooq5ctnyp71v52/update?version=34
+ DEBU[2019-07-01T22:37:35.829993700Z] form data: {"Data":"c2VjcmV0Cg==","Labels":{"com.docker.stack.namespace":"test"},"Name":"test_my_secret"}
+
+This patch modifies `maskSecretKeys` to unconditionally scrub `Data` fields.
+Currently, only the `secrets` and `configs` endpoints use a field with this
+name, and no other POST API endpoints use a data field, so scrubbing this
+field unconditionally will only scrub requests for those endpoints.
+
+If a new endpoint is added in future where this field should not be scrubbed,
+we can re-introduce more fine-grained (path-specific) handling.
+
+This patch introduces some change in behavior:
+
+- In addition to secrets, requests to create or update _configs_ will
+ now have their `Data` field scrubbed. Generally, the actual data should
+ not be interesting for debugging, so likely will not be problematic.
+ In addition, scrubbing this data for configs may actually be desirable,
+ because (even though they are not explicitely designed for this purpose)
+ configs may contain sensitive data (credentials inside a configuration
+ file, e.g.).
+- Requests that send key/value pairs as a "map" and that contain a
+ key named "data", will see the value of that field scrubbed. This
+ means that (e.g.) setting a `label` named `data` on a config, will
+ scrub/mask the value of that label.
+- Note that this is already the case for any label named `jointoken`,
+ `password`, `secret`, `signingcakey`, or `unlockkey`.
+
+Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
+(cherry picked from commit c7ce4be93ae8edd2da62a588e01c67313a4aba0c)
+Signed-off-by: Tibor Vass <tibor@docker.com>
+(cherry picked from commit 73db8c77bfb2d0cbdf71ce491f3d3e66c9dd5be6)
+Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
+Origin: upstream, https://github.com/docker/engine/pull/298
+---
+ api/server/middleware/debug.go | 24 ++++++++++++++----------
+ api/server/middleware/debug_test.go | 18 ++++++++++++++++++
+ 2 files changed, 32 insertions(+), 10 deletions(-)
+
+diff --git a/engine/api/server/middleware/debug.go b/engine/api/server/middleware/debug.go
+index 2cef1d46c3d3..31165bf91849 100644
+--- a/engine/api/server/middleware/debug.go
++++ b/engine/api/server/middleware/debug.go
+@@ -71,9 +71,22 @@ func maskSecretKeys(inp interface{}, path string) {
+ }
+
+ if form, ok := inp.(map[string]interface{}); ok {
++ scrub := []string{
++ // Note: The Data field contains the base64-encoded secret in 'secret'
++ // and 'config' create and update requests. Currently, no other POST
++ // API endpoints use a data field, so we scrub this field unconditionally.
++ // Change this handling to be conditional if a new endpoint is added
++ // in future where this field should not be scrubbed.
++ "data",
++ "jointoken",
++ "password",
++ "secret",
++ "signingcakey",
++ "unlockkey",
++ }
+ loop0:
+ for k, v := range form {
+- for _, m := range []string{"password", "secret", "jointoken", "unlockkey", "signingcakey"} {
++ for _, m := range scrub {
+ if strings.EqualFold(m, k) {
+ form[k] = "*****"
+ continue loop0
+@@ -81,14 +94,5 @@ func maskSecretKeys(inp interface{}, path string) {
+ }
+ maskSecretKeys(v, path)
+ }
+-
+- // Route-specific redactions
+- if strings.HasSuffix(path, "/secrets/create") {
+- for k := range form {
+- if k == "Data" {
+- form[k] = "*****"
+- }
+- }
+- }
+ }
+ }
+diff --git a/engine/api/server/middleware/debug_test.go b/engine/api/server/middleware/debug_test.go
+index e19a0ced2fbd..361273feda6c 100644
+--- a/engine/api/server/middleware/debug_test.go
++++ b/engine/api/server/middleware/debug_test.go
+@@ -32,6 +32,24 @@ func TestMaskSecretKeys(t *testing.T) {
+ input: map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
+ expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
+ },
++ {
++ doc: "secret update with API version",
++ path: "/v1.30/secrets/mysecret/update",
++ input: map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
++ expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
++ },
++ {
++ doc: "secret update with API version and trailing slashes",
++ path: "/v1.30/secrets/mysecret/update//",
++ input: map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
++ expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
++ },
++ {
++ doc: "secret update with query parameter",
++ path: "/secrets/mysecret/update?version=34",
++ input: map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
++ expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
++ },
+ {
+ doc: "other paths with API version",
+ path: "/v1.30/some/other/path",
--- /dev/null
+From: Sebastiaan van Stijn <github@gone.nl>
+Date: Wed, 3 Jul 2019 16:16:22 +0200
+Subject: [PATCH] DebugRequestMiddleware: Remove path handling
+
+Path-specific rules were removed, so this is no longer used.
+
+Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
+(cherry picked from commit 530e63c1a61b105a6f7fc143c5acb9b5cd87f958)
+Signed-off-by: Tibor Vass <tibor@docker.com>
+(cherry picked from commit f8a0f26843bc5aff33cf9201b75bd4bdbb48a3ad)
+Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
+Origin: upstream, https://github.com/docker/engine/pull/298
+---
+ api/server/middleware/debug.go | 16 +++--------
+ api/server/middleware/debug_test.go | 42 +++--------------------------
+ 2 files changed, 8 insertions(+), 50 deletions(-)
+
+diff --git a/engine/api/server/middleware/debug.go b/engine/api/server/middleware/debug.go
+index 31165bf91849..a02c1bc7de34 100644
+--- a/engine/api/server/middleware/debug.go
++++ b/engine/api/server/middleware/debug.go
+@@ -41,7 +41,7 @@ func DebugRequestMiddleware(handler func(ctx context.Context, w http.ResponseWri
+
+ var postForm map[string]interface{}
+ if err := json.Unmarshal(b, &postForm); err == nil {
+- maskSecretKeys(postForm, r.RequestURI)
++ maskSecretKeys(postForm)
+ formStr, errMarshal := json.Marshal(postForm)
+ if errMarshal == nil {
+ logrus.Debugf("form data: %s", string(formStr))
+@@ -54,18 +54,10 @@ func DebugRequestMiddleware(handler func(ctx context.Context, w http.ResponseWri
+ }
+ }
+
+-func maskSecretKeys(inp interface{}, path string) {
+- // Remove any query string from the path
+- idx := strings.Index(path, "?")
+- if idx != -1 {
+- path = path[:idx]
+- }
+- // Remove trailing / characters
+- path = strings.TrimRight(path, "/")
+-
++func maskSecretKeys(inp interface{}) {
+ if arr, ok := inp.([]interface{}); ok {
+ for _, f := range arr {
+- maskSecretKeys(f, path)
++ maskSecretKeys(f)
+ }
+ return
+ }
+@@ -92,7 +84,7 @@ func maskSecretKeys(inp interface{}, path string) {
+ continue loop0
+ }
+ }
+- maskSecretKeys(v, path)
++ maskSecretKeys(v)
+ }
+ }
+ }
+diff --git a/engine/api/server/middleware/debug_test.go b/engine/api/server/middleware/debug_test.go
+index 361273feda6c..fb1740d54a47 100644
+--- a/engine/api/server/middleware/debug_test.go
++++ b/engine/api/server/middleware/debug_test.go
+@@ -10,49 +10,16 @@ import (
+ func TestMaskSecretKeys(t *testing.T) {
+ tests := []struct {
+ doc string
+- path string
+ input map[string]interface{}
+ expected map[string]interface{}
+ }{
+ {
+- doc: "secret create with API version",
+- path: "/v1.30/secrets/create",
++ doc: "secret/config create and update requests",
+ input: map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
+ expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
+ },
+ {
+- doc: "secret create with API version and trailing slashes",
+- path: "/v1.30/secrets/create//",
+- input: map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
+- expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
+- },
+- {
+- doc: "secret create with query param",
+- path: "/secrets/create?key=val",
+- input: map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
+- expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
+- },
+- {
+- doc: "secret update with API version",
+- path: "/v1.30/secrets/mysecret/update",
+- input: map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
+- expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
+- },
+- {
+- doc: "secret update with API version and trailing slashes",
+- path: "/v1.30/secrets/mysecret/update//",
+- input: map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
+- expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
+- },
+- {
+- doc: "secret update with query parameter",
+- path: "/secrets/mysecret/update?version=34",
+- input: map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
+- expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
+- },
+- {
+- doc: "other paths with API version",
+- path: "/v1.30/some/other/path",
++ doc: "masking other fields (recursively)",
+ input: map[string]interface{}{
+ "password": "pass",
+ "secret": "secret",
+@@ -83,8 +50,7 @@ func TestMaskSecretKeys(t *testing.T) {
+ },
+ },
+ {
+- doc: "other paths with API version case insensitive",
+- path: "/v1.30/some/other/path",
++ doc: "case insensitive field matching",
+ input: map[string]interface{}{
+ "PASSWORD": "pass",
+ "other": map[string]interface{}{
+@@ -102,7 +68,7 @@ func TestMaskSecretKeys(t *testing.T) {
+
+ for _, testcase := range tests {
+ t.Run(testcase.doc, func(t *testing.T) {
+- maskSecretKeys(testcase.input, testcase.path)
++ maskSecretKeys(testcase.input)
+ assert.Check(t, is.DeepEqual(testcase.expected, testcase.input))
+ })
+ }
--- /dev/null
+From 706204124878a97142be511c0c46bcc16b43b0bd Mon Sep 17 00:00:00 2001
+From: Justin Cormack <justin.cormack@docker.com>
+Date: Thu, 25 Jul 2019 15:24:39 +0100
+Subject: [PATCH] Initialize nss libraries in Glibc so that the dynamic
+ libraries are loaded in the host environment not in the chroot from untrusted
+ files.
+
+See also OpenVZ https://github.com/kolyshkin/vzctl/blob/a3f732ef751998913fcf0a11b3e05236b51fd7e9/src/enter.c#L227-L234
+
+Signed-off-by: Justin Cormack <justin.cormack@docker.com>
+Signed-off-by: Tibor Vass <tibor@docker.com>
+(cherry picked from commit a316b10dab79d9298b02c7930958ed52e0ccf4e4)
+---
+ pkg/engine/chrootarchive/archive.go | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/engine/pkg/chrootarchive/archive.go b/engine/pkg/chrootarchive/archive.go
+index 6ff61e6a767a..83ed0c6b2feb 100644
+--- a/engine/pkg/chrootarchive/archive.go
++++ b/engine/pkg/chrootarchive/archive.go
+@@ -4,13 +4,22 @@ import (
+ "fmt"
+ "io"
+ "io/ioutil"
++ "net"
+ "os"
++ "os/user"
+ "path/filepath"
+
+ "github.com/docker/docker/pkg/archive"
+ "github.com/docker/docker/pkg/idtools"
+ )
+
++func init() {
++ // initialize nss libraries in Glibc so that the dynamic libraries are loaded in the host
++ // environment not in the chroot from untrusted files.
++ _, _ = user.Lookup("docker")
++ _, _ = net.LookupHost("localhost")
++}
++
+ // NewArchiver returns a new Archiver which uses chrootarchive.Untar
+ func NewArchiver(idMapping *idtools.IdentityMapping) *archive.Archiver {
+ if idMapping == nil {
--- /dev/null
+From 153d0769a1181bf591a9637fd487a541ec7db1e6 Mon Sep 17 00:00:00 2001
+From: Samuel Karp <skarp@amazon.com>
+Date: Fri, 3 Apr 2020 16:23:18 -0700
+Subject: [PATCH] bridge: disable IPv6 router advertisements
+
+Signed-off-by: Samuel Karp <skarp@amazon.com>
+---
+ libnetwork/drivers/bridge/bridge.go | 6 ++++++
+ libnetwork/drivers/bridge/setup_device.go | 19 +++++++++++++++++++
+ 2 files changed, 25 insertions(+)
+
+diff --git a/drivers/bridge/bridge.go b/drivers/bridge/bridge.go
+index b617ea7bc4..22ee29e238 100644
+--- a/libnetwork/drivers/bridge/bridge.go
++++ b/libnetwork/drivers/bridge/bridge.go
+@@ -679,6 +679,12 @@ func (d *driver) createNetwork(config *networkConfiguration) (err error) {
+ bridgeAlreadyExists := bridgeIface.exists()
+ if !bridgeAlreadyExists {
+ bridgeSetup.queueStep(setupDevice)
++ bridgeSetup.queueStep(setupDefaultSysctl)
++ }
++
++ // For the default bridge, set expected sysctls
++ if config.DefaultBridge {
++ bridgeSetup.queueStep(setupDefaultSysctl)
+ }
+
+ // Even if a bridge exists try to setup IPv4.
+diff --git a/drivers/bridge/setup_device.go b/drivers/bridge/setup_device.go
+index 548ad951df..1343305ae9 100644
+--- a/libnetwork/drivers/bridge/setup_device.go
++++ b/libnetwork/drivers/bridge/setup_device.go
+@@ -2,6 +2,9 @@ package bridge
+
+ import (
+ "fmt"
++ "io/ioutil"
++ "os"
++ "path/filepath"
+
+ "github.com/docker/docker/pkg/parsers/kernel"
+ "github.com/docker/libnetwork/netutils"
+@@ -49,6 +52,22 @@ func setupDevice(config *networkConfiguration, i *bridgeInterface) error {
+ return err
+ }
+
++func setupDefaultSysctl(config *networkConfiguration, i *bridgeInterface) error {
++ // Disable IPv6 router advertisements originating on the bridge
++ sysPath := filepath.Join("/proc/sys/net/ipv6/conf/", config.BridgeName, "accept_ra")
++ if _, err := os.Stat(sysPath); err != nil {
++ logrus.
++ WithField("bridge", config.BridgeName).
++ WithField("syspath", sysPath).
++ Info("failed to read ipv6 net.ipv6.conf.<bridge>.accept_ra")
++ return nil
++ }
++ if err := ioutil.WriteFile(sysPath, []byte{'0', '\n'}, 0644); err != nil {
++ return fmt.Errorf("libnetwork: Unable to disable IPv6 router advertisement: %v", err)
++ }
++ return nil
++}
++
+ // SetupDeviceUp ups the given bridge interface.
+ func setupDeviceUp(config *networkConfiguration, i *bridgeInterface) error {
+ err := i.nlh.LinkSetUp(i.Link)
--- /dev/null
+Author: Tianon Gravi <admwiggin@gmail.com>
+Description: remove convenience copies of cgroupfs-mount in init.d / upstart
+Forwarded: not-needed
+Bug-Debian: https://bugs.debian.org/783143
+
+--- a/engine/contrib/init/sysvinit-debian/docker
++++ b/engine/contrib/init/sysvinit-debian/docker
+@@ -58,39 +58,14 @@
+ exit 1
+ fi
+ }
+
+-cgroupfs_mount() {
+- # see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount
+- if grep -v '^#' /etc/fstab | grep -q cgroup \
+- || [ ! -e /proc/cgroups ] \
+- || [ ! -d /sys/fs/cgroup ]; then
+- return
+- fi
+- if ! mountpoint -q /sys/fs/cgroup; then
+- mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup
+- fi
+- (
+- cd /sys/fs/cgroup
+- for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do
+- mkdir -p $sys
+- if ! mountpoint -q $sys; then
+- if ! mount -n -t cgroup -o $sys cgroup $sys; then
+- rmdir $sys || true
+- fi
+- fi
+- done
+- )
+-}
+-
+ case "$1" in
+ start)
+ check_init
+
+ fail_unless_root
+
+- cgroupfs_mount
+-
+ touch "$DOCKER_LOGFILE"
+ chgrp docker "$DOCKER_LOGFILE"
+
+ ulimit -n 1048576
+--- a/engine/contrib/init/upstart/docker.conf
++++ b/engine/contrib/init/upstart/docker.conf
+@@ -12,31 +12,8 @@
+ respawn
+
+ kill timeout 20
+
+-pre-start script
+- # see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount
+- if grep -v '^#' /etc/fstab | grep -q cgroup \
+- || [ ! -e /proc/cgroups ] \
+- || [ ! -d /sys/fs/cgroup ]; then
+- exit 0
+- fi
+- if ! mountpoint -q /sys/fs/cgroup; then
+- mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup
+- fi
+- (
+- cd /sys/fs/cgroup
+- for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do
+- mkdir -p $sys
+- if ! mountpoint -q $sys; then
+- if ! mount -n -t cgroup -o $sys cgroup $sys; then
+- rmdir $sys || true
+- fi
+- fi
+- done
+- )
+-end script
+-
+ script
+ # modify these in /etc/default/$UPSTART_JOB (/etc/default/docker)
+ DOCKERD=/usr/sbin/dockerd
+ DOCKER_OPTS=
--- /dev/null
+Last-Update: 2019-01-27
+Forwarded: not-needed
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920597
+Author: Dmitry Smirnov <onlyjob@debian.org>
+Description: "fix" containerd executable name.
+
+--- a/engine/hack/make/.binary-setup
++++ b/engine/hack/make/.binary-setup
+@@ -1,9 +1,9 @@
+ #!/usr/bin/env bash
+
+ DOCKER_DAEMON_BINARY_NAME='dockerd'
+ DOCKER_RUNC_BINARY_NAME='runc'
+-DOCKER_CONTAINERD_BINARY_NAME='containerd'
++DOCKER_CONTAINERD_BINARY_NAME='docker-containerd'
+ DOCKER_CONTAINERD_CTR_BINARY_NAME='ctr'
+-DOCKER_CONTAINERD_SHIM_BINARY_NAME='containerd-shim'
++DOCKER_CONTAINERD_SHIM_BINARY_NAME='docker-containerd-shim'
+ DOCKER_PROXY_BINARY_NAME='docker-proxy'
+ DOCKER_INIT_BINARY_NAME='docker-init'
+--- a/engine/daemon/daemon.go
++++ b/engine/daemon/daemon.go
+@@ -978,9 +978,9 @@
+ })
+
+ go d.execCommandGC()
+
+- d.containerd, err = libcontainerd.NewClient(ctx, d.containerdCli, filepath.Join(config.ExecRoot, "containerd"), ContainersNamespace, d)
++ d.containerd, err = libcontainerd.NewClient(ctx, d.containerdCli, filepath.Join(config.ExecRoot, "docker-containerd"), ContainersNamespace, d)
+ if err != nil {
+ return nil, err
+ }
+
+--- a/engine/daemon/daemon_unix.go
++++ b/engine/daemon/daemon_unix.go
+@@ -53,9 +53,9 @@
+
+ const (
+ // DefaultShimBinary is the default shim to be used by containerd if none
+ // is specified
+- DefaultShimBinary = "containerd-shim"
++ DefaultShimBinary = "docker-containerd-shim"
+
+ // DefaultRuntimeBinary is the default runtime to be used by
+ // containerd if none is specified
+ DefaultRuntimeBinary = "runc"
+--- a/engine/libcontainerd/supervisor/remote_daemon.go
++++ b/engine/libcontainerd/supervisor/remote_daemon.go
+@@ -26,9 +26,9 @@
+ healthCheckTimeout = 3 * time.Second
+ shutdownTimeout = 15 * time.Second
+ startupTimeout = 15 * time.Second
+ configFile = "containerd.toml"
+- binaryName = "containerd"
++ binaryName = "docker-containerd"
+ pidFile = "containerd.pid"
+ )
+
+ type pluginConfigs struct {
+--- a/containerd/cmd/containerd-shim/main_unix.go
++++ b/containerd/cmd/containerd-shim/main_unix.go
+@@ -69,9 +69,9 @@
+ flag.StringVar(&criuFlag, "criu", "", "path to criu binary")
+ flag.BoolVar(&systemdCgroupFlag, "systemd-cgroup", false, "set runtime to use systemd-cgroup")
+ // currently, the `containerd publish` utility is embedded in the daemon binary.
+ // The daemon invokes `containerd-shim -containerd-binary ...` with its own os.Executable() path.
+- flag.StringVar(&containerdBinaryFlag, "containerd-binary", "containerd", "path to containerd binary (used for `containerd publish`)")
++ flag.StringVar(&containerdBinaryFlag, "containerd-binary", "docker-containerd", "path to containerd binary (used for `containerd publish`)")
+ flag.Parse()
+ }
+
+ func main() {
+--- a/containerd/runtime/v1/linux/runtime.go
++++ b/containerd/runtime/v1/linux/runtime.go
+@@ -59,9 +59,9 @@
+
+ const (
+ configFilename = "config.json"
+ defaultRuntime = "runc"
+- defaultShim = "containerd-shim"
++ defaultShim = "docker-containerd-shim"
+ )
+
+ func init() {
+ plugin.Register(&plugin.Registration{
+--- a/containerd/runtime/v2/shim/util.go
++++ b/containerd/runtime/v2/shim/util.go
+@@ -29,9 +29,9 @@
+ "github.com/containerd/containerd/namespaces"
+ "github.com/pkg/errors"
+ )
+
+-const shimBinaryFormat = "containerd-shim-%s-%s"
++const shimBinaryFormat = "docker-containerd-shim-%s-%s"
+
+ // Command returns the shim command with the provided args and configuration
+ func Command(ctx context.Context, runtime, containerdAddress, path string, cmdArgs ...string) (*exec.Cmd, error) {
+ ns, err := namespaces.NamespaceRequired(ctx)
--- /dev/null
+Forwarded: not-needed
+Description: FHS compliance.
+
+--- a/engine/contrib/init/systemd/docker.service
++++ b/engine/contrib/init/systemd/docker.service
+@@ -10,9 +10,9 @@
+ # the default is not to use systemd for cgroups because the delegate issues still
+ # exists and systemd currently does not support the cgroup feature set required
+ # for containers run by docker
+ EnvironmentFile=-/etc/default/docker
+-ExecStart=/usr/bin/dockerd -H fd:// $DOCKER_OPTS
++ExecStart=/usr/sbin/dockerd -H fd:// $DOCKER_OPTS
+ ExecReload=/bin/kill -s HUP $MAINPID
+ LimitNOFILE=1048576
+ # Having non-zero Limit*s causes performance problems due to accounting overhead
+ # in the kernel. We recommend using cgroups to do container-local accounting.
+--- a/engine/contrib/init/sysvinit-debian/docker
++++ b/engine/contrib/init/sysvinit-debian/docker
+@@ -21,9 +21,9 @@
+
+ BASE=docker
+
+ # modify these in /etc/default/$BASE (/etc/default/docker)
+-DOCKERD=/usr/bin/dockerd
++DOCKERD=/usr/sbin/dockerd
+ # This is the pid file managed by docker itself
+ DOCKER_PIDFILE=/var/run/$BASE.pid
+ # This is the pid file created/managed by start-stop-daemon
+ DOCKER_SSD_PIDFILE=/var/run/$BASE-ssd.pid
+--- a/engine/contrib/init/upstart/docker.conf
++++ b/engine/contrib/init/upstart/docker.conf
+@@ -37,9 +37,9 @@
+ end script
+
+ script
+ # modify these in /etc/default/$UPSTART_JOB (/etc/default/docker)
+- DOCKERD=/usr/bin/dockerd
++ DOCKERD=/usr/sbin/dockerd
+ DOCKER_OPTS=
+ if [ -f /etc/default/$UPSTART_JOB ]; then
+ . /etc/default/$UPSTART_JOB
+ fi
--- /dev/null
+Last-Update: 2018-06-09
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853258
+Forwarded: not-needed
+Author: Dmitry Smirnov <onlyjob@debian.org>
+Description: remove prompt and delay
+
+--- a/engine/contrib/nuke-graph-directory.sh
++++ b/engine/contrib/nuke-graph-directory.sh
+@@ -27,12 +27,8 @@
+ dir="$(readlink -f "$dir")"
+
+ echo
+ echo "Nuking $dir ..."
+-echo ' (if this is wrong, press Ctrl+C NOW!)'
+-echo
+-
+-( set -x; sleep 10 )
+ echo
+
+ dir_in_dir() {
+ inner="$1"
--- /dev/null
+Author: Paul R. Tagliamonte <paultag@debian.org>
+Last-Update: 2014-05-07
+Description: Use EnvironmentFile with the systemd unit file.
+Bug-Debian: http://bugs.debian.org/746774
+Forwarded: no
+
+--- a/engine/contrib/init/systemd/docker.service
++++ b/engine/contrib/init/systemd/docker.service
+@@ -9,9 +9,10 @@
+ Type=notify
+ # the default is not to use systemd for cgroups because the delegate issues still
+ # exists and systemd currently does not support the cgroup feature set required
+ # for containers run by docker
+-ExecStart=/usr/bin/dockerd -H fd://
++EnvironmentFile=-/etc/default/docker
++ExecStart=/usr/bin/dockerd -H fd:// $DOCKER_OPTS
+ ExecReload=/bin/kill -s HUP $MAINPID
+ LimitNOFILE=1048576
+ # Having non-zero Limit*s causes performance problems due to accounting overhead
+ # in the kernel. We recommend using cgroups to do container-local accounting.
--- /dev/null
+From 33a8ab29ed9e51697772a0642b8d651b9a845532 Mon Sep 17 00:00:00 2001
+From: Pierre Carrier <pierre@meteor.com>, Tianon Gravi <tianon@debian.org>
+Date: Thu, 24 Mar 2016 16:14:30 -0700
+Subject: [PATCH] docker.service: don't limit tasks
+Origin: https://github.com/docker/docker/pull/21491
+
+Signed-off-by: Pierre Carrier <pierre@meteor.com>
+
+--- a/engine/contrib/init/systemd/docker.service
++++ b/engine/contrib/init/systemd/docker.service
+@@ -18,9 +18,9 @@
+ LimitNPROC=infinity
+ LimitCORE=infinity
+ # Uncomment TasksMax if your systemd version supports it.
+ # Only systemd 226 and above support this version.
+-#TasksMax=infinity
++TasksMax=infinity
+ TimeoutStartSec=0
+ # set delegate yes so that systemd does not reset the cgroups of docker containers
+ Delegate=yes
+ # kill only the docker process, not all processes in the cgroup
--- /dev/null
+From: Mattias Jernberg <nostrad@gmail.com>
+Date: Wed, 5 Dec 2018 19:35:17 +0100
+Subject: mkimage: Fix Debian security presence check
+
+Add Location following since security redirects to security-cdn and caused the repository to be added on Debian unstable.
+
+Signed-off-by: Mattias Jernberg <nostrad@gmail.com>
+Origin: upstream, https://github.com/docker/engine/commit/8db5403
+---
+ contrib/mkimage/debootstrap | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/engine/contrib/mkimage/debootstrap b/engine/contrib/mkimage/debootstrap
+index 9f7d8987ad2a..a919429b0bde 100755
+--- a/engine/contrib/mkimage/debootstrap
++++ b/engine/contrib/mkimage/debootstrap
+@@ -193,7 +193,7 @@ if [ -z "$DONT_TOUCH_SOURCES_LIST" ]; then
+ case "$lsbDist" in
+ debian)
+ # updates and security!
+- if curl -o /dev/null -s --head --fail "http://security.debian.org/dists/$suite/updates/main/binary-$(rootfs_chroot dpkg --print-architecture)/Packages.gz"; then
++ if curl -o /dev/null -s --head --location --fail "http://security.debian.org/dists/$suite/updates/main/binary-$(rootfs_chroot dpkg --print-architecture)/Packages.gz"; then
+ (
+ set -x
+ sed -i "
--- /dev/null
+Last-Update: 2018-06-18
+Forwarded: not-needed
+Author: Dmitry Smirnov <onlyjob@debian.org>
+Description: prevents test-time installation that causes FTBFS.
+~~~~
+ go test net: open /usr/lib/go-1.10/pkg/linux_amd64/net.a: permission denied
+~~~~
+
+--- a/engine/hack/test/unit
++++ b/engine/hack/test/unit
+@@ -18,12 +18,8 @@
+
+ exclude_paths="/vendor/|/integration"
+ pkg_list=$(go list $TESTDIRS | grep -vE "($exclude_paths)")
+
+-# install test dependencies once before running tests for each package. This
+-# significantly reduces the runtime.
+-go test -i "${BUILDFLAGS[@]}" $pkg_list
+-
+ for pkg in $pkg_list; do
+ go test "${BUILDFLAGS[@]}" \
+ -cover \
+ -coverprofile=profile.out \
--- /dev/null
+Origin: upstream, https://github.com/docker/go-metrics/commit/db152003892af64a8a892e1ee49edf8b6580a657.patch
+Forarded: not-needed
+Description: fixes FTBFS
+ vendor/github.com/docker/go-metrics/timer.go:39:17:
+ cannot use lt.m.WithLabelValues(labels...) (type prometheus.Observer) as type prometheus.Histogram in field value:
+ prometheus.Observer does not implement prometheus.Histogram (missing Collect method)
+
+--- a/go-metrics/timer.go
++++ b/go-metrics/timer.go
+@@ -47,9 +47,9 @@
+ lt.m.Collect(c)
+ }
+
+ type timer struct {
+- m prometheus.Histogram
++ m prometheus.Observer
+ }
+
+ func (t *timer) Update(duration time.Duration) {
+ t.m.Observe(duration.Seconds())
+@@ -59,10 +59,15 @@
+ t.m.Observe(time.Since(since).Seconds())
+ }
+
+ func (t *timer) Describe(c chan<- *prometheus.Desc) {
+- t.m.Describe(c)
++ c <- t.m.(prometheus.Metric).Desc()
+ }
+
+ func (t *timer) Collect(c chan<- prometheus.Metric) {
+- t.m.Collect(c)
++ // Are there any observers that don't implement Collector? It is really
++ // unclear what the point of the upstream change was, but we'll let this
++ // panic if we get an observer that doesn't implement collector. In this
++ // case, we should almost always see metricVec objects, so this should
++ // never panic.
++ t.m.(prometheus.Collector).Collect(c)
+ }
--- /dev/null
+From: Arko Dasgupta <arko.dasgupta@docker.com>
+Date: Fri, 1 Mar 2019 11:43:02 -0800
+Subject: [PATCH] Revert "debian has iptables-legacy and iptables-nft now"
+
+This reverts commit 7da66eea9f68e4abc83ed2892114ec565eddd66a.
+
+Libnetwork should only use the iptables binary. Iptables v1.8 and above
+uses the nftables backend. The translations for all the rules used by
+libnetwork is supported by the new iptables binary.
+
+Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com>
+Origin: upstream, https://github.com/docker/libnetwork/pull/2343
+---
+ libnetwork/iptables/iptables.go | 9 ++-------
+ 1 file changed, 2 insertions(+), 7 deletions(-)
+
+diff --git a/libnetwork/iptables/iptables.go b/libnetwork/iptables/iptables.go
+index 6a108e93d0..4b8d8832e9 100644
+--- a/libnetwork/iptables/iptables.go
++++ b/libnetwork/iptables/iptables.go
+@@ -87,16 +87,11 @@ func initFirewalld() {
+ }
+
+ func detectIptables() {
+- path, err := exec.LookPath("iptables-legacy") // debian has iptables-legacy and iptables-nft now
++ path, err := exec.LookPath("iptables")
+ if err != nil {
+- path, err = exec.LookPath("iptables")
+- if err != nil {
+- return
+- }
++ return
+ }
+-
+ iptablesPath = path
+-
+ supportsXlock = exec.Command(iptablesPath, "--wait", "-L", "-n").Run() == nil
+ mj, mn, mc, err := GetVersion()
+ if err != nil {
--- /dev/null
+Last-Update: 2018-06-15
+Forwarded: not-needed
+Author: Dmitry Smirnov <onlyjob@debian.org>
+Description: fix generation of .pb.go files.
+
+--- a/libnetwork/drivers/overlay/overlay.go
++++ b/libnetwork/drivers/overlay/overlay.go
+@@ -1,7 +1,7 @@
+ package overlay
+
+-//go:generate protoc -I.:../../Godeps/_workspace/src/github.com/gogo/protobuf --gogo_out=import_path=github.com/docker/libnetwork/drivers/overlay,Mgogoproto/gogo.proto=github.com/gogo/protobuf/gogoproto:. overlay.proto
++//go:generate protoc -I.:../../../../../github.com/gogo/protobuf --gogo_out=import_path=github.com/docker/libnetwork/drivers/overlay,Mgogoproto/gogo.proto=github.com/gogo/protobuf/gogoproto:. overlay.proto
+
+ import (
+ "context"
+ "fmt"
+--- a/libnetwork/agent.go
++++ b/libnetwork/agent.go
+@@ -1,7 +1,7 @@
+ package libnetwork
+
+-//go:generate protoc -I.:Godeps/_workspace/src/github.com/gogo/protobuf --gogo_out=import_path=github.com/docker/libnetwork,Mgogoproto/gogo.proto=github.com/gogo/protobuf/gogoproto:. agent.proto
++//go:generate protoc -I.:../../../github.com/gogo/protobuf --gogo_out=import_path=github.com/docker/libnetwork,Mgogoproto/gogo.proto=github.com/gogo/protobuf/gogoproto:. agent.proto
+
+ import (
+ "encoding/json"
+ "fmt"
+--- a/libnetwork/networkdb/networkdb.go
++++ b/libnetwork/networkdb/networkdb.go
+@@ -1,7 +1,7 @@
+ package networkdb
+
+-//go:generate protoc -I.:../vendor/github.com/gogo/protobuf --gogo_out=import_path=github.com/docker/libnetwork/networkdb,Mgogoproto/gogo.proto=github.com/gogo/protobuf/gogoproto:. networkdb.proto
++//go:generate protoc -I.:../../../../github.com/gogo/protobuf --gogo_out=import_path=github.com/docker/libnetwork/networkdb,Mgogoproto/gogo.proto=github.com/gogo/protobuf/gogoproto:. networkdb.proto
+
+ import (
+ "context"
+ "fmt"
--- /dev/null
+From: poizan42 <poizan@poizan.dk>
+Date: Wed, 18 Jul 2018 14:31:16 +0200
+Subject: [PATCH] SIGSKTFLT does not exist on MIPS, instead SIGEMT does.
+
+SIGRTMAX is also 127 on MIPS.
+
+This patch is merged upstream on master, please drop it when necessary.
+
+Signed-off-by: Kasper Fabæch Brandt <poizan@poizan.dk>
+Origin: upstream, https://github.com/moby/moby/pull/37491
+---
+ pkg/signal/signal_linux.go | 2 +
+ pkg/signal/signal_linux_mipsx.go | 84 ++++++++++++++++++++++++++++++++
+ 2 files changed, 86 insertions(+)
+ create mode 100644 pkg/signal/signal_linux_mipsx.go
+
+--- a/engine/pkg/signal/signal_linux.go
++++ b/engine/pkg/signal/signal_linux.go
+@@ -1,3 +1,5 @@
++// +build !mips,!mipsle,!mips64,!mips64le
++
+ package signal // import "github.com/docker/docker/pkg/signal"
+
+ import (
+--- /dev/null
++++ b/engine/pkg/signal/signal_linux_mipsx.go
+@@ -0,0 +1,84 @@
++// +build linux
++// +build mips mipsle mips64 mips64le
++
++package signal // import "github.com/docker/docker/pkg/signal"
++
++import (
++ "syscall"
++
++ "golang.org/x/sys/unix"
++)
++
++const (
++ sigrtmin = 34
++ sigrtmax = 127
++)
++
++// SignalMap is a map of Linux signals.
++var SignalMap = map[string]syscall.Signal{
++ "ABRT": unix.SIGABRT,
++ "ALRM": unix.SIGALRM,
++ "BUS": unix.SIGBUS,
++ "CHLD": unix.SIGCHLD,
++ "CLD": unix.SIGCLD,
++ "CONT": unix.SIGCONT,
++ "FPE": unix.SIGFPE,
++ "HUP": unix.SIGHUP,
++ "ILL": unix.SIGILL,
++ "INT": unix.SIGINT,
++ "IO": unix.SIGIO,
++ "IOT": unix.SIGIOT,
++ "KILL": unix.SIGKILL,
++ "PIPE": unix.SIGPIPE,
++ "POLL": unix.SIGPOLL,
++ "PROF": unix.SIGPROF,
++ "PWR": unix.SIGPWR,
++ "QUIT": unix.SIGQUIT,
++ "SEGV": unix.SIGSEGV,
++ "SIGEMT": unix.SIGEMT,
++ "STOP": unix.SIGSTOP,
++ "SYS": unix.SIGSYS,
++ "TERM": unix.SIGTERM,
++ "TRAP": unix.SIGTRAP,
++ "TSTP": unix.SIGTSTP,
++ "TTIN": unix.SIGTTIN,
++ "TTOU": unix.SIGTTOU,
++ "URG": unix.SIGURG,
++ "USR1": unix.SIGUSR1,
++ "USR2": unix.SIGUSR2,
++ "VTALRM": unix.SIGVTALRM,
++ "WINCH": unix.SIGWINCH,
++ "XCPU": unix.SIGXCPU,
++ "XFSZ": unix.SIGXFSZ,
++ "RTMIN": sigrtmin,
++ "RTMIN+1": sigrtmin + 1,
++ "RTMIN+2": sigrtmin + 2,
++ "RTMIN+3": sigrtmin + 3,
++ "RTMIN+4": sigrtmin + 4,
++ "RTMIN+5": sigrtmin + 5,
++ "RTMIN+6": sigrtmin + 6,
++ "RTMIN+7": sigrtmin + 7,
++ "RTMIN+8": sigrtmin + 8,
++ "RTMIN+9": sigrtmin + 9,
++ "RTMIN+10": sigrtmin + 10,
++ "RTMIN+11": sigrtmin + 11,
++ "RTMIN+12": sigrtmin + 12,
++ "RTMIN+13": sigrtmin + 13,
++ "RTMIN+14": sigrtmin + 14,
++ "RTMIN+15": sigrtmin + 15,
++ "RTMAX-14": sigrtmax - 14,
++ "RTMAX-13": sigrtmax - 13,
++ "RTMAX-12": sigrtmax - 12,
++ "RTMAX-11": sigrtmax - 11,
++ "RTMAX-10": sigrtmax - 10,
++ "RTMAX-9": sigrtmax - 9,
++ "RTMAX-8": sigrtmax - 8,
++ "RTMAX-7": sigrtmax - 7,
++ "RTMAX-6": sigrtmax - 6,
++ "RTMAX-5": sigrtmax - 5,
++ "RTMAX-4": sigrtmax - 4,
++ "RTMAX-3": sigrtmax - 3,
++ "RTMAX-2": sigrtmax - 2,
++ "RTMAX-1": sigrtmax - 1,
++ "RTMAX": sigrtmax,
++}
--- /dev/null
+Last-Update: 2018-03-18
+Forwarded: not-needed
+Author: Dmitry Smirnov <onlyjob@debian.org>
+Bug-Upstream: https://github.com/moby/moby/issues/28058
+Description: fix FTBFS on mips
+~~~~
+github.com/docker/docker/pkg/system/stat_linux.go:13:7: cannot use s.Rdev (type uint32) as type uint64 in field value
+~~~~
+
+--- a/engine/pkg/system/stat_linux.go
++++ b/engine/pkg/system/stat_linux.go
+@@ -7,9 +7,9 @@
+ return &StatT{size: s.Size,
+ mode: s.Mode,
+ uid: s.Uid,
+ gid: s.Gid,
+- rdev: s.Rdev,
++ rdev: uint64(s.Rdev),
+ mtim: s.Mtim}, nil
+ }
+
+ // FromStatT converts a syscall.Stat_t type to a system.Stat_t type
--- /dev/null
+Last-Update: 2018-06-12
+Forwarded: not-needed
+Bug-Upstream: https://github.com/docker/libnetwork/issues/2110
+Author: Dmitry Smirnov <onlyjob@debian.org>
+Description: fixes FTBFS
+ cannot use &tv (type *syscall.Timeval) as type *unix.Timeval
+
+--- a/libnetwork/drivers/overlay/ov_network.go
++++ b/libnetwork/drivers/overlay/ov_network.go
+@@ -26,8 +26,9 @@
+ "github.com/sirupsen/logrus"
+ "github.com/vishvananda/netlink"
+ "github.com/vishvananda/netlink/nl"
+ "github.com/vishvananda/netns"
++ "golang.org/x/sys/unix"
+ )
+
+ var (
+ hostMode bool
+@@ -759,9 +760,9 @@
+ if err != nil {
+ return
+ }
+ // set the receive timeout to not remain stuck on the RecvFrom if the fd gets closed
+- tv := syscall.NsecToTimeval(soTimeout.Nanoseconds())
++ tv := unix.NsecToTimeval(soTimeout.Nanoseconds())
+ err = nlSock.SetReceiveTimeout(&tv)
+ })
+ n.nlSocket = nlSock
+
+--- a/libnetwork/ipvs/ipvs.go
++++ b/libnetwork/ipvs/ipvs.go
+@@ -10,8 +10,9 @@
+ "fmt"
+
+ "github.com/vishvananda/netlink/nl"
+ "github.com/vishvananda/netns"
++ "golang.org/x/sys/unix"
+ )
+
+ const (
+ netlinkRecvSocketsTimeout = 3 * time.Second
+@@ -89,13 +90,13 @@
+ if err != nil {
+ return nil, err
+ }
+ // Add operation timeout to avoid deadlocks
+- tv := syscall.NsecToTimeval(netlinkSendSocketTimeout.Nanoseconds())
++ tv := unix.NsecToTimeval(netlinkSendSocketTimeout.Nanoseconds())
+ if err := sock.SetSendTimeout(&tv); err != nil {
+ return nil, err
+ }
+- tv = syscall.NsecToTimeval(netlinkRecvSocketsTimeout.Nanoseconds())
++ tv = unix.NsecToTimeval(netlinkRecvSocketsTimeout.Nanoseconds())
+ if err := sock.SetReceiveTimeout(&tv); err != nil {
+ return nil, err
+ }
+
--- /dev/null
+debian-systemd-unit-tasksmax.patch
+# If upstream ever adds EnvFile, remove this patch.
+# (see also https://github.com/docker/docker/pull/7220#issuecomment-50076589)
+debian-systemd-unit-environment-file.patch
+debian-containerd-name.patch
+debian-dockerd-binary-location.patch
+debian-cgroupfs-mount-convenience-copy.patch
+debian-nuke-no-prompt.patch
+
+buildkit-build-against-google-grpc-1.11.patch
+
+cli-fix-manpages-build-script.patch
+cli-fix-registry-debug-message-go-1.11.patch
+
+cve-2018-15664-01-pass-root-to-chroot-to-for-chroot-untar.patch
+cve-2018-15664-02-add-chroot-for-tar-packing-operations.patch
+cve-2019-13139-01-gitutils-add-validation-for-ref.patch
+cve-2019-13509-01-TestMaskSecretKeys-add-more-test-cases.patch
+cve-2019-13509-02-TestMaskSecretKeys-use-subtests.patch
+cve-2019-13509-03-DebugRequestMiddleware-unconditionally-scrub-data-field.patch
+cve-2019-13509-04-DebugRequestMiddleware-Remove-path-handling.patch
+cve-2019-14271-Initialize-nss-libraries-in-Glibc.patch
+cve-2020-13401-disable-IPv6-router-advertisements.patch
+
+engine-contrib-debootstrap-curl-follow-location.patch
+engine-test-noinstall.patch
+
+go-metrics_prometheus-fix_Observer.patch
+
+libnetwork_proto.patch
+libnetwork-revert-iptables-legacy.patch
+
+mips-add-specific-signal-file.patch
+mips-fix-devnumber.patch
+
+netlink_syscall.patch
+
+test--disable-containerizedengine-update-test.patch
+test--fix-test-errors.patch
+test--skip-TestAdapterReadLogs.patch
+test--skip-TestChangesWithChangesGH13590.patch
+test--skip-TestClientWithRequestTimeout.patch
+test--skip-TestGetRootUIDGID.patch
+test--skip-TestStateRunStop.patch
+test--skip-network-tests.patch
+test--skip-privileged-unit-tests.patch
+test--cli-fix-golang11.patch
+test--engine-fix-golang11.patch
--- /dev/null
+From de1523d221d7e719fe470c63c3cd908092e772df Mon Sep 17 00:00:00 2001
+From: Sebastiaan van Stijn <github@gone.nl>
+Date: Wed, 14 Aug 2019 10:04:43 +0200
+Subject: [PATCH] Adjust tests for changes in Go 1.12.8 / 1.11.13
+
+For now, just verifying that an error is returned, but not checking the
+error message itself, because those are not under our control, and may
+change with different Go versions.
+
+```
+=== Failed
+=== FAIL: opts TestParseDockerDaemonHost (0.00s)
+ hosts_test.go:87: tcp tcp:a.b.c.d address expected error "Invalid bind address format: tcp:a.b.c.d" return, got "parse tcp://tcp:a.b.c.d: invalid port \":a.b.c.d\" after host" and addr
+ hosts_test.go:87: tcp tcp:a.b.c.d/path address expected error "Invalid bind address format: tcp:a.b.c.d/path" return, got "parse tcp://tcp:a.b.c.d/path: invalid port \":a.b.c.d\" after host" and addr
+
+=== FAIL: opts TestParseTCP (0.00s)
+ hosts_test.go:129: tcp tcp:a.b.c.d address expected error Invalid bind address format: tcp:a.b.c.d return, got parse tcp://tcp:a.b.c.d: invalid port ":a.b.c.d" after host and addr
+ hosts_test.go:129: tcp tcp:a.b.c.d/path address expected error Invalid bind address format: tcp:a.b.c.d/path return, got parse tcp://tcp:a.b.c.d/path: invalid port ":a.b.c.d" after host and addr
+```
+
+Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
+
+--- docker.io-18.09.1+dfsg1.orig/cli/opts/hosts_test.go
++++ docker.io-18.09.1+dfsg1/cli/opts/hosts_test.go
+@@ -53,8 +53,8 @@ func TestParseHost(t *testing.T) {
+ func TestParseDockerDaemonHost(t *testing.T) {
+ invalids := map[string]string{
+
+- "tcp:a.b.c.d": "Invalid bind address format: tcp:a.b.c.d",
+- "tcp:a.b.c.d/path": "Invalid bind address format: tcp:a.b.c.d/path",
++ "tcp:a.b.c.d": "",
++ "tcp:a.b.c.d/path": "",
+ "udp://127.0.0.1": "Invalid bind address format: udp://127.0.0.1",
+ "udp://127.0.0.1:2375": "Invalid bind address format: udp://127.0.0.1:2375",
+ "tcp://unix:///run/docker.sock": "Invalid proto, expected tcp: unix:///run/docker.sock",
+@@ -83,7 +83,7 @@ func TestParseDockerDaemonHost(t *testin
+ "localhost:5555/path": "tcp://localhost:5555/path",
+ }
+ for invalidAddr, expectedError := range invalids {
+- if addr, err := parseDockerDaemonHost(invalidAddr); err == nil || err.Error() != expectedError {
++ if addr, err := parseDockerDaemonHost(invalidAddr); err == nil || expectedError != "" && err.Error() != expectedError {
+ t.Errorf("tcp %v address expected error %q return, got %q and addr %v", invalidAddr, expectedError, err, addr)
+ }
+ }
+@@ -99,8 +99,8 @@ func TestParseTCP(t *testing.T) {
+ defaultHTTPHost = "tcp://127.0.0.1:2376"
+ )
+ invalids := map[string]string{
+- "tcp:a.b.c.d": "Invalid bind address format: tcp:a.b.c.d",
+- "tcp:a.b.c.d/path": "Invalid bind address format: tcp:a.b.c.d/path",
++ "tcp:a.b.c.d": "",
++ "tcp:a.b.c.d/path": "",
+ "udp://127.0.0.1": "Invalid proto, expected tcp: udp://127.0.0.1",
+ "udp://127.0.0.1:2375": "Invalid proto, expected tcp: udp://127.0.0.1:2375",
+ }
+@@ -125,7 +125,7 @@ func TestParseTCP(t *testing.T) {
+ "localhost:5555/path": "tcp://localhost:5555/path",
+ }
+ for invalidAddr, expectedError := range invalids {
+- if addr, err := ParseTCPAddr(invalidAddr, defaultHTTPHost); err == nil || err.Error() != expectedError {
++ if addr, err := ParseTCPAddr(invalidAddr, defaultHTTPHost); err == nil || expectedError != "" && err.Error() != expectedError {
+ t.Errorf("tcp %v address expected error %v return, got %s and addr %v", invalidAddr, expectedError, err, addr)
+ }
+ }
--- /dev/null
+From: Arnaud Rebillout <arnaud.rebillout@collabora.com>
+Date: Fri, 18 Jan 2019 18:54:15 +0700
+Subject: Disable containerizedengine/update_test.go
+
+This test FTBFS, see <https://github.com/docker/cli/pull/1561>.
+Please re-enable this test when this MR is accepted.
+
+Origin: vendor, Debian
+Forwarded: not-needed, Debian-specific
+Signed-off-by: Arnaud Rebillout <arnaud.rebillout@collabora.com>
+
+--- a/cli/internal/containerizedengine/update_test.go
++++ b/cli/internal/containerizedengine/update_test.go
+@@ -1,3 +1,5 @@
++// +build ignore
++
+ package containerizedengine
+
+ import (
--- /dev/null
+From 64c958a587ff3835d1bacc573e9db3d400dbb0ad Mon Sep 17 00:00:00 2001
+From: Sebastiaan van Stijn <github@gone.nl>
+Date: Wed, 14 Aug 2019 02:51:08 +0200
+Subject: [PATCH] Adjust tests for changes in Go 1.12.8 / 1.11.13
+
+```
+00:38:11 === Failed
+00:38:11 === FAIL: opts TestParseDockerDaemonHost (0.00s)
+00:38:11 hosts_test.go:87: tcp tcp:a.b.c.d address expected error "Invalid bind address format: tcp:a.b.c.d" return, got "parse tcp://tcp:a.b.c.d: invalid port \":a.b.c.d\" after host" and addr
+00:38:11 hosts_test.go:87: tcp tcp:a.b.c.d/path address expected error "Invalid bind address format: tcp:a.b.c.d/path" return, got "parse tcp://tcp:a.b.c.d/path: invalid port \":a.b.c.d\" after host" and addr
+00:38:11
+00:38:11 === FAIL: opts TestParseTCP (0.00s)
+00:38:11 hosts_test.go:129: tcp tcp:a.b.c.d address expected error Invalid bind address format: tcp:a.b.c.d return, got parse tcp://tcp:a.b.c.d: invalid port ":a.b.c.d" after host and addr
+00:38:11 hosts_test.go:129: tcp tcp:a.b.c.d/path address expected error Invalid bind address format: tcp:a.b.c.d/path return, got parse tcp://tcp:a.b.c.d/path: invalid port ":a.b.c.d" after host and addr
+```
+
+Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
+(cherry picked from commit 683766613a8c1dca8f95b19ddb7e083bb3aef266)
+Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
+
+--- docker.io-18.09.1+dfsg1.orig/engine/opts/hosts_test.go
++++ docker.io-18.09.1+dfsg1/engine/opts/hosts_test.go
+@@ -53,8 +53,8 @@ func TestParseHost(t *testing.T) {
+ func TestParseDockerDaemonHost(t *testing.T) {
+ invalids := map[string]string{
+
+- "tcp:a.b.c.d": "Invalid bind address format: tcp:a.b.c.d",
+- "tcp:a.b.c.d/path": "Invalid bind address format: tcp:a.b.c.d/path",
++ "tcp:a.b.c.d": "",
++ "tcp:a.b.c.d/path": "",
+ "udp://127.0.0.1": "Invalid bind address format: udp://127.0.0.1",
+ "udp://127.0.0.1:2375": "Invalid bind address format: udp://127.0.0.1:2375",
+ "tcp://unix:///run/docker.sock": "Invalid proto, expected tcp: unix:///run/docker.sock",
+@@ -83,7 +83,7 @@ func TestParseDockerDaemonHost(t *testin
+ "localhost:5555/path": "tcp://localhost:5555/path",
+ }
+ for invalidAddr, expectedError := range invalids {
+- if addr, err := parseDaemonHost(invalidAddr); err == nil || err.Error() != expectedError {
++ if addr, err := parseDaemonHost(invalidAddr); err == nil || expectedError != "" && err.Error() != expectedError {
+ t.Errorf("tcp %v address expected error %q return, got %q and addr %v", invalidAddr, expectedError, err, addr)
+ }
+ }
+@@ -99,8 +99,8 @@ func TestParseTCP(t *testing.T) {
+ defaultHTTPHost = "tcp://127.0.0.1:2376"
+ )
+ invalids := map[string]string{
+- "tcp:a.b.c.d": "Invalid bind address format: tcp:a.b.c.d",
+- "tcp:a.b.c.d/path": "Invalid bind address format: tcp:a.b.c.d/path",
++ "tcp:a.b.c.d": "",
++ "tcp:a.b.c.d/path": "",
+ "udp://127.0.0.1": "Invalid proto, expected tcp: udp://127.0.0.1",
+ "udp://127.0.0.1:2375": "Invalid proto, expected tcp: udp://127.0.0.1:2375",
+ }
+@@ -125,7 +125,7 @@ func TestParseTCP(t *testing.T) {
+ "localhost:5555/path": "tcp://localhost:5555/path",
+ }
+ for invalidAddr, expectedError := range invalids {
+- if addr, err := ParseTCPAddr(invalidAddr, defaultHTTPHost); err == nil || err.Error() != expectedError {
++ if addr, err := ParseTCPAddr(invalidAddr, defaultHTTPHost); err == nil || expectedError != "" && err.Error() != expectedError {
+ t.Errorf("tcp %v address expected error %v return, got %s and addr %v", invalidAddr, expectedError, err, addr)
+ }
+ }
--- /dev/null
+Description: update several tests for text/path errors
+Author: Tianon Gravi <tianon@debian.org>
+Forwarded: not-needed
+
+--- a/engine/pkg/authorization/authz_unix_test.go
++++ b/engine/pkg/authorization/authz_unix_test.go
+@@ -346,6 +346,8 @@
+ t.Fatal(err)
+ }
+
++ t.Skip("Skipping plugin tests -- Unix socket path is too long: unix:///"+path.Join(pwd, pluginAddress))
++
+ client, err := plugins.NewClient("unix:///"+path.Join(pwd, pluginAddress), &tlsconfig.Options{InsecureSkipVerify: true})
+ if err != nil {
+ t.Fatalf("Failed to create client %v", err)
--- /dev/null
+Last-Update: 2018-06-19
+Forwarded: not-needed
+Author: Dmitry Smirnov <onlyjob@debian.org>
+Description: disable unreliable test, failing randomly on multiple architectures.
+~~~~
+ FAIL: TestAdapterReadLogs (0.00s)
+ panic: runtime error: invalid memory address or nil pointer dereference [recovered]
+ panic: runtime error: invalid memory address or nil pointer dereference
+ [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x83273c5]
+
+ goroutine 7 [running]:
+ testing.tRunner.func1(0x1a686ab0)
+ /usr/lib/go-1.10/src/testing/testing.go:742 +0x24a
+ panic(0x8393cc0, 0x85d1e78)
+ /usr/lib/go-1.10/src/runtime/panic.go:502 +0x1dc
+ github.com/docker/docker/daemon/logger.testMessageEqual(0x1a686ab0, 0x1a65cc7c, 0x0)
+ /var/lib/gitlab-runner/builds/736b76b0/1/docker-team/docker/.gopath/src/github.com/docker/docker/daemon/logger/adapter_test.go:178 +0x35
+ github.com/docker/docker/daemon/logger.TestAdapterReadLogs(0x1a686ab0)
+ /var/lib/gitlab-runner/builds/736b76b0/1/docker-team/docker/.gopath/src/github.com/docker/docker/daemon/logger/adapter_test.go:131 +0x710
+ testing.tRunner(0x1a686ab0, 0x83fa01c)
+ /usr/lib/go-1.10/src/testing/testing.go:777 +0xaa
+ created by testing.(*T).Run
+ /usr/lib/go-1.10/src/testing/testing.go:824 +0x243
+ FAIL github.com/docker/docker/daemon/logger 0.012s
+~~~~
+
+--- a/engine/daemon/logger/adapter_test.go
++++ b/engine/daemon/logger/adapter_test.go
+@@ -137,8 +137,9 @@
+ return a
+ }
+
+ func TestAdapterReadLogs(t *testing.T) {
++t.Skip("DM - skipping dodgy test")
+ plugin := newMockLoggingPlugin()
+ l := newMockPluginAdapter(plugin)
+
+ testMsg := []Message{
--- /dev/null
+Last-Update: Wed Jun 7 11:39:46 2017
+Forwarded: not-needed
+Author: Tim Potter <tpot@hpe.com>
+Description: disable test, does not appear to work under pbuilder.
+
+--- a/engine/pkg/archive/changes_test.go
++++ b/engine/pkg/archive/changes_test.go
+@@ -177,8 +177,9 @@
+ }
+
+ // See https://github.com/docker/docker/pull/13590
+ func TestChangesWithChangesGH13590(t *testing.T) {
++ t.Skip("DM - skipped, doesn't work under pbuilder")
+ // TODO Windows. There may be a way of running this, but turning off for now
+ // as createSampleDir uses symlinks.
+ if runtime.GOOS == "windows" {
+ t.Skip("symlinks on Windows")
--- /dev/null
+From: Arnaud Rebillout <arnaud.rebillout@collabora.com>
+Date: Thu, 24 Jan 2019 15:22:58 +0700
+Subject: Skip TestClientWithRequestTimeout
+
+This test seems to be flaky. Please follow-up upstream for more details:
+<https://github.com/moby/moby/issues/38587>
+
+Origin: vendor, Debian
+Forwarded: not-needed, Debian-specific
+Signed-off-by: Arnaud Rebillout <arnaud.rebillout@collabora.com>
+--- a/engine/pkg/plugins/client_test.go
++++ b/engine/pkg/plugins/client_test.go
+@@ -237,6 +237,7 @@
+ }
+
+ func TestClientWithRequestTimeout(t *testing.T) {
++ t.Skip("DM - skipping flaky test")
+ timeout := 1 * time.Millisecond
+ testHandler := func(w http.ResponseWriter, r *http.Request) {
+ time.Sleep(timeout + 1*time.Millisecond)
--- /dev/null
+Last-Update: 2018-06-16
+Forwarded: not-needed
+Author: Dmitry Smirnov <onlyjob@debian.org>
+Description: disable test failing is sbuild.
+~~~~
+ FAIL: TestGetRootUIDGID (0.00s)
+ idtools_unix_test.go:287:
+ Error Trace: idtools_unix_test.go:287
+ Error: Not equal:
+ expected: 1009
+ actual : 2952
+ Test: TestGetRootUIDGID
+~~~~
+
+--- a/engine/pkg/idtools/idtools_unix_test.go
++++ b/engine/pkg/idtools/idtools_unix_test.go
+@@ -266,8 +266,9 @@
+ }
+ }
+
+ func TestGetRootUIDGID(t *testing.T) {
++t.Skip("DM - skipping malfunctioning test, fails on sbuild")
+ uidMap := []IDMap{
+ {
+ ContainerID: 0,
+ HostID: os.Getuid(),
--- /dev/null
+Last-Update: 2018-08-02
+Forwarded: not-needed
+Author: Dmitry Smirnov <onlyjob@debian.org>
+Description: disabled unreliable test.
+~~~~
+ state_test.go:102: ExitCode -1, expected 2, err "context deadline exceeded"
+~~~~
+
+--- a/engine/container/state_test.go
++++ b/engine/container/state_test.go
+@@ -28,8 +28,9 @@
+ }
+ }
+
+ func TestStateRunStop(t *testing.T) {
++t.Skip("DM - disabled unreliable test")
+ s := NewState()
+
+ // Begin another wait with WaitConditionRemoved. It should complete
+ // within 200 milliseconds.
--- /dev/null
+Last-Update: 2018-06-16
+Forwarded: not-needed
+Author: Dmitry Smirnov <onlyjob@debian.org>
+Description: disable failing test due to dependency on network.
+
+--- a/cli/cli/command/image/push_test.go
++++ b/cli/cli/command/image/push_test.go
+@@ -12,8 +12,9 @@
+ "gotest.tools/assert"
+ )
+
+ func TestNewPushCommandErrors(t *testing.T) {
++t.Skip("DM - skipping network test")
+ testCases := []struct {
+ name string
+ args []string
+ expectedError string
--- /dev/null
+Description: allow skipping "privileged" tests with "-test.short"
+Author: Tianon Gravi <tianon@debian.org>
+Forwarded: no
+
+--- a/engine/builder/dockerfile/internals_test.go
++++ b/engine/builder/dockerfile/internals_test.go
+@@ -19,6 +19,7 @@
+ )
+
+ func TestEmptyDockerfile(t *testing.T) {
++ t.Skip("DM - skipping privileged test")
+ contextDir, cleanup := createTestTempDir(t, "", "builder-dockerfile-test")
+ defer cleanup()
+
+@@ -28,6 +29,7 @@
+ }
+
+ func TestSymlinkDockerfile(t *testing.T) {
++ t.Skip("DM - skipping privileged test")
+ contextDir, cleanup := createTestTempDir(t, "", "builder-dockerfile-test")
+ defer cleanup()
+
+@@ -43,6 +45,7 @@
+ }
+
+ func TestDockerfileOutsideTheBuildContext(t *testing.T) {
++ t.Skip("DM - skipping privileged test")
+ contextDir, cleanup := createTestTempDir(t, "", "builder-dockerfile-test")
+ defer cleanup()
+
+@@ -52,6 +55,7 @@
+ }
+
+ func TestNonExistingDockerfile(t *testing.T) {
++ t.Skip("DM - skipping privileged test")
+ contextDir, cleanup := createTestTempDir(t, "", "builder-dockerfile-test")
+ defer cleanup()
+
+--- a/engine/daemon/graphdriver/overlay2/overlay_test.go
++++ b/engine/daemon/graphdriver/overlay2/overlay_test.go
+@@ -37,22 +37,27 @@
+ // This avoids creating a new driver for each test if all tests are run
+ // Make sure to put new tests between TestOverlaySetup and TestOverlayTeardown
+ func TestOverlaySetup(t *testing.T) {
++ t.Skip("DM - skipping privileged test")
+ graphtest.GetDriver(t, driverName)
+ }
+
+ func TestOverlayCreateEmpty(t *testing.T) {
++ t.Skip("DM - skipping privileged test")
+ graphtest.DriverTestCreateEmpty(t, driverName)
+ }
+
+ func TestOverlayCreateBase(t *testing.T) {
++ t.Skip("DM - skipping privileged test")
+ graphtest.DriverTestCreateBase(t, driverName)
+ }
+
+ func TestOverlayCreateSnap(t *testing.T) {
++ t.Skip("DM - skipping privileged test")
+ graphtest.DriverTestCreateSnap(t, driverName)
+ }
+
+ func TestOverlay128LayerRead(t *testing.T) {
++ t.Skip("DM - skipping privileged test")
+ graphtest.DriverTestDeepLayerRead(t, 128, driverName)
+ }
+
+--- a/engine/volume/local/local_test.go
++++ b/engine/volume/local/local_test.go
+@@ -31,6 +31,7 @@
+ }
+
+ func TestRemove(t *testing.T) {
++t.Skip("DM - skipping privileged test")
+ skip.If(t, runtime.GOOS == "windows", "FIXME: investigate why this test fails on CI")
+ rootDir, err := ioutil.TempDir("", "local-volume-test")
+ if err != nil {
+@@ -74,6 +75,7 @@
+ }
+
+ func TestInitializeWithVolumes(t *testing.T) {
++ t.Skip("DM - skipping privileged tests")
+ rootDir, err := ioutil.TempDir("", "local-volume-test")
+ if err != nil {
+ t.Fatal(err)
+@@ -106,6 +108,7 @@
+ }
+
+ func TestCreate(t *testing.T) {
++ t.Skip("DM - skipping privileged tests")
+ rootDir, err := ioutil.TempDir("", "local-volume-test")
+ if err != nil {
+ t.Fatal(err)
+@@ -178,6 +181,7 @@
+ }
+
+ func TestCreateWithOpts(t *testing.T) {
++t.Skip("DM - skipping privileged test")
+ skip.If(t, runtime.GOOS == "windows")
+ skip.If(t, os.Getuid() != 0, "requires mounts")
+ rootDir, err := ioutil.TempDir("", "local-volume-test")
+--- a/engine/pkg/mount/mount_unix_test.go
++++ b/engine/pkg/mount/mount_unix_test.go
+@@ -25,6 +25,7 @@
+ }
+
+ func TestMounted(t *testing.T) {
++t.Skip("DM - skipping privileged test")
+ if os.Getuid() != 0 {
+ t.Skip("root required")
+ }
+@@ -80,6 +81,7 @@
+ }
+
+ func TestMountReadonly(t *testing.T) {
++t.Skip("DM - skipping privileged test")
+ if os.Getuid() != 0 {
+ t.Skip("root required")
+ }
+@@ -129,6 +131,7 @@
+ }
+
+ func TestGetMounts(t *testing.T) {
++t.Skip("DM - skipping privileged test")
+ mounts, err := GetMounts(nil)
+ if err != nil {
+ t.Fatal(err)
+--- a/engine/pkg/mount/sharedsubtree_linux_test.go
++++ b/engine/pkg/mount/sharedsubtree_linux_test.go
+@@ -12,6 +12,7 @@
+
+ // nothing is propagated in or out
+ func TestSubtreePrivate(t *testing.T) {
++t.Skip("DM - skipping privileged test")
+ if os.Getuid() != 0 {
+ t.Skip("root required")
+ }
+@@ -114,6 +115,7 @@
+ // Testing that when a target is a shared mount,
+ // then child mounts propagate to the source
+ func TestSubtreeShared(t *testing.T) {
++t.Skip("DM - skipping privileged test")
+ if os.Getuid() != 0 {
+ t.Skip("root required")
+ }
+@@ -186,6 +188,7 @@
+ // testing that mounts to a shared source show up in the slave target,
+ // and that mounts into a slave target do _not_ show up in the shared source
+ func TestSubtreeSharedSlave(t *testing.T) {
++t.Skip("DM - skipping privileged test")
+ if os.Getuid() != 0 {
+ t.Skip("root required")
+ }
+@@ -294,6 +297,7 @@
+ }
+
+ func TestSubtreeUnbindable(t *testing.T) {
++t.Skip("DM - skipping privileged test")
+ if os.Getuid() != 0 {
+ t.Skip("root required")
+ }
+--- a/engine/daemon/graphdriver/overlay/overlay_test.go
++++ b/engine/daemon/graphdriver/overlay/overlay_test.go
+@@ -19,22 +19,27 @@
+ // This avoids creating a new driver for each test if all tests are run
+ // Make sure to put new tests between TestOverlaySetup and TestOverlayTeardown
+ func TestOverlaySetup(t *testing.T) {
++ t.Skip("DM - skipping privileged test")
+ graphtest.GetDriver(t, "overlay")
+ }
+
+ func TestOverlayCreateEmpty(t *testing.T) {
++ t.Skip("DM - skipping privileged test")
+ graphtest.DriverTestCreateEmpty(t, "overlay")
+ }
+
+ func TestOverlayCreateBase(t *testing.T) {
++ t.Skip("DM - skipping privileged test")
+ graphtest.DriverTestCreateBase(t, "overlay")
+ }
+
+ func TestOverlayCreateSnap(t *testing.T) {
++ t.Skip("DM - skipping privileged test")
+ graphtest.DriverTestCreateSnap(t, "overlay")
+ }
+
+ func TestOverlay50LayerRead(t *testing.T) {
++ t.Skip("DM - skipping privileged test")
+ graphtest.DriverTestDeepLayerRead(t, 50, "overlay")
+ }
+
+--- a/engine/pkg/archive/archive_test.go
++++ b/engine/pkg/archive/archive_test.go
+@@ -264,6 +264,7 @@
+ }
+
+ func TestUntarPathWithInvalidDest(t *testing.T) {
++t.Skip("DM - skipping privileged test")
+ tempFolder, err := ioutil.TempDir("", "docker-archive-test")
+ assert.NilError(t, err)
+ defer os.RemoveAll(tempFolder)
+@@ -436,6 +437,7 @@
+ }
+
+ func TestCopyWithTarInexistentDestWillCreateIt(t *testing.T) {
++t.Skip("DM - skipping privileged test")
+ skip.If(t, os.Getuid() != 0, "skipping test that requires root")
+ tempFolder, err := ioutil.TempDir("", "docker-archive-test")
+ if err != nil {
+@@ -729,6 +731,7 @@
+ }
+
+ func TestTarWithOptionsChownOptsAlwaysOverridesIdPair(t *testing.T) {
++t.Skip("DM - skipping privileged test")
+ origin, err := ioutil.TempDir("", "docker-test-tar-chown-opt")
+ assert.NilError(t, err)
+
+@@ -780,6 +783,7 @@
+ }
+
+ func TestTarWithOptions(t *testing.T) {
++t.Skip("DM - skipping privileged test")
+ // TODO Windows: Figure out how to fix this test.
+ if runtime.GOOS == "windows" {
+ t.Skip("Failing on Windows")
+@@ -970,6 +974,7 @@
+ }
+
+ func TestUntarHardlinkToSymlink(t *testing.T) {
++t.Skip("DM - skipping privileged test")
+ // TODO Windows. There may be a way of running this, but turning off for now
+ skip.If(t, runtime.GOOS == "windows", "hardlinks on Windows")
+ skip.If(t, os.Getuid() != 0, "skipping test that requires root")
+@@ -1200,6 +1205,7 @@
+ }
+
+ func TestReplaceFileTarWrapper(t *testing.T) {
++t.Skip("DM - skipping privileged test")
+ filesInArchive := 20
+ testcases := []struct {
+ doc string
+--- a/engine/pkg/archive/archive_linux_test.go
++++ b/engine/pkg/archive/archive_linux_test.go
+@@ -85,6 +85,7 @@
+ }
+
+ func TestOverlayTarUntar(t *testing.T) {
++t.Skip("DM - skipping privileged test")
+ oldmask, err := system.Umask(0)
+ assert.NilError(t, err)
+ defer system.Umask(oldmask)
+@@ -124,6 +125,7 @@
+ }
+
+ func TestOverlayTarAUFSUntar(t *testing.T) {
++t.Skip("DM - skipping privileged test")
+ oldmask, err := system.Umask(0)
+ assert.NilError(t, err)
+ defer system.Umask(oldmask)
+--- a/cli/cli/command/image/build_test.go
++++ b/cli/cli/command/image/build_test.go
+@@ -25,6 +25,7 @@
+ )
+
+ func TestRunBuildDockerfileFromStdinWithCompress(t *testing.T) {
++t.Skip("DM - skipping privileged test")
+ buffer := new(bytes.Buffer)
+ fakeBuild := newFakeBuild()
+ fakeImageBuild := func(ctx context.Context, context io.Reader, options types.ImageBuildOptions) (types.ImageBuildResponse, error) {
+@@ -122,6 +123,7 @@
+ // TODO: test "context selection" logic directly when runBuild is refactored
+ // to support testing (ex: docker/cli#294)
+ func TestRunBuildFromGitHubSpecialCase(t *testing.T) {
++t.Skip("DM - disabled due to network access")
+ cmd := NewBuildCommand(test.NewFakeCli(nil))
+ // Clone a small repo that exists so git doesn't prompt for credentials
+ cmd.SetArgs([]string{"github.com/docker/for-win"})
+--- a/engine/daemon/oci_linux_test.go
++++ b/engine/daemon/oci_linux_test.go
+@@ -89,6 +89,7 @@
+ }
+
+ func TestGetSourceMount(t *testing.T) {
++t.Skip("Skipped failing test")
+ // must be able to find source mount for /
+ mnt, _, err := getSourceMount("/")
+ assert.NilError(t, err)
+--- a/engine/layer/mount_test.go
++++ b/engine/layer/mount_test.go
+@@ -12,6 +12,7 @@
+ )
+
+ func TestMountInit(t *testing.T) {
++ t.Skip("DM - skipping privileged test")
+ // TODO Windows: Figure out why this is failing
+ if runtime.GOOS == "windows" {
+ t.Skip("Failing on Windows")
+@@ -120,6 +121,7 @@
+ }
+
+ func TestMountChanges(t *testing.T) {
++ t.Skip("DM - skipping privileged test")
+ // TODO Windows: Figure out why this is failing
+ if runtime.GOOS == "windows" {
+ t.Skip("Failing on Windows")
+--- a/engine/daemon/graphdriver/aufs/aufs_test.go
++++ b/engine/daemon/graphdriver/aufs/aufs_test.go
+@@ -31,6 +31,7 @@
+ }
+
+ func testInit(dir string, t testing.TB) graphdriver.Driver {
++ t.Skip("DM - skipping privileged test")
+ d, err := Init(dir, nil, nil, nil)
+ if err != nil {
+ if err == graphdriver.ErrNotSupported {
--- /dev/null
+#!/usr/bin/make -f
+# -*- makefile -*-
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+## Disable compiler cache (`go env GOCACHE`, `go help cache`).
+export GOCACHE=off
+
+export HOME=$(CURDIR)/debian/tmp
+
+#export DH_GOLANG_BUILDPKG := github.com/docker/docker github.com/docker/cli
+export DH_GOLANG_GO_GENERATE := 1
+export DH_GOLANG_INSTALL_ALL := 1
+export DH_GOLANG_INSTALL_EXTRA := testdata/
+export DH_GOLANG_EXCLUDES := \
+ integration-cli \
+ vendor
+
+# temporary build path (see http://golang.org/doc/code.html#GOPATH)
+OUR_GOPATH := $(CURDIR)/.gopath
+export GOPATH := $(OUR_GOPATH)
+
+export DOCKER_VERSION := $(shell cat VERSION)
+export DOCKER_GITCOMMIT := $(shell ./debian/helpers/gitcommit.sh $(DOCKER_VERSION))
+ifndef DOCKER_GITCOMMIT
+ $(error Missing DOCKER_GITCOMMIT - see debian/upstream-version-gitcommits)
+endif
+
+export BUILDTIME := $(shell dpkg-parsechangelog -SDate)
+
+# have "make.sh" keep "bundle/$(DOCKER_VERSION)" around between runs (we clean it up appropriately ourselves)
+export KEEPBUNDLE := 1
+
+## AppArmor can be optionally used in Debian and is there by default in Ubuntu,
+## so we need support for it compiled into our binary same story with SELinux.
+export DOCKER_BUILDTAGS := apparmor seccomp selinux ambient
+
+## prefer Go 1.7 explicitly if it's available (golang-1.7-go)
+#export PATH := /usr/lib/go-1.7/bin:$(PATH)
+
+APPARMOR_RECOMMENDS := $(shell dpkg-vendor --is Ubuntu && echo apparmor)
+BUILT_LIBC := $(shell dpkg-query -f '$${source:Package} (= $${source:Version})' -W libc-dev-bin)
+
+%:
+ dh $@ --buildsystem=golang --with=bash-completion,golang --builddirectory=.gopath
+
+override_dh_clean:
+ dh_clean
+ $(RM) -v -r autogen bundles man/man*/
+# -find . -type f -name '*.pb.go' -delete -printf 'removed %p\n' ## delete generated .pb.go files
+ ## Remove Files-Excluded (when built from checkout or non-DFSG tarball):
+ $(RM) -rv `perl -0nE 'say grep { $$_=q{ */}.$$_ } split(/\s+/,$$1) if m{^Files\-Excluded:\s*(.*?)(?:\n\n|^Files|^Comment:)}sm;' debian/copyright`
+ -find */vendor -mindepth 1 -type d -empty -delete -printf 'removed %p\n'
+
+override_dh_auto_configure:
+## dh_auto_configure symlinks dirs from "/usr/share/gocode/src" into
+## $(OUR_GOPATH) unless folders already exist there in which case files
+## are copied. Pre-making directories allows us to use debhelper to
+## create proper GOPATH source tree yet have certain directories writable
+## even if they are provided by already installed package.
+ mkdir -pv $(OUR_GOPATH)/src/github.com/docker/cli
+ mkdir -pv $(OUR_GOPATH)/src/github.com/docker/docker
+ mkdir -pv $(OUR_GOPATH)/src/github.com/docker/libnetwork
+ mkdir -pv $(OUR_GOPATH)/src/github.com/docker/swarmkit
+ mkdir -pv $(OUR_GOPATH)/src/github.com/docker/distribution
+ mkdir -pv $(OUR_GOPATH)/src/github.com/docker/go-events
+ mkdir -pv $(OUR_GOPATH)/src/github.com/docker/go-metrics
+ mkdir -pv $(OUR_GOPATH)/src/github.com/containerd/containerd
+
+# ## Prepare builddirectory but throw away sourcedirectory.
+ DH_GOPKG="__IGNORE__" dh_auto_configure
+
+## Each package must be removed from working tree first, in case some
+## of the packages that we are going to build are already installed.
+## This is also useful for building in unclean environment.
+##
+## This is _necessary_ to avoid merging packages that we build with
+## pre-installed packages. See #827226 for details.
+## Debhelper knows only about "main" DH_GOPKG package but we build several
+## and we have to ensure that build tree is properly prepared.
+ $(RM) -r $(OUR_GOPATH)/src/github.com/docker/cli
+ cp -ra cli $(OUR_GOPATH)/src/github.com/docker/cli
+
+ $(RM) -r $(OUR_GOPATH)/src/github.com/docker/docker
+ cp -ra engine $(OUR_GOPATH)/src/github.com/docker/docker
+
+ $(RM) -r $(OUR_GOPATH)/src/github.com/docker/libnetwork
+ cp -ra libnetwork $(OUR_GOPATH)/src/github.com/docker/libnetwork
+
+ $(RM) -r $(OUR_GOPATH)/src/github.com/docker/swarmkit
+ cp -ra swarmkit $(OUR_GOPATH)/src/github.com/docker/swarmkit
+
+ $(RM) -r $(OUR_GOPATH)/src/github.com/docker/distribution
+ cp -ra distribution $(OUR_GOPATH)/src/github.com/docker/distribution
+
+ $(RM) -r $(OUR_GOPATH)/src/github.com/docker/go-events
+ cp -ra go-events $(OUR_GOPATH)/src/github.com/docker/go-events
+
+ $(RM) -r $(OUR_GOPATH)/src/github.com/docker/go-metrics
+ cp -ra go-metrics $(OUR_GOPATH)/src/github.com/docker/go-metrics
+
+ $(RM) -r $(OUR_GOPATH)/src/github.com/containerd/containerd
+ cp -ra containerd $(OUR_GOPATH)/src/github.com/containerd/containerd
+
+# cp -ra containerd/vendor/github.com/containerd/continuity $(OUR_GOPATH)/src/github.com/containerd/
+# cp -ra engine/vendor/github.com/docker/distribution $(OUR_GOPATH)/src/github.com/docker/
+
+override_dh_auto_build-indep:
+ # noop
+
+override_dh_auto_build-arch:
+## order is important:
+
+## ## FIXME: DH_GOLANG_BUILDPKG --> DH_GOPKG
+ DH_GOLANG_BUILDPKG="github.com/docker/distribution" dh_auto_build -v
+
+ DH_GOPKG="github.com/docker/libnetwork" dh_auto_build -v
+
+## ## FIXME: DH_GOLANG_BUILDPKG --> DH_GOPKG
+ DH_GOLANG_BUILDPKG="github.com/docker/swarmkit" dh_auto_build -v
+
+ export DH_GOPKG="github.com/containerd/containerd" ;\
+ export REV="`grep $${DH_GOPKG} engine/vendor.conf | head -1 | awk '{print $$2}'`" ;\
+ dh_auto_build -v -- -tags "$(DOCKER_BUILDTAGS)" \
+ -ldflags "-X $${DH_GOPKG}/version.Version=$(DOCKER_VERSION) -X $${DH_GOPKG}/version.Revision=$${REV}"
+
+ DH_GOPKG="github.com/docker/go-events" dh_auto_build -v
+ DH_GOPKG="github.com/docker/go-metrics" dh_auto_build -v
+
+## build ("cd" first to ensure we build from within GOPATH)
+ cd '$(OUR_GOPATH)/src/github.com/docker/docker' \
+ && VERSION=$(DOCKER_VERSION) ./hack/make.sh dynbinary
+
+ cd '$(OUR_GOPATH)/src/github.com/docker/cli' \
+ && DISABLE_WARN_OUTSIDE_CONTAINER=1 LDFLAGS='' \
+ $(MAKE) VERSION=$(DOCKER_VERSION) GITCOMMIT=$(DOCKER_GITCOMMIT) dynbinary manpages
+
+# # compile man pages
+# ./man/md2man-all.sh -q
+
+override_dh_auto_test-indep:
+ DH_GOLANG_EXCLUDES="integration-cli integration test/integration" \
+ dh_auto_test -v --max-parallel=4 -- -short
+
+override_dh_auto_test-arch:
+### [[[ DO NOT DISABLE TESTS ]]] [[[ DO *NOT* DISABLE TESTS ]]]
+ DH_GOLANG_EXCLUDES="integration-cli integration test/integration" \
+ dh_auto_test -v --max-parallel=4 -- -short
+ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
+ ## Test engine:
+# cd '$(OUR_GOPATH)/src/$(DH_GOPKG)' \
+# && TESTFLAGS='-test.short' ./hack/make.sh test-unit
+ cd $(OUR_GOPATH)/src/github.com/docker/docker \
+ && TESTFLAGS='-test.short' ./hack/test/unit
+
+ ## Test CLI:
+ cd $(OUR_GOPATH)/src/github.com/docker/cli \
+ && DISABLE_WARN_OUTSIDE_CONTAINER=1 $(MAKE) test-unit
+
+ .gopath/bin/containerd -version
+endif
+
+override_dh_install:
+ ## Do not install extra license files:
+ dh_install -XLICENSE
+
+override_dh_auto_install:
+ ## skip dh_auto_install to stop dh_golang trying to copy bits
+ ## for /usr/share/gocode (we use dh_install/dh-exec for that)
+
+override_dh_installinit:
+ dh_installinit -v --name=docker --no-stop-on-upgrade --no-restart-after-upgrade
+
+override_dh_installsystemd:
+ dh_installsystemd -v --name=docker --no-stop-on-upgrade --no-restart-after-upgrade
+
+override_dh_installudev:
+ # use priority z80 to match the upstream priority of 80
+ dh_installudev -v --name=docker --priority=z80
+
+override_dh_gencontrol:
+ echo 'apparmor:Recommends=$(APPARMOR_RECOMMENDS)' >> debian/docker.io.substvars
+ echo 'libc:Built-Using=$(BUILT_LIBC)' >> debian/docker.io.substvars
+ dh_gencontrol
--- /dev/null
+3.0 (quilt)
--- /dev/null
+## Files-Excluded leftovers:
+source-contains-empty-directory */vendor/*
+
+## Acknowledged:
+dh-exec-subst-unknown-variable debian/docker.io.install DOCKER_VERSION
--- /dev/null
+#!/bin/bash
+set -eux
+set -o pipefail
+
+exitTraps=( 'true' )
+doExit() {
+ for exitTrap in "${exitTraps[@]}"; do
+ eval "$exitTrap" || true
+ done
+}
+trap 'doExit' EXIT
+defer() {
+ exitTraps=( "$@" "${exitTraps[@]}" )
+}
+
+/etc/init.d/docker start
+defer '/etc/init.d/docker stop'
+defer 'journalctl -u docker | tail'
+
+# make sure Docker itself is working before we go too deep down the rabbit hole
+docker version
+
+tempDir="$(mktemp -d)"
+defer "rm -rf '$tempDir'"
+
+debootstrap \
+ --variant=minbase \
+ stable \
+ "$tempDir" \
+ http://httpredir.debian.org/debian
+
+tar -cC "$tempDir" . | docker import - debian
+defer 'docker rmi debian'
+
+docker run --name test debian true
+defer 'docker rm -f test'
--- /dev/null
+Tests: basic-smoke
+Depends: aufs-tools, debian-archive-keyring, debootstrap, @
+Restrictions: allow-stderr isolation-machine needs-root
+
+#Tests: integration
+#Depends: ca-certificates, curl, git, golang-check.v1-dev, jq, @, @builddeps@
+#Restrictions: allow-stderr isolation-machine needs-root rw-build-tree
--- /dev/null
+#!/bin/bash
+set -e
+
+# apply patches
+dpkg-source --before-build .
+
+# prepare the environment
+./debian/rules dh_configure
+export GOPATH="$PWD/.gopath"
+export DOCKER_GITCOMMIT="$(./debian/helpers/gitcommit.sh)"
+
+# docker's tests need an unprivileged user available at this username
+useradd --system --gid docker --comment 'Docker Test Suite Unprivileged User' unprivilegeduser
+
+# https://github.com/docker/docker/blob/7307998a44237a8943792c279b81ff5a387a86fa/builder/dockerfile/builder.go#L34-L44
+proxyArgs=(
+ http_proxy
+ https_proxy
+ ftp_proxy
+ no_proxy
+)
+DOCKER_BUILD_ARGS=
+for proxyArgBase in "${proxyArgs[@]}"; do
+ for proxyArg in "${proxyArgBase^^}" "$proxyArgBase"; do
+ if [ -n "${!proxyArg}" ]; then
+ [ -z "$DOCKER_BUILD_ARGS" ] || DOCKER_BUILD_ARGS+=' '
+ DOCKER_BUILD_ARGS+="--build-arg ${proxyArg}=${!proxyArg}"
+ fi
+ done
+done
+export DOCKER_BUILD_ARGS
+
+# run the tests
+./hack/make.sh test-integration-cli
+
+# clean up cruft we've created
+./debian/rules clean
+userdel --force unprivilegeduser
+
+# unapply patches
+dpkg-source --after-build .
--- /dev/null
+#!/bin/bash
+: <<=cut
+
+=head1 DESCRIPTION
+
+Unpack MUT components.
+
+=head1 SYNOPSIS
+
+ ./debian/unpack-components.sh
+
+=cut
+
+set -e
+set -u
+
+DEB_SOURCE="$( dpkg-parsechangelog -SSource )"
+DEB_VERSION_UPSTREAM="$( dpkg-parsechangelog -SVersion | sed -e 's/-[^-]*$//' )"
+
+if ls ../${DEB_SOURCE}_${DEB_VERSION_UPSTREAM}.orig-*.tar.* 2>>/dev/null; then
+ for T in ../${DEB_SOURCE}_${DEB_VERSION_UPSTREAM}.orig-*.tar.*; do
+ C="${T##*.orig-}"
+ C="${C%%.tar*}"
+ mkdir -p "${C}"
+ tar xf ${T} -C "${C}" --strip-components=1
+ if [ "$(ls -m ${C})" == "${C}" ]; then
+ ## --strip-components=1 did not work.
+ mv "${C}" "${C}.tmp"
+ mv "${C}.tmp/${C}" .
+ rmdir "${C}.tmp"
+ fi
+ done
+else
+ printf "W: no components to extract.\n"
+ exit 0
+fi
--- /dev/null
+# To determine the proper value for this, download
+# https://download.docker.com/linux/static/CHANNEL/x86_64/docker-VERSION-ce.tgz
+# extract "docker", run "./docker -v", which will list the exact build hash needed.
+# https://github.com/docker/docker-ce/releases
+
+0.5.3: 17c92b8
+0.6.0: f4a4f1c
+0.6.1: 5105263
+0.6.2: 081543c
+0.6.3: b0a49a3
+0.6.4: 2f74b1c
+0.6.5: 3ff8459
+0.6.6: 6d42040
+0.6.7: cb48ecc
+0.7.0: 0d078b6
+0.7.1: 88df052
+0.7.2: 28b162e
+0.7.3: 8502ad4
+0.7.4: 010d74e
+0.7.5: c348c04
+0.7.6: bc3b2ec
+0.8.0: cc3a8c8
+0.8.1: a1598d1
+0.9.0: 2b3fdf2
+0.9.1: 3600720
+0.10.0: dc9c28f
+0.11.0: 15209c3
+0.11.1: fb99f99
+0.12.0: 14680bf
+1.0.0: 63fe64c
+1.0.1: 990021a
+1.1.0: 79812e3
+1.1.1: bd609d2
+1.1.2: d84a070
+1.2.0: fa7b24f
+1.3.0: c78088f
+1.3.1: 4e9bbfa
+1.3.2: 39fa2fa
+1.3.3: d344625
+1.4.0: 4595d4f
+1.4.1: 5bc2ff8
+1.5.0: a8a31ef
+1.6.0: 4749651
+1.6.1: 97cd073
+1.6.2: 7c8fca2
+1.7.0: 0baf609
+1.7.1: 786b29d
+1.8.0: 0d03096
+1.8.1: d12ea79
+1.8.2: 0a8c2e3
+1.8.3: f4bf5c7
+1.9.0: 76d6bc9
+1.9.1: a34a1d5
+1.10.0: 590d5108
+1.10.1: 9e83765
+1.10.2: c3959b1
+1.10.3: 20f81dd
+1.11.0: 4dc5990
+1.11.1: 5604cbe
+1.11.2: b9f10c9
+1.12.0: 8eab29e
+1.12.1: 23cf638
+1.12.2: bb80604
+1.12.3: 6b644ec
+1.12.4: 1564f02
+1.12.5: 7392c3b
+1.12.6: 78d1802
+1.13.0: 49bf474
+1.13.1: 092cba3
+17.03.0: 60ccb22
+17.03.1: c6d412e
+17.03.2: f5ec1e2
+17.04.0: 4845c56
+17.05.0: 89658be
+17.06.0: 02c1d87
+17.06.1: 874a737
+17.06.2: cec0b72
+17.07.0-ce: 8784753
+17.09.0-ce: afdb6d4
+17.10.0-ce: f4ffd25
+17.11.0-ce: 1caf76c
+17.12.0-ce: c97c6d6
+17.12.1-ce: 7390fc6
+18.01.0: 03596f5
+18.02.0: fc4de44
+18.02.0-ce: fc4de44
+18.03.0: 0520e24
+18.03.0-ce: 0520e24
+18.03.1-ce: 9ee9f40
+18.06.0-ce: 0ffa825
+18.06.1-ce: e68fc7a
+18.09.1: 4c52b90
--- /dev/null
+engine/contrib/syntax/vim/doc/* /usr/share/vim/addons/doc/
+engine/contrib/syntax/vim/ftdetect/* /usr/share/vim/addons/ftdetect/
+engine/contrib/syntax/vim/syntax/* /usr/share/vim/addons/syntax/
+debian/vim-syntax-docker.yaml /usr/share/vim/registry/
--- /dev/null
+addon: dockerfile
+description: "Addon to highlight Docker's Dockerfiles"
+files:
+ - doc/dockerfile.txt
+ - ftdetect/dockerfile.vim
+ - syntax/dockerfile.vim
--- /dev/null
+# uscan(1) configuration file.
+version=4
+
+opts="\
+pgpmode=none,\
+repacksuffix=+dfsg1,\
+repack,compression=xz,\
+uversionmangle=s{\-ce}{},\
+dversionmangle=s{[+~](dfsg|ds)\d*}{},\
+" https://uscan.tianon.xyz/github.com/docker/docker-ce \
+ .*/archive/v?(\d[\d\.]+)(?:\-ce)?\.tar\.gz debian ./debian/get-orig-source.sh
+
+# /(releases|tags) paginates too soon on github.com
+# so we lose historical versions too early for tianon's taste.
+# https://github.com/docker/docker/releases
projects / docker.io.git / commitdiff