From: Arnaud Rebillout Date: Mon, 13 May 2019 02:34:45 +0000 (+0100) Subject: Import docker.io_18.09.1+dfsg1-7.debian.tar.xz X-Git-Tag: archive/raspbian/18.09.1+dfsg1-7+rpi1^2~27^8 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=be5cc9963f04de39e89d3a7a6df9e93eedf6d94e;p=docker.io.git Import docker.io_18.09.1+dfsg1-7.debian.tar.xz [dgit import tarball docker.io 18.09.1+dfsg1-7 docker.io_18.09.1+dfsg1-7.debian.tar.xz] --- be5cc9963f04de39e89d3a7a6df9e93eedf6d94e diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 00000000..80639c66 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,21 @@ +FROM tianon/debian-devel + +RUN echo 'deb http://incoming.debian.org/debian-buildd buildd-unstable main contrib non-free' > /etc/apt/sources.list.d/incoming.list + +# start by adding just "debian/control" so we can get mk-build-deps with maximum caching +COPY control /usr/src/docker.io/debian/ +WORKDIR /usr/src/docker.io + +# get all the build deps of _this_ package in a nice repeatable way +RUN apt-get update && mk-build-deps -irt'apt-get --no-install-recommends -yV' debian/control && dpkg-checkbuilddeps + +# need our debian/ directory to compile _this_ package +COPY . /usr/src/docker.io/debian + +# go download and unpack our upstream source +RUN uscan --force-download --verbose --download-current-version +RUN DOCKER_TARBALLS=.. ./debian/helpers/download-libcontainer +RUN /tianon/extract-origtargz.sh + +# tianon is _really_ lazy, and likes a preseeded bash history +RUN echo '/tianon/extract-origtargz.sh && dpkg-buildpackage -us -uc && lintian -EvIL+pedantic' >> /root/.bash_history diff --git a/README.Debian b/README.Debian new file mode 100644 index 00000000..366feb8f --- /dev/null +++ b/README.Debian @@ -0,0 +1,99 @@ +Docker on Debian +================ + +Please refer to upstream's documentation for information about what Docker is, +how it works, and how to use it: https://docs.docker.com/ + +The following notes are things that may have impact specifically to use of the +Docker package in Debian. + +-- + +To enable docker memory limitation, the kernel needs to be loaded with +boot parameters: cgroup_enable=memory swapaccount=1. + +This is because enabling memory cgroup support has some run-time overhead, +and kernel maintainers don't want to slow down systems unnecessarily. + +http://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg764104.html +https://github.com/docker/docker/issues/396 + +To instruct the kernel to enable memory cgroup support, edit +/etc/default/grub and extend GRUB_CMDLINE_LINUX_DEFAULT like: + +GRUB_CMDLINE_LINUX_DEFAULT="cgroup_enable=memory swapaccount=1" + +Then run update-grub, and reboot. + +--- + +It's worth pointing out that upstream maintains a "check-config.sh" script for +verifying not only proper kernel configuration (which isn't terribly relevant in +the Debian context), but also the host system configuration, especially and +including whether a properly mounted cgroup hierarchy can be found. If you're +using cgroupfs-mount or systemd, chances are very high that you have one, but if +not, you're likely to see strange behavior. + +In the docker.io package, one can find the "check-config.sh" script under +"/usr/share/docker.io/contrib/check-config.sh", which when run (does NOT require +root/sudo) will report on problems with your installation/configuration. + +--- + +As noted in the upstream documentation (https://docs.docker.io), Docker will +allow non-root users in the "docker" group to access "docker.sock" and thus +communicate with the daemon. To add yourself to the "docker" group, use +something like: + +adduser YOURUSER docker + +As also noted in the upstream documentation, the "docker" group (and any other +means of accessing the Docker API) is root-equivalent. If you don't trust a +user with root on your box, you shouldn't trust them with Docker either. +If you are interested in further information about the security aspects of +Docker, please be sure to read the "Docker Security" article in the +upstream documentation: + + https://docs.docker.com/engine/security/security/ + +--- + + rpc error: code = 2 desc = "oci runtime error: could not synchronise with + container process: no subsystem for mount" + +This message is very likely related to https://bugs.debian.org/843530, and thus +https://github.com/opencontainers/runc/issues/1175. + +Adding "systemd.legacy_systemd_cgroup_controller=yes" to your system boot +parameters (in Grub, etc) is probably necessary to resolve it. + +--- + +Support for the logentries.com log driver has been removed from the +Debian version as it contains no license information and is therefore +not redistributable. + +Github issues have been filed upstream: + +https://github.com/bsphere/le_go/issues/14 +https://github.com/docker/docker/issues/31020 + +--- + +## Restart dilemma + +Restarting Docker daemon terminates all running containers. Therefore +automatic restart is not an option as containers may be killed during +unattended upgrade, etc. + +This is Docker's design flaw and upstream gave up on idea of restoring +state of running containers on upgrade, bluntly stating "You must stop all +containers and plugins BEFORE upgrading" in release notes. + +** "rkt" container runtime is free from that flaw. ** + +Not restarting Docker daemon on upgrade can make CLI unusable until daemon +restart due to mismatch between CLI and running Daemon versions. + +Fortunately recommended "needrestart" package show interactive prompt to +restart Docker daemon after upgrade. diff --git a/README.source b/README.source new file mode 100644 index 00000000..5a65b9b1 --- /dev/null +++ b/README.source @@ -0,0 +1,168 @@ +## "stable" versus "edge" releases + +As per [1], starting with Docker 18.09, CE "stable" releases will be +supported for 7 months. See [2] for details. + +This package should only ever ship "stable" Community Edition (CE) +releases. + +Docker version numbers are derived from date, e.g. `date +%g.%m`. + +The every-month releases are "edge" (17.04, 17.05, etc), are only supported +for the duration of their release month. Stable releases have longer +support cycles. Monthly "Edge" releases should be avoided. + +[1]: https://docs.docker.com/install/ +[2]: https://docs.docker.com/release-notes/docker-ce/ + + +## Incompetent upstream release process + +Upstream is notorious for incredibly sloppy versioning. Docker components +are inconsistently versioned; don't depend on same version of common +libraries and different revisions of dependency libraries are privately +vendored. Basically upstream couldn't care less about consistent, semantic +versioning and re-usable components. Shameful abomination of good software +development practices... :( + +**An overview of the various docker repositories** + +Some repositories used to release on a regular basis, then stopped: + + * https://github.com/moby/moby : last release on Jun 28, 2017 + * https://github.com/docker/distribution: last release on Jul 21, 2017 + * https://github.com/docker/libnetwork : last release on May 8, 2016 + +This seem to be due to the split between Moby and Docker, although it is highly +undocumented. For the Moby repository, you have to dig up this kind of thread: +"https://github.com/moby/moby/issues/33951#issuecomment-312995683" + +Some repositories never really had any releases: + + * https://github.com/docker/cli + * https://github.com/docker/go-events + * https://github.com/docker/swarmkit + +**The docker-ce super repository** + +docker-ce is the super repository from where Docker Community Edition is +produced, and this is where things get messy. + +Basically this is where the code from the docker engine (github.com/moby/moby) +docker client (github.com/docker/cli) is pulled together. But how? Looking at +the git history, we can see cherry-picked commits, merge requests, standalone +commits, and probably other things... In the end, when a docker-ce version is +released, it doesn't seem to correspond to a particular commit of moby/moby or +docker/cli. + +At some point I thought we should ignore docker-ce, and instead package +moby/moby and docker/cli separately. But because of the workflow described +above, I now think it's a very bad idea. We have no idea of which version of +moby/moby and docker/cli work together (no semantic versions), and we can't +really find this information from a tag in docker-ce. + +So we'd better package docker-ce instead. + +**Docker-ce releases** + +Upstream tags releases in "github.com/docker/docker-ce" and we have to ship +matching bundle of Docker engine, and Docker CLI from that repository. + +Docker-ce releases monthly, with a 2 or 3 release candidates before the +final release. Other than quarterly "stable" releases there doesn't seem to +be any long-term releases. The fact that there are release candidates +probably indicates that bugs are reported, test suites are run, and things +are fixed between various rc (hopefully). + +On top of that Docker depends on very particular commits of + + * github.com/containerd/containerd + * github.com/docker/libnetwork + * github.com/docker/swarmkit + +None of the above repositories have relevant tags. + +**Docker code base is spread among several name spaces.** + +We've made a mistake trying to treat it as several reusable components. + +Upstream abuse of versioning practices is a shameful and incompetent +disgrace. Docker people, if you are reading this I hope you feel sorry. +I, Dmitry Smirnov , find it difficult to politely +express how much I despise your release process. + + +## Circular dependencies + +Let me explain practical problem with dependencies. Docker and Libnetwork +both depend on each other and on "sirupsen/logrus". When in the 2018 the +latter exhibited minor/trivial problem I could not upload neither Docker +nor Libnetwork because each FTBFS in the "other" dependency. That's why +starting with 17.12.1 libnetwork has been incorporated into "docker.io". + + +## Docker package vendoring policy + +As highlighted above, it is unsustainable and impractical to package +individual Docker "components". Many libraries of Docker name space are +only ever used by Docker and depend on "github.com/docker/docker" which +makes them part of Docker code base. + +Combined with upstream resistance to good versioning practices, we have to +ship Docker bundle producing (only) reusable package from multi upstream +tarball (MUT) source package. + +Some vendored microlibraries, unless semantically versioned, are not +worth to be introduced as standalone source package. + +Therefore "docker.io" source package will ship all essential Docker +dependencies to avoid circular dependencies. Main criteria for inclusion of +a dependency library into "docker.io" source package is dependency on +"github.com/docker/docker". Additional criteria is assessment whether +Docker dependency is reusable (e.g. semantically versioned and used by +other packages). Age of tags is to be considered as Docker team stopped +tagging most of their dependencies in favour of vendoring them by some +random commit. + + +## Bundled versus external libraries + +### runc + +We should make an effort to use "runc" package which no longer depends on +Docker since 1.0.0~rc5 (no circular/mutual dependency). runc upstream is +tagging releases so it satisfies non-bundling criteria mentioned above. + +In 2017 all reverse build-deps of runc-dev were broken when Balint Reczey + forked "runc" source package as "docker-runc" +versioned to match Docker expectations. +New package "golang-github-opencontainers-docker-runc-dev" had explicit +Conflits with "golang-github-opencontainers-runc-dev" effectively hijacking +runc because all packages depending on runc-dev also depend on docker-dev +(which depends on docker-runc-dev) hence runc-dev could not be installed +together with docker-runc-dev. Maintainer of reverse runc-dev build-deps +was very unhappy... + +Let me stress it again: Docker should not hijack runc's name space +"github.com/opencontainers/runc". Docker's fork of the latter have its +own name space: "github.com/docker/runc". + +In the unfortunate situation if we ever have to use bundled runc in Docker, +we should NOT provide docker-runc-dev package ever again (or at least avoid +Conflicts with runc-dev at all costs). I suggest testing runc package for +run-time compatibility with Docker. That works well with Docker 17.12.1. + +Do not be mislead by particular (random) RUNC_COMMIT that Docker expects +(e.g. `docker info`, "engine/vendor.conf") - we can/should not comply with +upstream's systematic abuse of versioning. + +Perhaps expected commits are not to be trusted at all: for instance in +17.12.1, CONTAINERD_COMMIT in "engine/hack/dockerfile/binaries-commits" +does not match any of containerd commits in "engine/vendor.conf". + + +## Notable upstream bugs + + https://github.com/moby/moby/issues/37272 + https://github.com/docker/distribution/issues/2623 + https://github.com/docker/distribution/issues/2609 diff --git a/TODO.Debian b/TODO.Debian new file mode 100644 index 00000000..d78785fb --- /dev/null +++ b/TODO.Debian @@ -0,0 +1,22 @@ + +## testing + + Better testing of components + + +## full rebuild of components + + Currently re-build is partial. + + +## switch packages from docker-runc-dev to opencontainers-runc-dev + + * kubernetes [partially done, needs more work] + + +## request removal of + + * docker-runc [#902059] + * docker-containerd [#902087] + * golang-libnetwork [#902058] + * swarmkit [#902086] diff --git a/changelog b/changelog new file mode 100644 index 00000000..e4146ead --- /dev/null +++ b/changelog @@ -0,0 +1,781 @@ +docker.io (18.09.1+dfsg1-7) unstable; urgency=medium + + * Add patch to revert using iptables-legacy (Closes: #921600). + + -- Arnaud Rebillout Mon, 13 May 2019 09:34:45 +0700 + +docker.io (18.09.1+dfsg1-6) unstable; urgency=medium + + * Add patch to fix Debian security presence check (Closes: #925224). + + -- Arnaud Rebillout Tue, 16 Apr 2019 09:56:17 +0700 + +docker.io (18.09.1+dfsg1-5) unstable; urgency=medium + + * Install "containerd-shim" as "docker-containerd-shim" (Closes: #920935). + * Update containerd-name patch. + + -- Arnaud Rebillout Sat, 02 Feb 2019 10:00:35 +1100 + +docker.io (18.09.1+dfsg1-4) unstable; urgency=medium + + * Updated "containerd" executable name patch; + renamed "containerd-shim" executable (Closes: #920597). + + -- Dmitry Smirnov Mon, 28 Jan 2019 10:16:28 +1100 + +docker.io (18.09.1+dfsg1-3) unstable; urgency=medium + + * New patch to fix name of the "containerd" executable (Closes: #920597). + + -- Dmitry Smirnov Sun, 27 Jan 2019 23:43:53 +1100 + +docker.io (18.09.1+dfsg1-2) unstable; urgency=medium + + [ Dmitry Smirnov ] + * Standards-Version: 4.3.0. + * Upload to unstable. + + [ Arnaud Rebillout ] + * Bump runc requirement to 1.0.0~rc6. + * Add patch to skip flaky test. + * Tidy up patches. + + -- Arnaud Rebillout Sat, 26 Jan 2019 10:58:39 +1100 + +docker.io (18.09.1+dfsg1-1) experimental; urgency=medium + + * New upstream release [January 2019]. + * Remove obsolete patches, refresh remaining ones. + * New notable patches: + - build against the runc debian package. + - build against google-grpc 1.11. + - attempt to fix mips build. + - disable a test file that fails to build (known issue upstream). + * Remove various build dependencies, add new ones. + * Bump some build dependencies: + - golang-github-coreos-bbolt-dev (>= 1.3.1-coreos.5-3~). + * Vendor some build dependencies: + - docker/licensing (no debian package, no upstream release). + - golang-github-spf13-cobra/pflag-dev (docker has internal fork). + + -- Arnaud Rebillout Tue, 22 Jan 2019 19:48:15 +1100 + +docker.io (18.06.1+dfsg1-3) unstable; urgency=medium + + * Import upstream patch to use iptables-legacy (Closes: #911808). + * Un-vendor opencontainers-runtime-tools. + * Import numerous patches from upstream for go 1.11. + + -- Arnaud Rebillout Thu, 17 Jan 2019 15:37:54 +1100 + +docker.io (18.06.1+dfsg1-2) unstable; urgency=medium + + * Tighten versioned dependency on "runc". + * dev: install "libnetwork/ipamutils". + + -- Dmitry Smirnov Sun, 16 Sep 2018 13:21:33 +1000 + +docker.io (18.06.1+dfsg1-1) unstable; urgency=medium + + [ Dmitry Smirnov ] + * New upstream release [August 2018]. + * Upload to unstable (Closes: #906999). + + [ Arnaud Rebillout ] + * Cleanup /etc/init/docker.conf (Closes: #907455) + + -- Dmitry Smirnov Tue, 11 Sep 2018 14:03:46 +1000 + +docker.io (18.06.0+dfsg1-1) experimental; urgency=medium + + * New upstream release [July 2018]. + + [ Arnaud Rebillout ] + * get-orig-source: print the list of directories vendored by upstream. + + [ Dmitry Smirnov ] + * README.source: noted duration of upstream support. + * README.Debian: added note about restart dilemma. + + -- Dmitry Smirnov Fri, 10 Aug 2018 19:07:41 +1000 + +docker.io (18.03.1+dfsg1-6) unstable; urgency=medium + + * Removed obsolete "golang-ed25519-dev" from Build-Depends. + * Standards-Version: 4.1.5. + + -- Dmitry Smirnov Wed, 11 Jul 2018 20:15:24 +1000 + +docker.io (18.03.1+dfsg1-5) unstable; urgency=medium + + * New upstream patch to prevent needless calls to `pass` (Closes: #902258). + * Do not automatically restart daemon on upgrade (Closes: #786724). + * Recommends += "needrestart". + + "needrestart" prompts to restart "docker" daemon on upgrade. This way + running containers won't be killed on upgrade until user choses to + restart Docker. + Not restarting Docker on upgrade may break CLI when it disagrees with + running daemon regarding API version. + + -- Dmitry Smirnov Mon, 02 Jul 2018 14:56:46 +1000 + +docker.io (18.03.1+dfsg1-4) unstable; urgency=medium + + * Suggests += "e2fsprogs, xfsprogs" (Closes: #887222). + * rules: fixed test failure on binary-indep build (Closes: #902206). + Thanks, Santiago Vila. + + -- Dmitry Smirnov Sun, 24 Jun 2018 23:22:51 +1000 + +docker.io (18.03.1+dfsg1-3) unstable; urgency=medium + + [ Dmitry Smirnov ] + * Replaced upstream SysV init file with an improved one. + * --remove-pidfile on stop (Closes: #764921) + * don't fail when removed (Closes: #841282) + * fixed exit status: + + don't fail to stop when already stopped + + don't fail to start when already started + * removed useless check_init() + Thanks, Sam Morris. + * postinst: create "docker" group when needed (Closes: #821078). + * README.source: added comment to clarify upstream version numbering. + Thanks, Tianon Gravi + * README.source: added link describing upstream life cycle & release + policy. Thanks, Tianon Gravi. + + [ Arnaud Rebillout ] + * Added myself to uploaders. + * Bumped compat to 11 to allow installling the systemd socket + file automatically with dh_installsystemd. + * Installed systemd socket through dh_installsystemd. + + -- Dmitry Smirnov Thu, 21 Jun 2018 21:27:32 +1000 + +docker.io (18.03.1+dfsg1-2) unstable; urgency=medium + + [ Dmitry Smirnov ] + * Upload to unstable. + * Un-bundle "googleapis-gnostic-dev" and "docker-notary-dev". + * Removed "golang-github-hashicorp-consul-dev" from Build-Depends. + + [ Arnaud Rebillout ] + * Fix bash completion install. + * d/control: depend on golang-any. + * d/README.source: re-write part about docker-ce upstream workflow. + * Set required version for imdario-mergo and hashicorp-memberlist. + + -- Dmitry Smirnov Wed, 20 Jun 2018 23:40:47 +1000 + +docker.io (18.03.1+dfsg-1) experimental; urgency=medium + + * New upstream release [April 2018]. + * rules: + + properly pass daemon version. + + re-work override_dh_auto_configure with important fixes. + * New patch to disable unreliable TestAdapterReadLogs. + * Use packaged "tini", don't build it. + Thanks, Arnaud Rebillout. + + -- Dmitry Smirnov Tue, 19 Jun 2018 13:43:57 +1000 + +docker.io (17.12.1+dfsg-4) experimental; urgency=medium + + * golang-github-docker-docker-dev: + + install only selected "libnetwork" components. + + install missing "docker/cli" components. + + install "docker/docker/cli". + + -- Dmitry Smirnov Mon, 18 Jun 2018 19:32:51 +1000 + +docker.io (17.12.1+dfsg-3) experimental; urgency=medium + + * Removed versioning from -dev Breaks/Replaces: libnetwork-dev + (Closes: #901694). + * Build with consistent tags "apparmor seccomp selinux ambient" + (Closes: #901743). + Thanks, Laurent Bigonville. + * New patch to fix FTBFS on mips* architectures. + + -- Dmitry Smirnov Mon, 18 Jun 2018 12:05:10 +1000 + +docker.io (17.12.1+dfsg-2) experimental; urgency=medium + + * New patch to disable TestGetRootUIDGID, failing in sbuild. + + -- Dmitry Smirnov Sat, 16 Jun 2018 21:31:51 +1000 + +docker.io (17.12.1+dfsg-1) experimental; urgency=medium + + * Team upload. + * New upstream release [February 2018] (Closes: #850753). + * Restart on upgrade, like most daemons (Closes: #792327). + Docker's upgrade tip from 17.12.0 release notes: + "You must stop all containers and plugins BEFORE upgrading". + * New multi-upstream-tarball (MUT) layout, building all docker components + (containerd, libnetwork, swarmkit) at once; + incorporated binaries of docker-containerd and libnetwork. + * docker-dev to provide libnetwork-dev (a part of Docker). + * New patches to build on go-1.10; build with latest Go compiler. + * Declared myself as Maintainer. + + -- Dmitry Smirnov Sat, 16 Jun 2018 20:05:48 +1000 + +docker.io (1.13.1~ds3-4) unstable; urgency=medium + + * Build with go-1.7 as later versions cause [archive,tarsum] failures + (Closes: #901317). + * Re-enabled [archive,tarsum] tests. + * Build-Depends: + = golang-1.7-go | golang-go (>= 2:1.6~) + + -- Dmitry Smirnov Tue, 12 Jun 2018 00:02:27 +1000 + +docker.io (1.13.1~ds3-3) unstable; urgency=medium + + * Removed invalid team email from Uploaders (Closes: #899285). + * B-D: "libbtrfs-dev | btrfs-progs (<< 4.16.1~)" (Closes: #898876). + Thanks, Dimitri John Ledkov. + * (Build-)Depends: + - removed unused "golang-github-aanand-compose-file-dev". + - removed needless versioning and unknown alternatives. + * dev: install "runconfig" (used by "github.com/aanand/compose-file"). + * repack.sh: use correct compression type, depending on file name. + * watch file to version 4; updated "repack.sh". + + -- Dmitry Smirnov Sun, 10 Jun 2018 19:49:42 +1000 + +docker.io (1.13.1~ds3-2) unstable; urgency=medium + + * Team upload. + * Install -dev files from build directory. + + -- Dmitry Smirnov Sat, 09 Jun 2018 20:20:53 +1000 + +docker.io (1.13.1~ds3-1) unstable; urgency=medium + + * Team upload. + + [ Tianon Gravi ] + * Remove gccgo support. + Removed upstream in commit eda90f63446253f97d2011926555306f2417d208 + (https://github.com/moby/moby/pull/25978) + * Update upstream-version-gitcommits with more upstream versions + + [ Dmitry Smirnov ] + * New patch to fix CVE-2017-16539 (Closes: #900140). + * New patch to remove 10 seconds delay on purge (Closes: #853258). + * debhelper to version 11; compat to version 10. + * copyright format URL to HTTPS; bump copyright years. + * Standards-Version: 4.1.4. + * Vcs URLs to Salsa. + * Included "cliconfig" to -dev package (used by "gitlab-runner"). + * Included "reference" and "registry" into -dev package (used by "nomad"). + * Removed obsolete "golang-github-docker-engine-api-dev" from Build-Depends. + * Use more private libraries to fix build and break circular dependencies: + + github.com/docker/swarmkit + + github.com/docker/libnetwork + + github.com/docker/go-events + + github.com/docker/go-metrics + * Removed Upstart .conf file. + * rules: + + better clean, remove generated file(s). + + fixed "sirupsen/logrus" imports. + + DH_GOLANG_GO_GENERATE = 1 + + -- Dmitry Smirnov Sat, 09 Jun 2018 14:50:13 +1000 + +docker.io (1.13.1~ds2-3) unstable; urgency=medium + + * Switch from "runc" to "docker-runc" and "containerd" to + "docker-containerd", removing prefix-removing patch + (Closes: #877329, #877892) + * Update patches, especially test-disablers + + -- Tianon Gravi Sat, 14 Oct 2017 08:58:11 -0700 + +docker.io (1.13.1~ds1-2) unstable; urgency=medium + + * Make test suite pass by using assorted patches to fix or disable + tests that don't work under pbuilder. (Closes: #858269) + * Suppress some unfixable Lintian warnings. + * Verify CVE-2016-9962 is fixed. (Closes: #850952) + + -- Tim Potter Wed, 07 Jun 2017 11:43:14 +1000 + +docker.io (1.13.1~ds1-1) unstable; urgency=medium + + * New upstream release. + + -- Tim Potter Wed, 24 May 2017 11:44:10 +1000 + +docker.io (1.13.0~ds1-3) unstable; urgency=medium + + * Add api and client directories to dev package. + + -- Tim Potter Mon, 24 Apr 2017 16:02:32 +1000 + +docker.io (1.13.0~ds1-2) unstable; urgency=medium + + * Re-enable logfiles.com logging support after upstream license + change. + * Run nuke-graph-directory.sh using bash instead of regular sh. + * Fix dockerd location for sysvinit and upstart scripts. (Closes: #858249) + + -- Tim Potter Tue, 28 Mar 2017 15:41:55 +1100 + +docker.io (1.13.0~ds1-1) experimental; urgency=medium + + [ Paul Tagliamonte ] + * Remove myself as maintainer, and swap out tpot. Sadly, these days, I'm + mostly just in the way, and not actually helping all that much with + the Docker packaging. My last upload was basically forever ago, and + tianon and tpot have been doing all the work since than. As such, I'm + going to make an unilateral executive decision to tell everyone who + listens to actually just listen to tpot. I plan to continue to be around in + the form of cruft and chaos monkey. You should also listen to tianon. + + [ Tianon Gravi ] + * Update basic-smoke test with "set -x" for debuggability and proper Depends + * Build from within GOPATH so Go packages are resolved properly + * Split "dh_auto_build-arch" from "dh_auto_build-indep" + * Update "debian/watch" to use "uscan.tianon.xyz" so older versions are still + easily fetchable without excess work outside uscan + * Fix d/copyright text about Apache version 2.0 being in + "/usr/share/common-licenses/GPL-2" (Closes: #835440); thanks cascardo! + * Add Tim Potter to Uploaders ♥ + * Add a bit more formatting to README.Debian (and a short intro to explain + what kinds of things this file includes) + * Add an explicit note about "systemd.legacy_systemd_cgroup_controller=yes" + in README.Debian (Closes: #843530) + * Add explicit new "golang-golang-x-oauth2-google-dev" package to Depends + + [ Tim Potter ] + * Add missing "golang-github-docker-go-events-dev" B-D (Closes: #850793) + * New upstream version. + * Refresh patches and remove obsolete ones. + * Remove logentries.com log driver as upstream module is unlicensed. + + -- Tianon Gravi Fri, 19 Aug 2016 12:52:55 -0700 + +docker.io (1.11.2~ds1-6) unstable; urgency=medium + + [ Tianon Gravi ] + * Add DEP-3 headers for "skip-racy-unit-tests.patch" + * Add a note about "check-config.sh" to README.Debian; thanks Tincho! + * Add "docker-doc" to Suggests (Closes: #831748); thanks Ben! + * Remove "lxc" from Suggests (no longer a supported execution backend) + + [ Nicolas Braud-Santoni ] + * Fix /etc/docker permissions (Closes: #831324) + + -- Tianon Gravi Wed, 20 Jul 2016 16:34:52 -0700 + +docker.io (1.11.2~ds1-5) unstable; urgency=medium + + * Skip racy "TestRunCommandWithOutputAndTimeoutKilled" during build (see also + https://github.com/docker/docker/issues/22965) + + -- Tianon Gravi Tue, 12 Jul 2016 07:46:35 -0700 + +docker.io (1.11.2~ds1-4) unstable; urgency=medium + + [ Tianon Gravi ] + * Add new script to generate Build-Depends based on "go list" instead of + "hack/vendor.sh" (and update Build-Depends using it) + * Update "/etc/default/docker" text to aggressively discourage use, linking to + upstream's documentation for the recommended alternatives + ("/etc/docker/daemon.json" and systemd drop-ins) + * Update gbp.conf for pristine-tar usage now that we're no longer multi-orig + * Remove "/var/lib/docker" upon purge (Closes: #739257) + + [ Dmitry Smirnov ] + * Add support for DEB_BUILD_OPTIONS=nocheck in debian/rules + + -- Tianon Gravi Mon, 11 Jul 2016 22:09:01 -0700 + +docker.io (1.11.2~ds1-3) unstable; urgency=medium + + * Team upload. + * Updated "skip-privileged-unit-tests.patch" to skip more privileged + tests in order to fix FTBFS in pbuilder. + * Install "opts" directory to -dev package. + + -- Dmitry Smirnov Sat, 09 Jul 2016 13:49:02 +1000 + +docker.io (1.11.2~ds1-2) unstable; urgency=medium + + * Add Tim Potter (tpot) and Dmitry Smirnov (onlyjob) to debian/copyright; they + were instrumental in getting 1.11 into the archive! + * Fix golang-github-docker-docker-dev install location (Closes: #830478); + thanks nicoo! + + -- Tianon Gravi Fri, 08 Jul 2016 08:47:44 -0700 + +docker.io (1.11.2~ds1-1) unstable; urgency=medium + + * Update to 1.11.2 upstream release + (Closes: #806887, #820149, #822628, #812838) + * Add NEWS file describing the AUFS issue and the unfortunate possible + "solutions" (Closes: #799386, #805725) + * Add "/etc/docker" to the directories explicitly installed by the package + to help combat issues like #806261 + * Update "Homepage" to "dockerproject.org" (versus ".com" which now redirects) + * Update "Vcs-Browser" to use https + * Shrink the Ubuntu delta by pulling in many of the changes + * Replace "btrfs-tools" relations with "btrfs-progs" (Closes: #824833) + * Adjust "repack.sh" to allow keeping minor bits of vendor/ + * Fix bad URL in README (Closes: #816844); thanks Clint! + * Move documentation to dedicated "docker-doc" package + * Refresh patches, add minor patch to get unit tests running + * Use gccgo on non-golang architectures (Closes: #785093) + * Use "dh-golang" to calculate "Built-Using" more accurately + * Add simple "basic-smoke" DEP8 test + + -- Tianon Gravi Mon, 04 Jul 2016 09:59:44 -0700 + +docker.io (1.8.3~ds1-2) unstable; urgency=medium + + * Move "overlay" higher in priority (Closes: #799087) + * Adjust "native.cgroupdriver" to default to "cgroupfs" (Closes: #798778) + + -- Tianon Gravi Wed, 04 Nov 2015 00:09:02 -0800 + +docker.io (1.8.3~ds1-1) unstable; urgency=medium + + * Update to 1.8.3 upstream release (CVE-2014-8178, CVE-2014-8179) + + -- Tianon Gravi Thu, 29 Oct 2015 19:40:51 -0700 + +docker.io (1.8.2~ds1-2) unstable; urgency=medium + + * Swap Build-Depends order to appease buildds (Closes: #803136) + + -- Tianon Gravi Thu, 29 Oct 2015 07:23:10 -0700 + +docker.io (1.8.2~ds1-1) unstable; urgency=medium + + * Update to 1.8.2 upstream release + * Rename golang-docker-dev package to golang-github-docker-docker-dev + * Add SELinux support (Closes: #799620) + + -- Tianon Gravi Wed, 28 Oct 2015 14:21:00 -0700 + +docker.io (1.7.1~dfsg1-1) unstable; urgency=medium + + * Update to 1.7.1 upstream release + * Remove patches applied upstream; refresh other patches + * Update Build-Depends + + -- Tianon Gravi Wed, 26 Aug 2015 10:13:48 -0700 + +docker.io (1.6.2~dfsg1-2) unstable; urgency=medium + + * Add DEP8 tests + - integration: runs upstream's integration tests + * Replace "code.google.com/p/go.net" with canonical "golang.org/x/net" + (Closes: #789736) + + -- Tianon Gravi Wed, 01 Jul 2015 07:45:19 -0600 + +docker.io (1.6.2~dfsg1-1) unstable; urgency=medium + + * Update to 1.6.2 upstream release + * Update deps in d/control to match upstream's hack/vendor.sh specifications + + -- Tianon Gravi Thu, 21 May 2015 00:47:43 -0600 + +docker.io (1.6.1+dfsg1-2) unstable; urgency=medium + + * Add --no-restart-on-upgrade to dh_installinit so that we don't force + a stop on upgrade, which can cause other units to fall over. Many thanks + to Michael Stapelberg (sECuRE) for the tip! + + -- Paul Tagliamonte Sun, 10 May 2015 13:02:54 -0400 + +docker.io (1.6.1+dfsg1-1) unstable; urgency=high + + * Update to 1.6.1 upstream release (Closes: #784726) + - CVE-2015-3627 + Insecure opening of file-descriptor 1 leading to privilege escalation + - CVE-2015-3629 + Symlink traversal on container respawn allows local privilege escalation + - CVE-2015-3630 + Read/write proc paths allow host modification & information disclosure + - CVE-2015-3631 + Volume mounts allow LSM profile escalation + + -- Tianon Gravi Fri, 08 May 2015 17:57:10 -0600 + +docker.io (1.6.0+dfsg1-1) unstable; urgency=medium + + * Upload to unstable + * Backport PR 12943 to support golang-go-patricia 2.* + * Remove convenience copies of cgroupfs-mount in init.d / upstart scripts + (Re: #783143) + + -- Tianon Gravi Tue, 05 May 2015 15:10:49 -0600 + +docker.io (1.6.0+dfsg1-1~exp1) experimental; urgency=medium + + * Update to 1.6.0 upstream release + * Adjust "repack.sh" to be more tolerant of "dfsg" suffixes + + -- Tianon Gravi Thu, 16 Apr 2015 18:00:21 -0600 + +docker.io (1.6.0~rc7~dfsg1-1~exp1) experimental; urgency=low + + * Update to 1.6.0-rc7 upstream release + + -- Tianon Gravi Wed, 15 Apr 2015 19:35:46 -0600 + +docker.io (1.6.0~rc4~dfsg1-1) experimental; urgency=low + + [ Tianon Gravi ] + * Update to 1.6.0-rc4 upstream release + - drop golang 1.2 support (no longer supported upstream) + - update Homepage to https://dockerproject.com + - add check-config.sh to /usr/share/docker.io/contrib + - add "distribution" as a new multitarball orig + - backport auto "btrfs_noversion" patch from + https://github.com/docker/docker/pull/12048 + (simplifying our logic for detecting whether to use it) + - switch from dh-golang to direct install since we're not actually using the + features it offers (due to upstream's build system) + - enable "docker.service" on boot by default for restart policies to work + + [ Felipe Sateler ] + * Add Built-Using for glibc (Closes: #769351). + + -- Tianon Gravi Mon, 06 Apr 2015 17:11:33 -0600 + +docker.io (1.5.0~dfsg1-1) experimental; urgency=low + + * Update to 1.5.0 upstream release (Closes: #773495) + * Remove several patches applied upstream! + - 9637-fix-nuke-bashism.patch + - enable-non-amd64-arches.patch + * Fix btrfs-tools handling to allow for building with btrfs-tools < 1.16.1 + + -- Tianon Gravi Tue, 10 Mar 2015 22:58:49 -0600 + +docker.io (1.3.3~dfsg1-2) unstable; urgency=medium + + * Add fatal-error-old-kernels.patch to make Docker refuse to start on old, + unsupported kernels (Closes: #774376) + * Fix dh_auto_clean to clean up after the build properly, especially to avoid + FTBFS when built twice (Closes: #774482) + + -- Tianon Gravi Sat, 03 Jan 2015 00:11:47 -0700 + +docker.io (1.3.3~dfsg1-1) unstable; urgency=medium + + [ Tianon Gravi ] + * Update to 1.3.3 upstream release (Closes: #772909) + - Fix for CVE-2014-9356 (Path traversal during processing of absolute + symlinks) + - Fix for CVE-2014-9357 (Escalation of privileges during decompression of + LZMA (.xz) archives) + - Fix for CVE-2014-9358 (Path traversal and spoofing opportunities presented + through image identifiers) + * Fix bashism in nuke-graph-directory.sh (Closes: #772261) + + [ Didier Roche ] + * Support starting systemd service without /etc/default/docker + (Closes: #770293) + + -- Tianon Gravi Thu, 18 Dec 2014 21:54:12 -0700 + +docker.io (1.3.2~dfsg1-1) unstable; urgency=high + + * Severity is set to high due to the sensitive nature of the CVEs this + upload fixes. + * Update to 1.3.2 upstream release + - Fix for CVE-2014-6407 (Archive extraction host privilege escalation) + - Fix for CVE-2014-6408 (Security options applied to image could lead + to container escalation) + * Remove Daniel Mizyrycki from Uploaders. Thanks for all your work! + + -- Paul Tagliamonte Mon, 24 Nov 2014 19:14:28 -0500 + +docker.io (1.3.1~dfsg1-2) unstable; urgency=medium + + * Remove deprecated /usr/bin/docker.io symlink + - added as a temporary shim in 1.0.0~dfsg1-1 (13 Jun 2014) + - unused by package-installed files in 1.2.0~dfsg1-1 (13 Sep 2014) + + -- Tianon Gravi Fri, 07 Nov 2014 13:11:34 -0700 + +docker.io (1.3.1~dfsg1-1) unstable; urgency=high + + * Update to 1.3.1 upstream release + - fix for CVE-2014-5277 + - https://groups.google.com/d/topic/docker-user/oYm0i3xShJU/discussion + + -- Tianon Gravi Mon, 03 Nov 2014 08:26:29 -0700 + +docker.io (1.3.0~dfsg1-1) unstable; urgency=medium + + * Updated to 1.3.0 upstream release. + * Enable systemd socket activation (Closes: #752555). + + -- Tianon Gravi Fri, 17 Oct 2014 00:56:07 -0600 + +docker.io (1.2.0~dfsg1-2) unstable; urgency=medium + + * Added "golang-docker-dev" package for the reusable bits of Docker's source. + + -- Tianon Gravi Thu, 09 Oct 2014 00:08:11 +0000 + +docker.io (1.2.0~dfsg1-1) unstable; urgency=medium + + * Updated to 1.2.0 upstream release (Closes: #757183, #757023, #757024). + * Added upstream man pages. + * Updated bash and zsh completions to be installed as "docker" and "_docker". + * Updated init scripts to also be installed as "docker". + * Fixed "equivalent" typo in README.Debian (Closes: #756395). Thanks Reuben! + * Removed "docker.io" mention in README.Debian (Closes: #756290). Thanks + Olivier! + + -- Tianon Gravi Sat, 13 Sep 2014 11:43:17 -0600 + +docker.io (1.0.0~dfsg1-1) unstable; urgency=medium + + * Updated to 1.0.0 upstream release. Huzzah! + * I've removed what is commonly called a `button' of patches against + the docker package. Exact patches: + - bash-completion-docker.io.patch + - systemd-docker.io.patch + - sysvinit-provides-docker.io.patch + - zsh-completion-docker.io.patch + - mkimage-docker.io.patch + * I know y'all are guessing why; and the answer's pretty simple -- we're + no longer docker.io(1). Since the src:docker package now ships wmdocker(1), + we can safely declare a breaks/replaces on the pre-wmdocker version of the + package, allowing existing users to safely update, both src:docker and + src:docker.io side. This brings us into line with other distros, which + now ship wmdocker(1) and docker(1). + * As a stop-gap, I'm still shipping a docker.io(1) symlink to allow + migration away. + + -- Paul Tagliamonte Fri, 13 Jun 2014 21:04:53 -0400 + +docker.io (0.11.1~dfsg1-1) unstable; urgency=medium + + [ Paul Tagliamonte ] + * Use EnvironmentFile with the systemd unit file. (Closes: #746774) + * Patch out version checking code. (Closes: #747140) + * Remove all host checking for non-amd64 host arches. Let docker build + and run on all platforms now. (Closes: #747139, #739914) + + [ Tianon Gravi ] + * Updated to 0.11.1 upstream release. + * Added backported upstream patch for removing RemoteAddr assumptions + that cause events to not be delivered to more than one unix socket + listener. + + -- Tianon Gravi Fri, 09 May 2014 17:30:45 -0400 + +docker.io (0.9.1~dfsg1-2) unstable; urgency=medium + + * Added upstream apparmor patch to fix newer apparmor versions (such as the + version appearing in Ubuntu 14.04). + * Added mkimage-* docker.io binary name patches (Closes: #740855). + + -- Tianon Gravi Tue, 08 Apr 2014 23:19:08 -0400 + +docker.io (0.9.1~dfsg1-1) unstable; urgency=medium + + * Updated to 0.9.1 upstream release (Closes: #743424). + * Added cgroupfs-mount dependency (Closes: #742641). + * Added Suggests entries for optional features, chiefly lxc (Closes: #742081). + * Added notes about "root-equivalence" to README.Debian (Closes: #742387). + + -- Tianon Gravi Thu, 03 Apr 2014 21:38:30 -0400 + +docker.io (0.9.0+dfsg1-1) unstable; urgency=medium + + * Updated README.Debian to not be quite so outdated (Closes: #740850). + * Updated to 0.9.0 upstream release. + + -- Tianon Gravi Tue, 11 Mar 2014 22:24:31 -0400 + +docker.io (0.8.1+dfsg1-1) unstable; urgency=medium + + * Updated to 0.8.1 upstream release. + + -- Tianon Gravi Tue, 25 Feb 2014 20:56:31 -0500 + +docker.io (0.8.0+dfsg1-2) unstable; urgency=medium + + [ Tianon Gravi ] + * Added more license notes to debian/copyright (Closes: #738627). + + -- Tianon Gravi Sat, 15 Feb 2014 17:51:58 -0500 + +docker.io (0.8.0+dfsg1-1) unstable; urgency=medium + + [ Prach Pongpanich ] + * Added zsh completion. + + [ Tianon Gravi ] + * Updated to 0.8.0 upstream release. + * Added vim syntax files in new vim-syntax-docker package. + * Added note about minimum recommended kernel version to Description. + * Added contrib/*-integration files in /usr/share/docker.io/contrib. + + -- Tianon Gravi Mon, 10 Feb 2014 20:41:10 -0500 + +docker.io (0.7.6+dfsg1-1) unstable; urgency=medium + + [ Johan Euphrosine ] + * Updated to 0.7.6. + * Added dependency to gocapability. + * Clean patches. + + [ Tianon Gravi ] + * Added contrib/mk* scripts from upstream into /usr/share/docker.io/contrib + (Closes: #736068). + * Added upstream udev rules file to stop device-mapper devices and mounts from + appearing in desktop environments through udisks. + + -- Johan Euphrosine Wed, 22 Jan 2014 22:50:47 -0500 + +docker.io (0.7.1+dfsg1-1) unstable; urgency=medium + + [ Prach Pongpanich ] + * Fixed "docker: command not found" errors while using bash tab completion + (Closes: #735372). + + [ Tianon Gravi ] + * Updated to 0.7.1 upstream release (while we wait for gocapability to be + packaged). + * Added xz-utils recommend which is required for decompressing certain images + from the index. + + -- Tianon Gravi Wed, 15 Jan 2014 20:22:34 -0500 + +docker.io (0.6.7+dfsg1-3) unstable; urgency=medium + + * Fixed FTBFS on non-amd64 platforms by setting the correct GOPATH. + * Fixed issues with Docker finding a valid dockerinit (Closes: #734758). + * Added aufs-tools dependency. + + -- Tianon Gravi Thu, 09 Jan 2014 20:10:20 -0500 + +docker.io (0.6.7+dfsg1-2) unstable; urgency=medium + + * Added iptables dependency required for Docker to start. + * Added ca-certificates recommend required for pulling from the index. + + -- Tianon Gravi Wed, 08 Jan 2014 19:14:02 -0500 + +docker.io (0.6.7+dfsg1-1) unstable; urgency=medium + + * Initial release (Closes: #706060, #730569) + * Document missing licenses in the source tree. Bad, paultag. Thanks + alteholz. + + -- Paul Tagliamonte Tue, 07 Jan 2014 21:06:10 -0500 diff --git a/clean b/clean new file mode 100644 index 00000000..27984cfb --- /dev/null +++ b/clean @@ -0,0 +1,26 @@ +## Debian CI: +debian/.gitlab-ci.yml +debian/.yamllint + +## Useless non-doc files: +engine/docs/.gitignore +engine/docs/Dockerfile +engine/docs/Makefile +engine/docs/touch-up.sh + +## generated: +engine/dockerversion/version_autogen_unix.go +engine/dockerversion/version_autogen.go + +## Tests that cause issues: (and are difficult to patch instead of removing) +daemon/graphdriver/devmapper/*_test.go +cmd/docker/daemon_none_test.go + +## Privileged tests: +cli/cli/command/image/build_linux_test.go +engine/builder/remotecontext/tarsum_test.go +engine/daemon/graphdriver/devmapper/devmapper_test.go +engine/daemon/graphdriver/quota/projectquota_test.go +engine/daemon/graphdriver/vfs/vfs_test.go +engine/pkg/chrootarchive/archive_test.go +engine/plugin/manager_linux_test.go diff --git a/compat b/compat new file mode 100644 index 00000000..b4de3947 --- /dev/null +++ b/compat @@ -0,0 +1 @@ +11 diff --git a/control b/control new file mode 100644 index 00000000..a9865722 --- /dev/null +++ b/control @@ -0,0 +1,282 @@ +Source: docker.io +Section: admin +Priority: optional +Standards-Version: 4.3.0 +Maintainer: Dmitry Smirnov +Uploaders: Arnaud Rebillout + ,Tim Potter + ,Tianon Gravi + ,Paul Tagliamonte +#Build-Conflicts: golang-github-docker-docker-dev +Build-Depends: debhelper (>= 11~) ,dh-exec ,dh-golang (>= 1.14~) + ,bash-completion, + ,ca-certificates + ,git + ,golang-any (>= 2:1.10~) + ,go-md2man (>= 1.0.3~) + ,gogoprotobuf, libprotobuf-dev + ,golang-dbus-dev (>= 4.1.0~) + ,golang-etcd-server-dev +# ,golang-github-appc-cni-dev (>= 0.6.0~) + ,golang-github-armon-go-metrics-dev + ,golang-github-asaskevich-govalidator-dev + ,golang-github-aws-aws-sdk-go-dev + ,golang-github-azure-go-ansiterm-dev + ,golang-github-blang-semver-dev + ,golang-github-boltdb-bolt-dev + ,golang-github-bshuster-repo-logrus-logstash-hook-dev + ,golang-github-bsphere-le-go-dev + ,golang-github-burntsushi-toml-dev + ,golang-github-cloudflare-cfssl-dev + ,golang-github-containerd-btrfs-dev (>= 0.0~git20180306~) + ,golang-github-containerd-cgroups-dev + ,golang-github-containerd-console-dev + ,golang-github-containerd-fifo-dev + ,golang-github-containerd-go-runc-dev + ,golang-github-containerd-typeurl-dev + ,golang-github-coreos-bbolt-dev (>= 1.3.1-coreos.5-3~) + ,golang-github-coreos-go-systemd-dev (>= 17~) + ,golang-github-davecgh-go-spew-dev + ,golang-github-deckarep-golang-set-dev + ,golang-github-denverdino-aliyungo-dev + ,golang-github-dgrijalva-jwt-go-dev + ,golang-github-dgrijalva-jwt-go-v3-dev + ,golang-github-docker-docker-credential-helpers-dev (>= 0.6.1~) + ,golang-github-docker-goamz-dev + ,golang-github-docker-go-connections-dev (>= 0.3.0~) + ,golang-github-docker-go-dev + ,golang-github-docker-go-units-dev (>= 0.3.1+git20161130.10.e30f1e7) + ,golang-github-docker-libkv-dev + ,golang-github-docker-libtrust-dev + ,golang-github-docker-notary-dev (>= 0.6.1~) | golang-github-theupdateframework-notary-dev + ,golang-github-docker-spdystream-dev + ,golang-github-emicklei-go-restful-dev + ,golang-github-fluent-fluent-logger-golang-dev (>= 1.3.0~) + ,golang-github-flynn-archive-go-shlex-dev + ,golang-github-fsnotify-fsnotify-dev + ,golang-github-garyburd-redigo-dev + ,golang-github-ghodss-yaml-dev + ,golang-github-gogo-googleapis-dev + ,golang-github-googleapis-gax-go-dev + ,golang-github-googleapis-gnostic-dev + ,golang-github-google-go-cmp-dev (>= 0.2.0~) + ,golang-github-google-gofuzz-dev + ,golang-github-google-shlex-dev + ,golang-github-gorilla-mux-dev + ,golang-github-gotestyourself-gotest.tools-dev + ,golang-github-graylog2-go-gelf-dev + ,golang-github-gregjones-httpcache-dev + ,golang-github-grpc-ecosystem-go-grpc-prometheus-dev +# ,golang-github-grpc-ecosystem-grpc-gateway-dev + ,golang-github-hashicorp-go-msgpack-dev + ,golang-github-hashicorp-go-version-dev + ,golang-github-hashicorp-memberlist-dev (>= 0.1.0~) + ,golang-github-hashicorp-serf-dev + ,golang-github-imdario-mergo-dev (>= 0.3.3~) + ,golang-github-json-iterator-go-dev (>= 1.1.4~) + ,golang-github-kr-pty-dev + ,golang-github-mattn-go-shellwords-dev + ,golang-github-mattn-go-sqlite3-dev + ,golang-github-miekg-dns-dev + ,golang-github-miekg-pkcs11-dev + ,golang-github-mitchellh-hashstructure-dev +# ,golang-github-modern-go-concurrent-dev + ,golang-github-modern-go-reflect2-dev + ,golang-github-mrunalp-fileutils-dev + ,golang-github-ncw-swift-dev +#~ ,golang-github-nvveen-gotty-dev + ,golang-github-opencontainers-go-digest-dev + ,golang-github-opencontainers-image-spec-dev (>= 1.0.1~) + ,golang-github-opencontainers-runc-dev (>= 1.0.0~rc6~) + ,golang-github-opencontainers-runtime-tools-dev + ,golang-github-opencontainers-selinux-dev + ,golang-github-opencontainers-specs-dev (>= 1.0.1~) + ,golang-github-opentracing-contrib-go-stdlib-dev + ,golang-github-opentracing-opentracing-go-dev + ,golang-github-pborman-uuid-dev + ,golang-github-peterbourgon-diskv-dev (>= 2.0.1~) + ,golang-github-philhofer-fwd-dev + ,golang-github-pivotal-golang-clock-dev + ,golang-github-pmezard-go-difflib-dev + ,golang-github-prometheus-client-golang-dev (>= 0.9.0~) + ,golang-github-racksec-srslog-dev + ,golang-github-rcrowley-go-metrics-dev + ,golang-github-rsc-letsencrypt-dev + ,golang-github-samuel-go-zookeeper-dev + ,golang-github-satori-go.uuid-dev + ,golang-github-seccomp-libseccomp-golang-dev (>= 0.9.0) + ,golang-github-sirupsen-logrus-dev (>= 1.0.2~) +# ,golang-github-spf13-cobra-dev (>= 0.0.2~) +# ,golang-github-spf13-pflag-dev + ,golang-github-stevvooe-ttrpc-dev + ,golang-github-tchap-go-patricia-dev + ,golang-github-tinylib-msgp-dev + ,golang-github-tonistiigi-fifo-dev + ,golang-github-ugorji-go-codec-dev + ,golang-github-urfave-cli-dev (>= 1.20.0~) + ,golang-github-vaughan0-go-ini-dev + ,golang-github-vbatts-tar-split-dev + ,golang-github-vdemeester-shakers-dev + ,golang-github-vishvananda-netlink-dev (>= 1.0.0~) + ,golang-github-vishvananda-netns-dev (>= 0.0~git20170707~) + ,golang-github-xenolf-lego-dev +# ,golang-glog-dev + ,golang-gocapability-dev + ,golang-golang-x-net-dev + ,golang-golang-x-oauth2-google-dev | golang-golang-x-oauth2-dev + ,golang-golang-x-time-dev + ,golang-google-api-dev + ,golang-google-cloud-dev + ,golang-google-grpc-dev + ,golang-gopkg-check.v1-dev + ,golang-gopkg-inf.v0-dev + ,golang-goprotobuf-dev (>= 0.0~git20151207~) + ,golang-go-zfs-dev + ,golang-protobuf-extensions-dev + ,libapparmor-dev + ,libbtrfs-dev | btrfs-progs (<< 4.16.1~) + ,libdevmapper-dev + ,pkg-config + ,procps + ,tzdata +Homepage: https://dockerproject.org +Vcs-Browser: https://salsa.debian.org/docker-team/docker +Vcs-Git: https://salsa.debian.org/docker-team/docker.git +XS-Go-Import-Path: github.com/docker/docker + +Package: docker.io +Architecture: linux-any +Depends: ${misc:Depends} ,${perl:Depends} ,${shlibs:Depends} + ,adduser + ,iptables + ,lsb-base + ,runc (>= 1.0.0~rc6~) + ,tini +Recommends: ${apparmor:Recommends} + ,ca-certificates + ,cgroupfs-mount + ,git + ,needrestart (>= 3.1~) + ,xz-utils +Replaces: docker (<< 1.5~) ,docker-containerd ,docker-runc ,golang-libnetwork +Breaks: docker (<< 1.5~) ,docker-containerd ,docker-runc ,golang-libnetwork +Conflicts: docker-containerd ,docker-runc ,golang-libnetwork +Suggests: docker-doc + ,aufs-tools + ,btrfs-progs + ,debootstrap + ,e2fsprogs + ,rinse + ,xfsprogs + ,zfs-fuse | zfsutils +Built-Using: ${libc:Built-Using}, ${misc:Built-Using} +Description: Linux container runtime + Docker complements kernel namespacing with a high-level API which operates at + the process level. It runs unix processes with strong guarantees of isolation + and repeatability across servers. + . + Docker is a great building block for automating distributed systems: + large-scale web deployments, database clusters, continuous deployment systems, + private PaaS, service-oriented architectures, etc. + . + This package contains the daemon and client. Using docker.io on non-amd64 hosts + is not supported at this time. Please be careful when using it on anything + besides amd64. + . + Also, note that kernel version 3.8 or above is required for proper operation of + the daemon process, and that any lower versions may have subtle and/or glaring + issues. + +Package: vim-syntax-docker +Architecture: all +Depends: vim, ${misc:Depends} +Recommends: vim-addon-manager +Suggests: docker.io +Description: Docker container engine - Vim highlighting syntax files + This package provides syntax files for the Vim editor for editing Dockerfiles + from the Docker container engine. + +Package: golang-github-docker-docker-dev +Architecture: all +Depends: ${misc:Depends} + ,golang-github-azure-go-ansiterm-dev + ,golang-github-docker-distribution-dev + ,golang-github-docker-docker-credential-helpers-dev (>= 0.6.1~) + ,golang-github-docker-go-connections-dev + ,golang-github-docker-go-units-dev + ,golang-github-docker-libkv-dev + ,golang-github-fsnotify-fsnotify-dev + ,golang-github-gorilla-mux-dev + ,golang-github-mattn-go-shellwords-dev + ,golang-github-opencontainers-go-digest-dev + ,golang-github-opencontainers-image-spec-dev + ,golang-github-opencontainers-runc-dev (>= 1.0.0~rc6~) + ,golang-github-opencontainers-selinux-dev + ,golang-github-pkg-errors-dev + ,golang-github-sirupsen-logrus-dev (>= 1.0.2~) + ,golang-github-stretchr-testify-dev + ,golang-github-tchap-go-patricia-dev + ,golang-golang-x-net-dev + ,golang-golang-x-sys-dev + ,golang-google-grpc-dev + ,golang-gopkg-check.v1-dev +# libnetwork: + ,golang-dbus-dev (>= 3~) + ,golang-github-burntsushi-toml-dev + ,golang-github-deckarep-golang-set-dev + ,golang-github-docker-go-events-dev + ,golang-github-gogo-protobuf-dev + ,golang-github-hashicorp-memberlist-dev (>= 0.1.0~) + ,golang-github-hashicorp-serf-dev + ,golang-github-vishvananda-netlink-dev (>= 1.0.0~) + ,golang-github-vishvananda-netns-dev +Replaces: golang-docker-dev (<< 1.8.2~ds1-1~) + ,golang-github-docker-libnetwork-dev +Breaks: golang-docker-dev (<< 1.8.2~ds1-1~) + ,golang-github-docker-libnetwork-dev +Provides: golang-github-docker-libnetwork-dev +Description: reusable Go packages included with Docker + These packages are intentionally developed by upstream in such a way that they + are reusable to projects outside Docker and only rely on each other or other + external dependencies to be built. + +Package: golang-docker-dev +Section: oldlibs +Architecture: all +Depends: golang-github-docker-docker-dev, ${misc:Depends} +Description: Transitional package for golang-github-docker-docker-dev + This is a transitional package to ease upgrades to the + golang-github-docker-docker-dev package. It can safely be removed. + +#Package: golang-github-opencontainers-docker-runc-dev +#Section: oldlibs +#Architecture: all +#Depends: ${misc:Depends} +# ,golang-github-opencontainers-runc-dev (>= 1.0.0~) +#Description: Open Container Project - development files (Docker's version) +# This is a transitional package to ease upgrades to the +# "golang-github-opencontainers-runc-dev" package. It can safely be removed. + +Package: docker-doc +Provides: docker.io-doc +Section: doc +Architecture: all +Depends: ${misc:Depends} +Description: Linux container runtime -- documentation + Docker complements kernel namespacing with a high-level API which operates at + the process level. It runs unix processes with strong guarantees of isolation + and repeatability across servers. + . + Docker is a great building block for automating distributed systems: + large-scale web deployments, database clusters, continuous deployment systems, + private PaaS, service-oriented architectures, etc. + . + This package contains the daemon and client. Using docker.io on non-amd64 hosts + is not supported at this time. Please be careful when using it on anything + besides amd64. + . + Also, note that kernel version 3.8 or above is required for proper operation of + the daemon process, and that any lower versions may have subtle and/or glaring + issues. + . + This package provides documentation for Docker. diff --git a/copyright b/copyright new file mode 100644 index 00000000..ebb1fef9 --- /dev/null +++ b/copyright @@ -0,0 +1,544 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: Docker +Upstream-Contact: Docker, Inc. +Source: https://github.com/docker/docker +Files-Excluded: + .github + .gitignore + components/packaging + vendor/k8s.io/*/third_party/protobuf + vendor/archive + vendor/cloud.google.com + vendor/github.com/agl/ed25519 + vendor/github.com/armon/go-metrics + vendor/github.com/armon/go-radix + vendor/github.com/asaskevich/govalidator + vendor/github.com/aws/aws-sdk-go + vendor/github.com/Azure/azure-sdk-for-go + vendor/github.com/Azure/go-ansiterm + vendor/github.com/Azure/go-autorest + vendor/github.com/beorn7/perks + vendor/github.com/blang/semver + vendor/github.com/boltdb/bolt + vendor/github.com/bshuster-repo/logrus-logstash-hook + vendor/github.com/bsphere/le_go + vendor/github.com/bugsnag/bugsnag-go + vendor/github.com/bugsnag/osext + vendor/github.com/bugsnag/panicwrap + vendor/github.com/BurntSushi/toml + vendor/github.com/cloudflare/cfssl + vendor/github.com/codegangsta/cli + ~~vendor/github.com/containerd/aufs + vendor/github.com/containerd/btrfs + vendor/github.com/containerd/cgroups + vendor/github.com/containerd/console + vendor/github.com/containerd/containerd + ~~vendor/github.com/containerd/continuity + ~~vendor/github.com/containerd/cri + vendor/github.com/containerd/fifo + ~~vendor/github.com/containerd/go-cni + ~~vendor/github.com/containerd/go-runc + ~~vendor/github.com/containerd/ttrpc + vendor/github.com/containerd/typeurl + ~~vendor/github.com/containerd/zfs + ~~vendor/github.com/containernetworking/cni + ~~vendor/github.com/containernetworking/plugins + vendor/github.com/coreos/etcd + vendor/github.com/coreos/go-semver + vendor/github.com/coreos/go-systemd + vendor/github.com/coreos/pkg + vendor/github.com/cpuguy83/go-md2man + vendor/github.com/davecgh/go-spew + vendor/github.com/deckarep/golang-set + vendor/github.com/denverdino/aliyungo + vendor/github.com/dgrijalva/jwt-go + vendor/github.com/docker/distribution + vendor/github.com/docker/docker + vendor/github.com/docker/docker-credential-helpers + vendor/github.com/docker/go + vendor/github.com/docker/goamz + vendor/github.com/docker/go-connections + vendor/github.com/docker/go-events + vendor/github.com/docker/go-metrics + vendor/github.com/docker/go-units + vendor/github.com/docker/libkv + vendor/github.com/docker/libnetwork + vendor/github.com/docker/libtrust + ~~vendor/github.com/docker/licensing + vendor/github.com/docker/spdystream + vendor/github.com/docker/swarmkit + vendor/github.com/dustin/go-humanize + vendor/github.com/emicklei/go-restful + ~~vendor/github.com/fernet/fernet-go + vendor/github.com/fluent/fluent-logger-golang + vendor/github.com/flynn-archive/go-shlex + vendor/github.com/fsnotify/fsnotify + vendor/github.com/garyburd/redigo + vendor/github.com/ghodss/yaml + vendor/github.com/go-check/check + vendor/github.com/godbus/dbus + vendor/github.com/gogo/googleapis + vendor/github.com/gogo/protobuf + vendor/github.com/go-ini/ini + ~~vendor/github.com/golang/gddo + vendor/github.com/golang/glog + vendor/github.com/golang/protobuf + vendor/github.com/googleapis/gax-go + vendor/github.com/googleapis/gnostic + vendor/github.com/google/btree + vendor/github.com/google/certificate-transparency-go + vendor/github.com/google/go-cmp + vendor/github.com/google/gofuzz + vendor/github.com/google/shlex + vendor/github.com/gorilla/context + vendor/github.com/gorilla/handlers + vendor/github.com/gorilla/mux + ~~vendor/github.com/Graylog2/go-gelf + vendor/github.com/gregjones/httpcache + vendor/github.com/grpc-ecosystem/go-grpc-prometheus + vendor/github.com/grpc-ecosystem/grpc-gateway + ~~vendor/github.com/grpc-ecosystem/grpc-opentracing + vendor/github.com/hashicorp/consul + vendor/github.com/hashicorp/errwrap + ~~vendor/github.com/hashicorp/go-immutable-radix + vendor/github.com/hashicorp/golang-lru + vendor/github.com/hashicorp/go-memdb + vendor/github.com/hashicorp/go-msgpack + vendor/github.com/hashicorp/go-multierror + vendor/github.com/hashicorp/go-sockaddr + vendor/github.com/hashicorp/go-version + vendor/github.com/hashicorp/memberlist + vendor/github.com/hashicorp/serf + vendor/github.com/imdario/mergo + vendor/github.com/inconshreveable/mousetrap + ~~vendor/github.com/ishidawataru/sctp + vendor/github.com/jmespath/go-jmespath + vendor/github.com/json-iterator/go + vendor/github.com/kr/pty + vendor/github.com/mattn/go-shellwords + vendor/github.com/matttproud/golang_protobuf_extensions + vendor/github.com/Microsoft/go-winio + vendor/github.com/Microsoft/hcsshim + vendor/github.com/Microsoft/opengcs + vendor/github.com/miekg/dns + vendor/github.com/miekg/pkcs11 + vendor/github.com/mistifyio/go-zfs + vendor/github.com/mitchellh/hashstructure + vendor/github.com/mitchellh/mapstructure + ~~vendor/github.com/moby/buildkit + vendor/github.com/modern-go/concurrent + vendor/github.com/modern-go/reflect2 + ~~vendor/github.com/morikuni/aec + vendor/github.com/ncw/swift + ~~vendor/github.com/Nvveen/Gotty + vendor/github.com/opencontainers/go-digest + vendor/github.com/opencontainers/image-spec + vendor/github.com/opencontainers/runc + vendor/github.com/opencontainers/runtime-spec + vendor/github.com/opencontainers/runtime-tools + vendor/github.com/opencontainers/selinux + vendor/github.com/opentracing-contrib/go-stdlib + vendor/github.com/opentracing/opentracing-go + vendor/github.com/pborman/uuid + vendor/github.com/peterbourgon/diskv + ~~vendor/github.com/phayes/permbits + vendor/github.com/philhofer/fwd + vendor/github.com/pivotal-golang/clock + vendor/github.com/pkg/errors + vendor/github.com/pmezard/go-difflib + vendor/github.com/prometheus/client_golang + vendor/github.com/prometheus/client_model + vendor/github.com/prometheus/common + vendor/github.com/prometheus/procfs + vendor/github.com/RackSec/srslog + vendor/github.com/rcrowley/go-metrics + vendor/github.com/russross/blackfriday + vendor/github.com/samuel/go-zookeeper + vendor/github.com/satori/go.uuid + vendor/github.com/sean-/seed + vendor/github.com/seccomp/libseccomp-golang + vendor/github.com/shurcooL/sanitized_anchor_name + vendor/github.com/sirupsen/logrus + ~~vendor/github.com/spf13/cobra + ~~vendor/github.com/spf13/pflag + vendor/github.com/stevvooe/resumable + vendor/github.com/stretchr/testify + vendor/github.com/syndtr/gocapability + vendor/github.com/tchap/go-patricia + vendor/github.com/theupdateframework/notary + vendor/github.com/tinylib/msgp + ~~vendor/github.com/tonistiigi/fsutil + ~~vendor/github.com/tonistiigi/units + vendor/github.com/ugorji/go + vendor/github.com/urfave/cli + vendor/github.com/vbatts/tar-split + vendor/github.com/vdemeester/shakers + vendor/github.com/vishvananda/netlink + vendor/github.com/vishvananda/netns + vendor/github.com/xeipuuv/gojsonpointer + vendor/github.com/xeipuuv/gojsonreference + vendor/github.com/xeipuuv/gojsonschema + vendor/github.com/xenolf/lego + vendor/github.com/yvasiyarov/go-metrics + vendor/github.com/yvasiyarov/gorelic + vendor/github.com/yvasiyarov/newrelic_platform_go + vendor/go.etcd.io + vendor/golang.org + vendor/google.golang.org + vendor/go.opencensus.io + vendor/gopkg.in + vendor/gotest.tools + ~~vendor/k8s.io + vendor/rsc.io + ~~vendor/vbom.ml +Files-Excluded-containerd: + */docs +Files-Excluded-distribution: + */docs +Comment: + Thanks to custom repack script, Files-Excluded section is applied to all + components otherwise individual Files-Excluded-{component} sections would + contain too much duplication. + +Files: * +Copyright: 2012-2018 Docker, Inc. +License: Apache-2.0 + +Files: + cli/contrib/completion/zsh/* +Copyright: 2013-2014 Felix Riedel +License: BSD-3-clause-Generic + +Files: + engine/contrib/init/openrc/docker.initd +Copyright: 1999-2013 Gentoo Foundation +License: GPL-2 + +Files: + engine/contrib/selinux-fedora-24/docker-engine-selinux/* + engine/contrib/selinux-oraclelinux-7/docker-engine-selinux/* +Copyright: 2012-2016 Docker Inc. +License: GPL-2 +Comment: No explicit copyright statement; assuming upstream copyright. + +Files: + engine/contrib/syntax/vim/* +Copyright: 2013 Honza Pokorny +License: BSD-2-clause + +Files: + engine/pkg/symlink/fs.go +Copyright: 2014-2016 The Docker & Go Authors +License: BSD-3-clause-Google + +Files: + */vendor/github.com/bugsnag/osext/osext* + */vendor/github.com/containerd/continuity/sysx/asm.s +Copyright: + 2008 Google Inc. + 2014-2016 The Go Authors +License: BSD-3-clause-Google + +Files: + */vendor/github.com/containernetworking/plugins/* +Copyright: 2015-2017 CNI authors +License: Apache-2.0 + +Files: + */vendor/github.com/docker/licensing +Copyright: 2013-2017 Docker, Inc. +License: Apache-2.0 + +Files: + */vendor/github.com/fernet/fernet-go/* +Copyright: 2013 Keith Rarick +License: Expat + +Files: + */vendor/github.com/Graylog2/go-gelf/* +Copyright: 2012 SocialCode +License: Expat + +Files: + */vendor/github.com/grpc-ecosystem/grpc-opentracing/* +Copyright: 2016, gRPC Ecosystem +License: BSD-3-clause-GRPC-Opentracing + +Files: + */vendor/github.com/ishidawataru/sctp/* +Copyright: N/A +License: Apache-2.0 +Comment: The upstream distribution does not contain an explicit statement of + copyright ownership. Pursuant to the Berne Convention for the Protection of + Literary and Artistic Works, it is assumed that all content is copyright by + its respective authors unless otherwise stated. + . + https://github.com/ishidawataru/sctp/issues/23 + +Files: + vendor/github.com/morikuni/aec/* +Copyright: 2016 Taihei Morikuni +License: Expat + +Files: + */vendor/github.com/Nvveen/Gotty/* +Copyright: 2012 Neal van Veen +License: BSD-2-clause~freebsd + +Files: + */vendor/github.com/phayes/permbits/* +Copyright: 2016 Patrick D Hayes +License: Expat + +Files: + */vendor/github.com/spf13/cobra/* +Copyright: + 2013 Steve Francia + 2015 Red Hat Inc. + 2016 French Ben +License: Apache-2.0 + +Files: + */vendor/github.com/spf13/pflag/* +Copyright: + 2012 The Go Authors + 2012–2015 Alex Ogier +License: BSD-3-clause-Google + +Files: + */vendor/github.com/tonistiigi/fsutil/* +Copyright: 2017 Tõnis Tiigi +License: Expat + +Files: + */vendor/github.com/yvasiyarov/* +Copyright: + 2012 Richard Crowley + 2013 Yuriy Vasiyarov +License: BSD-2-clause + +Files: + vendor/gotest.tools/* +Copyright: 2018 gotest.tools authors +License: Apache-2.0 + +Files: + vendor/gotest.tools/internal/difflib/* +Copyright: 2013 Patrick Mezard +License: BSD-3-clause-Generic + +Files: + */vendor/k8s.io/* +Copyright: 2014-2018 The Kubernetes Authors. +License: Apache-2.0 + +Files: + */vendor/k8s.io/apimachinery/third_party/forked/golang/reflect/deep_equal.go +Copyright: 2009 The Go Authors +License: BSD-3-clause-Google + +Files: + */vendor/vbom.ml/util/* +Copyright: 2015 Frits van Bommel +License: Expat + +Files: debian/* +Copyright: + 2016-2018 Dmitry Smirnov + 2013-2014 Daniel Mizyrycki + 2013-2014 Paul Tagliamonte + 2012-2014 Michael Stapelberg + 2013-2016 Tianon Gravi + 2013-2014 Johan Euphrosine + 2014 Prach Pongpanich + 2016 Tim Potter + 2016 Michael Hudson-Doyle +License: Apache-2.0 + +License: Apache-2.0 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + http://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + On Debian systems, the complete text of the Apache version 2.0 license + can be found in "/usr/share/common-licenses/Apache-2.0". + +License: BSD-2-clause + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + . + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR + ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +License: BSD-2-clause~freebsd + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + . + 1. Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR + ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + . + The views and conclusions contained in the software and documentation are those + of the authors and should not be interpreted as representing official policies, + either expressed or implied, of the FreeBSD Project. + +License: BSD-3-clause-Generic + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY + DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +License: BSD-3-clause-Google + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are + met: + . + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following disclaimer + in the documentation and/or other materials provided with the + distribution. + * Neither the name of Google Inc. nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +License: BSD-3-clause-GRPC-Opentracing + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + . + * Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + . + * Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + . + * Neither the name of grpc-opentracing nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +License: Expat + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + . + The above copyright notice and this permission notice shall be included in + all copies or substantial portions of the Software. + . + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + THE SOFTWARE. + +License: GPL-2 + This file is part of Buildbot. Buildbot is free software: you can + redistribute it and/or modify it under the terms of the GNU General Public + License as published by the Free Software Foundation, version 2. + . + This program is distributed in the hope that it will be useful, but WITHOUT + ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + details. + . + You should have received a copy of the GNU General Public License along with + this program; if not, write to the Free Software Foundation, Inc., 51 + Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + . + On Debian systems, the complete text of the GNU GPL v2 license can be found in + "/usr/share/common-licenses/GPL-2". + +License: ISC + Permission to use, copy, modify, and/or distribute this software for + any purpose with or without fee is hereby granted, provided that the + above copyright notice and this permission notice appear in all + copies. + ․ + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/docker-doc.docs b/docker-doc.docs new file mode 100644 index 00000000..6acc67f9 --- /dev/null +++ b/docker-doc.docs @@ -0,0 +1,3 @@ +cli/docs/* +engine/docs/* +cli/NOTICE containerd/NOTICE engine/NOTICE go-metrics/NOTICE diff --git a/docker.io.NEWS b/docker.io.NEWS new file mode 100644 index 00000000..82ae42e4 --- /dev/null +++ b/docker.io.NEWS @@ -0,0 +1,26 @@ +docker.io (1.11.2~ds1-1) unstable; urgency=medium + + As of src:linux 4.0+ (specifically, >= 3.18-1~exp1), AUFS support is no longer + included in official Debian-compiled kernels. What this means to Docker users + is that if your existing images are stored within the "AUFS" graph driver that + once you update your kernel, your images (and containers) will become + inaccessible (due to the kernel not having the necessary aufs modules to mount + them). To recover from this, there are a couple options (detailed below). + + 1. Use the included nuke script to blow away your existing "/var/lib/docker" + contents and start fresh with Linux 4.0+: + + service docker stop + /usr/share/docker.io/contrib/nuke-graph-directory.sh /var/lib/docker + service docker start + + 2. Use "docker save" (see "docker help save" for usage) before booting 4.0+ to + preserve your images on-disk as tar files, then follow the nuke step from + the previous option followed by using "docker load" to re-load your images. + + 3. Update to src:linux >= 4.1.1-1~exp1 ("aufs: Apply patches to enable + building aufs out-of-tree"), and then compile the aufs modules out-of-tree + (a package for doing this module compilation automatically doesn't yet + exist at the time of this writing, but might in the future). + + -- Tianon Gravi Tue, 01 Dec 2015 01:02:44 -0800 diff --git a/docker.io.bash-completion b/docker.io.bash-completion new file mode 100644 index 00000000..009937f5 --- /dev/null +++ b/docker.io.bash-completion @@ -0,0 +1 @@ +cli/contrib/completion/bash/docker diff --git a/docker.io.dirs b/docker.io.dirs new file mode 100644 index 00000000..4d7117b0 --- /dev/null +++ b/docker.io.dirs @@ -0,0 +1 @@ +etc/docker diff --git a/docker.io.docker.default b/docker.io.docker.default new file mode 100644 index 00000000..802416a2 --- /dev/null +++ b/docker.io.docker.default @@ -0,0 +1,12 @@ +# Here in Debian, this file is sourced by: +# - /etc/init.d/docker (sysvinit) +# - /etc/init/docker (upstart) +# - systemd's docker.service + +# Use of this file for configuring your Docker daemon is discouraged. + +# The recommended alternative is "/etc/docker/daemon.json", as described in: +# https://docs.docker.com/v1.11/engine/reference/commandline/daemon/#daemon-configuration-file + +# If that does not suit your needs, try a systemd drop-in file, as described in: +# https://docs.docker.com/v1.11/engine/admin/systemd/#custom-docker-daemon-options diff --git a/docker.io.docker.init b/docker.io.docker.init new file mode 100644 index 00000000..600fba1c --- /dev/null +++ b/docker.io.docker.init @@ -0,0 +1,133 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: docker +# Required-Start: $syslog $remote_fs +# Required-Stop: $syslog $remote_fs +# Should-Start: cgroupfs-mount cgroup-lite +# Should-Stop: cgroupfs-mount cgroup-lite +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Create lightweight, portable, self-sufficient containers. +# Description: +# Docker is an open-source project to easily create lightweight, portable, +# self-sufficient containers from any application. The same container that a +# developer builds and tests on a laptop can run at scale, in production, on +# VMs, bare metal, OpenStack clusters, public clouds and more. +### END INIT INFO + +NAME=$(basename $(readlink -f "$0")) +DAEMON=/usr/sbin/dockerd +# This is the pid file managed by docker itself +DOCKER_PIDFILE=/var/run/$NAME.pid +# This is the pid file created/managed by start-stop-daemon +DOCKER_SSD_PIDFILE=/var/run/$NAME-ssd.pid +DOCKER_LOGFILE=/var/log/$NAME.log +DOCKER_OPTS= +DOCKER_DESC="Docker" + +# Exit if executable is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Define LSB log_* functions. +. /lib/lsb/init-functions || exit 1 + +fail_unless_root() { + if [ "$(id -u)" != '0' ]; then + log_failure_msg "$DOCKER_DESC must be run as root" + exit 1 + fi +} + +cgroupfs_mount() { + # see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount + if grep -v '^#' /etc/fstab | grep -q cgroup \ + || [ ! -e /proc/cgroups ] \ + || [ ! -d /sys/fs/cgroup ]; then + return + fi + if ! mountpoint -q /sys/fs/cgroup; then + mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup + fi + ( + cd /sys/fs/cgroup + for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do + mkdir -p $sys + if ! mountpoint -q $sys; then + if ! mount -n -t cgroup -o $sys cgroup $sys; then + rmdir $sys || true + fi + fi + done + ) +} + +case "$1" in + start) + fail_unless_root + + cgroupfs_mount + + touch "$DOCKER_LOGFILE" + chgrp docker "$DOCKER_LOGFILE" + + ulimit -n 1048576 + + # Having non-zero limits causes performance problems due to accounting overhead + # in the kernel. We recommend using cgroups to do container-local accounting. + if [ "$BASH" ]; then + ulimit -u unlimited + else + ulimit -p unlimited + fi + + log_begin_msg "Starting $DOCKER_DESC: $NAME" + $0 status >>/dev/null \ + || start-stop-daemon --start --background \ + --no-close \ + --exec "$DAEMON" \ + --pidfile "$DOCKER_SSD_PIDFILE" \ + --make-pidfile \ + -- \ + -p "$DOCKER_PIDFILE" \ + $DOCKER_OPTS \ + >> "$DOCKER_LOGFILE" 2>&1 + log_end_msg $? + ;; + + stop) + fail_unless_root + if [ -f "$DOCKER_SSD_PIDFILE" ]; then + log_begin_msg "Stopping $DOCKER_DESC: $NAME" + start-stop-daemon --stop --pidfile "$DOCKER_SSD_PIDFILE" --remove-pidfile --retry 10 + log_end_msg $? + else + log_warning_msg "Docker already stopped - file $DOCKER_SSD_PIDFILE not found." + fi + ;; + + restart) + fail_unless_root + docker_pid=`cat "$DOCKER_SSD_PIDFILE" 2>/dev/null` + [ -n "$docker_pid" ] \ + && ps -p $docker_pid > /dev/null 2>&1 \ + && $0 stop + $0 start + ;; + + force-reload) + fail_unless_root + $0 restart + ;; + + status) + status_of_proc -p "$DOCKER_SSD_PIDFILE" "$DAEMON" "$DOCKER_DESC" + ;; + + *) + echo "Usage: service docker {start|stop|restart|status}" + exit 1 + ;; +esac diff --git a/docker.io.docker.service b/docker.io.docker.service new file mode 120000 index 00000000..117f08a4 --- /dev/null +++ b/docker.io.docker.service @@ -0,0 +1 @@ +../engine/contrib/init/systemd/docker.service \ No newline at end of file diff --git a/docker.io.docker.socket b/docker.io.docker.socket new file mode 120000 index 00000000..0885e71b --- /dev/null +++ b/docker.io.docker.socket @@ -0,0 +1 @@ +../engine/contrib/init/systemd/docker.socket \ No newline at end of file diff --git a/docker.io.docker.udev b/docker.io.docker.udev new file mode 120000 index 00000000..fff6322c --- /dev/null +++ b/docker.io.docker.udev @@ -0,0 +1 @@ +../engine/contrib/udev/80-docker.rules \ No newline at end of file diff --git a/docker.io.docs b/docker.io.docs new file mode 100644 index 00000000..55774b3f --- /dev/null +++ b/docker.io.docs @@ -0,0 +1,2 @@ +engine/README.md +engine/ROADMAP.md diff --git a/docker.io.install b/docker.io.install new file mode 100755 index 00000000..9d2c5d74 --- /dev/null +++ b/docker.io.install @@ -0,0 +1,25 @@ +#!/usr/bin/dh-exec + +.gopath/src/github.com/docker/cli/build/* /usr/bin/ +.gopath/src/github.com/docker/docker/bundles/dynbinary-daemon/dockerd-${DOCKER_VERSION} => usr/sbin/dockerd + +engine/contrib/*-integration usr/share/docker.io/contrib/ +engine/contrib/check-config.sh usr/share/docker.io/contrib/ +engine/contrib/mk* usr/share/docker.io/contrib/ +engine/contrib/nuke-graph-directory.sh usr/share/docker.io/contrib/ + +cli/contrib/completion/zsh/_docker usr/share/zsh/vendor-completions/ + + +## libnetwork +.gopath/bin/proxy => usr/sbin/docker-proxy +.gopath/bin/ovrouter usr/sbin +.gopath/bin/dnet usr/bin + +## containerd: +.gopath/bin/containerd => usr/bin/docker-containerd +.gopath/bin/containerd-shim => usr/bin/docker-containerd-shim +.gopath/bin/ctr => usr/bin/docker-containerd-ctr + +## runc +##.gopath/bin/runc => usr/bin/docker-runc diff --git a/docker.io.links b/docker.io.links new file mode 100644 index 00000000..0d237b77 --- /dev/null +++ b/docker.io.links @@ -0,0 +1,2 @@ +/usr/sbin/runc /usr/sbin/docker-runc +/usr/bin/tini-static /usr/bin/docker-init diff --git a/docker.io.lintian-overrides b/docker.io.lintian-overrides new file mode 100644 index 00000000..94ca070f --- /dev/null +++ b/docker.io.lintian-overrides @@ -0,0 +1,3 @@ +docker.io: spelling-error-in-binary +docker.io: spelling-error-in-manpage +docker.io: manpage-has-errors-from-man diff --git a/docker.io.maintscript b/docker.io.maintscript new file mode 100644 index 00000000..8b1061f5 --- /dev/null +++ b/docker.io.maintscript @@ -0,0 +1,6 @@ +mv_conffile /etc/bash_completion.d/docker.io /etc/bash_completion.d/docker 1.2.0~ +mv_conffile /etc/default/docker.io /etc/default/docker 1.2.0~ +mv_conffile /etc/init.d/docker.io /etc/init.d/docker 1.2.0~ +mv_conffile /etc/init/docker.io.conf /etc/init/docker.conf 1.2.0~ +rm_conffile /etc/bash_completion.d/docker 1.11.2~ +rm_conffile /etc/init/docker.conf 18.06.0~ diff --git a/docker.io.manpages b/docker.io.manpages new file mode 100644 index 00000000..e1747faa --- /dev/null +++ b/docker.io.manpages @@ -0,0 +1 @@ +.gopath/src/github.com/docker/cli/man/man*/* diff --git a/docker.io.postinst b/docker.io.postinst new file mode 100644 index 00000000..3c1eb03c --- /dev/null +++ b/docker.io.postinst @@ -0,0 +1,29 @@ +#!/bin/sh +set -e + +case "$1" in + configure) + if [ -z "$2" ]; then + if ! getent group docker >>/dev/null 2>&1 ; then + addgroup --quiet --system docker + fi + fi + + # Ensure config directory permissions + # On a fresh install, $2 = '' and dpkg "le-nl" treat that as a + # greater version, so the body is not executed. + if dpkg --compare-versions "$2" le-nl '1.11.2~ds1-1'; then + if [ "$(stat -c '%a' /etc/docker)" = '700' ]; then + chmod 0755 /etc/docker + fi + fi + ;; + abort-*) + # How'd we get here?? + exit 1 + ;; + *) + ;; +esac + +#DEBHELPER# diff --git a/docker.io.postrm b/docker.io.postrm new file mode 100644 index 00000000..f01f7c71 --- /dev/null +++ b/docker.io.postrm @@ -0,0 +1,17 @@ +#!/bin/sh +set -e + +#DEBHELPER# + +case "$1" in + purge) + # if we have our saved "nuke-graph-directory.sh", let's use it + # see also docker.io.prerm + if [ -x /var/lib/docker/nuke-graph-directory.sh ]; then + /var/lib/docker/nuke-graph-directory.sh /var/lib/docker + fi + ;; + + *) + ;; +esac diff --git a/docker.io.prerm b/docker.io.prerm new file mode 100644 index 00000000..71f9e6e6 --- /dev/null +++ b/docker.io.prerm @@ -0,0 +1,23 @@ +#!/bin/sh +set -e + +case "$1" in + remove) + # if we're removing, we need to save "nuke-graph-directory.sh" so that + # we can still purge "/var/lib/docker" later if necessary + # see also docker.io.postrm + if \ + [ -d /var/lib/docker ] \ + && [ -x /usr/share/docker.io/contrib/nuke-graph-directory.sh ] \ + ; then + if cp -v /usr/share/docker.io/contrib/nuke-graph-directory.sh /var/lib/docker/; then + chmod +x /var/lib/docker/nuke-graph-directory.sh || : + fi + fi + ;; + + *) + ;; +esac + +#DEBHELPER# diff --git a/gbp.conf b/gbp.conf new file mode 100644 index 00000000..6a09c3e3 --- /dev/null +++ b/gbp.conf @@ -0,0 +1,15 @@ +[DEFAULT] +cleaner = fakeroot debian/rules clean +pristine-tar = True +merge = False +debian-tag = %(version)s + +[buildpackage] +export-dir = ../build-area/ +tarball-dir = ../tarballs/ + +[dch] +id-length = 0 +meta = True +auto = True +full = True diff --git a/get-orig-source.sh b/get-orig-source.sh new file mode 100755 index 00000000..605f61b3 --- /dev/null +++ b/get-orig-source.sh @@ -0,0 +1,140 @@ +#!/bin/bash +: <<=cut + +=head1 DESCRIPTION + +This script is called by uscan(1) as per "debian/watch" to download Multi +Upstream Tarball (MUT) components. + +=head1 COPYRIGHT + +Copyright: 2018 Dmitry Smirnov + +=head1 LICENSE + +License: GPL-3+ + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + . + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +=cut + +set -e +set -u + +if [ "$1" = '--upstream-version' ]; then + version="$2" +else + printf "E: missing argument '--upstream-version'.\n" 1>&2 + exit 1 +fi + +export XZ_OPT="-6v" +DEB_SOURCE="$( dpkg-parsechangelog -SSource )" +#DEB_VERSION="$( dpkg-parsechangelog -SVersion )" +filename="$( readlink -f ../${DEB_SOURCE}_${version}.orig.tar.xz )" +[ -s "${filename}" ] || exit 1 + +get_vendor_tree() { + # Get the list of vendor directories. For github.com repositories, we want to descend + # 2 levels down the directory, so that we get a list of go packages. + local top_dirs="" + local github_dirs="" + + for dir in "$@"; do + if [ -d $dir ]; then + top_dirs="$top_dirs $dir" + fi + if [ -d $dir/github.com ]; then + github_dirs="$github_dirs $dir/github.com" + fi + done + + local top_vendored_dirs=$( find $top_dirs -mindepth 1 -maxdepth 1 -type d | grep -v 'github.com' ) + local github_vendored_dirs=$( find $github_dirs -mindepth 2 -maxdepth 2 -type d ) + printf "${top_vendored_dirs}\n${github_vendored_dirs}" \ + | sed 's;^.*/vendor/;vendor/;' \ + | sort +} + +drop_files_excluded() { + local work_dir + for work_dir in $@; do + perl -0nE 'say $1 if m{^Files\-Excluded:\s*(.*?)(?:\n\n|^Files|^Comment)}sm;' debian/copyright \ + | ( cd "${work_dir}" && xargs --no-run-if-empty rm -rf ) + done + if [ -d "${work_dir}"/vendor ]; then + find "${work_dir}"/vendor -mindepth 1 -type d -empty -delete -printf 'removed %p\n' + fi +} + +## extract main tarball: +work_dir="$( mktemp -d -t get-orig-source_${DEB_SOURCE}_XXXXXXXX )" +trap "rm -rf '${work_dir}'" EXIT +tar -xf "${filename}" -C "${work_dir}" + +## Docker specific: +vendored_dirs="$(get_vendor_tree ${work_dir}/*/components/*/vendor)" +drop_files_excluded "${work_dir}"/*/components/* + +#### Move components one level up +( cd "${work_dir}"/*/components && mv * ../ ) \ +&& rmdir "${work_dir}"/*/components + +( cd "${work_dir}" && tar -caf "${filename}" . ) + +## fetch Docker components: +for I in docker/go-events docker/go-metrics docker/libnetwork docker/distribution docker/swarmkit containerd/containerd; do + printf ":: Processing ${I}\n" 1>&2 + URL="github.com/${I}" + REV=$( grep "${URL}" "${work_dir}"/*/engine/vendor.conf | head -1 | awk '{print $2}' ) + if [ -z "${REV}" ]; then + printf "E: could not find commit for ${I}\n" 1>&2 + exit 1 + fi + component=${I##*/} + FN="$( readlink -f ../${DEB_SOURCE}_${version}.orig-${component}.tar.gz )" + + if [ ! -s "${FN}" ]; then + wget --tries=3 --timeout=40 --read-timeout=40 --continue \ + -O "${FN}" "https://${URL}/archive/${REV}.tar.gz" \ + || rm -f "${FN}" + + component_dir="$( mktemp -d -t get-orig-source_XXXXXXXX )" + mkdir "${component_dir}"/${component} + tar -xf "${FN}" -C "${component_dir}"/${component} --strip-components=1 + + if [ -d "${component_dir}"/${component}/vendor ]; then + vendored_dirs="$(printf '%s\n' ${vendored_dirs} $(get_vendor_tree ${component_dir}/${component}/vendor))" + fi + drop_files_excluded "${component_dir}"/${component} + + ( cd "${component_dir}" && tar -caf "${FN}" . ) + rm -rf "${component_dir}" + + mk-origtargz --package ${DEB_SOURCE} --version ${version} \ + --rename --repack --compression xz --directory .. \ + --component ${component} --copyright-file debian/copyright \ + "${FN}" + fi +done +##### + +echo "" +echo "Here's a tentative list for your Files-Excluded list, in d/copyright." +echo "Use it with care" +echo "" + +echo "Files-Excluded:" +echo "${vendored_dirs}" | sort | uniq | sed 's/^/ /' + +rm -rf "${work_dir}" diff --git a/golang-github-docker-docker-dev.install b/golang-github-docker-docker-dev.install new file mode 100644 index 00000000..b5cdcebe --- /dev/null +++ b/golang-github-docker-docker-dev.install @@ -0,0 +1,41 @@ +## CLI: +.gopath/src/github.com/docker/cli/cli/config usr/share/gocode/src/github.com/docker/cli/cli/ +.gopath/src/github.com/docker/cli/opts usr/share/gocode/src/github.com/docker/cli/ + + +## Legacy / compatibility with older Docker: +.gopath/src/github.com/docker/cli/cli/config/* usr/share/gocode/src/github.com/docker/docker/cliconfig/ +#.gopath/src/github.com/docker/cli/cli/config/* usr/share/gocode/src/github.com/docker/docker/cli/config/ + + +## Engine +engine/dockerversion usr/share/gocode/src/github.com/docker/docker/ +.gopath/src/github.com/docker/docker/api usr/share/gocode/src/github.com/docker/docker/ +.gopath/src/github.com/docker/docker/cli usr/share/gocode/src/github.com/docker/docker/ +.gopath/src/github.com/docker/docker/client usr/share/gocode/src/github.com/docker/docker/ +.gopath/src/github.com/docker/docker/errdefs usr/share/gocode/src/github.com/docker/docker/ +.gopath/src/github.com/docker/docker/opts usr/share/gocode/src/github.com/docker/docker/ +.gopath/src/github.com/docker/docker/pkg usr/share/gocode/src/github.com/docker/docker/ +.gopath/src/github.com/docker/docker/reference usr/share/gocode/src/github.com/docker/docker/ +.gopath/src/github.com/docker/docker/registry usr/share/gocode/src/github.com/docker/docker/ +.gopath/src/github.com/docker/docker/runconfig usr/share/gocode/src/github.com/docker/docker/ + + +## Libnetwork: +.gopath/src/github.com/docker/libnetwork/datastore usr/share/gocode/src/github.com/docker/libnetwork/ +.gopath/src/github.com/docker/libnetwork/discoverapi usr/share/gocode/src/github.com/docker/libnetwork/ +.gopath/src/github.com/docker/libnetwork/ipamutils usr/share/gocode/src/github.com/docker/libnetwork/ +.gopath/src/github.com/docker/libnetwork/ns usr/share/gocode/src/github.com/docker/libnetwork/ +.gopath/src/github.com/docker/libnetwork/options usr/share/gocode/src/github.com/docker/libnetwork/ +.gopath/src/github.com/docker/libnetwork/testutils usr/share/gocode/src/github.com/docker/libnetwork/ +.gopath/src/github.com/docker/libnetwork/types usr/share/gocode/src/github.com/docker/libnetwork/ + + +## Sub-vendoring: +engine/vendor/github.com/containerd/continuity/driver usr/share/gocode/src/github.com/docker/docker/vendor/github.com/containerd/continuity/ +engine/vendor/github.com/containerd/continuity/pathdriver usr/share/gocode/src/github.com/docker/docker/vendor/github.com/containerd/continuity/ + +engine/vendor/github.com/Nvveen/Gotty usr/share/gocode/src/github.com/docker/docker/vendor/github.com/Nvveen/ + +distribution/reference usr/share/gocode/src/github.com/docker/docker/vendor/github.com/docker/distribution/ +distribution/digestset usr/share/gocode/src/github.com/docker/docker/vendor/github.com/docker/distribution/ diff --git a/helpers/gen-build-depends.sh b/helpers/gen-build-depends.sh new file mode 100755 index 00000000..00af9e37 --- /dev/null +++ b/helpers/gen-build-depends.sh @@ -0,0 +1,193 @@ +#!/bin/bash +set -eu +set -o pipefail + +goBuildTags='apparmor cgo daemon pkcs11 selinux' + +debDir="$PWD/debian" + +debVer="$(dpkg-parsechangelog -SVersion)" +origVer="${debVer%-*}" # strip everything from the last dash +origVer="$(echo "$origVer" | sed -r 's/^[0-9]+://')" # strip epoch +upstreamVer="${origVer%%[+~]ds*}" +upstreamVer="${upstreamVer//[~]/-}" + +goImportPath="$(awk -F ': ' '$1 == "XS-Go-Import-Path" { print $2; exit }' debian/control)" +[ "$goImportPath" ] + +upstreamArchiveUri="https://$goImportPath/archive/v${upstreamVer}.tar.gz" + +tempDir="$(mktemp -d -t debian-docker-gen-build-depends-XXXXXXXXXX)" +trap "rm -rf '$tempDir'" EXIT +cd "$tempDir" + +mkdir -p "gopath/src/$goImportPath" +wget -qO archive.tar.gz "$upstreamArchiveUri" +tar \ + --extract \ + --file archive.tar.gz \ + --directory "gopath/src/$goImportPath" \ + --strip-components 1 +export GOPATH="$PWD/gopath:$PWD/gopath/src/$goImportPath/vendor" +cd "gopath/src/$goImportPath" + +IFS=$'\n' +# get the full list of "docker/docker" Go packages +goPkgs=( $(go list "$goImportPath/..." | grep -vE "^$goImportPath/vendor/") ) +# get the list of their dependencies, normalized: +# - skip stdlib, docker/docker +# - adjust known hosting locations for their top-level repos +goDeps=( $( + go list \ + -e \ + -tags "$goBuildTags" \ + -f '{{ join .Deps "\n" }}{{ "\n" }}{{ join .TestImports "\n" }}' \ + "${goPkgs[@]}" \ + | grep -vE '^$' \ + | grep -vE '^[^/]+$' \ + | grep -vE "^$goImportPath/" \ + | sort -u \ + | xargs \ + go list \ + -e \ + -f '{{ if not .Standard }}{{ .ImportPath }}{{ end }}' \ + | grep -vE '^$' \ + | sed -r \ + -e 's!^(github.com/[^/]+/[^/]+)/.*$!\1!' \ + -e 's!^(golang.org/x/[^/]+)/.*$!\1!' \ + -e 's!^(google.golang.org/[^/]+)/.*$!\1!' \ + -e 's!^(gopkg.in/[^/]+)/.*$!\1!' \ + | sort -u +) ) +unset IFS + +# converts a given "goPkg" into the relevant Debian "-dev" package name +debian_pkg() { + local goPkg="$1" + local domain="${goPkg%%/*}" + domain="${domain%%.*}" + local goPkgPath="${goPkg#*/}" + local package="golang-$domain-${goPkgPath//\//-}-dev" + package="${package,,}" + echo "$package" +} + +# converts "gitRepo" and "gitRef" into a concrete version number +git_version() { + local goPkg="$1"; shift + local gitRepo="$1"; shift + local gitRef="$1"; shift + + [ "$gitRef" ] || return + + local gitSnapshotPrefix='0.0~git' + + # normalize a few "special" cases + case "$goPkg=$gitRef" in + github.com/docker/go=*-*-*-*) + # turn "v1.5.1-1-1-gbaf439e" into "v1.5.1-1" so we can "ls-remote" and generate via commit instead of version + local remoteCommit="$(git ls-remote "$gitRepo" "refs/tags/${gitRef%-*-*}" | cut -d$'\t' -f1)" + if [ "$remoteCommit" ]; then + gitRef="$remoteCommit" + fi + ;; + + github.com/docker/libnetwork=v0.7.2-rc.1) + # TODO get newer version in the archive + gitRef='v0.7.0~rc.6' + ;; + + github.com/docker/distribution=467fc068d88aa6610691b7f1a677271a3fac4aac) + # TODO get newer version in the archive (467fc068d88aa6610691b7f1a677271a3fac4aac really corresponds to v2.5.0-rc.1+) + gitRef='v2.4.1' + ;; + + github.com/agl/ed25519=*) + gitSnapshotPrefix='0~' + ;; + + github.com/docker/containerd=*|github.com/opencontainers/runc=*) + # attempt to resolve commit to tag + local remoteTag="$(git ls-remote --tags "$gitRepo" | awk -F '[\t/]' '$1 == "'"$gitRef"'" { print $4; exit }')" + if [ "$remoteTag" ]; then + gitRef="$remoteTag" + fi + # TODO get newer (compatible) versions of each of these into the archive + case "$goPkg" in + github.com/docker/containerd) + gitRef='v0.2.1' + ;; + github.com/opencontainers/runc) + gitRef='v0.1.0' + ;; + esac + ;; + esac + + case "$gitRef" in + v[0-9]*|[0-9].*) + echo "${gitRef#v}" + return + ;; + esac + + local commitDate + case "$goPkg" in + github.com/*) + # for GitHub repos, we can shortcut the date calculation (saves a _lot_ of time) + local githubPatchUri="https://$goPkg/commit/$gitRef.patch" + commitDate="$(wget -qO- "$githubPatchUri" | awk -F ': ' '$1 == "Date" { print $2 }' | tail -1)" + # ".patch" returns potentially multiple commits, so we want the final "Date:" value, hence the "tail -1" + ;; + + *) + mkdir -p "$tempDir/git/$goPkg" + git clone --quiet "$gitRepo" "$tempDir/git/$goPkg" + local commitUnix="$(git -C "$tempDir/git/$goPkg" log -1 --format='%at' "$gitRef" --)" + commitDate="@$commitUnix" + ;; + esac + [ "$commitDate" ] + commitDate="$(TZ=UTC date --date="$commitDate" +'%Y%m%d')" + echo "$gitSnapshotPrefix$commitDate" +} + +declare -A transitionals=( + [golang-github-agl-ed25519-dev]='golang-ed25519-dev' + [golang-github-coreos-etcd-dev]='golang-etcd-server-dev' + [golang-github-go-check-check-dev]='golang-gopkg-check.v1-dev' + [golang-github-godbus-dbus-dev]='golang-dbus-dev' + [golang-github-golang-protobuf-dev]='golang-goprotobuf-dev' + [golang-github-miekg-dns-dev]='golang-dns-dev' + [golang-github-mistifyio-go-zfs-dev]='golang-go-zfs-dev' + [golang-github-syndtr-gocapability-dev]='golang-gocapability-dev' + [golang-github-ugorji-go-dev]='golang-github-ugorji-go-codec-dev' + [golang-gopkg-fsnotify.v1-dev]='golang-github-fsnotify-fsnotify-dev' + + # golang-golang-x-oauth2 version 0.0~git20161103.0.36bc617-2 introduced a separate google/ package + [golang-golang-x-oauth2-dev]='golang-golang-x-oauth2-google-dev' +) + +for goDep in "${goDeps[@]}"; do + if grep -q "^vendor/src/$goDep\$" "$debDir"/repack/keep/* 2>/dev/null; then + # skip vendored deps we don't remove + continue + fi + + debPkg="$(debian_pkg "$goDep")" + + gitRepoRef="$(awk '$1 == "clone" && $2 == "git" && $3 == "'"$goDep"'" { print ($5 && $5 != "#" ? $5 : "") "=" $4; exit }' hack/vendor.sh)" + gitRepo="${gitRepoRef%=*}" + gitRef="${gitRepoRef##$gitRepo=}" + : "${gitRepo:=https://$goDep}" + + debVer="$(git_version "$goDep" "$gitRepo" "$gitRef")" + + # deal with "golang-dns-dev" and friends of that nature + transitional="${transitionals[$debPkg]:-}" + if [ "$transitional" ]; then + echo -n "$transitional${debVer:+ (>= ${debVer}~)} | " + fi + + echo "$debPkg${debVer:+ (>= ${debVer}~)}," +done | sort diff --git a/helpers/gitcommit.sh b/helpers/gitcommit.sh new file mode 100755 index 00000000..3ca038d1 --- /dev/null +++ b/helpers/gitcommit.sh @@ -0,0 +1,34 @@ +#!/bin/bash +set -e + +uVersion="$1" +dVersion="$2" + +if [ -z "$uVersion" ]; then + uVersion="$(cat VERSION)" +fi +if [ -z "$dVersion" ]; then + dVersion="$(dpkg-parsechangelog --show-field Version)" +fi + +if [ "${uVersion%-dev}" = "$uVersion" ]; then + # this is a straight-up release! easy-peasy + exec awk -F ': ' '$1 == "'"$uVersion"'" { print $2 }' debian/upstream-version-gitcommits +fi + +# must be a nightly, so let's look for clues about what the git commit is + +if git rev-parse &> /dev/null; then + # well, this will be easy ;) + exec git rev-parse --short HEAD +fi + +if [ "${dVersion#*+*+}" != "$dVersion" ]; then + # must be something like "1.1.2+10013+8c38a3d-1~utopic1" (nightly!) + commit="${dVersion#*+*+}" + commit="${commit%%-*}" + exec echo "$commit" +fi + +# unknown... +echo >&2 'warning: unable to determine DOCKER_GITCOMMIT' diff --git a/patches/buildkit-build-against-google-grpc-1.11.patch b/patches/buildkit-build-against-google-grpc-1.11.patch new file mode 100644 index 00000000..9f52b154 --- /dev/null +++ b/patches/buildkit-build-against-google-grpc-1.11.patch @@ -0,0 +1,56 @@ +From: Arnaud Rebillout +Date: Tue, 22 Jan 2019 12:22:52 +0700 +Subject: Build against google-grpc 1.11, where md.Get() does not exist. + +This patch is based on the commit that introduced md.Get() in google-grpc: +. + +Please drop this patch as soon as we build docker against google-grpc >= 1.12. + +Origin: vendor, Debian +Forwarded: not-needed, Debian-specific +Signed-off-by: Arnaud Rebillout +--- + client/buildid/metadata.go | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/cli/vendor/github.com/moby/buildkit/client/buildid/metadata.go ++++ b/cli/vendor/github.com/moby/buildkit/client/buildid/metadata.go +@@ -2,6 +2,7 @@ + + import ( + "context" ++ "strings" + + "google.golang.org/grpc/metadata" + ) +@@ -21,7 +22,8 @@ + return "" + } + +- if ids := md.Get(metadataKey); len(ids) == 1 { ++ k := strings.ToLower(metadataKey) ++ if ids := md[k]; len(ids) == 1 { + return ids[0] + } + +--- a/engine/vendor/github.com/moby/buildkit/client/buildid/metadata.go ++++ b/engine/vendor/github.com/moby/buildkit/client/buildid/metadata.go +@@ -2,6 +2,7 @@ + + import ( + "context" ++ "strings" + + "google.golang.org/grpc/metadata" + ) +@@ -21,7 +22,8 @@ + return "" + } + +- if ids := md.Get(metadataKey); len(ids) == 1 { ++ k := strings.ToLower(metadataKey) ++ if ids := md[k]; len(ids) == 1 { + return ids[0] + } + diff --git a/patches/cli-fix-manpages-build-script.patch b/patches/cli-fix-manpages-build-script.patch new file mode 100644 index 00000000..04412923 --- /dev/null +++ b/patches/cli-fix-manpages-build-script.patch @@ -0,0 +1,18 @@ +Description: fix man pages build +Author: Arnaud Rebillout +Forwarded: not-needed +Last-Update: 2018-04-03 + +--- a/cli/scripts/docs/generate-man.sh ++++ b/cli/scripts/docs/generate-man.sh +@@ -3,9 +3,9 @@ + set -eu -o pipefail + + mkdir -p ./man/man1 + +-go install ./vendor/github.com/cpuguy83/go-md2man ++#go install ./vendor/github.com/cpuguy83/go-md2man + + # Generate man pages from cobra commands + go build -o /tmp/gen-manpages github.com/docker/cli/man + /tmp/gen-manpages --root "$(pwd)" --target "$(pwd)/man/man1" diff --git a/patches/cli-fix-registry-debug-message-go-1.11.patch b/patches/cli-fix-registry-debug-message-go-1.11.patch new file mode 100644 index 00000000..d949d29d --- /dev/null +++ b/patches/cli-fix-registry-debug-message-go-1.11.patch @@ -0,0 +1,26 @@ +From: Kir Kolyshkin +Date: Tue, 9 Oct 2018 23:36:04 -0700 +Subject: [PATCH] cli/registry: fix a Debugf statement + +Fix this warning from go-1.11 + +> cli/registry/client/fetcher.go:234: Debugf format %s has arg +> repoEndpoint of wrong type client.repositoryEndpoint + +Signed-off-by: Kir Kolyshkin +Origin: upstream, https://github.com/docker/cli/commit/51848bf +--- + cli/registry/client/fetcher.go | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/cli/cli/registry/client/fetcher.go ++++ b/cli/cli/registry/client/fetcher.go +@@ -231,7 +231,7 @@ + repoEndpoint := repositoryEndpoint{endpoint: endpoint, info: repoInfo} + repo, err := c.getRepositoryForReference(ctx, namedRef, repoEndpoint) + if err != nil { +- logrus.Debugf("error with repo endpoint %s: %s", repoEndpoint, err) ++ logrus.Debugf("error %s with repo endpoint %+v", err, repoEndpoint) + if _, ok := err.(ErrHTTPProto); ok { + continue + } diff --git a/patches/debian-cgroupfs-mount-convenience-copy.patch b/patches/debian-cgroupfs-mount-convenience-copy.patch new file mode 100644 index 00000000..b22da9d2 --- /dev/null +++ b/patches/debian-cgroupfs-mount-convenience-copy.patch @@ -0,0 +1,81 @@ +Author: Tianon Gravi +Description: remove convenience copies of cgroupfs-mount in init.d / upstart +Forwarded: not-needed +Bug-Debian: https://bugs.debian.org/783143 + +--- a/engine/contrib/init/sysvinit-debian/docker ++++ b/engine/contrib/init/sysvinit-debian/docker +@@ -58,39 +58,14 @@ + exit 1 + fi + } + +-cgroupfs_mount() { +- # see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount +- if grep -v '^#' /etc/fstab | grep -q cgroup \ +- || [ ! -e /proc/cgroups ] \ +- || [ ! -d /sys/fs/cgroup ]; then +- return +- fi +- if ! mountpoint -q /sys/fs/cgroup; then +- mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup +- fi +- ( +- cd /sys/fs/cgroup +- for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do +- mkdir -p $sys +- if ! mountpoint -q $sys; then +- if ! mount -n -t cgroup -o $sys cgroup $sys; then +- rmdir $sys || true +- fi +- fi +- done +- ) +-} +- + case "$1" in + start) + check_init + + fail_unless_root + +- cgroupfs_mount +- + touch "$DOCKER_LOGFILE" + chgrp docker "$DOCKER_LOGFILE" + + ulimit -n 1048576 +--- a/engine/contrib/init/upstart/docker.conf ++++ b/engine/contrib/init/upstart/docker.conf +@@ -12,31 +12,8 @@ + respawn + + kill timeout 20 + +-pre-start script +- # see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount +- if grep -v '^#' /etc/fstab | grep -q cgroup \ +- || [ ! -e /proc/cgroups ] \ +- || [ ! -d /sys/fs/cgroup ]; then +- exit 0 +- fi +- if ! mountpoint -q /sys/fs/cgroup; then +- mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup +- fi +- ( +- cd /sys/fs/cgroup +- for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do +- mkdir -p $sys +- if ! mountpoint -q $sys; then +- if ! mount -n -t cgroup -o $sys cgroup $sys; then +- rmdir $sys || true +- fi +- fi +- done +- ) +-end script +- + script + # modify these in /etc/default/$UPSTART_JOB (/etc/default/docker) + DOCKERD=/usr/sbin/dockerd + DOCKER_OPTS= diff --git a/patches/debian-containerd-name.patch b/patches/debian-containerd-name.patch new file mode 100644 index 00000000..128f216c --- /dev/null +++ b/patches/debian-containerd-name.patch @@ -0,0 +1,98 @@ +Last-Update: 2019-01-27 +Forwarded: not-needed +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920597 +Author: Dmitry Smirnov +Description: "fix" containerd executable name. + +--- a/engine/hack/make/.binary-setup ++++ b/engine/hack/make/.binary-setup +@@ -1,9 +1,9 @@ + #!/usr/bin/env bash + + DOCKER_DAEMON_BINARY_NAME='dockerd' + DOCKER_RUNC_BINARY_NAME='runc' +-DOCKER_CONTAINERD_BINARY_NAME='containerd' ++DOCKER_CONTAINERD_BINARY_NAME='docker-containerd' + DOCKER_CONTAINERD_CTR_BINARY_NAME='ctr' +-DOCKER_CONTAINERD_SHIM_BINARY_NAME='containerd-shim' ++DOCKER_CONTAINERD_SHIM_BINARY_NAME='docker-containerd-shim' + DOCKER_PROXY_BINARY_NAME='docker-proxy' + DOCKER_INIT_BINARY_NAME='docker-init' +--- a/engine/daemon/daemon.go ++++ b/engine/daemon/daemon.go +@@ -978,9 +978,9 @@ + }) + + go d.execCommandGC() + +- d.containerd, err = libcontainerd.NewClient(ctx, d.containerdCli, filepath.Join(config.ExecRoot, "containerd"), ContainersNamespace, d) ++ d.containerd, err = libcontainerd.NewClient(ctx, d.containerdCli, filepath.Join(config.ExecRoot, "docker-containerd"), ContainersNamespace, d) + if err != nil { + return nil, err + } + +--- a/engine/daemon/daemon_unix.go ++++ b/engine/daemon/daemon_unix.go +@@ -53,9 +53,9 @@ + + const ( + // DefaultShimBinary is the default shim to be used by containerd if none + // is specified +- DefaultShimBinary = "containerd-shim" ++ DefaultShimBinary = "docker-containerd-shim" + + // DefaultRuntimeBinary is the default runtime to be used by + // containerd if none is specified + DefaultRuntimeBinary = "runc" +--- a/engine/libcontainerd/supervisor/remote_daemon.go ++++ b/engine/libcontainerd/supervisor/remote_daemon.go +@@ -26,9 +26,9 @@ + healthCheckTimeout = 3 * time.Second + shutdownTimeout = 15 * time.Second + startupTimeout = 15 * time.Second + configFile = "containerd.toml" +- binaryName = "containerd" ++ binaryName = "docker-containerd" + pidFile = "containerd.pid" + ) + + type pluginConfigs struct { +--- a/containerd/cmd/containerd-shim/main_unix.go ++++ b/containerd/cmd/containerd-shim/main_unix.go +@@ -69,9 +69,9 @@ + flag.StringVar(&criuFlag, "criu", "", "path to criu binary") + flag.BoolVar(&systemdCgroupFlag, "systemd-cgroup", false, "set runtime to use systemd-cgroup") + // currently, the `containerd publish` utility is embedded in the daemon binary. + // The daemon invokes `containerd-shim -containerd-binary ...` with its own os.Executable() path. +- flag.StringVar(&containerdBinaryFlag, "containerd-binary", "containerd", "path to containerd binary (used for `containerd publish`)") ++ flag.StringVar(&containerdBinaryFlag, "containerd-binary", "docker-containerd", "path to containerd binary (used for `containerd publish`)") + flag.Parse() + } + + func main() { +--- a/containerd/runtime/v1/linux/runtime.go ++++ b/containerd/runtime/v1/linux/runtime.go +@@ -59,9 +59,9 @@ + + const ( + configFilename = "config.json" + defaultRuntime = "runc" +- defaultShim = "containerd-shim" ++ defaultShim = "docker-containerd-shim" + ) + + func init() { + plugin.Register(&plugin.Registration{ +--- a/containerd/runtime/v2/shim/util.go ++++ b/containerd/runtime/v2/shim/util.go +@@ -29,9 +29,9 @@ + "github.com/containerd/containerd/namespaces" + "github.com/pkg/errors" + ) + +-const shimBinaryFormat = "containerd-shim-%s-%s" ++const shimBinaryFormat = "docker-containerd-shim-%s-%s" + + // Command returns the shim command with the provided args and configuration + func Command(ctx context.Context, runtime, containerdAddress, path string, cmdArgs ...string) (*exec.Cmd, error) { + ns, err := namespaces.NamespaceRequired(ctx) diff --git a/patches/debian-dockerd-binary-location.patch b/patches/debian-dockerd-binary-location.patch new file mode 100644 index 00000000..6b5f88df --- /dev/null +++ b/patches/debian-dockerd-binary-location.patch @@ -0,0 +1,42 @@ +Forwarded: not-needed +Description: FHS compliance. + +--- a/engine/contrib/init/systemd/docker.service ++++ b/engine/contrib/init/systemd/docker.service +@@ -10,9 +10,9 @@ + # the default is not to use systemd for cgroups because the delegate issues still + # exists and systemd currently does not support the cgroup feature set required + # for containers run by docker + EnvironmentFile=-/etc/default/docker +-ExecStart=/usr/bin/dockerd -H fd:// $DOCKER_OPTS ++ExecStart=/usr/sbin/dockerd -H fd:// $DOCKER_OPTS + ExecReload=/bin/kill -s HUP $MAINPID + LimitNOFILE=1048576 + # Having non-zero Limit*s causes performance problems due to accounting overhead + # in the kernel. We recommend using cgroups to do container-local accounting. +--- a/engine/contrib/init/sysvinit-debian/docker ++++ b/engine/contrib/init/sysvinit-debian/docker +@@ -21,9 +21,9 @@ + + BASE=docker + + # modify these in /etc/default/$BASE (/etc/default/docker) +-DOCKERD=/usr/bin/dockerd ++DOCKERD=/usr/sbin/dockerd + # This is the pid file managed by docker itself + DOCKER_PIDFILE=/var/run/$BASE.pid + # This is the pid file created/managed by start-stop-daemon + DOCKER_SSD_PIDFILE=/var/run/$BASE-ssd.pid +--- a/engine/contrib/init/upstart/docker.conf ++++ b/engine/contrib/init/upstart/docker.conf +@@ -37,9 +37,9 @@ + end script + + script + # modify these in /etc/default/$UPSTART_JOB (/etc/default/docker) +- DOCKERD=/usr/bin/dockerd ++ DOCKERD=/usr/sbin/dockerd + DOCKER_OPTS= + if [ -f /etc/default/$UPSTART_JOB ]; then + . /etc/default/$UPSTART_JOB + fi diff --git a/patches/debian-nuke-no-prompt.patch b/patches/debian-nuke-no-prompt.patch new file mode 100644 index 00000000..28720ec5 --- /dev/null +++ b/patches/debian-nuke-no-prompt.patch @@ -0,0 +1,21 @@ +Last-Update: 2018-06-09 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853258 +Forwarded: not-needed +Author: Dmitry Smirnov +Description: remove prompt and delay + +--- a/engine/contrib/nuke-graph-directory.sh ++++ b/engine/contrib/nuke-graph-directory.sh +@@ -27,12 +27,8 @@ + dir="$(readlink -f "$dir")" + + echo + echo "Nuking $dir ..." +-echo ' (if this is wrong, press Ctrl+C NOW!)' +-echo +- +-( set -x; sleep 10 ) + echo + + dir_in_dir() { + inner="$1" diff --git a/patches/debian-systemd-unit-environment-file.patch b/patches/debian-systemd-unit-environment-file.patch new file mode 100644 index 00000000..aab70f67 --- /dev/null +++ b/patches/debian-systemd-unit-environment-file.patch @@ -0,0 +1,20 @@ +Author: Paul R. Tagliamonte +Last-Update: 2014-05-07 +Description: Use EnvironmentFile with the systemd unit file. +Bug-Debian: http://bugs.debian.org/746774 +Forwarded: no + +--- a/engine/contrib/init/systemd/docker.service ++++ b/engine/contrib/init/systemd/docker.service +@@ -9,9 +9,10 @@ + Type=notify + # the default is not to use systemd for cgroups because the delegate issues still + # exists and systemd currently does not support the cgroup feature set required + # for containers run by docker +-ExecStart=/usr/bin/dockerd -H fd:// ++EnvironmentFile=-/etc/default/docker ++ExecStart=/usr/bin/dockerd -H fd:// $DOCKER_OPTS + ExecReload=/bin/kill -s HUP $MAINPID + LimitNOFILE=1048576 + # Having non-zero Limit*s causes performance problems due to accounting overhead + # in the kernel. We recommend using cgroups to do container-local accounting. diff --git a/patches/debian-systemd-unit-tasksmax.patch b/patches/debian-systemd-unit-tasksmax.patch new file mode 100644 index 00000000..26a52d84 --- /dev/null +++ b/patches/debian-systemd-unit-tasksmax.patch @@ -0,0 +1,21 @@ +From 33a8ab29ed9e51697772a0642b8d651b9a845532 Mon Sep 17 00:00:00 2001 +From: Pierre Carrier , Tianon Gravi +Date: Thu, 24 Mar 2016 16:14:30 -0700 +Subject: [PATCH] docker.service: don't limit tasks +Origin: https://github.com/docker/docker/pull/21491 + +Signed-off-by: Pierre Carrier + +--- a/engine/contrib/init/systemd/docker.service ++++ b/engine/contrib/init/systemd/docker.service +@@ -18,9 +18,9 @@ + LimitNPROC=infinity + LimitCORE=infinity + # Uncomment TasksMax if your systemd version supports it. + # Only systemd 226 and above support this version. +-#TasksMax=infinity ++TasksMax=infinity + TimeoutStartSec=0 + # set delegate yes so that systemd does not reset the cgroups of docker containers + Delegate=yes + # kill only the docker process, not all processes in the cgroup diff --git a/patches/engine-contrib-debootstrap-curl-follow-location.patch b/patches/engine-contrib-debootstrap-curl-follow-location.patch new file mode 100644 index 00000000..2c062ba0 --- /dev/null +++ b/patches/engine-contrib-debootstrap-curl-follow-location.patch @@ -0,0 +1,25 @@ +From: Mattias Jernberg +Date: Wed, 5 Dec 2018 19:35:17 +0100 +Subject: mkimage: Fix Debian security presence check + +Add Location following since security redirects to security-cdn and caused the repository to be added on Debian unstable. + +Signed-off-by: Mattias Jernberg +Origin: upstream, https://github.com/docker/engine/commit/8db5403 +--- + contrib/mkimage/debootstrap | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/engine/contrib/mkimage/debootstrap b/engine/contrib/mkimage/debootstrap +index 9f7d8987ad2a..a919429b0bde 100755 +--- a/engine/contrib/mkimage/debootstrap ++++ b/engine/contrib/mkimage/debootstrap +@@ -193,7 +193,7 @@ if [ -z "$DONT_TOUCH_SOURCES_LIST" ]; then + case "$lsbDist" in + debian) + # updates and security! +- if curl -o /dev/null -s --head --fail "http://security.debian.org/dists/$suite/updates/main/binary-$(rootfs_chroot dpkg --print-architecture)/Packages.gz"; then ++ if curl -o /dev/null -s --head --location --fail "http://security.debian.org/dists/$suite/updates/main/binary-$(rootfs_chroot dpkg --print-architecture)/Packages.gz"; then + ( + set -x + sed -i " diff --git a/patches/engine-test-noinstall.patch b/patches/engine-test-noinstall.patch new file mode 100644 index 00000000..6e16fe26 --- /dev/null +++ b/patches/engine-test-noinstall.patch @@ -0,0 +1,23 @@ +Last-Update: 2018-06-18 +Forwarded: not-needed +Author: Dmitry Smirnov +Description: prevents test-time installation that causes FTBFS. +~~~~ + go test net: open /usr/lib/go-1.10/pkg/linux_amd64/net.a: permission denied +~~~~ + +--- a/engine/hack/test/unit ++++ b/engine/hack/test/unit +@@ -18,12 +18,8 @@ + + exclude_paths="/vendor/|/integration" + pkg_list=$(go list $TESTDIRS | grep -vE "($exclude_paths)") + +-# install test dependencies once before running tests for each package. This +-# significantly reduces the runtime. +-go test -i "${BUILDFLAGS[@]}" $pkg_list +- + for pkg in $pkg_list; do + go test "${BUILDFLAGS[@]}" \ + -cover \ + -coverprofile=profile.out \ diff --git a/patches/go-metrics_prometheus-fix_Observer.patch b/patches/go-metrics_prometheus-fix_Observer.patch new file mode 100644 index 00000000..77d7ffb6 --- /dev/null +++ b/patches/go-metrics_prometheus-fix_Observer.patch @@ -0,0 +1,38 @@ +Origin: upstream, https://github.com/docker/go-metrics/commit/db152003892af64a8a892e1ee49edf8b6580a657.patch +Forarded: not-needed +Description: fixes FTBFS + vendor/github.com/docker/go-metrics/timer.go:39:17: + cannot use lt.m.WithLabelValues(labels...) (type prometheus.Observer) as type prometheus.Histogram in field value: + prometheus.Observer does not implement prometheus.Histogram (missing Collect method) + +--- a/go-metrics/timer.go ++++ b/go-metrics/timer.go +@@ -47,9 +47,9 @@ + lt.m.Collect(c) + } + + type timer struct { +- m prometheus.Histogram ++ m prometheus.Observer + } + + func (t *timer) Update(duration time.Duration) { + t.m.Observe(duration.Seconds()) +@@ -59,10 +59,15 @@ + t.m.Observe(time.Since(since).Seconds()) + } + + func (t *timer) Describe(c chan<- *prometheus.Desc) { +- t.m.Describe(c) ++ c <- t.m.(prometheus.Metric).Desc() + } + + func (t *timer) Collect(c chan<- prometheus.Metric) { +- t.m.Collect(c) ++ // Are there any observers that don't implement Collector? It is really ++ // unclear what the point of the upstream change was, but we'll let this ++ // panic if we get an observer that doesn't implement collector. In this ++ // case, we should almost always see metricVec objects, so this should ++ // never panic. ++ t.m.(prometheus.Collector).Collect(c) + } diff --git a/patches/libnetwork-revert-iptables-legacy.patch b/patches/libnetwork-revert-iptables-legacy.patch new file mode 100644 index 00000000..a72a3164 --- /dev/null +++ b/patches/libnetwork-revert-iptables-legacy.patch @@ -0,0 +1,39 @@ +From: Arko Dasgupta +Date: Fri, 1 Mar 2019 11:43:02 -0800 +Subject: [PATCH] Revert "debian has iptables-legacy and iptables-nft now" + +This reverts commit 7da66eea9f68e4abc83ed2892114ec565eddd66a. + +Libnetwork should only use the iptables binary. Iptables v1.8 and above +uses the nftables backend. The translations for all the rules used by +libnetwork is supported by the new iptables binary. + +Signed-off-by: Arko Dasgupta +Origin: upstream, https://github.com/docker/libnetwork/pull/2343 +--- + libnetwork/iptables/iptables.go | 9 ++------- + 1 file changed, 2 insertions(+), 7 deletions(-) + +diff --git a/libnetwork/iptables/iptables.go b/libnetwork/iptables/iptables.go +index 6a108e93d0..4b8d8832e9 100644 +--- a/libnetwork/iptables/iptables.go ++++ b/libnetwork/iptables/iptables.go +@@ -87,16 +87,11 @@ func initFirewalld() { + } + + func detectIptables() { +- path, err := exec.LookPath("iptables-legacy") // debian has iptables-legacy and iptables-nft now ++ path, err := exec.LookPath("iptables") + if err != nil { +- path, err = exec.LookPath("iptables") +- if err != nil { +- return +- } ++ return + } +- + iptablesPath = path +- + supportsXlock = exec.Command(iptablesPath, "--wait", "-L", "-n").Run() == nil + mj, mn, mc, err := GetVersion() + if err != nil { diff --git a/patches/libnetwork_proto.patch b/patches/libnetwork_proto.patch new file mode 100644 index 00000000..78810766 --- /dev/null +++ b/patches/libnetwork_proto.patch @@ -0,0 +1,38 @@ +Last-Update: 2018-06-15 +Forwarded: not-needed +Author: Dmitry Smirnov +Description: fix generation of .pb.go files. + +--- a/libnetwork/drivers/overlay/overlay.go ++++ b/libnetwork/drivers/overlay/overlay.go +@@ -1,7 +1,7 @@ + package overlay + +-//go:generate protoc -I.:../../Godeps/_workspace/src/github.com/gogo/protobuf --gogo_out=import_path=github.com/docker/libnetwork/drivers/overlay,Mgogoproto/gogo.proto=github.com/gogo/protobuf/gogoproto:. overlay.proto ++//go:generate protoc -I.:../../../../../github.com/gogo/protobuf --gogo_out=import_path=github.com/docker/libnetwork/drivers/overlay,Mgogoproto/gogo.proto=github.com/gogo/protobuf/gogoproto:. overlay.proto + + import ( + "context" + "fmt" +--- a/libnetwork/agent.go ++++ b/libnetwork/agent.go +@@ -1,7 +1,7 @@ + package libnetwork + +-//go:generate protoc -I.:Godeps/_workspace/src/github.com/gogo/protobuf --gogo_out=import_path=github.com/docker/libnetwork,Mgogoproto/gogo.proto=github.com/gogo/protobuf/gogoproto:. agent.proto ++//go:generate protoc -I.:../../../github.com/gogo/protobuf --gogo_out=import_path=github.com/docker/libnetwork,Mgogoproto/gogo.proto=github.com/gogo/protobuf/gogoproto:. agent.proto + + import ( + "encoding/json" + "fmt" +--- a/libnetwork/networkdb/networkdb.go ++++ b/libnetwork/networkdb/networkdb.go +@@ -1,7 +1,7 @@ + package networkdb + +-//go:generate protoc -I.:../vendor/github.com/gogo/protobuf --gogo_out=import_path=github.com/docker/libnetwork/networkdb,Mgogoproto/gogo.proto=github.com/gogo/protobuf/gogoproto:. networkdb.proto ++//go:generate protoc -I.:../../../../github.com/gogo/protobuf --gogo_out=import_path=github.com/docker/libnetwork/networkdb,Mgogoproto/gogo.proto=github.com/gogo/protobuf/gogoproto:. networkdb.proto + + import ( + "context" + "fmt" diff --git a/patches/mips-add-specific-signal-file.patch b/patches/mips-add-specific-signal-file.patch new file mode 100644 index 00000000..09d36272 --- /dev/null +++ b/patches/mips-add-specific-signal-file.patch @@ -0,0 +1,111 @@ +From: poizan42 +Date: Wed, 18 Jul 2018 14:31:16 +0200 +Subject: [PATCH] SIGSKTFLT does not exist on MIPS, instead SIGEMT does. + +SIGRTMAX is also 127 on MIPS. + +This patch is merged upstream on master, please drop it when necessary. + +Signed-off-by: Kasper Fabæch Brandt +Origin: upstream, https://github.com/moby/moby/pull/37491 +--- + pkg/signal/signal_linux.go | 2 + + pkg/signal/signal_linux_mipsx.go | 84 ++++++++++++++++++++++++++++++++ + 2 files changed, 86 insertions(+) + create mode 100644 pkg/signal/signal_linux_mipsx.go + +--- a/engine/pkg/signal/signal_linux.go ++++ b/engine/pkg/signal/signal_linux.go +@@ -1,3 +1,5 @@ ++// +build !mips,!mipsle,!mips64,!mips64le ++ + package signal // import "github.com/docker/docker/pkg/signal" + + import ( +--- /dev/null ++++ b/engine/pkg/signal/signal_linux_mipsx.go +@@ -0,0 +1,84 @@ ++// +build linux ++// +build mips mipsle mips64 mips64le ++ ++package signal // import "github.com/docker/docker/pkg/signal" ++ ++import ( ++ "syscall" ++ ++ "golang.org/x/sys/unix" ++) ++ ++const ( ++ sigrtmin = 34 ++ sigrtmax = 127 ++) ++ ++// SignalMap is a map of Linux signals. ++var SignalMap = map[string]syscall.Signal{ ++ "ABRT": unix.SIGABRT, ++ "ALRM": unix.SIGALRM, ++ "BUS": unix.SIGBUS, ++ "CHLD": unix.SIGCHLD, ++ "CLD": unix.SIGCLD, ++ "CONT": unix.SIGCONT, ++ "FPE": unix.SIGFPE, ++ "HUP": unix.SIGHUP, ++ "ILL": unix.SIGILL, ++ "INT": unix.SIGINT, ++ "IO": unix.SIGIO, ++ "IOT": unix.SIGIOT, ++ "KILL": unix.SIGKILL, ++ "PIPE": unix.SIGPIPE, ++ "POLL": unix.SIGPOLL, ++ "PROF": unix.SIGPROF, ++ "PWR": unix.SIGPWR, ++ "QUIT": unix.SIGQUIT, ++ "SEGV": unix.SIGSEGV, ++ "SIGEMT": unix.SIGEMT, ++ "STOP": unix.SIGSTOP, ++ "SYS": unix.SIGSYS, ++ "TERM": unix.SIGTERM, ++ "TRAP": unix.SIGTRAP, ++ "TSTP": unix.SIGTSTP, ++ "TTIN": unix.SIGTTIN, ++ "TTOU": unix.SIGTTOU, ++ "URG": unix.SIGURG, ++ "USR1": unix.SIGUSR1, ++ "USR2": unix.SIGUSR2, ++ "VTALRM": unix.SIGVTALRM, ++ "WINCH": unix.SIGWINCH, ++ "XCPU": unix.SIGXCPU, ++ "XFSZ": unix.SIGXFSZ, ++ "RTMIN": sigrtmin, ++ "RTMIN+1": sigrtmin + 1, ++ "RTMIN+2": sigrtmin + 2, ++ "RTMIN+3": sigrtmin + 3, ++ "RTMIN+4": sigrtmin + 4, ++ "RTMIN+5": sigrtmin + 5, ++ "RTMIN+6": sigrtmin + 6, ++ "RTMIN+7": sigrtmin + 7, ++ "RTMIN+8": sigrtmin + 8, ++ "RTMIN+9": sigrtmin + 9, ++ "RTMIN+10": sigrtmin + 10, ++ "RTMIN+11": sigrtmin + 11, ++ "RTMIN+12": sigrtmin + 12, ++ "RTMIN+13": sigrtmin + 13, ++ "RTMIN+14": sigrtmin + 14, ++ "RTMIN+15": sigrtmin + 15, ++ "RTMAX-14": sigrtmax - 14, ++ "RTMAX-13": sigrtmax - 13, ++ "RTMAX-12": sigrtmax - 12, ++ "RTMAX-11": sigrtmax - 11, ++ "RTMAX-10": sigrtmax - 10, ++ "RTMAX-9": sigrtmax - 9, ++ "RTMAX-8": sigrtmax - 8, ++ "RTMAX-7": sigrtmax - 7, ++ "RTMAX-6": sigrtmax - 6, ++ "RTMAX-5": sigrtmax - 5, ++ "RTMAX-4": sigrtmax - 4, ++ "RTMAX-3": sigrtmax - 3, ++ "RTMAX-2": sigrtmax - 2, ++ "RTMAX-1": sigrtmax - 1, ++ "RTMAX": sigrtmax, ++} diff --git a/patches/mips-fix-devnumber.patch b/patches/mips-fix-devnumber.patch new file mode 100644 index 00000000..8294880c --- /dev/null +++ b/patches/mips-fix-devnumber.patch @@ -0,0 +1,22 @@ +Last-Update: 2018-03-18 +Forwarded: not-needed +Author: Dmitry Smirnov +Bug-Upstream: https://github.com/moby/moby/issues/28058 +Description: fix FTBFS on mips +~~~~ +github.com/docker/docker/pkg/system/stat_linux.go:13:7: cannot use s.Rdev (type uint32) as type uint64 in field value +~~~~ + +--- a/engine/pkg/system/stat_linux.go ++++ b/engine/pkg/system/stat_linux.go +@@ -7,9 +7,9 @@ + return &StatT{size: s.Size, + mode: s.Mode, + uid: s.Uid, + gid: s.Gid, +- rdev: s.Rdev, ++ rdev: uint64(s.Rdev), + mtim: s.Mtim}, nil + } + + // FromStatT converts a syscall.Stat_t type to a system.Stat_t type diff --git a/patches/netlink_syscall.patch b/patches/netlink_syscall.patch new file mode 100644 index 00000000..50545ad1 --- /dev/null +++ b/patches/netlink_syscall.patch @@ -0,0 +1,58 @@ +Last-Update: 2018-06-12 +Forwarded: not-needed +Bug-Upstream: https://github.com/docker/libnetwork/issues/2110 +Author: Dmitry Smirnov +Description: fixes FTBFS + cannot use &tv (type *syscall.Timeval) as type *unix.Timeval + +--- a/libnetwork/drivers/overlay/ov_network.go ++++ b/libnetwork/drivers/overlay/ov_network.go +@@ -26,8 +26,9 @@ + "github.com/sirupsen/logrus" + "github.com/vishvananda/netlink" + "github.com/vishvananda/netlink/nl" + "github.com/vishvananda/netns" ++ "golang.org/x/sys/unix" + ) + + var ( + hostMode bool +@@ -759,9 +760,9 @@ + if err != nil { + return + } + // set the receive timeout to not remain stuck on the RecvFrom if the fd gets closed +- tv := syscall.NsecToTimeval(soTimeout.Nanoseconds()) ++ tv := unix.NsecToTimeval(soTimeout.Nanoseconds()) + err = nlSock.SetReceiveTimeout(&tv) + }) + n.nlSocket = nlSock + +--- a/libnetwork/ipvs/ipvs.go ++++ b/libnetwork/ipvs/ipvs.go +@@ -10,8 +10,9 @@ + "fmt" + + "github.com/vishvananda/netlink/nl" + "github.com/vishvananda/netns" ++ "golang.org/x/sys/unix" + ) + + const ( + netlinkRecvSocketsTimeout = 3 * time.Second +@@ -89,13 +90,13 @@ + if err != nil { + return nil, err + } + // Add operation timeout to avoid deadlocks +- tv := syscall.NsecToTimeval(netlinkSendSocketTimeout.Nanoseconds()) ++ tv := unix.NsecToTimeval(netlinkSendSocketTimeout.Nanoseconds()) + if err := sock.SetSendTimeout(&tv); err != nil { + return nil, err + } +- tv = syscall.NsecToTimeval(netlinkRecvSocketsTimeout.Nanoseconds()) ++ tv = unix.NsecToTimeval(netlinkRecvSocketsTimeout.Nanoseconds()) + if err := sock.SetReceiveTimeout(&tv); err != nil { + return nil, err + } + diff --git a/patches/series b/patches/series new file mode 100644 index 00000000..07dcec79 --- /dev/null +++ b/patches/series @@ -0,0 +1,36 @@ +debian-systemd-unit-tasksmax.patch +# If upstream ever adds EnvFile, remove this patch. +# (see also https://github.com/docker/docker/pull/7220#issuecomment-50076589) +debian-systemd-unit-environment-file.patch +debian-containerd-name.patch +debian-dockerd-binary-location.patch +debian-cgroupfs-mount-convenience-copy.patch +debian-nuke-no-prompt.patch + +buildkit-build-against-google-grpc-1.11.patch + +cli-fix-manpages-build-script.patch +cli-fix-registry-debug-message-go-1.11.patch + +engine-contrib-debootstrap-curl-follow-location.patch +engine-test-noinstall.patch + +go-metrics_prometheus-fix_Observer.patch + +libnetwork_proto.patch +libnetwork-revert-iptables-legacy.patch + +mips-add-specific-signal-file.patch +mips-fix-devnumber.patch + +netlink_syscall.patch + +test--disable-containerizedengine-update-test.patch +test--fix-test-errors.patch +test--skip-TestAdapterReadLogs.patch +test--skip-TestChangesWithChangesGH13590.patch +test--skip-TestClientWithRequestTimeout.patch +test--skip-TestGetRootUIDGID.patch +test--skip-TestStateRunStop.patch +test--skip-network-tests.patch +test--skip-privileged-unit-tests.patch diff --git a/patches/test--disable-containerizedengine-update-test.patch b/patches/test--disable-containerizedengine-update-test.patch new file mode 100644 index 00000000..4bcb1533 --- /dev/null +++ b/patches/test--disable-containerizedengine-update-test.patch @@ -0,0 +1,19 @@ +From: Arnaud Rebillout +Date: Fri, 18 Jan 2019 18:54:15 +0700 +Subject: Disable containerizedengine/update_test.go + +This test FTBFS, see . +Please re-enable this test when this MR is accepted. + +Origin: vendor, Debian +Forwarded: not-needed, Debian-specific +Signed-off-by: Arnaud Rebillout + +--- a/cli/internal/containerizedengine/update_test.go ++++ b/cli/internal/containerizedengine/update_test.go +@@ -1,3 +1,5 @@ ++// +build ignore ++ + package containerizedengine + + import ( diff --git a/patches/test--fix-test-errors.patch b/patches/test--fix-test-errors.patch new file mode 100644 index 00000000..e2dfb44b --- /dev/null +++ b/patches/test--fix-test-errors.patch @@ -0,0 +1,15 @@ +Description: update several tests for text/path errors +Author: Tianon Gravi +Forwarded: not-needed + +--- a/engine/pkg/authorization/authz_unix_test.go ++++ b/engine/pkg/authorization/authz_unix_test.go +@@ -346,6 +346,8 @@ + t.Fatal(err) + } + ++ t.Skip("Skipping plugin tests -- Unix socket path is too long: unix:///"+path.Join(pwd, pluginAddress)) ++ + client, err := plugins.NewClient("unix:///"+path.Join(pwd, pluginAddress), &tlsconfig.Options{InsecureSkipVerify: true}) + if err != nil { + t.Fatalf("Failed to create client %v", err) diff --git a/patches/test--skip-TestAdapterReadLogs.patch b/patches/test--skip-TestAdapterReadLogs.patch new file mode 100644 index 00000000..b3af56db --- /dev/null +++ b/patches/test--skip-TestAdapterReadLogs.patch @@ -0,0 +1,38 @@ +Last-Update: 2018-06-19 +Forwarded: not-needed +Author: Dmitry Smirnov +Description: disable unreliable test, failing randomly on multiple architectures. +~~~~ + FAIL: TestAdapterReadLogs (0.00s) + panic: runtime error: invalid memory address or nil pointer dereference [recovered] + panic: runtime error: invalid memory address or nil pointer dereference + [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x83273c5] + + goroutine 7 [running]: + testing.tRunner.func1(0x1a686ab0) + /usr/lib/go-1.10/src/testing/testing.go:742 +0x24a + panic(0x8393cc0, 0x85d1e78) + /usr/lib/go-1.10/src/runtime/panic.go:502 +0x1dc + github.com/docker/docker/daemon/logger.testMessageEqual(0x1a686ab0, 0x1a65cc7c, 0x0) + /var/lib/gitlab-runner/builds/736b76b0/1/docker-team/docker/.gopath/src/github.com/docker/docker/daemon/logger/adapter_test.go:178 +0x35 + github.com/docker/docker/daemon/logger.TestAdapterReadLogs(0x1a686ab0) + /var/lib/gitlab-runner/builds/736b76b0/1/docker-team/docker/.gopath/src/github.com/docker/docker/daemon/logger/adapter_test.go:131 +0x710 + testing.tRunner(0x1a686ab0, 0x83fa01c) + /usr/lib/go-1.10/src/testing/testing.go:777 +0xaa + created by testing.(*T).Run + /usr/lib/go-1.10/src/testing/testing.go:824 +0x243 + FAIL github.com/docker/docker/daemon/logger 0.012s +~~~~ + +--- a/engine/daemon/logger/adapter_test.go ++++ b/engine/daemon/logger/adapter_test.go +@@ -137,8 +137,9 @@ + return a + } + + func TestAdapterReadLogs(t *testing.T) { ++t.Skip("DM - skipping dodgy test") + plugin := newMockLoggingPlugin() + l := newMockPluginAdapter(plugin) + + testMsg := []Message{ diff --git a/patches/test--skip-TestChangesWithChangesGH13590.patch b/patches/test--skip-TestChangesWithChangesGH13590.patch new file mode 100644 index 00000000..540e5c9a --- /dev/null +++ b/patches/test--skip-TestChangesWithChangesGH13590.patch @@ -0,0 +1,17 @@ +Last-Update: Wed Jun 7 11:39:46 2017 +Forwarded: not-needed +Author: Tim Potter +Description: disable test, does not appear to work under pbuilder. + +--- a/engine/pkg/archive/changes_test.go ++++ b/engine/pkg/archive/changes_test.go +@@ -177,8 +177,9 @@ + } + + // See https://github.com/docker/docker/pull/13590 + func TestChangesWithChangesGH13590(t *testing.T) { ++ t.Skip("DM - skipped, doesn't work under pbuilder") + // TODO Windows. There may be a way of running this, but turning off for now + // as createSampleDir uses symlinks. + if runtime.GOOS == "windows" { + t.Skip("symlinks on Windows") diff --git a/patches/test--skip-TestClientWithRequestTimeout.patch b/patches/test--skip-TestClientWithRequestTimeout.patch new file mode 100644 index 00000000..b86ec586 --- /dev/null +++ b/patches/test--skip-TestClientWithRequestTimeout.patch @@ -0,0 +1,20 @@ +From: Arnaud Rebillout +Date: Thu, 24 Jan 2019 15:22:58 +0700 +Subject: Skip TestClientWithRequestTimeout + +This test seems to be flaky. Please follow-up upstream for more details: + + +Origin: vendor, Debian +Forwarded: not-needed, Debian-specific +Signed-off-by: Arnaud Rebillout +--- a/engine/pkg/plugins/client_test.go ++++ b/engine/pkg/plugins/client_test.go +@@ -237,6 +237,7 @@ + } + + func TestClientWithRequestTimeout(t *testing.T) { ++ t.Skip("DM - skipping flaky test") + timeout := 1 * time.Millisecond + testHandler := func(w http.ResponseWriter, r *http.Request) { + time.Sleep(timeout + 1*time.Millisecond) diff --git a/patches/test--skip-TestGetRootUIDGID.patch b/patches/test--skip-TestGetRootUIDGID.patch new file mode 100644 index 00000000..d15bd400 --- /dev/null +++ b/patches/test--skip-TestGetRootUIDGID.patch @@ -0,0 +1,26 @@ +Last-Update: 2018-06-16 +Forwarded: not-needed +Author: Dmitry Smirnov +Description: disable test failing is sbuild. +~~~~ + FAIL: TestGetRootUIDGID (0.00s) + idtools_unix_test.go:287: + Error Trace: idtools_unix_test.go:287 + Error: Not equal: + expected: 1009 + actual : 2952 + Test: TestGetRootUIDGID +~~~~ + +--- a/engine/pkg/idtools/idtools_unix_test.go ++++ b/engine/pkg/idtools/idtools_unix_test.go +@@ -266,8 +266,9 @@ + } + } + + func TestGetRootUIDGID(t *testing.T) { ++t.Skip("DM - skipping malfunctioning test, fails on sbuild") + uidMap := []IDMap{ + { + ContainerID: 0, + HostID: os.Getuid(), diff --git a/patches/test--skip-TestStateRunStop.patch b/patches/test--skip-TestStateRunStop.patch new file mode 100644 index 00000000..7d70ba9b --- /dev/null +++ b/patches/test--skip-TestStateRunStop.patch @@ -0,0 +1,20 @@ +Last-Update: 2018-08-02 +Forwarded: not-needed +Author: Dmitry Smirnov +Description: disabled unreliable test. +~~~~ + state_test.go:102: ExitCode -1, expected 2, err "context deadline exceeded" +~~~~ + +--- a/engine/container/state_test.go ++++ b/engine/container/state_test.go +@@ -28,8 +28,9 @@ + } + } + + func TestStateRunStop(t *testing.T) { ++t.Skip("DM - disabled unreliable test") + s := NewState() + + // Begin another wait with WaitConditionRemoved. It should complete + // within 200 milliseconds. diff --git a/patches/test--skip-network-tests.patch b/patches/test--skip-network-tests.patch new file mode 100644 index 00000000..a6955dbe --- /dev/null +++ b/patches/test--skip-network-tests.patch @@ -0,0 +1,17 @@ +Last-Update: 2018-06-16 +Forwarded: not-needed +Author: Dmitry Smirnov +Description: disable failing test due to dependency on network. + +--- a/cli/cli/command/image/push_test.go ++++ b/cli/cli/command/image/push_test.go +@@ -12,8 +12,9 @@ + "gotest.tools/assert" + ) + + func TestNewPushCommandErrors(t *testing.T) { ++t.Skip("DM - skipping network test") + testCases := []struct { + name string + args []string + expectedError string diff --git a/patches/test--skip-privileged-unit-tests.patch b/patches/test--skip-privileged-unit-tests.patch new file mode 100644 index 00000000..08e91b2c --- /dev/null +++ b/patches/test--skip-privileged-unit-tests.patch @@ -0,0 +1,316 @@ +Description: allow skipping "privileged" tests with "-test.short" +Author: Tianon Gravi +Forwarded: no + +--- a/engine/builder/dockerfile/internals_test.go ++++ b/engine/builder/dockerfile/internals_test.go +@@ -19,6 +19,7 @@ + ) + + func TestEmptyDockerfile(t *testing.T) { ++ t.Skip("DM - skipping privileged test") + contextDir, cleanup := createTestTempDir(t, "", "builder-dockerfile-test") + defer cleanup() + +@@ -28,6 +29,7 @@ + } + + func TestSymlinkDockerfile(t *testing.T) { ++ t.Skip("DM - skipping privileged test") + contextDir, cleanup := createTestTempDir(t, "", "builder-dockerfile-test") + defer cleanup() + +@@ -43,6 +45,7 @@ + } + + func TestDockerfileOutsideTheBuildContext(t *testing.T) { ++ t.Skip("DM - skipping privileged test") + contextDir, cleanup := createTestTempDir(t, "", "builder-dockerfile-test") + defer cleanup() + +@@ -52,6 +55,7 @@ + } + + func TestNonExistingDockerfile(t *testing.T) { ++ t.Skip("DM - skipping privileged test") + contextDir, cleanup := createTestTempDir(t, "", "builder-dockerfile-test") + defer cleanup() + +--- a/engine/daemon/graphdriver/overlay2/overlay_test.go ++++ b/engine/daemon/graphdriver/overlay2/overlay_test.go +@@ -37,22 +37,27 @@ + // This avoids creating a new driver for each test if all tests are run + // Make sure to put new tests between TestOverlaySetup and TestOverlayTeardown + func TestOverlaySetup(t *testing.T) { ++ t.Skip("DM - skipping privileged test") + graphtest.GetDriver(t, driverName) + } + + func TestOverlayCreateEmpty(t *testing.T) { ++ t.Skip("DM - skipping privileged test") + graphtest.DriverTestCreateEmpty(t, driverName) + } + + func TestOverlayCreateBase(t *testing.T) { ++ t.Skip("DM - skipping privileged test") + graphtest.DriverTestCreateBase(t, driverName) + } + + func TestOverlayCreateSnap(t *testing.T) { ++ t.Skip("DM - skipping privileged test") + graphtest.DriverTestCreateSnap(t, driverName) + } + + func TestOverlay128LayerRead(t *testing.T) { ++ t.Skip("DM - skipping privileged test") + graphtest.DriverTestDeepLayerRead(t, 128, driverName) + } + +--- a/engine/volume/local/local_test.go ++++ b/engine/volume/local/local_test.go +@@ -31,6 +31,7 @@ + } + + func TestRemove(t *testing.T) { ++t.Skip("DM - skipping privileged test") + skip.If(t, runtime.GOOS == "windows", "FIXME: investigate why this test fails on CI") + rootDir, err := ioutil.TempDir("", "local-volume-test") + if err != nil { +@@ -74,6 +75,7 @@ + } + + func TestInitializeWithVolumes(t *testing.T) { ++ t.Skip("DM - skipping privileged tests") + rootDir, err := ioutil.TempDir("", "local-volume-test") + if err != nil { + t.Fatal(err) +@@ -106,6 +108,7 @@ + } + + func TestCreate(t *testing.T) { ++ t.Skip("DM - skipping privileged tests") + rootDir, err := ioutil.TempDir("", "local-volume-test") + if err != nil { + t.Fatal(err) +@@ -178,6 +181,7 @@ + } + + func TestCreateWithOpts(t *testing.T) { ++t.Skip("DM - skipping privileged test") + skip.If(t, runtime.GOOS == "windows") + skip.If(t, os.Getuid() != 0, "requires mounts") + rootDir, err := ioutil.TempDir("", "local-volume-test") +--- a/engine/pkg/mount/mount_unix_test.go ++++ b/engine/pkg/mount/mount_unix_test.go +@@ -25,6 +25,7 @@ + } + + func TestMounted(t *testing.T) { ++t.Skip("DM - skipping privileged test") + if os.Getuid() != 0 { + t.Skip("root required") + } +@@ -80,6 +81,7 @@ + } + + func TestMountReadonly(t *testing.T) { ++t.Skip("DM - skipping privileged test") + if os.Getuid() != 0 { + t.Skip("root required") + } +@@ -129,6 +131,7 @@ + } + + func TestGetMounts(t *testing.T) { ++t.Skip("DM - skipping privileged test") + mounts, err := GetMounts(nil) + if err != nil { + t.Fatal(err) +--- a/engine/pkg/mount/sharedsubtree_linux_test.go ++++ b/engine/pkg/mount/sharedsubtree_linux_test.go +@@ -12,6 +12,7 @@ + + // nothing is propagated in or out + func TestSubtreePrivate(t *testing.T) { ++t.Skip("DM - skipping privileged test") + if os.Getuid() != 0 { + t.Skip("root required") + } +@@ -114,6 +115,7 @@ + // Testing that when a target is a shared mount, + // then child mounts propagate to the source + func TestSubtreeShared(t *testing.T) { ++t.Skip("DM - skipping privileged test") + if os.Getuid() != 0 { + t.Skip("root required") + } +@@ -186,6 +188,7 @@ + // testing that mounts to a shared source show up in the slave target, + // and that mounts into a slave target do _not_ show up in the shared source + func TestSubtreeSharedSlave(t *testing.T) { ++t.Skip("DM - skipping privileged test") + if os.Getuid() != 0 { + t.Skip("root required") + } +@@ -294,6 +297,7 @@ + } + + func TestSubtreeUnbindable(t *testing.T) { ++t.Skip("DM - skipping privileged test") + if os.Getuid() != 0 { + t.Skip("root required") + } +--- a/engine/daemon/graphdriver/overlay/overlay_test.go ++++ b/engine/daemon/graphdriver/overlay/overlay_test.go +@@ -19,22 +19,27 @@ + // This avoids creating a new driver for each test if all tests are run + // Make sure to put new tests between TestOverlaySetup and TestOverlayTeardown + func TestOverlaySetup(t *testing.T) { ++ t.Skip("DM - skipping privileged test") + graphtest.GetDriver(t, "overlay") + } + + func TestOverlayCreateEmpty(t *testing.T) { ++ t.Skip("DM - skipping privileged test") + graphtest.DriverTestCreateEmpty(t, "overlay") + } + + func TestOverlayCreateBase(t *testing.T) { ++ t.Skip("DM - skipping privileged test") + graphtest.DriverTestCreateBase(t, "overlay") + } + + func TestOverlayCreateSnap(t *testing.T) { ++ t.Skip("DM - skipping privileged test") + graphtest.DriverTestCreateSnap(t, "overlay") + } + + func TestOverlay50LayerRead(t *testing.T) { ++ t.Skip("DM - skipping privileged test") + graphtest.DriverTestDeepLayerRead(t, 50, "overlay") + } + +--- a/engine/pkg/archive/archive_test.go ++++ b/engine/pkg/archive/archive_test.go +@@ -264,6 +264,7 @@ + } + + func TestUntarPathWithInvalidDest(t *testing.T) { ++t.Skip("DM - skipping privileged test") + tempFolder, err := ioutil.TempDir("", "docker-archive-test") + assert.NilError(t, err) + defer os.RemoveAll(tempFolder) +@@ -436,6 +437,7 @@ + } + + func TestCopyWithTarInexistentDestWillCreateIt(t *testing.T) { ++t.Skip("DM - skipping privileged test") + skip.If(t, os.Getuid() != 0, "skipping test that requires root") + tempFolder, err := ioutil.TempDir("", "docker-archive-test") + if err != nil { +@@ -729,6 +731,7 @@ + } + + func TestTarWithOptionsChownOptsAlwaysOverridesIdPair(t *testing.T) { ++t.Skip("DM - skipping privileged test") + origin, err := ioutil.TempDir("", "docker-test-tar-chown-opt") + assert.NilError(t, err) + +@@ -780,6 +783,7 @@ + } + + func TestTarWithOptions(t *testing.T) { ++t.Skip("DM - skipping privileged test") + // TODO Windows: Figure out how to fix this test. + if runtime.GOOS == "windows" { + t.Skip("Failing on Windows") +@@ -970,6 +974,7 @@ + } + + func TestUntarHardlinkToSymlink(t *testing.T) { ++t.Skip("DM - skipping privileged test") + // TODO Windows. There may be a way of running this, but turning off for now + skip.If(t, runtime.GOOS == "windows", "hardlinks on Windows") + skip.If(t, os.Getuid() != 0, "skipping test that requires root") +@@ -1200,6 +1205,7 @@ + } + + func TestReplaceFileTarWrapper(t *testing.T) { ++t.Skip("DM - skipping privileged test") + filesInArchive := 20 + testcases := []struct { + doc string +--- a/engine/pkg/archive/archive_linux_test.go ++++ b/engine/pkg/archive/archive_linux_test.go +@@ -85,6 +85,7 @@ + } + + func TestOverlayTarUntar(t *testing.T) { ++t.Skip("DM - skipping privileged test") + oldmask, err := system.Umask(0) + assert.NilError(t, err) + defer system.Umask(oldmask) +@@ -124,6 +125,7 @@ + } + + func TestOverlayTarAUFSUntar(t *testing.T) { ++t.Skip("DM - skipping privileged test") + oldmask, err := system.Umask(0) + assert.NilError(t, err) + defer system.Umask(oldmask) +--- a/cli/cli/command/image/build_test.go ++++ b/cli/cli/command/image/build_test.go +@@ -25,6 +25,7 @@ + ) + + func TestRunBuildDockerfileFromStdinWithCompress(t *testing.T) { ++t.Skip("DM - skipping privileged test") + buffer := new(bytes.Buffer) + fakeBuild := newFakeBuild() + fakeImageBuild := func(ctx context.Context, context io.Reader, options types.ImageBuildOptions) (types.ImageBuildResponse, error) { +@@ -122,6 +123,7 @@ + // TODO: test "context selection" logic directly when runBuild is refactored + // to support testing (ex: docker/cli#294) + func TestRunBuildFromGitHubSpecialCase(t *testing.T) { ++t.Skip("DM - disabled due to network access") + cmd := NewBuildCommand(test.NewFakeCli(nil)) + // Clone a small repo that exists so git doesn't prompt for credentials + cmd.SetArgs([]string{"github.com/docker/for-win"}) +--- a/engine/daemon/oci_linux_test.go ++++ b/engine/daemon/oci_linux_test.go +@@ -89,6 +89,7 @@ + } + + func TestGetSourceMount(t *testing.T) { ++t.Skip("Skipped failing test") + // must be able to find source mount for / + mnt, _, err := getSourceMount("/") + assert.NilError(t, err) +--- a/engine/layer/mount_test.go ++++ b/engine/layer/mount_test.go +@@ -12,6 +12,7 @@ + ) + + func TestMountInit(t *testing.T) { ++ t.Skip("DM - skipping privileged test") + // TODO Windows: Figure out why this is failing + if runtime.GOOS == "windows" { + t.Skip("Failing on Windows") +@@ -120,6 +121,7 @@ + } + + func TestMountChanges(t *testing.T) { ++ t.Skip("DM - skipping privileged test") + // TODO Windows: Figure out why this is failing + if runtime.GOOS == "windows" { + t.Skip("Failing on Windows") +--- a/engine/daemon/graphdriver/aufs/aufs_test.go ++++ b/engine/daemon/graphdriver/aufs/aufs_test.go +@@ -31,6 +31,7 @@ + } + + func testInit(dir string, t testing.TB) graphdriver.Driver { ++ t.Skip("DM - skipping privileged test") + d, err := Init(dir, nil, nil, nil) + if err != nil { + if err == graphdriver.ErrNotSupported { diff --git a/rules b/rules new file mode 100755 index 00000000..84769c17 --- /dev/null +++ b/rules @@ -0,0 +1,185 @@ +#!/usr/bin/make -f +# -*- makefile -*- + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +## Disable compiler cache (`go env GOCACHE`, `go help cache`). +export GOCACHE=off + +export HOME=$(CURDIR)/debian/tmp + +#export DH_GOLANG_BUILDPKG := github.com/docker/docker github.com/docker/cli +export DH_GOLANG_GO_GENERATE := 1 +export DH_GOLANG_INSTALL_ALL := 1 +export DH_GOLANG_INSTALL_EXTRA := testdata/ +export DH_GOLANG_EXCLUDES := \ + integration-cli \ + vendor + +# temporary build path (see http://golang.org/doc/code.html#GOPATH) +OUR_GOPATH := $(CURDIR)/.gopath +export GOPATH := $(OUR_GOPATH) + +export DOCKER_VERSION := $(shell cat VERSION) +export DOCKER_GITCOMMIT := $(shell ./debian/helpers/gitcommit.sh $(DOCKER_VERSION)) +ifndef DOCKER_GITCOMMIT + $(error Missing DOCKER_GITCOMMIT - see debian/upstream-version-gitcommits) +endif + +export BUILDTIME := $(shell dpkg-parsechangelog -SDate) + +# have "make.sh" keep "bundle/$(DOCKER_VERSION)" around between runs (we clean it up appropriately ourselves) +export KEEPBUNDLE := 1 + +## AppArmor can be optionally used in Debian and is there by default in Ubuntu, +## so we need support for it compiled into our binary same story with SELinux. +export DOCKER_BUILDTAGS := apparmor seccomp selinux ambient + +## prefer Go 1.7 explicitly if it's available (golang-1.7-go) +#export PATH := /usr/lib/go-1.7/bin:$(PATH) + +APPARMOR_RECOMMENDS := $(shell dpkg-vendor --is Ubuntu && echo apparmor) +BUILT_LIBC := $(shell dpkg-query -f '$${source:Package} (= $${source:Version})' -W libc-dev-bin) + +%: + dh $@ --buildsystem=golang --with=bash-completion,golang --builddirectory=.gopath + +override_dh_clean: + dh_clean + $(RM) -v -r autogen bundles man/man*/ +# -find . -type f -name '*.pb.go' -delete -printf 'removed %p\n' ## delete generated .pb.go files + ## Remove Files-Excluded (when built from checkout or non-DFSG tarball): + $(RM) -rv `perl -0nE 'say grep { $$_=q{ */}.$$_ } split(/\s+/,$$1) if m{^Files\-Excluded:\s*(.*?)(?:\n\n|^Files|^Comment:)}sm;' debian/copyright` + -find */vendor -mindepth 1 -type d -empty -delete -printf 'removed %p\n' + +override_dh_auto_configure: +## dh_auto_configure symlinks dirs from "/usr/share/gocode/src" into +## $(OUR_GOPATH) unless folders already exist there in which case files +## are copied. Pre-making directories allows us to use debhelper to +## create proper GOPATH source tree yet have certain directories writable +## even if they are provided by already installed package. + mkdir -pv $(OUR_GOPATH)/src/github.com/docker/cli + mkdir -pv $(OUR_GOPATH)/src/github.com/docker/docker + mkdir -pv $(OUR_GOPATH)/src/github.com/docker/libnetwork + mkdir -pv $(OUR_GOPATH)/src/github.com/docker/swarmkit + mkdir -pv $(OUR_GOPATH)/src/github.com/docker/distribution + mkdir -pv $(OUR_GOPATH)/src/github.com/docker/go-events + mkdir -pv $(OUR_GOPATH)/src/github.com/docker/go-metrics + mkdir -pv $(OUR_GOPATH)/src/github.com/containerd/containerd + +# ## Prepare builddirectory but throw away sourcedirectory. + DH_GOPKG="__IGNORE__" dh_auto_configure + +## Each package must be removed from working tree first, in case some +## of the packages that we are going to build are already installed. +## This is also useful for building in unclean environment. +## +## This is _necessary_ to avoid merging packages that we build with +## pre-installed packages. See #827226 for details. +## Debhelper knows only about "main" DH_GOPKG package but we build several +## and we have to ensure that build tree is properly prepared. + $(RM) -r $(OUR_GOPATH)/src/github.com/docker/cli + cp -ra cli $(OUR_GOPATH)/src/github.com/docker/cli + + $(RM) -r $(OUR_GOPATH)/src/github.com/docker/docker + cp -ra engine $(OUR_GOPATH)/src/github.com/docker/docker + + $(RM) -r $(OUR_GOPATH)/src/github.com/docker/libnetwork + cp -ra libnetwork $(OUR_GOPATH)/src/github.com/docker/libnetwork + + $(RM) -r $(OUR_GOPATH)/src/github.com/docker/swarmkit + cp -ra swarmkit $(OUR_GOPATH)/src/github.com/docker/swarmkit + + $(RM) -r $(OUR_GOPATH)/src/github.com/docker/distribution + cp -ra distribution $(OUR_GOPATH)/src/github.com/docker/distribution + + $(RM) -r $(OUR_GOPATH)/src/github.com/docker/go-events + cp -ra go-events $(OUR_GOPATH)/src/github.com/docker/go-events + + $(RM) -r $(OUR_GOPATH)/src/github.com/docker/go-metrics + cp -ra go-metrics $(OUR_GOPATH)/src/github.com/docker/go-metrics + + $(RM) -r $(OUR_GOPATH)/src/github.com/containerd/containerd + cp -ra containerd $(OUR_GOPATH)/src/github.com/containerd/containerd + +# cp -ra containerd/vendor/github.com/containerd/continuity $(OUR_GOPATH)/src/github.com/containerd/ +# cp -ra engine/vendor/github.com/docker/distribution $(OUR_GOPATH)/src/github.com/docker/ + +override_dh_auto_build-indep: + # noop + +override_dh_auto_build-arch: +## order is important: + +## ## FIXME: DH_GOLANG_BUILDPKG --> DH_GOPKG + DH_GOLANG_BUILDPKG="github.com/docker/distribution" dh_auto_build -v + + DH_GOPKG="github.com/docker/libnetwork" dh_auto_build -v + +## ## FIXME: DH_GOLANG_BUILDPKG --> DH_GOPKG + DH_GOLANG_BUILDPKG="github.com/docker/swarmkit" dh_auto_build -v + + export DH_GOPKG="github.com/containerd/containerd" ;\ + export REV="`grep $${DH_GOPKG} engine/vendor.conf | head -1 | awk '{print $$2}'`" ;\ + dh_auto_build -v -- -tags "$(DOCKER_BUILDTAGS)" \ + -ldflags "-X $${DH_GOPKG}/version.Version=$(DOCKER_VERSION) -X $${DH_GOPKG}/version.Revision=$${REV}" + + DH_GOPKG="github.com/docker/go-events" dh_auto_build -v + DH_GOPKG="github.com/docker/go-metrics" dh_auto_build -v + +## build ("cd" first to ensure we build from within GOPATH) + cd '$(OUR_GOPATH)/src/github.com/docker/docker' \ + && VERSION=$(DOCKER_VERSION) ./hack/make.sh dynbinary + + cd '$(OUR_GOPATH)/src/github.com/docker/cli' \ + && DISABLE_WARN_OUTSIDE_CONTAINER=1 LDFLAGS='' \ + $(MAKE) VERSION=$(DOCKER_VERSION) GITCOMMIT=$(DOCKER_GITCOMMIT) dynbinary manpages + +# # compile man pages +# ./man/md2man-all.sh -q + +override_dh_auto_test-indep: + DH_GOLANG_EXCLUDES="integration-cli integration test/integration" \ + dh_auto_test -v --max-parallel=4 -- -short + +override_dh_auto_test-arch: +### [[[ DO NOT DISABLE TESTS ]]] [[[ DO *NOT* DISABLE TESTS ]]] + DH_GOLANG_EXCLUDES="integration-cli integration test/integration" \ + dh_auto_test -v --max-parallel=4 -- -short +ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS))) + ## Test engine: +# cd '$(OUR_GOPATH)/src/$(DH_GOPKG)' \ +# && TESTFLAGS='-test.short' ./hack/make.sh test-unit + cd $(OUR_GOPATH)/src/github.com/docker/docker \ + && TESTFLAGS='-test.short' ./hack/test/unit + + ## Test CLI: + cd $(OUR_GOPATH)/src/github.com/docker/cli \ + && DISABLE_WARN_OUTSIDE_CONTAINER=1 $(MAKE) test-unit + + .gopath/bin/containerd -version +endif + +override_dh_install: + ## Do not install extra license files: + dh_install -XLICENSE + +override_dh_auto_install: + ## skip dh_auto_install to stop dh_golang trying to copy bits + ## for /usr/share/gocode (we use dh_install/dh-exec for that) + +override_dh_installinit: + dh_installinit -v --name=docker --no-stop-on-upgrade --no-restart-after-upgrade + +override_dh_installsystemd: + dh_installsystemd -v --name=docker --no-stop-on-upgrade --no-restart-after-upgrade + +override_dh_installudev: + # use priority z80 to match the upstream priority of 80 + dh_installudev -v --name=docker --priority=z80 + +override_dh_gencontrol: + echo 'apparmor:Recommends=$(APPARMOR_RECOMMENDS)' >> debian/docker.io.substvars + echo 'libc:Built-Using=$(BUILT_LIBC)' >> debian/docker.io.substvars + dh_gencontrol diff --git a/source/format b/source/format new file mode 100644 index 00000000..163aaf8d --- /dev/null +++ b/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/source/lintian-overrides b/source/lintian-overrides new file mode 100644 index 00000000..2a07e111 --- /dev/null +++ b/source/lintian-overrides @@ -0,0 +1,5 @@ +## Files-Excluded leftovers: +source-contains-empty-directory */vendor/* + +## Acknowledged: +dh-exec-subst-unknown-variable debian/docker.io.install DOCKER_VERSION diff --git a/tests/basic-smoke b/tests/basic-smoke new file mode 100755 index 00000000..eae62a1f --- /dev/null +++ b/tests/basic-smoke @@ -0,0 +1,36 @@ +#!/bin/bash +set -eux +set -o pipefail + +exitTraps=( 'true' ) +doExit() { + for exitTrap in "${exitTraps[@]}"; do + eval "$exitTrap" || true + done +} +trap 'doExit' EXIT +defer() { + exitTraps=( "$@" "${exitTraps[@]}" ) +} + +/etc/init.d/docker start +defer '/etc/init.d/docker stop' +defer 'journalctl -u docker | tail' + +# make sure Docker itself is working before we go too deep down the rabbit hole +docker version + +tempDir="$(mktemp -d)" +defer "rm -rf '$tempDir'" + +debootstrap \ + --variant=minbase \ + stable \ + "$tempDir" \ + http://httpredir.debian.org/debian + +tar -cC "$tempDir" . | docker import - debian +defer 'docker rmi debian' + +docker run --name test debian true +defer 'docker rm -f test' diff --git a/tests/control b/tests/control new file mode 100644 index 00000000..1824f5c9 --- /dev/null +++ b/tests/control @@ -0,0 +1,7 @@ +Tests: basic-smoke +Depends: aufs-tools, debian-archive-keyring, debootstrap, @ +Restrictions: allow-stderr isolation-machine needs-root + +#Tests: integration +#Depends: ca-certificates, curl, git, golang-check.v1-dev, jq, @, @builddeps@ +#Restrictions: allow-stderr isolation-machine needs-root rw-build-tree diff --git a/tests/integration b/tests/integration new file mode 100755 index 00000000..6b40edcb --- /dev/null +++ b/tests/integration @@ -0,0 +1,41 @@ +#!/bin/bash +set -e + +# apply patches +dpkg-source --before-build . + +# prepare the environment +./debian/rules dh_configure +export GOPATH="$PWD/.gopath" +export DOCKER_GITCOMMIT="$(./debian/helpers/gitcommit.sh)" + +# docker's tests need an unprivileged user available at this username +useradd --system --gid docker --comment 'Docker Test Suite Unprivileged User' unprivilegeduser + +# https://github.com/docker/docker/blob/7307998a44237a8943792c279b81ff5a387a86fa/builder/dockerfile/builder.go#L34-L44 +proxyArgs=( + http_proxy + https_proxy + ftp_proxy + no_proxy +) +DOCKER_BUILD_ARGS= +for proxyArgBase in "${proxyArgs[@]}"; do + for proxyArg in "${proxyArgBase^^}" "$proxyArgBase"; do + if [ -n "${!proxyArg}" ]; then + [ -z "$DOCKER_BUILD_ARGS" ] || DOCKER_BUILD_ARGS+=' ' + DOCKER_BUILD_ARGS+="--build-arg ${proxyArg}=${!proxyArg}" + fi + done +done +export DOCKER_BUILD_ARGS + +# run the tests +./hack/make.sh test-integration-cli + +# clean up cruft we've created +./debian/rules clean +userdel --force unprivilegeduser + +# unapply patches +dpkg-source --after-build . diff --git a/unpack-components.sh b/unpack-components.sh new file mode 100755 index 00000000..9554ca55 --- /dev/null +++ b/unpack-components.sh @@ -0,0 +1,36 @@ +#!/bin/bash +: <<=cut + +=head1 DESCRIPTION + +Unpack MUT components. + +=head1 SYNOPSIS + + ./debian/unpack-components.sh + +=cut + +set -e +set -u + +DEB_SOURCE="$( dpkg-parsechangelog -SSource )" +DEB_VERSION_UPSTREAM="$( dpkg-parsechangelog -SVersion | sed -e 's/-[^-]*$//' )" + +if ls ../${DEB_SOURCE}_${DEB_VERSION_UPSTREAM}.orig-*.tar.* 2>>/dev/null; then + for T in ../${DEB_SOURCE}_${DEB_VERSION_UPSTREAM}.orig-*.tar.*; do + C="${T##*.orig-}" + C="${C%%.tar*}" + mkdir -p "${C}" + tar xf ${T} -C "${C}" --strip-components=1 + if [ "$(ls -m ${C})" == "${C}" ]; then + ## --strip-components=1 did not work. + mv "${C}" "${C}.tmp" + mv "${C}.tmp/${C}" . + rmdir "${C}.tmp" + fi + done +else + printf "W: no components to extract.\n" + exit 0 +fi diff --git a/upstream-version-gitcommits b/upstream-version-gitcommits new file mode 100644 index 00000000..4252c767 --- /dev/null +++ b/upstream-version-gitcommits @@ -0,0 +1,92 @@ +# To determine the proper value for this, download +# https://download.docker.com/linux/static/CHANNEL/x86_64/docker-VERSION-ce.tgz +# extract "docker", run "./docker -v", which will list the exact build hash needed. +# https://github.com/docker/docker-ce/releases + +0.5.3: 17c92b8 +0.6.0: f4a4f1c +0.6.1: 5105263 +0.6.2: 081543c +0.6.3: b0a49a3 +0.6.4: 2f74b1c +0.6.5: 3ff8459 +0.6.6: 6d42040 +0.6.7: cb48ecc +0.7.0: 0d078b6 +0.7.1: 88df052 +0.7.2: 28b162e +0.7.3: 8502ad4 +0.7.4: 010d74e +0.7.5: c348c04 +0.7.6: bc3b2ec +0.8.0: cc3a8c8 +0.8.1: a1598d1 +0.9.0: 2b3fdf2 +0.9.1: 3600720 +0.10.0: dc9c28f +0.11.0: 15209c3 +0.11.1: fb99f99 +0.12.0: 14680bf +1.0.0: 63fe64c +1.0.1: 990021a +1.1.0: 79812e3 +1.1.1: bd609d2 +1.1.2: d84a070 +1.2.0: fa7b24f +1.3.0: c78088f +1.3.1: 4e9bbfa +1.3.2: 39fa2fa +1.3.3: d344625 +1.4.0: 4595d4f +1.4.1: 5bc2ff8 +1.5.0: a8a31ef +1.6.0: 4749651 +1.6.1: 97cd073 +1.6.2: 7c8fca2 +1.7.0: 0baf609 +1.7.1: 786b29d +1.8.0: 0d03096 +1.8.1: d12ea79 +1.8.2: 0a8c2e3 +1.8.3: f4bf5c7 +1.9.0: 76d6bc9 +1.9.1: a34a1d5 +1.10.0: 590d5108 +1.10.1: 9e83765 +1.10.2: c3959b1 +1.10.3: 20f81dd +1.11.0: 4dc5990 +1.11.1: 5604cbe +1.11.2: b9f10c9 +1.12.0: 8eab29e +1.12.1: 23cf638 +1.12.2: bb80604 +1.12.3: 6b644ec +1.12.4: 1564f02 +1.12.5: 7392c3b +1.12.6: 78d1802 +1.13.0: 49bf474 +1.13.1: 092cba3 +17.03.0: 60ccb22 +17.03.1: c6d412e +17.03.2: f5ec1e2 +17.04.0: 4845c56 +17.05.0: 89658be +17.06.0: 02c1d87 +17.06.1: 874a737 +17.06.2: cec0b72 +17.07.0-ce: 8784753 +17.09.0-ce: afdb6d4 +17.10.0-ce: f4ffd25 +17.11.0-ce: 1caf76c +17.12.0-ce: c97c6d6 +17.12.1-ce: 7390fc6 +18.01.0: 03596f5 +18.02.0: fc4de44 +18.02.0-ce: fc4de44 +18.03.0: 0520e24 +18.03.0-ce: 0520e24 +18.03.1-ce: 9ee9f40 +18.06.0-ce: 0ffa825 +18.06.1-ce: e68fc7a +18.09.1: 4c52b90 diff --git a/vim-syntax-docker.install b/vim-syntax-docker.install new file mode 100644 index 00000000..6ea7862a --- /dev/null +++ b/vim-syntax-docker.install @@ -0,0 +1,4 @@ +engine/contrib/syntax/vim/doc/* /usr/share/vim/addons/doc/ +engine/contrib/syntax/vim/ftdetect/* /usr/share/vim/addons/ftdetect/ +engine/contrib/syntax/vim/syntax/* /usr/share/vim/addons/syntax/ +debian/vim-syntax-docker.yaml /usr/share/vim/registry/ diff --git a/vim-syntax-docker.yaml b/vim-syntax-docker.yaml new file mode 100644 index 00000000..517b5914 --- /dev/null +++ b/vim-syntax-docker.yaml @@ -0,0 +1,6 @@ +addon: dockerfile +description: "Addon to highlight Docker's Dockerfiles" +files: + - doc/dockerfile.txt + - ftdetect/dockerfile.vim + - syntax/dockerfile.vim diff --git a/watch b/watch new file mode 100644 index 00000000..9e75d2ce --- /dev/null +++ b/watch @@ -0,0 +1,15 @@ +# uscan(1) configuration file. +version=4 + +opts="\ +pgpmode=none,\ +repacksuffix=+dfsg1,\ +repack,compression=xz,\ +uversionmangle=s{\-ce}{},\ +dversionmangle=s{[+~](dfsg|ds)\d*}{},\ +" https://uscan.tianon.xyz/github.com/docker/docker-ce \ + .*/archive/v?(\d[\d\.]+)(?:\-ce)?\.tar\.gz debian ./debian/get-orig-source.sh + +# /(releases|tags) paginates too soon on github.com +# so we lose historical versions too early for tianon's taste. +# https://github.com/docker/docker/releases