From 4d3856cdf8cfd1cf4fe69589a43b68937ced4ffc Mon Sep 17 00:00:00 2001 From: Dmitry Smirnov Date: Tue, 12 Nov 2019 01:18:22 +0000 Subject: [PATCH 1/1] Import docker.io_19.03.4+dfsg2-2.debian.tar.xz [dgit import tarball docker.io 19.03.4+dfsg2-2 docker.io_19.03.4+dfsg2-2.debian.tar.xz] --- Dockerfile | 21 + README.Debian | 99 ++ README.source | 172 ++++ TODO.Debian | 22 + changelog | 972 ++++++++++++++++++ clean | 24 + compat | 1 + control | 292 ++++++ copyright | 493 +++++++++ docker-doc.docs | 3 + docker.io.NEWS | 26 + docker.io.bash-completion | 1 + docker.io.dirs | 1 + docker.io.docker.default | 12 + docker.io.docker.init | 133 +++ docker.io.docker.service | 1 + docker.io.docker.socket | 1 + docker.io.docker.udev | 1 + docker.io.docs | 2 + docker.io.install | 26 + docker.io.links | 2 + docker.io.lintian-overrides | 3 + docker.io.maintscript | 6 + docker.io.manpages | 1 + docker.io.postinst | 29 + docker.io.postrm | 17 + docker.io.prerm | 23 + gbp.conf | 15 + get-orig-source.sh | 150 +++ golang-github-docker-docker-dev.install | 68 ++ helpers/gen-build-depends.sh | 193 ++++ helpers/gitcommit.sh | 34 + ...ldkit-build-against-google-grpc-1.11.patch | 56 + patches/cli-dont-duplicate-authconfig.patch | 48 + patches/cli-fix-manpages-build-script.patch | 18 + patches/containerd-cri_cni.patch | 86 ++ ...bian-cgroupfs-mount-convenience-copy.patch | 81 ++ patches/debian-containerd-name.patch | 100 ++ patches/debian-dockerd-binary-location.patch | 42 + .../debian-dont-use-gotestsum-in-cli.patch | 68 ++ ...dont-use-gotestsum-in-hack-test-unit.patch | 47 + patches/debian-nuke-no-prompt.patch | 21 + ...debian-systemd-unit-environment-file.patch | 20 + patches/debian-systemd-unit-tasksmax.patch | 21 + .../engine-disable-microsoft-hcsshim.patch | 46 + patches/jwt-go-v3.patch | 159 +++ patches/libnetwork_proto.patch | 38 + ...libnetwork_proto_no_unrecognized_all.patch | 21 + patches/mips-fix-devnumber.patch | 22 + patches/series | 36 + ...able-containerizedengine-update-test.patch | 19 + patches/test--fix-test-errors.patch | 17 + patches/test--skip-TestAdapterReadLogs.patch | 38 + ...t--skip-TestClientWithRequestTimeout.patch | 21 + patches/test--skip-TestGetRootUIDGID.patch | 26 + .../test--skip-TestSignCommandLocalFlag.patch | 29 + patches/test--skip-TestStateRunStop.patch | 20 + patches/test--skip-network-tests.patch | 17 + .../test--skip-privileged-unit-tests.patch | 309 ++++++ rules | 181 ++++ source/format | 1 + source/lintian-overrides | 5 + tests/basic-smoke | 36 + tests/control | 7 + tests/integration | 41 + unpack-components.sh | 36 + upstream-version-gitcommits | 100 ++ vim-syntax-docker.install | 4 + vim-syntax-docker.yaml | 6 + watch | 15 + 70 files changed, 4702 insertions(+) create mode 100644 Dockerfile create mode 100644 README.Debian create mode 100644 README.source create mode 100644 TODO.Debian create mode 100644 changelog create mode 100644 clean create mode 100644 compat create mode 100644 control create mode 100644 copyright create mode 100644 docker-doc.docs create mode 100644 docker.io.NEWS create mode 100644 docker.io.bash-completion create mode 100644 docker.io.dirs create mode 100644 docker.io.docker.default create mode 100644 docker.io.docker.init create mode 120000 docker.io.docker.service create mode 120000 docker.io.docker.socket create mode 120000 docker.io.docker.udev create mode 100644 docker.io.docs create mode 100755 docker.io.install create mode 100644 docker.io.links create mode 100644 docker.io.lintian-overrides create mode 100644 docker.io.maintscript create mode 100644 docker.io.manpages create mode 100644 docker.io.postinst create mode 100644 docker.io.postrm create mode 100644 docker.io.prerm create mode 100644 gbp.conf create mode 100755 get-orig-source.sh create mode 100644 golang-github-docker-docker-dev.install create mode 100755 helpers/gen-build-depends.sh create mode 100755 helpers/gitcommit.sh create mode 100644 patches/buildkit-build-against-google-grpc-1.11.patch create mode 100644 patches/cli-dont-duplicate-authconfig.patch create mode 100644 patches/cli-fix-manpages-build-script.patch create mode 100644 patches/containerd-cri_cni.patch create mode 100644 patches/debian-cgroupfs-mount-convenience-copy.patch create mode 100644 patches/debian-containerd-name.patch create mode 100644 patches/debian-dockerd-binary-location.patch create mode 100644 patches/debian-dont-use-gotestsum-in-cli.patch create mode 100644 patches/debian-dont-use-gotestsum-in-hack-test-unit.patch create mode 100644 patches/debian-nuke-no-prompt.patch create mode 100644 patches/debian-systemd-unit-environment-file.patch create mode 100644 patches/debian-systemd-unit-tasksmax.patch create mode 100644 patches/engine-disable-microsoft-hcsshim.patch create mode 100644 patches/jwt-go-v3.patch create mode 100644 patches/libnetwork_proto.patch create mode 100644 patches/libnetwork_proto_no_unrecognized_all.patch create mode 100644 patches/mips-fix-devnumber.patch create mode 100644 patches/series create mode 100644 patches/test--disable-containerizedengine-update-test.patch create mode 100644 patches/test--fix-test-errors.patch create mode 100644 patches/test--skip-TestAdapterReadLogs.patch create mode 100644 patches/test--skip-TestClientWithRequestTimeout.patch create mode 100644 patches/test--skip-TestGetRootUIDGID.patch create mode 100644 patches/test--skip-TestSignCommandLocalFlag.patch create mode 100644 patches/test--skip-TestStateRunStop.patch create mode 100644 patches/test--skip-network-tests.patch create mode 100644 patches/test--skip-privileged-unit-tests.patch create mode 100755 rules create mode 100644 source/format create mode 100644 source/lintian-overrides create mode 100755 tests/basic-smoke create mode 100644 tests/control create mode 100755 tests/integration create mode 100755 unpack-components.sh create mode 100644 upstream-version-gitcommits create mode 100644 vim-syntax-docker.install create mode 100644 vim-syntax-docker.yaml create mode 100644 watch diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 00000000..80639c66 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,21 @@ +FROM tianon/debian-devel + +RUN echo 'deb http://incoming.debian.org/debian-buildd buildd-unstable main contrib non-free' > /etc/apt/sources.list.d/incoming.list + +# start by adding just "debian/control" so we can get mk-build-deps with maximum caching +COPY control /usr/src/docker.io/debian/ +WORKDIR /usr/src/docker.io + +# get all the build deps of _this_ package in a nice repeatable way +RUN apt-get update && mk-build-deps -irt'apt-get --no-install-recommends -yV' debian/control && dpkg-checkbuilddeps + +# need our debian/ directory to compile _this_ package +COPY . /usr/src/docker.io/debian + +# go download and unpack our upstream source +RUN uscan --force-download --verbose --download-current-version +RUN DOCKER_TARBALLS=.. ./debian/helpers/download-libcontainer +RUN /tianon/extract-origtargz.sh + +# tianon is _really_ lazy, and likes a preseeded bash history +RUN echo '/tianon/extract-origtargz.sh && dpkg-buildpackage -us -uc && lintian -EvIL+pedantic' >> /root/.bash_history diff --git a/README.Debian b/README.Debian new file mode 100644 index 00000000..366feb8f --- /dev/null +++ b/README.Debian @@ -0,0 +1,99 @@ +Docker on Debian +================ + +Please refer to upstream's documentation for information about what Docker is, +how it works, and how to use it: https://docs.docker.com/ + +The following notes are things that may have impact specifically to use of the +Docker package in Debian. + +-- + +To enable docker memory limitation, the kernel needs to be loaded with +boot parameters: cgroup_enable=memory swapaccount=1. + +This is because enabling memory cgroup support has some run-time overhead, +and kernel maintainers don't want to slow down systems unnecessarily. + +http://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg764104.html +https://github.com/docker/docker/issues/396 + +To instruct the kernel to enable memory cgroup support, edit +/etc/default/grub and extend GRUB_CMDLINE_LINUX_DEFAULT like: + +GRUB_CMDLINE_LINUX_DEFAULT="cgroup_enable=memory swapaccount=1" + +Then run update-grub, and reboot. + +--- + +It's worth pointing out that upstream maintains a "check-config.sh" script for +verifying not only proper kernel configuration (which isn't terribly relevant in +the Debian context), but also the host system configuration, especially and +including whether a properly mounted cgroup hierarchy can be found. If you're +using cgroupfs-mount or systemd, chances are very high that you have one, but if +not, you're likely to see strange behavior. + +In the docker.io package, one can find the "check-config.sh" script under +"/usr/share/docker.io/contrib/check-config.sh", which when run (does NOT require +root/sudo) will report on problems with your installation/configuration. + +--- + +As noted in the upstream documentation (https://docs.docker.io), Docker will +allow non-root users in the "docker" group to access "docker.sock" and thus +communicate with the daemon. To add yourself to the "docker" group, use +something like: + +adduser YOURUSER docker + +As also noted in the upstream documentation, the "docker" group (and any other +means of accessing the Docker API) is root-equivalent. If you don't trust a +user with root on your box, you shouldn't trust them with Docker either. +If you are interested in further information about the security aspects of +Docker, please be sure to read the "Docker Security" article in the +upstream documentation: + + https://docs.docker.com/engine/security/security/ + +--- + + rpc error: code = 2 desc = "oci runtime error: could not synchronise with + container process: no subsystem for mount" + +This message is very likely related to https://bugs.debian.org/843530, and thus +https://github.com/opencontainers/runc/issues/1175. + +Adding "systemd.legacy_systemd_cgroup_controller=yes" to your system boot +parameters (in Grub, etc) is probably necessary to resolve it. + +--- + +Support for the logentries.com log driver has been removed from the +Debian version as it contains no license information and is therefore +not redistributable. + +Github issues have been filed upstream: + +https://github.com/bsphere/le_go/issues/14 +https://github.com/docker/docker/issues/31020 + +--- + +## Restart dilemma + +Restarting Docker daemon terminates all running containers. Therefore +automatic restart is not an option as containers may be killed during +unattended upgrade, etc. + +This is Docker's design flaw and upstream gave up on idea of restoring +state of running containers on upgrade, bluntly stating "You must stop all +containers and plugins BEFORE upgrading" in release notes. + +** "rkt" container runtime is free from that flaw. ** + +Not restarting Docker daemon on upgrade can make CLI unusable until daemon +restart due to mismatch between CLI and running Daemon versions. + +Fortunately recommended "needrestart" package show interactive prompt to +restart Docker daemon after upgrade. diff --git a/README.source b/README.source new file mode 100644 index 00000000..5b90660b --- /dev/null +++ b/README.source @@ -0,0 +1,172 @@ +## "stable" versus "edge" releases + +As per [1], starting with Docker 18.09, CE "stable" releases will be +supported for 7 months. See [2] for details. + +This package should only ever ship "stable" Community Edition (CE) +releases. + +Docker version numbers are derived from date, e.g. `date +%g.%m`. + +The every-month releases are "edge" (17.04, 17.05, etc), are only supported +for the duration of their release month. Stable releases have longer +support cycles. Monthly "Edge" releases should be avoided. + +[1]: https://docs.docker.com/install/ +[2]: https://docs.docker.com/release-notes/docker-ce/ + + +## Incompetent upstream release process + +Upstream is notorious for incredibly sloppy versioning. Docker components +are inconsistently versioned; don't depend on same version of common +libraries and different revisions of dependency libraries are privately +vendored. Basically upstream couldn't care less about consistent, semantic +versioning and re-usable components. Shameful abomination of good software +development practices... :( + +**An overview of the various docker repositories** + +Some repositories used to release on a regular basis, then stopped: + + * https://github.com/moby/moby : last release on Jun 28, 2017 + * https://github.com/docker/distribution: last release on Jul 21, 2017 + * https://github.com/docker/libnetwork : last release on May 8, 2016 + +This seem to be due to the split between Moby and Docker, although it is highly +undocumented. For the Moby repository, you have to dig up this kind of thread: +"https://github.com/moby/moby/issues/33951#issuecomment-312995683" + +Some repositories never really had any releases: + + * https://github.com/docker/cli + * https://github.com/docker/go-events + * https://github.com/docker/swarmkit + +**The docker-ce super repository** + +docker-ce is the super repository from where Docker Community Edition is +produced, and this is where things get messy. + +Basically this is where the code from the docker engine (github.com/moby/moby) +docker client (github.com/docker/cli) is pulled together. But how? Looking at +the git history, we can see cherry-picked commits, merge requests, standalone +commits, and probably other things... In the end, when a docker-ce version is +released, it doesn't seem to correspond to a particular commit of moby/moby or +docker/cli. + +At some point I thought we should ignore docker-ce, and instead package +moby/moby and docker/cli separately. But because of the workflow described +above, I now think it's a very bad idea. We have no idea of which version of +moby/moby and docker/cli work together (no semantic versions), and we can't +really find this information from a tag in docker-ce. + +So we'd better package docker-ce instead. + +See https://github.com/moby/moby/issues/38063#issuecomment-431324613 +for details. + + +**Docker-ce releases** + +Upstream tags releases in "github.com/docker/docker-ce" and we have to ship +matching bundle of Docker engine, and Docker CLI from that repository. + +Docker-ce releases monthly, with a 2 or 3 release candidates before the +final release. Other than quarterly "stable" releases there doesn't seem to +be any long-term releases. The fact that there are release candidates +probably indicates that bugs are reported, test suites are run, and things +are fixed between various rc (hopefully). + +On top of that Docker depends on very particular commits of + + * github.com/containerd/containerd + * github.com/docker/libnetwork + * github.com/docker/swarmkit + +None of the above repositories have relevant tags. + +**Docker code base is spread among several name spaces.** + +We've made a mistake trying to treat it as several reusable components. + +Upstream abuse of versioning practices is a shameful and incompetent +disgrace. Docker people, if you are reading this I hope you feel sorry. +I, Dmitry Smirnov , find it difficult to politely +express how much I despise your release process. + + +## Circular dependencies + +Let me explain practical problem with dependencies. Docker and Libnetwork +both depend on each other and on "sirupsen/logrus". When in the 2018 the +latter exhibited minor/trivial problem I could not upload neither Docker +nor Libnetwork because each FTBFS in the "other" dependency. That's why +starting with 17.12.1 libnetwork has been incorporated into "docker.io". + + +## Docker package vendoring policy + +As highlighted above, it is unsustainable and impractical to package +individual Docker "components". Many libraries of Docker name space are +only ever used by Docker and depend on "github.com/docker/docker" which +makes them part of Docker code base. + +Combined with upstream resistance to good versioning practices, we have to +ship Docker bundle producing (only) reusable package from multi upstream +tarball (MUT) source package. + +Some vendored microlibraries, unless semantically versioned, are not +worth to be introduced as standalone source package. + +Therefore "docker.io" source package will ship all essential Docker +dependencies to avoid circular dependencies. Main criteria for inclusion of +a dependency library into "docker.io" source package is dependency on +"github.com/docker/docker". Additional criteria is assessment whether +Docker dependency is reusable (e.g. semantically versioned and used by +other packages). Age of tags is to be considered as Docker team stopped +tagging most of their dependencies in favour of vendoring them by some +random commit. + + +## Bundled versus external libraries + +### runc + +We should make an effort to use "runc" package which no longer depends on +Docker since 1.0.0~rc5 (no circular/mutual dependency). runc upstream is +tagging releases so it satisfies non-bundling criteria mentioned above. + +In 2017 all reverse build-deps of runc-dev were broken when Balint Reczey + forked "runc" source package as "docker-runc" +versioned to match Docker expectations. +New package "golang-github-opencontainers-docker-runc-dev" had explicit +Conflits with "golang-github-opencontainers-runc-dev" effectively hijacking +runc because all packages depending on runc-dev also depend on docker-dev +(which depends on docker-runc-dev) hence runc-dev could not be installed +together with docker-runc-dev. Maintainer of reverse runc-dev build-deps +was very unhappy... + +Let me stress it again: Docker should not hijack runc's name space +"github.com/opencontainers/runc". Docker's fork of the latter have its +own name space: "github.com/docker/runc". + +In the unfortunate situation if we ever have to use bundled runc in Docker, +we should NOT provide docker-runc-dev package ever again (or at least avoid +Conflicts with runc-dev at all costs). I suggest testing runc package for +run-time compatibility with Docker. That works well with Docker 17.12.1. + +Do not be mislead by particular (random) RUNC_COMMIT that Docker expects +(e.g. `docker info`, "engine/vendor.conf") - we can/should not comply with +upstream's systematic abuse of versioning. + +Perhaps expected commits are not to be trusted at all: for instance in +17.12.1, CONTAINERD_COMMIT in "engine/hack/dockerfile/binaries-commits" +does not match any of containerd commits in "engine/vendor.conf". + + +## Notable upstream bugs + + https://github.com/moby/moby/issues/37272 + https://github.com/docker/distribution/issues/2623 + https://github.com/docker/distribution/issues/2609 diff --git a/TODO.Debian b/TODO.Debian new file mode 100644 index 00000000..d78785fb --- /dev/null +++ b/TODO.Debian @@ -0,0 +1,22 @@ + +## testing + + Better testing of components + + +## full rebuild of components + + Currently re-build is partial. + + +## switch packages from docker-runc-dev to opencontainers-runc-dev + + * kubernetes [partially done, needs more work] + + +## request removal of + + * docker-runc [#902059] + * docker-containerd [#902087] + * golang-libnetwork [#902058] + * swarmkit [#902086] diff --git a/changelog b/changelog new file mode 100644 index 00000000..252e09d6 --- /dev/null +++ b/changelog @@ -0,0 +1,972 @@ +docker.io (19.03.4+dfsg2-2) unstable; urgency=medium + + * Removed unused package from Build-Depends. + * Standards-Version: 4.4.1. + + -- Dmitry Smirnov Tue, 12 Nov 2019 12:18:22 +1100 + +docker.io (19.03.4+dfsg2-1) unstable; urgency=medium + + * Bump dfsg version to update orig tarball in the pool. + + -- Arnaud Rebillout Mon, 04 Nov 2019 16:06:27 +0700 + +docker.io (19.03.4+dfsg1-3) unstable; urgency=medium + + [ Dmitry Smirnov ] + * get-orig-source.sh: minor shellcheck correction. + * get-orig-source.sh: consistent/reproducible tarball generation. + * dev: install "libnetwork/ipvs", as required by Kubernetes. + * drop "github.com/marstr/guid" (indirect dependency). + * Un-vendor "golang-github-graylog2-go-gelf-dev". + + [ Arnaud Rebillout ] + * Stop vendoring docker-go-metrics. + * Add a patch to fix reverse build-deps against docker/cli. + + [ Dmitry Smirnov ] + * tighten build-dep + * disabled unreliable test "TestClientWithRequestTimeout". + + -- Arnaud Rebillout Mon, 04 Nov 2019 14:26:10 +0700 + +docker.io (19.03.4+dfsg1-2) experimental; urgency=medium + + [ Arnaud Rebillout ] + * Add patch to fix build against prometheus-client-golang 1.2.1-1 + + [ Dmitry Smirnov ] + * dev to depend on "golang-github-morikuni-aec-dev" (used in + "pkg/jsonmessage"). + * dev: provide "containerd/labels". + + -- Arnaud Rebillout Wed, 30 Oct 2019 12:19:58 +0700 + +docker.io (19.03.4+dfsg1-1) experimental; urgency=medium + + * New upstream release [19.03.4]. + * Unvendor a few build dependencies. + * Drop golang-docker-dev transitional package. + + -- Arnaud Rebillout Sat, 26 Oct 2019 10:39:45 +0700 + +docker.io (19.03.3+dfsg1-1) experimental; urgency=medium + + * New upstream release [19.03.3]. + * Drop & refresh patches. + * Update build dependencies. + * Vendor every dependencies that are missing/outdated in debian. + * Cherry-pick changes from master (18.09.9+dfsg1-4 to 18.09.9+dfsg2-6). + + -- Arnaud Rebillout Mon, 21 Oct 2019 11:06:43 +0700 + +docker.io (18.09.9+dfsg2-7) unstable; urgency=medium + + [ Arnaud Rebillout ] + * Add patch to fix build against prometheus-client-golang 1.2.1-1 + + [ Dmitry Smirnov ] + * get-orig-source.sh: consistent/reproducible tarball generation. + * dev/install: + + containerd/labels + + libnetwork/ipvs + + -- Dmitry Smirnov Thu, 31 Oct 2019 19:22:25 +1100 + +docker.io (18.09.9+dfsg2-6) unstable; urgency=medium + + * (Build-)Depends: + + golang-github-appc-cni-dev (>= 0.7.1~) + + golang-github-containerd-go-cni-dev (>= 0.0~git20190904~) + + golang-github-containernetworking-plugins-dev + + golang-github-morikuni-aec-dev + * dev: provide few more containerd components. + + -- Dmitry Smirnov Fri, 18 Oct 2019 00:05:06 +1100 + +docker.io (18.09.9+dfsg1-5) unstable; urgency=medium + + [ Arnaud Rebillout ] + * Drop unused build depends + + [ Dmitry Smirnov ] + * Patch Docker to use jwt-go v3. + * Use golang-github-dgrijalva-jwt-go-dev (not -v3). + * dev: install new "containerd/*" files + (as required by "singularity-container"). + + -- Dmitry Smirnov Tue, 08 Oct 2019 14:37:25 +1100 + +docker.io (18.09.9+dfsg1-4) unstable; urgency=medium + + * d/control: Break/replace/provide containerd-dev (Closes: #941091) + * d/control: Order and indent a few things + + -- Arnaud Rebillout Wed, 25 Sep 2019 08:07:12 +0700 + +docker.io (18.09.9+dfsg1-3) unstable; urgency=medium + + [ Arnaud Rebillout ] + * d/control: Remove duplicate comma in build depends (Closes: #935488) + * d/control: Standards Version 4.4.0 + + [ Dmitry Smirnov ] + * Provides += golang-github-docker-go-metrics-dev + + -- Dmitry Smirnov Tue, 24 Sep 2019 12:45:51 +1000 + +docker.io (18.09.9+dfsg1-2) unstable; urgency=medium + + * Re-enable engine unit tests again. + + -- Arnaud Rebillout Mon, 16 Sep 2019 13:35:15 +0700 + +docker.io (18.09.9+dfsg1-1) unstable; urgency=medium + + [ Arnaud Rebillout ] + * New upstream release [18.09.9]. + * Disable engine unit tests (tmp, until gotestsum makes it to Debian). + + [ Dawid Dziurla ] + * Install fish completions + + -- Arnaud Rebillout Mon, 16 Sep 2019 11:18:11 +0700 + +docker.io (18.09.8+dfsg1-1) unstable; urgency=medium + + [ Dmitry Smirnov ] + * New upstream release [18.09.8]. + * Tighten various dependencies. + * Update -dev dependencies (for libpod). + * Backport oci/caps from 19.03.2 (for libpod). + * Un-vendor golang-github-ishidawataru-sctp-dev. + * Add upstream patch for libnetwork to build against newer sctp. + * Add upstream patch to build against + golang-github-opencontainers-selinux-dev (>= 1.3.0~). + * No longer disable Go cache to prevent FTBFS with Go 1.12. + + [ Arnaud Rebillout ] + * github-golang-docker-docker-dev: fix go-metrics install path. + * github-golang-docker-docker-dev: add replaces/breaks on docker-go-metrics-dev. + * Add patch to fix Debian security presence check (Closes: #925224). + + [ Reinhard Tartler ] + * github-golang-docker-docker-dev: add missing sources (Closes: #924257) + * Additional missing sources for openshift/imagebuilder + + -- Arnaud Rebillout Sat, 14 Sep 2019 10:10:55 +0700 + +docker.io (18.09.1+dfsg1-9) unstable; urgency=medium + + [ Dmitry Smirnov ] + * rules: no longer disable Go cache to prevent FTBFS with Go 1.12. + + [ Felix Geyer ] + * Cherry-pick upstream commits to fix test failures with golang >= 1.11.6-1+deb10u1 + * Add upstream patch for CVE-2019-14271 + * Fix build failure with gogo/protobuf >= 1.2 + + -- Arnaud Rebillout Wed, 04 Sep 2019 14:54:29 +0700 + +docker.io (18.09.1+dfsg1-8) unstable; urgency=medium + + * Make myself the maintainer, and Dmitry uploader. + (see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908868) + * Add upstream patches for CVE-2019-13509 (Closes: #932673). + * Add upstream patch for CVE-2019-13139 (Closes: #933002). + + -- Arnaud Rebillout Mon, 05 Aug 2019 15:27:57 +0700 + +docker.io (18.09.1+dfsg1-7.1) unstable; urgency=medium + + * Non-maintainer upload. + + [ Hideki Yamane ] + * upstream site moved to mobyproject.org + + [ Arnaud Rebillout ] + * Add patch for CVE-2018-15664 (Closes: #929662). + + -- Shengjing Zhu Sun, 23 Jun 2019 01:25:10 +0800 + +docker.io (18.09.1+dfsg1-7) unstable; urgency=medium + + * Add patch to revert using iptables-legacy (Closes: #921600). + + -- Arnaud Rebillout Mon, 13 May 2019 09:34:45 +0700 + +docker.io (18.09.1+dfsg1-6) unstable; urgency=medium + + * Add patch to fix Debian security presence check (Closes: #925224). + + -- Arnaud Rebillout Tue, 16 Apr 2019 09:56:17 +0700 + +docker.io (18.09.1+dfsg1-5) unstable; urgency=medium + + * Install "containerd-shim" as "docker-containerd-shim" (Closes: #920935). + * Update containerd-name patch. + + -- Arnaud Rebillout Sat, 02 Feb 2019 10:00:35 +1100 + +docker.io (18.09.1+dfsg1-4) unstable; urgency=medium + + * Updated "containerd" executable name patch; + renamed "containerd-shim" executable (Closes: #920597). + + -- Dmitry Smirnov Mon, 28 Jan 2019 10:16:28 +1100 + +docker.io (18.09.1+dfsg1-3) unstable; urgency=medium + + * New patch to fix name of the "containerd" executable (Closes: #920597). + + -- Dmitry Smirnov Sun, 27 Jan 2019 23:43:53 +1100 + +docker.io (18.09.1+dfsg1-2) unstable; urgency=medium + + [ Dmitry Smirnov ] + * Standards-Version: 4.3.0. + * Upload to unstable. + + [ Arnaud Rebillout ] + * Bump runc requirement to 1.0.0~rc6. + * Add patch to skip flaky test. + * Tidy up patches. + + -- Arnaud Rebillout Sat, 26 Jan 2019 10:58:39 +1100 + +docker.io (18.09.1+dfsg1-1) experimental; urgency=medium + + * New upstream release [January 2019]. + * Remove obsolete patches, refresh remaining ones. + * New notable patches: + - build against the runc debian package. + - build against google-grpc 1.11. + - attempt to fix mips build. + - disable a test file that fails to build (known issue upstream). + * Remove various build dependencies, add new ones. + * Bump some build dependencies: + - golang-github-coreos-bbolt-dev (>= 1.3.1-coreos.5-3~). + * Vendor some build dependencies: + - docker/licensing (no debian package, no upstream release). + - golang-github-spf13-cobra/pflag-dev (docker has internal fork). + + -- Arnaud Rebillout Tue, 22 Jan 2019 19:48:15 +1100 + +docker.io (18.06.1+dfsg1-3) unstable; urgency=medium + + * Import upstream patch to use iptables-legacy (Closes: #911808). + * Un-vendor opencontainers-runtime-tools. + * Import numerous patches from upstream for go 1.11. + + -- Arnaud Rebillout Thu, 17 Jan 2019 15:37:54 +1100 + +docker.io (18.06.1+dfsg1-2) unstable; urgency=medium + + * Tighten versioned dependency on "runc". + * dev: install "libnetwork/ipamutils". + + -- Dmitry Smirnov Sun, 16 Sep 2018 13:21:33 +1000 + +docker.io (18.06.1+dfsg1-1) unstable; urgency=medium + + [ Dmitry Smirnov ] + * New upstream release [August 2018]. + * Upload to unstable (Closes: #906999). + + [ Arnaud Rebillout ] + * Cleanup /etc/init/docker.conf (Closes: #907455) + + -- Dmitry Smirnov Tue, 11 Sep 2018 14:03:46 +1000 + +docker.io (18.06.0+dfsg1-1) experimental; urgency=medium + + * New upstream release [July 2018]. + + [ Arnaud Rebillout ] + * get-orig-source: print the list of directories vendored by upstream. + + [ Dmitry Smirnov ] + * README.source: noted duration of upstream support. + * README.Debian: added note about restart dilemma. + + -- Dmitry Smirnov Fri, 10 Aug 2018 19:07:41 +1000 + +docker.io (18.03.1+dfsg1-6) unstable; urgency=medium + + * Removed obsolete "golang-ed25519-dev" from Build-Depends. + * Standards-Version: 4.1.5. + + -- Dmitry Smirnov Wed, 11 Jul 2018 20:15:24 +1000 + +docker.io (18.03.1+dfsg1-5) unstable; urgency=medium + + * New upstream patch to prevent needless calls to `pass` (Closes: #902258). + * Do not automatically restart daemon on upgrade (Closes: #786724). + * Recommends += "needrestart". + + "needrestart" prompts to restart "docker" daemon on upgrade. This way + running containers won't be killed on upgrade until user choses to + restart Docker. + Not restarting Docker on upgrade may break CLI when it disagrees with + running daemon regarding API version. + + -- Dmitry Smirnov Mon, 02 Jul 2018 14:56:46 +1000 + +docker.io (18.03.1+dfsg1-4) unstable; urgency=medium + + * Suggests += "e2fsprogs, xfsprogs" (Closes: #887222). + * rules: fixed test failure on binary-indep build (Closes: #902206). + Thanks, Santiago Vila. + + -- Dmitry Smirnov Sun, 24 Jun 2018 23:22:51 +1000 + +docker.io (18.03.1+dfsg1-3) unstable; urgency=medium + + [ Dmitry Smirnov ] + * Replaced upstream SysV init file with an improved one. + * --remove-pidfile on stop (Closes: #764921) + * don't fail when removed (Closes: #841282) + * fixed exit status: + + don't fail to stop when already stopped + + don't fail to start when already started + * removed useless check_init() + Thanks, Sam Morris. + * postinst: create "docker" group when needed (Closes: #821078). + * README.source: added comment to clarify upstream version numbering. + Thanks, Tianon Gravi + * README.source: added link describing upstream life cycle & release + policy. Thanks, Tianon Gravi. + + [ Arnaud Rebillout ] + * Added myself to uploaders. + * Bumped compat to 11 to allow installling the systemd socket + file automatically with dh_installsystemd. + * Installed systemd socket through dh_installsystemd. + + -- Dmitry Smirnov Thu, 21 Jun 2018 21:27:32 +1000 + +docker.io (18.03.1+dfsg1-2) unstable; urgency=medium + + [ Dmitry Smirnov ] + * Upload to unstable. + * Un-bundle "googleapis-gnostic-dev" and "docker-notary-dev". + * Removed "golang-github-hashicorp-consul-dev" from Build-Depends. + + [ Arnaud Rebillout ] + * Fix bash completion install. + * d/control: depend on golang-any. + * d/README.source: re-write part about docker-ce upstream workflow. + * Set required version for imdario-mergo and hashicorp-memberlist. + + -- Dmitry Smirnov Wed, 20 Jun 2018 23:40:47 +1000 + +docker.io (18.03.1+dfsg-1) experimental; urgency=medium + + * New upstream release [April 2018]. + * rules: + + properly pass daemon version. + + re-work override_dh_auto_configure with important fixes. + * New patch to disable unreliable TestAdapterReadLogs. + * Use packaged "tini", don't build it. + Thanks, Arnaud Rebillout. + + -- Dmitry Smirnov Tue, 19 Jun 2018 13:43:57 +1000 + +docker.io (17.12.1+dfsg-4) experimental; urgency=medium + + * golang-github-docker-docker-dev: + + install only selected "libnetwork" components. + + install missing "docker/cli" components. + + install "docker/docker/cli". + + -- Dmitry Smirnov Mon, 18 Jun 2018 19:32:51 +1000 + +docker.io (17.12.1+dfsg-3) experimental; urgency=medium + + * Removed versioning from -dev Breaks/Replaces: libnetwork-dev + (Closes: #901694). + * Build with consistent tags "apparmor seccomp selinux ambient" + (Closes: #901743). + Thanks, Laurent Bigonville. + * New patch to fix FTBFS on mips* architectures. + + -- Dmitry Smirnov Mon, 18 Jun 2018 12:05:10 +1000 + +docker.io (17.12.1+dfsg-2) experimental; urgency=medium + + * New patch to disable TestGetRootUIDGID, failing in sbuild. + + -- Dmitry Smirnov Sat, 16 Jun 2018 21:31:51 +1000 + +docker.io (17.12.1+dfsg-1) experimental; urgency=medium + + * Team upload. + * New upstream release [February 2018] (Closes: #850753). + * Restart on upgrade, like most daemons (Closes: #792327). + Docker's upgrade tip from 17.12.0 release notes: + "You must stop all containers and plugins BEFORE upgrading". + * New multi-upstream-tarball (MUT) layout, building all docker components + (containerd, libnetwork, swarmkit) at once; + incorporated binaries of docker-containerd and libnetwork. + * docker-dev to provide libnetwork-dev (a part of Docker). + * New patches to build on go-1.10; build with latest Go compiler. + * Declared myself as Maintainer. + + -- Dmitry Smirnov Sat, 16 Jun 2018 20:05:48 +1000 + +docker.io (1.13.1~ds3-4) unstable; urgency=medium + + * Build with go-1.7 as later versions cause [archive,tarsum] failures + (Closes: #901317). + * Re-enabled [archive,tarsum] tests. + * Build-Depends: + = golang-1.7-go | golang-go (>= 2:1.6~) + + -- Dmitry Smirnov Tue, 12 Jun 2018 00:02:27 +1000 + +docker.io (1.13.1~ds3-3) unstable; urgency=medium + + * Removed invalid team email from Uploaders (Closes: #899285). + * B-D: "libbtrfs-dev | btrfs-progs (<< 4.16.1~)" (Closes: #898876). + Thanks, Dimitri John Ledkov. + * (Build-)Depends: + - removed unused "golang-github-aanand-compose-file-dev". + - removed needless versioning and unknown alternatives. + * dev: install "runconfig" (used by "github.com/aanand/compose-file"). + * repack.sh: use correct compression type, depending on file name. + * watch file to version 4; updated "repack.sh". + + -- Dmitry Smirnov Sun, 10 Jun 2018 19:49:42 +1000 + +docker.io (1.13.1~ds3-2) unstable; urgency=medium + + * Team upload. + * Install -dev files from build directory. + + -- Dmitry Smirnov Sat, 09 Jun 2018 20:20:53 +1000 + +docker.io (1.13.1~ds3-1) unstable; urgency=medium + + * Team upload. + + [ Tianon Gravi ] + * Remove gccgo support. + Removed upstream in commit eda90f63446253f97d2011926555306f2417d208 + (https://github.com/moby/moby/pull/25978) + * Update upstream-version-gitcommits with more upstream versions + + [ Dmitry Smirnov ] + * New patch to fix CVE-2017-16539 (Closes: #900140). + * New patch to remove 10 seconds delay on purge (Closes: #853258). + * debhelper to version 11; compat to version 10. + * copyright format URL to HTTPS; bump copyright years. + * Standards-Version: 4.1.4. + * Vcs URLs to Salsa. + * Included "cliconfig" to -dev package (used by "gitlab-runner"). + * Included "reference" and "registry" into -dev package (used by "nomad"). + * Removed obsolete "golang-github-docker-engine-api-dev" from Build-Depends. + * Use more private libraries to fix build and break circular dependencies: + + github.com/docker/swarmkit + + github.com/docker/libnetwork + + github.com/docker/go-events + + github.com/docker/go-metrics + * Removed Upstart .conf file. + * rules: + + better clean, remove generated file(s). + + fixed "sirupsen/logrus" imports. + + DH_GOLANG_GO_GENERATE = 1 + + -- Dmitry Smirnov Sat, 09 Jun 2018 14:50:13 +1000 + +docker.io (1.13.1~ds2-3) unstable; urgency=medium + + * Switch from "runc" to "docker-runc" and "containerd" to + "docker-containerd", removing prefix-removing patch + (Closes: #877329, #877892) + * Update patches, especially test-disablers + + -- Tianon Gravi Sat, 14 Oct 2017 08:58:11 -0700 + +docker.io (1.13.1~ds1-2) unstable; urgency=medium + + * Make test suite pass by using assorted patches to fix or disable + tests that don't work under pbuilder. (Closes: #858269) + * Suppress some unfixable Lintian warnings. + * Verify CVE-2016-9962 is fixed. (Closes: #850952) + + -- Tim Potter Wed, 07 Jun 2017 11:43:14 +1000 + +docker.io (1.13.1~ds1-1) unstable; urgency=medium + + * New upstream release. + + -- Tim Potter Wed, 24 May 2017 11:44:10 +1000 + +docker.io (1.13.0~ds1-3) unstable; urgency=medium + + * Add api and client directories to dev package. + + -- Tim Potter Mon, 24 Apr 2017 16:02:32 +1000 + +docker.io (1.13.0~ds1-2) unstable; urgency=medium + + * Re-enable logfiles.com logging support after upstream license + change. + * Run nuke-graph-directory.sh using bash instead of regular sh. + * Fix dockerd location for sysvinit and upstart scripts. (Closes: #858249) + + -- Tim Potter Tue, 28 Mar 2017 15:41:55 +1100 + +docker.io (1.13.0~ds1-1) experimental; urgency=medium + + [ Paul Tagliamonte ] + * Remove myself as maintainer, and swap out tpot. Sadly, these days, I'm + mostly just in the way, and not actually helping all that much with + the Docker packaging. My last upload was basically forever ago, and + tianon and tpot have been doing all the work since than. As such, I'm + going to make an unilateral executive decision to tell everyone who + listens to actually just listen to tpot. I plan to continue to be around in + the form of cruft and chaos monkey. You should also listen to tianon. + + [ Tianon Gravi ] + * Update basic-smoke test with "set -x" for debuggability and proper Depends + * Build from within GOPATH so Go packages are resolved properly + * Split "dh_auto_build-arch" from "dh_auto_build-indep" + * Update "debian/watch" to use "uscan.tianon.xyz" so older versions are still + easily fetchable without excess work outside uscan + * Fix d/copyright text about Apache version 2.0 being in + "/usr/share/common-licenses/GPL-2" (Closes: #835440); thanks cascardo! + * Add Tim Potter to Uploaders ♥ + * Add a bit more formatting to README.Debian (and a short intro to explain + what kinds of things this file includes) + * Add an explicit note about "systemd.legacy_systemd_cgroup_controller=yes" + in README.Debian (Closes: #843530) + * Add explicit new "golang-golang-x-oauth2-google-dev" package to Depends + + [ Tim Potter ] + * Add missing "golang-github-docker-go-events-dev" B-D (Closes: #850793) + * New upstream version. + * Refresh patches and remove obsolete ones. + * Remove logentries.com log driver as upstream module is unlicensed. + + -- Tianon Gravi Fri, 19 Aug 2016 12:52:55 -0700 + +docker.io (1.11.2~ds1-6) unstable; urgency=medium + + [ Tianon Gravi ] + * Add DEP-3 headers for "skip-racy-unit-tests.patch" + * Add a note about "check-config.sh" to README.Debian; thanks Tincho! + * Add "docker-doc" to Suggests (Closes: #831748); thanks Ben! + * Remove "lxc" from Suggests (no longer a supported execution backend) + + [ Nicolas Braud-Santoni ] + * Fix /etc/docker permissions (Closes: #831324) + + -- Tianon Gravi Wed, 20 Jul 2016 16:34:52 -0700 + +docker.io (1.11.2~ds1-5) unstable; urgency=medium + + * Skip racy "TestRunCommandWithOutputAndTimeoutKilled" during build (see also + https://github.com/docker/docker/issues/22965) + + -- Tianon Gravi Tue, 12 Jul 2016 07:46:35 -0700 + +docker.io (1.11.2~ds1-4) unstable; urgency=medium + + [ Tianon Gravi ] + * Add new script to generate Build-Depends based on "go list" instead of + "hack/vendor.sh" (and update Build-Depends using it) + * Update "/etc/default/docker" text to aggressively discourage use, linking to + upstream's documentation for the recommended alternatives + ("/etc/docker/daemon.json" and systemd drop-ins) + * Update gbp.conf for pristine-tar usage now that we're no longer multi-orig + * Remove "/var/lib/docker" upon purge (Closes: #739257) + + [ Dmitry Smirnov ] + * Add support for DEB_BUILD_OPTIONS=nocheck in debian/rules + + -- Tianon Gravi Mon, 11 Jul 2016 22:09:01 -0700 + +docker.io (1.11.2~ds1-3) unstable; urgency=medium + + * Team upload. + * Updated "skip-privileged-unit-tests.patch" to skip more privileged + tests in order to fix FTBFS in pbuilder. + * Install "opts" directory to -dev package. + + -- Dmitry Smirnov Sat, 09 Jul 2016 13:49:02 +1000 + +docker.io (1.11.2~ds1-2) unstable; urgency=medium + + * Add Tim Potter (tpot) and Dmitry Smirnov (onlyjob) to debian/copyright; they + were instrumental in getting 1.11 into the archive! + * Fix golang-github-docker-docker-dev install location (Closes: #830478); + thanks nicoo! + + -- Tianon Gravi Fri, 08 Jul 2016 08:47:44 -0700 + +docker.io (1.11.2~ds1-1) unstable; urgency=medium + + * Update to 1.11.2 upstream release + (Closes: #806887, #820149, #822628, #812838) + * Add NEWS file describing the AUFS issue and the unfortunate possible + "solutions" (Closes: #799386, #805725) + * Add "/etc/docker" to the directories explicitly installed by the package + to help combat issues like #806261 + * Update "Homepage" to "dockerproject.org" (versus ".com" which now redirects) + * Update "Vcs-Browser" to use https + * Shrink the Ubuntu delta by pulling in many of the changes + * Replace "btrfs-tools" relations with "btrfs-progs" (Closes: #824833) + * Adjust "repack.sh" to allow keeping minor bits of vendor/ + * Fix bad URL in README (Closes: #816844); thanks Clint! + * Move documentation to dedicated "docker-doc" package + * Refresh patches, add minor patch to get unit tests running + * Use gccgo on non-golang architectures (Closes: #785093) + * Use "dh-golang" to calculate "Built-Using" more accurately + * Add simple "basic-smoke" DEP8 test + + -- Tianon Gravi Mon, 04 Jul 2016 09:59:44 -0700 + +docker.io (1.8.3~ds1-2) unstable; urgency=medium + + * Move "overlay" higher in priority (Closes: #799087) + * Adjust "native.cgroupdriver" to default to "cgroupfs" (Closes: #798778) + + -- Tianon Gravi Wed, 04 Nov 2015 00:09:02 -0800 + +docker.io (1.8.3~ds1-1) unstable; urgency=medium + + * Update to 1.8.3 upstream release (CVE-2014-8178, CVE-2014-8179) + + -- Tianon Gravi Thu, 29 Oct 2015 19:40:51 -0700 + +docker.io (1.8.2~ds1-2) unstable; urgency=medium + + * Swap Build-Depends order to appease buildds (Closes: #803136) + + -- Tianon Gravi Thu, 29 Oct 2015 07:23:10 -0700 + +docker.io (1.8.2~ds1-1) unstable; urgency=medium + + * Update to 1.8.2 upstream release + * Rename golang-docker-dev package to golang-github-docker-docker-dev + * Add SELinux support (Closes: #799620) + + -- Tianon Gravi Wed, 28 Oct 2015 14:21:00 -0700 + +docker.io (1.7.1~dfsg1-1) unstable; urgency=medium + + * Update to 1.7.1 upstream release + * Remove patches applied upstream; refresh other patches + * Update Build-Depends + + -- Tianon Gravi Wed, 26 Aug 2015 10:13:48 -0700 + +docker.io (1.6.2~dfsg1-2) unstable; urgency=medium + + * Add DEP8 tests + - integration: runs upstream's integration tests + * Replace "code.google.com/p/go.net" with canonical "golang.org/x/net" + (Closes: #789736) + + -- Tianon Gravi Wed, 01 Jul 2015 07:45:19 -0600 + +docker.io (1.6.2~dfsg1-1) unstable; urgency=medium + + * Update to 1.6.2 upstream release + * Update deps in d/control to match upstream's hack/vendor.sh specifications + + -- Tianon Gravi Thu, 21 May 2015 00:47:43 -0600 + +docker.io (1.6.1+dfsg1-2) unstable; urgency=medium + + * Add --no-restart-on-upgrade to dh_installinit so that we don't force + a stop on upgrade, which can cause other units to fall over. Many thanks + to Michael Stapelberg (sECuRE) for the tip! + + -- Paul Tagliamonte Sun, 10 May 2015 13:02:54 -0400 + +docker.io (1.6.1+dfsg1-1) unstable; urgency=high + + * Update to 1.6.1 upstream release (Closes: #784726) + - CVE-2015-3627 + Insecure opening of file-descriptor 1 leading to privilege escalation + - CVE-2015-3629 + Symlink traversal on container respawn allows local privilege escalation + - CVE-2015-3630 + Read/write proc paths allow host modification & information disclosure + - CVE-2015-3631 + Volume mounts allow LSM profile escalation + + -- Tianon Gravi Fri, 08 May 2015 17:57:10 -0600 + +docker.io (1.6.0+dfsg1-1) unstable; urgency=medium + + * Upload to unstable + * Backport PR 12943 to support golang-go-patricia 2.* + * Remove convenience copies of cgroupfs-mount in init.d / upstart scripts + (Re: #783143) + + -- Tianon Gravi Tue, 05 May 2015 15:10:49 -0600 + +docker.io (1.6.0+dfsg1-1~exp1) experimental; urgency=medium + + * Update to 1.6.0 upstream release + * Adjust "repack.sh" to be more tolerant of "dfsg" suffixes + + -- Tianon Gravi Thu, 16 Apr 2015 18:00:21 -0600 + +docker.io (1.6.0~rc7~dfsg1-1~exp1) experimental; urgency=low + + * Update to 1.6.0-rc7 upstream release + + -- Tianon Gravi Wed, 15 Apr 2015 19:35:46 -0600 + +docker.io (1.6.0~rc4~dfsg1-1) experimental; urgency=low + + [ Tianon Gravi ] + * Update to 1.6.0-rc4 upstream release + - drop golang 1.2 support (no longer supported upstream) + - update Homepage to https://dockerproject.com + - add check-config.sh to /usr/share/docker.io/contrib + - add "distribution" as a new multitarball orig + - backport auto "btrfs_noversion" patch from + https://github.com/docker/docker/pull/12048 + (simplifying our logic for detecting whether to use it) + - switch from dh-golang to direct install since we're not actually using the + features it offers (due to upstream's build system) + - enable "docker.service" on boot by default for restart policies to work + + [ Felipe Sateler ] + * Add Built-Using for glibc (Closes: #769351). + + -- Tianon Gravi Mon, 06 Apr 2015 17:11:33 -0600 + +docker.io (1.5.0~dfsg1-1) experimental; urgency=low + + * Update to 1.5.0 upstream release (Closes: #773495) + * Remove several patches applied upstream! + - 9637-fix-nuke-bashism.patch + - enable-non-amd64-arches.patch + * Fix btrfs-tools handling to allow for building with btrfs-tools < 1.16.1 + + -- Tianon Gravi Tue, 10 Mar 2015 22:58:49 -0600 + +docker.io (1.3.3~dfsg1-2) unstable; urgency=medium + + * Add fatal-error-old-kernels.patch to make Docker refuse to start on old, + unsupported kernels (Closes: #774376) + * Fix dh_auto_clean to clean up after the build properly, especially to avoid + FTBFS when built twice (Closes: #774482) + + -- Tianon Gravi Sat, 03 Jan 2015 00:11:47 -0700 + +docker.io (1.3.3~dfsg1-1) unstable; urgency=medium + + [ Tianon Gravi ] + * Update to 1.3.3 upstream release (Closes: #772909) + - Fix for CVE-2014-9356 (Path traversal during processing of absolute + symlinks) + - Fix for CVE-2014-9357 (Escalation of privileges during decompression of + LZMA (.xz) archives) + - Fix for CVE-2014-9358 (Path traversal and spoofing opportunities presented + through image identifiers) + * Fix bashism in nuke-graph-directory.sh (Closes: #772261) + + [ Didier Roche ] + * Support starting systemd service without /etc/default/docker + (Closes: #770293) + + -- Tianon Gravi Thu, 18 Dec 2014 21:54:12 -0700 + +docker.io (1.3.2~dfsg1-1) unstable; urgency=high + + * Severity is set to high due to the sensitive nature of the CVEs this + upload fixes. + * Update to 1.3.2 upstream release + - Fix for CVE-2014-6407 (Archive extraction host privilege escalation) + - Fix for CVE-2014-6408 (Security options applied to image could lead + to container escalation) + * Remove Daniel Mizyrycki from Uploaders. Thanks for all your work! + + -- Paul Tagliamonte Mon, 24 Nov 2014 19:14:28 -0500 + +docker.io (1.3.1~dfsg1-2) unstable; urgency=medium + + * Remove deprecated /usr/bin/docker.io symlink + - added as a temporary shim in 1.0.0~dfsg1-1 (13 Jun 2014) + - unused by package-installed files in 1.2.0~dfsg1-1 (13 Sep 2014) + + -- Tianon Gravi Fri, 07 Nov 2014 13:11:34 -0700 + +docker.io (1.3.1~dfsg1-1) unstable; urgency=high + + * Update to 1.3.1 upstream release + - fix for CVE-2014-5277 + - https://groups.google.com/d/topic/docker-user/oYm0i3xShJU/discussion + + -- Tianon Gravi Mon, 03 Nov 2014 08:26:29 -0700 + +docker.io (1.3.0~dfsg1-1) unstable; urgency=medium + + * Updated to 1.3.0 upstream release. + * Enable systemd socket activation (Closes: #752555). + + -- Tianon Gravi Fri, 17 Oct 2014 00:56:07 -0600 + +docker.io (1.2.0~dfsg1-2) unstable; urgency=medium + + * Added "golang-docker-dev" package for the reusable bits of Docker's source. + + -- Tianon Gravi Thu, 09 Oct 2014 00:08:11 +0000 + +docker.io (1.2.0~dfsg1-1) unstable; urgency=medium + + * Updated to 1.2.0 upstream release (Closes: #757183, #757023, #757024). + * Added upstream man pages. + * Updated bash and zsh completions to be installed as "docker" and "_docker". + * Updated init scripts to also be installed as "docker". + * Fixed "equivalent" typo in README.Debian (Closes: #756395). Thanks Reuben! + * Removed "docker.io" mention in README.Debian (Closes: #756290). Thanks + Olivier! + + -- Tianon Gravi Sat, 13 Sep 2014 11:43:17 -0600 + +docker.io (1.0.0~dfsg1-1) unstable; urgency=medium + + * Updated to 1.0.0 upstream release. Huzzah! + * I've removed what is commonly called a `button' of patches against + the docker package. Exact patches: + - bash-completion-docker.io.patch + - systemd-docker.io.patch + - sysvinit-provides-docker.io.patch + - zsh-completion-docker.io.patch + - mkimage-docker.io.patch + * I know y'all are guessing why; and the answer's pretty simple -- we're + no longer docker.io(1). Since the src:docker package now ships wmdocker(1), + we can safely declare a breaks/replaces on the pre-wmdocker version of the + package, allowing existing users to safely update, both src:docker and + src:docker.io side. This brings us into line with other distros, which + now ship wmdocker(1) and docker(1). + * As a stop-gap, I'm still shipping a docker.io(1) symlink to allow + migration away. + + -- Paul Tagliamonte Fri, 13 Jun 2014 21:04:53 -0400 + +docker.io (0.11.1~dfsg1-1) unstable; urgency=medium + + [ Paul Tagliamonte ] + * Use EnvironmentFile with the systemd unit file. (Closes: #746774) + * Patch out version checking code. (Closes: #747140) + * Remove all host checking for non-amd64 host arches. Let docker build + and run on all platforms now. (Closes: #747139, #739914) + + [ Tianon Gravi ] + * Updated to 0.11.1 upstream release. + * Added backported upstream patch for removing RemoteAddr assumptions + that cause events to not be delivered to more than one unix socket + listener. + + -- Tianon Gravi Fri, 09 May 2014 17:30:45 -0400 + +docker.io (0.9.1~dfsg1-2) unstable; urgency=medium + + * Added upstream apparmor patch to fix newer apparmor versions (such as the + version appearing in Ubuntu 14.04). + * Added mkimage-* docker.io binary name patches (Closes: #740855). + + -- Tianon Gravi Tue, 08 Apr 2014 23:19:08 -0400 + +docker.io (0.9.1~dfsg1-1) unstable; urgency=medium + + * Updated to 0.9.1 upstream release (Closes: #743424). + * Added cgroupfs-mount dependency (Closes: #742641). + * Added Suggests entries for optional features, chiefly lxc (Closes: #742081). + * Added notes about "root-equivalence" to README.Debian (Closes: #742387). + + -- Tianon Gravi Thu, 03 Apr 2014 21:38:30 -0400 + +docker.io (0.9.0+dfsg1-1) unstable; urgency=medium + + * Updated README.Debian to not be quite so outdated (Closes: #740850). + * Updated to 0.9.0 upstream release. + + -- Tianon Gravi Tue, 11 Mar 2014 22:24:31 -0400 + +docker.io (0.8.1+dfsg1-1) unstable; urgency=medium + + * Updated to 0.8.1 upstream release. + + -- Tianon Gravi Tue, 25 Feb 2014 20:56:31 -0500 + +docker.io (0.8.0+dfsg1-2) unstable; urgency=medium + + [ Tianon Gravi ] + * Added more license notes to debian/copyright (Closes: #738627). + + -- Tianon Gravi Sat, 15 Feb 2014 17:51:58 -0500 + +docker.io (0.8.0+dfsg1-1) unstable; urgency=medium + + [ Prach Pongpanich ] + * Added zsh completion. + + [ Tianon Gravi ] + * Updated to 0.8.0 upstream release. + * Added vim syntax files in new vim-syntax-docker package. + * Added note about minimum recommended kernel version to Description. + * Added contrib/*-integration files in /usr/share/docker.io/contrib. + + -- Tianon Gravi Mon, 10 Feb 2014 20:41:10 -0500 + +docker.io (0.7.6+dfsg1-1) unstable; urgency=medium + + [ Johan Euphrosine ] + * Updated to 0.7.6. + * Added dependency to gocapability. + * Clean patches. + + [ Tianon Gravi ] + * Added contrib/mk* scripts from upstream into /usr/share/docker.io/contrib + (Closes: #736068). + * Added upstream udev rules file to stop device-mapper devices and mounts from + appearing in desktop environments through udisks. + + -- Johan Euphrosine Wed, 22 Jan 2014 22:50:47 -0500 + +docker.io (0.7.1+dfsg1-1) unstable; urgency=medium + + [ Prach Pongpanich ] + * Fixed "docker: command not found" errors while using bash tab completion + (Closes: #735372). + + [ Tianon Gravi ] + * Updated to 0.7.1 upstream release (while we wait for gocapability to be + packaged). + * Added xz-utils recommend which is required for decompressing certain images + from the index. + + -- Tianon Gravi Wed, 15 Jan 2014 20:22:34 -0500 + +docker.io (0.6.7+dfsg1-3) unstable; urgency=medium + + * Fixed FTBFS on non-amd64 platforms by setting the correct GOPATH. + * Fixed issues with Docker finding a valid dockerinit (Closes: #734758). + * Added aufs-tools dependency. + + -- Tianon Gravi Thu, 09 Jan 2014 20:10:20 -0500 + +docker.io (0.6.7+dfsg1-2) unstable; urgency=medium + + * Added iptables dependency required for Docker to start. + * Added ca-certificates recommend required for pulling from the index. + + -- Tianon Gravi Wed, 08 Jan 2014 19:14:02 -0500 + +docker.io (0.6.7+dfsg1-1) unstable; urgency=medium + + * Initial release (Closes: #706060, #730569) + * Document missing licenses in the source tree. Bad, paultag. Thanks + alteholz. + + -- Paul Tagliamonte Tue, 07 Jan 2014 21:06:10 -0500 diff --git a/clean b/clean new file mode 100644 index 00000000..51aa18aa --- /dev/null +++ b/clean @@ -0,0 +1,24 @@ +## Debian CI: +debian/.gitlab-ci.yml + +## Useless non-doc files: +engine/docs/.gitignore +engine/docs/Dockerfile +engine/docs/Makefile +engine/docs/touch-up.sh + +## generated: +engine/dockerversion/version_autogen_unix.go +engine/dockerversion/version_autogen.go + +## Tests that cause issues: (and are difficult to patch instead of removing) +daemon/graphdriver/devmapper/*_test.go +cmd/docker/daemon_none_test.go + +## Privileged tests: +cli/cli/command/image/build_linux_test.go +engine/builder/remotecontext/tarsum_test.go +engine/daemon/graphdriver/devmapper/devmapper_test.go +engine/daemon/graphdriver/quota/projectquota_test.go +engine/daemon/graphdriver/vfs/vfs_test.go +engine/plugin/manager_linux_test.go diff --git a/compat b/compat new file mode 100644 index 00000000..b4de3947 --- /dev/null +++ b/compat @@ -0,0 +1 @@ +11 diff --git a/control b/control new file mode 100644 index 00000000..022a49f2 --- /dev/null +++ b/control @@ -0,0 +1,292 @@ +Source: docker.io +Section: admin +Priority: optional +Standards-Version: 4.4.1 +Maintainer: Arnaud Rebillout +Uploaders: Dmitry Smirnov + ,Tim Potter + ,Tianon Gravi + ,Paul Tagliamonte +#Build-Conflicts: golang-github-docker-docker-dev +Build-Depends: debhelper (>= 11~) ,dh-exec ,dh-golang (>= 1.14~) + ,bash-completion + ,ca-certificates + ,git + ,golang-any (>= 2:1.10~) + ,go-md2man (>= 1.0.3~) + ,gogoprotobuf, libprotobuf-dev + ,golang-dbus-dev (>= 5.0.2~) + ,golang-etcd-server-dev + ,golang-github-appc-cni-dev (>= 0.7.1~) + ,golang-github-containernetworking-plugins-dev + ,golang-github-armon-go-metrics-dev + ,golang-github-asaskevich-govalidator-dev + ,golang-github-aws-aws-sdk-go-dev + ,golang-github-azure-go-ansiterm-dev + ,golang-github-bshuster-repo-logrus-logstash-hook-dev + ,golang-github-bsphere-le-go-dev + ,golang-github-burntsushi-toml-dev + ,golang-github-cloudflare-cfssl-dev + ,golang-github-containerd-btrfs-dev (>= 0.0~git20180306~) + ,golang-github-containerd-cgroups-dev + ,golang-github-containerd-console-dev + ,golang-github-containerd-continuity-dev (>= 0.0~git20190426~) + ,golang-github-containerd-fifo-dev + ,golang-github-containerd-go-cni-dev (>= 0.0~git20190904~) + ,golang-github-containerd-go-runc-dev + ,golang-github-containerd-typeurl-dev + ,golang-github-coreos-bbolt-dev (>= 1.3.1-coreos.5-3~) + ,golang-github-coreos-go-systemd-dev (>= 20~) + ,golang-github-creack-pty-dev + ,golang-github-davecgh-go-spew-dev + ,golang-github-deckarep-golang-set-dev + ,golang-github-denverdino-aliyungo-dev + ,golang-github-dgrijalva-jwt-go-dev (>= 3.2.0~) + ,golang-github-docker-docker-credential-helpers-dev (>= 0.6.1~) + ,golang-github-docker-go-connections-dev (>= 0.4.0~) + ,golang-github-docker-go-dev + ,golang-github-docker-go-metrics-dev + ,golang-github-docker-go-units-dev (>= 0.4.0~) + ,golang-github-docker-libkv-dev + ,golang-github-docker-libtrust-dev + ,golang-github-docker-notary-dev (>= 0.6.1~) | golang-github-theupdateframework-notary-dev + ,golang-github-docker-spdystream-dev + ,golang-github-emicklei-go-restful-dev + ,golang-github-evanphx-json-patch-dev (>= 4.1.0~) + ,golang-github-fernet-fernet-go-dev + ,golang-github-fluent-fluent-logger-golang-dev (>= 1.3.0~) + ,golang-github-fsnotify-fsnotify-dev + ,golang-github-garyburd-redigo-dev + ,golang-github-gofrs-flock-dev + ,golang-github-gogo-googleapis-dev + ,golang-github-googleapis-gax-go-dev + ,golang-github-googleapis-gnostic-dev + ,golang-github-google-go-cmp-dev (>= 0.2.0~) + ,golang-github-google-gofuzz-dev + ,golang-github-google-shlex-dev + ,golang-github-google-uuid-dev + ,golang-github-gorilla-mux-dev (>= 1.7.1~) + ,golang-github-gotestyourself-gotest.tools-dev + ,golang-github-graylog2-go-gelf-dev (>= 0.0+git20191017~) + ,golang-github-grpc-ecosystem-go-grpc-prometheus-dev +# ,golang-github-grpc-ecosystem-grpc-gateway-dev + ,golang-github-hashicorp-go-version-dev + ,golang-github-hashicorp-memberlist-dev (>= 0.1.0~) + ,golang-github-hashicorp-serf-dev + ,golang-github-ishidawataru-sctp-dev + ,golang-github-imdario-mergo-dev (>= 0.3.3~) + ,golang-github-json-iterator-go-dev (>= 1.1.4~) + ,golang-github-mattn-go-shellwords-dev + ,golang-github-mattn-go-sqlite3-dev + ,golang-github-miekg-dns-dev + ,golang-github-miekg-pkcs11-dev + ,golang-github-mitchellh-hashstructure-dev +# ,golang-github-modern-go-concurrent-dev + ,golang-github-modern-go-reflect2-dev + ,golang-github-morikuni-aec-dev + ,golang-github-mrunalp-fileutils-dev + ,golang-github-ncw-swift-dev + ,golang-github-opencontainers-go-digest-dev + ,golang-github-opencontainers-image-spec-dev (>= 1.0.1~) + ,golang-github-opencontainers-runc-dev (>= 1.0.0~rc8~) + ,golang-github-opencontainers-selinux-dev (>= 1.3.0~) + ,golang-github-opencontainers-specs-dev (>= 1.0.1~) + ,golang-github-opentracing-contrib-go-stdlib-dev + ,golang-github-opentracing-opentracing-go-dev + ,golang-github-philhofer-fwd-dev + ,golang-github-pmezard-go-difflib-dev + ,golang-github-prometheus-client-golang-dev (>= 0.9.0~) + ,golang-github-racksec-srslog-dev + ,golang-github-rcrowley-go-metrics-dev + ,golang-github-rsc-letsencrypt-dev + ,golang-github-samuel-go-zookeeper-dev + ,golang-github-satori-go.uuid-dev + ,golang-github-seccomp-libseccomp-golang-dev (>= 0.9.1~) + ,golang-github-shopify-logrus-bugsnag-dev + ,golang-github-sirupsen-logrus-dev (>= 1.0.2~) +# ,golang-github-spf13-cobra-dev (>= 0.0.2~) +# ,golang-github-spf13-pflag-dev + ,golang-github-stevvooe-ttrpc-dev + ,golang-github-tchap-go-patricia-dev + ,golang-github-tinylib-msgp-dev + ,golang-github-tonistiigi-fifo-dev + ,golang-github-ugorji-go-codec-dev + ,golang-github-urfave-cli-dev (>= 1.20.0~) + ,golang-github-vaughan0-go-ini-dev + ,golang-github-vbatts-tar-split-dev (>= 0.11.1~) + ,golang-github-vishvananda-netlink-dev (>= 1.0.0~) + ,golang-github-vishvananda-netns-dev (>= 0.0~git20170707~) + ,golang-github-xenolf-lego-dev +# ,golang-glog-dev + ,golang-gocapability-dev + ,golang-golang-x-net-dev + ,golang-golang-x-oauth2-google-dev | golang-golang-x-oauth2-dev + ,golang-golang-x-time-dev + ,golang-google-api-dev + ,golang-google-cloud-dev + ,golang-google-grpc-dev + ,golang-gopkg-check.v1-dev + ,golang-gopkg-inf.v0-dev + ,golang-goprotobuf-dev (>= 0.0~git20151207~) + ,golang-go-zfs-dev + ,golang-protobuf-extensions-dev + ,libapparmor-dev + ,libbtrfs-dev | btrfs-progs (<< 4.16.1~) + ,libdevmapper-dev + ,pkg-config + ,procps + ,tzdata +Homepage: https://mobyproject.org +Vcs-Browser: https://salsa.debian.org/docker-team/docker +Vcs-Git: https://salsa.debian.org/docker-team/docker.git +XS-Go-Import-Path: github.com/docker/docker + +Package: docker.io +Architecture: linux-any +Depends: ${misc:Depends} ,${perl:Depends} ,${shlibs:Depends} + ,adduser + ,iptables + ,lsb-base + ,runc (>= 1.0.0~rc8~) + ,tini +Recommends: ${apparmor:Recommends} + ,ca-certificates + ,cgroupfs-mount + ,git + ,needrestart (>= 3.1~) + ,xz-utils +Replaces: docker (<< 1.5~) + ,docker-containerd + ,docker-runc + ,golang-libnetwork +Breaks: docker (<< 1.5~) + ,docker-containerd + ,docker-runc + ,golang-libnetwork +Conflicts: docker-containerd + ,docker-runc + ,golang-libnetwork +Suggests: docker-doc + ,aufs-tools + ,btrfs-progs + ,debootstrap + ,e2fsprogs + ,rinse + ,xfsprogs + ,zfs-fuse | zfsutils +Built-Using: ${libc:Built-Using}, ${misc:Built-Using} +Description: Linux container runtime + Docker complements kernel namespacing with a high-level API which operates at + the process level. It runs unix processes with strong guarantees of isolation + and repeatability across servers. + . + Docker is a great building block for automating distributed systems: + large-scale web deployments, database clusters, continuous deployment systems, + private PaaS, service-oriented architectures, etc. + . + This package contains the daemon and client. Using docker.io on non-amd64 hosts + is not supported at this time. Please be careful when using it on anything + besides amd64. + . + Also, note that kernel version 3.8 or above is required for proper operation of + the daemon process, and that any lower versions may have subtle and/or glaring + issues. + +Package: vim-syntax-docker +Architecture: all +Depends: vim, ${misc:Depends} +Recommends: vim-addon-manager +Suggests: docker.io +Description: Docker container engine - Vim highlighting syntax files + This package provides syntax files for the Vim editor for editing Dockerfiles + from the Docker container engine. + +Package: golang-github-docker-docker-dev +Architecture: all +Depends: ${misc:Depends} + ,golang-github-azure-go-ansiterm-dev + ,golang-github-containerd-continuity-dev (>= 0.0~git20190426~) + ,golang-github-docker-distribution-dev (>= 2.7.1~) + ,golang-github-docker-docker-credential-helpers-dev (>= 0.6.1~) + ,golang-github-docker-go-connections-dev (>= 0.4.0~) + ,golang-github-docker-go-metrics-dev + ,golang-github-docker-go-units-dev (>= 0.4.0~) + ,golang-github-docker-libkv-dev + ,golang-github-fsnotify-fsnotify-dev + ,golang-github-gorilla-mux-dev (>= 1.7.1~) + ,golang-github-mattn-go-shellwords-dev + ,golang-github-morikuni-aec-dev + ,golang-github-opencontainers-go-digest-dev + ,golang-github-opencontainers-image-spec-dev (>= 1.0.1~) + ,golang-github-opencontainers-runc-dev (>= 1.0.0~rc8~) + ,golang-github-opencontainers-selinux-dev (>= 1.3.0~) + ,golang-github-pkg-errors-dev + ,golang-github-seccomp-libseccomp-golang-dev (>= 0.9.1~) + ,golang-github-sirupsen-logrus-dev (>= 1.0.2~) + ,golang-github-stretchr-testify-dev + ,golang-github-tchap-go-patricia-dev + ,golang-golang-x-net-dev + ,golang-golang-x-sys-dev (>= 0.0~git20190726~) + ,golang-google-grpc-dev + ,golang-gopkg-check.v1-dev +# libnetwork: + ,golang-dbus-dev (>= 3~) + ,golang-github-burntsushi-toml-dev + ,golang-github-deckarep-golang-set-dev + ,golang-github-docker-go-events-dev + ,golang-github-gogo-protobuf-dev + ,golang-github-hashicorp-memberlist-dev (>= 0.1.0~) + ,golang-github-hashicorp-serf-dev + ,golang-github-ishidawataru-sctp-dev + ,golang-github-vishvananda-netlink-dev (>= 1.0.0~) + ,golang-github-vishvananda-netns-dev +# containerd + ,golang-github-appc-cni-dev (>= 0.7.1~) + ,golang-github-containernetworking-plugins-dev + ,golang-github-containerd-fifo-dev + ,golang-github-tonistiigi-fifo-dev +# moby/buildkit/session + ,golang-github-opentracing-opentracing-go-dev +Replaces: golang-github-containerd-containerd-dev + ,golang-github-docker-libnetwork-dev +Breaks: golang-github-containerd-containerd-dev + ,golang-github-docker-libnetwork-dev +Provides: golang-github-containerd-containerd-dev + ,golang-github-docker-libnetwork-dev +Description: reusable Go packages included with Docker + These packages are intentionally developed by upstream in such a way that they + are reusable to projects outside Docker and only rely on each other or other + external dependencies to be built. + +#Package: golang-github-opencontainers-docker-runc-dev +#Section: oldlibs +#Architecture: all +#Depends: ${misc:Depends} +# ,golang-github-opencontainers-runc-dev (>= 1.0.0~) +#Description: Open Container Project - development files (Docker's version) +# This is a transitional package to ease upgrades to the +# "golang-github-opencontainers-runc-dev" package. It can safely be removed. + +Package: docker-doc +Provides: docker.io-doc +Section: doc +Architecture: all +Depends: ${misc:Depends} +Description: Linux container runtime -- documentation + Docker complements kernel namespacing with a high-level API which operates at + the process level. It runs unix processes with strong guarantees of isolation + and repeatability across servers. + . + Docker is a great building block for automating distributed systems: + large-scale web deployments, database clusters, continuous deployment systems, + private PaaS, service-oriented architectures, etc. + . + This package contains the daemon and client. Using docker.io on non-amd64 hosts + is not supported at this time. Please be careful when using it on anything + besides amd64. + . + Also, note that kernel version 3.8 or above is required for proper operation of + the daemon process, and that any lower versions may have subtle and/or glaring + issues. + . + This package provides documentation for Docker. diff --git a/copyright b/copyright new file mode 100644 index 00000000..d9e6c190 --- /dev/null +++ b/copyright @@ -0,0 +1,493 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: Docker +Upstream-Contact: Docker, Inc. +Source: https://github.com/docker/docker +Files-Excluded: + .github + .gitignore + components/packaging + vendor/k8s.io/*/third_party/protobuf + vendor/cloud.google.com + ~~vendor/code.cloudfoundry.org + vendor/github.com/agl/ed25519 + vendor/github.com/armon/go-metrics + vendor/github.com/armon/go-radix + vendor/github.com/asaskevich/govalidator + vendor/github.com/aws/aws-sdk-go + vendor/github.com/Azure/azure-sdk-for-go + vendor/github.com/Azure/go-ansiterm + vendor/github.com/Azure/go-autorest + vendor/github.com/beorn7/perks + vendor/github.com/bshuster-repo/logrus-logstash-hook + vendor/github.com/bsphere/le_go + vendor/github.com/bugsnag/bugsnag-go + vendor/github.com/bugsnag/osext + vendor/github.com/bugsnag/panicwrap + vendor/github.com/BurntSushi/toml + vendor/github.com/cloudflare/cfssl + vendor/github.com/codegangsta/cli + ~~vendor/github.com/containerd/aufs + vendor/github.com/containerd/btrfs + vendor/github.com/containerd/cgroups + vendor/github.com/containerd/console + vendor/github.com/containerd/containerd + vendor/github.com/containerd/continuity + ~~vendor/github.com/containerd/cri + vendor/github.com/containerd/fifo + vendor/github.com/containerd/go-cni + ~~vendor/github.com/containerd/go-runc + ~~vendor/github.com/containerd/ttrpc + vendor/github.com/containerd/typeurl + ~~vendor/github.com/containerd/zfs + vendor/github.com/containernetworking/cni + vendor/github.com/containernetworking/plugins + vendor/github.com/coreos/etcd + vendor/github.com/coreos/go-semver + vendor/github.com/coreos/go-systemd + vendor/github.com/coreos/pkg + vendor/github.com/cpuguy83/go-md2man + vendor/github.com/creack/pty + vendor/github.com/davecgh/go-spew + vendor/github.com/deckarep/golang-set + vendor/github.com/denverdino/aliyungo + vendor/github.com/dgrijalva/jwt-go + ~~vendor/github.com/docker/compose-on-kubernetes + vendor/github.com/docker/distribution + vendor/github.com/docker/docker + vendor/github.com/docker/docker-credential-helpers + vendor/github.com/docker/go + vendor/github.com/docker/go-connections + vendor/github.com/docker/go-events + vendor/github.com/docker/go-metrics + vendor/github.com/docker/go-units + vendor/github.com/docker/libkv + vendor/github.com/docker/libnetwork + vendor/github.com/docker/libtrust + ~~vendor/github.com/docker/licensing + vendor/github.com/docker/spdystream + vendor/github.com/docker/swarmkit + vendor/github.com/dustin/go-humanize + vendor/github.com/emicklei/go-restful + vendor/github.com/evanphx/json-patch + vendor/github.com/fernet/fernet-go + vendor/github.com/fluent/fluent-logger-golang + vendor/github.com/fsnotify/fsnotify + vendor/github.com/garyburd/redigo + vendor/github.com/godbus/dbus + vendor/github.com/gofrs/flock + vendor/github.com/gogo/googleapis + vendor/github.com/gogo/protobuf + vendor/github.com/go-ini/ini + ~~vendor/github.com/golang/gddo + vendor/github.com/golang/glog + vendor/github.com/golang/protobuf + vendor/github.com/googleapis/gax-go + vendor/github.com/googleapis/gnostic + vendor/github.com/google/certificate-transparency-go + vendor/github.com/google/go-cmp + vendor/github.com/google/gofuzz + vendor/github.com/google/shlex + vendor/github.com/google/uuid + vendor/github.com/gorilla/handlers + vendor/github.com/gorilla/mux + vendor/github.com/Graylog2/go-gelf + vendor/github.com/grpc-ecosystem/go-grpc-prometheus + vendor/github.com/grpc-ecosystem/grpc-gateway + ~~vendor/github.com/grpc-ecosystem/grpc-opentracing + vendor/github.com/hashicorp/consul + vendor/github.com/hashicorp/errwrap + ~~vendor/github.com/hashicorp/go-immutable-radix + vendor/github.com/hashicorp/golang-lru + vendor/github.com/hashicorp/go-memdb + vendor/github.com/hashicorp/go-msgpack + vendor/github.com/hashicorp/go-multierror + vendor/github.com/hashicorp/go-sockaddr + vendor/github.com/hashicorp/go-version + vendor/github.com/hashicorp/memberlist + vendor/github.com/hashicorp/serf + vendor/github.com/imdario/mergo + vendor/github.com/inconshreveable/mousetrap + vendor/github.com/ishidawataru/sctp + ~~vendor/github.com/jaguilar/vt100 + vendor/github.com/jmespath/go-jmespath + vendor/github.com/json-iterator/go + vendor/github.com/konsorten/go-windows-terminal-sequences + vendor/github.com/marstr/guid + vendor/github.com/mattn/go-shellwords + vendor/github.com/matttproud/golang_protobuf_extensions + vendor/github.com/Microsoft/go-winio + vendor/github.com/Microsoft/hcsshim + vendor/github.com/Microsoft/opengcs + vendor/github.com/miekg/dns + vendor/github.com/miekg/pkcs11 + vendor/github.com/mistifyio/go-zfs + vendor/github.com/mitchellh/hashstructure + vendor/github.com/mitchellh/mapstructure + ~~vendor/github.com/moby/buildkit + vendor/github.com/modern-go/concurrent + vendor/github.com/modern-go/reflect2 + vendor/github.com/morikuni/aec + vendor/github.com/ncw/swift + vendor/github.com/opencontainers/go-digest + vendor/github.com/opencontainers/image-spec + vendor/github.com/opencontainers/runc + vendor/github.com/opencontainers/runtime-spec + vendor/github.com/opencontainers/selinux + vendor/github.com/opentracing-contrib/go-stdlib + vendor/github.com/opentracing/opentracing-go + ~~vendor/github.com/phayes/permbits + vendor/github.com/philhofer/fwd + vendor/github.com/pkg/errors + vendor/github.com/pmezard/go-difflib + vendor/github.com/prometheus/client_golang + vendor/github.com/prometheus/client_model + vendor/github.com/prometheus/common + vendor/github.com/prometheus/procfs + vendor/github.com/RackSec/srslog + vendor/github.com/rcrowley/go-metrics + vendor/github.com/russross/blackfriday + vendor/github.com/samuel/go-zookeeper + vendor/github.com/satori/go.uuid + vendor/github.com/sean-/seed + vendor/github.com/seccomp/libseccomp-golang + vendor/github.com/Shopify/logrus-bugsnag + vendor/github.com/shurcooL/sanitized_anchor_name + vendor/github.com/sirupsen/logrus + ~~vendor/github.com/spf13/cobra + ~~vendor/github.com/spf13/pflag + vendor/github.com/stretchr/testify + vendor/github.com/syndtr/gocapability + vendor/github.com/tchap/go-patricia + vendor/github.com/theupdateframework/notary + vendor/github.com/tinylib/msgp + ~~vendor/github.com/tonistiigi/fsutil + ~~vendor/github.com/tonistiigi/units + vendor/github.com/ugorji/go + vendor/github.com/urfave/cli + vendor/github.com/vbatts/tar-split + vendor/github.com/vishvananda/netlink + vendor/github.com/vishvananda/netns + vendor/github.com/xeipuuv/gojsonpointer + vendor/github.com/xeipuuv/gojsonreference + vendor/github.com/xeipuuv/gojsonschema + vendor/github.com/xenolf/lego + vendor/github.com/yvasiyarov/go-metrics + vendor/github.com/yvasiyarov/gorelic + vendor/github.com/yvasiyarov/newrelic_platform_go + vendor/go.etcd.io + vendor/golang.org + vendor/google.golang.org + vendor/go.opencensus.io + vendor/gopkg.in + vendor/gotest.tools + ~~vendor/k8s.io + vendor/rsc.io + ~~vendor/sigs.k8s.io + ~~vendor/vbom.ml +Files-Excluded-containerd: + */docs +Files-Excluded-distribution: + */docs +Comment: + Thanks to custom repack script, Files-Excluded section is applied to all + components otherwise individual Files-Excluded-{component} sections would + contain too much duplication. + +Files: * +Copyright: 2012-2018 Docker, Inc. +License: Apache-2.0 + +Files: + cli/contrib/completion/zsh/* +Copyright: 2013-2014 Felix Riedel +License: BSD-3-clause-Generic + +Files: + engine/contrib/init/openrc/docker.initd +Copyright: 1999-2013 Gentoo Foundation +License: GPL-2 + +Files: + engine/contrib/selinux-fedora-24/docker-engine-selinux/* + engine/contrib/selinux-oraclelinux-7/docker-engine-selinux/* +Copyright: 2012-2016 Docker Inc. +License: GPL-2 +Comment: No explicit copyright statement; assuming upstream copyright. + +Files: + engine/contrib/syntax/vim/* +Copyright: 2013 Honza Pokorny +License: BSD-2-clause + +Files: + engine/pkg/symlink/fs.go +Copyright: 2014-2016 The Docker & Go Authors +License: BSD-3-clause-Google + +Files: + */vendor/github.com/docker/licensing +Copyright: 2013-2017 Docker, Inc. +License: Apache-2.0 + +Files: + */vendor/github.com/grpc-ecosystem/grpc-opentracing/* +Copyright: 2016, gRPC Ecosystem +License: BSD-3-clause-GRPC-Opentracing + +Files: + */vendor/github.com/phayes/permbits/* +Copyright: 2016 Patrick D Hayes +License: Expat + +Files: + */vendor/github.com/spf13/cobra/* +Copyright: + 2013 Steve Francia + 2015 Red Hat Inc. + 2016 French Ben +License: Apache-2.0 + +Files: + */vendor/github.com/spf13/pflag/* +Copyright: + 2012 The Go Authors + 2012–2015 Alex Ogier +License: BSD-3-clause-Google + +Files: + */vendor/github.com/tonistiigi/fsutil/* +Copyright: 2017 Tõnis Tiigi +License: Expat + +Files: + */vendor/github.com/yvasiyarov/* +Copyright: + 2012 Richard Crowley + 2013 Yuriy Vasiyarov +License: BSD-2-clause + +Files: + vendor/gotest.tools/* +Copyright: 2018 gotest.tools authors +License: Apache-2.0 + +Files: + vendor/gotest.tools/internal/difflib/* +Copyright: 2013 Patrick Mezard +License: BSD-3-clause-Generic + +Files: + */vendor/k8s.io/* +Copyright: 2014-2018 The Kubernetes Authors. +License: Apache-2.0 + +Files: + */vendor/k8s.io/apimachinery/third_party/forked/golang/reflect/deep_equal.go +Copyright: 2009 The Go Authors +License: BSD-3-clause-Google + +Files: + */vendor/vbom.ml/util/* +Copyright: 2015 Frits van Bommel +License: Expat + +Files: debian/* +Copyright: + 2016-2018 Dmitry Smirnov + 2013-2014 Daniel Mizyrycki + 2013-2014 Paul Tagliamonte + 2012-2014 Michael Stapelberg + 2013-2016 Tianon Gravi + 2013-2014 Johan Euphrosine + 2014 Prach Pongpanich + 2016 Tim Potter + 2016 Michael Hudson-Doyle +License: Apache-2.0 + +License: Apache-2.0 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + http://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + On Debian systems, the complete text of the Apache version 2.0 license + can be found in "/usr/share/common-licenses/Apache-2.0". + +License: BSD-2-clause + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + . + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR + ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +License: BSD-2-clause~freebsd + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + . + 1. Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR + ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + . + The views and conclusions contained in the software and documentation are those + of the authors and should not be interpreted as representing official policies, + either expressed or implied, of the FreeBSD Project. + +License: BSD-3-clause-Generic + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY + DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +License: BSD-3-clause-Google + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are + met: + . + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following disclaimer + in the documentation and/or other materials provided with the + distribution. + * Neither the name of Google Inc. nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +License: BSD-3-clause-GRPC-Opentracing + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + . + * Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + . + * Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + . + * Neither the name of grpc-opentracing nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +License: Expat + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + . + The above copyright notice and this permission notice shall be included in + all copies or substantial portions of the Software. + . + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + THE SOFTWARE. + +License: GPL-2 + This file is part of Buildbot. Buildbot is free software: you can + redistribute it and/or modify it under the terms of the GNU General Public + License as published by the Free Software Foundation, version 2. + . + This program is distributed in the hope that it will be useful, but WITHOUT + ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + details. + . + You should have received a copy of the GNU General Public License along with + this program; if not, write to the Free Software Foundation, Inc., 51 + Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + . + On Debian systems, the complete text of the GNU GPL v2 license can be found in + "/usr/share/common-licenses/GPL-2". + +License: ISC + Permission to use, copy, modify, and/or distribute this software for + any purpose with or without fee is hereby granted, provided that the + above copyright notice and this permission notice appear in all + copies. + ․ + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/docker-doc.docs b/docker-doc.docs new file mode 100644 index 00000000..96fb1669 --- /dev/null +++ b/docker-doc.docs @@ -0,0 +1,3 @@ +cli/docs/* +engine/docs/* +cli/NOTICE containerd/NOTICE engine/NOTICE diff --git a/docker.io.NEWS b/docker.io.NEWS new file mode 100644 index 00000000..82ae42e4 --- /dev/null +++ b/docker.io.NEWS @@ -0,0 +1,26 @@ +docker.io (1.11.2~ds1-1) unstable; urgency=medium + + As of src:linux 4.0+ (specifically, >= 3.18-1~exp1), AUFS support is no longer + included in official Debian-compiled kernels. What this means to Docker users + is that if your existing images are stored within the "AUFS" graph driver that + once you update your kernel, your images (and containers) will become + inaccessible (due to the kernel not having the necessary aufs modules to mount + them). To recover from this, there are a couple options (detailed below). + + 1. Use the included nuke script to blow away your existing "/var/lib/docker" + contents and start fresh with Linux 4.0+: + + service docker stop + /usr/share/docker.io/contrib/nuke-graph-directory.sh /var/lib/docker + service docker start + + 2. Use "docker save" (see "docker help save" for usage) before booting 4.0+ to + preserve your images on-disk as tar files, then follow the nuke step from + the previous option followed by using "docker load" to re-load your images. + + 3. Update to src:linux >= 4.1.1-1~exp1 ("aufs: Apply patches to enable + building aufs out-of-tree"), and then compile the aufs modules out-of-tree + (a package for doing this module compilation automatically doesn't yet + exist at the time of this writing, but might in the future). + + -- Tianon Gravi Tue, 01 Dec 2015 01:02:44 -0800 diff --git a/docker.io.bash-completion b/docker.io.bash-completion new file mode 100644 index 00000000..009937f5 --- /dev/null +++ b/docker.io.bash-completion @@ -0,0 +1 @@ +cli/contrib/completion/bash/docker diff --git a/docker.io.dirs b/docker.io.dirs new file mode 100644 index 00000000..4d7117b0 --- /dev/null +++ b/docker.io.dirs @@ -0,0 +1 @@ +etc/docker diff --git a/docker.io.docker.default b/docker.io.docker.default new file mode 100644 index 00000000..802416a2 --- /dev/null +++ b/docker.io.docker.default @@ -0,0 +1,12 @@ +# Here in Debian, this file is sourced by: +# - /etc/init.d/docker (sysvinit) +# - /etc/init/docker (upstart) +# - systemd's docker.service + +# Use of this file for configuring your Docker daemon is discouraged. + +# The recommended alternative is "/etc/docker/daemon.json", as described in: +# https://docs.docker.com/v1.11/engine/reference/commandline/daemon/#daemon-configuration-file + +# If that does not suit your needs, try a systemd drop-in file, as described in: +# https://docs.docker.com/v1.11/engine/admin/systemd/#custom-docker-daemon-options diff --git a/docker.io.docker.init b/docker.io.docker.init new file mode 100644 index 00000000..600fba1c --- /dev/null +++ b/docker.io.docker.init @@ -0,0 +1,133 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: docker +# Required-Start: $syslog $remote_fs +# Required-Stop: $syslog $remote_fs +# Should-Start: cgroupfs-mount cgroup-lite +# Should-Stop: cgroupfs-mount cgroup-lite +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Create lightweight, portable, self-sufficient containers. +# Description: +# Docker is an open-source project to easily create lightweight, portable, +# self-sufficient containers from any application. The same container that a +# developer builds and tests on a laptop can run at scale, in production, on +# VMs, bare metal, OpenStack clusters, public clouds and more. +### END INIT INFO + +NAME=$(basename $(readlink -f "$0")) +DAEMON=/usr/sbin/dockerd +# This is the pid file managed by docker itself +DOCKER_PIDFILE=/var/run/$NAME.pid +# This is the pid file created/managed by start-stop-daemon +DOCKER_SSD_PIDFILE=/var/run/$NAME-ssd.pid +DOCKER_LOGFILE=/var/log/$NAME.log +DOCKER_OPTS= +DOCKER_DESC="Docker" + +# Exit if executable is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Define LSB log_* functions. +. /lib/lsb/init-functions || exit 1 + +fail_unless_root() { + if [ "$(id -u)" != '0' ]; then + log_failure_msg "$DOCKER_DESC must be run as root" + exit 1 + fi +} + +cgroupfs_mount() { + # see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount + if grep -v '^#' /etc/fstab | grep -q cgroup \ + || [ ! -e /proc/cgroups ] \ + || [ ! -d /sys/fs/cgroup ]; then + return + fi + if ! mountpoint -q /sys/fs/cgroup; then + mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup + fi + ( + cd /sys/fs/cgroup + for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do + mkdir -p $sys + if ! mountpoint -q $sys; then + if ! mount -n -t cgroup -o $sys cgroup $sys; then + rmdir $sys || true + fi + fi + done + ) +} + +case "$1" in + start) + fail_unless_root + + cgroupfs_mount + + touch "$DOCKER_LOGFILE" + chgrp docker "$DOCKER_LOGFILE" + + ulimit -n 1048576 + + # Having non-zero limits causes performance problems due to accounting overhead + # in the kernel. We recommend using cgroups to do container-local accounting. + if [ "$BASH" ]; then + ulimit -u unlimited + else + ulimit -p unlimited + fi + + log_begin_msg "Starting $DOCKER_DESC: $NAME" + $0 status >>/dev/null \ + || start-stop-daemon --start --background \ + --no-close \ + --exec "$DAEMON" \ + --pidfile "$DOCKER_SSD_PIDFILE" \ + --make-pidfile \ + -- \ + -p "$DOCKER_PIDFILE" \ + $DOCKER_OPTS \ + >> "$DOCKER_LOGFILE" 2>&1 + log_end_msg $? + ;; + + stop) + fail_unless_root + if [ -f "$DOCKER_SSD_PIDFILE" ]; then + log_begin_msg "Stopping $DOCKER_DESC: $NAME" + start-stop-daemon --stop --pidfile "$DOCKER_SSD_PIDFILE" --remove-pidfile --retry 10 + log_end_msg $? + else + log_warning_msg "Docker already stopped - file $DOCKER_SSD_PIDFILE not found." + fi + ;; + + restart) + fail_unless_root + docker_pid=`cat "$DOCKER_SSD_PIDFILE" 2>/dev/null` + [ -n "$docker_pid" ] \ + && ps -p $docker_pid > /dev/null 2>&1 \ + && $0 stop + $0 start + ;; + + force-reload) + fail_unless_root + $0 restart + ;; + + status) + status_of_proc -p "$DOCKER_SSD_PIDFILE" "$DAEMON" "$DOCKER_DESC" + ;; + + *) + echo "Usage: service docker {start|stop|restart|status}" + exit 1 + ;; +esac diff --git a/docker.io.docker.service b/docker.io.docker.service new file mode 120000 index 00000000..117f08a4 --- /dev/null +++ b/docker.io.docker.service @@ -0,0 +1 @@ +../engine/contrib/init/systemd/docker.service \ No newline at end of file diff --git a/docker.io.docker.socket b/docker.io.docker.socket new file mode 120000 index 00000000..0885e71b --- /dev/null +++ b/docker.io.docker.socket @@ -0,0 +1 @@ +../engine/contrib/init/systemd/docker.socket \ No newline at end of file diff --git a/docker.io.docker.udev b/docker.io.docker.udev new file mode 120000 index 00000000..fff6322c --- /dev/null +++ b/docker.io.docker.udev @@ -0,0 +1 @@ +../engine/contrib/udev/80-docker.rules \ No newline at end of file diff --git a/docker.io.docs b/docker.io.docs new file mode 100644 index 00000000..55774b3f --- /dev/null +++ b/docker.io.docs @@ -0,0 +1,2 @@ +engine/README.md +engine/ROADMAP.md diff --git a/docker.io.install b/docker.io.install new file mode 100755 index 00000000..61335a1f --- /dev/null +++ b/docker.io.install @@ -0,0 +1,26 @@ +#!/usr/bin/dh-exec + +.gopath/src/github.com/docker/cli/build/* /usr/bin/ +.gopath/src/github.com/docker/docker/bundles/dynbinary-daemon/dockerd-${DOCKER_VERSION} => usr/sbin/dockerd + +engine/contrib/*-integration usr/share/docker.io/contrib/ +engine/contrib/check-config.sh usr/share/docker.io/contrib/ +engine/contrib/mk* usr/share/docker.io/contrib/ +engine/contrib/nuke-graph-directory.sh usr/share/docker.io/contrib/ + +cli/contrib/completion/zsh/_docker usr/share/zsh/vendor-completions/ +cli/contrib/completion/fish/docker.fish usr/share/fish/vendor_completions.d/ + + +## libnetwork +.gopath/bin/proxy => usr/sbin/docker-proxy +.gopath/bin/ovrouter usr/sbin +.gopath/bin/dnet usr/bin + +## containerd: +.gopath/bin/containerd => usr/bin/docker-containerd +.gopath/bin/containerd-shim => usr/bin/docker-containerd-shim +.gopath/bin/ctr => usr/bin/docker-containerd-ctr + +## runc +##.gopath/bin/runc => usr/bin/docker-runc diff --git a/docker.io.links b/docker.io.links new file mode 100644 index 00000000..0d237b77 --- /dev/null +++ b/docker.io.links @@ -0,0 +1,2 @@ +/usr/sbin/runc /usr/sbin/docker-runc +/usr/bin/tini-static /usr/bin/docker-init diff --git a/docker.io.lintian-overrides b/docker.io.lintian-overrides new file mode 100644 index 00000000..94ca070f --- /dev/null +++ b/docker.io.lintian-overrides @@ -0,0 +1,3 @@ +docker.io: spelling-error-in-binary +docker.io: spelling-error-in-manpage +docker.io: manpage-has-errors-from-man diff --git a/docker.io.maintscript b/docker.io.maintscript new file mode 100644 index 00000000..8b1061f5 --- /dev/null +++ b/docker.io.maintscript @@ -0,0 +1,6 @@ +mv_conffile /etc/bash_completion.d/docker.io /etc/bash_completion.d/docker 1.2.0~ +mv_conffile /etc/default/docker.io /etc/default/docker 1.2.0~ +mv_conffile /etc/init.d/docker.io /etc/init.d/docker 1.2.0~ +mv_conffile /etc/init/docker.io.conf /etc/init/docker.conf 1.2.0~ +rm_conffile /etc/bash_completion.d/docker 1.11.2~ +rm_conffile /etc/init/docker.conf 18.06.0~ diff --git a/docker.io.manpages b/docker.io.manpages new file mode 100644 index 00000000..e1747faa --- /dev/null +++ b/docker.io.manpages @@ -0,0 +1 @@ +.gopath/src/github.com/docker/cli/man/man*/* diff --git a/docker.io.postinst b/docker.io.postinst new file mode 100644 index 00000000..3c1eb03c --- /dev/null +++ b/docker.io.postinst @@ -0,0 +1,29 @@ +#!/bin/sh +set -e + +case "$1" in + configure) + if [ -z "$2" ]; then + if ! getent group docker >>/dev/null 2>&1 ; then + addgroup --quiet --system docker + fi + fi + + # Ensure config directory permissions + # On a fresh install, $2 = '' and dpkg "le-nl" treat that as a + # greater version, so the body is not executed. + if dpkg --compare-versions "$2" le-nl '1.11.2~ds1-1'; then + if [ "$(stat -c '%a' /etc/docker)" = '700' ]; then + chmod 0755 /etc/docker + fi + fi + ;; + abort-*) + # How'd we get here?? + exit 1 + ;; + *) + ;; +esac + +#DEBHELPER# diff --git a/docker.io.postrm b/docker.io.postrm new file mode 100644 index 00000000..f01f7c71 --- /dev/null +++ b/docker.io.postrm @@ -0,0 +1,17 @@ +#!/bin/sh +set -e + +#DEBHELPER# + +case "$1" in + purge) + # if we have our saved "nuke-graph-directory.sh", let's use it + # see also docker.io.prerm + if [ -x /var/lib/docker/nuke-graph-directory.sh ]; then + /var/lib/docker/nuke-graph-directory.sh /var/lib/docker + fi + ;; + + *) + ;; +esac diff --git a/docker.io.prerm b/docker.io.prerm new file mode 100644 index 00000000..71f9e6e6 --- /dev/null +++ b/docker.io.prerm @@ -0,0 +1,23 @@ +#!/bin/sh +set -e + +case "$1" in + remove) + # if we're removing, we need to save "nuke-graph-directory.sh" so that + # we can still purge "/var/lib/docker" later if necessary + # see also docker.io.postrm + if \ + [ -d /var/lib/docker ] \ + && [ -x /usr/share/docker.io/contrib/nuke-graph-directory.sh ] \ + ; then + if cp -v /usr/share/docker.io/contrib/nuke-graph-directory.sh /var/lib/docker/; then + chmod +x /var/lib/docker/nuke-graph-directory.sh || : + fi + fi + ;; + + *) + ;; +esac + +#DEBHELPER# diff --git a/gbp.conf b/gbp.conf new file mode 100644 index 00000000..6a09c3e3 --- /dev/null +++ b/gbp.conf @@ -0,0 +1,15 @@ +[DEFAULT] +cleaner = fakeroot debian/rules clean +pristine-tar = True +merge = False +debian-tag = %(version)s + +[buildpackage] +export-dir = ../build-area/ +tarball-dir = ../tarballs/ + +[dch] +id-length = 0 +meta = True +auto = True +full = True diff --git a/get-orig-source.sh b/get-orig-source.sh new file mode 100755 index 00000000..1597f0a3 --- /dev/null +++ b/get-orig-source.sh @@ -0,0 +1,150 @@ +#!/bin/bash +: <<=cut + +=head1 DESCRIPTION + +This script is called by uscan(1) as per "debian/watch" to download Multi +Upstream Tarball (MUT) components. + +=head1 COPYRIGHT + +Copyright: 2018-2019 Dmitry Smirnov + +=head1 LICENSE + +License: GPL-3+ + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + . + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +=cut + +set -e +set -u + +if [ "$1" = '--upstream-version' ]; then + version="$2" +else + printf "E: missing argument '--upstream-version'.\n" 1>&2 + exit 1 +fi + +export XZ_OPT="-6v" +DEB_SOURCE="$( dpkg-parsechangelog -SSource )" +#DEB_VERSION="$( dpkg-parsechangelog -SVersion )" +filename="$( readlink -f ../${DEB_SOURCE}_${version}.orig.tar.xz )" +[ -s "${filename}" ] || exit 1 + +get_vendor_tree() { + # Get the list of vendor directories. For github.com repositories, we want to descend + # 2 levels down the directory, so that we get a list of go packages. + local top_dirs="" + local github_dirs="" + + for dir in "$@"; do + if [ -d $dir ]; then + top_dirs="$top_dirs $dir" + fi + if [ -d $dir/github.com ]; then + github_dirs="$github_dirs $dir/github.com" + fi + done + + local top_vendored_dirs=$( find $top_dirs -mindepth 1 -maxdepth 1 -type d | grep -v 'github.com' ) + local github_vendored_dirs=$( find $github_dirs -mindepth 2 -maxdepth 2 -type d ) + printf "${top_vendored_dirs}\n${github_vendored_dirs}" \ + | sed 's;^.*/vendor/;vendor/;' \ + | sort +} + +drop_files_excluded() { + local work_dir + for work_dir in "$@"; do + perl -0nE 'say $1 if m{^Files\-Excluded:\s*(.*?)(?:\n\n|^Files|^Comment)}sm;' debian/copyright \ + | ( cd "${work_dir}" && xargs --no-run-if-empty rm -rf ) + done + if [ -d "${work_dir}"/vendor ]; then + find "${work_dir}"/vendor -mindepth 1 -type d -empty -delete -printf 'removed %p\n' + fi +} + +## tarpack() takes two arguments: +## 1. directory to compress +## 2. tarball path/name +tarpack() { + ( cd "$1" && \ + find -L . -xdev -type f -print | LC_ALL=C sort \ + | XZ_OPT="-6v" tar -caf "$2" -T- --owner=root --group=root --mode=a+rX \ + ) +} + +## extract main tarball: +work_dir="$( mktemp -d -t get-orig-source_${DEB_SOURCE}_XXXXXXXX )" +trap "rm -rf '${work_dir}'" EXIT +tar -xf "${filename}" -C "${work_dir}" + +## Docker specific: +vendored_dirs="$(get_vendor_tree ${work_dir}/*/components/*/vendor)" +drop_files_excluded "${work_dir}"/*/components/* + +#### Move components one level up +( cd "${work_dir}"/*/components && mv * ../ ) \ +&& rmdir "${work_dir}"/*/components + +tarpack "${work_dir}" "${filename}" + +## fetch Docker components: +for I in docker/go-events docker/libnetwork docker/distribution docker/swarmkit containerd/containerd; do + printf ":: Processing ${I}\n" 1>&2 + URL="github.com/${I}" + REV=$( grep "${URL}" "${work_dir}"/*/engine/vendor.conf | head -1 | awk '{print $2}' ) + if [ -z "${REV}" ]; then + printf "E: could not find commit for ${I}\n" 1>&2 + exit 1 + fi + component=${I##*/} + FN="$( readlink -f ../${DEB_SOURCE}_${version}.orig-${component}.tar.gz )" + + if [ ! -s "${FN}" ]; then + wget --tries=3 --timeout=40 --read-timeout=40 --continue \ + -O "${FN}" "https://${URL}/archive/${REV}.tar.gz" \ + || rm -f "${FN}" + + component_dir="$( mktemp -d -t get-orig-source_XXXXXXXX )" + mkdir "${component_dir}"/${component} + tar -xf "${FN}" -C "${component_dir}"/${component} --strip-components=1 + + if [ -d "${component_dir}"/${component}/vendor ]; then + vendored_dirs="$(printf '%s\n' ${vendored_dirs} $(get_vendor_tree ${component_dir}/${component}/vendor))" + fi + drop_files_excluded "${component_dir}"/${component} + + tarpack "${component_dir}" "${FN}" + rm -rf "${component_dir}" + + mk-origtargz --package ${DEB_SOURCE} --version ${version} \ + --rename --repack --compression xz --directory .. \ + --component ${component} --copyright-file debian/copyright \ + "${FN}" + fi +done +##### + +echo "" +echo "Here's a tentative list for your Files-Excluded list, in d/copyright." +echo "Use it with care" +echo "" + +echo "Files-Excluded:" +echo "${vendored_dirs}" | sort | uniq | sed 's/^/ /' + +rm -rf "${work_dir}" diff --git a/golang-github-docker-docker-dev.install b/golang-github-docker-docker-dev.install new file mode 100644 index 00000000..5036c65b --- /dev/null +++ b/golang-github-docker-docker-dev.install @@ -0,0 +1,68 @@ +## CLI: +.gopath/src/github.com/docker/cli/cli/config usr/share/gocode/src/github.com/docker/cli/cli/ +.gopath/src/github.com/docker/cli/opts usr/share/gocode/src/github.com/docker/cli/ + + +## Legacy / compatibility with older Docker: +.gopath/src/github.com/docker/cli/cli/config/* usr/share/gocode/src/github.com/docker/docker/cliconfig/ +#.gopath/src/github.com/docker/cli/cli/config/* usr/share/gocode/src/github.com/docker/docker/cli/config/ + + +## Engine +engine/dockerversion usr/share/gocode/src/github.com/docker/docker/ +engine/daemon usr/share/gocode/src/github.com/docker/docker/ +.gopath/src/github.com/docker/docker/api usr/share/gocode/src/github.com/docker/docker/ +.gopath/src/github.com/docker/docker/builder usr/share/gocode/src/github.com/docker/docker/ +.gopath/src/github.com/docker/docker/cli usr/share/gocode/src/github.com/docker/docker/ +.gopath/src/github.com/docker/docker/client usr/share/gocode/src/github.com/docker/docker/ +.gopath/src/github.com/docker/docker/container usr/share/gocode/src/github.com/docker/docker/ +.gopath/src/github.com/docker/docker/errdefs usr/share/gocode/src/github.com/docker/docker/ +.gopath/src/github.com/docker/docker/image usr/share/gocode/src/github.com/docker/docker/ +.gopath/src/github.com/docker/docker/oci usr/share/gocode/src/github.com/docker/docker/ +.gopath/src/github.com/docker/docker/opts usr/share/gocode/src/github.com/docker/docker/ +.gopath/src/github.com/docker/docker/pkg usr/share/gocode/src/github.com/docker/docker/ +.gopath/src/github.com/docker/docker/profiles usr/share/gocode/src/github.com/docker/docker/ +.gopath/src/github.com/docker/docker/reference usr/share/gocode/src/github.com/docker/docker/ +.gopath/src/github.com/docker/docker/registry usr/share/gocode/src/github.com/docker/docker/ +.gopath/src/github.com/docker/docker/runconfig usr/share/gocode/src/github.com/docker/docker/ + + +## Libnetwork: +.gopath/src/github.com/docker/libnetwork/datastore usr/share/gocode/src/github.com/docker/libnetwork/ +.gopath/src/github.com/docker/libnetwork/discoverapi usr/share/gocode/src/github.com/docker/libnetwork/ +.gopath/src/github.com/docker/libnetwork/ipamutils usr/share/gocode/src/github.com/docker/libnetwork/ +.gopath/src/github.com/docker/libnetwork/ipvs usr/share/gocode/src/github.com/docker/libnetwork/ +.gopath/src/github.com/docker/libnetwork/ns usr/share/gocode/src/github.com/docker/libnetwork/ +.gopath/src/github.com/docker/libnetwork/options usr/share/gocode/src/github.com/docker/libnetwork/ +.gopath/src/github.com/docker/libnetwork/resolvconf usr/share/gocode/src/github.com/docker/libnetwork/ +.gopath/src/github.com/docker/libnetwork/testutils usr/share/gocode/src/github.com/docker/libnetwork/ +.gopath/src/github.com/docker/libnetwork/types usr/share/gocode/src/github.com/docker/libnetwork/ + + +## Sub-vendoring: +distribution/reference usr/share/gocode/src/github.com/docker/docker/vendor/github.com/docker/distribution/ +distribution/digestset usr/share/gocode/src/github.com/docker/docker/vendor/github.com/docker/distribution/ + +cli/vendor/github.com/moby/buildkit/ usr/share/gocode/src/github.com/moby/ + +## Containerd: +containerd/api usr/share/gocode/src/github.com/containerd/containerd/ +containerd/archive usr/share/gocode/src/github.com/containerd/containerd/ +containerd/cio usr/share/gocode/src/github.com/containerd/containerd/ +containerd/containers usr/share/gocode/src/github.com/containerd/containerd/ +containerd/content usr/share/gocode/src/github.com/containerd/containerd/ +containerd/defaults usr/share/gocode/src/github.com/containerd/containerd/ +containerd/errdefs usr/share/gocode/src/github.com/containerd/containerd/ +containerd/events usr/share/gocode/src/github.com/containerd/containerd/ +containerd/filters usr/share/gocode/src/github.com/containerd/containerd/ +containerd/identifiers usr/share/gocode/src/github.com/containerd/containerd/ +containerd/images usr/share/gocode/src/github.com/containerd/containerd/ +containerd/labels usr/share/gocode/src/github.com/containerd/containerd/ +containerd/log usr/share/gocode/src/github.com/containerd/containerd/ +containerd/namespaces usr/share/gocode/src/github.com/containerd/containerd/ +containerd/platforms usr/share/gocode/src/github.com/containerd/containerd/ +containerd/plugin usr/share/gocode/src/github.com/containerd/containerd/ +containerd/reference usr/share/gocode/src/github.com/containerd/containerd/ +containerd/remotes usr/share/gocode/src/github.com/containerd/containerd/ +containerd/sys usr/share/gocode/src/github.com/containerd/containerd/ +containerd/version usr/share/gocode/src/github.com/containerd/containerd/ diff --git a/helpers/gen-build-depends.sh b/helpers/gen-build-depends.sh new file mode 100755 index 00000000..00af9e37 --- /dev/null +++ b/helpers/gen-build-depends.sh @@ -0,0 +1,193 @@ +#!/bin/bash +set -eu +set -o pipefail + +goBuildTags='apparmor cgo daemon pkcs11 selinux' + +debDir="$PWD/debian" + +debVer="$(dpkg-parsechangelog -SVersion)" +origVer="${debVer%-*}" # strip everything from the last dash +origVer="$(echo "$origVer" | sed -r 's/^[0-9]+://')" # strip epoch +upstreamVer="${origVer%%[+~]ds*}" +upstreamVer="${upstreamVer//[~]/-}" + +goImportPath="$(awk -F ': ' '$1 == "XS-Go-Import-Path" { print $2; exit }' debian/control)" +[ "$goImportPath" ] + +upstreamArchiveUri="https://$goImportPath/archive/v${upstreamVer}.tar.gz" + +tempDir="$(mktemp -d -t debian-docker-gen-build-depends-XXXXXXXXXX)" +trap "rm -rf '$tempDir'" EXIT +cd "$tempDir" + +mkdir -p "gopath/src/$goImportPath" +wget -qO archive.tar.gz "$upstreamArchiveUri" +tar \ + --extract \ + --file archive.tar.gz \ + --directory "gopath/src/$goImportPath" \ + --strip-components 1 +export GOPATH="$PWD/gopath:$PWD/gopath/src/$goImportPath/vendor" +cd "gopath/src/$goImportPath" + +IFS=$'\n' +# get the full list of "docker/docker" Go packages +goPkgs=( $(go list "$goImportPath/..." | grep -vE "^$goImportPath/vendor/") ) +# get the list of their dependencies, normalized: +# - skip stdlib, docker/docker +# - adjust known hosting locations for their top-level repos +goDeps=( $( + go list \ + -e \ + -tags "$goBuildTags" \ + -f '{{ join .Deps "\n" }}{{ "\n" }}{{ join .TestImports "\n" }}' \ + "${goPkgs[@]}" \ + | grep -vE '^$' \ + | grep -vE '^[^/]+$' \ + | grep -vE "^$goImportPath/" \ + | sort -u \ + | xargs \ + go list \ + -e \ + -f '{{ if not .Standard }}{{ .ImportPath }}{{ end }}' \ + | grep -vE '^$' \ + | sed -r \ + -e 's!^(github.com/[^/]+/[^/]+)/.*$!\1!' \ + -e 's!^(golang.org/x/[^/]+)/.*$!\1!' \ + -e 's!^(google.golang.org/[^/]+)/.*$!\1!' \ + -e 's!^(gopkg.in/[^/]+)/.*$!\1!' \ + | sort -u +) ) +unset IFS + +# converts a given "goPkg" into the relevant Debian "-dev" package name +debian_pkg() { + local goPkg="$1" + local domain="${goPkg%%/*}" + domain="${domain%%.*}" + local goPkgPath="${goPkg#*/}" + local package="golang-$domain-${goPkgPath//\//-}-dev" + package="${package,,}" + echo "$package" +} + +# converts "gitRepo" and "gitRef" into a concrete version number +git_version() { + local goPkg="$1"; shift + local gitRepo="$1"; shift + local gitRef="$1"; shift + + [ "$gitRef" ] || return + + local gitSnapshotPrefix='0.0~git' + + # normalize a few "special" cases + case "$goPkg=$gitRef" in + github.com/docker/go=*-*-*-*) + # turn "v1.5.1-1-1-gbaf439e" into "v1.5.1-1" so we can "ls-remote" and generate via commit instead of version + local remoteCommit="$(git ls-remote "$gitRepo" "refs/tags/${gitRef%-*-*}" | cut -d$'\t' -f1)" + if [ "$remoteCommit" ]; then + gitRef="$remoteCommit" + fi + ;; + + github.com/docker/libnetwork=v0.7.2-rc.1) + # TODO get newer version in the archive + gitRef='v0.7.0~rc.6' + ;; + + github.com/docker/distribution=467fc068d88aa6610691b7f1a677271a3fac4aac) + # TODO get newer version in the archive (467fc068d88aa6610691b7f1a677271a3fac4aac really corresponds to v2.5.0-rc.1+) + gitRef='v2.4.1' + ;; + + github.com/agl/ed25519=*) + gitSnapshotPrefix='0~' + ;; + + github.com/docker/containerd=*|github.com/opencontainers/runc=*) + # attempt to resolve commit to tag + local remoteTag="$(git ls-remote --tags "$gitRepo" | awk -F '[\t/]' '$1 == "'"$gitRef"'" { print $4; exit }')" + if [ "$remoteTag" ]; then + gitRef="$remoteTag" + fi + # TODO get newer (compatible) versions of each of these into the archive + case "$goPkg" in + github.com/docker/containerd) + gitRef='v0.2.1' + ;; + github.com/opencontainers/runc) + gitRef='v0.1.0' + ;; + esac + ;; + esac + + case "$gitRef" in + v[0-9]*|[0-9].*) + echo "${gitRef#v}" + return + ;; + esac + + local commitDate + case "$goPkg" in + github.com/*) + # for GitHub repos, we can shortcut the date calculation (saves a _lot_ of time) + local githubPatchUri="https://$goPkg/commit/$gitRef.patch" + commitDate="$(wget -qO- "$githubPatchUri" | awk -F ': ' '$1 == "Date" { print $2 }' | tail -1)" + # ".patch" returns potentially multiple commits, so we want the final "Date:" value, hence the "tail -1" + ;; + + *) + mkdir -p "$tempDir/git/$goPkg" + git clone --quiet "$gitRepo" "$tempDir/git/$goPkg" + local commitUnix="$(git -C "$tempDir/git/$goPkg" log -1 --format='%at' "$gitRef" --)" + commitDate="@$commitUnix" + ;; + esac + [ "$commitDate" ] + commitDate="$(TZ=UTC date --date="$commitDate" +'%Y%m%d')" + echo "$gitSnapshotPrefix$commitDate" +} + +declare -A transitionals=( + [golang-github-agl-ed25519-dev]='golang-ed25519-dev' + [golang-github-coreos-etcd-dev]='golang-etcd-server-dev' + [golang-github-go-check-check-dev]='golang-gopkg-check.v1-dev' + [golang-github-godbus-dbus-dev]='golang-dbus-dev' + [golang-github-golang-protobuf-dev]='golang-goprotobuf-dev' + [golang-github-miekg-dns-dev]='golang-dns-dev' + [golang-github-mistifyio-go-zfs-dev]='golang-go-zfs-dev' + [golang-github-syndtr-gocapability-dev]='golang-gocapability-dev' + [golang-github-ugorji-go-dev]='golang-github-ugorji-go-codec-dev' + [golang-gopkg-fsnotify.v1-dev]='golang-github-fsnotify-fsnotify-dev' + + # golang-golang-x-oauth2 version 0.0~git20161103.0.36bc617-2 introduced a separate google/ package + [golang-golang-x-oauth2-dev]='golang-golang-x-oauth2-google-dev' +) + +for goDep in "${goDeps[@]}"; do + if grep -q "^vendor/src/$goDep\$" "$debDir"/repack/keep/* 2>/dev/null; then + # skip vendored deps we don't remove + continue + fi + + debPkg="$(debian_pkg "$goDep")" + + gitRepoRef="$(awk '$1 == "clone" && $2 == "git" && $3 == "'"$goDep"'" { print ($5 && $5 != "#" ? $5 : "") "=" $4; exit }' hack/vendor.sh)" + gitRepo="${gitRepoRef%=*}" + gitRef="${gitRepoRef##$gitRepo=}" + : "${gitRepo:=https://$goDep}" + + debVer="$(git_version "$goDep" "$gitRepo" "$gitRef")" + + # deal with "golang-dns-dev" and friends of that nature + transitional="${transitionals[$debPkg]:-}" + if [ "$transitional" ]; then + echo -n "$transitional${debVer:+ (>= ${debVer}~)} | " + fi + + echo "$debPkg${debVer:+ (>= ${debVer}~)}," +done | sort diff --git a/helpers/gitcommit.sh b/helpers/gitcommit.sh new file mode 100755 index 00000000..3ca038d1 --- /dev/null +++ b/helpers/gitcommit.sh @@ -0,0 +1,34 @@ +#!/bin/bash +set -e + +uVersion="$1" +dVersion="$2" + +if [ -z "$uVersion" ]; then + uVersion="$(cat VERSION)" +fi +if [ -z "$dVersion" ]; then + dVersion="$(dpkg-parsechangelog --show-field Version)" +fi + +if [ "${uVersion%-dev}" = "$uVersion" ]; then + # this is a straight-up release! easy-peasy + exec awk -F ': ' '$1 == "'"$uVersion"'" { print $2 }' debian/upstream-version-gitcommits +fi + +# must be a nightly, so let's look for clues about what the git commit is + +if git rev-parse &> /dev/null; then + # well, this will be easy ;) + exec git rev-parse --short HEAD +fi + +if [ "${dVersion#*+*+}" != "$dVersion" ]; then + # must be something like "1.1.2+10013+8c38a3d-1~utopic1" (nightly!) + commit="${dVersion#*+*+}" + commit="${commit%%-*}" + exec echo "$commit" +fi + +# unknown... +echo >&2 'warning: unable to determine DOCKER_GITCOMMIT' diff --git a/patches/buildkit-build-against-google-grpc-1.11.patch b/patches/buildkit-build-against-google-grpc-1.11.patch new file mode 100644 index 00000000..9f52b154 --- /dev/null +++ b/patches/buildkit-build-against-google-grpc-1.11.patch @@ -0,0 +1,56 @@ +From: Arnaud Rebillout +Date: Tue, 22 Jan 2019 12:22:52 +0700 +Subject: Build against google-grpc 1.11, where md.Get() does not exist. + +This patch is based on the commit that introduced md.Get() in google-grpc: +. + +Please drop this patch as soon as we build docker against google-grpc >= 1.12. + +Origin: vendor, Debian +Forwarded: not-needed, Debian-specific +Signed-off-by: Arnaud Rebillout +--- + client/buildid/metadata.go | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/cli/vendor/github.com/moby/buildkit/client/buildid/metadata.go ++++ b/cli/vendor/github.com/moby/buildkit/client/buildid/metadata.go +@@ -2,6 +2,7 @@ + + import ( + "context" ++ "strings" + + "google.golang.org/grpc/metadata" + ) +@@ -21,7 +22,8 @@ + return "" + } + +- if ids := md.Get(metadataKey); len(ids) == 1 { ++ k := strings.ToLower(metadataKey) ++ if ids := md[k]; len(ids) == 1 { + return ids[0] + } + +--- a/engine/vendor/github.com/moby/buildkit/client/buildid/metadata.go ++++ b/engine/vendor/github.com/moby/buildkit/client/buildid/metadata.go +@@ -2,6 +2,7 @@ + + import ( + "context" ++ "strings" + + "google.golang.org/grpc/metadata" + ) +@@ -21,7 +22,8 @@ + return "" + } + +- if ids := md.Get(metadataKey); len(ids) == 1 { ++ k := strings.ToLower(metadataKey) ++ if ids := md[k]; len(ids) == 1 { + return ids[0] + } + diff --git a/patches/cli-dont-duplicate-authconfig.patch b/patches/cli-dont-duplicate-authconfig.patch new file mode 100644 index 00000000..4a50cebb --- /dev/null +++ b/patches/cli-dont-duplicate-authconfig.patch @@ -0,0 +1,48 @@ +Author: Arnaud Rebillout +Bug-Upsteam: https://github.com/docker/cli/issues/2181 +Forwarded: not-needed, Debian-specific +Description: Prevent reverse build-deps nomad and gitlab-runner to FTBFS + +~~~~ gitlab-runner +src/gitlab.com/gitlab-org/gitlab-runner/helpers/docker/auth_config.go:102:22: cannot use config.AuthConfigs (type map[string]"github.com/docker/cli/cli/config/types".AuthConfig] as type map[string]"github.com/docker/docker/api/types".AuthConfig] in argument to addAll +src/gitlab.com/gitlab-org/gitlab-runner/helpers/docker/auth_config.go:130:2: cannot use newAuths (type map[string]"github.com/docker/cli/cli/config/types".AuthConfig] as type map[string]"github.com/docker/docker/api/types".AuthConfig] in return argument +src/gitlab.com/gitlab-org/gitlab-runner/helpers/docker/auth_config.go:144:26: cannot use newAuths (type "github.com/docker/cli/cli/config/types".AuthConfig) +~~~~ + +~~~~ nomad +src/github.com/hashicorp/nomad/drivers/docker/utils.go:118:57: cannot use cfile.AuthConfigs (type map[string]"github.com/docker/cli/cli/config/types".AuthConfig] as type map[string]"github.com/docker/docker/api/types".AuthConfig] in argument to "github.com/docker/docker/registry".ResolveAuthConfig +~~~~ + +Please update this patch when upstream provides a fix. + +Signed-off-by: Arnaud Rebillout + +--- a/cli/cli/config/types/authconfig.go ++++ b/cli/cli/config/types/authconfig.go +@@ -1,22 +1,7 @@ + package types + +-// AuthConfig contains authorization information for connecting to a Registry +-type AuthConfig struct { +- Username string `json:"username,omitempty"` +- Password string `json:"password,omitempty"` +- Auth string `json:"auth,omitempty"` ++import ( ++ "github.com/docker/docker/api/types" ++) + +- // Email is an optional value associated with the username. +- // This field is deprecated and will be removed in a later +- // version of docker. +- Email string `json:"email,omitempty"` +- +- ServerAddress string `json:"serveraddress,omitempty"` +- +- // IdentityToken is used to authenticate the user and get +- // an access token for the registry. +- IdentityToken string `json:"identitytoken,omitempty"` +- +- // RegistryToken is a bearer token to be sent to a registry +- RegistryToken string `json:"registrytoken,omitempty"` +-} ++type AuthConfig = types.AuthConfig diff --git a/patches/cli-fix-manpages-build-script.patch b/patches/cli-fix-manpages-build-script.patch new file mode 100644 index 00000000..04412923 --- /dev/null +++ b/patches/cli-fix-manpages-build-script.patch @@ -0,0 +1,18 @@ +Description: fix man pages build +Author: Arnaud Rebillout +Forwarded: not-needed +Last-Update: 2018-04-03 + +--- a/cli/scripts/docs/generate-man.sh ++++ b/cli/scripts/docs/generate-man.sh +@@ -3,9 +3,9 @@ + set -eu -o pipefail + + mkdir -p ./man/man1 + +-go install ./vendor/github.com/cpuguy83/go-md2man ++#go install ./vendor/github.com/cpuguy83/go-md2man + + # Generate man pages from cobra commands + go build -o /tmp/gen-manpages github.com/docker/cli/man + /tmp/gen-manpages --root "$(pwd)" --target "$(pwd)/man/man1" diff --git a/patches/containerd-cri_cni.patch b/patches/containerd-cri_cni.patch new file mode 100644 index 00000000..195a6ed7 --- /dev/null +++ b/patches/containerd-cri_cni.patch @@ -0,0 +1,86 @@ +From https://github.com/containerd/cri/pull/1238/commits/3995efc7c19bb1857efff29f85240cf29b863a34 +From: Michael Crosby +Date: Wed, 14 Aug 2019 14:32:08 +0000 +Subject: Update cni and go-cni to the v0.7.1 release (Closes #1236) + +--- a/containerd/vendor/github.com/containerd/cri/pkg/server/sandbox_run.go ++++ b/containerd/vendor/github.com/containerd/cri/pkg/server/sandbox_run.go +@@ -131,16 +131,16 @@ + // In future runtime implementation should avoid relying on CRI shim implementation details. + // In this case however caching the IP will add a subtle performance enhancement by avoiding + // calls to network namespace of the pod to query the IP of the veth interface on every + // SandboxStatus request. +- sandbox.IP, sandbox.CNIResult, err = c.setupPod(id, sandbox.NetNSPath, config) ++ sandbox.IP, sandbox.CNIResult, err = c.setupPod(ctx, id, sandbox.NetNSPath, config) + if err != nil { + return nil, errors.Wrapf(err, "failed to setup network for sandbox %q", id) + } + defer func() { + if retErr != nil { + // Teardown network if an error is returned. +- if err := c.teardownPod(id, sandbox.NetNSPath, config); err != nil { ++ if err := c.teardownPod(ctx, id, sandbox.NetNSPath, config); err != nil { + logrus.WithError(err).Errorf("Failed to destroy network for sandbox %q", id) + } + } + }() +@@ -533,15 +533,15 @@ + return nil + } + + // setupPod setups up the network for a pod +-func (c *criService) setupPod(id string, path string, config *runtime.PodSandboxConfig) (string, *cni.CNIResult, error) { ++func (c *criService) setupPod(ctx context.Context, id string, path string, config *runtime.PodSandboxConfig) (string, *cni.CNIResult, error) { + if c.netPlugin == nil { + return "", nil, errors.New("cni config not initialized") + } + + labels := getPodCNILabels(id, config) +- result, err := c.netPlugin.Setup(id, ++ result, err := c.netPlugin.Setup(ctx, id, + path, + cni.WithLabels(labels), + cni.WithCapabilityPortMap(toCNIPortMappings(config.GetPortMappings()))) + if err != nil { +@@ -552,9 +552,9 @@ + if configs, ok := result.Interfaces[defaultIfName]; ok && len(configs.IPConfigs) > 0 { + return selectPodIP(configs.IPConfigs), result, nil + } + // If it comes here then the result was invalid so destroy the pod network and return error +- if err := c.teardownPod(id, path, config); err != nil { ++ if err := c.teardownPod(ctx, id, path, config); err != nil { + logrus.WithError(err).Errorf("Failed to destroy network for sandbox %q", id) + } + return "", result, errors.Errorf("failed to find network info for sandbox %q", id) + } +--- a/containerd/vendor/github.com/containerd/cri/pkg/server/sandbox_stop.go ++++ b/containerd/vendor/github.com/containerd/cri/pkg/server/sandbox_stop.go +@@ -79,9 +79,9 @@ + return nil, errors.Wrap(err, "failed to check network namespace closed") + } else if closed { + netNSPath = "" + } +- if err := c.teardownPod(id, netNSPath, sandbox.Config); err != nil { ++ if err := c.teardownPod(ctx, id, netNSPath, sandbox.Config); err != nil { + return nil, errors.Wrapf(err, "failed to destroy network for sandbox %q", id) + } + if err = sandbox.NetNS.Remove(); err != nil { + return nil, errors.Wrapf(err, "failed to remove network namespace for sandbox %q", id) +@@ -159,15 +159,15 @@ + } + } + + // teardownPod removes the network from the pod +-func (c *criService) teardownPod(id string, path string, config *runtime.PodSandboxConfig) error { ++func (c *criService) teardownPod(ctx context.Context, id string, path string, config *runtime.PodSandboxConfig) error { + if c.netPlugin == nil { + return errors.New("cni config not initialized") + } + + labels := getPodCNILabels(id, config) +- return c.netPlugin.Remove(id, ++ return c.netPlugin.Remove(ctx, id, + path, + cni.WithLabels(labels), + cni.WithCapabilityPortMap(toCNIPortMappings(config.GetPortMappings()))) + } diff --git a/patches/debian-cgroupfs-mount-convenience-copy.patch b/patches/debian-cgroupfs-mount-convenience-copy.patch new file mode 100644 index 00000000..b22da9d2 --- /dev/null +++ b/patches/debian-cgroupfs-mount-convenience-copy.patch @@ -0,0 +1,81 @@ +Author: Tianon Gravi +Description: remove convenience copies of cgroupfs-mount in init.d / upstart +Forwarded: not-needed +Bug-Debian: https://bugs.debian.org/783143 + +--- a/engine/contrib/init/sysvinit-debian/docker ++++ b/engine/contrib/init/sysvinit-debian/docker +@@ -58,39 +58,14 @@ + exit 1 + fi + } + +-cgroupfs_mount() { +- # see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount +- if grep -v '^#' /etc/fstab | grep -q cgroup \ +- || [ ! -e /proc/cgroups ] \ +- || [ ! -d /sys/fs/cgroup ]; then +- return +- fi +- if ! mountpoint -q /sys/fs/cgroup; then +- mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup +- fi +- ( +- cd /sys/fs/cgroup +- for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do +- mkdir -p $sys +- if ! mountpoint -q $sys; then +- if ! mount -n -t cgroup -o $sys cgroup $sys; then +- rmdir $sys || true +- fi +- fi +- done +- ) +-} +- + case "$1" in + start) + check_init + + fail_unless_root + +- cgroupfs_mount +- + touch "$DOCKER_LOGFILE" + chgrp docker "$DOCKER_LOGFILE" + + ulimit -n 1048576 +--- a/engine/contrib/init/upstart/docker.conf ++++ b/engine/contrib/init/upstart/docker.conf +@@ -12,31 +12,8 @@ + respawn + + kill timeout 20 + +-pre-start script +- # see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount +- if grep -v '^#' /etc/fstab | grep -q cgroup \ +- || [ ! -e /proc/cgroups ] \ +- || [ ! -d /sys/fs/cgroup ]; then +- exit 0 +- fi +- if ! mountpoint -q /sys/fs/cgroup; then +- mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup +- fi +- ( +- cd /sys/fs/cgroup +- for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do +- mkdir -p $sys +- if ! mountpoint -q $sys; then +- if ! mount -n -t cgroup -o $sys cgroup $sys; then +- rmdir $sys || true +- fi +- fi +- done +- ) +-end script +- + script + # modify these in /etc/default/$UPSTART_JOB (/etc/default/docker) + DOCKERD=/usr/sbin/dockerd + DOCKER_OPTS= diff --git a/patches/debian-containerd-name.patch b/patches/debian-containerd-name.patch new file mode 100644 index 00000000..912a5ac3 --- /dev/null +++ b/patches/debian-containerd-name.patch @@ -0,0 +1,100 @@ +Last-Update: 2019-01-27 +Forwarded: not-needed +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920597 +Author: Dmitry Smirnov +Description: "fix" containerd executable name. + +--- a/engine/hack/make/.binary-setup ++++ b/engine/hack/make/.binary-setup +@@ -1,11 +1,11 @@ + #!/usr/bin/env bash + + DOCKER_DAEMON_BINARY_NAME='dockerd' + DOCKER_RUNC_BINARY_NAME='runc' +-DOCKER_CONTAINERD_BINARY_NAME='containerd' ++DOCKER_CONTAINERD_BINARY_NAME='docker-containerd' + DOCKER_CONTAINERD_CTR_BINARY_NAME='ctr' +-DOCKER_CONTAINERD_SHIM_BINARY_NAME='containerd-shim' ++DOCKER_CONTAINERD_SHIM_BINARY_NAME='docker-containerd-shim' + DOCKER_PROXY_BINARY_NAME='docker-proxy' + DOCKER_INIT_BINARY_NAME='docker-init' + DOCKER_ROOTLESSKIT_BINARY_NAME='rootlesskit' + DOCKER_ROOTLESSKIT_DOCKER_PROXY_BINARY_NAME='rootlesskit-docker-proxy' +--- a/engine/daemon/daemon.go ++++ b/engine/daemon/daemon.go +@@ -1040,9 +1040,9 @@ + }) + + go d.execCommandGC() + +- d.containerd, err = libcontainerd.NewClient(ctx, d.containerdCli, filepath.Join(config.ExecRoot, "containerd"), config.ContainerdNamespace, d) ++ d.containerd, err = libcontainerd.NewClient(ctx, d.containerdCli, filepath.Join(config.ExecRoot, "docker-containerd"), config.ContainerdNamespace, d) + if err != nil { + return nil, err + } + +--- a/engine/daemon/daemon_unix.go ++++ b/engine/daemon/daemon_unix.go +@@ -54,9 +54,9 @@ + + const ( + // DefaultShimBinary is the default shim to be used by containerd if none + // is specified +- DefaultShimBinary = "containerd-shim" ++ DefaultShimBinary = "docker-containerd-shim" + + // DefaultRuntimeBinary is the default runtime to be used by + // containerd if none is specified + DefaultRuntimeBinary = "runc" +--- a/engine/libcontainerd/supervisor/remote_daemon.go ++++ b/engine/libcontainerd/supervisor/remote_daemon.go +@@ -26,9 +26,9 @@ + healthCheckTimeout = 3 * time.Second + shutdownTimeout = 15 * time.Second + startupTimeout = 15 * time.Second + configFile = "containerd.toml" +- binaryName = "containerd" ++ binaryName = "docker-containerd" + pidFile = "containerd.pid" + ) + + type pluginConfigs struct { +--- a/containerd/cmd/containerd-shim/main_unix.go ++++ b/containerd/cmd/containerd-shim/main_unix.go +@@ -77,9 +77,9 @@ + flag.StringVar(&criuFlag, "criu", "", "path to criu binary") + flag.BoolVar(&systemdCgroupFlag, "systemd-cgroup", false, "set runtime to use systemd-cgroup") + // currently, the `containerd publish` utility is embedded in the daemon binary. + // The daemon invokes `containerd-shim -containerd-binary ...` with its own os.Executable() path. +- flag.StringVar(&containerdBinaryFlag, "containerd-binary", "containerd", "path to containerd binary (used for `containerd publish`)") ++ flag.StringVar(&containerdBinaryFlag, "containerd-binary", "docker-containerd", "path to containerd binary (used for `containerd publish`)") + flag.Parse() + } + + func main() { +--- a/containerd/runtime/v1/linux/runtime.go ++++ b/containerd/runtime/v1/linux/runtime.go +@@ -61,9 +61,9 @@ + + const ( + configFilename = "config.json" + defaultRuntime = "runc" +- defaultShim = "containerd-shim" ++ defaultShim = "docker-containerd-shim" + ) + + func init() { + plugin.Register(&plugin.Registration{ +--- a/containerd/runtime/v2/shim/util_unix.go ++++ b/containerd/runtime/v2/shim/util_unix.go +@@ -32,9 +32,9 @@ + "github.com/containerd/containerd/sys" + "github.com/pkg/errors" + ) + +-const shimBinaryFormat = "containerd-shim-%s-%s" ++const shimBinaryFormat = "docker-containerd-shim-%s-%s" + + func getSysProcAttr() *syscall.SysProcAttr { + return &syscall.SysProcAttr{ + Setpgid: true, diff --git a/patches/debian-dockerd-binary-location.patch b/patches/debian-dockerd-binary-location.patch new file mode 100644 index 00000000..6b5f88df --- /dev/null +++ b/patches/debian-dockerd-binary-location.patch @@ -0,0 +1,42 @@ +Forwarded: not-needed +Description: FHS compliance. + +--- a/engine/contrib/init/systemd/docker.service ++++ b/engine/contrib/init/systemd/docker.service +@@ -10,9 +10,9 @@ + # the default is not to use systemd for cgroups because the delegate issues still + # exists and systemd currently does not support the cgroup feature set required + # for containers run by docker + EnvironmentFile=-/etc/default/docker +-ExecStart=/usr/bin/dockerd -H fd:// $DOCKER_OPTS ++ExecStart=/usr/sbin/dockerd -H fd:// $DOCKER_OPTS + ExecReload=/bin/kill -s HUP $MAINPID + LimitNOFILE=1048576 + # Having non-zero Limit*s causes performance problems due to accounting overhead + # in the kernel. We recommend using cgroups to do container-local accounting. +--- a/engine/contrib/init/sysvinit-debian/docker ++++ b/engine/contrib/init/sysvinit-debian/docker +@@ -21,9 +21,9 @@ + + BASE=docker + + # modify these in /etc/default/$BASE (/etc/default/docker) +-DOCKERD=/usr/bin/dockerd ++DOCKERD=/usr/sbin/dockerd + # This is the pid file managed by docker itself + DOCKER_PIDFILE=/var/run/$BASE.pid + # This is the pid file created/managed by start-stop-daemon + DOCKER_SSD_PIDFILE=/var/run/$BASE-ssd.pid +--- a/engine/contrib/init/upstart/docker.conf ++++ b/engine/contrib/init/upstart/docker.conf +@@ -37,9 +37,9 @@ + end script + + script + # modify these in /etc/default/$UPSTART_JOB (/etc/default/docker) +- DOCKERD=/usr/bin/dockerd ++ DOCKERD=/usr/sbin/dockerd + DOCKER_OPTS= + if [ -f /etc/default/$UPSTART_JOB ]; then + . /etc/default/$UPSTART_JOB + fi diff --git a/patches/debian-dont-use-gotestsum-in-cli.patch b/patches/debian-dont-use-gotestsum-in-cli.patch new file mode 100644 index 00000000..8820e985 --- /dev/null +++ b/patches/debian-dont-use-gotestsum-in-cli.patch @@ -0,0 +1,68 @@ +From: Arnaud Rebillout +Date: Sat, 28 Sep 2019 02:30:56 +0000 +Subject: Dont use gotestsum in hack/test/unit + +gotestsum is not yet in Debian, let's just stick to 'go test' for now. + +As soon as gotestsum is packaged for Debian (see #940225), we can drop +this patch, and add gotestsum as a build dependency. + +This is a partial revert of the docker/cli commits: +- 3bd3996f72ca281cec288dd6e7f4fdaa0e1eeb00 +- 277f61415ec99d5fbae75c15013f2fdfb0017af4 + +Origin: vendor, Debian +Forwarded: not-needed, Debian-specific +Signed-off-by: Arnaud Rebillout + +--- /dev/null ++++ b/cli/scripts/test/unit +@@ -0,0 +1,4 @@ ++#!/usr/bin/env bash ++set -eu -o pipefail ++ ++go test -v "$@" +--- a/cli/Makefile ++++ b/cli/Makefile +@@ -11,15 +11,15 @@ clean: ## remove build artifacts + rm -rf ./build/* cli/winresources/rsrc_* ./man/man[1-9] docs/yaml/gen + + .PHONY: test-unit +-test-unit: ## run unit tests, to change the output format use: GOTESTSUM_FORMAT=(dots|short|standard-quiet|short-verbose|standard-verbose) make test-unit +- gotestsum $(TESTFLAGS) -- $${TESTDIRS:-$(shell go list ./... | grep -vE '/vendor/|/e2e/')} ++test-unit: ## run unit test ++ ./scripts/test/unit $(shell go list ./... | grep -vE '/vendor/|/e2e/') + + .PHONY: test + test: test-unit ## run tests + + .PHONY: test-coverage + test-coverage: ## run test coverage +- gotestsum -- -coverprofile=coverage.txt $(shell go list ./... | grep -vE '/vendor/|/e2e/') ++ ./scripts/test/unit-with-coverage $(shell go list ./... | grep -vE '/vendor/|/e2e/') + + .PHONY: fmt + fmt: +--- /dev/null ++++ b/cli/scripts/test/unit-with-coverage +@@ -0,0 +1,20 @@ ++#!/usr/bin/env bash ++set -eu -o pipefail ++ ++# install test dependencies once before running tests for each package. This ++# reduces the runtime from 200s down to 23s ++go test -i "$@" ++ ++echo "mode: atomic" > coverage.txt ++for pkg in "$@"; do ++ ./scripts/test/unit \ ++ -cover \ ++ -coverprofile=profile.out \ ++ -covermode=atomic \ ++ "${pkg}" ++ ++ if test -f profile.out; then ++ grep -v "^mode:" < profile.out >> coverage.txt || true ++ rm profile.out ++ fi ++done diff --git a/patches/debian-dont-use-gotestsum-in-hack-test-unit.patch b/patches/debian-dont-use-gotestsum-in-hack-test-unit.patch new file mode 100644 index 00000000..8bf20632 --- /dev/null +++ b/patches/debian-dont-use-gotestsum-in-hack-test-unit.patch @@ -0,0 +1,47 @@ +From cce626b54fa7607832e5fb6b9b5ad653d49dc7c7 Mon Sep 17 00:00:00 2001 +From: Arnaud Rebillout +Date: Mon, 16 Sep 2019 13:27:36 +0700 +Subject: [PATCH] Dont use gotestsum in hack/test/unit + +gotestsum is not yet in Debian, let's just stick to 'go test' for now. + +As soon as gotestsum is packaged for Debian (see #940225), we can drop +this patch, and add gotestsum as a build dependency. + +This is a partial revert of the commit: +https://github.com/docker/docker-ce/commit/bef34d1 + +Signed-off-by: Arnaud Rebillout +Origin: vendor, Debian +Forwarded: not-needed, Debian-specific +--- + components/engine/hack/test/unit | 21 +++++++++++++-------- + 1 file changed, 13 insertions(+), 8 deletions(-) + +--- a/engine/hack/test/unit ++++ b/engine/hack/test/unit +@@ -18,11 +18,16 @@ TESTDIRS="${TESTDIRS:-./...}" + exclude_paths='/vendor/|/integration' + pkg_list=$(go list $TESTDIRS | grep -vE "($exclude_paths)") + +-mkdir -p bundles +-gotestsum --format=standard-quiet --jsonfile=bundles/go-test-report.json --junitfile=bundles/junit-report.xml -- \ +- "${BUILDFLAGS[@]}" \ +- -cover \ +- -coverprofile=bundles/profile.out \ +- -covermode=atomic \ +- ${TESTFLAGS} \ +- ${pkg_list} ++for pkg in $pkg_list; do ++ go test "${BUILDFLAGS[@]}" \ ++ -cover \ ++ -coverprofile=profile.out \ ++ -covermode=atomic \ ++ ${TESTFLAGS} \ ++ "${pkg}" ++ ++ if test -f profile.out; then ++ cat profile.out >> coverage.txt ++ rm profile.out ++ fi ++done diff --git a/patches/debian-nuke-no-prompt.patch b/patches/debian-nuke-no-prompt.patch new file mode 100644 index 00000000..28720ec5 --- /dev/null +++ b/patches/debian-nuke-no-prompt.patch @@ -0,0 +1,21 @@ +Last-Update: 2018-06-09 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853258 +Forwarded: not-needed +Author: Dmitry Smirnov +Description: remove prompt and delay + +--- a/engine/contrib/nuke-graph-directory.sh ++++ b/engine/contrib/nuke-graph-directory.sh +@@ -27,12 +27,8 @@ + dir="$(readlink -f "$dir")" + + echo + echo "Nuking $dir ..." +-echo ' (if this is wrong, press Ctrl+C NOW!)' +-echo +- +-( set -x; sleep 10 ) + echo + + dir_in_dir() { + inner="$1" diff --git a/patches/debian-systemd-unit-environment-file.patch b/patches/debian-systemd-unit-environment-file.patch new file mode 100644 index 00000000..aab70f67 --- /dev/null +++ b/patches/debian-systemd-unit-environment-file.patch @@ -0,0 +1,20 @@ +Author: Paul R. Tagliamonte +Last-Update: 2014-05-07 +Description: Use EnvironmentFile with the systemd unit file. +Bug-Debian: http://bugs.debian.org/746774 +Forwarded: no + +--- a/engine/contrib/init/systemd/docker.service ++++ b/engine/contrib/init/systemd/docker.service +@@ -9,9 +9,10 @@ + Type=notify + # the default is not to use systemd for cgroups because the delegate issues still + # exists and systemd currently does not support the cgroup feature set required + # for containers run by docker +-ExecStart=/usr/bin/dockerd -H fd:// ++EnvironmentFile=-/etc/default/docker ++ExecStart=/usr/bin/dockerd -H fd:// $DOCKER_OPTS + ExecReload=/bin/kill -s HUP $MAINPID + LimitNOFILE=1048576 + # Having non-zero Limit*s causes performance problems due to accounting overhead + # in the kernel. We recommend using cgroups to do container-local accounting. diff --git a/patches/debian-systemd-unit-tasksmax.patch b/patches/debian-systemd-unit-tasksmax.patch new file mode 100644 index 00000000..26a52d84 --- /dev/null +++ b/patches/debian-systemd-unit-tasksmax.patch @@ -0,0 +1,21 @@ +From 33a8ab29ed9e51697772a0642b8d651b9a845532 Mon Sep 17 00:00:00 2001 +From: Pierre Carrier , Tianon Gravi +Date: Thu, 24 Mar 2016 16:14:30 -0700 +Subject: [PATCH] docker.service: don't limit tasks +Origin: https://github.com/docker/docker/pull/21491 + +Signed-off-by: Pierre Carrier + +--- a/engine/contrib/init/systemd/docker.service ++++ b/engine/contrib/init/systemd/docker.service +@@ -18,9 +18,9 @@ + LimitNPROC=infinity + LimitCORE=infinity + # Uncomment TasksMax if your systemd version supports it. + # Only systemd 226 and above support this version. +-#TasksMax=infinity ++TasksMax=infinity + TimeoutStartSec=0 + # set delegate yes so that systemd does not reset the cgroups of docker containers + Delegate=yes + # kill only the docker process, not all processes in the cgroup diff --git a/patches/engine-disable-microsoft-hcsshim.patch b/patches/engine-disable-microsoft-hcsshim.patch new file mode 100644 index 00000000..1e898de1 --- /dev/null +++ b/patches/engine-disable-microsoft-hcsshim.patch @@ -0,0 +1,46 @@ +From: Arnaud Rebillout +Date: Thu, 10 Oct 2019 20:42:00 +0700 +Subject: [PATCH] Disable Microsoft/hcsshim + +As far as I understand, this is only needed for Docker running on a +Windows host. Grepping the code shows that only Windows specific files +import Microsoft/hcsshim. The only exception is the file +`libcontainerd/remote/client.go`. + +Forwarded: https://github.com/moby/moby/issues/40067 +Signed-off-by: Arnaud Rebillout +--- + engine/libcontainerd/remote/client.go | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/engine/libcontainerd/remote/client.go b/engine/libcontainerd/remote/client.go +index 06d8d9c041..3c5060c0fe 100644 +--- a/engine/libcontainerd/remote/client.go ++++ b/engine/libcontainerd/remote/client.go +@@ -13,7 +13,8 @@ import ( + "syscall" + "time" + +- "github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options" ++ // DM - This is Windows only ++ //"github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options" + "github.com/containerd/containerd" + apievents "github.com/containerd/containerd/api/events" + "github.com/containerd/containerd/api/types" +@@ -206,9 +207,10 @@ func (c *client) Start(ctx context.Context, id, checkpointDir string, withStdin + } + } else { + // Make sure we set the runhcs options to debug if we are at debug level. +- if c.logger.Level == logrus.DebugLevel { +- info.Options = &options.Options{Debug: true} +- } ++ // DM - This is Windows only ++ //if c.logger.Level == logrus.DebugLevel { ++ // info.Options = &options.Options{Debug: true} ++ //} + } + return nil + }) +-- +2.20.1 + diff --git a/patches/jwt-go-v3.patch b/patches/jwt-go-v3.patch new file mode 100644 index 00000000..491bef59 --- /dev/null +++ b/patches/jwt-go-v3.patch @@ -0,0 +1,159 @@ +Origin: https://github.com/docker/licensing/commit/7c3de6a4f59e9e70764ea6f6901cf17b88059789 +From 7c3de6a4f59e9e70764ea6f6901cf17b88059789 Mon Sep 17 00:00:00 2001 +From: Guillaume Rose +Date: Wed, 19 Jun 2019 17:55:16 +0100 +Subject: [PATCH] Update github.com/dgrijalva/jwt-go to 3.2.0 (#27) + +--- a/cli/vendor/github.com/docker/licensing/lib/go-auth/jwt/jwt.go ++++ b/cli/vendor/github.com/docker/licensing/lib/go-auth/jwt/jwt.go +@@ -70,50 +70,54 @@ + } + + // Encode creates a JWT string for the given identity.DockerIdentity. + func Encode(identity identity.DockerIdentity, options EncodeOptions) (string, error) { +- // Note: we only support a RS256 signing method right now. If we want to support +- // additional signing methods (for example, HS256), this could be specified as an +- // encoding option. +- token := jwt.New(jwt.SigningMethodRS256) +- + block, _ := pem.Decode(options.Certificate) + if block == nil { + return "", fmt.Errorf("invalid key: failed to parse header") + } + + encodedCert := base64.StdEncoding.EncodeToString(block.Bytes) + x5cCerts := [1]string{encodedCert} + +- token.Header[x5c] = x5cCerts +- + // non standard fields + // Note: this is a required field +- token.Claims[username] = identity.Username +- token.Claims[email] = identity.Email ++ claims := make(map[string]interface{}) ++ claims[username] = identity.Username ++ claims[email] = identity.Email + + // standard JWT fields, consult the JWT spec for details +- token.Claims[sub] = identity.DockerID ++ claims[sub] = identity.DockerID + + if len(identity.Scopes) > 0 { +- token.Claims[scope] = strings.Join(identity.Scopes, " ") ++ claims[scope] = strings.Join(identity.Scopes, " ") + } + + jtiStr := options.Jti + if len(jtiStr) == 0 { + jtiStr = "jti-" + uuid.New().String() + } +- token.Claims[jti] = jtiStr ++ claims[jti] = jtiStr + +- token.Claims[iat] = time.Now().Unix() +- token.Claims[exp] = options.Expiration ++ claims[iat] = time.Now().Unix() ++ claims[exp] = options.Expiration + + if options.IncludeLegacyClaims { +- token.Claims[sessionid] = jtiStr +- token.Claims[userid] = identity.DockerID ++ claims[sessionid] = jtiStr ++ claims[userid] = identity.DockerID + } + +- return token.SignedString(options.SigningKey) ++ // Note: we only support a RS256 signing method right now. If we want to support ++ // additional signing methods (for example, HS256), this could be specified as an ++ // encoding option. ++ token := jwt.NewWithClaims(jwt.SigningMethodRS256, jwt.MapClaims(claims)) ++ token.Header[x5c] = x5cCerts ++ ++ privateKey, err := jwt.ParseRSAPrivateKeyFromPEM(options.SigningKey) ++ if err != nil { ++ return "", err ++ } ++ return token.SignedString(privateKey) + } + + // DecodeOptions holds JWT decoding options + type DecodeOptions struct { +@@ -121,51 +125,49 @@ + } + + // Decode decodes the given JWT string, returning the decoded identity.DockerIdentity + func Decode(tokenStr string, options DecodeOptions) (*identity.DockerIdentity, error) { +- rootCerts := options.CertificateChain +- token, err := jwt.Parse(tokenStr, keyFunc(rootCerts)) ++ token, err := jwt.Parse(tokenStr, keyFunc(options.CertificateChain)) ++ ++ if err != nil { ++ if ve, ok := err.(*jwt.ValidationError); ok { ++ return nil, &ValidationError{VError: ve} ++ } ++ return nil, fmt.Errorf("error decoding token: %s", err) ++ } + +- if err == nil && token.Valid { +- username, ok := token.Claims[username].(string) ++ if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid { ++ username, ok := claims[username].(string) + if !ok { + return nil, fmt.Errorf("%v claim not present", username) + } +- dockerID, ok := token.Claims[sub].(string) ++ dockerID, ok := claims[sub].(string) + if !ok { + return nil, fmt.Errorf("%v claim not present", sub) + } + + // email is optional +- email, _ := token.Claims[email].(string) ++ email, _ := claims[email].(string) + + var scopes []string +- if scopeClaim, ok := token.Claims[scope]; ok { ++ if scopeClaim, ok := claims[scope]; ok { + sstr, ok := scopeClaim.(string) + if !ok { + return nil, fmt.Errorf("scope claim invalid") + } + scopes = strings.Split(sstr, " ") + } + +- identity := &identity.DockerIdentity{ ++ return &identity.DockerIdentity{ + Username: username, + DockerID: dockerID, + Email: email, + Scopes: scopes, +- } +- return identity, nil ++ }, nil + } + + // no error but an invalid token seems like a corner case, but just to be sure +- if err == nil && !token.Valid { +- return nil, fmt.Errorf("token was invalid") +- } +- +- if ve, ok := err.(*jwt.ValidationError); ok { +- return nil, &ValidationError{VError: ve} +- } +- return nil, fmt.Errorf("error decoding token: %s", err) ++ return nil, fmt.Errorf("token was invalid") + } + + // IsExpired returns true if the token has expired, false otherwise + func IsExpired(tokenStr string, options DecodeOptions) (bool, error) { +@@ -224,9 +226,9 @@ + } + + key := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw}) + +- return key, nil ++ return jwt.ParseRSAPublicKeyFromPEM(key) + } + } + + // validateCert validates the ASN.1 DER encoded cert using the given x509.CertPool root diff --git a/patches/libnetwork_proto.patch b/patches/libnetwork_proto.patch new file mode 100644 index 00000000..78810766 --- /dev/null +++ b/patches/libnetwork_proto.patch @@ -0,0 +1,38 @@ +Last-Update: 2018-06-15 +Forwarded: not-needed +Author: Dmitry Smirnov +Description: fix generation of .pb.go files. + +--- a/libnetwork/drivers/overlay/overlay.go ++++ b/libnetwork/drivers/overlay/overlay.go +@@ -1,7 +1,7 @@ + package overlay + +-//go:generate protoc -I.:../../Godeps/_workspace/src/github.com/gogo/protobuf --gogo_out=import_path=github.com/docker/libnetwork/drivers/overlay,Mgogoproto/gogo.proto=github.com/gogo/protobuf/gogoproto:. overlay.proto ++//go:generate protoc -I.:../../../../../github.com/gogo/protobuf --gogo_out=import_path=github.com/docker/libnetwork/drivers/overlay,Mgogoproto/gogo.proto=github.com/gogo/protobuf/gogoproto:. overlay.proto + + import ( + "context" + "fmt" +--- a/libnetwork/agent.go ++++ b/libnetwork/agent.go +@@ -1,7 +1,7 @@ + package libnetwork + +-//go:generate protoc -I.:Godeps/_workspace/src/github.com/gogo/protobuf --gogo_out=import_path=github.com/docker/libnetwork,Mgogoproto/gogo.proto=github.com/gogo/protobuf/gogoproto:. agent.proto ++//go:generate protoc -I.:../../../github.com/gogo/protobuf --gogo_out=import_path=github.com/docker/libnetwork,Mgogoproto/gogo.proto=github.com/gogo/protobuf/gogoproto:. agent.proto + + import ( + "encoding/json" + "fmt" +--- a/libnetwork/networkdb/networkdb.go ++++ b/libnetwork/networkdb/networkdb.go +@@ -1,7 +1,7 @@ + package networkdb + +-//go:generate protoc -I.:../vendor/github.com/gogo/protobuf --gogo_out=import_path=github.com/docker/libnetwork/networkdb,Mgogoproto/gogo.proto=github.com/gogo/protobuf/gogoproto:. networkdb.proto ++//go:generate protoc -I.:../../../../github.com/gogo/protobuf --gogo_out=import_path=github.com/docker/libnetwork/networkdb,Mgogoproto/gogo.proto=github.com/gogo/protobuf/gogoproto:. networkdb.proto + + import ( + "context" + "fmt" diff --git a/patches/libnetwork_proto_no_unrecognized_all.patch b/patches/libnetwork_proto_no_unrecognized_all.patch new file mode 100644 index 00000000..ab4a7c2d --- /dev/null +++ b/patches/libnetwork_proto_no_unrecognized_all.patch @@ -0,0 +1,21 @@ +Description: Since gogo/protobuf 1.2 unknown fields in proto3 are preserved. + This results in a XXX_unrecognized of type []byte to be created in the struct. + As a side effect the struct can't be used as a map key anymore, resulting in + a libnetwork build failure. + + Fix this by setting goproto_unrecognized_all=false which suppresses this field. + + Upstream doesn't have the problem because they have pinned an older version + of gogo/protobuf: https://github.com/docker/libnetwork/pull/2242 +Author: Felix Geyer + +--- docker.io-18.09.1+dfsg1.orig/libnetwork/agent.proto ++++ docker.io-18.09.1+dfsg1/libnetwork/agent.proto +@@ -10,6 +10,7 @@ option (gogoproto.stringer_all) = true; + option (gogoproto.gostring_all) = true; + option (gogoproto.sizer_all) = true; + option (gogoproto.goproto_stringer_all) = false; ++option (gogoproto.goproto_unrecognized_all) = false; + + // EndpointRecord specifies all the endpoint specific information that + // needs to gossiped to nodes participating in the network. diff --git a/patches/mips-fix-devnumber.patch b/patches/mips-fix-devnumber.patch new file mode 100644 index 00000000..8294880c --- /dev/null +++ b/patches/mips-fix-devnumber.patch @@ -0,0 +1,22 @@ +Last-Update: 2018-03-18 +Forwarded: not-needed +Author: Dmitry Smirnov +Bug-Upstream: https://github.com/moby/moby/issues/28058 +Description: fix FTBFS on mips +~~~~ +github.com/docker/docker/pkg/system/stat_linux.go:13:7: cannot use s.Rdev (type uint32) as type uint64 in field value +~~~~ + +--- a/engine/pkg/system/stat_linux.go ++++ b/engine/pkg/system/stat_linux.go +@@ -7,9 +7,9 @@ + return &StatT{size: s.Size, + mode: s.Mode, + uid: s.Uid, + gid: s.Gid, +- rdev: s.Rdev, ++ rdev: uint64(s.Rdev), + mtim: s.Mtim}, nil + } + + // FromStatT converts a syscall.Stat_t type to a system.Stat_t type diff --git a/patches/series b/patches/series new file mode 100644 index 00000000..1bcf7336 --- /dev/null +++ b/patches/series @@ -0,0 +1,36 @@ +debian-systemd-unit-tasksmax.patch +# If upstream ever adds EnvFile, remove this patch. +# (see also https://github.com/docker/docker/pull/7220#issuecomment-50076589) +debian-systemd-unit-environment-file.patch +debian-containerd-name.patch +debian-dockerd-binary-location.patch +debian-cgroupfs-mount-convenience-copy.patch +debian-nuke-no-prompt.patch +debian-dont-use-gotestsum-in-cli.patch +debian-dont-use-gotestsum-in-hack-test-unit.patch + +engine-disable-microsoft-hcsshim.patch + +buildkit-build-against-google-grpc-1.11.patch + +cli-dont-duplicate-authconfig.patch +cli-fix-manpages-build-script.patch + +containerd-cri_cni.patch + +jwt-go-v3.patch + +libnetwork_proto.patch +libnetwork_proto_no_unrecognized_all.patch + +mips-fix-devnumber.patch + +test--disable-containerizedengine-update-test.patch +test--fix-test-errors.patch +test--skip-network-tests.patch +test--skip-privileged-unit-tests.patch +test--skip-TestAdapterReadLogs.patch +test--skip-TestClientWithRequestTimeout.patch +test--skip-TestGetRootUIDGID.patch +test--skip-TestSignCommandLocalFlag.patch +test--skip-TestStateRunStop.patch diff --git a/patches/test--disable-containerizedengine-update-test.patch b/patches/test--disable-containerizedengine-update-test.patch new file mode 100644 index 00000000..4bcb1533 --- /dev/null +++ b/patches/test--disable-containerizedengine-update-test.patch @@ -0,0 +1,19 @@ +From: Arnaud Rebillout +Date: Fri, 18 Jan 2019 18:54:15 +0700 +Subject: Disable containerizedengine/update_test.go + +This test FTBFS, see . +Please re-enable this test when this MR is accepted. + +Origin: vendor, Debian +Forwarded: not-needed, Debian-specific +Signed-off-by: Arnaud Rebillout + +--- a/cli/internal/containerizedengine/update_test.go ++++ b/cli/internal/containerizedengine/update_test.go +@@ -1,3 +1,5 @@ ++// +build ignore ++ + package containerizedengine + + import ( diff --git a/patches/test--fix-test-errors.patch b/patches/test--fix-test-errors.patch new file mode 100644 index 00000000..447729f5 --- /dev/null +++ b/patches/test--fix-test-errors.patch @@ -0,0 +1,17 @@ +Description: update several tests for text/path errors +Author: Tianon Gravi +Forwarded: not-needed + +--- a/engine/pkg/authorization/authz_unix_test.go ++++ b/engine/pkg/authorization/authz_unix_test.go +@@ -267,8 +267,10 @@ + if err != nil { + t.Fatal(err) + } + ++ t.Skip("Skipping plugin tests -- Unix socket path is too long: unix:///"+path.Join(pwd, pluginAddress)) ++ + client, err := plugins.NewClient("unix:///"+path.Join(pwd, pluginAddress), &tlsconfig.Options{InsecureSkipVerify: true}) + if err != nil { + t.Fatalf("Failed to create client %v", err) + } diff --git a/patches/test--skip-TestAdapterReadLogs.patch b/patches/test--skip-TestAdapterReadLogs.patch new file mode 100644 index 00000000..b3af56db --- /dev/null +++ b/patches/test--skip-TestAdapterReadLogs.patch @@ -0,0 +1,38 @@ +Last-Update: 2018-06-19 +Forwarded: not-needed +Author: Dmitry Smirnov +Description: disable unreliable test, failing randomly on multiple architectures. +~~~~ + FAIL: TestAdapterReadLogs (0.00s) + panic: runtime error: invalid memory address or nil pointer dereference [recovered] + panic: runtime error: invalid memory address or nil pointer dereference + [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x83273c5] + + goroutine 7 [running]: + testing.tRunner.func1(0x1a686ab0) + /usr/lib/go-1.10/src/testing/testing.go:742 +0x24a + panic(0x8393cc0, 0x85d1e78) + /usr/lib/go-1.10/src/runtime/panic.go:502 +0x1dc + github.com/docker/docker/daemon/logger.testMessageEqual(0x1a686ab0, 0x1a65cc7c, 0x0) + /var/lib/gitlab-runner/builds/736b76b0/1/docker-team/docker/.gopath/src/github.com/docker/docker/daemon/logger/adapter_test.go:178 +0x35 + github.com/docker/docker/daemon/logger.TestAdapterReadLogs(0x1a686ab0) + /var/lib/gitlab-runner/builds/736b76b0/1/docker-team/docker/.gopath/src/github.com/docker/docker/daemon/logger/adapter_test.go:131 +0x710 + testing.tRunner(0x1a686ab0, 0x83fa01c) + /usr/lib/go-1.10/src/testing/testing.go:777 +0xaa + created by testing.(*T).Run + /usr/lib/go-1.10/src/testing/testing.go:824 +0x243 + FAIL github.com/docker/docker/daemon/logger 0.012s +~~~~ + +--- a/engine/daemon/logger/adapter_test.go ++++ b/engine/daemon/logger/adapter_test.go +@@ -137,8 +137,9 @@ + return a + } + + func TestAdapterReadLogs(t *testing.T) { ++t.Skip("DM - skipping dodgy test") + plugin := newMockLoggingPlugin() + l := newMockPluginAdapter(plugin) + + testMsg := []Message{ diff --git a/patches/test--skip-TestClientWithRequestTimeout.patch b/patches/test--skip-TestClientWithRequestTimeout.patch new file mode 100644 index 00000000..06844df3 --- /dev/null +++ b/patches/test--skip-TestClientWithRequestTimeout.patch @@ -0,0 +1,21 @@ +Last-Update: 2019-11-04 +Forwarded: not-needed +Author: Dmitry Smirnov +Description: disabled unreliable, randomly failing test. +~~~~ + FAIL: TestClientWithRequestTimeout (0.00s) + client_test.go:254: assertion failed: expected an error, got nil: expected error +~~~~ + +--- a/engine/pkg/plugins/client_test.go ++++ b/engine/pkg/plugins/client_test.go +@@ -235,8 +235,9 @@ + assert.Check(t, is.DeepEqual(m, output)) + } + + func TestClientWithRequestTimeout(t *testing.T) { ++t.Skip("DM-skipped") + type timeoutError interface { + Timeout() bool + } + diff --git a/patches/test--skip-TestGetRootUIDGID.patch b/patches/test--skip-TestGetRootUIDGID.patch new file mode 100644 index 00000000..d15bd400 --- /dev/null +++ b/patches/test--skip-TestGetRootUIDGID.patch @@ -0,0 +1,26 @@ +Last-Update: 2018-06-16 +Forwarded: not-needed +Author: Dmitry Smirnov +Description: disable test failing is sbuild. +~~~~ + FAIL: TestGetRootUIDGID (0.00s) + idtools_unix_test.go:287: + Error Trace: idtools_unix_test.go:287 + Error: Not equal: + expected: 1009 + actual : 2952 + Test: TestGetRootUIDGID +~~~~ + +--- a/engine/pkg/idtools/idtools_unix_test.go ++++ b/engine/pkg/idtools/idtools_unix_test.go +@@ -266,8 +266,9 @@ + } + } + + func TestGetRootUIDGID(t *testing.T) { ++t.Skip("DM - skipping malfunctioning test, fails on sbuild") + uidMap := []IDMap{ + { + ContainerID: 0, + HostID: os.Getuid(), diff --git a/patches/test--skip-TestSignCommandLocalFlag.patch b/patches/test--skip-TestSignCommandLocalFlag.patch new file mode 100644 index 00000000..ea04b9d9 --- /dev/null +++ b/patches/test--skip-TestSignCommandLocalFlag.patch @@ -0,0 +1,29 @@ +From: Arnaud Rebillout +Date: Sat, 28 Sep 2019 02:30:56 +0000 +Subject: Skip TestSignCommandLocalFlag + +No idea why this test used to pass before and fails now... + +~~~~ + === RUN TestSignCommandLocalFlag + --- FAIL: TestSignCommandLocalFlag (35.01s) + sign_test.go:307: assertion failed: expected error to contain "error contacting notary server: dial tcp: lookup reg-name.io", + got "Error: error contacting notary server: dial tcp 125.235.4.59:443: i/o timeout" + ... + FAIL github.com/docker/cli/cli/command/trust 49.235s +~~~~ + +Origin: vendor, Debian +Forwarded: not-needed, Debian-specific +Signed-off-by: Arnaud Rebillout + +--- a/cli/cli/command/trust/sign_test.go ++++ b/cli/cli/command/trust/sign_test.go +@@ -299,6 +299,7 @@ func TestSignCommandChangeListIsCleanedO + } + + func TestSignCommandLocalFlag(t *testing.T) { ++ t.Skip("DM - skip test that fails") + cli := test.NewFakeCli(&fakeClient{}) + cli.SetNotaryClient(notaryfake.GetEmptyTargetsNotaryRepository) + cmd := newSignCommand(cli) diff --git a/patches/test--skip-TestStateRunStop.patch b/patches/test--skip-TestStateRunStop.patch new file mode 100644 index 00000000..7d70ba9b --- /dev/null +++ b/patches/test--skip-TestStateRunStop.patch @@ -0,0 +1,20 @@ +Last-Update: 2018-08-02 +Forwarded: not-needed +Author: Dmitry Smirnov +Description: disabled unreliable test. +~~~~ + state_test.go:102: ExitCode -1, expected 2, err "context deadline exceeded" +~~~~ + +--- a/engine/container/state_test.go ++++ b/engine/container/state_test.go +@@ -28,8 +28,9 @@ + } + } + + func TestStateRunStop(t *testing.T) { ++t.Skip("DM - disabled unreliable test") + s := NewState() + + // Begin another wait with WaitConditionRemoved. It should complete + // within 200 milliseconds. diff --git a/patches/test--skip-network-tests.patch b/patches/test--skip-network-tests.patch new file mode 100644 index 00000000..a6955dbe --- /dev/null +++ b/patches/test--skip-network-tests.patch @@ -0,0 +1,17 @@ +Last-Update: 2018-06-16 +Forwarded: not-needed +Author: Dmitry Smirnov +Description: disable failing test due to dependency on network. + +--- a/cli/cli/command/image/push_test.go ++++ b/cli/cli/command/image/push_test.go +@@ -12,8 +12,9 @@ + "gotest.tools/assert" + ) + + func TestNewPushCommandErrors(t *testing.T) { ++t.Skip("DM - skipping network test") + testCases := []struct { + name string + args []string + expectedError string diff --git a/patches/test--skip-privileged-unit-tests.patch b/patches/test--skip-privileged-unit-tests.patch new file mode 100644 index 00000000..7b4dbc89 --- /dev/null +++ b/patches/test--skip-privileged-unit-tests.patch @@ -0,0 +1,309 @@ +Last-Update: 2019-09-13 +Forwarded: not-needed +Author: Tianon Gravi +Description: allow skipping "privileged" tests with "-test.short" + +--- a/engine/builder/dockerfile/internals_test.go ++++ b/engine/builder/dockerfile/internals_test.go +@@ -19,6 +19,7 @@ import ( + ) + + func TestEmptyDockerfile(t *testing.T) { ++ t.Skip("DM - skipping privileged test") + contextDir, cleanup := createTestTempDir(t, "", "builder-dockerfile-test") + defer cleanup() + +@@ -28,6 +29,7 @@ func TestEmptyDockerfile(t *testing.T) { + } + + func TestSymlinkDockerfile(t *testing.T) { ++ t.Skip("DM - skipping privileged test") + contextDir, cleanup := createTestTempDir(t, "", "builder-dockerfile-test") + defer cleanup() + +@@ -43,6 +45,7 @@ func TestSymlinkDockerfile(t *testing.T) + } + + func TestDockerfileOutsideTheBuildContext(t *testing.T) { ++ t.Skip("DM - skipping privileged test") + contextDir, cleanup := createTestTempDir(t, "", "builder-dockerfile-test") + defer cleanup() + +@@ -55,6 +58,7 @@ func TestDockerfileOutsideTheBuildContex + } + + func TestNonExistingDockerfile(t *testing.T) { ++ t.Skip("DM - skipping privileged test") + contextDir, cleanup := createTestTempDir(t, "", "builder-dockerfile-test") + defer cleanup() + +--- a/engine/daemon/graphdriver/overlay2/overlay_test.go ++++ b/engine/daemon/graphdriver/overlay2/overlay_test.go +@@ -37,22 +37,27 @@ func skipIfNaive(t *testing.T) { + // This avoids creating a new driver for each test if all tests are run + // Make sure to put new tests between TestOverlaySetup and TestOverlayTeardown + func TestOverlaySetup(t *testing.T) { ++ t.Skip("DM - skipping privileged test") + graphtest.GetDriver(t, driverName) + } + + func TestOverlayCreateEmpty(t *testing.T) { ++ t.Skip("DM - skipping privileged test") + graphtest.DriverTestCreateEmpty(t, driverName) + } + + func TestOverlayCreateBase(t *testing.T) { ++ t.Skip("DM - skipping privileged test") + graphtest.DriverTestCreateBase(t, driverName) + } + + func TestOverlayCreateSnap(t *testing.T) { ++ t.Skip("DM - skipping privileged test") + graphtest.DriverTestCreateSnap(t, driverName) + } + + func TestOverlay128LayerRead(t *testing.T) { ++ t.Skip("DM - skipping privileged test") + graphtest.DriverTestDeepLayerRead(t, 128, driverName) + } + +--- a/engine/volume/local/local_test.go ++++ b/engine/volume/local/local_test.go +@@ -31,6 +31,7 @@ func TestGetAddress(t *testing.T) { + } + + func TestRemove(t *testing.T) { ++t.Skip("DM - skipping privileged test") + skip.If(t, runtime.GOOS == "windows", "FIXME: investigate why this test fails on CI") + rootDir, err := ioutil.TempDir("", "local-volume-test") + if err != nil { +@@ -74,6 +75,7 @@ func TestRemove(t *testing.T) { + } + + func TestInitializeWithVolumes(t *testing.T) { ++ t.Skip("DM - skipping privileged tests") + rootDir, err := ioutil.TempDir("", "local-volume-test") + if err != nil { + t.Fatal(err) +@@ -106,6 +108,7 @@ func TestInitializeWithVolumes(t *testin + } + + func TestCreate(t *testing.T) { ++ t.Skip("DM - skipping privileged tests") + rootDir, err := ioutil.TempDir("", "local-volume-test") + if err != nil { + t.Fatal(err) +@@ -178,6 +181,7 @@ func TestValidateName(t *testing.T) { + } + + func TestCreateWithOpts(t *testing.T) { ++t.Skip("DM - skipping privileged test") + skip.If(t, runtime.GOOS == "windows") + skip.If(t, os.Getuid() != 0, "requires mounts") + rootDir, err := ioutil.TempDir("", "local-volume-test") +--- a/engine/pkg/mount/mount_unix_test.go ++++ b/engine/pkg/mount/mount_unix_test.go +@@ -25,6 +25,7 @@ func TestMountOptionsParsing(t *testing. + } + + func TestMounted(t *testing.T) { ++t.Skip("DM - skipping privileged test") + if os.Getuid() != 0 { + t.Skip("root required") + } +@@ -80,6 +81,7 @@ func TestMounted(t *testing.T) { + } + + func TestMountReadonly(t *testing.T) { ++t.Skip("DM - skipping privileged test") + if os.Getuid() != 0 { + t.Skip("root required") + } +@@ -129,6 +131,7 @@ func TestMountReadonly(t *testing.T) { + } + + func TestGetMounts(t *testing.T) { ++t.Skip("DM - skipping privileged test") + mounts, err := GetMounts(nil) + if err != nil { + t.Fatal(err) +--- a/engine/pkg/mount/sharedsubtree_linux_test.go ++++ b/engine/pkg/mount/sharedsubtree_linux_test.go +@@ -13,6 +13,7 @@ import ( + + // nothing is propagated in or out + func TestSubtreePrivate(t *testing.T) { ++t.Skip("DM - skipping privileged test") + if os.Getuid() != 0 { + t.Skip("root required") + } +@@ -115,6 +116,7 @@ func TestSubtreePrivate(t *testing.T) { + // Testing that when a target is a shared mount, + // then child mounts propagate to the source + func TestSubtreeShared(t *testing.T) { ++t.Skip("DM - skipping privileged test") + if os.Getuid() != 0 { + t.Skip("root required") + } +@@ -187,6 +189,7 @@ func TestSubtreeShared(t *testing.T) { + // testing that mounts to a shared source show up in the slave target, + // and that mounts into a slave target do _not_ show up in the shared source + func TestSubtreeSharedSlave(t *testing.T) { ++t.Skip("DM - skipping privileged test") + if os.Getuid() != 0 { + t.Skip("root required") + } +@@ -295,6 +298,7 @@ func TestSubtreeSharedSlave(t *testing.T + } + + func TestSubtreeUnbindable(t *testing.T) { ++t.Skip("DM - skipping privileged test") + if os.Getuid() != 0 { + t.Skip("root required") + } +--- a/engine/daemon/graphdriver/overlay/overlay_test.go ++++ b/engine/daemon/graphdriver/overlay/overlay_test.go +@@ -19,22 +19,27 @@ func init() { + // This avoids creating a new driver for each test if all tests are run + // Make sure to put new tests between TestOverlaySetup and TestOverlayTeardown + func TestOverlaySetup(t *testing.T) { ++ t.Skip("DM - skipping privileged test") + graphtest.GetDriver(t, "overlay") + } + + func TestOverlayCreateEmpty(t *testing.T) { ++ t.Skip("DM - skipping privileged test") + graphtest.DriverTestCreateEmpty(t, "overlay") + } + + func TestOverlayCreateBase(t *testing.T) { ++ t.Skip("DM - skipping privileged test") + graphtest.DriverTestCreateBase(t, "overlay") + } + + func TestOverlayCreateSnap(t *testing.T) { ++ t.Skip("DM - skipping privileged test") + graphtest.DriverTestCreateSnap(t, "overlay") + } + + func TestOverlay50LayerRead(t *testing.T) { ++ t.Skip("DM - skipping privileged test") + graphtest.DriverTestDeepLayerRead(t, 50, "overlay") + } + +--- a/engine/pkg/archive/archive_linux_test.go ++++ b/engine/pkg/archive/archive_linux_test.go +@@ -91,6 +91,7 @@ func checkFileMode(t *testing.T, path st + } + + func TestOverlayTarUntar(t *testing.T) { ++t.Skip("DM - skipping privileged test") + oldmask, err := system.Umask(0) + assert.NilError(t, err) + defer system.Umask(oldmask) +@@ -130,6 +131,7 @@ func TestOverlayTarUntar(t *testing.T) { + } + + func TestOverlayTarAUFSUntar(t *testing.T) { ++t.Skip("DM - skipping privileged test") + oldmask, err := system.Umask(0) + assert.NilError(t, err) + defer system.Umask(oldmask) +--- a/cli/cli/command/image/build_test.go ++++ b/cli/cli/command/image/build_test.go +@@ -25,6 +25,7 @@ import ( + ) + + func TestRunBuildDockerfileFromStdinWithCompress(t *testing.T) { ++t.Skip("DM - skipping privileged test") + buffer := new(bytes.Buffer) + fakeBuild := newFakeBuild() + fakeImageBuild := func(ctx context.Context, context io.Reader, options types.ImageBuildOptions) (types.ImageBuildResponse, error) { +@@ -122,6 +123,7 @@ COPY data /data + // TODO: test "context selection" logic directly when runBuild is refactored + // to support testing (ex: docker/cli#294) + func TestRunBuildFromGitHubSpecialCase(t *testing.T) { ++t.Skip("DM - disabled due to network access") + cmd := NewBuildCommand(test.NewFakeCli(nil)) + // Clone a small repo that exists so git doesn't prompt for credentials + cmd.SetArgs([]string{"github.com/docker/for-win"}) +--- a/engine/daemon/oci_linux_test.go ++++ b/engine/daemon/oci_linux_test.go +@@ -62,6 +62,7 @@ func cleanupFakeContainer(c *container.C + // in "Duplicate mount point" error from the engine. + // https://github.com/moby/moby/issues/35455 + func TestTmpfsDevShmNoDupMount(t *testing.T) { ++t.Skip("DM - skipping privileged test") + c := &container.Container{ + ShmPath: "foobar", // non-empty, for c.IpcMounts() to work + HostConfig: &containertypes.HostConfig{ +@@ -84,6 +85,7 @@ func TestTmpfsDevShmNoDupMount(t *testin + // the resulting /dev/shm mount is NOT made read-only. + // https://github.com/moby/moby/issues/36503 + func TestIpcPrivateVsReadonly(t *testing.T) { ++t.Skip("DM - skipping privileged test") + c := &container.Container{ + HostConfig: &containertypes.HostConfig{ + IpcMode: containertypes.IpcMode("private"), +@@ -108,6 +110,7 @@ func TestIpcPrivateVsReadonly(t *testing + // TestSysctlOverride ensures that any implicit sysctls (such as + // Config.Domainname) are overridden by an explicit sysctl in the HostConfig. + func TestSysctlOverride(t *testing.T) { ++t.Skip("DM - skipping privileged test") + c := &container.Container{ + Config: &containertypes.Config{ + Hostname: "foobar", +@@ -137,6 +140,7 @@ func TestSysctlOverride(t *testing.T) { + } + + func TestGetSourceMount(t *testing.T) { ++t.Skip("Skipped failing test") + // must be able to find source mount for / + mnt, _, err := getSourceMount("/") + assert.NilError(t, err) +--- a/engine/layer/mount_test.go ++++ b/engine/layer/mount_test.go +@@ -12,6 +12,7 @@ import ( + ) + + func TestMountInit(t *testing.T) { ++ t.Skip("DM - skipping privileged test") + // TODO Windows: Figure out why this is failing + if runtime.GOOS == "windows" { + t.Skip("Failing on Windows") +@@ -120,6 +121,7 @@ func TestMountSize(t *testing.T) { + } + + func TestMountChanges(t *testing.T) { ++ t.Skip("DM - skipping privileged test") + // TODO Windows: Figure out why this is failing + if runtime.GOOS == "windows" { + t.Skip("Failing on Windows") +--- a/engine/daemon/graphdriver/aufs/aufs_test.go ++++ b/engine/daemon/graphdriver/aufs/aufs_test.go +@@ -31,6 +31,7 @@ func init() { + } + + func testInit(dir string, t testing.TB) graphdriver.Driver { ++ t.Skip("DM - skipping privileged test") + d, err := Init(dir, nil, nil, nil) + if err != nil { + if err == graphdriver.ErrNotSupported { +--- a/engine/pkg/chrootarchive/archive_unix_test.go ++++ b/engine/pkg/chrootarchive/archive_unix_test.go +@@ -23,6 +23,7 @@ import ( + // some path outside of a container's rootfs that we do not copy data to a + // container path that will actually overwrite data on the host + func TestUntarWithMaliciousSymlinks(t *testing.T) { ++t.Skip("DM - skipping privileged test") + dir, err := ioutil.TempDir("", t.Name()) + assert.NilError(t, err) + defer os.RemoveAll(dir) +@@ -84,6 +85,7 @@ func TestUntarWithMaliciousSymlinks(t *t + // some path outside of a container's rootfs that we do not unwittingly leak + // host data into the archive. + func TestTarWithMaliciousSymlinks(t *testing.T) { ++t.Skip("DM - skipping privileged test") + dir, err := ioutil.TempDir("", t.Name()) + assert.NilError(t, err) + // defer os.RemoveAll(dir) diff --git a/rules b/rules new file mode 100755 index 00000000..8f749e55 --- /dev/null +++ b/rules @@ -0,0 +1,181 @@ +#!/usr/bin/make -f +# -*- makefile -*- + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +export HOME=$(CURDIR)/debian/tmp + +#export DH_GOLANG_BUILDPKG := github.com/docker/docker github.com/docker/cli +export DH_GOLANG_GO_GENERATE := 1 +export DH_GOLANG_INSTALL_ALL := 1 +export DH_GOLANG_INSTALL_EXTRA := testdata/ +export DH_GOLANG_EXCLUDES := \ + integration-cli \ + vendor + +# temporary build path (see http://golang.org/doc/code.html#GOPATH) +OUR_GOPATH := $(CURDIR)/.gopath +export GOPATH := $(OUR_GOPATH) + +export DOCKER_VERSION := $(shell cat VERSION) +export DOCKER_GITCOMMIT := $(shell ./debian/helpers/gitcommit.sh $(DOCKER_VERSION)) +ifndef DOCKER_GITCOMMIT + $(error Missing DOCKER_GITCOMMIT - see debian/upstream-version-gitcommits) +endif + +export BUILDTIME := $(shell dpkg-parsechangelog -SDate) + +# have "make.sh" keep "bundle/$(DOCKER_VERSION)" around between runs (we clean it up appropriately ourselves) +export KEEPBUNDLE := 1 + +## AppArmor can be optionally used in Debian and is there by default in Ubuntu, +## so we need support for it compiled into our binary same story with SELinux. +export DOCKER_BUILDTAGS := apparmor seccomp selinux ambient + +## prefer Go 1.7 explicitly if it's available (golang-1.7-go) +#export PATH := /usr/lib/go-1.7/bin:$(PATH) + +APPARMOR_RECOMMENDS := $(shell dpkg-vendor --is Ubuntu && echo apparmor) +BUILT_LIBC := $(shell dpkg-query -f '$${source:Package} (= $${source:Version})' -W libc-dev-bin) + +%: + dh $@ --buildsystem=golang --with=bash-completion,golang --builddirectory=.gopath + +override_dh_clean: + dh_clean + $(RM) -v -r autogen bundles man/man*/ +# -find . -type f -name '*.pb.go' -delete -printf 'removed %p\n' ## delete generated .pb.go files + ## Remove Files-Excluded (when built from checkout or non-DFSG tarball): + $(RM) -rv `perl -0nE 'say grep { $$_=q{ */}.$$_ } split(/\s+/,$$1) if m{^Files\-Excluded:\s*(.*?)(?:\n\n|^Files|^Comment:)}sm;' debian/copyright` + -find */vendor -mindepth 1 -type d -empty -delete -printf 'removed %p\n' + +override_dh_auto_configure: +## dh_auto_configure symlinks dirs from "/usr/share/gocode/src" into +## $(OUR_GOPATH) unless folders already exist there in which case files +## are copied. Pre-making directories allows us to use debhelper to +## create proper GOPATH source tree yet have certain directories writable +## even if they are provided by already installed package. + mkdir -pv $(OUR_GOPATH)/src/github.com/docker/cli + mkdir -pv $(OUR_GOPATH)/src/github.com/docker/docker + mkdir -pv $(OUR_GOPATH)/src/github.com/docker/libnetwork + mkdir -pv $(OUR_GOPATH)/src/github.com/docker/swarmkit + mkdir -pv $(OUR_GOPATH)/src/github.com/docker/distribution + mkdir -pv $(OUR_GOPATH)/src/github.com/docker/go-events + mkdir -pv $(OUR_GOPATH)/src/github.com/containerd/containerd + +# ## Prepare builddirectory but throw away sourcedirectory. + DH_GOPKG="__IGNORE__" dh_auto_configure + +## Each package must be removed from working tree first, in case some +## of the packages that we are going to build are already installed. +## This is also useful for building in unclean environment. +## +## This is _necessary_ to avoid merging packages that we build with +## pre-installed packages. See #827226 for details. +## Debhelper knows only about "main" DH_GOPKG package but we build several +## and we have to ensure that build tree is properly prepared. + $(RM) -r $(OUR_GOPATH)/src/github.com/docker/cli + cp -ra cli $(OUR_GOPATH)/src/github.com/docker/cli + + $(RM) -r $(OUR_GOPATH)/src/github.com/docker/docker + cp -ra engine $(OUR_GOPATH)/src/github.com/docker/docker + + $(RM) -r $(OUR_GOPATH)/src/github.com/docker/libnetwork + cp -ra libnetwork $(OUR_GOPATH)/src/github.com/docker/libnetwork + + $(RM) -r $(OUR_GOPATH)/src/github.com/docker/swarmkit + cp -ra swarmkit $(OUR_GOPATH)/src/github.com/docker/swarmkit + + $(RM) -r $(OUR_GOPATH)/src/github.com/docker/distribution + cp -ra distribution $(OUR_GOPATH)/src/github.com/docker/distribution + + $(RM) -r $(OUR_GOPATH)/src/github.com/docker/go-events + cp -ra go-events $(OUR_GOPATH)/src/github.com/docker/go-events + + $(RM) -r $(OUR_GOPATH)/src/github.com/containerd/containerd + cp -ra containerd $(OUR_GOPATH)/src/github.com/containerd/containerd + +# cp -ra engine/vendor/github.com/docker/distribution $(OUR_GOPATH)/src/github.com/docker/ + +override_dh_auto_build-indep: + # noop + +override_dh_auto_build-arch: +## order is important: + +## ## FIXME: DH_GOLANG_BUILDPKG --> DH_GOPKG + DH_GOLANG_BUILDPKG="github.com/docker/distribution" dh_auto_build -v + + DH_GOPKG="github.com/docker/libnetwork" dh_auto_build -v + +## ## FIXME: DH_GOLANG_BUILDPKG --> DH_GOPKG + DH_GOLANG_BUILDPKG="github.com/docker/swarmkit" dh_auto_build -v + + export DH_GOPKG="github.com/containerd/containerd" ;\ + export REV="`grep $${DH_GOPKG} engine/vendor.conf | head -1 | awk '{print $$2}'`" ;\ + dh_auto_build -v -- -tags "$(DOCKER_BUILDTAGS)" \ + -ldflags "-X $${DH_GOPKG}/version.Version=$(DOCKER_VERSION) -X $${DH_GOPKG}/version.Revision=$${REV}" + + DH_GOPKG="github.com/docker/go-events" dh_auto_build -v + +## build ("cd" first to ensure we build from within GOPATH) + cd '$(OUR_GOPATH)/src/github.com/docker/docker' \ + && VERSION=$(DOCKER_VERSION) ./hack/make.sh dynbinary + + cd '$(OUR_GOPATH)/src/github.com/docker/cli' \ + && DISABLE_WARN_OUTSIDE_CONTAINER=1 LDFLAGS='' \ + $(MAKE) VERSION=$(DOCKER_VERSION) GITCOMMIT=$(DOCKER_GITCOMMIT) dynbinary manpages + +# # compile man pages +# ./man/md2man-all.sh -q + +override_dh_auto_test-indep: + DH_GOLANG_EXCLUDES="integration-cli integration test/integration" \ + dh_auto_test -v --max-parallel=4 -- -short + +override_dh_auto_test-arch: +### [[[ DO NOT DISABLE TESTS ]]] [[[ DO *NOT* DISABLE TESTS ]]] + DH_GOLANG_EXCLUDES="integration-cli integration test/integration" \ + dh_auto_test -v --max-parallel=4 -- -short +ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS))) + + ## Test engine: +# cd '$(OUR_GOPATH)/src/$(DH_GOPKG)' \ +# && TESTFLAGS='-test.short' ./hack/make.sh test-unit + cd $(OUR_GOPATH)/src/github.com/docker/docker \ + && TESTFLAGS='-test.short' ./hack/test/unit + + ## Test CLI: + # The following scripts were created with a patch, + # hence we must set the executable bit by hand. + chmod +x $(OUR_GOPATH)/src/github.com/docker/cli/scripts/test/unit + chmod +x $(OUR_GOPATH)/src/github.com/docker/cli/scripts/test/unit-with-coverage + cd $(OUR_GOPATH)/src/github.com/docker/cli \ + && DISABLE_WARN_OUTSIDE_CONTAINER=1 $(MAKE) test-unit + + .gopath/bin/containerd -version +endif + +override_dh_install: + ## Do not install extra license files: + dh_install -XLICENSE + +override_dh_auto_install: + ## skip dh_auto_install to stop dh_golang trying to copy bits + ## for /usr/share/gocode (we use dh_install/dh-exec for that) + +override_dh_installinit: + dh_installinit -v --name=docker --no-stop-on-upgrade --no-restart-after-upgrade + +override_dh_installsystemd: + dh_installsystemd -v --name=docker --no-stop-on-upgrade --no-restart-after-upgrade + +override_dh_installudev: + # use priority z80 to match the upstream priority of 80 + dh_installudev -v --name=docker --priority=z80 + +override_dh_gencontrol: + echo 'apparmor:Recommends=$(APPARMOR_RECOMMENDS)' >> debian/docker.io.substvars + echo 'libc:Built-Using=$(BUILT_LIBC)' >> debian/docker.io.substvars + dh_gencontrol diff --git a/source/format b/source/format new file mode 100644 index 00000000..163aaf8d --- /dev/null +++ b/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/source/lintian-overrides b/source/lintian-overrides new file mode 100644 index 00000000..2a07e111 --- /dev/null +++ b/source/lintian-overrides @@ -0,0 +1,5 @@ +## Files-Excluded leftovers: +source-contains-empty-directory */vendor/* + +## Acknowledged: +dh-exec-subst-unknown-variable debian/docker.io.install DOCKER_VERSION diff --git a/tests/basic-smoke b/tests/basic-smoke new file mode 100755 index 00000000..eae62a1f --- /dev/null +++ b/tests/basic-smoke @@ -0,0 +1,36 @@ +#!/bin/bash +set -eux +set -o pipefail + +exitTraps=( 'true' ) +doExit() { + for exitTrap in "${exitTraps[@]}"; do + eval "$exitTrap" || true + done +} +trap 'doExit' EXIT +defer() { + exitTraps=( "$@" "${exitTraps[@]}" ) +} + +/etc/init.d/docker start +defer '/etc/init.d/docker stop' +defer 'journalctl -u docker | tail' + +# make sure Docker itself is working before we go too deep down the rabbit hole +docker version + +tempDir="$(mktemp -d)" +defer "rm -rf '$tempDir'" + +debootstrap \ + --variant=minbase \ + stable \ + "$tempDir" \ + http://httpredir.debian.org/debian + +tar -cC "$tempDir" . | docker import - debian +defer 'docker rmi debian' + +docker run --name test debian true +defer 'docker rm -f test' diff --git a/tests/control b/tests/control new file mode 100644 index 00000000..1824f5c9 --- /dev/null +++ b/tests/control @@ -0,0 +1,7 @@ +Tests: basic-smoke +Depends: aufs-tools, debian-archive-keyring, debootstrap, @ +Restrictions: allow-stderr isolation-machine needs-root + +#Tests: integration +#Depends: ca-certificates, curl, git, golang-check.v1-dev, jq, @, @builddeps@ +#Restrictions: allow-stderr isolation-machine needs-root rw-build-tree diff --git a/tests/integration b/tests/integration new file mode 100755 index 00000000..6b40edcb --- /dev/null +++ b/tests/integration @@ -0,0 +1,41 @@ +#!/bin/bash +set -e + +# apply patches +dpkg-source --before-build . + +# prepare the environment +./debian/rules dh_configure +export GOPATH="$PWD/.gopath" +export DOCKER_GITCOMMIT="$(./debian/helpers/gitcommit.sh)" + +# docker's tests need an unprivileged user available at this username +useradd --system --gid docker --comment 'Docker Test Suite Unprivileged User' unprivilegeduser + +# https://github.com/docker/docker/blob/7307998a44237a8943792c279b81ff5a387a86fa/builder/dockerfile/builder.go#L34-L44 +proxyArgs=( + http_proxy + https_proxy + ftp_proxy + no_proxy +) +DOCKER_BUILD_ARGS= +for proxyArgBase in "${proxyArgs[@]}"; do + for proxyArg in "${proxyArgBase^^}" "$proxyArgBase"; do + if [ -n "${!proxyArg}" ]; then + [ -z "$DOCKER_BUILD_ARGS" ] || DOCKER_BUILD_ARGS+=' ' + DOCKER_BUILD_ARGS+="--build-arg ${proxyArg}=${!proxyArg}" + fi + done +done +export DOCKER_BUILD_ARGS + +# run the tests +./hack/make.sh test-integration-cli + +# clean up cruft we've created +./debian/rules clean +userdel --force unprivilegeduser + +# unapply patches +dpkg-source --after-build . diff --git a/unpack-components.sh b/unpack-components.sh new file mode 100755 index 00000000..9554ca55 --- /dev/null +++ b/unpack-components.sh @@ -0,0 +1,36 @@ +#!/bin/bash +: <<=cut + +=head1 DESCRIPTION + +Unpack MUT components. + +=head1 SYNOPSIS + + ./debian/unpack-components.sh + +=cut + +set -e +set -u + +DEB_SOURCE="$( dpkg-parsechangelog -SSource )" +DEB_VERSION_UPSTREAM="$( dpkg-parsechangelog -SVersion | sed -e 's/-[^-]*$//' )" + +if ls ../${DEB_SOURCE}_${DEB_VERSION_UPSTREAM}.orig-*.tar.* 2>>/dev/null; then + for T in ../${DEB_SOURCE}_${DEB_VERSION_UPSTREAM}.orig-*.tar.*; do + C="${T##*.orig-}" + C="${C%%.tar*}" + mkdir -p "${C}" + tar xf ${T} -C "${C}" --strip-components=1 + if [ "$(ls -m ${C})" == "${C}" ]; then + ## --strip-components=1 did not work. + mv "${C}" "${C}.tmp" + mv "${C}.tmp/${C}" . + rmdir "${C}.tmp" + fi + done +else + printf "W: no components to extract.\n" + exit 0 +fi diff --git a/upstream-version-gitcommits b/upstream-version-gitcommits new file mode 100644 index 00000000..04863639 --- /dev/null +++ b/upstream-version-gitcommits @@ -0,0 +1,100 @@ +# To determine the proper value for this, download +# https://download.docker.com/linux/static/CHANNEL/x86_64/docker-VERSION-ce.tgz +# extract "docker", run "./docker -v", which will list the exact build hash needed. +# https://github.com/docker/docker-ce/releases + +0.5.3: 17c92b8 +0.6.0: f4a4f1c +0.6.1: 5105263 +0.6.2: 081543c +0.6.3: b0a49a3 +0.6.4: 2f74b1c +0.6.5: 3ff8459 +0.6.6: 6d42040 +0.6.7: cb48ecc +0.7.0: 0d078b6 +0.7.1: 88df052 +0.7.2: 28b162e +0.7.3: 8502ad4 +0.7.4: 010d74e +0.7.5: c348c04 +0.7.6: bc3b2ec +0.8.0: cc3a8c8 +0.8.1: a1598d1 +0.9.0: 2b3fdf2 +0.9.1: 3600720 +0.10.0: dc9c28f +0.11.0: 15209c3 +0.11.1: fb99f99 +0.12.0: 14680bf +1.0.0: 63fe64c +1.0.1: 990021a +1.1.0: 79812e3 +1.1.1: bd609d2 +1.1.2: d84a070 +1.2.0: fa7b24f +1.3.0: c78088f +1.3.1: 4e9bbfa +1.3.2: 39fa2fa +1.3.3: d344625 +1.4.0: 4595d4f +1.4.1: 5bc2ff8 +1.5.0: a8a31ef +1.6.0: 4749651 +1.6.1: 97cd073 +1.6.2: 7c8fca2 +1.7.0: 0baf609 +1.7.1: 786b29d +1.8.0: 0d03096 +1.8.1: d12ea79 +1.8.2: 0a8c2e3 +1.8.3: f4bf5c7 +1.9.0: 76d6bc9 +1.9.1: a34a1d5 +1.10.0: 590d5108 +1.10.1: 9e83765 +1.10.2: c3959b1 +1.10.3: 20f81dd +1.11.0: 4dc5990 +1.11.1: 5604cbe +1.11.2: b9f10c9 +1.12.0: 8eab29e +1.12.1: 23cf638 +1.12.2: bb80604 +1.12.3: 6b644ec +1.12.4: 1564f02 +1.12.5: 7392c3b +1.12.6: 78d1802 +1.13.0: 49bf474 +1.13.1: 092cba3 +17.03.0: 60ccb22 +17.03.1: c6d412e +17.03.2: f5ec1e2 +17.04.0: 4845c56 +17.05.0: 89658be +17.06.0: 02c1d87 +17.06.1: 874a737 +17.06.2: cec0b72 +17.07.0-ce: 8784753 +17.09.0-ce: afdb6d4 +17.10.0-ce: f4ffd25 +17.11.0-ce: 1caf76c +17.12.0-ce: c97c6d6 +17.12.1-ce: 7390fc6 +18.01.0: 03596f5 +18.02.0: fc4de44 +18.02.0-ce: fc4de44 +18.03.0: 0520e24 +18.03.0-ce: 0520e24 +18.03.1-ce: 9ee9f40 +18.06.0-ce: 0ffa825 +18.06.1-ce: e68fc7a +18.09.1: 4c52b90 +18.09.3: 774a1f4 +18.09.5: e8ff056 +18.09.8: 0dd43dd +18.09.9: 039a7df +19.03.2: 6a30dfc +19.03.3-beta1: 7348bc0 +19.03.3: a872fc2 +19.03.4: 9013bf5 diff --git a/vim-syntax-docker.install b/vim-syntax-docker.install new file mode 100644 index 00000000..6ea7862a --- /dev/null +++ b/vim-syntax-docker.install @@ -0,0 +1,4 @@ +engine/contrib/syntax/vim/doc/* /usr/share/vim/addons/doc/ +engine/contrib/syntax/vim/ftdetect/* /usr/share/vim/addons/ftdetect/ +engine/contrib/syntax/vim/syntax/* /usr/share/vim/addons/syntax/ +debian/vim-syntax-docker.yaml /usr/share/vim/registry/ diff --git a/vim-syntax-docker.yaml b/vim-syntax-docker.yaml new file mode 100644 index 00000000..517b5914 --- /dev/null +++ b/vim-syntax-docker.yaml @@ -0,0 +1,6 @@ +addon: dockerfile +description: "Addon to highlight Docker's Dockerfiles" +files: + - doc/dockerfile.txt + - ftdetect/dockerfile.vim + - syntax/dockerfile.vim diff --git a/watch b/watch new file mode 100644 index 00000000..242cb890 --- /dev/null +++ b/watch @@ -0,0 +1,15 @@ +# uscan(1) configuration file. +version=4 + +opts="\ +pgpmode=none,\ +repacksuffix=+dfsg2,\ +repack,compression=xz,\ +uversionmangle=s{\-ce}{};s{(\d)[\-]?((rc|beta)\d*)$}{$1~$2},\ +dversionmangle=s{[+~](dfsg|ds)\d*}{},\ +" https://uscan.tianon.xyz/github.com/docker/docker-ce \ + .*/archive/v(\d\S*)\.tar\.gz debian ./debian/get-orig-source.sh + +# /(releases|tags) paginates too soon on github.com +# so we lose historical versions too early for tianon's taste. +# https://github.com/docker/docker/releases -- 2.30.2