Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package docker for openSUSE:Factory checked in at 2023-09-14 16:25:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/docker (Old) and /work/SRC/openSUSE:Factory/.docker.new.1766 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "docker" Thu Sep 14 16:25:08 2023 rev:138 rq:1111025 version:24.0.6_ce Changes: -------- --- /work/SRC/openSUSE:Factory/docker/docker.changes 2023-09-07 21:14:03.380126497 +0200 +++ /work/SRC/openSUSE:Factory/.docker.new.1766/docker.changes 2023-09-14 16:27:11.081838083 +0200 @@ -1,0 +2,16 @@ +Thu Sep 14 01:46:30 UTC 2023 - Aleksa Sarai <asa...@suse.com> + +- Update to Docker 24.0.6-ce. See upstream changelong online at + <https://docs.docker.com/engine/release-notes/24.0/#2406>. bsc#1215323 +- Rebase patches: + * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch + * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch + * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch + * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch + * cli-0001-docs-include-required-tools-in-source-tree.patch +- Switch from disabledrun to manualrun in _service. +- Add a docker.socket unit file, but with socket activation effectively + disabled to ensure that Docker will always run even if you start the socket + individually. Users should probably just ignore this unit file. bsc#1210141 + +------------------------------------------------------------------- @@ -4 +20 @@ -- update to Docker 24.0.5-ce. See upstream changelong online at +- Update to Docker 24.0.5-ce. See upstream changelong online at Old: ---- docker-24.0.5_ce_a61e2b4c9.tar.xz docker-cli-24.0.5_ce.tar.xz New: ---- docker-24.0.6_ce_1a7969545d73.tar.xz docker-cli-24.0.6_ce.tar.xz docker.socket ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ docker.spec ++++++ --- /var/tmp/diff_new_pack.3vRF8m/_old 2023-09-14 16:27:13.229914820 +0200 +++ /var/tmp/diff_new_pack.3vRF8m/_new 2023-09-14 16:27:13.233914963 +0200 @@ -31,9 +31,9 @@ # helpfully injects into our build environment from the changelog). If you want # to generate a new git_commit_epoch, use this: # $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s' -%define real_version 24.0.5 -%define git_version a61e2b4c9 -%define git_commit_epoch 1689962786 +%define real_version 24.0.6 +%define git_version 1a7969545d73 +%define git_commit_epoch 1693336457 Name: docker Version: %{real_version}_ce @@ -50,12 +50,13 @@ Source3: docker-rpmlintrc # TODO: Move these source files to somewhere nicer. Source100: docker.service -Source101: 80-docker.rules -Source102: sysconfig.docker -Source103: README_SUSE.md -Source104: docker-audit.rules -Source105: docker-daemon.json -Source106: docker.sysusers +Source101: docker.socket +Source110: 80-docker.rules +Source120: sysconfig.docker +Source130: README_SUSE.md +Source140: docker-audit.rules +Source150: docker-daemon.json +Source160: docker.sysusers # NOTE: All of these patches are maintained in <https://github.com/suse/docker> # in the suse-v<version> branch. Make sure you update the patches in that # branch and then git-format-patch the patch here. @@ -107,8 +108,8 @@ Provides: docker-libnetwork = 0.7.0.2.%{version} # Required to actually run containers. We require the minimum version that is # pinned by Docker, but in order to avoid headaches we allow for updates. -Requires: runc >= 1.1.7 -Requires: containerd >= 1.6.21 +Requires: runc >= 1.1.9 +Requires: containerd >= 1.7.3 # Needed for --init support. We don't use "tini", we use our own implementation # which handles edge-cases better. Requires: catatonit @@ -202,7 +203,7 @@ %setup -q -n %{name}-%{version}_%{git_version} [ "%{docker_builddir}" = "$PWD" ] # README_SUSE.md for documentation. -cp %{SOURCE103} . +cp %{SOURCE130} . %if 0%{?is_opensuse} == 0 # PATCH-SUSE: Secrets patches. @@ -217,7 +218,7 @@ %patch300 -p1 %build -%sysusers_generate_pre %{SOURCE106} %{name} %{name}.conf +%sysusers_generate_pre %{SOURCE160} %{name} %{name}.conf BUILDTAGS="exclude_graphdriver_aufs apparmor selinux seccomp pkcs11" %if 0%{?sle_version} == 120000 @@ -279,7 +280,7 @@ # /var/lib/docker install -d %{buildroot}/%{_localstatedir}/lib/docker # daemon.json config file -install -D -m0644 %{SOURCE105} %{buildroot}%{_sysconfdir}/docker/daemon.json +install -D -m0644 %{SOURCE150} %{buildroot}%{_sysconfdir}/docker/daemon.json # docker cli install -D -m0755 %{cli_builddir}/build/docker %{buildroot}/%{_bindir}/docker @@ -289,17 +290,18 @@ # systemd service install -D -m0644 %{SOURCE100} %{buildroot}%{_unitdir}/%{name}.service +install -D -m0644 %{SOURCE101} %{buildroot}%{_unitdir}/%{name}.socket ln -sf service %{buildroot}%{_sbindir}/rcdocker # udev rules that prevents dolphin to show all docker devices and slows down # upstream report https://bugs.kde.org/show_bug.cgi?id=329930 -install -D -m0644 %{SOURCE101} %{buildroot}%{_udevrulesdir}/80-%{name}.rules +install -D -m0644 %{SOURCE110} %{buildroot}%{_udevrulesdir}/80-%{name}.rules # audit rules -install -D -m0640 %{SOURCE104} %{buildroot}%{_sysconfdir}/audit/rules.d/%{name}.rules +install -D -m0640 %{SOURCE140} %{buildroot}%{_sysconfdir}/audit/rules.d/%{name}.rules # sysconfig file -install -D -m0644 %{SOURCE102} %{buildroot}%{_fillupdir}/sysconfig.docker +install -D -m0644 %{SOURCE120} %{buildroot}%{_fillupdir}/sysconfig.docker # install manpages (using the ones from the engine) install -d %{buildroot}%{_mandir}/man1 @@ -310,7 +312,7 @@ install -p -m0644 %{cli_builddir}/man/man8/*.8 %{buildroot}%{_mandir}/man8 # sysusers.d -install -D -m0644 %{SOURCE106} %{buildroot}%{_sysusersdir}/%{name}.conf +install -D -m0644 %{SOURCE160} %{buildroot}%{_sysusersdir}/%{name}.conf # rootless extras install -D -p -m 0755 contrib/dockerd-rootless.sh %{buildroot}/%{_bindir}/dockerd-rootless.sh @@ -334,17 +336,17 @@ usermod -w 100000000-200000000 dockremap &>/dev/null || \ echo "dockremap:100000000:100000001" >>/etc/subgid ||: -%service_add_pre %{name}.service +%service_add_pre %{name}.service %{name}.socket %post -%service_add_post %{name}.service +%service_add_post %{name}.service %{name}.socket %{fillup_only -n docker} %preun -%service_del_preun %{name}.service +%service_del_preun %{name}.service %{name}.socket %postun -%service_del_postun %{name}.service +%service_del_postun %{name}.service %{name}.socket %files %defattr(-,root,root) @@ -360,6 +362,7 @@ %dir /usr/lib/docker/cli-plugins %{_unitdir}/%{name}.service +%{_unitdir}/%{name}.socket %{_sysusersdir}/%{name}.conf %dir %{_sysconfdir}/docker ++++++ 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch ++++++ --- /var/tmp/diff_new_pack.3vRF8m/_old 2023-09-14 16:27:13.253915678 +0200 +++ /var/tmp/diff_new_pack.3vRF8m/_new 2023-09-14 16:27:13.257915820 +0200 @@ -1,4 +1,4 @@ -From 2e2fdee74ce8572ff90f213a444ece63248fa01c Mon Sep 17 00:00:00 2001 +From 2dedd52de834525fa533aba7854b91fdc783d821 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai <asa...@suse.de> Date: Wed, 8 Mar 2017 12:41:54 +1100 Subject: [PATCH 1/4] SECRETS: daemon: allow directory creation in /run/secrets @@ -69,6 +69,6 @@ return errors.Wrap(err, "error setting ownership for secret") } -- -2.40.1 +2.42.0 ++++++ 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch ++++++ --- /var/tmp/diff_new_pack.3vRF8m/_old 2023-09-14 16:27:13.269916249 +0200 +++ /var/tmp/diff_new_pack.3vRF8m/_new 2023-09-14 16:27:13.269916249 +0200 @@ -1,4 +1,4 @@ -From bc80631658b8b9b94ca7cf7fc6b8234e6547e947 Mon Sep 17 00:00:00 2001 +From bd4c072521bdee906febc98d81ac092fcad8fc3b Mon Sep 17 00:00:00 2001 From: Aleksa Sarai <asa...@suse.de> Date: Wed, 8 Mar 2017 11:43:29 +1100 Subject: [PATCH 2/4] SECRETS: SUSE: implement SUSE container secrets @@ -19,10 +19,10 @@ create mode 100644 daemon/suse_secrets.go diff --git a/daemon/start.go b/daemon/start.go -index 0b4eb6d67bcc..0bcecba31386 100644 +index 2e0b9e6be847..dca04486888f 100644 --- a/daemon/start.go +++ b/daemon/start.go -@@ -152,6 +152,11 @@ func (daemon *Daemon) containerStart(ctx context.Context, container *container.C +@@ -151,6 +151,11 @@ func (daemon *Daemon) containerStart(ctx context.Context, container *container.C return err } @@ -456,6 +456,6 @@ + return nil +} -- -2.40.1 +2.42.0 ++++++ 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch ++++++ --- /var/tmp/diff_new_pack.3vRF8m/_old 2023-09-14 16:27:13.281916678 +0200 +++ /var/tmp/diff_new_pack.3vRF8m/_new 2023-09-14 16:27:13.285916821 +0200 @@ -1,4 +1,4 @@ -From 16b520570514380a706fc13363b5e5c64f9fa4e7 Mon Sep 17 00:00:00 2001 +From fd0172ba27352f397ce7ff05d5dd1ec6c80054e5 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai <asa...@suse.de> Date: Mon, 22 May 2023 15:44:54 +1000 Subject: [PATCH 3/4] BUILD: SLE12: revert "graphdriver/btrfs: use kernel UAPI @@ -42,6 +42,6 @@ static void set_name_btrfs_ioctl_vol_args_v2(struct btrfs_ioctl_vol_args_v2* btrfs_struct, const char* value) { snprintf(btrfs_struct->name, BTRFS_SUBVOL_NAME_MAX, "%s", value); -- -2.40.1 +2.42.0 ++++++ 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch ++++++ --- /var/tmp/diff_new_pack.3vRF8m/_old 2023-09-14 16:27:13.293917106 +0200 +++ /var/tmp/diff_new_pack.3vRF8m/_new 2023-09-14 16:27:13.297917249 +0200 @@ -1,4 +1,4 @@ -From 45cbecbd3ee7b4f21ce32c16979631b6d87b6cf6 Mon Sep 17 00:00:00 2001 +From c19fad9e09248bf390fe9b2cd38f351104f186b8 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai <asa...@suse.de> Date: Fri, 29 Jun 2018 17:59:30 +1000 Subject: [PATCH 4/4] bsc1073877: apparmor: clobber docker-default profile on @@ -69,10 +69,10 @@ return nil } diff --git a/daemon/daemon.go b/daemon/daemon.go -index 9be2f289696a..25fa052310e2 100644 +index 4d76c5798888..15c95b50c4eb 100644 --- a/daemon/daemon.go +++ b/daemon/daemon.go -@@ -836,8 +836,9 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S +@@ -839,8 +839,9 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S logrus.Warnf("Failed to configure golang's threads limit: %v", err) } @@ -85,6 +85,6 @@ } -- -2.40.1 +2.42.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.3vRF8m/_old 2023-09-14 16:27:13.341918822 +0200 +++ /var/tmp/diff_new_pack.3vRF8m/_new 2023-09-14 16:27:13.345918964 +0200 @@ -1,21 +1,21 @@ <services> - <service name="tar_scm" mode="disabled"> + <service name="tar_scm" mode="manual"> <param name="url">https://github.com/moby/moby.git</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="versionformat">24.0.5_ce_%h</param> - <param name="revision">v24.0.5</param> + <param name="versionformat">24.0.6_ce_%h</param> + <param name="revision">v24.0.6</param> <param name="filename">docker</param> </service> - <service name="tar_scm" mode="disabled"> + <service name="tar_scm" mode="manual"> <param name="url">https://github.com/docker/cli.git</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="versionformat">24.0.5_ce</param> - <param name="revision">v24.0.5</param> + <param name="versionformat">24.0.6_ce</param> + <param name="revision">v24.0.6</param> <param name="filename">docker-cli</param> </service> - <service name="recompress" mode="disabled"> + <service name="recompress" mode="manual"> <param name="file">docker-*.tar</param> <param name="compression">xz</param> </service> ++++++ cli-0001-docs-include-required-tools-in-source-tree.patch ++++++ ++++ 1199 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/docker/cli-0001-docs-include-required-tools-in-source-tree.patch ++++ and /work/SRC/openSUSE:Factory/.docker.new.1766/cli-0001-docs-include-required-tools-in-source-tree.patch ++++++ docker-24.0.5_ce_a61e2b4c9.tar.xz -> docker-24.0.6_ce_1a7969545d73.tar.xz ++++++ /work/SRC/openSUSE:Factory/docker/docker-24.0.5_ce_a61e2b4c9.tar.xz /work/SRC/openSUSE:Factory/.docker.new.1766/docker-24.0.6_ce_1a7969545d73.tar.xz differ: char 15, line 1 ++++++ docker-cli-24.0.5_ce.tar.xz -> docker-cli-24.0.6_ce.tar.xz ++++++ ++++ 2150 lines of diff (skipped) ++++++ docker.service ++++++ --- /var/tmp/diff_new_pack.3vRF8m/_old 2023-09-14 16:27:14.873973552 +0200 +++ /var/tmp/diff_new_pack.3vRF8m/_new 2023-09-14 16:27:14.873973552 +0200 @@ -2,6 +2,12 @@ Description=Docker Application Container Engine Documentation=http://docs.docker.com After=network.target lvm2-monitor.service firewalld.service +# We don't use the docker socket activation, but doing this ensures that the +# docker.socket unit is alive while Docker is (docker.socket has BindsTo, so we +# only need a weak requirement to make sure starting docker.service also +# "starts" the socket service). Forcefully stopping docker.socket will not +# cause docker to die, but there's no nice workaround for that. +Wants=docker.socket [Service] EnvironmentFile=/etc/sysconfig/docker ++++++ docker.socket ++++++ [Unit] Description=Docker Socket for the API # We use BindsTo in order to make sure that you cannot use socket-activation # with Docker (Docker must always start at boot if enabled, otherwise # containers will not run until some administrator interacts with Docker). BindsTo=docker.service [Socket] # If /var/run is not implemented as a symlink to /run, you may need to # specify ListenStream=/var/run/docker.sock instead. ListenStream=/run/docker.sock SocketMode=0660 SocketUser=root SocketGroup=docker [Install] WantedBy=sockets.target
