24.0.2

2025-02-23 09:32:49 +00:00 · 2024-04-10 20:04:25 +00:00 · 2024-04-10 20:04:25 +00:00 · 349ded351e
commit 349ded351e
parent e558fc0396
5 changed files with 273 additions and 164 deletions
--- a/.abf.yml
+++ b/.abf.yml
@ -1,5 +1,6 @@
 sources:
-  docker-20.10.1.tar.gz: 475dfcec26cb528894c91c43fba95ec4eb4b3bb6
+  buildx-0.10.5.tar.gz: ebfb3eb86e2e7776d90930fa2eef0b22193cddf3
-  docker-ce-19.03.13.tar.gz: 4e04a6b17d8f2baba981cb52d2a5d0bc4f63601d
+  cli-24.0.2.tar.gz: a935389283acba305d94897dc64a55d1889f294d
-  libnetwork-master.zip: b2d123edfb2e93ca74980991f6e8a26d18ed831e
+  libnetwork-master.tar.gz: 3d5fff39d764e56b927223527e3355c07a82939f
  moby-24.0.2.tar.gz: af6b3c2af980f1643f48de8442560d444799df16
  tini-0.19.0.tar.gz: 2245210bdd29faea02e566a192df4c7df702b264
--- a/docker-zone.xml
+++ b/docker-zone.xml
@ -0,0 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <zone target="ACCEPT">
  <short>docker</short>
  <description>All network connections are accepted.</description>
  <interface name="docker0"/>
 </zone>
--- a/docker.spec
+++ b/docker.spec
@ -1,59 +1,82 @@
 %global __requires_exclude '.*/bin/make'
 # modifying the dockerinit binary breaks the SHA1 sum check by docker
 %global __os_install_post %{_usrlibrpm}/brp-compress
-%define debug_package %{nil}
+%global tini_version 0.19.0
 %global buildx_version 0.10.5
-%global commit 89658bed64c2a8fe05a978e5b87dbec409d57a0f
+%global project docker
 %global repo %{project}
 %global import_path github.com/%{project}/%{repo}
 #debuginfo not supported with Go
 %global gopath  %{_libdir}/golang
 %define gosrc %{gopath}/src/pkg/%{import_path}
 %global commit      659604f9ee60f147020bdd444b26e4b5c636dc28
 %global shortcommit %(c=%{commit}; echo ${c:0:7})
 %define tini_ver 0.19.0
 Summary:	Automates deployment of containerized applications
 Name:		docker
-Version:	20.10.1
+Version:	24.0.2
-Release:	1
+%global moby_version %{version}
 Release:	2
 License:	ASL 2.0
-Group:		System/Kernel and hardware
+Epoch:		1
-URL:		http://www.docker.com
+Group:		System/Configuration/Other
-# only x86_64 for now: https://github.com/docker/docker/issues/136
+URL:		https://www.docker.com
-#ExclusiveArch:	x86_64
+Source0:	https://github.com/moby/moby/archive/v%{version}/moby-%{version}.tar.gz
-Source0:	https://github.com/docker/cli/archive/v%{version}/%{name}-%{version}.tar.gz
+Source1:	%{repo}.service
-Source1:	%{name}.service
+Source2:	%{repo}.sysconfig
-Source2:	%{name}.sysconfig
+Source3:	%{repo}-storage.sysconfig
-Source3:	%{name}-storage.sysconfig
+Source4:	docker.sysusers
-Source6:	%{name}-network.sysconfig
+Source6:	%{repo}-network.sysconfig
-Source7:	%{name}.socket
+Source7:	%{repo}.socket
-Source8:	%{name}-network-cleanup.sh
+Source8:	%{repo}-network-cleanup.sh
 Source9:	overlay.conf
-#Source10:	https://github.com/docker/libnetwork/archive/master.zip?/libnetwork-master.zip
+# docker-proxy
-Source11:	https://github.com/krallin/tini/archive/v%{tini_ver}.tar.gz?/tini-%{tini_ver}.tar.gz
+Source10:	https://github.com/%{project}/libnetwork/archive/master/libnetwork-master.tar.gz
-Source100:	%{name}.rpmlintrc
+# tini
-BuildRequires:	cmake
+Source11:	https://github.com/krallin/tini/archive/v%{tini_version}/tini-%{tini_version}.tar.gz
-BuildRequires:	go-md2man
+# cli
-BuildRequires:	golang
+Source12:	https://github.com/docker/cli/archive/v%{version}/cli-%{version}.tar.gz
-BuildRequires:	systemd
+# buildx
-BuildRequires:	btrfs-devel
+Source13:	https://github.com/docker/buildx/archive/v%{buildx_version}/buildx-%{buildx_version}.tar.gz
 # (tpg) taken from https://gist.github.com/goll/bdd6b43c2023f82d15729e9b0067de60
 Source14:	nftables-docker.nft
 BuildRequires:	gcc
 BuildRequires:	glibc-devel
 BuildRequires:	glibc-static-devel
-BuildRequires:	libtool-devel
+BuildRequires:	libltdl-devel
-BuildRequires:	pkgconfig(devmapper)
+# ensure build uses golang 1.4 or above
-BuildRequires:	pkgconfig(libseccomp)
+BuildRequires:	golang >= 1.7
 BuildRequires:	pkgconfig(sqlite3)
 BuildRequires:	go-md2man
 BuildRequires:	pkgconfig(devmapper)
 BuildRequires:	btrfs-devel
 BuildRequires:	pkgconfig(systemd)
-Requires:	bridge-utils
+BuildRequires:	systemd
-Requires:	%{name}-containerd
+BuildRequires:	libtool-devel
-Requires:	runc
+BuildRequires:	pkgconfig(libseccomp)
 BuildRequires:	cmake
 Requires(pre):	systemd
 %systemd_requires
 # With docker >= 1.11 you now need containerd (and runC or crun as a dep)
 Requires:	containerd
 Requires:	crun
 # need xz to work with ubuntu images
 # https://bugzilla.redhat.com/show_bug.cgi?id=1045220
 Requires:	xz
-Requires(pre):	rpm-helper
+Requires:	bridge-utils
-Requires(post,preun,postun):	systemd
+Requires(post):	nftables
 Requires(postun):	sed
 # https://bugzilla.redhat.com/show_bug.cgi?id=1034919
 # No longer needed in Fedora because of libcontainer
-Provides:	lxc-%{name} = %{EVRD}
+Provides:	lxc-docker = %{version}
-Provides:	%{name}-swarm = %{EVRD}
+Provides:	docker-swarm = %{EVRD}
 # compat with Docker repos for RH
 Provides:	docker-ce = %{EVRD}
 #Recommends:	(%{name}-fish-completion if fish)
 #Recommends:	(%{name}-zsh-completion if zsh)
 #Recommends:	(%{name}-vim if vim)
 %description
 Docker is an open-source engine that automates the deployment of any
@ -65,188 +88,206 @@ and between virtually any server. The same container that a developer builds
 and tests on a laptop will run at scale, in production*, on VMs, bare-metal
 servers, OpenStack clusters, public instances, or combinations of the above.
 %files
 %doc CHANGELOG.md CONTRIBUTING.md README.md
 %config(noreplace) %{_sysconfdir}/sysconfig/%{name}
 %config(noreplace) %{_sysconfdir}/sysconfig/%{name}-network
 %config(noreplace) %{_sysconfdir}/sysconfig/%{name}-storage
 %{_bindir}/%{name}
 %{_bindir}/%{name}-proxy
 %{_bindir}/%{name}-init
 %{_sbindir}/%{name}-network-cleanup
 %{_sbindir}/%{name}d
 %{_presetdir}/86-%{name}.preset
 %{_unitdir}/%{name}.service
 %{_unitdir}/%{name}.socket
 %{_sysconfdir}/bash_completion.d/%{name}.bash
 %dir %{_localstatedir}/lib/%{name}
 %{_udevrulesdir}/80-%{name}.rules
 %{_sysconfdir}/modules-load.d/overlay.conf
 %pre
 getent group %{name} > /dev/null || %{_sbindir}/groupadd -r %{name}
 exit 0
 %post
 %systemd_post %{name}
 %preun
 %systemd_preun %{name}
 %postun
 %systemd_postun_with_restart %{name}
 #------------------------------------------------------------------
 %package fish-completion
-Summary:	Fish completion files for Docker
+Summary:	fish completion files for Docker
-Group:		System/Kernel and hardware
+Requires:	%{repo} = %{EVRD}
-Requires:	%{name} = %{EVRD}
+Provides:	%{repo}-io-fish-completion = %{EVRD}
 Recommends:	fish
 Provides:	%{name}-io-fish-completion = %{EVRD}
 %description fish-completion
 This package installs %{summary}.
-%files fish-completion
+%package unit-test
-%doc README.md
+Summary:	%{summary} - for running unit tests
 %{_datadir}/fish/vendor_completions.d/%{name}.fish
-#------------------------------------------------------------------
+%description unit-test
 %{summary} - for running unit tests.
 %package vim
-Summary:	Vim syntax highlighting files for Docker
+Summary:	vim syntax highlighting files for Docker
-Group:		System/Kernel and hardware
+Requires:	%{repo} = %{EVRD}
 Requires:	%{name} = %{EVRD}
 Requires:	vim
-Provides:	%{name}-io-vim = %{EVRD}
+Provides:	%{repo}-io-vim = %{EVRD}
 %description vim
 This package installs %{summary}.
 %files vim
 %doc README.md
 %{_datadir}/vim/vimfiles/ftdetect/%{name}file.vim
 %{_datadir}/vim/vimfiles/syntax/%{name}file.vim
 #------------------------------------------------------------------
 %package zsh-completion
-Summary:	Zsh completion files for Docker
+Summary:	zsh completion files for Docker
-Group:		System/Kernel and hardware
+Requires:	%{repo} = %{EVRD}
 Requires:	%{name} = %{EVRD}
 Requires:	zsh
-Provides:	%{name}-io-zsh-completion = %{EVRD}
+Provides:	%{repo}-io-zsh-completion = %{EVRD}
 %description zsh-completion
 This package installs %{summary}.
 %files zsh-completion
 %doc README.md
 %{_datadir}/zsh/site-functions/_%{name}
 #------------------------------------------------------------------
 %prep
-%setup -q -n %{name}-ce-%{version} -a10 -a11
+%setup -qn moby-%{version}
-mv libnetwork-master libnetwork
+tar xf %{SOURCE10}
-mv tini-* tini
+tar xf %{SOURCE11}
 mv tini-%{tini_version} tini
 tar xf %{SOURCE12}
 tar xf %{SOURCE13}
 mv buildx-%{buildx_version} buildx
 find . -name "*~" |xargs rm || :
 # Needs to be done after unpacking extra bits, given we may want
 # to patch tini -- so no %%autosetup
 #autopatch -p1
 %apply_patches
 %build
-# magic again
+mkdir -p GO/src/github.com/{docker,krallin}
-fake_gopath_pushd() {
+ln -s $(pwd)/cli-%{version} GO/src/github.com/docker/cli
-	mkdir -p "$(pwd)/src/${2%/*}"
+ln -s $(pwd)/libnetwork-master GO/src/github.com/docker/libnetwork
-	rm -f "$(pwd)/src/$2"
+ln -s $(pwd)/tini GO/src/github.com/krallin/tini
-	ln -rsT "$1" "$(pwd)/src/$2"
+ln -s $(pwd) GO/src/github.com/docker/docker
 	pushd "$(pwd)/src/$2" >/dev/null
 }
 fake_gopath_popd() {
 	popd >/dev/null
 }
 export DOCKER_GITCOMMIT="%{shortcommit}"
-mkdir -p src/github.com/%{name}
+export DOCKER_CLI_EXPERIMENTAL=enabled
-export GOPATH=%{_libdir}/golang:$(pwd)
+export TMP_GOPATH="$(pwd)/GO"
-# MAGIC HERE
+export GOPATH=%{gopath}:"$(pwd)/GO"
-ln -s ../../../components/cli src/github.com/%{name}
+export GO111MODULE=off
-ln -s ../../../components/engine src/github.com/%{name}/%{name}
+
 # docker-init
 cd tini
    %cmake
    %make_build tini-static
 cd ../..
 # dockerd
-pushd components/engine
+DOCKER_BUILDTAGS='selinux seccomp journald' VERSION=%{moby_version} hack/make.sh dynbinary
 	DOCKER_BUILDTAGS='seccomp journald' VERSION=%{version} hack/make.sh dynbinary
 popd
-# docker cli
+# docker-proxy
-pushd components/cli
+cd libnetwork
-	DISABLE_WARN_OUTSIDE_CONTAINER=1 make VERSION=%{version} dynbinary
+    go build -ldflags='-linkmode=external' github.com/docker/libnetwork/cmd/proxy
-popd
+cd ..
-### docker proxy
+# cli
-fake_gopath_pushd libnetwork github.com/%{name}/libnetwork
+cd cli-%{version}
-	go build -ldflags='-linkmode=external' github.com/%{name}/libnetwork/cmd/proxy
+    DISABLE_WARN_OUTSIDE_CONTAINER=1 make VERSION=%{moby_version} LDFLAGS="-linkmode=external" dynbinary
-fake_gopath_popd
+cd ..
 ### docker-init
 fake_gopath_pushd tini github.com/krallin/tini
 	%cmake
 	%make tini-static
 fake_gopath_popd
 %install
 # install binaries
 install -d %{buildroot}%{_bindir}
-install -p -m 755 components/cli/build/%{name}-linux-* %{buildroot}%{_bindir}/%{name}
+install -p -m 755 cli-%{version}/build/docker-linux-* %{buildroot}%{_bindir}/docker
 install -d %{buildroot}%{_sbindir}
-install -p -m 755 components/engine/bundles/dynbinary-daemon/%{name}d-%{version} %{buildroot}%{_sbindir}/%{name}d
+install -p -m 755 bundles/dynbinary-daemon/dockerd %{buildroot}%{_sbindir}/dockerd
-install -p -m 755 libnetwork/proxy %{buildroot}%{_bindir}/%{name}-proxy
+install -p -m 755 libnetwork/proxy %{buildroot}%{_bindir}/docker-proxy
-install -p -m 755 tini/build/tini-static %{buildroot}%{_bindir}/%{name}-init
+install -p -m 755 tini/build/tini-static %{buildroot}%{_bindir}/docker-init
 # Place to store images
-install -d %{buildroot}%{_localstatedir}/lib/%{name}
+install -d %{buildroot}%{_var}/lib/docker
 install -d %{buildroot}%{_sysconfdir}/docker
 # (tpg) we are using nftables
 # (bero) but for reasons yet to be determined, that prevents containers
 # from having net access -- allow them to keep using iptables for now
 cat > %{buildroot}%{_sysconfdir}/docker/daemon.json << 'EOF'
 {
  "iptables": true
 }
 EOF
 install -D -p -m 755 %{SOURCE14} %{buildroot}%{_sysconfdir}/nftables/%{name}.nft
 # install bash completion
 install -d %{buildroot}%{_sysconfdir}/bash_completion.d
-install -p -m 644 components/cli/contrib/completion/bash/%{name} %{buildroot}%{_sysconfdir}/bash_completion.d/%{name}.bash
+install -p -m 644 cli-%{version}/contrib/completion/bash/docker %{buildroot}%{_sysconfdir}/bash_completion.d/docker.bash
 # install zsh completion
 install -d %{buildroot}%{_datadir}/zsh/site-functions
 install -p -m 644 cli-%{version}/contrib/completion/zsh/_docker %{buildroot}%{_datadir}/zsh/site-functions
 # install fish completion
 # create, install and own /usr/share/fish/vendor_completions.d until
 # upstream fish provides it
 install -dp %{buildroot}%{_datadir}/fish/vendor_completions.d
-install -p -m 644 components/cli/contrib/completion/fish/%{name}.fish %{buildroot}%{_datadir}/fish/vendor_completions.d
+install -p -m 644 cli-%{version}/contrib/completion/fish/%{repo}.fish %{buildroot}%{_datadir}/fish/vendor_completions.d
 # install vim syntax highlighting
 install -d %{buildroot}%{_datadir}/vim/vimfiles/{doc,ftdetect,syntax}
 install -p -m 644 components/engine/contrib/syntax/vim/ftdetect/%{name}file.vim %{buildroot}%{_datadir}/vim/vimfiles/ftdetect
 install -p -m 644 components/engine/contrib/syntax/vim/syntax/%{name}file.vim %{buildroot}%{_datadir}/vim/vimfiles/syntax
 # install zsh completion
 install -d %{buildroot}%{_datadir}/zsh/site-functions
 install -p -m 644 components/cli/contrib/completion/zsh/_%{name} %{buildroot}%{_datadir}/zsh/site-functions
 # install udev rules
 install -d %{buildroot}%{_udevrulesdir}
-install -p -m 644 components/engine/contrib/udev/80-%{name}.rules %{buildroot}%{_udevrulesdir}
+install -p -m 644 contrib/udev/80-docker.rules %{buildroot}%{_udevrulesdir}
 # install storage dir
-install -d -m 700 %{buildroot}%{_localstatedir}/lib/%{name}
+install -d -m 700 %{buildroot}%{_var}/lib/docker
 # install systemd/init scripts
 install -d %{buildroot}%{_unitdir}
 install -p -m 644 %{SOURCE1} %{SOURCE7} %{buildroot}%{_unitdir}
 # for additional args
 install -d %{buildroot}%{_sysconfdir}/sysconfig/
-install -p -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/sysconfig/%{name}
+install -p -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/sysconfig/%{repo}
-install -p -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/sysconfig/%{name}-network
+install -p -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/sysconfig/%{repo}-network
-install -p -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sysconfig/%{name}-storage
+install -p -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sysconfig/%{repo}-storage
 #network cleanup
 install -d %{buildroot}%{_sbindir}
-install -p -m 755 %{SOURCE8} %{buildroot}%{_sbindir}/%{name}-network-cleanup
+install -p -m 755 %{SOURCE8} %{buildroot}%{_sbindir}/docker-network-cleanup
 install -d %{buildroot}%{_presetdir}
-cat > %{buildroot}%{_presetdir}/86-%{name}.preset << EOF
+cat > %{buildroot}%{_presetdir}/86-docker.preset << EOF
-enable %{name}.socket
+enable docker.socket
 EOF
 install -d %{buildroot}%{_sysconfdir}/modules-load.d/
 install -p -m 644 %{SOURCE9} %{buildroot}%{_sysconfdir}/modules-load.d/overlay.conf
 install -Dpm 644 %{SOURCE4} %{buildroot}%{_sysusersdir}/%{name}.conf
 #%%check
 # This is completely unstable so I deactivate it for now.
 #[ ! -w /run/%{repo}.sock ] || {
    #mkdir test_dir
    #pushd test_dir
    #git clone https://github.com/lsm5/docker.git -b fedora-1.10
    #pushd %{repo}
    #make test
    #popd
    #popd
 #}
 %pre
 %sysusers_create_package %{name} %{SOURCE4}
 %post
 %systemd_post docker
 if [ -e %{_sysconfdir}/sysconfig/nftables.conf ] && ! grep -q docker.nft %{_sysconfdir}/sysconfig/nftables.conf; then
    printf '%s\n' 'include "/etc/nftables/docker.nft"' >> %{_sysconfdir}/sysconfig/nftables.conf
 fi
 %preun
 %systemd_preun docker
 %postun
 %systemd_postun_with_restart docker
 if [ $1 == 0 ] && [ -e %{_sysconfdir}/sysconfig/nftables.conf ]; then
    sed -i -e '/docker\.nft/d' %{_sysconfdir}/sysconfig/nftables.conf
 fi
 %files
 %config(noreplace) %{_sysconfdir}/sysconfig/%{repo}
 %config(noreplace) %{_sysconfdir}/sysconfig/%{repo}-network
 %config(noreplace) %{_sysconfdir}/sysconfig/%{repo}-storage
 %{_sysusersdir}/%{name}.conf
 %dir %{_sysconfdir}/docker
 %config(noreplace) %{_sysconfdir}/docker/daemon.json
 %config(noreplace) %{_sysconfdir}/nftables/%{name}.nft
 %{_bindir}/docker
 %{_bindir}/docker-proxy
 %{_bindir}/docker-init
 %{_sbindir}/docker-network-cleanup
 %{_sbindir}/dockerd
 %{_presetdir}/86-docker.preset
 %{_unitdir}/docker.service
 %{_unitdir}/docker.socket
 %dir %{_sysconfdir}/bash_completion.d
 %{_sysconfdir}/bash_completion.d/docker.bash
 %dir %{_var}/lib/docker
 %dir %{_udevrulesdir}
 %{_udevrulesdir}/80-docker.rules
 %{_sysconfdir}/modules-load.d/overlay.conf
 %files fish-completion
 %dir %{_datadir}/fish/vendor_completions.d/
 %{_datadir}/fish/vendor_completions.d/%{repo}.fish
 %files zsh-completion
 %{_datadir}/zsh/site-functions/_%{repo}
--- a/docker.sysusers
+++ b/docker.sysusers
@ -0,0 +1 @@
 g docker - -
--- a/nftables-docker.nft
+++ b/nftables-docker.nft
@ -0,0 +1,60 @@
 table ip filter {
 	chain INPUT {
 		type filter hook input priority 0; policy accept;
 	}
 	chain FORWARD {
 		type filter hook forward priority 0; policy accept;
 		counter jump DOCKER-USER
 		counter jump DOCKER-ISOLATION-STAGE-1
 		oifname "docker0" ct state established,related counter accept
 		oifname "docker0" counter jump DOCKER
 		iifname "docker0" oifname != "docker0" counter accept
 		iifname "docker0" oifname "docker0" counter accept
 	}
 	chain OUTPUT {
 		type filter hook output priority 0; policy accept;
 	}
 	chain DOCKER {
 	}
 	chain DOCKER-ISOLATION-STAGE-1 {
 		iifname "docker0" oifname != "docker0" counter jump DOCKER-ISOLATION-STAGE-2
 		counter return
 	}
 	chain DOCKER-ISOLATION-STAGE-2 {
 		oifname "docker0" counter drop
 		counter return
 	}
 	chain DOCKER-USER {
 		counter return
 	}
 }
 table ip nat {
 	chain PREROUTING {
 		type nat hook prerouting priority -100; policy accept;
 		fib daddr type local counter jump DOCKER
 	}
 	chain INPUT {
 		type nat hook input priority 100; policy accept;
 	}
 	chain POSTROUTING {
 		type nat hook postrouting priority 100; policy accept;
 		oifname != "docker0" ip saddr 172.17.0.0/16 counter masquerade
 	}
 	chain OUTPUT {
 		type nat hook output priority -100; policy accept;
 		ip daddr != 127.0.0.0/8 fib daddr type local counter jump DOCKER
 	}
 	chain DOCKER {
 		iifname "docker0" counter return
 	}
 }