diff --git a/.abf.yml b/.abf.yml index 5d50e5a..e88a466 100644 --- a/.abf.yml +++ b/.abf.yml @@ -1,4 +1,6 @@ sources: - docker-ce-19.03.9.tar.gz: b4c2d75bb74a16430f4f5f0f352d6b764255c99f - libnetwork-master.zip: 1c9712ab5aab43eef778ed82153df657223c4341 + buildx-0.5.1.tar.gz: 5803fd02093f886beaca35553986216e02bbecec + cli-20.10.8.tar.gz: c4cb4c5c215fade682052584179c6de3f0cf0d47 + libnetwork-master.tar.gz: c1f5f8cc9cb16cf7bda8faf43436cd2f99253262 + moby-20.10.8.tar.gz: a5bf98362185b34b2cd0e41af30106bebfcd8531 tini-0.19.0.tar.gz: 2245210bdd29faea02e566a192df4c7df702b264 diff --git a/docker-zone.xml b/docker-zone.xml new file mode 100644 index 0000000..34e123b --- /dev/null +++ b/docker-zone.xml @@ -0,0 +1,6 @@ + + + docker + All network connections are accepted. + + diff --git a/docker.spec b/docker.spec index 1811062..ad267a9 100644 --- a/docker.spec +++ b/docker.spec @@ -1,60 +1,77 @@ -%global __requires_exclude '.*/bin/make' - # modifying the dockerinit binary breaks the SHA1 sum check by docker -%global __os_install_post %{_usrlibrpm}/brp-compress -%define debug_package %{nil} +%global tini_version 0.19.0 +%global buildx_version 0.5.1 -%global commit 89658bed64c2a8fe05a978e5b87dbec409d57a0f +%global project docker +%global repo %{project} +%global import_path github.com/%{project}/%{repo} + +#debuginfo not supported with Go +%global gopath %{_libdir}/golang +%define gosrc %{gopath}/src/pkg/%{import_path} + +%global commit b0f5bc36fea9dfb9672e1e9b1278ebab797b9ee0 %global shortcommit %(c=%{commit}; echo ${c:0:7}) -%define tini_ver 0.19.0 - Summary: Automates deployment of containerized applications Name: docker -Version: 19.03.9 -Release: 1 +Version: 20.10.8 +%global moby_version %{version} +Release: 2 License: ASL 2.0 -Group: System/Kernel and hardware -Url: http://www.docker.com -# only x86_64 for now: https://github.com/docker/docker/issues/136 -#ExclusiveArch: x86_64 -Source0: https://github.com/docker/docker-ce/archive/v%{version}.tar.gz?/%{name}-ce-%{version}.tar.gz -Source1: %{name}.service -Source2: %{name}.sysconfig -Source3: %{name}-storage.sysconfig -Source6: %{name}-network.sysconfig -Source7: %{name}.socket -Source8: %{name}-network-cleanup.sh +Epoch: 1 +Group: System/Configuration/Other +URL: http://www.docker.com +Source0: https://github.com/moby/moby/archive/v%{version}/moby-%{version}.tar.gz +Source1: %{repo}.service +Source2: %{repo}.sysconfig +Source3: %{repo}-storage.sysconfig +Source4: docker.sysusers +Source6: %{repo}-network.sysconfig +Source7: %{repo}.socket +Source8: %{repo}-network-cleanup.sh Source9: overlay.conf -# bf2bd42abc0a3734f12b5ec724e571434e42c669 -Source10: https://github.com/docker/libnetwork/archive/master.zip?/libnetwork-master.zip -Source11: https://github.com/krallin/tini/archive/v%{tini_ver}.tar.gz?/tini-%{tini_ver}.tar.gz -Source100: %{name}.rpmlintrc -BuildRequires: cmake -BuildRequires: go-md2man -BuildRequires: golang -BuildRequires: systemd -BuildRequires: btrfs-devel +# docker-proxy +Source10: https://github.com/%{project}/libnetwork/archive/master/libnetwork-master.tar.gz +# tini +Source11: https://github.com/krallin/tini/archive/v%{tini_version}/tini-%{tini_version}.tar.gz +# cli +Source12: https://github.com/docker/cli/archive/v%{version}/cli-%{version}.tar.gz +# buildx +Source13: https://github.com/docker/buildx/archive/v%{buildx_version}/buildx-%{buildx_version}.tar.gz +# (tpg) taken from https://gist.github.com/goll/bdd6b43c2023f82d15729e9b0067de60 +Source14: nftables-docker.nft +BuildRequires: gcc BuildRequires: glibc-devel BuildRequires: glibc-static-devel -BuildRequires: libtool-devel -BuildRequires: pkgconfig(devmapper) -BuildRequires: pkgconfig(libseccomp) +BuildRequires: libltdl-devel +# ensure build uses golang 1.4 or above +BuildRequires: golang >= 1.7 BuildRequires: pkgconfig(sqlite3) +BuildRequires: go-md2man +BuildRequires: pkgconfig(devmapper) +BuildRequires: btrfs-devel BuildRequires: pkgconfig(systemd) -Requires: bridge-utils -Requires: %{name}-containerd -Requires: runc +BuildRequires: systemd +BuildRequires: libtool-devel +BuildRequires: pkgconfig(libseccomp) +BuildRequires: cmake +Requires(pre): systemd +%systemd_requires +# With docker >= 1.11 you now need containerd (and runC or crun as a dep) +Requires: containerd >= 0.2.3 +Requires: crun # need xz to work with ubuntu images # https://bugzilla.redhat.com/show_bug.cgi?id=1045220 Requires: xz -Requires(pre): rpm-helper -Requires(post,preun,postun): systemd +Requires: bridge-utils +Requires(post): nftables +Requires(postun): sed # https://bugzilla.redhat.com/show_bug.cgi?id=1034919 # No longer needed in Fedora because of libcontainer -Provides: lxc-%{name} = %{EVRD} -Provides: %{name}-swarm = %{EVRD} +Provides: lxc-docker = %{version} +Provides: docker-swarm = %{version}-%{release} %description Docker is an open-source engine that automates the deployment of any @@ -66,188 +83,201 @@ and between virtually any server. The same container that a developer builds and tests on a laptop will run at scale, in production*, on VMs, bare-metal servers, OpenStack clusters, public instances, or combinations of the above. -%files -%doc CHANGELOG.md CONTRIBUTING.md README.md -%config(noreplace) %{_sysconfdir}/sysconfig/%{name} -%config(noreplace) %{_sysconfdir}/sysconfig/%{name}-network -%config(noreplace) %{_sysconfdir}/sysconfig/%{name}-storage -%{_bindir}/%{name} -%{_bindir}/%{name}-proxy -%{_bindir}/%{name}-init -%{_sbindir}/%{name}-network-cleanup -%{_sbindir}/%{name}d -%{_presetdir}/86-%{name}.preset -%{_unitdir}/%{name}.service -%{_unitdir}/%{name}.socket -%{_sysconfdir}/bash_completion.d/%{name}.bash -%dir %{_localstatedir}/lib/%{name} -%{_udevrulesdir}/80-%{name}.rules -%{_sysconfdir}/modules-load.d/overlay.conf - -%pre -getent group %{name} > /dev/null || %{_sbindir}/groupadd -r %{name} -exit 0 - -%post -%systemd_post %{name} - -%preun -%systemd_preun %{name} - -%postun -%systemd_postun_with_restart %{name} - -#------------------------------------------------------------------ - %package fish-completion -Summary: Fish completion files for Docker -Group: System/Kernel and hardware -Requires: %{name} = %{EVRD} -Recommends: fish -Provides: %{name}-io-fish-completion = %{EVRD} +Summary: fish completion files for Docker +Requires: %{repo} = %{EVRD} +Provides: %{repo}-io-fish-completion = %{EVRD} %description fish-completion This package installs %{summary}. -%files fish-completion -%doc README.md -%{_datadir}/fish/vendor_completions.d/%{name}.fish +%package unit-test +Summary: %{summary} - for running unit tests -#------------------------------------------------------------------ +%description unit-test +%{summary} - for running unit tests. %package vim -Summary: Vim syntax highlighting files for Docker -Group: System/Kernel and hardware -Requires: %{name} = %{EVRD} +Summary: vim syntax highlighting files for Docker +Requires: %{repo} = %{EVRD} Requires: vim -Provides: %{name}-io-vim = %{EVRD} +Provides: %{repo}-io-vim = %{EVRD} %description vim This package installs %{summary}. -%files vim -%doc README.md -%{_datadir}/vim/vimfiles/ftdetect/%{name}file.vim -%{_datadir}/vim/vimfiles/syntax/%{name}file.vim - -#------------------------------------------------------------------ - %package zsh-completion -Summary: Zsh completion files for Docker -Group: System/Kernel and hardware -Requires: %{name} = %{EVRD} +Summary: zsh completion files for Docker +Requires: %{repo} = %{EVRD} Requires: zsh -Provides: %{name}-io-zsh-completion = %{EVRD} +Provides: %{repo}-io-zsh-completion = %{EVRD} %description zsh-completion This package installs %{summary}. -%files zsh-completion -%doc README.md -%{_datadir}/zsh/site-functions/_%{name} - -#------------------------------------------------------------------ - %prep -%setup -q -n %{name}-ce-%{version} -a10 -a11 +%autosetup -p1 -n moby-%{version} +tar xf %{SOURCE10} mv libnetwork-master libnetwork -mv tini-* tini +tar xf %{SOURCE11} +mv tini-%{tini_version} tini +tar xf %{SOURCE12} +tar xf %{SOURCE13} +mv buildx-%{buildx_version} buildx %build -# magic again -fake_gopath_pushd() { - mkdir -p "$(pwd)/src/${2%/*}" - rm -f "$(pwd)/src/$2" - ln -rsT "$1" "$(pwd)/src/$2" - pushd "$(pwd)/src/$2" >/dev/null -} - -fake_gopath_popd() { - popd >/dev/null -} - +mkdir -p GO/src/github.com/{docker,krallin} +ln -s $(pwd)/cli-%{version} GO/src/github.com/docker/cli +ln -s $(pwd)/libnetwork GO/src/github.com/docker/libnetwork +ln -s $(pwd)/tini GO/src/github.com/krallin/tini +ln -s $(pwd) GO/src/github.com/docker/docker export DOCKER_GITCOMMIT="%{shortcommit}" -mkdir -p src/github.com/%{name} -export GOPATH=%{_libdir}/golang:$(pwd) -# MAGIC HERE -ln -s ../../../components/cli src/github.com/%{name} -ln -s ../../../components/engine src/github.com/%{name}/%{name} +export DOCKER_CLI_EXPERIMENTAL=enabled +export TMP_GOPATH="$(pwd)/GO" +export GOPATH=%{gopath}:"$(pwd)/GO" + +# docker-init +cd tini + %cmake + %make_build tini-static +cd ../.. # dockerd -pushd components/engine - DOCKER_BUILDTAGS='seccomp journald' VERSION=%{version} hack/make.sh dynbinary -popd +export GO111MODULE=off +DOCKER_BUILDTAGS='selinux seccomp journald' VERSION=%{moby_version} hack/make.sh dynbinary -# docker cli -pushd components/cli - DISABLE_WARN_OUTSIDE_CONTAINER=1 make VERSION=%{version} dynbinary -popd +# docker-proxy +cd libnetwork + go build -ldflags='-linkmode=external' github.com/docker/libnetwork/cmd/proxy +cd .. -### docker proxy -fake_gopath_pushd libnetwork github.com/%{name}/libnetwork - go build -ldflags='-linkmode=external' github.com/%{name}/libnetwork/cmd/proxy -fake_gopath_popd - -### docker-init -fake_gopath_pushd tini github.com/krallin/tini - %cmake - %make tini-static -fake_gopath_popd +# cli +cd cli-%{version} + DISABLE_WARN_OUTSIDE_CONTAINER=1 make VERSION=%{moby_version} LDFLAGS="-linkmode=external" dynbinary +cd .. %install # install binaries install -d %{buildroot}%{_bindir} -install -p -m 755 components/cli/build/%{name}-linux-* %{buildroot}%{_bindir}/%{name} +install -p -m 755 cli-%{version}/build/docker-linux-* %{buildroot}%{_bindir}/docker install -d %{buildroot}%{_sbindir} -install -p -m 755 components/engine/bundles/dynbinary-daemon/%{name}d-%{version} %{buildroot}%{_sbindir}/%{name}d -install -p -m 755 libnetwork/proxy %{buildroot}%{_bindir}/%{name}-proxy -install -p -m 755 tini/build/tini-static %{buildroot}%{_bindir}/%{name}-init +install -p -m 755 bundles/dynbinary-daemon/dockerd-%{moby_version} %{buildroot}%{_sbindir}/dockerd +install -p -m 755 libnetwork/proxy %{buildroot}%{_bindir}/docker-proxy +install -p -m 755 tini/build/tini-static %{buildroot}%{_bindir}/docker-init # Place to store images -install -d %{buildroot}%{_localstatedir}/lib/%{name} +install -d %{buildroot}%{_var}/lib/docker + +install -d %{buildroot}%{_sysconfdir}/docker +# (tpg) we are using nftables +# (bero) but for reasons yet to be determined, that prevents containers +# from having net access -- allow them to keep using iptables for now +cat > %{buildroot}%{_sysconfdir}/docker/daemon.json << 'EOF' +{ + "iptables": true +} +EOF +install -D -p -m 755 %{SOURCE14} %{buildroot}%{_sysconfdir}/nftables/%{name}.nft # install bash completion install -d %{buildroot}%{_sysconfdir}/bash_completion.d -install -p -m 644 components/cli/contrib/completion/bash/%{name} %{buildroot}%{_sysconfdir}/bash_completion.d/%{name}.bash +install -p -m 644 cli-%{version}/contrib/completion/bash/docker %{buildroot}%{_sysconfdir}/bash_completion.d/docker.bash + +# install zsh completion +install -d %{buildroot}%{_datadir}/zsh/site-functions +install -p -m 644 cli-%{version}/contrib/completion/zsh/_docker %{buildroot}%{_datadir}/zsh/site-functions # install fish completion # create, install and own /usr/share/fish/vendor_completions.d until # upstream fish provides it install -dp %{buildroot}%{_datadir}/fish/vendor_completions.d -install -p -m 644 components/cli/contrib/completion/fish/%{name}.fish %{buildroot}%{_datadir}/fish/vendor_completions.d - -# install vim syntax highlighting -install -d %{buildroot}%{_datadir}/vim/vimfiles/{doc,ftdetect,syntax} -install -p -m 644 components/engine/contrib/syntax/vim/ftdetect/%{name}file.vim %{buildroot}%{_datadir}/vim/vimfiles/ftdetect -install -p -m 644 components/engine/contrib/syntax/vim/syntax/%{name}file.vim %{buildroot}%{_datadir}/vim/vimfiles/syntax - -# install zsh completion -install -d %{buildroot}%{_datadir}/zsh/site-functions -install -p -m 644 components/cli/contrib/completion/zsh/_%{name} %{buildroot}%{_datadir}/zsh/site-functions +install -p -m 644 cli-%{version}/contrib/completion/fish/%{repo}.fish %{buildroot}%{_datadir}/fish/vendor_completions.d # install udev rules install -d %{buildroot}%{_udevrulesdir} -install -p -m 644 components/engine/contrib/udev/80-%{name}.rules %{buildroot}%{_udevrulesdir} +install -p -m 644 contrib/udev/80-docker.rules %{buildroot}%{_udevrulesdir} # install storage dir -install -d -m 700 %{buildroot}%{_localstatedir}/lib/%{name} +install -d -m 700 %{buildroot}%{_var}/lib/docker # install systemd/init scripts install -d %{buildroot}%{_unitdir} install -p -m 644 %{SOURCE1} %{SOURCE7} %{buildroot}%{_unitdir} # for additional args install -d %{buildroot}%{_sysconfdir}/sysconfig/ -install -p -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/sysconfig/%{name} -install -p -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/sysconfig/%{name}-network -install -p -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sysconfig/%{name}-storage +install -p -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/sysconfig/%{repo} +install -p -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/sysconfig/%{repo}-network +install -p -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sysconfig/%{repo}-storage #network cleanup install -d %{buildroot}%{_sbindir} -install -p -m 755 %{SOURCE8} %{buildroot}%{_sbindir}/%{name}-network-cleanup +install -p -m 755 %{SOURCE8} %{buildroot}%{_sbindir}/docker-network-cleanup install -d %{buildroot}%{_presetdir} -cat > %{buildroot}%{_presetdir}/86-%{name}.preset << EOF -enable %{name}.socket +cat > %{buildroot}%{_presetdir}/86-docker.preset << EOF +enable docker.socket EOF install -d %{buildroot}%{_sysconfdir}/modules-load.d/ install -p -m 644 %{SOURCE9} %{buildroot}%{_sysconfdir}/modules-load.d/overlay.conf + +install -Dpm 644 %{SOURCE4} %{buildroot}%{_sysusersdir}/%{name}.conf + +#%%check +# This is completely unstable so I deactivate it for now. +#[ ! -w /run/%{repo}.sock ] || { + #mkdir test_dir + #pushd test_dir + #git clone https://github.com/lsm5/docker.git -b fedora-1.10 + #pushd %{repo} + #make test + #popd + #popd +#} + +%pre +%sysusers_create_package %{name} %{SOURCE4} + +%post +%systemd_post docker +if [ -e %{_sysconfdir}/sysconfig/nftables.conf ] && ! grep -q docker.nft %{_sysconfdir}/sysconfig/nftables.conf; then + printf '%s\n' 'include "/etc/nftables/docker.nft"' >> %{_sysconfdir}/sysconfig/nftables.conf +fi + +%preun +%systemd_preun docker + +%postun +%systemd_postun_with_restart docker +if [ $1 == 0 ] && [ -e %{_sysconfdir}/sysconfig/nftables.conf ]; then + sed -i -e '/docker\.nft/d' %{_sysconfdir}/sysconfig/nftables.conf +fi + +%files +%config(noreplace) %{_sysconfdir}/sysconfig/%{repo} +%config(noreplace) %{_sysconfdir}/sysconfig/%{repo}-network +%config(noreplace) %{_sysconfdir}/sysconfig/%{repo}-storage +%{_sysusersdir}/%{name}.conf +%dir %{_sysconfdir}/docker +%config(noreplace) %{_sysconfdir}/docker/daemon.json +%config(noreplace) %{_sysconfdir}/nftables/%{name}.nft +%{_bindir}/docker +%{_bindir}/docker-proxy +%{_bindir}/docker-init +%{_sbindir}/docker-network-cleanup +%{_sbindir}/dockerd +%{_presetdir}/86-docker.preset +%{_unitdir}/docker.service +%{_unitdir}/docker.socket +%dir %{_sysconfdir}/bash_completion.d +%{_sysconfdir}/bash_completion.d/docker.bash +%dir %{_var}/lib/docker +%dir %{_udevrulesdir} +%{_udevrulesdir}/80-docker.rules +%{_sysconfdir}/modules-load.d/overlay.conf + +%files fish-completion +%dir %{_datadir}/fish/vendor_completions.d/ +%{_datadir}/fish/vendor_completions.d/%{repo}.fish + +%files zsh-completion +%{_datadir}/zsh/site-functions/_%{repo}