pkgs/raven
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

move docker stuff here

Browse Source
This commit is contained in:
Raven 2024-02-21 17:40:51 +06:00
parent a1a19c553b
commit 7802ac7740
44 changed files with 3907 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
base/containerd/config.toml Normal file
View File

@ -0,0 +1,15 @@
#root = "/var/lib/containerd"
#state = "/run/containerd"
#subreaper = true
#oom_score = 0
#[grpc]
# address = "/run/containerd/containerd.sock"
# uid = 0
# gid = 0
#[debug]
# address = "/run/containerd/debug.sock"
# uid = 0
# gid = 0
# level = "info"

26
base/containerd/containerd-1.4.0-Update-path-to-use-packaged-daemon-executable-in-ser.patch Normal file
View File

@ -0,0 +1,26 @@
From b5190a190d133660b3bba2187c6b5186a1655224 Mon Sep 17 00:00:00 2001
From: Jamie Anderson <jamieand@amazon.com>
Date: Tue, 15 Sep 2020 17:40:30 +0000
Subject: [PATCH] Update path to use packaged daemon executable in service unit
Signed-off-by: Jamie Anderson <jamieand@amazon.com>
---
containerd.service | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/containerd.service b/containerd.service
index 38a345945..4e262acb3 100644
--- a/containerd.service
+++ b/containerd.service
@@ -21,7 +21,7 @@ After=network.target local-fs.target
#uncomment to enable the experimental sbservice (sandboxed) version of containerd/cri integration
#Environment="ENABLE_CRI_SANDBOXES=sandboxed"
ExecStartPre=-/sbin/modprobe overlay
-ExecStart=/usr/local/bin/containerd
+ExecStart=/usr/bin/containerd
Type=notify
Delegate=yes
--
2.40.1

308
base/containerd/containerd.spec Normal file
View File

@ -0,0 +1,308 @@
%bcond_with btrfs
%bcond_without seccomp
%bcond_without systemd
%define golang_set_gopath(d:) \
export GOPATH="%{-d:%{-d*}}%{!-d:$(pwd -P)}"; \
export PATH="$PATH:$GOPATH/bin"; \
export GO111MODULE=off
%define golang_init_gopath(d:) \
%{golang_set_gopath} \
rm -rf "${GOPATH}/"{src,pkg,bin} \
install -d "${GOPATH}"/{src,pkg,bin}
%define golang_src_path(p:) ${GOPATH:-.}/src/%{-p*}
%define gobuilddir %{golang_src_path}
%define golang_prep(p:s:S:) \
install -d "$GOPATH/src/%{-p*}" && \
tar -x %{-S:--strip-components=%{-S*}} -C "%{golang_src_path -p %{-p*}}" -f %{-s*}
%define golang_install(p:s:S:) %{golang_prep}\
go install %{-p*}
%define containerd_release 1.7.2
%define containerd_commit 0cae528dd6cb557f7201036e9f43420650207b58
%global containerd_short_sha %(c=%containerd_commit; echo ${c:0:7})
%define containerd_package github.com/containerd/containerd
%define containerd_src %{golang_src_path -p %containerd_package}
## Pre/Post release VCS metadata, for NVR when unmatched with a
## release tag.
# Update date to datestamp when containerd upstream data is bumped.
%global containerd_rpm_snapshot_date 20210617
%global containerd_rpm_snapshot_vcs git%{containerd_short_sha}
# Get the version bits before the dash or plus.
%global containerd_rpm_version %(r=%containerd_release; echo ${r%%%%-*})
# Pre/Post release suffix with VCS info embedded into release.
%global containerd_rpm_release_suffix .%{containerd_rpm_snapshot_date}.%{containerd_rpm_snapshot_vcs}
%global containerd_buildtags %{?containerd_buildtags} selinux
%if %{with btrfs}
%global containerd_buildtags %{?containerd_buildtags} btrfs
%else
%global containerd_buildtags %{?containerd_buildtags} no_btrfs
%endif
%if %{with seccomp}
%global containerd_buildtags %{?containerd_buildtags} seccomp
%endif
Name: containerd
Version: %{containerd_rpm_version}
Release: 1%{?dist}
# Upstream license specification: Apache-2.0
License: ASL 2.0
Summary: An industry-standard container runtime with an emphasis on simplicity, robustness and portability
Source0: https://%{containerd_package}/archive/%{containerd_commit}/containerd-%{containerd_release}-%{containerd_short_sha}.tar.gz
Source1: config.toml
Patch1000: containerd-1.4.0-Update-path-to-use-packaged-daemon-executable-in-ser.patch
# Runtime requirements
Requires: runc
%if %{with seccomp}
# Require the version of seccomp that we were built against.
%global seccomp_version %(pkg-config --modversion libseccomp 2>/dev/null || echo 0)
Requires: libseccomp%{?_isa} >= %{seccomp_version}
%endif
# container-selinux 2.120.0 adds necessary support for containerd-cri
Conflicts: container-selinux < 2.120.0
# Compilation requirements
BuildRequires: golang >= 1.18.3
BuildRequires: kernel-headers
BuildRequires: libselinux-devel
BuildRequires: go-rpm-macros
BuildRequires: systemd-rpm-macros
BuildRequires: go-md2man
%if %{with btrfs}
BuildRequires: btrfs-progs-devel
%endif
%if %{with seccomp}
BuildRequires: libseccomp-devel
%endif
%description
containerd is an industry-standard container runtime with an emphasis
on simplicity, robustness and portability. It is available as a daemon
for Linux and Windows, which can manage the complete container
lifecycle of its host system: image transfer and storage, container
execution and supervision, low-level storage and network attachments,
etc.
%package stress
License: ASL 2.0
Summary: stress test a containerd daemon
Requires: %{name} = %{version}-%{release}
%description stress
%{summary}.
%prep
%setup -c -T -n %{name}-%{version}-%{release}
%golang_init_gopath
%golang_prep -p %{containerd_package} -s %SOURCE0 -S 1
cd "%containerd_src"
%patch1000 -p1
%build
%golang_set_gopath
cd "%containerd_src"
export LDFLAGS="-X %{containerd_package}/version.Version=%{version} -X %{containerd_package}/version.Revision=%{containerd_commit} "
export BUILDTAGS="%{containerd_buildtags}"
for cmd in containerd containerd-shim containerd-shim-runc-v1 containerd-shim-runc-v2 containerd-stress ctr gen-manpages ; do
%gobuild -o %{gobuilddir}/bin/$cmd %{containerd_src}/cmd/$cmd
done
mkdir _man
go-md2man -in docs/man/containerd-config.8.md -out _man/containerd-config.8
go-md2man -in docs/man/containerd-config.toml.5.md -out _man/containerd-config.toml.5
%{gobuilddir}/bin/gen-manpages containerd.8 _man
%{gobuilddir}/bin/gen-manpages ctr.8 _man
rm %{gobuilddir}/bin/gen-manpages
%check
%golang_set_gopath
export BUILDTAGS="%{containerd_buildtags}"
# Run scoped unit tests - skips some if not running as root.
%if %{without btrfs}
# We want to build/run tests the same way we build the binaries
export EXTRA_TESTFLAGS="-tags='%{containerd_buildtags}'"
%endif
make -C %{containerd_src} test
%install
%golang_set_gopath
# Install containerd binaries
install -d %{buildroot}%{_bindir}
install -p %{gobuilddir}/bin/* %{buildroot}%{_bindir}/
install -d %{buildroot}%{_mandir}/man{5,8}
install -p -m 644 %{containerd_src}/_man/*.5 %{buildroot}%{_mandir}/man5/
install -p -m 644 %{containerd_src}/_man/*.8 %{buildroot}%{_mandir}/man8/
install -D -p -m 0644 %{S:1} %{buildroot}%{_sysconfdir}/containerd/config.toml
%if %{with systemd}
install -D -p -m 644 %{containerd_src}/containerd.service %{buildroot}%{_unitdir}/containerd.service
%endif
install -d %{buildroot}%{_localstatedir}/lib/containerd
%if 0%{?amzn} == 2
# On a fresh install of container-selinux, or updating from selinux-policy in
# amzn2-core to one that more closely tracks upstream, we need to relabel critical
# files to pick up changes to file_contexts introduced by those packages.
%define selinux_relabel_paths %{_bindir}/ctr %{_bindir}/containerd %{_bindir}/containerd-shim* %{_sysconfdir}/containerd/config.toml %{_localstatedir}/lib/containerd
%define do_selinux_relabel() /usr/sbin/selinuxenabled && /usr/sbin/restorecon -r %*
%triggerin -- container-selinux
if [ $1 -eq 1 ]; then # new install, not update
%{do_selinux_relabel} %{selinux_relabel_paths} ||:
fi
%triggerun -- selinux-policy < 3.13.1-266
if [ $1 -eq 1 ]; then # update, not uninstall
%{do_selinux_relabel} %{selinux_relabel_paths} ||:
fi
%triggerin stress -- container-selinux
if [ $1 -eq 1 ]; then # new install, not update
%{do_selinux_relabel} %{_bindir}/containerd-stress ||:
fi
%triggerun stress -- selinux-policy < 3.13.1-266
if [ $1 -eq 1 ]; then # update, not uninstall
%{do_selinux_relabel} %{_bindir}/containerd-stress ||:
fi
%endif
%files
%license src/github.com/containerd/containerd/LICENSE
%doc src/github.com/containerd/containerd/README.md
%{_bindir}/ctr
%{_bindir}/containerd
%{_bindir}/containerd-shim
%{_bindir}/containerd-shim-runc-v1
%{_bindir}/containerd-shim-runc-v2
%config(noreplace) %{_sysconfdir}/containerd/config.toml
%dir %{_localstatedir}/lib/containerd
%if %{with systemd}
%{_unitdir}/containerd.service
%endif
%{_mandir}/man5/containerd-config.toml.5*
%{_mandir}/man8/containerd-config.8*
%{_mandir}/man8/containerd.8*
%{_mandir}/man8/ctr.8*
%files stress
%{_bindir}/containerd-stress
%post
%if %{with systemd}
%systemd_post containerd
%endif
%preun
%if %{with systemd}
%systemd_preun containerd
%endif
%postun
%if %{with systemd}
%systemd_postun_with_restart containerd
%endif
%changelog
* Thu Jul 06 2023 Lucas Meneghel <lmr@amazon.com> - 1.7.2-1.amzn2023.0.1
- containerd: Update to upstream 1.7.2
- Dropped patches that are included with the new version
* Fri Mar 17 2023 Sonia Xu <sonix@amazon.com> - 1.6.19-1.amzn2023.0.1
- Update to v1.6.19
- Update patch to apply properly
* Tue Mar 14 2023 Sai Harsha <ssuryad@amazon.com> - 1.6.8-2.amzn2023.0.4
- Fix CVE-2022-1996
* Mon Jan 30 2023 Stewart Smith <trawets@amazon.com> - 1.6.8-2.amzn2023.0.3
- Mass rebuild for AL2023
* Tue Dec 20 2022 Chanchal Mathew <chancham@amazon.com> - 1.6.8-2.amzn2022.0.2
- Rebuild for CVE-2022-2879, CVE-2022-41715, CVE-2022-41716 in golang
* Tue Oct 11 2022 Chanchal Mathew <chancham@amazon.com> - 1.6.8-2
- Fix FTBFS
* Tue Oct 04 2022 Chanchal Mathew <chancham@amazon.com> - 1.6.8-1
- Update to 1.6.8 from upstream
* Mon Oct 03 2022 Stewart Smith <trawets@amazon.com> - 1.6.6-1.amzn2022.0.3
- AL2022 pre-GA mass rebuild
* Wed Sep 28 2022 Mansi Jaitly <mjaitly@amazon.com> - 1.6.6-1.amzn2022.0.2
- Rebuild due to golang-1.19.1-1.amzn2022.0.1 update
* Fri Jul 22 2022 Stewart Smith <trawets@amazon.com> - 1.6.6-1.amzn2022.0.1
- build without btrfs on Amazon Linux
* Mon Jun 20 2022 Sai Harsha <ssuryad@amazon.com> - 1.6.6-1
- Update to 1.6.6 from upstream
- Remove patches included upstream since 1.4.13
* Tue May 31 2022 Sai Harsha <ssuryad@amazon.com> - 1.4.13-3
- Limit the response size of ExecSync
* Tue Mar 29 2022 Malcolm Inglis <miinglis@amazon.com> - 1.4.13-2
- Apply patch for CVE-2022-24769
* Tue Mar 29 2022 Malcolm Inglis <miinglis@amazon.com> - 1.4.13-1
- Update to 1.4.13 from upstream
- Update golang BuildRequires to 1.16.15
- Remove patches included upstream since 1.4.6
* Thu Feb 24 2022 Malcolm Inglis <miinglis@amazon.com> - 1.4.6-9
- Apply patch for CVE-2022-23648
* Wed Dec 08 2021 Paul Ezvan <paulezva@amazon.fr> - 1.4.6-8
- Build for AL2022
* Wed Nov 17 2021 Jamie Anderson <jamieand@amazon.com> - 1.4.6-7
- CVE-2021-41190
* Tue Nov 02 2021 Jamie Anderson <jamieand@amazon.com> - 1.4.6-5
- Fix typo in container-selinux Conflicts:
* Fri Oct 29 2021 Jamie Anderson <jamieand@amazon.com> - 1.4.6-4
- Add selinux to buildtags
- Conflict with container-selinux versions that don't have containerd-cri support
* Fri Sep 24 2021 Jamie Anderson <jamieand@amazon.com> - 1.4.6-3
- Apply patches for CVE-2021-41103
* Mon Jul 12 2021 Jamie Anderson <jamieand@amazon.com> - 1.4.6-2
- Apply patch for CVE-2021-32760
* Thu Jun 17 2021 Jamie Anderson <jamieand@amazon.com> - 1.4.6-1
- Update to 1.4.6 from upstream
* Thu Feb 25 2021 Jamie Anderson <jamieand@amazon.com> - 1.4.4-1
- Update to 1.4.4 from upstream
* Tue Nov 17 2020 Samuel Karp <skarp@amazon.com> - 1.4.1-2
- Apply patch for CVE-2020-15257
* Fri Nov 13 2020 Jamie Anderson <jamieand@amazon.com> - 1.4.1
- Update to 1.4.1 from upstream
* Wed Sep 23 2020 Jamie Anderson <jamieand@amazon.com> - 1.4.0
- Update to 1.4.0 from upstream
- Add triggers to relabel after container-selinux install
* Mon Feb 10 2020 Jamie Anderson <jamieand@amazon.com> - 1.3.2
- Update to 1.3.2 from upstream
* Mon May 13 2019 Jacob Vallejo <jakeev@amazon.com> - 1.2.6-1
- Initial packaging

7
base/docker/README-docker-runtimes.d Normal file
View File

@ -0,0 +1,7 @@
Users can add runtimes (in addition to runc) to Docker by adding executable
files in /etc/docker-runtimes.d.
The name of the file becomes the name of the runtime.
To disable an installed runtime file without RPM clobbering it and re-enabling
it on an update, remove the executable bits (chmod a-x).

54
base/docker/docker-20.10.17-Skip-kubeconfig-and-loadcontext-tests-that-require-root.patch Normal file
View File

@ -0,0 +1,54 @@
From 4c4d58519541008ef8982e1fcffe76c60e1389f5 Mon Sep 17 00:00:00 2001
From: Sai Harsha <ssuryad@amazon.com>
Date: Tue, 14 Jun 2022 06:39:31 +0000
Subject: [PATCH 1/1] Skip TestSaveLoadContexts and TestExportKubeconfig
Skipping TestExportKubeconfig and TestSaveLoadContexts tests which require root access
---
cli/command/context/export-import_test.go | 2 ++
cli/context/kubernetes/endpoint_test.go | 2 ++
2 files changed, 4 insertions(+)
diff --git a/cli/command/context/export-import_test.go b/cli/command/context/export-import_test.go
index bf0cd88..6be9384 100644
--- a/cli/command/context/export-import_test.go
+++ b/cli/command/context/export-import_test.go
@@ -8,6 +8,7 @@ import (
"path/filepath"
"testing"
+ "github.com/docker/docker/testutil"
"github.com/docker/cli/cli/streams"
"gotest.tools/v3/assert"
)
@@ -71,6 +72,7 @@ func TestExportImportPipe(t *testing.T) {
}
func TestExportKubeconfig(t *testing.T) {
+ testutil.RequiresRoot(t)
contextFile := filepath.Join(t.TempDir(), "exported")
cli := makeFakeCli(t)
createTestContextWithKube(t, cli)
diff --git a/cli/context/kubernetes/endpoint_test.go b/cli/context/kubernetes/endpoint_test.go
index 89eeb9d..700e21e 100644
--- a/cli/context/kubernetes/endpoint_test.go
+++ b/cli/context/kubernetes/endpoint_test.go
@@ -5,6 +5,7 @@ import (
"os"
"testing"
+ "github.com/docker/docker/testutil"
"github.com/docker/cli/cli/context"
"github.com/docker/cli/cli/context/store"
"gotest.tools/v3/assert"
@@ -41,6 +42,7 @@ var testStoreCfg = store.NewConfig(
)
func TestSaveLoadContexts(t *testing.T) {
+ testutil.RequiresRoot(t)
store := store.New(t.TempDir(), testStoreCfg)
assert.NilError(t, save(store, testEndpoint("https://test", "test", nil, nil, nil, false), "raw-notls"))
assert.NilError(t, save(store, testEndpoint("https://test", "test", nil, nil, nil, true), "raw-notls-skip"))
--
2.32.0

112
base/docker/docker-20.10.4-Limit-logger-errors-logged-into-daemon-logs.patch Normal file
View File

@ -0,0 +1,112 @@
From fb5a9ec741c4a2246624b694d88db2e5fabc9118 Mon Sep 17 00:00:00 2001
From: Angel Velazquez <angelcar@amazon.com>
Date: Thu, 20 May 2021 16:59:30 -0700
Subject: [PATCH] Limit the rate at which logger errors are logged into daemon
logs
Logging to daemon logs every time there's an error with a log driver can be
problematic since daemon logs can grow rapidly, potentially exhausting disk
space.
Instead, it's preferable to limit the rate at which log driver errors are allowed
to be written. By default, this limit is 333 entries per second max.
Signed-off-by: Angel Velazquez <angelcar@amazon.com>
---
daemon/logger/copier.go | 6 ++----
daemon/logger/logger_error.go | 24 ++++++++++++++++++++++++
daemon/logger/ring.go | 12 ++----------
3 files changed, 28 insertions(+), 14 deletions(-)
create mode 100644 daemon/logger/logger_error.go
diff --git a/daemon/logger/copier.go b/daemon/logger/copier.go
index e2ee36c0987e..30c68ea364d2 100644
--- a/daemon/logger/copier.go
+++ b/daemon/logger/copier.go
@@ -126,8 +126,7 @@ func (c *Copier) copySrc(name string, src io.Reader) {
}
if logErr := c.dst.Log(msg); logErr != nil {
- logWritesFailedCount.Inc(1)
- logrus.Errorf("Failed to log msg %q for logger %s: %s", msg.Line, c.dst.Name(), logErr)
+ logDriverError(c.dst.Name(), string(msg.Line), logErr)
}
}
p += q + 1
@@ -159,8 +158,7 @@ func (c *Copier) copySrc(name string, src io.Reader) {
hasMorePartial = true
if logErr := c.dst.Log(msg); logErr != nil {
- logWritesFailedCount.Inc(1)
- logrus.Errorf("Failed to log msg %q for logger %s: %s", msg.Line, c.dst.Name(), logErr)
+ logDriverError(c.dst.Name(), string(msg.Line), logErr)
}
p = 0
n = 0
diff --git a/daemon/logger/logger_error.go b/daemon/logger/logger_error.go
new file mode 100644
index 000000000000..70f4311979c4
--- /dev/null
+++ b/daemon/logger/logger_error.go
@@ -0,0 +1,24 @@
+package logger
+
+import (
+ "github.com/sirupsen/logrus"
+ "golang.org/x/time/rate"
+)
+
+// Rates based on journald defaults of 10,000 messages in 30s.
+// reference: https://www.freedesktop.org/software/systemd/man/journald.conf.html#RateLimitIntervalSec=
+var logErrorLimiter = rate.NewLimiter(333, 333)
+
+// logDriverError logs errors produced by log drivers to the daemon logs. It also increments the logWritesFailedCount
+// metric.
+// Logging to the daemon logs is limited to 333 operations per second at most. If this limit is exceeded, the
+// logWritesFailedCount is still counted, but logging to the daemon logs is omitted in order to prevent disk saturation.
+func logDriverError(loggerName, msgLine string, logErr error) {
+ logWritesFailedCount.Inc(1)
+ if logErrorLimiter.Allow() {
+ logrus.WithError(logErr).
+ WithField("driver", loggerName).
+ WithField("message", msgLine).
+ Errorf("Error writing log message")
+ }
+}
diff --git a/daemon/logger/ring.go b/daemon/logger/ring.go
index b6432aed36f7..3b2652af63c1 100644
--- a/daemon/logger/ring.go
+++ b/daemon/logger/ring.go
@@ -4,8 +4,6 @@ import (
"errors"
"sync"
"sync/atomic"
-
- "github.com/sirupsen/logrus"
)
const (
@@ -104,10 +102,7 @@ func (r *RingLogger) Close() error {
}
if err := r.l.Log(msg); err != nil {
- logrus.WithField("driver", r.l.Name()).
- WithField("container", r.logInfo.ContainerID).
- WithError(err).
- Errorf("Error writing log message")
+ logDriverError(r.l.Name(), string(msg.Line), err)
logErr = true
}
}
@@ -128,10 +123,7 @@ func (r *RingLogger) run() {
return
}
if err := r.l.Log(msg); err != nil {
- logrus.WithField("driver", r.l.Name()).
- WithField("container", r.logInfo.ContainerID).
- WithError(err).
- Errorf("Error writing log message")
+ logDriverError(r.l.Name(), string(msg.Line), err)
}
}
}

47
base/docker/docker-20.10.4-Restore-containerd-dependency-restart-policy-and-nof.patch Normal file
View File

@ -0,0 +1,47 @@
From e2d3dd827bcca6cba9e0f2b869d872af07ff2999 Mon Sep 17 00:00:00 2001
From: Jamie Anderson <jamieand@amazon.com>
Date: Mon, 22 Mar 2021 20:33:57 +0000
Subject: [PATCH] Restore containerd dependency, restart policy, and nofile
settings to service file
Signed-off-by: Jamie Anderson <jamieand@amazon.com>
---
contrib/init/systemd/docker.service | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/contrib/init/systemd/docker.service b/contrib/init/systemd/docker.service
index 7e87245..1654f0b 100644
--- a/contrib/init/systemd/docker.service
+++ b/contrib/init/systemd/docker.service
@@ -1,7 +1,8 @@
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
-After=network-online.target docker.socket firewalld.service
+BindsTo=containerd.service
+After=network-online.target docker.socket firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket
@@ -17,7 +18,7 @@ ExecStartPre=/usr/libexec/docker/docker-setup-runtimes.sh
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock $OPTIONS $DOCKER_STORAGE_OPTIONS $DOCKER_ADD_RUNTIMES
ExecReload=/bin/kill -s HUP $MAINPID
-LimitNOFILE=1048576
+LimitNOFILE=infinity
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
@@ -31,7 +32,8 @@ Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
-Restart=on-failure
+RestartSec=2
+Restart=always
StartLimitBurst=3
StartLimitInterval=60s
--
2.31.0.rc2

33
base/docker/docker-20.10.4-Skip-auth-middleware-test.patch Normal file
View File

@ -0,0 +1,33 @@
From ff6ad03b4a9774b2a87c12445b31f54078c06b55 Mon Sep 17 00:00:00 2001
From: Jamie Anderson <jamieand@amazon.com>
Date: Thu, 4 Mar 2021 17:48:05 +0000
Subject: [PATCH] Skip auth/middleware test that creates sockets
Signed-off-by: Jamie Anderson <jamieand@amazon.com>
---
pkg/authorization/middleware_unix_test.go | 2 ++
1 file changed, 2 insertions(+)
diff --git a/pkg/authorization/middleware_unix_test.go b/pkg/authorization/middleware_unix_test.go
index 468cb59..b5e26ac 100644
--- a/pkg/authorization/middleware_unix_test.go
+++ b/pkg/authorization/middleware_unix_test.go
@@ -7,6 +7,7 @@ import (
"net/http"
"net/http/httptest"
"testing"
+ "github.com/docker/docker/testutil"
"github.com/docker/docker/pkg/plugingetter"
"gotest.tools/v3/assert"
@@ -14,6 +15,7 @@ import (
)
func TestMiddlewareWrapHandler(t *testing.T) {
+ testutil.RequiresRoot(t)
server := authZPluginTestServer{t: t}
server.start()
defer server.stop()
--
2.25.0.24.gbc7a3d4

53
base/docker/docker-20.10.4-Skip-btrfs-graphdriver-tests-if-not-root.patch Normal file
View File

@ -0,0 +1,53 @@
From 4d116f8caee01d47e344571c0fe4b805ae44e8d8 Mon Sep 17 00:00:00 2001
From: Jamie Anderson <jamieand@amazon.com>
Date: Fri, 19 Mar 2021 20:59:20 +0000
Subject: [PATCH] Skip btrfs graphdriver tests if not root
Signed-off-by: Jamie Anderson <jamieand@amazon.com>
---
daemon/graphdriver/btrfs/btrfs_test.go | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/daemon/graphdriver/btrfs/btrfs_test.go b/daemon/graphdriver/btrfs/btrfs_test.go
index b70e93b..c75960b 100644
--- a/daemon/graphdriver/btrfs/btrfs_test.go
+++ b/daemon/graphdriver/btrfs/btrfs_test.go
@@ -6,6 +6,7 @@ import (
"os"
"path"
"testing"
+ "github.com/docker/docker/testutil"
"github.com/docker/docker/daemon/graphdriver/graphtest"
)
@@ -13,22 +14,27 @@ import (
// This avoids creating a new driver for each test if all tests are run
// Make sure to put new tests between TestBtrfsSetup and TestBtrfsTeardown
func TestBtrfsSetup(t *testing.T) {
+ testutil.RequiresRoot(t)
graphtest.GetDriver(t, "btrfs")
}
func TestBtrfsCreateEmpty(t *testing.T) {
+ testutil.RequiresRoot(t)
graphtest.DriverTestCreateEmpty(t, "btrfs")
}
func TestBtrfsCreateBase(t *testing.T) {
+ testutil.RequiresRoot(t)
graphtest.DriverTestCreateBase(t, "btrfs")
}
func TestBtrfsCreateSnap(t *testing.T) {
+ testutil.RequiresRoot(t)
graphtest.DriverTestCreateSnap(t, "btrfs")
}
func TestBtrfsSubvolDelete(t *testing.T) {
+ testutil.RequiresRoot(t)
d := graphtest.GetDriver(t, "btrfs")
if err := d.CreateReadWrite("test", "", nil); err != nil {
t.Fatal(err)
--
2.31.0.rc2

102
base/docker/docker-20.10.4-Skip-builder-tests-that-require-root.patch Normal file
View File

@ -0,0 +1,102 @@
From 1f8ac5f2a45ccbedb0904f6ac938f94ea655c49a Mon Sep 17 00:00:00 2001
From: Jamie Anderson <jamieand@amazon.com>
Date: Wed, 3 Mar 2021 22:00:57 +0000
Subject: [PATCH] Skip builder tests that require root
Signed-off-by: Jamie Anderson <jamieand@amazon.com>
---
builder/dockerfile/internals_test.go | 5 +++++
builder/remotecontext/tarsum_test.go | 5 +++++
2 files changed, 10 insertions(+)
diff --git a/builder/dockerfile/internals_test.go b/builder/dockerfile/internals_test.go
index 5353167..5a68a39 100644
--- a/builder/dockerfile/internals_test.go
+++ b/builder/dockerfile/internals_test.go
@@ -5,6 +5,7 @@ import (
"os"
"runtime"
"testing"
+ "github.com/docker/docker/testutil"
"github.com/docker/docker/api/types"
"github.com/docker/docker/api/types/backend"
@@ -23,6 +24,7 @@ import (
)
func TestEmptyDockerfile(t *testing.T) {
+ testutil.RequiresRoot(t)
contextDir, cleanup := createTestTempDir(t, "", "builder-dockerfile-test")
defer cleanup()
@@ -32,6 +34,7 @@ func TestEmptyDockerfile(t *testing.T) {
}
func TestSymlinkDockerfile(t *testing.T) {
+ testutil.RequiresRoot(t)
contextDir, cleanup := createTestTempDir(t, "", "builder-dockerfile-test")
defer cleanup()
@@ -47,6 +50,7 @@ func TestSymlinkDockerfile(t *testing.T) {
}
func TestDockerfileOutsideTheBuildContext(t *testing.T) {
+ testutil.RequiresRoot(t)
contextDir, cleanup := createTestTempDir(t, "", "builder-dockerfile-test")
defer cleanup()
@@ -59,6 +63,7 @@ func TestDockerfileOutsideTheBuildContext(t *testing.T) {
}
func TestNonExistingDockerfile(t *testing.T) {
+ testutil.RequiresRoot(t)
contextDir, cleanup := createTestTempDir(t, "", "builder-dockerfile-test")
defer cleanup()
diff --git a/builder/remotecontext/tarsum_test.go b/builder/remotecontext/tarsum_test.go
index c6a417d..93643a5 100644
--- a/builder/remotecontext/tarsum_test.go
+++ b/builder/remotecontext/tarsum_test.go
@@ -5,6 +5,7 @@ import (
"os"
"path/filepath"
"testing"
+ "github.com/docker/docker/testutil"
"github.com/docker/docker/builder"
"github.com/docker/docker/pkg/archive"
@@ -23,6 +24,7 @@ func init() {
}
func TestCloseRootDirectory(t *testing.T) {
+ testutil.RequiresRoot(t)
contextDir, err := os.MkdirTemp("", "builder-tarsum-test")
defer os.RemoveAll(contextDir)
if err != nil {
@@ -44,6 +46,7 @@ func TestCloseRootDirectory(t *testing.T) {
}
func TestHashFile(t *testing.T) {
+ testutil.RequiresRoot(t)
contextDir, cleanup := createTestTempDir(t, "", "builder-tarsum-test")
defer cleanup()
@@ -69,6 +72,7 @@ func TestHashFile(t *testing.T) {
}
func TestHashSubdir(t *testing.T) {
+ testutil.RequiresRoot(t)
contextDir, cleanup := createTestTempDir(t, "", "builder-tarsum-test")
defer cleanup()
@@ -106,6 +110,7 @@ func TestHashSubdir(t *testing.T) {
}
func TestRemoveDirectory(t *testing.T) {
+ testutil.RequiresRoot(t)
contextDir, cleanup := createTestTempDir(t, "", "builder-tarsum-test")
defer cleanup()
--
2.25.0.24.gbc7a3d4

54
base/docker/docker-20.10.4-Skip-cli-tests-that-require-network.patch Normal file
View File

@ -0,0 +1,54 @@
From 29cf333688cf38c615f6a2c4dfc8a1fddbbbb4aa Mon Sep 17 00:00:00 2001
From: Jamie Anderson <jamieand@amazon.com>
Date: Wed, 3 Mar 2021 23:02:57 +0000
Subject: [PATCH] Skip cli tests that require network
Signed-off-by: Jamie Anderson <jamieand@amazon.com>
---
cli/command/image/pull_test.go | 2 ++
cli/command/image/push_test.go | 2 ++
2 files changed, 4 insertions(+)
diff --git a/cli/command/image/pull_test.go b/cli/command/image/pull_test.go
index b9d4970..bb7ce0e 100644
--- a/cli/command/image/pull_test.go
+++ b/cli/command/image/pull_test.go
@@ -6,6 +6,7 @@ import (
"io"
"strings"
"testing"
+ "github.com/docker/cli/testutil"
"github.com/docker/cli/internal/test"
"github.com/docker/cli/internal/test/notary"
@@ -16,6 +17,7 @@ import (
)
func TestNewPullCommandErrors(t *testing.T) {
+ testutil.SkipIfBuildroot(t)
testCases := []struct {
name string
args []string
diff --git a/cli/command/image/push_test.go b/cli/command/image/push_test.go
index 9636369..14bfbd2 100644
--- a/cli/command/image/push_test.go
+++ b/cli/command/image/push_test.go
@@ -5,6 +5,7 @@ import (
"io"
"strings"
"testing"
+ "github.com/docker/cli/testutil"
"github.com/docker/cli/internal/test"
"github.com/docker/docker/api/types"
@@ -13,6 +14,7 @@ import (
)
func TestNewPushCommandErrors(t *testing.T) {
+ testutil.SkipIfBuildroot(t)
testCases := []struct {
name string
args []string
--
2.25.0.24.gbc7a3d4

46
base/docker/docker-20.10.4-Skip-compression-tests-that-require-root.patch Normal file
View File

@ -0,0 +1,46 @@
From 4622551eb4d29bee8fb30290368a4cce5af56737 Mon Sep 17 00:00:00 2001
From: Jamie Anderson <jamieand@amazon.com>
Date: Fri, 19 Mar 2021 20:10:01 +0000
Subject: [PATCH] Skip compression tests that require root
Signed-off-by: Jamie Anderson <jamieand@amazon.com>
---
cli/command/image/build/context_test.go | 2 ++
cli/command/image/build_test.go | 1 +
2 files changed, 3 insertions(+)
diff --git a/cli/command/image/build/context_test.go b/cli/command/image/build/context_test.go
index f216978..1dbea0b 100644
--- a/cli/command/image/build/context_test.go
+++ b/cli/command/image/build/context_test.go
@@ -10,6 +10,7 @@ import (
"runtime"
"strings"
"testing"
+ "github.com/docker/cli/testutil"
"github.com/docker/docker/pkg/archive"
"github.com/docker/docker/pkg/fileutils"
@@ -173,6 +174,7 @@ func TestGetContextFromReaderString(t *testing.T) {
}
func TestGetContextFromReaderTar(t *testing.T) {
+ testutil.RequiresRoot(t)
contextDir := createTestTempDir(t)
createTestTempFile(t, contextDir, DefaultDockerfileName, dockerfileContents)
diff --git a/cli/command/image/build_test.go b/cli/command/image/build_test.go
index cef80a3..34014dd 100644
--- a/cli/command/image/build_test.go
+++ b/cli/command/image/build_test.go
@@ -27,6 +27,7 @@ import (
)
func TestRunBuildDockerfileFromStdinWithCompress(t *testing.T) {
+ testutil.RequiresRoot(t)
defer env.Patch(t, "DOCKER_BUILDKIT", "0")()
buffer := new(bytes.Buffer)
fakeBuild := newFakeBuild()
--
2.31.0.rc2

85
base/docker/docker-20.10.4-Skip-devmapper-tests-that-don-t-work-in-a-buildroot.patch Normal file
View File

@ -0,0 +1,85 @@
From 00faa3a1652a57c9f8f6ceeb930020680d3d5295 Mon Sep 17 00:00:00 2001
From: Jamie Anderson <jamieand@amazon.com>
Date: Tue, 2 Mar 2021 19:11:09 +0000
Subject: [PATCH] Skip devmapper tests that don't work in a buildroot
Signed-off-by: Jamie Anderson <jamieand@amazon.com>
---
daemon/graphdriver/devmapper/devmapper_test.go | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/daemon/graphdriver/devmapper/devmapper_test.go b/daemon/graphdriver/devmapper/devmapper_test.go
index afd6c5b..dc59dc5 100644
--- a/daemon/graphdriver/devmapper/devmapper_test.go
+++ b/daemon/graphdriver/devmapper/devmapper_test.go
@@ -8,6 +8,7 @@ import (
"os/exec"
"syscall"
"testing"
+ "github.com/docker/docker/testutil"
"time"
"github.com/docker/docker/daemon/graphdriver"
@@ -17,6 +18,10 @@ import (
)
func init() {
+ if _, err := os.Stat("/.initialized"); err == nil {
+ // Don't try to call initLoopbacks() in a buildroot
+ return nil
+ }
// Reduce the size of the base fs and loopback for the tests
defaultDataLoopbackSize = 300 * 1024 * 1024
defaultMetaDataLoopbackSize = 200 * 1024 * 1024
@@ -71,26 +76,32 @@ func getBaseLoopStats() (*syscall.Stat_t, error) {
// This avoids creating a new driver for each test if all tests are run
// Make sure to put new tests between TestDevmapperSetup and TestDevmapperTeardown
func TestDevmapperSetup(t *testing.T) {
+ testutil.SkipIfBuildroot(t)
graphtest.GetDriver(t, "devicemapper")
}
func TestDevmapperCreateEmpty(t *testing.T) {
+ testutil.SkipIfBuildroot(t)
graphtest.DriverTestCreateEmpty(t, "devicemapper")
}
func TestDevmapperCreateBase(t *testing.T) {
+ testutil.SkipIfBuildroot(t)
graphtest.DriverTestCreateBase(t, "devicemapper")
}
func TestDevmapperCreateSnap(t *testing.T) {
+ testutil.SkipIfBuildroot(t)
graphtest.DriverTestCreateSnap(t, "devicemapper")
}
func TestDevmapperTeardown(t *testing.T) {
+ testutil.SkipIfBuildroot(t)
graphtest.PutDriver(t)
}
func TestDevmapperReduceLoopBackSize(t *testing.T) {
+ testutil.SkipIfBuildroot(t)
tenMB := int64(10 * 1024 * 1024)
testChangeLoopBackSize(t, -tenMB, defaultDataLoopbackSize, defaultMetaDataLoopbackSize)
}
@@ -101,6 +112,7 @@ func TestDevmapperIncreaseLoopBackSize(t *testing.T) {
}
func testChangeLoopBackSize(t *testing.T, delta, expectDataSize, expectMetaDataSize int64) {
+ testutil.SkipIfBuildroot(t)
driver := graphtest.GetDriver(t, "devicemapper").(*graphtest.Driver).Driver.(*graphdriver.NaiveDiffDriver).ProtoDriver.(*Driver)
defer graphtest.PutDriver(t)
// make sure data or metadata loopback size are the default size
@@ -129,6 +141,7 @@ func testChangeLoopBackSize(t *testing.T, delta, expectDataSize, expectMetaDataS
// Make sure devices.Lock() has been release upon return from cleanupDeletedDevices() function
func TestDevmapperLockReleasedDeviceDeletion(t *testing.T) {
+ testutil.SkipIfBuildroot(t)
driver := graphtest.GetDriver(t, "devicemapper").(*graphtest.Driver).Driver.(*graphdriver.NaiveDiffDriver).ProtoDriver.(*Driver)
defer graphtest.PutDriver(t)
--
2.25.0.24.gbc7a3d4

32
base/docker/docker-20.10.4-Skip-distribution-tests-that-network.patch Normal file
View File

@ -0,0 +1,32 @@
From e880fb184cc9147cc9dd3387752c1ef8b3d20be2 Mon Sep 17 00:00:00 2001
From: Jamie Anderson <jamieand@amazon.com>
Date: Wed, 3 Mar 2021 21:20:24 +0000
Subject: [PATCH] Skip distribution tests that network
Signed-off-by: Jamie Anderson <jamieand@amazon.com>
---
distribution/xfer/transfer_test.go | 2 ++
1 file changed, 2 insertions(+)
diff --git a/distribution/xfer/transfer_test.go b/distribution/xfer/transfer_test.go
index f8f8e96..6764f17 100644
--- a/distribution/xfer/transfer_test.go
+++ b/distribution/xfer/transfer_test.go
@@ -3,12 +3,14 @@ package xfer // import "github.com/docker/docker/distribution/xfer"
import (
"sync/atomic"
"testing"
+ "github.com/docker/docker/testutil"
"time"
"github.com/docker/docker/pkg/progress"
)
func TestTransfer(t *testing.T) {
+ testutil.SkipIfBuildroot(t)
makeXferFunc := func(id string) DoFunc {
return func(progressChan chan<- progress.Progress, start <-chan struct{}, _ chan<- struct{}) Transfer {
select {
--
2.25.0.24.gbc7a3d4

160
base/docker/docker-20.10.4-Skip-engine-layer-tests.patch Normal file
View File

@ -0,0 +1,160 @@
From bad779d02c86a9cf6bdd3b376920093da9441739 Mon Sep 17 00:00:00 2001
From: Jamie Anderson <jamieand@amazon.com>
Date: Mon, 8 Mar 2021 19:27:36 +0000
Subject: [PATCH] Skip layer tests that require root
Signed-off-by: Jamie Anderson <jamieand@amazon.com>
---
layer/layer_test.go | 7 +++++++
layer/layer_unix_test.go | 2 ++
layer/migration_test.go | 3 +++
layer/mount_test.go | 4 ++++
4 files changed, 16 insertions(+)
diff --git a/layer/layer_test.go b/layer/layer_test.go
index 9199b9c..abd6bde 100644
--- a/layer/layer_test.go
+++ b/layer/layer_test.go
@@ -9,6 +9,7 @@ import (
"runtime"
"strings"
"testing"
+ "github.com/docker/docker/testutil"
"github.com/containerd/continuity/driver"
"github.com/docker/docker/daemon/graphdriver"
@@ -258,6 +259,7 @@ func assertLayerEqual(t *testing.T, l1, l2 Layer) {
}
func TestMountAndRegister(t *testing.T) {
+ testutil.RequiresRoot(t)
ls, _, cleanup := newTestStore(t)
defer cleanup()
@@ -299,6 +301,7 @@ func TestMountAndRegister(t *testing.T) {
}
func TestLayerRelease(t *testing.T) {
+ testutil.RequiresRoot(t)
// TODO Windows: Figure out why this is failing
if runtime.GOOS == "windows" {
t.Skip("Failing on Windows")
@@ -348,6 +351,7 @@ func TestLayerRelease(t *testing.T) {
}
func TestStoreRestore(t *testing.T) {
+ testutil.RequiresRoot(t)
// TODO Windows: Figure out why this is failing
if runtime.GOOS == "windows" {
t.Skip("Failing on Windows")
@@ -463,6 +467,7 @@ func TestStoreRestore(t *testing.T) {
}
func TestTarStreamStability(t *testing.T) {
+ testutil.RequiresRoot(t)
// TODO Windows: Figure out why this is failing
if runtime.GOOS == "windows" {
t.Skip("Failing on Windows")
@@ -656,6 +661,7 @@ func assertReferences(t *testing.T, references ...Layer) {
}
func TestRegisterExistingLayer(t *testing.T) {
+ testutil.RequiresRoot(t)
ls, _, cleanup := newTestStore(t)
defer cleanup()
@@ -692,6 +698,7 @@ func TestRegisterExistingLayer(t *testing.T) {
}
func TestTarStreamVerification(t *testing.T) {
+ testutil.RequiresRoot(t)
// TODO Windows: Figure out why this is failing
if runtime.GOOS == "windows" {
t.Skip("Failing on Windows")
diff --git a/layer/layer_unix_test.go b/layer/layer_unix_test.go
index 6830158..fc12af7 100644
--- a/layer/layer_unix_test.go
+++ b/layer/layer_unix_test.go
@@ -4,6 +4,7 @@ package layer // import "github.com/docker/docker/layer"
import (
"testing"
+ "github.com/docker/docker/testutil"
)
func graphDiffSize(ls Store, l Layer) (int64, error) {
@@ -18,6 +19,7 @@ func graphDiffSize(ls Store, l Layer) (int64, error) {
// Unix as Windows graph driver does not support Changes which is indirectly
// invoked by calling DiffSize on the driver
func TestLayerSize(t *testing.T) {
+ testutil.RequiresRoot(t)
ls, _, cleanup := newTestStore(t)
defer cleanup()
diff --git a/layer/migration_test.go b/layer/migration_test.go
index 2b5c330..1cb6d0d 100644
--- a/layer/migration_test.go
+++ b/layer/migration_test.go
@@ -9,6 +9,7 @@ import (
"path/filepath"
"runtime"
"testing"
+ "github.com/docker/docker/testutil"
"github.com/docker/docker/daemon/graphdriver"
"github.com/docker/docker/pkg/stringid"
@@ -41,6 +42,7 @@ func writeTarSplitFile(name string, tarContent []byte) error {
}
func TestLayerMigration(t *testing.T) {
+ testutil.RequiresRoot(t)
// TODO Windows: Figure out why this is failing
if runtime.GOOS == "windows" {
t.Skip("Failing on Windows")
@@ -177,6 +179,7 @@ func tarFromFilesInGraph(graph graphdriver.Driver, graphID, parentID string, fil
}
func TestLayerMigrationNoTarsplit(t *testing.T) {
+ testutil.RequiresRoot(t)
// TODO Windows: Figure out why this is failing
if runtime.GOOS == "windows" {
t.Skip("Failing on Windows")
diff --git a/layer/mount_test.go b/layer/mount_test.go
index 3c868b2..c2ea782 100644
--- a/layer/mount_test.go
+++ b/layer/mount_test.go
@@ -5,6 +5,7 @@ import (
"runtime"
"sort"
"testing"
+ "github.com/docker/docker/testutil"
"github.com/containerd/continuity/driver"
"github.com/docker/docker/pkg/archive"
@@ -12,6 +13,7 @@ import (
)
func TestMountInit(t *testing.T) {
+ testutil.RequiresRoot(t)
// TODO Windows: Figure out why this is failing
if runtime.GOOS == "windows" {
t.Skip("Failing on Windows")
@@ -71,6 +73,7 @@ func TestMountInit(t *testing.T) {
}
func TestMountSize(t *testing.T) {
+ testutil.RequiresRoot(t)
// TODO Windows: Figure out why this is failing
if runtime.GOOS == "windows" {
t.Skip("Failing on Windows")
@@ -120,6 +123,7 @@ func TestMountSize(t *testing.T) {
}
func TestMountChanges(t *testing.T) {
+ testutil.RequiresRoot(t)
// TODO Windows: Figure out why this is failing
if runtime.GOOS == "windows" {
t.Skip("Failing on Windows")
--
2.25.0.24.gbc7a3d4

33
base/docker/docker-20.10.4-Skip-get-source-mount.patch Normal file
View File

@ -0,0 +1,33 @@
From a7a12b2fcec36a5d60e60f87dc6808bdf012f4d8 Mon Sep 17 00:00:00 2001
From: Jamie Anderson <jamieand@amazon.com>
Date: Thu, 11 Mar 2021 21:40:57 +0000
Subject: [PATCH] Skip daemon/TestGetSourceMount in buildroot
Signed-off-by: Jamie Anderson <jamieand@amazon.com>
---
daemon/oci_linux_test.go | 2 ++
1 file changed, 2 insertions(+)
diff --git a/daemon/oci_linux_test.go b/daemon/oci_linux_test.go
index 890875a..f814dbc 100644
--- a/daemon/oci_linux_test.go
+++ b/daemon/oci_linux_test.go
@@ -5,6 +5,7 @@ import (
"os"
"path/filepath"
"testing"
+ "github.com/docker/docker/testutil"
containertypes "github.com/docker/docker/api/types/container"
"github.com/docker/docker/container"
@@ -180,6 +181,7 @@ func TestSysctlOverrideHost(t *testing.T) {
}
func TestGetSourceMount(t *testing.T) {
+ testutil.SkipIfBuildroot(t)
// must be able to find source mount for /
mnt, _, err := getSourceMount("/")
assert.NilError(t, err)
--
2.31.0.rc2

35
base/docker/docker-20.10.4-Skip-git-tests.patch Normal file
View File

@ -0,0 +1,35 @@
From 41d73e0b128e30ea17f5e319906846a9da2fcdd5 Mon Sep 17 00:00:00 2001
From: Jamie Anderson <jamieand@amazon.com>
Date: Fri, 19 Mar 2021 18:34:30 +0000
Subject: [PATCH] Skip git tests
These tests fail in a buildroot because they try to talk to GitHub
Signed-off-by: Jamie Anderson <jamieand@amazon.com>
---
cli/command/image/build_test.go | 2 ++
1 file changed, 2 insertions(+)
diff --git a/cli/command/image/build_test.go b/cli/command/image/build_test.go
index 4317a74..cef80a3 100644
--- a/cli/command/image/build_test.go
+++ b/cli/command/image/build_test.go
@@ -12,6 +12,7 @@ import (
"path/filepath"
"sort"
"testing"
+ "github.com/docker/cli/testutil"
"github.com/docker/cli/cli/streams"
"github.com/docker/cli/internal/test"
@@ -126,6 +127,7 @@ COPY data /data
// TODO: test "context selection" logic directly when runBuild is refactored
// to support testing (ex: docker/cli#294)
func TestRunBuildFromGitHubSpecialCase(t *testing.T) {
+ testutil.SkipIfBuildroot(t)
defer env.Patch(t, "DOCKER_BUILDKIT", "0")()
cmd := NewBuildCommand(test.NewFakeCli(&fakeClient{}))
// Clone a small repo that exists so git doesn't prompt for credentials
--
2.31.0.rc2

57
base/docker/docker-20.10.4-Skip-mutating-vfs-tests.patch Normal file
View File

@ -0,0 +1,57 @@
From 29304ba81dd3a600454c017d7720a608143d87a0 Mon Sep 17 00:00:00 2001
From: Jamie Anderson <jamieand@amazon.com>
Date: Tue, 2 Mar 2021 19:26:37 +0000
Subject: [PATCH] Skip mutating vfs tests
Signed-off-by: Jamie Anderson <jamieand@amazon.com>
---
daemon/graphdriver/vfs/vfs_test.go | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/daemon/graphdriver/vfs/vfs_test.go b/daemon/graphdriver/vfs/vfs_test.go
index 7c59ec3..9562959 100644
--- a/daemon/graphdriver/vfs/vfs_test.go
+++ b/daemon/graphdriver/vfs/vfs_test.go
@@ -4,6 +4,7 @@ package vfs // import "github.com/docker/docker/daemon/graphdriver/vfs"
import (
"testing"
+ "github.com/docker/docker/testutil"
"github.com/docker/docker/daemon/graphdriver/graphtest"
@@ -17,25 +18,31 @@ func init() {
// This avoids creating a new driver for each test if all tests are run
// Make sure to put new tests between TestVfsSetup and TestVfsTeardown
func TestVfsSetup(t *testing.T) {
+ testutil.SkipIfBuildroot(t)
graphtest.GetDriver(t, "vfs")
}
func TestVfsCreateEmpty(t *testing.T) {
+ testutil.SkipIfBuildroot(t)
graphtest.DriverTestCreateEmpty(t, "vfs")
}
func TestVfsCreateBase(t *testing.T) {
+ testutil.SkipIfBuildroot(t)
graphtest.DriverTestCreateBase(t, "vfs")
}
func TestVfsCreateSnap(t *testing.T) {
+ testutil.SkipIfBuildroot(t)
graphtest.DriverTestCreateSnap(t, "vfs")
}
func TestVfsSetQuota(t *testing.T) {
+ testutil.SkipIfBuildroot(t)
graphtest.DriverTestSetQuota(t, "vfs", false)
}
func TestVfsTeardown(t *testing.T) {
+ testutil.SkipIfBuildroot(t)
graphtest.PutDriver(t)
}
--
2.25.0.24.gbc7a3d4

57
base/docker/docker-20.10.4-Skip-mutating-volume-local-tests.patch Normal file
View File

@ -0,0 +1,57 @@
From cdaa60828f12a4e3f122e2120e57c6508456cb4d Mon Sep 17 00:00:00 2001
From: Jamie Anderson <jamieand@amazon.com>
Date: Wed, 3 Mar 2021 17:55:10 +0000
Subject: [PATCH] Skip mutating volume/local tests
Signed-off-by: Jamie Anderson <jamieand@amazon.com>
---
volume/local/local_test.go | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/volume/local/local_test.go b/volume/local/local_test.go
index 8045e87..12bc7d8 100644
--- a/volume/local/local_test.go
+++ b/volume/local/local_test.go
@@ -8,6 +8,7 @@ import (
"runtime"
"strings"
"testing"
+ "github.com/docker/docker/testutil"
"github.com/docker/docker/pkg/idtools"
"github.com/moby/sys/mountinfo"
@@ -31,6 +32,7 @@ func TestGetAddress(t *testing.T) {
}
func TestRemove(t *testing.T) {
+ testutil.RequiresRoot(t)
skip.If(t, runtime.GOOS == "windows", "FIXME: investigate why this test fails on CI")
rootDir, err := os.MkdirTemp("", "local-volume-test")
if err != nil {
@@ -74,6 +76,7 @@ func TestRemove(t *testing.T) {
}
func TestInitializeWithVolumes(t *testing.T) {
+ testutil.RequiresRoot(t)
rootDir, err := os.MkdirTemp("", "local-volume-test")
if err != nil {
t.Fatal(err)
@@ -106,6 +109,7 @@ func TestInitializeWithVolumes(t *testing.T) {
}
func TestCreate(t *testing.T) {
+ testutil.RequiresRoot(t)
rootDir, err := os.MkdirTemp("", "local-volume-test")
if err != nil {
t.Fatal(err)
@@ -277,6 +281,7 @@ func TestCreateWithOpts(t *testing.T) {
}
func TestRelaodNoOpts(t *testing.T) {
+ testutil.RequiresRoot(t)
rootDir, err := os.MkdirTemp("", "volume-test-reload-no-opts")
if err != nil {
t.Fatal(err)
--
2.25.0.24.gbc7a3d4

49
base/docker/docker-20.10.4-Skip-pkg-authorization-tests-that-create-sockets.patch Normal file
View File

@ -0,0 +1,49 @@
From 56221d3508e4e82f4fc51c17836609eb031af670 Mon Sep 17 00:00:00 2001
From: Jamie Anderson <jamieand@amazon.com>
Date: Wed, 3 Mar 2021 18:19:29 +0000
Subject: [PATCH] Skip pkg/authorization tests that create sockets
Signed-off-by: Jamie Anderson <jamieand@amazon.com>
---
pkg/authorization/authz_unix_test.go | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/pkg/authorization/authz_unix_test.go b/pkg/authorization/authz_unix_test.go
index 9b48986..0ac5e92 100644
--- a/pkg/authorization/authz_unix_test.go
+++ b/pkg/authorization/authz_unix_test.go
@@ -17,6 +17,7 @@ import (
"reflect"
"strings"
"testing"
+ "github.com/docker/docker/testutil"
"github.com/docker/docker/pkg/plugins"
"github.com/docker/go-connections/tlsconfig"
@@ -28,6 +29,7 @@ const (
)
func TestAuthZRequestPluginError(t *testing.T) {
+ testutil.RequiresRoot(t)
server := authZPluginTestServer{t: t}
server.start()
defer server.stop()
@@ -59,6 +61,7 @@ func TestAuthZRequestPluginError(t *testing.T) {
}
func TestAuthZRequestPlugin(t *testing.T) {
+ testutil.RequiresRoot(t)
server := authZPluginTestServer{t: t}
server.start()
defer server.stop()
@@ -91,6 +94,7 @@ func TestAuthZRequestPlugin(t *testing.T) {
}
func TestAuthZResponsePlugin(t *testing.T) {
+ testutil.RequiresRoot(t)
server := authZPluginTestServer{t: t}
server.start()
defer server.stop()
--
2.25.0.24.gbc7a3d4

20
base/docker/docker-20.10.4-Skip-pkg-idtools-tests-that-require-root.patch Normal file
View File

@ -0,0 +1,20 @@
Index: docker-ce-17.11.0-ce/pkg/idtools/idtools_unix_test.go
===================================================================
--- docker-ce-17.11.0-ce.orig/pkg/idtools/idtools_unix_test.go
+++ docker-ce-17.11.0-ce/pkg/idtools/idtools_unix_test.go
@@ -239,6 +239,7 @@ func delUser(t *testing.T, name string)
}
func TestParseSubidFileWithNewlinesAndComments(t *testing.T) {
+ RequiresRoot(t)
tmpDir, err := os.MkdirTemp("", "parsesubid")
if err != nil {
t.Fatal(err)
@@ -267,6 +268,7 @@ dockremap:231072:65536`
}
func TestGetRootUIDGID(t *testing.T) {
+ RequiresRoot(t)
uidMap := []IDMap{
{
ContainerID: 0,

32
base/docker/docker-20.10.4-Skip-pkg-sysinfo-tests-that-require-root.patch Normal file
View File

@ -0,0 +1,32 @@
From 34f63b7d07c0a1c9a8986c896ebbdf6ae131629f Mon Sep 17 00:00:00 2001
From: Jamie Anderson <jamieand@amazon.com>
Date: Wed, 3 Mar 2021 17:45:43 +0000
Subject: [PATCH] Skip pkg/sysinfo tests that require root
Signed-off-by: Jamie Anderson <jamieand@amazon.com>
---
pkg/sysinfo/sysinfo_linux_test.go | 2 ++
1 file changed, 2 insertions(+)
diff --git a/pkg/sysinfo/sysinfo_linux_test.go b/pkg/sysinfo/sysinfo_linux_test.go
index aa557c9..ffb4b70 100644
--- a/pkg/sysinfo/sysinfo_linux_test.go
+++ b/pkg/sysinfo/sysinfo_linux_test.go
@@ -6,12 +6,14 @@ import (
"path"
"path/filepath"
"testing"
+ "github.com/docker/docker/testutil"
"golang.org/x/sys/unix"
"gotest.tools/v3/assert"
)
func TestReadProcBool(t *testing.T) {
+ testutil.RequiresRoot(t)
tmpDir, err := os.MkdirTemp("", "test-sysinfo-proc")
assert.NilError(t, err)
defer os.RemoveAll(tmpDir)
--
2.25.0.24.gbc7a3d4

33
base/docker/docker-20.10.4-Skip-quota-tests.patch Normal file
View File

@ -0,0 +1,33 @@
From 6ff01f51e73537015d6ec9a182f6b740cea16e76 Mon Sep 17 00:00:00 2001
From: Jamie Anderson <jamieand@amazon.com>
Date: Thu, 4 Mar 2021 18:11:39 +0000
Subject: [PATCH] Skip quota tests that try to manage block devices
Signed-off-by: Jamie Anderson <jamieand@amazon.com>
---
quota/projectquota_test.go | 2 ++
1 file changed, 2 insertions(+)
diff --git a/quota/projectquota_test.go b/quota/projectquota_test.go
index 9bf5c29..4e1e9c2 100644
--- a/quota/projectquota_test.go
+++ b/quota/projectquota_test.go
@@ -8,6 +8,7 @@ import (
"os"
"path/filepath"
"testing"
+ "github.com/docker/docker/testutil"
"gotest.tools/v3/assert"
is "gotest.tools/v3/assert/cmp"
@@ -17,6 +18,7 @@ import (
const testQuotaSize = 10 * 1024 * 1024
func TestBlockDev(t *testing.T) {
+ testutil.SkipIfBuildroot(t)
if msg, ok := CanTestQuota(); !ok {
t.Skip(msg)
}
--
2.25.0.24.gbc7a3d4

41
base/docker/docker-20.10.4-Skip-volume-store-tests.patch Normal file
View File

@ -0,0 +1,41 @@
From de0a19b6da6b704d63e4c36586f120a6ee6b262a Mon Sep 17 00:00:00 2001
From: Jamie Anderson <jamieand@amazon.com>
Date: Wed, 10 Mar 2021 19:12:49 +0000
Subject: [PATCH] Skip volume store tests that require root
Signed-off-by: Jamie Anderson <jamieand@amazon.com>
---
volume/service/store_test.go | 3 +++
1 file changed, 3 insertions(+)
diff --git a/volume/service/store_test.go b/volume/service/store_test.go
index 5442f45..ef044d0 100644
--- a/volume/service/store_test.go
+++ b/volume/service/store_test.go
@@ -9,6 +9,7 @@ import (
"os"
"strings"
"testing"
+ "github.com/docker/docker/testutil"
"github.com/docker/docker/volume"
volumedrivers "github.com/docker/docker/volume/drivers"
@@ -288,6 +289,7 @@ func TestDefererencePluginOnCreateError(t *testing.T) {
}
func TestRefDerefRemove(t *testing.T) {
+ testutil.RequiresRoot(t)
t.Parallel()
driverName := "test-ref-deref-remove"
@@ -309,6 +311,7 @@ func TestRefDerefRemove(t *testing.T) {
}
func TestGet(t *testing.T) {
+ testutil.RequiresRoot(t)
t.Parallel()
driverName := "test-get"
--
2.31.0.rc2

22
base/docker/docker-20.10.4-fix-TestTarUntarWithXattr-failure-on-4.14+-kernel.patch Normal file
View File

@ -0,0 +1,22 @@
diff --git a/pkg/archive/archive_unix_test.go b/pkg/archive/archive_unix_test.go
index dc4e1fd..6fb8895 100644
--- a/pkg/archive/archive_unix_test.go
+++ b/pkg/archive/archive_unix_test.go
@@ -241,7 +241,7 @@ func TestTarUntarWithXattr(t *testing.T) {
err = os.WriteFile(filepath.Join(origin, "3"), []byte("will be ignored"), 0700)
assert.NilError(t, err)
// there is no known Go implementation of setcap/getcap with support for v3 file capability
- out, err := exec.Command("setcap", "cap_block_suspend+ep", filepath.Join(origin, "2")).CombinedOutput()
+ out, err := exec.Command("setcap", "cap_sys_nice+ep", filepath.Join(origin, "2")).CombinedOutput()
assert.NilError(t, err, string(out))
for _, c := range []Compression{
@@ -262,7 +262,7 @@ func TestTarUntarWithXattr(t *testing.T) {
}
out, err := exec.Command("getcap", filepath.Join(origin, "2")).CombinedOutput()
assert.NilError(t, err, string(out))
- assert.Check(t, is.Contains(string(out), "cap_block_suspend=ep"), "untar should have kept the 'security.capability' xattr")
+ assert.Check(t, is.Contains(string(out), "cap_sys_nice+ep"), "untar should have kept the 'security.capability' xattr")
}
}

43
base/docker/docker-20.10.4-systemd-unit-runtimes.d.patch Normal file
View File

@ -0,0 +1,43 @@
From 414e5fb4ca7f14fae5ff57c4fb1fd64b77e9b733 Mon Sep 17 00:00:00 2001
From: Jamie Anderson <jamieand@amazon.com>
Date: Fri, 12 Mar 2021 17:10:08 +0000
Subject: [PATCH] Support /etc/docker-runtimes.d
Reworked for docker 20.10.4
Original patch message:
From 77efbceb6f074900c72855af903b63685803bc59 Mon Sep 17 00:00:00 2001
From: Jacob Vallejo <jakeev@amazon.com>
Date: Mon, 23 Sep 2019 15:58:38 -0700
Subject: [PATCH] Support /etc/docker-runtimes.d
Use additional configured runtimes by evaluating their configs and
subsequently providing any necessary configuration flags to the docker
daemon at startup.
Signed-off-by: Jamie Anderson <jamieand@amazon.com>
---
contrib/init/systemd/docker.service | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/contrib/init/systemd/docker.service b/contrib/init/systemd/docker.service
index d76aee3..7e87245 100644
--- a/contrib/init/systemd/docker.service
+++ b/contrib/init/systemd/docker.service
@@ -9,10 +9,13 @@ Requires=docker.socket
Type=notify
EnvironmentFile=-/etc/sysconfig/docker
EnvironmentFile=-/etc/sysconfig/docker-storage
+EnvironmentFile=-/run/docker/runtimes.env
+ExecStartPre=/bin/mkdir -p /run/docker
+ExecStartPre=/usr/libexec/docker/docker-setup-runtimes.sh
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
-ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock $OPTIONS $DOCKER_STORAGE_OPTIONS
+ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock $OPTIONS $DOCKER_STORAGE_OPTIONS $DOCKER_ADD_RUNTIMES
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=1048576
# Having non-zero Limit*s causes performance problems due to accounting overhead
--
2.31.0.rc2

40
base/docker/docker-20.10.4-systemd-unit-sysconfig.patch Normal file
View File

@ -0,0 +1,40 @@
From 863e370fa7b6abffe839ba405b72f409116ad677 Mon Sep 17 00:00:00 2001
From: Jamie Anderson <jamieand@amazon.com>
Date: Wed, 10 Mar 2021 19:25:02 +0000
Subject: [PATCH] Support the use of sysconfig envvars in unit
Reworked for 20.10.4
Original patch message:
From: Jacob Vallejo <jakeev@amazon.com>
Date: Mon, 23 Sep 2019 15:55:53 -0700
Subject: [PATCH] Support the use of sysconfig envvars in unit
Environment variables may be conventionally configured here and are
wired up into the startup of docker if they are provided.
Signed-off-by: Jamie Anderson <jamieand@amazon.com>
---
contrib/init/systemd/docker.service | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/contrib/init/systemd/docker.service b/contrib/init/systemd/docker.service
index 5174631..a92685e 100644
--- a/contrib/init/systemd/docker.service
+++ b/contrib/init/systemd/docker.service
@@ -7,10 +7,12 @@ Requires=docker.socket
[Service]
Type=notify
+EnvironmentFile=-/etc/sysconfig/docker
+EnvironmentFile=-/etc/sysconfig/docker-storage
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
-ExecStart=/usr/bin/dockerd -H fd://
+ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock $OPTIONS $DOCKER_STORAGE_OPTIONS
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=1048576
# Having non-zero Limit*s causes performance problems due to accounting overhead
--
2.31.0.rc2

29
base/docker/docker-20.10.4-sysvinit-add-storage-opts.patch Normal file
View File

@ -0,0 +1,29 @@
Index: docker-20.10.4/contrib/init/sysvinit-redhat/docker
===================================================================
--- docker-20.10.4.orig/contrib/init/sysvinit-redhat/docker
+++ docker-20.10.4/contrib/init/sysvinit-redhat/docker
@@ -30,6 +30,15 @@ lockfile="/var/lock/subsys/$prog"
logfile="/var/log/$prog"
[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
+[ -e /etc/sysconfig/${prog}-storage ] && . /etc/sysconfig/${prog}-storage
+
+# Additional start options for the Docker daemon can
+# be defined in the $OPTIONS variable in /etc/sysconfig/docker,
+# which is also the variable name referenced by the systemd unit.
+# If $OPTIONS is not defined, we set it to the value of $other_args,
+# which is the variable name expected by the upstream sysvinit script.
+OPTIONS="${OPTIONS:-${other_args}}"
+
prestart() {
service cgconfig status > /dev/null
@@ -56,7 +65,7 @@ start() {
prestart
printf "Starting $prog:\t"
echo "\n$(date)\n" >> $logfile
- "$unshare" -m -- nohup $exec $other_args >> $logfile 2>&1 &
+ "$unshare" -m -- nohup $exec ${OPTIONS} ${DOCKER_STORAGE_OPTIONS} >> $logfile 2>&1 &
pid=$!
touch $lockfile
# wait up to 10 seconds for the pidfile to exist. see

26
base/docker/docker-20.10.4-sysvinit-configurable-start-timeout.patch Normal file
View File

@ -0,0 +1,26 @@
Index: docker-20.10.4/contrib/init/sysvinit-redhat/docker
===================================================================
--- docker-20.10.4.orig/contrib/init/sysvinit-redhat/docker
+++ docker-20.10.4/contrib/init/sysvinit-redhat/docker
@@ -41,6 +41,9 @@ logfile="/var/log/$prog"
# which is the variable name expected by the upstream sysvinit script.
OPTIONS="${OPTIONS:-${other_args}}"
+# How many seconds to wait for the pidfile to appear after starting the daemon.
+# The default value from upstream is 10.
+DAEMON_PIDFILE_TIMEOUT="${DAEMON_PIDFILE_TIMEOUT:-10}"
prestart() {
service cgconfig status > /dev/null
@@ -70,10 +73,8 @@ start() {
"$unshare" -m -- nohup $exec ${OPTIONS} ${DOCKER_STORAGE_OPTIONS} >> $logfile 2>&1 &
pid=$!
touch $lockfile
- # wait up to 10 seconds for the pidfile to exist. see
- # https://github.com/docker/docker/issues/5359
tries=0
- while [ ! -f $pidfile -a $tries -lt 10 ]; do
+ while [ ! -f $pidfile -a $tries -lt ${DAEMON_PIDFILE_TIMEOUT} ]; do
sleep 1
tries=$((tries + 1))
echo -n '.'

13
base/docker/docker-20.10.4-sysvinit-increase-daemon-maxfiles.patch Normal file
View File

@ -0,0 +1,13 @@
Index: docker-20.10.4/contrib/init/sysvinit-redhat/docker
===================================================================
--- docker-20.10.4.orig/contrib/init/sysvinit-redhat/docker
+++ docker-20.10.4/contrib/init/sysvinit-redhat/docker
@@ -32,6 +32,8 @@ logfile="/var/log/$prog"
[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
[ -e /etc/sysconfig/${prog}-storage ] && . /etc/sysconfig/${prog}-storage
+[ -n "${DAEMON_MAXFILES}" ] && ulimit -n "${DAEMON_MAXFILES}"
+
# Additional start options for the Docker daemon can
# be defined in the $OPTIONS variable in /etc/sysconfig/docker,
# which is also the variable name referenced by the systemd unit.

13
base/docker/docker-20.10.4-sysvinit-stop-before-network.patch Normal file
View File

@ -0,0 +1,13 @@
Index: docker-20.10.4/contrib/init/sysvinit-redhat/docker
===================================================================
--- docker-20.10.4.orig/contrib/init/sysvinit-redhat/docker
+++ docker-20.10.4/contrib/init/sysvinit-redhat/docker
@@ -4,7 +4,7 @@
#
# Daemon for docker.com
#
-# chkconfig: 2345 95 95
+# chkconfig: 2345 95 05
# description: Daemon for docker.com
### BEGIN INIT INFO

13
base/docker/docker-20.10.4-sysvinit-use-nohup.patch Normal file
View File

@ -0,0 +1,13 @@
Index: docker-20.10.4/contrib/init/sysvinit-redhat/docker
===================================================================
--- docker-20.10.4.orig/contrib/init/sysvinit-redhat/docker
+++ docker-20.10.4/contrib/init/sysvinit-redhat/docker
@@ -56,7 +56,7 @@ start() {
prestart
printf "Starting $prog:\t"
echo "\n$(date)\n" >> $logfile
- "$unshare" -m -- $exec $other_args >> $logfile 2>&1 &
+ "$unshare" -m -- nohup $exec $other_args >> $logfile 2>&1 &
pid=$!
touch $lockfile
# wait up to 10 seconds for the pidfile to exist. see

96
base/docker/docker-20.10.7-Add-test-skip-helpers-to-cli.patch Normal file
View File

@ -0,0 +1,96 @@
From f8f7e0d380488665cb77d8213d816bfdeeb7a252 Mon Sep 17 00:00:00 2001
From: Jamie Anderson <jamieand@amazon.com>
Date: Wed, 18 Aug 2021 22:33:15 +0000
Subject: [PATCH] Add test skip helpers to cli/testutil
Signed-off-by: Jamie Anderson <jamieand@amazon.com>
---
testutil/helpers.go | 14 ++++++++++++++
testutil/helpers_unix.go | 34 ++++++++++++++++++++++++++++++++++
testutil/helpers_windows.go | 12 ++++++++++++
3 files changed, 60 insertions(+)
create mode 100644 testutil/helpers.go
create mode 100644 testutil/helpers_unix.go
create mode 100644 testutil/helpers_windows.go
diff --git a/testutil/helpers.go b/testutil/helpers.go
new file mode 100644
index 0000000..0eeff25
--- /dev/null
+++ b/testutil/helpers.go
@@ -0,0 +1,14 @@
+package testutil // import "github.com/docker/cli/testutil"
+
+import (
+ "flag"
+)
+
+// This variable and the init() function copied from
+// https://github.com/containerd/containerd/blob/master/pkg/testutil/helpers.go
+// Original Copyright The Containerd Authors. Licensed under the Apache License, Version 2.0.
+var rootEnabled bool
+
+func init() {
+ flag.BoolVar(&rootEnabled, "test.root", false, "enable tests that require root")
+}
diff --git a/testutil/helpers_unix.go b/testutil/helpers_unix.go
new file mode 100644
index 0000000..c846775
--- /dev/null
+++ b/testutil/helpers_unix.go
@@ -0,0 +1,34 @@
+// +build !windows
+
+package testutil
+
+import (
+ "os"
+ "testing"
+
+ "gotest.tools/v3/assert"
+)
+
+// This function was copied from
+// https://github.com/containerd/containerd/blob/master/pkg/testutil/helpers_unix.go
+// Original Copyright The Containerd Authors. Licensed under the Apache License, Version 2.0.
+// RequiresRoot skips tests that require root, unless the test.root flag has
+// been set
+func RequiresRoot(t testing.TB) {
+ if !rootEnabled {
+ t.Skip("skipping test that requires root")
+ }
+ assert.Equal(t, 0, os.Getuid(), "This test must be run as root.")
+}
+
+// This function is adapted from a previous patch applied by Amazon
+// The existence of /.initialized or /builddir is a marker that we're in a build chroot
+// Tests that perform filesystem operations, generate non-localhost network traffic,
+// and possibly other things, are likely to not work correctly
+func SkipIfBuildroot(t testing.TB) {
+ if _, err := os.Stat("/.initialized"); err == nil {
+ t.Skip("not appropriate for a buildroot environment")
+ } else if _, err := os.Stat("/builddir"); err == nil {
+ t.Skip("not appropriate for a buildroot environment")
+ }
+}
diff --git a/testutil/helpers_windows.go b/testutil/helpers_windows.go
new file mode 100644
index 0000000..aefeca0
--- /dev/null
+++ b/testutil/helpers_windows.go
@@ -0,0 +1,12 @@
+// +build windows
+
+package testutil
+
+import "testing"
+
+func RequiresRoot(t testing.TB) {
+}
+
+func SkipIfBuildroot(t testing.TB) {
+}
+
--
2.31.0.rc2

99
base/docker/docker-20.10.7-Add-test-skip-helpers-to-testutil.patch Normal file
View File

@ -0,0 +1,99 @@
From 021e33a5b2c3384243e3ae76444bb90006214f5a Mon Sep 17 00:00:00 2001
From: Jamie Anderson <jamieand@amazon.com>
Date: Wed, 18 Aug 2021 22:17:52 +0000
Subject: [PATCH] Add test skip helpers to testutil
Signed-off-by: Jamie Anderson <jamieand@amazon.com>
---
testutil/helpers.go | 10 ++++++++++
testutil/helpers_unix.go | 34 ++++++++++++++++++++++++++++++++++
testutil/helpers_windows.go | 12 ++++++++++++
3 files changed, 56 insertions(+)
create mode 100644 testutil/helpers_unix.go
create mode 100644 testutil/helpers_windows.go
diff --git a/testutil/helpers.go b/testutil/helpers.go
index e522b5a..6de9de5 100644
--- a/testutil/helpers.go
+++ b/testutil/helpers.go
@@ -1,9 +1,19 @@
package testutil // import "github.com/docker/docker/testutil"
import (
+ "flag"
"io"
)
+// This variable and the init() function copied from
+// https://github.com/containerd/containerd/blob/master/pkg/testutil/helpers.go
+// Original Copyright The Containerd Authors. Licensed under the Apache License, Version 2.0.
+var rootEnabled bool
+
+func init() {
+ flag.BoolVar(&rootEnabled, "test.root", false, "enable tests that require root")
+}
+
// DevZero acts like /dev/zero but in an OS-independent fashion.
var DevZero io.Reader = devZero{}
diff --git a/testutil/helpers_unix.go b/testutil/helpers_unix.go
new file mode 100644
index 0000000..c846775
--- /dev/null
+++ b/testutil/helpers_unix.go
@@ -0,0 +1,34 @@
+// +build !windows
+
+package testutil
+
+import (
+ "os"
+ "testing"
+
+ "gotest.tools/v3/assert"
+)
+
+// This function was copied from
+// https://github.com/containerd/containerd/blob/master/pkg/testutil/helpers_unix.go
+// Original Copyright The Containerd Authors. Licensed under the Apache License, Version 2.0.
+// RequiresRoot skips tests that require root, unless the test.root flag has
+// been set
+func RequiresRoot(t testing.TB) {
+ if !rootEnabled {
+ t.Skip("skipping test that requires root")
+ }
+ assert.Equal(t, 0, os.Getuid(), "This test must be run as root.")
+}
+
+// This function is adapted from a previous patch applied by Amazon
+// The existence of /.initialized or /builddir is a marker that we're in a build chroot
+// Tests that perform filesystem operations, generate non-localhost network traffic,
+// and possibly other things, are likely to not work correctly
+func SkipIfBuildroot(t testing.TB) {
+ if _, err := os.Stat("/.initialized"); err == nil {
+ t.Skip("not appropriate for a buildroot environment")
+ } else if _, err := os.Stat("/builddir"); err == nil {
+ t.Skip("not appropriate for a buildroot environment")
+ }
+}
diff --git a/testutil/helpers_windows.go b/testutil/helpers_windows.go
new file mode 100644
index 0000000..aefeca0
--- /dev/null
+++ b/testutil/helpers_windows.go
@@ -0,0 +1,12 @@
+// +build windows
+
+package testutil
+
+import "testing"
+
+func RequiresRoot(t testing.TB) {
+}
+
+func SkipIfBuildroot(t testing.TB) {
+}
+
--
2.31.0.rc2

41
base/docker/docker-20.10.7-Skip-overlay-tar-untar-test.patch Normal file
View File

@ -0,0 +1,41 @@
From fc8490a29aa87f81ad4a58c5b759317acb77876e Mon Sep 17 00:00:00 2001
From: Jamie Anderson <jamieand@amazon.com>
Date: Mon, 16 Aug 2021 17:21:38 +0000
Subject: [PATCH] Skip overlay/tar/untar test
Signed-off-by: Jamie Anderson <jamieand@amazon.com>
---
pkg/archive/archive_linux_test.go | 3 +++
1 file changed, 3 insertions(+)
diff --git a/pkg/archive/archive_linux_test.go b/pkg/archive/archive_linux_test.go
index 800fda6..08a196b 100644
--- a/pkg/archive/archive_linux_test.go
+++ b/pkg/archive/archive_linux_test.go
@@ -9,6 +9,7 @@ import (
"github.com/containerd/containerd/sys"
"github.com/docker/docker/pkg/system"
+ "github.com/docker/docker/testutil"
"golang.org/x/sys/unix"
"gotest.tools/v3/assert"
"gotest.tools/v3/skip"
@@ -87,6 +88,7 @@ func checkFileMode(t *testing.T, path string, perm os.FileMode) {
}
func TestOverlayTarUntar(t *testing.T) {
+ testutil.RequiresRoot(t)
oldmask, err := system.Umask(0)
assert.NilError(t, err)
defer system.Umask(oldmask)
@@ -126,6 +128,7 @@ func TestOverlayTarUntar(t *testing.T) {
}
func TestOverlayTarAUFSUntar(t *testing.T) {
+ testutil.RequiresRoot(t)
oldmask, err := system.Umask(0)
assert.NilError(t, err)
defer system.Umask(oldmask)
--
2.31.0.rc2

33
base/docker/docker-20.10.7-Skip-pkg-archive-tests-that-require-root.patch Normal file
View File

@ -0,0 +1,33 @@
From d099d78e4ac135ff2fcf24e08ad7573067b37a5a Mon Sep 17 00:00:00 2001
From: Jamie Anderson <jamieand@amazon.com>
Date: Mon, 16 Aug 2021 17:31:32 +0000
Subject: [PATCH] Skip pkg/archive tests that require root
Signed-off-by: Jamie Anderson <jamieand@amazon.com>
---
pkg/archive/changes_test.go | 2 ++
1 file changed, 2 insertions(+)
diff --git a/pkg/archive/changes_test.go b/pkg/archive/changes_test.go
index 0a2689d..490af6d 100644
--- a/pkg/archive/changes_test.go
+++ b/pkg/archive/changes_test.go
@@ -13,6 +13,7 @@ import (
"time"
"github.com/docker/docker/pkg/system"
+ "github.com/docker/docker/testutil"
"gotest.tools/v3/assert"
"gotest.tools/v3/skip"
)
@@ -187,6 +188,7 @@ func TestChangesWithChanges(t *testing.T) {
// See https://github.com/docker/docker/pull/13590
func TestChangesWithChangesGH13590(t *testing.T) {
+ testutil.RequiresRoot(t)
// TODO Windows. Needs further investigation to identify the failure
if runtime.GOOS == "windows" {
t.Skip("needs more investigation")
--
2.31.0.rc2

8
base/docker/docker-setup-runtimes.sh Normal file
View File

@ -0,0 +1,8 @@
#!/bin/sh
{
echo -n "DOCKER_ADD_RUNTIMES=\""
for file in /etc/docker-runtimes.d/*; do
[ -f "$file" ] && [ -x "$file" ] && echo -n "--add-runtime $(basename "$file")=$file "
done
echo "\""
} > /run/docker/runtimes.env

14
base/docker/docker-storage.sysconfig Normal file
View File

@ -0,0 +1,14 @@
# This file may be automatically generated by an installation program.
# By default, Docker uses a loopback-mounted sparse file in
# /var/lib/docker. The loopback makes it slower, and there are some
# restrictive defaults, such as 100GB max storage.
# If your installation did not set a custom storage for Docker, you
# may do it below.
# Example: Use a custom pair of raw logical volumes (one for metadata,
# one for data).
# DOCKER_STORAGE_OPTIONS="--storage-opt dm.metadatadev=/dev/myvg/my-docker-metadata --storage-opt dm.datadev=/dev/myvg/my-docker-data"
DOCKER_STORAGE_OPTIONS=

1578
base/docker/docker.spec Normal file
View File

File diff suppressed because it is too large Load Diff

13
base/docker/docker.sysconfig Normal file
View File

@ -0,0 +1,13 @@
# The max number of open files for the daemon itself, and all
# running containers. The default value of 1048576 mirrors the value
# used by the systemd service unit.
DAEMON_MAXFILES=1048576
# Additional startup options for the Docker daemon, for example:
# OPTIONS="--ip-forward=true --iptables=true"
# By default we limit the number of open files per container
OPTIONS="--default-ulimit nofile=32768:65536"
# How many seconds the sysvinit script waits for the pidfile to appear
# when starting the daemon.
DAEMON_PIDFILE_TIMEOUT=10

13
base/docker/no-private-mnt-namespace.patch Normal file
View File

@ -0,0 +1,13 @@
Index: docker-20.10.4/contrib/init/sysvinit-redhat/docker
===================================================================
--- docker-20.10.4.orig/contrib/init/sysvinit-redhat/docker
+++ docker-20.10.4/contrib/init/sysvinit-redhat/docker
@@ -70,7 +70,7 @@ start() {
prestart
printf "Starting $prog:\t"
echo "\n$(date)\n" >> $logfile
- "$unshare" -m -- nohup $exec ${OPTIONS} ${DOCKER_STORAGE_OPTIONS} >> $logfile 2>&1 &
+ nohup $exec ${OPTIONS} ${DOCKER_STORAGE_OPTIONS} >> $logfile 2>&1 &
pid=$!
touch $lockfile
tries=0

19
base/docker/runc-allow-git-sha-override.patch Normal file
View File

@ -0,0 +1,19 @@
Index: docker-ce-17.11.0-ce/components/engine/runc-69663f0bd4b60df09991c08812a60108003fa340/Makefile
===================================================================
--- docker-ce-17.11.0-ce.orig/components/engine/runc-69663f0bd4b60df09991c08812a60108003fa340/Makefile
+++ docker-ce-17.11.0-ce/components/engine/runc-69663f0bd4b60df09991c08812a60108003fa340/Makefile
@@ -12,8 +12,12 @@ GIT_BRANCH_CLEAN := $(shell echo $(GIT_B
RUNC_IMAGE := runc_dev$(if $(GIT_BRANCH_CLEAN),:$(GIT_BRANCH_CLEAN))
PROJECT := github.com/opencontainers/runc
BUILDTAGS := seccomp
-COMMIT_NO := $(shell git rev-parse HEAD 2> /dev/null || true)
-COMMIT := $(if $(shell git status --porcelain --untracked-files=no),"${COMMIT_NO}-dirty","${COMMIT_NO}")
+ifeq ($(GIT_COMMIT_OVERRIDE),)
+ COMMIT_NO := $(shell git rev-parse HEAD 2> /dev/null || true)
+ COMMIT := $(if $(shell git status --porcelain --untracked-files=no),"${COMMIT_NO}-dirty","${COMMIT_NO}")
+else
+ COMMIT := $(GIT_COMMIT_OVERRIDE)
+endif
MAN_DIR := $(CURDIR)/man/man8
MAN_PAGES = $(shell ls $(MAN_DIR)/*.8)

55
base/docker/tini-allow-git-sha-override.patch Normal file
View File

@ -0,0 +1,55 @@
Index: tini/CMakeLists.txt
===================================================================
--- a/tini/CMakeLists.txt
+++ b/tini/CMakeLists.txt
@@ -13,27 +13,32 @@ if(MINIMAL)
add_definitions(-DTINI_MINIMAL=1)
endif()
-# Extract git version and dirty-ness
-execute_process (
- COMMAND git --git-dir "${PROJECT_SOURCE_DIR}/.git" --work-tree "${PROJECT_SOURCE_DIR}" log -n 1 --date=local --pretty=format:%h
- WORKING_DIRECTORY "${PROJECT_SOURCE_DIR}"
- RESULT_VARIABLE git_version_check_ret
- OUTPUT_VARIABLE tini_VERSION_GIT
-)
-
-execute_process(
- COMMAND git --git-dir "${PROJECT_SOURCE_DIR}/.git" --work-tree "${PROJECT_SOURCE_DIR}" status --porcelain --untracked-files=no
- WORKING_DIRECTORY "${PROJECT_SOURCE_DIR}"
- OUTPUT_VARIABLE git_dirty_check_out
-)
+if("$ENV{GIT_COMMIT_OVERRIDE}" EQUAL "")
-if("${git_version_check_ret}" EQUAL 0)
- set(tini_VERSION_GIT " - git.${tini_VERSION_GIT}")
- if(NOT "${git_dirty_check_out}" STREQUAL "")
- set(tini_VERSION_GIT "${tini_VERSION_GIT}-dirty")
+ # Extract git version and dirty-ness
+ execute_process (
+ COMMAND git --git-dir "${PROJECT_SOURCE_DIR}/.git" --work-tree "${PROJECT_SOURCE_DIR}" log -n 1 --date=local --pretty=format:%h
+ WORKING_DIRECTORY "${PROJECT_SOURCE_DIR}"
+ RESULT_VARIABLE git_version_check_ret
+ OUTPUT_VARIABLE tini_VERSION_GIT
+ )
+
+ execute_process(
+ COMMAND git --git-dir "${PROJECT_SOURCE_DIR}/.git" --work-tree "${PROJECT_SOURCE_DIR}" status --porcelain --untracked-files=no
+ WORKING_DIRECTORY "${PROJECT_SOURCE_DIR}"
+ OUTPUT_VARIABLE git_dirty_check_out
+ )
+
+ if("${git_version_check_ret}" EQUAL 0)
+ set(tini_VERSION_GIT " - git.${tini_VERSION_GIT}")
+ if(NOT "${git_dirty_check_out}" STREQUAL "")
+ set(tini_VERSION_GIT "${tini_VERSION_GIT}-dirty")
+ endif()
+ else()
+ set(tini_VERSION_GIT "")
endif()
else()
- set(tini_VERSION_GIT "")
+ set(tini_VERSION_GIT " - git.$ENV{GIT_COMMIT_OVERRIDE}")
endif()
# Flags

248
base/libseccomp/libseccomp.spec Normal file
View File

@ -0,0 +1,248 @@
Name: libseccomp
Version: 2.5.3
Release: 1%{?dist}
Summary: Enhanced seccomp library
License: LGPLv2
URL: https://github.com/seccomp/libseccomp
Source0: %{url}/releases/download/v%{version}/%{name}-%{version}.tar.gz
BuildRequires: gcc
BuildRequires: gperf
BuildRequires: make
%ifnarch riscv64 s390
# Versions prior to 3.13.0-4 do not work on ARM with newer glibc 2.25.0-6
# See https://bugzilla.redhat.com/show_bug.cgi?id=1466017
BuildRequires: valgrind >= 1:3.13.0-4
%endif
%description
The libseccomp library provides an easy to use interface to the Linux Kernel's
syscall filtering mechanism, seccomp. The libseccomp API allows an application
to specify which syscalls, and optionally which syscall arguments, the
application is allowed to execute, all of which are enforced by the Linux
Kernel.
%package devel
Summary: Development files used to build applications with libseccomp support
Requires: %{name}%{?_isa} = %{version}-%{release}
%description devel
The libseccomp library provides an easy to use interface to the Linux Kernel's
syscall filtering mechanism, seccomp. The libseccomp API allows an application
to specify which syscalls, and optionally which syscall arguments, the
application is allowed to execute, all of which are enforced by the Linux
Kernel.
%package static
Summary: Enhanced seccomp static library
Requires: %{name}-devel%{?_isa} = %{version}-%{release}
%description static
The libseccomp library provides an easy to use interface to the Linux Kernel's
syscall filtering mechanism, seccomp. The libseccomp API allows an application
to specify which syscalls, and optionally which syscall arguments, the
application is allowed to execute, all of which are enforced by the Linux
Kernel.
%prep
%autosetup -p1
%build
%configure
%make_build
%install
mkdir -p %{buildroot}/%{_libdir}
mkdir -p %{buildroot}/%{_includedir}
mkdir -p %{buildroot}/%{_mandir}
%make_install
rm -f %{buildroot}/%{_libdir}/libseccomp.la
%check
%make_build check
%files
%license LICENSE
%doc CREDITS README.md CHANGELOG CONTRIBUTING.md
%{_libdir}/libseccomp.so.*
%files devel
%{_includedir}/seccomp.h
%{_includedir}/seccomp-syscalls.h
%{_libdir}/libseccomp.so
%{_libdir}/pkgconfig/libseccomp.pc
%{_bindir}/scmp_sys_resolver
%{_mandir}/man1/*
%{_mandir}/man3/*
%files static
%{_libdir}/libseccomp.a
%changelog
* Wed Feb 01 2023 Stewart Smith <trawets@amazon.com> - 2.5.3-1.amzn2023.0.2
- Mass rebuild for AL2023
* Sat Oct 01 2022 Stewart Smith <trawets@amazon.com> - 2.5.3-1.amzn2022.0.1
- AL2022 pre-GA mass rebuild
* Sat Nov 06 2021 Neal Gompa <ngompa@fedoraproject.org> - 2.5.3-1
- New upstream version (#2020824)
* Wed Nov 03 2021 Debarshi Ray <rishi@fedoraproject.org> - 2.5.2-1
- New upstream version (#1900097)
* Wed Nov 03 2021 Debarshi Ray <rishi@fedoraproject.org> - 2.5.1-1
- New upstream version (#1900097)
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Aug 05 2020 Neal Gompa <ngompa13@gmail.com> - 2.5.0-3
- Apply fixes to change internal handling of the notification fd (#1865802)
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Fri Jul 24 2020 Neal Gompa <ngompa13@gmail.com> - 2.5.0-1
- New upstream version (#1858965)
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Mon Dec 16 2019 Neal Gompa <ngompa13@gmail.com> - 2.4.2-2
- Modernize spec
- Backport fix for missing __SNR_ppoll symbol (#1777889)
- Refresh patch to build on aarch64 with upstream version
* Wed Nov 20 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.4.2-1
- New upstream version (#1765314)
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.1-1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Wed Apr 17 2019 Paul Moore <paul@paul-moore.com> - 2.4.1-0
- New upstream version
* Thu Mar 14 2019 Paul Moore <paul@paul-moore.com> - 2.4.0-0
- New upstream version
- Added a hack to workaround test failures (see %%check above)
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Wed Nov 07 2018 Paul Moore <paul@paul-moore.com> - 2.3.3-4
- Remove ldconfig scriptlet, thanks to James Antill (RHBZ #1644074)
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Wed Jan 10 2018 Paul Moore <pmoore@redhat.com> - 2.3.3-1
- New upstream version
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Thu Jun 29 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.3.2-3
- Re-enable valgrind-based tests on ARMv7
* Thu Jun 29 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.3.2-2
- Disable running valgrind-based tests on ARMv7 due to glibc/valgrind bug (RHBZ #1466017)
* Wed Mar 01 2017 Paul Moore <pmoore@redhat.com> -2.3.2-1
- New upstream version
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Wed Apr 20 2016 Paul Moore <pmoore@redhat.com> - 2.3.1-1
- Cleanup the changelog whitespace and escape the macros to make rpmlint happy
* Wed Apr 20 2016 Paul Moore <pmoore@redhat.com> - 2.3.1-0
- New upstream version
* Tue Mar 1 2016 Peter Robinson <pbrobinson@fedoraproject.org> 2.3.0-1
- No valgrind on s390
* Mon Feb 29 2016 Paul Moore <pmoore@redhat.com> - 2.3.0-0
- New upstream version
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.3-1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Wed Jul 08 2015 Paul Moore <pmoore@redhat.com> - 2.2.3-0
- New upstream version
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.1-1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Wed May 13 2015 Paul Moore <pmoore@redhat.com> - 2.2.1-0
- New upstream version
* Thu Feb 12 2015 Paul Moore <pmoore@redhat.com> - 2.2.0-0
- New upstream version
- Added aarch64 support
- Added a static build
* Thu Sep 18 2014 Paul Moore <pmoore@redhat.com> - 2.1.1-6
- Fully builds on i686, x86_64, and armv7hl (RHBZ #1106071)
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Fri Jul 18 2014 Tom Callaway <spot@fedoraproject.org> - 2.1.1-4
- fix license handling
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Thu Feb 27 2014 Paul Moore <pmoore@redhat.com> - 2.1.1-2
- Build with CFLAGS="${optflags}"
* Mon Feb 17 2014 Paul Moore <pmoore@redhat.com> - 2.1.1-1
- Removed the kernel dependency (RHBZ #1065572)
* Thu Oct 31 2013 Paul Moore <pmoore@redhat.com> - 2.1.1-0
- New upstream version
- Added a %%check procedure for self-test during build
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.0-1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Tue Jun 11 2013 Paul Moore <pmoore@redhat.com> - 2.1.0-0
- New upstream version
- Added support for the ARM architecture
- Added the scmp_sys_resolver tool
* Mon Jan 28 2013 Paul Moore <pmoore@redhat.com> - 2.0.0-0
- New upstream version
* Tue Nov 13 2012 Paul Moore <pmoore@redhat.com> - 1.0.1-0
- New upstream version with several important fixes
* Tue Jul 31 2012 Paul Moore <pmoore@redhat.com> - 1.0.0-0
- New upstream version
- Remove verbose build patch as it is no longer needed
- Enable _smp_mflags during build stage
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.1.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Tue Jul 10 2012 Paul Moore <pmoore@redhat.com> - 0.1.0-1
- Limit package to x86/x86_64 platforms (RHBZ #837888)
* Tue Jun 12 2012 Paul Moore <pmoore@redhat.com> - 0.1.0-0
- Initial version