raven/base/docker/docker.spec

# Globals are used to derive release details for Moby as it
# exists in its composite release repository at:
#
# https://github.com/moby/moby
#
# When updating this spec to package a new release, it's likely only
# these bits will need updating:
#
# Moby release version, eg: 18.09.6-ce
%global moby_version 20.10.25
# Moby repository commit for above version, eg: <40 char sha>
%global moby_commit 5df983c7dbe2f8914e6efd4dd6e0083a20c41ce1
# Moby targets a specific golang compiler, eg: 1.10.8
# 
# NOTE: this must match exactly with upstream as Docker is sensitive and closely
# tied to stdlib/runtime and its bugs/features of a given version.
%global moby_target_golang 1.19.9
# Moby designates not only the daemon, but also its
# dependencies. This package bundles libnetwork (for docker-proxy)
# and tini (as docker-init), specifying their commits in "installers",
# these commits should match the project's declared commits.
#
# hint: https://github.com/moby/moby/blob/master/hack/dockerfile/install/proxy.installer
%global moby_libnetwork_commit 05b93e0d3a95952f70c113b0bc5bdb538d7afdd7
#
# hint: https://github.com/moby/moby/blob/master/hack/dockerfile/install/tini.installer
%global moby_tini_commit de40ad007797e0dcd8b7126f27bb87401d224240
#
# We package the version of docker-cli that corresponds to the version of moby (the engine)
# Refer to: https://github.com/docker/cli/tags
# Note this is NOT the same as the version specified in
# https://github.com/moby/moby/blob/master/hack/dockerfile/install/dockercli.installer
# which is quite out-of-date.
%global docker_cli_commit b82b9f3a0e763304a250531cb9350aa6d93723c9
# buildx is a Docker CLI plugin for extended build capabilities 
# hint: https://github.com/docker/buildx
%global buildx_version v0.10.4
%global buildx_commit c513d34049e499c53468deac6c4267ee72948f02
# container restart policies require a version of libcgroup that supports the pids root
%global libcgroup_min_version 0.40.rc1-5.15

### bconds
%bcond_without systemd


# By default, include testing with some cases modified or removed for
# build time limitations.
%bcond_without tests

# Enable docker's seccomp integrations.
%bcond_without seccomp

# Assert that commits for docker's bundled projects match the
# committed Git SHAs.
%bcond_without strict_components # with

%bcond_with btrfs
%bcond_with aufs

### Golang helper macros

# Emit GOPATH settings inline.
%define golang_set_gopath(d:) \
export GOPATH="%{-d:%{-d*}}%{!-d:$(pwd -P)}"; \
export PATH="$PATH:$GOPATH/bin" \
export GO111MODULE=off

# Initialize a GOPATH for building golang packages.
%define golang_init_gopath(d:) \
%{golang_set_gopath} \
rm -rf "${GOPATH}/"{src,bin} \
install -d "${GOPATH}"/{src,pkg,bin}

# The ${GOPATH:-.} allows for use in the files section when $PWD is at
# the $GOPATH root.
%define golang_src_path(p:) ${GOPATH:-.}/src/%{-p*}

# Unpack a Source at conventional golang package path in $GOPATH - its
# import path.
%define golang_prep(p:s:S:) \
install -d "$GOPATH/src/%{-p*}" && \
tar -x %{-S:--strip-components=%{-S*}} -C "%{golang_src_path -p %{-p*}}" -f %{-s*}

### Docker derived data
# Component package collects the release sources for the daemon and
# the cli.
%global docker_component_package github.com/moby/moby
%global docker_component_src %{golang_src_path -p %docker_component_package}
%global docker_component_commit %moby_commit
# The componentized github.com/docker/docker
%global docker_package github.com/docker/docker
%global docker_src %{golang_src_path -p %docker_package}
%global docker_version %moby_version
%global docker_rpm_version %(sed 's/-//' <<< %docker_version)
%global docker_commit %docker_component_commit
%global docker_shortcommit %(c=%{docker_commit}; echo ${c:0:7})
# The componentized github.com/docker/cli package
%global docker_cli_package github.com/docker/cli
%global docker_cli_src %{golang_src_path -p %docker_cli_package}
%global docker_cli_version %docker_version
%global docker_cli_shortcommit %(c=%{docker_cli_commit}; echo ${c:0:7})
# The componentized github.com/docker/buildx package
%global buildx_package github.com/docker/buildx
%global buildx_src %{golang_src_path -p %buildx_package}
%global buildx_shortcommit %(c=%{buildx_commit}; echo ${c:0:7})

# Add buildtags appropriate for the package's build configuration.
%global build_tags %{?build_tags} selinux
%if %{with seccomp}
%global build_tags %{?build_tags} seccomp
%endif

%if %{without btrfs}
%global build_tags %{?build_tags} exclude_graphdriver_btrfs
%endif

%if %{without aufs}
%global build_tags %{?build_tags} exclude_graphdriver_aufs
%endif

%global apprundir %{_rundir}/docker
%global appconfdir %{_sysconfdir}/docker

### Components' derived data
# The commit SHAs for external, however bundled, components are
# defined in the installers for each (see the vars <NAME>_COMMIT for
# the SHAs).
%global docker_component_tree_url https://github.com/moby/moby/tree/%{docker_commit}/hack/dockerfile/install/

# libnetwork provides the docker-proxy binary.
%global libnetwork_package github.com/docker/libnetwork
%global libnetwork_src %{golang_src_path -p %libnetwork_package}
%global libnetwork_commit         %moby_libnetwork_commit
%global libnetwork_shortcommit    %(c=%{libnetwork_commit}; echo ${c:0:7})

# tini provides the "docker-init" binary
%global tini_package github.com/krallin/tini
%global tini_src %{golang_src_path -p %tini_package}
%global tini_commit               %moby_tini_commit
%global tini_shortcommit          %(c=%{tini_commit}; echo ${c:0:7})

Name:           docker
Version:        %{docker_rpm_version}
Release:        1%{?dist}
Summary:        Automates deployment of containerized applications
License:        ASL 2.0 and MIT and BSD and MPLv2.0 and WTFPL
URL:            http://www.docker.com
# Disable ix86 builds: https://github.com/docker/docker/issues/136
ExcludeArch:    %{ix86}

Source0:        https://%{docker_component_package}/archive/%{docker_commit}/docker-%{docker_version}.tar.gz
Source2:        docker.sysconfig
Source3:        docker-storage.sysconfig
Source6:        https://%{libnetwork_package}/archive/%{libnetwork_commit}/libnetwork-%{libnetwork_shortcommit}.tar.gz
Source7:        https://%{tini_package}/archive/%{tini_commit}/tini-%{tini_shortcommit}.tar.gz
Source9:        https://%{docker_cli_package}/archive/%{docker_cli_commit}/cli-%{docker_cli_version}.tar.gz
Source10:       https://%{buildx_package}/archive/refs/tags/%{buildx_version}.tar.gz

# Amazon-provided sources
# Scripts and other resources to support /etc/docker-runtimes.d
Source1001:     docker-setup-runtimes.sh
Source1002:     README-docker-runtimes.d

# Amazon-provided patches
Patch2001:      docker-20.10.4-sysvinit-use-nohup.patch
Patch2002:      docker-20.10.4-sysvinit-add-storage-opts.patch
Patch2004:      docker-20.10.4-sysvinit-increase-daemon-maxfiles.patch
Patch2007:      docker-20.10.4-sysvinit-stop-before-network.patch
# Allow users to control the timeout when waiting for the daemon to start
Patch2010:      docker-20.10.4-sysvinit-configurable-start-timeout.patch

# These patches disable tests that don't work in the AL AMI buildroot environment

# The graphdriver/devmapper tests try to create and mount a loopback fs
Patch2103:      docker-20.10.4-Skip-devmapper-tests-that-don-t-work-in-a-buildroot.patch
# Skip graphdriver/vfs tests that require root privileges and mutate the filesystem
Patch2104:      docker-20.10.4-Skip-mutating-vfs-tests.patch
# Skip pkg/sysinfo test that tries to write to /proc
Patch2108:      docker-20.10.4-Skip-pkg-sysinfo-tests-that-require-root.patch
# Skip volume/local tests that try to mutate the buildroot filesystem
Patch2109:      docker-20.10.4-Skip-mutating-volume-local-tests.patch
# Skip tests in pkg/authorization that try to create sockets without being root
Patch2113:      docker-20.10.4-Skip-pkg-authorization-tests-that-create-sockets.patch
# Skip tests in pkg/idtools that call mkdir outside the buildroot without privileges
# pkg/idtools has its own implementation of RequiresRoot()
Patch2114:      docker-20.10.4-Skip-pkg-idtools-tests-that-require-root.patch
# Skip tests in distribution that generate network traffic
Patch2115:      docker-20.10.4-Skip-distribution-tests-that-network.patch

# Skip tests in builder that try to change namespaces
Patch2117:      docker-20.10.4-Skip-builder-tests-that-require-root.patch
# Skip Overlay Tar/Untar test which fails in buildroot when setting ext. attributes on overlay fs
Patch2118:      docker-20.10.7-Skip-overlay-tar-untar-test.patch

Patch2120:      no-private-mnt-namespace.patch

Patch2123:      runc-allow-git-sha-override.patch
Patch2125:      tini-allow-git-sha-override.patch
Patch2126:      docker-20.10.4-Skip-cli-tests-that-require-network.patch
Patch2130:      docker-20.10.4-Skip-auth-middleware-test.patch
Patch2133:      docker-20.10.4-Skip-quota-tests.patch
Patch2135:      docker-20.10.4-Skip-engine-layer-tests.patch
Patch2140:      docker-20.10.4-Skip-volume-store-tests.patch

# systemd sysconfig configuration file support
Patch2141:      docker-20.10.4-systemd-unit-sysconfig.patch

# skip TestGetSourceMount ("/" not available in buildroot env)
# Example output of `cat /proc/self/mountinfo` in buildroot:
# 148 147 0:3 / /proc rw,relatime shared:64 - proc proc rw
# 152 147 0:17 / /sys rw,relatime shared:66 - sysfs sysfs rw,seclabel
# 157 147 0:39 / /dev/shm rw,relatime shared:70 - tmpfs tmpfs rw,seclabel
# 163 147 0:41 / /dev/pts rw,relatime shared:72 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=666
# 167 148 202:1 /tmp/mock-selinux-plugin.R40Ep_ /proc/filesystems rw,relatime shared:1 - xfs /dev/xvda1 rw,seclabel,attr2,inode64,noquota
Patch2143:     docker-20.10.4-Skip-get-source-mount.patch

# systemd /etc/docker-runtimes.d support
Patch2144:     docker-20.10.4-systemd-unit-runtimes.d.patch

# test skips
Patch2145:      docker-20.10.4-Skip-git-tests.patch
Patch2146:      docker-20.10.4-Skip-compression-tests-that-require-root.patch
Patch2148:      docker-20.10.4-Skip-btrfs-graphdriver-tests-if-not-root.patch

# Restore containerd dependency and other changes to the systemd service
Patch2149:      docker-20.10.4-Restore-containerd-dependency-restart-policy-and-nof.patch

# Patch tests to use a capability that's valid on ALAMI, CAP_SYS_NICE,
# instead of CAP_BLOCK_SUSPEND
Patch3004: docker-20.10.4-fix-TestTarUntarWithXattr-failure-on-4.14+-kernel.patch

# Skip pkg/archive and pkg/chrootarchive tests that require root privileges
Patch3005:      docker-20.10.7-Skip-pkg-archive-tests-that-require-root.patch

# Add helpers for skipping tests conditionally
Patch3008:      docker-20.10.7-Add-test-skip-helpers-to-testutil.patch
Patch3009:      docker-20.10.7-Add-test-skip-helpers-to-cli.patch

# Patch limits the rate at which logger errors are logged into daemon logs
Patch3013:	docker-20.10.4-Limit-logger-errors-logged-into-daemon-logs.patch

# Patch for skipping kubeconfig and loadcontext tests that require root access
Patch3014:      docker-20.10.17-Skip-kubeconfig-and-loadcontext-tests-that-require-root.patch

BuildRequires:  gcc >= 7.2
BuildRequires:  glibc-static
BuildRequires:  golang >= %{moby_target_golang}
BuildRequires:  device-mapper-devel
%if %{with btrfs}
BuildRequires:  btrfs-progs-devel >= 3.14.2
%endif
BuildRequires:  cmake
BuildRequires:  git
BuildRequires:  libtool-ltdl-devel
BuildRequires:  libselinux-devel
BuildRequires:  libudev-devel
# Required for testing the pigz archive functionality in docker.
BuildRequires:  pigz
# Required for memfd runc protection.
BuildRequires:  kernel-headers >= 3.17
BuildRequires:  go-rpm-macros
BuildRequires:  go-md2man
%if %{with systemd}
BuildRequires: pkgconfig(systemd)
BuildRequires: systemd-units
%endif
%if %{with seccomp}
BuildRequires:  libseccomp-static
%endif

Provides:       docker-ce = %{version}-%{release}
Provides:       docker-io = %{version}-%{release}
Provides:       lxc-docker = %{version}-%{release}
Provides:       moby = %{version}-%{release}
Provides:       moby-endgine = %{version}-%{release}

Obsoletes:      docker-devel < 17
Obsoletes:      docker-pkg-devel < 17
Conflicts:      podman-docker
Conflicts:      docker-ce

# need xz to work with ubuntu images
# https://bugzilla.redhat.com/show_bug.cgi?id=1045220
Requires:       xz
# https://bugzilla.redhat.com/show_bug.cgi?id=1034919
Requires:       libcgroup >= %{libcgroup_min_version}

Requires: iptables
Requires: device-mapper-libs >= 1.02.90-2.24
Requires: pigz
# Used by the sysvinit script for mountpoint namespacing
%if 0%{?amzn} < 2
Requires: /usr/bin/unshare
%endif
# Container restart policies require the pids cgroup controller,
# which was implemented in the kernel starting with version 4.3
# Amazon Linux 2 is a minimum of 4.14 (4.9 in prereleases)
%if 0%{?amzn} < 2
Requires: kernel >= 4.3
%endif
# In Docker 1.9.1, the default filesystem for devmapper changed from
# ext4 to xfs
Requires: xfsprogs

# docker-runc and docker-containerd are now satisfied with discrete
# packages for each. These packages remain necessary at a foundational
# level.
Requires: runc >= 1.0.0
Requires: containerd >= 1.3.2

# Older versions of ec2-net-utils call ec2net.hotplug for veth
# interfaces, which causes performance issues when quickly creating or
# deleting lots of containers
Conflicts: ec2-net-utils < 0.4-1.24

# Docker mount ordering changed in later versions of Docker to address security
# vulnerabilities. The ECS init package contains fixes that mount its system
# dependencies correctly with this change in versions newer than 1.36.2.
Conflicts: ecs-init < 1.36.2

%description
Docker is an open-source engine that automates the deployment of any
application as a lightweight, portable, self-sufficient container that will
run virtually anywhere.

Docker containers can encapsulate any payload, and will run consistently on
and between virtually any server. The same container that a developer builds
and tests on a laptop will run at scale, in production*, on VMs, bare-metal
servers, OpenStack clusters, public instances, or combinations of the above.

%prep
%setup -T -c -q -n %{name}-%{version}-%{release}
# Setup a GOPATH appropriate for building components merged in the
# github.com/moby/moby repository.
#
# This avoids gymnastics to prepare many GOPATHs for each, effectively
# misnamed, improper import paths.
%golang_init_gopath

%golang_prep -p %docker_component_package -S 1 -s %{SOURCE0}

# tini isn't golang, but we arrange it like it is for navigation.
%golang_prep -p %tini_package -S 1 -s %{SOURCE7}
%golang_prep -p %libnetwork_package -S 1 -s %{SOURCE6}
%golang_prep -p %docker_cli_package -S 1 -s %{SOURCE9}
%golang_prep -p %buildx_package -S 1 -s %{SOURCE10}

%if %{with systemd}
cp %{SOURCE1002} .
%endif

# Apply moby patches
cd %{docker_component_src}

%if %{without systemd}
%patch2001 -p1
%patch2002 -p1
%patch2004 -p1
%patch2007 -p1
%patch2010 -p1
%endif

%patch2103 -p1
%patch2104 -p1
%patch2108 -p1
%patch2109 -p1
%patch2113 -p1
%patch2114 -p1
%patch2115 -p1
%patch2117 -p1
%patch2118 -p1
%if %{without systemd}
%patch2120 -p1
%endif

%patch2130 -p1
%patch2133 -p1
%patch2135 -p1
%patch2140 -p1
%patch2141 -p1
%patch3004 -p1
%patch2143 -p1
%patch3005 -p1
%patch2144 -p1
%patch2148 -p1
%patch2149 -p1
%patch3008 -p1
%patch3013 -p1

# Apply tini patches
cd %{tini_src}
%patch2125 -p2

# Apply cli patches
cd %{docker_cli_src}
%patch2126 -p1
%patch2145 -p1
%patch2146 -p1
%patch3009 -p1
%patch3014 -p1

# Now put the things back where they came from. The import paths are
# much happier this way and it correctly represents the collected
# software (in golang land).
install -d $(readlink -m %{docker_cli_src}/../) $(readlink -m %{docker_src}/../)
mv %{docker_component_src} %{docker_src}

%build
%golang_set_gopath

# Build the cli
(
    cd %{docker_cli_src}
    export VERSION=%{docker_cli_version}
    export GITCOMMIT=%{docker_cli_shortcommit}
    env GO_LINKMODE="dynamic" ./scripts/build/binary

    # Build the cli's man page and its bespoke generator
    %gobuild -o gen-manpages github.com/docker/cli/man
    # Generate cli's man1 entries
    #
    # Generation will attempt to load external long form descriptions, it
    # will print WARN's when these are encountered which look a whole lot
    # like errors.
    mkdir -p %{docker_cli_src}/man/man1
    ./gen-manpages --root %{docker_cli_src} \
        --target %{docker_cli_src}/man/man1 2>&1 \
        | grep -v 'skipping'
    # Then generate the remaining pages from markdown source.
    ./man/md2man-all.sh -q
)
#Build the buildx plugin
cd %{buildx_src}
%gobuild -o "bin/buildx" ./cmd/buildx

# Build the network proxy for docker - docker-proxy
cd %{libnetwork_src}
%gobuild -o "bin/docker-proxy" ./cmd/proxy

# Build the simple init process for container pid 1, tini - it takes
# care of forwarding signals and child process management.
(
    cd %{tini_src}
    export GIT_COMMIT_OVERRIDE=%{tini_shortcommit}
    cmake .
    make
)

# Build the docker daemon
(
    cd %{docker_src}
    export DOCKER_GITCOMMIT="%{docker_shortcommit}"
    export DOCKER_BUILDTAGS="%{?build_tags}"
    export VERSION="%{docker_version}"
    hack/make.sh dynbinary
)

%install
%golang_set_gopath

rm -rf %{buildroot}

# install docker cli
install -d %{buildroot}%{_bindir}
install -d %{buildroot}%{_localstatedir}/lib/docker
install -p -m 755 %{docker_cli_src}/build/docker %{buildroot}%{_bindir}/docker

# install compatibility symlinks for binaries that moved when runc
# and containerd were split into separate packages
ln -sf ../sbin/runc %{buildroot}%{_bindir}/docker-runc
ln -sf containerd %{buildroot}%{_bindir}/docker-containerd
ln -sf containerd-shim %{buildroot}%{_bindir}/docker-containerd-shim
ln -sf ctr %{buildroot}%{_bindir}/docker-ctr

# install docker cli manpages
install -d %{buildroot}%{_mandir}/man1
install -p -m 644 %{docker_cli_src}/man/man1/docker*.1 %{buildroot}%{_mandir}/man1
install -d %{buildroot}%{_mandir}/man5
install -p -m 644 %{docker_cli_src}/man/man5/Dockerfile.5 %{buildroot}%{_mandir}/man5
install -d %{buildroot}%{_mandir}/man8
install -p -m 644 %{docker_cli_src}/man/man8/docker*.8 %{buildroot}%{_mandir}/man8

# install docker cli bash completion
install -d %{buildroot}%{_datadir}/bash-completion
install -p -m 644 %{docker_cli_src}/contrib/completion/bash/docker %{buildroot}%{_datadir}/bash-completion

# install buildx plugin
install -d %{buildroot}%{_libexecdir}/%{name}/cli-plugins
install -p -m 755 %{buildx_src}/bin/buildx %{buildroot}%{_libexecdir}/%{name}/cli-plugins/docker-buildx

# install docker daemon
install -p -m 755 %{docker_src}/bundles/dynbinary-daemon/dockerd %{buildroot}%{_bindir}/dockerd

# install docker-proxy for userspace network proxying
install -p -m 755 %{libnetwork_src}/bin/docker-proxy %{buildroot}%{_bindir}/docker-proxy

# install tini as docker-init which is used by default
install -p -m 755 %{tini_src}/tini-static %{buildroot}%{_bindir}/docker-init

# install udev rules
install -d %{buildroot}%{_sysconfdir}/udev/rules.d
install -p %{docker_src}/contrib/udev/80-docker.rules %{buildroot}%{_sysconfdir}/udev/rules.d

# install daemon storage dir
install -d %{buildroot}%{_sharedstatedir}/docker

# install docker daemon configuration dir (eg: /etc/docker)
install -d %{buildroot}%{appconfdir}

# install daemon run dir
%if %{without systemd}
install -d %{buildroot}%{apprundir}
%else
# systemd manages this rundir itself
%endif

# install init system service
%if %{with systemd}
# install systemd unitfile
install -d %{buildroot}%{_unitdir}
install -p -m 644 %{docker_src}/contrib/init/systemd/docker.{service,socket} %{buildroot}%{_unitdir}

# install runtimes dir and script
install -d %{buildroot}%{_sysconfdir}/docker-runtimes.d
install -d %{buildroot}%{_libexecdir}/%{name}
install -p -m 755 %{SOURCE1001} %{buildroot}%{_libexecdir}/%{name}

%else
# install sysvinit script
install -d %{buildroot}%{_initddir}
install -p -m 755 %{docker_src}/contrib/init/sysvinit-redhat/docker %{buildroot}%{_initddir}

%endif

# Install sysconfig defaults (used by systemd unit and sysvinit script).
install -d %{buildroot}%{_sysconfdir}/sysconfig/
install -p -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/sysconfig/docker
install -p -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sysconfig/docker-storage

%clean
rm -rf %{buildroot}

%check
%golang_set_gopath

%if %{with tests}
# Patterns matching packages that are not to be tested.
skip_patterns=$(mktemp)

%if %{with all_tests}
# No skip patterns, all tests will run.
%else
# Packages that should be skipped when running tests.
#
# Packages are listed such that they're evaluated as prefixes of
# matches to ignore so that child packages are also skipped.
grep -v -e '^$' -e '^#' >> $skip_patterns <<EOF
# Can't run containerd in the buildroot for testing.
github.com/docker/docker/libcontainerd

# Graph and storage drivers can't do much in the buildroot, so the tests fail.
github.com/docker/docker/daemon/graphdriver/aufs
%if %{without btrfs}
github.com/docker/docker/daemon/graphdriver/btrfs
%endif
github.com/docker/docker/daemon/graphdriver/devmapper
github.com/docker/docker/daemon/graphdriver/overlay
github.com/docker/docker/daemon/graphdriver/overlay2
github.com/docker/docker/daemon/graphdriver/zfs

# TODO: loop in follow up tests for regression testing in a more suitable env
#
# chroot operations aren't possible in the buildroot environment
github.com/docker/docker/pkg/chrootarchive

# no permissions to control filesystems in buildroot
github.com/docker/docker/pkg/fsutils

# Integration tests expect that the daemon is running and it isn't.
github.com/docker/docker/integration

# TODO: check this code out, I think the build tag would exclude these
# tests.
github.com/docker/docker/pkg/term/windows

# There are hundreds of tests in integration-cli, and they all try to launch
# a docker daemon in the buildroot, so skip that entire module
github.com/docker/cli/e2e/cli-plugins
github.com/docker/cli/e2e/container
github.com/docker/cli/e2e/context
github.com/docker/cli/e2e/global
github.com/docker/cli/e2e/image
github.com/docker/cli/e2e/stack
github.com/docker/cli/e2e/system
github.com/docker/cli/e2e/trust
github.com/docker/cli/e2e/plugin

# Skip kubernetes built in testing
github.com/docker/cli/kubernetes/compose/v1beta1

# Skip outdated Git Remote tests
github.com/docker/docker/builder/remotecontext/git

# Skip seccomp tests when not building with it enabled.
%if %{without seccomp}
github.com/docker/docker/profiles/seccomp
%endif

EOF
%endif

# List packages that have test files in the targeted packages.
go_packages=( $(go list -f '{{ if .TestGoFiles }}{{ .ImportPath }}{{ end }}' \
                   github.com/docker/docker/... \
                   github.com/docker/cli/...) )

if [ -z "${go_packages}" ]; then
    echo "Testing was requested, but no tests were found"
    exit 1
fi

# Final test status
go_test_status=0
# Tests that errored
go_test_error_pkgs=()
for pkg in "${go_packages[@]}"; do
    # Filter out tests matching provided skip patterns.
    if grep -f "$skip_patterns" -q -F -w <<< "$pkg"; then
        echo "INFO: Skipping tests in $pkg"
        continue
    fi

    # Preserve the test's output for inspection.
    test_output=$(mktemp)

    go test -v -tags "daemon %{?build_tags}" "${pkg}" 2>&1 \
        | tee "${test_output}"
    test_exit="${PIPESTATUS[0]}"
    if [[ "$test_exit" -ne "0" ]]; then
        echo "ERROR: One or more tests failed in ${pkg}"
        go_test_status="$test_exit"
        go_test_error_pkgs+=("$pkg - see test output: $test_output")
        continue
    fi

    # Detect any packages that were included but that didn't run
    # tests.
    if grep -F -q -e 'warning: no tests to run' -e '[no test files]' "${test_output}" ; then
        echo "ERROR: ${pkg} was ppexpected to contain tests, but none were found."
        go_test_status=1
        go_test_error_pkgs+=("$pkg - expected tests, none run")
        continue
    fi

    echo "PASS: ${pkg} tests passed"
    # Remove passing test's output.
    rm -f "${test_output}"
done
# If any of the tests failed, print out packages that failed and their
# outputs that can be used to debug (when built locally).
if [[ "$go_test_status" -ne 0 ]]; then
    echo "ERROR: package tests failed"
    printf '%s\n' "${go_test_error_pkgs[@]}"
    exit "$go_test_status"
fi

exit 0
%endif # with tests

# We expect to see a common pattern for the docker cli and daemon.
echo "INFO: Checking versions reported by executables"
# For docker (cli):
#
# Example: Docker version 18.09.5, build e8ff056
cli_reported_version="$(%{docker_cli_src}/build/docker -v)"
cli_expected_version="Docker version %{docker_version}, build %{docker_cli_shortcommit}"
echo -e "INFO: docker -v\t$cli_reported_version"
if [[ "$cli_reported_version" != "$cli_expected_version" ]]; then
    echo "ERROR: expected 'docker -v' to report '$cli_expected_version'"
    exit 1
fi

# For dockerd (daemon):
#
# Example: Docker version 18.09.5, build e8ff056
daemon_reported_version="$(%{docker_src}/bundles/dynbinary-daemon/dockerd -v)"
daemon_expected_version="Docker version %{docker_version}, build %{docker_shortcommit}"
echo -e "INFO: dockerd -v\t$daemon_reported_version"
if [[ "$daemon_reported_version" != "$daemon_expected_version" ]]; then
    echo "ERROR: expected 'dockerd -v' to report '$daemon_expected_version'"
    exit 1
fi


%if %{with strict_components}
print_url() {
    # Print link to the upstream's posted component installers.
    echo "INFO: See %{docker_component_tree_url} for appropriate SHAs"
}
strict_level="ERROR"
on_strict_failure="print_url; exit 1"
%else
strict_level="WARN"
on_strict_failure=""
%endif

# Check the components used to ensure they're the matching commits as
# is committed in the upstream package.

# libnetwork (docker-proxy)
(
    source %{docker_src}/hack/dockerfile/install/proxy.installer
    spec_commit="%{libnetwork_commit}"
    component_commit="$LIBNETWORK_COMMIT"
    if [[ "$spec_commit" != "$component_commit" ]]; then
        echo "$strict_level: expected component libnetwork@$component_commit but using libnetwork@$spec_commit"
        $on_strict_failure
    else
        echo "INFO: libnetwork component matched upstream: libnetwork@$spec_commit"
    fi
)
# tini (docker-init)
(
    source %{docker_src}/hack/dockerfile/install/tini.installer
    spec_commit="%{tini_commit}"
    component_commit="$TINI_COMMIT"
    if [[ "$spec_commit" != "$component_commit" ]]; then
        echo "$strict_level: expected component tini@$component_commit but using tini@$spec_commit"
        $on_strict_failure
    else
        echo "INFO: tini component matched upstream: tini@$spec_commit"
    fi
)
unset strict_level on_strict_failure

%pre
# Create the docker group for owning docker socket.
getent group docker > /dev/null || %{_sbindir}/groupadd -r docker
exit 0

%post
%if %{with systemd}
%systemd_post docker.service docker.socket
%else
if [ "$1" -eq "1" ]; then
# install but don't activate
/sbin/chkconfig --add docker
elif [ "$1" -eq "2" ]; then
# If upgrading, reset the init priorities, to ensure that
# the daemon always stops before networking goes down
# during shutdown and reboot.
/sbin/chkconfig docker resetpriorities || :
fi
%endif

%preun
%if %{with systemd}
%systemd_preun docker.service docker.socket
%else
if [ "$1" -eq "0" ]; then
    /sbin/service docker stop >/dev/null 2>&1 || :
    /sbin/chkconfig --del docker
fi
%endif

%postun
%if %{with systemd}
%systemd_postun_with_restart docker.service docker.socket
%else
if [ "$1" -ge "1" ] ; then
    /sbin/service docker condrestart >/dev/null 2>&1 ||:
fi
%endif

%triggerun -- libcgroup < %{libcgroup_min_version}
if [ $1 -eq 1 ]; then # update, not uninstall
  # Make sure the pids cgroup root exists
  /sbin/service cgconfig condrestart ||:
fi


%files
%doc src/github.com/docker/docker/AUTHORS
%doc src/github.com/docker/docker/LICENSE
%doc src/github.com/docker/docker/MAINTAINERS
%doc src/github.com/docker/docker/NOTICE
%doc src/github.com/docker/docker/CHANGELOG.md
%doc src/github.com/docker/docker/README.md
%doc src/github.com/docker/docker/CONTRIBUTING.md
%{_mandir}/man1/docker-attach.1*
%{_mandir}/man1/docker-build.1*
%{_mandir}/man1/docker-builder-build.1*
%{_mandir}/man1/docker-builder-prune.1*
%{_mandir}/man1/docker-builder.1*
%{_mandir}/man1/docker-checkpoint-create.1*
%{_mandir}/man1/docker-checkpoint-ls.1*
%{_mandir}/man1/docker-checkpoint-rm.1*
%{_mandir}/man1/docker-checkpoint.1*
%{_mandir}/man1/docker-commit.1*
%{_mandir}/man1/docker-config-create.1*
%{_mandir}/man1/docker-config-inspect.1*
%{_mandir}/man1/docker-config-ls.1*
%{_mandir}/man1/docker-config-rm.1*
%{_mandir}/man1/docker-config.1*
%{_mandir}/man1/docker-container-attach.1*
%{_mandir}/man1/docker-container-commit.1*
%{_mandir}/man1/docker-container-cp.1*
%{_mandir}/man1/docker-container-create.1*
%{_mandir}/man1/docker-container-diff.1*
%{_mandir}/man1/docker-container-exec.1*
%{_mandir}/man1/docker-container-export.1*
%{_mandir}/man1/docker-container-inspect.1*
%{_mandir}/man1/docker-container-kill.1*
%{_mandir}/man1/docker-container-logs.1*
%{_mandir}/man1/docker-container-ls.1*
%{_mandir}/man1/docker-container-pause.1*
%{_mandir}/man1/docker-container-port.1*
%{_mandir}/man1/docker-container-prune.1*
%{_mandir}/man1/docker-container-rename.1*
%{_mandir}/man1/docker-container-restart.1*
%{_mandir}/man1/docker-container-rm.1*
%{_mandir}/man1/docker-container-run.1*
%{_mandir}/man1/docker-container-start.1*
%{_mandir}/man1/docker-container-stats.1*
%{_mandir}/man1/docker-container-stop.1*
%{_mandir}/man1/docker-container-top.1*
%{_mandir}/man1/docker-container-unpause.1*
%{_mandir}/man1/docker-container-update.1*
%{_mandir}/man1/docker-container-wait.1*
%{_mandir}/man1/docker-container.1*
%{_mandir}/man1/docker-context-create.1*
%{_mandir}/man1/docker-context-export.1*
%{_mandir}/man1/docker-context-import.1*
%{_mandir}/man1/docker-context-inspect.1*
%{_mandir}/man1/docker-context-ls.1*
%{_mandir}/man1/docker-context-rm.1*
%{_mandir}/man1/docker-context-update.1*
%{_mandir}/man1/docker-context-use.1*
%{_mandir}/man1/docker-context.1*
%{_mandir}/man1/docker-cp.1*
%{_mandir}/man1/docker-create.1*
%{_mandir}/man1/docker-diff.1*
%{_mandir}/man1/docker-events.1*
%{_mandir}/man1/docker-exec.1*
%{_mandir}/man1/docker-export.1*
%{_mandir}/man1/docker-history.1*
%{_mandir}/man1/docker-image-build.1*
%{_mandir}/man1/docker-image-history.1*
%{_mandir}/man1/docker-image-import.1*
%{_mandir}/man1/docker-image-inspect.1*
%{_mandir}/man1/docker-image-load.1*
%{_mandir}/man1/docker-image-ls.1*
%{_mandir}/man1/docker-image-prune.1*
%{_mandir}/man1/docker-image-pull.1*
%{_mandir}/man1/docker-image-push.1*
%{_mandir}/man1/docker-image-rm.1*
%{_mandir}/man1/docker-image-save.1*
%{_mandir}/man1/docker-image-tag.1*
%{_mandir}/man1/docker-image.1*
%{_mandir}/man1/docker-images.1*
%{_mandir}/man1/docker-import.1*
%{_mandir}/man1/docker-info.1*
%{_mandir}/man1/docker-inspect.1*
%{_mandir}/man1/docker-kill.1*
%{_mandir}/man1/docker-load.1*
%{_mandir}/man1/docker-login.1*
%{_mandir}/man1/docker-logout.1*
%{_mandir}/man1/docker-logs.1*
%{_mandir}/man1/docker-manifest-annotate.1*
%{_mandir}/man1/docker-manifest-create.1*
%{_mandir}/man1/docker-manifest-inspect.1*
%{_mandir}/man1/docker-manifest-push.1*
%{_mandir}/man1/docker-manifest-rm.1*
%{_mandir}/man1/docker-manifest.1*
%{_mandir}/man1/docker-network-connect.1*
%{_mandir}/man1/docker-network-create.1*
%{_mandir}/man1/docker-network-disconnect.1*
%{_mandir}/man1/docker-network-inspect.1*
%{_mandir}/man1/docker-network-ls.1*
%{_mandir}/man1/docker-network-prune.1*
%{_mandir}/man1/docker-network-rm.1*
%{_mandir}/man1/docker-network.1*
%{_mandir}/man1/docker-node-demote.1*
%{_mandir}/man1/docker-node-inspect.1*
%{_mandir}/man1/docker-node-ls.1*
%{_mandir}/man1/docker-node-promote.1*
%{_mandir}/man1/docker-node-ps.1*
%{_mandir}/man1/docker-node-rm.1*
%{_mandir}/man1/docker-node-update.1*
%{_mandir}/man1/docker-node.1*
%{_mandir}/man1/docker-pause.1*
%{_mandir}/man1/docker-plugin-create.1*
%{_mandir}/man1/docker-plugin-disable.1*
%{_mandir}/man1/docker-plugin-enable.1*
%{_mandir}/man1/docker-plugin-inspect.1*
%{_mandir}/man1/docker-plugin-install.1*
%{_mandir}/man1/docker-plugin-ls.1*
%{_mandir}/man1/docker-plugin-push.1*
%{_mandir}/man1/docker-plugin-rm.1*
%{_mandir}/man1/docker-plugin-set.1*
%{_mandir}/man1/docker-plugin-upgrade.1*
%{_mandir}/man1/docker-plugin.1*
%{_mandir}/man1/docker-port.1*
%{_mandir}/man1/docker-ps.1*
%{_mandir}/man1/docker-pull.1*
%{_mandir}/man1/docker-push.1*
%{_mandir}/man1/docker-rename.1*
%{_mandir}/man1/docker-restart.1*
%{_mandir}/man1/docker-rm.1*
%{_mandir}/man1/docker-rmi.1*
%{_mandir}/man1/docker-run.1*
%{_mandir}/man1/docker-save.1*
%{_mandir}/man1/docker-search.1*
%{_mandir}/man1/docker-secret-create.1*
%{_mandir}/man1/docker-secret-inspect.1*
%{_mandir}/man1/docker-secret-ls.1*
%{_mandir}/man1/docker-secret-rm.1*
%{_mandir}/man1/docker-secret.1*
%{_mandir}/man1/docker-service-create.1*
%{_mandir}/man1/docker-service-inspect.1*
%{_mandir}/man1/docker-service-logs.1*
%{_mandir}/man1/docker-service-ls.1*
%{_mandir}/man1/docker-service-ps.1*
%{_mandir}/man1/docker-service-rm.1*
%{_mandir}/man1/docker-service-rollback.1*
%{_mandir}/man1/docker-service-scale.1*
%{_mandir}/man1/docker-service-update.1*
%{_mandir}/man1/docker-service.1*
%{_mandir}/man1/docker-stack-deploy.1*
%{_mandir}/man1/docker-stack-ls.1*
%{_mandir}/man1/docker-stack-ps.1*
%{_mandir}/man1/docker-stack-rm.1*
%{_mandir}/man1/docker-stack-services.1*
%{_mandir}/man1/docker-stack.1*
%{_mandir}/man1/docker-start.1*
%{_mandir}/man1/docker-stats.1*
%{_mandir}/man1/docker-stop.1*
%{_mandir}/man1/docker-swarm-ca.1*
%{_mandir}/man1/docker-swarm-init.1*
%{_mandir}/man1/docker-swarm-join-token.1*
%{_mandir}/man1/docker-swarm-join.1*
%{_mandir}/man1/docker-swarm-leave.1*
%{_mandir}/man1/docker-swarm-unlock-key.1*
%{_mandir}/man1/docker-swarm-unlock.1*
%{_mandir}/man1/docker-swarm-update.1*
%{_mandir}/man1/docker-swarm.1*
%{_mandir}/man1/docker-system-df.1*
%{_mandir}/man1/docker-system-events.1*
%{_mandir}/man1/docker-system-info.1*
%{_mandir}/man1/docker-system-prune.1*
%{_mandir}/man1/docker-system.1*
%{_mandir}/man1/docker-tag.1*
%{_mandir}/man1/docker-top.1*
%{_mandir}/man1/docker-trust-inspect.1*
%{_mandir}/man1/docker-trust-key-generate.1*
%{_mandir}/man1/docker-trust-key-load.1*
%{_mandir}/man1/docker-trust-key.1*
%{_mandir}/man1/docker-trust-revoke.1*
%{_mandir}/man1/docker-trust-sign.1*
%{_mandir}/man1/docker-trust-signer-add.1*
%{_mandir}/man1/docker-trust-signer-remove.1*
%{_mandir}/man1/docker-trust-signer.1*
%{_mandir}/man1/docker-trust.1*
%{_mandir}/man1/docker-unpause.1*
%{_mandir}/man1/docker-update.1*
%{_mandir}/man1/docker-version.1*
%{_mandir}/man1/docker-volume-create.1*
%{_mandir}/man1/docker-volume-inspect.1*
%{_mandir}/man1/docker-volume-ls.1*
%{_mandir}/man1/docker-volume-prune.1*
%{_mandir}/man1/docker-volume-rm.1*
%{_mandir}/man1/docker-volume.1*
%{_mandir}/man1/docker-wait.1*
%{_mandir}/man1/docker.1*
%{_mandir}/man5/Dockerfile.5*
%{_mandir}/man8/dockerd.8*
%config(noreplace) %{_sysconfdir}/sysconfig/docker
%config(noreplace) %{_sysconfdir}/sysconfig/docker-storage
%{_bindir}/docker
%{_bindir}/dockerd
%{_bindir}/docker-proxy
%{_bindir}/docker-init
%{_bindir}/docker-containerd
%{_bindir}/docker-containerd-shim
%{_bindir}/docker-ctr
%{_bindir}/docker-runc
%dir %{_libexecdir}/%{name}
%dir %{_libexecdir}/%{name}/cli-plugins
%{_libexecdir}/%{name}/cli-plugins/docker-buildx
%if %{with systemd}
%{_unitdir}/docker.service
%{_unitdir}/docker.socket
%{_libexecdir}/%{name}/docker-setup-runtimes.sh
%dir %{_sysconfdir}/docker-runtimes.d
%doc README-docker-runtimes.d
%else
%{_initddir}/docker
%endif
%{_datadir}/bash-completion/docker
%dir %{_sharedstatedir}/docker
%if %{with systemd}
%ghost %dir %{apprundir}
%else
%dir %{apprundir}
%endif
%dir %{appconfdir}
%{_sysconfdir}/udev/rules.d/80-docker.rules

%changelog
* Wed Jul 5 2023 Antuan Weeks <akweeks@amazon.com> - 20.10.25-1.amzn2023.0.1
- update to 20.10.25 from upstream to fix CVE-2022-41723
- update target golang to 1.19.9
- update docker cli to 20.10.25
- update patches due to deprecation of io/ioutil (e.g.
https://github.com/docker/cli/commit/5c97f5c918bb58a9c03d2bc607ec85d77b008064)

* Wed Apr 19 2023 Sai Harsha <ssuryad@amazon.com> - 20.10.23-1.amzn2023.0.1
- Update to 20.10.23 from upstream
- Update buildx to v0.10.4 and change the buildx plugin name to docker-buildx

* Mon Mar 13 2023 Sonia Xu <sonix@amazon.com> - 20.10.17-1.amzn2023.0.6
- Backport patch for CVE-2022-36109

* Fri Feb 17 2023 Kev Jayne <kjj@amazon.com> - 20.10.17-1.amzn2023.0.5
- Skip outdated test: github.com/docker/docker/builder/remotecontext/git
- Mass rebuild for AL2023


* Fri Feb 17 2023 Kev Jayne <kjj@amazon.com> - 20.10.17-1
- Skip Test: github.com/docker/docker/builder/remotecontext/git

* Mon Jun 20 2022 Sai Harsha <ssuryad@amazon.com> - 20.10.17-1
- Update to 20.10.17 from upstream
- Remove patches included from upstream
- Add patch to skip test which require root access

* Tue Mar 29 2022 Malcolm Inglis <miinglis@amazon.com> - 20.10.13-2
- Apply patch for CVE-2022-24769

* Tue Mar 29 2022 Malcolm Inglis <miinglis@amazon.com> - 20.10.13-1
- Update to 20.10.13 from upstream
- Update golang BuildRequires to 1.16.15 per upstream
- Remove patches included upstream since 20.10.10

* Fri Dec 10 2021 Paul Ezvan <paulezva@amazon.fr> - 20.10.7-6
- Build for AL2022

* Wed Nov 17 2021 Jamie Anderson <jamieand@amazon.com> - 20.10.7-5
- CVE-2021-41190
- Conditionalize older trigger that only applies to ALAMI

* Mon Sep 27 2021 Jamie Anderson <jamieand@amazon.com> - 20.10.7-3
- CVE-2021-41089
- CVE-2021-41091
- CVE-2021-41092

* Wed Aug 18 2021 Jamie Anderson <jamieand@amazon.com> - 20.10.7-2
- Update test-skip helpers to detect more types of buildroots

* Mon Aug 16 2021 Jamie Anderson <jamieand@amazon.com> - 20.10.7-1
- Update to 20.10.7 from upstream
- Update golang BuildRequires for CVE-2021-33196
- Increase default per-container file descriptor ulimit

* Mon Aug 16 2021 Kinjal Thaker <kthaker@amazon.com> - 20.10.4-4
- Back-port Patch https://github.com/moby/moby/pull/42401

* Mon Aug 09 2021 Kinjal Thaker <kthaker@amazon.com> - 20.10.4-3
- Back-ported patches
- https://github.com/moby/moby/pull/41586
- https://github.com/moby/moby/pull/41588
- https://github.com/moby/moby/pull/42418
- https://github.com/moby/moby/pull/42291

* Fri Jun 04 2021 Kinjal Thaker <kthaker@amazon.com> - 20.10.4-2
- Added buildx plugin for Docker CLI

* Tue Mar 23 2021 Jamie Anderson <jamieand@amazon.com> - 20.10.4-1
- Update to 20.10.4 from upstream
- Reorganize sources to use moby/moby and docker/cli instead of docker-ce

* Wed Sep 23 2020 Jamie Anderson <jamieand@amazon.com> - 19.03.13ce-1
- Update to 19.03.13 from upstream
- Add triggers to conditionally relabel on container-selinux install

* Wed May 27 2020 Jacob Vallejo <jakeev@amazon.com> - 19.03.6ce-4
- CVE-2020-13401

* Fri Apr 24 2020 Jacob Vallejo <jakeev@amazon.com> - 19.03.6ce-3
- Require compatible ecs-init package

* Thu Apr 16 2020 Jamie Anderson <jamieand@amazon.com> - 19.03.6ce-2
- awslogs: Update aws-sdk-go to support IMDSv2

* Wed Feb 26 2020 Jamie Anderson <jamieand@amazon.com> - 19.03.6ce-1
- Update to 19.03.6 from upstream

* Mon Sep 23 2019 Jacob Vallejo <jakeev@amazon.com> - 18.09.9ce-1
- Update packaging for 18.09.9ce
- Split container primitives into package dependencies (containerd, runc)

* Thu Jun 06 2019 Jamie Anderson <jamieand@amazon.com> - 18.06.1ce-10
- CVE-2018-15664

* Wed Feb 27 2019 Jacob Vallejo <jakeev@amazon.com> - 18.06.1ce-8
- Backport AWS CloudWatch Logs endpoint flag support

* Thu Jan 24 2019 iliana weller <iweller@amazon.com> - 18.06.1ce-7
- CVE-2019-5736

* Thu Dec 13 2018 iliana weller <iweller@amazon.com> - 18.06.1ce-6
- Add /etc/docker-runtimes.d (AL2 only)

* Tue Dec 4 2018 Zac Mrowicki <mrowicki@amazon.com> - 18.06.1ce-6
- Backport work around closing closed channel panic (https://github.com/moby/moby/pull/37780)

* Mon Oct 22 2018 Jacob Vallejo <jakeev@amazon.com> - 18.06.1ce-5
- Create /etc/docker in packaging
- Backport untar timing log improvements (https://github.com/moby/moby/pull/37983)
- Backport awslogs error message improvements (https://github.com/moby/moby/pull/37944)
- Backport awslogs utf8 normalization bugfix (https://github.com/moby/moby/pull/37986)

* Tue Sep 25 2018 Justin Haynes <jushay@amazon.com> - 18.06.1ce-4
- Actually create %%{_rundir}/docker during install

* Tue Sep 18 2018 Justin Haynes <jushay@amazon.com> - 18.06.1ce-3
- Create %%{_rundir}/docker during install

* Thu Aug 23 2018 Jacob Vallejo <jakeev@amazon.com> - 18.06.1ce-1
- Update packaging and patches for Docker 18.06.1
- Add pigz for parallel gzip support

* Wed Aug 15 2018 Frederick Lefebvre <fredlef@amazon.com> - 18.06.0ce-1
- Rename the spec file to docker.spec to match the package name

* Fri Jul 27 2018 Zac Mrowicki <mrowicki@amazon.com> - 18.06.0ce-1
- Update packaging and patches for Docker 18.06.0

* Tue Jul 17 2018 Zac Mrowicki <mrowicki@amazon.com> - 18.03.1ce-5
- Backport AWS CloudWatch Logs endpoint flag support (https://github.com/moby/moby/pull/37374)

* Fri Jun 22 2018 Jacob Vallejo <jakeev@amazon.com> - 18.03.1ce-4
- Re-enable sysconfig configuration in systemd unit

* Fri Jun 15 2018 iliana weller <iweller@amazon.com> - 18.03.1ce-3
- Drop the kernel Requires for AL2
- Re-enable systemd support in AL2

* Wed May 16 2018 Jacob Vallejo <jakeev@amazon.com> - 18.03.1ce
- Update packaging and patches for Docker 18.03.1.

* Wed May 02 2018 Justin Haynes <jushay@amazon.com> - 17.12.1ce
- Patch https://github.com/moby/moby/issues/33803 via upstream
  https://github.com/moby/moby/pull/36522

* Mon Mar 26 2018 Justin Haynes <jushay@amazon.com> - 17.12.1ce
- Update packaging and patches for Docker 17.12.1.
- Patch https://github.com/moby/moby/issues/36661 via upstream
  https://github.com/containerd/containerd/pull/2229

* Tue Jan 30 2018 Justin Haynes <jushay@amazon.com> - 17.12.0ce
- Update packaging and patches for Docker 17.12.0.

* Mon Oct 20 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.3.0-1
- Resolves: rhbz#1153936 - update to v1.3.0
- don't install zsh files
- iptables=false => ip-masq=false

* Wed Oct 08 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.2.0-5
- Resolves: rhbz#1149882 - systemd unit and socket file updates

* Tue Sep 30 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.2.0-4
- Resolves: rhbz#1139415 - correct path for bash completion
    /usr/share/bash-completion/completions
- versioned provides for docker
- golang versioned requirements for devel and pkg-devel
- remove macros from changelog
- don't own dirs owned by vim, systemd, bash

* Thu Sep 25 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.2.0-3
- Resolves: rhbz#1145660 - support /etc/sysconfig/docker-storage
  From: Colin Walters <walters@redhat.com>
- patch to ignore selinux if it's disabled
  https://github.com/docker/docker/commit/9e2eb0f1cc3c4ef000e139f1d85a20f0e00971e6
  From: Dan Walsh <dwalsh@redhat.com>

* Sun Aug 24 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.2.0-2
- Provides docker only for f21 and above

* Sat Aug 23 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.2.0-1
- Resolves: rhbz#1132824 - update to v1.2.0

* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

* Fri Aug 01 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.1.2-2
- change conditionals

* Thu Jul 31 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.1.2-1
- Resolves: rhbz#1124036 - update to upstream v1.1.2

* Mon Jul 28 2014 Vincent Batts <vbatts@fedoraproject.org> - 1.0.0-10
- split out the import_path/pkg/... libraries, to avoid cyclic deps with libcontainer

* Thu Jul 24 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.0.0-9
- /etc/sysconfig/docker should be config(noreplace)

* Wed Jul 23 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.0.0-8
- Resolves: rhbz#1119849
- Resolves: rhbz#1119413 - min delta between upstream and packaged unitfiles
- devel package owns directories it creates
- ensure min NVRs used for systemd contain fixes RE: CVE-2014-3499

* Wed Jul 16 2014 Vincent Batts <vbatts@fedoraproject.org> - 1.0.0-7
- clean up gopath
- add Provides for docker libraries
- produce a -devel with docker source libraries
- accomodate golang rpm macros

* Tue Jul 01 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.0.0-6
- Resolves: rhbz#1114810 - CVE-2014-3499 (correct bz#)

* Tue Jul 01 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.0.0-5
- Resolves: rhbz#11114810 - CVE-2014-3499

* Tue Jun 24 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.0.0-4
- Set mode,user,group in docker.socket file

* Sat Jun 14 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.0.0-3
- correct bogus date

* Sat Jun 14 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.0.0-2
- RHBZ#1109533 patch libcontainer for finalize namespace error
- RHBZ#1109039 build with updated golang-github-syndtr-gocapability
- install Dockerfile.5 manpage

* Mon Jun 09 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.0.0-1
- upstream version bump to v1.0.0

* Mon Jun 09 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 0.12.0-1
- RHBZ#1105789 Upstream bump to 0.12.0

* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.11.1-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

* Thu Jun 05 2014 Lokesh Mandvekar <lsm5@redhat.com> - 0.11.1-11
- unitfile should Require socket file (revert change in release 10)

* Fri May 30 2014 Lokesh Mandvekar <lsm5@redhat.com> - 0.11.1-10
- do not require docker.socket in unitfile

* Thu May 29 2014 Lokesh Mandvekar <lsm5@redhat.com> - 0.11.1-9
- BZ: change systemd service type to 'notify'

* Thu May 29 2014 Lokesh Mandvekar <lsm5@redhat.com> - 0.11.1-8
- use systemd socket-activation version

* Thu May 29 2014 Lokesh Mandvekar <lsm5@redhat.com> - 0.11.1-7
- add "Provides: docker" as per FPC exception (Matthew Miller
        <mattdm@fedoraproject.org>)

* Thu May 29 2014 Lokesh Mandvekar <lsm5@redhat.com> - 0.11.1-6
- don't use docker.sysconfig meant for sysvinit (just to avoid confusion)

* Thu May 29 2014 Lokesh Mandvekar <lsm5@redhat.com> - 0.11.1-5
- Bug 1084232 - add /etc/sysconfig/docker for additional args

* Tue May 27 2014 Lokesh Mandvekar <lsm5@redhat.com> - 0.11.1-4
- patches for BZ 1088125, 1096375

* Fri May 09 2014 Lokesh Mandvekar <lsm5@redhat.com> - 0.11.1-3
- add selinux buildtag
- enable selinux in unitfile

* Fri May 09 2014 Lokesh Mandvekar <lsm5@redhat.com> - 0.11.1-2
- get rid of conditionals, separate out spec for each branch

* Thu May 08 2014 Lokesh Mandvekar <lsm5@redhat.com> - 0.11.1-1
- Bug 1095616 - upstream bump to 0.11.1
- manpages via pandoc

* Mon Apr 14 2014 Lokesh Mandvekar <lsm5@redhat.com> - 0.10.0-2
- regenerate btrfs removal patch
- update commit value

* Mon Apr 14 2014 Lokesh Mandvekar <lsm5@redhat.com> - 0.10.0-1
- include manpages from contrib

* Wed Apr 09 2014 Bobby Powers <bobbypowers@gmail.com> - 0.10.0-1
- Upstream version bump

* Thu Mar 27 2014 Lokesh Mandvekar <lsm5@redhat.com> - 0.9.1-1
- BZ 1080799 - upstream version bump

* Thu Mar 13 2014 Adam Miller <maxamillion@fedoraproject.org> - 0.9.0-3
- Add lxc requirement for EPEL6 and patch init script to use lxc driver
- Remove tar dep, no longer needed
- Require libcgroup only for EPEL6

* Tue Mar 11 2014 Lokesh Mandvekar <lsm5@redhat.com> - 0.9.0-2
- lxc removed (optional)
  http://blog.docker.io/2014/03/docker-0-9-introducing-execution-drivers-and-libcontainer/

* Tue Mar 11 2014 Lokesh Mandvekar <lsm5@redhat.com> - 0.9.0-1
- BZ 1074880 - upstream version bump to v0.9.0

* Wed Feb 19 2014 Lokesh Mandvekar <lsm5@redhat.com> - 0.8.1-1
- Bug 1066841 - upstream version bump to v0.8.1
- use sysvinit files from upstream contrib
- BR golang >= 1.2-7

* Thu Feb 13 2014 Adam Miller <maxamillion@fedoraproject.org> - 0.8.0-3
- Remove unneeded sysctl settings in initscript
  https://github.com/dotcloud/docker/pull/4125

* Sat Feb 08 2014 Lokesh Mandvekar <lsm5@redhat.com> - 0.8.0-2
- ignore btrfs for rhel7 and clones for now
- include vim syntax highlighting from contrib/syntax/vim

* Wed Feb 05 2014 Lokesh Mandvekar <lsm5@redhat.com> - 0.8.0-1
- upstream version bump
- don't use btrfs for rhel6 and clones (yet)

* Mon Jan 20 2014 Lokesh Mandvekar <lsm5@redhat.com> - 0.7.6-2
- bridge-utils only for rhel < 7
- discard freespace when image is removed

* Thu Jan 16 2014 Lokesh Mandvekar <lsm5@redhat.com> - 0.7.6-1
- upstream version bump v0.7.6
- built with golang >= 1.2

* Thu Jan 09 2014 Lokesh Mandvekar <lsm5@redhat.com> - 0.7.5-1
- upstream version bump to 0.7.5

* Thu Jan 09 2014 Lokesh Mandvekar <lsm5@redhat.com> - 0.7.4-1
- upstream version bump to 0.7.4 (BZ #1049793)
- udev rules file from upstream contrib
- unit file firewalld not used, description changes

* Mon Jan 06 2014 Lokesh Mandvekar <lsm5@redhat.com> - 0.7.3-3
- udev rules typo fixed (BZ 1048775)

* Sat Jan 04 2014 Lokesh Mandvekar <lsm5@redhat.com> - 0.7.3-2
- missed commit value in release 1, updated now
- upstream release monitoring (BZ 1048441)

* Sat Jan 04 2014 Lokesh Mandvekar <lsm5@redhat.com> - 0.7.3-1
- upstream release bump to v0.7.3

* Thu Dec 19 2013 Lokesh Mandvekar <lsm5@redhat.com> - 0.7.2-2
- require xz to work with ubuntu images (BZ #1045220)

* Wed Dec 18 2013 Lokesh Mandvekar <lsm5@redhat.com> - 0.7.2-1
- upstream release bump to v0.7.2

* Fri Dec 06 2013 Vincent Batts <vbatts@redhat.com> - 0.7.1-1
- upstream release of v0.7.1

* Mon Dec 02 2013 Lokesh Mandvekar <lsm5@redhat.com> - 0.7.0-14
- sysvinit patch corrected (epel only)
- 80-docker.rules unified for udisks1 and udisks2

* Mon Dec 02 2013 Lokesh Mandvekar <lsm5@redhat.com> - 0.7.0-13
- removed firewall-cmd --add-masquerade

* Sat Nov 30 2013 Lokesh Mandvekar <lsm5@redhat.com> - 0.7.0-12
- systemd for fedora >= 18
- firewalld in unit file changed from Requires to Wants
- firewall-cmd --add-masquerade after docker daemon start in unit file
  (Michal Fojtik <mfojtik@redhat.com>), continue if not present (Michael Young
  <m.a.young@durham.ac.uk>)
- 80-docker.rules included for epel too, ENV variables need to be changed for
  udisks1

* Fri Nov 29 2013 Marek Goldmann <mgoldman@redhat.com> - 0.7.0-11
- Redirect docker log to /var/log/docker (epel only)
- Removed the '-b none' parameter from sysconfig, it's unnecessary since
  we create the bridge now automatically (epel only)
- Make sure we have the cgconfig service started before we start docker,
    RHBZ#1034919 (epel only)

* Thu Nov 28 2013 Lokesh Mandvekar <lsm5@redhat.com> - 0.7.0-10
- udev rules added for fedora >= 19 BZ 1034095
- epel testing pending

* Thu Nov 28 2013 Lokesh Mandvekar <lsm5@redhat.com> - 0.7.0-9
- requires and started after firewalld

* Thu Nov 28 2013 Lokesh Mandvekar <lsm5@redhat.com> - 0.7.0-8
- iptables-fix patch corrected

* Thu Nov 28 2013 Lokesh Mandvekar <lsm5@redhat.com> - 0.7.0-7
- use upstream tarball and patch with mgoldman's commit

* Thu Nov 28 2013 Lokesh Mandvekar <lsm5@redhat.com> - 0.7.0-6
- using mgoldman's shortcommit value 0ff9bc1 for package (BZ #1033606)
- https://github.com/dotcloud/docker/pull/2907

* Wed Nov 27 2013 Adam Miller <maxamillion@fedoraproject.org> - 0.7.0-5
- Fix up EL6 preun/postun to not fail on postun scripts

* Wed Nov 27 2013 Lokesh Mandvekar <lsm5@redhat.com> - 0.7.0-4
- brctl patch for rhel <= 7

* Wed Nov 27 2013 Vincent Batts <vbatts@redhat.com> - 0.7.0-3
- Patch how the bridge network is set up on RHEL (BZ #1035436)

* Wed Nov 27 2013 Vincent Batts <vbatts@redhat.com> - 0.7.0-2
- add libcgroup require (BZ #1034919)

* Tue Nov 26 2013 Marek Goldmann <mgoldman@redhat.com> - 0.7.0-1
- Upstream release 0.7.0
- Using upstream script to build the binary

* Mon Nov 25 2013 Vincent Batts <vbatts@redhat.com> - 0.7-0.20.rc7
- correct the build time defines (bz#1026545). Thanks dan-fedora.

* Fri Nov 22 2013 Adam Miller <maxamillion@fedoraproject.org> - 0.7-0.19.rc7
- Remove xinetd entry, added sysvinit

* Fri Nov 22 2013 Lokesh Mandvekar <lsm5@redhat.com> - 0.7-0.18.rc7
- rc version bump

* Wed Nov 20 2013 Lokesh Mandvekar <lsm5@redhat.com> - 0.7-0.17.rc6
- removed ExecStartPost lines from docker.service (BZ #1026045)
- dockerinit listed in files

* Wed Nov 20 2013 Vincent Batts <vbatts@redhat.com> - 0.7-0.16.rc6
- adding back the none bridge patch

* Wed Nov 20 2013 Vincent Batts <vbatts@redhat.com> - 0.7-0.15.rc6
- update docker source to crosbymichael/0.7.0-rc6
- bridge-patch is not needed on this branch

* Tue Nov 19 2013 Vincent Batts <vbatts@redhat.com> - 0.7-0.14.rc5
- update docker source to crosbymichael/0.7-rc5
- update docker source to 457375ea370a2da0df301d35b1aaa8f5964dabfe
- static magic
- place dockerinit in a libexec
- add sqlite dependency

* Sat Nov 02 2013 Lokesh Mandvekar <lsm5@redhat.com> - 0.7-0.13.dm
- docker.service file sets iptables rules to allow container networking, this
    is a stopgap approach, relevant pull request here:
    https://github.com/dotcloud/docker/pull/2527

* Sat Oct 26 2013 Lokesh Mandvekar <lsm5@redhat.com> - 0.7-0.12.dm
- dm branch
- dockerinit -> docker-init

* Tue Oct 22 2013 Lokesh Mandvekar <lsm5@redhat.com> - 0.7-0.11.rc4
- passing version information for docker build BZ #1017186

* Sat Oct 19 2013 Lokesh Mandvekar <lsm5@redhat.com> - 0.7-0.10.rc4
- rc version bump
- docker-init -> dockerinit
- zsh completion script installed to /usr/share/zsh/site-functions

* Fri Oct 18 2013 Lokesh Mandvekar <lsm5@redhat.com> - 0.7-0.9.rc3
- lxc-docker version matches package version

* Fri Oct 18 2013 Lokesh Mandvekar <lsm5@redhat.com> - 0.7-0.8.rc3
- double quotes removed from buildrequires as per existing golang rules

* Fri Oct 11 2013 Lokesh Mandvekar <lsm5@redhat.com> - 0.7-0.7.rc3
- xinetd file renamed to docker.xinetd for clarity

* Thu Oct 10 2013 Lokesh Mandvekar <lsm5@redhat.com> - 0.7-0.6.rc3
- patched for el6 to use sphinx-1.0-build

* Wed Oct 09 2013 Lokesh Mandvekar <lsm5@redhat.com> - 0.7-0.5.rc3
- rc3 version bump
- exclusivearch x86_64

* Wed Oct 09 2013 Lokesh Mandvekar <lsm5@redhat.com> - 0.7-0.4.rc2
- debuginfo not Go-ready yet, skipped

* Wed Oct 09 2013 Lokesh Mandvekar <lsm5@redhat.com> - 0.7-0.3.rc2
- debuginfo package generated
- buildrequires listed with versions where needed
- conditionals changed to reflect systemd or not
- docker commit value not needed
- versioned provides lxc-docker

* Mon Oct 07 2013 Lokesh Mandvekar <lsm5@redhat.com> - 0.7-2.rc2
- rc branch includes devmapper
- el6 BZ #1015865 fix included

* Sun Oct 06 2013 Lokesh Mandvekar <lsm5@redhat.com> - 0.7-1
- version bump, includes devicemapper
- epel conditionals included
- buildrequires sqlite-devel

* Fri Oct 04 2013 Lokesh Mandvekar <lsm5@fedoraproject.org> - 0.6.3-4.devicemapper
- docker-io service enables IPv4 and IPv6 forwarding
- docker user not needed
- golang not supported on ppc64, docker-io excluded too

* Thu Oct 03 2013 Lokesh Mandvekar <lsm5@fedoraproject.org> - 0.6.3-3.devicemapper
- Docker rebuilt with latest kr/pty, first run issue solved

* Fri Sep 27 2013 Marek Goldmann <mgoldman@redhat.com> - 0.6.3-2.devicemapper
- Remove setfcap from lxc.cap.drop to make setxattr() calls working in the
  containers, RHBZ#1012952

* Thu Sep 26 2013 Lokesh Mandvekar <lsm5@redhat.com> 0.6.3-1.devicemapper
- version bump
- new version solves docker push issues

* Tue Sep 24 2013 Lokesh Mandvekar <lsm5@redhat.com> 0.6.2-14.devicemapper
- package requires lxc

* Tue Sep 24 2013 Lokesh Mandvekar <lsm5@redhat.com> 0.6.2-13.devicemapper
- package requires tar

* Tue Sep 24 2013 Lokesh Mandvekar <lsm5@redhat.com> 0.6.2-12.devicemapper
- /var/lib/docker installed
- package also provides lxc-docker

* Mon Sep 23 2013 Lokesh Mandvekar <lsm5@redhat.com> 0.6.2-11.devicemapper
- better looking url

* Mon Sep 23 2013 Lokesh Mandvekar <lsm5@redhat.com> 0.6.2-10.devicemapper
- release tag changed to denote devicemapper patch

* Mon Sep 23 2013 Lokesh Mandvekar <lsm5@redhat.com> 0.6.2-9
- device-mapper-devel is a buildrequires for alex's code
- docker.service listed as a separate source file

* Sun Sep 22 2013 Matthew Miller <mattdm@fedoraproject.org> 0.6.2-8
- install bash completion
- use -v for go build to show progress

* Sun Sep 22 2013 Matthew Miller <mattdm@fedoraproject.org> 0.6.2-7
- build and install separate docker-init

* Sun Sep 22 2013 Matthew Miller <mattdm@fedoraproject.org> 0.6.2-4
- update to use new source-only golang lib packages

* Sat Sep 21 2013 Lokesh Mandvekar <lsm5@redhat.com> 0.6.2-3
- man page generation from docs/.
- systemd service file created
- dotcloud/tar no longer required

* Fri Sep 20 2013 Lokesh Mandvekar <lsm5@redhat.com> 0.6.2-2
- patched with alex larsson's devmapper code

* Wed Sep 18 2013 Lokesh Mandvekar <lsm5@redhat.com> 0.6.2-1
- Version bump

* Tue Sep 10 2013 Lokesh Mandvekar <lsm5@redhat.com> 0.6.1-2
- buildrequires updated
- package renamed to docker-io

* Fri Aug 30 2013 Lokesh Mandvekar <lsm5@redhat.com> 0.6.1-1
- Version bump
- Package name change from lxc-docker to docker
- Makefile patched from 0.5.3

* Wed Aug 28 2013 Lokesh Mandvekar <lsm5@redhat.com> 0.5.3-5
- File permissions settings included

* Wed Aug 28 2013 Lokesh Mandvekar <lsm5@redhat.com> 0.5.3-4
- Credits in changelog modified as per reference's request

* Tue Aug 27 2013 Lokesh Mandvekar <lsm5@redhat.com> 0.5.3-3
- Dependencies listed as rpm packages instead of tars
- Install section added

* Mon Aug 26 2013 Lokesh Mandvekar <lsm5@redhat.com> 0.5.3-2
- Github packaging
- Deps not downloaded at build time courtesy Elan Ruusamäe
- Manpage and other docs installed

* Fri Aug 23 2013 Lokesh Mandvekar <lsm5@redhat.com> 0.5.3-1
- Initial fedora package
- Some credit to Elan Ruusamäe (glen@pld-linux.org)