From 6a7d53836d6d74b0124e371d122153f326042207 Mon Sep 17 00:00:00 2001 From: Riyaz Faizullabhoy Date: Wed, 2 Mar 2016 11:44:15 -0800 Subject: [PATCH 1/3] Move pkcs11 out of experimental, into GA Signed-off-by: Riyaz Faizullabhoy Upstream-commit: 37fa75b3447007bb8ea311f02610bb383b0db77f Component: engine --- components/engine/Dockerfile | 2 +- components/engine/Dockerfile.aarch64 | 2 +- components/engine/Dockerfile.armhf | 2 +- components/engine/Dockerfile.gccgo | 2 +- components/engine/Dockerfile.ppc64le | 2 +- components/engine/Dockerfile.s390x | 2 +- components/engine/hack/make.sh | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/components/engine/Dockerfile b/components/engine/Dockerfile index a3430d58bc..cf84e0452a 100644 --- a/components/engine/Dockerfile +++ b/components/engine/Dockerfile @@ -205,7 +205,7 @@ RUN useradd --create-home --gid docker unprivilegeduser VOLUME /var/lib/docker WORKDIR /go/src/github.com/docker/docker -ENV DOCKER_BUILDTAGS apparmor seccomp selinux +ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux # Let us use a .bashrc file RUN ln -sfv $PWD/.bashrc ~/.bashrc diff --git a/components/engine/Dockerfile.aarch64 b/components/engine/Dockerfile.aarch64 index 947b393f46..7ef0fb3668 100644 --- a/components/engine/Dockerfile.aarch64 +++ b/components/engine/Dockerfile.aarch64 @@ -153,7 +153,7 @@ RUN useradd --create-home --gid docker unprivilegeduser VOLUME /var/lib/docker WORKDIR /go/src/github.com/docker/docker -ENV DOCKER_BUILDTAGS apparmor seccomp selinux +ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux # Let us use a .bashrc file RUN ln -sfv $PWD/.bashrc ~/.bashrc diff --git a/components/engine/Dockerfile.armhf b/components/engine/Dockerfile.armhf index fd6f8721fa..7d32121a06 100644 --- a/components/engine/Dockerfile.armhf +++ b/components/engine/Dockerfile.armhf @@ -162,7 +162,7 @@ RUN useradd --create-home --gid docker unprivilegeduser VOLUME /var/lib/docker WORKDIR /go/src/github.com/docker/docker -ENV DOCKER_BUILDTAGS apparmor seccomp selinux +ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux # Let us use a .bashrc file RUN ln -sfv $PWD/.bashrc ~/.bashrc diff --git a/components/engine/Dockerfile.gccgo b/components/engine/Dockerfile.gccgo index c01f5dd895..74e791dfc9 100644 --- a/components/engine/Dockerfile.gccgo +++ b/components/engine/Dockerfile.gccgo @@ -71,7 +71,7 @@ RUN useradd --create-home --gid docker unprivilegeduser VOLUME /var/lib/docker WORKDIR /go/src/github.com/docker/docker -ENV DOCKER_BUILDTAGS apparmor seccomp selinux +ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux # Wrap all commands in the "docker-in-docker" script to allow nested containers ENTRYPOINT ["hack/dind"] diff --git a/components/engine/Dockerfile.ppc64le b/components/engine/Dockerfile.ppc64le index fc1d929f48..efffec8038 100644 --- a/components/engine/Dockerfile.ppc64le +++ b/components/engine/Dockerfile.ppc64le @@ -154,7 +154,7 @@ RUN useradd --create-home --gid docker unprivilegeduser VOLUME /var/lib/docker WORKDIR /go/src/github.com/docker/docker -ENV DOCKER_BUILDTAGS apparmor selinux +ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux # Let us use a .bashrc file RUN ln -sfv $PWD/.bashrc ~/.bashrc diff --git a/components/engine/Dockerfile.s390x b/components/engine/Dockerfile.s390x index f46e1e0c9b..03db594f15 100644 --- a/components/engine/Dockerfile.s390x +++ b/components/engine/Dockerfile.s390x @@ -133,7 +133,7 @@ RUN useradd --create-home --gid docker unprivilegeduser VOLUME /var/lib/docker WORKDIR /go/src/github.com/docker/docker -ENV DOCKER_BUILDTAGS apparmor selinux +ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux # Let us use a .bashrc file RUN ln -sfv $PWD/.bashrc ~/.bashrc diff --git a/components/engine/hack/make.sh b/components/engine/hack/make.sh index bb3ee7204b..69734071b4 100755 --- a/components/engine/hack/make.sh +++ b/components/engine/hack/make.sh @@ -113,7 +113,7 @@ fi if [ "$DOCKER_EXPERIMENTAL" ]; then echo >&2 '# WARNING! DOCKER_EXPERIMENTAL is set: building experimental features' echo >&2 - DOCKER_BUILDTAGS+=" experimental pkcs11" + DOCKER_BUILDTAGS+=" experimental" fi if [ -z "$DOCKER_CLIENTONLY" ]; then From 3fbcbce6e683275ea6b0aad8e213777b07c76f20 Mon Sep 17 00:00:00 2001 From: Riyaz Faizullabhoy Date: Mon, 7 Mar 2016 10:18:18 -0800 Subject: [PATCH 2/3] Update packaging for yubico Signed-off-by: Riyaz Faizullabhoy Upstream-commit: 2c3e9e57949d23b4453b21339da56f0424ecbe42 Component: engine --- components/engine/hack/make/.build-deb/rules | 4 ++-- components/engine/hack/make/.build-rpm/docker-engine.spec | 4 +--- components/engine/hack/make/binary | 2 +- components/engine/project/PACKAGERS.md | 2 +- 4 files changed, 5 insertions(+), 7 deletions(-) diff --git a/components/engine/hack/make/.build-deb/rules b/components/engine/hack/make/.build-deb/rules index 15b848e322..1588a33cb8 100755 --- a/components/engine/hack/make/.build-deb/rules +++ b/components/engine/hack/make/.build-deb/rules @@ -5,8 +5,8 @@ VERSION = $(shell cat VERSION) override_dh_gencontrol: # if we're on Ubuntu, we need to Recommends: apparmor echo 'apparmor:Recommends=$(shell dpkg-vendor --is Ubuntu && echo apparmor)' >> debian/docker-engine.substvars - # if we are building experimental we recommend yubico-piv-tool - echo 'yubico:Recommends=$(shell [ "$DOCKER_EXPERIMENTAL" ] && echo "yubico-piv-tool (>= 1.1.0~)")' >> debian/docker-engine.substvars + # recommend yubico-piv-tool since we include pkcs11 by default + echo 'yubico:Recommends=$(echo "yubico-piv-tool (>= 1.1.0~)")' >> debian/docker-engine.substvars dh_gencontrol override_dh_auto_build: diff --git a/components/engine/hack/make/.build-rpm/docker-engine.spec b/components/engine/hack/make/.build-rpm/docker-engine.spec index 92b2b1adcf..ce952548f9 100644 --- a/components/engine/hack/make/.build-rpm/docker-engine.spec +++ b/components/engine/hack/make/.build-rpm/docker-engine.spec @@ -60,12 +60,10 @@ Requires: device-mapper >= 1.02.90-2 %global with_selinux 1 %endif -%if 0%{?_experimental} -# yubico-piv-tool conditional +# yubico-piv-tool required %if 0%{?fedora} >= 20 || 0%{?centos} >= 7 || 0%{?rhel} >= 7 Requires: yubico-piv-tool >= 1.1.0 %endif -%endif # start if with_selinux %if 0%{?with_selinux} diff --git a/components/engine/hack/make/binary b/components/engine/hack/make/binary index 6e9fbb478a..cbf7d99fc0 100644 --- a/components/engine/hack/make/binary +++ b/components/engine/hack/make/binary @@ -36,7 +36,7 @@ if [ "$(go env GOOS)" == "linux" ] ; then esac fi -if [ "$IAMSTATIC" == "true" ] && [ "$(go env GOHOSTOS)" == "linux" ] && [ "$DOCKER_EXPERIMENTAL" ]; then +if [ "$IAMSTATIC" == "true" ] && [ "$(go env GOHOSTOS)" == "linux" ]; then if [ "${GOOS}/${GOARCH}" == "darwin/amd64" ]; then export CGO_ENABLED=1 export CC=o64-clang diff --git a/components/engine/project/PACKAGERS.md b/components/engine/project/PACKAGERS.md index b3f60472fd..75b299cac8 100644 --- a/components/engine/project/PACKAGERS.md +++ b/components/engine/project/PACKAGERS.md @@ -60,7 +60,7 @@ To build the Docker daemon, you will additionally need: * btrfs-progs version 3.16.1 or later (unless using an older version is absolutely necessary, in which case 3.8 is the minimum) * libseccomp version 2.2.1 or later (for build tag seccomp) -* yubico-piv-tool version 1.1.0 or later (for experimental) +* yubico-piv-tool version 1.1.0 or later Be sure to also check out Docker's Dockerfile for the most up-to-date list of these build-time dependencies. From 8ab562c891cf1e611327860809b952c8f47d6c28 Mon Sep 17 00:00:00 2001 From: Riyaz Faizullabhoy Date: Tue, 15 Mar 2016 16:25:44 -0700 Subject: [PATCH 3/3] Improve messaging and binary generation for pkcs11 Signed-off-by: Riyaz Faizullabhoy Upstream-commit: f7fa83c9101a015e03af86746f4c9de90d4146e3 Component: engine --- components/engine/Dockerfile.gccgo | 2 +- components/engine/hack/make/.build-deb/rules | 2 +- components/engine/hack/make/.build-rpm/docker-engine.spec | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/components/engine/Dockerfile.gccgo b/components/engine/Dockerfile.gccgo index 74e791dfc9..c01f5dd895 100644 --- a/components/engine/Dockerfile.gccgo +++ b/components/engine/Dockerfile.gccgo @@ -71,7 +71,7 @@ RUN useradd --create-home --gid docker unprivilegeduser VOLUME /var/lib/docker WORKDIR /go/src/github.com/docker/docker -ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux +ENV DOCKER_BUILDTAGS apparmor seccomp selinux # Wrap all commands in the "docker-in-docker" script to allow nested containers ENTRYPOINT ["hack/dind"] diff --git a/components/engine/hack/make/.build-deb/rules b/components/engine/hack/make/.build-deb/rules index 1588a33cb8..e1c05554a7 100755 --- a/components/engine/hack/make/.build-deb/rules +++ b/components/engine/hack/make/.build-deb/rules @@ -6,7 +6,7 @@ override_dh_gencontrol: # if we're on Ubuntu, we need to Recommends: apparmor echo 'apparmor:Recommends=$(shell dpkg-vendor --is Ubuntu && echo apparmor)' >> debian/docker-engine.substvars # recommend yubico-piv-tool since we include pkcs11 by default - echo 'yubico:Recommends=$(echo "yubico-piv-tool (>= 1.1.0~)")' >> debian/docker-engine.substvars + echo 'yubico:Recommends="yubico-piv-tool (>= 1.1.0~)"' >> debian/docker-engine.substvars dh_gencontrol override_dh_auto_build: diff --git a/components/engine/hack/make/.build-rpm/docker-engine.spec b/components/engine/hack/make/.build-rpm/docker-engine.spec index ce952548f9..a0b5eb0b24 100644 --- a/components/engine/hack/make/.build-rpm/docker-engine.spec +++ b/components/engine/hack/make/.build-rpm/docker-engine.spec @@ -60,7 +60,7 @@ Requires: device-mapper >= 1.02.90-2 %global with_selinux 1 %endif -# yubico-piv-tool required +# yubico-piv-tool recommends %if 0%{?fedora} >= 20 || 0%{?centos} >= 7 || 0%{?rhel} >= 7 Requires: yubico-piv-tool >= 1.1.0 %endif