The main gain here is that they all use exactly the same distro; previously
arm64 was using Ubuntu Xenial because Debian jessie was too old.
Does not seem that we can change any of the downloaded dependencies still,
as eg libseccomp is still not the version we are using.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Upstream-commit: e89a5e5e91476102a471797fc2a81aa2f0f2b3fb
Component: engine
With docker-17.06.0 some images pulled do not extract properly. Some files don't appear in correct directories. This may or may not cause the pull to fail. These images can't be pushed or saved. 17.06 is the first version of Docker built with go1.8.
Cause
There are multiple updates to the tar package in go1.8.
https://go-review.googlesource.com/c/32234/ disables using "prefix" field when new tar archives are being written. Prefix field was previously set when a record in the archive used a path longer than 100 bytes.
Another change https://go-review.googlesource.com/c/31444/ makes the reader ignore the "prefix" field value if the record is in GNU format. GNU format defines that same area should be used for access and modified times. If the "prefix" field is not read, a file will only be extracted by the basename.
The problem is that with a previous version of the golang archive package headers could be written, that use the prefix field while at the same time setting the header format to GNU. This happens when numeric fields are big enough that they can not be written as octal strings and need to be written in binary. Usually, this shouldn't happen: uid, gid, devmajor, devminor can use up to 7 bytes, size and timestamp can use 11. If one of the records does overflow it switches the whole writer to GNU mode and all next files will be saved in GNU format.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Upstream-commit: 4a3cfda45e37b81211fbfbf0c45dbe64860a3ad0
Component: engine
Starting with this commit, integration tests should no longer rely on
the docker cli, they should be API tests instead. For the existing tests
the scripts will use a frozen version of the docker cli with a
DOCKER_API_VERSION frozen to 1.30, which should ensure that the CI remains
green at all times.
To help contributors develop and test manually with a modified docker
cli, this commit also adds a DOCKER_CLI_PATH environment variable to the
Makefile. This allows to set the path of a custom cli that will be
available inside the development container and used to run the
integration tests.
Signed-off-by: Arnaud Porterie (icecrime) <arnaud.porterie@docker.com>
Signed-off-by: Tibor Vass <tibor@docker.com>
Upstream-commit: 32915b1d0a315598edb737785d0357b5a1b8aa11
Component: engine
This drops support for migrations from pre-1.10 Docker versions, which
should be done via an external tool or an intermediate upgrade.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Upstream-commit: f8119bb7a76b5c42defb6e0a2dc67bd77ad29a5e
Component: engine
There is no reason to duplicate efforts and tini is well built and
better than grimes. It is a much stronger option for the default init
and @krallin has done a great job maintaining it and helping make
changes so that it will work with Docker.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: d58b47623b252803f5cd12f6d9ca584d1587ab22
Component: engine
this switches all go download links to use a redirect,
https://golang.org/dl/ instead of the direct source.
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
Upstream-commit: 732d1035d2f1d8f0b6f3410035fa393431b93d89
Component: engine
This means we can vendor libnetwork without special casing, and
it is built the same way as the other external binaries.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Upstream-commit: 3996975b0840033bda3919440d122d734a4bc66b
Component: engine
It should allow easier updates for containerd and runc
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: 1b41125ad9f1a3881b71bd044d76fd285170addb
Component: engine
This adds a small C binary for fighting zombies. It is mounted under
`/dev/init` and is prepended to the args specified by the user. You
enable it via a daemon flag, `dockerd --init`, as it is disable by
default for backwards compat.
You can also override the daemon option or specify this on a per
container basis with `docker run --init=true|false`.
You can test this by running a process like this as the pid 1 in a
container and see the extra zombie that appears in the container as it
is running.
```c
int main(int argc, char ** argv) {
pid_t pid = fork();
if (pid == 0) {
pid = fork();
if (pid == 0) {
exit(0);
}
sleep(3);
exit(0);
}
printf("got pid %d and exited\n", pid);
sleep(20);
}
```
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: ee3ac3aa66bfb27b7c21dfb253fdaa113baedd4e
Component: engine
Necessary for merging in #22049.
Signed-off-by: Ross Boucher <rboucher@gmail.com>
Upstream-commit: e0123adafdc1e6a14a1dac10c5371da11b6fc063
Component: engine
When #24648 was merged, only the main Dockerfile was updated with the
new containerd commit, this commit brings the other Dockerfile up to
speed.
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
Upstream-commit: d5cbc57eff0df651bfbfb455608da45747651d0c
Component: engine
following the announcement;
https://groups.google.com/forum/m/#!topic/golang-announce/7JTsd70ZAT0
> [security] Go 1.6.3 and Go 1.7rc2 pre-announcement
>
> Hello gophers,
> We plan to issue Go 1.6.3 and Go 1.7rc2 on Monday July 18 at approximately 2am UTC.
> These are minor release to fix a security issue.
>
> Following our policy at https://golang.org/security, this is the pre-announcement of those releases.
>
> Because we are so late in the release cycle for Go 1.7, we will not issue a minor release of Go 1.5.
> Additionally, we plan to issue Go 1.7rc3 later next week, which will include any changes between 1.7rc1 and tip.
>
> Cheers,
> Chris on behalf of the Go team
**Note:**
the man/Dockerfile is not yet updated, because
the official image for Go 1.6.2 has not yet
been updated.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 589bafddf391cbf6aff8b22044266dc819cdcaeb
Component: engine
This version introduces the following:
- uses nanosecond timestamps for event
- ensure events are sent once their effect is "live"
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
Upstream-commit: 29b2714580d085533c29807fa337c2b7a302abb6
Component: engine
This updates containerd to b93a33be39bc4ef0fb00bfcb79147a28c33d9d43
fixing the start sync issues.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: 7db7e046315eed5ccfb3a913b965be4b1a595601
Component: engine
This bumps containerd to cf554d59dd96e459544748290eb9167f4bcde509 and
includes various fixes and updates the grpc package and types generated
for use.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: d17b9f3da064f4c7e70867be5e64d06b127df301
Component: engine
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
Set up the mount label in the spec for a container
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
Upstream-commit: e0f98c698b49e3790fe63bff611eeda6f5b46055
Component: engine
This vendors in new spec/runc that supports
setting readonly and masked paths in the
configuration. Using this allows us to make an
exception for `—-privileged`.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Upstream-commit: 3f81b4935292d5daedea9de4e2db0895986115da
Component: engine
This includes fixes for;
- outputing errors for missing seccomp options on seccomp versions < 2.3
- cap set apply EPERM errors on ARM systems
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 752b31d3fe6fcbea9e14247c3896334734eba7f2
Component: engine
