Note that go1.8.2 contains a security fix (CVE-2017-8932).
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 0c7c900e9e66335a6bd486be008af43ae83a5a37)
Starting with this commit, integration tests should no longer rely on
the docker cli, they should be API tests instead. For the existing tests
the scripts will use a frozen version of the docker cli with a
DOCKER_API_VERSION frozen to 1.30, which should ensure that the CI remains
green at all times.
To help contributors develop and test manually with a modified docker
cli, this commit also adds a DOCKER_CLI_PATH environment variable to the
Makefile. This allows to set the path of a custom cli that will be
available inside the development container and used to run the
integration tests.
Signed-off-by: Arnaud Porterie (icecrime) <arnaud.porterie@docker.com>
Signed-off-by: Tibor Vass <tibor@docker.com>
Upstream-commit: 32915b1d0a315598edb737785d0357b5a1b8aa11
Component: engine
This updates the versions of the frozen images used to their current
version. The original reason for updating these images was to make sure
they are not affected by [CVE-2016-1252 / DSA-3733-1](https://lwn.net/Articles/709119/),
which is fixed in apt 1.0.9.8.4 and up.
Note that `CVE-2016-1252` won't affect our test-suite, because no packages
are installed during out tests. It is just "good practice" to keep these
images up to date.
The `debian:jessie`, and `buildpack-deps:jessie` in `Dockerfile.s390x`,
and `Dockerfile.armhf` have not been updated in this patch, because
those images have not yet been updated to contain apt 1.0.9.8.4.
While working on this, the `busybox` and `hello-world` were also updated
to their latest version.
Also removes a reference to `hack/make/.ensure-frozen-images`, which
was removed in ff91276d1f5beab5582d9ca582ee01af13198333.
The new busybox image has one layer less than the original,
so updated `TestBuildSquashParent` to take that into account.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 1ecd8ed5186a161c1c43ae7c99b1c81b97188619
Component: engine
This adds ppc64le and s390x architectures to those supported
by hack/make/release-debs
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
Upstream-commit: 9db1d16053b9c94586d4233a1f4067eede24947e
Component: engine
This drops support for migrations from pre-1.10 Docker versions, which
should be done via an external tool or an intermediate upgrade.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Upstream-commit: f8119bb7a76b5c42defb6e0a2dc67bd77ad29a5e
Component: engine
With commit ee59f25c2d503cd68262679250387e140171c685 we changed from
gcc-go to golang 1.7. By switching to debian we can reduce the base
layer from 1.4 GB to around 130 MB.
Signed-off-by: Dominik Dingel <dingel@linux.vnet.ibm.com>
Upstream-commit: 1bd6836a4249210090ed99c4e281374e9e16e138
Component: engine
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
Upstream-commit: 175792a65563b6ee14d049631d46749cd4165a3c
Component: engine
There is no reason to duplicate efforts and tini is well built and
better than grimes. It is a much stronger option for the default init
and @krallin has done a great job maintaining it and helping make
changes so that it will work with Docker.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: d58b47623b252803f5cd12f6d9ca584d1587ab22
Component: engine
this switches all go download links to use a redirect,
https://golang.org/dl/ instead of the direct source.
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
Upstream-commit: 732d1035d2f1d8f0b6f3410035fa393431b93d89
Component: engine
This means we can vendor libnetwork without special casing, and
it is built the same way as the other external binaries.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Upstream-commit: 3996975b0840033bda3919440d122d734a4bc66b
Component: engine
It should allow easier updates for containerd and runc
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: 1b41125ad9f1a3881b71bd044d76fd285170addb
Component: engine
This adds a small C binary for fighting zombies. It is mounted under
`/dev/init` and is prepended to the args specified by the user. You
enable it via a daemon flag, `dockerd --init`, as it is disable by
default for backwards compat.
You can also override the daemon option or specify this on a per
container basis with `docker run --init=true|false`.
You can test this by running a process like this as the pid 1 in a
container and see the extra zombie that appears in the container as it
is running.
```c
int main(int argc, char ** argv) {
pid_t pid = fork();
if (pid == 0) {
pid = fork();
if (pid == 0) {
exit(0);
}
sleep(3);
exit(0);
}
printf("got pid %d and exited\n", pid);
sleep(20);
}
```
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: ee3ac3aa66bfb27b7c21dfb253fdaa113baedd4e
Component: engine
We finally have a s390x binary tarball for go on "storage.googleapis.com".
So use this instead of bootstrapping with gccgo.
Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Upstream-commit: 47f13d3b84fb0ee867c6b6c2a213d78b471754bf
Component: engine
Necessary for merging in #22049.
Signed-off-by: Ross Boucher <rboucher@gmail.com>
Upstream-commit: e0123adafdc1e6a14a1dac10c5371da11b6fc063
Component: engine
They're included in go since 1.5.
Also I've removed comment about ancient gofmt version.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: 08c16f8abfdc1f91119a35056c92d131b815fbf8
Component: engine
With golang version 1.7 the s390x architecture is officially supported.
To be in sync with the other architectures now switch also for s390x
from gccgo 6.1 to golang:
- golang: build and install to /usr/src/go
* Download golang-1.7 sources
* Bootstrap with gccgo 6.1
- go lint: Sync GO_LINT_COMMIT with other Dockerfiles
- notary: Remove GO15VENDOREXPERIMENT and softlink hack
With this patch the current CI on s390x completes with:
- OK: 1375 passed, 43 skipped
Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Upstream-commit: ee59f25c2d503cd68262679250387e140171c685
Component: engine
When #24648 was merged, only the main Dockerfile was updated with the
new containerd commit, this commit brings the other Dockerfile up to
speed.
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
Upstream-commit: d5cbc57eff0df651bfbfb455608da45747651d0c
Component: engine
This version introduces the following:
- uses nanosecond timestamps for event
- ensure events are sent once their effect is "live"
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
Upstream-commit: 29b2714580d085533c29807fa337c2b7a302abb6
Component: engine
This updates containerd to b93a33be39bc4ef0fb00bfcb79147a28c33d9d43
fixing the start sync issues.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: 7db7e046315eed5ccfb3a913b965be4b1a595601
Component: engine
Due to the issue of go-md2man, a numbered list in `man docker login` was not rendered correctly.
a8f937e113
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
Upstream-commit: cfe16e0d5b4bb7d1d194553f2a82cc1879d60e6b
Component: engine
