These weren't updated with the switch to go1.7.1
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
Upstream-commit: f431211631f0dd68ec41c970e5b951c5141e3f9b
Component: engine
This PR adds the necessary files needed in order to make ubuntu 14.04
ppc64le docker debs
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
Upstream-commit: 9a928e32325c399999342fcf24d9fd3074137a90
Component: engine
With this patch and Docker PR 25883 ("Add a Dockerfile for generating
manpages on s390x") "make deb" creates the following packages for s390x:
# cd bundles/1.13.0-dev/build-deb/
# find .
.
./ubuntu-xenial
./ubuntu-xenial/docker-engine_1.13.0~dev~git20160823.161729.0.2693af4-0~xenial_s390x.deb
./ubuntu-xenial/docker-engine_1.13.0~dev~git20160823.161729.0.2693af4-0~xenial.dsc
./ubuntu-xenial/docker-engine_1.13.0~dev~git20160823.161729.0.2693af4-0~xenial_s390x.changes
./ubuntu-xenial/Dockerfile.build
./ubuntu-xenial/docker-engine_1.13.0~dev~git20160823.161729.0.2693af4-0~xenial.tar.gz
./docker.log
./test.log
Package "docker-engine_1.13.0~dev~git20160823.161729.0.2693af4-0~xenial_s390x.deb"
could be successfully installed on a s390x Ubuntu system:
# cat /etc/issue
Ubuntu 16.04.1 LTS \n \l
# dpkg -i docker-engine_1.13.0~dev~git20160823.161729.0.2693af4-0~xenial_s390x.deb
...
Installing new version of config file /etc/init.d/docker ...
Installing new version of config file /etc/init/docker.conf ...
Processing triggers for systemd (229-4ubuntu7) ...
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for man-db (2.7.5-1) ...
# docker version
Client:
Version: 1.13.0-dev
API version: 1.25
Go version: go1.7
Git commit: 2693af4-unsupported
Built: Wed Aug 24 11:41:13 2016
OS/Arch: linux/s390x
Server:
...
The s390x "generate.sh" is a modified version of "ppc64le/generate.sh".
We removed seccomp for s390x because we need at least libseccomp version
2.3.1 which is not provided by Ubuntu Xenial.
Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Upstream-commit: 73df9b4e87d0a9fc13ef75e0d8f2f50ddfc8c7e5
Component: engine
This PR adds the ability to make docker debs for xenial on power
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
Upstream-commit: 64881dc331f1f0ff861eb82bb05eef63d6693a67
Component: engine
following the announcement;
https://groups.google.com/forum/m/#!topic/golang-announce/7JTsd70ZAT0
> [security] Go 1.6.3 and Go 1.7rc2 pre-announcement
>
> Hello gophers,
> We plan to issue Go 1.6.3 and Go 1.7rc2 on Monday July 18 at approximately 2am UTC.
> These are minor release to fix a security issue.
>
> Following our policy at https://golang.org/security, this is the pre-announcement of those releases.
>
> Because we are so late in the release cycle for Go 1.7, we will not issue a minor release of Go 1.5.
> Additionally, we plan to issue Go 1.7rc3 later next week, which will include any changes between 1.7rc1 and tip.
>
> Cheers,
> Chris on behalf of the Go team
**Note:**
the man/Dockerfile is not yet updated, because
the official image for Go 1.6.2 has not yet
been updated.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 589bafddf391cbf6aff8b22044266dc819cdcaeb
Component: engine
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
Upstream-commit: 829d1883dccc8000a6781bc074fd16afe2833841
Component: engine
To not hit the issue with the request Host header.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 3e0bd74a3d2647fa8c7783f4a053ad225746e6eb
Component: engine
These are the changes required due to the new binaries that containerd introduced.
The rpm, and deb packages now include 5 binaries.
docker, containerd, containerd-shim, ctr, and runc
The tar files also include all 5 binaries.
Signed-off-by: Ken Cochrane <KenCochrane@gmail.com>
Upstream-commit: bb66d7144f7d0a617f5985486ae36bbbaa5461ba
Component: engine
Also, add "libsystemd-journal-dev" to the explicit list (which is what prompted the change in how we install).
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Upstream-commit: 722fac7a730e16c65ccd60ce5d1d7924dd6520bf
Component: engine
This is used in `hack/make.sh` for detecting various dependencies such as `libsystemd-journal` -- without this, our packages don't support pulling logs back out of journald. 😢
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Upstream-commit: 9ac671f79e46ac3e05cc9531739d8f39d8da34c7
Component: engine
Ubuntu 15.04 (Vivid) will be EOL'd in January,
so we should remove it from our builds in the
Docker 1.10 release.
For information about the EOL data, see:
https://wiki.ubuntu.com/Releases
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 325b1f35ae7419cd7454800c8eda4dfaca1d9a77
Component: engine
We already bumped this for Dockerfile, should keep build environment
consistent with that.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Upstream-commit: 42d643af55a1a6e1a2262cb0e97fbe82589af40d
Component: engine
If a logdriver doesn't register a callback function to validate log
options, it won't be usable. Fix the journald driver by adding a dummy
validator.
Teach the client and the daemon's "logs" logic that the server can also
supply "logs" data via the "journald" driver. Update documentation and
tests that depend on error messages.
Add support for reading log data from the systemd journal to the
journald log driver. The internal logic uses a goroutine to scan the
journal for matching entries after any specified cutoff time, formats
the messages from those entries as JSONLog messages, and stuffs the
results down a pipe whose reading end we hand back to the caller.
If we are missing any of the 'linux', 'cgo', or 'journald' build tags,
however, we don't implement a reader, so the 'logs' endpoint will still
return an error.
Make the necessary changes to the build setup to ensure that support for
reading container logs from the systemd journal is built.
Rename the Jmap member of the journald logdriver's struct to "vars" to
make it non-public, and to make it easier to tell that it's just there
to hold additional variable values that we want journald to record along
with log data that we're sending to it.
In the client, don't assume that we know which logdrivers the server
implements, and remove the check that looks at the server. It's
redundant because the server already knows, and the check also makes
using older clients with newer servers (which may have new logdrivers in
them) unnecessarily hard.
When we try to "logs" and have to report that the container's logdriver
doesn't support reading, send the error message through the
might-be-a-multiplexer so that clients which are expecting multiplexed
data will be able to properly display the error, instead of tripping
over the data and printing a less helpful "Unrecognized input header"
error.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> (github: nalind)
Upstream-commit: e611a189cb3147cd79ccabfe8ba61ae3e3e28459
Component: engine
The automatic installation of AppArmor policies prevents the
management of custom, site-specific apparmor policies for the
default container profile. Furthermore, this change will allow
a future policy for the engine itself to be written without demanding
the engine be able to arbitrarily create and manage AppArmor policies.
- Add deb package suggests for apparmor.
- Ubuntu postinst use aa-status & fix policy path
- Add the policies to the debian packages.
- Add apparmor tests for writing proc files
Additional restrictions against modifying files in proc
are enforced by AppArmor. Ensure that AppArmor is preventing
access to these files, not simply Docker's configuration of proc.
- Remove /proc/k?mem from AA policy
The path to mem and kmem are in /dev, not /proc
and cannot be restricted successfully through AppArmor.
The device cgroup will need to be sufficient here.
- Load contrib/apparmor during integration tests
Note that this is somewhat dirty because we
cannot restore the host to its original configuration.
However, it should be noted that prior to this patch
series, the Docker daemon itself was loading apparmor
policy from within the tests, so this is no dirtier or
uglier than the status-quo.
Signed-off-by: Eric Windisch <eric@windisch.us>
Upstream-commit: 80d99236c1ef9d389dbaca73c1a949da16b56b42
Component: engine
Ubuntu Precise has a number of warts that made it non-trivial to add initially, but I've managed to work through some of them and come up with a working build. Two important parts to note are that it has neither the `btrfs` nor the `devicemapper` graphdriver backends since `btrfs-tools` and `libdevmapper-dev` in the precise repositories are too ancient for them to even compile.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Upstream-commit: 98180b89543396c07c1f1ea420554fbcce31c513
Component: engine
Also, `curl` is smart enough to see when the consumer of the pipe is going slow that it should slow down the transfer, so this gives a reasonable indication of extraction progress too.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Upstream-commit: 24d98c14a0ee580018fdfcc465a76fd4a976e40f
Component: engine
