[gentoo-commits] repo/gentoo:master commit in: app-emulation/docker/, app-emulation/docker/files/

[gentoo-commits] repo/gentoo:master commit in: app-emulation/docker/, app-emulation/docker/files/

[Kacper Kowalik]

commit:     ebf518399f1b302b738d6da9afa0351f4035384a
Author:     Kacper Kowalik <xarthisius <AT> gentoo <DOT> org>
AuthorDate: Thu Aug 27 15:42:07 2015 +0000
Commit:     Kacper Kowalik <xarthisius <AT> gentoo <DOT> org>
CommitDate: Thu Aug 27 15:42:38 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ebf51839

Apply upstream patch fixing issue with go>=1.4. Fixes #558344

Package-Manager: portage-2.2.20

 app-emulation/docker/docker-1.8.1.ebuild           |  3 +-
 app-emulation/docker/files/15404-fix-go14_15.patch | 85 ++++++++++++++++++++++
 2 files changed, 87 insertions(+), 1 deletion(-)

diff --git a/app-emulation/docker/docker-1.8.1.ebuild b/app-emulation/docker/docker-1.8.1.ebuild
index 0fea9a3..73cc01d 100644
--- a/app-emulation/docker/docker-1.8.1.ebuild
+++ b/app-emulation/docker/docker-1.8.1.ebuild
@@ -20,7 +20,7 @@ else
 	[ "$DOCKER_GITCOMMIT" ] || die "DOCKER_GITCOMMIT must be added manually for each bump!"
 	inherit golang-vcs-snapshot
 fi
-inherit bash-completion-r1 linux-info multilib systemd udev user
+inherit eutils bash-completion-r1 linux-info multilib systemd udev user
 
 DESCRIPTION="Docker complements kernel namespacing with a high-level API which operates at the process level"
 HOMEPAGE="https://dockerproject.org"
@@ -170,6 +170,7 @@ pkg_setup() {
 
 src_prepare() {
 	cd "src/${EGO_PN}" || die
+	epatch "${FILESDIR}"/15404-fix-go14_15.patch
 	# allow user patches (use sparingly - upstream won't support them)
 	epatch_user
 }

diff --git a/app-emulation/docker/files/15404-fix-go14_15.patch b/app-emulation/docker/files/15404-fix-go14_15.patch
new file mode 100644
index 0000000..7cda1f9
--- /dev/null
+++ b/app-emulation/docker/files/15404-fix-go14_15.patch
@@ -0,0 +1,85 @@
+From f83d05c3be3c3bcc84f6fa229504848ee8078321 Mon Sep 17 00:00:00 2001
+From: Vincent Batts <vbatts@redhat.com>
+Date: Fri, 7 Aug 2015 10:18:20 -0400
+Subject: [PATCH] devicemapper: fix zero-sized field access
+
+Fixes: #15279
+
+Due to
+https://github.com/golang/go/commit/7904946eeb35faece61bbf6f5b3cc8be2f519c17
+the devices field is dropped.
+
+This solution works on go1.4 and go1.5
+
+Signed-off-by: Vincent Batts <vbatts@redhat.com>
+---
+ daemon/graphdriver/devmapper/deviceset.go | 14 +++++++++-----
+ pkg/devicemapper/devmapper_wrapper.go     | 18 +++++++++++++++---
+ 2 files changed, 24 insertions(+), 8 deletions(-)
+
+diff --git a/daemon/graphdriver/devmapper/deviceset.go b/daemon/graphdriver/devmapper/deviceset.go
+index 6dddeb1..97e2032 100644
+--- a/daemon/graphdriver/devmapper/deviceset.go
++++ b/daemon/graphdriver/devmapper/deviceset.go
+@@ -1509,12 +1509,16 @@ func (devices *DeviceSet) deactivatePool() error {
+ 	if err != nil {
+ 		return err
+ 	}
+-	if d, err := devicemapper.GetDeps(devname); err == nil {
+-		// Access to more Debug output
+-		logrus.Debugf("[devmapper] devicemapper.GetDeps() %s: %#v", devname, d)
++
++	if devinfo.Exists == 0 {
++		return nil
+ 	}
+-	if devinfo.Exists != 0 {
+-		return devicemapper.RemoveDevice(devname)
++	if err := devicemapper.RemoveDevice(devname); err != nil {
++		return err
++	}
++
++	if d, err := devicemapper.GetDeps(devname); err == nil {
++		logrus.Warnf("[devmapper] device %s still has %d active dependents", devname, d.Count)
+ 	}
+ 
+ 	return nil
+diff --git a/pkg/devicemapper/devmapper_wrapper.go b/pkg/devicemapper/devmapper_wrapper.go
+index 87c2003..44ca772 100644
+--- a/pkg/devicemapper/devmapper_wrapper.go
++++ b/pkg/devicemapper/devmapper_wrapper.go
+@@ -38,7 +38,10 @@ static void	log_with_errno_init()
+ */
+ import "C"
+ 
+-import "unsafe"
++import (
++	"reflect"
++	"unsafe"
++)
+ 
+ type (
+ 	CDmTask C.struct_dm_task
+@@ -184,12 +187,21 @@ func dmTaskGetDepsFct(task *CDmTask) *Deps {
+ 	if Cdeps == nil {
+ 		return nil
+ 	}
++
++	// golang issue: https://github.com/golang/go/issues/11925
++	hdr := reflect.SliceHeader{
++		Data: uintptr(unsafe.Pointer(uintptr(unsafe.Pointer(Cdeps)) + unsafe.Sizeof(*Cdeps))),
++		Len:  int(Cdeps.count),
++		Cap:  int(Cdeps.count),
++	}
++	devices := *(*[]C.uint64_t)(unsafe.Pointer(&hdr))
++
+ 	deps := &Deps{
+ 		Count:  uint32(Cdeps.count),
+ 		Filler: uint32(Cdeps.filler),
+ 	}
+-	for _, device := range Cdeps.device {
+-		deps.Device = append(deps.Device, (uint64)(device))
++	for _, device := range devices {
++		deps.Device = append(deps.Device, uint64(device))
+ 	}
+ 	return deps
+ }

[gentoo-commits] repo/gentoo:master commit in: app-emulation/docker/, app-emulation/docker/files/

[William Hubbs]

commit:     4088cbaef9bea3f24c49e5494b2e2a54485a349b
Author:     William Hubbs <williamh <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 20 15:33:59 2016 +0000
Commit:     William Hubbs <williamh <AT> gentoo <DOT> org>
CommitDate: Wed Apr 20 17:00:13 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4088cbae

app-emulation/docker:  version bump to 1.11.0 for #580564

Package-Manager: portage-2.2.26

 app-emulation/docker/Manifest                      |   1 +
 app-emulation/docker/docker-1.11.0.ebuild          | 274 +++++++++++++++++++++
 app-emulation/docker/files/docker-containerd.patch |  22 ++
 3 files changed, 297 insertions(+)

diff --git a/app-emulation/docker/Manifest b/app-emulation/docker/Manifest
index d1f61a2..082892a 100644
--- a/app-emulation/docker/Manifest
+++ b/app-emulation/docker/Manifest
@@ -1,5 +1,6 @@
 DIST docker-1.10.0.tar.gz 9966458 SHA256 4321baec0839a0f57b9bb3a20d84f2ab1ff045fbe631c3aa76bbc1db67012635 SHA512 dc8c421e704990882dce26d23929d71dffeac605e07d595872f1fa5c0920f214a368c902ecd7c739f32a468c276001acf3cef1676aeaeffc8e4530ec028db070 WHIRLPOOL 583f186e338624ddb8d67941e62c5cc9f12af99a13939b20739dbe2d46eff0b3aa21fc8dec508d7b6f8dd13c4ff4e0f52cf7afd174d5289f7966c2cfefa3a081
 DIST docker-1.10.3.tar.gz 9973680 SHA256 6b72fafa4c068a95133f5c9fda9fb148c9412db7a932800689e259a1b1c7ef6d SHA512 0e8f1dc80b8600a3a2d36a0e2a5c1a5cdca540198dafb9b6e32e79e7a2d2bea3d822ec310d6b1655fd0c91dca03874fa93b3ddb77e59607d62aac4fe6062c0da WHIRLPOOL 0d1b09868e958bfad5a722f60a73847ba12745e36abc11e04ff074546728967ccbaf0cf4554dec70dcd97169a2c684144d5cc171ef3b9bf0ba438daf37c24269
+DIST docker-1.11.0.tar.gz 10637394 SHA256 088869b9a19ae17656e068aa6d3d473866e8133365427c601c671da1b2189057 SHA512 ecb7f531a5632fd6274e3eec59a5194c61d0788ab9f3864845cbc248232c2f14671a26c34abab8c5ca85ce6106ae72ea3ae4e5d133ad1efb126069ae82a2dba0 WHIRLPOOL 20b0ef1642d2fea2ae186a17786d95f138fb7df92daa104f00c481488f82eadd5e8f27a0a8e926d68f495fd62bc132d83817a0831f84b3786474a9408d87878f
 DIST docker-1.6.1.tar.gz 5713944 SHA256 aa3534277d11b32bc3564b801aeed0502f067317e7e111bd91ce2d989d34c51e SHA512 d2647f191fd295c8a9326e11ddbf6e77f33b70f14e3ebd37db3c9fa1f4946e0e3f426078ee847f52d7c57fc7783d26afe3e5d2e7ff17d8e6bb4f71609e8f5ef2 WHIRLPOOL e12c799ef63a0646f7393b00b6c1e200f350f7089445c58819ae5b53d66d18d985cb9f8fde1cd3ecfa55c2f0186064fc7080b7ebba132404aa15502029881602
 DIST docker-1.6.2.tar.gz 5714121 SHA256 f3a031b23ea9ff0fdbf3ffb9449c64ec51bb053491b47b28000eb4cce9f23203 SHA512 c27bdafabcb8ad2e49bee9e1529141a25596ba2b59435fb9368fc406950d0d7d1cbd876f1f4248dfc7089a22b8a2d13009dd164bde87e37b95a8e502bb49cac9 WHIRLPOOL aea4105ba30104d751203153b6208e363ce0abb3145ee134e675c4bc640e888afb281e7ba9009a30b9af37e829185684427a33b947d8710b49562e3352526c06
 DIST docker-1.7.1.tar.gz 6853527 SHA256 9cd26415d68a88d3cf576e7e78c2fe97f42af795404f552728acc5b41dccf4ef SHA512 9b32c3deab77a27a4322a3ccbb3759a2c2a5627605090c4517c3754e6821407abcf5ffa227bad1fdafcbba068cdcaab586015dd8cfe9aed7e8a221d0615463f1 WHIRLPOOL 41b1afd8ea08c3452e5658d73e85c3b79a64f85fb4cb99c4c6a2ce1ab49836cebbe14724afe47898cb8d9bb9d4d69c64ff1c061895f3b9534150bc7ab50e2b22

diff --git a/app-emulation/docker/docker-1.11.0.ebuild b/app-emulation/docker/docker-1.11.0.ebuild
new file mode 100644
index 0000000..eabd8d8
--- /dev/null
+++ b/app-emulation/docker/docker-1.11.0.ebuild
@@ -0,0 +1,274 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+EGO_PN="github.com/docker/docker"
+
+if [[ ${PV} = *9999* ]]; then
+	# Docker cannot be fetched via "go get", thanks to autogenerated code
+	EGIT_REPO_URI="https://${EGO_PN}.git"
+	EGIT_CHECKOUT_DIR="${WORKDIR}/${P}/src/${EGO_PN}"
+	inherit golang-base git-r3
+else
+	MY_PV="${PV/_/-}"
+	DOCKER_GITCOMMIT="4dc5990"
+	EGIT_COMMIT="v${MY_PV}"
+	SRC_URI="https://${EGO_PN}/archive/${EGIT_COMMIT}.tar.gz -> ${P}.tar.gz"
+	KEYWORDS="~amd64"
+	[ "$DOCKER_GITCOMMIT" ] || die "DOCKER_GITCOMMIT must be added manually for each bump!"
+	inherit golang-vcs-snapshot
+fi
+inherit bash-completion-r1 linux-info multilib systemd udev user
+
+DESCRIPTION="Docker complements kernel namespacing with a high-level API which operates at the process level"
+HOMEPAGE="https://dockerproject.org"
+LICENSE="Apache-2.0"
+SLOT="0"
+IUSE="apparmor aufs btrfs +device-mapper experimental overlay seccomp"
+
+# https://github.com/docker/docker/blob/master/hack/PACKAGERS.md#build-dependencies
+CDEPEND="
+	>=dev-db/sqlite-3.7.9:3
+	device-mapper? (
+		>=sys-fs/lvm2-2.02.89[thin]
+	)
+	seccomp? (
+		>=sys-libs/libseccomp-2.2.1[static-libs]
+	)
+"
+
+DEPEND="
+	${CDEPEND}
+
+	dev-go/go-md2man
+
+	btrfs? (
+		>=sys-fs/btrfs-progs-3.8
+	)
+"
+
+# https://github.com/docker/docker/blob/master/hack/PACKAGERS.md#runtime-dependencies
+# https://github.com/docker/docker/blob/master/hack/PACKAGERS.md#optional-dependencies
+RDEPEND="
+	${CDEPEND}
+
+	!app-emulation/docker-bin
+	>=net-firewall/iptables-1.4
+	sys-process/procps
+	>=dev-vcs/git-1.7
+	>=app-arch/xz-utils-4.9
+
+	>=app-emulation/containerd-0.2.0
+	>=app-emulation/runc-0.1.0
+
+	apparmor? (
+		sys-libs/libapparmor[static-libs]
+	)
+"
+
+RESTRICT="installsources strip"
+
+# see "contrib/check-config.sh" from upstream's sources
+CONFIG_CHECK="
+	~NAMESPACES ~NET_NS ~PID_NS ~IPC_NS ~UTS_NS
+	~DEVPTS_MULTIPLE_INSTANCES
+	~CGROUPS ~CGROUP_CPUACCT ~CGROUP_DEVICE ~CGROUP_FREEZER ~CGROUP_SCHED ~CPUSETS ~MEMCG
+	~MACVLAN ~VETH ~BRIDGE ~BRIDGE_NETFILTER
+	~NF_NAT_IPV4 ~IP_NF_FILTER ~IP_NF_TARGET_MASQUERADE
+	~NETFILTER_XT_MATCH_ADDRTYPE ~NETFILTER_XT_MATCH_CONNTRACK
+	~NF_NAT ~NF_NAT_NEEDED
+
+	~POSIX_MQUEUE
+
+	~MEMCG_KMEM ~MEMCG_SWAP ~MEMCG_SWAP_ENABLED
+
+	~BLK_CGROUP ~IOSCHED_CFQ
+	~CGROUP_PERF
+	~CGROUP_HUGETLB
+	~NET_CLS_CGROUP
+	~CFS_BANDWIDTH ~FAIR_GROUP_SCHED ~RT_GROUP_SCHED
+"
+
+ERROR_MEMCG_KMEM="CONFIG_MEMCG_KMEM: is optional"
+ERROR_MEMCG_SWAP="CONFIG_MEMCG_SWAP: is required if you wish to limit swap usage of containers"
+ERROR_RESOURCE_COUNTERS="CONFIG_RESOURCE_COUNTERS: is optional for container statistics gathering"
+
+ERROR_BLK_CGROUP="CONFIG_BLK_CGROUP: is optional for container statistics gathering"
+ERROR_IOSCHED_CFQ="CONFIG_IOSCHED_CFQ: is optional for container statistics gathering"
+ERROR_CGROUP_PERF="CONFIG_CGROUP_PERF: is optional for container statistics gathering"
+ERROR_CFS_BANDWIDTH="CONFIG_CFS_BANDWIDTH: is optional for container statistics gathering"
+
+pkg_setup() {
+	if kernel_is lt 3 10; then
+		ewarn ""
+		ewarn "Using Docker with kernels older than 3.10 is unstable and unsupported."
+		ewarn " - http://docs.docker.com/installation/binaries/#check-kernel-dependencies"
+	fi
+
+	# for where these kernel versions come from, see:
+	# https://www.google.com/search?q=945b2b2d259d1a4364a2799e80e8ff32f8c6ee6f+site%3Akernel.org%2Fpub%2Flinux%2Fkernel+file%3AChangeLog*
+	if ! {
+		kernel_is ge 3 16 \
+		|| { kernel_is 3 15 && kernel_is ge 3 15 5; } \
+		|| { kernel_is 3 14 && kernel_is ge 3 14 12; } \
+		|| { kernel_is 3 12 && kernel_is ge 3 12 25; }
+	}; then
+		ewarn ""
+		ewarn "There is a serious Docker-related kernel panic that has been fixed in 3.16+"
+		ewarn "  (and was backported to 3.15.5+, 3.14.12+, and 3.12.25+)"
+		ewarn ""
+		ewarn "See also https://github.com/docker/docker/issues/2960"
+	fi
+
+	if kernel_is le 3 18; then
+		CONFIG_CHECK+="
+			~RESOURCE_COUNTERS
+		"
+	fi
+
+	if kernel_is le 3 13; then
+		CONFIG_CHECK+="
+			~NETPRIO_CGROUP
+		"
+	else
+		CONFIG_CHECK+="
+			~CGROUP_NET_PRIO
+		"
+	fi
+
+	if use aufs; then
+		CONFIG_CHECK+="
+			~AUFS_FS
+			~EXT4_FS_POSIX_ACL ~EXT4_FS_SECURITY
+		"
+		ERROR_AUFS_FS="CONFIG_AUFS_FS: is required to be set if and only if aufs-sources are used instead of aufs4/aufs3"
+	fi
+
+	if use btrfs; then
+		CONFIG_CHECK+="
+			~BTRFS_FS
+		"
+	fi
+
+	if use device-mapper; then
+		CONFIG_CHECK+="
+			~BLK_DEV_DM ~DM_THIN_PROVISIONING ~EXT4_FS ~EXT4_FS_POSIX_ACL ~EXT4_FS_SECURITY
+		"
+	fi
+
+	if use overlay; then
+		CONFIG_CHECK+="
+			~OVERLAY_FS ~EXT4_FS_SECURITY ~EXT4_FS_POSIX_ACL
+		"
+	fi
+
+	linux-info_pkg_setup
+
+	# create docker group for the code checking for it in /etc/group
+	enewgroup docker
+}
+
+src_prepare() {
+	cd "src/${EGO_PN}" || die
+	epatch "${FILESDIR}/docker-containerd.patch"
+	# allow user patches (use sparingly - upstream won't support them)
+	epatch_user
+}
+
+src_compile() {
+	cd "src/${EGO_PN}" || die
+	export GOPATH="${WORKDIR}/${P}:${PWD}/vendor"
+
+	# setup CFLAGS and LDFLAGS for separate build target
+	# see https://github.com/tianon/docker-overlay/pull/10
+	export CGO_CFLAGS="-I${ROOT}/usr/include"
+	export CGO_LDFLAGS="-L${ROOT}/usr/$(get_libdir)"
+
+	# if we're building from a zip, we need the GITCOMMIT value
+	[ "$DOCKER_GITCOMMIT" ] && export DOCKER_GITCOMMIT
+
+	if gcc-specs-pie; then
+		sed -i "s/EXTLDFLAGS_STATIC='/&-fno-PIC /" hack/make.sh || die
+		grep -q -- '-fno-PIC' hack/make.sh || die 'hardened sed failed'
+
+		sed  "s/LDFLAGS_STATIC_DOCKER='/&-extldflags -fno-PIC /" \
+			-i hack/make/dynbinary || die
+		grep -q -- '-fno-PIC' hack/make/dynbinary || die 'hardened sed failed'
+	fi
+
+	# let's set up some optional features :)
+	export DOCKER_BUILDTAGS=''
+	for gd in aufs btrfs device-mapper overlay; do
+		if ! use $gd; then
+			DOCKER_BUILDTAGS+=" exclude_graphdriver_${gd//-/}"
+		fi
+	done
+
+	for tag in apparmor seccomp; do
+		if use $tag; then
+			DOCKER_BUILDTAGS+=" $tag"
+		fi
+	done
+
+	# https://github.com/docker/docker/pull/13338
+	if use experimental; then
+		export DOCKER_EXPERIMENTAL=1
+	else
+		unset DOCKER_EXPERIMENTAL
+	fi
+
+	# time to build!
+	./hack/make.sh dynbinary || die 'dynbinary failed'
+
+	# build the man pages too
+	./man/md2man-all.sh || die "unable to generate man pages"
+}
+
+src_install() {
+	cd "src/${EGO_PN}" || die
+	VERSION="$(cat VERSION)"
+	newbin "bundles/$VERSION/dynbinary/docker-$VERSION" docker
+	#exeinto /usr/libexec/docker
+	#newexe "bundles/$VERSION/dynbinary/dockerinit-$VERSION" dockerinit
+
+	newinitd contrib/init/openrc/docker.initd docker
+	newconfd contrib/init/openrc/docker.confd docker
+
+	systemd_dounit contrib/init/systemd/docker.{service,socket}
+
+	udev_dorules contrib/udev/*.rules
+
+	dodoc AUTHORS CONTRIBUTING.md CHANGELOG.md NOTICE README.md
+	dodoc -r docs/*
+	doman man/man*/*
+
+	dobashcomp contrib/completion/bash/*
+
+	insinto /usr/share/zsh/site-functions
+	doins contrib/completion/zsh/*
+
+	insinto /usr/share/vim/vimfiles
+	doins -r contrib/syntax/vim/ftdetect
+	doins -r contrib/syntax/vim/syntax
+
+	# note: intentionally not using "doins" so that we preserve +x bits
+	mkdir -p "${D}/usr/share/${PN}/contrib"
+	cp -R contrib/* "${D}/usr/share/${PN}/contrib"
+}
+
+pkg_postinst() {
+	udev_reload
+
+	elog
+	elog "To use Docker, the Docker daemon must be running as root. To automatically"
+	elog "start the Docker daemon at boot, add Docker to the default runlevel:"
+	elog "  rc-update add docker default"
+	elog "Similarly for systemd:"
+	elog "  systemctl enable docker.service"
+	elog
+	elog "To use Docker as a non-root user, add yourself to the 'docker' group:"
+	elog "  usermod -aG docker youruser"
+	elog
+}

diff --git a/app-emulation/docker/files/docker-containerd.patch b/app-emulation/docker/files/docker-containerd.patch
new file mode 100644
index 0000000..c53e82e
--- /dev/null
+++ b/app-emulation/docker/files/docker-containerd.patch
@@ -0,0 +1,22 @@
+diff --git a/libcontainerd/remote_linux.go b/libcontainerd/remote_linux.go
+index f0284ca..e44a1d1 100644
+--- a/libcontainerd/remote_linux.go
++++ b/libcontainerd/remote_linux.go
+@@ -27,7 +27,7 @@ const (
+ 	maxConnectionRetryCount   = 3
+ 	connectionRetryDelay      = 3 * time.Second
+ 	containerdShutdownTimeout = 15 * time.Second
+-	containerdBinary          = "docker-containerd"
++	containerdBinary          = "containerd"
+ 	containerdPidFilename     = "docker-containerd.pid"
+ 	containerdSockFilename    = "docker-containerd.sock"
+ 	eventTimestampFilename    = "event.ts"
+@@ -338,7 +338,7 @@ func (r *remote) runContainerdDaemon() error {
+ 	}
+ 
+ 	// Start a new instance
+-	args := []string{"-l", r.rpcAddr, "--runtime", "docker-runc"}
++	args := []string{"-l", r.rpcAddr, "--runtime", "runc"}
+ 	if r.debugLog {
+ 		args = append(args, "--debug", "true")
+ 	}

[gentoo-commits] repo/gentoo:master commit in: app-emulation/docker/, app-emulation/docker/files/

[William Hubbs]

commit:     e09eb23b1edb18d31d26b084f4220ddc9e3e5253
Author:     William Hubbs <williamh <AT> gentoo <DOT> org>
AuthorDate: Mon Feb 27 21:17:12 2017 +0000
Commit:     William Hubbs <williamh <AT> gentoo <DOT> org>
CommitDate: Mon Feb 27 21:17:38 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e09eb23b

app-emulation/docker: rev bump to allow the openrc service log to be split

https://github.com/docker/docker/pull/31314

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 app-emulation/docker/docker-1.13.1-r2.ebuild       | 291 +++++++++++++++++++++
 .../docker/files/1.13.1-split-openrc-log.patch     |  54 ++++
 2 files changed, 345 insertions(+)

diff --git a/app-emulation/docker/docker-1.13.1-r2.ebuild b/app-emulation/docker/docker-1.13.1-r2.ebuild
new file mode 100644
index 0000000000..2b4fec64db
--- /dev/null
+++ b/app-emulation/docker/docker-1.13.1-r2.ebuild
@@ -0,0 +1,291 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+EGO_PN="github.com/docker/docker"
+
+if [[ ${PV} = *9999* ]]; then
+	# Docker cannot be fetched via "go get", thanks to autogenerated code
+	EGIT_REPO_URI="https://${EGO_PN}.git"
+	EGIT_CHECKOUT_DIR="${WORKDIR}/${P}/src/${EGO_PN}"
+	inherit git-r3
+else
+	MY_PV="${PV/_/-}"
+	DOCKER_GITCOMMIT="092cba3"
+	EGIT_COMMIT="v${MY_PV}"
+	SRC_URI="https://${EGO_PN}/archive/${EGIT_COMMIT}.tar.gz -> ${P}.tar.gz"
+	KEYWORDS="~amd64"
+	[ "$DOCKER_GITCOMMIT" ] || die "DOCKER_GITCOMMIT must be added manually for each bump!"
+	inherit golang-vcs-snapshot
+fi
+inherit bash-completion-r1 golang-base linux-info systemd udev user
+
+DESCRIPTION="The core functions you need to create Docker images and run Docker containers"
+HOMEPAGE="https://dockerproject.org"
+LICENSE="Apache-2.0"
+SLOT="0"
+IUSE="apparmor aufs btrfs +container-init +device-mapper hardened overlay pkcs11 seccomp"
+
+# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#build-dependencies
+CDEPEND="
+	>=dev-db/sqlite-3.7.9:3
+	device-mapper? (
+		>=sys-fs/lvm2-2.02.89[thin]
+	)
+	seccomp? ( >=sys-libs/libseccomp-2.2.1 )
+	apparmor? ( sys-libs/libapparmor )
+"
+
+DEPEND="
+	${CDEPEND}
+
+	dev-go/go-md2man
+
+	btrfs? (
+		>=sys-fs/btrfs-progs-3.16.1
+	)
+"
+
+# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#runtime-dependencies
+# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#optional-dependencies
+RDEPEND="
+	${CDEPEND}
+
+	!app-emulation/docker-bin
+	>=net-firewall/iptables-1.4
+	sys-process/procps
+	>=dev-vcs/git-1.7
+	>=app-arch/xz-utils-4.9
+
+	>=app-emulation/containerd-0.2.5
+	app-emulation/docker-runc[apparmor?,seccomp?]
+	app-emulation/docker-proxy
+	container-init? ( >=sys-process/tini-0.13.0[static] )
+"
+
+RESTRICT="installsources strip"
+
+S="${WORKDIR}/${P}/src/${EGO_PN}"
+
+# see "contrib/check-config.sh" from upstream's sources
+CONFIG_CHECK="
+	~NAMESPACES ~NET_NS ~PID_NS ~IPC_NS ~UTS_NS
+	~CGROUPS ~CGROUP_CPUACCT ~CGROUP_DEVICE ~CGROUP_FREEZER ~CGROUP_SCHED ~CPUSETS ~MEMCG
+	~KEYS
+	~VETH ~BRIDGE ~BRIDGE_NETFILTER
+	~NF_NAT_IPV4 ~IP_NF_FILTER ~IP_NF_TARGET_MASQUERADE
+	~NETFILTER_XT_MATCH_ADDRTYPE ~NETFILTER_XT_MATCH_CONNTRACK
+	~NF_NAT ~NF_NAT_NEEDED
+	~POSIX_MQUEUE
+
+	~USER_NS
+	~SECCOMP
+	~CGROUP_PIDS
+	~MEMCG_SWAP ~MEMCG_SWAP_ENABLED
+
+	~BLK_CGROUP ~BLK_DEV_THROTTLING ~IOSCHED_CFQ ~CFQ_GROUP_IOSCHED
+	~CGROUP_PERF
+	~CGROUP_HUGETLB
+	~NET_CLS_CGROUP
+	~CFS_BANDWIDTH ~FAIR_GROUP_SCHED ~RT_GROUP_SCHED
+	~IP_VS ~IP_VS_PROTO_TCP ~IP_VS_PROTO_UDP ~IP_VS_NFCT
+
+	~VXLAN
+	~XFRM_ALGO ~XFRM_USER
+	~IPVLAN
+	~MACVLAN ~DUMMY
+"
+
+ERROR_KEYS="CONFIG_KEYS: is mandatory"
+ERROR_MEMCG_SWAP="CONFIG_MEMCG_SWAP: is required if you wish to limit swap usage of containers"
+ERROR_RESOURCE_COUNTERS="CONFIG_RESOURCE_COUNTERS: is optional for container statistics gathering"
+
+ERROR_BLK_CGROUP="CONFIG_BLK_CGROUP: is optional for container statistics gathering"
+ERROR_IOSCHED_CFQ="CONFIG_IOSCHED_CFQ: is optional for container statistics gathering"
+ERROR_CGROUP_PERF="CONFIG_CGROUP_PERF: is optional for container statistics gathering"
+ERROR_CFS_BANDWIDTH="CONFIG_CFS_BANDWIDTH: is optional for container statistics gathering"
+ERROR_XFRM_ALGO="CONFIG_XFRM_ALGO: is optional for secure networks"
+ERROR_XFRM_USER="CONFIG_XFRM_USER: is optional for secure networks"
+
+PATCHES=(
+	"${FILESDIR}"/${PV}-split-openrc-log.patch
+)
+
+pkg_setup() {
+	if kernel_is lt 3 10; then
+		ewarn ""
+		ewarn "Using Docker with kernels older than 3.10 is unstable and unsupported."
+		ewarn " - http://docs.docker.com/engine/installation/binaries/#check-kernel-dependencies"
+	fi
+
+	# for where these kernel versions come from, see:
+	# https://www.google.com/search?q=945b2b2d259d1a4364a2799e80e8ff32f8c6ee6f+site%3Akernel.org%2Fpub%2Flinux%2Fkernel+file%3AChangeLog*
+	if ! {
+		kernel_is ge 3 16 \
+		|| { kernel_is 3 15 && kernel_is ge 3 15 5; } \
+		|| { kernel_is 3 14 && kernel_is ge 3 14 12; } \
+		|| { kernel_is 3 12 && kernel_is ge 3 12 25; }
+	}; then
+		ewarn ""
+		ewarn "There is a serious Docker-related kernel panic that has been fixed in 3.16+"
+		ewarn "  (and was backported to 3.15.5+, 3.14.12+, and 3.12.25+)"
+		ewarn ""
+		ewarn "See also https://github.com/docker/docker/issues/2960"
+	fi
+
+	if kernel_is le 3 18; then
+		CONFIG_CHECK+="
+			~RESOURCE_COUNTERS
+		"
+	fi
+
+	if kernel_is le 3 13; then
+		CONFIG_CHECK+="
+			~NETPRIO_CGROUP
+		"
+	else
+		CONFIG_CHECK+="
+			~CGROUP_NET_PRIO
+		"
+	fi
+
+	if kernel_is lt 4 5; then
+		CONFIG_CHECK+="
+			~MEMCG_KMEM
+		"
+		ERROR_MEMCG_KMEM="CONFIG_MEMCG_KMEM: is optional"
+	fi
+
+	if kernel_is lt 4 7; then
+		CONFIG_CHECK+="
+			~DEVPTS_MULTIPLE_INSTANCES
+		"
+	fi
+
+	if use aufs; then
+		CONFIG_CHECK+="
+			~AUFS_FS
+			~EXT4_FS_POSIX_ACL ~EXT4_FS_SECURITY
+		"
+		ERROR_AUFS_FS="CONFIG_AUFS_FS: is required to be set if and only if aufs-sources are used instead of aufs4/aufs3"
+	fi
+
+	if use btrfs; then
+		CONFIG_CHECK+="
+			~BTRFS_FS
+			~BTRFS_FS_POSIX_ACL
+		"
+	fi
+
+	if use device-mapper; then
+		CONFIG_CHECK+="
+			~BLK_DEV_DM ~DM_THIN_PROVISIONING ~EXT4_FS ~EXT4_FS_POSIX_ACL ~EXT4_FS_SECURITY
+		"
+	fi
+
+	if use overlay; then
+		CONFIG_CHECK+="
+			~OVERLAY_FS ~EXT4_FS_SECURITY ~EXT4_FS_POSIX_ACL
+		"
+	fi
+
+	linux-info_pkg_setup
+
+	# create docker group for the code checking for it in /etc/group
+	enewgroup docker
+}
+
+src_compile() {
+	export GOPATH="${WORKDIR}/${P}:${PWD}/vendor"
+
+	# setup CFLAGS and LDFLAGS for separate build target
+	# see https://github.com/tianon/docker-overlay/pull/10
+	export CGO_CFLAGS="-I${ROOT}/usr/include"
+	export CGO_LDFLAGS="-L${ROOT}/usr/$(get_libdir)"
+
+	# if we're building from a tarball, we need the GITCOMMIT value
+	[ "$DOCKER_GITCOMMIT" ] && export DOCKER_GITCOMMIT
+
+	if use hardened; then
+		sed -i "s/EXTLDFLAGS_STATIC='/&-fno-PIC /" hack/make.sh || die
+		grep -q -- '-fno-PIC' hack/make.sh || die 'hardened sed failed'
+
+		sed  "s/LDFLAGS_STATIC_DOCKER='/&-extldflags -fno-PIC /" \
+			-i hack/make/dynbinary-client || die
+		sed  "s/LDFLAGS_STATIC_DOCKER='/&-extldflags -fno-PIC /" \
+			-i hack/make/dynbinary-daemon || die
+		grep -q -- '-fno-PIC' hack/make/dynbinary-daemon || die 'hardened sed failed'
+		grep -q -- '-fno-PIC' hack/make/dynbinary-client || die 'hardened sed failed'
+	fi
+
+	# let's set up some optional features :)
+	export DOCKER_BUILDTAGS=''
+	for gd in aufs btrfs device-mapper overlay; do
+		if ! use $gd; then
+			DOCKER_BUILDTAGS+=" exclude_graphdriver_${gd//-/}"
+		fi
+	done
+
+	for tag in apparmor pkcs11 seccomp; do
+		if use $tag; then
+			DOCKER_BUILDTAGS+=" $tag"
+		fi
+	done
+
+	# time to build!
+	./hack/make.sh dynbinary || die 'dynbinary failed'
+
+	# build the man pages too
+	./man/md2man-all.sh || die "unable to generate man pages"
+}
+
+src_install() {
+	VERSION="$(cat VERSION)"
+	newbin "bundles/$VERSION/dynbinary-client/docker-$VERSION" docker
+	newbin "bundles/$VERSION/dynbinary-daemon/dockerd-$VERSION" dockerd
+	dosym containerd /usr/bin/docker-containerd
+	dosym containerd-shim /usr/bin/docker-containerd-shim
+	dosym runc /usr/bin/docker-runc
+	use container-init && dosym tini /usr/bin/docker-init
+
+	newinitd contrib/init/openrc/docker.initd docker
+	newconfd contrib/init/openrc/docker.confd docker
+
+	systemd_dounit contrib/init/systemd/docker.{service,socket}
+
+	udev_dorules contrib/udev/*.rules
+
+	dodoc AUTHORS CONTRIBUTING.md CHANGELOG.md NOTICE README.md
+	dodoc -r docs/*
+	doman man/man*/*
+
+	dobashcomp contrib/completion/bash/*
+
+	insinto /usr/share/zsh/site-functions
+	doins contrib/completion/zsh/_*
+
+	insinto /usr/share/vim/vimfiles
+	doins -r contrib/syntax/vim/ftdetect
+	doins -r contrib/syntax/vim/syntax
+
+	# note: intentionally not using "doins" so that we preserve +x bits
+	dodir /usr/share/${PN}/contrib
+	cp -R contrib/* "${ED}/usr/share/${PN}/contrib"
+}
+
+pkg_postinst() {
+	udev_reload
+
+	elog
+	elog "To use Docker, the Docker daemon must be running as root. To automatically"
+	elog "start the Docker daemon at boot, add Docker to the default runlevel:"
+	elog "  rc-update add docker default"
+	elog "Similarly for systemd:"
+	elog "  systemctl enable docker.service"
+	elog
+	elog "To use Docker as a non-root user, add yourself to the 'docker' group:"
+	elog "  usermod -aG docker youruser"
+	elog
+}

diff --git a/app-emulation/docker/files/1.13.1-split-openrc-log.patch b/app-emulation/docker/files/1.13.1-split-openrc-log.patch
new file mode 100644
index 0000000000..c7cdd224dc
--- /dev/null
+++ b/app-emulation/docker/files/1.13.1-split-openrc-log.patch
@@ -0,0 +1,54 @@
+From 65c1a3be5bf748f95edc45f1391c869bf4ff4a52 Mon Sep 17 00:00:00 2001
+From: William Hubbs <w.d.hubbs@gmail.com>
+Date: Thu, 23 Feb 2017 17:07:26 -0600
+Subject: [PATCH] contrib/init/openrc: allow separate logs for stdout and
+ stderr
+
+Signed-off-by: William Hubbs <w.d.hubbs@gmail.com>
+---
+ contrib/init/openrc/docker.confd | 10 ++++++++++
+ contrib/init/openrc/docker.initd |  4 +++-
+ 2 files changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/contrib/init/openrc/docker.confd b/contrib/init/openrc/docker.confd
+index 2444031..89183de 100644
+--- a/contrib/init/openrc/docker.confd
++++ b/contrib/init/openrc/docker.confd
+@@ -1,8 +1,18 @@
+ # /etc/conf.d/docker: config file for /etc/init.d/docker
+ 
+ # where the docker daemon output gets piped
++# this contains both stdout and stderr. If  you need to separate them,
++# see the settings below
+ #DOCKER_LOGFILE="/var/log/docker.log"
+ 
++# where the docker daemon stdout gets piped
++# if this is not set, DOCKER_LOGFILE is used
++#DOCKER_OUTFILE="/var/log/docker-out.log"
++
++# where the docker daemon stderr gets piped
++# if this is not set, DOCKER_LOGFILE is used
++#DOCKER_ERRFILE="/var/log/docker-err.log"
++
+ # where docker's pid get stored
+ #DOCKER_PIDFILE="/run/docker.pid"
+ 
+diff --git a/contrib/init/openrc/docker.initd b/contrib/init/openrc/docker.initd
+index 5d31603..6c968f6 100644
+--- a/contrib/init/openrc/docker.initd
++++ b/contrib/init/openrc/docker.initd
+@@ -6,8 +6,10 @@ command="${DOCKERD_BINARY:-/usr/bin/dockerd}"
+ pidfile="${DOCKER_PIDFILE:-/run/${RC_SVCNAME}.pid}"
+ command_args="-p \"${pidfile}\" ${DOCKER_OPTS}"
+ DOCKER_LOGFILE="${DOCKER_LOGFILE:-/var/log/${RC_SVCNAME}.log}"
++DOCKER_ERRFILE="${DOCKER_ERRFILE:-${DOCKER_LOGFILE}}"
++DOCKER_OUTFILE="${DOCKER_OUTFILE:-${DOCKER_LOGFILE}}"
+ start_stop_daemon_args="--background \
+-	--stderr \"${DOCKER_LOGFILE}\" --stdout \"${DOCKER_LOGFILE}\""
++	--stderr \"${DOCKER_ERRFILE}\" --stdout \"${DOCKER_OUTFILE}\""
+ 
+ start_pre() {
+ 	checkpath -f -m 0644 -o root:docker "$DOCKER_LOGFILE"
+-- 
+2.10.2
+

[gentoo-commits] repo/gentoo:master commit in: app-emulation/docker/, app-emulation/docker/files/

[Manuel Rüger]

commit:     f76e0c651a4a7b7cc722e3fd506151a786078c70
Author:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Fri Apr  6 22:00:12 2018 +0000
Commit:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Fri Apr  6 22:00:57 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f76e0c65

app-emulation/docker: Add Patch

https://github.com/moby/moby/issues/36809

Package-Manager: Portage-2.3.28, Repoman-2.3.9

 app-emulation/docker/docker-18.03.0-r1.ebuild      | 303 +++++++++++++++++++++
 .../bsc1073877-docker-apparmor-add-signal.patch    |  20 ++
 2 files changed, 323 insertions(+)

diff --git a/app-emulation/docker/docker-18.03.0-r1.ebuild b/app-emulation/docker/docker-18.03.0-r1.ebuild
new file mode 100644
index 00000000000..62b861abdf8
--- /dev/null
+++ b/app-emulation/docker/docker-18.03.0-r1.ebuild
@@ -0,0 +1,303 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+EGO_PN="github.com/docker/docker-ce"
+
+if [[ ${PV} = *9999* ]]; then
+	# Docker cannot be fetched via "go get", thanks to autogenerated code
+	EGIT_REPO_URI="https://${EGO_PN}.git"
+	EGIT_CHECKOUT_DIR="${WORKDIR}/${P}/src/${EGO_PN}"
+	inherit git-r3
+else
+	inherit versionator
+	if [ "$(get_version_component_count)" = 4 ]; then
+		MY_PV="$(replace_version_separator 3 '-ce-')"
+	else
+		MY_PV="$PV-ce"
+	fi
+	DOCKER_GITCOMMIT="0520e24"
+	EGIT_COMMIT="v${MY_PV}"
+	SRC_URI="https://${EGO_PN}/archive/${EGIT_COMMIT}.tar.gz -> ${P}.tar.gz"
+	KEYWORDS="~amd64 ~arm"
+	[ "$DOCKER_GITCOMMIT" ] || die "DOCKER_GITCOMMIT must be added manually for each bump!"
+	inherit golang-vcs-snapshot
+fi
+inherit bash-completion-r1 golang-base linux-info systemd udev user
+
+DESCRIPTION="The core functions you need to create Docker images and run Docker containers"
+HOMEPAGE="https://dockerproject.org"
+LICENSE="Apache-2.0"
+SLOT="0"
+IUSE="apparmor aufs btrfs +container-init +device-mapper hardened +overlay pkcs11 seccomp"
+
+# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#build-dependencies
+CDEPEND="
+	>=dev-db/sqlite-3.7.9:3
+	device-mapper? (
+		>=sys-fs/lvm2-2.02.89[thin]
+	)
+	seccomp? ( >=sys-libs/libseccomp-2.2.1 )
+	apparmor? ( sys-libs/libapparmor )
+"
+
+DEPEND="
+	${CDEPEND}
+
+	dev-go/go-md2man
+
+	btrfs? (
+		>=sys-fs/btrfs-progs-3.16.1
+	)
+"
+
+# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#runtime-dependencies
+# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#optional-dependencies
+RDEPEND="
+	${CDEPEND}
+	>=net-firewall/iptables-1.4
+	sys-process/procps
+	>=dev-vcs/git-1.7
+	>=app-arch/xz-utils-4.9
+	dev-libs/libltdl
+	~app-emulation/containerd-1.0.2
+	~app-emulation/runc-1.0.0_rc5[apparmor?,seccomp?]
+	~app-emulation/docker-proxy-0.8.0_p20180314
+	container-init? ( >=sys-process/tini-0.16.1[static] )
+"
+
+RESTRICT="installsources strip"
+
+S="${WORKDIR}/${P}/src/${EGO_PN}"
+
+PATCHES=( "${FILESDIR}"/bsc1073877-docker-apparmor-add-signal.patch )
+
+# see "contrib/check-config.sh" from upstream's sources
+CONFIG_CHECK="
+	~NAMESPACES ~NET_NS ~PID_NS ~IPC_NS ~UTS_NS
+	~CGROUPS ~CGROUP_CPUACCT ~CGROUP_DEVICE ~CGROUP_FREEZER ~CGROUP_SCHED ~CPUSETS ~MEMCG
+	~KEYS
+	~VETH ~BRIDGE ~BRIDGE_NETFILTER
+	~NF_NAT_IPV4 ~IP_NF_FILTER ~IP_NF_TARGET_MASQUERADE
+	~NETFILTER_XT_MATCH_ADDRTYPE ~NETFILTER_XT_MATCH_CONNTRACK ~NETFILTER_XT_MATCH_IPVS
+	~IP_NF_NAT ~NF_NAT ~NF_NAT_NEEDED
+	~POSIX_MQUEUE
+
+	~USER_NS
+	~SECCOMP
+	~CGROUP_PIDS
+	~MEMCG_SWAP ~MEMCG_SWAP_ENABLED
+
+	~BLK_CGROUP ~BLK_DEV_THROTTLING ~IOSCHED_CFQ ~CFQ_GROUP_IOSCHED
+	~CGROUP_PERF
+	~CGROUP_HUGETLB
+	~NET_CLS_CGROUP
+	~CFS_BANDWIDTH ~FAIR_GROUP_SCHED ~RT_GROUP_SCHED
+	~IP_VS ~IP_VS_PROTO_TCP ~IP_VS_PROTO_UDP ~IP_VS_NFCT ~IP_VS_RR
+
+	~VXLAN
+	~CRYPTO ~CRYPTO_AEAD ~CRYPTO_GCM ~CRYPTO_SEQIV ~CRYPTO_GHASH ~XFRM_ALGO ~XFRM_USER
+	~IPVLAN
+	~MACVLAN ~DUMMY
+"
+
+ERROR_KEYS="CONFIG_KEYS: is mandatory"
+ERROR_MEMCG_SWAP="CONFIG_MEMCG_SWAP: is required if you wish to limit swap usage of containers"
+ERROR_RESOURCE_COUNTERS="CONFIG_RESOURCE_COUNTERS: is optional for container statistics gathering"
+
+ERROR_BLK_CGROUP="CONFIG_BLK_CGROUP: is optional for container statistics gathering"
+ERROR_IOSCHED_CFQ="CONFIG_IOSCHED_CFQ: is optional for container statistics gathering"
+ERROR_CGROUP_PERF="CONFIG_CGROUP_PERF: is optional for container statistics gathering"
+ERROR_CFS_BANDWIDTH="CONFIG_CFS_BANDWIDTH: is optional for container statistics gathering"
+ERROR_XFRM_ALGO="CONFIG_XFRM_ALGO: is optional for secure networks"
+ERROR_XFRM_USER="CONFIG_XFRM_USER: is optional for secure networks"
+
+pkg_setup() {
+	if kernel_is lt 3 10; then
+		ewarn ""
+		ewarn "Using Docker with kernels older than 3.10 is unstable and unsupported."
+		ewarn " - http://docs.docker.com/engine/installation/binaries/#check-kernel-dependencies"
+	fi
+
+	if kernel_is le 3 18; then
+		CONFIG_CHECK+="
+			~RESOURCE_COUNTERS
+		"
+	fi
+
+	if kernel_is le 3 13; then
+		CONFIG_CHECK+="
+			~NETPRIO_CGROUP
+		"
+	else
+		CONFIG_CHECK+="
+			~CGROUP_NET_PRIO
+		"
+	fi
+
+	if kernel_is lt 4 5; then
+		CONFIG_CHECK+="
+			~MEMCG_KMEM
+		"
+		ERROR_MEMCG_KMEM="CONFIG_MEMCG_KMEM: is optional"
+	fi
+
+	if kernel_is lt 4 7; then
+		CONFIG_CHECK+="
+			~DEVPTS_MULTIPLE_INSTANCES
+		"
+	fi
+
+	if use aufs; then
+		CONFIG_CHECK+="
+			~AUFS_FS
+			~EXT4_FS_POSIX_ACL ~EXT4_FS_SECURITY
+		"
+		ERROR_AUFS_FS="CONFIG_AUFS_FS: is required to be set if and only if aufs-sources are used instead of aufs4/aufs3"
+	fi
+
+	if use btrfs; then
+		CONFIG_CHECK+="
+			~BTRFS_FS
+			~BTRFS_FS_POSIX_ACL
+		"
+	fi
+
+	if use device-mapper; then
+		CONFIG_CHECK+="
+			~BLK_DEV_DM ~DM_THIN_PROVISIONING ~EXT4_FS ~EXT4_FS_POSIX_ACL ~EXT4_FS_SECURITY
+		"
+	fi
+
+	if use overlay; then
+		CONFIG_CHECK+="
+			~OVERLAY_FS ~EXT4_FS_SECURITY ~EXT4_FS_POSIX_ACL
+		"
+	fi
+
+	linux-info_pkg_setup
+
+	# create docker group for the code checking for it in /etc/group
+	enewgroup docker
+}
+
+src_compile() {
+	export GOPATH="${WORKDIR}/${P}"
+
+	# setup CFLAGS and LDFLAGS for separate build target
+	# see https://github.com/tianon/docker-overlay/pull/10
+	export CGO_CFLAGS="-I${ROOT}/usr/include"
+	export CGO_LDFLAGS="-L${ROOT}/usr/$(get_libdir)"
+
+	# if we're building from a tarball, we need the GITCOMMIT value
+	[ "$DOCKER_GITCOMMIT" ] && export DOCKER_GITCOMMIT
+
+	# fake golang layout
+	ln -s docker-ce/components/engine ../docker || die
+	ln -s docker-ce/components/cli ../cli || die
+
+	# let's set up some optional features :)
+	export DOCKER_BUILDTAGS=''
+	for gd in aufs btrfs device-mapper overlay; do
+		if ! use $gd; then
+			DOCKER_BUILDTAGS+=" exclude_graphdriver_${gd//-/}"
+		fi
+	done
+
+	for tag in apparmor pkcs11 seccomp; do
+		if use $tag; then
+			DOCKER_BUILDTAGS+=" $tag"
+		fi
+	done
+
+	pushd components/engine || die
+
+	if use hardened; then
+		sed -i "s/EXTLDFLAGS_STATIC='/&-fno-PIC /" hack/make.sh || die
+		grep -q -- '-fno-PIC' hack/make.sh || die 'hardened sed failed'
+		sed  "s/LDFLAGS_STATIC_DOCKER='/&-extldflags -fno-PIC /" \
+			-i hack/make/dynbinary-daemon || die
+		grep -q -- '-fno-PIC' hack/make/dynbinary-daemon || die 'hardened sed failed'
+	fi
+
+	# build daemon
+	VERSION="$(cat ../../VERSION)" \
+	./hack/make.sh dynbinary || die 'dynbinary failed'
+
+	popd || die # components/engine
+
+	pushd components/cli || die
+
+	# build cli
+	emake \
+		LDFLAGS="$(usex hardened '-extldflags -fno-PIC' '')" \
+		VERSION="$(cat ../../VERSION)" \
+		GITCOMMIT="${DOCKER_GITCOMMIT}" \
+		DISABLE_WARN_OUTSIDE_CONTAINER=1 \
+		dynbinary || die
+
+	# build man pages
+	go build -o gen-manpages github.com/docker/cli/man || die
+	./gen-manpages --root . --target ./man/man1 || die
+	./man/md2man-all.sh -q || die
+	rm gen-manpages || die
+	# see "components/cli/scripts/docs/generate-man.sh" (which also does "go get" for go-md2man)
+
+	popd || die # components/cli
+}
+
+src_install() {
+	dosym containerd /usr/bin/docker-containerd
+	dosym containerd-shim /usr/bin/docker-containerd-shim
+	dosym runc /usr/bin/docker-runc
+	use container-init && dosym tini /usr/bin/docker-init
+
+	pushd components/engine || die
+	newbin "$(readlink -f bundles/latest/dynbinary-daemon/dockerd)" dockerd
+
+	newinitd contrib/init/openrc/docker.initd docker
+	newconfd contrib/init/openrc/docker.confd docker
+
+	systemd_dounit contrib/init/systemd/docker.{service,socket}
+
+	udev_dorules contrib/udev/*.rules
+
+	dodoc AUTHORS CONTRIBUTING.md CHANGELOG.md NOTICE README.md
+	dodoc -r docs/*
+
+	insinto /usr/share/vim/vimfiles
+	doins -r contrib/syntax/vim/ftdetect
+	doins -r contrib/syntax/vim/syntax
+
+	# note: intentionally not using "doins" so that we preserve +x bits
+	dodir /usr/share/${PN}/contrib
+	cp -R contrib/* "${ED}/usr/share/${PN}/contrib"
+	popd || die # components/engine
+
+	pushd components/cli || die
+
+	newbin build/docker-* docker
+
+	doman man/man*/*
+
+	dobashcomp contrib/completion/bash/*
+	insinto /usr/share/zsh/site-functions
+	doins contrib/completion/zsh/_*
+	popd || die # components/cli
+}
+
+pkg_postinst() {
+	udev_reload
+
+	elog
+	elog "To use Docker, the Docker daemon must be running as root. To automatically"
+	elog "start the Docker daemon at boot, add Docker to the default runlevel:"
+	elog "  rc-update add docker default"
+	elog "Similarly for systemd:"
+	elog "  systemctl enable docker.service"
+	elog
+	elog "To use Docker as a non-root user, add yourself to the 'docker' group:"
+	elog "  usermod -aG docker youruser"
+	elog
+}

diff --git a/app-emulation/docker/files/bsc1073877-docker-apparmor-add-signal.patch b/app-emulation/docker/files/bsc1073877-docker-apparmor-add-signal.patch
new file mode 100644
index 00000000000..6bc3fa494e3
--- /dev/null
+++ b/app-emulation/docker/files/bsc1073877-docker-apparmor-add-signal.patch
@@ -0,0 +1,20 @@
+From: Goldwyn Rodrigues <rgoldwyn@suse.com>
+Subject: Allow signal mediation while for apparmor profile
+
+Allows docker processes under docker-default ot receive all signals.
+
+Signed-off-by: Goldwyn Rodrigues <rgoldwyn@suse.com>
+---
+ components/engine/profiles/apparmor/template.go |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/components/engine/profiles/apparmor/template.go
++++ b/components/engine/profiles/apparmor/template.go
+@@ -17,6 +17,7 @@ profile {{.Name}} flags=(attach_disconne
+   capability,
+   file,
+   umount,
++  signal (receive) peer=unconfined,
+ 
+   deny @{PROC}/* w,   # deny write for all files directly in /proc (not in a subdir)
+   # deny write to files not in /proc/<number>/** or /proc/sys/**

[gentoo-commits] repo/gentoo:master commit in: app-emulation/docker/, app-emulation/docker/files/

[Manuel Rüger]

commit:     bf1218d4bcf8d5909886ccee0177cd92b68f01e0
Author:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
AuthorDate: Sun Oct 28 17:26:09 2018 +0000
Commit:     Manuel Rüger <mrueg <AT> gentoo <DOT> org>
CommitDate: Sun Oct 28 17:28:49 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bf1218d4

app-emulation/docker: Add new version of apparmor profile patch

Signed-off-by: Manuel Rüger <mrueg <AT> gentoo.org>
Package-Manager: Portage-2.3.51, Repoman-2.3.11

 app-emulation/docker/docker-18.03.1-r1.ebuild      | 303 +++++++++++++++++++++
 .../bsc1073877-docker-apparmor-add-signal-r2.patch |  72 +++++
 2 files changed, 375 insertions(+)

diff --git a/app-emulation/docker/docker-18.03.1-r1.ebuild b/app-emulation/docker/docker-18.03.1-r1.ebuild
new file mode 100644
index 00000000000..0af07da23fd
--- /dev/null
+++ b/app-emulation/docker/docker-18.03.1-r1.ebuild
@@ -0,0 +1,303 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+EGO_PN="github.com/docker/docker-ce"
+
+if [[ ${PV} = *9999* ]]; then
+	# Docker cannot be fetched via "go get", thanks to autogenerated code
+	EGIT_REPO_URI="https://${EGO_PN}.git"
+	EGIT_CHECKOUT_DIR="${WORKDIR}/${P}/src/${EGO_PN}"
+	inherit git-r3
+else
+	inherit versionator
+	if [ "$(get_version_component_count)" = 4 ]; then
+		MY_PV="$(replace_version_separator 3 '-ce-')"
+	else
+		MY_PV="$PV-ce"
+	fi
+	DOCKER_GITCOMMIT="9ee9f40"
+	EGIT_COMMIT="v${MY_PV}"
+	SRC_URI="https://${EGO_PN}/archive/${EGIT_COMMIT}.tar.gz -> ${P}.tar.gz"
+	KEYWORDS="~amd64 ~arm"
+	[ "$DOCKER_GITCOMMIT" ] || die "DOCKER_GITCOMMIT must be added manually for each bump!"
+	inherit golang-vcs-snapshot
+fi
+inherit bash-completion-r1 golang-base linux-info systemd udev user
+
+DESCRIPTION="The core functions you need to create Docker images and run Docker containers"
+HOMEPAGE="https://dockerproject.org"
+LICENSE="Apache-2.0"
+SLOT="0"
+IUSE="apparmor aufs btrfs +container-init +device-mapper hardened +overlay pkcs11 seccomp"
+
+# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#build-dependencies
+CDEPEND="
+	>=dev-db/sqlite-3.7.9:3
+	device-mapper? (
+		>=sys-fs/lvm2-2.02.89[thin]
+	)
+	seccomp? ( >=sys-libs/libseccomp-2.2.1 )
+	apparmor? ( sys-libs/libapparmor )
+"
+
+DEPEND="
+	${CDEPEND}
+
+	dev-go/go-md2man
+
+	btrfs? (
+		>=sys-fs/btrfs-progs-3.16.1
+	)
+"
+
+# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#runtime-dependencies
+# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#optional-dependencies
+RDEPEND="
+	${CDEPEND}
+	>=net-firewall/iptables-1.4
+	sys-process/procps
+	>=dev-vcs/git-1.7
+	>=app-arch/xz-utils-4.9
+	dev-libs/libltdl
+	~app-emulation/containerd-1.0.3
+	~app-emulation/runc-1.0.0_rc5[apparmor?,seccomp?]
+	~app-emulation/docker-proxy-0.8.0_p20180411
+	container-init? ( >=sys-process/tini-0.16.1[static] )
+"
+
+RESTRICT="installsources strip"
+
+S="${WORKDIR}/${P}/src/${EGO_PN}"
+
+PATCHES=( "${FILESDIR}"/bsc1073877-docker-apparmor-add-signal-r1.patch )
+
+# see "contrib/check-config.sh" from upstream's sources
+CONFIG_CHECK="
+	~NAMESPACES ~NET_NS ~PID_NS ~IPC_NS ~UTS_NS
+	~CGROUPS ~CGROUP_CPUACCT ~CGROUP_DEVICE ~CGROUP_FREEZER ~CGROUP_SCHED ~CPUSETS ~MEMCG
+	~KEYS
+	~VETH ~BRIDGE ~BRIDGE_NETFILTER
+	~NF_NAT_IPV4 ~IP_NF_FILTER ~IP_NF_TARGET_MASQUERADE
+	~NETFILTER_XT_MATCH_ADDRTYPE ~NETFILTER_XT_MATCH_CONNTRACK ~NETFILTER_XT_MATCH_IPVS
+	~IP_NF_NAT ~NF_NAT ~NF_NAT_NEEDED
+	~POSIX_MQUEUE
+
+	~USER_NS
+	~SECCOMP
+	~CGROUP_PIDS
+	~MEMCG_SWAP ~MEMCG_SWAP_ENABLED
+
+	~BLK_CGROUP ~BLK_DEV_THROTTLING ~IOSCHED_CFQ ~CFQ_GROUP_IOSCHED
+	~CGROUP_PERF
+	~CGROUP_HUGETLB
+	~NET_CLS_CGROUP
+	~CFS_BANDWIDTH ~FAIR_GROUP_SCHED ~RT_GROUP_SCHED
+	~IP_VS ~IP_VS_PROTO_TCP ~IP_VS_PROTO_UDP ~IP_VS_NFCT ~IP_VS_RR
+
+	~VXLAN
+	~CRYPTO ~CRYPTO_AEAD ~CRYPTO_GCM ~CRYPTO_SEQIV ~CRYPTO_GHASH ~XFRM_ALGO ~XFRM_USER
+	~IPVLAN
+	~MACVLAN ~DUMMY
+"
+
+ERROR_KEYS="CONFIG_KEYS: is mandatory"
+ERROR_MEMCG_SWAP="CONFIG_MEMCG_SWAP: is required if you wish to limit swap usage of containers"
+ERROR_RESOURCE_COUNTERS="CONFIG_RESOURCE_COUNTERS: is optional for container statistics gathering"
+
+ERROR_BLK_CGROUP="CONFIG_BLK_CGROUP: is optional for container statistics gathering"
+ERROR_IOSCHED_CFQ="CONFIG_IOSCHED_CFQ: is optional for container statistics gathering"
+ERROR_CGROUP_PERF="CONFIG_CGROUP_PERF: is optional for container statistics gathering"
+ERROR_CFS_BANDWIDTH="CONFIG_CFS_BANDWIDTH: is optional for container statistics gathering"
+ERROR_XFRM_ALGO="CONFIG_XFRM_ALGO: is optional for secure networks"
+ERROR_XFRM_USER="CONFIG_XFRM_USER: is optional for secure networks"
+
+pkg_setup() {
+	if kernel_is lt 3 10; then
+		ewarn ""
+		ewarn "Using Docker with kernels older than 3.10 is unstable and unsupported."
+		ewarn " - http://docs.docker.com/engine/installation/binaries/#check-kernel-dependencies"
+	fi
+
+	if kernel_is le 3 18; then
+		CONFIG_CHECK+="
+			~RESOURCE_COUNTERS
+		"
+	fi
+
+	if kernel_is le 3 13; then
+		CONFIG_CHECK+="
+			~NETPRIO_CGROUP
+		"
+	else
+		CONFIG_CHECK+="
+			~CGROUP_NET_PRIO
+		"
+	fi
+
+	if kernel_is lt 4 5; then
+		CONFIG_CHECK+="
+			~MEMCG_KMEM
+		"
+		ERROR_MEMCG_KMEM="CONFIG_MEMCG_KMEM: is optional"
+	fi
+
+	if kernel_is lt 4 7; then
+		CONFIG_CHECK+="
+			~DEVPTS_MULTIPLE_INSTANCES
+		"
+	fi
+
+	if use aufs; then
+		CONFIG_CHECK+="
+			~AUFS_FS
+			~EXT4_FS_POSIX_ACL ~EXT4_FS_SECURITY
+		"
+		ERROR_AUFS_FS="CONFIG_AUFS_FS: is required to be set if and only if aufs-sources are used instead of aufs4/aufs3"
+	fi
+
+	if use btrfs; then
+		CONFIG_CHECK+="
+			~BTRFS_FS
+			~BTRFS_FS_POSIX_ACL
+		"
+	fi
+
+	if use device-mapper; then
+		CONFIG_CHECK+="
+			~BLK_DEV_DM ~DM_THIN_PROVISIONING ~EXT4_FS ~EXT4_FS_POSIX_ACL ~EXT4_FS_SECURITY
+		"
+	fi
+
+	if use overlay; then
+		CONFIG_CHECK+="
+			~OVERLAY_FS ~EXT4_FS_SECURITY ~EXT4_FS_POSIX_ACL
+		"
+	fi
+
+	linux-info_pkg_setup
+
+	# create docker group for the code checking for it in /etc/group
+	enewgroup docker
+}
+
+src_compile() {
+	export GOPATH="${WORKDIR}/${P}"
+
+	# setup CFLAGS and LDFLAGS for separate build target
+	# see https://github.com/tianon/docker-overlay/pull/10
+	export CGO_CFLAGS="-I${ROOT}/usr/include"
+	export CGO_LDFLAGS="-L${ROOT}/usr/$(get_libdir)"
+
+	# if we're building from a tarball, we need the GITCOMMIT value
+	[ "$DOCKER_GITCOMMIT" ] && export DOCKER_GITCOMMIT
+
+	# fake golang layout
+	ln -s docker-ce/components/engine ../docker || die
+	ln -s docker-ce/components/cli ../cli || die
+
+	# let's set up some optional features :)
+	export DOCKER_BUILDTAGS=''
+	for gd in aufs btrfs device-mapper overlay; do
+		if ! use $gd; then
+			DOCKER_BUILDTAGS+=" exclude_graphdriver_${gd//-/}"
+		fi
+	done
+
+	for tag in apparmor pkcs11 seccomp; do
+		if use $tag; then
+			DOCKER_BUILDTAGS+=" $tag"
+		fi
+	done
+
+	pushd components/engine || die
+
+	if use hardened; then
+		sed -i "s/EXTLDFLAGS_STATIC='/&-fno-PIC /" hack/make.sh || die
+		grep -q -- '-fno-PIC' hack/make.sh || die 'hardened sed failed'
+		sed  "s/LDFLAGS_STATIC_DOCKER='/&-extldflags -fno-PIC /" \
+			-i hack/make/dynbinary-daemon || die
+		grep -q -- '-fno-PIC' hack/make/dynbinary-daemon || die 'hardened sed failed'
+	fi
+
+	# build daemon
+	VERSION="$(cat ../../VERSION)" \
+	./hack/make.sh dynbinary || die 'dynbinary failed'
+
+	popd || die # components/engine
+
+	pushd components/cli || die
+
+	# build cli
+	emake \
+		LDFLAGS="$(usex hardened '-extldflags -fno-PIC' '')" \
+		VERSION="$(cat ../../VERSION)" \
+		GITCOMMIT="${DOCKER_GITCOMMIT}" \
+		DISABLE_WARN_OUTSIDE_CONTAINER=1 \
+		dynbinary || die
+
+	# build man pages
+	go build -o gen-manpages github.com/docker/cli/man || die
+	./gen-manpages --root . --target ./man/man1 || die
+	./man/md2man-all.sh -q || die
+	rm gen-manpages || die
+	# see "components/cli/scripts/docs/generate-man.sh" (which also does "go get" for go-md2man)
+
+	popd || die # components/cli
+}
+
+src_install() {
+	dosym containerd /usr/bin/docker-containerd
+	dosym containerd-shim /usr/bin/docker-containerd-shim
+	dosym runc /usr/bin/docker-runc
+	use container-init && dosym tini /usr/bin/docker-init
+
+	pushd components/engine || die
+	newbin "$(readlink -f bundles/latest/dynbinary-daemon/dockerd)" dockerd
+
+	newinitd contrib/init/openrc/docker.initd docker
+	newconfd contrib/init/openrc/docker.confd docker
+
+	systemd_dounit contrib/init/systemd/docker.{service,socket}
+
+	udev_dorules contrib/udev/*.rules
+
+	dodoc AUTHORS CONTRIBUTING.md CHANGELOG.md NOTICE README.md
+	dodoc -r docs/*
+
+	insinto /usr/share/vim/vimfiles
+	doins -r contrib/syntax/vim/ftdetect
+	doins -r contrib/syntax/vim/syntax
+
+	# note: intentionally not using "doins" so that we preserve +x bits
+	dodir /usr/share/${PN}/contrib
+	cp -R contrib/* "${ED}/usr/share/${PN}/contrib"
+	popd || die # components/engine
+
+	pushd components/cli || die
+
+	newbin build/docker-* docker
+
+	doman man/man*/*
+
+	dobashcomp contrib/completion/bash/*
+	insinto /usr/share/zsh/site-functions
+	doins contrib/completion/zsh/_*
+	popd || die # components/cli
+}
+
+pkg_postinst() {
+	udev_reload
+
+	elog
+	elog "To use Docker, the Docker daemon must be running as root. To automatically"
+	elog "start the Docker daemon at boot, add Docker to the default runlevel:"
+	elog "  rc-update add docker default"
+	elog "Similarly for systemd:"
+	elog "  systemctl enable docker.service"
+	elog
+	elog "To use Docker as a non-root user, add yourself to the 'docker' group:"
+	elog "  usermod -aG docker youruser"
+	elog
+}

diff --git a/app-emulation/docker/files/bsc1073877-docker-apparmor-add-signal-r2.patch b/app-emulation/docker/files/bsc1073877-docker-apparmor-add-signal-r2.patch
new file mode 100644
index 00000000000..fd365425fb9
--- /dev/null
+++ b/app-emulation/docker/files/bsc1073877-docker-apparmor-add-signal-r2.patch
@@ -0,0 +1,72 @@
+From 4822fb1e2423d88cdf0ad5d039b8fd3274b05401 Mon Sep 17 00:00:00 2001
+From: Aleksa Sarai <asarai@suse.de>
+Date: Sun, 8 Apr 2018 20:21:30 +1000
+Subject: [PATCH] apparmor: allow receiving of signals from 'docker kill'
+
+In newer kernels, AppArmor will reject attempts to send signals to a
+container because the signal originated from outside of that AppArmor
+profile. Correct this by allowing all unconfined signals to be received.
+
+Signed-off-by: Goldwyn Rodrigues <rgoldwyn@suse.com>
+Signed-off-by: Aleksa Sarai <asarai@suse.de>
+---
+ profiles/apparmor/apparmor.go | 21 +++++++++++++++++++++
+ profiles/apparmor/template.go |  6 ++++++
+ 2 files changed, 27 insertions(+)
+
+diff --git a/components/engine/profiles/apparmor/apparmor.go b/components/engine/profiles/apparmor/apparmor.go
+index b021668c8e4c..2f58ee852cab 100644
+--- a/components/engine/profiles/apparmor/apparmor.go
++++ b/components/engine/profiles/apparmor/apparmor.go
+@@ -23,6 +23,8 @@ var (
+ type profileData struct {
+ 	// Name is profile name.
+ 	Name string
++	// DaemonProfile is the profile name of our daemon.
++	DaemonProfile string
+ 	// Imports defines the apparmor functions to import, before defining the profile.
+ 	Imports []string
+ 	// InnerImports defines the apparmor functions to import in the profile.
+@@ -70,6 +72,25 @@ func InstallDefault(name string) error {
+ 		Name: name,
+ 	}
+ 
++	// Figure out the daemon profile.
++	currentProfile, err := ioutil.ReadFile("/proc/self/attr/current")
++	if err != nil {
++		// If we couldn't get the daemon profile, assume we are running
++		// unconfined which is generally the default.
++		currentProfile = nil
++	}
++	daemonProfile := string(currentProfile)
++	// Normally profiles are suffixed by " (enforcing)" or similar. AppArmor
++	// profiles cannot contain spaces so this doesn't restrict daemon profile
++	// names.
++	if parts := strings.SplitN(daemonProfile, " ", 2); len(parts) >= 1 {
++		daemonProfile = parts[0]
++	}
++	if daemonProfile == "" {
++		daemonProfile = "unconfined"
++	}
++	p.DaemonProfile = daemonProfile
++
+ 	// Install to a temporary directory.
+ 	f, err := ioutil.TempFile("", name)
+ 	if err != nil {
+diff --git a/components/engine/profiles/apparmor/template.go b/components/engine/profiles/apparmor/template.go
+index c00a3f70e993..400b3bd50a11 100644
+--- a/components/engine/profiles/apparmor/template.go
++++ b/components/engine/profiles/apparmor/template.go
+@@ -17,6 +17,12 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) {
+   capability,
+   file,
+   umount,
++{{if ge .Version 208096}}
++{{/* Allow 'docker kill' to actually send signals to container processes. */}}
++  signal (receive) peer={{.DaemonProfile}},
++{{/* Allow container processes to send signals amongst themselves. */}}
++  signal (send,receive) peer={{.Name}},
++{{end}}
+ 
+   deny @{PROC}/* w,   # deny write for all files directly in /proc (not in a subdir)
+   # deny write to files not in /proc/<number>/** or /proc/sys/**

[gentoo-commits] repo/gentoo:master commit in: app-emulation/docker/, app-emulation/docker/files/

[Georgy Yakovlev]

commit:     a86d23a290bba9f7c9135c181579c350086f2599
Author:     Georgy Yakovlev <gyakovlev <AT> gentoo <DOT> org>
AuthorDate: Thu Apr 22 07:44:44 2021 +0000
Commit:     Georgy Yakovlev <gyakovlev <AT> gentoo <DOT> org>
CommitDate: Thu Apr 22 07:48:04 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a86d23a2

app-emulation/docker: add /dev/null patch to 20.10.6

Bug: https://bugs.gentoo.org/748984
Package-Manager: Portage-3.0.18, Repoman-3.0.3
Signed-off-by: Georgy Yakovlev <gyakovlev <AT> gentoo.org>

 ...ker-20.10.6.ebuild => docker-20.10.6-r1.ebuild} |  7 ++++++
 .../docker/files/etcd-F_OFD_GETLK-fix.patch        | 28 ++++++++++++++++++++++
 2 files changed, 35 insertions(+)

diff --git a/app-emulation/docker/docker-20.10.6.ebuild b/app-emulation/docker/docker-20.10.6-r1.ebuild
similarity index 97%
rename from app-emulation/docker/docker-20.10.6.ebuild
rename to app-emulation/docker/docker-20.10.6-r1.ebuild
index ac40f8d7328..50015f97773 100644
--- a/app-emulation/docker/docker-20.10.6.ebuild
+++ b/app-emulation/docker/docker-20.10.6-r1.ebuild
@@ -158,6 +158,13 @@ pkg_setup() {
 	linux-info_pkg_setup
 }
 
+src_prepare() {
+	default
+	pushd "${S}/vendor/github.com/coreos/etcd" >/dev/null || die
+	eapply "${FILESDIR}/etcd-F_OFD_GETLK-fix.patch"
+	popd >/dev/null || die
+}
+
 src_compile() {
 	export DOCKER_GITCOMMIT="${GIT_COMMIT}"
 	export GOPATH="${WORKDIR}/${P}"

diff --git a/app-emulation/docker/files/etcd-F_OFD_GETLK-fix.patch b/app-emulation/docker/files/etcd-F_OFD_GETLK-fix.patch
new file mode 100644
index 00000000000..d912e59e985
--- /dev/null
+++ b/app-emulation/docker/files/etcd-F_OFD_GETLK-fix.patch
@@ -0,0 +1,28 @@
+From ec81adb21605acd56b122bc35c53644b13d3ab7e Mon Sep 17 00:00:00 2001
+From: Moritz Both <mb@aldebaran.de>
+Date: Sun, 1 Nov 2020 23:20:12 +0100
+Subject: [PATCH] pkg/fileutil: fix constant for linux locking
+
+The constant F_OFD_GETLK is 36, not 37, according to
+/usr/include/bits/fcntl-linux.h
+Credits go to joakim-tjernlund who digged deep enough
+to find this.
+
+Fixes #31182
+---
+ pkg/fileutil/lock_linux.go | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/pkg/fileutil/lock_linux.go b/pkg/fileutil/lock_linux.go
+index 939fea62381..004d35fa23b 100644
+--- a/pkg/fileutil/lock_linux.go
++++ b/pkg/fileutil/lock_linux.go
+@@ -29,7 +29,7 @@ import (
+ //
+ // constants from /usr/include/bits/fcntl-linux.h
+ const (
+-	F_OFD_GETLK  = 37
++	F_OFD_GETLK  = 36
+ 	F_OFD_SETLK  = 37
+ 	F_OFD_SETLKW = 38
+ )

[gentoo-commits] repo/gentoo:master commit in: app-emulation/docker/, app-emulation/docker/files/

[Georgy Yakovlev]

commit:     c6ec5086fd71473ce5f71a0aac0d2761811a499a
Author:     Georgy Yakovlev <gyakovlev <AT> gentoo <DOT> org>
AuthorDate: Thu Apr 22 16:39:52 2021 +0000
Commit:     Georgy Yakovlev <gyakovlev <AT> gentoo <DOT> org>
CommitDate: Thu Apr 22 16:41:13 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c6ec5086

app-emulation/docker: rebase patch, get rid of custom src_prepare

Package-Manager: Portage-3.0.18, Repoman-3.0.3
Signed-off-by: Georgy Yakovlev <gyakovlev <AT> gentoo.org>

 app-emulation/docker/docker-20.10.6-r1.ebuild         | 11 +++--------
 app-emulation/docker/files/etcd-F_OFD_GETLK-fix.patch |  4 ++--
 2 files changed, 5 insertions(+), 10 deletions(-)

diff --git a/app-emulation/docker/docker-20.10.6-r1.ebuild b/app-emulation/docker/docker-20.10.6-r1.ebuild
index 798980694c7..2b99383d6b7 100644
--- a/app-emulation/docker/docker-20.10.6-r1.ebuild
+++ b/app-emulation/docker/docker-20.10.6-r1.ebuild
@@ -54,6 +54,9 @@ RESTRICT="installsources strip"
 
 S="${WORKDIR}/${P}/src/${EGO_PN}"
 
+# https://bugs.gentoo.org/748984 https://github.com/etcd-io/etcd/pull/12552
+PATCHES=( "${FILESDIR}/etcd-F_OFD_GETLK-fix.patch" )
+
 # see "contrib/check-config.sh" from upstream's sources
 CONFIG_CHECK="
 	~NAMESPACES ~NET_NS ~PID_NS ~IPC_NS ~UTS_NS
@@ -158,14 +161,6 @@ pkg_setup() {
 	linux-info_pkg_setup
 }
 
-src_prepare() {
-	default
-	# https://bugs.gentoo.org/748984 https://github.com/etcd-io/etcd/pull/12552
-	pushd "${S}/vendor/github.com/coreos/etcd" >/dev/null || die
-	eapply "${FILESDIR}/etcd-F_OFD_GETLK-fix.patch"
-	popd >/dev/null || die
-}
-
 src_compile() {
 	export DOCKER_GITCOMMIT="${GIT_COMMIT}"
 	export GOPATH="${WORKDIR}/${P}"

diff --git a/app-emulation/docker/files/etcd-F_OFD_GETLK-fix.patch b/app-emulation/docker/files/etcd-F_OFD_GETLK-fix.patch
index d912e59e985..bd574e26f04 100644
--- a/app-emulation/docker/files/etcd-F_OFD_GETLK-fix.patch
+++ b/app-emulation/docker/files/etcd-F_OFD_GETLK-fix.patch
@@ -15,8 +15,8 @@ Fixes #31182
 
 diff --git a/pkg/fileutil/lock_linux.go b/pkg/fileutil/lock_linux.go
 index 939fea62381..004d35fa23b 100644
---- a/pkg/fileutil/lock_linux.go
-+++ b/pkg/fileutil/lock_linux.go
+--- a/vendor/github.com/coreos/etcd/pkg/fileutil/lock_linux.go
++++ b/vendor/github.com/coreos/etcd/pkg/fileutil/lock_linux.go
 @@ -29,7 +29,7 @@ import (
  //
  // constants from /usr/include/bits/fcntl-linux.h

[gentoo-commits] repo/gentoo:master commit in: app-emulation/docker/, app-emulation/docker/files/

[Georgy Yakovlev]

commit:     cec1c0dc8c45379e67a50019333fe65743f60c7b
Author:     Georgy Yakovlev <gyakovlev <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 10 23:26:17 2021 +0000
Commit:     Georgy Yakovlev <gyakovlev <AT> gentoo <DOT> org>
CommitDate: Thu Jun 10 23:26:55 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cec1c0dc

app-emulation/docker: add ppc64 buildmode patch

Signed-off-by: Georgy Yakovlev <gyakovlev <AT> gentoo.org>

 app-emulation/docker/docker-20.10.7.ebuild       |  5 +++-
 app-emulation/docker/files/ppc64-buildmode.patch | 30 ++++++++++++++++++++++++
 2 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/app-emulation/docker/docker-20.10.7.ebuild b/app-emulation/docker/docker-20.10.7.ebuild
index 6636481017d..611164ae3ab 100644
--- a/app-emulation/docker/docker-20.10.7.ebuild
+++ b/app-emulation/docker/docker-20.10.7.ebuild
@@ -55,7 +55,10 @@ RESTRICT="installsources strip test"
 S="${WORKDIR}/${P}/src/${EGO_PN}"
 
 # https://bugs.gentoo.org/748984 https://github.com/etcd-io/etcd/pull/12552
-PATCHES=( "${FILESDIR}/etcd-F_OFD_GETLK-fix.patch" )
+PATCHES=( 
+	"${FILESDIR}/etcd-F_OFD_GETLK-fix.patch"
+	"${FILESDIR}/ppc64-buildmode.patch"
+)
 
 # see "contrib/check-config.sh" from upstream's sources
 CONFIG_CHECK="

diff --git a/app-emulation/docker/files/ppc64-buildmode.patch b/app-emulation/docker/files/ppc64-buildmode.patch
new file mode 100644
index 00000000000..f16756e8504
--- /dev/null
+++ b/app-emulation/docker/files/ppc64-buildmode.patch
@@ -0,0 +1,30 @@
+From c4135e37e54a6480abfe18746f227f05cb9269ab Mon Sep 17 00:00:00 2001
+From: Georgy Yakovlev <gyakovlev@gentoo.org>
+Date: Thu, 10 Jun 2021 16:19:22 -0700
+Subject: [PATCH] don't use buildmode=pie on ppc64
+
+It's already omitted for ppc64 in
+hack/dockerfile/install/install.sh
+not using wildcard, because GOARCH=ppc64le supports pie
+
+Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>
+---
+ hack/make/.binary | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hack/make/.binary b/hack/make/.binary
+index 5ea3e373f2..7a911de15a 100644
+--- a/hack/make/.binary
++++ b/hack/make/.binary
+@@ -70,7 +70,7 @@ hash_files() {
+ 
+ 	# -buildmode=pie is not supported on Windows and Linux on mips and riscv64.
+ 	case "$(go env GOOS)/$(go env GOARCH)" in
+-		windows/* | linux/mips* | linux/riscv*) ;;
++		windows/* | linux/mips* | linux/riscv* | linux/ppc64) ;;
+ 
+ 		*)
+ 			BUILDFLAGS+=("-buildmode=pie")
+-- 
+2.32.0
+