diff --git a/0001-revert-any-to-interface-temporarily-allow-builtable.patch b/0001-revert-any-to-interface-temporarily-allow-builtable.patch deleted file mode 100644 index 26d18977f5881a08503ed24f06ec4ea19332726b..0000000000000000000000000000000000000000 --- a/0001-revert-any-to-interface-temporarily-allow-builtable.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 402a2c8ed1e509a917cf7a22609e49aea2bc0921 Mon Sep 17 00:00:00 2001 -From: wanglimin -Date: Wed, 21 Dec 2022 09:49:14 +0800 -Subject: [PATCH] revert any to interface{} temporarily to allow builtable with - golang-1.17.x it will be withdrawed if golang upgrade to 1.18.x in the branch - ---- - vendor/archive/tar/common.go | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/vendor/archive/tar/common.go b/vendor/archive/tar/common.go -index c99b5c1..595de64 100644 ---- a/vendor/archive/tar/common.go -+++ b/vendor/archive/tar/common.go -@@ -538,7 +538,7 @@ type headerFileInfo struct { - func (fi headerFileInfo) Size() int64 { return fi.h.Size } - func (fi headerFileInfo) IsDir() bool { return fi.Mode().IsDir() } - func (fi headerFileInfo) ModTime() time.Time { return fi.h.ModTime } --func (fi headerFileInfo) Sys() any { return fi.h } -+func (fi headerFileInfo) Sys() interface{} { return fi.h } - - // Name returns the base name of the file. - func (fi headerFileInfo) Name() string { --- -2.21.0 - diff --git a/awslogs-fix-non-blocking-log-drop-bug.patch b/awslogs-fix-non-blocking-log-drop-bug.patch new file mode 100644 index 0000000000000000000000000000000000000000..f2539a5e550071065c60e17c0e240d205e642ef9 --- /dev/null +++ b/awslogs-fix-non-blocking-log-drop-bug.patch @@ -0,0 +1,149 @@ +From ad45ece6fe93c6870080341daa12fe8da6271fa9 Mon Sep 17 00:00:00 2001 +From: Wesley Pettit +Date: Wed, 29 Mar 2023 16:09:07 -0700 +Subject: [PATCH 451/483] awslogs: fix non-blocking log drop bug + +Previously, the AWSLogs driver attempted to implement +non-blocking itself. Non-blocking is supposed to +implemented solely by the Docker RingBuffer that +wraps the log driver. + +Please see issue and explanation here: +https://github.com/moby/moby/issues/45217 + +Signed-off-by: Wesley Pettit +(cherry picked from commit c8f8d11ac42c16be9779565093e6a45bcf1a3b7b) +--- + daemon/logger/awslogs/cloudwatchlogs.go | 18 ++--------- + daemon/logger/awslogs/cloudwatchlogs_test.go | 32 ++------------------ + 2 files changed, 6 insertions(+), 44 deletions(-) + +diff --git a/daemon/logger/awslogs/cloudwatchlogs.go b/daemon/logger/awslogs/cloudwatchlogs.go +index acaf261c93..5ceb0c913f 100644 +--- a/daemon/logger/awslogs/cloudwatchlogs.go ++++ b/daemon/logger/awslogs/cloudwatchlogs.go +@@ -71,7 +71,6 @@ type logStream struct { + logStreamName string + logGroupName string + logCreateGroup bool +- logNonBlocking bool + forceFlushInterval time.Duration + multilinePattern *regexp.Regexp + client api +@@ -85,7 +84,6 @@ type logStreamConfig struct { + logStreamName string + logGroupName string + logCreateGroup bool +- logNonBlocking bool + forceFlushInterval time.Duration + maxBufferedEvents int + multilinePattern *regexp.Regexp +@@ -147,11 +145,12 @@ func New(info logger.Info) (logger.Logger, error) { + return nil, err + } + ++ logNonBlocking := info.Config["mode"] == "non-blocking" ++ + containerStream := &logStream{ + logStreamName: containerStreamConfig.logStreamName, + logGroupName: containerStreamConfig.logGroupName, + logCreateGroup: containerStreamConfig.logCreateGroup, +- logNonBlocking: containerStreamConfig.logNonBlocking, + forceFlushInterval: containerStreamConfig.forceFlushInterval, + multilinePattern: containerStreamConfig.multilinePattern, + client: client, +@@ -159,7 +158,7 @@ func New(info logger.Info) (logger.Logger, error) { + } + + creationDone := make(chan bool) +- if containerStream.logNonBlocking { ++ if logNonBlocking { + go func() { + backoff := 1 + maxBackoff := 32 +@@ -215,8 +214,6 @@ func newStreamConfig(info logger.Info) (*logStreamConfig, error) { + } + } + +- logNonBlocking := info.Config["mode"] == "non-blocking" +- + forceFlushInterval := defaultForceFlushInterval + if info.Config[forceFlushIntervalKey] != "" { + forceFlushIntervalAsInt, err := strconv.Atoi(info.Config[forceFlushIntervalKey]) +@@ -247,7 +244,6 @@ func newStreamConfig(info logger.Info) (*logStreamConfig, error) { + logStreamName: logStreamName, + logGroupName: logGroupName, + logCreateGroup: logCreateGroup, +- logNonBlocking: logNonBlocking, + forceFlushInterval: forceFlushInterval, + maxBufferedEvents: maxBufferedEvents, + multilinePattern: multilinePattern, +@@ -412,14 +408,6 @@ func (l *logStream) Log(msg *logger.Message) error { + if l.closed { + return errors.New("awslogs is closed") + } +- if l.logNonBlocking { +- select { +- case l.messages <- msg: +- return nil +- default: +- return errors.New("awslogs buffer is full") +- } +- } + l.messages <- msg + return nil + } +diff --git a/daemon/logger/awslogs/cloudwatchlogs_test.go b/daemon/logger/awslogs/cloudwatchlogs_test.go +index 688a3b5e2f..c5a0788303 100644 +--- a/daemon/logger/awslogs/cloudwatchlogs_test.go ++++ b/daemon/logger/awslogs/cloudwatchlogs_test.go +@@ -325,42 +325,16 @@ func TestLogBlocking(t *testing.T) { + } + } + +-func TestLogNonBlockingBufferEmpty(t *testing.T) { ++func TestLogBufferEmpty(t *testing.T) { + mockClient := newMockClient() + stream := &logStream{ +- client: mockClient, +- messages: make(chan *logger.Message, 1), +- logNonBlocking: true, ++ client: mockClient, ++ messages: make(chan *logger.Message, 1), + } + err := stream.Log(&logger.Message{}) + assert.NilError(t, err) + } + +-func TestLogNonBlockingBufferFull(t *testing.T) { +- mockClient := newMockClient() +- stream := &logStream{ +- client: mockClient, +- messages: make(chan *logger.Message, 1), +- logNonBlocking: true, +- } +- stream.messages <- &logger.Message{} +- errorCh := make(chan error, 1) +- started := make(chan bool) +- go func() { +- started <- true +- err := stream.Log(&logger.Message{}) +- errorCh <- err +- }() +- <-started +- select { +- case err := <-errorCh: +- if err == nil { +- t.Fatal("Expected non-nil error") +- } +- case <-time.After(30 * time.Second): +- t.Fatal("Expected Log call to not block") +- } +-} + func TestPublishBatchSuccess(t *testing.T) { + mockClient := newMockClient() + stream := &logStream{ +-- +2.32.0 (Apple Git-132) + + diff --git a/cli-20.10.21.tar.gz b/cli-20.10.24.tar.gz similarity index 49% rename from cli-20.10.21.tar.gz rename to cli-20.10.24.tar.gz index 50984e80c9f92f311f6781318ac345a23e127b13..0915c2c2189383e33ac3ad044d8915e08e851c80 100644 Binary files a/cli-20.10.21.tar.gz and b/cli-20.10.24.tar.gz differ diff --git a/daemon-prepare-MountPoints-fix-panic-if-mount.patch b/daemon-prepare-MountPoints-fix-panic-if-mount.patch new file mode 100644 index 0000000000000000000000000000000000000000..90b7e00b4c879b8b4dd69cca133118fb53ed58f8 --- /dev/null +++ b/daemon-prepare-MountPoints-fix-panic-if-mount.patch @@ -0,0 +1,54 @@ +From 44152f6fb66da0ade1aa226f0b66ebbaa43d54b1 Mon Sep 17 00:00:00 2001 +From: Sebastiaan van Stijn +Date: Fri, 7 Jul 2023 14:54:04 +0200 +Subject: [PATCH 478/483] daemon: daemon.prepareMountPoints(): fix panic if + mount is not a volume + +The daemon.lazyInitializeVolume() function only handles restoring Volumes +if a Driver is specified. The Container's MountPoints field may also +contain other kind of mounts (e.g., bind-mounts). Those were ignored, and +don't return an error; https://github.com/moby/moby/blob/1d9c8619cded4657af1529779c5771127e8ad0e7/daemon/volumes.go#L243-L252C2 + +However, the prepareMountPoints() assumed each MountPoint was a volume, +and logged an informational message about the volume being restored; +https://github.com/moby/moby/blob/1d9c8619cded4657af1529779c5771127e8ad0e7/daemon/mounts.go#L18-L25 + +This would panic if the MountPoint was not a volume; + + github.com/docker/docker/daemon.(*Daemon).prepareMountPoints(0xc00054b7b8?, 0xc0007c2500) + /root/rpmbuild/BUILD/src/engine/.gopath/src/github.com/docker/docker/daemon/mounts.go:24 +0x1c0 + github.com/docker/docker/daemon.(*Daemon).restore.func5(0xc0007c2500, 0x0?) + /root/rpmbuild/BUILD/src/engine/.gopath/src/github.com/docker/docker/daemon/daemon.go:552 +0x271 + created by github.com/docker/docker/daemon.(*Daemon).restore + /root/rpmbuild/BUILD/src/engine/.gopath/src/github.com/docker/docker/daemon/daemon.go:530 +0x8d8 + panic: runtime error: invalid memory address or nil pointer dereference + [signal SIGSEGV: segmentation violation code=0x1 addr=0x30 pc=0x564e9be4c7c0] + +This issue was introduced in 647c2a6cdd86d79230df1bf690d0b6a2930d6db2 + +Signed-off-by: Sebastiaan van Stijn +(cherry picked from commit a490248f4d19164d78d3ef4f91cf142c3aad1790) +Signed-off-by: Cory Snider +--- + daemon/mounts.go | 4 ++++ + 1 files changed, 4 insertions(+) + +diff --git a/daemon/mounts.go b/daemon/mounts.go +index 424e375037..3c79b0d447 100644 +--- a/daemon/mounts.go ++++ b/daemon/mounts.go +@@ -15,6 +15,10 @@ func (daemon *Daemon) prepareMountPoints(container *container.Container) error { + if err := daemon.lazyInitializeVolume(container.ID, config); err != nil { + return err + } ++ if config.Volume == nil { ++ // FIXME(thaJeztah): should we check for config.Type here as well? (i.e., skip bind-mounts etc) ++ continue ++ } + } + return nil + } +-- +2.32.0 (Apple Git-132) + + diff --git a/docker.service b/docker.service index b5400bbba3ec471c434392b53b3da38bdbd185a7..f3da34446c59204510e99c4ec6ad5e07de3973fa 100644 --- a/docker.service +++ b/docker.service @@ -1,16 +1,17 @@ [Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com -After=network-online.target docker.socket firewalld.service containerd.service +After=network-online.target docker.socket firewalld.service Wants=network-online.target -Requires=docker.socket containerd.service +Requires=docker.socket [Service] Type=notify +EnvironmentFile=-/etc/sysconfig/docker # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required # for containers run by docker -ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock +ExecStart=/usr/bin/dockerd -H fd:// $OPTIONS ExecReload=/bin/kill -s HUP $MAINPID TimeoutSec=0 RestartSec=2 @@ -24,7 +25,7 @@ StartLimitBurst=3 # Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230. # Both the old, and new name are accepted by systemd 230 and up, so using the old name to make # this option work for either version of systemd. -StartLimitInterval=60s +StartLimitInterval=5s # Having non-zero Limit*s causes performance problems due to accounting overhead # in the kernel. We recommend using cgroups to do container-local accounting. diff --git a/docker.sysconfig b/docker.sysconfig new file mode 100644 index 0000000000000000000000000000000000000000..426ec3ced351e69d89804699a6af2d854572f102 --- /dev/null +++ b/docker.sysconfig @@ -0,0 +1,7 @@ +# /etc/sysconfig/docker + +# Modify these options if you want to change the way the docker daemon runs +OPTIONS="--log-driver=journald \ + --live-restore \ + --default-ulimit nofile=1024:1024 \ +" diff --git a/libnetwork-dcdf8f17.tar.gz b/libnetwork-dcdf8f17.tar.gz deleted file mode 100644 index f6c37a44c86497323fb2373a55d5c77cdc204c17..0000000000000000000000000000000000000000 Binary files a/libnetwork-dcdf8f17.tar.gz and /dev/null differ diff --git a/moby-20.10.21.tar.gz b/moby-20.10.24.tar.gz similarity index 57% rename from moby-20.10.21.tar.gz rename to moby-20.10.24.tar.gz index 921de4626e57de4ce6b9b119e0e3d6cad33053b5..aff18932bdc6954e76919a277d65fadaab3f0df9 100644 Binary files a/moby-20.10.21.tar.gz and b/moby-20.10.24.tar.gz differ diff --git a/moby.spec b/moby.spec index ab424d41240a7678294d2476e6aa4fd978beb2ed..85bb1380c44c11bd3ece2bd0d825eb3ebef35a57 100644 --- a/moby.spec +++ b/moby.spec @@ -1,28 +1,28 @@ -%global _gitcommit_engine a89b8422 -%global _gitcommit_cli 100c7018 +%global _gitcommit_engine 5d6db84 +%global _gitcommit_cli 297e128 %global _source_engine moby-%{version} %global _source_client cli-%{version} %global _source_docker_init tini-0.19.0 -%global _source_docker_proxy libnetwork-dcdf8f17 +%define _debugsource_template %{nil} -Name: docker -Version: 20.10.21 -Release: 3 +Name: moby +Version: 20.10.24 +Release: 1 Summary: The open-source application container engine License: ASL 2.0 URL: https://www.docker.com -# https://github.com/docker/cli/archive/refs/tags/v20.10.21.tar.gz +# https://github.com/docker/cli/archive/refs/tags/v20.10.24.tar.gz Source0: cli-%{version}.tar.gz -# https://github.com/moby/moby/archive/refs/tags/v20.10.21.tar.gz +# https://github.com/moby/moby/archive/refs/tags/v20.10.24.tar.gz Source1: moby-%{version}.tar.gz # https://github.com/krallin/tini/archive/refs/tags/v0.19.0.tar.gz Source2: tini-0.19.0.tar.gz -# https://github.com/moby/libnetwork @dcdf8f176d1e13ad719e913e796fb698d846de98 -Source3: libnetwork-dcdf8f17.tar.gz -Source4: docker.service -Source5: docker.socket +Source3: docker.service +Source4: docker.socket +Source5: docker.sysconfig +Patch0000: awslogs-fix-non-blocking-log-drop-bug.patch +Patch0001: daemon-prepare-MountPoints-fix-panic-if-mount.patch -Patch0001: 0001-revert-any-to-interface-temporarily-allow-builtable.patch Requires: %{name}-engine = %{version}-%{release} Requires: %{name}-client = %{version}-%{release} @@ -30,6 +30,7 @@ Requires: %{name}-client = %{version}-%{release} # conflicting packages Conflicts: docker-ce Conflicts: docker-io +Conflicts: docker-engine Conflicts: docker-engine-cs Conflicts: docker-ee @@ -41,7 +42,9 @@ lightweight container. Summary: Docker daemon binary and related utilities Requires: /usr/sbin/groupadd -Requires: docker-client +Requires: %{name} = %{version}-%{release} +Requires: %{name}-client = %{version}-%{release} +Requires: docker-runc Requires: container-selinux >= 2:2.74 Requires: libseccomp >= 2.3 Requires: systemd @@ -70,7 +73,8 @@ BuildRequires: selinux-policy-devel BuildRequires: systemd-devel BuildRequires: tar BuildRequires: which -BuildRequires: golang >= 1.17 +BuildRequires: golang >= 1.17.0 +BuildRequires: docker-proxy %description engine Docker daemon binary and related utilities @@ -78,7 +82,8 @@ Docker daemon binary and related utilities %package client Summary: Docker client binary and related utilities -Requires: /bin/sh +Requires: /bin/sh +Requires: %{name}-engine = %{version}-%{release} BuildRequires: libtool-ltdl-devel %description client @@ -87,9 +92,9 @@ Docker client binary and related utilities %prep %setup -q -n %{_source_client} %setup -q -T -n %{_source_engine} -b 1 +%patch0000 -p1 %patch0001 -p1 %setup -q -T -n %{_source_docker_init} -b 2 -%setup -q -T -n %{_source_docker_proxy} -b 3 %build export GO111MODULE=off @@ -107,17 +112,6 @@ cmake . make tini-static popd -# build docker-proxy -pushd %{_builddir}/%{_source_docker_proxy} -mkdir -p .gopath/src/github.com/docker/libnetwork -export GOPATH=`pwd`/.gopath -rm -rf .gopath/src/github.com/docker/libnetwork -ln -s %{_builddir}/%{_source_docker_proxy} .gopath/src/github.com/docker/libnetwork -pushd .gopath/src/github.com/docker/libnetwork -go build -buildmode=pie -ldflags=-linkmode=external -o docker-proxy github.com/docker/libnetwork/cmd/proxy -popd -popd - # build cli pushd %{_builddir}/%{_source_client} mkdir -p .gopath/src/github.com/docker/cli @@ -143,14 +137,17 @@ ver="$(%{_builddir}/%{_source_client}/build/docker --version)"; \ install -D -p -m 0755 $(readlink -f %{_builddir}/%{_source_engine}/bundles/dynbinary-daemon/dockerd) %{buildroot}%{_bindir}/dockerd # install proxy -install -D -p -m 0755 %{_builddir}/%{_source_docker_proxy}/docker-proxy %{buildroot}%{_bindir}/docker-proxy +install -D -p -m 0755 /usr/bin/docker-proxy %{buildroot}%{_bindir}/docker-proxy # install tini install -D -p -m 755 %{_builddir}/%{_source_docker_init}/tini-static %{buildroot}%{_bindir}/docker-init # install systemd scripts -install -D -m 0644 %{SOURCE4} %{buildroot}%{_unitdir}/docker.service -install -D -m 0644 %{SOURCE5} %{buildroot}%{_unitdir}/docker.socket +install -D -m 0644 %{SOURCE3} %{buildroot}%{_unitdir}/docker.service +install -D -m 0644 %{SOURCE4} %{buildroot}%{_unitdir}/docker.socket + +# for additional args +install -Dpm 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/sysconfig/docker # install docker client install -p -m 0755 $(readlink -f %{_builddir}/%{_source_client}/build/docker) %{buildroot}%{_bindir}/docker @@ -171,6 +168,7 @@ install -p -m 644 %{_builddir}/%{_source_client}/{LICENSE,MAINTAINERS,NOTICE,REA # empty as it depends on engine and client %files engine +%config(noreplace) %{_sysconfdir}/sysconfig/docker %{_bindir}/dockerd %{_bindir}/docker-proxy %{_bindir}/docker-init @@ -191,13 +189,16 @@ if ! getent group docker > /dev/null; then fi %preun -%systemd_preun docker.service +%systemd_preun docker.service docker.socket %postun %systemd_postun_with_restart docker.service %changelog -* Wed Dec 21 2022 wanglimin - 20.10.21-2 +* Fri Nov 17 2023 shechenglong - 20.10.24-1 +- DESC: sync to openEuler-23.09 branch + +* Wed Dec 21 2022 wanglimin - 20.10.21-3 - DESC: change to BuildRequires golang-1.17 * Wed Dec 21 2022 wanglimin - 20.10.21-2