| Age | Commit message (Collapse) | Author |
|---|
|
* CVE-2018-10892
Docker does not block /proc/acpi pathnames. The flaw allows an attacker to
modify host's hardware like enabling/disabling Bluetooth or turning up/down
keyboard brightness.
Affects < 18.03.01
CVE: CVE-2018-10892
Ref: https://access.redhat.com/security/cve/cve-2018-10892
Signed-off-by: Sinan Kaya <okaya@kernel.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Rather than invoking go directly to build docker-proxy, we can use
the libnetwork Make infrastructure. This picks up our exported go
enviroment variables, and other sysroot flags.
We also apply one patch to ensure that the cross-go toolchain is
used, and that the proper build flags are used.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Uprev the docker daemon, proxy and cli to 18.03.0.
The SRCREVs for these updates come from the versions logged in the
docker-ce 18.03.0 release. The docker-ce recipe has a pure docker-ce
single repository build, but here, we continue to assemble the individual
parts for maximum flexibility.
Along with the uprev, we add new dependencies required to build the new
version; libtool and pkcconfig (although unused by the recipe itself).
Finally we switch to a Makefile based build of the cli to allow the
commit and docker version to be properly captured in the docker executable.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Only include aufs-utils if the corresponding distro feature is enabled.
Without that the aufs kernel driver is not included too.
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
If the GOARCH isn't set CGO took the ARCH from the host and tries
to use -m64 flag that isn't available in aarch64 compiler.
...
| # github.com/opencontainers/runc/libcontainer/system
| aarch64-linaro-linux-gcc: error: unrecognized command line option
'-m64'
| # github.com/containerd/console
| aarch64-linaro-linux-gcc: error: unrecognized command line option
'-m64'
| Makefile:60: recipe for target 'shim-static' failed
...
Signed-off-by: Aníbal Limón <anibal.limon@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Recently in the oe-core the go.bbclass changed and requires the
defition of the GO_IMPORT variable. This was intended to simplify how
the compilation works with go packages and it is still a work in
progress.
This patch set makes the recipes compatible to generate the same end
result as before using the new go.bbclass from oe-core.
Any patches that were included in the recipes had to have the paths
adjusted because the new go.bbclass manipulates the notion of S to be
S + "src" + "$GO_IMPORT" internally for the purpose of unpack, patch
and compile.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Fix daemonization, align args with docker.service, fix line breaks in
log file - and fix INITSCRIPT_PARAMS (there is no variable
OS_DEFAULT_INITSCRIPT_PARAMS).
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
The docker uprev missed the version string which matches the actual
binary being built. With this change, the package now reflects the
correct version.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
The build method for docker client changed where by the docker cli is
now required to be pulled in from a separate git tree to be built.
The integration patch to cross compile was also upreved since some
parts of it were accepted upstream while other parts have not been
accepted at this time.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
According to https://github.com/docker/libtrust, this repo is now deprecated
and the library was integrated in the docker-distribution repository.
Signed-off-by: Anselmo L. S. Melo <anselmo.melo@intel.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Continue work to use go infra in oe-core instead of the support for go
previously found in meta-virt. This is a 1:1 drop in replacement and
removes one more go piece from meta-virt in favor of the common
support found in oe-core.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
The docker recipe has some outdated go hacks. While this doesn't remove
them all, it does use more of the oe-core go infrastructure .. and that
results in more consistent builds.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
We can now use the oe-core go bbclass to get our DEPENDS correct
for building these go packages.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Follow the bouncing docker-registry package. Rather than use the docker hub
registry container, we can have finer grained control if we clone and build
the docker-distribution repository directly.
Since this is distinct from the main docker package/codebase, we break the
registry back out into its own package.
We also create a baseline configuration and .service file that can be the
basis for more complex implementations.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
The docker v1 registry has long been depreciated and moved into the
docker distribution library.
The registry is run via the docker CLI and not through a standalone
server.
This change removes the old registry and adds a .service file + package
for docker registry in the main docker recipe. Anyone that wants to
run a local registry can install the docker-registry package and the
service will start.
Note: No full config.yml file is provided, since the default are sane.
If tweaks are required, we can use ENV vars or consider adding a
config overlay.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Most (all) distros package docker-proxy along with the docker CLI
and daemon .. largely due to the fact that it is required to run
the docker registry.
docker-proxy is part of the libnetwork repository, so we add it to
the docker recipe as a separate git repo and integrate it into the
build and packaging process.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Since there are two implementations of runc and containerd that may
not always be in sync, the docker variant, and the opencontainers
variable, we create a virtual/* namespace for these components.
Anything requiring runc or containerd should set a preferred provider
to get the desired/tested variant.
We set the default provider to the docker variants, since they are
the primary use case for these components.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Oru existing docker.service file is using an out of date command. We
can use the contrib .service file instead .. and hopefully it will
stay up to date.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Regular users don't need lxc, docker-registry and rt-tests on the target.
These tools aren't even needed or provide additional features when running
docker at runtime. They also increase the size of the image uneccessarily.
Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Docker is failing to build because it is attempting to download
missing go dependencies. Add new recipes for missing dependencies and
update existing recipes to ensure the version defined in docker's
vendor.conf is available.
Note that this fixes the build only. At this time many docker
functions are working, such as 'docker image', 'docker pull' and more,
but 'docker run' is currently failing.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Since we are building a cross tool which produces something which is
ARCH specific we should stick to the <toolname>-cross-<arch> naming
convention. A variant of this patch has been floating around for a
while but with the changes around per recipe sysroots, distributed
builds, shared builds... we are best served to adopt this convention
now.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Make use of bitbake variable where appropriate, this makes the recipe portable.
Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
This new version of docker starts to assume that go 1.7 is
used. Specifically in go 1.7 golang.org/x/net/context has been merged
so the include is starting to be shortened to simply "context" which
does not work when using go 1.6. We can continue to use go 1.6 by
using the full pkg path.
Additionally the docker-proxy is not built when using the hacks build
mechanism, as we do to build docker (ie. we don't build docker in a
docker container). We could probably find a way to build docker-proxy
using the build hacks, but for now we will simply drop docker-proxy
from the package. In an embedded env. using the proxy doesn't make a
lot of sense anyways.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Adjust SRCREV and DOCKER_VERSION to match docker 1.13.0 release.
Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
cosmetic only, no changes in behavior:
* align all the DEPENDS, better readability
* fix indentation in do_install(): space -> tab
Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
It allows to:
* easily extend future architecture added/supported
* tune arm architecture and set GOARM as appropriate
Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
* reword docker officially supported hosts section
* bump minimal required kernel from 3.8 to 3.10
Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
The script /usr/share/docker/config-check.sh is very useful to test all
kernel requirements for docker. A lot of embedded boards will use a
custom kernel config that does not have all kernel features enabled by
default. Install the script so kernel developer can easily enable the
missing features.
Signed-off-by: Stefan Lengfeld <s.lengfeld@phytec.de>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Seems upstream adjusted their LICENSE file. The license is still
Apache version 2 so no worries about having to update the LICENSE
string for the recipe.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Systemd takes care of setting up the various cgroup mounts at boot,
and likewise the tearing down of these at shutdown. It is therefor a
useless dependency when we are using systemd.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Bumping the version of docker and dependencies. This gets us closer to
runc 1.0, which is the foundation for future OCI efforts.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
The docker build isn't properly using CFLAGS/LDFLAGS, which triggers the following
QA error:
ERROR: docker-1.11.1+git5604cbed50d51c4039b1abcb1cf87c4e01bce924-r0 do_package_qa: QA Issue: No GNU_HASH in the elf binary: 'docker/1.11.1+git5604cbed50d51c4039b1abcb1cf87c4e01bce924-r0/packages-split/docker/usr/bin/docker' [ldflags]
ERROR: docker-1.11.1+git5604cbed50d51c4039b1abcb1cf87c4e01bce924-r0 do_package_qa: QA run found fatal errors. Please consider fixing them
ERROR: docker-1.11.1+git5604cbed50d51c4039b1abcb1cf87c4e01bce924-r0 do_package_qa: Function failed: do_package_qa
ERROR: Logfile of failure stored in: tmp/work/core2-64-overc-linux/docker/1.11.1+git5604cbed50d51c4039b1abcb1cf87c4e01bce924-r0/temp/log.do_package_qa.63906
ERROR: Task meta-virtualization/recipes-containers/docker/docker_git.bb:do_package_qa (meta-virtualization/recipes-containers/docker/docker_git.bb:do_package_qa) failed with exit code '1'
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Usually $GOROOT is set by go tool, but if sstate is specified, $GOROOT
is set to the path in the first project. If docker is built in the
another project(with same SSTATE_DIR) later, and the first project is removed,
the following error will be seen:
| go: cannot find GOROOT directory:
/path/to/previous/project/bitbake_build/tmp/sysroots/x86_64-linux/usr/lib/x86_64-wrs-linux/go
This commit is overriding $GOROOT stored in the go tool in sstate cache,
making sure it is set to the correct path in current project.
See more information here: https://golang.org/doc/install#install
Signed-off-by: Yunguo Wei <yunguo.wei@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
We no longer need go-net and go-sqlite for the docker build and
runtime. The upstream repos are no longer properly fetching, so
we can simply drop the recipes and dependency.
If they are ever needed in the future, we can revisit the upstream
source for them.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
The 'base_contains' is now deprecated and only kept as a compatibility method. It will be removed in future releases.
Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Updating docker to the 1.11.1 release, which uses the open container initiative
components.
With this udpate, we drop patches that are no longer required, and adjust the
install/strip routines to not look for obselete components.
There are now 4 binaries required for docker to work:
- docker
- docker-containerd
- docker-containerd-shim
- docker-runc
The new containerd and runc recipes provide the latter, while docker provides
the cli and daemon.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Signed-off-by: Zongchun Yu <zongchun.yu@nxp.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
go-cross-1.3 is old, and doesn't link properly with the latest 2.26
binutils.
To get things building again, and to start the docker uprev, we simply
depend on go-cross and line docker up with the rest of the go users.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Some of the cgo variables were pointing to host paths and not target
Fix install rules - binaries can be installed to a subdirectory.
Signed-off-by: Amy Fong <amy.fong@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Since we need go 1.3 to co-exist with later versions (ie 1.4),
package go-cross_1.3 as go-cross-1.3_1.3.
go 1.3 will be installed to a different path than go-cross, this requires
go packages needing go 1.3 to set its PATH to:
export PATH=${STAGING_BINDIR_NATIVE}/${HOST_SYS}/go-1.3:$PATH
Signed-off-by: Amy Fong <amy.fong@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Author: Amy Fong <amy.fong@windriver.com>
Date: Wed Sep 16 00:12:10 2015 -0400
docker: update SRC_URI
branch=release is no longer valid in the git tree,
updating the branch to v1.6.2
Signed-off-by: Amy Fong <amy.fong@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
From b101a0c7ce6ef1eb41bef786831e58fa4d1b069f Mon Sep 17 00:00:00 2001
From: Amy Fong <amy.fong@windriver.com>
Date: Mon, 27 Jul 2015 14:10:20 -0400
Subject: [PATCH] golang: use oe-meta-go
Update meta-virtualization to use go package from oe-meta-go.
The package golang-cross is go-cross in the oe-meta-go.
Signed-off-by: Amy Fong <amy.fong@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Docker searching and launch looks for iptables, so we add it to the
rdepends.
To actually launch a container, netfilter nat and dm-think are often
required, so we make those modules rrecommends.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
golang doesn't work with ccache. In the current state, a lot of parsing
happens where it'll grab the first string in CC or LD and uses that for
its builds. When ccache is enabled, it results in trying to do builds
with just ccache.
The brokeness is seen when building with apps that uses cgo, like docker.
To enable ccache to work, some string comparisons and changes to parsing
had to be made.
Signed-off-by: Amy Fong <amy.fong@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Uprev docker to 1.6.2
go-capability is upreved to a later git commit
go-dbus is upreved to version 2
go-distribution-digest is added as a new dependency. Only the
digest part of go-distribution is needed/kept here,
hence go-distribution-digest
go-logrus is upreved to 0.7.1
Remove PR since it's no longer used
Signed-off-by: Amy Fong <amy.fong@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
In yocto builds, preprocessing of binaries can happen after the install
phase. Some of these can modify the size/sha1sum of the binaries.
e.g. A new .gnu_debuglink can happen
docker will not start because of these modifications. Docker initially
does a sha1sum of dockerinit to identify the dockerinit that it was built
with, this is done for security and for compatibility reasons. Since
this checking is disabled, we should rely on rpm tests for validation
of the binary instead.
Signed-off-by: Amy Fong <amy.fong@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Adding a basic sysvinit script to docker .. for those that still use
sysvinit!
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
The following is the type of error you see when CCACHE is enabled.
| ---> Making bundle: dynbinary (in bundles/1.5.0-dev/dynbinary)
| go build runtime/cgo: no buildable Go source files in /opt/proj/tmp/sysroots/x86_64-linux/usr/lib/x86_64-wrs-linux/go/src/pkg/runtime/cgo
| WARNING: /opt/proj/tmp/work/core2-64-wrs-linux/docker/1.5.0+git2243e32cbbf1c9809c262a7376d34ca43a7a36dc-r0/temp/do_compile/run.do_compile.19967:1 exit 1 from
| DOCKER_GITCOMMIT="2243e32cbbf1c9809c262a7376d34ca43a7a36dc" ./hack/make.sh dynbinary
| ERROR: Function failed: do_compile (log file is located at /opt/proj/tmp/work/core2-64-wrs-linux/docker/1.5.0+git2243e32cbbf1c9809c262a7376d34ca43a7a36dc-r0/temp/do_compile/log.do_compile.19967)
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Docker's build process will clone missing dependencies which
circumvents the bitbake fetcher. This is a bad thing in many ways, for
example this will not respect BB_NO_NETWORK and DL_DIR settings. To
work around this we are able to provide recipes for each of the
missing dependencies.
The dependencies are all in GO and are required to be added to the
sysroot such that the docker build can find them via GOPATH at build
time. The docker recipe was updated to add these new packages as
dependencies and the explicit clone of go-cli was removed.
After these change we are able to complete the build with networking
disabled after completing a fetchall. Docker functionality was tested
on an image built with these changes and it functions as it did
before.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Amy Fong <amy.fong@windriver.com>
|
Sinan Kaya
Bruce Ashfield
Pascal Bach
Aníbal Limón
Jason Wessel
Jan Kiszka
Anselmo L. S. Melo
Mark Asselstine
Fathi Boudra
Amarnath Valluri
Stefan Lengfeld
Yunguo Wei
Derek Straka
Zongchun Yu
Amy Fong