Merge pull request #25 from infosiftr/20.10

Update to 20.10.6
canonical · May 17, 2021 · 922bf39 · 922bf39
2 parents 641a1c7 + d8da0ca
commit 922bf39
Show file tree

Hide file tree

Showing 5 changed files with 48 additions and 25 deletions.
diff --git a/.github/workflows/smoke-test.yml b/.github/workflows/smoke-test.yml
@@ -72,6 +72,7 @@ jobs:
 
       - name: Verify
         run: |
+          trap 'ps faux | grep -i docker; sudo systemctl status snap.docker.dockerd.service' ERR
           sudo dmesg | tail -n20
           sleep 1
           sudo snap logs -n=20 docker.dockerd
@@ -92,7 +93,7 @@ jobs:
 
       - name: Hello World (journald)
         run: |
-          trap 'sudo dmesg | tail -n20; sudo snap logs -n=20 docker.dockerd' ERR
+          trap 'echo "error, sad day ($?)"; sleep 1; sudo snap logs -n=20 docker.dockerd; sleep 1; sudo tail -n20 /var/log/*.log; sudo dmesg | tail -n20; sudo journalctl --no-pager | grep DENIED | grep docker' ERR
           expectedOutput="testing-journald-log-driver-$RANDOM-$RANDOM"
           sudo docker run --name test-journald --log-driver journald bash -c 'echo "$@"' -- "$expectedOutput"
           actualOutput="$(sudo docker logs test-journald)"

diff --git a/dockerd-patches/snappy-apparmor-tweaks.patch b/dockerd-patches/snappy-apparmor-tweaks.patch
@@ -43,12 +43,12 @@ index 2f58ee852c..9107f82f40 100644
  }
 
 diff --git a/profiles/apparmor/template.go b/profiles/apparmor/template.go
-index 400b3bd50a..03670bf054 100644
+index b12e3ff3b2..053a73f978 100644
 --- a/profiles/apparmor/template.go
 +++ b/profiles/apparmor/template.go
-@@ -46,5 +46,13 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) {
+@@ -54,5 +54,13 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) {
    # suppress ptrace denials when using 'docker ps' or using 'ps' inside a container
-   ptrace (trace,read) peer={{.Name}},
+   ptrace (trace,read,tracedby,readby) peer={{.Name}},
  {{end}}
 +{{if .SnapSecurityLabel}}
 +  # Snap based docker distribution accesses

diff --git a/dockerd-patches/snappy-buildkit-git-environ.patch b/dockerd-patches/snappy-buildkit-git-environ.patch
@@ -0,0 +1,22 @@
+https://github.com/docker-snap/docker-snap/pull/25#issuecomment-827849995
+https://github.com/moby/buildkit/pull/1533/files#diff-9a3248027714dcbcf2647fa27b75ec4dd3d9639ae80c40bfd6a68abd7805bd4eR494-R498
+
+diff --git a/vendor/github.com/moby/buildkit/source/git/gitsource.go b/vendor/github.com/moby/buildkit/source/git/gitsource.go
+index 3d1bfe21f4..197c339c78 100644
+--- a/vendor/github.com/moby/buildkit/source/git/gitsource.go
++++ b/vendor/github.com/moby/buildkit/source/git/gitsource.go
+@@ -598,12 +598,11 @@ func git(ctx context.Context, dir, sshAuthSock, knownHosts string, args ...strin
+ 		cmd.Stdin = nil
+ 		cmd.Stdout = io.MultiWriter(stdout, buf)
+ 		cmd.Stderr = io.MultiWriter(stderr, errbuf)
+-		cmd.Env = []string{
+-			"PATH=" + os.Getenv("PATH"),
++		cmd.Env = append(append([]string{}, os.Environ()...), []string{
+ 			"GIT_TERMINAL_PROMPT=0",
+ 			"GIT_SSH_COMMAND=" + getGitSSHCommand(knownHosts),
+ 			//	"GIT_TRACE=1",
+-		}
++		}...)
+ 		if sshAuthSock != "" {
+ 			cmd.Env = append(cmd.Env, "SSH_AUTH_SOCK="+sshAuthSock)
+ 		}
diff --git a/dockerd-patches/snappy-real-chroot.patch b/dockerd-patches/snappy-real-chroot.patch
@@ -1,8 +1,8 @@
 diff --git a/pkg/chrootarchive/chroot_linux.go b/pkg/chrootarchive/chroot_linux.go
-index 9802fad514..be78c65e09 100644
+index 1c560ce59f..c32f5c71f5 100644
 --- a/pkg/chrootarchive/chroot_linux.go
 +++ b/pkg/chrootarchive/chroot_linux.go
-@@ -18,6 +18,13 @@ import (
+@@ -19,6 +19,13 @@ import (
  // Old root is removed after the call to pivot_root so it is no longer available under the new root.
  // This is similar to how libcontainer sets up a container's rootfs
  func chroot(path string) (err error) {
@@ -14,10 +14,10 @@ index 9802fad514..be78c65e09 100644
 +	}
 +
  	// if the engine is running in a user namespace we need to use actual chroot
- 	if rsystem.RunningInUserNS() {
+ 	if sys.RunningInUserNS() {
  		return realChroot(path)
 diff --git a/pkg/chrootarchive/diff_unix.go b/pkg/chrootarchive/diff_unix.go
-index d96a09f8fa..3d76d7a883 100644
+index c64efefcdc..534509e83b 100644
 --- a/pkg/chrootarchive/diff_unix.go
 +++ b/pkg/chrootarchive/diff_unix.go
 @@ -111,6 +111,7 @@ func applyLayerHandler(dest string, layer io.Reader, options *archive.TarOptions

diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml
@@ -1,6 +1,6 @@
 name: docker
 #title: Docker
-version: '19.03.15'
+version: '20.10.6'
 summary: Docker container runtime
 description: |
   Build and run container images with Docker.
@@ -33,7 +33,7 @@ grade: stable
 
 base: core18
 confinement: strict
-assumes: [snapd2.48.2] # TODO bump this to 2.49 once that's stable (https://github.com/docker-snap/docker-snap/pull/13#pullrequestreview-589725814)
+assumes: [snapd2.50]
 
 layout:
   /etc/docker:
@@ -124,10 +124,10 @@ parts:
 
   docker-cli:
     plugin: make
-    # https://github.com/docker/cli/tree/v19.03.15/dockerfiles (Docker-supported Go version for CLI)
+    # https://github.com/docker/cli/tree/v20.10.6/dockerfiles (Docker-supported Go version for CLI)
     build-snaps: ['go/1.13/stable']
     source: https://github.com/docker/cli.git
-    source-tag: v19.03.15
+    source-tag: v20.10.6
     override-build: |
       # docker build specific environment variables
       export VERSION=$SNAPCRAFT_PROJECT_VERSION
@@ -153,7 +153,7 @@ parts:
   engine:
     plugin: make
     source: https://github.com/moby/moby.git
-    source-tag: v19.03.15
+    source-tag: v20.10.6
     source-depth: 1
     override-build: |
       # docker build specific environment variables
@@ -174,7 +174,7 @@ parts:
 
       install -d "$SNAPCRAFT_PART_INSTALL/bin"
       install -T "$GOPATH/src/github.com/docker/docker/bundles/dynbinary-daemon/dockerd" "$SNAPCRAFT_PART_INSTALL/bin/dockerd"
-    # https://github.com/moby/moby/blob/v19.03.15/Dockerfile.simple (Docker-supported Go version for Engine)
+    # https://github.com/moby/moby/blob/v20.10.6/Dockerfile.simple (Docker-supported Go version for Engine)
     build-snaps: ['go/1.13/stable']
     after: [wrapper-scripts]
     build-packages:
@@ -198,19 +198,19 @@ parts:
   containerd:
     plugin: make
     source: https://github.com/containerd/containerd.git
-    # from : https://github.com/docker/docker-ce/blob/v19.03.15/components/engine/hack/dockerfile/install/containerd.installer
-    source-commit: ea765aba0d05254012b0b9e595e995c09186427f
+    # from : https://github.com/docker/docker/blob/v20.10.6/hack/dockerfile/install/containerd.installer
+    source-commit: 05f951a3781f4f2c1911b05e61c160e9c30eaa8e
     override-build: |
       # setup the go build environment for containerd
       . "$SNAPCRAFT_STAGE/bin/go-build-helper.sh"
       gopartbootstrap github.com/containerd/containerd
 
       make GIT_COMMIT= GIT_BRANCH= LDFLAGS=
 
+      rm bin/containerd-stress
+
       install -d "$SNAPCRAFT_PART_INSTALL/bin"
-      install -T bin/containerd "$SNAPCRAFT_PART_INSTALL/bin/containerd"
-      install -T bin/containerd-shim "$SNAPCRAFT_PART_INSTALL/bin/containerd-shim"
-      install -T bin/ctr "$SNAPCRAFT_PART_INSTALL/bin/ctr"
+      install -t "$SNAPCRAFT_PART_INSTALL/bin" bin/containerd* bin/ctr
     build-snaps: ['go/1.13/stable']
     after: [wrapper-scripts]
     build-packages:
@@ -219,8 +219,8 @@ parts:
   runc:
     plugin: make
     source: https://github.com/opencontainers/runc.git
-    # from https://github.com/docker/docker-ce/blob/v19.03.15/components/engine/hack/dockerfile/install/runc.installer
-    source-commit: dc9208a3303feef5b3839f4323d9beb36df0a9dd
+    # from https://github.com/docker/docker/blob/v20.10.6/hack/dockerfile/install/runc.installer
+    source-commit: 12644e614e25b05da6fd08a38ffa0cfe1903fdec
     override-build: |
       # setup the go build environment for runc
       . "$SNAPCRAFT_STAGE/bin/go-build-helper.sh"
@@ -240,8 +240,8 @@ parts:
   libnetwork:
     plugin: make
     source: https://github.com/docker/libnetwork.git
-    # from https://github.com/docker/docker-ce/blob/v19.03.15/components/engine/hack/dockerfile/install/proxy.installer
-    source-commit: 55e924b8a84231a065879156c0de95aefc5f5435
+    # from https://github.com/docker/docker/blob/v20.10.6/hack/dockerfile/install/proxy.installer
+    source-commit: b3507428be5b458cb0e2b4086b13531fb0706e46
     override-build: |
       # setup the go build environment for libnetwork
       . "$SNAPCRAFT_STAGE/bin/go-build-helper.sh"
@@ -262,8 +262,8 @@ parts:
     plugin: cmake
     source: https://github.com/krallin/tini.git
     source-type: git
-    # from https://github.com/docker/docker-ce/blob/v19.03.15/components/engine/hack/dockerfile/install/tini.installer
-    source-commit: fec3683b971d9c3ef73f284f176672c44b448662
+    # from https://github.com/docker/docker/blob/v20.10.6/hack/dockerfile/install/tini.installer
+    source-commit: de40ad007797e0dcd8b7126f27bb87401d224240
     organize:
       'bin/tini-static': bin/docker-init
     build-packages: