File docker.spec of Package docker.2434

#
# spec file for package docker
#
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#


%define docker_store              /var/lib/docker
%define docker_graph              %{docker_store}/graph
%define docker_migration_testfile %{docker_store}/.suse-image-migration-v1to2-complete

%define git_version 9e83765
%define go_arches %ix86 x86_64
Name:           docker
Version:        1.10.3
Release:        0
Summary:        The Linux container runtime
License:        Apache-2.0
Group:          System/Management
Url:            http://www.docker.io
Source:         %{name}-%{version}.tar.xz
Source1:        docker.service
Source3:        80-docker.rules
Source4:        sysconfig.docker

%if 0%{?suse_version} > 1320
Source5:        docker.socket
%else
Source5:        docker_systemd_lt_214.socket
%endif

Source6:        docker-rpmlintrc
Source7:        README_SUSE.md
Source8:        docker-audit.rules
# TODO: remove once we figure out what is wrong with iptables on ppc64le
Source100:      sysconfig.docker.ppc64le
Patch0:         fix_platform_type_arm.patch
Patch1:         gcc5_socket_workaround.patch
Patch2:         fix-docker-init.patch
Patch3:         fix-apparmor.patch
%if 0%{?is_opensuse}
# nothing
%else
# The mount-secrets patch is be a SLE-specific feature. As such, it is disabled by default on openSUSE.
# PATCH-FEATURE-SLE docker-mount-secrets.patch -- pass the SCC machine credentials and the /etc/SUSEConnect file to containers
Patch200:       docker-mount-secrets.patch
%endif
# Required to overcome some limitations of gcc-go: https://groups.google.com/forum/#!msg/golang-nuts/SlGCPYkjxo4/4DjcjXRCqAkJ
# Right now docker passes the sha1sum of the dockerinit binary to the docker binary at build time
# We cannot do that, right now a quick and really dirty way to get it running is
# to simply disable this check
Patch100:       ignore-dockerinit-checksum.patch
Patch101:       gcc-go-patches.patch
Patch102:       netlink_gcc_go.patch
Patch103:       netlink_netns_powerpc.patch
Patch104:       boltdb_bolt_powerpc.patch
Patch105:       libnetwork_drivers_bridge_powerpc.patch
# This fixes bsc#976777. While the fix is upstream, it isn't in Docker 1.10.3 or
# Docker 1.11.0. This patch was squashed and cherry-picked from runc#708.
Patch901:       cve-2016-3697-numeric-uid.patch
BuildRequires:  audit
BuildRequires:  bash-completion
BuildRequires:  device-mapper-devel >= 1.2.68
BuildRequires:  glibc-devel-static
%ifarch %go_arches
BuildRequires:  go >= 1.5
BuildRequires:  go-go-md2man
%else
BuildRequires:  gcc5-go >= 5.0
%endif
BuildRequires:  libapparmor-devel
BuildRequires:  libbtrfs-devel >= 3.8
BuildRequires:  procps
BuildRequires:  sqlite3-devel
BuildRequires:  systemd-devel
BuildRequires:  zsh
Requires:       apparmor-parser
Requires:       bridge-utils
Requires:       ca-certificates-mozilla
# Provides mkfs.ext4 - used by Docker when devicemapper storage driver is used
Requires:       e2fsprogs
Requires:       git-core >= 1.7
Requires:       iproute2 >= 3.5
Requires:       iptables >= 1.4
Requires:       kernel >= 3.8.0
Requires:       lvm2 >= 2.2.89
Requires:       procps
Requires:       tar >= 1.26
Requires:       xz >= 4.9
# Not necessary, but must be installed to have a smooth upgrade.
Recommends:     docker-image-migrator
Conflicts:      lxc < 1.0
PreReq:         %fillup_prereq
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
ExcludeArch:    %ix86
ExcludeArch:    s390
ExcludeArch:    ppc

%description
Docker complements LXC with a high-level API which operates at the process
level. It runs unix processes with strong guarantees of isolation and
repeatability across servers.

Docker is a great building block for automating distributed systems: large-scale
web deployments, database clusters, continuous deployment systems, private PaaS,
service-oriented architectures, etc.

%package bash-completion
Summary:        Bash Completion for %{name}
Group:          System/Management
Requires:       %{name} = %{version}
Requires:       bash-completion
BuildArch:      noarch

%description bash-completion
Bash command line completion support for %{name}.

%package zsh-completion
Summary:        Zsh Completion for %{name}
Group:          System/Management
Requires:       %{name} = %{version}
Requires:       zsh
BuildArch:      noarch

%description zsh-completion
Zsh command line completion support for %{name}.

%package test
Summary:        Test package for docker
Group:          System/Management
Requires:       device-mapper-devel >= 1.2.68
Requires:       glibc-devel-static
%ifarch %go_arches
Requires:       go >= 1.4
%else
Requires:       gcc5-go >= 5.0
%endif
BuildRequires:  fdupes
Requires:       apparmor-parser
Requires:       bash-completion
Requires:       libapparmor-devel
Requires:       libbtrfs-devel >= 3.8
Requires:       procps
Requires:       sqlite3-devel
BuildArch:      noarch

%global __requires_exclude ^libgo.so.*$

%description test
Test package for docker. It contains the source code and the tests.

%prep
%setup -q -n %{name}-%{version}
%patch0 -p1
# >= 1315 means leap, sle12, or Tumbleweed
# gcc5-go in those distros includes this commit
# https://github.com/golang/gofrontend/commit/a850225433a66a58613c22185c3b09626f5545eb
# Which "fixes" the data type for RawSockaddr.Data
# However, docker now expects the "wrong" data type, since docker had a workaround
# for that issue.
# Thus, we need to workaround the workaround
%if 0%{?suse_version} >= 1315
%patch1 -p1
%endif
%patch2 -p1
%patch3 -p1
%if 0%{?is_opensuse}
# nothing
%else
%patch200 -p1
%endif
%ifnarch %go_arches
%patch101 -p1
%patch102 -p1
%patch103 -p1
%patch104 -p1
%patch105 -p1
%patch100 -p1
%endif
# bsc#976777
%patch901 -p1
cp %{SOURCE7} .

%build
%ifnarch %go_arches
tmphack=/tmp/dirty-hack
[ -e $tmphack ] && rm -rf $tmphack
mkdir $tmphack
ln -s /usr/bin/go-5 $tmphack/go
export PATH=$tmphack:$PATH
%endif

(cat <<EOF
export AUTO_GOPATH=1
export DOCKER_BUILDTAGS="exclude_graphdriver_aufs apparmor selinux"
export DOCKER_GITCOMMIT=%{git_version}
EOF
) > docker_build_env
. ./docker_build_env

%ifarch %go_arches
./hack/make.sh dynbinary
man/md2man-all.sh
%else
./hack/make.sh dyngccgo
%endif

# remove other than systemd
# otherwise the resulting package will have extra requires
rm -rf hack/make/.build-deb

%install
install -d %{buildroot}%{go_contribdir}
install -d %{buildroot}%{_bindir}
%ifarch %go_arches
install -D -m755 bundles/%{version}/dynbinary/%{name}-%{version} %{buildroot}/%{_bindir}/%{name}
install -D -m755 bundles/%{version}/dynbinary/dockerinit-%{version} %{buildroot}/%{_prefix}/lib/docker/dockerinit
%else
install -D -m755 bundles/%{version}/dyngccgo/%{name}-%{version} %{buildroot}/%{_bindir}/%{name}
install -D -m755 bundles/%{version}/dyngccgo/dockerinit-%{version} %{buildroot}/%{_prefix}/lib/docker/dockerinit
%endif
install -d %{buildroot}/%{_prefix}/lib/docker
install -Dd -m 0755 \
   %{buildroot}%{_sysconfdir}/init.d \
   %{buildroot}%{_sbindir}

install -D -m0644 contrib/completion/bash/docker "%{buildroot}/etc/bash_completion.d/%{name}"
install -D -m0644 contrib/completion/zsh/_docker "%{buildroot}/etc/zsh_completion.d/%{name}"
# copy all for the test package
install -d %{buildroot}/usr/src/docker/
cp -av . %{buildroot}/usr/src/docker/

#
# systemd service
#
install -D -m 0644 %SOURCE1 %{buildroot}%{_unitdir}/%{name}.service
install -D -m 0644 %SOURCE5 %{buildroot}%{_unitdir}/%{name}.socket
ln -sf /sbin/service $RPM_BUILD_ROOT/usr/sbin/rcdocker

#
# udev rules that prevents dolphin to show all docker devices and slows down
# upstream report https://bugs.kde.org/show_bug.cgi?id=329930
#

install -D -m 0644 %SOURCE3 %{buildroot}%{_prefix}/lib/udev/rules.d/80-%{name}.rules

# audit rules
install -D -m 0640 %SOURCE8 %{buildroot}%{_sysconfdir}/audit/rules.d/%{name}.rules

# sysconfig file
%ifarch ppc64le
install -D -m 644 %SOURCE100 %{buildroot}/var/adm/fillup-templates/sysconfig.docker
%else
install -D -m 644 %SOURCE4 %{buildroot}/var/adm/fillup-templates/sysconfig.docker
%endif

%ifarch %go_arches
# install manpages
install -d %{buildroot}%{_mandir}/man1
install -p -m 644 man/man1/*.1 %{buildroot}%{_mandir}/man1
install -d %{buildroot}%{_mandir}/man5
install -p -m 644 man/man5/Dockerfile.5 %{buildroot}%{_mandir}/man5
%endif

%fdupes %{buildroot}

%pre
# We're currently inside rpmlint, which will cause us to fail the tests if it
# happens that the Docker install in the builder requires a migration.
if [[ -z "$BUILD_ROOT" ]]
then
	# In order to make sure we don't print a scary warning when we shouldn't we
	# need to test these things (in this order):
	# 1. Check that /var/lib/docker actually exists (docker daemon has run).
	# 2. Check that the migrator has *not* finished.
	# 3. Check that /var/lib/docker/graph exists (this is a <=1.9.1 thing, but
	#    will stick around if it has been migrated -- which is why we need the
	#    MIGRATION_TESTFILE check).
	# 4. Check that there are images in the graph/ directory.
	if [[ -d "%{docker_store}" && ( ! -f "%{docker_migration_testfile}" ) && -d "%{docker_store}" && -n "$(find "%{docker_store}" -maxdepth 1 -type d 2>/dev/null | grep -Ev '_tmp|^%{docker_store}$')" ]]
    then

		if [ -n "$DOCKER_FORCE_INSTALL" ]
		then
			echo >&2 "*** IGNORING DOWNTIME WARNING! FORCING INSTALLATION. ***"
		else

cat >&2 <<EOF

                               ***  WARNING  ***

In the migration from docker<1.10.0 to docker>=1.10.0, the Docker image format
has changed to be completely content-addressible. This results in several positive
improvements to image operations (better caching during builds mainly). However,
the migration operation may take several hours if you have a lot of large images
on a Docker host. In order to ensure that you have minimum downtime, this update
of Docker will not complete successfully, and you will have the opportunity to
run a separate migration tool (which will not cause downtime for your Docker
daemon).

In order to run this migration tool, please install the 'docker-image-migrator'
package. You can run the migration with this command, which will exit after the
migration has been completed:

$ /usr/lib/docker-image-migrator/do-image-migration-v1to2.sh

Because the migrator requires information about the storage driver used by Docker,
the migration script will source /etc/sysconfig/docker and use \$DOCKER_OPTS as
arguments to the migrator. If this automated migration fails, it will be re-attempted
with every known storage driver. In addition, the script accepts arguments which
will simiarly be appended to the set of arguments (after \$DOCKER_OPTS) to the
migrator.

However, if you prefer to not run this separate migration tool, you can force this
update using the following command. THIS WILL CAUSE DOWNTIME, BECAUSE DOCKER WILL
RUN THE MIGRATION ON FIRST START AND YOU WILL BE UNABLE TO START ANY CONTAINERS
OR USE ANY DOCKER COMMANDS (EVEN CONTAINERS WITH RESTART POLICIES ACTIVE):

$ DOCKER_FORCE_INSTALL=1 sudo -E zypper up docker
EOF

			# Fail the update.
			exit 1
		fi
	fi

	# In order to make sure that we don't accidentally cause problems with an
	# upgrade to docker>=1.10.2, we'll touch the same file we tested in (2).
	# -m701 is *not* a typo, it is necessary for certain syscalls with remapped
	# root.
	[[ -d "%{docker_store}" ]] || install -d -m701 %{docker_store} || :
	touch %{docker_migration_testfile}
fi

echo "creating group docker..."
groupadd -r docker 2>/dev/null || :
%service_add_pre %{name}.service %{name}.socket

%post
%service_add_post %{name}.service %{name}.socket
%{fillup_only -n docker}

%preun
%service_del_preun %{name}.service %{name}.socket

%postun
%service_del_postun %{name}.service %{name}.socket

%files
%defattr(-,root,root)
%doc README.md LICENSE README_SUSE.md
%{_bindir}/docker
%{_sbindir}/rcdocker
%{_prefix}/lib/docker/
%{_prefix}/lib/docker/dockerinit
%{_unitdir}/%{name}.service
%{_unitdir}/%{name}.socket
%config %{_sysconfdir}/audit/rules.d/%{name}.rules
%{_prefix}/lib/udev/rules.d/80-%{name}.rules
/var/adm/fillup-templates/sysconfig.docker
%ifarch %go_arches
%{_mandir}/man1/docker-*.1.gz
%{_mandir}/man1/docker.1.gz
%{_mandir}/man5/Dockerfile.5.gz
%endif

%files bash-completion
%defattr(-,root,root)
%config %{_sysconfdir}/bash_completion.d/%{name}

%files zsh-completion
%defattr(-,root,root)
%config %{_sysconfdir}/zsh_completion.d/%{name}

%files test
%defattr(-,root,root)
/usr/src/docker/
# exclude binaries
%exclude /usr/src/docker/bundles/
# exclude init configurations other than systemd
%exclude /usr/src/docker/contrib/init/openrc
%exclude /usr/src/docker/contrib/init/sysvinit-debian
%exclude /usr/src/docker/contrib/init/sysvinit-redhat
%exclude /usr/src/docker/contrib/init/upstart

%changelog