File docker.spec of Package docker.2434

# spec file for package docker
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via

%define docker_store              /var/lib/docker
%define docker_graph              %{docker_store}/graph
%define docker_migration_testfile %{docker_store}/.suse-image-migration-v1to2-complete

%define git_version 9e83765
%define go_arches %ix86 x86_64
Name:           docker
Version:        1.10.3
Release:        0
Summary:        The Linux container runtime
License:        Apache-2.0
Group:          System/Management
Source:         %{name}-%{version}.tar.xz
Source1:        docker.service
Source3:        80-docker.rules
Source4:        sysconfig.docker

%if 0%{?suse_version} > 1320
Source5:        docker.socket
Source5:        docker_systemd_lt_214.socket

Source6:        docker-rpmlintrc
Source8:        docker-audit.rules
# TODO: remove once we figure out what is wrong with iptables on ppc64le
Source100:      sysconfig.docker.ppc64le
Patch0:         fix_platform_type_arm.patch
Patch1:         gcc5_socket_workaround.patch
Patch2:         fix-docker-init.patch
Patch3:         fix-apparmor.patch
%if 0%{?is_opensuse}
# nothing
# The mount-secrets patch is be a SLE-specific feature. As such, it is disabled by default on openSUSE.
# PATCH-FEATURE-SLE docker-mount-secrets.patch -- pass the SCC machine credentials and the /etc/SUSEConnect file to containers
Patch200:       docker-mount-secrets.patch
# Required to overcome some limitations of gcc-go:!msg/golang-nuts/SlGCPYkjxo4/4DjcjXRCqAkJ
# Right now docker passes the sha1sum of the dockerinit binary to the docker binary at build time
# We cannot do that, right now a quick and really dirty way to get it running is
# to simply disable this check
Patch100:       ignore-dockerinit-checksum.patch
Patch101:       gcc-go-patches.patch
Patch102:       netlink_gcc_go.patch
Patch103:       netlink_netns_powerpc.patch
Patch104:       boltdb_bolt_powerpc.patch
Patch105:       libnetwork_drivers_bridge_powerpc.patch
# This fixes bsc#976777. While the fix is upstream, it isn't in Docker 1.10.3 or
# Docker 1.11.0. This patch was squashed and cherry-picked from runc#708.
Patch901:       cve-2016-3697-numeric-uid.patch
BuildRequires:  audit
BuildRequires:  bash-completion
BuildRequires:  device-mapper-devel >= 1.2.68
BuildRequires:  glibc-devel-static
%ifarch %go_arches
BuildRequires:  go >= 1.5
BuildRequires:  go-go-md2man
BuildRequires:  gcc5-go >= 5.0
BuildRequires:  libapparmor-devel
BuildRequires:  libbtrfs-devel >= 3.8
BuildRequires:  procps
BuildRequires:  sqlite3-devel
BuildRequires:  systemd-devel
BuildRequires:  zsh
Requires:       apparmor-parser
Requires:       bridge-utils
Requires:       ca-certificates-mozilla
# Provides mkfs.ext4 - used by Docker when devicemapper storage driver is used
Requires:       e2fsprogs
Requires:       git-core >= 1.7
Requires:       iproute2 >= 3.5
Requires:       iptables >= 1.4
Requires:       kernel >= 3.8.0
Requires:       lvm2 >= 2.2.89
Requires:       procps
Requires:       tar >= 1.26
Requires:       xz >= 4.9
# Not necessary, but must be installed to have a smooth upgrade.
Recommends:     docker-image-migrator
Conflicts:      lxc < 1.0
PreReq:         %fillup_prereq
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
ExcludeArch:    %ix86
ExcludeArch:    s390
ExcludeArch:    ppc

Docker complements LXC with a high-level API which operates at the process
level. It runs unix processes with strong guarantees of isolation and
repeatability across servers.

Docker is a great building block for automating distributed systems: large-scale
web deployments, database clusters, continuous deployment systems, private PaaS,
service-oriented architectures, etc.

%package bash-completion
Summary:        Bash Completion for %{name}
Group:          System/Management
Requires:       %{name} = %{version}
Requires:       bash-completion
BuildArch:      noarch

%description bash-completion
Bash command line completion support for %{name}.

%package zsh-completion
Summary:        Zsh Completion for %{name}
Group:          System/Management
Requires:       %{name} = %{version}
Requires:       zsh
BuildArch:      noarch

%description zsh-completion
Zsh command line completion support for %{name}.

%package test
Summary:        Test package for docker
Group:          System/Management
Requires:       device-mapper-devel >= 1.2.68
Requires:       glibc-devel-static
%ifarch %go_arches
Requires:       go >= 1.4
Requires:       gcc5-go >= 5.0
BuildRequires:  fdupes
Requires:       apparmor-parser
Requires:       bash-completion
Requires:       libapparmor-devel
Requires:       libbtrfs-devel >= 3.8
Requires:       procps
Requires:       sqlite3-devel
BuildArch:      noarch

%global __requires_exclude ^*$

%description test
Test package for docker. It contains the source code and the tests.

%setup -q -n %{name}-%{version}
%patch0 -p1
# >= 1315 means leap, sle12, or Tumbleweed
# gcc5-go in those distros includes this commit
# Which "fixes" the data type for RawSockaddr.Data
# However, docker now expects the "wrong" data type, since docker had a workaround
# for that issue.
# Thus, we need to workaround the workaround
%if 0%{?suse_version} >= 1315
%patch1 -p1
%patch2 -p1
%patch3 -p1
%if 0%{?is_opensuse}
# nothing
%patch200 -p1
%ifnarch %go_arches
%patch101 -p1
%patch102 -p1
%patch103 -p1
%patch104 -p1
%patch105 -p1
%patch100 -p1
# bsc#976777
%patch901 -p1
cp %{SOURCE7} .

%ifnarch %go_arches
[ -e $tmphack ] && rm -rf $tmphack
mkdir $tmphack
ln -s /usr/bin/go-5 $tmphack/go
export PATH=$tmphack:$PATH

(cat <<EOF
export AUTO_GOPATH=1
export DOCKER_BUILDTAGS="exclude_graphdriver_aufs apparmor selinux"
export DOCKER_GITCOMMIT=%{git_version}
) > docker_build_env
. ./docker_build_env

%ifarch %go_arches
./hack/ dynbinary
./hack/ dyngccgo

# remove other than systemd
# otherwise the resulting package will have extra requires
rm -rf hack/make/.build-deb

install -d %{buildroot}%{go_contribdir}
install -d %{buildroot}%{_bindir}
%ifarch %go_arches
install -D -m755 bundles/%{version}/dynbinary/%{name}-%{version} %{buildroot}/%{_bindir}/%{name}
install -D -m755 bundles/%{version}/dynbinary/dockerinit-%{version} %{buildroot}/%{_prefix}/lib/docker/dockerinit
install -D -m755 bundles/%{version}/dyngccgo/%{name}-%{version} %{buildroot}/%{_bindir}/%{name}
install -D -m755 bundles/%{version}/dyngccgo/dockerinit-%{version} %{buildroot}/%{_prefix}/lib/docker/dockerinit
install -d %{buildroot}/%{_prefix}/lib/docker
install -Dd -m 0755 \
   %{buildroot}%{_sysconfdir}/init.d \

install -D -m0644 contrib/completion/bash/docker "%{buildroot}/etc/bash_completion.d/%{name}"
install -D -m0644 contrib/completion/zsh/_docker "%{buildroot}/etc/zsh_completion.d/%{name}"
# copy all for the test package
install -d %{buildroot}/usr/src/docker/
cp -av . %{buildroot}/usr/src/docker/

# systemd service
install -D -m 0644 %SOURCE1 %{buildroot}%{_unitdir}/%{name}.service
install -D -m 0644 %SOURCE5 %{buildroot}%{_unitdir}/%{name}.socket
ln -sf /sbin/service $RPM_BUILD_ROOT/usr/sbin/rcdocker

# udev rules that prevents dolphin to show all docker devices and slows down
# upstream report

install -D -m 0644 %SOURCE3 %{buildroot}%{_prefix}/lib/udev/rules.d/80-%{name}.rules

# audit rules
install -D -m 0640 %SOURCE8 %{buildroot}%{_sysconfdir}/audit/rules.d/%{name}.rules

# sysconfig file
%ifarch ppc64le
install -D -m 644 %SOURCE100 %{buildroot}/var/adm/fillup-templates/sysconfig.docker
install -D -m 644 %SOURCE4 %{buildroot}/var/adm/fillup-templates/sysconfig.docker

%ifarch %go_arches
# install manpages
install -d %{buildroot}%{_mandir}/man1
install -p -m 644 man/man1/*.1 %{buildroot}%{_mandir}/man1
install -d %{buildroot}%{_mandir}/man5
install -p -m 644 man/man5/Dockerfile.5 %{buildroot}%{_mandir}/man5

%fdupes %{buildroot}

# We're currently inside rpmlint, which will cause us to fail the tests if it
# happens that the Docker install in the builder requires a migration.
if [[ -z "$BUILD_ROOT" ]]
	# In order to make sure we don't print a scary warning when we shouldn't we
	# need to test these things (in this order):
	# 1. Check that /var/lib/docker actually exists (docker daemon has run).
	# 2. Check that the migrator has *not* finished.
	# 3. Check that /var/lib/docker/graph exists (this is a <=1.9.1 thing, but
	#    will stick around if it has been migrated -- which is why we need the
	# 4. Check that there are images in the graph/ directory.
	if [[ -d "%{docker_store}" && ( ! -f "%{docker_migration_testfile}" ) && -d "%{docker_store}" && -n "$(find "%{docker_store}" -maxdepth 1 -type d 2>/dev/null | grep -Ev '_tmp|^%{docker_store}$')" ]]


cat >&2 <<EOF

                               ***  WARNING  ***

In the migration from docker<1.10.0 to docker>=1.10.0, the Docker image format
has changed to be completely content-addressible. This results in several positive
improvements to image operations (better caching during builds mainly). However,
the migration operation may take several hours if you have a lot of large images
on a Docker host. In order to ensure that you have minimum downtime, this update
of Docker will not complete successfully, and you will have the opportunity to
run a separate migration tool (which will not cause downtime for your Docker

In order to run this migration tool, please install the 'docker-image-migrator'
package. You can run the migration with this command, which will exit after the
migration has been completed:

$ /usr/lib/docker-image-migrator/

Because the migrator requires information about the storage driver used by Docker,
the migration script will source /etc/sysconfig/docker and use \$DOCKER_OPTS as
arguments to the migrator. If this automated migration fails, it will be re-attempted
with every known storage driver. In addition, the script accepts arguments which
will simiarly be appended to the set of arguments (after \$DOCKER_OPTS) to the

However, if you prefer to not run this separate migration tool, you can force this
update using the following command. THIS WILL CAUSE DOWNTIME, BECAUSE DOCKER WILL

$ DOCKER_FORCE_INSTALL=1 sudo -E zypper up docker

			# Fail the update.
			exit 1

	# In order to make sure that we don't accidentally cause problems with an
	# upgrade to docker>=1.10.2, we'll touch the same file we tested in (2).
	# -m701 is *not* a typo, it is necessary for certain syscalls with remapped
	# root.
	[[ -d "%{docker_store}" ]] || install -d -m701 %{docker_store} || :
	touch %{docker_migration_testfile}

echo "creating group docker..."
groupadd -r docker 2>/dev/null || :
%service_add_pre %{name}.service %{name}.socket

%service_add_post %{name}.service %{name}.socket
%{fillup_only -n docker}

%service_del_preun %{name}.service %{name}.socket

%service_del_postun %{name}.service %{name}.socket

%config %{_sysconfdir}/audit/rules.d/%{name}.rules
%ifarch %go_arches

%files bash-completion
%config %{_sysconfdir}/bash_completion.d/%{name}

%files zsh-completion
%config %{_sysconfdir}/zsh_completion.d/%{name}

%files test
# exclude binaries
%exclude /usr/src/docker/bundles/
# exclude init configurations other than systemd
%exclude /usr/src/docker/contrib/init/openrc
%exclude /usr/src/docker/contrib/init/sysvinit-debian
%exclude /usr/src/docker/contrib/init/sysvinit-redhat
%exclude /usr/src/docker/contrib/init/upstart