File docker.spec of Package docker

# spec file for package docker
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via
# nodebuginfo

# Where important update information will be stored, such that an administrator
# is guaranteed to see the relevant warning.
%define update_messages %{_localstatedir}/adm/update-messages/%{name}-%{version}-%{release}

#Compat macro for new _fillupdir macro introduced in Nov 2017
%if ! %{defined _fillupdir}
  %define _fillupdir /var/adm/fillup-templates

# Used when generating the "build" information for Docker version. The value of
# git_commit_epoch is unused here (we use SOURCE_DATE_EPOCH, which rpm
# helpfully injects into our build environment from the changelog). If you want
# to generate a new git_commit_epoch, use this:
#  $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s'
%define git_version f4ffd2511ce9
%define git_commit_epoch 1508606827

# These are the git commits required. We verify them against the source to make
# sure we didn't miss anything important when doing upgrades.
%define required_containerd 06b9cb35161009dcb7123345749fef02f7cea8e0
%define required_dockerrunc 3f2f8b84a77f73d38244dd690525642a72156c64
%define required_libnetwork 7b2b1feb1de4817d522cc372af149ff48d25028e

Name:           docker
Version:        17.09.1_ce
Release:        0
Summary:        The Linux container runtime
License:        Apache-2.0
Group:          System/Management
# TODO(VR): check those SOURCE files below
Source:         %{name}-%{version}.tar.xz
Source1:        docker.service
Source3:        80-docker.rules
Source4:        sysconfig.docker
Source6:        docker-rpmlintrc
Source8:        docker-audit.rules
# SUSE-FEATURE: Adds the /run/secrets mountpoint inside all Docker containers
# which is not snapshotted when images are committed. Note that if you modify
# this patch, please also modify the patch in the suse-secrets-v<version>
# branch in
Patch200:       secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
Patch201:       secrets-0002-SUSE-implement-SUSE-container-secrets.patch
# SUSE-BACKPORT: Backport of bsc#1055676
Patch400:       bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch
# SUSE-BACKPORT: Backport of bsc#1021227 bsc#1029320 bsc#1058173
Patch401:       bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch
# SUSE-BACKPORT: Backport of bsc#1073877
Patch402:       bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
BuildRequires:  audit
BuildRequires:  bash-completion
BuildRequires:  ca-certificates
BuildRequires:  device-mapper-devel >= 1.2.68
BuildRequires:  glibc-devel-static
BuildRequires:  libapparmor-devel
BuildRequires:  libbtrfs-devel >= 3.8
# enable libseccomp for sle >= sle12sp2
%if 0%{?sle_version} >= 120200
%define with_libseccomp 1
# enable libseccomp for leap >= 42.2
%if 0%{?leap_version} >= 420200
%define with_libseccomp 1
# enable libseccomp for Factory
%if 0%{?suse_version} > 1320
%define with_libseccomp 1
%if 0%{?with_libseccomp}
BuildRequires:  libseccomp-devel
BuildRequires:  libtool
BuildRequires:  procps
BuildRequires:  sqlite3-devel
BuildRequires:  systemd-devel
BuildRequires:  zsh
Requires:       apparmor-parser
Requires:       ca-certificates-mozilla
# Required in order for networking to work. fix_bsc_1057743 is a work-around
# for some old packaging issues (where rpm would delete a binary that was
# installed by docker-libnetwork). See bsc#1057743 for more details.
Requires:       docker-libnetwork-git = %{required_libnetwork}
Requires:       fix_bsc_1057743
# Containerd and runC are required as they are the only currently supported
# execdrivers of Docker. NOTE: The version pinning here matches upstream's
# vendor.conf to ensure that we don't use a slightly incompatible version of
# runC or containerd (which would be bad).
Requires:       containerd-git  = %{required_containerd}
Requires:       docker-runc-git = %{required_dockerrunc}
# Needed for --init support. We don't use "tini", we use our own implementation
# which handles edge-cases better.
Requires:       catatonit
# Provides mkfs.ext4 - used by Docker when devicemapper storage driver is used
Requires:       e2fsprogs
Requires:       git-core >= 1.7
Requires:       iproute2 >= 3.5
Requires:       iptables >= 1.4
Requires:       procps
Requires:       tar >= 1.26
Requires:       xz >= 4.9
Requires(post): %fillup_prereq
Requires(post): udev
Requires(post): shadow
# We used to have a migration tool for the upgrade from v1.9.x to v1.10.x.
# It is no longer useful, so we obsolete it. bsc#1069758
Obsoletes:      docker-image-migrator
# Not necessary, but must be installed when the underlying system is
# configured to use lvm and the user doesn't explicitly provide a
# different storage-driver than devicemapper
Recommends:     lvm2 >= 2.2.89
Conflicts:      lxc < 1.0
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
ExcludeArch:    s390 ppc
# Make sure we build with go 1.8
BuildRequires:  go-go-md2man
BuildRequires:  golang(API) = 1.8

Docker complements LXC with a high-level API which operates at the process
level. It runs unix processes with strong guarantees of isolation and
repeatability across servers.

Docker is a great building block for automating distributed systems: large-scale
web deployments, database clusters, continuous deployment systems, private PaaS,
service-oriented architectures, etc.

%package bash-completion
Summary:        Bash Completion for %{name}
Group:          System/Management
Requires:       %{name} = %{version}
Supplements:    packageand(docker:bash-completion)
BuildArch:      noarch

%description bash-completion
Bash command line completion support for %{name}.

%package zsh-completion
Summary:        Zsh Completion for %{name}
Group:          System/Management
Requires:       %{name} = %{version}
Supplements:    packageand(docker:zsh)
BuildArch:      noarch

%description zsh-completion
Zsh command line completion support for %{name}.

%package test
%global __requires_exclude ^*$
Summary:        Test package for docker
Group:          System/Management
BuildRequires:  fdupes
Requires:       apparmor-parser
Requires:       bash-completion
Requires:       device-mapper-devel >= 1.2.68
Requires:       glibc-devel-static
Requires:       libapparmor-devel
Requires:       libbtrfs-devel >= 3.8
Requires:       procps
Requires:       sqlite3-devel
Requires:       golang(API) = 1.8

%description test
Test package for docker. It contains the source code and the tests.

%setup -q
%if 0%{?is_opensuse}
# nothing
# PATCH-SUSE: Secrets patches.
%patch200 -p1
%patch201 -p1
# bsc#1055676
%patch400 -p1
# bsc#1021227 bsc#1029320 bsc#1058173
%patch401 -p1
# bsc#1073877
%patch402 -p1

cp %{SOURCE7} .
cp %{SOURCE9} .

BUILDTAGS="exclude_graphdriver_aufs apparmor selinux pkcs11"
%if 0%{?with_libseccomp}
%if 0%{?sle_version} == 120000
	# Provided by patch406, to allow us to build with older distros but still
	# have deferred removal support at runtime. We only use this when building
	# on SLE12.
	BUILDTAGS="libdm_dlsym_deferred_remove $BUILDTAGS"

(cat <<EOF
export AUTO_GOPATH=1
# Until boo#1038493 is fixed properly we need to do this hack to get the
# compiled-into-the-binary GOROOT.
export GOROOT="$(GOROOT= go env GOROOT)"
# Make sure we always build PIC code. bsc#1048046
export BUILDFLAGS="-buildmode=pie"
# Specify all of the versioning information. We use SOURCE_DATE_EPOCH if it's
# been injected by rpmbuild, otherwise we use the hardcoded git_commit_epoch
# generated above. boo#1064781
export VERSION="$(cat ./VERSION 2>/dev/null || echo '%{version}')"
export DOCKER_GITCOMMIT="%{git_version}"
export GITCOMMIT="%{git_version}"
export SOURCE_DATE_EPOCH="${SOURCE_DATE_EPOCH:-%{git_commit_epoch}}"
export BUILDTIME="$(date -u -d "@$SOURCE_DATE_EPOCH" --rfc-3339 ns 2>/dev/null | sed -e 's/ /T/')"
) > docker_build_env
. ./docker_build_env

# Preparing GOPATH so that the client is visible to the compiler
mkdir -p src/
ln -s $(pwd)/components/cli $(pwd)/src/

cd components/engine/
# ignore the warning that we compile outside a Docker container
./hack/ dynbinary
# build the tests binary
GOPATH=$(pwd)/vendor:$(pwd)/.gopath/ go test \
	-buildmode=pie \
	-tags "$DOCKER_BUILDTAGS daemon autogen" \
	-c -o tests.main
cd ../..

cd components/cli

mkdir -p ./man/man1
go build -buildmode=pie -o gen-manpages
./gen-manpages --root "$(pwd)" --target "$(pwd)/man/man1"
cd ../..

. ./docker_build_env

# go test will look in for vendored packages but
# Docker keeps them in Let's do it like
# Docker does it and append to the GOPATH so the
# packages are found by go test.
export GOPATH=$HOME/go/src/$GOPATH

# Create or dir if it doesn't exist already
mkdir -p $HOME/go/src/

# Remove any existing symlinks.
rm -rf $HOME/go/src/*

# go list -e ... doesn't seem to work with symlinks so do a full copy instead.
cp -ar %{buildroot}/usr/src/docker/engine $HOME/go/src/

cd $HOME/go/src/

# We verify that all of our -git requires are correct. This is done on-build to
# make sure that someone doing an update didn't miss anything.
grep 'RUNC_COMMIT=%{required_dockerrunc}'       hack/dockerfile/binaries-commits
grep 'CONTAINERD_COMMIT=%{required_containerd}' hack/dockerfile/binaries-commits
grep 'LIBNETWORK_COMMIT=%{required_libnetwork}' hack/dockerfile/binaries-commits

# The command is taken from hack/make/test-unit and various test runs.
# Everything that follows are packages
# containing tests that cannot run in an obs build context. Some tests must be
# excluded as they will always fail in our build environments.
PKG_LIST=$(go list -e \
		-f '{{if ne .Name ""}} {{.ImportPath}}
		{{end}}'  \
		-a "${BUILDFLAGS[@]}" ... \
		| grep    '' \
		| grep -Ev 'vendor/(.+/)?' \
		| grep -v '' \
		| grep -v '$' \
		| grep -v '$' \
		| grep -v '$' \
		| grep -v '' \
		| grep -v '$' \
%ifarch s390x
		| grep -v '' \
		| grep -v '$' \
		| grep -v '' \
		| grep -Pv '!/gelf)' \
		| grep -v '' \
		| grep -v '' \
		| grep -v '$' \
		| grep -v '$' \
		| grep -v '$' \
%if 0%{?sle_version} == 120000
		| grep -v '$' \
		| grep -v '$' \
		| grep -v '$' \
		| grep -v '$' \
		| grep -v '$' \
		| grep -v '$' \
		| grep -v '$' \
		| grep -v '' \
%if ! 0%{?with_libseccomp}
		| grep -v '$' \
		| grep -v '$' \
		| grep -v '$' \
rm ./pkg/system/rm_test.go
go test -buildmode=pie -cover -ldflags -w -tags "$DOCKER_BUILDTAGS" -a -test.timeout=10m $PKG_LIST

find $(go env GOROOT) -type d

cp -ar %{buildroot}/usr/src/docker/cli $HOME/go/src/
cd $HOME/go/src/
PKG_LIST=$(go list ./... \
		| grep    '' \
		| grep -v '' \
		| grep -Ev 'vendor/(.+/)?' \
		| grep -v '' \
		| grep -v '' \
		| grep -v '' \
		| grep -v '' \
		| grep -v '' \
		| grep -v '' \

# We cannot use -buildmode=pie here becaue (for some reason) 'go test' will
# produce really odd errors about packages missing (this only happens if we
# have a lot of packages in the cmdline). So just avoid running these tests if
# we're on ppc64le (which requires -buildmode=pie).
%ifnarch ppc64le
go test -cover -ldflags -w -tags "$DOCKER_BUILDTAGS" -a -test.timeout=10m $PKG_LIST

install -d %{buildroot}%{go_contribdir}
install -d %{buildroot}%{_bindir}
install -D -m755 components/cli/build/docker %{buildroot}/%{_bindir}/docker
install -D -m755 components/engine/bundles/latest/dynbinary-daemon/dockerd %{buildroot}/%{_bindir}/dockerd
install -d %{buildroot}/%{_localstatedir}/lib/docker
install -Dd -m 0755 \
	%{buildroot}%{_sysconfdir}/init.d \

install -D -m0644 components/cli/contrib/completion/bash/docker "%{buildroot}%{_sysconfdir}/bash_completion.d/%{name}"
install -D -m0644 components/cli/contrib/completion/zsh/_docker "%{buildroot}%{_sysconfdir}/zsh_completion.d/%{name}"
# copy all for the test package
install -d %{buildroot}%{_prefix}/src/docker/
cp -a components/engine/. %{buildroot}%{_prefix}/src/docker/engine
cp -a components/cli/. %{buildroot}%{_prefix}/src/docker/cli

# systemd service
install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service
ln -sf service %{buildroot}%{_sbindir}/rcdocker

# udev rules that prevents dolphin to show all docker devices and slows down
# upstream report
install -D -m 0644 %{SOURCE3} %{buildroot}%{_udevrulesdir}/80-%{name}.rules

# audit rules
install -D -m 0640 %{SOURCE8} %{buildroot}%{_sysconfdir}/audit/rules.d/%{name}.rules

# sysconfig file
install -D -m 644 %{SOURCE4} %{buildroot}%{_fillupdir}/sysconfig.docker

# install manpages (using the ones from the engine)
install -d %{buildroot}%{_mandir}/man1
install -p -m 644 components/cli/man/man1/*.1 %{buildroot}%{_mandir}/man1
install -d %{buildroot}%{_mandir}/man5
install -p -m 644 components/cli/man/man5/Dockerfile.5 %{buildroot}%{_mandir}/man5
install -d %{buildroot}%{_mandir}/man8
install -p -m 644 components/cli/man/man8/*.8 %{buildroot}%{_mandir}/man8

%fdupes %{buildroot}

getent group docker >/dev/null || groupadd -r docker
%service_add_pre %{name}.service

%service_add_post %{name}.service
%{fillup_only -n docker}

%service_del_preun %{name}.service

%service_del_postun %{name}.service

%doc components/engine/ components/engine/LICENSE
%config %{_sysconfdir}/audit/rules.d/%{name}.rules
%dir %{_localstatedir}/lib/docker/

%files bash-completion
%config %{_sysconfdir}/bash_completion.d/%{name}

%files zsh-completion
%config %{_sysconfdir}/zsh_completion.d/%{name}

%files test
# exclude binaries
%exclude %{_prefix}/src/docker/engine/bundles/
%exclude %{_prefix}/src/docker/cli/build/
# exclude init configurations other than systemd
%exclude %{_prefix}/src/docker/engine/contrib/init/openrc
%exclude %{_prefix}/src/docker/engine/contrib/init/sysvinit-debian
%exclude %{_prefix}/src/docker/engine/contrib/init/sysvinit-redhat
%exclude %{_prefix}/src/docker/engine/contrib/init/upstart

openSUSE Build Service is sponsored by