File docker.spec of Package docker.21254
#
# spec file for package docker
#
# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
# nodebuginfo
# Where important update information will be stored, such that an administrator
# is guaranteed to see the relevant warning.
%define update_messages %{_localstatedir}/adm/update-messages/%{name}-%{version}-%{release}
#Compat macro for new _fillupdir macro introduced in Nov 2017
%if ! %{defined _fillupdir}
%define _fillupdir /var/adm/fillup-templates
%endif
# Handle _multibuild magic.
%define flavour @BUILD_FLAVOR@%{nil}
# We split the Name: into "realname" and "name_suffix".
%define realname docker
%if "%flavour" == ""
%define name_suffix %{nil}
%else
%define name_suffix -%{flavour}
%endif
# Used when generating the "build" information for Docker version. The value of
# git_commit_epoch is unused here (we use SOURCE_DATE_EPOCH, which rpm
# helpfully injects into our build environment from the changelog). If you want
# to generate a new git_commit_epoch, use this:
# $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s'
%define git_version 8728dd246c3a
%define git_commit_epoch 1618005978
# We require a specific pin of libnetwork because it doesn't really do
# versioning and minor version mismatches in libnetwork can break Docker
# networking. All other key runtime dependencies (containerd, runc) are stable
# enough that this isn't necessary.
%define libnetwork_version b3507428be5b458cb0e2b4086b13531fb0706e46
%define dist_builddir %{_builddir}/dist-suse
%define cli_builddir %{dist_builddir}/src/github.com/docker/cli
%define proxy_builddir %{dist_builddir}/src/github.com/docker/libnetwork
Name: %{realname}%{name_suffix}
Version: 20.10.6_ce
# This "nice version" is so that docker --version gives a result that can be
# parsed by other people. boo#1182476
%define nice_version 20.10.6-ce
Release: 0
Summary: The Moby-project Linux container runtime
License: Apache-2.0
Group: System/Management
URL: http://www.docker.io
Source: %{realname}-%{version}_%{git_version}.tar.xz
Source1: %{realname}-cli-%{version}.tar.xz
Source2: %{realname}-libnetwork-%{libnetwork_version}.tar.xz
Source3: docker-rpmlintrc
# TODO: Move these source files to somewhere nicer.
Source100: docker.service
Source101: 80-docker.rules
Source102: sysconfig.docker
Source103: README_SUSE.md
Source104: docker-audit.rules
Source105: docker-daemon.json
# Kubelet-specific sources.
# bsc#1086185 -- but we only apply this on Kubic.
Source900: docker-kubic-service.conf
Source901: kubelet.env
# NOTE: All of these patches are maintained in <https://github.com/suse/docker>
# in the suse-<version> branch. Make sure you update the patches in that
# branch and then git-format-patch the patch here.
# SUSE-FEATURE: Adds the /run/secrets mountpoint inside all Docker containers
# which is not snapshotted when images are committed.
Patch100: 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
Patch101: 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
# SUSE-FEATURE: Add support to mirror unofficial/private registries
# <https://github.com/docker/docker/pull/34319>.
Patch200: 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
# SUSE-BACKPORT: Backport of https://github.com/docker/docker/pull/37353. bsc#1073877 bsc#1099277
Patch300: 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
# SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/42273. bsc#1183855 bsc#1175081
Patch301: 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
# SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/42836. bsc#1190670
Patch302: 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch
BuildRequires: audit
BuildRequires: bash-completion
BuildRequires: ca-certificates
BuildRequires: device-mapper-devel >= 1.2.68
BuildRequires: fdupes
BuildRequires: libapparmor-devel
BuildRequires: libbtrfs-devel >= 3.8
BuildRequires: libseccomp-devel >= 2.2
BuildRequires: libtool
BuildRequires: procps
BuildRequires: sqlite3-devel
BuildRequires: zsh
BuildRequires: fish
BuildRequires: go-go-md2man
# We cannot use Go 1.14 because it breaks io.Copy (among other things) by
# returning -EINTR from I/O syscalls much more often.
BuildRequires: go1.13
BuildRequires: pkgconfig(libsystemd)
Requires: apparmor-parser
Requires: ca-certificates-mozilla
# The docker-proxy binary used to be in a separate package. We obsolete it,
# since now docker-proxy is maintained as part of this package.
Obsoletes: docker-libnetwork%{name_suffix} < 0.7.0.2
Provides: docker-libnetwork%{name_suffix} = 0.7.0.2.%{version}
# Required to actually run containers. We require the minimum version that is
# pinned by Docker, but in order to avoid headaches we allow for updates.
Requires: runc >= 1.0.0~rc93
Requires: containerd >= 1.4.3
# Needed for --init support. We don't use "tini", we use our own implementation
# which handles edge-cases better.
Requires: catatonit
# Provides mkfs.ext4 - used by Docker when devicemapper storage driver is used
Requires: e2fsprogs
Requires: iproute2 >= 3.5
Requires: iptables >= 1.4
Requires: procps
Requires: tar >= 1.26
Requires: xz >= 4.9
Requires(post): %fillup_prereq
Requires(post): udev
Requires(post): shadow
# Not necessary, but must be installed when the underlying system is
# configured to use lvm and the user doesn't explicitly provide a
# different storage-driver than devicemapper
Recommends: lvm2 >= 2.2.89
Recommends: git-core >= 1.7
ExcludeArch: s390 ppc
# KUBIC-SPECIFIC: This was required when upgrading from the original kubic
# packaging, when everything was renamed to -kubic. It also is
# used to ensure that nothing complains too much when using
# -kubic packages. Hopfully it can be removed one day.
%if "%flavour" == "kubic"
# Obsolete old packege without the -kubic suffix
Obsoletes: %{realname} = 1.12.6
Obsoletes: %{realname}_1_12_6
# Conflict with non-kubic package, and provide equivalent
Conflicts: %{realname}
Provides: %{realname} = %{version}
# Kubernetes requires cri-runtime, which should be provided only by the -kubic flavour of this package
Provides: cri-runtime
# No i586 Kubernetes, so docker-kubic must not be built for i586 also
ExcludeArch: i586
# Disable leap based builds for kubic flavor (bsc#1121412)
%if 0%{?suse_version} == 1500 && 0%{?is_opensuse}
ExclusiveArch: do_not_build
%endif
%endif
%description
Docker complements LXC with a high-level API which operates at the process
level. It runs unix processes with strong guarantees of isolation and
repeatability across servers.
Docker is a great building block for automating distributed systems: large-scale
web deployments, database clusters, continuous deployment systems, private PaaS,
service-oriented architectures, etc.
%package bash-completion
Summary: Bash Completion for %{name}
Group: System/Shells
Requires: %{name} = %{version}
Requires: bash-completion
Supplements: packageand(%{name}:bash-completion)
BuildArch: noarch
# KUBIC-SPECIFIC: This was required when upgrading from the original kubic
# packaging, when everything was renamed to -kubic. It also is
# used to ensure that nothing complains too much when using
# -kubic packages. Hopfully it can be removed one day.
%if "%flavour" == "kubic"
# Obsolete old packege without the -kubic suffix
Obsoletes: %{realname}-bash-completion = 1.12.6
# Conflict with non-kubic package, and provide equivalent
Conflicts: %{realname}-bash-completion > 1.12.6
Provides: %{realname}-bash-completion = %{version}
%endif
%description bash-completion
Bash command line completion support for %{name}.
%package zsh-completion
Summary: Zsh Completion for %{name}
Group: System/Shells
Requires: %{name} = %{version}
Requires: zsh
Supplements: packageand(%{name}:zsh)
BuildArch: noarch
# KUBIC-SPECIFIC: This was required when upgrading from the original kubic
# packaging, when everything was renamed to -kubic. It also is
# used to ensure that nothing complains too much when using
# -kubic packages. Hopfully it can be removed one day.
%if "%flavour" == "kubic"
# Obsolete old packege without the -kubic suffix
Obsoletes: %{realname}-zsh-completion = 1.12.6
# Conflict with non-kubic package, and provide equivalent
Conflicts: %{realname}-zsh-completion > 1.12.6
Provides: %{realname}-zsh-completion = %{version}
%endif
%description zsh-completion
Zsh command line completion support for %{name}.
%package fish-completion
Summary: Fish completion for %{name}
Group: System/Shells
Requires: %{name} = %{version}
Requires: fish
Supplements: packageand(%{name}:fish)
BuildArch: noarch
%if "%flavour" == "kubic"
# Conflict with non-kubic package, and provide equivalent
Conflicts: %{realname}-fish-completion
Provides: %{realname}-fish-completion = %{version}
%endif
%description fish-completion
Fish command line completion support for %{name}.
%if "%flavour" == "kubic"
%package kubeadm-criconfig
Summary: docker container runtime configuration for kubeadm
Group: System/Management
Requires: kubernetes-kubeadm
Requires(post): %fillup_prereq
Supplements: docker-kubic
Provides: kubernetes-kubeadm-criconfig
Conflicts: cri-o-kubeadm-criconfig
%description kubeadm-criconfig
docker container runtime configuration for kubeadm
%endif
%prep
%setup -q -n %{realname}-%{version}_%{git_version}
%if 0%{?is_opensuse}
# nothing
%else
# PATCH-SUSE: Secrets patches.
%patch100 -p1
%patch101 -p1
%endif
%if "%flavour" == "kubic"
# PATCH-SUSE: Mirror patch.
%patch200 -p1
%endif
# bsc#1099277
%patch300 -p1
# bsc#1183855 bsc#1175081
%patch301 -p1
# bsc#1190670
%patch302 -p1
# README_SUSE.md for documentation.
cp %{SOURCE103} .
# Extract the docker-cli source in a subdir.
mkdir -p %{cli_builddir}
pushd %{cli_builddir}
xz -dc %{SOURCE1} | tar -xof - --strip-components=1
popd
# Extract the docker-libnetwork source in a subdir.
mkdir -p %{proxy_builddir}
pushd %{proxy_builddir}
xz -dc %{SOURCE2} | tar -xof - --strip-components=1
popd
%build
echo "$PWD -- $PWD -- $PWD"
BUILDTAGS="exclude_graphdriver_aufs apparmor selinux seccomp pkcs11"
%if 0%{?sle_version} == 120000
# Allow us to build with older distros but still have deferred removal
# support at runtime. We only use this when building on SLE12, because
# later openSUSE/SLE versions have a new enough libdevicemapper to not
# require the runtime checking.
BUILDTAGS="libdm_dlsym_deferred_remove $BUILDTAGS"
%endif
(cat <<EOF
export AUTO_GOPATH=1
export DOCKER_BUILDTAGS="$BUILDTAGS"
# Until boo#1038493 is fixed properly we need to do this hack to get the
# compiled-into-the-binary GOROOT.
export GOROOT="$(GOROOT= go env GOROOT)"
# Make sure we always build PIC code. bsc#1048046
export BUILDFLAGS="-buildmode=pie"
# Specify all of the versioning information. We use SOURCE_DATE_EPOCH if it's
# been injected by rpmbuild, otherwise we use the hardcoded git_commit_epoch
# generated above. boo#1064781
export VERSION="%{nice_version}"
export DOCKER_GITCOMMIT="%{git_version}"
export GITCOMMIT="%{git_version}"
export SOURCE_DATE_EPOCH="${SOURCE_DATE_EPOCH:-%{git_commit_epoch}}"
export BUILDTIME="$(date -u -d "@$SOURCE_DATE_EPOCH" --rfc-3339 ns 2>/dev/null | sed -e 's/ /T/')"
EOF
) > docker_build_env
. ./docker_build_env
# Preparing GOPATH so that the client is visible to the compiler
mkdir -p src/github.com/docker/
ln -s "%{cli_builddir}" "$PWD/src/github.com/docker/cli"
export GOPATH="$GOPATH:$PWD"
###################
## DOCKER ENGINE ##
###################
# Ignore the warning that we compile outside a Docker container.
./hack/make.sh dynbinary
###################
## DOCKER CLIENT ##
###################
pushd %{cli_builddir}
make dynbinary
mkdir -p ./man/man1
go build -buildmode=pie -o gen-manpages github.com/docker/cli/man
./gen-manpages --root "$PWD" --target "$PWD/man/man1"
./man/md2man-all.sh
popd
##################
## DOCKER PROXY ##
##################
pushd %{proxy_builddir}
GOPATH="%{dist_builddir}" \
go build -buildmode=pie -o docker-proxy github.com/docker/libnetwork/cmd/proxy
popd
# We verify that our libnetwork source is the correct version. This is done
# on-build to make sure that someone doing an update didn't miss anything.
grep 'LIBNETWORK_COMMIT:=%{libnetwork_version}' hack/dockerfile/install/proxy.installer
%install
install -Dd -m0755 \
%{buildroot}%{_sysconfdir}/init.d \
%{buildroot}%{_bindir} \
%{buildroot}%{_sbindir}
# docker daemon
install -D -m0755 bundles/dynbinary-daemon/dockerd %{buildroot}/%{_bindir}/dockerd
install -d %{buildroot}/%{_localstatedir}/lib/docker
# daemon.json config file
install -D -m0644 %{SOURCE105} %{buildroot}%{_sysconfdir}/docker/daemon.json
# docker cli
install -D -m0755 %{cli_builddir}/build/docker %{buildroot}/%{_bindir}/docker
install -D -m0644 %{cli_builddir}/contrib/completion/bash/docker "%{buildroot}%{_datarootdir}/bash-completion/completions/%{realname}"
install -D -m0644 %{cli_builddir}/contrib/completion/zsh/_docker "%{buildroot}%{_sysconfdir}/zsh_completion.d/_%{realname}"
install -D -m0644 %{cli_builddir}/contrib/completion/fish/docker.fish "%{buildroot}/%{_datadir}/fish/vendor_completions.d/%{realname}.fish"
# docker proxy
install -D -m0755 %{proxy_builddir}/docker-proxy %{buildroot}/%{_bindir}/docker-proxy
# systemd service
install -D -m0644 %{SOURCE100} %{buildroot}%{_unitdir}/%{realname}.service
%if "%flavour" == "kubic"
install -D -m0644 %{SOURCE900} %{buildroot}%{_unitdir}/%{realname}.service.d/90-kubic.conf
%endif
ln -sf service %{buildroot}%{_sbindir}/rcdocker
# udev rules that prevents dolphin to show all docker devices and slows down
# upstream report https://bugs.kde.org/show_bug.cgi?id=329930
install -D -m0644 %{SOURCE101} %{buildroot}%{_udevrulesdir}/80-%{realname}.rules
# audit rules
install -D -m0640 %{SOURCE104} %{buildroot}%{_sysconfdir}/audit/rules.d/%{realname}.rules
# sysconfig file
install -D -m0644 %{SOURCE102} %{buildroot}%{_fillupdir}/sysconfig.docker
# install manpages (using the ones from the engine)
install -d %{buildroot}%{_mandir}/man1
install -p -m0644 %{cli_builddir}/man/man1/*.1 %{buildroot}%{_mandir}/man1
install -d %{buildroot}%{_mandir}/man5
install -p -m0644 %{cli_builddir}/man/man5/Dockerfile.5 %{buildroot}%{_mandir}/man5
install -d %{buildroot}%{_mandir}/man8
install -p -m0644 %{cli_builddir}/man/man8/*.8 %{buildroot}%{_mandir}/man8
%if "%flavour" == "kubic"
# place kubelet.env in fillupdir (for kubeadm-criconfig)
sed -e 's-@LIBEXECDIR@-%{_libexecdir}-g' -i %{SOURCE901}
install -D -m0644 %{SOURCE901} %{buildroot}%{_fillupdir}/sysconfig.kubelet
%endif
%fdupes %{buildroot}
%pre
# /var/run/docker.sock group owner.
getent group docker >/dev/null || groupadd -r docker
# used for --userns-remap=default.
getent passwd dockremap >/dev/null || \
useradd -Ur -p '!' -s /bin/false -c 'docker --userns-remap=default' dockremap
# /etc/sub[ug]id should exist already (it's part of shadow-utils), but older
# distros don't have it. Docker just parses it and doesn't need any special
# shadow-utils helpers.
touch /etc/subuid /etc/subgid ||:
# "useradd -r" doesn't add sub[ug]ids so we manually add some. Hopefully there
# aren't any conflicts here, because usermod doesn't provide the same "get
# unusued range" feature that dockremap does.
grep -q '^dockremap:' /etc/subuid || \
usermod -v 100000000-200000000 dockremap &>/dev/null || \
echo "dockremap:100000000:100000001" >>/etc/subuid ||:
grep -q '^dockremap:' /etc/subgid || \
usermod -w 100000000-200000000 dockremap &>/dev/null || \
echo "dockremap:100000000:100000001" >>/etc/subgid ||:
%service_add_pre %{realname}.service
%post
%service_add_post %{realname}.service
%{fillup_only -n docker}
%if "%flavour" == "kubic"
%post kubeadm-criconfig
%fillup_only -n kubelet
%endif
%preun
%service_del_preun %{realname}.service
%postun
%service_del_postun %{realname}.service
%files
%defattr(-,root,root)
%doc README.md README_SUSE.md CHANGELOG.md
%license LICENSE
%{_bindir}/docker
%{_bindir}/dockerd
%{_bindir}/docker-proxy
%{_sbindir}/rcdocker
%dir %{_localstatedir}/lib/docker/
%{_unitdir}/%{realname}.service
%if "%flavour" == "kubic"
%dir %{_unitdir}/%{realname}.service.d/
%{_unitdir}/%{realname}.service.d/90-kubic.conf
%endif
%dir %{_sysconfdir}/docker
%config(noreplace) %{_sysconfdir}/docker/daemon.json
%{_fillupdir}/sysconfig.docker
%config %{_sysconfdir}/audit/rules.d/%{realname}.rules
%{_udevrulesdir}/80-%{realname}.rules
%{_mandir}/man1/docker-*.1%{ext_man}
%{_mandir}/man1/docker.1%{ext_man}
%{_mandir}/man5/Dockerfile.5%{ext_man}
%{_mandir}/man8/dockerd.8%{ext_man}
%files bash-completion
%defattr(-,root,root)
%{_datarootdir}/bash-completion/completions/%{realname}
%files zsh-completion
%defattr(-,root,root)
%{_sysconfdir}/zsh_completion.d/_%{realname}
%files fish-completion
%defattr(-,root,root)
%{_datadir}/fish/vendor_completions.d/%{realname}.fish
%if "%flavour" == "kubic"
%files kubeadm-criconfig
%defattr(-,root,root)
%{_fillupdir}/sysconfig.kubelet
%endif
%changelog
