docker-engine package #12
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
Add armhf dockerfiles for deb building Signed-off-by: Eli Uriegas <seemethere101@gmail.com>
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
generate man pages
Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
Add systemd scripts
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
also have deb pkg conflict docker-engine
- centos - fedora - ubuntu - debian Signed-off-by: Roberto Gandolfo Hashioka <roberto_hashioka@hotmail.com>
manpage generation was failing for docker cli when being run under aarch64: https://ci.qa.aws.dckr.io/job/docker/job/release-packaging/view/change-requests/job/PR-41/5/execution/node/360/log/ The way to remedy this is to compile the cli and the manpages while in the GOPATH so that dependencies found in the vendor folder are discovered by the go build tools. Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
Have docker cli be compiled in GOPATH
Tried out make -C in this scenario and it did not seem to function correctly, changed to cd. Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
Added the metrics plugin to the RPM/DEB packages
Change make -C to a cd command for manpage generation
This reverts commit 8d87fc8. Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
This change is in response to moby/moby#35697 It adds pigz to the recommended binaries that should be installed with docker-ce. Signed-off-by: Sargun Dhillon <sargun@sargun.me>
Since systemd version 228, a new setting, `TasksMax`, has appeared, which limits the number of tasks used by a service (via pids cgroup controller). Unfortunately, a default for this setting, `DefaultTaskMax`, is set to 512. In systemd version 231 it is changed to 15% which practically is 4195, as the value from /proc/sys/kernel/pid_max is treated like 100%). Either 512 or 4195 is severily limited value for Docker Engine, as it can run thousands of containers with thousands of tasks in each, and the number of tasks limit should be set on a per-container basis by the Docker user. So, the most reasonable setting for `TasksMax` is `unlimited`. Unfortunately, older versions of systemd warn about unknown `TasksMax` parameter in `docker.service` file, and the warning is rather annoying, therefore this setting is commented out by default, and is supposed to be uncommented by the user. The problem with that is, once the limit is hit, all sorts of bad things happen and it's not really clear even to an advanced user that this setting is the source of issues. Now, `rules` file already contain a hack to check for the systemd version (during build time) and in case the version is greater than 227, uncomment the `TasksMax=unlimited` line. Alas, it does not work during normal builds, the reason being systemd is not installed into build environments. An obvious fix would be to add systemd to the list of installed packages in all Dockerfiles used to build debs. Fortunately, there is a simpler way, as libsystemd-dev is installed, and it's a subpackage of systemd built from the same source and carrying the same version, so it can also be checked. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Uncomment TasksMax=unlimited for recent distros
This splits out the CLI into a discrete package and removes the engine from the engine package. Instead the engine is initialized via a post-inst script using the new CLI UX.
Splits out the docker-ce package and docker-ce-cli package into their own things. Still TODO: need to have a cleanup on the dependencies for the Dockerfiles Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
Also split off containerd.mk into it's own thing since most of this stuff will be re-used with debian packaging anyways. Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
rpmlint checks can be re-added later Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
Ubuntu 21.10 switched the default compression for .deb packages to use zstd.
While this change may bring some performance improvement, it is non-standard,
and not all deb-related tooling currently support zstd compression. One of those
tools, dpkg-sig, has not (yet) been modified to support zstd compression; we use
this tool to sign our packages (and verify that packages are signed), which
currently fails if packages use zstd compression;
dpkg-sig --verify ./containerd.io_1.4.11-1_amd64.deb
Processing ./containerd.io_1.4.11-1_amd64.deb...
BADSIG _gpgbuilder
It should be noted that signing individual packages is *optional* [1], and that
dpkg-sig has not received updates since 2006 [2] (possibly better replaced with
debsigs / debsig-verify), but changing would be a potential breaking change, as
these tools are not interchangeable [3]
[1]: https://www.debian.org/doc/manuals/securing-debian-manual/deb-pack-sign.en.html
[2]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995113
[3]: https://raphaelhertzog.com/2010/09/17/how-to-create-debian-packages-with-alternative-compression-methods/
This patch hard-codes the compression to use in the debian rules, instead of using
the default that's used by the distro.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f6da2043563728ce481e93eaca9630255a50f0c2)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
On Debian, `dbus-user-session` is not installed by default. The lack of `dbus-user-session` results in a cryptic error on rootless+cgroup2+systemd: `read unix @->/run/systemd/private: read: connection reset by peer: unknown.` ref: moby/moby issue 42793 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> (cherry picked from commit 351f27969b240a4175b5127fe7ca7736b9183c52) Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
[20.10] fix systemd startup order
This fix was previously included in the rootlesskit install script in moby, but should've been addressed by Go 1.14 and up. Unfortunately, this does not appear the case, and go modules without proxy is still broken on older versions of git, such as the version of git used by CentOS 7. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit 7cbbf1bc8bb8d6b77e61d941e29ad561fcc1e82c) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
…_centos [20.10 backport] Add workaround for CentOS 7 not working without GOPROXY
CentOS 7 comes with a very old (1.8) version of git, which is not compatible
with go modules. We previously applied this fix to individual build scripts
for rootless-extras and the scan-cli-plugin, but now that other bits are
failing as well, lets move this to the Dockerfile for this distro, so that
for other distros we can use "direct" and fetch from GitHub.
Without this, the build of docker/cli (master branch) failed with:
+ ./scripts/vendor init
+ go mod edit -modfile=vendor.mod -require=github.com/cpuguy83/go-md2man/v2@v2.0.1
+ cp man/tools.go .
+ ./scripts/vendor update
+ go mod tidy -modfile=vendor.mod
go: github.com/theupdateframework/notary@v0.7.1-0.20210315103452-bf96a202a09a requires
github.com/docker/go@v1.5.1-1.0.20160303222718-d30aec9fd63c: invalid pseudo-version: git fetch --unshallow -f origin in /go/pkg/mod/cache/vcs/48fbd2dfabec81f4c93170677bfc89087d4bec07a2d08f6ca5ce3d17962677ee: exit status 128:
fatal: git fetch-pack: expected shallow list
make: *** [manpages] Error 1
error: Bad exit status from /var/tmp/rpm-tmp.aKncVr (%build)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 49792a80585fa3751b6dbb1101e180ce09dd4c0a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
[20.10 backport] CentOS 7: use go-proxy to work around old git version
Make sure that these versions are set, and match the expected versions
DEB:
debian/rules override_dh_auto_test
make[1]: Entering directory '/root/build-deb'
ver="$(engine/bundles/dynbinary-daemon/dockerd --version)"; \
test "$ver" = "Docker version 0.0.0-20210531142756-1c174ced, build 7c6a9484" && echo "PASS: daemon version OK" || echo "FAIL: daemon version ($ver) did not match"
PASS: daemon version OK
ver="$(cli/build/docker --version)"; \
test "$ver" = "Docker version 0.0.0-20210531142756-1c174ced, build 1c174ced" && echo "PASS: cli version OK" || echo "FAIL: cli version ($ver) did not match"
PASS: cli version OK
# FIXME: --version currently doesn't work as it makes a connection to the daemon, so using the plugin metadata instead
ver="$(/usr/libexec/docker/cli-plugins/docker-scan docker-cli-plugin-metadata | awk '{ gsub(/[",:]/,"")}; $1 == "Version" { print $2 }')"; \
test "$ver" = "v0.8.0" && echo "PASS: docker-scan version OK" || echo "FAIL: docker-scan version ($ver) did not match"
PASS: docker-scan version OK
RPM:
Executing(%check): /bin/sh -e /var/tmp/rpm-tmp.SIDNvr
+ umask 022
+ cd /root/rpmbuild/BUILD
+ cd src
++ engine/bundles/dynbinary-daemon/dockerd --version
+ ver='Docker version 0.0.0-20210531142756-1c174ced, build 7c6a9484'
+ test 'Docker version 0.0.0-20210531142756-1c174ced, build 7c6a9484' = 'Docker version 0.0.0-20210531142756-1c174ced, build 7c6a9484'
+ echo 'PASS: daemon version OK'
+ exit 0
PASS: daemon version OK
...
Executing(%check): /bin/sh -e /var/tmp/rpm-tmp.jKzBxw
+ umask 022
+ cd /root/rpmbuild/BUILD
+ cd src
++ cli/build/docker --version
PASS: cli version OK
+ ver='Docker version 0.0.0-20210531142756-1c174ced, build 1c174ced'
+ test 'Docker version 0.0.0-20210531142756-1c174ced, build 1c174ced' = 'Docker version 0.0.0-20210531142756-1c174ced, build 1c174ced'
+ echo 'PASS: cli version OK'
+ exit 0
...
Executing(%check): /bin/sh -e /var/tmp/rpm-tmp.5KN9vp
+ umask 022
+ cd /root/rpmbuild/BUILD
+ cd src
++ /root/rpmbuild/BUILDROOT/docker-scan-plugin-0.8.0-0.el8.x86_64/usr/libexec/docker/cli-plugins/docker-scan docker-cli-plugin-metadata
++ awk '{ gsub(/[",:]/,"")}; $1 == "Version" { print $2 }'
PASS: docker-scan version OK
+ ver=v0.8.0
+ test v0.8.0 = v0.8.0
+ echo 'PASS: docker-scan version OK'
+ exit 0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 2ad75f5e9d3c0af6722ecdfcd0a80930f2f8950c)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Commit 2ad75f5e9d3c0af6722ecdfcd0a80930f2f8950c added a check for binary version set through build-time variables, but I messed up, and forgot to add a non-zero exit code. As a result the exit code was the exit code of the "echo", which would always be successful. This also revealed a missing check for "target architecture": the scan cli plugin is only built on x86, so the version check should not be performed on other architectures. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit 4ba2b65ec3b65803aa686264b921a08b5e30f066) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
[20.10 backport] add checks for binary versions set through build-time variables
Fixes an error reported by rpmlint:
docker-ce.x86_64: E: description-line-too-long they can run anywhere, from your laptop to the largest cloud compute instance and
docker-ce-cli.x86_64: E: description-line-too-long they can run anywhere, from your laptop to the largest cloud compute instance and
Your description lines must not exceed 80 characters. If a line is exceeding
this number, cut it to fit in two lines.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit d78178a3f5d293f9d28cb501bf9b460ccbad1b78)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
…nings [20.10 backport] rpmlint: fix "E: description-line-too-long"
Adds a deb package for the docker-compose cli plugin
with this:
dpkg -i ./docker-ce-cli_0.0.0-20210629140245-4a6fe51-0~ubuntu-focal_amd64.deb
dpkg -i ./docker-compose-plugin_2.3.1.3~ubuntu-focal_amd64.deb
docker info --format '{{json .ClientInfo.Plugins}}' | jq .
[
{
"SchemaVersion": "0.1.0",
"Vendor": "Docker Inc.",
"Version": "v0.5.1-docker",
"ShortDescription": "Build with BuildKit",
"Name": "buildx",
"Path": "/usr/libexec/docker/cli-plugins/docker-buildx"
},
{
"SchemaVersion": "0.1.0",
"Vendor": "Docker Inc.",
"Version": "v2.3.1",
"ShortDescription": "Docker Compose",
"Name": "compose",
"Path": "/usr/libexec/docker/cli-plugins/docker-compose"
}
]
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit c3cb530be3b5c8b0c2da185950c96fb3addbe8fb)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
…_package [20.10 backport] add docker-compose-plugin package (deb, rpm)
Signed-off-by: Romain Geissler <romain.geissler@amadeus.com>
The build.Makefile was removed from the compose repository, so copying the code to build the plugin here. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit 6e3a1ee3e261c0a1bb55fd74cd18a6c301a19660) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
[20.10 backport] deb, rpm: inline go build for compose
Use the default proxy, to assist with LTS distros that use old git versions but fallback on any error (instead of only on 404 and 410). From the Go documentation; https://go.dev/ref/mod#goproxy-protocol > List elements may be separated by commas (,) or pipes (|), which determine error > fallback behavior. When a URL is followed by a comma, the go command falls back > to later sources only after a 404 (Not Found) or 410 (Gone) response. When a URL > is followed by a pipe, the go command falls back to later sources after any error, > including non-HTTP errors such as timeouts. This error handling behavior lets a > proxy act as a gatekeeper for unknown modules. For example, a proxy could respond > with error 403 (Forbidden) for modules not on an approved list (see Private proxy > serving private modules). Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit 96a51c7103a81e7d9d2b00efb9095dec975390e5) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
[20.10 backport] Update GOPROXY to use default with fallback
compose v2.10.1 comes with an updated Makefile, allowing us again to use the makefile for building as part of the rpm/deb scripts. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit 5af336e3a0273bd0ee4db9c2ea8bef6b791459ab) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
…build [20.10 backport] compose: use updated makefile
Member
Author
|
Can't install More info: docker/docker-ce-packaging#758 |
…cker-engine Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
… ubuntu 1804 Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
Member
Author
|
Same with See last commit for the "fix". |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add docker-engine packages. Imports specs and rules from https://github.com/docker/docker-ce-packaging. The history is preserved:
Signed-off-by: CrazyMax crazy-max@users.noreply.github.com