The keyserver infrastructure is unreliable, and just adds another point
of failure without adding any security. Instead, commit the key used at
build time for ZFS to the repo, and inline our signing key into the
install script rather than just its fingerprint.
fix#28510fix#13555
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
The base selinux policies on centos/rhel/oraclelinux have all been
updated in a way that conflicts with the policies we install with
`docker-engine-selinux`. This patch fixes these conflicts.
In addition, removes special cases for old/unsupported versions of
fedora in our selinux package, and change to use a single minimum
version for the selinux base policy package, as this is the minimum
version required to use our selinux policy package.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Otherwise, while using test-integration-shell, it runs the tests using
the previously compiled test binary.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Some containers were being built (`docker build`) without
the DOCKER_BUILD_ARGS variable, which was causing some
issues because of the lack of network proxy configuration.
Fixes#29132
Signed-off-by: Luiz Svoboda <luizek@gmail.com>
test.main was unexpectedly created under docker/integration-cli/bundles/VERSION/test-integration-cli directory.
This commit moves test.main to docker/bundles/VERSION/test-integration-cli.
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
With this change we can run a Docker build in QEMU and build ARM or ARM64 binaries directly on an Intel build machine. This feature already supports building with Docker4Mac (Beta31). So it's easy for a developer to compile and test the Docker binaries locally on his dev machine w/o the need of the target hardware. Another use case would be to run builds on a clound CI like Travis to get an instant feedback loop for PR's, all on a common Intel platform w/o the need to set up the CI system on the target hardware.
Usage: build static Docker binaries for ARM 32-bit
```
DOCKER_ENGINE_OSARCH="linux/arm" make binary
```
Usage: build static Docker binaries for ARM64 aka AARCH64
```
DOCKER_ENGINE_OSARCH="linux/arm64" make binary
```
Signed-off-by: Dieter Reuter <dieter.reuter@me.com>
Modify the service update and create APIs to return optional warning
messages as part of the response. Populate these messages with an
informative reason when digest resolution fails.
This is a small API change, but significantly improves the UX. The user
can now get immediate feedback when they've specified a nonexistent
image or unreachable registry.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This speeds up docker build time drastically. It still possible to
disable this by setting `DOCKER_INCREMENTAL_BUILD` to `0` (and this is
what should be done on the CI).
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
This is a temporary version for building
Fedora 25. Fedora 25 will be released during
code-freeze, and is currently in beta, so no
official images are available yet.
Current release date is scheduled for 2016-11-15
https://fedoraproject.org/wiki/Releases/25/Schedule
Once released, the image will be updated for
GA
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
There is no reason to duplicate efforts and tini is well built and
better than grimes. It is a much stronger option for the default init
and @krallin has done a great job maintaining it and helping make
changes so that it will work with Docker.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This version:
- properly follow context cancellation on Start and Exec
- add support for Solaris
- ensure exec exit events are always seen before init's
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
- yamllint to ensure it is a valid YAML file
- go-swagger validate to ensure it is a valid swagger file
Signed-off-by: Ben Firshman <ben@firshman.co.uk>
Until we can support existing behaviour with `sudo` disable
ambient capabilities in runc build.
Add tests that non root user cannot use default capabilities,
and that capabilities are working as expected.
Test for #27590
Update runc.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
The validate-lint script excludes any package names that match
api/types. However, the only subpackage that appears to cause issues is
api/types/container (due to stuttering names). Tighten the filtering so
that other code inside api/types is validated.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Allow each script to run directly without the hack/make.sh wrapper. These
scripts do not produce artifacts and do not benefit from the "bundles"
framework.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
The PowerShell completion script was outdated,
and removed from this repository in
65fdbf0210.
A more up to date implementation can be found
here; https://github.com/samneirinck/posh-docker
Removing this script from the tgz
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
diff:
```patch
diff --git a/Makefile b/Makefile
index 0b2b063..70df01b 100644
--- a/Makefile
+++ b/Makefile
@@ -1,3 +1,4 @@
+GIT_VERSION := $(shell git describe --abbrev=40 --long --dirty --always --tags)
all:
- gcc -O2 -o init -static grimes.c
+ gcc -O2 -DVERSION=\"$(GIT_VERSION)\" -o init -static grimes.c
diff --git a/grimes.c b/grimes.c
index d0f836b..ffeea98 100644
--- a/grimes.c
+++ b/grimes.c
@@ -29,7 +29,7 @@ typedef struct reaper_t {
} reaper_t;
// reaper_new initializes the reaper with the provided process.
-// it also sets up the signal handlers and child handlers for restore
+// it also sets up the signal handlers and child handlers for restore
// when the child is execed
int reaper_new(reaper_t * reaper, process_t * process)
{
@@ -57,7 +57,7 @@ int reaper_new(reaper_t * reaper, process_t * process)
return 0;
}
-// reaper_exit closes the reaper's signalfd and exits with the
+// reaper_exit closes the reaper's signalfd and exits with the
// child's exit status
void reaper_exit(reaper_t * reaper, int status)
{
@@ -68,11 +68,11 @@ void reaper_exit(reaper_t * reaper, int status)
exit(WEXITSTATUS(status));
}
-// reaper_reap reaps any dead processes. If the process that is reaped
+// reaper_reap reaps any dead processes. If the process that is reaped
// is the child process that we spawned get its exit status and exit this program
int reaper_reap(reaper_t * reaper)
{
- int status, child_exited, child_status = 0;
+ int status = 0, child_exited = 0, child_status = 0;
for (;;) {
pid_t pid = waitpid(-1, &status, WNOHANG);
switch (pid) {
@@ -140,6 +140,12 @@ int main(int argc, char **argv)
{
process_t process;
reaper_t reaper;
+
+ if (argc == 2 && !strcmp(argv[1], "--version")) {
+ printf("grimes version %s\n", VERSION);
+ exit(0);
+ }
+
if (reaper_new(&reaper, &process) != 0) {
bail("initialize reaper %s", strerror(errno));
}
```
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
The current check for uname -m just looks for *64 which hits a lot
more cases than it should (mips for ex), and ignores a few that it shouldn't.
This check will run the install script if on a supported architecture
(x86_64 or amd64) or an unofficial one with a docker repository
(armv6l or armv7l) and will give a more accurate error on an unofficial
64-bit architecture that isn't in the docker repository.
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
* change workdir for accessing install-binaries.sh
* use other gopath for binaries to preserve sources
* add sources of proxy and grimes to rpc spec
* use dynamic proxy with -linkmode external in deb and rpm
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Justin Cormack
Brian Goff
Vincent Demeester
Daniel Nephin
yuexiao-wang
Eric Curtin
John Stephens
Sebastiaan van Stijn
Sebastiaan van Stijn
Andrew Hsu
John Howard
Luiz Svoboda
Michael Friis
Victor Vieux
Akihiro Suda
Dieter Reuter
Antonio Murdaca
Alexander Morozov
Tibor Vass
Anusha Ragunathan
Aaron Lehmann
Kenfe-Mickael Laventure
Michael Crosby
Elan Ruusamäe
Victor Vieux
Ben Firshman
Amit Krishnan
Derek McGowan
Alexander Morozov
Madhu Venugopal
Santhosh Manohar
Laura Frank
Christopher Jones
Qiang Huang