This brings in a much newer version of etcd/raft.
An unrelated change in swarmkit should fix some problems with
integration tests on ARM.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
During image pulls on docker service create, logs will only show status
updates and updates every 1 second on long-running actions like
downloading and extracting. Adds golang.org/x/time/rate as dependency.
Ports docker/swarmkit#1352 to docker/docker.
Signed-off-by: Drew Erny <drew.erny@docker.com>
This patch allows to only release the packages that were built and are
present under the bundles/ directory instead of assuming packages exist
for all distros enumerated in the contrib/builder/ directory.
It also now adds support for armhf architecture for apt repositories.
Signed-off-by: Tibor Vass <tibor@docker.com>
Interactive integration testing is useful when you're developing new tests, or
making changes to cli code.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
This adds the ability to have different profiles for individual distros
and versions of the distro because they all ship with and depend on
different versions of policy packages.
The `selinux` dir contains the unmodified policy that is being used
today. The `selinux-fedora` dir contains the new policy for fedora 24
with the changes for it to compile and work on the system.
The fedora policy is from commit
4a6ce94da5
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
join-tokens are not needed for this endpoint, and should not be as part
of /info
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit d8f3b3f006629c5c1368eca96bcd5bda2a54acd7)
While testing #24510 I noticed that 32 bit syscalls were incorrectly being
blocked and we did not have a test for this, so adding one.
This is only tested on amd64 as it is the only architecture that
reliably supports 32 bit code execution, others only do sometimes.
There is no 32 bit libc in the buildpack-deps so we cannot build
32 bit C code easily so use the simplest assembly program which
just calls the exit syscall.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
When using encrypted vxlan network, some of the xfrm states are left
stale. This fix also filters out self advertise-addr rules.
Signed-off-by: Madhu Venugopal <madhu@docker.com>
This commit update swarmkit to 9ee5fc3b8db5de8c8593a57bc45fc178f74ceee1.
This is part of step to fix#24270.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Reverts https://github.com/docker/docker/pull/18197
This was a workaround before Go 1.6, not required any more.
cc @nalind @Govinda-Fichtner
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Fixes#23981
The selinux issue we are seeing in the report is related to the socket
file for docker and nothing else. By removing the socket docker starts
up correctly.
However, there is another motivation for removing socket activation from
docker's systemd files and that is because when you have daemons running
with --restart always whenever you have a host reboot those daemons
will not be started again because the docker daemon is not started by
systemd until a request comes into the docker API.
Leave it for deb based systems because everything is working correctly
for both socket activation and starting normally at boot.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
following the announcement;
https://groups.google.com/forum/m/#!topic/golang-announce/7JTsd70ZAT0
> [security] Go 1.6.3 and Go 1.7rc2 pre-announcement
>
> Hello gophers,
> We plan to issue Go 1.6.3 and Go 1.7rc2 on Monday July 18 at approximately 2am UTC.
> These are minor release to fix a security issue.
>
> Following our policy at https://golang.org/security, this is the pre-announcement of those releases.
>
> Because we are so late in the release cycle for Go 1.7, we will not issue a minor release of Go 1.5.
> Additionally, we plan to issue Go 1.7rc3 later next week, which will include any changes between 1.7rc1 and tip.
>
> Cheers,
> Chris on behalf of the Go team
**Note:**
the man/Dockerfile is not yet updated, because
the official image for Go 1.6.2 has not yet
been updated.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This version introduces the following:
- uses nanosecond timestamps for event
- ensure events are sent once their effect is "live"
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
This is needed to suppress a log message about a harmless condition
which was previously logged at the WARNING log level with potentially
high frequency (https://github.com/docker/go-events/pull/11).
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
The original sed placement was creating packages with an
"unsupported" tag in the package name.
Fixes#24197
Signed-off-by: Christy Perez <christy@linux.vnet.ibm.com>
`make run` allows you to fire up a daemon (in a container) just using
the existing built binaries. This allows for more rapid iteration
instead of dealing with firing up a shell just to start the daemon.
By default the daemon will listen on port 2375 on the default network
interface.
If a port forward is required to access the daemon, the user can set
`make DOCKER_PORT=2375 run` to get a port forward on a random port with
the daemon listening on port 2375, or `make DOCKER_PORT=2375:2375 run`
to get a daemon running with port 2375 forwarded to the daemon running
on 2375.
Note that the daemon is automatically configured to listen on whatever
port is set for the container side of the `DOCKER_PORT` port spec.
When running on docker4mac, the user must do the following:
```
$ make BINDDIR=. DOCKER_PORT=2375 run
```
This makes sure the binaries are loaded in the container and a port is
forwarded, since it is currently impossible to route traffic from the
mac directly to a container IP.
To get a fresh binary:
```
$ make BINDDIR=. DOCKER_PORT=2375 binary run
```
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This reduces memory usage with a lot of docker proxy processes.
On Docker for Mac we are currently carrying a patch to replace
the binary as we modify it to forward ports to the Mac rather
than the Linux VM, this allows us to simply replace this binary
in our packaging with one that has a compatible interface. This
patch does not provide an easy way to substitute a binary as
the interface is complex and there are few use cases, but where
needed this can be done.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
error: line 89: Invalid version (epoch must be unsigned integer):
%{epoch}:1.12.0-0.3.rc3.fc24: Requires(pre): docker-engine-selinux >=
%%{epoch}:1.12.0-0.3.rc3.fc24
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
fixing install script for rhel7
fixing install script for rhel7
Signed-off-by: Adam Kunk <adam.kunk@tiaa-cref.org>
updates to fix install script for RHEL
fixing install script for rhel7
fixing install script for rhel7
Signed-off-by: Adam Kunk <adam.kunk@tiaa-cref.org>
This will kill any left over containerd-shims to avoid the integration
script to stay stuck while it waits on them.
It will then causes CI to fail (even if all the tests succeeded).
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
This updates containerd to b93a33be39bc4ef0fb00bfcb79147a28c33d9d43
fixing the start sync issues.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
the previous fix changed the lsb_dist variable
too early. We only normalize to "centos"
for the repository-location, so changing
it just before that.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
* fixes https://github.com/docker/docker/issues/23622
* fixes a memory leak issue with bulk sync
* fixes external DNS resolution issue after live restore
Signed-off-by: Madhu Venugopal <madhu@docker.com>
Instructions for installing the static binaries
has changed, so updated the instructions.
The comment on top already requires the steps
to be executed as root, so removing the 'sudo'
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Add a dependency to `docker/swarmkit` in preparation for adding
first-class Swarm-wide service management inside the Docker Engine as
described in our ROADMAP.md.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Jana Radhakrishnan <mrjana@docker.com>
Signed-off-by: Victor Vieux <vieux@docker.com>
Signed-off-by: Madhu Venugopal <madhu@docker.com>
The script failed if an empty volume is used
to generate the repo. This adds the directory
if missing.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
installation for man-8 was added in 1514b499f0
(pull-request 23236), but had a typo in a path,
causing generation of the RPM's to fail.
This fixes the path
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This bumps containerd to cf554d59dd96e459544748290eb9167f4bcde509 and
includes various fixes and updates the grpc package and types generated
for use.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Fix a bug in the vendor helpers that took packages
that started with github.com/docker/docker like if
they were from within the project.
Signed-off-by: David Calavera <david.calavera@gmail.com>
This installs docker and dockerd to `$DOCKER_MAKE_INSTALL_PREFIX/bin`, which
defaults to `/usr/local/bin`
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This fix updates engine-api to 6facb3f3c38717b8f618dcedc4c8ce20d1bfc61e.
This fix is related to #23090.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fix tries to update aws-sdk-go to v1.1.30.
The following dependencies has been added:
github.com/go-ini/ini 060d7da055ba6ec5ea7a31f116332fe5efa04ce0
github.com/jmespath/go-jmespath 0b12d6b521d83fc7f755e7cfc1b1fbdd35a01a74
Note: the commits matches v1.1.30 of aws-sdk-go.
The following dependency has been removed
github.com/vaughan0/go-ini a98ad7ee00ec53921f08832bc06ecf7fd600e6a1
This fix fixes#22961.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This works around golang/go#15286 by explicitly loading shell32.dll at
load time, ensuring that syscall can load it dynamically during process
startup.
Signed-off-by: John Starks <jostarks@microsoft.com>
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
hack/vendor.sh can now accept command line arguments
`./hack/vendor.sh github.com/docker/engine-api` will revendor only the
engine-api dependency.
`./hack/vendor.sh github.com/docker/engine-api v0.3.3` will vendor only
engine-api at the specified tag/commit.
`./hack/vendor.sh git github.com/docker/engine-api v0.3.3` is the same
but specifies the VCS for cases where the VCS is something else than git
`./hack/vendor.sh git golang.org/x/sys
eb2c74142fd19a79b3f237334c7384d5167b1b46
https://github.com/golang/sys.git` will vendor only golang.org/x/sys
downloading from the specified URL
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This includes a fix to soft database corruption that would cause Docker
to fail to start if the daemon died in the middle of a transaction
write.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
This fix updated the vendored engine-api to version
e374c4fb5b121a8fd4295ec5eb91a8068c6304f4, which defines a new event
type of `DaemonEventType`. The purpose is to allow emitting`
`daemon reload` event as is raised in #22463.
This fix is related to #22463 and #22590.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This fixes a variety of small bugs in layer handling and adds a new API
for acquiring privileges for the whole process.
Fixes#22404 (but only for new images -- existing images will need to be
re-pushed).
Signed-off-by: John Starks <jostarks@microsoft.com>
It includes a small improvement, we hit test timeout sometimes
for some reason, print out the timed out case would be very
helpful.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
An environment variable cannot directly be used as a bash array, this
patch loops through all the IFS separated value (which default to
space) instead.
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
This adds support for Windows dockerd to run as a Windows service, managed
by the service control manager. The log is written to the Windows event
log (and can be viewed in the event viewer or in PowerShell). If there is
a Go panic, the stack is written to a file panic.log in the Docker root.
Signed-off-by: John Starks <jostarks@microsoft.com>
This change enables the workflow of finishing installing Windows OS updates in the container after it has completed running, via a special servicing container.
Signed-off-by: Stefan J. Wernli <swernli@microsoft.com>
This change adds file version information to docker.exe and dockerd.exe by
adding a Windows version resource with the windres tool.
This change adds a dependency to binutils-mingw-w64 on Linux, but removes
a dependency on rsrc. Most Windows build environments should already have
windres if they have gcc (which is necessary to build dockerd).
Signed-off-by: John Starks <jostarks@microsoft.com>
Add a proxy to support 'docker daemon'
Fix configFile option, and remove a test that is no longer relevant.
Remove daemon build tag.
Remove DOCKER_CLIENTONLY from build scripts.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Change docker-daemon to dockerd.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit 3d85e51ef4284f572cb658cfe69edc92ac3a53bb)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
For context: https://github.com/golang/go/issues/15286
This commit downloads go1.5.3 in addition to go1.5.4 in order to
workaround the issue.
It is not expected to do a Docker release without a proper fix, however
this should help unblock Docker development on Windows TP5.
Signed-off-by: Tibor Vass <tibor@docker.com>
Distro packagers will often use the tarball to build a package and have
the build script for the package in git. To avoid that the docker build
script picks up the git commit from the distro repo we also check for a
directory named .git before check for -unsupported builds.
Signed-off-by: Natanael Copa <natanael.copa@docker.com>
@nwt noticed that the media type specified in the config section of a
schema2 manifest is application/octet-stream, instead of the correct
value application/vnd.docker.container.image.v1+json.
This brings in https://github.com/docker/distribution/pull/1622 to fix
this.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This change supports the importing of layers that contain utility VM
images. This is necessary to support Hyper-V containers running on a
non-centrally-managed image.
Signed-off-by: John Starks <jostarks@microsoft.com>
This improves getting the source for the binaries that are compiled on
the system so that they can be copied into the bundles output.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
These changes add support for importing base layers and change the tar
metadata for Windows layers to better match the intent of the tar format.
Signed-off-by: John Starks <jostarks@microsoft.com>
Temporarily include a fork of golang/net package
that includes a performance patch. Measured performance
gain is ~60ms for every `docker run` command.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Since we can't use the TasksMax value in the docker.service
file by default, we can uncomment it at buildtime.
See docker/docker/pull/21491 for some background.
Signed-off-by: Christy Perez <christy@linux.vnet.ibm.com>
This vendors in new spec/runc that supports
setting readonly and masked paths in the
configuration. Using this allows us to make an
exception for `—-privileged`.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Also modify an integration test that hardcoded the error string so it
uses the exported error variable from libcontainer/user.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
Currently the directory inside of the tgz files is /usr/local/bin
and this is causing some confusion, and problems with people who already
have stuff in those directories. This commit changes the directory
to /docker to help remove the confusion.
Signed-off-by: Ken Cochrane <kencochrane@gmail.com>
This PR updates vendored engine-api to e37a82dfcea64559ca6a581776253c01d83357d9
in order to support `SecurityOptions` in `Info`.
See #20909, #21172 for details related to `SecurityOptions`.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
`TEST_REPEAT=n` runs the test suite again n times or
until the first failure without doing building and
daemon setup. Useful for debugging flaky tests.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Add some missing dependencies in the Dockerfile:
- apt-utils for apt-ftparchive.conf
- bsdmainutils for our use of the column command in
hack/make/generate-index-listing
We also ensure that the docker daemon is started before calling
release-deb or release-rpm, since .detect-daemon-osarch, which is sourced
in each of them, requires the daemon to be running.
This commit also gets completely rid of s3cmd and fixes references to
AWS_* environment variables (changing from AWS_ACCESS_KEY to
AWS_ACCESS_KEY_ID and AWS_SECRET_KEY to AWS_SECRET_ACCESS_KEY) in order
to please awscli. Also AWS_DEFAULT_REGION is now important to specify,
the default has been set to the region used by get.docker.com and
test.docker.com.
Signed-off-by: Tibor Vass <tibor@docker.com>
These are the changes required due to the new binaries that containerd introduced.
The rpm, and deb packages now include 5 binaries.
docker, containerd, containerd-shim, ctr, and runc
The tar files also include all 5 binaries.
Signed-off-by: Ken Cochrane <KenCochrane@gmail.com>
This adds a function for copying containerd and other binaries as well
as adding a hash for those files.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Not sure if this is the right setup given the containerd change but I need
to have the built version of the nested exes (containerd, runc...) available
to me after the build is completed so I'm always testing using the latest
versions. This PR will copy them into the same bundles dir so people can
them use them if they wish w/o having to build each separately.
Signed-off-by: Doug Davis <dug@us.ibm.com>
This (the first tagged hcsshim release) fixes long-path bugs on
Windows TP5 that affect commit and save. These bugs were blocking
commit of Windows containers that had node.js installed.
Signed-off-by: John Starks <jostarks@microsoft.com>
This revendor provides support for CloseWrite() in the npipe transport,
fixes a performance regression introduced in Go 1.6, and improves
npipe performance by allowing the pipe buffer size to be specified.
Signed-off-by: John Starks <jostarks@microsoft.com>
Brian Goff
Alexander Morozov
Vincent Demeester
Santhosh Manohar
Aaron Lehmann
Drew Erny
Tibor Vass
Tibor Vass
Madhu Venugopal
Tonis Tiigi
unclejack
Justin Cormack
allencloud
Daniel Nephin
Alexander Morozov
Daniel Nephin
Victor Vieux
Michael Crosby
Sebastiaan van Stijn
Diogo Monica
unclejack
Sebastiaan van Stijn
Alexandre Beslic
Yong Tang
Dieter Reuter
Arnaud Porterie
Kenfe-Mickael Laventure
Alessandro Boch
Derek McGowan
Christy Perez
Akihiro Suda
Brian Goff
Antonio Murdaca
Otto Kekäläinen
Nishant Totla
Adam Kunk
Stefan Scherer
John Starks
John Howard
Ken Cochrane
Darren Stahl
Jana Radhakrishnan
Anusha Ragunathan
John Howard
Michael Holzheu
Pierre Dal-Pra
Dimitris Rozakis
David Calavera
Antonio Murdaca
Arnaud Lefebvre
srinsriv
Amit Krishnan
Aleksa Sarai
cyli
Qiang Huang
Mrunal Patel
Stefan J. Wernli
Tianon Gravi
Thomas Tanaka
Natanael Copa
Zhang Wei
Harald Albers
Riyaz Faizullabhoy
Evan Hazlett
Doug Davis
Frank Groeneveld
Pierre Carrier
Paul Liljenberg
Phil Estes