Added possibility to use TLS with systemd socket activation

Signed-off-by: kayrus <kay.diam@gmail.com>

api/server/server_unix.go

@@ -3,6 +3,7 @@
 package server
 
 import (
+	"crypto/tls"
 	"fmt"
 	"net"
 	"net/http"
@@ -24,7 +25,7 @@ func (s *Server) newServer(proto, addr string) ([]*HTTPServer, error) {
 	)
 	switch proto {
 	case "fd":
-		ls, err = listenFD(addr)
+		ls, err = listenFD(addr, s.cfg.TLSConfig)
 		if err != nil {
 			return nil, err
 		}
@@ -84,9 +85,17 @@ func allocateDaemonPort(addr string) error {
 
 // listenFD returns the specified socket activated files as a slice of
 // net.Listeners or all of the activated files if "*" is given.
-func listenFD(addr string) ([]net.Listener, error) {
+func listenFD(addr string, tlsConfig *tls.Config) ([]net.Listener, error) {
+	var (
+		err       error
+		listeners []net.Listener
+	)
 	// socket activation
-	listeners, err := systemdActivation.Listeners(false)
+	if tlsConfig != nil {
+		listeners, err = systemdActivation.TLSListeners(false, tlsConfig)
+	} else {
+		listeners, err = systemdActivation.Listeners(false)
+	}
 	if err != nil {
 		return nil, err
 	}

hack/vendor.sh

@@ -49,7 +49,7 @@ clone git github.com/agl/ed25519 d2b94fd789ea21d12fac1a4443dd3a3f79cda72c
 
 clone git github.com/opencontainers/runc 6c198ae2d065c37f44316e0de3df7f3b88950923 # libcontainer
 # libcontainer deps (see src/github.com/opencontainers/runc/Godeps/Godeps.json)
-clone git github.com/coreos/go-systemd db045881d426f46e064766fa9f546c3006d0973e
+clone git github.com/coreos/go-systemd v4
 clone git github.com/godbus/dbus v2
 clone git github.com/syndtr/gocapability 66ef2aa7a23ba682594e2b6f74cf40c0692b49fb
 clone git github.com/golang/protobuf 655cdfa588ea