Add missing "${DOCKER_BUILD_ARGS}" for building rpm with `docker build`,
this is quite important when running `make rpm` behind http proxy.
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
The base selinux policies on centos/rhel/oraclelinux have all been
updated in a way that conflicts with the policies we install with
`docker-engine-selinux`. This patch fixes these conflicts.
In addition, removes special cases for old/unsupported versions of
fedora in our selinux package, and change to use a single minimum
version for the selinux base policy package, as this is the minimum
version required to use our selinux policy package.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Otherwise, while using test-integration-shell, it runs the tests using
the previously compiled test binary.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Some containers were being built (`docker build`) without
the DOCKER_BUILD_ARGS variable, which was causing some
issues because of the lack of network proxy configuration.
Fixes#29132
Signed-off-by: Luiz Svoboda <luizek@gmail.com>
test.main was unexpectedly created under docker/integration-cli/bundles/VERSION/test-integration-cli directory.
This commit moves test.main to docker/bundles/VERSION/test-integration-cli.
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
With this change we can run a Docker build in QEMU and build ARM or ARM64 binaries directly on an Intel build machine. This feature already supports building with Docker4Mac (Beta31). So it's easy for a developer to compile and test the Docker binaries locally on his dev machine w/o the need of the target hardware. Another use case would be to run builds on a clound CI like Travis to get an instant feedback loop for PR's, all on a common Intel platform w/o the need to set up the CI system on the target hardware.
Usage: build static Docker binaries for ARM 32-bit
```
DOCKER_ENGINE_OSARCH="linux/arm" make binary
```
Usage: build static Docker binaries for ARM64 aka AARCH64
```
DOCKER_ENGINE_OSARCH="linux/arm64" make binary
```
Signed-off-by: Dieter Reuter <dieter.reuter@me.com>
This is a temporary version for building
Fedora 25. Fedora 25 will be released during
code-freeze, and is currently in beta, so no
official images are available yet.
Current release date is scheduled for 2016-11-15
https://fedoraproject.org/wiki/Releases/25/Schedule
Once released, the image will be updated for
GA
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
There is no reason to duplicate efforts and tini is well built and
better than grimes. It is a much stronger option for the default init
and @krallin has done a great job maintaining it and helping make
changes so that it will work with Docker.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Allow each script to run directly without the hack/make.sh wrapper. These
scripts do not produce artifacts and do not benefit from the "bundles"
framework.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
The PowerShell completion script was outdated,
and removed from this repository in
65fdbf0210.
A more up to date implementation can be found
here; https://github.com/samneirinck/posh-docker
Removing this script from the tgz
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
* change workdir for accessing install-binaries.sh
* use other gopath for binaries to preserve sources
* add sources of proxy and grimes to rpc spec
* use dynamic proxy with -linkmode external in deb and rpm
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Right now we do have a problem to store the .debs for raspbian-jessie and
debian-jessie distro version for armhf arch. Both .debs have the same filename
so we have to include the distro version, too.
Signed-off-by: Dieter Reuter <dieter.reuter@me.com>
This means we can vendor libnetwork without special casing, and
it is built the same way as the other external binaries.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This adds a small C binary for fighting zombies. It is mounted under
`/dev/init` and is prepended to the args specified by the user. You
enable it via a daemon flag, `dockerd --init`, as it is disable by
default for backwards compat.
You can also override the daemon option or specify this on a per
container basis with `docker run --init=true|false`.
You can test this by running a process like this as the pid 1 in a
container and see the extra zombie that appears in the container as it
is running.
```c
int main(int argc, char ** argv) {
pid_t pid = fork();
if (pid == 0) {
pid = fork();
if (pid == 0) {
exit(0);
}
sleep(3);
exit(0);
}
printf("got pid %d and exited\n", pid);
sleep(20);
}
```
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
moves ensure-frozen-images to go
moves ensure-syscall-test to go
moves ensure-nnp-test to go
moves ensure-httpserver to go
Also makes some of the fixtures load only for the required tests.
This makes sure that fixtures that won't be needed for a test run such as
`make TESTFLAGS='-check.f Swarm' test-integration-cli` (for example)
aren't loaded... like the syscall tests.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Passses down BUILD_APT_MIRROR to the docker env.
Ensures BUILD_APT_MIRROR is used when building debs, but only when the
consuming `Dockerfile` actually uses it, otherwise it will cause the
build to fail (e.g. on Ubuntu builds we aren't using APT_MIRROR).
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Adds a new bundle `verify-integration-tests` which pre-compiles a test
binary for the integration tests.
This makes sure that the integration tests will actually compile before
doing other tasks which take much longer, such as building dockerd and
loading test fixtures.
When it comes time to actually run the tests, the pre-compiled binary
will be used so it doesn't have to compile the tests a 2nd time.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This patch allows to only release the packages that were built and are
present under the bundles/ directory instead of assuming packages exist
for all distros enumerated in the contrib/builder/ directory.
It also now adds support for armhf architecture for apt repositories.
Signed-off-by: Tibor Vass <tibor@docker.com>
Interactive integration testing is useful when you're developing new tests, or
making changes to cli code.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
This adds the ability to have different profiles for individual distros
and versions of the distro because they all ship with and depend on
different versions of policy packages.
The `selinux` dir contains the unmodified policy that is being used
today. The `selinux-fedora` dir contains the new policy for fedora 24
with the changes for it to compile and work on the system.
The fedora policy is from commit
4a6ce94da5
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
While testing #24510 I noticed that 32 bit syscalls were incorrectly being
blocked and we did not have a test for this, so adding one.
This is only tested on amd64 as it is the only architecture that
reliably supports 32 bit code execution, others only do sometimes.
There is no 32 bit libc in the buildpack-deps so we cannot build
32 bit C code easily so use the simplest assembly program which
just calls the exit syscall.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Reverts https://github.com/docker/docker/pull/18197
This was a workaround before Go 1.6, not required any more.
cc @nalind @Govinda-Fichtner
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Fixes#23981
The selinux issue we are seeing in the report is related to the socket
file for docker and nothing else. By removing the socket docker starts
up correctly.
However, there is another motivation for removing socket activation from
docker's systemd files and that is because when you have daemons running
with --restart always whenever you have a host reboot those daemons
will not be started again because the docker daemon is not started by
systemd until a request comes into the docker API.
Leave it for deb based systems because everything is working correctly
for both socket activation and starting normally at boot.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
The original sed placement was creating packages with an
"unsupported" tag in the package name.
Fixes#24197
Signed-off-by: Christy Perez <christy@linux.vnet.ibm.com>
`make run` allows you to fire up a daemon (in a container) just using
the existing built binaries. This allows for more rapid iteration
instead of dealing with firing up a shell just to start the daemon.
By default the daemon will listen on port 2375 on the default network
interface.
If a port forward is required to access the daemon, the user can set
`make DOCKER_PORT=2375 run` to get a port forward on a random port with
the daemon listening on port 2375, or `make DOCKER_PORT=2375:2375 run`
to get a daemon running with port 2375 forwarded to the daemon running
on 2375.
Note that the daemon is automatically configured to listen on whatever
port is set for the container side of the `DOCKER_PORT` port spec.
When running on docker4mac, the user must do the following:
```
$ make BINDDIR=. DOCKER_PORT=2375 run
```
This makes sure the binaries are loaded in the container and a port is
forwarded, since it is currently impossible to route traffic from the
mac directly to a container IP.
To get a fresh binary:
```
$ make BINDDIR=. DOCKER_PORT=2375 binary run
```
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This reduces memory usage with a lot of docker proxy processes.
On Docker for Mac we are currently carrying a patch to replace
the binary as we modify it to forward ports to the Mac rather
than the Linux VM, this allows us to simply replace this binary
in our packaging with one that has a compatible interface. This
patch does not provide an easy way to substitute a binary as
the interface is complex and there are few use cases, but where
needed this can be done.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
error: line 89: Invalid version (epoch must be unsigned integer):
%{epoch}:1.12.0-0.3.rc3.fc24: Requires(pre): docker-engine-selinux >=
%%{epoch}:1.12.0-0.3.rc3.fc24
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
This will kill any left over containerd-shims to avoid the integration
script to stay stuck while it waits on them.
It will then causes CI to fail (even if all the tests succeeded).
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
The script failed if an empty volume is used
to generate the repo. This adds the directory
if missing.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
installation for man-8 was added in 1514b499f0
(pull-request 23236), but had a typo in a path,
causing generation of the RPM's to fail.
This fixes the path
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This installs docker and dockerd to `$DOCKER_MAKE_INSTALL_PREFIX/bin`, which
defaults to `/usr/local/bin`
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This works around golang/go#15286 by explicitly loading shell32.dll at
load time, ensuring that syscall can load it dynamically during process
startup.
Signed-off-by: John Starks <jostarks@microsoft.com>
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
An environment variable cannot directly be used as a bash array, this
patch loops through all the IFS separated value (which default to
space) instead.
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
This adds support for Windows dockerd to run as a Windows service, managed
by the service control manager. The log is written to the Windows event
log (and can be viewed in the event viewer or in PowerShell). If there is
a Go panic, the stack is written to a file panic.log in the Docker root.
Signed-off-by: John Starks <jostarks@microsoft.com>
This change adds file version information to docker.exe and dockerd.exe by
adding a Windows version resource with the windres tool.
This change adds a dependency to binutils-mingw-w64 on Linux, but removes
a dependency on rsrc. Most Windows build environments should already have
windres if they have gcc (which is necessary to build dockerd).
Signed-off-by: John Starks <jostarks@microsoft.com>
Add a proxy to support 'docker daemon'
Fix configFile option, and remove a test that is no longer relevant.
Remove daemon build tag.
Remove DOCKER_CLIENTONLY from build scripts.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Change docker-daemon to dockerd.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
For context: https://github.com/golang/go/issues/15286
This commit downloads go1.5.3 in addition to go1.5.4 in order to
workaround the issue.
It is not expected to do a Docker release without a proper fix, however
this should help unblock Docker development on Windows TP5.
Signed-off-by: Tibor Vass <tibor@docker.com>
Since we can't use the TasksMax value in the docker.service
file by default, we can uncomment it at buildtime.
See docker/docker/pull/21491 for some background.
Signed-off-by: Christy Perez <christy@linux.vnet.ibm.com>
Currently the directory inside of the tgz files is /usr/local/bin
and this is causing some confusion, and problems with people who already
have stuff in those directories. This commit changes the directory
to /docker to help remove the confusion.
Signed-off-by: Ken Cochrane <kencochrane@gmail.com>
`TEST_REPEAT=n` runs the test suite again n times or
until the first failure without doing building and
daemon setup. Useful for debugging flaky tests.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Add some missing dependencies in the Dockerfile:
- apt-utils for apt-ftparchive.conf
- bsdmainutils for our use of the column command in
hack/make/generate-index-listing
We also ensure that the docker daemon is started before calling
release-deb or release-rpm, since .detect-daemon-osarch, which is sourced
in each of them, requires the daemon to be running.
This commit also gets completely rid of s3cmd and fixes references to
AWS_* environment variables (changing from AWS_ACCESS_KEY to
AWS_ACCESS_KEY_ID and AWS_SECRET_KEY to AWS_SECRET_ACCESS_KEY) in order
to please awscli. Also AWS_DEFAULT_REGION is now important to specify,
the default has been set to the region used by get.docker.com and
test.docker.com.
Signed-off-by: Tibor Vass <tibor@docker.com>
These are the changes required due to the new binaries that containerd introduced.
The rpm, and deb packages now include 5 binaries.
docker, containerd, containerd-shim, ctr, and runc
The tar files also include all 5 binaries.
Signed-off-by: Ken Cochrane <KenCochrane@gmail.com>
This adds a function for copying containerd and other binaries as well
as adding a hash for those files.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Not sure if this is the right setup given the containerd change but I need
to have the built version of the nested exes (containerd, runc...) available
to me after the build is completed so I'm always testing using the latest
versions. This PR will copy them into the same bundles dir so people can
them use them if they wish w/o having to build each separately.
Signed-off-by: Doug Davis <dug@us.ibm.com>
debhelper has changed the way it performs path validations and
building the deb package fails when it tries to compress the files.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Instead of being split between three files, let's let `hack/make/.detect-daemon-osarch` be our single source of truth for multiarch detection/vars. Not only does it make it slightly easier to make sure we change everything properly when these bits have to change, but it also makes it so that all bits of `hack/make.sh` (especially `hack/make/.ensure-frozen-images`) work properly outside the context of the `Makefile` on all platforms.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
The Releases file(s) and other bits for EOL-ed distros such as Ubuntu
Vivid should remain untouched when we are releasing debs.
However, few files in https://apt.dockerproject.org/repo/dists/ubuntu-vivid/
were being updated for the docker 1.10 release including the Release files.
This is due to apt-ftparchive generating index files for vivid as well,
due to the stale apt-ftparchive.conf
This change always creates config using suites in contrib/reprepro/suites.sh.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
Progress toward being able to run integration-cli campaign using a
client hitting a remote host.
Most of these fixes imply flagging tests that assume they are running on
the same host than the Daemon. Also fixes the `contrib/httpserver` image
that couldn't run because of a dynamically linked Go binary inside the
busybox image.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
This PR adds support for using the DOCKER_BUILD_PKGS env var to
better help defining what packege to build. It also adds support
for the integration-daemon so we can run it as a bundle.
Signed-off-by: Paul Liljenberg <liljenberg.paul@gmail.com>
add directory test
Adds missing directory test. This helps verifying that
DOCKER_BUILD_PKGS is a directory and exists before continueing.
Signed-off-by: Paul Liljenberg <liljenberg.paul@gmail.com>
fix indent
Signed-off-by: Paul Liljenberg <liljenberg.paul@gmail.com>
This will only trim off the last '-' separated token to be checked for
RC status. This allows including a 'cs#' token in the version string.
Signed-off-by: Mike Dougherty <mike.dougherty@docker.com>
dockerinit has been around for a very long time. It was originally used
as a way for us to do configuration for LXC containers once the
container had started. LXC is no longer supported, and /.dockerinit has
been dead code for quite a while. This removes all code and references
in code to dockerinit.
Signed-off-by: Aleksa Sarai <asarai@suse.com>
For the CS Engine we need to have an install script like OSS does, but
the locations are all different, as is the GPG key used. This is
accomplished here by slightly altering the script itself and adding a
simple 'sed' based bundle for make.sh.
This install script is used in to change the URLs instead of sed in
release.sh.
Signed-off-by: Mike Dougherty <mike.dougherty@docker.com>
This results in a significant time savings during repeated builds (since we don't have to re-download gcc for every test run).
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
.ensure-syscall-test need to build an image, we have
to add http_proxy and https_proxy to make it work.
Inseted of adding http_proxy and https_proxy env to the Dockerfile,
adding a DOCKER_BUILD_ARGS env to pass the build-arg is much more
elegant.
Signed-off-by: Lei Jitang <leijitang@huawei.com>
file to require the Unbreakable Enterprise Kernel Release 4 on both Oracle Linux 6
and Oracle Linux 7.
The UEK R4 provides the required kernel functionality for VxLAN support
required by Docker 1.9 and user namespace support required for 1.10+.
The build of Docker on Oracle Linux 6 requires some manipulation of the build
environment so that the CGO compiler uses the UEK R4 headers instead of the old
default kernel headers.
Signed-off-by: Avi Miller <avi.miller@oracle.com>
Nightly and unofficial builds of Docker bear the suffix `-dirty` in the
version string. Change this suffix to `-unsupported` to make it explicit
that no support will be provided on such versions, and that it is for
example unnecessary to file an issue for it.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Ubuntu 15.04 (Vivid) will be EOL'd in January,
so we should remove it from our builds in the
Docker 1.10 release.
For information about the EOL data, see:
https://wiki.ubuntu.com/Releases
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Fedora 21 is EOL'd as of December 1st, 2015.
Announcement:
https://lists.fedoraproject.org/pipermail/announce/2015-November/003296.html
Fedora 21 will reach end of life on 2015-12-01, and no further updates
will be pushed out after that time. Additionally, with the recent
release of Fedora 23, no new packages will be added to the Fedora 21
collection.
Please see https://fedoraproject.org/wiki/DNF_system_upgrade for more
information on upgrading from Fedora 21 to a newer release.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Without section/priority, reprepro will reject the packages. Add
sections following the Debian docker.io packages
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Assume that the linker can make sense of us passing in the -z,muldefs
option to tell it to ignore symbol-multiply-defined errors triggered by
https://github.com/golang/go/issues/9510. We should be able to stop
doing this once we move to Go 1.6.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> (github: nalind)
Add a flag to allow keeping bundles around (helps with CI)
Fix several problems in repo make targets
* quote DOCKER_EXPERIMENTAL variable
* pass-through arguments for gpg provided to dpkg-sig are now quoted
properly, so passphrases with shell-interpolated symbols can be used
* when determining deb suites, don't rely on 'origin' to be
github.com/docker/docker
Fix some issues with deb repository creation from scratch
* Don't add empty components to the repository configuration as they
will cause failure when generating.
Add old docker-engine-cs name to package conflicts
Signed-off-by: Mike Dougherty <mike.dougherty@docker.com>
We're having to override it in so many places that it no longer seems worthwhile to bother. On top of that, the reason we did it in the first place was for being able to compile devicemapper statically, which still works after this change (either due to other changes in the way we build, or improvements in Go itself).
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
