Commit graph

253 commits

Author SHA1 Message Date
Tibor Vass
3b3e58b639 Workaround Windows bug discovered with Go security fix
For context: https://github.com/golang/go/issues/15286

This commit downloads go1.5.3 in addition to go1.5.4 in order to
workaround the issue.

It is not expected to do a Docker release without a proper fix, however
this should help unblock Docker development on Windows TP5.

Signed-off-by: Tibor Vass <tibor@docker.com>
2016-04-15 21:00:45 -04:00
Qiang Huang
e67c758ec3 Remove template code for runc and containerd
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-04-15 12:45:35 +08:00
Tibor Vass
7268eb97bc Bump Go version to 1.5.4/1.6.1 (security fix) (#21978)
Go 1.6.1 is for ppc64le only.

https://groups.google.com/forum/#!msg/golang-announce/9eqIHqaWvck/kXsfO0ogLAAJ

Dockerfile.armhf cannot currently be updated.

Signed-off-by: Tibor Vass <tibor@docker.com>
2016-04-13 11:22:48 -07:00
Tibor Vass
c3fe4226f3 vendor runc to fix issue#21808
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-04-12 15:35:43 -04:00
Tonis Tiigi
3f81b49352 Define readonly/mask paths in spec
This vendors in new spec/runc that supports
setting readonly and masked paths in the 
configuration. Using this allows us to make an
exception for `—-privileged`.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2016-04-04 18:55:55 -07:00
Tibor Vass
3acb466f2d Merge pull request #21695 from kencochrane/change_tgz_to_zip_on_windows
Change the windows bundle from a .tgz to a .zip file
2016-03-31 18:40:37 -04:00
Ken Cochrane
fda99a7e16 Change the windows .tgz to a .zip file
Signed-off-by: Ken Cochrane <kencochrane@gmail.com>
2016-03-31 15:56:13 -04:00
Tonis Tiigi
8a4225cd5a Bring back support for DOCKER_RAMDISK
Fixes #21631

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2016-03-31 10:29:32 -07:00
Sebastiaan van Stijn
71cab5b0dc Merge pull request #21629 from thaJeztah/bump-runc
Bump runC to 40f4e7873d88a4f4d12c15d9536bb1e34aa2b7fa
2016-03-29 23:07:12 -07:00
Tibor Vass
d800be743d Merge pull request #21591 from riyazdf/hardware-signing-non-experimental
move hardware signing out of experimental, remove yubico-piv-tool deps
2016-03-30 00:09:22 -04:00
Sebastiaan van Stijn
752b31d3fe Bump runC to 40f4e7873d88a4f4d12c15d9536bb1e34aa2b7fa
This includes fixes for;

- outputing errors for missing seccomp options on seccomp versions < 2.3
- cap set apply EPERM errors on ARM systems

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2016-03-29 17:10:05 -07:00
David Calavera
99adcaebc0 Merge pull request #21592 from anusha-ragunathan/docker-systemd
When using systemd, pass expected cgroupsPath and cli options to runc.
2016-03-29 17:00:10 -07:00
Anusha Ragunathan
7ed3d265a4 When using systemd, pass expected cgroupsPath and cli options to runc.
runc expects a systemd cgroupsPath to be in slice:scopePrefix:containerName
format and the "--systemd-cgroup" option to be set. Update docker accordingly.

Fixes 21475

Signed-off-by: Anusha Ragunathan <anusha@docker.com>
2016-03-29 14:20:10 -07:00
David Calavera
d78f8f2796 Merge pull request #21608 from albers/build-clone-https
Use https for `git clone` in build
2016-03-29 11:30:35 -07:00
Kenfe-Mickael Laventure
73672c5bd8 Update the llvm repo to use the debian jessie url
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-03-29 08:39:16 -07:00
Harald Albers
a7e9bf6cb7 Use https for git clone in build
Signed-off-by: Harald Albers <github@albersweb.de>
2016-03-29 09:35:42 +02:00
Riyaz Faizullabhoy
8d18e6b30f move hardware signing out of experimental, remove dependencies to yubico-piv-tool
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-03-28 14:33:06 -07:00
Tonis Tiigi
8ec8564691 Allow specifying apt mirror in dockerfile
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2016-03-28 13:47:28 -07:00
Tibor Vass
996138bf8e Fix release scripts
Add some missing dependencies in the Dockerfile:
- apt-utils for apt-ftparchive.conf
- bsdmainutils for our use of the column command in
  hack/make/generate-index-listing

We also ensure that the docker daemon is started before calling
release-deb or release-rpm, since .detect-daemon-osarch, which is sourced
in each of them, requires the daemon to be running.

This commit also gets completely rid of s3cmd and fixes references to
AWS_* environment variables (changing from AWS_ACCESS_KEY to
AWS_ACCESS_KEY_ID and AWS_SECRET_KEY to AWS_SECRET_ACCESS_KEY) in order
to please awscli. Also AWS_DEFAULT_REGION is now important to specify,
the default has been set to the region used by get.docker.com and
test.docker.com.

Signed-off-by: Tibor Vass <tibor@docker.com>
2016-03-25 11:55:26 -04:00
Alexander Morozov
d5019972e5 Merge pull request #21499 from cyli/hardware-signing-experimental-again
Move hardware signing back to experimental again
2016-03-24 23:03:13 -07:00
cyli
dd33d18045 Revert "Merge pull request #21003 from riyazdf/hardware-signing-ga"
This reverts commit e6d3a9849c, reversing
changes made to d3afe34b51.

Signed-off-by: cyli <cyli@twistedmatrix.com>
2016-03-24 21:12:52 -07:00
David Calavera
3e0bd74a3d Downgrade to Go 1.5.3.
To not hit the issue with the request Host header.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-03-24 19:15:10 -04:00
Tonis Tiigi
22d997b374 Update runc/containerd
Contains fixes for:
- pid.max fix that is causing hang on network stats test.
- fix for early stdin close containerd-shim
- better logging for `could not synchronise with container process`

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2016-03-23 15:38:33 -07:00
Vincent Demeester
f4dfe15cbe Merge pull request #21420 from icecrime/update_arm_build
Update Dockerfile.armhf
2016-03-23 16:27:53 +01:00
Tibor Vass
009399dc8e Add docker- prefix to runc and containerd binaries
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-03-23 00:52:16 -04:00
Arnaud Porterie
38d746462c Update Dockerfile.armhf
Use official Go 1.6 release, and update golang/tools and golang/lint
hashes accordingly.

Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
2016-03-22 20:19:39 -07:00
Riyaz Faizullabhoy
ab3772f72f vendor notary for docker1.11
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-03-22 11:28:19 -07:00
Tonis Tiigi
9c4570a958 Replace execdrivers with containerd implementation
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
2016-03-18 13:38:32 -07:00
Tibor Vass
e6d3a9849c Merge pull request #21003 from riyazdf/hardware-signing-ga
Move hardware signing out of experimental
2016-03-17 14:16:40 -04:00
Justin Cormack
68bda672dc Update statically linked libseccomp to 2.3.0
Fixes #20550

This update to libseccomp supports the new versions of socket
system calls that can be called directly rather than via the
socketcall syscall in kernel versions 4.3 or later with new glibc.

Note this library version now supports s390x and ppc64le, so
seccomp can be potentially be enabled for these architectures now.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2016-03-11 13:01:30 +00:00
Riyaz Faizullabhoy
37fa75b344 Move pkcs11 out of experimental, into GA
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-03-07 10:07:40 -08:00
unclejack
6a20165da7 Merge pull request #20418 from calavera/go_1_6
Upgrade Go to 1.6.
2016-03-01 13:52:19 +02:00
David Calavera
14d5c91d87 Upgrade Go to 1.6.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-02-29 17:08:52 -05:00
Arnaud Porterie
2140650b56 Pin tpoechtrager/osxcross commit
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
2016-02-27 12:04:49 -08:00
Riyaz Faizullabhoy
84dc2d9e70 Vendor in notary v0.2.0
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-02-25 13:40:00 -08:00
Tibor Vass
f27b5dda4a Switch Dockerfile to debian:jessie
Fixes broken-pipe issue when piping s3cmd to grep -q, by removing the -q
flag and redirecting to /dev/null instead.

Add net-tools for ifconfig, because some tests rely on ifconfig.

Harmonize all Dockerfiles in this direction.

Signed-off-by: Tibor Vass <tibor@docker.com>
2016-02-12 21:49:54 -05:00
Tibor Vass
91cdadf37e Add pgp.mit.edu fallback in Dockerfile
Signed-off-by: Tibor Vass <tibor@docker.com>
2016-02-12 11:54:47 -05:00
Jessica Frazelle
9b8d328666
update comment
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2016-02-02 10:03:52 -08:00
cyli
71a1caddf0 Include a new version of notary with less verbose INFO+ logging
Signed-off-by: cyli <cyli@twistedmatrix.com>
2016-01-27 09:46:26 -08:00
cyli
8fd2c8791d Re-vendor notary, as well as change jfrazelle/go to docker/go.
Signed-off-by: cyli <cyli@twistedmatrix.com>
2016-01-26 18:02:00 -08:00
Aleksa Sarai
4357ed4a73 *: purge dockerinit from source code
dockerinit has been around for a very long time. It was originally used
as a way for us to do configuration for LXC containers once the
container had started. LXC is no longer supported, and /.dockerinit has
been dead code for quite a while. This removes all code and references
in code to dockerinit.

Signed-off-by: Aleksa Sarai <asarai@suse.com>
2016-01-26 23:47:02 +11:00
Alexander Morozov
c38cba3b8c Move long compilations before Go install in Dockerfile
Now we can avoid long compilations on Go update.

Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2016-01-19 22:43:42 -08:00
Aaron Lehmann
588e27f9a5 Vendor updated docker/distribution package
Fixes #19400

Note that this introduces an incompatibility with Docker 1.10-rc1,
because the media type used for schema1 manifests has been corrected in
the upstream distribution code. Docker 1.10-rc1 won't be able to pull
old manifests from Registry 2.3-rc0 and up, but because of this vendor
update, Docker 1.10-rc2 won't have this problem.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-01-19 13:28:51 -08:00
Alexander Morozov
790e648c06 Merge pull request #19340 from Microsoft/jjh/rsrcfix
Windows: Remove linkmode internal hack
2016-01-15 14:10:56 -08:00
Phil Estes
dd104eb91d Merge pull request #19345 from tianon/fast-syscall-compile
Switch "syscall-test" image from "debian:jessie" to "buildpack-deps:jessie" so that "gcc" is already included
2016-01-15 16:06:14 -05:00
Jess Frazelle
4c89b1f72c Merge pull request #19355 from riyazdf/notary-revendor
notary revendor into docker
2016-01-15 01:02:35 -08:00
Riyaz Faizullabhoy
dd7436c832 revendor notary and wrap friendlier error messages
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-01-14 20:35:59 -08:00
Tibor Vass
94b2d56690 Merge pull request #19109 from BrianBland/crossRepositoryPush
Cross repository push
2016-01-14 18:50:53 -05:00
Brian Bland
6309947718 Changes cross-repository blob mounting to a blob Create option
Also renames BlobSumService to V2MetadataService, BlobSum to
V2Metadata

Signed-off-by: Brian Bland <brian.bland@docker.com>
2016-01-14 14:26:03 -08:00
Tianon Gravi
9b2aab3fc8 Switch "syscall-test" image from "debian:jessie" to "buildpack-deps:jessie" so that "gcc" is already included
This results in a significant time savings during repeated builds (since we don't have to re-download gcc for every test run).

Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
2016-01-14 13:51:30 -08:00