dockerd: Updated to 20.10.0

* SELinux and Seccomp are now enabled via the kernel options themselves
* Config.in now uses CGroupsV2 by default but optionally allows V1

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
This commit is contained in:
Gerard Ryan 2020-11-08 12:31:38 +10:00 committed by Daniel Golle
parent 404b917183
commit 3d8d2bd083
4 changed files with 107 additions and 190 deletions

View File

@ -1,95 +1,74 @@
config DOCKER_KERNEL_OPTIONS
bool "Enable Basic kernel support for Docker"
depends on PACKAGE_docker-ce
default y
select KERNEL_CGROUPS
select KERNEL_CGROUP_CPUACCT
# These options are mostly specified by https://github.com/moby/moby/blob/master/contrib/check-config.sh
config DOCKER_CGROUP_OPTIONS
bool "Enable available kernel support for CGroupsV1"
default n
depends on PACKAGE_dockerd
select KERNEL_CGROUP_DEVICE
select KERNEL_CGROUP_FREEZER
select KERNEL_CGROUP_SCHED
select KERNEL_NAMESPACES
select KERNEL_CPUSETS
select KERNEL_MEMCG
select KERNEL_KEYS
select KERNEL_POSIX_MQUEUE
select KERNEL_NET_CLS_CGROUP
select KERNEL_CGROUP_NET_PRIO
select PACKAGE_cgroupfs-mount
help
Select needed kernel options for Docker. Options include
cgroups, namespaces and other miscellaneous options.
see also https://github.com/docker/engine/blob/master/contrib/check-config.sh
Selects kernel options to enable CGroups V1.
config DOCKER_SECCOMP
bool "Enable support for seccomp in Docker"
depends on PACKAGE_docker-ce
config DOCKER_OPTIONAL_FEATURES
bool "Enable optional kernel support for Docker"
default n
select KERNEL_SECCOMP
select PACKAGE_libseccomp
help
Build Docker with support for seccomp filters.
Select libseccomp which also pulls-in the needed kernel features.
config DOCKER_RES_SHAPE
bool "Enables support for resource shaping"
depends on PACKAGE_docker-ce
default n
select KERNEL_MEMCG_SWAP
depends on PACKAGE_dockerd
select KERNEL_MEMCG_SWAP_ENABLED
select KERNEL_BLK_DEV_THROTTLING
select KERNEL_CFQ_GROUP_IOSCHED
select KERNEL_CGROUP_PERF
select KERNEL_CGROUP_HUGETLB
select KERNEL_FAIR_GROUP_SCHED
select KERNEL_NET_CLS_CGROUP
select KERNEL_CGROUP_NET_CLASSID
select KERNEL_CGROUP_NET_PRIO
select KERNEL_CFS_BANDWIDTH
select KERNEL_RT_GROUP_SCHED
help
Select 'Optional Features' kernel options for Docker that are unselected.
See https://github.com/moby/moby/blob/master/contrib/check-config.sh
menu "Network"
depends on PACKAGE_docker-ce
depends on PACKAGE_dockerd
config DOCKER_NET_OVERLAY
bool "Enables the Overlay network feature"
bool "Includes the Overlay network feature"
default n
select PACKAGE_kmod-udptunnel4
select PACKAGE_kmod-vxlan
help
Selects kernel options for the Overlay network feature.
Includes udptunnel4
Selects kmod-vxlan for the Overlay network feature.
config DOCKER_NET_ENCRYPT
bool "Enable encrypted networking kernel support"
bool "Includes encrypted networking kernel modules"
depends on DOCKER_NET_OVERLAY
default n
select PACKAGE_kmod-ipsec
select PACKAGE_kmod-ipsec4
select PACKAGE_kmod-crypto-gcm
select PACKAGE_kmod-crypto-seqiv
select PACKAGE_kmod-crypto-ghash
select PACKAGE_kmod-ipsec
help
Select needed kernel options for encrypted networking support.
Select needed kernel modules for encrypted networking support.
config DOCKER_NET_MACVLAN
bool "Enables macvlan kernel support"
bool "Includes macvlan kernel modules"
default n
select PACKAGE_kmod-macvlan
select PACKAGE_kmod-dummy
config DOCKER_NET_TFTP
bool "Enable ftp/tftp client kernel support"
bool "Includes ftp/tftp client kernel modules"
default n
select PACKAGE_kmod-nf-nathelper
select PACKAGE_kmod-nf-nathelper-extra
endmenu
menu "Storage"
depends on PACKAGE_docker-ce
depends on PACKAGE_dockerd
config DOCKER_STO_EXT4
bool "Enables support for ext3 or ext4 as the backing filesystem"
default n
select KERNEL_EXT4_FS_POSIX_ACL
select KERNEL_EXT4_FS_SECURITY
config DOCKER_STO_BTRFS
bool "Enables support for btrfs as the backing filesystem"
default n
select PACKAGE_kmod-fs-btrfs
select KERNEL_BTRFS_FS_POSIX_ACL
endmenu

View File

@ -1,24 +1,59 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=docker-ce
PKG_VERSION:=19.03.13
PKG_RELEASE:=5
PKG_NAME:=dockerd
PKG_VERSION:=20.10.0
PKG_RELEASE:=1
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/docker/docker-ce/tar.gz/v$(PKG_VERSION)?
PKG_HASH:=b2ff08675738031b6d6d59a90226657c16726851957c11b5fb85a4598b933b92
PKG_SOURCE_VERSION:=4484c46d9d # SHA1 used within the docker executables
PKG_SOURCE_URL:=https://codeload.github.com/moby/moby/tar.gz/v$(PKG_VERSION)?
PKG_HASH:=c522994fa1c74aac227b9f4b47cf6b3d7ca5fc5b50f06b3dad41bd4dc92b6771
PKG_SOURCE_VERSION:=e07c941c94 # SHA1 used within the docker executables
PKG_MAINTAINER:=Gerard Ryan <G.M0N3Y.2503@gmail.com>
PKG_BUILD_DEPENDS:=golang/host
PKG_BUILD_PARALLEL:=1
GO_PKG:=github.com/docker/docker
include $(INCLUDE_DIR)/package.mk
include ../../lang/golang/golang-package.mk
define Package/dockerd/config
source "$(SOURCE)/Config.in"
endef
define Package/dockerd
SECTION:=utils
CATEGORY:=Utilities
TITLE:=Docker Community Edition Daemon
URL:=https://www.docker.com/
DEPENDS:=$(GO_ARCH_DEPENDS) @(aarch64||arm||x86_64) +btrfs-progs +ca-certificates +containerd +libdevmapper +libnetwork +tini \
+KERNEL_SECCOMP:libseccomp +iptables-mod-extra +kmod-br-netfilter +kmod-ikconfig +kmod-nf-conntrack-netlink +kmod-nf-ipvs \
+kmod-nf-nat +kmod-veth
USERID:=docker:docker
MENU:=1
endef
define Package/dockerd/conffiles
/etc/config/dockerd
endef
define Package/dockerd/description
The Docker CE Engine.
endef
TAR_OPTIONS:=--strip-components 1 $(TAR_OPTIONS)
TAR_CMD=$(HOST_TAR) -C $(1) $(TAR_OPTIONS)
# $(1) = path to dependent package 'Makefile'
# $(2) = relevant docker-ce '.installer' file
# $(2) = relevant dependency '.installer' file
define EnsureVendoredVersion
( \
DEP_VER=$$$$( grep --only-matching --perl-regexp '(?<=PKG_SOURCE_VERSION:=)(.*)' "$(1)" ); \
VEN_VER=$$$$( grep --only-matching --perl-regexp '(?<=_COMMIT:=)(.*)(?=})' "$(PKG_BUILD_DIR)/components/engine/hack/dockerfile/install/$(2)" ); \
VEN_VER=$$$$( grep --only-matching --perl-regexp '(?<=_COMMIT:=)(.*)(?=})' "$(PKG_BUILD_DIR)/hack/dockerfile/install/$(2)" ); \
if [ $$$$VEN_VER != $$$$DEP_VER ]; then \
echo "ERROR: Expected 'PKG_SOURCE_VERSION:=$$$$VEN_VER' in '$(1)', found 'PKG_SOURCE_VERSION:=$$$$DEP_VER'"; \
exit 1; \
@ -26,38 +61,6 @@ define EnsureVendoredVersion
)
endef
PKG_BUILD_DEPENDS:=golang/host
PKG_BUILD_PARALLEL:=1
GO_PKG:=github.com/docker
include $(INCLUDE_DIR)/package.mk
include ../../lang/golang/golang-package.mk
define Package/docker-ce/config
source "$(SOURCE)/Config.in"
endef
define Package/docker-ce
SECTION:=utils
CATEGORY:=Utilities
TITLE:=Docker Community Edition
URL:=https://www.docker.com/
DEPENDS:=$(GO_ARCH_DEPENDS) @(aarch64||arm||x86_64) +btrfs-progs +ca-certificates +cgroupfs-mount +containerd +libdevmapper +libnetwork +tini \
+DOCKER_SECCOMP:libseccomp +iptables-mod-extra +kmod-br-netfilter +kmod-ikconfig +kmod-nf-conntrack-netlink +kmod-nf-ipvs +kmod-veth
USERID:=docker:docker
MENU:=1
endef
define Package/docker-ce/conffiles
/etc/config/dockerd
endef
define Package/docker-ce/description
Docker Engine is used by millions enables containerized applications
to run anywhere consistently on any infrastructure.
endef
define Build/Prepare
$(Build/Prepare/Default)
@ -66,51 +69,44 @@ define Build/Prepare
$(call EnsureVendoredVersion,../libnetwork/Makefile,proxy.installer)
$(call EnsureVendoredVersion,../runc/Makefile,runc.installer)
$(call EnsureVendoredVersion,../tini/Makefile,tini.installer)
# Verify CLI is the same version
( \
CLI_MAKEFILE="../docker/Makefile"; \
CLI_VERSION=$$$$( grep --only-matching --perl-regexp '(?<=PKG_VERSION:=)(.*)' "$$$$CLI_MAKEFILE" ); \
if [ $$$$CLI_VERSION != $(PKG_VERSION) ]; then \
echo "ERROR: Expected 'PKG_VERSION:=$(PKG_VERSION)' in '$$$$CLI_MAKEFILE', found 'PKG_VERSION:=$$$$CLI_VERSION'"; \
exit 1; \
fi \
)
endef
define Build/Configure
# move so GoPackage/Build/Configure will get the correct path
mv $(PKG_BUILD_DIR)/components/engine $(PKG_BUILD_DIR)/
# docker generates files at build time so we'll just symlink for now and call GoPackage/Build/Configure later
mkdir -p $(GO_PKG_BUILD_DIR)/bin \
$(GO_PKG_BUILD_DIR)/src \
$(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/ \
$(GO_BUILD_CACHE_DIR)
$(LN) $(PKG_BUILD_DIR)/engine $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/docker
endef
ifeq ($(CONFIG_DOCKER_SECCOMP),y)
BUILDTAGS:=seccomp
else
BUILDTAGS:=
ifeq ($(KERNEL_SECCOMP),y)
BUILDTAGS += seccomp
endif
ifeq ($(CONFIG_SELINUX),y)
BUILDTAGS += selinux
endif
define Build/Compile
( \
export $(GO_PKG_VARS) \
GITCOMMIT=$(PKG_SOURCE_VERSION) \
DOCKER_GITCOMMIT=$(PKG_SOURCE_VERSION) \
DOCKER_BUILDTAGS='$(BUILDTAGS)' \
VERSION=$(PKG_VERSION) \
\
&& echo "Compiling Engine..." \
&& cd $(PKG_BUILD_DIR)/engine \
&& ./hack/make.sh binary \
cd $(PKG_BUILD_DIR); \
$(GO_PKG_VARS) \
DOCKER_GITCOMMIT=$(PKG_SOURCE_VERSION) \
DOCKER_BUILDTAGS='$(BUILDTAGS)' \
VERSION=$(PKG_VERSION) \
./hack/make.sh binary; \
)
# done here to include autogenerated files also
rm $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/docker
$(call GoPackage/Build/Configure)
endef
define Package/docker-ce/install
define Package/dockerd/install
$(INSTALL_DIR) $(1)/usr/bin/
$(INSTALL_BIN) $(PKG_BUILD_DIR)/engine/bundles/binary-daemon/dockerd $(1)/usr/bin/
$(INSTALL_BIN) $(PKG_BUILD_DIR)/bundles/binary-daemon/dockerd $(1)/usr/bin/
$(INSTALL_DIR) $(1)/opt/docker/
$(INSTALL_DIR) $(1)/usr/share/docker/
$(INSTALL_BIN) $(PKG_BUILD_DIR)/engine/contrib/check-config.sh $(1)/usr/share/docker/
$(INSTALL_BIN) $(PKG_BUILD_DIR)/contrib/check-config.sh $(1)/usr/share/docker/
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/dockerd.init $(1)/etc/init.d/dockerd
@ -124,7 +120,7 @@ define Package/docker-ce/install
$(1)/etc/sysctl.d/12-br-netfilter-ip.conf
endef
define Package/docker-ce/postinst
define Package/dockerd/postinst
#!/bin/sh
[ -n "$$IPKG_INSTROOT" ] || {
/etc/init.d/dockerd enable
@ -133,7 +129,7 @@ define Package/docker-ce/postinst
}
endef
define Package/docker-ce/prerm
define Package/dockerd/prerm
#!/bin/sh
[ -n "$$IPKG_INSTROOT" ] || {
/etc/init.d/dockerd disable
@ -142,4 +138,4 @@ define Package/docker-ce/prerm
}
endef
$(eval $(call BuildPackage,docker-ce))
$(eval $(call BuildPackage,dockerd))

View File

@ -1,13 +1,13 @@
Index: docker-ce-18.09.0/components/engine/hack/make.sh
Index: docker-ce-20.10.0/hack/make.sh
===================================================================
--- docker-ce-18.09.0.orig/components/engine/hack/make.sh
+++ docker-ce-18.09.0/components/engine/hack/make.sh
@@ -129,7 +129,7 @@ fi
--- docker-ce-20.10.0.orig/hack/make.sh
+++ docker-ce-20.10.0/hack/make.sh
@@ -95,7 +95,7 @@ fi
# with a newer libdevmapper than the one it was built with.
if \
if
command -v gcc &> /dev/null \
- && ! ( echo -e '#include <libdevmapper.h>\nint main() { dm_task_deferred_remove(NULL); }'| gcc -xc - -o /dev/null $(pkg-config --libs devmapper) &> /dev/null ) \
+ && ! ( echo -e '#include <libdevmapper.h>\nint main() { dm_task_deferred_remove(NULL); }'| gcc -xc - -o /dev/null $(pkg-config --libs libdevmapper) &> /dev/null ) \
; then
- && ! (echo -e '#include <libdevmapper.h>\nint main() { dm_task_deferred_remove(NULL); }' | gcc -xc - -o /dev/null $(pkg-config --libs devmapper) &> /dev/null) \
+ && ! (echo -e '#include <libdevmapper.h>\nint main() { dm_task_deferred_remove(NULL); }' | gcc -xc - -o /dev/null $(pkg-config --libs libdevmapper) &> /dev/null) \
;
then
add_buildtag libdm dlsym_deferred_remove
fi

View File

@ -1,58 +0,0 @@
From 2fdfb4404ab811cb00227a3de111437b829e55cf Mon Sep 17 00:00:00 2001
From: Hongxu Jia <hongxu.jia@windriver.com>
Date: Wed, 17 Jul 2019 17:34:04 +0800
Subject: [PATCH] imporve hardcoded CC on cross compile
Since commit applied in moby [61a3285 Support cross-compile for arm]
it hardcoded var-CC to support cross-compile for arm
Correct it with "${parameter:-word}" format, it is helpful for user
define toolchains
(Use Default Values. If parameter is unset or null, the expansion of
word is substituted. Otherwise, the value of parameter is substituted.)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Upstream-commit: 3c701e4db1b8646c2324ae524b4e7ca1b1147a07
Component: engine
---
components/engine/hack/make/.binary | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/components/engine/hack/make/.binary b/components/engine/hack/make/.binary
index 53de6749e5..66f4ca05f3 100644
--- a/components/engine/hack/make/.binary
+++ b/components/engine/hack/make/.binary
@@ -44,27 +44,27 @@ if [ "$(go env GOOS)/$(go env GOARCH)" != "$(go env GOHOSTOS)/$(go env GOHOSTARC
# must be cross-compiling!
case "$(go env GOOS)/$(go env GOARCH)" in
windows/amd64)
- export CC=x86_64-w64-mingw32-gcc
+ export CC="${CC:-x86_64-w64-mingw32-gcc}"
export CGO_ENABLED=1
;;
linux/arm)
case "${GOARM}" in
5|"")
- export CC=arm-linux-gnueabi-gcc
+ export CC="${CC:-arm-linux-gnueabi-gcc}"
export CGO_ENABLED=1
;;
7)
- export CC=arm-linux-gnueabihf-gcc
+ export CC="${CC:-arm-linux-gnueabihf-gcc}"
export CGO_ENABLED=1
;;
esac
;;
linux/arm64)
- export CC=aarch64-linux-gnu-gcc
+ export CC="${CC:-aarch64-linux-gnu-gcc}"
export CGO_ENABLED=1
;;
linux/amd64)
- export CC=x86_64-linux-gnu-gcc
+ export CC="${CC:-x86_64-linux-gnu-gcc}"
export CGO_ENABLED=1
;;
esac