diff options
Diffstat (limited to 'app-containers/docker')
-rw-r--r-- | app-containers/docker/Manifest | 9 | ||||
-rw-r--r-- | app-containers/docker/docker-24.0.5-r1.ebuild (renamed from app-containers/docker/docker-20.10.12-r1.ebuild) | 263 | ||||
-rw-r--r-- | app-containers/docker/docker-24.0.6.ebuild (renamed from app-containers/docker/docker-20.10.16.ebuild) | 261 | ||||
-rw-r--r-- | app-containers/docker/docker-24.0.7-r1.ebuild (renamed from app-containers/docker/docker-20.10.14.ebuild) | 263 | ||||
-rw-r--r-- | app-containers/docker/docker-25.0.1.ebuild | 318 | ||||
-rw-r--r-- | app-containers/docker/docker-25.0.4.ebuild | 318 | ||||
-rw-r--r-- | app-containers/docker/docker-26.1.0-r1.ebuild | 322 | ||||
-rw-r--r-- | app-containers/docker/files/0001-Openrc-Depend-on-containerd-init-script.patch | 28 | ||||
-rw-r--r-- | app-containers/docker/files/docker-24.0.5-automagic-systemd.patch | 13 | ||||
-rw-r--r-- | app-containers/docker/files/docker-26.1.0-automagic-systemd.patch | 13 | ||||
-rw-r--r-- | app-containers/docker/files/etcd-F_OFD_GETLK-fix.patch | 28 | ||||
-rw-r--r-- | app-containers/docker/files/ppc64-buildmode.patch | 30 | ||||
-rw-r--r-- | app-containers/docker/metadata.xml | 18 |
13 files changed, 1493 insertions, 391 deletions
diff --git a/app-containers/docker/Manifest b/app-containers/docker/Manifest index 93e6aa676e60..bd1c7e1ad7a7 100644 --- a/app-containers/docker/Manifest +++ b/app-containers/docker/Manifest @@ -1,3 +1,6 @@ -DIST docker-20.10.12.tar.gz 11091999 BLAKE2B e3b1c40d2dcd2df9b158942759e035d53481dbd63c0fda188ec8564b0249402f5eff5f25fcb1a53c5d9af5b4c49f0919fc07f1f52d0b7333044c0a9c12631c21 SHA512 f4122c8cbc67e6b7703856dc76d6f15d7fab1b2001d4916b89958d5319c16d8b8445881841ef4804e8d47d64694184aec1be93e22d7baceb021c4a99c2c03753 -DIST docker-20.10.14.tar.gz 10989937 BLAKE2B 4b510408c8cf2aef3a9777996aadd024e61df519c6c83d8c59e066058fb082f72ee14405b011731cb3663abdf0759d8f005b3336f6e9b6430270a2e1ba337436 SHA512 94ee555337aaf96bb95ce8cbe8fe1d9c8b87fcd4f256d2af5082fc47915f7576882929c1211ef7fba0c754097bdef5e6df59abbdf77456d3babe139f4353ed21 -DIST docker-20.10.16.tar.gz 11182324 BLAKE2B 8d6676a24b3b53f9155a53eb55a1b5074c5724788102356cae8ead55dbf2f2c2875ea4a0a9eaee4a7720d8f11671b2f748eb8c61b67b81992342d1171feaaaa7 SHA512 5fdf87f98a951af87a334a5a403e36b975ff6c4647d0656dde2bd763d27562c620346f3746adafa1439c205869c721a3bef750f8302734499423ca789218f85d +DIST docker-24.0.5.tar.gz 14456089 BLAKE2B be13a4256787152cb35ddb96d80e97a5e5b587094f1c61d18158737a037c4e81b88c186098ba7416eb7778022ece07bc31ee55af13d3e3da8e0bbd5452ad027f SHA512 cde2e47e7658b153399ee29154ec21eebf54b292185e07d43b968895dcfdfead95e4507fefb713859a4540f21d8007116d3ebeaa1fb7ba305fb2a0449ba1bee6 +DIST docker-24.0.6.tar.gz 14462378 BLAKE2B bced8e687abac59254a9969df46f323a835627a724889e5966bea08df8766b4291914442001d1b573280c45ac4d357a673e98e8fba2b8d116a1dbd65424ccf78 SHA512 d9bf0ba756b1ebe69a44819d7c6aa5d66dad8db5bcc41233e2bfce8131334a2fe1af3972de7f602b7911231288d29aaea797b7a05b335c2d7214a613b27c4b63 +DIST docker-24.0.7.tar.gz 14658649 BLAKE2B 73bad494640ef8cad2b9b991f94414d8bec4dd88b120b0f8238f74d01269c445270f45410ac2c78af074356c3ba60a7c550ab28f5da5924bdc6d8b99e85a1360 SHA512 08f22fcbce163c3ba8eb21302fd38ff04fd3f27067f5715a3c527ba2efe67f694fac80bfe6d6b5e22d06d98917e1685a9d3d9b58991f221354f637f4a8bdc526 +DIST docker-25.0.1.tar.gz 15936052 BLAKE2B 32b24893c9b098b218b16548be074588ad98ed31c8b87ab3fa467f79e33e96ce94f694b86f2920b1166e64c153b1c2482cb602117f673d23f0fc5ccc9b28ae92 SHA512 816c888925cf609e7caa6e491b45614f69fdd7df5ed4f783d8a77cf86d9f46f4f457a95a943aa75ecddf99d080daf78bc0dba55e9648960dc539b1ae62052361 +DIST docker-25.0.4.tar.gz 15953567 BLAKE2B 85398de80b14f21d611822a1714ac987d919cf6a2a8059d8a6d41c9b63fd63a04013e47e01021eccdbd107f1a3f8ee55dc1ecbc4b6c9cc20ff2854434e3b6af7 SHA512 07e724de305def32a1e32a724a8041be193745c4f0d549708723cf5d14b840f74648e83e790fd526e00a6c6fdb7e487ee4e5ed0752fbe172d673ab86fe8819d2 +DIST docker-26.1.0.tar.gz 16390376 BLAKE2B 6703e9b153c430bc28aed2e7de7bada0203353d61f0a2ce3d49ddbd017eab196a685dd1ab1e719a6b287813eb5fa4f2c612e2cf1ab95789d6e79ebe5dac7ace3 SHA512 47b6b9af9947016884614b6bc25977e1db281da95c9b8b34c753c21c664a737a893f9fa65d92cbb897735aae3893567e106e6bababb5507e069b1e0981e48d50 diff --git a/app-containers/docker/docker-20.10.12-r1.ebuild b/app-containers/docker/docker-24.0.5-r1.ebuild index 95c508dbb975..2421fd8dd3eb 100644 --- a/app-containers/docker/docker-20.10.12-r1.ebuild +++ b/app-containers/docker/docker-24.0.5-r1.ebuild @@ -1,11 +1,11 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 EGO_PN=github.com/docker/docker MY_PV=${PV/_/-} -GIT_COMMIT=459d0dfbbb inherit linux-info systemd udev golang-vcs-snapshot +GIT_COMMIT=4ffc61430bbe6d3d405bdf357b766bf303ff3cc5 DESCRIPTION="The core functions you need to create Docker images and run Docker containers" HOMEPAGE="https://www.docker.com/" @@ -14,7 +14,7 @@ SRC_URI="https://github.com/moby/moby/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz" LICENSE="Apache-2.0" SLOT="0" KEYWORDS="amd64 ~arm arm64 ppc64 ~riscv ~x86" -IUSE="apparmor aufs btrfs +cli +container-init device-mapper hardened overlay seccomp" +IUSE="apparmor btrfs +container-init device-mapper overlay seccomp selinux systemd" DEPEND=" acct-group/docker @@ -23,13 +23,11 @@ DEPEND=" btrfs? ( >=sys-fs/btrfs-progs-3.16.1 ) device-mapper? ( >=sys-fs/lvm2-2.02.89[thin] ) seccomp? ( >=sys-libs/libseccomp-2.2.1 ) + systemd? ( sys-apps/systemd ) " # https://github.com/moby/moby/blob/master/project/PACKAGERS.md#runtime-dependencies # https://github.com/moby/moby/blob/master/project/PACKAGERS.md#optional-dependencies -# https://github.com/moby/moby/tree/master//hack/dockerfile/install -# make sure docker-proxy is pinned to exact version from ^, -# for appropriate branch/version of course RDEPEND=" ${DEPEND} >=net-firewall/iptables-1.4 @@ -37,10 +35,10 @@ RDEPEND=" >=dev-vcs/git-1.7 >=app-arch/xz-utils-4.9 dev-libs/libltdl - >=app-containers/containerd-1.4.12[apparmor?,btrfs?,device-mapper?,seccomp?] - ~app-containers/docker-proxy-0.8.0_p20210525 - cli? ( ~app-containers/docker-cli-${PV} ) + >=app-containers/containerd-1.7.1[apparmor?,btrfs?,device-mapper?,seccomp?] + !app-containers/docker-proxy container-init? ( >=sys-process/tini-0.19.0[static] ) + selinux? ( sec-policy/selinux-docker ) " # https://github.com/docker/docker/blob/master/project/PACKAGERS.md#build-dependencies @@ -56,98 +54,173 @@ S="${WORKDIR}/${P}/src/${EGO_PN}" # https://bugs.gentoo.org/748984 https://github.com/etcd-io/etcd/pull/12552 PATCHES=( - "${FILESDIR}/etcd-F_OFD_GETLK-fix.patch" - "${FILESDIR}/ppc64-buildmode.patch" + "${FILESDIR}/0001-Openrc-Depend-on-containerd-init-script.patch" + "${FILESDIR}/docker-24.0.5-automagic-systemd.patch" ) -# see "contrib/check-config.sh" from upstream's sources -CONFIG_CHECK=" - ~NAMESPACES ~NET_NS ~PID_NS ~IPC_NS ~UTS_NS - ~CGROUPS ~CGROUP_CPUACCT ~CGROUP_DEVICE ~CGROUP_FREEZER ~CGROUP_SCHED ~CPUSETS ~MEMCG - ~CGROUP_NET_PRIO - ~KEYS - ~VETH ~BRIDGE ~BRIDGE_NETFILTER - ~IP_NF_FILTER ~IP_NF_TARGET_MASQUERADE ~NETFILTER_XT_MARK - ~NETFILTER_NETLINK ~NETFILTER_XT_MATCH_ADDRTYPE ~NETFILTER_XT_MATCH_CONNTRACK ~NETFILTER_XT_MATCH_IPVS - ~IP_NF_NAT ~NF_NAT - ~POSIX_MQUEUE - - ~USER_NS - ~SECCOMP - ~CGROUP_PIDS - ~MEMCG_SWAP - - ~BLK_CGROUP ~BLK_DEV_THROTTLING - ~CGROUP_PERF - ~CGROUP_HUGETLB - ~NET_CLS_CGROUP - ~CFS_BANDWIDTH ~FAIR_GROUP_SCHED - ~IP_VS ~IP_VS_PROTO_TCP ~IP_VS_PROTO_UDP ~IP_VS_NFCT ~IP_VS_RR - - ~VXLAN - ~CRYPTO ~CRYPTO_AEAD ~CRYPTO_GCM ~CRYPTO_SEQIV ~CRYPTO_GHASH ~XFRM_ALGO ~XFRM_USER - ~IPVLAN - ~MACVLAN ~DUMMY - - ~OVERLAY_FS ~!OVERLAY_FS_REDIRECT_DIR - ~EXT4_FS_SECURITY - ~EXT4_FS_POSIX_ACL -" - -ERROR_KEYS="CONFIG_KEYS: is mandatory" -ERROR_MEMCG_SWAP="CONFIG_MEMCG_SWAP: is required if you wish to limit swap usage of containers" -ERROR_RESOURCE_COUNTERS="CONFIG_RESOURCE_COUNTERS: is optional for container statistics gathering" - -ERROR_BLK_CGROUP="CONFIG_BLK_CGROUP: is optional for container statistics gathering" -ERROR_IOSCHED_CFQ="CONFIG_IOSCHED_CFQ: is optional for container statistics gathering" -ERROR_CGROUP_PERF="CONFIG_CGROUP_PERF: is optional for container statistics gathering" -ERROR_CFS_BANDWIDTH="CONFIG_CFS_BANDWIDTH: is optional for container statistics gathering" -ERROR_XFRM_ALGO="CONFIG_XFRM_ALGO: is optional for secure networks" -ERROR_XFRM_USER="CONFIG_XFRM_USER: is optional for secure networks" - pkg_setup() { + # this is based on "contrib/check-config.sh" from upstream's sources + # required features. + CONFIG_CHECK=" + ~NAMESPACES ~NET_NS ~PID_NS ~IPC_NS ~UTS_NS + ~CGROUPS ~CGROUP_CPUACCT ~CGROUP_DEVICE ~CGROUP_FREEZER ~CGROUP_SCHED ~CPUSETS ~MEMCG + ~KEYS + ~VETH ~BRIDGE ~BRIDGE_NETFILTER + ~IP_NF_FILTER ~IP_NF_TARGET_MASQUERADE + ~NETFILTER_XT_MATCH_ADDRTYPE + ~NETFILTER_XT_MATCH_CONNTRACK + ~NETFILTER_XT_MATCH_IPVS + ~NETFILTER_XT_MARK + ~IP_NF_NAT ~NF_NAT + ~POSIX_MQUEUE + " + WARNING_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE: is required for bind-mounting /dev/mqueue into containers" + + if kernel_is lt 4 8; then + CONFIG_CHECK+=" + ~DEVPTS_MULTIPLE_INSTANCES + " + fi - if kernel_is lt 4 5; then + if kernel_is le 5 1; then CONFIG_CHECK+=" - ~MEMCG_KMEM + ~NF_NAT_IPV4 " - ERROR_MEMCG_KMEM="CONFIG_MEMCG_KMEM: is optional" fi - if kernel_is lt 4 7; then + if kernel_is le 5 2; then CONFIG_CHECK+=" - ~DEVPTS_MULTIPLE_INSTANCES + ~NF_NAT_NEEDED " fi - if kernel_is lt 5 1; then + if kernel_is ge 4 15; then CONFIG_CHECK+=" - ~NF_NAT_IPV4 - ~IOSCHED_CFQ - ~CFQ_GROUP_IOSCHED + ~CGROUP_BPF " fi - if kernel_is lt 5 2; then + # optional features + CONFIG_CHECK+=" + ~USER_NS + " + + if use seccomp; then CONFIG_CHECK+=" - ~NF_NAT_NEEDED + ~SECCOMP ~SECCOMP_FILTER " fi - if kernel_is lt 5 8; then + CONFIG_CHECK+=" + ~CGROUP_PIDS + " + + if kernel_is lt 6 1; then + CONFIG_CHECK+=" + ~MEMCG_SWAP + " + fi + + if kernel_is le 5 8; then CONFIG_CHECK+=" ~MEMCG_SWAP_ENABLED " fi - if use aufs; then + CONFIG_CHECK+=" + ~!LEGACY_VSYSCALL_NATIVE + " + if kernel_is lt 5 19; then + CONFIG_CHECK+=" + ~LEGACY_VSYSCALL_EMULATE + " + fi + CONFIG_CHECK+=" + ~!LEGACY_VSYSCALL_NONE + " + WARNING_LEGACY_VSYSCALL_NONE="CONFIG_LEGACY_VSYSCALL_NONE enabled: \ + Containers with <=glibc-2.13 will not work" + + if kernel_is le 4 5; then CONFIG_CHECK+=" - ~AUFS_FS - ~EXT4_FS_POSIX_ACL ~EXT4_FS_SECURITY + ~MEMCG_KMEM " - ERROR_AUFS_FS="CONFIG_AUFS_FS: is required to be set if and only if aufs is patched to kernel instead of using standalone" fi + if kernel_is lt 5; then + CONFIG_CHECK+=" + ~IOSCHED_CFQ ~CFQ_GROUP_IOSCHED + " + fi + + CONFIG_CHECK+=" + ~BLK_CGROUP ~BLK_DEV_THROTTLING + ~CGROUP_PERF + ~CGROUP_HUGETLB + ~NET_CLS_CGROUP ~CGROUP_NET_PRIO + ~CFS_BANDWIDTH ~FAIR_GROUP_SCHED + ~IP_NF_TARGET_REDIRECT + ~IP_VS + ~IP_VS_NFCT + ~IP_VS_PROTO_TCP + ~IP_VS_PROTO_UDP + ~IP_VS_RR + " + + if use selinux; then + CONFIG_CHECK+=" + ~SECURITY_SELINUX + " + fi + + if use apparmor; then + CONFIG_CHECK+=" + ~SECURITY_APPARMOR + " + fi + + # if ! is_set EXT4_USE_FOR_EXT2; then + # check_flags EXT3_FS EXT3_FS_XATTR EXT3_FS_POSIX_ACL EXT3_FS_SECURITY + # if ! is_set EXT3_FS || ! is_set EXT3_FS_XATTR || ! is_set EXT3_FS_POSIX_ACL || ! is_set EXT3_FS_SECURITY; then + # echo " $(wrap_color '(enable these ext3 configs if you are using ext3 as backing filesystem)' bold black)" + # fi + # fi + + CONFIG_CHECK+=" + ~EXT4_FS ~EXT4_FS_POSIX_ACL ~EXT4_FS_SECURITY + " + + # if ! is_set EXT4_FS || ! is_set EXT4_FS_POSIX_ACL || ! is_set EXT4_FS_SECURITY; then + # if is_set EXT4_USE_FOR_EXT2; then + # echo " $(wrap_color 'enable these ext4 configs if you are using ext3 or ext4 as backing filesystem' bold black)" + # else + # echo " $(wrap_color 'enable these ext4 configs if you are using ext4 as backing filesystem' bold black)" + # fi + # fi + + # network drivers + CONFIG_CHECK+=" + ~VXLAN ~BRIDGE_VLAN_FILTERING + ~CRYPTO ~CRYPTO_AEAD ~CRYPTO_GCM ~CRYPTO_SEQIV ~CRYPTO_GHASH + ~XFRM ~XFRM_USER ~XFRM_ALGO ~INET_ESP + " + if kernel_is le 5 3; then + CONFIG_CHECK+=" + ~INET_XFRM_MODE_TRANSPORT + " + fi + + CONFIG_CHECK+=" + ~IPVLAN + " + CONFIG_CHECK+=" + ~MACVLAN ~DUMMY + " + CONFIG_CHECK+=" + ~NF_NAT_FTP ~NF_CONNTRACK_FTP ~NF_NAT_TFTP ~NF_CONNTRACK_TFTP + " + + # storage drivers if use btrfs; then CONFIG_CHECK+=" ~BTRFS_FS @@ -157,10 +230,14 @@ pkg_setup() { if use device-mapper; then CONFIG_CHECK+=" - ~BLK_DEV_DM ~DM_THIN_PROVISIONING ~EXT4_FS ~EXT4_FS_POSIX_ACL ~EXT4_FS_SECURITY + ~BLK_DEV_DM ~DM_THIN_PROVISIONING " fi + CONFIG_CHECK+=" + ~OVERLAY_FS + " + linux-info_pkg_setup } @@ -176,7 +253,7 @@ src_compile() { # let's set up some optional features :) export DOCKER_BUILDTAGS='' - for gd in aufs btrfs device-mapper overlay; do + for gd in btrfs device-mapper overlay; do if ! use $gd; then DOCKER_BUILDTAGS+=" exclude_graphdriver_${gd//-/}" fi @@ -188,15 +265,9 @@ src_compile() { fi done - if use hardened; then - sed -i "s/EXTLDFLAGS_STATIC='/&-fno-PIC /" hack/make.sh || die - grep -q -- '-fno-PIC' hack/make.sh || die 'hardened sed failed' - sed "s/LDFLAGS_STATIC_DOCKER='/&-extldflags -fno-PIC /" \ - -i hack/make/dynbinary-daemon || die - grep -q -- '-fno-PIC' hack/make/dynbinary-daemon || die 'hardened sed failed' - fi + export SYSTEMD=$(usex systemd 1 0) - # build daemon + # build binaries ./hack/make.sh dynbinary || die 'dynbinary failed' } @@ -205,7 +276,8 @@ src_install() { dosym containerd-shim /usr/bin/docker-containerd-shim dosym runc /usr/bin/docker-runc use container-init && dosym tini /usr/bin/docker-init - newbin bundles/dynbinary-daemon/dockerd dockerd + dobin bundles/dynbinary-daemon/dockerd + dobin bundles/dynbinary-daemon/docker-proxy newinitd contrib/init/openrc/docker.initd docker newconfd contrib/init/openrc/docker.confd docker @@ -214,7 +286,7 @@ src_install() { udev_dorules contrib/udev/*.rules - dodoc AUTHORS CONTRIBUTING.md CHANGELOG.md NOTICE README.md + dodoc AUTHORS CONTRIBUTING.md NOTICE README.md dodoc -r docs/* # note: intentionally not using "doins" so that we preserve +x bits @@ -255,25 +327,8 @@ pkg_postinst() { elog " Check https://docs.docker.com/storage/storagedriver/zfs-driver for more info" elog fi +} - if use cli; then - ewarn "Starting with docker 20.10.2, docker has been split into" - ewarn "two packages upstream, so Gentoo has followed suit." - ewarn - ewarn "app-containers/docker contains the daemon and" - ewarn "app-containers/docker-cli contains the docker command." - ewarn - ewarn "docker currently installs docker-cli using the cli use flag." - ewarn - ewarn "This use flag is temporary, so you need to take the" - ewarn "following actions:" - ewarn - ewarn "First, disable the cli use flag for app-containers/docker" - ewarn - ewarn "Then, if you need docker-cli and docker on the same machine," - ewarn "run the following command:" - ewarn - ewarn "# emerge --noreplace docker-cli" - ewarn - fi +pkg_postrm() { + udev_reload } diff --git a/app-containers/docker/docker-20.10.16.ebuild b/app-containers/docker/docker-24.0.6.ebuild index 58fd7b5b426c..6a8cc58fd1f6 100644 --- a/app-containers/docker/docker-20.10.16.ebuild +++ b/app-containers/docker/docker-24.0.6.ebuild @@ -1,11 +1,11 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 EGO_PN=github.com/docker/docker MY_PV=${PV/_/-} -GIT_COMMIT=f756502055 inherit linux-info systemd udev golang-vcs-snapshot +GIT_COMMIT=1a7969545d73537545645f5cd2c79b7a77e7d39f DESCRIPTION="The core functions you need to create Docker images and run Docker containers" HOMEPAGE="https://www.docker.com/" @@ -14,8 +14,7 @@ SRC_URI="https://github.com/moby/moby/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz" LICENSE="Apache-2.0" SLOT="0" KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86" -IUSE="apparmor aufs btrfs +cli +container-init device-mapper hardened -overlay seccomp selinux" +IUSE="apparmor btrfs +container-init device-mapper overlay seccomp selinux" DEPEND=" acct-group/docker @@ -28,9 +27,6 @@ DEPEND=" # https://github.com/moby/moby/blob/master/project/PACKAGERS.md#runtime-dependencies # https://github.com/moby/moby/blob/master/project/PACKAGERS.md#optional-dependencies -# https://github.com/moby/moby/tree/master//hack/dockerfile/install -# make sure docker-proxy is pinned to exact version from ^, -# for appropriate branchch/version of course RDEPEND=" ${DEPEND} >=net-firewall/iptables-1.4 @@ -38,9 +34,9 @@ RDEPEND=" >=dev-vcs/git-1.7 >=app-arch/xz-utils-4.9 dev-libs/libltdl - >=app-containers/containerd-1.6.4[apparmor?,btrfs?,device-mapper?,seccomp?] - ~app-containers/docker-proxy-0.8.0_p20220315 - cli? ( ~app-containers/docker-cli-${PV} ) + >=app-containers/containerd-1.7.3[apparmor?,btrfs?,device-mapper?,seccomp?] + >=app-containers/runc-1.1.9[apparmor?,seccomp?] + !app-containers/docker-proxy container-init? ( >=sys-process/tini-0.19.0[static] ) selinux? ( sec-policy/selinux-docker ) " @@ -58,97 +54,172 @@ S="${WORKDIR}/${P}/src/${EGO_PN}" # https://bugs.gentoo.org/748984 https://github.com/etcd-io/etcd/pull/12552 PATCHES=( - "${FILESDIR}/ppc64-buildmode.patch" + "${FILESDIR}/0001-Openrc-Depend-on-containerd-init-script.patch" ) -# see "contrib/check-config.sh" from upstream's sources -CONFIG_CHECK=" - ~NAMESPACES ~NET_NS ~PID_NS ~IPC_NS ~UTS_NS - ~CGROUPS ~CGROUP_CPUACCT ~CGROUP_DEVICE ~CGROUP_FREEZER ~CGROUP_SCHED ~CPUSETS ~MEMCG - ~CGROUP_NET_PRIO - ~KEYS - ~VETH ~BRIDGE ~BRIDGE_NETFILTER - ~IP_NF_FILTER ~IP_NF_TARGET_MASQUERADE ~NETFILTER_XT_MARK - ~NETFILTER_NETLINK ~NETFILTER_XT_MATCH_ADDRTYPE ~NETFILTER_XT_MATCH_CONNTRACK ~NETFILTER_XT_MATCH_IPVS - ~IP_NF_NAT ~NF_NAT - ~POSIX_MQUEUE - - ~USER_NS - ~SECCOMP - ~CGROUP_PIDS - ~MEMCG_SWAP - - ~BLK_CGROUP ~BLK_DEV_THROTTLING - ~CGROUP_PERF - ~CGROUP_HUGETLB - ~NET_CLS_CGROUP - ~CFS_BANDWIDTH ~FAIR_GROUP_SCHED - ~IP_VS ~IP_VS_PROTO_TCP ~IP_VS_PROTO_UDP ~IP_VS_NFCT ~IP_VS_RR - - ~VXLAN - ~CRYPTO ~CRYPTO_AEAD ~CRYPTO_GCM ~CRYPTO_SEQIV ~CRYPTO_GHASH ~XFRM_ALGO ~XFRM_USER - ~IPVLAN - ~MACVLAN ~DUMMY - - ~OVERLAY_FS ~!OVERLAY_FS_REDIRECT_DIR - ~EXT4_FS_SECURITY - ~EXT4_FS_POSIX_ACL -" - -ERROR_KEYS="CONFIG_KEYS: is mandatory" -ERROR_MEMCG_SWAP="CONFIG_MEMCG_SWAP: is required if you wish to limit swap usage of containers" -ERROR_RESOURCE_COUNTERS="CONFIG_RESOURCE_COUNTERS: is optional for container statistics gathering" - -ERROR_BLK_CGROUP="CONFIG_BLK_CGROUP: is optional for container statistics gathering" -ERROR_IOSCHED_CFQ="CONFIG_IOSCHED_CFQ: is optional for container statistics gathering" -ERROR_CGROUP_PERF="CONFIG_CGROUP_PERF: is optional for container statistics gathering" -ERROR_CFS_BANDWIDTH="CONFIG_CFS_BANDWIDTH: is optional for container statistics gathering" -ERROR_XFRM_ALGO="CONFIG_XFRM_ALGO: is optional for secure networks" -ERROR_XFRM_USER="CONFIG_XFRM_USER: is optional for secure networks" - pkg_setup() { + # this is based on "contrib/check-config.sh" from upstream's sources + # required features. + CONFIG_CHECK=" + ~NAMESPACES ~NET_NS ~PID_NS ~IPC_NS ~UTS_NS + ~CGROUPS ~CGROUP_CPUACCT ~CGROUP_DEVICE ~CGROUP_FREEZER ~CGROUP_SCHED ~CPUSETS ~MEMCG + ~KEYS + ~VETH ~BRIDGE ~BRIDGE_NETFILTER + ~IP_NF_FILTER ~IP_NF_TARGET_MASQUERADE + ~NETFILTER_XT_MATCH_ADDRTYPE + ~NETFILTER_XT_MATCH_CONNTRACK + ~NETFILTER_XT_MATCH_IPVS + ~NETFILTER_XT_MARK + ~IP_NF_NAT ~NF_NAT + ~POSIX_MQUEUE + " + WARNING_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE: is required for bind-mounting /dev/mqueue into containers" + + if kernel_is lt 4 8; then + CONFIG_CHECK+=" + ~DEVPTS_MULTIPLE_INSTANCES + " + fi - if kernel_is lt 4 5; then + if kernel_is le 5 1; then CONFIG_CHECK+=" - ~MEMCG_KMEM + ~NF_NAT_IPV4 " - ERROR_MEMCG_KMEM="CONFIG_MEMCG_KMEM: is optional" fi - if kernel_is lt 4 7; then + if kernel_is le 5 2; then CONFIG_CHECK+=" - ~DEVPTS_MULTIPLE_INSTANCES + ~NF_NAT_NEEDED " fi - if kernel_is lt 5 1; then + if kernel_is ge 4 15; then CONFIG_CHECK+=" - ~NF_NAT_IPV4 - ~IOSCHED_CFQ - ~CFQ_GROUP_IOSCHED + ~CGROUP_BPF " fi - if kernel_is lt 5 2; then + # optional features + CONFIG_CHECK+=" + ~USER_NS + " + + if use seccomp; then CONFIG_CHECK+=" - ~NF_NAT_NEEDED + ~SECCOMP ~SECCOMP_FILTER " fi - if kernel_is lt 5 8; then + CONFIG_CHECK+=" + ~CGROUP_PIDS + " + + if kernel_is lt 6 1; then + CONFIG_CHECK+=" + ~MEMCG_SWAP + " + fi + + if kernel_is le 5 8; then CONFIG_CHECK+=" ~MEMCG_SWAP_ENABLED " fi - if use aufs; then + CONFIG_CHECK+=" + ~!LEGACY_VSYSCALL_NATIVE + " + if kernel_is lt 5 19; then + CONFIG_CHECK+=" + ~LEGACY_VSYSCALL_EMULATE + " + fi + CONFIG_CHECK+=" + ~!LEGACY_VSYSCALL_NONE + " + WARNING_LEGACY_VSYSCALL_NONE="CONFIG_LEGACY_VSYSCALL_NONE enabled: \ + Containers with <=glibc-2.13 will not work" + + if kernel_is le 4 5; then + CONFIG_CHECK+=" + ~MEMCG_KMEM + " + fi + + if kernel_is lt 5; then CONFIG_CHECK+=" - ~AUFS_FS - ~EXT4_FS_POSIX_ACL ~EXT4_FS_SECURITY + ~IOSCHED_CFQ ~CFQ_GROUP_IOSCHED " - ERROR_AUFS_FS="CONFIG_AUFS_FS: is required to be set if and only if aufs is patched to kernel instead of using standalone" fi + CONFIG_CHECK+=" + ~BLK_CGROUP ~BLK_DEV_THROTTLING + ~CGROUP_PERF + ~CGROUP_HUGETLB + ~NET_CLS_CGROUP ~CGROUP_NET_PRIO + ~CFS_BANDWIDTH ~FAIR_GROUP_SCHED + ~IP_NF_TARGET_REDIRECT + ~IP_VS + ~IP_VS_NFCT + ~IP_VS_PROTO_TCP + ~IP_VS_PROTO_UDP + ~IP_VS_RR + " + + if use selinux; then + CONFIG_CHECK+=" + ~SECURITY_SELINUX + " + fi + + if use apparmor; then + CONFIG_CHECK+=" + ~SECURITY_APPARMOR + " + fi + + # if ! is_set EXT4_USE_FOR_EXT2; then + # check_flags EXT3_FS EXT3_FS_XATTR EXT3_FS_POSIX_ACL EXT3_FS_SECURITY + # if ! is_set EXT3_FS || ! is_set EXT3_FS_XATTR || ! is_set EXT3_FS_POSIX_ACL || ! is_set EXT3_FS_SECURITY; then + # echo " $(wrap_color '(enable these ext3 configs if you are using ext3 as backing filesystem)' bold black)" + # fi + # fi + + CONFIG_CHECK+=" + ~EXT4_FS ~EXT4_FS_POSIX_ACL ~EXT4_FS_SECURITY + " + + # if ! is_set EXT4_FS || ! is_set EXT4_FS_POSIX_ACL || ! is_set EXT4_FS_SECURITY; then + # if is_set EXT4_USE_FOR_EXT2; then + # echo " $(wrap_color 'enable these ext4 configs if you are using ext3 or ext4 as backing filesystem' bold black)" + # else + # echo " $(wrap_color 'enable these ext4 configs if you are using ext4 as backing filesystem' bold black)" + # fi + # fi + + # network drivers + CONFIG_CHECK+=" + ~VXLAN ~BRIDGE_VLAN_FILTERING + ~CRYPTO ~CRYPTO_AEAD ~CRYPTO_GCM ~CRYPTO_SEQIV ~CRYPTO_GHASH + ~XFRM ~XFRM_USER ~XFRM_ALGO ~INET_ESP + " + if kernel_is le 5 3; then + CONFIG_CHECK+=" + ~INET_XFRM_MODE_TRANSPORT + " + fi + + CONFIG_CHECK+=" + ~IPVLAN + " + CONFIG_CHECK+=" + ~MACVLAN ~DUMMY + " + CONFIG_CHECK+=" + ~NF_NAT_FTP ~NF_CONNTRACK_FTP ~NF_NAT_TFTP ~NF_CONNTRACK_TFTP + " + + # storage drivers if use btrfs; then CONFIG_CHECK+=" ~BTRFS_FS @@ -158,10 +229,14 @@ pkg_setup() { if use device-mapper; then CONFIG_CHECK+=" - ~BLK_DEV_DM ~DM_THIN_PROVISIONING ~EXT4_FS ~EXT4_FS_POSIX_ACL ~EXT4_FS_SECURITY + ~BLK_DEV_DM ~DM_THIN_PROVISIONING " fi + CONFIG_CHECK+=" + ~OVERLAY_FS + " + linux-info_pkg_setup } @@ -177,7 +252,7 @@ src_compile() { # let's set up some optional features :) export DOCKER_BUILDTAGS='' - for gd in aufs btrfs device-mapper overlay; do + for gd in btrfs device-mapper overlay; do if ! use $gd; then DOCKER_BUILDTAGS+=" exclude_graphdriver_${gd//-/}" fi @@ -189,15 +264,7 @@ src_compile() { fi done - if use hardened; then - sed -i "s/EXTLDFLAGS_STATIC='/&-fno-PIC /" hack/make.sh || die - grep -q -- '-fno-PIC' hack/make.sh || die 'hardened sed failed' - sed "s/LDFLAGS_STATIC_DOCKER='/&-extldflags -fno-PIC /" \ - -i hack/make/dynbinary-daemon || die - grep -q -- '-fno-PIC' hack/make/dynbinary-daemon || die 'hardened sed failed' - fi - - # build daemon + # build binaries ./hack/make.sh dynbinary || die 'dynbinary failed' } @@ -206,7 +273,8 @@ src_install() { dosym containerd-shim /usr/bin/docker-containerd-shim dosym runc /usr/bin/docker-runc use container-init && dosym tini /usr/bin/docker-init - newbin bundles/dynbinary-daemon/dockerd dockerd + dobin bundles/dynbinary-daemon/dockerd + dobin bundles/dynbinary-daemon/docker-proxy newinitd contrib/init/openrc/docker.initd docker newconfd contrib/init/openrc/docker.confd docker @@ -215,7 +283,7 @@ src_install() { udev_dorules contrib/udev/*.rules - dodoc AUTHORS CONTRIBUTING.md CHANGELOG.md NOTICE README.md + dodoc AUTHORS CONTRIBUTING.md NOTICE README.md dodoc -r docs/* # note: intentionally not using "doins" so that we preserve +x bits @@ -256,25 +324,8 @@ pkg_postinst() { elog " Check https://docs.docker.com/storage/storagedriver/zfs-driver for more info" elog fi +} - if use cli; then - ewarn "Starting with docker 20.10.2, docker has been split into" - ewarn "two packages upstream, so Gentoo has followed suit." - ewarn - ewarn "app-containers/docker contains the daemon and" - ewarn "app-containers/docker-cli contains the docker command." - ewarn - ewarn "docker currently installs docker-cli using the cli use flag." - ewarn - ewarn "This use flag is temporary, so you need to take the" - ewarn "following actions:" - ewarn - ewarn "First, disable the cli use flag for app-containers/docker" - ewarn - ewarn "Then, if you need docker-cli and docker on the same machine," - ewarn "run the following command:" - ewarn - ewarn "# emerge --noreplace docker-cli" - ewarn - fi +pkg_postrm() { + udev_reload } diff --git a/app-containers/docker/docker-20.10.14.ebuild b/app-containers/docker/docker-24.0.7-r1.ebuild index d57cbbed264c..ad913c3d0c3b 100644 --- a/app-containers/docker/docker-20.10.14.ebuild +++ b/app-containers/docker/docker-24.0.7-r1.ebuild @@ -1,11 +1,11 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 EGO_PN=github.com/docker/docker MY_PV=${PV/_/-} -GIT_COMMIT=87a90dc786 inherit linux-info systemd udev golang-vcs-snapshot +GIT_COMMIT=311b9ff0aa93aa55880e1e5f8871c4fb69583426 DESCRIPTION="The core functions you need to create Docker images and run Docker containers" HOMEPAGE="https://www.docker.com/" @@ -14,8 +14,7 @@ SRC_URI="https://github.com/moby/moby/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz" LICENSE="Apache-2.0" SLOT="0" KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86" -IUSE="apparmor aufs btrfs +cli +container-init device-mapper hardened -overlay seccomp selinux" +IUSE="apparmor btrfs +container-init device-mapper overlay seccomp selinux systemd" DEPEND=" acct-group/docker @@ -24,13 +23,11 @@ DEPEND=" btrfs? ( >=sys-fs/btrfs-progs-3.16.1 ) device-mapper? ( >=sys-fs/lvm2-2.02.89[thin] ) seccomp? ( >=sys-libs/libseccomp-2.2.1 ) + systemd? ( sys-apps/systemd ) " # https://github.com/moby/moby/blob/master/project/PACKAGERS.md#runtime-dependencies # https://github.com/moby/moby/blob/master/project/PACKAGERS.md#optional-dependencies -# https://github.com/moby/moby/tree/master//hack/dockerfile/install -# make sure docker-proxy is pinned to exact version from ^, -# for appropriate branchch/version of course RDEPEND=" ${DEPEND} >=net-firewall/iptables-1.4 @@ -38,9 +35,9 @@ RDEPEND=" >=dev-vcs/git-1.7 >=app-arch/xz-utils-4.9 dev-libs/libltdl - >=app-containers/containerd-1.4.12[apparmor?,btrfs?,device-mapper?,seccomp?] - ~app-containers/docker-proxy-0.8.0_p20210525 - cli? ( ~app-containers/docker-cli-${PV} ) + >=app-containers/containerd-1.7.3[apparmor?,btrfs?,device-mapper?,seccomp?] + >=app-containers/runc-1.1.9[apparmor?,seccomp?] + !app-containers/docker-proxy container-init? ( >=sys-process/tini-0.19.0[static] ) selinux? ( sec-policy/selinux-docker ) " @@ -58,97 +55,173 @@ S="${WORKDIR}/${P}/src/${EGO_PN}" # https://bugs.gentoo.org/748984 https://github.com/etcd-io/etcd/pull/12552 PATCHES=( - "${FILESDIR}/ppc64-buildmode.patch" + "${FILESDIR}/0001-Openrc-Depend-on-containerd-init-script.patch" + "${FILESDIR}/docker-24.0.5-automagic-systemd.patch" ) -# see "contrib/check-config.sh" from upstream's sources -CONFIG_CHECK=" - ~NAMESPACES ~NET_NS ~PID_NS ~IPC_NS ~UTS_NS - ~CGROUPS ~CGROUP_CPUACCT ~CGROUP_DEVICE ~CGROUP_FREEZER ~CGROUP_SCHED ~CPUSETS ~MEMCG - ~CGROUP_NET_PRIO - ~KEYS - ~VETH ~BRIDGE ~BRIDGE_NETFILTER - ~IP_NF_FILTER ~IP_NF_TARGET_MASQUERADE ~NETFILTER_XT_MARK - ~NETFILTER_NETLINK ~NETFILTER_XT_MATCH_ADDRTYPE ~NETFILTER_XT_MATCH_CONNTRACK ~NETFILTER_XT_MATCH_IPVS - ~IP_NF_NAT ~NF_NAT - ~POSIX_MQUEUE - - ~USER_NS - ~SECCOMP - ~CGROUP_PIDS - ~MEMCG_SWAP - - ~BLK_CGROUP ~BLK_DEV_THROTTLING - ~CGROUP_PERF - ~CGROUP_HUGETLB - ~NET_CLS_CGROUP - ~CFS_BANDWIDTH ~FAIR_GROUP_SCHED - ~IP_VS ~IP_VS_PROTO_TCP ~IP_VS_PROTO_UDP ~IP_VS_NFCT ~IP_VS_RR - - ~VXLAN - ~CRYPTO ~CRYPTO_AEAD ~CRYPTO_GCM ~CRYPTO_SEQIV ~CRYPTO_GHASH ~XFRM_ALGO ~XFRM_USER - ~IPVLAN - ~MACVLAN ~DUMMY - - ~OVERLAY_FS ~!OVERLAY_FS_REDIRECT_DIR - ~EXT4_FS_SECURITY - ~EXT4_FS_POSIX_ACL -" - -ERROR_KEYS="CONFIG_KEYS: is mandatory" -ERROR_MEMCG_SWAP="CONFIG_MEMCG_SWAP: is required if you wish to limit swap usage of containers" -ERROR_RESOURCE_COUNTERS="CONFIG_RESOURCE_COUNTERS: is optional for container statistics gathering" - -ERROR_BLK_CGROUP="CONFIG_BLK_CGROUP: is optional for container statistics gathering" -ERROR_IOSCHED_CFQ="CONFIG_IOSCHED_CFQ: is optional for container statistics gathering" -ERROR_CGROUP_PERF="CONFIG_CGROUP_PERF: is optional for container statistics gathering" -ERROR_CFS_BANDWIDTH="CONFIG_CFS_BANDWIDTH: is optional for container statistics gathering" -ERROR_XFRM_ALGO="CONFIG_XFRM_ALGO: is optional for secure networks" -ERROR_XFRM_USER="CONFIG_XFRM_USER: is optional for secure networks" - pkg_setup() { + # this is based on "contrib/check-config.sh" from upstream's sources + # required features. + CONFIG_CHECK=" + ~NAMESPACES ~NET_NS ~PID_NS ~IPC_NS ~UTS_NS + ~CGROUPS ~CGROUP_CPUACCT ~CGROUP_DEVICE ~CGROUP_FREEZER ~CGROUP_SCHED ~CPUSETS ~MEMCG + ~KEYS + ~VETH ~BRIDGE ~BRIDGE_NETFILTER + ~IP_NF_FILTER ~IP_NF_TARGET_MASQUERADE + ~NETFILTER_XT_MATCH_ADDRTYPE + ~NETFILTER_XT_MATCH_CONNTRACK + ~NETFILTER_XT_MATCH_IPVS + ~NETFILTER_XT_MARK + ~IP_NF_NAT ~NF_NAT + ~POSIX_MQUEUE + " + WARNING_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE: is required for bind-mounting /dev/mqueue into containers" + + if kernel_is lt 4 8; then + CONFIG_CHECK+=" + ~DEVPTS_MULTIPLE_INSTANCES + " + fi - if kernel_is lt 4 5; then + if kernel_is le 5 1; then CONFIG_CHECK+=" - ~MEMCG_KMEM + ~NF_NAT_IPV4 " - ERROR_MEMCG_KMEM="CONFIG_MEMCG_KMEM: is optional" fi - if kernel_is lt 4 7; then + if kernel_is le 5 2; then CONFIG_CHECK+=" - ~DEVPTS_MULTIPLE_INSTANCES + ~NF_NAT_NEEDED " fi - if kernel_is lt 5 1; then + if kernel_is ge 4 15; then CONFIG_CHECK+=" - ~NF_NAT_IPV4 - ~IOSCHED_CFQ - ~CFQ_GROUP_IOSCHED + ~CGROUP_BPF " fi - if kernel_is lt 5 2; then + # optional features + CONFIG_CHECK+=" + ~USER_NS + " + + if use seccomp; then CONFIG_CHECK+=" - ~NF_NAT_NEEDED + ~SECCOMP ~SECCOMP_FILTER " fi - if kernel_is lt 5 8; then + CONFIG_CHECK+=" + ~CGROUP_PIDS + " + + if kernel_is lt 6 1; then + CONFIG_CHECK+=" + ~MEMCG_SWAP + " + fi + + if kernel_is le 5 8; then CONFIG_CHECK+=" ~MEMCG_SWAP_ENABLED " fi - if use aufs; then + CONFIG_CHECK+=" + ~!LEGACY_VSYSCALL_NATIVE + " + if kernel_is lt 5 19; then + CONFIG_CHECK+=" + ~LEGACY_VSYSCALL_EMULATE + " + fi + CONFIG_CHECK+=" + ~!LEGACY_VSYSCALL_NONE + " + WARNING_LEGACY_VSYSCALL_NONE="CONFIG_LEGACY_VSYSCALL_NONE enabled: \ + Containers with <=glibc-2.13 will not work" + + if kernel_is le 4 5; then CONFIG_CHECK+=" - ~AUFS_FS - ~EXT4_FS_POSIX_ACL ~EXT4_FS_SECURITY + ~MEMCG_KMEM " - ERROR_AUFS_FS="CONFIG_AUFS_FS: is required to be set if and only if aufs is patched to kernel instead of using standalone" fi + if kernel_is lt 5; then + CONFIG_CHECK+=" + ~IOSCHED_CFQ ~CFQ_GROUP_IOSCHED + " + fi + + CONFIG_CHECK+=" + ~BLK_CGROUP ~BLK_DEV_THROTTLING + ~CGROUP_PERF + ~CGROUP_HUGETLB + ~NET_CLS_CGROUP ~CGROUP_NET_PRIO + ~CFS_BANDWIDTH ~FAIR_GROUP_SCHED + ~IP_NF_TARGET_REDIRECT + ~IP_VS + ~IP_VS_NFCT + ~IP_VS_PROTO_TCP + ~IP_VS_PROTO_UDP + ~IP_VS_RR + " + + if use selinux; then + CONFIG_CHECK+=" + ~SECURITY_SELINUX + " + fi + + if use apparmor; then + CONFIG_CHECK+=" + ~SECURITY_APPARMOR + " + fi + + # if ! is_set EXT4_USE_FOR_EXT2; then + # check_flags EXT3_FS EXT3_FS_XATTR EXT3_FS_POSIX_ACL EXT3_FS_SECURITY + # if ! is_set EXT3_FS || ! is_set EXT3_FS_XATTR || ! is_set EXT3_FS_POSIX_ACL || ! is_set EXT3_FS_SECURITY; then + # echo " $(wrap_color '(enable these ext3 configs if you are using ext3 as backing filesystem)' bold black)" + # fi + # fi + + CONFIG_CHECK+=" + ~EXT4_FS ~EXT4_FS_POSIX_ACL ~EXT4_FS_SECURITY + " + + # if ! is_set EXT4_FS || ! is_set EXT4_FS_POSIX_ACL || ! is_set EXT4_FS_SECURITY; then + # if is_set EXT4_USE_FOR_EXT2; then + # echo " $(wrap_color 'enable these ext4 configs if you are using ext3 or ext4 as backing filesystem' bold black)" + # else + # echo " $(wrap_color 'enable these ext4 configs if you are using ext4 as backing filesystem' bold black)" + # fi + # fi + + # network drivers + CONFIG_CHECK+=" + ~VXLAN ~BRIDGE_VLAN_FILTERING + ~CRYPTO ~CRYPTO_AEAD ~CRYPTO_GCM ~CRYPTO_SEQIV ~CRYPTO_GHASH + ~XFRM ~XFRM_USER ~XFRM_ALGO ~INET_ESP + " + if kernel_is le 5 3; then + CONFIG_CHECK+=" + ~INET_XFRM_MODE_TRANSPORT + " + fi + + CONFIG_CHECK+=" + ~IPVLAN + " + CONFIG_CHECK+=" + ~MACVLAN ~DUMMY + " + CONFIG_CHECK+=" + ~NF_NAT_FTP ~NF_CONNTRACK_FTP ~NF_NAT_TFTP ~NF_CONNTRACK_TFTP + " + + # storage drivers if use btrfs; then CONFIG_CHECK+=" ~BTRFS_FS @@ -158,10 +231,14 @@ pkg_setup() { if use device-mapper; then CONFIG_CHECK+=" - ~BLK_DEV_DM ~DM_THIN_PROVISIONING ~EXT4_FS ~EXT4_FS_POSIX_ACL ~EXT4_FS_SECURITY + ~BLK_DEV_DM ~DM_THIN_PROVISIONING " fi + CONFIG_CHECK+=" + ~OVERLAY_FS + " + linux-info_pkg_setup } @@ -177,7 +254,7 @@ src_compile() { # let's set up some optional features :) export DOCKER_BUILDTAGS='' - for gd in aufs btrfs device-mapper overlay; do + for gd in btrfs device-mapper overlay; do if ! use $gd; then DOCKER_BUILDTAGS+=" exclude_graphdriver_${gd//-/}" fi @@ -189,15 +266,9 @@ src_compile() { fi done - if use hardened; then - sed -i "s/EXTLDFLAGS_STATIC='/&-fno-PIC /" hack/make.sh || die - grep -q -- '-fno-PIC' hack/make.sh || die 'hardened sed failed' - sed "s/LDFLAGS_STATIC_DOCKER='/&-extldflags -fno-PIC /" \ - -i hack/make/dynbinary-daemon || die - grep -q -- '-fno-PIC' hack/make/dynbinary-daemon || die 'hardened sed failed' - fi + export SYSTEMD=$(usex systemd 1 0) - # build daemon + # build binaries ./hack/make.sh dynbinary || die 'dynbinary failed' } @@ -206,7 +277,8 @@ src_install() { dosym containerd-shim /usr/bin/docker-containerd-shim dosym runc /usr/bin/docker-runc use container-init && dosym tini /usr/bin/docker-init - newbin bundles/dynbinary-daemon/dockerd dockerd + dobin bundles/dynbinary-daemon/dockerd + dobin bundles/dynbinary-daemon/docker-proxy newinitd contrib/init/openrc/docker.initd docker newconfd contrib/init/openrc/docker.confd docker @@ -215,7 +287,7 @@ src_install() { udev_dorules contrib/udev/*.rules - dodoc AUTHORS CONTRIBUTING.md CHANGELOG.md NOTICE README.md + dodoc AUTHORS CONTRIBUTING.md NOTICE README.md dodoc -r docs/* # note: intentionally not using "doins" so that we preserve +x bits @@ -256,25 +328,8 @@ pkg_postinst() { elog " Check https://docs.docker.com/storage/storagedriver/zfs-driver for more info" elog fi +} - if use cli; then - ewarn "Starting with docker 20.10.2, docker has been split into" - ewarn "two packages upstream, so Gentoo has followed suit." - ewarn - ewarn "app-containers/docker contains the daemon and" - ewarn "app-containers/docker-cli contains the docker command." - ewarn - ewarn "docker currently installs docker-cli using the cli use flag." - ewarn - ewarn "This use flag is temporary, so you need to take the" - ewarn "following actions:" - ewarn - ewarn "First, disable the cli use flag for app-containers/docker" - ewarn - ewarn "Then, if you need docker-cli and docker on the same machine," - ewarn "run the following command:" - ewarn - ewarn "# emerge --noreplace docker-cli" - ewarn - fi +pkg_postrm() { + udev_reload } diff --git a/app-containers/docker/docker-25.0.1.ebuild b/app-containers/docker/docker-25.0.1.ebuild new file mode 100644 index 000000000000..92c7e31beb2d --- /dev/null +++ b/app-containers/docker/docker-25.0.1.ebuild @@ -0,0 +1,318 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 +EGO_PN=github.com/docker/docker +MY_PV=${PV/_/-} +inherit linux-info systemd udev golang-vcs-snapshot +GIT_COMMIT=71fa3ab079ec13d17257f86fa92db8d7f24802f1 + +DESCRIPTION="The core functions you need to create Docker images and run Docker containers" +HOMEPAGE="https://www.docker.com/" +SRC_URI="https://github.com/moby/moby/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86" +IUSE="apparmor btrfs +container-init overlay seccomp selinux" + +DEPEND=" + acct-group/docker + >=dev-db/sqlite-3.7.9:3 + apparmor? ( sys-libs/libapparmor ) + btrfs? ( >=sys-fs/btrfs-progs-3.16.1 ) + seccomp? ( >=sys-libs/libseccomp-2.2.1 ) +" + +# https://github.com/moby/moby/blob/master/project/PACKAGERS.md#runtime-dependencies +# https://github.com/moby/moby/blob/master/project/PACKAGERS.md#optional-dependencies +RDEPEND=" + ${DEPEND} + >=net-firewall/iptables-1.4 + sys-process/procps + >=dev-vcs/git-1.7 + >=app-arch/xz-utils-4.9 + dev-libs/libltdl + >=app-containers/containerd-1.7.3[apparmor?,btrfs?,seccomp?] + >=app-containers/runc-1.1.9[apparmor?,seccomp?] + !app-containers/docker-proxy + container-init? ( >=sys-process/tini-0.19.0[static] ) + selinux? ( sec-policy/selinux-docker ) +" + +# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#build-dependencies +BDEPEND=" + >=dev-lang/go-1.16.12 + dev-go/go-md2man + virtual/pkgconfig +" +# tests require running dockerd as root and downloading containers +RESTRICT="installsources strip test" + +S="${WORKDIR}/${P}/src/${EGO_PN}" + +# https://bugs.gentoo.org/748984 https://github.com/etcd-io/etcd/pull/12552 +PATCHES=( + "${FILESDIR}/0001-Openrc-Depend-on-containerd-init-script.patch" +) + +pkg_setup() { + # this is based on "contrib/check-config.sh" from upstream's sources + # required features. + CONFIG_CHECK=" + ~NAMESPACES ~NET_NS ~PID_NS ~IPC_NS ~UTS_NS + ~CGROUPS ~CGROUP_CPUACCT ~CGROUP_DEVICE ~CGROUP_FREEZER ~CGROUP_SCHED ~CPUSETS ~MEMCG + ~KEYS + ~VETH ~BRIDGE ~BRIDGE_NETFILTER + ~IP_NF_FILTER ~IP_NF_TARGET_MASQUERADE + ~NETFILTER_XT_MATCH_ADDRTYPE + ~NETFILTER_XT_MATCH_CONNTRACK + ~NETFILTER_XT_MATCH_IPVS + ~NETFILTER_XT_MARK + ~IP_NF_NAT ~NF_NAT + ~POSIX_MQUEUE + " + WARNING_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE: is required for bind-mounting /dev/mqueue into containers" + + if kernel_is lt 4 8; then + CONFIG_CHECK+=" + ~DEVPTS_MULTIPLE_INSTANCES + " + fi + + if kernel_is le 5 1; then + CONFIG_CHECK+=" + ~NF_NAT_IPV4 + " + fi + + if kernel_is le 5 2; then + CONFIG_CHECK+=" + ~NF_NAT_NEEDED + " + fi + + if kernel_is ge 4 15; then + CONFIG_CHECK+=" + ~CGROUP_BPF + " + fi + + # optional features + CONFIG_CHECK+=" + ~USER_NS + " + + if use seccomp; then + CONFIG_CHECK+=" + ~SECCOMP ~SECCOMP_FILTER + " + fi + + CONFIG_CHECK+=" + ~CGROUP_PIDS + " + + if kernel_is lt 6 1; then + CONFIG_CHECK+=" + ~MEMCG_SWAP + " + fi + + if kernel_is le 5 8; then + CONFIG_CHECK+=" + ~MEMCG_SWAP_ENABLED + " + fi + + CONFIG_CHECK+=" + ~!LEGACY_VSYSCALL_NATIVE + " + if kernel_is lt 5 19; then + CONFIG_CHECK+=" + ~LEGACY_VSYSCALL_EMULATE + " + fi + CONFIG_CHECK+=" + ~!LEGACY_VSYSCALL_NONE + " + WARNING_LEGACY_VSYSCALL_NONE="CONFIG_LEGACY_VSYSCALL_NONE enabled: \ + Containers with <=glibc-2.13 will not work" + + if kernel_is le 4 5; then + CONFIG_CHECK+=" + ~MEMCG_KMEM + " + fi + + if kernel_is lt 5; then + CONFIG_CHECK+=" + ~IOSCHED_CFQ ~CFQ_GROUP_IOSCHED + " + fi + + CONFIG_CHECK+=" + ~BLK_CGROUP ~BLK_DEV_THROTTLING + ~CGROUP_PERF + ~CGROUP_HUGETLB + ~NET_CLS_CGROUP ~CGROUP_NET_PRIO + ~CFS_BANDWIDTH ~FAIR_GROUP_SCHED + ~IP_NF_TARGET_REDIRECT + ~IP_VS + ~IP_VS_NFCT + ~IP_VS_PROTO_TCP + ~IP_VS_PROTO_UDP + ~IP_VS_RR + " + + if use selinux; then + CONFIG_CHECK+=" + ~SECURITY_SELINUX + " + fi + + if use apparmor; then + CONFIG_CHECK+=" + ~SECURITY_APPARMOR + " + fi + + # if ! is_set EXT4_USE_FOR_EXT2; then + # check_flags EXT3_FS EXT3_FS_XATTR EXT3_FS_POSIX_ACL EXT3_FS_SECURITY + # if ! is_set EXT3_FS || ! is_set EXT3_FS_XATTR || ! is_set EXT3_FS_POSIX_ACL || ! is_set EXT3_FS_SECURITY; then + # echo " $(wrap_color '(enable these ext3 configs if you are using ext3 as backing filesystem)' bold black)" + # fi + # fi + + CONFIG_CHECK+=" + ~EXT4_FS ~EXT4_FS_POSIX_ACL ~EXT4_FS_SECURITY + " + + # if ! is_set EXT4_FS || ! is_set EXT4_FS_POSIX_ACL || ! is_set EXT4_FS_SECURITY; then + # if is_set EXT4_USE_FOR_EXT2; then + # echo " $(wrap_color 'enable these ext4 configs if you are using ext3 or ext4 as backing filesystem' bold black)" + # else + # echo " $(wrap_color 'enable these ext4 configs if you are using ext4 as backing filesystem' bold black)" + # fi + # fi + + # network drivers + CONFIG_CHECK+=" + ~VXLAN ~BRIDGE_VLAN_FILTERING + ~CRYPTO ~CRYPTO_AEAD ~CRYPTO_GCM ~CRYPTO_SEQIV ~CRYPTO_GHASH + ~XFRM ~XFRM_USER ~XFRM_ALGO ~INET_ESP + " + if kernel_is le 5 3; then + CONFIG_CHECK+=" + ~INET_XFRM_MODE_TRANSPORT + " + fi + + CONFIG_CHECK+=" + ~IPVLAN + " + CONFIG_CHECK+=" + ~MACVLAN ~DUMMY + " + CONFIG_CHECK+=" + ~NF_NAT_FTP ~NF_CONNTRACK_FTP ~NF_NAT_TFTP ~NF_CONNTRACK_TFTP + " + + # storage drivers + if use btrfs; then + CONFIG_CHECK+=" + ~BTRFS_FS + ~BTRFS_FS_POSIX_ACL + " + fi + + CONFIG_CHECK+=" + ~OVERLAY_FS + " + + linux-info_pkg_setup +} + +src_compile() { + export DOCKER_GITCOMMIT="${GIT_COMMIT}" + export GOPATH="${WORKDIR}/${P}" + export VERSION=${PV} + + # setup CFLAGS and LDFLAGS for separate build target + # see https://github.com/tianon/docker-overlay/pull/10 + export CGO_CFLAGS="-I${ESYSROOT}/usr/include" + export CGO_LDFLAGS="-L${ESYSROOT}/usr/$(get_libdir)" + + # let's set up some optional features :) + export DOCKER_BUILDTAGS='' + for gd in btrfs overlay; do + if ! use $gd; then + DOCKER_BUILDTAGS+=" exclude_graphdriver_${gd//-/}" + fi + done + + for tag in apparmor seccomp; do + if use $tag; then + DOCKER_BUILDTAGS+=" $tag" + fi + done + + # build binaries + ./hack/make.sh dynbinary || die 'dynbinary failed' +} + +src_install() { + dosym containerd /usr/bin/docker-containerd + dosym containerd-shim /usr/bin/docker-containerd-shim + dosym runc /usr/bin/docker-runc + use container-init && dosym tini /usr/bin/docker-init + dobin bundles/dynbinary-daemon/dockerd + dobin bundles/dynbinary-daemon/docker-proxy + + newinitd contrib/init/openrc/docker.initd docker + newconfd contrib/init/openrc/docker.confd docker + + systemd_dounit contrib/init/systemd/docker.{service,socket} + + udev_dorules contrib/udev/*.rules + + dodoc AUTHORS CONTRIBUTING.md NOTICE README.md + dodoc -r docs/* + + # note: intentionally not using "doins" so that we preserve +x bits + dodir /usr/share/${PN}/contrib + cp -R contrib/* "${ED}/usr/share/${PN}/contrib" +} + +pkg_postinst() { + udev_reload + + elog + elog "To use Docker, the Docker daemon must be running as root. To automatically" + elog "start the Docker daemon at boot:" + if systemd_is_booted || has_version sys-apps/systemd; then + elog " systemctl enable docker.service" + else + elog " rc-update add docker default" + fi + elog + elog "To use Docker as a non-root user, add yourself to the 'docker' group:" + elog ' usermod -aG docker <youruser>' + elog + + if use overlay; then + elog " Overlay storage driver/USEflag has been deprecated" + elog " in favor of overlay2 (enabled unconditionally)" + elog + fi + + if has_version sys-fs/zfs; then + elog " ZFS storage driver is available" + elog " Check https://docs.docker.com/storage/storagedriver/zfs-driver for more info" + elog + fi +} + +pkg_postrm() { + udev_reload +} diff --git a/app-containers/docker/docker-25.0.4.ebuild b/app-containers/docker/docker-25.0.4.ebuild new file mode 100644 index 000000000000..739506d1d063 --- /dev/null +++ b/app-containers/docker/docker-25.0.4.ebuild @@ -0,0 +1,318 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 +EGO_PN=github.com/docker/docker +MY_PV=${PV/_/-} +inherit linux-info systemd udev golang-vcs-snapshot +GIT_COMMIT=061aa95809be396a6b5542618d8a34b02a21ff77 + +DESCRIPTION="The core functions you need to create Docker images and run Docker containers" +HOMEPAGE="https://www.docker.com/" +SRC_URI="https://github.com/moby/moby/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86" +IUSE="apparmor btrfs +container-init overlay seccomp selinux" + +DEPEND=" + acct-group/docker + >=dev-db/sqlite-3.7.9:3 + apparmor? ( sys-libs/libapparmor ) + btrfs? ( >=sys-fs/btrfs-progs-3.16.1 ) + seccomp? ( >=sys-libs/libseccomp-2.2.1 ) +" + +# https://github.com/moby/moby/blob/master/project/PACKAGERS.md#runtime-dependencies +# https://github.com/moby/moby/blob/master/project/PACKAGERS.md#optional-dependencies +RDEPEND=" + ${DEPEND} + >=net-firewall/iptables-1.4 + sys-process/procps + >=dev-vcs/git-1.7 + >=app-arch/xz-utils-4.9 + dev-libs/libltdl + >=app-containers/containerd-1.7.12[apparmor?,btrfs?,seccomp?] + >=app-containers/runc-1.1.12[apparmor?,seccomp?] + !app-containers/docker-proxy + container-init? ( >=sys-process/tini-0.19.0[static] ) + selinux? ( sec-policy/selinux-docker ) +" + +# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#build-dependencies +BDEPEND=" + >=dev-lang/go-1.16.12 + dev-go/go-md2man + virtual/pkgconfig +" +# tests require running dockerd as root and downloading containers +RESTRICT="installsources strip test" + +S="${WORKDIR}/${P}/src/${EGO_PN}" + +# https://bugs.gentoo.org/748984 https://github.com/etcd-io/etcd/pull/12552 +PATCHES=( + "${FILESDIR}/0001-Openrc-Depend-on-containerd-init-script.patch" +) + +pkg_setup() { + # this is based on "contrib/check-config.sh" from upstream's sources + # required features. + CONFIG_CHECK=" + ~NAMESPACES ~NET_NS ~PID_NS ~IPC_NS ~UTS_NS + ~CGROUPS ~CGROUP_CPUACCT ~CGROUP_DEVICE ~CGROUP_FREEZER ~CGROUP_SCHED ~CPUSETS ~MEMCG + ~KEYS + ~VETH ~BRIDGE ~BRIDGE_NETFILTER + ~IP_NF_FILTER ~IP_NF_TARGET_MASQUERADE + ~NETFILTER_XT_MATCH_ADDRTYPE + ~NETFILTER_XT_MATCH_CONNTRACK + ~NETFILTER_XT_MATCH_IPVS + ~NETFILTER_XT_MARK + ~IP_NF_NAT ~NF_NAT + ~POSIX_MQUEUE + " + WARNING_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE: is required for bind-mounting /dev/mqueue into containers" + + if kernel_is lt 4 8; then + CONFIG_CHECK+=" + ~DEVPTS_MULTIPLE_INSTANCES + " + fi + + if kernel_is le 5 1; then + CONFIG_CHECK+=" + ~NF_NAT_IPV4 + " + fi + + if kernel_is le 5 2; then + CONFIG_CHECK+=" + ~NF_NAT_NEEDED + " + fi + + if kernel_is ge 4 15; then + CONFIG_CHECK+=" + ~CGROUP_BPF + " + fi + + # optional features + CONFIG_CHECK+=" + ~USER_NS + " + + if use seccomp; then + CONFIG_CHECK+=" + ~SECCOMP ~SECCOMP_FILTER + " + fi + + CONFIG_CHECK+=" + ~CGROUP_PIDS + " + + if kernel_is lt 6 1; then + CONFIG_CHECK+=" + ~MEMCG_SWAP + " + fi + + if kernel_is le 5 8; then + CONFIG_CHECK+=" + ~MEMCG_SWAP_ENABLED + " + fi + + CONFIG_CHECK+=" + ~!LEGACY_VSYSCALL_NATIVE + " + if kernel_is lt 5 19; then + CONFIG_CHECK+=" + ~LEGACY_VSYSCALL_EMULATE + " + fi + CONFIG_CHECK+=" + ~!LEGACY_VSYSCALL_NONE + " + WARNING_LEGACY_VSYSCALL_NONE="CONFIG_LEGACY_VSYSCALL_NONE enabled: \ + Containers with <=glibc-2.13 will not work" + + if kernel_is le 4 5; then + CONFIG_CHECK+=" + ~MEMCG_KMEM + " + fi + + if kernel_is lt 5; then + CONFIG_CHECK+=" + ~IOSCHED_CFQ ~CFQ_GROUP_IOSCHED + " + fi + + CONFIG_CHECK+=" + ~BLK_CGROUP ~BLK_DEV_THROTTLING + ~CGROUP_PERF + ~CGROUP_HUGETLB + ~NET_CLS_CGROUP ~CGROUP_NET_PRIO + ~CFS_BANDWIDTH ~FAIR_GROUP_SCHED + ~IP_NF_TARGET_REDIRECT + ~IP_VS + ~IP_VS_NFCT + ~IP_VS_PROTO_TCP + ~IP_VS_PROTO_UDP + ~IP_VS_RR + " + + if use selinux; then + CONFIG_CHECK+=" + ~SECURITY_SELINUX + " + fi + + if use apparmor; then + CONFIG_CHECK+=" + ~SECURITY_APPARMOR + " + fi + + # if ! is_set EXT4_USE_FOR_EXT2; then + # check_flags EXT3_FS EXT3_FS_XATTR EXT3_FS_POSIX_ACL EXT3_FS_SECURITY + # if ! is_set EXT3_FS || ! is_set EXT3_FS_XATTR || ! is_set EXT3_FS_POSIX_ACL || ! is_set EXT3_FS_SECURITY; then + # echo " $(wrap_color '(enable these ext3 configs if you are using ext3 as backing filesystem)' bold black)" + # fi + # fi + + CONFIG_CHECK+=" + ~EXT4_FS ~EXT4_FS_POSIX_ACL ~EXT4_FS_SECURITY + " + + # if ! is_set EXT4_FS || ! is_set EXT4_FS_POSIX_ACL || ! is_set EXT4_FS_SECURITY; then + # if is_set EXT4_USE_FOR_EXT2; then + # echo " $(wrap_color 'enable these ext4 configs if you are using ext3 or ext4 as backing filesystem' bold black)" + # else + # echo " $(wrap_color 'enable these ext4 configs if you are using ext4 as backing filesystem' bold black)" + # fi + # fi + + # network drivers + CONFIG_CHECK+=" + ~VXLAN ~BRIDGE_VLAN_FILTERING + ~CRYPTO ~CRYPTO_AEAD ~CRYPTO_GCM ~CRYPTO_SEQIV ~CRYPTO_GHASH + ~XFRM ~XFRM_USER ~XFRM_ALGO ~INET_ESP + " + if kernel_is le 5 3; then + CONFIG_CHECK+=" + ~INET_XFRM_MODE_TRANSPORT + " + fi + + CONFIG_CHECK+=" + ~IPVLAN + " + CONFIG_CHECK+=" + ~MACVLAN ~DUMMY + " + CONFIG_CHECK+=" + ~NF_NAT_FTP ~NF_CONNTRACK_FTP ~NF_NAT_TFTP ~NF_CONNTRACK_TFTP + " + + # storage drivers + if use btrfs; then + CONFIG_CHECK+=" + ~BTRFS_FS + ~BTRFS_FS_POSIX_ACL + " + fi + + CONFIG_CHECK+=" + ~OVERLAY_FS + " + + linux-info_pkg_setup +} + +src_compile() { + export DOCKER_GITCOMMIT="${GIT_COMMIT}" + export GOPATH="${WORKDIR}/${P}" + export VERSION=${PV} + + # setup CFLAGS and LDFLAGS for separate build target + # see https://github.com/tianon/docker-overlay/pull/10 + export CGO_CFLAGS="-I${ESYSROOT}/usr/include" + export CGO_LDFLAGS="-L${ESYSROOT}/usr/$(get_libdir)" + + # let's set up some optional features :) + export DOCKER_BUILDTAGS='' + for gd in btrfs overlay; do + if ! use $gd; then + DOCKER_BUILDTAGS+=" exclude_graphdriver_${gd//-/}" + fi + done + + for tag in apparmor seccomp; do + if use $tag; then + DOCKER_BUILDTAGS+=" $tag" + fi + done + + # build binaries + ./hack/make.sh dynbinary || die 'dynbinary failed' +} + +src_install() { + dosym containerd /usr/bin/docker-containerd + dosym containerd-shim /usr/bin/docker-containerd-shim + dosym runc /usr/bin/docker-runc + use container-init && dosym tini /usr/bin/docker-init + dobin bundles/dynbinary-daemon/dockerd + dobin bundles/dynbinary-daemon/docker-proxy + + newinitd contrib/init/openrc/docker.initd docker + newconfd contrib/init/openrc/docker.confd docker + + systemd_dounit contrib/init/systemd/docker.{service,socket} + + udev_dorules contrib/udev/*.rules + + dodoc AUTHORS CONTRIBUTING.md NOTICE README.md + dodoc -r docs/* + + # note: intentionally not using "doins" so that we preserve +x bits + dodir /usr/share/${PN}/contrib + cp -R contrib/* "${ED}/usr/share/${PN}/contrib" +} + +pkg_postinst() { + udev_reload + + elog + elog "To use Docker, the Docker daemon must be running as root. To automatically" + elog "start the Docker daemon at boot:" + if systemd_is_booted || has_version sys-apps/systemd; then + elog " systemctl enable docker.service" + else + elog " rc-update add docker default" + fi + elog + elog "To use Docker as a non-root user, add yourself to the 'docker' group:" + elog ' usermod -aG docker <youruser>' + elog + + if use overlay; then + elog " Overlay storage driver/USEflag has been deprecated" + elog " in favor of overlay2 (enabled unconditionally)" + elog + fi + + if has_version sys-fs/zfs; then + elog " ZFS storage driver is available" + elog " Check https://docs.docker.com/storage/storagedriver/zfs-driver for more info" + elog + fi +} + +pkg_postrm() { + udev_reload +} diff --git a/app-containers/docker/docker-26.1.0-r1.ebuild b/app-containers/docker/docker-26.1.0-r1.ebuild new file mode 100644 index 000000000000..9a1e51a65f67 --- /dev/null +++ b/app-containers/docker/docker-26.1.0-r1.ebuild @@ -0,0 +1,322 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 +EGO_PN=github.com/docker/docker +MY_PV=${PV/_/-} +inherit golang-vcs-snapshot linux-info systemd udev +GIT_COMMIT=061aa95809be396a6b5542618d8a34b02a21ff77 + +DESCRIPTION="The core functions you need to create Docker images and run Docker containers" +HOMEPAGE="https://www.docker.com/" +SRC_URI="https://github.com/moby/moby/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86" +IUSE="apparmor btrfs +container-init overlay seccomp selinux systemd" + +DEPEND=" + acct-group/docker + >=dev-db/sqlite-3.7.9:3 + apparmor? ( sys-libs/libapparmor ) + btrfs? ( >=sys-fs/btrfs-progs-3.16.1 ) + seccomp? ( >=sys-libs/libseccomp-2.2.1 ) + systemd? ( sys-apps/systemd ) +" + +# https://github.com/moby/moby/blob/master/project/PACKAGERS.md#runtime-dependencies +# https://github.com/moby/moby/blob/master/project/PACKAGERS.md#optional-dependencies +RDEPEND=" + ${DEPEND} + >=net-firewall/iptables-1.4 + sys-process/procps + >=dev-vcs/git-1.7 + >=app-arch/xz-utils-4.9 + >=app-containers/containerd-1.7.15[apparmor?,btrfs?,seccomp?] + >=app-containers/runc-1.1.12[apparmor?,seccomp?] + !app-containers/docker-proxy + container-init? ( >=sys-process/tini-0.19.0[static] ) + selinux? ( sec-policy/selinux-docker ) +" + +# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#build-dependencies +BDEPEND=" + >=dev-lang/go-1.16.12 + dev-go/go-md2man + virtual/pkgconfig +" +# tests require running dockerd as root and downloading containers +RESTRICT="installsources strip test" + +S="${WORKDIR}/${P}/src/${EGO_PN}" + +# https://bugs.gentoo.org/748984 https://github.com/etcd-io/etcd/pull/12552 +PATCHES=( + "${FILESDIR}/0001-Openrc-Depend-on-containerd-init-script.patch" + "${FILESDIR}/docker-26.1.0-automagic-systemd.patch" +) + +pkg_setup() { + # this is based on "contrib/check-config.sh" from upstream's sources + # required features. + CONFIG_CHECK=" + ~NAMESPACES ~NET_NS ~PID_NS ~IPC_NS ~UTS_NS + ~CGROUPS ~CGROUP_CPUACCT ~CGROUP_DEVICE ~CGROUP_FREEZER ~CGROUP_SCHED ~CPUSETS ~MEMCG + ~KEYS + ~VETH ~BRIDGE ~BRIDGE_NETFILTER + ~IP_NF_FILTER ~IP_NF_TARGET_MASQUERADE + ~NETFILTER_XT_MATCH_ADDRTYPE + ~NETFILTER_XT_MATCH_CONNTRACK + ~NETFILTER_XT_MATCH_IPVS + ~NETFILTER_XT_MARK + ~IP_NF_NAT ~NF_NAT + ~POSIX_MQUEUE + " + WARNING_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE: is required for bind-mounting /dev/mqueue into containers" + + if kernel_is lt 4 8; then + CONFIG_CHECK+=" + ~DEVPTS_MULTIPLE_INSTANCES + " + fi + + if kernel_is le 5 1; then + CONFIG_CHECK+=" + ~NF_NAT_IPV4 + " + fi + + if kernel_is le 5 2; then + CONFIG_CHECK+=" + ~NF_NAT_NEEDED + " + fi + + if kernel_is ge 4 15; then + CONFIG_CHECK+=" + ~CGROUP_BPF + " + fi + + # optional features + CONFIG_CHECK+=" + ~USER_NS + " + + if use seccomp; then + CONFIG_CHECK+=" + ~SECCOMP ~SECCOMP_FILTER + " + fi + + CONFIG_CHECK+=" + ~CGROUP_PIDS + " + + if kernel_is lt 6 1; then + CONFIG_CHECK+=" + ~MEMCG_SWAP + " + fi + + if kernel_is le 5 8; then + CONFIG_CHECK+=" + ~MEMCG_SWAP_ENABLED + " + fi + + CONFIG_CHECK+=" + ~!LEGACY_VSYSCALL_NATIVE + " + if kernel_is lt 5 19; then + CONFIG_CHECK+=" + ~LEGACY_VSYSCALL_EMULATE + " + fi + CONFIG_CHECK+=" + ~!LEGACY_VSYSCALL_NONE + " + WARNING_LEGACY_VSYSCALL_NONE="CONFIG_LEGACY_VSYSCALL_NONE enabled: \ + Containers with <=glibc-2.13 will not work" + + if kernel_is le 4 5; then + CONFIG_CHECK+=" + ~MEMCG_KMEM + " + fi + + if kernel_is lt 5; then + CONFIG_CHECK+=" + ~IOSCHED_CFQ ~CFQ_GROUP_IOSCHED + " + fi + + CONFIG_CHECK+=" + ~BLK_CGROUP ~BLK_DEV_THROTTLING + ~CGROUP_PERF + ~CGROUP_HUGETLB + ~NET_CLS_CGROUP ~CGROUP_NET_PRIO + ~CFS_BANDWIDTH ~FAIR_GROUP_SCHED + ~IP_NF_TARGET_REDIRECT + ~IP_VS + ~IP_VS_NFCT + ~IP_VS_PROTO_TCP + ~IP_VS_PROTO_UDP + ~IP_VS_RR + " + + if use selinux; then + CONFIG_CHECK+=" + ~SECURITY_SELINUX + " + fi + + if use apparmor; then + CONFIG_CHECK+=" + ~SECURITY_APPARMOR + " + fi + + # if ! is_set EXT4_USE_FOR_EXT2; then + # check_flags EXT3_FS EXT3_FS_XATTR EXT3_FS_POSIX_ACL EXT3_FS_SECURITY + # if ! is_set EXT3_FS || ! is_set EXT3_FS_XATTR || ! is_set EXT3_FS_POSIX_ACL || ! is_set EXT3_FS_SECURITY; then + # echo " $(wrap_color '(enable these ext3 configs if you are using ext3 as backing filesystem)' bold black)" + # fi + # fi + + CONFIG_CHECK+=" + ~EXT4_FS ~EXT4_FS_POSIX_ACL ~EXT4_FS_SECURITY + " + + # if ! is_set EXT4_FS || ! is_set EXT4_FS_POSIX_ACL || ! is_set EXT4_FS_SECURITY; then + # if is_set EXT4_USE_FOR_EXT2; then + # echo " $(wrap_color 'enable these ext4 configs if you are using ext3 or ext4 as backing filesystem' bold black)" + # else + # echo " $(wrap_color 'enable these ext4 configs if you are using ext4 as backing filesystem' bold black)" + # fi + # fi + + # network drivers + CONFIG_CHECK+=" + ~VXLAN ~BRIDGE_VLAN_FILTERING + ~CRYPTO ~CRYPTO_AEAD ~CRYPTO_GCM ~CRYPTO_SEQIV ~CRYPTO_GHASH + ~XFRM ~XFRM_USER ~XFRM_ALGO ~INET_ESP + " + if kernel_is le 5 3; then + CONFIG_CHECK+=" + ~INET_XFRM_MODE_TRANSPORT + " + fi + + CONFIG_CHECK+=" + ~IPVLAN + " + CONFIG_CHECK+=" + ~MACVLAN ~DUMMY + " + CONFIG_CHECK+=" + ~NF_NAT_FTP ~NF_CONNTRACK_FTP ~NF_NAT_TFTP ~NF_CONNTRACK_TFTP + " + + # storage drivers + if use btrfs; then + CONFIG_CHECK+=" + ~BTRFS_FS + ~BTRFS_FS_POSIX_ACL + " + fi + + CONFIG_CHECK+=" + ~OVERLAY_FS + " + + linux-info_pkg_setup +} + +src_compile() { + export DOCKER_GITCOMMIT="${GIT_COMMIT}" + export GOPATH="${WORKDIR}/${P}" + export VERSION=${PV} + tc-export PKG_CONFIG + + # setup CFLAGS and LDFLAGS for separate build target + # see https://github.com/tianon/docker-overlay/pull/10 + export CGO_CFLAGS="-I${ESYSROOT}/usr/include" + export CGO_LDFLAGS="-L${ESYSROOT}/usr/$(get_libdir)" + + # let's set up some optional features :) + export DOCKER_BUILDTAGS='' + for gd in btrfs overlay; do + if ! use $gd; then + DOCKER_BUILDTAGS+=" exclude_graphdriver_${gd//-/}" + fi + done + + for tag in apparmor seccomp; do + if use $tag; then + DOCKER_BUILDTAGS+=" $tag" + fi + done + + export SYSTEMD=$(usex systemd 1 0) + + # build binaries + ./hack/make.sh dynbinary || die 'dynbinary failed' +} + +src_install() { + dosym containerd /usr/bin/docker-containerd + dosym containerd-shim /usr/bin/docker-containerd-shim + dosym runc /usr/bin/docker-runc + use container-init && dosym tini /usr/bin/docker-init + dobin bundles/dynbinary-daemon/dockerd + dobin bundles/dynbinary-daemon/docker-proxy + + newinitd contrib/init/openrc/docker.initd docker + newconfd contrib/init/openrc/docker.confd docker + + systemd_dounit contrib/init/systemd/docker.{service,socket} + + udev_dorules contrib/udev/*.rules + + dodoc AUTHORS CONTRIBUTING.md NOTICE README.md + dodoc -r docs/* + + # note: intentionally not using "doins" so that we preserve +x bits + dodir /usr/share/${PN}/contrib + cp -R contrib/* "${ED}/usr/share/${PN}/contrib" +} + +pkg_postinst() { + udev_reload + + elog + elog "To use Docker, the Docker daemon must be running as root. To automatically" + elog "start the Docker daemon at boot:" + if systemd_is_booted || has_version sys-apps/systemd; then + elog " systemctl enable docker.service" + else + elog " rc-update add docker default" + fi + elog + elog "To use Docker as a non-root user, add yourself to the 'docker' group:" + elog ' usermod -aG docker <youruser>' + elog + + if use overlay; then + elog " Overlay storage driver/USEflag has been deprecated" + elog " in favor of overlay2 (enabled unconditionally)" + elog + fi + + if has_version sys-fs/zfs; then + elog " ZFS storage driver is available" + elog " Check https://docs.docker.com/storage/storagedriver/zfs-driver for more info" + elog + fi +} + +pkg_postrm() { + udev_reload +} diff --git a/app-containers/docker/files/0001-Openrc-Depend-on-containerd-init-script.patch b/app-containers/docker/files/0001-Openrc-Depend-on-containerd-init-script.patch new file mode 100644 index 000000000000..22aa145f33b8 --- /dev/null +++ b/app-containers/docker/files/0001-Openrc-Depend-on-containerd-init-script.patch @@ -0,0 +1,28 @@ +From bb69104381805014eb7675682d204fe460a52388 Mon Sep 17 00:00:00 2001 +From: Jan Breig <git@pygos.space> +Date: Mon, 16 May 2022 14:58:36 +0200 +Subject: [PATCH] Openrc: Depend on containerd init script + +Signed-off-by: Jan Breig <git@pygos.space> +--- + contrib/init/openrc/docker.initd | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/contrib/init/openrc/docker.initd b/contrib/init/openrc/docker.initd +index 3229223bad..57defb8f57 100644 +--- a/contrib/init/openrc/docker.initd ++++ b/contrib/init/openrc/docker.initd +@@ -17,6 +17,10 @@ rc_ulimit="${DOCKER_ULIMIT:--c unlimited -n 1048576 -u unlimited}" + + retry="${DOCKER_RETRY:-TERM/60/KILL/10}" + ++depend() { ++ need containerd ++} ++ + start_pre() { + checkpath -f -m 0644 -o root:docker "$DOCKER_LOGFILE" + } +-- +2.35.1 + diff --git a/app-containers/docker/files/docker-24.0.5-automagic-systemd.patch b/app-containers/docker/files/docker-24.0.5-automagic-systemd.patch new file mode 100644 index 000000000000..fb764b3b1a99 --- /dev/null +++ b/app-containers/docker/files/docker-24.0.5-automagic-systemd.patch @@ -0,0 +1,13 @@ +https://bugs.gentoo.org/914076 +https://github.com/moby/moby/issues/47770 +--- a/hack/make.sh ++++ b/hack/make.sh +@@ -90,7 +90,7 @@ add_buildtag() { + [[ " $DOCKER_BUILDTAGS" == *" $1_"* ]] || DOCKER_BUILDTAGS+=" $1_$2" + } + +-if ${PKG_CONFIG} 'libsystemd' 2> /dev/null; then ++if [[ -n "$SYSTEMD" ]] && [[ "$SYSTEMD" == 1 ]] && ${PKG_CONFIG} 'libsystemd' 2> /dev/null; then + DOCKER_BUILDTAGS+=" journald" + fi + diff --git a/app-containers/docker/files/docker-26.1.0-automagic-systemd.patch b/app-containers/docker/files/docker-26.1.0-automagic-systemd.patch new file mode 100644 index 000000000000..004dbb9ad3c7 --- /dev/null +++ b/app-containers/docker/files/docker-26.1.0-automagic-systemd.patch @@ -0,0 +1,13 @@ +https://bugs.gentoo.org/914076 +https://github.com/moby/moby/issues/47770 +--- a/hack/make.sh ++++ b/hack/make.sh +@@ -83,7 +83,7 @@ if [ ! "$GOPATH" ]; then + exit 1 + fi + +-if ${PKG_CONFIG} 'libsystemd' 2> /dev/null; then ++if [[ -n "$SYSTEMD" ]] && [[ "$SYSTEMD" == 1 ]] && ${PKG_CONFIG} 'libsystemd' 2> /dev/null; then + DOCKER_BUILDTAGS+=" journald" + fi + diff --git a/app-containers/docker/files/etcd-F_OFD_GETLK-fix.patch b/app-containers/docker/files/etcd-F_OFD_GETLK-fix.patch deleted file mode 100644 index bd574e26f040..000000000000 --- a/app-containers/docker/files/etcd-F_OFD_GETLK-fix.patch +++ /dev/null @@ -1,28 +0,0 @@ -From ec81adb21605acd56b122bc35c53644b13d3ab7e Mon Sep 17 00:00:00 2001 -From: Moritz Both <mb@aldebaran.de> -Date: Sun, 1 Nov 2020 23:20:12 +0100 -Subject: [PATCH] pkg/fileutil: fix constant for linux locking - -The constant F_OFD_GETLK is 36, not 37, according to -/usr/include/bits/fcntl-linux.h -Credits go to joakim-tjernlund who digged deep enough -to find this. - -Fixes #31182 ---- - pkg/fileutil/lock_linux.go | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/pkg/fileutil/lock_linux.go b/pkg/fileutil/lock_linux.go -index 939fea62381..004d35fa23b 100644 ---- a/vendor/github.com/coreos/etcd/pkg/fileutil/lock_linux.go -+++ b/vendor/github.com/coreos/etcd/pkg/fileutil/lock_linux.go -@@ -29,7 +29,7 @@ import ( - // - // constants from /usr/include/bits/fcntl-linux.h - const ( -- F_OFD_GETLK = 37 -+ F_OFD_GETLK = 36 - F_OFD_SETLK = 37 - F_OFD_SETLKW = 38 - ) diff --git a/app-containers/docker/files/ppc64-buildmode.patch b/app-containers/docker/files/ppc64-buildmode.patch deleted file mode 100644 index f16756e85041..000000000000 --- a/app-containers/docker/files/ppc64-buildmode.patch +++ /dev/null @@ -1,30 +0,0 @@ -From c4135e37e54a6480abfe18746f227f05cb9269ab Mon Sep 17 00:00:00 2001 -From: Georgy Yakovlev <gyakovlev@gentoo.org> -Date: Thu, 10 Jun 2021 16:19:22 -0700 -Subject: [PATCH] don't use buildmode=pie on ppc64 - -It's already omitted for ppc64 in -hack/dockerfile/install/install.sh -not using wildcard, because GOARCH=ppc64le supports pie - -Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org> ---- - hack/make/.binary | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hack/make/.binary b/hack/make/.binary -index 5ea3e373f2..7a911de15a 100644 ---- a/hack/make/.binary -+++ b/hack/make/.binary -@@ -70,7 +70,7 @@ hash_files() { - - # -buildmode=pie is not supported on Windows and Linux on mips and riscv64. - case "$(go env GOOS)/$(go env GOARCH)" in -- windows/* | linux/mips* | linux/riscv*) ;; -+ windows/* | linux/mips* | linux/riscv* | linux/ppc64) ;; - - *) - BUILDFLAGS+=("-buildmode=pie") --- -2.32.0 - diff --git a/app-containers/docker/metadata.xml b/app-containers/docker/metadata.xml index e58aa2015b46..5c680bb1005b 100644 --- a/app-containers/docker/metadata.xml +++ b/app-containers/docker/metadata.xml @@ -12,28 +12,11 @@ <email>williamh@gentoo.org</email> <name>William Hubbs</name> </maintainer> - <maintainer type="person"> - <email>gyakovlev@gentoo.org</email> - <name>Georgy Yakovlev</name> - </maintainer> <use> - <flag name="aufs"> - Enables dependencies for the "aufs" graph driver, including - necessary kernel flags. - </flag> - <flag name="apparmor"> - Enable AppArmor support. - </flag> <flag name="btrfs"> Enables dependencies for the "btrfs" graph driver, including necessary kernel flags. </flag> - <flag name="cli"> - This is a temporary use flag which pulls in - app-containers/docker-cli, the docker command line client. - This flag is here to assist in the transition to split packages - and will be removed in a future release. - </flag> <flag name="container-init"> Makes the a staticly-linked init system tini available inside a container. @@ -49,5 +32,6 @@ </use> <upstream> <remote-id type="github">moby/moby</remote-id> + <remote-id type="cpe">cpe:/a:docker:docker</remote-id> </upstream> </pkgmetadata> |