2 files changed, 5 insertions, 119 deletions
diff --git a/recipes-containers/docker/docker-moby_git.bb b/recipes-containers/docker/docker-moby_git.bb
index 79105795..cebac2b2 100644
--- a/recipes-containers/docker/docker-moby_git.bb
+++ b/recipes-containers/docker/docker-moby_git.bb
@@ -44,19 +44,18 @@ DESCRIPTION = "Linux container runtime \
 # so we get that tag, and make it our SRCREVS:
 #
-SRCREV_moby = "cb3fd005d470e80eb9076e9d09c04d6784d64d91"
+SRCREV_moby = "821e4ec4c7b13c28dbb1424f024980aed4535384"
 SRCREV_libnetwork = "3f0048413d95802b9c6c836eba06bfc54f9dbd03"
-SRCREV_cli = "44a7d9537f7cf45296015a1e820c7ada55d5587d"
+SRCREV_cli = "98fdcd769bcd137f7538f898b37348f919536ea4"
 SRCREV_FORMAT = "moby_libnetwork"
 SRC_URI = "\
-        git://github.com/moby/moby.git;branch=23.0;name=moby;protocol=https \
+        git://github.com/moby/moby.git;branch=24.0;name=moby;protocol=https \
        git://github.com/docker/libnetwork.git;branch=master;name=libnetwork;destsuffix=git/libnetwork;protocol=https \
-        git://github.com/docker/cli;branch=23.0;name=cli;destsuffix=git/cli;protocol=https \
+        git://github.com/docker/cli;branch=24.0;name=cli;destsuffix=git/cli;protocol=https \
        file://docker.init \
        file://0001-libnetwork-use-GO-instead-of-go.patch \
        file://0001-cli-use-external-GO111MODULE-and-cross-compiler.patch \
        file://0001-dynbinary-use-go-cross-compiler.patch;patchdir=src/import \
-        file://0001-Allow-for-xattr-copy-failure-for-vfs.patch;patchdir=src/import \
        "
 DOCKER_COMMIT = "${SRCREV_moby}"
@@ -67,7 +66,7 @@ require docker.inc
 LICENSE = "Apache-2.0"
 LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=4859e97a9c7780e77972d989f0823f28"
-DOCKER_VERSION = "23.0.6"
+DOCKER_VERSION = "24.0.0"
 PV = "${DOCKER_VERSION}+git${SRCREV_moby}"
 CVE_PRODUCT = "docker mobyproject:moby"
diff --git a/recipes-containers/docker/files/0001-Allow-for-xattr-copy-failure-for-vfs.patch b/recipes-containers/docker/files/0001-Allow-for-xattr-copy-failure-for-vfs.patch
deleted file mode 100644
index b657cafd..00000000
--- a/recipes-containers/docker/files/0001-Allow-for-xattr-copy-failure-for-vfs.patch
+++ /dev/null
@@ -1,113 +0,0 @@
-From f0dbd4eaf1416074bc8845063f4b6fb285bf75bd Mon Sep 17 00:00:00 2001
-From: Chen Qi <Qi.Chen@windriver.com>
-Date: Thu, 27 Apr 2023 00:42:19 -0700
-Subject: [PATCH] Allow for xattr copy failure for vfs
-vfs is declared to work with any filesystem, but after
-https://github.com/moby/moby/commit/31f654a704f61768828d5950a13f30bb493d1239
-it's no longer working with NFS.
-As the extended attribute support depends on filesystem and
-if we do copy it in vfs and do not allow failure, that would
-essentially mean that vfs does NOT support all filesystems but
-only those that support xattr.
-So we should just try to copy security.capabilities and allow
-for failure. In this way, vfs come back to the state of
-being able to run on any filesystem as declared in
-https://docs.docker.com/storage/storagedriver/select-storage-driver/.
-Fixes https://github.com/moby/moby/issues/45417
-Upstream-Status: Submitted [https://github.com/moby/moby/pull/45420]
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
- daemon/graphdriver/copy/copy.go       | 6 ++++--
- daemon/graphdriver/copy/copy_test.go  | 4 ++--
- daemon/graphdriver/overlay/overlay.go | 4 ++--
- daemon/graphdriver/vfs/copy_linux.go  | 2 +-
- 4 files changed, 9 insertions(+), 7 deletions(-)
-diff --git a/daemon/graphdriver/copy/copy.go b/daemon/graphdriver/copy/copy.go
-index 0fb8a1a9d9..f6a5b74af5 100644
--- a/daemon/graphdriver/copy/copy.go
-+++ b/daemon/graphdriver/copy/copy.go
-@@ -116,7 +116,7 @@ type dirMtimeInfo struct {
- //
- // The copyOpaqueXattrs controls if "trusted.overlay.opaque" xattrs are copied.
- // Passing false disables copying "trusted.overlay.opaque" xattrs.
-func DirCopy(srcDir, dstDir string, copyMode Mode, copyOpaqueXattrs bool) error {
-+func DirCopy(srcDir, dstDir string, copyMode Mode, copyOpaqueXattrs bool, allowXattrFailure bool) error {
-        copyWithFileRange := true
-        copyWithFileClone := true
- 
-@@ -210,7 +210,9 @@ func DirCopy(srcDir, dstDir string, copyMode Mode, copyOpaqueXattrs bool) error
-                }
- 
-                if err := copyXattr(srcPath, dstPath, "security.capability"); err != nil {
-                       return err
-+                       if !allowXattrFailure {
-+                               return err
-+                       }
-                }
- 
-                if copyOpaqueXattrs {
-diff --git a/daemon/graphdriver/copy/copy_test.go b/daemon/graphdriver/copy/copy_test.go
-index 8dcd8d9d56..340c715f5f 100644
--- a/daemon/graphdriver/copy/copy_test.go
-+++ b/daemon/graphdriver/copy/copy_test.go
-@@ -40,7 +40,7 @@ func TestCopyDir(t *testing.T) {
-        assert.NilError(t, err)
-        defer os.RemoveAll(dstDir)
- 
-       assert.Check(t, DirCopy(srcDir, dstDir, Content, false))
-+       assert.Check(t, DirCopy(srcDir, dstDir, Content, false, true))
-        assert.NilError(t, filepath.Walk(srcDir, func(srcPath string, f os.FileInfo, err error) error {
-                if err != nil {
-                        return err
-@@ -146,7 +146,7 @@ func TestCopyHardlink(t *testing.T) {
-        assert.NilError(t, os.WriteFile(srcFile1, []byte{}, 0777))
-        assert.NilError(t, os.Link(srcFile1, srcFile2))
- 
-       assert.Check(t, DirCopy(srcDir, dstDir, Content, false))
-+       assert.Check(t, DirCopy(srcDir, dstDir, Content, false, true))
- 
-        assert.NilError(t, unix.Stat(srcFile1, &srcFile1FileInfo))
-        assert.NilError(t, unix.Stat(srcFile2, &srcFile2FileInfo))
-diff --git a/daemon/graphdriver/overlay/overlay.go b/daemon/graphdriver/overlay/overlay.go
-index 2ed53d82e9..909478963e 100644
--- a/daemon/graphdriver/overlay/overlay.go
-+++ b/daemon/graphdriver/overlay/overlay.go
-@@ -320,7 +320,7 @@ func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) (retErr
-                return err
-        }
- 
-       return copy.DirCopy(parentUpperDir, upperDir, copy.Content, true)
-+       return copy.DirCopy(parentUpperDir, upperDir, copy.Content, true, false)
- }
- 
- func (d *Driver) dir(id string) string {
-@@ -460,7 +460,7 @@ func (d *Driver) ApplyDiff(id string, parent string, diff io.Reader) (size int64
-                }
-        }()
- 
-       if err = copy.DirCopy(parentRootDir, tmpRootDir, copy.Hardlink, true); err != nil {
-+       if err = copy.DirCopy(parentRootDir, tmpRootDir, copy.Hardlink, true, false); err != nil {
-                return 0, err
-        }
- 
-diff --git a/daemon/graphdriver/vfs/copy_linux.go b/daemon/graphdriver/vfs/copy_linux.go
-index 7276b3837f..592825c1a5 100644
--- a/daemon/graphdriver/vfs/copy_linux.go
-+++ b/daemon/graphdriver/vfs/copy_linux.go
-@@ -3,5 +3,5 @@ package vfs // import "github.com/docker/docker/daemon/graphdriver/vfs"
- import "github.com/docker/docker/daemon/graphdriver/copy"
- 
- func dirCopy(srcDir, dstDir string) error {
-       return copy.DirCopy(srcDir, dstDir, copy.Content, false)
-+       return copy.DirCopy(srcDir, dstDir, copy.Content, false, true)
- }
-- 
-2.40.0

diff --git a/recipes-containers/docker/docker-moby_git.bb b/recipes-containers/docker/docker-moby_git.bb index 79105795..cebac2b2 100644 --- a/recipes-containers/docker/docker-moby_git.bb +++ b/recipes-containers/docker/docker-moby_git.bb
@@ -44,19 +44,18 @@ DESCRIPTION = "Linux container runtime \
44	# so we get that tag, and make it our SRCREVS:	44	# so we get that tag, and make it our SRCREVS:
45	#	45	#
46		46
47	SRCREV_moby = "cb3fd005d470e80eb9076e9d09c04d6784d64d91"	47	SRCREV_moby = "821e4ec4c7b13c28dbb1424f024980aed4535384"
48	SRCREV_libnetwork = "3f0048413d95802b9c6c836eba06bfc54f9dbd03"	48	SRCREV_libnetwork = "3f0048413d95802b9c6c836eba06bfc54f9dbd03"
49	SRCREV_cli = "44a7d9537f7cf45296015a1e820c7ada55d5587d"	49	SRCREV_cli = "98fdcd769bcd137f7538f898b37348f919536ea4"
50	SRCREV_FORMAT = "moby_libnetwork"	50	SRCREV_FORMAT = "moby_libnetwork"
51	SRC_URI = "\	51	SRC_URI = "\
52	git://github.com/moby/moby.git;branch=23.0;name=moby;protocol=https \	52	git://github.com/moby/moby.git;branch=24.0;name=moby;protocol=https \
53	git://github.com/docker/libnetwork.git;branch=master;name=libnetwork;destsuffix=git/libnetwork;protocol=https \	53	git://github.com/docker/libnetwork.git;branch=master;name=libnetwork;destsuffix=git/libnetwork;protocol=https \
54	git://github.com/docker/cli;branch=23.0;name=cli;destsuffix=git/cli;protocol=https \	54	git://github.com/docker/cli;branch=24.0;name=cli;destsuffix=git/cli;protocol=https \
55	file://docker.init \	55	file://docker.init \
56	file://0001-libnetwork-use-GO-instead-of-go.patch \	56	file://0001-libnetwork-use-GO-instead-of-go.patch \
57	file://0001-cli-use-external-GO111MODULE-and-cross-compiler.patch \	57	file://0001-cli-use-external-GO111MODULE-and-cross-compiler.patch \
58	file://0001-dynbinary-use-go-cross-compiler.patch;patchdir=src/import \	58	file://0001-dynbinary-use-go-cross-compiler.patch;patchdir=src/import \
59	file://0001-Allow-for-xattr-copy-failure-for-vfs.patch;patchdir=src/import \
60	"	59	"
61		60
62	DOCKER_COMMIT = "${SRCREV_moby}"	61	DOCKER_COMMIT = "${SRCREV_moby}"
@@ -67,7 +66,7 @@ require docker.inc
67	LICENSE = "Apache-2.0"	66	LICENSE = "Apache-2.0"
68	LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=4859e97a9c7780e77972d989f0823f28"	67	LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=4859e97a9c7780e77972d989f0823f28"
69		68
70	DOCKER_VERSION = "23.0.6"	69	DOCKER_VERSION = "24.0.0"
71	PV = "${DOCKER_VERSION}+git${SRCREV_moby}"	70	PV = "${DOCKER_VERSION}+git${SRCREV_moby}"
72		71
73	CVE_PRODUCT = "docker mobyproject:moby"	72	CVE_PRODUCT = "docker mobyproject:moby"


diff --git a/recipes-containers/docker/files/0001-Allow-for-xattr-copy-failure-for-vfs.patch b/recipes-containers/docker/files/0001-Allow-for-xattr-copy-failure-for-vfs.patch deleted file mode 100644 index b657cafd..00000000 --- a/recipes-containers/docker/files/0001-Allow-for-xattr-copy-failure-for-vfs.patch +++ /dev/null
@@ -1,113 +0,0 @@
1	From f0dbd4eaf1416074bc8845063f4b6fb285bf75bd Mon Sep 17 00:00:00 2001
2	From: Chen Qi <Qi.Chen@windriver.com>
3	Date: Thu, 27 Apr 2023 00:42:19 -0700
4	Subject: [PATCH] Allow for xattr copy failure for vfs
5
6	vfs is declared to work with any filesystem, but after
7	https://github.com/moby/moby/commit/31f654a704f61768828d5950a13f30bb493d1239
8	it's no longer working with NFS.
9
10	As the extended attribute support depends on filesystem and
11	if we do copy it in vfs and do not allow failure, that would
12	essentially mean that vfs does NOT support all filesystems but
13	only those that support xattr.
14
15	So we should just try to copy security.capabilities and allow
16	for failure. In this way, vfs come back to the state of
17	being able to run on any filesystem as declared in
18	https://docs.docker.com/storage/storagedriver/select-storage-driver/.
19
20	Fixes https://github.com/moby/moby/issues/45417
21
22	Upstream-Status: Submitted [https://github.com/moby/moby/pull/45420]
23
24	Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
25	---
26	daemon/graphdriver/copy/copy.go \| 6 ++++--
27	daemon/graphdriver/copy/copy_test.go \| 4 ++--
28	daemon/graphdriver/overlay/overlay.go \| 4 ++--
29	daemon/graphdriver/vfs/copy_linux.go \| 2 +-
30	4 files changed, 9 insertions(+), 7 deletions(-)
31
32	diff --git a/daemon/graphdriver/copy/copy.go b/daemon/graphdriver/copy/copy.go
33	index 0fb8a1a9d9..f6a5b74af5 100644
34	--- a/daemon/graphdriver/copy/copy.go
35	+++ b/daemon/graphdriver/copy/copy.go
36	@@ -116,7 +116,7 @@ type dirMtimeInfo struct {
37	//
38	// The copyOpaqueXattrs controls if "trusted.overlay.opaque" xattrs are copied.
39	// Passing false disables copying "trusted.overlay.opaque" xattrs.
40	-func DirCopy(srcDir, dstDir string, copyMode Mode, copyOpaqueXattrs bool) error {
41	+func DirCopy(srcDir, dstDir string, copyMode Mode, copyOpaqueXattrs bool, allowXattrFailure bool) error {
42	copyWithFileRange := true
43	copyWithFileClone := true
44
45	@@ -210,7 +210,9 @@ func DirCopy(srcDir, dstDir string, copyMode Mode, copyOpaqueXattrs bool) error
46	}
47
48	if err := copyXattr(srcPath, dstPath, "security.capability"); err != nil {
49	- return err
50	+ if !allowXattrFailure {
51	+ return err
52	+ }
53	}
54
55	if copyOpaqueXattrs {
56	diff --git a/daemon/graphdriver/copy/copy_test.go b/daemon/graphdriver/copy/copy_test.go
57	index 8dcd8d9d56..340c715f5f 100644
58	--- a/daemon/graphdriver/copy/copy_test.go
59	+++ b/daemon/graphdriver/copy/copy_test.go
60	@@ -40,7 +40,7 @@ func TestCopyDir(t *testing.T) {
61	assert.NilError(t, err)
62	defer os.RemoveAll(dstDir)
63
64	- assert.Check(t, DirCopy(srcDir, dstDir, Content, false))
65	+ assert.Check(t, DirCopy(srcDir, dstDir, Content, false, true))
66	assert.NilError(t, filepath.Walk(srcDir, func(srcPath string, f os.FileInfo, err error) error {
67	if err != nil {
68	return err
69	@@ -146,7 +146,7 @@ func TestCopyHardlink(t *testing.T) {
70	assert.NilError(t, os.WriteFile(srcFile1, []byte{}, 0777))
71	assert.NilError(t, os.Link(srcFile1, srcFile2))
72
73	- assert.Check(t, DirCopy(srcDir, dstDir, Content, false))
74	+ assert.Check(t, DirCopy(srcDir, dstDir, Content, false, true))
75
76	assert.NilError(t, unix.Stat(srcFile1, &srcFile1FileInfo))
77	assert.NilError(t, unix.Stat(srcFile2, &srcFile2FileInfo))
78	diff --git a/daemon/graphdriver/overlay/overlay.go b/daemon/graphdriver/overlay/overlay.go
79	index 2ed53d82e9..909478963e 100644
80	--- a/daemon/graphdriver/overlay/overlay.go
81	+++ b/daemon/graphdriver/overlay/overlay.go
82	@@ -320,7 +320,7 @@ func (d Driver) Create(id, parent string, opts graphdriver.CreateOpts) (retErr
83	return err
84	}
85
86	- return copy.DirCopy(parentUpperDir, upperDir, copy.Content, true)
87	+ return copy.DirCopy(parentUpperDir, upperDir, copy.Content, true, false)
88	}
89
90	func (d *Driver) dir(id string) string {
91	@@ -460,7 +460,7 @@ func (d *Driver) ApplyDiff(id string, parent string, diff io.Reader) (size int64
92	}
93	}()
94
95	- if err = copy.DirCopy(parentRootDir, tmpRootDir, copy.Hardlink, true); err != nil {
96	+ if err = copy.DirCopy(parentRootDir, tmpRootDir, copy.Hardlink, true, false); err != nil {
97	return 0, err
98	}
99
100	diff --git a/daemon/graphdriver/vfs/copy_linux.go b/daemon/graphdriver/vfs/copy_linux.go
101	index 7276b3837f..592825c1a5 100644
102	--- a/daemon/graphdriver/vfs/copy_linux.go
103	+++ b/daemon/graphdriver/vfs/copy_linux.go
104	@@ -3,5 +3,5 @@ package vfs // import "github.com/docker/docker/daemon/graphdriver/vfs"
105	import "github.com/docker/docker/daemon/graphdriver/copy"
106
107	func dirCopy(srcDir, dstDir string) error {
108	- return copy.DirCopy(srcDir, dstDir, copy.Content, false)
109	+ return copy.DirCopy(srcDir, dstDir, copy.Content, false, true)
110	}
111	--
112	2.40.0
113