| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* CVE-2018-10892
Docker does not block /proc/acpi pathnames. The flaw allows an attacker to
modify host's hardware like enabling/disabling Bluetooth or turning up/down
keyboard brightness.
Affects < 18.03.01
CVE: CVE-2018-10892
Ref: https://access.redhat.com/security/cve/cve-2018-10892
Signed-off-by: Sinan Kaya <okaya@kernel.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Rather than invoking go directly to build docker-proxy, we can use
the libnetwork Make infrastructure. This picks up our exported go
enviroment variables, and other sysroot flags.
We also apply one patch to ensure that the cross-go toolchain is
used, and that the proper build flags are used.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Uprev the docker daemon, proxy and cli to 18.03.0.
The SRCREVs for these updates come from the versions logged in the
docker-ce 18.03.0 release. The docker-ce recipe has a pure docker-ce
single repository build, but here, we continue to assemble the individual
parts for maximum flexibility.
Along with the uprev, we add new dependencies required to build the new
version; libtool and pkcconfig (although unused by the recipe itself).
Finally we switch to a Makefile based build of the cli to allow the
commit and docker version to be properly captured in the docker executable.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Recently in the oe-core the go.bbclass changed and requires the
defition of the GO_IMPORT variable. This was intended to simplify how
the compilation works with go packages and it is still a work in
progress.
This patch set makes the recipes compatible to generate the same end
result as before using the new go.bbclass from oe-core.
Any patches that were included in the recipes had to have the paths
adjusted because the new go.bbclass manipulates the notion of S to be
S + "src" + "$GO_IMPORT" internally for the purpose of unpack, patch
and compile.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
Fix daemonization, align args with docker.service, fix line breaks in
log file - and fix INITSCRIPT_PARAMS (there is no variable
OS_DEFAULT_INITSCRIPT_PARAMS).
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The build method for docker client changed where by the docker cli is
now required to be pulled in from a separate git tree to be built.
The integration patch to cross compile was also upreved since some
parts of it were accepted upstream while other parts have not been
accepted at this time.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The docker v1 registry has long been depreciated and moved into the
docker distribution library.
The registry is run via the docker CLI and not through a standalone
server.
This change removes the old registry and adds a .service file + package
for docker registry in the main docker recipe. Anyone that wants to
run a local registry can install the docker-registry package and the
service will start.
Note: No full config.yml file is provided, since the default are sane.
If tweaks are required, we can use ENV vars or consider adding a
config overlay.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This new version of docker starts to assume that go 1.7 is
used. Specifically in go 1.7 golang.org/x/net/context has been merged
so the include is starting to be shortened to simply "context" which
does not work when using go 1.6. We can continue to use go 1.6 by
using the full pkg path.
Additionally the docker-proxy is not built when using the hacks build
mechanism, as we do to build docker (ie. we don't build docker in a
docker container). We could probably find a way to build docker-proxy
using the build hacks, but for now we will simply drop docker-proxy
from the package. In an embedded env. using the proxy doesn't make a
lot of sense anyways.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updating docker to the 1.11.1 release, which uses the open container initiative
components.
With this udpate, we drop patches that are no longer required, and adjust the
install/strip routines to not look for obselete components.
There are now 4 binaries required for docker to work:
- docker
- docker-containerd
- docker-containerd-shim
- docker-runc
The new containerd and runc recipes provide the latter, while docker provides
the cli and daemon.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
| |
Signed-off-by: Zongchun Yu <zongchun.yu@nxp.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Uprev docker to 1.6.2
go-capability is upreved to a later git commit
go-dbus is upreved to version 2
go-distribution-digest is added as a new dependency. Only the
digest part of go-distribution is needed/kept here,
hence go-distribution-digest
go-logrus is upreved to 0.7.1
Remove PR since it's no longer used
Signed-off-by: Amy Fong <amy.fong@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In yocto builds, preprocessing of binaries can happen after the install
phase. Some of these can modify the size/sha1sum of the binaries.
e.g. A new .gnu_debuglink can happen
docker will not start because of these modifications. Docker initially
does a sha1sum of dockerinit to identify the dockerinit that it was built
with, this is done for security and for compatibility reasons. Since
this checking is disabled, we should rely on rpm tests for validation
of the binary instead.
Signed-off-by: Amy Fong <amy.fong@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
| |
Adding a basic sysvinit script to docker .. for those that still use
sysvinit!
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
Adding docker (Linux container runtime)
Signed-off-by: Amy Fong <amy.fong@windriver.com>
|
