Without this patch, containers inherit the open file descriptors of the daemon, so my "exec 42>&2" allows us to "echo >&42 some nasty error with some bad advice" directly into the daemon log. :)
Also, "hack/dind" was already doing this due to issues caused by the inheritance, so I'm removing that hack too since this patch obsoletes it by generalizing it for all containers.
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Creating the "docker save" tarball for "scratch" is pretty simple. I've also extrapolated the "docker build -t busybox ." logic into a separate "hack/make/.ensure-busybox" file so that it can eventually be reused easier.
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
It was a nice idea to recruit more maintainers but we never found the
time to do it properly...
I am still interested in any ideas to make it easier to start
contributing!
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
I tested to verify that if neither package is available (for example, on Debian Wheezy), apt still continues installing properly.
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
* Remove out of date "vacation mode"
* Fix my email address
* Remove infrastructure maintainers to reflect reality (core maintainers
are currently maintaining their own infrastructure).
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
This also removes all the old man pages, .gitignores their directory, and updates the md2man-all.sh script to be easier to read and more friendly to being called within hack/make/ubuntu.
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Don't make calls to the registry if the image exists already.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
"set -e" is already inherited here from make.sh, but explicit is always better than implicit (hence the "set -e" in the first place!)
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Previously, running just "hack/release.sh" only ran the unit tests. This updates that to run the unit tests, then the integration tests, then build the binaries, then run the cli integration tests (so we're literally testing the binary we're about to release, which is super freaking cool IMO <3).
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
The install script (on https://get.docker.io/) installs an APT sources.list
entry referencing an HTTPS repository, and takes care of installing the
apt-transport-https package. However, the Debian/Ubuntu specific installation
script (on https://get.docker.io/ubuntu) used an HTTPS repository but without
installing that package, causing the installation to fail on some platforms.
This will use HTTPS everywhere, and updates the documentation accordingly.
Docker-DCO-1.1-Signed-off-by: Jérôme Petazzoni <jerome@docker.com> (github: jpetazzo)
Docker-DCO-1.1-Signed-off-by: Jérôme Petazzoni <jerome@docker.com> (github: jpetazzo)
The wait at the end of cli integration script could end up failing if
the process had already exited. This was making it look like the tests
have failed.
This change fixes the problem.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
This makes it possible to choose the graphdriver and the execdriver
which is going to be used for the cli integration tests.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Make sure the busybox image is ready to be used when running the cli
integration tests.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Please do with this as you please (including rebasing and/or squashing it), especially under clause (c) of the DCO.
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
We need this to do systemd API calls.
We also add the static_build tag to make godbus not use
os/user which is problematic for static builds.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
docker will run the process(es) within the container with an SELinux label and will label
all of the content within the container with mount label. Any temporary file systems
created within the container need to be mounted with the same mount label.
The user can override the process label by specifying
-Z With a string of space separated options.
-Z "user=unconfined_u role=unconfined_r type=unconfined_t level=s0"
Would cause the process label to run with unconfined_u:unconfined_r:unconfined_t:s0"
By default the processes will run execute within the container as svirt_lxc_net_t.
All of the content in the container as svirt_sandbox_file_t.
The process mcs level is based of the PID of the docker process that is creating the container.
If you run the container in --priv mode, the labeling will be disabled.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
devicemapper has landed, but the TODO hasn't been actioned presumably
because aufs is still preferred over devicemapper when available[1].
Comment updated accordingly.
Citation [1]: 267ca39921/runtime/graphdriver/driver.go (L40-L46)
Docker-DCO-1.1-Signed-off-by: Paul Annesley <paul@annesley.cc> (github: pda)
In #4740, the apt-key call in docs is changed to use the keyserver port 80 instead of
port 11371, as the previous call would fail with a restrictive firewall or proxy.
This commit extends the change to all apt-key calls in the repository.
Docker-DCO-1.1-Signed-off-by: Viktor Vojnovski <vojnovski@gmail.com> (github: vojnovski)
Enable build tags for all the graphdrivers to be excludable.
As an example:
```
$ go build
$ ls -l docker
-rwxr-xr-x 1 vbatts vbatts 18400158 Mar 14 14:22 docker*
$ go build -tags "exclude_graphdriver_aufs exclude_graphdriver_vfs exclude_graphdriver_devicemapper"
$ ls -l docker
-rwxr-xr-x 1 vbatts vbatts 17467068 Mar 14 14:22 docker*
```
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
These were found using `git grep -nE '[^-a-zA-Z0-9<>]-[a-zA-Z0-9]{2}'` (fair warning: _many_ false positives there).
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
If coverpkg is missing on `go test` command, only the current package
will be covered. That's the case of unit tests. For integration tests
we need to explicitly declare each package.
Docker-DCO-1.1-Signed-off-by: Fabio Falci <fabiofalci@gmail.com> (github: fabiofalci)
This way, packagers can set GIT_DIR appropriately if they'd prefer to not have ".git" inside their working directory.
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
This also adds a new "AUTO_GOPATH" environment variable that will create an appropriate GOPATH as part of the build process.
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
This fixes compilation issues when btrfs.h isn't available (because we just need the relevant structs, which for userspace programs are supposed to come from btrfs-progs instead of the kernel headers).
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
As a bonus, if the user has run this script the way we recommend (ie, without "sudo" or "su", run as their user), we can actually give them the exact command they'll need with their correct username substituted appropriately.
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
and remove the fmt-check one we don't document
tianon tells me they're called GitHub, not Github :)
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@fosiki.com> (github: SvenDowideit)
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
This *should* have the same effect as the previous strategy: Instead of
'mkdir empty; fpm -s dir -C empty ...' we can simply do 'fpm -s empty'
Docker-DCO-1.1-Signed-off-by: Jordan Sissel <jls@semicomplete.com> (github: jordansissel)
It's only in "Recommends" because it's only required for all but the esoteric configurations (since you can't "docker pull" from the index without it, but that's about it).
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
As long as we're doing it, we ought to do it for all the "official" Docker properties at least
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
I personally tested this using our container, and this was the lowest version that compiles and runs properly.
Docker-DCO-1.0-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Instead of `curl $url | apt-get add -` use the ubuntu keyserver and a full
fingerprint to retreive the key. This makes the distribution of the GPG key
more secure an less likely to change even if 3rd party gains access to the
packages repository.
Docker-DCO-1.0-Signed-off-by: Jonas Pfenniger <zimbatm@zimbatm.com> (github: zimbatm)
After each push, Travis CI will trigger, and check two things:
- make sure that each commit in the push has the Docker certificate of origin
- make sure that all .go files changed by this sequence of commits are correctly formatted in the most recent commit
Note: there is one edge case; if you do a git force push, we cannot figure out the actual commits in the force push, and we will just run the checks as if upstream master were the base. Pull requests will always be tested correctly, though.
Docker-DCO-1.0-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Tianon Gravi
Guillaume J. Charmes
Victor Marmol
Sven Dowideit
Solomon Hykes
Kato Kazuyoshi
unclejack
James Turnbull
Jérôme Petazzoni
Alexander Larsson
Dan Walsh
Paul Jimenez
Paul Annesley
Michael Crosby
Sven Dowideit
Viktor Vojnovski
Vincent Batts
Vincent Batts
Victor Vieux
Charlie Lewis
Guillaume J. Charmes
Guillaume J. Charmes
Andy Rothfusz
Fabio Falci
unclejack
Daniel Mizyrycki
Johan Euphrosine
Solomon Hykes
Kim BKC Carlbacker
Jordan Sissel
Evan Krall
zimbatm
sudosurootdev