This patch allows to only release the packages that were built and are
present under the bundles/ directory instead of assuming packages exist
for all distros enumerated in the contrib/builder/ directory.
It also now adds support for armhf architecture for apt repositories.
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit 2ff2e9a73076b737948c68c26f26b7bda5ac7db8)
Signed-off-by: Tibor Vass <tibor@docker.com>
This adds the ability to have different profiles for individual distros
and versions of the distro because they all ship with and depend on
different versions of policy packages.
The `selinux` dir contains the unmodified policy that is being used
today. The `selinux-fedora` dir contains the new policy for fedora 24
with the changes for it to compile and work on the system.
The fedora policy is from commit
4a6ce94da5
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
(cherry picked from commit 32b1f26c5111b22fe4277879c4f5e4687a6a72fc)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Daniel Nephin <dnephin@docker.com>
(cherry picked from commit 1ea9c19ffe53811931ecd3102703c3eacb22d14c)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Daniel Nephin <dnephin@docker.com>
(cherry picked from commit 7004f219f5d0fe99de0dadf319381d224866eb7c)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit e3c150bd470162d7a1a168f125a5e9a3b32b6a00)
Signed-off-by: Tibor Vass <tibor@docker.com>
When using encrypted vxlan network, some of the xfrm states are left
stale. This fix also filters out self advertise-addr rules.
Signed-off-by: Madhu Venugopal <madhu@docker.com>
(cherry picked from commit 6a754a4eef4463ed7c712a1ebe5bc38e2a957c42)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9a3e47511ab9faac599b8f085a1b755ec941e49c)
Signed-off-by: Tibor Vass <tibor@docker.com>
This commit update swarmkit to 9ee5fc3b8db5de8c8593a57bc45fc178f74ceee1.
This is part of step to fix#24270.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit 467107cd401ce9d3678e4f7ec1abfb65a0e46018)
Signed-off-by: Tibor Vass <tibor@docker.com>
This version introduces the following:
- uses nanosecond timestamps for event
- ensure events are sent once their effect is "live"
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
(cherry picked from commit 29b2714580d085533c29807fa337c2b7a302abb6)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Daniel Nephin <dnephin@docker.com>
(cherry picked from commit 47cca88c8c151ebf3dd25adcf28ac1b2f75c76fb)
Signed-off-by: Tibor Vass <tibor@docker.com>
Use the generate.sh script instead of md2man directly.
Update Dockerfile for generating man pages.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
(cherry picked from commit 00a8a40398263429f99b1a5f0be59048e1c6f38d)
Signed-off-by: Tibor Vass <tibor@docker.com>
Fixes#23981
The selinux issue we are seeing in the report is related to the socket
file for docker and nothing else. By removing the socket docker starts
up correctly.
However, there is another motivation for removing socket activation from
docker's systemd files and that is because when you have daemons running
with --restart always whenever you have a host reboot those daemons
will not be started again because the docker daemon is not started by
systemd until a request comes into the docker API.
Leave it for deb based systems because everything is working correctly
for both socket activation and starting normally at boot.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
(cherry picked from commit 04104c3a1e6cad30cb41b762e8832215466c0e95)
Signed-off-by: Tibor Vass <tibor@docker.com>
following the announcement;
https://groups.google.com/forum/m/#!topic/golang-announce/7JTsd70ZAT0
> [security] Go 1.6.3 and Go 1.7rc2 pre-announcement
>
> Hello gophers,
> We plan to issue Go 1.6.3 and Go 1.7rc2 on Monday July 18 at approximately 2am UTC.
> These are minor release to fix a security issue.
>
> Following our policy at https://golang.org/security, this is the pre-announcement of those releases.
>
> Because we are so late in the release cycle for Go 1.7, we will not issue a minor release of Go 1.5.
> Additionally, we plan to issue Go 1.7rc3 later next week, which will include any changes between 1.7rc1 and tip.
>
> Cheers,
> Chris on behalf of the Go team
**Note:**
the man/Dockerfile is not yet updated, because
the official image for Go 1.6.2 has not yet
been updated.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 589bafddf391cbf6aff8b22044266dc819cdcaeb)
Signed-off-by: Tibor Vass <tibor@docker.com>
This is needed to suppress a log message about a harmless condition
which was previously logged at the WARNING log level with potentially
high frequency (https://github.com/docker/go-events/pull/11).
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit db9bc51cbeb40204ff15ea1a40db8d3736ad3845)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Daniel Nephin <dnephin@docker.com>
(cherry picked from commit 674d227445887ea2f9a0fde6ebb7838bcce58578)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit 9a690d3544563bf3b88708dabd5bc853e0e749d2)
Signed-off-by: Tibor Vass <tibor@docker.com>
The original sed placement was creating packages with an
"unsupported" tag in the package name.
Fixes#24197
Signed-off-by: Christy Perez <christy@linux.vnet.ibm.com>
(cherry picked from commit dab287819a21ef8755d2f1b578ebeea33eb4e784)
Signed-off-by: Tibor Vass <tibor@docker.com>
This was missed in #23312 even though the other parts of
this were fixed.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
(cherry picked from commit 47ace5cd989103f7d646282fce66434b5a3c13f6)
Signed-off-by: Tibor Vass <tibor@docker.com>
Needed for libnetwork vendoring
Update Secret API name change correspondingly
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
(cherry picked from commit d428a7a425f071ee9e5707c7319d3197540adc19)
Signed-off-by: Tibor Vass <tibor@docker.com>
Update now that the changes in https://github.com/docker/libnetwork/pull/1230
have been merged
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
(cherry picked from commit 3ae0c664507e0d8da5e3151f28b8d00316569e47)
Signed-off-by: Tibor Vass <tibor@docker.com>
This reduces memory usage with a lot of docker proxy processes.
On Docker for Mac we are currently carrying a patch to replace
the binary as we modify it to forward ports to the Mac rather
than the Linux VM, this allows us to simply replace this binary
in our packaging with one that has a compatible interface. This
patch does not provide an easy way to substitute a binary as
the interface is complex and there are few use cases, but where
needed this can be done.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
(cherry picked from commit 0682468431867e3382a759402eb92df5877e310b)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
(cherry picked from commit 6ec4a640de492e2f3c7b8268b5258d76b38b094b)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit db271b8833fc0b55998afababdaad60a67e3a982)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 140ec59db6e413de5025fb8686b97bf80b66c519)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
(cherry picked from commit 8aa37bdbb76a781d73c24800c2bc5373d2289c28)
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Otto Kekäläinen <otto@seravo.fi>
(cherry picked from commit 644a7426cc31c338fedb6574d2b88d1cc2f43a08)
Signed-off-by: Tibor Vass <tibor@docker.com>
error: line 89: Invalid version (epoch must be unsigned integer):
%{epoch}:1.12.0-0.3.rc3.fc24: Requires(pre): docker-engine-selinux >=
%%{epoch}:1.12.0-0.3.rc3.fc24
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
(cherry picked from commit 0c07e55e4c867ee034c72c7ff8a9b8d63a8ec17d)
Santhosh Manohar
Tibor Vass
Madhu Venugopal
Michael Crosby
Dieter Reuter
Aaron Lehmann
Daniel Nephin
Sebastiaan van Stijn
Alexandre Beslic
Yong Tang
Kenfe-Mickael Laventure
Derek McGowan
Alessandro Boch
Christy Perez
Tonis Tiigi
Justin Cormack
Vincent Demeester
Brian Goff
Antonio Murdaca
Otto Kekäläinen