*: purge dockerinit from source code
dockerinit has been around for a very long time. It was originally used as a way for us to do configuration for LXC containers once the container had started. LXC is no longer supported, and /.dockerinit has been dead code for quite a while. This removes all code and references in code to dockerinit. Signed-off-by: Aleksa Sarai <asarai@suse.com>
This commit is contained in:
parent
141a301dca
commit
4357ed4a73
|
@ -96,8 +96,7 @@ RUN set -x \
|
||||||
ENV PATH /osxcross/target/bin:$PATH
|
ENV PATH /osxcross/target/bin:$PATH
|
||||||
|
|
||||||
# install seccomp
|
# install seccomp
|
||||||
# this can be changed to the ubuntu package libseccomp-dev if dockerinit is removed,
|
# TODO: switch to libseccomp-dev since dockerinit is gone
|
||||||
# we need libseccomp.a (which the package does not provide) for dockerinit
|
|
||||||
ENV SECCOMP_VERSION 2.2.3
|
ENV SECCOMP_VERSION 2.2.3
|
||||||
RUN set -x \
|
RUN set -x \
|
||||||
&& export SECCOMP_PATH="$(mktemp -d)" \
|
&& export SECCOMP_PATH="$(mktemp -d)" \
|
||||||
|
|
|
@ -111,8 +111,7 @@ RUN git clone https://github.com/golang/lint.git /go/src/github.com/golang/lint
|
||||||
&& go install -v github.com/golang/lint/golint
|
&& go install -v github.com/golang/lint/golint
|
||||||
|
|
||||||
# install seccomp
|
# install seccomp
|
||||||
# this can be changed to the ubuntu package libseccomp-dev if dockerinit is removed,
|
# TODO: switch to libseccomp-dev since dockerinit is gone
|
||||||
# we need libseccomp.a (which the package does not provide) for dockerinit
|
|
||||||
ENV SECCOMP_VERSION 2.2.3
|
ENV SECCOMP_VERSION 2.2.3
|
||||||
RUN set -x \
|
RUN set -x \
|
||||||
&& export SECCOMP_PATH="$(mktemp -d)" \
|
&& export SECCOMP_PATH="$(mktemp -d)" \
|
||||||
|
|
|
@ -42,8 +42,7 @@ RUN cd /usr/local/lvm2 \
|
||||||
# see https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL
|
# see https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL
|
||||||
|
|
||||||
# install seccomp
|
# install seccomp
|
||||||
# this can be changed to the ubuntu package libseccomp-dev if dockerinit is removed,
|
# TODO: switch to libseccomp-dev since dockerinit is gone
|
||||||
# we need libseccomp.a (which the package does not provide) for dockerinit
|
|
||||||
ENV SECCOMP_VERSION v2.2.3
|
ENV SECCOMP_VERSION v2.2.3
|
||||||
RUN set -x \
|
RUN set -x \
|
||||||
&& export SECCOMP_PATH=$(mktemp -d) \
|
&& export SECCOMP_PATH=$(mktemp -d) \
|
||||||
|
|
|
@ -74,8 +74,6 @@ func (cli *DockerCli) CmdInfo(args ...string) error {
|
||||||
fmt.Fprintf(cli.out, " Goroutines: %d\n", info.NGoroutines)
|
fmt.Fprintf(cli.out, " Goroutines: %d\n", info.NGoroutines)
|
||||||
fmt.Fprintf(cli.out, " System Time: %s\n", info.SystemTime)
|
fmt.Fprintf(cli.out, " System Time: %s\n", info.SystemTime)
|
||||||
fmt.Fprintf(cli.out, " EventsListeners: %d\n", info.NEventsListener)
|
fmt.Fprintf(cli.out, " EventsListeners: %d\n", info.NEventsListener)
|
||||||
fmt.Fprintf(cli.out, " Init SHA1: %s\n", info.InitSha1)
|
|
||||||
fmt.Fprintf(cli.out, " Init Path: %s\n", info.InitPath)
|
|
||||||
fmt.Fprintf(cli.out, " Docker Root Dir: %s\n", info.DockerRootDir)
|
fmt.Fprintf(cli.out, " Docker Root Dir: %s\n", info.DockerRootDir)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -63,10 +63,6 @@ func (container *Container) CreateDaemonEnvironment(linkedEnv []string) []string
|
||||||
env := []string{
|
env := []string{
|
||||||
"PATH=" + system.DefaultPathEnv,
|
"PATH=" + system.DefaultPathEnv,
|
||||||
"HOSTNAME=" + fullHostname,
|
"HOSTNAME=" + fullHostname,
|
||||||
// Note: we don't set HOME here because it'll get autoset intelligently
|
|
||||||
// based on the value of USER inside dockerinit, but only if it isn't
|
|
||||||
// set already (ie, that can be overridden by setting HOME via -e or ENV
|
|
||||||
// in a Dockerfile).
|
|
||||||
}
|
}
|
||||||
if container.Config.Tty {
|
if container.Config.Tty {
|
||||||
env = append(env, "TERM=xterm")
|
env = append(env, "TERM=xterm")
|
||||||
|
|
|
@ -118,9 +118,7 @@ for version in "${versions[@]}"; do
|
||||||
|
|
||||||
echo >> "$version/Dockerfile"
|
echo >> "$version/Dockerfile"
|
||||||
|
|
||||||
# fedora does not have a libseccomp.a for compiling static dockerinit
|
# TODO remove this since dockerinit is finally gone
|
||||||
# ONLY install libseccomp.a from source, this can be removed once dockerinit is removed
|
|
||||||
# TODO remove this manual seccomp compilation once dockerinit is gone or no longer needs to be statically compiled
|
|
||||||
case "$from" in
|
case "$from" in
|
||||||
fedora:*)
|
fedora:*)
|
||||||
awk '$1 == "ENV" && $2 == "SECCOMP_VERSION" { print; exit }' ../../../Dockerfile >> "$version/Dockerfile"
|
awk '$1 == "ENV" && $2 == "SECCOMP_VERSION" { print; exit }' ../../../Dockerfile >> "$version/Dockerfile"
|
||||||
|
|
|
@ -254,7 +254,6 @@ func (daemon *Daemon) populateCommand(c *container.Container, env []string) erro
|
||||||
c.Command = &execdriver.Command{
|
c.Command = &execdriver.Command{
|
||||||
CommonCommand: execdriver.CommonCommand{
|
CommonCommand: execdriver.CommonCommand{
|
||||||
ID: c.ID,
|
ID: c.ID,
|
||||||
InitPath: "/.dockerinit",
|
|
||||||
MountLabel: c.GetMountLabel(),
|
MountLabel: c.GetMountLabel(),
|
||||||
Network: en,
|
Network: en,
|
||||||
ProcessConfig: processConfig,
|
ProcessConfig: processConfig,
|
||||||
|
|
|
@ -124,7 +124,6 @@ func (daemon *Daemon) populateCommand(c *container.Container, env []string) erro
|
||||||
CommonCommand: execdriver.CommonCommand{
|
CommonCommand: execdriver.CommonCommand{
|
||||||
ID: c.ID,
|
ID: c.ID,
|
||||||
Rootfs: c.BaseFS,
|
Rootfs: c.BaseFS,
|
||||||
InitPath: "/.dockerinit",
|
|
||||||
WorkingDir: c.Config.WorkingDir,
|
WorkingDir: c.Config.WorkingDir,
|
||||||
Network: en,
|
Network: en,
|
||||||
MountLabel: c.GetMountLabel(),
|
MountLabel: c.GetMountLabel(),
|
||||||
|
|
|
@ -688,8 +688,7 @@ func initBridgeDriver(controller libnetwork.NetworkController, config *Config) e
|
||||||
}
|
}
|
||||||
|
|
||||||
// setupInitLayer populates a directory with mountpoints suitable
|
// setupInitLayer populates a directory with mountpoints suitable
|
||||||
// for bind-mounting dockerinit into the container. The mountpoint is simply an
|
// for bind-mounting things into the container.
|
||||||
// empty file at /.dockerinit
|
|
||||||
//
|
//
|
||||||
// This extra layer is used by all containers as the top-most ro layer. It protects
|
// This extra layer is used by all containers as the top-most ro layer. It protects
|
||||||
// the container from unwanted side-effects on the rw layer.
|
// the container from unwanted side-effects on the rw layer.
|
||||||
|
@ -699,7 +698,6 @@ func setupInitLayer(initLayer string, rootUID, rootGID int) error {
|
||||||
"/dev/shm": "dir",
|
"/dev/shm": "dir",
|
||||||
"/proc": "dir",
|
"/proc": "dir",
|
||||||
"/sys": "dir",
|
"/sys": "dir",
|
||||||
"/.dockerinit": "file",
|
|
||||||
"/.dockerenv": "file",
|
"/.dockerenv": "file",
|
||||||
"/etc/resolv.conf": "file",
|
"/etc/resolv.conf": "file",
|
||||||
"/etc/hosts": "file",
|
"/etc/hosts": "file",
|
||||||
|
|
|
@ -131,7 +131,6 @@ type CommonProcessConfig struct {
|
||||||
type CommonCommand struct {
|
type CommonCommand struct {
|
||||||
ContainerPid int `json:"container_pid"` // the pid for the process inside a container
|
ContainerPid int `json:"container_pid"` // the pid for the process inside a container
|
||||||
ID string `json:"id"`
|
ID string `json:"id"`
|
||||||
InitPath string `json:"initpath"` // dockerinit
|
|
||||||
MountLabel string `json:"mount_label"` // TODO Windows. More involved, but can be factored out
|
MountLabel string `json:"mount_label"` // TODO Windows. More involved, but can be factored out
|
||||||
Mounts []Mount `json:"mounts"`
|
Mounts []Mount `json:"mounts"`
|
||||||
Network *Network `json:"network"`
|
Network *Network `json:"network"`
|
||||||
|
|
|
@ -49,11 +49,6 @@ func (daemon *Daemon) SystemInfo() (*types.Info, error) {
|
||||||
logrus.Errorf("Could not read system memory info: %v", err)
|
logrus.Errorf("Could not read system memory info: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// if we still have the original dockerinit binary from before
|
|
||||||
// we copied it locally, let's return the path to that, since
|
|
||||||
// that's more intuitive (the copied path is trivial to derive
|
|
||||||
// by hand given VERSION)
|
|
||||||
initPath := utils.DockerInitPath("")
|
|
||||||
sysInfo := sysinfo.New(true)
|
sysInfo := sysinfo.New(true)
|
||||||
|
|
||||||
var cRunning, cPaused, cStopped int32
|
var cRunning, cPaused, cStopped int32
|
||||||
|
@ -94,8 +89,6 @@ func (daemon *Daemon) SystemInfo() (*types.Info, error) {
|
||||||
OSType: platform.OSType,
|
OSType: platform.OSType,
|
||||||
Architecture: platform.Architecture,
|
Architecture: platform.Architecture,
|
||||||
RegistryConfig: daemon.RegistryService.Config,
|
RegistryConfig: daemon.RegistryService.Config,
|
||||||
InitSha1: dockerversion.InitSHA1,
|
|
||||||
InitPath: initPath,
|
|
||||||
NCPU: runtime.NumCPU(),
|
NCPU: runtime.NumCPU(),
|
||||||
MemTotal: meminfo.MemTotal,
|
MemTotal: meminfo.MemTotal,
|
||||||
DockerRootDir: daemon.configStore.Root,
|
DockerRootDir: daemon.configStore.Root,
|
||||||
|
|
|
@ -1,11 +0,0 @@
|
||||||
package main
|
|
||||||
|
|
||||||
import (
|
|
||||||
_ "github.com/docker/docker/daemon/execdriver/native"
|
|
||||||
"github.com/docker/docker/pkg/reexec"
|
|
||||||
)
|
|
||||||
|
|
||||||
func main() {
|
|
||||||
// Running in init mode
|
|
||||||
reexec.Init()
|
|
||||||
}
|
|
|
@ -9,8 +9,5 @@ const (
|
||||||
GitCommit string = "library-import"
|
GitCommit string = "library-import"
|
||||||
Version string = "library-import"
|
Version string = "library-import"
|
||||||
BuildTime string = "library-import"
|
BuildTime string = "library-import"
|
||||||
|
|
||||||
IAmStatic string = "library-import"
|
IAmStatic string = "library-import"
|
||||||
InitSHA1 string = "library-import"
|
|
||||||
InitPath string = "library-import"
|
|
||||||
)
|
)
|
||||||
|
|
|
@ -76,7 +76,6 @@ _dockerfile_env() {
|
||||||
clean() {
|
clean() {
|
||||||
local packages=(
|
local packages=(
|
||||||
"${PROJECT}/docker" # package main
|
"${PROJECT}/docker" # package main
|
||||||
"${PROJECT}/dockerinit" # package main
|
|
||||||
"${PROJECT}/integration-cli" # external tests
|
"${PROJECT}/integration-cli" # external tests
|
||||||
)
|
)
|
||||||
local dockerPlatforms=( ${DOCKER_ENGINE_OSARCH:="linux/amd64"} $(_dockerfile_env DOCKER_CROSSPLATFORMS) )
|
local dockerPlatforms=( ${DOCKER_ENGINE_OSARCH:="linux/amd64"} $(_dockerfile_env DOCKER_CROSSPLATFORMS) )
|
||||||
|
|
|
@ -237,7 +237,6 @@ test_env() {
|
||||||
HOME="$ABS_DEST/fake-HOME" \
|
HOME="$ABS_DEST/fake-HOME" \
|
||||||
PATH="$PATH" \
|
PATH="$PATH" \
|
||||||
TEMP="$TEMP" \
|
TEMP="$TEMP" \
|
||||||
TEST_DOCKERINIT_PATH="$TEST_DOCKERINIT_PATH" \
|
|
||||||
"$@"
|
"$@"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -17,14 +17,12 @@ override_dh_auto_test:
|
||||||
./bundles/$(VERSION)/dynbinary/docker -v
|
./bundles/$(VERSION)/dynbinary/docker -v
|
||||||
|
|
||||||
override_dh_strip:
|
override_dh_strip:
|
||||||
# the SHA1 of dockerinit is important: don't strip it
|
# Go has lots of problems with stripping, so just don't
|
||||||
# also, Go has lots of problems with stripping, so just don't
|
|
||||||
|
|
||||||
override_dh_auto_install:
|
override_dh_auto_install:
|
||||||
mkdir -p debian/docker-engine/usr/bin
|
mkdir -p debian/docker-engine/usr/bin
|
||||||
cp -aT "$$(readlink -f bundles/$(VERSION)/dynbinary/docker)" debian/docker-engine/usr/bin/docker
|
cp -aT "$$(readlink -f bundles/$(VERSION)/dynbinary/docker)" debian/docker-engine/usr/bin/docker
|
||||||
mkdir -p debian/docker-engine/usr/lib/docker
|
mkdir -p debian/docker-engine/usr/lib/docker
|
||||||
cp -aT "$$(readlink -f bundles/$(VERSION)/dynbinary/dockerinit)" debian/docker-engine/usr/lib/docker/dockerinit
|
|
||||||
|
|
||||||
override_dh_installinit:
|
override_dh_installinit:
|
||||||
# use "docker" as our service name, not "docker-engine"
|
# use "docker" as our service name, not "docker-engine"
|
||||||
|
|
|
@ -11,11 +11,6 @@ URL: https://dockerproject.org
|
||||||
Vendor: Docker
|
Vendor: Docker
|
||||||
Packager: Docker <support@docker.com>
|
Packager: Docker <support@docker.com>
|
||||||
|
|
||||||
# docker builds in a checksum of dockerinit into docker,
|
|
||||||
# # so stripping the binaries breaks docker
|
|
||||||
%global __os_install_post %{_rpmconfigdir}/brp-compress
|
|
||||||
%global debug_package %{nil}
|
|
||||||
|
|
||||||
# is_systemd conditional
|
# is_systemd conditional
|
||||||
%if 0%{?fedora} >= 21 || 0%{?centos} >= 7 || 0%{?rhel} >= 7 || 0%{?suse_version} >= 1300
|
%if 0%{?fedora} >= 21 || 0%{?centos} >= 7 || 0%{?rhel} >= 7 || 0%{?suse_version} >= 1300
|
||||||
%global is_systemd 1
|
%global is_systemd 1
|
||||||
|
@ -124,10 +119,6 @@ export DOCKER_GITCOMMIT=%{_gitcommit}
|
||||||
install -d $RPM_BUILD_ROOT/%{_bindir}
|
install -d $RPM_BUILD_ROOT/%{_bindir}
|
||||||
install -p -m 755 bundles/%{_origversion}/dynbinary/docker-%{_origversion} $RPM_BUILD_ROOT/%{_bindir}/docker
|
install -p -m 755 bundles/%{_origversion}/dynbinary/docker-%{_origversion} $RPM_BUILD_ROOT/%{_bindir}/docker
|
||||||
|
|
||||||
# install dockerinit
|
|
||||||
install -d $RPM_BUILD_ROOT/%{_libexecdir}/docker
|
|
||||||
install -p -m 755 bundles/%{_origversion}/dynbinary/dockerinit-%{_origversion} $RPM_BUILD_ROOT/%{_libexecdir}/docker/dockerinit
|
|
||||||
|
|
||||||
# install udev rules
|
# install udev rules
|
||||||
install -d $RPM_BUILD_ROOT/%{_sysconfdir}/udev/rules.d
|
install -d $RPM_BUILD_ROOT/%{_sysconfdir}/udev/rules.d
|
||||||
install -p -m 644 contrib/udev/80-docker.rules $RPM_BUILD_ROOT/%{_sysconfdir}/udev/rules.d/80-docker.rules
|
install -p -m 644 contrib/udev/80-docker.rules $RPM_BUILD_ROOT/%{_sysconfdir}/udev/rules.d/80-docker.rules
|
||||||
|
@ -175,7 +166,6 @@ install -p -m 644 contrib/syntax/nano/Dockerfile.nanorc $RPM_BUILD_ROOT/usr/shar
|
||||||
%files
|
%files
|
||||||
%doc AUTHORS CHANGELOG.md CONTRIBUTING.md LICENSE MAINTAINERS NOTICE README.md
|
%doc AUTHORS CHANGELOG.md CONTRIBUTING.md LICENSE MAINTAINERS NOTICE README.md
|
||||||
/%{_bindir}/docker
|
/%{_bindir}/docker
|
||||||
/%{_libexecdir}/docker/dockerinit
|
|
||||||
/%{_sysconfdir}/udev/rules.d/80-docker.rules
|
/%{_sysconfdir}/udev/rules.d/80-docker.rules
|
||||||
%if 0%{?is_systemd}
|
%if 0%{?is_systemd}
|
||||||
/%{_unitdir}/docker.service
|
/%{_unitdir}/docker.service
|
||||||
|
|
|
@ -1,33 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
set -e
|
|
||||||
|
|
||||||
IAMSTATIC="true"
|
|
||||||
source "${MAKEDIR}/.go-autogen"
|
|
||||||
|
|
||||||
# dockerinit still needs to be a static binary, even if docker is dynamic
|
|
||||||
go build \
|
|
||||||
-o "$DEST/dockerinit-$VERSION" \
|
|
||||||
"${BUILDFLAGS[@]}" \
|
|
||||||
-ldflags "
|
|
||||||
$LDFLAGS
|
|
||||||
$LDFLAGS_STATIC
|
|
||||||
-extldflags \"$EXTLDFLAGS_STATIC\"
|
|
||||||
" \
|
|
||||||
./dockerinit
|
|
||||||
|
|
||||||
echo "Created binary: $DEST/dockerinit-$VERSION"
|
|
||||||
ln -sf "dockerinit-$VERSION" "$DEST/dockerinit"
|
|
||||||
|
|
||||||
sha1sum=
|
|
||||||
if command -v sha1sum &> /dev/null; then
|
|
||||||
sha1sum=sha1sum
|
|
||||||
elif command -v shasum &> /dev/null; then
|
|
||||||
# Mac OS X - why couldn't they just use the same command name and be happy?
|
|
||||||
sha1sum=shasum
|
|
||||||
else
|
|
||||||
echo >&2 'error: cannot find sha1sum command or equivalent'
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# sha1 our new dockerinit to ensure separate docker and dockerinit always run in a perfect pair compiled for one another
|
|
||||||
export DOCKER_INITSHA1=$($sha1sum "$DEST/dockerinit-$VERSION" | cut -d' ' -f1)
|
|
|
@ -1,31 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
set -e
|
|
||||||
|
|
||||||
IAMSTATIC="true"
|
|
||||||
source "${MAKEDIR}/.go-autogen"
|
|
||||||
|
|
||||||
# dockerinit still needs to be a static binary, even if docker is dynamic
|
|
||||||
go build --compiler=gccgo \
|
|
||||||
-o "$DEST/dockerinit-$VERSION" \
|
|
||||||
"${BUILDFLAGS[@]}" \
|
|
||||||
--gccgoflags "
|
|
||||||
-g
|
|
||||||
-Wl,--no-export-dynamic
|
|
||||||
$EXTLDFLAGS_STATIC
|
|
||||||
-lnetgo
|
|
||||||
" \
|
|
||||||
./dockerinit
|
|
||||||
|
|
||||||
echo "Created binary: $DEST/dockerinit-$VERSION"
|
|
||||||
ln -sf "dockerinit-$VERSION" "$DEST/dockerinit"
|
|
||||||
|
|
||||||
sha1sum=
|
|
||||||
if command -v sha1sum &> /dev/null; then
|
|
||||||
sha1sum=sha1sum
|
|
||||||
else
|
|
||||||
echo >&2 'error: cannot find sha1sum command or equivalent'
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# sha1 our new dockerinit to ensure separate docker and dockerinit always run in a perfect pair compiled for one another
|
|
||||||
export DOCKER_INITSHA1=$($sha1sum "$DEST/dockerinit-$VERSION" | cut -d' ' -f1)
|
|
|
@ -14,10 +14,7 @@ const (
|
||||||
GitCommit string = "$GITCOMMIT"
|
GitCommit string = "$GITCOMMIT"
|
||||||
Version string = "$VERSION"
|
Version string = "$VERSION"
|
||||||
BuildTime string = "$BUILDTIME"
|
BuildTime string = "$BUILDTIME"
|
||||||
|
|
||||||
IAmStatic string = "${IAMSTATIC:-true}"
|
IAmStatic string = "${IAMSTATIC:-true}"
|
||||||
InitSHA1 string = "$DOCKER_INITSHA1"
|
|
||||||
InitPath string = "$DOCKER_INITPATH"
|
|
||||||
)
|
)
|
||||||
// AUTOGENERATED FILE; see $BASH_SOURCE
|
// AUTOGENERATED FILE; see $BASH_SOURCE
|
||||||
DVEOF
|
DVEOF
|
||||||
|
|
|
@ -1,16 +1,6 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
if [ -z "$DOCKER_CLIENTONLY" ]; then
|
|
||||||
source "${MAKEDIR}/.dockerinit"
|
|
||||||
|
|
||||||
hash_files "$DEST/dockerinit-$VERSION"
|
|
||||||
else
|
|
||||||
# DOCKER_CLIENTONLY must be truthy, so we don't need to bother with dockerinit :)
|
|
||||||
export DOCKER_INITSHA1=""
|
|
||||||
fi
|
|
||||||
# DOCKER_INITSHA1 is exported so that other bundlescripts can easily access it later without recalculating it
|
|
||||||
|
|
||||||
(
|
(
|
||||||
export IAMSTATIC="false"
|
export IAMSTATIC="false"
|
||||||
export LDFLAGS_STATIC_DOCKER=''
|
export LDFLAGS_STATIC_DOCKER=''
|
||||||
|
|
|
@ -1,16 +1,6 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
if [ -z "$DOCKER_CLIENTONLY" ]; then
|
|
||||||
source "${MAKEDIR}/.dockerinit-gccgo"
|
|
||||||
|
|
||||||
hash_files "$DEST/dockerinit-$VERSION"
|
|
||||||
else
|
|
||||||
# DOCKER_CLIENTONLY must be truthy, so we don't need to bother with dockerinit :)
|
|
||||||
export DOCKER_INITSHA1=""
|
|
||||||
fi
|
|
||||||
# DOCKER_INITSHA1 is exported so that other bundlescripts can easily access it later without recalculating it
|
|
||||||
|
|
||||||
(
|
(
|
||||||
export IAMSTATIC="false"
|
export IAMSTATIC="false"
|
||||||
export EXTLDFLAGS_STATIC=''
|
export EXTLDFLAGS_STATIC=''
|
||||||
|
|
|
@ -27,10 +27,10 @@ func (s *DockerSuite) TestDiffFilenameShownInOutput(c *check.C) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// test to ensure GH #3840 doesn't occur any more
|
// test to ensure GH #3840 doesn't occur any more
|
||||||
func (s *DockerSuite) TestDiffEnsureDockerinitFilesAreIgnored(c *check.C) {
|
func (s *DockerSuite) TestDiffEnsureInitLayerFilesAreIgnored(c *check.C) {
|
||||||
testRequires(c, DaemonIsLinux)
|
testRequires(c, DaemonIsLinux)
|
||||||
// this is a list of files which shouldn't show up in `docker diff`
|
// this is a list of files which shouldn't show up in `docker diff`
|
||||||
dockerinitFiles := []string{"/etc/resolv.conf", "/etc/hostname", "/etc/hosts", "/.dockerinit", "/.dockerenv"}
|
initLayerFiles := []string{"/etc/resolv.conf", "/etc/hostname", "/etc/hosts", "/.dockerenv"}
|
||||||
containerCount := 5
|
containerCount := 5
|
||||||
|
|
||||||
// we might not run into this problem from the first run, so start a few containers
|
// we might not run into this problem from the first run, so start a few containers
|
||||||
|
@ -41,7 +41,7 @@ func (s *DockerSuite) TestDiffEnsureDockerinitFilesAreIgnored(c *check.C) {
|
||||||
cleanCID := strings.TrimSpace(out)
|
cleanCID := strings.TrimSpace(out)
|
||||||
out, _ = dockerCmd(c, "diff", cleanCID)
|
out, _ = dockerCmd(c, "diff", cleanCID)
|
||||||
|
|
||||||
for _, filename := range dockerinitFiles {
|
for _, filename := range initLayerFiles {
|
||||||
c.Assert(out, checker.Not(checker.Contains), filename)
|
c.Assert(out, checker.Not(checker.Contains), filename)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -224,7 +224,6 @@ const (
|
||||||
43 16 0:34 / /proc/fs/nfsd rw,nosuid,nodev,noexec,relatime - nfsd nfsd rw
|
43 16 0:34 / /proc/fs/nfsd rw,nosuid,nodev,noexec,relatime - nfsd nfsd rw
|
||||||
44 15 0:35 / /home/tianon/.gvfs rw,nosuid,nodev,relatime - fuse.gvfs-fuse-daemon gvfs-fuse-daemon rw,user_id=1000,group_id=1000
|
44 15 0:35 / /home/tianon/.gvfs rw,nosuid,nodev,relatime - fuse.gvfs-fuse-daemon gvfs-fuse-daemon rw,user_id=1000,group_id=1000
|
||||||
68 15 0:3336 / /var/lib/docker/aufs/mnt/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd rw,relatime - aufs none rw,si=9b4a7640128db39c
|
68 15 0:3336 / /var/lib/docker/aufs/mnt/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd rw,relatime - aufs none rw,si=9b4a7640128db39c
|
||||||
85 68 8:6 /var/lib/docker/init/dockerinit-0.7.2-dev//deleted /var/lib/docker/aufs/mnt/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/.dockerinit rw,noatime,nodiratime - ext4 /dev/sda6 rw,data=ordered
|
|
||||||
86 68 8:6 /var/lib/docker/containers/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/config.env /var/lib/docker/aufs/mnt/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/.dockerenv rw,noatime,nodiratime - ext4 /dev/sda6 rw,data=ordered
|
86 68 8:6 /var/lib/docker/containers/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/config.env /var/lib/docker/aufs/mnt/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/.dockerenv rw,noatime,nodiratime - ext4 /dev/sda6 rw,data=ordered
|
||||||
87 68 8:6 /etc/resolv.conf /var/lib/docker/aufs/mnt/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/etc/resolv.conf rw,noatime,nodiratime - ext4 /dev/sda6 rw,data=ordered
|
87 68 8:6 /etc/resolv.conf /var/lib/docker/aufs/mnt/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/etc/resolv.conf rw,noatime,nodiratime - ext4 /dev/sda6 rw,data=ordered
|
||||||
88 68 8:6 /var/lib/docker/containers/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/hostname /var/lib/docker/aufs/mnt/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/etc/hostname rw,noatime,nodiratime - ext4 /dev/sda6 rw,data=ordered
|
88 68 8:6 /var/lib/docker/containers/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/hostname /var/lib/docker/aufs/mnt/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/etc/hostname rw,noatime,nodiratime - ext4 /dev/sda6 rw,data=ordered
|
||||||
|
|
107
utils/utils.go
107
utils/utils.go
|
@ -1,124 +1,17 @@
|
||||||
package utils
|
package utils
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/sha1"
|
|
||||||
"encoding/hex"
|
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"os"
|
"os"
|
||||||
"os/exec"
|
|
||||||
"path/filepath"
|
|
||||||
"runtime"
|
"runtime"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"github.com/docker/distribution/registry/api/errcode"
|
"github.com/docker/distribution/registry/api/errcode"
|
||||||
"github.com/docker/docker/dockerversion"
|
|
||||||
"github.com/docker/docker/pkg/archive"
|
"github.com/docker/docker/pkg/archive"
|
||||||
"github.com/docker/docker/pkg/stringid"
|
"github.com/docker/docker/pkg/stringid"
|
||||||
)
|
)
|
||||||
|
|
||||||
// SelfPath figures out the absolute path of our own binary (if it's still around).
|
|
||||||
func SelfPath() string {
|
|
||||||
path, err := exec.LookPath(os.Args[0])
|
|
||||||
if err != nil {
|
|
||||||
if os.IsNotExist(err) {
|
|
||||||
return ""
|
|
||||||
}
|
|
||||||
if execErr, ok := err.(*exec.Error); ok && os.IsNotExist(execErr.Err) {
|
|
||||||
return ""
|
|
||||||
}
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
path, err = filepath.Abs(path)
|
|
||||||
if err != nil {
|
|
||||||
if os.IsNotExist(err) {
|
|
||||||
return ""
|
|
||||||
}
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
return path
|
|
||||||
}
|
|
||||||
|
|
||||||
func dockerInitSha1(target string) string {
|
|
||||||
f, err := os.Open(target)
|
|
||||||
if err != nil {
|
|
||||||
return ""
|
|
||||||
}
|
|
||||||
defer f.Close()
|
|
||||||
h := sha1.New()
|
|
||||||
_, err = io.Copy(h, f)
|
|
||||||
if err != nil {
|
|
||||||
return ""
|
|
||||||
}
|
|
||||||
return hex.EncodeToString(h.Sum(nil))
|
|
||||||
}
|
|
||||||
|
|
||||||
func isValidDockerInitPath(target string, selfPath string) bool { // target and selfPath should be absolute (InitPath and SelfPath already do this)
|
|
||||||
if target == "" {
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
if dockerversion.IAmStatic == "true" {
|
|
||||||
if selfPath == "" {
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
if target == selfPath {
|
|
||||||
return true
|
|
||||||
}
|
|
||||||
targetFileInfo, err := os.Lstat(target)
|
|
||||||
if err != nil {
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
selfPathFileInfo, err := os.Lstat(selfPath)
|
|
||||||
if err != nil {
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
return os.SameFile(targetFileInfo, selfPathFileInfo)
|
|
||||||
}
|
|
||||||
return dockerversion.InitSHA1 != "" && dockerInitSha1(target) == dockerversion.InitSHA1
|
|
||||||
}
|
|
||||||
|
|
||||||
// DockerInitPath figures out the path of our dockerinit (which may be SelfPath())
|
|
||||||
func DockerInitPath(localCopy string) string {
|
|
||||||
selfPath := SelfPath()
|
|
||||||
if isValidDockerInitPath(selfPath, selfPath) {
|
|
||||||
// if we're valid, don't bother checking anything else
|
|
||||||
return selfPath
|
|
||||||
}
|
|
||||||
var possibleInits = []string{
|
|
||||||
localCopy,
|
|
||||||
dockerversion.InitPath,
|
|
||||||
filepath.Join(filepath.Dir(selfPath), "dockerinit"),
|
|
||||||
|
|
||||||
// FHS 3.0 Draft: "/usr/libexec includes internal binaries that are not intended to be executed directly by users or shell scripts. Applications may use a single subdirectory under /usr/libexec."
|
|
||||||
// https://www.linuxbase.org/betaspecs/fhs/fhs.html#usrlibexec
|
|
||||||
"/usr/libexec/docker/dockerinit",
|
|
||||||
"/usr/local/libexec/docker/dockerinit",
|
|
||||||
|
|
||||||
// FHS 2.3: "/usr/lib includes object files, libraries, and internal binaries that are not intended to be executed directly by users or shell scripts."
|
|
||||||
// https://refspecs.linuxfoundation.org/FHS_2.3/fhs-2.3.html#USRLIBLIBRARIESFORPROGRAMMINGANDPA
|
|
||||||
"/usr/lib/docker/dockerinit",
|
|
||||||
"/usr/local/lib/docker/dockerinit",
|
|
||||||
}
|
|
||||||
for _, dockerInit := range possibleInits {
|
|
||||||
if dockerInit == "" {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
path, err := exec.LookPath(dockerInit)
|
|
||||||
if err == nil {
|
|
||||||
path, err = filepath.Abs(path)
|
|
||||||
if err != nil {
|
|
||||||
// LookPath already validated that this file exists and is executable (following symlinks), so how could Abs fail?
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
if isValidDockerInitPath(path, selfPath) {
|
|
||||||
return path
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return ""
|
|
||||||
}
|
|
||||||
|
|
||||||
var globalTestID string
|
var globalTestID string
|
||||||
|
|
||||||
// TestDirectory creates a new temporary directory and returns its path.
|
// TestDirectory creates a new temporary directory and returns its path.
|
||||||
|
|
Loading…
Reference in New Issue