mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
adb2ddf288
RH now provides `container-selinux` which provides everything we need for docker's selinux policy. Rely on `container-selinux` where available, and `docker-engine-selinux` when not. This still builds the `docker-engine-selinux` package and presumably makes it available, but is no longer a requirement in the `docker-engine` package preferring `container-selinux` instead. `container-selinux` is available on fedora24, however the version that is available does not set the correct types on the `dockerd` binary. We can use `container-selinux` and just supplement that with some of our own policy, but for now just keep using `docker-engine-selinux` as is. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
148 lines
5.9 KiB
Bash
148 lines
5.9 KiB
Bash
#!/usr/bin/env bash
|
|
set -e
|
|
|
|
# subshell so that we can export PATH and TZ without breaking other things
|
|
(
|
|
export TZ=UTC # make sure our "date" variables are UTC-based
|
|
|
|
source "$(dirname "$BASH_SOURCE")/.integration-daemon-start"
|
|
source "$(dirname "$BASH_SOURCE")/.detect-daemon-osarch"
|
|
|
|
# TODO consider using frozen images for the dockercore/builder-rpm tags
|
|
|
|
rpmName=docker-engine
|
|
rpmVersion="$VERSION"
|
|
rpmRelease=1
|
|
|
|
# rpmRelease versioning is as follows
|
|
# Docker 1.7.0: version=1.7.0, release=1
|
|
# Docker 1.7.0-rc1: version=1.7.0, release=0.1.rc1
|
|
# Docker 1.7.0-cs1: version=1.7.0.cs1, release=1
|
|
# Docker 1.7.0-cs1-rc1: version=1.7.0.cs1, release=0.1.rc1
|
|
# Docker 1.7.0-dev nightly: version=1.7.0, release=0.0.YYYYMMDD.HHMMSS.gitHASH
|
|
|
|
# if we have a "-rc*" suffix, set appropriate release
|
|
if [[ "$rpmVersion" =~ .*-rc[0-9]+$ ]] ; then
|
|
rcVersion=${rpmVersion#*-rc}
|
|
rpmVersion=${rpmVersion%-rc*}
|
|
rpmRelease="0.${rcVersion}.rc${rcVersion}"
|
|
fi
|
|
|
|
DOCKER_GITCOMMIT=$(git rev-parse --short HEAD)
|
|
if [ -n "$(git status --porcelain --untracked-files=no)" ]; then
|
|
DOCKER_GITCOMMIT="$DOCKER_GITCOMMIT-unsupported"
|
|
fi
|
|
|
|
# if we have a "-dev" suffix or have change in Git, let's make this package version more complex so it works better
|
|
if [[ "$rpmVersion" == *-dev ]] || [ -n "$(git status --porcelain)" ]; then
|
|
gitUnix="$(git log -1 --pretty='%at')"
|
|
gitDate="$(date --date "@$gitUnix" +'%Y%m%d.%H%M%S')"
|
|
gitCommit="$(git log -1 --pretty='%h')"
|
|
gitVersion="${gitDate}.git${gitCommit}"
|
|
# gitVersion is now something like '20150128.112847.17e840a'
|
|
rpmVersion="${rpmVersion%-dev}"
|
|
rpmRelease="0.0.$gitVersion"
|
|
fi
|
|
|
|
# Replace any other dashes with periods
|
|
rpmVersion="${rpmVersion/-/.}"
|
|
|
|
rpmPackager="$(awk -F ': ' '$1 == "Packager" { print $2; exit }' hack/make/.build-rpm/${rpmName}.spec)"
|
|
rpmDate="$(date +'%a %b %d %Y')"
|
|
|
|
# if go-md2man is available, pre-generate the man pages
|
|
make manpages
|
|
|
|
# Convert the CHANGELOG.md file into RPM changelog format
|
|
rm -f contrib/builder/rpm/${PACKAGE_ARCH}/changelog
|
|
VERSION_REGEX="^\W\W (.*) \((.*)\)$"
|
|
ENTRY_REGEX="^[-+*] (.*)$"
|
|
while read -r line || [[ -n "$line" ]]; do
|
|
if [ -z "$line" ]; then continue; fi
|
|
if [[ "$line" =~ $VERSION_REGEX ]]; then
|
|
echo >> contrib/builder/rpm/${PACKAGE_ARCH}/changelog
|
|
echo "* `date -d ${BASH_REMATCH[2]} '+%a %b %d %Y'` ${rpmPackager} - ${BASH_REMATCH[1]}" >> contrib/builder/rpm/${PACKAGE_ARCH}/changelog
|
|
fi
|
|
if [[ "$line" =~ $ENTRY_REGEX ]]; then
|
|
echo "- ${BASH_REMATCH[1]//\`}" >> contrib/builder/rpm/${PACKAGE_ARCH}/changelog
|
|
fi
|
|
done < CHANGELOG.md
|
|
|
|
builderDir="contrib/builder/rpm/${PACKAGE_ARCH}"
|
|
pkgs=( $(find "${builderDir}/"*/ -type d) )
|
|
if [ ! -z "$DOCKER_BUILD_PKGS" ]; then
|
|
pkgs=()
|
|
for p in $DOCKER_BUILD_PKGS; do
|
|
pkgs+=( "$builderDir/$p" )
|
|
done
|
|
fi
|
|
for dir in "${pkgs[@]}"; do
|
|
[ -d "$dir" ] || { echo >&2 "skipping nonexistent $dir"; continue; }
|
|
version="$(basename "$dir")"
|
|
suite="${version##*-}"
|
|
|
|
image="dockercore/builder-rpm:$version"
|
|
if ! docker inspect "$image" &> /dev/null; then
|
|
( set -x && docker build ${DOCKER_BUILD_ARGS} -t "$image" "$dir" )
|
|
fi
|
|
|
|
mkdir -p "$DEST/$version"
|
|
cat > "$DEST/$version/Dockerfile.build" <<-EOF
|
|
FROM $image
|
|
COPY . /usr/src/${rpmName}
|
|
WORKDIR /usr/src/${rpmName}
|
|
RUN mkdir -p /go/src/github.com/docker && mkdir -p /go/src/github.com/opencontainers
|
|
EOF
|
|
|
|
cat >> "$DEST/$version/Dockerfile.build" <<-EOF
|
|
# Install runc, containerd, proxy and tini
|
|
RUN TMP_GOPATH="/go" ./hack/dockerfile/install-binaries.sh runc-dynamic containerd-dynamic proxy-dynamic tini
|
|
EOF
|
|
if [[ "$VERSION" == *-dev ]] || [ -n "$(git status --porcelain)" ]; then
|
|
echo 'ENV DOCKER_EXPERIMENTAL 1' >> "$DEST/$version/Dockerfile.build"
|
|
fi
|
|
cat >> "$DEST/$version/Dockerfile.build" <<-EOF
|
|
RUN mkdir -p /root/rpmbuild/SOURCES \
|
|
&& echo '%_topdir /root/rpmbuild' > /root/.rpmmacros
|
|
WORKDIR /root/rpmbuild
|
|
RUN ln -sfv /usr/src/${rpmName}/hack/make/.build-rpm SPECS
|
|
WORKDIR /root/rpmbuild/SPECS
|
|
RUN tar --exclude .git -r -C /usr/src -f /root/rpmbuild/SOURCES/${rpmName}.tar ${rpmName}
|
|
RUN tar --exclude .git -r -C /go/src/github.com/docker -f /root/rpmbuild/SOURCES/${rpmName}.tar containerd
|
|
RUN tar --exclude .git -r -C /go/src/github.com/docker/libnetwork/cmd -f /root/rpmbuild/SOURCES/${rpmName}.tar proxy
|
|
RUN tar --exclude .git -r -C /go/src/github.com/opencontainers -f /root/rpmbuild/SOURCES/${rpmName}.tar runc
|
|
RUN tar --exclude .git -r -C /go/ -f /root/rpmbuild/SOURCES/${rpmName}.tar tini
|
|
RUN gzip /root/rpmbuild/SOURCES/${rpmName}.tar
|
|
RUN { cat /usr/src/${rpmName}/contrib/builder/rpm/${PACKAGE_ARCH}/changelog; } >> ${rpmName}.spec && tail >&2 ${rpmName}.spec
|
|
RUN rpmbuild -ba \
|
|
--define '_gitcommit $DOCKER_GITCOMMIT' \
|
|
--define '_release $rpmRelease' \
|
|
--define '_version $rpmVersion' \
|
|
--define '_origversion $VERSION' \
|
|
--define '_experimental ${DOCKER_EXPERIMENTAL:-0}' \
|
|
${rpmName}.spec
|
|
EOF
|
|
# selinux policy referencing systemd things won't work on non-systemd versions
|
|
# of centos or rhel, which we don't support anyways
|
|
if [ "${suite%.*}" -gt 6 ] && [[ "$version" != opensuse* ]]; then
|
|
if [ -d "./contrib/selinux-$version" ]; then
|
|
selinuxDir="selinux-${version}"
|
|
cat >> "$DEST/$version/Dockerfile.build" <<-EOF
|
|
RUN tar -cz -C /usr/src/${rpmName}/contrib/${selinuxDir} -f /root/rpmbuild/SOURCES/${rpmName}-selinux.tar.gz ${rpmName}-selinux
|
|
RUN rpmbuild -ba \
|
|
--define '_gitcommit $DOCKER_GITCOMMIT' \
|
|
--define '_release $rpmRelease' \
|
|
--define '_version $rpmVersion' \
|
|
--define '_origversion $VERSION' \
|
|
${rpmName}-selinux.spec
|
|
EOF
|
|
fi
|
|
fi
|
|
tempImage="docker-temp/build-rpm:$version"
|
|
( set -x && docker build ${DOCKER_BUILD_ARGS} -t "$tempImage" -f $DEST/$version/Dockerfile.build . )
|
|
docker run --rm "$tempImage" bash -c 'cd /root/rpmbuild && tar -c *RPMS' | tar -xvC "$DEST/$version"
|
|
docker rmi "$tempImage"
|
|
done
|
|
|
|
source "$(dirname "$BASH_SOURCE")/.integration-daemon-stop"
|
|
) 2>&1 | tee -a $DEST/test.log
|