Hello community,
here is the log from the commit of package docker for openSUSE:Factory checked in at 2017-12-21 11:25:14
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/docker (Old)
and /work/SRC/openSUSE:Factory/.docker.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "docker"
Thu Dec 21 11:25:14 2017 rev:67 rq:558281 version:17.09.1_ce
Changes:
--------
--- /work/SRC/openSUSE:Factory/docker/docker.changes 2017-12-08 12:54:02.400940025 +0100
+++ /work/SRC/openSUSE:Factory/.docker.new/docker.changes 2017-12-21 11:25:16.559449330 +0100
@@ -1,0 +2,35 @@
+Mon Dec 18 12:32:35 UTC 2017 - asarai@suse.com
+
+- Update to Docker v17.09.1_ce. Upstream changelog:
+ https://github.com/docker/docker-ce/releases/tag/v17.09.1-ce
+- Removed patches (merged upstream):
+ - bsc1045628-0001-devicemapper-remove-container-rootfs-mountPath-after.patch
+ - bsc1066210-0001-vendor-update-to-github.com-vbatts-tar-split-v0.10.2.patch
+ - bsc1066801-0001-oci-add-proc-scsi-to-masked-paths.patch
+
+-------------------------------------------------------------------
+Mon Dec 18 12:32:35 UTC 2017 - asarai@suse.com
+
+- Update to Docker v17.09.0_ce. Upstream changelog:
+ https://github.com/docker/docker-ce/releases/tag/v17.09.0-ce
+- Rebased patches:
+ * bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch
+ * bsc1045628-0001-devicemapper-remove-container-rootfs-mountPath-after.patch
+ * bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch
+ * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
+ * secrets-0002-SUSE-implement-SUSE-container-secrets.patch
+- Removed patches (merged upstream):
+ - bsc1064781-0001-Allow-to-override-build-date.patch
+
+-------------------------------------------------------------------
+Tue Dec 5 10:58:07 UTC 2017 - asarai@suse.com
+
+- Add a patch to dynamically probe whether libdevmapper supports
+ dm_task_deferred_remove. This is necessary because we build the containers
+ module on a SLE12 base, but later SLE versions have libdevmapper support.
+ This should not affect openSUSE, as all openSUSE versions have a new enough
+ libdevmapper. Backport of https://github.com/moby/moby/pull/35518.
+ bsc#1021227 bsc#1029320 bsc#1058173
+ + bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch
+
+-------------------------------------------------------------------
@@ -70 +105 @@
-- Update to Docker v17.07-ce (bsc#1069758). Upstream changelog:
+- Update to Docker v17.07.0_ce (bsc#1069758). Upstream changelog:
Old:
----
bsc1045628-0001-devicemapper-remove-container-rootfs-mountPath-after.patch
bsc1064781-0001-Allow-to-override-build-date.patch
bsc1066210-0001-vendor-update-to-github.com-vbatts-tar-split-v0.10.2.patch
bsc1066801-0001-oci-add-proc-scsi-to-masked-paths.patch
docker-17.07.0_ce.tar.xz
New:
----
bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch
docker-17.09.1_ce.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ docker.spec ++++++
--- /var/tmp/diff_new_pack.ufTQlA/_old 2017-12-21 11:25:17.411407789 +0100
+++ /var/tmp/diff_new_pack.ufTQlA/_new 2017-12-21 11:25:17.415407594 +0100
@@ -31,11 +31,17 @@
# helpfully injects into our build environment from the changelog). If you want
# to generate a new git_commit_epoch, use this:
# $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s'
-%define git_version 87847530f717
-%define git_commit_epoch 1508266293
+%define git_version f4ffd2511ce9
+%define git_commit_epoch 1508606827
+
+# These are the git commits required. We verify them against the source to make
+# sure we didn't miss anything important when doing upgrades.
+%define required_containerd 06b9cb35161009dcb7123345749fef02f7cea8e0
+%define required_dockerrunc 3f2f8b84a77f73d38244dd690525642a72156c64
+%define required_libnetwork 7b2b1feb1de4817d522cc372af149ff48d25028e
Name: docker
-Version: 17.07.0_ce
+Version: 17.09.1_ce
Release: 0
Summary: The Linux container runtime
License: Apache-2.0
@@ -57,15 +63,9 @@
Patch200: secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
Patch201: secrets-0002-SUSE-implement-SUSE-container-secrets.patch
# SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/35205. bsc#1055676
-Patch401: bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch
-# SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/34573. bsc#1045628
-Patch402: bsc1045628-0001-devicemapper-remove-container-rootfs-mountPath-after.patch
-# SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/34176. boo#1064781
-Patch403: bsc1064781-0001-Allow-to-override-build-date.patch
-# SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/35399. boo#1066801 CVE-2017-16539
-Patch404: bsc1066801-0001-oci-add-proc-scsi-to-masked-paths.patch
-# SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/35424. boo#1066210 CVE-2017-14992
-Patch405: bsc1066210-0001-vendor-update-to-github.com-vbatts-tar-split-v0.10.2.patch
+Patch400: bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch
+# SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/35518. bsc#1021227 bsc#1029320 bsc#1058173
+Patch401: bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch
BuildRequires: audit
BuildRequires: bash-completion
BuildRequires: ca-certificates
@@ -99,14 +99,14 @@
# Required in order for networking to work. fix_bsc_1057743 is a work-around
# for some old packaging issues (where rpm would delete a binary that was
# installed by docker-libnetwork). See bsc#1057743 for more details.
-Requires: docker-libnetwork = 0.7.0+gitr2322_4a242dba7739
+Requires: docker-libnetwork-git = %{required_libnetwork}
Requires: fix_bsc_1057743
# Containerd and runC are required as they are the only currently supported
# execdrivers of Docker. NOTE: The version pinning here matches upstream's
# vendor.conf to ensure that we don't use a slightly incompatible version of
# runC or containerd (which would be bad).
-Requires: containerd = 0.2.8+gitr671_3addd8406531
-Requires: docker-runc = 1.0.0rc3+gitr3201_2d41c04
+Requires: containerd-git = %{required_containerd}
+Requires: docker-runc-git = %{required_dockerrunc}
# Provides mkfs.ext4 - used by Docker when devicemapper storage driver is used
Requires: e2fsprogs
Requires: git-core >= 1.7
@@ -124,7 +124,7 @@
Recommends: lvm2 >= 2.2.89
Conflicts: lxc < 1.0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-ExcludeArch: %ix86 s390 ppc
+ExcludeArch: s390 ppc
# Make sure we build with go 1.8
BuildRequires: go-go-md2man
BuildRequires: golang(API) = 1.8
@@ -181,19 +181,14 @@
%if 0%{?is_opensuse}
# nothing
%else
+# PATCH-SUSE: Secrets patches.
%patch200 -p1 -d components/engine
%patch201 -p1 -d components/engine
%endif
# bsc#1055676
+%patch400 -p1 -d components/engine
+# bsc#1021227 bsc#1029320 bsc#1058173
%patch401 -p1 -d components/engine
-# bsc#1045628
-%patch402 -p1 -d components/engine
-# boo#1064781
-%patch403 -p1 -d components/engine
-# boo#1066801 CVE-2017-16539
-%patch404 -p1 -d components/engine
-# boo#1066210 CVE-2017-14992
-%patch405 -p1 -d components/engine
cp %{SOURCE7} .
cp %{SOURCE9} .
@@ -203,10 +198,11 @@
%if 0%{?with_libseccomp}
BUILDTAGS="seccomp $BUILDTAGS"
%endif
-# For SLE12 libdevmapper.h is not recent enough to define
-# dm_task_deferred_remove().
%if 0%{?sle_version} == 120000
- BUILDTAGS="libdm_no_deferred_remove $BUILDTAGS"
+ # Provided by patch406, to allow us to build with older distros but still
+ # have deferred removal support at runtime. We only use this when building
+ # on SLE12.
+ BUILDTAGS="libdm_dlsym_deferred_remove $BUILDTAGS"
%endif
(cat <https://github.com/docker/docker-ce.git</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="versionformat">17.07.0_ce</param>
- <param name="revision">v17.07.0-ce</param>
+ <param name="versionformat">17.09.1_ce</param>
+ <param name="revision">v17.09.1-ce</param>
<param name="filename">docker</param>
</service>
<service name="recompress" mode="disabled">
++++++ bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch ++++++
From b492588a54b8efa1fba1de700cb3e0ad3fe665d9 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai
Date: Thu, 16 Nov 2017 17:09:16 +1100
Subject: [PATCH] pkg: devmapper: dynamically load dm_task_deferred_remove
dm_task_deferred_remove is not supported by all distributions, due to
out-dated versions of devicemapper. However, in the case where the
devicemapper library was updated without rebuilding Docker (which can
happen in some distributions) then we should attempt to dynamically load
the relevant object rather than try to link to it.
This can only be done if Docker was built dynamically, for obvious
reasons.
In order to avoid having issues arise when dlsym(3) was unnecessary,
gate the whole dlsym(3) logic behind a buildflag that we disable by
default (libdm_dlsym_deferred_remove).
SUSE-Bugs: bsc#1021227 bsc#1029320 bsc#1058173
Signed-off-by: Aleksa Sarai
---
hack/make.sh | 12 +-
...> devmapper_wrapper_dynamic_deferred_remove.go} | 10 +-
...mapper_wrapper_dynamic_dlsym_deferred_remove.go | 128 +++++++++++++++++++++
.../devmapper_wrapper_no_deferred_remove.go | 6 +-
4 files changed, 149 insertions(+), 7 deletions(-)
rename pkg/devicemapper/{devmapper_wrapper_deferred_remove.go => devmapper_wrapper_dynamic_deferred_remove.go} (78%)
create mode 100644 pkg/devicemapper/devmapper_wrapper_dynamic_dlsym_deferred_remove.go
diff --git a/hack/make.sh b/hack/make.sh
index bc18c066b66c..6e94824ad557 100755
--- a/hack/make.sh
+++ b/hack/make.sh
@@ -112,6 +112,12 @@ if [ ! "$GOPATH" ]; then
exit 1
fi
+# Adds $1_$2 to DOCKER_BUILDTAGS unless it already
+# contains a word starting from $1_
+add_buildtag() {
+ [[ " $DOCKER_BUILDTAGS" == *" $1_"* ]] || DOCKER_BUILDTAGS+=" $1_$2"
+}
+
if ${PKG_CONFIG} 'libsystemd >= 209' 2> /dev/null ; then
DOCKER_BUILDTAGS+=" journald"
elif ${PKG_CONFIG} 'libsystemd-journal' 2> /dev/null ; then
@@ -127,12 +133,14 @@ if \
fi
# test whether "libdevmapper.h" is new enough to support deferred remove
-# functionality.
+# functionality. We favour libdm_dlsym_deferred_remove over
+# libdm_no_deferred_remove in dynamic cases because the binary could be shipped
+# with a newer libdevmapper than the one it was built wih.
if \
command -v gcc &> /dev/null \
&& ! ( echo -e '#include \nint main() { dm_task_deferred_remove(NULL); }'| gcc -xc - -o /dev/null $(pkg-config --libs devmapper) &> /dev/null ) \
; then
- DOCKER_BUILDTAGS+=' libdm_no_deferred_remove'
+ add_buildtag libdm dlsym_deferred_remove
fi
# Use these flags when compiling the tests and final binary
diff --git a/pkg/devicemapper/devmapper_wrapper_deferred_remove.go b/pkg/devicemapper/devmapper_wrapper_dynamic_deferred_remove.go
similarity index 78%
rename from pkg/devicemapper/devmapper_wrapper_deferred_remove.go
rename to pkg/devicemapper/devmapper_wrapper_dynamic_deferred_remove.go
index 7f793c270868..bf57371ff4cf 100644
--- a/pkg/devicemapper/devmapper_wrapper_deferred_remove.go
+++ b/pkg/devicemapper/devmapper_wrapper_dynamic_deferred_remove.go
@@ -1,11 +1,15 @@
-// +build linux,cgo,!libdm_no_deferred_remove
+// +build linux,cgo,!static_build
+// +build !libdm_dlsym_deferred_remove,!libdm_no_deferred_remove
package devicemapper
-// #include
+/*
+#include
+*/
import "C"
-// LibraryDeferredRemovalSupport tells if the feature is enabled in the build
+// LibraryDeferredRemovalSupport tells if the feature is supported by the
+// current Docker invocation.
const LibraryDeferredRemovalSupport = true
func dmTaskDeferredRemoveFct(task *cdmTask) int {
diff --git a/pkg/devicemapper/devmapper_wrapper_dynamic_dlsym_deferred_remove.go b/pkg/devicemapper/devmapper_wrapper_dynamic_dlsym_deferred_remove.go
new file mode 100644
index 000000000000..5dfb369f1ff8
--- /dev/null
+++ b/pkg/devicemapper/devmapper_wrapper_dynamic_dlsym_deferred_remove.go
@@ -0,0 +1,128 @@
+// +build linux,cgo,!static_build
+// +build libdm_dlsym_deferred_remove,!libdm_no_deferred_remove
+
+package devicemapper
+
+/*
+#cgo LDFLAGS: -ldl
+#include
+#include
+#include
+
+// Yes, I know this looks scary. In order to be able to fill our own internal
+// dm_info with deferred_remove we need to have a struct definition that is
+// correct (regardless of the version of libdm that was used to compile it). To
+// this end, we define struct_backport_dm_info. This code comes from lvm2, and
+// I have verified that the structure has only ever had elements *appended* to
+// it (since 2001).
+//
+// It is also important that this structure be _larger_ than the dm_info that
+// libdevmapper expected. Otherwise libdm might try to write to memory it
+// shouldn't (they don't have a "known size" API).
+struct backport_dm_info {
+ int exists;
+ int suspended;
+ int live_table;
+ int inactive_table;
+ int32_t open_count;
+ uint32_t event_nr;
+ uint32_t major;
+ uint32_t minor;
+ int read_only;
+
+ int32_t target_count;
+
+ int deferred_remove;
+ int internal_suspend;
+
+ // Padding, purely for our own safety. This is to avoid cases where libdm
+ // was updated underneath us and we call into dm_task_get_info() with too
+ // small of a buffer.
+ char _[512];
+};
+
+// We have to wrap this in CGo, because Go really doesn't like function pointers.
+int call_dm_task_deferred_remove(void *fn, struct dm_task *task)
+{
+ int (*_dm_task_deferred_remove)(struct dm_task *task) = fn;
+ return _dm_task_deferred_remove(task);
+}
+*/
+import "C"
+
+import (
+ "unsafe"
+
+ "github.com/sirupsen/logrus"
+)
+
+// dm_task_deferred_remove is not supported by all distributions, due to
+// out-dated versions of devicemapper. However, in the case where the
+// devicemapper library was updated without rebuilding Docker (which can happen
+// in some distributions) then we should attempt to dynamically load the
+// relevant object rather than try to link to it.
+
+// dmTaskDeferredRemoveFct is a "bound" version of dm_task_deferred_remove.
+// It is nil if dm_task_deferred_remove was not found in the libdevmapper that
+// is currently loaded.
+var dmTaskDeferredRemovePtr unsafe.Pointer
+
+// LibraryDeferredRemovalSupport tells if the feature is supported by the
+// current Docker invocation. This value is fixed during init.
+var LibraryDeferredRemovalSupport bool
+
+func init() {
+ // Clear any errors.
+ var err *C.char
+ C.dlerror()
+
+ // The symbol we want to fetch.
+ symName := C.CString("dm_task_deferred_remove")
+ defer C.free(unsafe.Pointer(symName))
+
+ // See if we can find dm_task_deferred_remove. Since we already are linked
+ // to libdevmapper, we can search our own address space (rather than trying
+ // to guess what libdevmapper is called). We use NULL here, as RTLD_DEFAULT
+ // is not available in CGO (even if you set _GNU_SOURCE for some reason).
+ // The semantics are identical on glibc.
+ sym := C.dlsym(nil, symName)
+ err = C.dlerror()
+ if err != nil {
+ logrus.Debugf("devmapper: could not load dm_task_deferred_remove: %s", C.GoString(err))
+ return
+ }
+
+ logrus.Debugf("devmapper: found dm_task_deferred_remove at %x", uintptr(sym))
+ dmTaskDeferredRemovePtr = sym
+ LibraryDeferredRemovalSupport = true
+}
+
+func dmTaskDeferredRemoveFct(task *cdmTask) int {
+ sym := dmTaskDeferredRemovePtr
+ if sym == nil || !LibraryDeferredRemovalSupport {
+ return -1
+ }
+ return int(C.call_dm_task_deferred_remove(sym, (*C.struct_dm_task)(task)))
+}
+
+func dmTaskGetInfoWithDeferredFct(task *cdmTask, info *Info) int {
+ if !LibraryDeferredRemovalSupport {
+ return -1
+ }
+
+ Cinfo := C.struct_backport_dm_info{}
+ defer func() {
+ info.Exists = int(Cinfo.exists)
+ info.Suspended = int(Cinfo.suspended)
+ info.LiveTable = int(Cinfo.live_table)
+ info.InactiveTable = int(Cinfo.inactive_table)
+ info.OpenCount = int32(Cinfo.open_count)
+ info.EventNr = uint32(Cinfo.event_nr)
+ info.Major = uint32(Cinfo.major)
+ info.Minor = uint32(Cinfo.minor)
+ info.ReadOnly = int(Cinfo.read_only)
+ info.TargetCount = int32(Cinfo.target_count)
+ info.DeferredRemove = int(Cinfo.deferred_remove)
+ }()
+ return int(C.dm_task_get_info((*C.struct_dm_task)(task), (*C.struct_dm_info)(unsafe.Pointer(&Cinfo))))
+}
diff --git a/pkg/devicemapper/devmapper_wrapper_no_deferred_remove.go b/pkg/devicemapper/devmapper_wrapper_no_deferred_remove.go
index a880fec8c499..80b034b3ff17 100644
--- a/pkg/devicemapper/devmapper_wrapper_no_deferred_remove.go
+++ b/pkg/devicemapper/devmapper_wrapper_no_deferred_remove.go
@@ -1,8 +1,10 @@
-// +build linux,cgo,libdm_no_deferred_remove
+// +build linux,cgo
+// +build !libdm_dlsym_deferred_remove,libdm_no_deferred_remove
package devicemapper
-// LibraryDeferredRemovalSupport tells if the feature is enabled in the build
+// LibraryDeferredRemovalSupport tells if the feature is supported by the
+// current Docker invocation.
const LibraryDeferredRemovalSupport = false
func dmTaskDeferredRemoveFct(task *cdmTask) int {
--
2.15.1
++++++ bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch ++++++
--- /var/tmp/diff_new_pack.ufTQlA/_old 2017-12-21 11:25:17.503403303 +0100
+++ /var/tmp/diff_new_pack.ufTQlA/_new 2017-12-21 11:25:17.503403303 +0100
@@ -1,4 +1,4 @@
-From 6f18798a72d330f282ff7beb554d298f30531c8f Mon Sep 17 00:00:00 2001
+From a24b98c0fc45d640b4eed8105033b313b8145e35 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai
Date: Sun, 15 Oct 2017 17:06:20 +1100
Subject: [PATCH] daemon: oci: obey CL_UNPRIVILEGED for user namespaced daemon
@@ -21,13 +21,13 @@
1 file changed, 46 insertions(+)
diff --git a/daemon/oci_linux.go b/daemon/oci_linux.go
-index 9cf6674dfe11..0f1dabc31100 100644
+index 0f8a392c2621..89ac627ff090 100644
--- a/daemon/oci_linux.go
+++ b/daemon/oci_linux.go
-@@ -27,6 +27,7 @@ import (
- "github.com/opencontainers/runc/libcontainer/devices"
- "github.com/opencontainers/runc/libcontainer/user"
- specs "github.com/opencontainers/runtime-spec/specs-go"
+@@ -26,6 +26,7 @@ import (
+ "github.com/opencontainers/runc/libcontainer/user"
+ specs "github.com/opencontainers/runtime-spec/specs-go"
+ "github.com/sirupsen/logrus"
+ "golang.org/x/sys/unix"
)
@@ -71,7 +71,7 @@
var (
mountPropagationMap = map[string]int{
"private": mount.PRIVATE,
-@@ -573,6 +606,19 @@ func setMounts(daemon *Daemon, s *specs.Spec, c *container.Container, mounts []c
+@@ -575,6 +608,19 @@ func setMounts(daemon *Daemon, s *specs.Spec, c *container.Container, mounts []c
opts = append(opts, mountPropagationReverseMap[pFlag])
}
@@ -92,5 +92,5 @@
s.Mounts = append(s.Mounts, mt)
}
--
-2.14.2
+2.15.0
++++++ docker-17.07.0_ce.tar.xz -> docker-17.09.1_ce.tar.xz ++++++
++++ 247114 lines of diff (skipped)
++++++ secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch ++++++
--- /var/tmp/diff_new_pack.ufTQlA/_old 2017-12-21 11:25:20.499257227 +0100
+++ /var/tmp/diff_new_pack.ufTQlA/_new 2017-12-21 11:25:20.499257227 +0100
@@ -1,4 +1,4 @@
-From 102c28e548a544d672163300334d01240cfc965b Mon Sep 17 00:00:00 2001
+From 5022c3554723040682444e324cd26ec8e2500131 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai
Date: Wed, 8 Mar 2017 12:41:54 +1100
Subject: [PATCH 1/2] daemon: allow directory creation in /run/secrets
@@ -14,7 +14,7 @@
1 file changed, 21 insertions(+), 3 deletions(-)
diff --git a/daemon/container_operations_unix.go b/daemon/container_operations_unix.go
-index 84b7eb352f1a..dc3a48bfe47a 100644
+index 954c194ea836..3ef1e0262edc 100644
--- a/daemon/container_operations_unix.go
+++ b/daemon/container_operations_unix.go
@@ -3,6 +3,7 @@
@@ -26,7 +26,7 @@
"fmt"
"io/ioutil"
@@ -13,6 +14,7 @@ import (
- "github.com/Sirupsen/logrus"
+
"github.com/docker/docker/container"
"github.com/docker/docker/daemon/links"
+ "github.com/docker/docker/pkg/archive"
@@ -70,5 +70,5 @@
return errors.Wrap(err, "error setting ownership for secret")
}
--
-2.15.0
+2.15.1
++++++ secrets-0002-SUSE-implement-SUSE-container-secrets.patch ++++++
--- /var/tmp/diff_new_pack.ufTQlA/_old 2017-12-21 11:25:20.511256642 +0100
+++ /var/tmp/diff_new_pack.ufTQlA/_new 2017-12-21 11:25:20.511256642 +0100
@@ -1,4 +1,4 @@
-From c62fb8fa766b6917839987b7e1323f0523166d32 Mon Sep 17 00:00:00 2001
+From a84aa9152b50ea1fd73a7d09246ac056534d0e48 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai
Date: Wed, 8 Mar 2017 11:43:29 +1100
Subject: [PATCH 2/2] SUSE: implement SUSE container secrets
@@ -19,7 +19,7 @@
create mode 100644 daemon/suse_secrets.go
diff --git a/daemon/start.go b/daemon/start.go
-index 55438cf2c45f..7dfa6cd1d055 100644
+index de32a649d7ed..2b6137d315e9 100644
--- a/daemon/start.go
+++ b/daemon/start.go
@@ -147,6 +147,11 @@ func (daemon *Daemon) containerStart(container *container.Container, checkpoint
@@ -33,7 +33,7 @@
+
spec, err := daemon.createSpec(container)
if err != nil {
- return err
+ return systemError{err}
diff --git a/daemon/suse_secrets.go b/daemon/suse_secrets.go
new file mode 100644
index 000000000000..9d0788f0410d
@@ -74,7 +74,7 @@
+ "github.com/docker/docker/pkg/archive"
+ "github.com/docker/docker/pkg/idtools"
+ "github.com/opencontainers/go-digest"
-+ "github.com/Sirupsen/logrus"
++ "github.com/sirupsen/logrus"
+
+ swarmtypes "github.com/docker/docker/api/types/swarm"
+ swarmexec "github.com/docker/swarmkit/agent/exec"
@@ -432,5 +432,5 @@
+ return nil
+}
--
-2.15.0
+2.15.1