diff options
Diffstat (limited to 'app-containers')
19 files changed, 48 insertions, 1629 deletions
diff --git a/app-containers/Manifest.gz b/app-containers/Manifest.gz Binary files differindex a031f94ac084..84aca98feaad 100644 --- a/app-containers/Manifest.gz +++ b/app-containers/Manifest.gz diff --git a/app-containers/cni-plugins/Manifest b/app-containers/cni-plugins/Manifest index 54e6f1671df1..5735ebf85470 100644 --- a/app-containers/cni-plugins/Manifest +++ b/app-containers/cni-plugins/Manifest @@ -2,8 +2,10 @@ AUX cni-dhcp.initd 376 BLAKE2B 5fe40f28773ffbb12416b40e3813578d28787e9ee26ec4a62 DIST cni-plugins-0.9.1.tar.gz 2703099 BLAKE2B 878f476e62f12020b39d33a79723fe246b34d80705d3a336573401743392adca9a57b196d6d191b4a6f281110f47ecbb1525aacd91cd488bea61c7aaed12a6ef SHA512 24e8fcedbff2ae7a83aa96085b546b164de6a0884d593e3b5386e9d2de3c4d9a215db9e9405332020cc45c371709a32b600e263e4f8dee62c51adafdc0180f24 DIST cni-plugins-1.1.1.tar.gz 3076064 BLAKE2B 2fd70260995e423d2b4ac3a8d2135074baffe5d36177d5e1e5a9ce146f6d2ecfeb3b843de62e43f863085ff965be4160cf5f4cae892d3c59070ef390409ef3c9 SHA512 03da31caee5f9595abf65d4a551984b995bc18c5e97409549f08997c5a6a2b41a8950144f8a5b4f810cb401ddbe312232d2be76ec977acf8108eb490786b1817 DIST cni-plugins-1.2.0.tar.gz 3365015 BLAKE2B 6b487a9c9b240c73510f2bc6aaa4a6c79055e43cacca8204781dbc65d231164fed9f3f68a2a0cead7a41a67bfc9d9e4480b488be26415d368da007559a721b25 SHA512 fb6fb4f46ac1610b3721f5f3a6ddfb096cbf2e5d5b792306edca5351a3944d2f802170d83e5adec01420395bf64fc8a174ede61ac9b93b5ac6b938a4b48651e6 +DIST cni-plugins-1.3.0.tar.gz 3684138 BLAKE2B c5599f1d8ac3bffb802877ae8c49024a9dea1940923316e534397a8dc7e467f6fe3ceef514a41522611a8f06c4f4ba0788105081e68a4712e2eefade33226c7b SHA512 87e186b3cd64f66280f5b2293dcdd1fc22cb8f51a248124fb622adc48a893348419ba4c29c4769dede4d9e60f2e9fea5d4198f10badb4ecd20a1551e0b344e10 EBUILD cni-plugins-0.9.1.ebuild 948 BLAKE2B 340be886eb779358a8a7f6fe7a94bbc45dd53e51b65f729bfc1eb614e2a8e7db1b7b19622b75b8fb382882ce6d4915ab1b9a3282b7cc76de7efbfd07cea40fc6 SHA512 0a25abd6833e459576afdc3174afe57491a86b5eff6aba6d718db439af1acd983ccc769619448683ae42b57a561a785599146a9f6423dbae7395c625819739cd EBUILD cni-plugins-1.1.1-r1.ebuild 1119 BLAKE2B cdff1f61f07687a78b846e69766519f53b6f06f1624c13835658d430ce74710959db3a50c6f8d893855d02d91c841c75b7caed6d49b128a5f3ff931fa92cbfa1 SHA512 8e4493e5720ba4726285b7aaf90c55378b163256c7c92bd64e029f8dadd1b2327dfeaa06bb8d44ff9e3c099c82fc867845dfa3050d49a436b47a14f06c27f372 EBUILD cni-plugins-1.1.1.ebuild 1026 BLAKE2B 43b5cfb19b0f5413ae5a34168c29746cd9994a29f75b062189ce7b21fca28c504509a7778f302355d6ab9feb4717111a78adefd93a5a401fedb439f9c16c29bb SHA512 8a177cfb045ccb108abde16e90f61bda39bec7227e9161e8957f37c8049004cad4628b5dcc82bb98e789f56856d38e9c27628a57d473b4ad843329072470362d EBUILD cni-plugins-1.2.0.ebuild 1119 BLAKE2B f5534fbe2d24ffb0b24c860ff713a9dd81d2db48b39561a812f98cce7da45c096d6af879e4f199d64e7c39fe4997bdec6d130c44c6c33b71b7374f7bc2798a02 SHA512 a5c49edd662f1a8fd2b4826bdefe56aa5a1de78e40ac0fd3154b4b014e4b7319b936959b10f41e6ce298340f14cf591f66bb98f105b1d2628c11d91246e950bd +EBUILD cni-plugins-1.3.0.ebuild 1119 BLAKE2B f5534fbe2d24ffb0b24c860ff713a9dd81d2db48b39561a812f98cce7da45c096d6af879e4f199d64e7c39fe4997bdec6d130c44c6c33b71b7374f7bc2798a02 SHA512 a5c49edd662f1a8fd2b4826bdefe56aa5a1de78e40ac0fd3154b4b014e4b7319b936959b10f41e6ce298340f14cf591f66bb98f105b1d2628c11d91246e950bd MISC metadata.xml 351 BLAKE2B 3565fe13764f828aed1288724a2939be57e523e0d0a9ccf3c091715e6f1e102155a7fa28191a3c87d669d51a0fa087a89587d83fe6c4747d5d9b31da11c1578c SHA512 6cfe3058d20387245c2f4823c7629d464115783e3c9ed1e45769d6e13f2f35f94656c66c0b1572f8eb229e6bf43510dbc35d117d6a3379e15b5b6ababc077856 diff --git a/app-containers/cni-plugins/cni-plugins-1.3.0.ebuild b/app-containers/cni-plugins/cni-plugins-1.3.0.ebuild new file mode 100644 index 000000000000..b21d3a20952c --- /dev/null +++ b/app-containers/cni-plugins/cni-plugins-1.3.0.ebuild @@ -0,0 +1,37 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 +inherit go-module linux-info systemd + +DESCRIPTION="Standard networking plugins for container networking" +HOMEPAGE="https://github.com/containernetworking/plugins" +SRC_URI="https://github.com/containernetworking/plugins/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="~amd64 ~arm64 ~ppc64 ~riscv" +IUSE="hardened" + +RDEPEND="net-firewall/iptables" + +CONFIG_CHECK="~BRIDGE_VLAN_FILTERING ~NETFILTER_XT_MATCH_COMMENT + ~NETFILTER_XT_MATCH_MULTIPORT" + +S="${WORKDIR}/plugins-${PV}" + +src_compile() { + CGO_LDFLAGS="$(usex hardened '-fno-PIC ' '')" ./build_linux.sh || die +} + +src_install() { + exeinto /opt/cni/bin + doexe bin/* + dodoc README.md + local i + for i in plugins/{meta/{bandwidth,firewall,flannel,portmap,sbr,tuning},main/{bridge,host-device,ipvlan,loopback,macvlan,ptp,vlan},ipam/{dhcp,host-local,static},sample}; do + newdoc README.md ${i##*/}.README.md + done + systemd_dounit plugins/ipam/dhcp/systemd/cni-dhcp.{service,socket} + newinitd "${FILESDIR}"/cni-dhcp.initd cni-dhcp +} diff --git a/app-containers/containerd/Manifest b/app-containers/containerd/Manifest index 8369191f1475..9dad3a5f5ada 100644 --- a/app-containers/containerd/Manifest +++ b/app-containers/containerd/Manifest @@ -1,7 +1,7 @@ AUX containerd.confd 124 BLAKE2B 25f72941a47374fa0de3a2dce3d8ca57420f013a0d7527e59697499490ed964b7606819c6d67b9eee1ac6691fa52a65750446d8e46ed9af708d946c24e86704b SHA512 66d891b0d2a541fee2017382ccbea6ea3f93d94c4ff15e1d8626ed84d3d7c0231b0939b2473804d41ac3ad2714267255347d1c671e1d99952d484a8b555948be AUX containerd.initd 794 BLAKE2B 88a1976615e4e9d67c10ed3748aadd74ae13ef4cf004bb5b5d45216275715e3acffa8c0c98309d81298795ac007bde02d2f3afd466c7c54e58012a12f156198f SHA512 f31b088e988beb84ef029992255018561417c0e92803dffe35ec481515e1be79ba4611cc139bb5000b0ac79a437f1a6dec3516d6f9580d4b384f1e0f092d8370 -DIST containerd-1.6.19.tar.gz 8706434 BLAKE2B cd6a85721f0752b6c7c5c098153d581375db6f877e261097a7d74a78dc0957e6beeea38c1aa7c53227ed84e727744811fa38863097cb137b8ba775e1f04fb9b2 SHA512 dca78d472dfbc6fc4d9b0b3a0d0a131d3575163c52e4fe18ea2c6147868b8822c54046c0709974e9b90472b882ba3890ada7f0fcbf31549efffba0d91531886c DIST containerd-1.7.1.tar.gz 9682254 BLAKE2B f168070caf2b76f0be350a98f41bfdbfe6d78344d68821fb92a29f839a6e847d795e5b79436e36f985aa88028ff1c3f44f134cf6bd502ddac22453a457bd952b SHA512 e9b00ba8f4dd1b5b1088060d3822f684611d43b367ddfeb1bee1660140af85f31e9c9bfc600a67e8fc8645a625dc4e1919d9af7291bdeaa607bff7065a4fc945 -EBUILD containerd-1.6.19.ebuild 1927 BLAKE2B 7131884f709d6703034b75cd03dcd31e8bd7972177b415931fdeb4e2698ae6412e423a7596c1826d4ff3550eab34af98f73d1b19c2ee97498f503cd66a241892 SHA512 4d6f87a38149de29e87e6ee6ce5b54dbee16974138ed9ba8a7a101467dfeaebf58b76f220277fc5b616d45e7f90f5d84303f822e9e5692887724b601d6c6e6dd +DIST containerd-1.7.2.tar.gz 9688701 BLAKE2B d31cd0e96bb2675390cc63d06114e37d532b7c666b3ffc5b0087dfcef8de23559471f08bf8a52b164c5f645faf1b8102ab2ccdd8ec417a1c74336097f0c3a899 SHA512 c0d4c02991b7e9fc341c4ef3df2d93097f5854a51b99596ed95436a79f7a586820bb8bb7c17fc43b5f38d97ea942e59490fbbf6c9710391ef9caae3d34627bc5 EBUILD containerd-1.7.1-r1.ebuild 1975 BLAKE2B 46d84564110988f1c9a6a76101fbc439237d303dc9bd63c240250b666abbbbad92416cac822c0bf6882fe2ab6f2aac4cdea9a42b0eba67b472a88c24a88c2fe4 SHA512 ba2b77f93c115a57286eecefa4b826c925ccb06ebcd8283b13981548cfd82a2f0b0e9febf147d04eb4f47711cc5ea95ca8017cdf7f4ddfb32b502b8ade0f547d +EBUILD containerd-1.7.2.ebuild 1978 BLAKE2B d5c26371468150ed09683ea01250b87802e9862cbb5d15556a16488841ff1f98f9f2aaed054bec160a88e3e00291065c13c9c35e1df5be35639910c44c0d376e SHA512 ec53beae6b6365911a164ffca5d9993b22f4c5a68aeaa886705a1be1aa5d965beef59a704f6c9de16e41442b63ba39e81ab52793c2d544c1b0bcc89a03b43213 MISC metadata.xml 1093 BLAKE2B 692497be353e27b92d968142a155b5010a60f60739e1cfc9faeb966033f868c67e18c8feaaf661903266f160742a0c9e3d34485258df3ace9e8982d2ad3602d6 SHA512 18280d46fe79ecbcfd4e3f9cc139103da1fca31b6a5cfafb4c9c30d8b2a559fa30bf71f17f228a96c56506c5e18eb7c1f3340b5428c213be9e2e45e4cf5fc407 diff --git a/app-containers/containerd/containerd-1.6.19.ebuild b/app-containers/containerd/containerd-1.7.2.ebuild index ae8d1150aa07..498fb8d90a5f 100644 --- a/app-containers/containerd/containerd-1.6.19.ebuild +++ b/app-containers/containerd/containerd-1.7.2.ebuild @@ -3,7 +3,7 @@ EAPI=8 inherit go-module systemd -GIT_REVISION=1e1ea6e986c6c86565bc33d52e34b81b3e2bc71f +GIT_REVISION=0cae528dd6cb557f7201036e9f43420650207b58 DESCRIPTION="A daemon to control runC" HOMEPAGE="https://containerd.io/" @@ -11,7 +11,7 @@ SRC_URI="https://github.com/containerd/containerd/archive/v${PV}.tar.gz -> ${P}. LICENSE="Apache-2.0" SLOT="0" -KEYWORDS="amd64 ~arm arm64 ppc64 ~riscv ~x86" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86" IUSE="apparmor btrfs device-mapper +cri hardened +seccomp selinux test" DEPEND=" @@ -22,7 +22,7 @@ DEPEND=" # recommended version of runc is found in script/setup/runc-version RDEPEND=" ${DEPEND} - ~app-containers/runc-1.1.4 + ~app-containers/runc-1.1.7[apparmor?,seccomp?] " BDEPEND=" @@ -69,6 +69,7 @@ src_compile() { } src_install() { + rm "${D}"/bin/gen-manpages dobin bin/* doman man/* newconfd "${FILESDIR}"/${PN}.confd "${PN}" diff --git a/app-containers/distrobox/Manifest b/app-containers/distrobox/Manifest index c4d66221111b..94f287d281ea 100644 --- a/app-containers/distrobox/Manifest +++ b/app-containers/distrobox/Manifest @@ -1,6 +1,6 @@ DIST distrobox-1.4.2.1.tar.gz 235019 BLAKE2B dd512b183763a2e4c7e2b495bb50cc3fc3d764c48ce902b83e0b543587b60b458c6b9ae937057bfc91860dc415f9ad68fb648cf06faeeb56d0a4c27180e4c2e0 SHA512 d3bc1de91bf33b7ac500c0ae471feb28c9b1efdef6878bf1aed50ef394f69d2d36f99296f0a8182b139d9339558720b891f7dc1249a7f91c883c00bac5597283 DIST distrobox-1.5.0.2.tar.gz 5899915 BLAKE2B 2ab49e09b49dc674e0fdfd2783e4a63f12a9ec954674950c5c6f497500e1b1a6697b7350b7dfd9a246f4d3efe228c7610adde79832b0da13967b88c561186194 SHA512 41f889e8e0c0ce7019d4b1a8c638b8de8260df5c541c4068430580820094ae04b6bd8dd5a6e1a82541daf8c4f5cfed0165dc1a85e01906093d3c1a4d715e23b1 EBUILD distrobox-1.4.2.1.ebuild 722 BLAKE2B 199e4736b0acd141bdc427697b0c43f823c9a8228d0370e56c06100c99e98f1e7234ec38944f2afe937b682eea4a19b0463d0ee404e4e2d57fdc6fba000ad824 SHA512 45dc34339c58d55d2cfc742cd4b1ff9ccf846468ae8edb5930c187b1bc9f13ca89acf34e24f265fdfbd87493fcbc11ef4f021f81d55ae9e8e22e785ecf749a29 -EBUILD distrobox-1.5.0.2.ebuild 723 BLAKE2B 5a7c80037a99b9731d779e5df9257a4c450175f1b936b7d856590f0f29009bbd73f5eb452e1db2ab848c9fc6a4354056d5509e6425df3363cecfbf52451fd436 SHA512 2772e5b244bd9e4758b52ecb916ca3fb06c86adc6db34c9b8970e99360f115dfd292640855159094eb66e58cc3c254db47129edf383ff2ecfccea8b416ebbdbf +EBUILD distrobox-1.5.0.2.ebuild 734 BLAKE2B dbabe8f458b107b33c71f86ffb59402882a047e5b74012a2b2fede98d36346ed4eca745f185af912e8916812d6360d849db9676347aa06ce2b033c557255633c SHA512 21daa080d77a242ac995c88578253151b67f0a85ea725a157e78611011d5c69a8beb35c96d5bd276191dd2a67e54897664e84af6587d6e9d2ff42097cc71c8cb EBUILD distrobox-9999.ebuild 723 BLAKE2B 19fdaf771bc7ba3217245b84fd5eccc86285e106671dc44d37ffd94b4827849c68f327d80e91aae35c9ff5dca6f6a575770d96281066c6c27a7e7fde6fb95604 SHA512 ed1ab9ee3115fc409b9e2aefc2cd5063cc76d05e3fac891fe5ddea3dbb527cc576b76ff0f49e30c28e8b32e06a466968ae0b28bfd1f3f00b4613ff340b21dbfa MISC metadata.xml 957 BLAKE2B a02f57f2c65a9241edbc6a1e99170712ceca000977c2271ba51c5311e7718471585ea791ed8c978a86a961d02450623c05b5f9006d4386be2130df08341b0e49 SHA512 65f455bcfd246a8de0084e1534dc85f09435f1fad2590ba87dda0bed90d8fa976d3fad2142b2006a596e713d3d91f0d3d3156017cebacf9dc7883596edb0740f diff --git a/app-containers/distrobox/distrobox-1.5.0.2.ebuild b/app-containers/distrobox/distrobox-1.5.0.2.ebuild index b9fc4f8ee11b..222e12a7952b 100644 --- a/app-containers/distrobox/distrobox-1.5.0.2.ebuild +++ b/app-containers/distrobox/distrobox-1.5.0.2.ebuild @@ -13,7 +13,7 @@ if [[ ${PV} == *9999* ]] ; then else SRC_URI="https://github.com/89luca89/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz" - KEYWORDS="~amd64 ~x86" + KEYWORDS="amd64 ~arm ~arm64 ~x86" fi LICENSE="GPL-3" # GPL-3.0-only ! diff --git a/app-containers/docker-cli/Manifest b/app-containers/docker-cli/Manifest index b1054ad453e1..722b9ae33433 100644 --- a/app-containers/docker-cli/Manifest +++ b/app-containers/docker-cli/Manifest @@ -1,11 +1,4 @@ -AUX docker-cli-24.0.4-vendor.patch 3505 BLAKE2B c94237a3dcea1001ab160bcbec83fdc1a504bd0762217538327538d619413e9df40acfdda2d675690b3d53c01373fbcea34ec41bfd780be88d41d4fea8b47f15 SHA512 648d5ca9f3a36c1a25bafb9bdc452e92fe7c4c6e73bf70cb6afdda56e1478e464019fa06652e1bf5b8d0fd40a9e946ffc9672e07a56ec6544b0034a5a74924d6 -DIST docker-cli-23.0.3-man.tar.xz 81976 BLAKE2B e7390b429d0db2445035da506bb796364f97e6560e766a28d1245e6a76c84314c38af1f3a946d2eb1785132d26805e0d3a76c374559e70989b64e8ce917f8423 SHA512 842d7187ad8a3933d815057ec535c13466c56bd051c7133e6e0a9c85f5140e4ef61b66771ee6788c8fb50d10652a86b663f29fe4ec3190773f70fd45f36fbcd4 -DIST docker-cli-23.0.3.tar.gz 6215298 BLAKE2B 817ca474d61839c8b5929db9bfa964b936285622859ab30f45be2f382238a5e49987fdbcdc896eaa7109f114166cf0e1dbc4f001cefe293a6c286b50e2737258 SHA512 873783a0fe9ecab3b8f251c842ba69070e0dffbb4a758c16165441b2f483d55d15b98fd7da0707e483995ac2d1fbb9a0f13f570b78486382b26d6ca6c5e612a9 -DIST docker-cli-24.0.4-man.tar.xz 82500 BLAKE2B 67b113ea0a0b8377a2ab8c887849e2d8e6a57cf914bf1c6a1cdcc44978e154ee5b18abdc1b509d3c7367760204bcb1b896f2335a6ff18470433b08f3ce82d346 SHA512 fe7320bb0bacbddba0b00c1351591eceb96386e0e5141b7c399d483f6e549b687b8b3db4b33c127ded118f723d6eb5cbb995733be13c362a0e680f96b221b351 -DIST docker-cli-24.0.4.tar.gz 6242506 BLAKE2B 2cc66a43dce613f0940a0aa2ffac075562ff58a483e68511f47a05bb27dc997547522ebd546d314c932d79eb366699b319d9ed561d481ef072bcd40d6993a6d1 SHA512 6b59e01ad975961f64a7c04c719b83dcd95875c223fc11dc3cb4fc6792b6a478fd014559a775ab59b8156e4476a1424cb997c7ae97a692be317b9e7d24ed92fb DIST docker-cli-24.0.5-man.tar.xz 82496 BLAKE2B f3295b684dbf8d251ba13a19b9bad9b828fce7d2f76b6643b1cf579cd297b770e8f7304bd3fce823badfbe97e9b760a108b819ca3c760a55e352cf3c5235d815 SHA512 683b0f131902e0a57512207daa49534d73aac6db99dc8621ac6b48eeef26b873e2ba03fe4afe6f1e84c5922e4c60bf0e80e24cc95cdbf2a4953d1c11b80d56ad DIST docker-cli-24.0.5.tar.gz 6243993 BLAKE2B a7ce84ecf329bc74e48f3a6e1b12a9e310a8f27ac68918ffeb40ab9c4eab8b79e753265b48220fcd3ab40b4136de5ebd44607831f642664eaf732111bd8f41b1 SHA512 765c67634d91d248b156d3e407398b98b7a0a89507bbac0310d4a68b95aa1a05e3af43c8b90bc10166748749d8cc36670619fc9efca110beefbdcd4385dc96be -EBUILD docker-cli-23.0.3.ebuild 1916 BLAKE2B 714ccdfe708f2d2c9adae830189243a5fa38eaf144418bf77925e8e2acd5716220a96d5924b65b66bf3f8699336bb47c215f29fb58746089939755c813737562 SHA512 caba0e08042eb3694b82e4d8b8eb80bbf4823fed10048eae02529c7e87e23c53b0365eb609cb64e966d90515b571e72757aa5d1c23bb9dbc6af516f47906a111 -EBUILD docker-cli-24.0.4-r1.ebuild 1962 BLAKE2B 0944259392cf77112dc12d5a2ac48af51ba5dca11b61018efed1be4d264d22ac2bee71cd537defba15cc5df29bbbc07872023aa6e71db74719dcbf4a203470bc SHA512 e0357318d62687a191f8ab11f9e51c7dc38fe71fe804bddf8b2a99eaccef3c4179523a3e2a24733205fa84b34591c4e5b62f3f4e23506d4a775f500af3139ed5 EBUILD docker-cli-24.0.5.ebuild 1916 BLAKE2B a5a41f88d0865638c92efc4b4e377d54db4b32d4c1d21befab6c0822b0a243c36e14a38449ca022ac0a9e2d234198d558ba0bc0febeb9879fd416cdbad3ee8dc SHA512 2eec9b6af9baa8b6741ea4cfd87aa81f674ac4d896ae8ccc15b1495fca9670acd0df3f75bcfd2271bf8f2ac2f555f28776e55f04389e8b539d4cda2057ef0f01 MISC metadata.xml 689 BLAKE2B 45f4a07f9d949ad4e0175908af936140573bd257f7b11f9b9cc25cdd52bb821a294036635fd81662bcd348aa21e69b5582ab2dc8efaf94dbbdc9608b131414f4 SHA512 efe37f3ae8bc6b26433b7bacfda203ea3b480f419b343921214f19a4ad4e25b2cca5f0426a27348902f51ef15f558e81599ccdadcab6504f9d22314bb472d80c diff --git a/app-containers/docker-cli/docker-cli-23.0.3.ebuild b/app-containers/docker-cli/docker-cli-23.0.3.ebuild deleted file mode 100644 index beff01152401..000000000000 --- a/app-containers/docker-cli/docker-cli-23.0.3.ebuild +++ /dev/null @@ -1,70 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 -GIT_COMMIT=3e7cbfdee1 -EGO_PN="github.com/docker/cli" -MY_PV=${PV/_/-} -inherit bash-completion-r1 golang-vcs-snapshot - -DESCRIPTION="the command line binary for docker" -HOMEPAGE="https://www.docker.com/" -SRC_URI="https://github.com/docker/cli/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz" -SRC_URI+=" https://dev.gentoo.org/~williamh/dist/${P}-man.tar.xz" - -LICENSE="Apache-2.0" -SLOT="0" -KEYWORDS="amd64 ~arm arm64 ~loong ppc64 ~riscv ~x86" -IUSE="hardened selinux" - -RDEPEND="!<app-containers/docker-20.10.1 - selinux? ( sec-policy/selinux-docker )" -BDEPEND=" - >=dev-lang/go-1.16.6" - -RESTRICT="installsources strip test" - -S="${WORKDIR}/${P}/src/${EGO_PN}" - -src_unpack() { - golang-vcs-snapshot_src_unpack - set -- ${A} - unpack ${2} -} - -src_prepare() { - default - sed -i 's@dockerd\?\.exe@@g' contrib/completion/bash/docker || die -} - -src_compile() { - export DISABLE_WARN_OUTSIDE_CONTAINER=1 - export GOPATH="${WORKDIR}/${P}" - # setup CFLAGS and LDFLAGS for separate build target - # see https://github.com/tianon/docker-overlay/pull/10 - export CGO_CFLAGS="-I${ESYSROOT}/usr/include" - export CGO_LDFLAGS="-L${ESYSROOT}/usr/$(get_libdir)" - emake \ - LDFLAGS="$(usex hardened '-extldflags -fno-PIC' '')" \ - VERSION="${PV}" \ - GITCOMMIT="${GIT_COMMIT}" \ - dynbinary -} - -src_install() { - dobin build/docker - doman "${WORKDIR}"/man/man?/* - dobashcomp contrib/completion/bash/* - bashcomp_alias docker dockerd - insinto /usr/share/fish/vendor_completions.d/ - doins contrib/completion/fish/docker.fish - insinto /usr/share/zsh/site-functions - doins contrib/completion/zsh/_* -} - -pkg_postinst() { - has_version "app-containers/docker-buildx" && return - ewarn "the 'docker build' command is deprecated and will be removed in a" - ewarn "future release. If you need this functionality, install" - ewarn "app-containers/docker-buildx." -} diff --git a/app-containers/docker-cli/docker-cli-24.0.4-r1.ebuild b/app-containers/docker-cli/docker-cli-24.0.4-r1.ebuild deleted file mode 100644 index 16114e7f2004..000000000000 --- a/app-containers/docker-cli/docker-cli-24.0.4-r1.ebuild +++ /dev/null @@ -1,74 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 -GIT_COMMIT=3713ee1eea -EGO_PN="github.com/docker/cli" -MY_PV=${PV/_/-} -inherit bash-completion-r1 golang-vcs-snapshot - -DESCRIPTION="the command line binary for docker" -HOMEPAGE="https://www.docker.com/" -SRC_URI="https://github.com/docker/cli/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz" -SRC_URI+=" https://dev.gentoo.org/~williamh/dist/${P}-man.tar.xz" - -LICENSE="Apache-2.0" -SLOT="0" -KEYWORDS="amd64 ~arm arm64 ~loong ppc64 ~riscv ~x86" -IUSE="hardened selinux" - -RDEPEND="!<app-containers/docker-20.10.1 - selinux? ( sec-policy/selinux-docker )" -BDEPEND=" - >=dev-lang/go-1.16.6" - -PATCHES=( - "${FILESDIR}/${P}-vendor.patch" -) - -RESTRICT="installsources strip test" - -S="${WORKDIR}/${P}/src/${EGO_PN}" - -src_unpack() { - golang-vcs-snapshot_src_unpack - set -- ${A} - unpack ${2} -} - -src_prepare() { - default - sed -i 's@dockerd\?\.exe@@g' contrib/completion/bash/docker || die -} - -src_compile() { - export DISABLE_WARN_OUTSIDE_CONTAINER=1 - export GOPATH="${WORKDIR}/${P}" - # setup CFLAGS and LDFLAGS for separate build target - # see https://github.com/tianon/docker-overlay/pull/10 - export CGO_CFLAGS="-I${ESYSROOT}/usr/include" - export CGO_LDFLAGS="-L${ESYSROOT}/usr/$(get_libdir)" - emake \ - LDFLAGS="$(usex hardened '-extldflags -fno-PIC' '')" \ - VERSION="${PV}" \ - GITCOMMIT="${GIT_COMMIT}" \ - dynbinary -} - -src_install() { - dobin build/docker - doman "${WORKDIR}"/man/man?/* - dobashcomp contrib/completion/bash/* - bashcomp_alias docker dockerd - insinto /usr/share/fish/vendor_completions.d/ - doins contrib/completion/fish/docker.fish - insinto /usr/share/zsh/site-functions - doins contrib/completion/zsh/_* -} - -pkg_postinst() { - has_version "app-containers/docker-buildx" && return - ewarn "the 'docker build' command is deprecated and will be removed in a" - ewarn "future release. If you need this functionality, install" - ewarn "app-containers/docker-buildx." -} diff --git a/app-containers/docker-cli/files/docker-cli-24.0.4-vendor.patch b/app-containers/docker-cli/files/docker-cli-24.0.4-vendor.patch deleted file mode 100644 index 557486542ede..000000000000 --- a/app-containers/docker-cli/files/docker-cli-24.0.4-vendor.patch +++ /dev/null @@ -1,78 +0,0 @@ -diff --git a/vendor/github.com/docker/docker/client/client.go b/vendor/github.com/docker/docker/client/client.go -index 1c081a5..54fa36c 100644 ---- a/vendor/github.com/docker/docker/client/client.go -+++ b/vendor/github.com/docker/docker/client/client.go -@@ -56,6 +56,36 @@ import ( - "github.com/pkg/errors" - ) - -+// DummyHost is a hostname used for local communication. -+// -+// It acts as a valid formatted hostname for local connections (such as "unix://" -+// or "npipe://") which do not require a hostname. It should never be resolved, -+// but uses the special-purpose ".localhost" TLD (as defined in [RFC 2606, Section 2] -+// and [RFC 6761, Section 6.3]). -+// -+// [RFC 7230, Section 5.4] defines that an empty header must be used for such -+// cases: -+// -+// If the authority component is missing or undefined for the target URI, -+// then a client MUST send a Host header field with an empty field-value. -+// -+// However, [Go stdlib] enforces the semantics of HTTP(S) over TCP, does not -+// allow an empty header to be used, and requires req.URL.Scheme to be either -+// "http" or "https". -+// -+// For further details, refer to: -+// -+// - https://github.com/docker/engine-api/issues/189 -+// - https://github.com/golang/go/issues/13624 -+// - https://github.com/golang/go/issues/61076 -+// - https://github.com/moby/moby/issues/45935 -+// -+// [RFC 2606, Section 2]: https://www.rfc-editor.org/rfc/rfc2606.html#section-2 -+// [RFC 6761, Section 6.3]: https://www.rfc-editor.org/rfc/rfc6761#section-6.3 -+// [RFC 7230, Section 5.4]: https://datatracker.ietf.org/doc/html/rfc7230#section-5.4 -+// [Go stdlib]: https://github.com/golang/go/blob/6244b1946bc2101b01955468f1be502dbadd6807/src/net/http/transport.go#L558-L569 -+const DummyHost = "api.moby.localhost" -+ - // ErrRedirect is the error returned by checkRedirect when the request is non-GET. - var ErrRedirect = errors.New("unexpected redirect in response") - -diff --git a/vendor/github.com/docker/docker/client/hijack.go b/vendor/github.com/docker/docker/client/hijack.go -index 6bdacab..db9b02e 100644 ---- a/vendor/github.com/docker/docker/client/hijack.go -+++ b/vendor/github.com/docker/docker/client/hijack.go -@@ -64,7 +64,10 @@ func fallbackDial(proto, addr string, tlsConfig *tls.Config) (net.Conn, error) { - } - - func (cli *Client) setupHijackConn(ctx context.Context, req *http.Request, proto string) (net.Conn, string, error) { -- req.Host = cli.addr -+ if cli.proto == "unix" || cli.proto == "npipe" { -+ // For local communications, it doesn't matter what the host is. -+ req.URL.Host = DummyHost -+ } - req.Header.Set("Connection", "Upgrade") - req.Header.Set("Upgrade", proto) - -diff --git a/vendor/github.com/docker/docker/client/request.go b/vendor/github.com/docker/docker/client/request.go -index c799095..8f43553 100644 ---- a/vendor/github.com/docker/docker/client/request.go -+++ b/vendor/github.com/docker/docker/client/request.go -@@ -98,12 +98,12 @@ func (cli *Client) buildRequest(method, path string, body io.Reader, headers hea - req = cli.addHeaders(req, headers) - - if cli.proto == "unix" || cli.proto == "npipe" { -- // For local communications, it doesn't matter what the host is. We just -- // need a valid and meaningful host name. (See #189) -- req.Host = "docker" -+ // For local communications, it doesn't matter what the host is. -+ req.URL.Host = DummyHost -+ } else { -+ req.URL.Host = cli.addr - } - -- req.URL.Host = cli.addr - req.URL.Scheme = cli.scheme - - if expectedPayload && req.Header.Get("Content-Type") == "" { diff --git a/app-containers/docker/Manifest b/app-containers/docker/Manifest index 900dfe2f439e..d66437ecbb70 100644 --- a/app-containers/docker/Manifest +++ b/app-containers/docker/Manifest @@ -1,11 +1,4 @@ AUX 0001-Openrc-Depend-on-containerd-init-script.patch 774 BLAKE2B a7ac6f6a1e9ee88751e8e0471cd33429b8141cbea07a3a56c61eccd63c796c9135edafaf5977571a4413e5d71931aac44b5313110af94c3206e286b15394f637 SHA512 bc709b6f0dd8685fbf2404be589743f32a5f4deb24dec8ed6aeec18f0fcd1db4c5d59587209c28f62d964d78ec9ab3a3fdbb795dc4b7e3fabd00a06a002af34e -AUX docker-24.0.4-client-define-a-dummy-hostname-for-local-connections.patch 11883 BLAKE2B e5c57a6d01fe97d2e5e9015a01b92c8fcba7d537e1c451503ddbed0489bac90cf2e2424a95e093aba83aec008a88c717a5b9c85937208a41658255fffd40e5fd SHA512 0ea1d9578a9ee37fe2e4891557c16f00211a4ea1873f9cbc97090c9310fca4d3f741bef4d443b0b1d4d1b692420f745a5ecfe3606ab018b7e15b7d5629759ebe -DIST docker-23.0.3.tar.gz 13621933 BLAKE2B fd548b6083df495c35cc4d27374afdbc37e3678454b33477e9e88ba7c1564901d91a87eb0b87da2cfeab6a7c120bec95cad3a94db15a49719713a3660fae9958 SHA512 1f47a0c669c07ad1e628c99d153623076cd5c8e65e82fa54f7dd0d32579fae803ec9bee748e4ba1a6dc8fe37654602aaf005e58e09f00d8ff4f32e6047240caa -DIST docker-23.0.4.tar.gz 13625597 BLAKE2B ab4d50e9b334f18e620979bc13a7b146f8e0381d52aca0e45785108f1d53743e0157eb1e5bda76bc1300df1aa7825ca1ca141a21aeea39e81bc626ad1ea77775 SHA512 94d2c748541cf402197e98f93f574daf72bd84fc7603bf30e23674be36862ddbff5f37ad667455a710d730b9c5bc11962c287d6fd60a20320e0e0a41e3329c44 -DIST docker-24.0.4.tar.gz 14453359 BLAKE2B d089721469857eee87fd63b04c43cfde97ab9a38b5017c52c859b9b291574be4055b25585304434e070a7b74f90fa2582bb4fd8cddeae795637aaa23242fe8cb SHA512 5d749764a3541104d13ebe42e7b4225f66a98f9cc81f6406790be8a534f6c0d5ec13b145212bf75899e489feddf7679add6f43c6f9dd76b704291ed0e638eb6e DIST docker-24.0.5.tar.gz 14456089 BLAKE2B be13a4256787152cb35ddb96d80e97a5e5b587094f1c61d18158737a037c4e81b88c186098ba7416eb7778022ece07bc31ee55af13d3e3da8e0bbd5452ad027f SHA512 cde2e47e7658b153399ee29154ec21eebf54b292185e07d43b968895dcfdfead95e4507fefb713859a4540f21d8007116d3ebeaa1fb7ba305fb2a0449ba1bee6 -EBUILD docker-23.0.3.ebuild 8284 BLAKE2B 21e8c4a8cd80f4a6a79d0bd5514da2d653fd163a58589b67e32b4c71176be7f8656df1bcef872f8a5b22e9780d514ce5cca76c1c4db79ce6ce1a58c7e5e460fe SHA512 9a3f51cfa4059d0271baff5413bbe3ae29795f9d912ac912d045359ff1846408c7ad011a08102d3c6a7a560159180acf809d6fa2e7b3751cea6e78d00f209385 -EBUILD docker-23.0.4.ebuild 8287 BLAKE2B ff38c5c75e8bfdde6b0a3f2927090aa41c3cb28509333c254368d9b42a2c4583fd8784d47cb092f1bf91b170a2aea7de3c18b3aff915d5d21a7769cec496b328 SHA512 d471fae81b86e66d34e5d4373f739bc5d15d99abe1e7eca0199d12453e44e7f147813c14b64ab1a595083a731d74b69a9379e39b864cf19996d1bd33e6f90a58 -EBUILD docker-24.0.4-r2.ebuild 7757 BLAKE2B 4a138e60371c6cc53ad945a150131e0c02e03e8134322e7c8107d4ae2e13275958abf1d692f2583289b78edf6f8a77f332d608d9b6cd45aa49181434fc526843 SHA512 3792d5656031457075a53791987268c8d79f241964a854c37b054f12f502e2b8a4b3a7f6f4d000d6b6f82872da38986781f672a4e7d1e0f3ff3375b2cb7716a6 EBUILD docker-24.0.5.ebuild 7678 BLAKE2B 6a810a6e620d5d767196f407168935ae86a6c386666170728bcc740d2219b63fb7341c553e3df8c0600c5399043954fd5ef93708851b7d2f1475cc3a880f90b8 SHA512 d3ef18e6c19e08eda50da385f914db0b906c17e018809f28043d251d29af754a276dcc52e7c493b41ccf242c2f18eccf842bdd502061d744a5daf0f9b4a30c15 -MISC metadata.xml 1414 BLAKE2B fa9d3dd12a13f980523afebd1eee07a8746c55b7f89e6b1f0d42dc9f64649acc835904ee1dfe09bb4319cd7589dd6e19feb6d646a7ae1b41fb90e54d1f0d0cf0 SHA512 1175abde53b8d4690ffb2586734dd6fab94b3725c83a59f61d4abf53b04bfa8e5128b5cb914a9fd1eb142f77881ad503a40b14b6f5a994d19ca00aabc1b4db3e +MISC metadata.xml 1293 BLAKE2B c6ae1e8098653df526877e8faa1f81a122fd46dc423ae55bf006a63f6e366d1596c36bf3e178f4c17e74597130a7b0201aa556943dfe46c3db66e5aa986c7d60 SHA512 c0e0782f388ccc874da0e4c4fc6eb56ac3c0f5c5de7869083acca19d3e4dadae4a4d5fb76f38196930248e65d67d6273be689e51ca42ef3d4650731956fd920e diff --git a/app-containers/docker/docker-23.0.3.ebuild b/app-containers/docker/docker-23.0.3.ebuild deleted file mode 100644 index a2754cb1e601..000000000000 --- a/app-containers/docker/docker-23.0.3.ebuild +++ /dev/null @@ -1,340 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 -EGO_PN=github.com/docker/docker -MY_PV=${PV/_/-} -inherit linux-info systemd udev golang-vcs-snapshot -GIT_COMMIT=59118bff500fc0d95d0560a9788735a8d89568ce - -DESCRIPTION="The core functions you need to create Docker images and run Docker containers" -HOMEPAGE="https://www.docker.com/" -SRC_URI="https://github.com/moby/moby/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz" - -LICENSE="Apache-2.0" -SLOT="0" -KEYWORDS="amd64 ~arm arm64 ppc64 ~riscv ~x86" -IUSE="apparmor aufs btrfs +container-init device-mapper overlay seccomp selinux" - -DEPEND=" - acct-group/docker - >=dev-db/sqlite-3.7.9:3 - apparmor? ( sys-libs/libapparmor ) - btrfs? ( >=sys-fs/btrfs-progs-3.16.1 ) - device-mapper? ( >=sys-fs/lvm2-2.02.89[thin] ) - seccomp? ( >=sys-libs/libseccomp-2.2.1 ) -" - -# https://github.com/moby/moby/blob/master/project/PACKAGERS.md#runtime-dependencies -# https://github.com/moby/moby/blob/master/project/PACKAGERS.md#optional-dependencies -# https://github.com/moby/moby/tree/master//hack/dockerfile/install -# make sure docker-proxy is pinned to exact version from ^, -# for appropriate branchch/version of course -RDEPEND=" - ${DEPEND} - >=net-firewall/iptables-1.4 - sys-process/procps - >=dev-vcs/git-1.7 - >=app-arch/xz-utils-4.9 - dev-libs/libltdl - >=app-containers/containerd-1.6.19[apparmor?,btrfs?,device-mapper?,seccomp?] - ~app-containers/docker-proxy-0.8.0_p20230118 - container-init? ( >=sys-process/tini-0.19.0[static] ) - selinux? ( sec-policy/selinux-docker ) -" - -# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#build-dependencies -BDEPEND=" - >=dev-lang/go-1.16.12 - dev-go/go-md2man - virtual/pkgconfig -" -# tests require running dockerd as root and downloading containers -RESTRICT="installsources strip test" - -S="${WORKDIR}/${P}/src/${EGO_PN}" - -# https://bugs.gentoo.org/748984 https://github.com/etcd-io/etcd/pull/12552 -PATCHES=( - "${FILESDIR}/0001-Openrc-Depend-on-containerd-init-script.patch" -) - -pkg_setup() { - # this is based on "contrib/check-config.sh" from upstream's sources - # required features. - CONFIG_CHECK=" - ~NAMESPACES ~NET_NS ~PID_NS ~IPC_NS ~UTS_NS - ~CGROUPS ~CGROUP_CPUACCT ~CGROUP_DEVICE ~CGROUP_FREEZER ~CGROUP_SCHED ~CPUSETS ~MEMCG - ~KEYS - ~VETH ~BRIDGE ~BRIDGE_NETFILTER - ~IP_NF_FILTER ~IP_NF_TARGET_MASQUERADE - ~NETFILTER_XT_MATCH_ADDRTYPE - ~NETFILTER_XT_MATCH_CONNTRACK - ~NETFILTER_XT_MATCH_IPVS - ~NETFILTER_XT_MARK - ~IP_NF_NAT ~NF_NAT - ~POSIX_MQUEUE - " - WARNING_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE: is required for bind-mounting /dev/mqueue into containers" - - if kernel_is lt 4 8; then - CONFIG_CHECK+=" - ~DEVPTS_MULTIPLE_INSTANCES - " - fi - - if kernel_is le 5 1; then - CONFIG_CHECK+=" - ~NF_NAT_IPV4 - " - fi - - if kernel_is le 5 2; then - CONFIG_CHECK+=" - ~NF_NAT_NEEDED - " - fi - - if kernel_is ge 4 15; then - CONFIG_CHECK+=" - ~CGROUP_BPF - " - fi - - # optional features - CONFIG_CHECK+=" - ~USER_NS - " - - if use seccomp; then - CONFIG_CHECK+=" - ~SECCOMP ~SECCOMP_FILTER - " - fi - - CONFIG_CHECK+=" - ~CGROUP_PIDS - " - - if kernel_is lt 6 1; then - CONFIG_CHECK+=" - ~MEMCG_SWAP - " - fi - - if kernel_is le 5 8; then - CONFIG_CHECK+=" - ~MEMCG_SWAP_ENABLED - " - fi - - CONFIG_CHECK+=" - ~!LEGACY_VSYSCALL_NATIVE - " - if kernel_is lt 5 19; then - CONFIG_CHECK+=" - ~LEGACY_VSYSCALL_EMULATE - " - fi - CONFIG_CHECK+=" - ~!LEGACY_VSYSCALL_NONE - " - WARNING_LEGACY_VSYSCALL_NONE="CONFIG_LEGACY_VSYSCALL_NONE enabled: \ - Containers with <=glibc-2.13 will not work" - - if kernel_is le 4 5; then - CONFIG_CHECK+=" - ~MEMCG_KMEM - " - fi - - if kernel_is lt 5; then - CONFIG_CHECK+=" - ~IOSCHED_CFQ ~CFQ_GROUP_IOSCHED - " - fi - - CONFIG_CHECK+=" - ~BLK_CGROUP ~BLK_DEV_THROTTLING - ~CGROUP_PERF - ~CGROUP_HUGETLB - ~NET_CLS_CGROUP ~CGROUP_NET_PRIO - ~CFS_BANDWIDTH ~FAIR_GROUP_SCHED ~RT_GROUP_SCHED - ~IP_NF_TARGET_REDIRECT - ~IP_VS - ~IP_VS_NFCT - ~IP_VS_PROTO_TCP - ~IP_VS_PROTO_UDP - ~IP_VS_RR - " - WARNING_RT_GROUP_SCHED="CONFIG_RT_GROUP_SCHED is disabled: Depending on your docker setup, you may want to enable this. See https://docs.docker.com/config/containers/resource_constraints/#configure-the-realtime-scheduler for more information." - - if use selinux; then - CONFIG_CHECK+=" - ~SECURITY_SELINUX - " - fi - - if use apparmor; then - CONFIG_CHECK+=" - ~SECURITY_APPARMOR - " - fi - - # if ! is_set EXT4_USE_FOR_EXT2; then - # check_flags EXT3_FS EXT3_FS_XATTR EXT3_FS_POSIX_ACL EXT3_FS_SECURITY - # if ! is_set EXT3_FS || ! is_set EXT3_FS_XATTR || ! is_set EXT3_FS_POSIX_ACL || ! is_set EXT3_FS_SECURITY; then - # echo " $(wrap_color '(enable these ext3 configs if you are using ext3 as backing filesystem)' bold black)" - # fi - # fi - - CONFIG_CHECK+=" - ~EXT4_FS ~EXT4_FS_POSIX_ACL ~EXT4_FS_SECURITY - " - - # if ! is_set EXT4_FS || ! is_set EXT4_FS_POSIX_ACL || ! is_set EXT4_FS_SECURITY; then - # if is_set EXT4_USE_FOR_EXT2; then - # echo " $(wrap_color 'enable these ext4 configs if you are using ext3 or ext4 as backing filesystem' bold black)" - # else - # echo " $(wrap_color 'enable these ext4 configs if you are using ext4 as backing filesystem' bold black)" - # fi - # fi - - # network drivers - CONFIG_CHECK+=" - ~VXLAN ~BRIDGE_VLAN_FILTERING - ~CRYPTO ~CRYPTO_AEAD ~CRYPTO_GCM ~CRYPTO_SEQIV ~CRYPTO_GHASH - ~XFRM ~XFRM_USER ~XFRM_ALGO ~INET_ESP - " - if kernel_is le 5 3; then - CONFIG_CHECK+=" - ~INET_XFRM_MODE_TRANSPORT - " - fi - - CONFIG_CHECK+=" - ~IPVLAN - " - CONFIG_CHECK+=" - ~MACVLAN ~DUMMY - " - CONFIG_CHECK+=" - ~NF_NAT_FTP ~NF_CONNTRACK_FTP ~NF_NAT_TFTP ~NF_CONNTRACK_TFTP - " - - # storage drivers - if use aufs; then - CONFIG_CHECK+=" - ~AUFS_FS - " - ERROR_AUFS_FS="CONFIG_AUFS_FS: is required to be set if and only if aufs is patched to kernel instead of using standalone" - fi - - if use btrfs; then - CONFIG_CHECK+=" - ~BTRFS_FS - ~BTRFS_FS_POSIX_ACL - " - fi - - if use device-mapper; then - CONFIG_CHECK+=" - ~BLK_DEV_DM ~DM_THIN_PROVISIONING - " - fi - - CONFIG_CHECK+=" - ~OVERLAY_FS - " - - linux-info_pkg_setup -} - -src_compile() { - export DOCKER_GITCOMMIT="${GIT_COMMIT}" - export GOPATH="${WORKDIR}/${P}" - export VERSION=${PV} - - # setup CFLAGS and LDFLAGS for separate build target - # see https://github.com/tianon/docker-overlay/pull/10 - export CGO_CFLAGS="-I${ESYSROOT}/usr/include" - export CGO_LDFLAGS="-L${ESYSROOT}/usr/$(get_libdir)" - - # let's set up some optional features :) - export DOCKER_BUILDTAGS='' - for gd in aufs btrfs device-mapper overlay; do - if ! use $gd; then - DOCKER_BUILDTAGS+=" exclude_graphdriver_${gd//-/}" - fi - done - - for tag in apparmor seccomp; do - if use $tag; then - DOCKER_BUILDTAGS+=" $tag" - fi - done - - # build daemon - ./hack/make.sh dynbinary || die 'dynbinary failed' -} - -src_install() { - dosym containerd /usr/bin/docker-containerd - dosym containerd-shim /usr/bin/docker-containerd-shim - dosym runc /usr/bin/docker-runc - use container-init && dosym tini /usr/bin/docker-init - newbin bundles/dynbinary-daemon/dockerd dockerd - - newinitd contrib/init/openrc/docker.initd docker - newconfd contrib/init/openrc/docker.confd docker - - systemd_dounit contrib/init/systemd/docker.{service,socket} - - udev_dorules contrib/udev/*.rules - - dodoc AUTHORS CONTRIBUTING.md NOTICE README.md - dodoc -r docs/* - - # note: intentionally not using "doins" so that we preserve +x bits - dodir /usr/share/${PN}/contrib - cp -R contrib/* "${ED}/usr/share/${PN}/contrib" -} - -pkg_postinst() { - udev_reload - - elog - elog "To use Docker, the Docker daemon must be running as root. To automatically" - elog "start the Docker daemon at boot:" - if systemd_is_booted || has_version sys-apps/systemd; then - elog " systemctl enable docker.service" - else - elog " rc-update add docker default" - fi - elog - elog "To use Docker as a non-root user, add yourself to the 'docker' group:" - elog ' usermod -aG docker <youruser>' - elog - - if use device-mapper; then - elog " Devicemapper storage driver has been deprecated" - elog " It will be removed in a future release" - elog - fi - - if use overlay; then - elog " Overlay storage driver/USEflag has been deprecated" - elog " in favor of overlay2 (enabled unconditionally)" - elog - fi - - if has_version sys-fs/zfs; then - elog " ZFS storage driver is available" - elog " Check https://docs.docker.com/storage/storagedriver/zfs-driver for more info" - elog - fi -} - -pkg_postrm() { - udev_reload -} diff --git a/app-containers/docker/docker-23.0.4.ebuild b/app-containers/docker/docker-23.0.4.ebuild deleted file mode 100644 index 897b19c88f3f..000000000000 --- a/app-containers/docker/docker-23.0.4.ebuild +++ /dev/null @@ -1,340 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 -EGO_PN=github.com/docker/docker -MY_PV=${PV/_/-} -inherit linux-info systemd udev golang-vcs-snapshot -GIT_COMMIT=cbce3319305c39df3405c969a12e0a5d2bad3f4f - -DESCRIPTION="The core functions you need to create Docker images and run Docker containers" -HOMEPAGE="https://www.docker.com/" -SRC_URI="https://github.com/moby/moby/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz" - -LICENSE="Apache-2.0" -SLOT="0" -KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86" -IUSE="apparmor aufs btrfs +container-init device-mapper overlay seccomp selinux" - -DEPEND=" - acct-group/docker - >=dev-db/sqlite-3.7.9:3 - apparmor? ( sys-libs/libapparmor ) - btrfs? ( >=sys-fs/btrfs-progs-3.16.1 ) - device-mapper? ( >=sys-fs/lvm2-2.02.89[thin] ) - seccomp? ( >=sys-libs/libseccomp-2.2.1 ) -" - -# https://github.com/moby/moby/blob/master/project/PACKAGERS.md#runtime-dependencies -# https://github.com/moby/moby/blob/master/project/PACKAGERS.md#optional-dependencies -# https://github.com/moby/moby/tree/master//hack/dockerfile/install -# make sure docker-proxy is pinned to exact version from ^, -# for appropriate branchch/version of course -RDEPEND=" - ${DEPEND} - >=net-firewall/iptables-1.4 - sys-process/procps - >=dev-vcs/git-1.7 - >=app-arch/xz-utils-4.9 - dev-libs/libltdl - >=app-containers/containerd-1.6.20[apparmor?,btrfs?,device-mapper?,seccomp?] - ~app-containers/docker-proxy-0.8.0_p20230118 - container-init? ( >=sys-process/tini-0.19.0[static] ) - selinux? ( sec-policy/selinux-docker ) -" - -# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#build-dependencies -BDEPEND=" - >=dev-lang/go-1.16.12 - dev-go/go-md2man - virtual/pkgconfig -" -# tests require running dockerd as root and downloading containers -RESTRICT="installsources strip test" - -S="${WORKDIR}/${P}/src/${EGO_PN}" - -# https://bugs.gentoo.org/748984 https://github.com/etcd-io/etcd/pull/12552 -PATCHES=( - "${FILESDIR}/0001-Openrc-Depend-on-containerd-init-script.patch" -) - -pkg_setup() { - # this is based on "contrib/check-config.sh" from upstream's sources - # required features. - CONFIG_CHECK=" - ~NAMESPACES ~NET_NS ~PID_NS ~IPC_NS ~UTS_NS - ~CGROUPS ~CGROUP_CPUACCT ~CGROUP_DEVICE ~CGROUP_FREEZER ~CGROUP_SCHED ~CPUSETS ~MEMCG - ~KEYS - ~VETH ~BRIDGE ~BRIDGE_NETFILTER - ~IP_NF_FILTER ~IP_NF_TARGET_MASQUERADE - ~NETFILTER_XT_MATCH_ADDRTYPE - ~NETFILTER_XT_MATCH_CONNTRACK - ~NETFILTER_XT_MATCH_IPVS - ~NETFILTER_XT_MARK - ~IP_NF_NAT ~NF_NAT - ~POSIX_MQUEUE - " - WARNING_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE: is required for bind-mounting /dev/mqueue into containers" - - if kernel_is lt 4 8; then - CONFIG_CHECK+=" - ~DEVPTS_MULTIPLE_INSTANCES - " - fi - - if kernel_is le 5 1; then - CONFIG_CHECK+=" - ~NF_NAT_IPV4 - " - fi - - if kernel_is le 5 2; then - CONFIG_CHECK+=" - ~NF_NAT_NEEDED - " - fi - - if kernel_is ge 4 15; then - CONFIG_CHECK+=" - ~CGROUP_BPF - " - fi - - # optional features - CONFIG_CHECK+=" - ~USER_NS - " - - if use seccomp; then - CONFIG_CHECK+=" - ~SECCOMP ~SECCOMP_FILTER - " - fi - - CONFIG_CHECK+=" - ~CGROUP_PIDS - " - - if kernel_is lt 6 1; then - CONFIG_CHECK+=" - ~MEMCG_SWAP - " - fi - - if kernel_is le 5 8; then - CONFIG_CHECK+=" - ~MEMCG_SWAP_ENABLED - " - fi - - CONFIG_CHECK+=" - ~!LEGACY_VSYSCALL_NATIVE - " - if kernel_is lt 5 19; then - CONFIG_CHECK+=" - ~LEGACY_VSYSCALL_EMULATE - " - fi - CONFIG_CHECK+=" - ~!LEGACY_VSYSCALL_NONE - " - WARNING_LEGACY_VSYSCALL_NONE="CONFIG_LEGACY_VSYSCALL_NONE enabled: \ - Containers with <=glibc-2.13 will not work" - - if kernel_is le 4 5; then - CONFIG_CHECK+=" - ~MEMCG_KMEM - " - fi - - if kernel_is lt 5; then - CONFIG_CHECK+=" - ~IOSCHED_CFQ ~CFQ_GROUP_IOSCHED - " - fi - - CONFIG_CHECK+=" - ~BLK_CGROUP ~BLK_DEV_THROTTLING - ~CGROUP_PERF - ~CGROUP_HUGETLB - ~NET_CLS_CGROUP ~CGROUP_NET_PRIO - ~CFS_BANDWIDTH ~FAIR_GROUP_SCHED ~RT_GROUP_SCHED - ~IP_NF_TARGET_REDIRECT - ~IP_VS - ~IP_VS_NFCT - ~IP_VS_PROTO_TCP - ~IP_VS_PROTO_UDP - ~IP_VS_RR - " - WARNING_RT_GROUP_SCHED="CONFIG_RT_GROUP_SCHED is disabled: Depending on your docker setup, you may want to enable this. See https://docs.docker.com/config/containers/resource_constraints/#configure-the-realtime-scheduler for more information." - - if use selinux; then - CONFIG_CHECK+=" - ~SECURITY_SELINUX - " - fi - - if use apparmor; then - CONFIG_CHECK+=" - ~SECURITY_APPARMOR - " - fi - - # if ! is_set EXT4_USE_FOR_EXT2; then - # check_flags EXT3_FS EXT3_FS_XATTR EXT3_FS_POSIX_ACL EXT3_FS_SECURITY - # if ! is_set EXT3_FS || ! is_set EXT3_FS_XATTR || ! is_set EXT3_FS_POSIX_ACL || ! is_set EXT3_FS_SECURITY; then - # echo " $(wrap_color '(enable these ext3 configs if you are using ext3 as backing filesystem)' bold black)" - # fi - # fi - - CONFIG_CHECK+=" - ~EXT4_FS ~EXT4_FS_POSIX_ACL ~EXT4_FS_SECURITY - " - - # if ! is_set EXT4_FS || ! is_set EXT4_FS_POSIX_ACL || ! is_set EXT4_FS_SECURITY; then - # if is_set EXT4_USE_FOR_EXT2; then - # echo " $(wrap_color 'enable these ext4 configs if you are using ext3 or ext4 as backing filesystem' bold black)" - # else - # echo " $(wrap_color 'enable these ext4 configs if you are using ext4 as backing filesystem' bold black)" - # fi - # fi - - # network drivers - CONFIG_CHECK+=" - ~VXLAN ~BRIDGE_VLAN_FILTERING - ~CRYPTO ~CRYPTO_AEAD ~CRYPTO_GCM ~CRYPTO_SEQIV ~CRYPTO_GHASH - ~XFRM ~XFRM_USER ~XFRM_ALGO ~INET_ESP - " - if kernel_is le 5 3; then - CONFIG_CHECK+=" - ~INET_XFRM_MODE_TRANSPORT - " - fi - - CONFIG_CHECK+=" - ~IPVLAN - " - CONFIG_CHECK+=" - ~MACVLAN ~DUMMY - " - CONFIG_CHECK+=" - ~NF_NAT_FTP ~NF_CONNTRACK_FTP ~NF_NAT_TFTP ~NF_CONNTRACK_TFTP - " - - # storage drivers - if use aufs; then - CONFIG_CHECK+=" - ~AUFS_FS - " - ERROR_AUFS_FS="CONFIG_AUFS_FS: is required to be set if and only if aufs is patched to kernel instead of using standalone" - fi - - if use btrfs; then - CONFIG_CHECK+=" - ~BTRFS_FS - ~BTRFS_FS_POSIX_ACL - " - fi - - if use device-mapper; then - CONFIG_CHECK+=" - ~BLK_DEV_DM ~DM_THIN_PROVISIONING - " - fi - - CONFIG_CHECK+=" - ~OVERLAY_FS - " - - linux-info_pkg_setup -} - -src_compile() { - export DOCKER_GITCOMMIT="${GIT_COMMIT}" - export GOPATH="${WORKDIR}/${P}" - export VERSION=${PV} - - # setup CFLAGS and LDFLAGS for separate build target - # see https://github.com/tianon/docker-overlay/pull/10 - export CGO_CFLAGS="-I${ESYSROOT}/usr/include" - export CGO_LDFLAGS="-L${ESYSROOT}/usr/$(get_libdir)" - - # let's set up some optional features :) - export DOCKER_BUILDTAGS='' - for gd in aufs btrfs device-mapper overlay; do - if ! use $gd; then - DOCKER_BUILDTAGS+=" exclude_graphdriver_${gd//-/}" - fi - done - - for tag in apparmor seccomp; do - if use $tag; then - DOCKER_BUILDTAGS+=" $tag" - fi - done - - # build daemon - ./hack/make.sh dynbinary || die 'dynbinary failed' -} - -src_install() { - dosym containerd /usr/bin/docker-containerd - dosym containerd-shim /usr/bin/docker-containerd-shim - dosym runc /usr/bin/docker-runc - use container-init && dosym tini /usr/bin/docker-init - newbin bundles/dynbinary-daemon/dockerd dockerd - - newinitd contrib/init/openrc/docker.initd docker - newconfd contrib/init/openrc/docker.confd docker - - systemd_dounit contrib/init/systemd/docker.{service,socket} - - udev_dorules contrib/udev/*.rules - - dodoc AUTHORS CONTRIBUTING.md NOTICE README.md - dodoc -r docs/* - - # note: intentionally not using "doins" so that we preserve +x bits - dodir /usr/share/${PN}/contrib - cp -R contrib/* "${ED}/usr/share/${PN}/contrib" -} - -pkg_postinst() { - udev_reload - - elog - elog "To use Docker, the Docker daemon must be running as root. To automatically" - elog "start the Docker daemon at boot:" - if systemd_is_booted || has_version sys-apps/systemd; then - elog " systemctl enable docker.service" - else - elog " rc-update add docker default" - fi - elog - elog "To use Docker as a non-root user, add yourself to the 'docker' group:" - elog ' usermod -aG docker <youruser>' - elog - - if use device-mapper; then - elog " Devicemapper storage driver has been deprecated" - elog " It will be removed in a future release" - elog - fi - - if use overlay; then - elog " Overlay storage driver/USEflag has been deprecated" - elog " in favor of overlay2 (enabled unconditionally)" - elog - fi - - if has_version sys-fs/zfs; then - elog " ZFS storage driver is available" - elog " Check https://docs.docker.com/storage/storagedriver/zfs-driver for more info" - elog - fi -} - -pkg_postrm() { - udev_reload -} diff --git a/app-containers/docker/docker-24.0.4-r2.ebuild b/app-containers/docker/docker-24.0.4-r2.ebuild deleted file mode 100644 index ac380bf3bc9d..000000000000 --- a/app-containers/docker/docker-24.0.4-r2.ebuild +++ /dev/null @@ -1,331 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 -EGO_PN=github.com/docker/docker -MY_PV=${PV/_/-} -inherit linux-info systemd udev golang-vcs-snapshot -GIT_COMMIT=4ffc61430bbe6d3d405bdf357b766bf303ff3cc5 - -DESCRIPTION="The core functions you need to create Docker images and run Docker containers" -HOMEPAGE="https://www.docker.com/" -SRC_URI="https://github.com/moby/moby/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz" - -LICENSE="Apache-2.0" -SLOT="0" -KEYWORDS="amd64 ~arm arm64 ppc64 ~riscv ~x86" -IUSE="apparmor btrfs +container-init device-mapper overlay seccomp selinux" - -DEPEND=" - acct-group/docker - >=dev-db/sqlite-3.7.9:3 - apparmor? ( sys-libs/libapparmor ) - btrfs? ( >=sys-fs/btrfs-progs-3.16.1 ) - device-mapper? ( >=sys-fs/lvm2-2.02.89[thin] ) - seccomp? ( >=sys-libs/libseccomp-2.2.1 ) -" - -# https://github.com/moby/moby/blob/master/project/PACKAGERS.md#runtime-dependencies -# https://github.com/moby/moby/blob/master/project/PACKAGERS.md#optional-dependencies -RDEPEND=" - ${DEPEND} - >=net-firewall/iptables-1.4 - sys-process/procps - >=dev-vcs/git-1.7 - >=app-arch/xz-utils-4.9 - dev-libs/libltdl - >=app-containers/containerd-1.7.1[apparmor?,btrfs?,device-mapper?,seccomp?] - !app-containers/docker-proxy - container-init? ( >=sys-process/tini-0.19.0[static] ) - selinux? ( sec-policy/selinux-docker ) -" - -# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#build-dependencies -BDEPEND=" - >=dev-lang/go-1.16.12 - dev-go/go-md2man - virtual/pkgconfig -" -# tests require running dockerd as root and downloading containers -RESTRICT="installsources strip test" - -S="${WORKDIR}/${P}/src/${EGO_PN}" - -# https://bugs.gentoo.org/748984 https://github.com/etcd-io/etcd/pull/12552 -PATCHES=( - "${FILESDIR}/0001-Openrc-Depend-on-containerd-init-script.patch" - "${FILESDIR}/${P}-client-define-a-dummy-hostname-for-local-connections.patch" -) - -pkg_setup() { - # this is based on "contrib/check-config.sh" from upstream's sources - # required features. - CONFIG_CHECK=" - ~NAMESPACES ~NET_NS ~PID_NS ~IPC_NS ~UTS_NS - ~CGROUPS ~CGROUP_CPUACCT ~CGROUP_DEVICE ~CGROUP_FREEZER ~CGROUP_SCHED ~CPUSETS ~MEMCG - ~KEYS - ~VETH ~BRIDGE ~BRIDGE_NETFILTER - ~IP_NF_FILTER ~IP_NF_TARGET_MASQUERADE - ~NETFILTER_XT_MATCH_ADDRTYPE - ~NETFILTER_XT_MATCH_CONNTRACK - ~NETFILTER_XT_MATCH_IPVS - ~NETFILTER_XT_MARK - ~IP_NF_NAT ~NF_NAT - ~POSIX_MQUEUE - " - WARNING_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE: is required for bind-mounting /dev/mqueue into containers" - - if kernel_is lt 4 8; then - CONFIG_CHECK+=" - ~DEVPTS_MULTIPLE_INSTANCES - " - fi - - if kernel_is le 5 1; then - CONFIG_CHECK+=" - ~NF_NAT_IPV4 - " - fi - - if kernel_is le 5 2; then - CONFIG_CHECK+=" - ~NF_NAT_NEEDED - " - fi - - if kernel_is ge 4 15; then - CONFIG_CHECK+=" - ~CGROUP_BPF - " - fi - - # optional features - CONFIG_CHECK+=" - ~USER_NS - " - - if use seccomp; then - CONFIG_CHECK+=" - ~SECCOMP ~SECCOMP_FILTER - " - fi - - CONFIG_CHECK+=" - ~CGROUP_PIDS - " - - if kernel_is lt 6 1; then - CONFIG_CHECK+=" - ~MEMCG_SWAP - " - fi - - if kernel_is le 5 8; then - CONFIG_CHECK+=" - ~MEMCG_SWAP_ENABLED - " - fi - - CONFIG_CHECK+=" - ~!LEGACY_VSYSCALL_NATIVE - " - if kernel_is lt 5 19; then - CONFIG_CHECK+=" - ~LEGACY_VSYSCALL_EMULATE - " - fi - CONFIG_CHECK+=" - ~!LEGACY_VSYSCALL_NONE - " - WARNING_LEGACY_VSYSCALL_NONE="CONFIG_LEGACY_VSYSCALL_NONE enabled: \ - Containers with <=glibc-2.13 will not work" - - if kernel_is le 4 5; then - CONFIG_CHECK+=" - ~MEMCG_KMEM - " - fi - - if kernel_is lt 5; then - CONFIG_CHECK+=" - ~IOSCHED_CFQ ~CFQ_GROUP_IOSCHED - " - fi - - CONFIG_CHECK+=" - ~BLK_CGROUP ~BLK_DEV_THROTTLING - ~CGROUP_PERF - ~CGROUP_HUGETLB - ~NET_CLS_CGROUP ~CGROUP_NET_PRIO - ~CFS_BANDWIDTH ~FAIR_GROUP_SCHED - ~IP_NF_TARGET_REDIRECT - ~IP_VS - ~IP_VS_NFCT - ~IP_VS_PROTO_TCP - ~IP_VS_PROTO_UDP - ~IP_VS_RR - " - - if use selinux; then - CONFIG_CHECK+=" - ~SECURITY_SELINUX - " - fi - - if use apparmor; then - CONFIG_CHECK+=" - ~SECURITY_APPARMOR - " - fi - - # if ! is_set EXT4_USE_FOR_EXT2; then - # check_flags EXT3_FS EXT3_FS_XATTR EXT3_FS_POSIX_ACL EXT3_FS_SECURITY - # if ! is_set EXT3_FS || ! is_set EXT3_FS_XATTR || ! is_set EXT3_FS_POSIX_ACL || ! is_set EXT3_FS_SECURITY; then - # echo " $(wrap_color '(enable these ext3 configs if you are using ext3 as backing filesystem)' bold black)" - # fi - # fi - - CONFIG_CHECK+=" - ~EXT4_FS ~EXT4_FS_POSIX_ACL ~EXT4_FS_SECURITY - " - - # if ! is_set EXT4_FS || ! is_set EXT4_FS_POSIX_ACL || ! is_set EXT4_FS_SECURITY; then - # if is_set EXT4_USE_FOR_EXT2; then - # echo " $(wrap_color 'enable these ext4 configs if you are using ext3 or ext4 as backing filesystem' bold black)" - # else - # echo " $(wrap_color 'enable these ext4 configs if you are using ext4 as backing filesystem' bold black)" - # fi - # fi - - # network drivers - CONFIG_CHECK+=" - ~VXLAN ~BRIDGE_VLAN_FILTERING - ~CRYPTO ~CRYPTO_AEAD ~CRYPTO_GCM ~CRYPTO_SEQIV ~CRYPTO_GHASH - ~XFRM ~XFRM_USER ~XFRM_ALGO ~INET_ESP - " - if kernel_is le 5 3; then - CONFIG_CHECK+=" - ~INET_XFRM_MODE_TRANSPORT - " - fi - - CONFIG_CHECK+=" - ~IPVLAN - " - CONFIG_CHECK+=" - ~MACVLAN ~DUMMY - " - CONFIG_CHECK+=" - ~NF_NAT_FTP ~NF_CONNTRACK_FTP ~NF_NAT_TFTP ~NF_CONNTRACK_TFTP - " - - # storage drivers - if use btrfs; then - CONFIG_CHECK+=" - ~BTRFS_FS - ~BTRFS_FS_POSIX_ACL - " - fi - - if use device-mapper; then - CONFIG_CHECK+=" - ~BLK_DEV_DM ~DM_THIN_PROVISIONING - " - fi - - CONFIG_CHECK+=" - ~OVERLAY_FS - " - - linux-info_pkg_setup -} - -src_compile() { - export DOCKER_GITCOMMIT="${GIT_COMMIT}" - export GOPATH="${WORKDIR}/${P}" - export VERSION=${PV} - - # setup CFLAGS and LDFLAGS for separate build target - # see https://github.com/tianon/docker-overlay/pull/10 - export CGO_CFLAGS="-I${ESYSROOT}/usr/include" - export CGO_LDFLAGS="-L${ESYSROOT}/usr/$(get_libdir)" - - # let's set up some optional features :) - export DOCKER_BUILDTAGS='' - for gd in btrfs device-mapper overlay; do - if ! use $gd; then - DOCKER_BUILDTAGS+=" exclude_graphdriver_${gd//-/}" - fi - done - - for tag in apparmor seccomp; do - if use $tag; then - DOCKER_BUILDTAGS+=" $tag" - fi - done - - # build binaries - ./hack/make.sh dynbinary || die 'dynbinary failed' -} - -src_install() { - dosym containerd /usr/bin/docker-containerd - dosym containerd-shim /usr/bin/docker-containerd-shim - dosym runc /usr/bin/docker-runc - use container-init && dosym tini /usr/bin/docker-init - dobin bundles/dynbinary-daemon/dockerd - dobin bundles/dynbinary-daemon/docker-proxy - - newinitd contrib/init/openrc/docker.initd docker - newconfd contrib/init/openrc/docker.confd docker - - systemd_dounit contrib/init/systemd/docker.{service,socket} - - udev_dorules contrib/udev/*.rules - - dodoc AUTHORS CONTRIBUTING.md NOTICE README.md - dodoc -r docs/* - - # note: intentionally not using "doins" so that we preserve +x bits - dodir /usr/share/${PN}/contrib - cp -R contrib/* "${ED}/usr/share/${PN}/contrib" -} - -pkg_postinst() { - udev_reload - - elog - elog "To use Docker, the Docker daemon must be running as root. To automatically" - elog "start the Docker daemon at boot:" - if systemd_is_booted || has_version sys-apps/systemd; then - elog " systemctl enable docker.service" - else - elog " rc-update add docker default" - fi - elog - elog "To use Docker as a non-root user, add yourself to the 'docker' group:" - elog ' usermod -aG docker <youruser>' - elog - - if use device-mapper; then - elog " Devicemapper storage driver has been deprecated" - elog " It will be removed in a future release" - elog - fi - - if use overlay; then - elog " Overlay storage driver/USEflag has been deprecated" - elog " in favor of overlay2 (enabled unconditionally)" - elog - fi - - if has_version sys-fs/zfs; then - elog " ZFS storage driver is available" - elog " Check https://docs.docker.com/storage/storagedriver/zfs-driver for more info" - elog - fi -} - -pkg_postrm() { - udev_reload -} diff --git a/app-containers/docker/files/docker-24.0.4-client-define-a-dummy-hostname-for-local-connections.patch b/app-containers/docker/files/docker-24.0.4-client-define-a-dummy-hostname-for-local-connections.patch deleted file mode 100644 index 91c0f12daae0..000000000000 --- a/app-containers/docker/files/docker-24.0.4-client-define-a-dummy-hostname-for-local-connections.patch +++ /dev/null @@ -1,290 +0,0 @@ -From 18b6066f21dd24671c96c3d9f1b3a7e39da1dabf Mon Sep 17 00:00:00 2001 -From: Sebastiaan van Stijn <github@gone.nl> -Date: Wed, 12 Jul 2023 14:15:38 +0200 -Subject: [PATCH 1/3] client: define a "dummy" hostname to use for local - connections - -For local communications (npipe://, unix://), the hostname is not used, -but we need valid and meaningful hostname. - -The current code used the client's `addr` as hostname in some cases, which -could contain the path for the unix-socket (`/var/run/docker.sock`), which -gets rejected by go1.20.6 and go1.19.11 because of a security fix for -[CVE-2023-29406 ][1], which was implemented in https://go.dev/issue/60374. - -Prior versions go Go would clean the host header, and strip slashes in the -process, but go1.20.6 and go1.19.11 no longer do, and reject the host -header. - -This patch introduces a `DummyHost` const, and uses this dummy host for -cases where we don't need an actual hostname. - -Before this patch (using go1.20.6): - - make GO_VERSION=1.20.6 TEST_FILTER=TestAttach test-integration - === RUN TestAttachWithTTY - attach_test.go:46: assertion failed: error is not nil: http: invalid Host header - --- FAIL: TestAttachWithTTY (0.11s) - === RUN TestAttachWithoutTTy - attach_test.go:46: assertion failed: error is not nil: http: invalid Host header - --- FAIL: TestAttachWithoutTTy (0.02s) - FAIL - -With this patch applied: - - make GO_VERSION=1.20.6 TEST_FILTER=TestAttach test-integration - INFO: Testing against a local daemon - === RUN TestAttachWithTTY - --- PASS: TestAttachWithTTY (0.12s) - === RUN TestAttachWithoutTTy - --- PASS: TestAttachWithoutTTy (0.02s) - PASS - -[1]: https://github.com/advisories/GHSA-f8f7-69v5-w4vx - -Signed-off-by: Sebastiaan van Stijn <github@gone.nl> -(cherry picked from commit 5119e8c98f31f36a9e73884d4132c326cd931c34) -Signed-off-by: Sebastiaan van Stijn <github@gone.nl> ---- - client/client.go | 30 ++++++++++++++++++++++++++++++ - client/hijack.go | 5 ++++- - client/request.go | 8 ++++---- - client/request_test.go | 20 ++++++++------------ - 4 files changed, 46 insertions(+), 17 deletions(-) - -diff --git a/client/client.go b/client/client.go -index 1c081a51ae69..54fa36cca88e 100644 ---- a/client/client.go -+++ b/moby-24.0.4/client/client.go -@@ -56,6 +56,36 @@ import ( - "github.com/pkg/errors" - ) - -+// DummyHost is a hostname used for local communication. -+// -+// It acts as a valid formatted hostname for local connections (such as "unix://" -+// or "npipe://") which do not require a hostname. It should never be resolved, -+// but uses the special-purpose ".localhost" TLD (as defined in [RFC 2606, Section 2] -+// and [RFC 6761, Section 6.3]). -+// -+// [RFC 7230, Section 5.4] defines that an empty header must be used for such -+// cases: -+// -+// If the authority component is missing or undefined for the target URI, -+// then a client MUST send a Host header field with an empty field-value. -+// -+// However, [Go stdlib] enforces the semantics of HTTP(S) over TCP, does not -+// allow an empty header to be used, and requires req.URL.Scheme to be either -+// "http" or "https". -+// -+// For further details, refer to: -+// -+// - https://github.com/docker/engine-api/issues/189 -+// - https://github.com/golang/go/issues/13624 -+// - https://github.com/golang/go/issues/61076 -+// - https://github.com/moby/moby/issues/45935 -+// -+// [RFC 2606, Section 2]: https://www.rfc-editor.org/rfc/rfc2606.html#section-2 -+// [RFC 6761, Section 6.3]: https://www.rfc-editor.org/rfc/rfc6761#section-6.3 -+// [RFC 7230, Section 5.4]: https://datatracker.ietf.org/doc/html/rfc7230#section-5.4 -+// [Go stdlib]: https://github.com/golang/go/blob/6244b1946bc2101b01955468f1be502dbadd6807/src/net/http/transport.go#L558-L569 -+const DummyHost = "api.moby.localhost" -+ - // ErrRedirect is the error returned by checkRedirect when the request is non-GET. - var ErrRedirect = errors.New("unexpected redirect in response") - -diff --git a/client/hijack.go b/client/hijack.go -index 6bdacab10adb..db9b02e1601f 100644 ---- a/client/hijack.go -+++ b/moby-24.0.4/client/hijack.go -@@ -64,7 +64,10 @@ func fallbackDial(proto, addr string, tlsConfig *tls.Config) (net.Conn, error) { - } - - func (cli *Client) setupHijackConn(ctx context.Context, req *http.Request, proto string) (net.Conn, string, error) { -- req.Host = cli.addr -+ if cli.proto == "unix" || cli.proto == "npipe" { -+ // For local communications, it doesn't matter what the host is. -+ req.URL.Host = DummyHost -+ } - req.Header.Set("Connection", "Upgrade") - req.Header.Set("Upgrade", proto) - -diff --git a/client/request.go b/client/request.go -index c799095c1227..8f43553fb7c5 100644 ---- a/client/request.go -+++ b/moby-24.0.4/client/request.go -@@ -98,12 +98,12 @@ func (cli *Client) buildRequest(method, path string, body io.Reader, headers hea - req = cli.addHeaders(req, headers) - - if cli.proto == "unix" || cli.proto == "npipe" { -- // For local communications, it doesn't matter what the host is. We just -- // need a valid and meaningful host name. (See #189) -- req.Host = "docker" -+ // For local communications, it doesn't matter what the host is. -+ req.URL.Host = DummyHost -+ } else { -+ req.URL.Host = cli.addr - } - -- req.URL.Host = cli.addr - req.URL.Scheme = cli.scheme - - if expectedPayload && req.Header.Get("Content-Type") == "" { -diff --git a/client/request_test.go b/client/request_test.go -index 6e5a6e81f21c..1a99197ca231 100644 ---- a/client/request_test.go -+++ b/moby-24.0.4/client/request_test.go -@@ -28,24 +28,20 @@ func TestSetHostHeader(t *testing.T) { - expectedURLHost string - }{ - { -- "unix:///var/run/docker.sock", -- "docker", -- "/var/run/docker.sock", -+ host: "unix:///var/run/docker.sock", -+ expectedURLHost: DummyHost, - }, - { -- "npipe:////./pipe/docker_engine", -- "docker", -- "//./pipe/docker_engine", -+ host: "npipe:////./pipe/docker_engine", -+ expectedURLHost: DummyHost, - }, - { -- "tcp://0.0.0.0:4243", -- "", -- "0.0.0.0:4243", -+ host: "tcp://0.0.0.0:4243", -+ expectedURLHost: "0.0.0.0:4243", - }, - { -- "tcp://localhost:4243", -- "", -- "localhost:4243", -+ host: "tcp://localhost:4243", -+ expectedURLHost: "localhost:4243", - }, - } - - -From d22fa2bb92fd1ea37071487465f58c8bcb58badd Mon Sep 17 00:00:00 2001 -From: Sebastiaan van Stijn <github@gone.nl> -Date: Wed, 12 Jul 2023 15:07:59 +0200 -Subject: [PATCH 2/3] pkg/plugins: use a dummy hostname for local connections - -For local communications (npipe://, unix://), the hostname is not used, -but we need valid and meaningful hostname. - -The current code used the socket path as hostname, which gets rejected by -go1.20.6 and go1.19.11 because of a security fix for [CVE-2023-29406 ][1], -which was implemented in https://go.dev/issue/60374. - -Prior versions go Go would clean the host header, and strip slashes in the -process, but go1.20.6 and go1.19.11 no longer do, and reject the host -header. - -Before this patch, tests would fail on go1.20.6: - - === FAIL: pkg/authorization TestAuthZRequestPlugin (15.01s) - time="2023-07-12T12:53:45Z" level=warning msg="Unable to connect to plugin: //tmp/authz2422457390/authz-test-plugin.sock/AuthZPlugin.AuthZReq: Post \"http://%2F%2Ftmp%2Fauthz2422457390%2Fauthz-test-plugin.sock/AuthZPlugin.AuthZReq\": http: invalid Host header, retrying in 1s" - time="2023-07-12T12:53:46Z" level=warning msg="Unable to connect to plugin: //tmp/authz2422457390/authz-test-plugin.sock/AuthZPlugin.AuthZReq: Post \"http://%2F%2Ftmp%2Fauthz2422457390%2Fauthz-test-plugin.sock/AuthZPlugin.AuthZReq\": http: invalid Host header, retrying in 2s" - time="2023-07-12T12:53:48Z" level=warning msg="Unable to connect to plugin: //tmp/authz2422457390/authz-test-plugin.sock/AuthZPlugin.AuthZReq: Post \"http://%2F%2Ftmp%2Fauthz2422457390%2Fauthz-test-plugin.sock/AuthZPlugin.AuthZReq\": http: invalid Host header, retrying in 4s" - time="2023-07-12T12:53:52Z" level=warning msg="Unable to connect to plugin: //tmp/authz2422457390/authz-test-plugin.sock/AuthZPlugin.AuthZReq: Post \"http://%2F%2Ftmp%2Fauthz2422457390%2Fauthz-test-plugin.sock/AuthZPlugin.AuthZReq\": http: invalid Host header, retrying in 8s" - authz_unix_test.go:82: Failed to authorize request Post "http://%2F%2Ftmp%2Fauthz2422457390%2Fauthz-test-plugin.sock/AuthZPlugin.AuthZReq": http: invalid Host header - -[1]: https://github.com/advisories/GHSA-f8f7-69v5-w4vx - -Signed-off-by: Sebastiaan van Stijn <github@gone.nl> -(cherry picked from commit a4a861f9fbdd6293f95ef8d6d35241c6f6c29853) -Signed-off-by: Sebastiaan van Stijn <github@gone.nl> ---- - pkg/plugins/client.go | 14 ++++++++++++-- - 1 file changed, 12 insertions(+), 2 deletions(-) - -diff --git a/pkg/plugins/client.go b/pkg/plugins/client.go -index 752fecd0ae47..a740a8c3dac1 100644 ---- a/pkg/plugins/client.go -+++ b/moby-24.0.4/pkg/plugins/client.go -@@ -18,6 +18,12 @@ import ( - - const ( - defaultTimeOut = 30 -+ -+ // dummyHost is a hostname used for local communication. -+ // -+ // For local communications (npipe://, unix://), the hostname is not used, -+ // but we need valid and meaningful hostname. -+ dummyHost = "plugin.moby.localhost" - ) - - func newTransport(addr string, tlsConfig *tlsconfig.Options) (transport.Transport, error) { -@@ -44,8 +50,12 @@ func newTransport(addr string, tlsConfig *tlsconfig.Options) (transport.Transpor - return nil, err - } - scheme := httpScheme(u) -- -- return transport.NewHTTPTransport(tr, scheme, socket), nil -+ hostName := u.Host -+ if hostName == "" || u.Scheme == "unix" || u.Scheme == "npipe" { -+ // For local communications, it doesn't matter what the host is. -+ hostName = dummyHost -+ } -+ return transport.NewHTTPTransport(tr, scheme, hostName), nil - } - - // NewClient creates a new plugin client (http). - -From af1c09666a5c7ea12685fb8b482e64433a58f820 Mon Sep 17 00:00:00 2001 -From: Sebastiaan van Stijn <github@gone.nl> -Date: Wed, 12 Jul 2023 17:37:01 +0200 -Subject: [PATCH 3/3] testutil: use dummyhost for non-tcp connections - -Signed-off-by: Sebastiaan van Stijn <github@gone.nl> -(cherry picked from commit 524506a452dab8f67cb2c287c8acacdbe2599906) -Signed-off-by: Sebastiaan van Stijn <github@gone.nl> ---- - integration-cli/docker_api_attach_test.go | 9 ++++++++- - testutil/request/request.go | 9 +++++++-- - 2 files changed, 15 insertions(+), 3 deletions(-) - -diff --git a/integration-cli/docker_api_attach_test.go b/integration-cli/docker_api_attach_test.go -index 6d31c51ec344..0064b48bdf7b 100644 ---- a/integration-cli/docker_api_attach_test.go -+++ b/moby-24.0.4/integration-cli/docker_api_attach_test.go -@@ -234,7 +234,14 @@ func requestHijack(method, endpoint string, data io.Reader, ct, daemon string, m - return nil, nil, errors.Wrap(err, "could not create new request") - } - req.URL.Scheme = "http" -- req.URL.Host = hostURL.Host -+ -+ // FIXME(thaJeztah): this should really be done by client.ParseHostURL -+ if hostURL.Scheme == "unix" || hostURL.Scheme == "npipe" { -+ // For local communications, it doesn't matter what the host is. -+ req.URL.Host = client.DummyHost -+ } else { -+ req.URL.Host = hostURL.Host -+ } - - for _, opt := range modifiers { - opt(req) -diff --git a/testutil/request/request.go b/testutil/request/request.go -index d5f559c66637..239e27a8fc1d 100644 ---- a/testutil/request/request.go -+++ b/moby-24.0.4/testutil/request/request.go -@@ -123,8 +123,13 @@ func newRequest(endpoint string, opts *Options) (*http.Request, error) { - } else { - req.URL.Scheme = "http" - } -- req.URL.Host = hostURL.Host -- -+ // FIXME(thaJeztah): this should really be done by client.ParseHostURL -+ if hostURL.Scheme == "unix" || hostURL.Scheme == "npipe" { -+ // For local communications, it doesn't matter what the host is. -+ req.URL.Host = client.DummyHost -+ } else { -+ req.URL.Host = hostURL.Host -+ } - for _, config := range opts.requestModifiers { - if err := config(req); err != nil { - return nil, err diff --git a/app-containers/docker/metadata.xml b/app-containers/docker/metadata.xml index c8dfe231c86b..d58b9b295fb1 100644 --- a/app-containers/docker/metadata.xml +++ b/app-containers/docker/metadata.xml @@ -17,10 +17,6 @@ <name>Georgy Yakovlev</name> </maintainer> <use> - <flag name="aufs"> - Enables dependencies for the "aufs" graph driver, including - necessary kernel flags. - </flag> <flag name="btrfs"> Enables dependencies for the "btrfs" graph driver, including necessary kernel flags. diff --git a/app-containers/runc/Manifest b/app-containers/runc/Manifest index 9738abbcfa47..6d9a32d7d968 100644 --- a/app-containers/runc/Manifest +++ b/app-containers/runc/Manifest @@ -1,5 +1,3 @@ -DIST runc-1.1.4.tar.gz 2334639 BLAKE2B bc7eb7de29e8ebb9ce146bc77bf6cfc116f4af3e28c0344059183cf0c8082c629ccb235531c368cce99915991b25df0b50b7cbb98b9c6a7d141ba6cc15958651 SHA512 c8e79ad839964680d29ab56a4de255f91192741951673025da6889c544a232d4d392db2da8005d8e22999a37bfbc9c9fe7f6043b165bc4edc2f2a29261d8a3d6 DIST runc-1.1.7.tar.gz 2511464 BLAKE2B 63f09052659636b62185abbb178f7e104d22125190899e80e71ed2ba35567eb855abf786d3c7fff3dd9a1ab43ee282fcaecb6650cd8a1ce49c05acefd7c12cde SHA512 e3a18f04ac2c3553a815074ca64e04cfd71af54d78edbd4a13819f187476f96d7311c23bb63fb5c311b91865db4540985a6f9daa84819b0bac5f023b3b2a832c -EBUILD runc-1.1.4.ebuild 1843 BLAKE2B e390f7829d122bf1b69a366a01e4303bfa54d8362b44b74f9dfc85a88045f458a8e0827311931405b33e56868eddbb995499a169c1bec54bdbe5b2ecc0e07f27 SHA512 1850d961cab32b9b117c910bd05377128a67fdc8d93575395e0f7e913cc2058d55c1c59e38d68f0f07bbdc8777c3696155b0d6e92d02145299351d8aa922576e EBUILD runc-1.1.7.ebuild 1843 BLAKE2B 5dcdf28d4b75f14a565ad7766b9dfe6e4bf6ff644449175a7425a809d49048a219708a93bc77a51840cb6ab305f2a13551fb35449e3d4084aa68bab02a5aaa05 SHA512 b3dd66a07869fa8de8db8a13b06bfa19cbb593fe61b9092882073e4b0369e4000daf2735e5a23ba453dcde617e22bb822c76b145e864f6cb486fa0b352f84a90 MISC metadata.xml 759 BLAKE2B 2eefd8bf06b709fe70d91b444fb232fb23e51702d75c29b0fb49675056e9721f8f63dac596b55a2ae33ef7b46825a1543a9ffdaaeddcb80448953daa5505bd60 SHA512 34d1dd28f55a6aff44c2f6dadef2dede502837af0fb8411b55a7f3ef96d35d2ddae9cc0d230525715e41c423d813b0089c36369dfa666c1249f152de90a5c555 diff --git a/app-containers/runc/runc-1.1.4.ebuild b/app-containers/runc/runc-1.1.4.ebuild deleted file mode 100644 index 8818b620d307..000000000000 --- a/app-containers/runc/runc-1.1.4.ebuild +++ /dev/null @@ -1,78 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 -inherit go-module linux-info - -# update on bump, look for https://github.com/docker\ -# docker-ce/blob/<docker ver OR branch>/components/engine/hack/dockerfile/install/runc.installer -RUNC_COMMIT=5fd4c4d144137e991c4acebb2146ab1483a97925 -CONFIG_CHECK="~USER_NS" - -DESCRIPTION="runc container cli tools" -HOMEPAGE="http://github.com/opencontainers/runc/" -MY_PV="${PV/_/-}" -SRC_URI="https://github.com/opencontainers/${PN}/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz" - -LICENSE="Apache-2.0 BSD-2 BSD MIT" -SLOT="0" -KEYWORDS="amd64 ~arm arm64 ppc64 ~riscv ~x86" -IUSE="apparmor hardened +kmem +seccomp selinux test" - -DEPEND="seccomp? ( sys-libs/libseccomp )" - -RDEPEND=" - ${DEPEND} - !app-emulation/docker-runc - apparmor? ( sys-libs/libapparmor ) - selinux? ( sec-policy/selinux-container ) -" - -BDEPEND=" - dev-go/go-md2man - test? ( "${RDEPEND}" ) -" - -# tests need busybox binary, and portage namespace -# sandboxing disabled: mount-sandbox pid-sandbox ipc-sandbox -# majority of tests pass -RESTRICT+=" test" - -S="${WORKDIR}/${PN}-${MY_PV}" - -src_compile() { - # Taken from app-containers/docker-1.7.0-r1 - export CGO_CFLAGS="-I${ESYSROOT}/usr/include" - export CGO_LDFLAGS="$(usex hardened '-fno-PIC ' '') - -L${ESYSROOT}/usr/$(get_libdir)" - - # build up optional flags - local options=( - $(usev apparmor) - $(usev seccomp) - $(usex kmem '' 'nokmem') - ) - - myemakeargs=( - BUILDTAGS="${options[*]}" - COMMIT="${RUNC_COMMIT}" - ) - - emake "${myemakeargs[@]}" runc man -} - -src_install() { - myemakeargs+=( - PREFIX="${ED}/usr" - BINDIR="${ED}/usr/bin" - MANDIR="${ED}/usr/share/man" - ) - emake "${myemakeargs[@]}" install install-man install-bash - - local DOCS=( README.md PRINCIPLES.md docs/. ) - einstalldocs -} - -src_test() { - emake "${myemakeargs[@]}" localunittest -} |