diff --git a/packages/addons/addon-depends/docker/cli/package.mk b/packages/addons/addon-depends/docker/cli/package.mk index acb8cd24b2..c00d594f41 100644 --- a/packages/addons/addon-depends/docker/cli/package.mk +++ b/packages/addons/addon-depends/docker/cli/package.mk @@ -3,7 +3,7 @@ PKG_NAME="cli" PKG_VERSION="$(get_pkg_version moby)" -PKG_SHA256="72a54d131c28938221c81bd08364459fed9c71c093d4d615d324aaf31de6db1d" +PKG_SHA256="e52557b663d0acedd906d197d0159374dd3e43e29a1c9d01b5f1bfa763d7dd25" PKG_LICENSE="ASL" PKG_SITE="https://github.com/docker/cli" PKG_URL="https://github.com/docker/cli/archive/v${PKG_VERSION}.tar.gz" @@ -12,7 +12,7 @@ PKG_LONGDESC="The Docker CLI" PKG_TOOLCHAIN="manual" # Git commit of the matching release https://github.com/docker/cli/releases -export PKG_GIT_COMMIT="afdd53b4e341be38d2056a42113b938559bb1d94" +export PKG_GIT_COMMIT="e758fe5a7fb956b126ca5f9eb2df5a86c4841fbd" configure_target() { go_configure diff --git a/packages/addons/addon-depends/docker/containerd/package.mk b/packages/addons/addon-depends/docker/containerd/package.mk index de431524f6..2e1c1ea067 100644 --- a/packages/addons/addon-depends/docker/containerd/package.mk +++ b/packages/addons/addon-depends/docker/containerd/package.mk @@ -3,8 +3,8 @@ # Copyright (C) 2016-present Team LibreELEC (https://libreelec.tv) PKG_NAME="containerd" -PKG_VERSION="1.7.11" -PKG_SHA256="1f3ca2a15bedcaada4a7c3cde6126fb553226944b599f98bd71d616dfd02861a" +PKG_VERSION="1.7.12" +PKG_SHA256="bf523aa866d1152403807708b1239ee9b992c1afd526df0a83e744ce67a1f98e" PKG_LICENSE="APL" PKG_SITE="https://containerd.io" PKG_URL="https://github.com/containerd/containerd/archive/v${PKG_VERSION}.tar.gz" @@ -13,7 +13,7 @@ PKG_LONGDESC="A daemon to control runC, built for performance and density." PKG_TOOLCHAIN="manual" # Git commit of the matching release https://github.com/containerd/containerd/releases -PKG_GIT_COMMIT="4e1fe7492b9df85914c389d1f15a3ceedbb280ac" +PKG_GIT_COMMIT="71909c1814c544ac47ab91d2e8b84718e517bb99" pre_make_target() { diff --git a/packages/addons/addon-depends/docker/moby/package.mk b/packages/addons/addon-depends/docker/moby/package.mk index d4f37f7cf2..6f9da53351 100644 --- a/packages/addons/addon-depends/docker/moby/package.mk +++ b/packages/addons/addon-depends/docker/moby/package.mk @@ -2,8 +2,8 @@ # Copyright (C) 2022-present Team LibreELEC (https://libreelec.tv) PKG_NAME="moby" -PKG_VERSION="24.0.7" -PKG_SHA256="16a2cb4cf4d314a070085e0df06e3a6bd9ec678d28715b64060af694fc9051d5" +PKG_VERSION="25.0.0" +PKG_SHA256="f30c21b22241bbed478d9d31e13eda9ffee9bcd7800ad9d3238225835911d9ad" PKG_LICENSE="ASL" PKG_SITE="https://mobyproject.org/" PKG_URL="https://github.com/moby/moby/archive/v${PKG_VERSION}.tar.gz" @@ -12,7 +12,7 @@ PKG_LONGDESC="Moby is an open-source project created by Docker to enable and acc PKG_TOOLCHAIN="manual" # Git commit of the matching release https://github.com/moby/moby -export PKG_GIT_COMMIT="311b9ff0aa93aa55880e1e5f8871c4fb69583426" +export PKG_GIT_COMMIT="615dfdf67264ed5b08dd5e86657bf0e580731cea" PKG_MOBY_BUILDTAGS="daemon \ autogen \ diff --git a/packages/addons/addon-depends/docker/moby/patches/moby-001-user-addon-storage-location.patch b/packages/addons/addon-depends/docker/moby/patches/moby-001-user-addon-storage-location.patch index 4b82b6aa8b..30679e3774 100644 --- a/packages/addons/addon-depends/docker/moby/patches/moby-001-user-addon-storage-location.patch +++ b/packages/addons/addon-depends/docker/moby/patches/moby-001-user-addon-storage-location.patch @@ -4,9 +4,9 @@ # # diff -Naur a/cmd/dockerd/daemon_unix.go b/cmd/dockerd/daemon_unix.go ---- a/cmd/dockerd/daemon_unix.go 2022-06-03 10:30:24.000000000 -0700 -+++ b/cmd/dockerd/daemon_unix.go 2022-06-07 14:28:05.510327911 -0700 -@@ -24,7 +24,7 @@ +--- a/cmd/dockerd/daemon_unix.go 2024-01-04 15:38:22.000000000 +0000 ++++ b/cmd/dockerd/daemon_unix.go 2024-01-06 03:43:42.144311172 +0000 +@@ -23,7 +23,7 @@ func getDefaultDaemonConfigDir() (string, error) { if !honorXDG { @@ -15,32 +15,53 @@ diff -Naur a/cmd/dockerd/daemon_unix.go b/cmd/dockerd/daemon_unix.go } // NOTE: CLI uses ~/.docker while the daemon uses ~/.config/docker, because // ~/.docker was not designed to store daemon configurations. +diff -Naur a/cmd/dockerd/options.go b/cmd/dockerd/options.go +--- a/cmd/dockerd/options.go 2024-01-04 15:38:22.000000000 +0000 ++++ b/cmd/dockerd/options.go 2024-01-06 03:43:42.144311172 +0000 +@@ -39,7 +39,7 @@ + // + // - DOCKER_CONFIG only affects TLS certificates, but does not change the + // location for the actual *daemon configuration* (which defaults to +- // "/etc/docker/daemon.json"). ++ // "/storage/.kodi/userdata/addon_data/service.system.docker/config/daemon.json"). + // - If no value is set, configDir uses "~/.docker/" as default, but does + // not take $XDG_CONFIG_HOME into account (it uses pkg/homedir.Get, which + // is not XDG_CONFIG_HOME-aware). +@@ -52,7 +52,7 @@ + // We should: + // + // - deprecate DOCKER_CONFIG for the daemon +- // - decide where the TLS certs should live by default ("/etc/docker/"?) ++ // - decide where the TLS certs should live by default ("/storage/.kodi/userdata/addon_data/service.system.docker/config/"?) + // - look at "when" (and when _not_) XDG_CONFIG_HOME should be used. Its + // needed for rootless, but perhaps could be used for non-rootless(?) + // - When changing the location for TLS config, (ideally) they should diff -Naur a/integration/plugin/authz/authz_plugin_test.go b/integration/plugin/authz/authz_plugin_test.go ---- a/integration/plugin/authz/authz_plugin_test.go 2022-06-03 10:30:24.000000000 -0700 -+++ b/integration/plugin/authz/authz_plugin_test.go 2022-06-07 14:28:05.570328822 -0700 +--- a/integration/plugin/authz/authz_plugin_test.go 2024-01-04 15:38:22.000000000 +0000 ++++ b/integration/plugin/authz/authz_plugin_test.go 2024-01-06 03:43:42.100977532 +0000 @@ -56,15 +56,15 @@ - ctrl = &authorizationController{} - teardown := setupTest(t) -- err := os.MkdirAll("/etc/docker/plugins", 0755) -+ err := os.MkdirAll("/storage/.kodi/userdata/addon_data/service.system.docker/config/plugins", 0755) + ctrl = &authorizationController{} + +- err := os.MkdirAll("/etc/docker/plugins", 0o755) ++ err := os.MkdirAll("/storage/.kodi/userdata/addon_data/service.system.docker/config/plugins", 0o755) assert.NilError(t, err) - fileName := fmt.Sprintf("/etc/docker/plugins/%s.spec", testAuthZPlugin) + fileName := fmt.Sprintf("/storage/.kodi/userdata/addon_data/service.system.docker/config/plugins/%s.spec", testAuthZPlugin) - err = os.WriteFile(fileName, []byte(server.URL), 0644) + err = os.WriteFile(fileName, []byte(server.URL), 0o644) assert.NilError(t, err) - return func() { + t.Cleanup(func() { - err := os.RemoveAll("/etc/docker/plugins") + err := os.RemoveAll("/storage/.kodi/userdata/addon_data/service.system.docker/config/plugins") assert.NilError(t, err) - - teardown() + ctrl = nil + }) diff -Naur a/integration/plugin/graphdriver/external_test.go b/integration/plugin/graphdriver/external_test.go ---- a/integration/plugin/graphdriver/external_test.go 2022-06-03 10:30:24.000000000 -0700 -+++ b/integration/plugin/graphdriver/external_test.go 2022-06-07 14:28:05.570328822 -0700 -@@ -80,7 +80,7 @@ +--- a/integration/plugin/graphdriver/external_test.go 2024-01-04 15:38:22.000000000 +0000 ++++ b/integration/plugin/graphdriver/external_test.go 2024-01-06 03:43:42.100977532 +0000 +@@ -87,7 +87,7 @@ sserver.Close() jserver.Close() @@ -49,37 +70,37 @@ diff -Naur a/integration/plugin/graphdriver/external_test.go b/integration/plugi assert.NilError(t, err) } -@@ -344,10 +344,10 @@ +@@ -351,10 +351,10 @@ respond(w, &graphDriverResponse{Size: size}) }) -- err = os.MkdirAll("/etc/docker/plugins", 0755) -+ err = os.MkdirAll("/storage/.kodi/userdata/addon_data/service.system.docker/config/plugins", 0755) +- err = os.MkdirAll("/etc/docker/plugins", 0o755) ++ err = os.MkdirAll("/storage/.kodi/userdata/addon_data/service.system.docker/config/plugins", 0o755) assert.NilError(t, err) - specFile := "/etc/docker/plugins/" + name + "." + ext + specFile := "/storage/.kodi/userdata/addon_data/service.system.docker/config/plugins/" + name + "." + ext - err = os.WriteFile(specFile, b, 0644) + err = os.WriteFile(specFile, b, 0o644) assert.NilError(t, err) } diff -Naur a/integration-cli/docker_cli_external_volume_driver_test.go b/integration-cli/docker_cli_external_volume_driver_test.go ---- a/integration-cli/docker_cli_external_volume_driver_test.go 2022-06-03 10:30:24.000000000 -0700 -+++ b/integration-cli/docker_cli_external_volume_driver_test.go 2022-06-07 14:28:05.556328610 -0700 -@@ -258,10 +258,10 @@ +--- a/integration-cli/docker_cli_external_volume_driver_test.go 2024-01-04 15:38:22.000000000 +0000 ++++ b/integration-cli/docker_cli_external_volume_driver_test.go 2024-01-06 03:43:42.487646940 +0000 +@@ -262,10 +262,10 @@ send(w, `{"Capabilities": { "Scope": "global" }}`) }) -- err := os.MkdirAll("/etc/docker/plugins", 0755) -+ err := os.MkdirAll("/storage/.kodi/userdata/addon_data/service.system.docker/config/plugins", 0755) +- err := os.MkdirAll("/etc/docker/plugins", 0o755) ++ err := os.MkdirAll("/storage/.kodi/userdata/addon_data/service.system.docker/config/plugins", 0o755) assert.NilError(c, err) -- err = os.WriteFile("/etc/docker/plugins/"+name+".spec", []byte(s.Server.URL), 0644) -+ err = os.WriteFile("/storage/.kodi/userdata/addon_data/service.system.docker/config/plugins/"+name+".spec", []byte(s.Server.URL), 0644) +- err = os.WriteFile("/etc/docker/plugins/"+name+".spec", []byte(s.Server.URL), 0o644) ++ err = os.WriteFile("/storage/.kodi/userdata/addon_data/service.system.docker/config/plugins/"+name+".spec", []byte(s.Server.URL), 0o644) assert.NilError(c, err) return s } -@@ -269,7 +269,7 @@ - func (s *DockerExternalVolumeSuite) TearDownSuite(c *testing.T) { +@@ -273,7 +273,7 @@ + func (s *DockerExternalVolumeSuite) TearDownSuite(ctx context.Context, c *testing.T) { s.volumePlugin.Close() - err := os.RemoveAll("/etc/docker/plugins") @@ -87,37 +108,37 @@ diff -Naur a/integration-cli/docker_cli_external_volume_driver_test.go b/integra assert.NilError(c, err) } -@@ -359,7 +359,7 @@ +@@ -367,7 +367,7 @@ // Make sure a request to use a down driver doesn't block other requests func (s *DockerExternalVolumeSuite) TestExternalVolumeDriverLookupNotBlocked(c *testing.T) { - specPath := "/etc/docker/plugins/down-driver.spec" + specPath := "/storage/.kodi/userdata/addon_data/service.system.docker/config/plugins/down-driver.spec" - err := os.WriteFile(specPath, []byte("tcp://127.0.0.7:9999"), 0644) + err := os.WriteFile(specPath, []byte("tcp://127.0.0.7:9999"), 0o644) assert.NilError(c, err) defer os.RemoveAll(specPath) diff -Naur a/integration-cli/docker_cli_network_unix_test.go b/integration-cli/docker_cli_network_unix_test.go ---- a/integration-cli/docker_cli_network_unix_test.go 2022-06-03 10:30:24.000000000 -0700 -+++ b/integration-cli/docker_cli_network_unix_test.go 2022-06-07 14:28:05.558328640 -0700 -@@ -195,14 +195,14 @@ +--- a/integration-cli/docker_cli_network_unix_test.go 2024-01-04 15:38:22.000000000 +0000 ++++ b/integration-cli/docker_cli_network_unix_test.go 2024-01-06 03:43:42.487646940 +0000 +@@ -201,14 +201,14 @@ } }) -- err := os.MkdirAll("/etc/docker/plugins", 0755) -+ err := os.MkdirAll("/storage/.kodi/userdata/addon_data/service.system.docker/config/plugins", 0755) +- err := os.MkdirAll("/etc/docker/plugins", 0o755) ++ err := os.MkdirAll("/storage/.kodi/userdata/addon_data/service.system.docker/config/plugins", 0o755) assert.NilError(c, err) - fileName := fmt.Sprintf("/etc/docker/plugins/%s.spec", netDrv) + fileName := fmt.Sprintf("/storage/.kodi/userdata/addon_data/service.system.docker/config/plugins/%s.spec", netDrv) - err = os.WriteFile(fileName, []byte(url), 0644) + err = os.WriteFile(fileName, []byte(url), 0o644) assert.NilError(c, err) - ipamFileName := fmt.Sprintf("/etc/docker/plugins/%s.spec", ipamDrv) + ipamFileName := fmt.Sprintf("/storage/.kodi/userdata/addon_data/service.system.docker/config/plugins/%s.spec", ipamDrv) - err = os.WriteFile(ipamFileName, []byte(url), 0644) + err = os.WriteFile(ipamFileName, []byte(url), 0o644) assert.NilError(c, err) } -@@ -214,7 +214,7 @@ +@@ -220,7 +220,7 @@ s.server.Close() @@ -127,27 +148,27 @@ diff -Naur a/integration-cli/docker_cli_network_unix_test.go b/integration-cli/d } diff -Naur a/integration-cli/docker_cli_swarm_test.go b/integration-cli/docker_cli_swarm_test.go ---- a/integration-cli/docker_cli_swarm_test.go 2022-06-03 10:30:24.000000000 -0700 -+++ b/integration-cli/docker_cli_swarm_test.go 2022-06-07 14:28:05.561328685 -0700 -@@ -769,14 +769,14 @@ +--- a/integration-cli/docker_cli_swarm_test.go 2024-01-04 15:38:22.000000000 +0000 ++++ b/integration-cli/docker_cli_swarm_test.go 2024-01-06 03:43:42.494313654 +0000 +@@ -793,14 +793,14 @@ } }) -- err := os.MkdirAll("/etc/docker/plugins", 0755) -+ err := os.MkdirAll("/storage/.kodi/userdata/addon_data/service.system.docker/config/plugins", 0755) +- err := os.MkdirAll("/etc/docker/plugins", 0o755) ++ err := os.MkdirAll("/storage/.kodi/userdata/addon_data/service.system.docker/config/plugins", 0o755) assert.NilError(c, err) - fileName := fmt.Sprintf("/etc/docker/plugins/%s.spec", netDrv) + fileName := fmt.Sprintf("/storage/.kodi/userdata/addon_data/service.system.docker/config/plugins/%s.spec", netDrv) - err = os.WriteFile(fileName, []byte(url), 0644) + err = os.WriteFile(fileName, []byte(url), 0o644) assert.NilError(c, err) - ipamFileName := fmt.Sprintf("/etc/docker/plugins/%s.spec", ipamDrv) + ipamFileName := fmt.Sprintf("/storage/.kodi/userdata/addon_data/service.system.docker/config/plugins/%s.spec", ipamDrv) - err = os.WriteFile(ipamFileName, []byte(url), 0644) + err = os.WriteFile(ipamFileName, []byte(url), 0o644) assert.NilError(c, err) } -@@ -788,7 +788,7 @@ +@@ -813,7 +813,7 @@ setupRemoteGlobalNetworkPlugin(c, mux, s.server.URL, globalNetworkPlugin, globalIPAMPlugin) defer func() { s.server.Close() @@ -157,8 +178,8 @@ diff -Naur a/integration-cli/docker_cli_swarm_test.go b/integration-cli/docker_c }() diff -Naur a/libnetwork/drivers/remote/driver_test.go b/libnetwork/drivers/remote/driver_test.go ---- a/libnetwork/drivers/remote/driver_test.go 2022-06-03 10:30:24.000000000 -0700 -+++ b/libnetwork/drivers/remote/driver_test.go 2022-06-07 14:28:05.586329065 -0700 +--- a/libnetwork/drivers/remote/driver_test.go 2024-01-04 15:38:22.000000000 +0000 ++++ b/libnetwork/drivers/remote/driver_test.go 2024-01-06 03:43:42.480980226 +0000 @@ -41,7 +41,7 @@ } @@ -169,8 +190,8 @@ diff -Naur a/libnetwork/drivers/remote/driver_test.go b/libnetwork/drivers/remot specPath = filepath.Join(os.Getenv("programdata"), "docker", "plugins") } diff -Naur a/libnetwork/ipams/remote/remote_test.go b/libnetwork/ipams/remote/remote_test.go ---- a/libnetwork/ipams/remote/remote_test.go 2022-06-03 10:30:24.000000000 -0700 -+++ b/libnetwork/ipams/remote/remote_test.go 2022-06-07 14:28:05.591329141 -0700 +--- a/libnetwork/ipams/remote/remote_test.go 2024-01-04 15:38:22.000000000 +0000 ++++ b/libnetwork/ipams/remote/remote_test.go 2024-01-06 03:43:42.470980156 +0000 @@ -36,7 +36,7 @@ } @@ -181,36 +202,54 @@ diff -Naur a/libnetwork/ipams/remote/remote_test.go b/libnetwork/ipams/remote/re specPath = filepath.Join(os.Getenv("programdata"), "docker", "plugins") } diff -Naur a/libnetwork/libnetwork_unix_test.go b/libnetwork/libnetwork_unix_test.go ---- a/libnetwork/libnetwork_unix_test.go 2022-06-03 10:30:24.000000000 -0700 -+++ b/libnetwork/libnetwork_unix_test.go 2022-06-07 14:28:05.592329156 -0700 -@@ -3,4 +3,4 @@ +--- a/libnetwork/libnetwork_unix_test.go 2024-01-04 15:38:22.000000000 +0000 ++++ b/libnetwork/libnetwork_unix_test.go 2024-01-06 03:43:42.484313584 +0000 +@@ -2,4 +2,4 @@ package libnetwork_test -var specPath = "/etc/docker/plugins" +var specPath = "/storage/.kodi/userdata/addon_data/service.system.docker/config/plugins" +diff -Naur a/pkg/plugins/discovery.go b/pkg/plugins/discovery.go +--- a/pkg/plugins/discovery.go 2024-01-04 15:38:22.000000000 +0000 ++++ b/pkg/plugins/discovery.go 2024-01-06 03:43:42.107644246 +0000 +@@ -120,12 +120,12 @@ + // + // On Unix in non-rootless mode: + // +-// - "/etc/docker/plugins" ++// - "/storage/.kodi/userdata/addon_data/service.system.docker/config/plugins" + // - "/usr/lib/docker/plugins" + // + // On Unix in rootless-mode: + // +-// - "$XDG_CONFIG_HOME/docker/plugins" (or "/etc/docker/plugins" if $XDG_CONFIG_HOME is not set) ++// - "$XDG_CONFIG_HOME/docker/plugins" (or "/storage/.kodi/userdata/addon_data/service.system.docker/config/plugins" if $XDG_CONFIG_HOME is not set) + // - "$HOME/.local/lib/docker/plugins" (pr "/usr/lib/docker/plugins" if $HOME is set) + func SpecsPaths() []string { + return specsPaths() diff -Naur a/pkg/plugins/discovery_unix.go b/pkg/plugins/discovery_unix.go ---- a/pkg/plugins/discovery_unix.go 2022-06-03 10:30:24.000000000 -0700 -+++ b/pkg/plugins/discovery_unix.go 2022-06-07 14:28:05.615329505 -0700 -@@ -15,7 +15,7 @@ +--- a/pkg/plugins/discovery_unix.go 2024-01-04 15:38:22.000000000 +0000 ++++ b/pkg/plugins/discovery_unix.go 2024-01-06 03:43:42.107644246 +0000 +@@ -12,7 +12,7 @@ + if configHome, err := homedir.GetConfigHome(); err != nil { return filepath.Join(configHome, "docker/plugins") } - - return "/etc/docker/plugins" + return "/storage/.kodi/userdata/addon_data/service.system.docker/config/plugins" } func rootlessLibPluginsPath() string { -@@ -37,5 +37,5 @@ +@@ -27,5 +27,5 @@ + if rootless.RunningWithRootlessKit() { return []string{rootlessConfigPluginsPath(), rootlessLibPluginsPath()} } - - return []string{"/etc/docker/plugins", "/usr/lib/docker/plugins"} + return []string{"/storage/.kodi/userdata/addon_data/service.system.docker/config/plugins", "/usr/lib/docker/plugins"} } diff -Naur a/pkg/plugins/plugins.go b/pkg/plugins/plugins.go ---- a/pkg/plugins/plugins.go 2022-06-03 10:30:24.000000000 -0700 -+++ b/pkg/plugins/plugins.go 2022-06-07 14:28:05.616329521 -0700 +--- a/pkg/plugins/plugins.go 2024-01-04 15:38:22.000000000 +0000 ++++ b/pkg/plugins/plugins.go 2024-01-06 03:43:42.107644246 +0000 @@ -4,7 +4,7 @@ // Docker discovers plugins by looking for them in the plugin directory whenever // a user or container tries to use one by name. UNIX domain socket files must @@ -221,9 +260,9 @@ diff -Naur a/pkg/plugins/plugins.go b/pkg/plugins/plugins.go // its name if it exists. // diff -Naur a/registry/config_unix.go b/registry/config_unix.go ---- a/registry/config_unix.go 2022-06-03 10:30:24.000000000 -0700 -+++ b/registry/config_unix.go 2022-06-07 14:28:05.626329672 -0700 -@@ -6,7 +6,7 @@ +--- a/registry/config_unix.go 2024-01-04 15:38:22.000000000 +0000 ++++ b/registry/config_unix.go 2024-01-06 03:43:42.487646940 +0000 +@@ -5,7 +5,7 @@ // defaultCertsDir is the platform-specific default directory where certificates // are stored. On Linux, it may be overridden through certsDir, for example, when // running in rootless mode. @@ -232,15 +271,15 @@ diff -Naur a/registry/config_unix.go b/registry/config_unix.go // cleanPath is used to ensure that a directory name is valid on the target // platform. It will be passed in something *similar* to a URL such as -diff -Naur a/registry/endpoint_v1.go b/registry/endpoint_v1.go ---- a/registry/endpoint_v1.go 2022-06-03 10:30:24.000000000 -0700 -+++ b/registry/endpoint_v1.go 2022-06-07 14:28:05.627329688 -0700 -@@ -63,7 +63,7 @@ +diff -Naur a/registry/search_endpoint_v1.go b/registry/search_endpoint_v1.go +--- a/registry/search_endpoint_v1.go 2024-01-04 15:38:22.000000000 +0000 ++++ b/registry/search_endpoint_v1.go 2024-01-06 03:43:42.487646940 +0000 +@@ -54,7 +54,7 @@ if endpoint.IsSecure { // If registry is secure and HTTPS failed, show user the error and tell them about `--insecure-registry` - // in case that's what they need. DO NOT accept unknown CA certificates, and DO NOT fallback to HTTP. -- return invalidParamf("invalid registry endpoint %s: %v. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry %s` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/%s/ca.crt", endpoint, err, endpoint.URL.Host, endpoint.URL.Host) -+ return invalidParamf("invalid registry endpoint %s: %v. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry %s` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /storage/.kodi/userdata/addon_data/service.system.docker/config/certs.d/%s/ca.crt", endpoint, err, endpoint.URL.Host, endpoint.URL.Host) + // in case that's what they need. DO NOT accept unknown CA certificates, and DO NOT fall back to HTTP. +- return nil, invalidParamf("invalid registry endpoint %s: %v. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry %s` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/%s/ca.crt", endpoint, err, endpoint.URL.Host, endpoint.URL.Host) ++ return nil, invalidParamf("invalid registry endpoint %s: %v. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry %s` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /storage/.kodi/userdata/addon_data/service.system.docker/config/certs.d/%s/ca.crt", endpoint, err, endpoint.URL.Host, endpoint.URL.Host) } - // If registry is insecure and HTTPS failed, fallback to HTTP. + // registry is insecure and HTTPS failed, fallback to HTTP. diff --git a/packages/addons/addon-depends/docker/moby/patches/moby-002-use-unconfined-seccomp-profile-as-default.patch b/packages/addons/addon-depends/docker/moby/patches/moby-002-use-unconfined-seccomp-profile-as-default.patch index 91691befa5..f1282fb97b 100644 --- a/packages/addons/addon-depends/docker/moby/patches/moby-002-use-unconfined-seccomp-profile-as-default.patch +++ b/packages/addons/addon-depends/docker/moby/patches/moby-002-use-unconfined-seccomp-profile-as-default.patch @@ -1,8 +1,8 @@ --- a/daemon/config/config.go 2022-06-03 10:30:24.000000000 -0700 +++ b/daemon/config/config.go 2022-06-07 14:29:36.755713207 -0700 @@ -60,7 +60,7 @@ - LinuxV2RuntimeName = "io.containerd.runc.v2" - + // by [minAPIVersion]. + defaultMinAPIVersion = "1.24" // SeccompProfileDefault is the built-in default seccomp profile. - SeccompProfileDefault = "builtin" + SeccompProfileDefault = "unconfined" @@ -11,10 +11,10 @@ SeccompProfileUnconfined = "unconfined" --- a/daemon/daemon_unix.go 2022-06-03 10:30:24.000000000 -0700 +++ b/daemon/daemon_unix.go 2022-06-07 14:34:55.315558083 -0700 -@@ -1510,8 +1510,6 @@ +@@ -1463,8 +1463,6 @@ - func (daemon *Daemon) setupSeccompProfile() error { - switch profile := daemon.configStore.SeccompProfile; profile { + func (daemon *Daemon) setupSeccompProfile(cfg *config.Config) error { + switch profile := cfg.SeccompProfile; profile { - case "", config.SeccompProfileDefault: - daemon.seccompProfilePath = config.SeccompProfileDefault case config.SeccompProfileUnconfined: diff --git a/packages/addons/service/docker/package.mk b/packages/addons/service/docker/package.mk index 8f5d54eb32..92dc961a70 100644 --- a/packages/addons/service/docker/package.mk +++ b/packages/addons/service/docker/package.mk @@ -3,7 +3,7 @@ # Copyright (C) 2017-present Team LibreELEC (https://libreelec.tv) PKG_NAME="docker" -PKG_REV="1" +PKG_REV="2" PKG_ARCH="any" PKG_LICENSE="ASL" PKG_SITE="http://www.docker.com/"