Merge pull request bottlerocket-os#3759 from arnaldo2792/ecs-docker-u…

…pdate

Update to docker v25

packages/docker-cli/Cargo.toml

@@ -12,8 +12,8 @@ path = "../packages.rs"
 releases-url = "https://github.com/docker/cli/releases"
 
 [[package.metadata.build-package.external-files]]
-url = "https://github.com/docker/cli/archive/v20.10.21/cli-20.10.21.tar.gz"
-sha512 = "951100d75c833e1c844203fe86d73d25c3164eba4fce87cc05a0ac3691851fc5341c3b32ce3814dd61bd3700d8e8e1d045a7a5651c6dc5ddc0a39c58db9bd7b3"
+url = "https://github.com/docker/cli/archive/v25.0.2/cli-25.0.2.tar.gz"
+sha512 = "66c6c408f4f5f42ded007948a69fb66cf0d1f0462a1700fb4efaaf70755285e7179d5bd61e7963f77a088e5f27a8a42b0501be1331948d0ff30bd829b205b5ad"
 
 [build-dependencies]
 glibc = { path = "../glibc" }

packages/docker-cli/docker-cli.spec

@@ -2,9 +2,9 @@
 %global gorepo cli
 %global goimport %{goproject}/%{gorepo}
 
-%global gover 20.10.21
+%global gover 25.0.2
 %global rpmver %{gover}
-%global gitrev baeda1f82a10204ec5708d5fbba130ad76cfee49
+%global gitrev 29cf62922279a56e122dc132eb84fe98f61d5950
 
 %global source_date_epoch 1492525740
 
@@ -19,9 +19,6 @@ URL: https://%{goimport}
 Source0: https://%{goimport}/archive/v%{gover}/cli-%{gover}.tar.gz
 Source1000: clarify.toml
 
-# Backport to fix host header issue when compiling with Go 1.20.6 or later
-Patch0001: 0001-non-tcp-host-header.patch
-
 BuildRequires: git
 BuildRequires: %{_cross_os}glibc-devel
 

packages/docker-engine/0001-Change-default-capabilities-using-daemon-config.patch

@@ -0,0 +1,96 @@
+From 0e8787a690f82d326c432cc4ad101c77ac48543b Mon Sep 17 00:00:00 2001
+From: Shikha Vyaghra <[email protected]>
+Date: Thu, 6 Jul 2023 17:26:45 +0000
+Subject: [PATCH] Change default capabilities using daemon config
+
+Default capabilities in spec can be changed by reading from daemon
+configuration file using a parameter "default-capabilities". If
+the capabilities will not be provided, then default capabilities
+in Moby code will be used.
+
+Signed-off-by: Shikha Vyaghra <[email protected]>
+[agarrcia: updated for docker v25]
+Signed-off-by: Arnaldo Garcia Rincon <[email protected]>
+---
+ cmd/dockerd/config_unix.go    |  1 +
+ daemon/config/config.go       |  1 +
+ daemon/config/config_linux.go |  5 +++--
+ daemon/oci_linux.go           | 13 ++++++++++---
+ 4 files changed, 15 insertions(+), 5 deletions(-)
+
+diff --git a/cmd/dockerd/config_unix.go b/cmd/dockerd/config_unix.go
+index 00f5a9b..e684f63 100644
+--- a/cmd/dockerd/config_unix.go
++++ b/cmd/dockerd/config_unix.go
+@@ -61,6 +61,7 @@ func installConfigFlags(conf *config.Config, flags *pflag.FlagSet) error {
+ 	// Note that conf.BridgeConfig.UserlandProxyPath and honorXDG are configured according to the value of rootless.RunningWithRootlessKit, not the value of --rootless.
+ 	flags.BoolVar(&conf.Rootless, "rootless", conf.Rootless, "Enable rootless mode; typically used with RootlessKit")
+ 	flags.StringVar(&conf.CgroupNamespaceMode, "default-cgroupns-mode", conf.CgroupNamespaceMode, `Default mode for containers cgroup namespace ("host" | "private")`)
++	flags.Var(opts.NewNamedListOptsRef("default-capabilities", &conf.Capabilities, nil), "default-capabilities", "Default capabilities for containers")
+ 	return nil
+ }
+
+diff --git a/daemon/config/config.go b/daemon/config/config.go
+index 6e01495..37bd6ad 100644
+--- a/daemon/config/config.go
++++ b/daemon/config/config.go
+@@ -78,6 +78,7 @@ var flatOptions = map[string]bool{
+ 	"default-ulimits":      true,
+ 	"features":             true,
+ 	"builder":              true,
++	"default-capabilities": true,
+ }
+
+ // skipValidateOptions contains configuration keys
+diff --git a/daemon/config/config_linux.go b/daemon/config/config_linux.go
+index c2230f3..67387ac 100644
+--- a/daemon/config/config_linux.go
++++ b/daemon/config/config_linux.go
+@@ -92,8 +92,9 @@ type Config struct {
+ 	IpcMode              string                    `json:"default-ipc-mode,omitempty"`
+ 	CgroupNamespaceMode  string                    `json:"default-cgroupns-mode,omitempty"`
+ 	// ResolvConf is the path to the configuration of the host resolver
+-	ResolvConf string `json:"resolv-conf,omitempty"`
+-	Rootless   bool   `json:"rootless,omitempty"`
++	ResolvConf   string   `json:"resolv-conf,omitempty"`
++	Rootless     bool     `json:"rootless,omitempty"`
++	Capabilities []string `json:"default-capabilities,omitempty"`
+ }
+
+ // GetExecRoot returns the user configured Exec-root
+diff --git a/daemon/oci_linux.go b/daemon/oci_linux.go
+index c7fdedc..b197bf2 100644
+--- a/daemon/oci_linux.go
++++ b/daemon/oci_linux.go
+@@ -179,10 +179,17 @@ func WithApparmor(c *container.Container) coci.SpecOpts {
+ }
+
+ // WithCapabilities sets the container's capabilties
+-func WithCapabilities(c *container.Container) coci.SpecOpts {
++func WithCapabilities(c *container.Container, daemonCfg *dconfig.Config) coci.SpecOpts {
+ 	return func(ctx context.Context, _ coci.Client, _ *containers.Container, s *coci.Spec) error {
++		var defCaps []string
++		if len(daemonCfg.Capabilities) != 0 {
++			defCaps = daemonCfg.Capabilities
++		} else {
++			defCaps = caps.DefaultCapabilities()
++		}
++
+ 		capabilities, err := caps.TweakCapabilities(
+-			caps.DefaultCapabilities(),
++			defCaps,
+ 			c.HostConfig.CapAdd,
+ 			c.HostConfig.CapDrop,
+ 			c.HostConfig.Privileged,
+@@ -1106,7 +1113,7 @@ func (daemon *Daemon) createSpec(ctx context.Context, daemonCfg *configStore, c
+ 		WithDevices(daemon, c),
+ 		withRlimits(daemon, &daemonCfg.Config, c),
+ 		WithNamespaces(daemon, c),
+-		WithCapabilities(c),
++		WithCapabilities(c, &daemonCfg.Config),
+ 		WithSeccomp(daemon, c),
+ 		withMounts(daemon, daemonCfg, c),
+ 		withLibnetwork(daemon, &daemonCfg.Config, c),
+-- 
+2.41.0
+