Browse code
Merge pull request #21003 from riyazdf/hardware-signing-ga
Move hardware signing out of experimental
Tibor Vass authored on 2016/03/18 03:16:40Showing 10 changed files
- Dockerfile
- Dockerfile.aarch64
- Dockerfile.armhf
- Dockerfile.ppc64le
- Dockerfile.s390x
- hack/make.sh
- hack/make/.build-deb/rules
- hack/make/.build-rpm/docker-engine.spec
- hack/make/binary
- project/PACKAGERS.md
| ... | ... |
@@ -205,7 +205,7 @@ RUN useradd --create-home --gid docker unprivilegeduser |
| 205 | 205 |
|
| 206 | 206 |
VOLUME /var/lib/docker |
| 207 | 207 |
WORKDIR /go/src/github.com/docker/docker |
| 208 |
-ENV DOCKER_BUILDTAGS apparmor seccomp selinux |
|
| 208 |
+ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux |
|
| 209 | 209 |
|
| 210 | 210 |
# Let us use a .bashrc file |
| 211 | 211 |
RUN ln -sfv $PWD/.bashrc ~/.bashrc |
| ... | ... |
@@ -151,7 +151,7 @@ RUN useradd --create-home --gid docker unprivilegeduser |
| 151 | 151 |
|
| 152 | 152 |
VOLUME /var/lib/docker |
| 153 | 153 |
WORKDIR /go/src/github.com/docker/docker |
| 154 |
-ENV DOCKER_BUILDTAGS apparmor seccomp selinux |
|
| 154 |
+ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux |
|
| 155 | 155 |
|
| 156 | 156 |
# Let us use a .bashrc file |
| 157 | 157 |
RUN ln -sfv $PWD/.bashrc ~/.bashrc |
| ... | ... |
@@ -162,7 +162,7 @@ RUN useradd --create-home --gid docker unprivilegeduser |
| 162 | 162 |
|
| 163 | 163 |
VOLUME /var/lib/docker |
| 164 | 164 |
WORKDIR /go/src/github.com/docker/docker |
| 165 |
-ENV DOCKER_BUILDTAGS apparmor seccomp selinux |
|
| 165 |
+ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux |
|
| 166 | 166 |
|
| 167 | 167 |
# Let us use a .bashrc file |
| 168 | 168 |
RUN ln -sfv $PWD/.bashrc ~/.bashrc |
| ... | ... |
@@ -154,7 +154,7 @@ RUN useradd --create-home --gid docker unprivilegeduser |
| 154 | 154 |
|
| 155 | 155 |
VOLUME /var/lib/docker |
| 156 | 156 |
WORKDIR /go/src/github.com/docker/docker |
| 157 |
-ENV DOCKER_BUILDTAGS apparmor selinux |
|
| 157 |
+ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux |
|
| 158 | 158 |
|
| 159 | 159 |
# Let us use a .bashrc file |
| 160 | 160 |
RUN ln -sfv $PWD/.bashrc ~/.bashrc |
| ... | ... |
@@ -133,7 +133,7 @@ RUN useradd --create-home --gid docker unprivilegeduser |
| 133 | 133 |
|
| 134 | 134 |
VOLUME /var/lib/docker |
| 135 | 135 |
WORKDIR /go/src/github.com/docker/docker |
| 136 |
-ENV DOCKER_BUILDTAGS apparmor selinux |
|
| 136 |
+ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux |
|
| 137 | 137 |
|
| 138 | 138 |
# Let us use a .bashrc file |
| 139 | 139 |
RUN ln -sfv $PWD/.bashrc ~/.bashrc |
| ... | ... |
@@ -113,7 +113,7 @@ fi |
| 113 | 113 |
if [ "$DOCKER_EXPERIMENTAL" ]; then |
| 114 | 114 |
echo >&2 '# WARNING! DOCKER_EXPERIMENTAL is set: building experimental features' |
| 115 | 115 |
echo >&2 |
| 116 |
- DOCKER_BUILDTAGS+=" experimental pkcs11" |
|
| 116 |
+ DOCKER_BUILDTAGS+=" experimental" |
|
| 117 | 117 |
fi |
| 118 | 118 |
|
| 119 | 119 |
if [ -z "$DOCKER_CLIENTONLY" ]; then |
| ... | ... |
@@ -5,8 +5,8 @@ VERSION = $(shell cat VERSION) |
| 5 | 5 |
override_dh_gencontrol: |
| 6 | 6 |
# if we're on Ubuntu, we need to Recommends: apparmor |
| 7 | 7 |
echo 'apparmor:Recommends=$(shell dpkg-vendor --is Ubuntu && echo apparmor)' >> debian/docker-engine.substvars |
| 8 |
- # if we are building experimental we recommend yubico-piv-tool |
|
| 9 |
- echo 'yubico:Recommends=$(shell [ "$DOCKER_EXPERIMENTAL" ] && echo "yubico-piv-tool (>= 1.1.0~)")' >> debian/docker-engine.substvars |
|
| 8 |
+ # recommend yubico-piv-tool since we include pkcs11 by default |
|
| 9 |
+ echo 'yubico:Recommends="yubico-piv-tool (>= 1.1.0~)"' >> debian/docker-engine.substvars |
|
| 10 | 10 |
dh_gencontrol |
| 11 | 11 |
|
| 12 | 12 |
override_dh_auto_build: |
| ... | ... |
@@ -60,12 +60,10 @@ Requires: device-mapper >= 1.02.90-2 |
| 60 | 60 |
%global with_selinux 1 |
| 61 | 61 |
%endif |
| 62 | 62 |
|
| 63 |
-%if 0%{?_experimental}
|
|
| 64 |
-# yubico-piv-tool conditional |
|
| 63 |
+# yubico-piv-tool recommends |
|
| 65 | 64 |
%if 0%{?fedora} >= 20 || 0%{?centos} >= 7 || 0%{?rhel} >= 7
|
| 66 | 65 |
Requires: yubico-piv-tool >= 1.1.0 |
| 67 | 66 |
%endif |
| 68 |
-%endif |
|
| 69 | 67 |
|
| 70 | 68 |
# start if with_selinux |
| 71 | 69 |
%if 0%{?with_selinux}
|
| ... | ... |
@@ -36,7 +36,7 @@ if [ "$(go env GOOS)" == "linux" ] ; then |
| 36 | 36 |
esac |
| 37 | 37 |
fi |
| 38 | 38 |
|
| 39 |
-if [ "$IAMSTATIC" == "true" ] && [ "$(go env GOHOSTOS)" == "linux" ] && [ "$DOCKER_EXPERIMENTAL" ]; then |
|
| 39 |
+if [ "$IAMSTATIC" == "true" ] && [ "$(go env GOHOSTOS)" == "linux" ]; then |
|
| 40 | 40 |
if [ "${GOOS}/${GOARCH}" == "darwin/amd64" ]; then
|
| 41 | 41 |
export CGO_ENABLED=1 |
| 42 | 42 |
export CC=o64-clang |
| ... | ... |
@@ -60,7 +60,7 @@ To build the Docker daemon, you will additionally need: |
| 60 | 60 |
* btrfs-progs version 3.16.1 or later (unless using an older version is |
| 61 | 61 |
absolutely necessary, in which case 3.8 is the minimum) |
| 62 | 62 |
* libseccomp version 2.2.1 or later (for build tag seccomp) |
| 63 |
-* yubico-piv-tool version 1.1.0 or later (for experimental) |
|
| 63 |
+* yubico-piv-tool version 1.1.0 or later |
|
| 64 | 64 |
|
| 65 | 65 |
Be sure to also check out Docker's Dockerfile for the most up-to-date list of |
| 66 | 66 |
these build-time dependencies. |