docker-ce: docker-ce -> dockerd

The source is being deprecated and split into the CLI and engine/daemon repositories, So `docker-ce` will now be the `dockerd` and a separate package will be made for the `docker` CLI. Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
2026-04-29 15:08:40 +01:00 · 2020-10-31 18:12:36 +10:00
parent 2991c20c61
commit 249d7d8faa
7 changed files with 0 additions and 0 deletions
@@ -0,0 +1,95 @@
+config DOCKER_KERNEL_OPTIONS
+	bool "Enable Basic kernel support for Docker"
+	depends on PACKAGE_docker-ce
+	default y
+	select KERNEL_CGROUPS
+	select KERNEL_CGROUP_CPUACCT
+	select KERNEL_CGROUP_DEVICE
+	select KERNEL_CGROUP_FREEZER
+	select KERNEL_CGROUP_SCHED
+	select KERNEL_NAMESPACES
+	select KERNEL_CPUSETS
+	select KERNEL_MEMCG
+	select KERNEL_KEYS
+	select KERNEL_POSIX_MQUEUE
+	help
+	  Select needed kernel options for Docker. Options include
+	  cgroups, namespaces and other miscellaneous options.
+	  see also https://github.com/docker/engine/blob/master/contrib/check-config.sh
+
+config DOCKER_SECCOMP
+	bool "Enable support for seccomp in Docker"
+	depends on PACKAGE_docker-ce
+	default n
+	select KERNEL_SECCOMP
+	select PACKAGE_libseccomp
+	help
+	  Build Docker with support for seccomp filters.
+	  Select libseccomp which also pulls-in the needed kernel features.
+
+config DOCKER_RES_SHAPE
+	bool "Enables support for resource shaping"
+	depends on PACKAGE_docker-ce
+	default n
+	select KERNEL_MEMCG_SWAP
+	select KERNEL_MEMCG_SWAP_ENABLED
+	select KERNEL_BLK_DEV_THROTTLING
+	select KERNEL_CFQ_GROUP_IOSCHED
+	select KERNEL_CGROUP_PERF
+	select KERNEL_CGROUP_HUGETLB
+	select KERNEL_FAIR_GROUP_SCHED
+	select KERNEL_NET_CLS_CGROUP
+	select KERNEL_CGROUP_NET_CLASSID
+	select KERNEL_CGROUP_NET_PRIO
+	select KERNEL_CFS_BANDWIDTH
+	select KERNEL_RT_GROUP_SCHED
+
+menu "Network"
+	depends on PACKAGE_docker-ce
+
+	config DOCKER_NET_OVERLAY
+		bool "Enables the Overlay network feature"
+		default n
+		select PACKAGE_kmod-udptunnel4
+		help
+		  Selects kernel options for the Overlay network feature.
+		  Includes udptunnel4
+
+	config DOCKER_NET_ENCRYPT
+		bool "Enable encrypted networking kernel support"
+		depends on DOCKER_NET_OVERLAY
+		default n
+		select PACKAGE_kmod-ipsec
+		select PACKAGE_kmod-ipsec4
+		select PACKAGE_kmod-crypto-gcm
+		select PACKAGE_kmod-crypto-ghash
+		help
+		  Select needed kernel options for encrypted networking support.
+
+	config DOCKER_NET_MACVLAN
+		bool "Enables macvlan kernel support"
+		default n
+		select PACKAGE_kmod-macvlan
+		select PACKAGE_kmod-dummy
+
+	config DOCKER_NET_TFTP
+		bool "Enable ftp/tftp client kernel support"
+		default n
+		select PACKAGE_kmod-nf-nathelper
+		select PACKAGE_kmod-nf-nathelper-extra
+endmenu
+
+menu "Storage"
+	depends on PACKAGE_docker-ce
+
+	config DOCKER_STO_EXT4
+		bool "Enables support for ext3 or ext4 as the backing filesystem"
+		default n
+		select KERNEL_EXT4_FS_POSIX_ACL
+
+	config DOCKER_STO_BTRFS
+		bool "Enables support for btrfs as the backing filesystem"
+		default n
+		select PACKAGE_kmod-fs-btrfs
+		select KERNEL_BTRFS_FS_POSIX_ACL
+endmenu
@@ -0,0 +1,153 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=docker-ce
+PKG_VERSION:=19.03.13
+PKG_RELEASE:=5
+PKG_LICENSE:=Apache-2.0
+PKG_LICENSE_FILES:=components/cli/LICENSE components/engine/LICENSE
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://codeload.github.com/docker/docker-ce/tar.gz/v$(PKG_VERSION)?
+PKG_HASH:=b2ff08675738031b6d6d59a90226657c16726851957c11b5fb85a4598b933b92
+PKG_SOURCE_VERSION:=4484c46d9d # SHA1 used within the docker executables
+
+PKG_MAINTAINER:=Gerard Ryan <G.M0N3Y.2503@gmail.com>
+
+# $(1) = path to dependent package 'Makefile'
+# $(2) = relevant docker-ce '.installer' file
+define EnsureVendoredVersion
+	( \
+		DEP_VER=$$$$( grep --only-matching --perl-regexp '(?<=PKG_SOURCE_VERSION:=)(.*)' "$(1)" ); \
+		VEN_VER=$$$$( grep --only-matching --perl-regexp '(?<=_COMMIT:=)(.*)(?=})' "$(PKG_BUILD_DIR)/components/engine/hack/dockerfile/install/$(2)" ); \
+		if [ $$$$VEN_VER != $$$$DEP_VER ]; then \
+			echo "ERROR: Expected 'PKG_SOURCE_VERSION:=$$$$VEN_VER' in '$(1)', found 'PKG_SOURCE_VERSION:=$$$$DEP_VER'"; \
+			exit 1; \
+		fi \
+	)
+endef
+
+PKG_BUILD_DEPENDS:=golang/host
+PKG_BUILD_PARALLEL:=1
+
+GO_PKG:=github.com/docker
+
+include $(INCLUDE_DIR)/package.mk
+include ../../lang/golang/golang-package.mk
+
+define Package/docker-ce/config
+  source "$(SOURCE)/Config.in"
+endef
+
+define Package/docker-ce
+  SECTION:=utils
+  CATEGORY:=Utilities
+  TITLE:=Docker Community Edition
+  URL:=https://www.docker.com/
+  DEPENDS:=$(GO_ARCH_DEPENDS) @(aarch64||arm||x86_64) +btrfs-progs +ca-certificates +cgroupfs-mount +containerd +libdevmapper +libnetwork +tini \
+           +DOCKER_SECCOMP:libseccomp +iptables-mod-extra +kmod-br-netfilter +kmod-ikconfig +kmod-nf-conntrack-netlink +kmod-nf-ipvs +kmod-veth
+  USERID:=docker:docker
+  MENU:=1
+endef
+
+define Package/docker-ce/conffiles
+/etc/config/dockerd
+endef
+
+define Package/docker-ce/description
+  Docker Engine is used by millions enables containerized applications
+  to run anywhere consistently on any infrastructure.
+endef
+
+define Build/Prepare
+	$(Build/Prepare/Default)
+
+	# Verify dependencies are the vendored version
+	$(call EnsureVendoredVersion,../containerd/Makefile,containerd.installer)
+	$(call EnsureVendoredVersion,../libnetwork/Makefile,proxy.installer)
+	$(call EnsureVendoredVersion,../runc/Makefile,runc.installer)
+	$(call EnsureVendoredVersion,../tini/Makefile,tini.installer)
+endef
+
+define Build/Configure
+	# move so GoPackage/Build/Configure will get the correct path
+	mv $(PKG_BUILD_DIR)/components/engine $(PKG_BUILD_DIR)/
+	mv $(PKG_BUILD_DIR)/components/cli $(PKG_BUILD_DIR)/
+
+	# docker generates files at build time so we'll just symlink for now and call GoPackage/Build/Configure later
+	mkdir -p $(GO_PKG_BUILD_DIR)/bin \
+			 $(GO_PKG_BUILD_DIR)/src \
+			 $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/ \
+			 $(GO_BUILD_CACHE_DIR)
+	$(LN) $(PKG_BUILD_DIR)/cli $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/cli
+	$(LN) $(PKG_BUILD_DIR)/engine $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/docker
+endef
+
+ifeq ($(CONFIG_DOCKER_SECCOMP),y)
+BUILDTAGS:=seccomp
+else
+BUILDTAGS:=
+endif
+
+define Build/Compile
+	( \
+		export $(GO_PKG_VARS) \
+			GITCOMMIT=$(PKG_SOURCE_VERSION) \
+			DOCKER_GITCOMMIT=$(PKG_SOURCE_VERSION) \
+			DOCKER_BUILDTAGS='$(BUILDTAGS)' \
+			VERSION=$(PKG_VERSION) \
+		\
+		&& echo "Compiling CLI..." \
+		&& cd $(PKG_BUILD_DIR)/cli \
+		&& ./scripts/build/binary \
+		\
+		&& echo "Compiling Engine..." \
+		&& cd $(PKG_BUILD_DIR)/engine \
+		&& ./hack/make.sh binary \
+	)
+
+	# done here to include autogenerated files also
+	rm $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/cli
+	rm $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/docker
+	$(call GoPackage/Build/Configure)
+endef
+
+define Package/docker-ce/install
+	$(INSTALL_DIR) $(1)/usr/bin/
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/cli/build/docker $(1)/usr/bin/
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/engine/bundles/binary-daemon/dockerd $(1)/usr/bin/
+
+	$(INSTALL_DIR) $(1)/opt/docker/
+	$(INSTALL_DIR) $(1)/usr/share/docker/
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/engine/contrib/check-config.sh $(1)/usr/share/docker/
+
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) ./files/dockerd.init $(1)/etc/init.d/dockerd
+
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_CONF) ./files/etc/config/dockerd $(1)/etc/config/dockerd
+
+	# Must be after systcl 11-br-netfilter.conf from kmod-br-netfilter
+	$(INSTALL_DIR) $(1)/etc/sysctl.d
+	$(INSTALL_DATA) ./files/etc/sysctl.d/sysctl-br-netfilter-ip.conf \
+		$(1)/etc/sysctl.d/12-br-netfilter-ip.conf
+endef
+
+define Package/docker-ce/postinst
+#!/bin/sh
+[ -n "$$IPKG_INSTROOT" ] || {
+	/etc/init.d/dockerd enable
+	/etc/init.d/dockerd uciadd
+	/etc/init.d/dockerd start
+}
+endef
+
+define Package/docker-ce/prerm
+#!/bin/sh
+[ -n "$$IPKG_INSTROOT" ] || {
+	/etc/init.d/dockerd disable
+	/etc/init.d/dockerd stop
+	/etc/init.d/dockerd ucidel
+}
+endef
+
+$(eval $(call BuildPackage,docker-ce))
@@ -0,0 +1,228 @@
+#!/bin/sh /etc/rc.common
+
+USE_PROCD=1
+START=25
+
+extra_command "uciadd" "<interface> <device> <zone> Add docker bridge configuration to network and firewall uci config"
+extra_command "ucidel" "<interface> <device> <zone> Delete docker bridge configuration from network and firewall uci config"
+
+DOCKER_CONF_DIR="/tmp/dockerd"
+DOCKERD_CONF="${DOCKER_CONF_DIR}/daemon.json"
+
+uci_quiet() {
+	uci -q "${@}" >/dev/null
+}
+
+json_add_array_string() {
+	json_add_string "" "${1}"
+}
+
+boot() {
+	uciadd
+	rc_procd start_service
+}
+
+uciadd() {
+	local iface="${1}"
+	local device="${2}"
+	local zone="${3}"
+
+	[ -z "${iface}" ] && {
+		iface="docker"
+		device="docker0"
+		zone="docker"
+	}
+
+	/etc/init.d/dockerd running && {
+		echo "Please stop dockerd service first"
+		exit 0
+	}
+
+	# Add network interface
+	if ! uci_quiet get network.${iface}; then
+		logger -t "dockerd-init" -p notice "Adding docker default interface to network uci config (${iface})"
+		uci_quiet add network interface
+		uci_quiet rename network.@interface[-1]="${iface}"
+		uci_quiet set network.@interface[-1].ifname="${device}"
+		uci_quiet set network.@interface[-1].proto="none"
+		uci_quiet set network.@interface[-1].auto="0"
+		uci_quiet commit network
+	fi
+
+	# Add docker bridge device
+	if ! uci_quiet get network.${device}; then
+		logger -t "dockerd-init" -p notice "Adding docker default bridge device to network uci config (${device})"
+		uci_quiet add network device
+		uci_quiet rename network.@device[-1]="${device}"
+		uci_quiet set network.@device[-1].type="bridge"
+		uci_quiet set network.@device[-1].name="${device}"
+		uci_quiet add_list network.@device[-1].ifname="${device}"
+		uci_quiet commit network
+	fi
+
+	# Add firewall zone
+	if ! uci_quiet get firewall.${zone}; then
+		logger -t "dockerd-init" -p notice "Adding docker default firewall zone to firewall uci config (${zone})"
+		uci_quiet add firewall zone
+		uci_quiet rename firewall.@zone[-1]="${zone}"
+		uci_quiet set firewall.@zone[-1].network="${iface}"
+		uci_quiet set firewall.@zone[-1].input="REJECT"
+		uci_quiet set firewall.@zone[-1].output="ACCEPT"
+		uci_quiet set firewall.@zone[-1].forward="REJECT"
+		uci_quiet set firewall.@zone[-1].name="${zone}"
+		uci_quiet commit firewall
+	fi
+
+	reload_config
+}
+
+ucidel() {
+	local iface="${1}"
+	local device="${2}"
+	local zone="${3}"
+
+	[ -z "${iface}" ] && {
+		iface="docker"
+		device="docker0"
+		zone="docker"
+	}
+
+	/etc/init.d/dockerd running && {
+		echo "Please stop dockerd service first"
+		exit 0
+	}
+
+	if uci_quiet get network.${device}; then
+		logger -t "dockerd-init" -p notice "Deleting docker default bridge device from network uci config (${device})"
+		uci_quiet delete network.${device}
+		uci_quiet commit network
+	fi
+
+	if uci_quiet get network.${iface}; then
+		logger -t "dockerd-init" -p notice "Deleting docker default interface from network uci config (${iface})"
+		uci_quiet delete network.${iface}
+		uci_quiet commit network
+	fi
+
+	if uci_quiet get firewall.${zone}; then
+		logger -t "dockerd-init" -p notice "Deleting docker firewall zone from firewall uci config (${zone})"
+		uci_quiet delete firewall.${zone}
+		uci_quiet commit firewall
+	fi
+
+	reload_config
+}
+
+process_config() {
+	local alt_config_file data_root log_level iptables bip
+
+	[ -f /etc/config/dockerd ] || {
+		# Use the daemon default configuration
+		DOCKERD_CONF=""
+		return 0
+	}
+
+	# reset configuration
+	rm -fr "${DOCKER_CONF_DIR}"
+	mkdir -p "${DOCKER_CONF_DIR}"
+
+	config_load 'dockerd'
+	config_get alt_config_file globals alt_config_file
+	[ -n "${alt_config_file}" ] && [ -f "${alt_config_file}" ] && {
+		ln -s "${alt_config_file}" "${DOCKERD_CONF}"
+		return 0
+	}
+
+	config_get data_root globals data_root "/opt/docker/"
+	config_get log_level globals log_level "warn"
+	config_get_bool iptables globals iptables "1"
+	config_get bip globals bip ""
+
+	. /usr/share/libubox/jshn.sh
+	json_init
+	json_add_string "data-root" "${data_root}"
+	json_add_string "log-level" "${log_level}"
+	[ -z "${bip}" ] || json_add_string "bip" "${bip}"
+	json_add_array "registry-mirrors"
+	config_list_foreach globals registry_mirrors json_add_array_string
+	json_close_array
+	json_add_array "hosts"
+	config_list_foreach globals hosts json_add_array_string
+	json_close_array
+
+	json_add_boolean iptables "${iptables}"
+	[ "${iptables}" -ne "0" ] && config_foreach iptables_add_blocking_rule firewall
+
+	json_dump > "${DOCKERD_CONF}"
+}
+
+start_service() {
+	local nofile=$(cat /proc/sys/fs/nr_open)
+
+	process_config
+
+	procd_open_instance
+	procd_set_param stderr 1
+	if [ -z "${DOCKERD_CONF}" ]; then
+		procd_set_param command /usr/bin/dockerd
+	else
+		procd_set_param command /usr/bin/dockerd --config-file="${DOCKERD_CONF}"
+	fi
+	procd_set_param limits nofile="${nofile} ${nofile}"
+	procd_close_instance
+}
+
+reload_service() {
+	process_config
+	procd_send_signal dockerd
+}
+
+service_triggers() {
+	procd_add_reload_trigger 'dockerd'
+}
+
+iptables_add_blocking_rule() {
+	local cfg="${1}"
+
+	local device=""
+	local extra_iptables_args=""
+
+	handle_iptables_rule() {
+		local interface="${1}"
+		local outbound="${2}"
+		local extra_iptables_args="${3}"
+
+		local inbound=""
+
+		. /lib/functions/network.sh
+		network_get_physdev inbound "${interface}"
+
+		[ -z "${inbound}" ] && {
+			logger -t "dockerd-init" -p notice "Unable to get physical device for interface ${interface}"
+			return
+		}
+
+		# Ignore errors as it might already be present
+		iptables --table filter --new DOCKER-USER 2>/dev/null
+		if ! iptables --table filter --check DOCKER-USER --in-interface "${inbound}" --out-interface "${outbound}" ${extra_iptables_args} --jump DROP 2>/dev/null; then
+			logger -t "dockerd-init" -p notice "Drop traffic from ${inbound} to ${outbound}"
+			iptables --table filter --insert DOCKER-USER --in-interface "${inbound}" --out-interface "${outbound}" ${extra_iptables_args} --jump DROP
+		fi
+	}
+
+	config_get device "${cfg}" device
+
+	[ -z "${device}" ] && {
+		logger -t "dockerd-init" -p notice "No device configured for ${cfg}"
+		return
+	}
+
+	config_get extra_iptables_args "${cfg}" extra_iptables_args
+	config_list_foreach "${cfg}" blocked_interfaces handle_iptables_rule "${device}" "${extra_iptables_args}"
+}
+
+stop_service() {
+	if /etc/init.d/dockerd running; then
+		service_stop "/usr/bin/dockerd"
+	fi
+}
@@ -0,0 +1,24 @@
+# The following settings require a restart of docker to take full effect, A reload will only have partial or no effect:
+# bip
+# blocked_interfaces
+# extra_iptables_args
+# device
+
+config globals 'globals'
+#	option alt_config_file "/etc/docker/daemon.json"
+	option data_root "/opt/docker/"
+	option log_level "warn"
+	list hosts "unix:///var/run/docker.sock"
+	option bip "172.18.0.1/24"
+#	option iptables "0"
+#	list registry_mirrors "https://<my-docker-mirror-host>"
+#	list registry_mirrors "https://hub.docker.com"
+
+# Docker ignores fw3 rules and by default all external source IPs are allowed to connect to the Docker host.
+# See https://docs.docker.com/network/iptables/ for more details.
+# firewall config changes are only additive i.e firewall will need to be restarted first to clear old changes,
+# then docker restarted to load in new changes.
+config firewall 'firewall'
+	option device 'docker0'
+	list blocked_interfaces 'wan'
+#	option extra_iptables_args '--match conntrack ! --ctstate RELATED,ESTABLISHED' # allow outbound connections
@@ -0,0 +1,7 @@
+# Do not edit, changes to this file will be lost on upgrades
+# /etc/sysctl.conf can be used to customize sysctl settings
+
+# enable bridge firewalling for docker
+net.bridge.bridge-nf-call-ip6tables=1
+net.bridge.bridge-nf-call-iptables=1
+
@@ -0,0 +1,13 @@
+Index: docker-ce-18.09.0/components/engine/hack/make.sh
+===================================================================
+--- docker-ce-18.09.0.orig/components/engine/hack/make.sh
+++ docker-ce-18.09.0/components/engine/hack/make.sh
+@@ -129,7 +129,7 @@ fi
+ # with a newer libdevmapper than the one it was built with.
+ if \
+ 	command -v gcc &> /dev/null \
+-	&& ! ( echo -e  '#include <libdevmapper.h>\nint main() { dm_task_deferred_remove(NULL); }'| gcc -xc - -o /dev/null $(pkg-config --libs devmapper) &> /dev/null ) \
+	&& ! ( echo -e  '#include <libdevmapper.h>\nint main() { dm_task_deferred_remove(NULL); }'| gcc -xc - -o /dev/null $(pkg-config --libs libdevmapper) &> /dev/null ) \
+ ; then
+ 	add_buildtag libdm dlsym_deferred_remove
+ fi
@@ -0,0 +1,58 @@
+From 2fdfb4404ab811cb00227a3de111437b829e55cf Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Wed, 17 Jul 2019 17:34:04 +0800
+Subject: [PATCH] imporve hardcoded CC on cross compile
+
+Since commit applied in moby [61a3285 Support cross-compile for arm]
+it hardcoded var-CC to support cross-compile for arm
+
+Correct it with "${parameter:-word}" format, it is helpful for user
+define toolchains
+
+(Use Default Values.  If parameter is unset or null, the expansion of
+word is substituted.  Otherwise, the value of parameter is substituted.)
+
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+Upstream-commit: 3c701e4db1b8646c2324ae524b4e7ca1b1147a07
+Component: engine
+---
+ components/engine/hack/make/.binary | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/components/engine/hack/make/.binary b/components/engine/hack/make/.binary
+index 53de6749e5..66f4ca05f3 100644
+--- a/components/engine/hack/make/.binary
+++ b/components/engine/hack/make/.binary
+@@ -44,27 +44,27 @@ if [ "$(go env GOOS)/$(go env GOARCH)" != "$(go env GOHOSTOS)/$(go env GOHOSTARC
+ 	# must be cross-compiling!
+ 	case "$(go env GOOS)/$(go env GOARCH)" in
+ 		windows/amd64)
+-			export CC=x86_64-w64-mingw32-gcc
+			export CC="${CC:-x86_64-w64-mingw32-gcc}"
+ 			export CGO_ENABLED=1
+ 			;;
+ 		linux/arm)
+ 			case "${GOARM}" in
+ 			5|"")
+-				export CC=arm-linux-gnueabi-gcc
+				export CC="${CC:-arm-linux-gnueabi-gcc}"
+ 				export CGO_ENABLED=1
+ 				;;
+ 			7)
+-				export CC=arm-linux-gnueabihf-gcc
+				export CC="${CC:-arm-linux-gnueabihf-gcc}"
+ 				export CGO_ENABLED=1
+ 				;;
+ 			esac
+ 			;;
+ 		linux/arm64)
+-			export CC=aarch64-linux-gnu-gcc
+			export CC="${CC:-aarch64-linux-gnu-gcc}"
+ 			export CGO_ENABLED=1
+ 			;;
+ 		linux/amd64)
+-			export CC=x86_64-linux-gnu-gcc
+			export CC="${CC:-x86_64-linux-gnu-gcc}"
+ 			export CGO_ENABLED=1
+ 			;;
+ 	esac