From 863262a874935225f80ef1ed840632f459fcd749 Mon Sep 17 00:00:00 2001 From: Mark Vainomaa Date: Sun, 16 May 2021 23:45:37 +0300 Subject: [PATCH 1/4] docker: 20.10.2 -> 20.10.6 (cherry picked from commit 3620b33d0b61a24ccacb312982a5b1e810904c29) --- .../virtualization/docker/default.nix | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/pkgs/applications/virtualization/docker/default.nix b/pkgs/applications/virtualization/docker/default.nix index 6b72653c347..54db586187a 100644 --- a/pkgs/applications/virtualization/docker/default.nix +++ b/pkgs/applications/virtualization/docker/default.nix @@ -163,8 +163,6 @@ rec { postPatch = '' patchShebangs . substituteInPlace ./scripts/build/.variables --replace "set -eu" "" - substituteInPlace ./scripts/docs/generate-man.sh --replace "-v md2man" "-v go-md2man" - substituteInPlace ./man/md2man-all.sh --replace md2man go-md2man '' + optionalString buildxSupport '' substituteInPlace ./cli-plugins/manager/manager_unix.go --replace /usr/libexec/docker/cli-plugins \ ${lib.strings.makeSearchPathOutput "bin" "libexec/docker/cli-plugins" [docker-buildx]} @@ -222,20 +220,20 @@ rec { # Get revisions from # https://github.com/moby/moby/tree/${version}/hack/dockerfile/install/* docker_20_10 = callPackage dockerGen rec { - version = "20.10.2"; + version = "20.10.6"; rev = "v${version}"; - sha256 = "0z0hpm5hrqh7p8my8lmiwpym2shs48my6p0zv2cc34wym0hcly51"; + sha256 = "15kknb26vyzjgqmn8r81a1sy1i5br6bvngqd5xljihppnxvp2gvl"; moby-src = fetchFromGitHub { owner = "moby"; repo = "moby"; rev = "v${version}"; - sha256 = "0c2zycpnwj4kh8m8xckv1raj3fx07q9bfaj46rr85jihm4p2dp5w"; + sha256 = "1l4ra9bsvydaxd2fy7dgxp7ynpp0mrlwvcdhxiafw596559ab6qk"; }; - runcRev = "ff819c7e9184c13b7c2607fe6c30ae19403a7aff"; # v1.0.0-rc92 - runcSha256 = "0r4zbxbs03xr639r7848282j1ybhibfdhnxyap9p76j5w8ixms94"; - containerdRev = "269548fa27e0089a8b8278fc4fc781d7f65a939b"; # v1.4.3 - containerdSha256 = "09xvhjg5f8h90w1y94kqqnqzhbhd62dcdd9wb9sdqakisjk6zrl0"; - tiniRev = "de40ad007797e0dcd8b7126f27bb87401d224240"; # v0.19.0 + runcRev = "v1.0.0-rc94"; + runcSha256 = "0f11zr2d3bnycd6rmb1cynhy9zh169yj6kcn5s22wz2j6grghwz7"; + containerdRev = "v1.5.1"; + containerdSha256 = "1jwz53cpi9sxjsd1qr3sji1jai9wh3kfwspsgxnijhjs0bz8gvyn"; + tiniRev = "v0.19.0"; tiniSha256 = "1h20i3wwlbd8x4jr2gz68hgklh0lb0jj7y5xk1wvr8y58fip1rdn"; }; } From 0e0356c8b79b214fc38355ac567e3a2dd8e30c58 Mon Sep 17 00:00:00 2001 From: Mark Vainomaa Date: Tue, 18 May 2021 14:43:05 +0300 Subject: [PATCH 2/4] docker: drop unused argument, use pname instead of name (cherry picked from commit aacce6cc4bc962d6e435016c5427e3ed4a51c983) --- pkgs/applications/virtualization/docker/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/virtualization/docker/default.nix b/pkgs/applications/virtualization/docker/default.nix index 54db586187a..de57e5f51ee 100644 --- a/pkgs/applications/virtualization/docker/default.nix +++ b/pkgs/applications/virtualization/docker/default.nix @@ -10,7 +10,7 @@ rec { , containerdRev, containerdSha256 , tiniRev, tiniSha256, buildxSupport ? false # package dependencies - , stdenv, fetchFromGitHub, fetchpatch, buildGoPackage + , stdenv, fetchFromGitHub, buildGoPackage , makeWrapper, installShellFiles, pkg-config , go-md2man, go, containerd, runc, docker-proxy, tini, libtool , sqlite, iproute2, lvm2, systemd, docker-buildx @@ -124,7 +124,7 @@ rec { }) // rec { inherit version rev; - name = "docker-${version}"; + pname = "docker"; src = fetchFromGitHub { owner = "docker"; From ba333b130b19e5ed04f27e6fa7865951b441a950 Mon Sep 17 00:00:00 2001 From: Mark Vainomaa Date: Wed, 19 May 2021 01:55:31 +0300 Subject: [PATCH 3/4] docker: use commit hashes instead of tags, fix containerd sha256 (cherry picked from commit 0068eea01f2462e327ffbe858c34e7a945f1d3be) --- pkgs/applications/virtualization/docker/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/applications/virtualization/docker/default.nix b/pkgs/applications/virtualization/docker/default.nix index de57e5f51ee..863ca59ed22 100644 --- a/pkgs/applications/virtualization/docker/default.nix +++ b/pkgs/applications/virtualization/docker/default.nix @@ -229,11 +229,11 @@ rec { rev = "v${version}"; sha256 = "1l4ra9bsvydaxd2fy7dgxp7ynpp0mrlwvcdhxiafw596559ab6qk"; }; - runcRev = "v1.0.0-rc94"; + runcRev = "2c7861bc5e1b3e756392236553ec14a78a09f8bf"; # v1.0.0-rc94 runcSha256 = "0f11zr2d3bnycd6rmb1cynhy9zh169yj6kcn5s22wz2j6grghwz7"; - containerdRev = "v1.5.1"; - containerdSha256 = "1jwz53cpi9sxjsd1qr3sji1jai9wh3kfwspsgxnijhjs0bz8gvyn"; - tiniRev = "v0.19.0"; + containerdRev = "12dca9790f4cb6b18a6a7a027ce420145cb98ee7"; # v1.5.1 + containerdSha256 = "16q34yiv5q98b9d5vgy1lmmppg8agrmnfd1kzpakkf4czkws0p4d"; + tiniRev = "de40ad007797e0dcd8b7126f27bb87401d224240"; # v0.19.0 tiniSha256 = "1h20i3wwlbd8x4jr2gz68hgklh0lb0jj7y5xk1wvr8y58fip1rdn"; }; } From ee02d8d854d2af77edc45bc174fdaefc2dc01909 Mon Sep 17 00:00:00 2001 From: Mark Vainomaa Date: Thu, 20 May 2021 00:37:33 +0300 Subject: [PATCH 4/4] docker: bump runc to 1.0-rc95, fixing CVE-2021-30465 (cherry picked from commit 53600565fdb811bc7ac59d73eb59065d575658f2) --- pkgs/applications/virtualization/docker/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/virtualization/docker/default.nix b/pkgs/applications/virtualization/docker/default.nix index 863ca59ed22..bec51af81ac 100644 --- a/pkgs/applications/virtualization/docker/default.nix +++ b/pkgs/applications/virtualization/docker/default.nix @@ -229,8 +229,8 @@ rec { rev = "v${version}"; sha256 = "1l4ra9bsvydaxd2fy7dgxp7ynpp0mrlwvcdhxiafw596559ab6qk"; }; - runcRev = "2c7861bc5e1b3e756392236553ec14a78a09f8bf"; # v1.0.0-rc94 - runcSha256 = "0f11zr2d3bnycd6rmb1cynhy9zh169yj6kcn5s22wz2j6grghwz7"; + runcRev = "b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7"; # v1.0.0-rc95 + runcSha256 = "18sbvmlvb6kird4w3rqsfrjdj7n25firabvdxsl0rxjfy9r1g2xb"; containerdRev = "12dca9790f4cb6b18a6a7a027ce420145cb98ee7"; # v1.5.1 containerdSha256 = "16q34yiv5q98b9d5vgy1lmmppg8agrmnfd1kzpakkf4czkws0p4d"; tiniRev = "de40ad007797e0dcd8b7126f27bb87401d224240"; # v0.19.0