New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update to docker 1.13.x #20656
Update to docker 1.13.x #20656
Conversation
@vdemeester, thanks for your PR! By analyzing the history of the files in this pull request, we identified @offlinehacker, @NeQuissimus and @benley to be potential reviewers. |
DOCKER_BUILDTAGS = [] | ||
++ optional (systemd != null) [ "journald" ] | ||
++ optional (btrfs-progs == null) "exclude_graphdriver_btrfs" | ||
++ optional (devicemapper == null) "exclude_graphdriver_devicemapper"; | ||
|
||
postUnpack = '' | ||
cp -fR ${dockerSrc} docker |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I did get errors with chmod… I'm not used to multiple sources build so I hacked around for that… There might be a better solution 👼
, go, containerd, runc | ||
, sqlite, iproute, bridge-utils, devicemapper, systemd | ||
{ stdenv, lib, fetchFromGitHub, makeWrapper, cmake, pkgconfig | ||
, go-md2man, libapparmor, apparmor-parser, libseccomp, git |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
runc needs git (for the commit hash I guess). I really wish there was another way like what we do for docker/docker but it doesn't seem so…
1a84108
to
9e36c54
Compare
But we have separated packages for |
So about that, there is a few reasons why I made that change. For each Although package
I don't think there is good or bad release process. See this (packaging) as an embedded use of |
Please look on GitHub, I have rephrased my comment a bit, first it was
written in a rush(and GitHub does not send emails for updates). Sorry for
that.
…On Thu, Nov 24, 2016, 10:47 AM Vincent Demeester ***@***.***> wrote:
But we have separated packages for runs and containers, why did you put
them all into docker nix expression?
So about that, there is a few reasons why I made that change.
For each docker release, it depends on specific version of containerd,
runc, etc.. If you're not running the right version of it, you might
encounter weird bugs and it might be tricky to debug or get help/support
because of that.
Although package containerd and runc on their own is a good idea —
because they can be used without docker — I'm don't really like the way
it's currently done :
- containerd and runc are *copied* in docker-runc and docker-containerd
/docker-containerd-shim and packaged in the final docker package —
this feels weird to me. Going on that path, it would make more sence to not
do that (and not including docker-runc and docker-containerd* in the
package), and use daemon flags to tell docker where to find the
runtime and the containerd socket).
- (*I might be wrong on that one*) as far as I can tell, I cannot *pin*
a certain version of runc and containerd for this specific package.
Let say I update runc and containerd to the right version (and I think
I will, probably in separate PRs) and I depend on it. As containerd
and runc are separate project, they could be released differently
(most often, …). They could (sholud?) be updated separately from docker
in nixpkgs (especially runc which is an oci project). And thus, I have
no guarantee that the docker-runc and docker-containerd for this
specific version of docker will stay the same and the one that work
and should be shipped with docker. And then again, you could run into
really weird bugs.
You can update runc and containerd, and use latest stable release. If
docker's release process is bad, it does not mean we have to do equal.
I don't think there is good or bad release process. See this (packaging)
as an embedded use of runc, containerd, etc..
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#20656 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAjvS6kQ-QabuIDTrW8a46wbcyHtNHIPks5rBV0ygaJpZM4K6zkA>
.
|
The one other thing I forgot to mention, if overriding derivations does not
work(look overrideDerivation), we can ship multiple versions of runc and
containerd(copy expressions, with a new name, expose in all-packages.nix),
and name them differently like we have for many packages(nodejs as one
example). We could name them for example runc-docker and containerd-docker.
…On Thu, Nov 24, 2016, 10:45 PM Jaka Hudoklin ***@***.***> wrote:
Please look on GitHub, I have rephrased my comment a bit, first it was
written in a rush(and GitHub does not send emails for updates). Sorry for
that.
On Thu, Nov 24, 2016, 10:47 AM Vincent Demeester ***@***.***>
wrote:
But we have separated packages for runs and containers, why did you put
them all into docker nix expression?
So about that, there is a few reasons why I made that change.
For each docker release, it depends on specific version of containerd,
runc, etc.. If you're not running the right version of it, you might
encounter weird bugs and it might be tricky to debug or get help/support
because of that.
Although package containerd and runc on their own is a good idea —
because they can be used without docker — I'm don't really like the way
it's currently done :
- containerd and runc are *copied* in docker-runc and docker-containerd
/docker-containerd-shim and packaged in the final docker package —
this feels weird to me. Going on that path, it would make more sence to not
do that (and not including docker-runc and docker-containerd* in the
package), and use daemon flags to tell docker where to find the
runtime and the containerd socket).
- (*I might be wrong on that one*) as far as I can tell, I cannot *pin*
a certain version of runc and containerd for this specific package.
Let say I update runc and containerd to the right version (and I think
I will, probably in separate PRs) and I depend on it. As containerd
and runc are separate project, they could be released differently
(most often, …). They could (sholud?) be updated separately from docker
in nixpkgs (especially runc which is an oci project). And thus, I have
no guarantee that the docker-runc and docker-containerd for this
specific version of docker will stay the same and the one that work
and should be shipped with docker. And then again, you could run into
really weird bugs.
You can update runc and containerd, and use latest stable release. If
docker's release process is bad, it does not mean we have to do equal.
I don't think there is good or bad release process. See this (packaging)
as an embedded use of runc, containerd, etc..
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#20656 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAjvS6kQ-QabuIDTrW8a46wbcyHtNHIPks5rBV0ygaJpZM4K6zkA>
.
|
@offlinehacker ah, I think I see what you mean. I'll try to update accordingly soon 😉 |
Alright, RC3 is out, I'll update this 👼 |
9e36c54
to
8a6a2f0
Compare
Updated with |
e1b49a1
to
9c73079
Compare
''; | ||
|
||
meta = { | ||
description = "Docker garbage collection of containers and images"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please fix meta data
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh wow, I guess I was a little bit tired 😂
sha256 = "0zj4kdis1vvc6dwn4gplqna0bs7v6d1y2zc8v80s3zi018inhznw"; | ||
}; | ||
|
||
patchPhase = '' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is this needed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In tini
the cmake
file is patch to remove static
from it. But in the case of docker, tini
(docker-init
in the end) have to be static. This is to override the patchPhase
— wasn't sure it was the right move to it though.
|
||
with lib; | ||
|
||
stdenv.mkDerivation rec { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you use buildGoPackage instead? I'm ok with merging as is, but can be change somewhere in the future.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh right, I'll do that 👼
Besides comnents above, looks good to me :) |
@offlinehacker thanks 👍 I still need to fix the manpages (as they are incompletely generate for now) and then we'll just have to wait for the release 👼 |
Nice :) |
d4c0bdf
to
5f7082b
Compare
Updated to 1.13.0-rc4… I'll update for 1.13.0-rc5 this week. |
|
46390dc
to
8e3e656
Compare
8e3e656
to
690b4bd
Compare
- Update docker version to 1.13.0. - Introduce now docker-proxy package (from libnetmork). - Use overrideDerivation to set the correct version for docker. - Update tini to make sure we can build it static. Signed-off-by: Vincent Demeester <vincent@sbr.pm>
690b4bd
to
74d4d3e
Compare
docker 1.13 has been released few days ago. I just started locally patching the derivation and found this when I was halfway. @vdemeester Will you be updatingthis to use |
LGTM |
Motivation for this change
docker
1.13.0 is going to be released next month (more or less). This shouldn't be merged before official release but gives time to review. This change the package quite a bit, so let me describe the changes :docker
,dockerd
,docker-proxy
,docker-runc
,docker-containerd
,docker-containerd-shim
anddocker-init
— from 5 projects :docker/docker
,docker/runc
(to follow docker release),docker/containerd
,docker-libnetwork
andkrallin/tini
.runc
andcontainerd
. This makes sure we have the same binary (from the same git commit) than the official release and thus have no weird bugs because of version mismatch.docker
are in the process of beeing automatically generate so there is some missing man page in the current package. This aims to fix that as well (still working on it).experimental
options to thedocker
service too – to startdocker
with experimental features (using--experimental
).There is still a few things to do :
[ ] Fix missing man pagesCurrently, part of the manpages are generated in a docker container. I have no clean way to build manpage otherwise for now.. 😓docker version
anddocker info
)1.13.0
when released (and on each rc too)Things done
(nix.useSandbox on NixOS,
or option
build-use-sandbox
innix.conf
on non-NixOS)
nix-shell -p nox --run "nox-review wip"
./result/bin/
)version (little duplicated from conf in docker scripts)