Update to docker 1.13.x #20656
Update to docker 1.13.x #20656
Conversation
|
@vdemeester, thanks for your PR! By analyzing the history of the files in this pull request, we identified @offlinehacker, @NeQuissimus and @benley to be potential reviewers. |
| DOCKER_BUILDTAGS = [] | ||
| ++ optional (systemd != null) [ "journald" ] | ||
| ++ optional (btrfs-progs == null) "exclude_graphdriver_btrfs" | ||
| ++ optional (devicemapper == null) "exclude_graphdriver_devicemapper"; | ||
|
|
||
| postUnpack = '' | ||
| cp -fR ${dockerSrc} docker |
There was a problem hiding this comment.
I did get errors with chmod… I'm not used to multiple sources build so I hacked around for that… There might be a better solution 👼
| , go, containerd, runc | ||
| , sqlite, iproute, bridge-utils, devicemapper, systemd | ||
| { stdenv, lib, fetchFromGitHub, makeWrapper, cmake, pkgconfig | ||
| , go-md2man, libapparmor, apparmor-parser, libseccomp, git |
There was a problem hiding this comment.
runc needs git (for the commit hash I guess). I really wish there was another way like what we do for docker/docker but it doesn't seem so…
vdemeester
force-pushed
the
docker_1_13
branch
3 times, most recently
from
1a84108
to
9e36c54
Compare
|
But we have separated packages for |
So about that, there is a few reasons why I made that change. For each Although package
I don't think there is good or bad release process. See this (packaging) as an embedded use of |
|
Please look on GitHub, I have rephrased my comment a bit, first it was
written in a rush(and GitHub does not send emails for updates). Sorry for
that.
…On Thu, Nov 24, 2016, 10:47 AM Vincent Demeester ***@***.***> wrote:
But we have separated packages for runs and containers, why did you put
them all into docker nix expression?
So about that, there is a few reasons why I made that change.
For each docker release, it depends on specific version of containerd,
runc, etc.. If you're not running the right version of it, you might
encounter weird bugs and it might be tricky to debug or get help/support
because of that.
Although package containerd and runc on their own is a good idea —
because they can be used without docker — I'm don't really like the way
it's currently done :
- containerd and runc are *copied* in docker-runc and docker-containerd
/docker-containerd-shim and packaged in the final docker package —
this feels weird to me. Going on that path, it would make more sence to not
do that (and not including docker-runc and docker-containerd* in the
package), and use daemon flags to tell docker where to find the
runtime and the containerd socket).
- (*I might be wrong on that one*) as far as I can tell, I cannot *pin*
a certain version of runc and containerd for this specific package.
Let say I update runc and containerd to the right version (and I think
I will, probably in separate PRs) and I depend on it. As containerd
and runc are separate project, they could be released differently
(most often, …). They could (sholud?) be updated separately from docker
in nixpkgs (especially runc which is an oci project). And thus, I have
no guarantee that the docker-runc and docker-containerd for this
specific version of docker will stay the same and the one that work
and should be shipped with docker. And then again, you could run into
really weird bugs.
You can update runc and containerd, and use latest stable release. If
docker's release process is bad, it does not mean we have to do equal.
I don't think there is good or bad release process. See this (packaging)
as an embedded use of runc, containerd, etc..
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#20656 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAjvS6kQ-QabuIDTrW8a46wbcyHtNHIPks5rBV0ygaJpZM4K6zkA>
.
|
|
The one other thing I forgot to mention, if overriding derivations does not
work(look overrideDerivation), we can ship multiple versions of runc and
containerd(copy expressions, with a new name, expose in all-packages.nix),
and name them differently like we have for many packages(nodejs as one
example). We could name them for example runc-docker and containerd-docker.
…On Thu, Nov 24, 2016, 10:45 PM Jaka Hudoklin ***@***.***> wrote:
Please look on GitHub, I have rephrased my comment a bit, first it was
written in a rush(and GitHub does not send emails for updates). Sorry for
that.
On Thu, Nov 24, 2016, 10:47 AM Vincent Demeester ***@***.***>
wrote:
But we have separated packages for runs and containers, why did you put
them all into docker nix expression?
So about that, there is a few reasons why I made that change.
For each docker release, it depends on specific version of containerd,
runc, etc.. If you're not running the right version of it, you might
encounter weird bugs and it might be tricky to debug or get help/support
because of that.
Although package containerd and runc on their own is a good idea —
because they can be used without docker — I'm don't really like the way
it's currently done :
- containerd and runc are *copied* in docker-runc and docker-containerd
/docker-containerd-shim and packaged in the final docker package —
this feels weird to me. Going on that path, it would make more sence to not
do that (and not including docker-runc and docker-containerd* in the
package), and use daemon flags to tell docker where to find the
runtime and the containerd socket).
- (*I might be wrong on that one*) as far as I can tell, I cannot *pin*
a certain version of runc and containerd for this specific package.
Let say I update runc and containerd to the right version (and I think
I will, probably in separate PRs) and I depend on it. As containerd
and runc are separate project, they could be released differently
(most often, …). They could (sholud?) be updated separately from docker
in nixpkgs (especially runc which is an oci project). And thus, I have
no guarantee that the docker-runc and docker-containerd for this
specific version of docker will stay the same and the one that work
and should be shipped with docker. And then again, you could run into
really weird bugs.
You can update runc and containerd, and use latest stable release. If
docker's release process is bad, it does not mean we have to do equal.
I don't think there is good or bad release process. See this (packaging)
as an embedded use of runc, containerd, etc..
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#20656 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAjvS6kQ-QabuIDTrW8a46wbcyHtNHIPks5rBV0ygaJpZM4K6zkA>
.
|
|
@offlinehacker ah, I think I see what you mean. I'll try to update accordingly soon 😉 |
|
Alright, RC3 is out, I'll update this 👼 |
vdemeester
force-pushed
the
docker_1_13
branch
from
9e36c54
to
8a6a2f0
Compare
|
Updated with |
vdemeester
force-pushed
the
docker_1_13
branch
3 times, most recently
from
e1b49a1
to
9c73079
Compare
| ''; | ||
|
|
||
| meta = { | ||
| description = "Docker garbage collection of containers and images"; |
There was a problem hiding this comment.
Oh wow, I guess I was a little bit tired 😂
| sha256 = "0zj4kdis1vvc6dwn4gplqna0bs7v6d1y2zc8v80s3zi018inhznw"; | ||
| }; | ||
|
|
||
| patchPhase = '' |
There was a problem hiding this comment.
In tini the cmake file is patch to remove static from it. But in the case of docker, tini (docker-init in the end) have to be static. This is to override the patchPhase — wasn't sure it was the right move to it though.
|
|
||
| with lib; | ||
|
|
||
| stdenv.mkDerivation rec { |
There was a problem hiding this comment.
Can you use buildGoPackage instead? I'm ok with merging as is, but can be change somewhere in the future.
There was a problem hiding this comment.
Oh right, I'll do that 👼
|
Besides comnents above, looks good to me :) |
|
@offlinehacker thanks 👍 I still need to fix the manpages (as they are incompletely generate for now) and then we'll just have to wait for the release 👼 |
|
Nice :) |
vdemeester
force-pushed
the
docker_1_13
branch
3 times, most recently
from
d4c0bdf
to
5f7082b
Compare
|
Updated to 1.13.0-rc4… I'll update for 1.13.0-rc5 this week. |
|
|
vdemeester
force-pushed
the
docker_1_13
branch
3 times, most recently
from
46390dc
to
8e3e656
Compare
vdemeester
force-pushed
the
docker_1_13
branch
from
8e3e656
to
690b4bd
Compare
- Update docker version to 1.13.0. - Introduce now docker-proxy package (from libnetmork). - Use overrideDerivation to set the correct version for docker. - Update tini to make sure we can build it static. Signed-off-by: Vincent Demeester <vincent@sbr.pm>
vdemeester
force-pushed
the
docker_1_13
branch
from
690b4bd
to
74d4d3e
Compare
|
docker 1.13 has been released few days ago. I just started locally patching the derivation and found this when I was halfway. @vdemeester Will you be updatingthis to use |
|
LGTM |
Motivation for this change
docker1.13.0 is going to be released next month (more or less). This shouldn't be merged before official release but gives time to review. This change the package quite a bit, so let me describe the changes :docker,dockerd,docker-proxy,docker-runc,docker-containerd,docker-containerd-shimanddocker-init— from 5 projects :docker/docker,docker/runc(to follow docker release),docker/containerd,docker-libnetworkandkrallin/tini.runcandcontainerd. This makes sure we have the same binary (from the same git commit) than the official release and thus have no weird bugs because of version mismatch.dockerare in the process of beeing automatically generate so there is some missing man page in the current package. This aims to fix that as well (still working on it).experimentaloptions to thedockerservice too – to startdockerwith experimental features (using--experimental).There is still a few things to do :
[ ] Fix missing man pagesCurrently, part of the manpages are generated in a docker container. I have no clean way to build manpage otherwise for now.. 😓docker versionanddocker info)1.13.0when released (and on each rc too)Things done
(nix.useSandbox on NixOS,
or option
build-use-sandboxinnix.confon non-NixOS)
nix-shell -p nox --run "nox-review wip"./result/bin/)version (little duplicated from conf in docker scripts)