d8dfun/virtual-kubelet
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Ria Bhatia
2017-12-04 13:32:57 -06:00
committed by Erik St. Martin
commit 0075e5b0f3
9056 changed files with 2523100 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
vendor/github.com/hyperhq/hypercli/contrib/README generated vendored Normal file
View File

@@ -0,0 +1,4 @@
The `contrib` directory contains scripts, images, and other helpful things
which are not part of the core docker distribution. Please note that they
could be out of date, since they do not receive the same attention as the
rest of the repository.

1
vendor/github.com/hyperhq/hypercli/contrib/REVIEWERS generated vendored Normal file
View File

@@ -0,0 +1 @@
Tianon Gravi <admwiggin@gmail.com> (@tianon)

58
vendor/github.com/hyperhq/hypercli/contrib/apparmor/main.go generated vendored Normal file
View File

@@ -0,0 +1,58 @@
package main
import (
"fmt"
"log"
"os"
"path"
"text/template"
"github.com/docker/docker/pkg/aaparser"
)
type profileData struct {
MajorVersion int
MinorVersion int
}
func main() {
if len(os.Args) < 2 {
log.Fatal("pass a filename to save the profile in.")
}
// parse the arg
apparmorProfilePath := os.Args[1]
majorVersion, minorVersion, err := aaparser.GetVersion()
if err != nil {
log.Fatal(err)
}
data := profileData{
MajorVersion: majorVersion,
MinorVersion: minorVersion,
}
fmt.Printf("apparmor_parser is of version %+v\n", data)
// parse the template
compiled, err := template.New("apparmor_profile").Parse(dockerProfileTemplate)
if err != nil {
log.Fatalf("parsing template failed: %v", err)
}
// make sure /etc/apparmor.d exists
if err := os.MkdirAll(path.Dir(apparmorProfilePath), 0755); err != nil {
log.Fatal(err)
}
f, err := os.OpenFile(apparmorProfilePath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644)
if err != nil {
log.Fatal(err)
}
defer f.Close()
if err := compiled.Execute(f, data); err != nil {
log.Fatalf("executing template failed: %v", err)
}
fmt.Printf("created apparmor profile for version %+v at %q\n", data, apparmorProfilePath)
}

268
vendor/github.com/hyperhq/hypercli/contrib/apparmor/template.go generated vendored Normal file
View File

@@ -0,0 +1,268 @@
package main
const dockerProfileTemplate = `@{DOCKER_GRAPH_PATH}=/var/lib/docker
profile /usr/bin/docker (attach_disconnected, complain) {
# Prevent following links to these files during container setup.
deny /etc/** mkl,
deny /dev/** kl,
deny /sys/** mkl,
deny /proc/** mkl,
mount -> @{DOCKER_GRAPH_PATH}/**,
mount -> /,
mount -> /proc/**,
mount -> /sys/**,
mount -> /run/docker/netns/**,
mount -> /.pivot_root[0-9]*/,
/ r,
umount,
pivot_root,
{{if ge .MajorVersion 2}}{{if ge .MinorVersion 9}}
signal (receive) peer=@{profile_name},
signal (receive) peer=unconfined,
signal (send),
{{end}}{{end}}
network,
capability,
owner /** rw,
@{DOCKER_GRAPH_PATH}/** rwl,
@{DOCKER_GRAPH_PATH}/linkgraph.db k,
@{DOCKER_GRAPH_PATH}/network/files/boltdb.db k,
@{DOCKER_GRAPH_PATH}/network/files/local-kv.db k,
@{DOCKER_GRAPH_PATH}/[0-9]*.[0-9]*/linkgraph.db k,
# For non-root client use:
/dev/urandom r,
/dev/null rw,
/dev/pts/[0-9]* rw,
/run/docker.sock rw,
/proc/** r,
/proc/[0-9]*/attr/exec w,
/sys/kernel/mm/hugepages/ r,
/etc/localtime r,
/etc/ld.so.cache r,
/etc/passwd r,
{{if ge .MajorVersion 2}}{{if ge .MinorVersion 9}}
ptrace peer=@{profile_name},
ptrace (read) peer=docker-default,
deny ptrace (trace) peer=docker-default,
deny ptrace peer=/usr/bin/docker///bin/ps,
{{end}}{{end}}
/usr/lib/** rm,
/lib/** rm,
/usr/bin/docker pix,
/sbin/xtables-multi rCx,
/sbin/iptables rCx,
/sbin/modprobe rCx,
/sbin/auplink rCx,
/sbin/mke2fs rCx,
/sbin/tune2fs rCx,
/sbin/blkid rCx,
/bin/kmod rCx,
/usr/bin/xz rCx,
/bin/ps rCx,
/bin/tar rCx,
/bin/cat rCx,
/sbin/zfs rCx,
/sbin/apparmor_parser rCx,
{{if ge .MajorVersion 2}}{{if ge .MinorVersion 9}}
# Transitions
change_profile -> docker-*,
change_profile -> unconfined,
{{end}}{{end}}
profile /bin/cat (complain) {
/etc/ld.so.cache r,
/lib/** rm,
/dev/null rw,
/proc r,
/bin/cat mr,
# For reading in 'docker stats':
/proc/[0-9]*/net/dev r,
}
profile /bin/ps (complain) {
/etc/ld.so.cache r,
/etc/localtime r,
/etc/passwd r,
/etc/nsswitch.conf r,
/lib/** rm,
/proc/[0-9]*/** r,
/dev/null rw,
/bin/ps mr,
{{if ge .MajorVersion 2}}{{if ge .MinorVersion 9}}
# We don't need ptrace so we'll deny and ignore the error.
deny ptrace (read, trace),
{{end}}{{end}}
# Quiet dac_override denials
deny capability dac_override,
deny capability dac_read_search,
deny capability sys_ptrace,
/dev/tty r,
/proc/stat r,
/proc/cpuinfo r,
/proc/meminfo r,
/proc/uptime r,
/sys/devices/system/cpu/online r,
/proc/sys/kernel/pid_max r,
/proc/ r,
/proc/tty/drivers r,
}
profile /sbin/iptables (complain) {
{{if ge .MajorVersion 2}}{{if ge .MinorVersion 9}}
signal (receive) peer=/usr/bin/docker,
{{end}}{{end}}
capability net_admin,
}
profile /sbin/auplink flags=(attach_disconnected, complain) {
{{if ge .MajorVersion 2}}{{if ge .MinorVersion 9}}
signal (receive) peer=/usr/bin/docker,
{{end}}{{end}}
capability sys_admin,
capability dac_override,
@{DOCKER_GRAPH_PATH}/aufs/** rw,
@{DOCKER_GRAPH_PATH}/tmp/** rw,
# For user namespaces:
@{DOCKER_GRAPH_PATH}/[0-9]*.[0-9]*/** rw,
/sys/fs/aufs/** r,
/lib/** rm,
/apparmor/.null r,
/dev/null rw,
/etc/ld.so.cache r,
/sbin/auplink rm,
/proc/fs/aufs/** rw,
/proc/[0-9]*/mounts rw,
}
profile /sbin/modprobe /bin/kmod (complain) {
{{if ge .MajorVersion 2}}{{if ge .MinorVersion 9}}
signal (receive) peer=/usr/bin/docker,
{{end}}{{end}}
capability sys_module,
/etc/ld.so.cache r,
/lib/** rm,
/dev/null rw,
/apparmor/.null rw,
/sbin/modprobe rm,
/bin/kmod rm,
/proc/cmdline r,
/sys/module/** r,
/etc/modprobe.d{/,/**} r,
}
# xz works via pipes, so we do not need access to the filesystem.
profile /usr/bin/xz (complain) {
{{if ge .MajorVersion 2}}{{if ge .MinorVersion 9}}
signal (receive) peer=/usr/bin/docker,
{{end}}{{end}}
/etc/ld.so.cache r,
/lib/** rm,
/usr/bin/xz rm,
deny /proc/** rw,
deny /sys/** rw,
}
profile /sbin/xtables-multi (attach_disconnected, complain) {
/etc/ld.so.cache r,
/lib/** rm,
/sbin/xtables-multi rm,
/apparmor/.null w,
/dev/null rw,
/proc r,
capability net_raw,
capability net_admin,
network raw,
}
profile /sbin/zfs (attach_disconnected, complain) {
file,
capability,
}
profile /sbin/mke2fs (complain) {
/sbin/mke2fs rm,
/lib/** rm,
/apparmor/.null w,
/etc/ld.so.cache r,
/etc/mke2fs.conf r,
/etc/mtab r,
/dev/dm-* rw,
/dev/urandom r,
/dev/null rw,
/proc/swaps r,
/proc/[0-9]*/mounts r,
}
profile /sbin/tune2fs (complain) {
/sbin/tune2fs rm,
/lib/** rm,
/apparmor/.null w,
/etc/blkid.conf r,
/etc/mtab r,
/etc/ld.so.cache r,
/dev/null rw,
/dev/.blkid.tab r,
/dev/dm-* rw,
/proc/swaps r,
/proc/[0-9]*/mounts r,
}
profile /sbin/blkid (complain) {
/sbin/blkid rm,
/lib/** rm,
/apparmor/.null w,
/etc/ld.so.cache r,
/etc/blkid.conf r,
/dev/null rw,
/dev/.blkid.tab rl,
/dev/.blkid.tab* rwl,
/dev/dm-* r,
/sys/devices/virtual/block/** r,
capability mknod,
mount -> @{DOCKER_GRAPH_PATH}/**,
}
profile /sbin/apparmor_parser (complain) {
/sbin/apparmor_parser rm,
/lib/** rm,
/etc/ld.so.cache r,
/etc/apparmor/** r,
/etc/apparmor.d/** r,
/etc/apparmor.d/cache/** w,
/dev/null rw,
/sys/kernel/security/apparmor/** r,
/sys/kernel/security/apparmor/.replace w,
/proc/[0-9]*/mounts r,
/proc/sys/kernel/osrelease r,
/proc r,
capability mac_admin,
}
}`

5
vendor/github.com/hyperhq/hypercli/contrib/builder/deb/amd64/README.md generated vendored Normal file
View File

@@ -0,0 +1,5 @@
# `dockercore/builder-deb`
This image's tags contain the dependencies for building Docker `.deb`s for each of the Debian-based platforms Docker targets.
To add new tags, see [`contrib/builder/deb/amd64` in https://github.com/docker/docker](https://github.com/docker/docker/tree/master/contrib/builder/deb/amd64), specifically the `generate.sh` script, whose usage is described in a comment at the top of the file.

10
vendor/github.com/hyperhq/hypercli/contrib/builder/deb/amd64/build.sh generated vendored Executable file
View File

@@ -0,0 +1,10 @@
#!/bin/bash
set -e
cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
set -x
./generate.sh
for d in */; do
docker build -t "dockercore/builder-deb:$(basename "$d")" "$d"
done

15
vendor/github.com/hyperhq/hypercli/contrib/builder/deb/amd64/debian-jessie/Dockerfile generated vendored Normal file
View File

@@ -0,0 +1,15 @@
#
# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/amd64/generate.sh"!
#
FROM debian:jessie
RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev pkg-config libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
ENV GO_VERSION 1.5.3
RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
ENV PATH $PATH:/usr/local/go/bin
ENV AUTO_GOPATH 1
ENV DOCKER_BUILDTAGS apparmor selinux

15
vendor/github.com/hyperhq/hypercli/contrib/builder/deb/amd64/debian-stretch/Dockerfile generated vendored Normal file
View File

@@ -0,0 +1,15 @@
#
# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/amd64/generate.sh"!
#
FROM debian:stretch
RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libseccomp-dev libsqlite3-dev pkg-config libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
ENV GO_VERSION 1.5.3
RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
ENV PATH $PATH:/usr/local/go/bin
ENV AUTO_GOPATH 1
ENV DOCKER_BUILDTAGS apparmor seccomp selinux

16
vendor/github.com/hyperhq/hypercli/contrib/builder/deb/amd64/debian-wheezy/Dockerfile generated vendored Normal file
View File

@@ -0,0 +1,16 @@
#
# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/amd64/generate.sh"!
#
FROM debian:wheezy-backports
RUN apt-get update && apt-get install -y -t wheezy-backports btrfs-tools --no-install-recommends && rm -rf /var/lib/apt/lists/*
RUN apt-get update && apt-get install -y apparmor bash-completion build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev pkg-config --no-install-recommends && rm -rf /var/lib/apt/lists/*
ENV GO_VERSION 1.5.3
RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
ENV PATH $PATH:/usr/local/go/bin
ENV AUTO_GOPATH 1
ENV DOCKER_BUILDTAGS apparmor selinux

127
vendor/github.com/hyperhq/hypercli/contrib/builder/deb/amd64/generate.sh generated vendored Executable file
View File

@@ -0,0 +1,127 @@
#!/bin/bash
set -e
# usage: ./generate.sh [versions]
# ie: ./generate.sh
# to update all Dockerfiles in this directory
# or: ./generate.sh debian-jessie
# to only update debian-jessie/Dockerfile
# or: ./generate.sh debian-newversion
# to create a new folder and a Dockerfile within it
cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
versions=( "$@" )
if [ ${#versions[@]} -eq 0 ]; then
versions=( */ )
fi
versions=( "${versions[@]%/}" )
for version in "${versions[@]}"; do
distro="${version%-*}"
suite="${version##*-}"
from="${distro}:${suite}"
case "$from" in
debian:wheezy)
# add -backports, like our users have to
from+='-backports'
;;
esac
mkdir -p "$version"
echo "$version -> FROM $from"
cat > "$version/Dockerfile" <<-EOF
#
# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/amd64/generate.sh"!
#
FROM $from
EOF
echo >> "$version/Dockerfile"
extraBuildTags=
# this list is sorted alphabetically; please keep it that way
packages=(
apparmor # for apparmor_parser for testing the profile
bash-completion # for bash-completion debhelper integration
btrfs-tools # for "btrfs/ioctl.h" (and "version.h" if possible)
build-essential # "essential for building Debian packages"
curl ca-certificates # for downloading Go
debhelper # for easy ".deb" building
dh-apparmor # for apparmor debhelper
dh-systemd # for systemd debhelper integration
git # for "git commit" info in "docker -v"
libapparmor-dev # for "sys/apparmor.h"
libdevmapper-dev # for "libdevmapper.h"
libltdl-dev # for pkcs11 "ltdl.h"
libseccomp-dev # for "seccomp.h" & "libseccomp.so"
libsqlite3-dev # for "sqlite3.h"
pkg-config # for detecting things like libsystemd-journal dynamically
)
# packaging for "sd-journal.h" and libraries varies
case "$suite" in
precise|wheezy) ;;
sid|stretch|wily) packages+=( libsystemd-dev );;
*) packages+=( libsystemd-journal-dev );;
esac
# debian wheezy & ubuntu precise do not have the right libseccomp libs
# debian jessie & ubuntu trusty have a libseccomp < 2.2.1 :(
case "$suite" in
precise|wheezy|jessie|trusty)
packages=( "${packages[@]/libseccomp-dev}" )
;;
*)
extraBuildTags+=' seccomp'
;;
esac
if [ "$suite" = 'precise' ]; then
# precise has a few package issues
# - dh-systemd doesn't exist at all
packages=( "${packages[@]/dh-systemd}" )
# - libdevmapper-dev is missing critical structs (too old)
packages=( "${packages[@]/libdevmapper-dev}" )
extraBuildTags+=' exclude_graphdriver_devicemapper'
# - btrfs-tools is missing "ioctl.h" (too old), so it's useless
# (since kernels on precise are old too, just skip btrfs entirely)
packages=( "${packages[@]/btrfs-tools}" )
extraBuildTags+=' exclude_graphdriver_btrfs'
fi
if [ "$suite" = 'wheezy' ]; then
# pull a couple packages from backports explicitly
# (build failures otherwise)
backportsPackages=( btrfs-tools libsystemd-journal-dev )
for pkg in "${backportsPackages[@]}"; do
packages=( "${packages[@]/$pkg}" )
done
echo "RUN apt-get update && apt-get install -y -t $suite-backports ${backportsPackages[*]} --no-install-recommends && rm -rf /var/lib/apt/lists/*" >> "$version/Dockerfile"
fi
echo "RUN apt-get update && apt-get install -y ${packages[*]} --no-install-recommends && rm -rf /var/lib/apt/lists/*" >> "$version/Dockerfile"
echo >> "$version/Dockerfile"
awk '$1 == "ENV" && $2 == "GO_VERSION" { print; exit }' ../../../../Dockerfile >> "$version/Dockerfile"
echo 'RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local' >> "$version/Dockerfile"
echo 'ENV PATH $PATH:/usr/local/go/bin' >> "$version/Dockerfile"
echo >> "$version/Dockerfile"
echo 'ENV AUTO_GOPATH 1' >> "$version/Dockerfile"
echo >> "$version/Dockerfile"
# print build tags in alphabetical order
buildTags=$( echo "apparmor selinux $extraBuildTags" | xargs -n1 | sort -n | tr '\n' ' ' | sed -e 's/[[:space:]]*$//' )
echo "ENV DOCKER_BUILDTAGS $buildTags" >> "$version/Dockerfile"
done

15
vendor/github.com/hyperhq/hypercli/contrib/builder/deb/amd64/ubuntu-precise/Dockerfile generated vendored Normal file
View File

@@ -0,0 +1,15 @@
#
# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/amd64/generate.sh"!
#
FROM ubuntu:precise
RUN apt-get update && apt-get install -y apparmor bash-completion build-essential curl ca-certificates debhelper dh-apparmor git libapparmor-dev libltdl-dev libsqlite3-dev pkg-config --no-install-recommends && rm -rf /var/lib/apt/lists/*
ENV GO_VERSION 1.5.3
RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
ENV PATH $PATH:/usr/local/go/bin
ENV AUTO_GOPATH 1
ENV DOCKER_BUILDTAGS apparmor exclude_graphdriver_btrfs exclude_graphdriver_devicemapper selinux

15
vendor/github.com/hyperhq/hypercli/contrib/builder/deb/amd64/ubuntu-trusty/Dockerfile generated vendored Normal file
View File

@@ -0,0 +1,15 @@
#
# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/amd64/generate.sh"!
#
FROM ubuntu:trusty
RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev pkg-config libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
ENV GO_VERSION 1.5.3
RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
ENV PATH $PATH:/usr/local/go/bin
ENV AUTO_GOPATH 1
ENV DOCKER_BUILDTAGS apparmor selinux

15
vendor/github.com/hyperhq/hypercli/contrib/builder/deb/amd64/ubuntu-wily/Dockerfile generated vendored Normal file
View File

@@ -0,0 +1,15 @@
#
# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/deb/amd64/generate.sh"!
#
FROM ubuntu:wily
RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libseccomp-dev libsqlite3-dev pkg-config libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
ENV GO_VERSION 1.5.3
RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
ENV PATH $PATH:/usr/local/go/bin
ENV AUTO_GOPATH 1
ENV DOCKER_BUILDTAGS apparmor seccomp selinux

10
vendor/github.com/hyperhq/hypercli/contrib/builder/deb/armhf/debian-jessie/Dockerfile generated vendored Normal file
View File

@@ -0,0 +1,10 @@
FROM armhf/debian:jessie
RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libsqlite3-dev libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
ENV GO_VERSION 1.4.3
RUN curl -fSL "https://github.com/hypriot/golang-armbuilds/releases/download/v${GO_VERSION}/go${GO_VERSION}.linux-armv7.tar.gz" | tar xzC /usr/local
ENV PATH $PATH:/usr/local/go/bin
ENV AUTO_GOPATH 1
ENV DOCKER_BUILDTAGS apparmor selinux

5
vendor/github.com/hyperhq/hypercli/contrib/builder/rpm/amd64/README.md generated vendored Normal file
View File

@@ -0,0 +1,5 @@
# `dockercore/builder-rpm`
This image's tags contain the dependencies for building Docker `.rpm`s for each of the RPM-based platforms Docker targets.
To add new tags, see [`contrib/builder/rpm/amd64` in https://github.com/docker/docker](https://github.com/docker/docker/tree/master/contrib/builder/rpm/amd64), specifically the `generate.sh` script, whose usage is described in a comment at the top of the file.

10
vendor/github.com/hyperhq/hypercli/contrib/builder/rpm/amd64/build.sh generated vendored Executable file
View File

@@ -0,0 +1,10 @@
#!/bin/bash
set -e
cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
set -x
./generate.sh
for d in */; do
docker build -t "dockercore/builder-rpm:$(basename "$d")" "$d"
done

18
vendor/github.com/hyperhq/hypercli/contrib/builder/rpm/amd64/centos-7/Dockerfile generated vendored Normal file
View File

@@ -0,0 +1,18 @@
#
# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/rpm/amd64/generate.sh"!
#
FROM centos:7
RUN yum groupinstall -y "Development Tools"
RUN yum -y swap -- remove systemd-container systemd-container-libs -- install systemd systemd-libs
RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static libselinux-devel libtool-ltdl-devel pkgconfig selinux-policy selinux-policy-devel sqlite-devel systemd-devel tar
ENV GO_VERSION 1.5.3
RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
ENV PATH $PATH:/usr/local/go/bin
ENV AUTO_GOPATH 1
ENV DOCKER_BUILDTAGS selinux

17
vendor/github.com/hyperhq/hypercli/contrib/builder/rpm/amd64/fedora-22/Dockerfile generated vendored Normal file
View File

@@ -0,0 +1,17 @@
#
# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/rpm/amd64/generate.sh"!
#
FROM fedora:22
RUN dnf install -y @development-tools fedora-packager
RUN dnf install -y btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel pkgconfig selinux-policy selinux-policy-devel sqlite-devel systemd-devel tar
ENV GO_VERSION 1.5.3
RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
ENV PATH $PATH:/usr/local/go/bin
ENV AUTO_GOPATH 1
ENV DOCKER_BUILDTAGS seccomp selinux

17
vendor/github.com/hyperhq/hypercli/contrib/builder/rpm/amd64/fedora-23/Dockerfile generated vendored Normal file
View File

@@ -0,0 +1,17 @@
#
# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/rpm/amd64/generate.sh"!
#
FROM fedora:23
RUN dnf install -y @development-tools fedora-packager
RUN dnf install -y btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel pkgconfig selinux-policy selinux-policy-devel sqlite-devel systemd-devel tar
ENV GO_VERSION 1.5.3
RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
ENV PATH $PATH:/usr/local/go/bin
ENV AUTO_GOPATH 1
ENV DOCKER_BUILDTAGS seccomp selinux

169
vendor/github.com/hyperhq/hypercli/contrib/builder/rpm/amd64/generate.sh generated vendored Executable file
View File

@@ -0,0 +1,169 @@
#!/bin/bash
set -e
# usage: ./generate.sh [versions]
# ie: ./generate.sh
# to update all Dockerfiles in this directory
# or: ./generate.sh
# to only update fedora-23/Dockerfile
# or: ./generate.sh fedora-newversion
# to create a new folder and a Dockerfile within it
cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
versions=( "$@" )
if [ ${#versions[@]} -eq 0 ]; then
versions=( */ )
fi
versions=( "${versions[@]%/}" )
for version in "${versions[@]}"; do
distro="${version%-*}"
suite="${version##*-}"
from="${distro}:${suite}"
installer=yum
if [[ "$distro" == "fedora" ]]; then
installer=dnf
fi
mkdir -p "$version"
echo "$version -> FROM $from"
cat > "$version/Dockerfile" <<-EOF
#
# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/rpm/amd64/generate.sh"!
#
FROM $from
EOF
echo >> "$version/Dockerfile"
extraBuildTags=
case "$from" in
centos:*)
# get "Development Tools" packages dependencies
echo 'RUN yum groupinstall -y "Development Tools"' >> "$version/Dockerfile"
if [[ "$version" == "centos-7" ]]; then
echo 'RUN yum -y swap -- remove systemd-container systemd-container-libs -- install systemd systemd-libs' >> "$version/Dockerfile"
fi
;;
oraclelinux:*)
# get "Development Tools" packages and dependencies
# we also need yum-utils for yum-config-manager to pull the latest repo file
echo 'RUN yum groupinstall -y "Development Tools"' >> "$version/Dockerfile"
;;
opensuse:*)
# get rpm-build and curl packages and dependencies
echo 'RUN zypper --non-interactive install ca-certificates* curl gzip rpm-build' >> "$version/Dockerfile"
;;
*)
echo "RUN ${installer} install -y @development-tools fedora-packager" >> "$version/Dockerfile"
;;
esac
# this list is sorted alphabetically; please keep it that way
packages=(
btrfs-progs-devel # for "btrfs/ioctl.h" (and "version.h" if possible)
device-mapper-devel # for "libdevmapper.h"
glibc-static
libseccomp-devel # for "seccomp.h" & "libseccomp.so"
libselinux-devel # for "libselinux.so"
libtool-ltdl-devel # for pkcs11 "ltdl.h"
pkgconfig # for the pkg-config command
selinux-policy
selinux-policy-devel
sqlite-devel # for "sqlite3.h"
systemd-devel # for "sd-journal.h" and libraries
tar # older versions of dev-tools do not have tar
)
case "$from" in
oraclelinux:7)
# Enable the optional repository
packages=( --enablerepo=ol7_optional_latest "${packages[*]}" )
;;
esac
case "$from" in
oraclelinux:6)
# doesn't use systemd, doesn't have a devel package for it
packages=( "${packages[@]/systemd-devel}" )
;;
esac
# opensuse & oraclelinx:6 do not have the right libseccomp libs
# centos:7 and oraclelinux:7 have a libseccomp < 2.2.1 :(
case "$from" in
opensuse:*|oraclelinux:*|centos:7)
packages=( "${packages[@]/libseccomp-devel}" )
;;
*)
extraBuildTags+=' seccomp'
;;
esac
case "$from" in
opensuse:*)
packages=( "${packages[@]/btrfs-progs-devel/libbtrfs-devel}" )
packages=( "${packages[@]/pkgconfig/pkg-config}" )
if [[ "$from" == "opensuse:13."* ]]; then
packages+=( systemd-rpm-macros )
fi
# use zypper
echo "RUN zypper --non-interactive install ${packages[*]}" >> "$version/Dockerfile"
;;
*)
echo "RUN ${installer} install -y ${packages[*]}" >> "$version/Dockerfile"
;;
esac
echo >> "$version/Dockerfile"
case "$from" in
oraclelinux:6)
# We need a known version of the kernel-uek-devel headers to set CGO_CPPFLAGS, so grab the UEKR4 GA version
# This requires using yum-config-manager from yum-utils to enable the UEKR4 yum repo
echo "RUN yum install -y yum-utils && curl -o /etc/yum.repos.d/public-yum-ol6.repo http://yum.oracle.com/public-yum-ol6.repo && yum-config-manager -q --enable ol6_UEKR4" >> "$version/Dockerfile"
echo "RUN yum install -y kernel-uek-devel-4.1.12-32.el6uek" >> "$version/Dockerfile"
echo >> "$version/Dockerfile"
;;
*) ;;
esac
awk '$1 == "ENV" && $2 == "GO_VERSION" { print; exit }' ../../../../Dockerfile >> "$version/Dockerfile"
echo 'RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local' >> "$version/Dockerfile"
echo 'ENV PATH $PATH:/usr/local/go/bin' >> "$version/Dockerfile"
echo >> "$version/Dockerfile"
echo 'ENV AUTO_GOPATH 1' >> "$version/Dockerfile"
echo >> "$version/Dockerfile"
# print build tags in alphabetical order
buildTags=$( echo "selinux $extraBuildTags" | xargs -n1 | sort -n | tr '\n' ' ' | sed -e 's/[[:space:]]*$//' )
echo "ENV DOCKER_BUILDTAGS $buildTags" >> "$version/Dockerfile"
echo >> "$version/Dockerfile"
case "$from" in
oraclelinux:6)
# We need to set the CGO_CPPFLAGS environment to use the updated UEKR4 headers with all the userns stuff.
# The ordering is very important and should not be changed.
echo 'ENV CGO_CPPFLAGS -D__EXPORTED_HEADERS__ \' >> "$version/Dockerfile"
echo ' -I/usr/src/kernels/4.1.12-32.el6uek.x86_64/arch/x86/include/generated/uapi \' >> "$version/Dockerfile"
echo ' -I/usr/src/kernels/4.1.12-32.el6uek.x86_64/arch/x86/include/uapi \' >> "$version/Dockerfile"
echo ' -I/usr/src/kernels/4.1.12-32.el6uek.x86_64/include/generated/uapi \' >> "$version/Dockerfile"
echo ' -I/usr/src/kernels/4.1.12-32.el6uek.x86_64/include/uapi \' >> "$version/Dockerfile"
echo ' -I/usr/src/kernels/4.1.12-32.el6uek.x86_64/include' >> "$version/Dockerfile"
echo >> "$version/Dockerfile"
;;
*) ;;
esac
done

17
vendor/github.com/hyperhq/hypercli/contrib/builder/rpm/amd64/opensuse-13.2/Dockerfile generated vendored Normal file
View File

@@ -0,0 +1,17 @@
#
# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/rpm/amd64/generate.sh"!
#
FROM opensuse:13.2
RUN zypper --non-interactive install ca-certificates* curl gzip rpm-build
RUN zypper --non-interactive install libbtrfs-devel device-mapper-devel glibc-static libselinux-devel libtool-ltdl-devel pkg-config selinux-policy selinux-policy-devel sqlite-devel systemd-devel tar systemd-rpm-macros
ENV GO_VERSION 1.5.3
RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
ENV PATH $PATH:/usr/local/go/bin
ENV AUTO_GOPATH 1
ENV DOCKER_BUILDTAGS selinux

27
vendor/github.com/hyperhq/hypercli/contrib/builder/rpm/amd64/oraclelinux-6/Dockerfile generated vendored Normal file
View File

@@ -0,0 +1,27 @@
#
# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/rpm/amd64/generate.sh"!
#
FROM oraclelinux:6
RUN yum groupinstall -y "Development Tools"
RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static libselinux-devel libtool-ltdl-devel pkgconfig selinux-policy selinux-policy-devel sqlite-devel tar
RUN yum install -y yum-utils && curl -o /etc/yum.repos.d/public-yum-ol6.repo http://yum.oracle.com/public-yum-ol6.repo && yum-config-manager -q --enable ol6_UEKR4
RUN yum install -y kernel-uek-devel-4.1.12-32.el6uek
ENV GO_VERSION 1.5.3
RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
ENV PATH $PATH:/usr/local/go/bin
ENV AUTO_GOPATH 1
ENV DOCKER_BUILDTAGS selinux
ENV CGO_CPPFLAGS -D__EXPORTED_HEADERS__ \
-I/usr/src/kernels/4.1.12-32.el6uek.x86_64/arch/x86/include/generated/uapi \
-I/usr/src/kernels/4.1.12-32.el6uek.x86_64/arch/x86/include/uapi \
-I/usr/src/kernels/4.1.12-32.el6uek.x86_64/include/generated/uapi \
-I/usr/src/kernels/4.1.12-32.el6uek.x86_64/include/uapi \
-I/usr/src/kernels/4.1.12-32.el6uek.x86_64/include

17
vendor/github.com/hyperhq/hypercli/contrib/builder/rpm/amd64/oraclelinux-7/Dockerfile generated vendored Normal file
View File

@@ -0,0 +1,17 @@
#
# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/rpm/amd64/generate.sh"!
#
FROM oraclelinux:7
RUN yum groupinstall -y "Development Tools"
RUN yum install -y --enablerepo=ol7_optional_latest btrfs-progs-devel device-mapper-devel glibc-static libselinux-devel libtool-ltdl-devel pkgconfig selinux-policy selinux-policy-devel sqlite-devel systemd-devel tar
ENV GO_VERSION 1.5.3
RUN curl -fSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local
ENV PATH $PATH:/usr/local/go/bin
ENV AUTO_GOPATH 1
ENV DOCKER_BUILDTAGS selinux

251
vendor/github.com/hyperhq/hypercli/contrib/check-config.sh generated vendored Executable file
View File

@@ -0,0 +1,251 @@
#!/usr/bin/env bash
set -e
# bits of this were adapted from lxc-checkconfig
# see also https://github.com/lxc/lxc/blob/lxc-1.0.2/src/lxc/lxc-checkconfig.in
possibleConfigs=(
'/proc/config.gz'
"/boot/config-$(uname -r)"
"/usr/src/linux-$(uname -r)/.config"
'/usr/src/linux/.config'
)
if [ $# -gt 0 ]; then
CONFIG="$1"
else
: ${CONFIG:="${possibleConfigs[0]}"}
fi
if ! command -v zgrep &> /dev/null; then
zgrep() {
zcat "$2" | grep "$1"
}
fi
kernelVersion="$(uname -r)"
kernelMajor="${kernelVersion%%.*}"
kernelMinor="${kernelVersion#$kernelMajor.}"
kernelMinor="${kernelMinor%%.*}"
is_set() {
zgrep "CONFIG_$1=[y|m]" "$CONFIG" > /dev/null
}
is_set_in_kernel() {
zgrep "CONFIG_$1=y" "$CONFIG" > /dev/null
}
is_set_as_module() {
zgrep "CONFIG_$1=m" "$CONFIG" > /dev/null
}
color() {
local codes=()
if [ "$1" = 'bold' ]; then
codes=( "${codes[@]}" '1' )
shift
fi
if [ "$#" -gt 0 ]; then
local code=
case "$1" in
# see https://en.wikipedia.org/wiki/ANSI_escape_code#Colors
black) code=30 ;;
red) code=31 ;;
green) code=32 ;;
yellow) code=33 ;;
blue) code=34 ;;
magenta) code=35 ;;
cyan) code=36 ;;
white) code=37 ;;
esac
if [ "$code" ]; then
codes=( "${codes[@]}" "$code" )
fi
fi
local IFS=';'
echo -en '\033['"${codes[*]}"'m'
}
wrap_color() {
text="$1"
shift
color "$@"
echo -n "$text"
color reset
echo
}
wrap_good() {
echo "$(wrap_color "$1" white): $(wrap_color "$2" green)"
}
wrap_bad() {
echo "$(wrap_color "$1" bold): $(wrap_color "$2" bold red)"
}
wrap_warning() {
wrap_color >&2 "$*" red
}
check_flag() {
if is_set_in_kernel "$1"; then
wrap_good "CONFIG_$1" 'enabled'
elif is_set_as_module "$1"; then
wrap_good "CONFIG_$1" 'enabled (as module)'
else
wrap_bad "CONFIG_$1" 'missing'
fi
}
check_flags() {
for flag in "$@"; do
echo "- $(check_flag "$flag")"
done
}
check_command() {
if command -v "$1" >/dev/null 2>&1; then
wrap_good "$1 command" 'available'
else
wrap_bad "$1 command" 'missing'
fi
}
check_device() {
if [ -c "$1" ]; then
wrap_good "$1" 'present'
else
wrap_bad "$1" 'missing'
fi
}
if [ ! -e "$CONFIG" ]; then
wrap_warning "warning: $CONFIG does not exist, searching other paths for kernel config ..."
for tryConfig in "${possibleConfigs[@]}"; do
if [ -e "$tryConfig" ]; then
CONFIG="$tryConfig"
break
fi
done
if [ ! -e "$CONFIG" ]; then
wrap_warning "error: cannot find kernel config"
wrap_warning " try running this script again, specifying the kernel config:"
wrap_warning " CONFIG=/path/to/kernel/.config $0 or $0 /path/to/kernel/.config"
exit 1
fi
fi
wrap_color "info: reading kernel config from $CONFIG ..." white
echo
echo 'Generally Necessary:'
echo -n '- '
cgroupSubsystemDir="$(awk '/[, ](cpu|cpuacct|cpuset|devices|freezer|memory)[, ]/ && $3 == "cgroup" { print $2 }' /proc/mounts | head -n1)"
cgroupDir="$(dirname "$cgroupSubsystemDir")"
if [ -d "$cgroupDir/cpu" -o -d "$cgroupDir/cpuacct" -o -d "$cgroupDir/cpuset" -o -d "$cgroupDir/devices" -o -d "$cgroupDir/freezer" -o -d "$cgroupDir/memory" ]; then
echo "$(wrap_good 'cgroup hierarchy' 'properly mounted') [$cgroupDir]"
else
if [ "$cgroupSubsystemDir" ]; then
echo "$(wrap_bad 'cgroup hierarchy' 'single mountpoint!') [$cgroupSubsystemDir]"
else
echo "$(wrap_bad 'cgroup hierarchy' 'nonexistent??')"
fi
echo " $(wrap_color '(see https://github.com/tianon/cgroupfs-mount)' yellow)"
fi
if [ "$(cat /sys/module/apparmor/parameters/enabled 2>/dev/null)" = 'Y' ]; then
echo -n '- '
if command -v apparmor_parser &> /dev/null; then
echo "$(wrap_good 'apparmor' 'enabled and tools installed')"
else
echo "$(wrap_bad 'apparmor' 'enabled, but apparmor_parser missing')"
echo -n ' '
if command -v apt-get &> /dev/null; then
echo "$(wrap_color '(use "apt-get install apparmor" to fix this)')"
elif command -v yum &> /dev/null; then
echo "$(wrap_color '(your best bet is "yum install apparmor-parser")')"
else
echo "$(wrap_color '(look for an "apparmor" package for your distribution)')"
fi
fi
fi
flags=(
NAMESPACES {NET,PID,IPC,UTS}_NS
DEVPTS_MULTIPLE_INSTANCES
CGROUPS CGROUP_CPUACCT CGROUP_DEVICE CGROUP_FREEZER CGROUP_SCHED CPUSETS MEMCG
MACVLAN VETH BRIDGE BRIDGE_NETFILTER
NF_NAT_IPV4 IP_NF_FILTER IP_NF_TARGET_MASQUERADE
NETFILTER_XT_MATCH_{ADDRTYPE,CONNTRACK}
NF_NAT NF_NAT_NEEDED
# required for bind-mounting /dev/mqueue into containers
POSIX_MQUEUE
)
check_flags "${flags[@]}"
echo
echo 'Optional Features:'
{
check_flags USER_NS
}
{
check_flags SECCOMP
}
{
check_flags MEMCG_KMEM MEMCG_SWAP MEMCG_SWAP_ENABLED
if is_set MEMCG_SWAP && ! is_set MEMCG_SWAP_ENABLED; then
echo " $(wrap_color '(note that cgroup swap accounting is not enabled in your kernel config, you can enable it by setting boot option "swapaccount=1")' bold black)"
fi
}
if [ "$kernelMajor" -lt 3 ] || [ "$kernelMajor" -eq 3 -a "$kernelMinor" -le 18 ]; then
check_flags RESOURCE_COUNTERS
fi
if [ "$kernelMajor" -lt 3 ] || [ "$kernelMajor" -eq 3 -a "$kernelMinor" -le 13 ]; then
netprio=NETPRIO_CGROUP
else
netprio=CGROUP_NET_PRIO
fi
flags=(
BLK_CGROUP IOSCHED_CFQ BLK_DEV_THROTTLING
CGROUP_PERF
CGROUP_HUGETLB
NET_CLS_CGROUP $netprio
CFS_BANDWIDTH FAIR_GROUP_SCHED RT_GROUP_SCHED
)
check_flags "${flags[@]}"
check_flags EXT3_FS EXT3_FS_XATTR EXT3_FS_POSIX_ACL EXT3_FS_SECURITY
if ! is_set EXT3_FS || ! is_set EXT3_FS_XATTR || ! is_set EXT3_FS_POSIX_ACL || ! is_set EXT3_FS_SECURITY; then
echo " $(wrap_color '(enable these ext3 configs if you are using ext3 as backing filesystem)' bold black)"
fi
check_flags EXT4_FS EXT4_FS_POSIX_ACL EXT4_FS_SECURITY
if ! is_set EXT4_FS || ! is_set EXT4_FS_POSIX_ACL || ! is_set EXT4_FS_SECURITY; then
echo " $(wrap_color 'enable these ext4 configs if you are using ext4 as backing filesystem' bold black)"
fi
echo '- Storage Drivers:'
{
echo '- "'$(wrap_color 'aufs' blue)'":'
check_flags AUFS_FS | sed 's/^/ /'
if ! is_set AUFS_FS && grep -q aufs /proc/filesystems; then
echo " $(wrap_color '(note that some kernels include AUFS patches but not the AUFS_FS flag)' bold black)"
fi
echo '- "'$(wrap_color 'btrfs' blue)'":'
check_flags BTRFS_FS | sed 's/^/ /'
echo '- "'$(wrap_color 'devicemapper' blue)'":'
check_flags BLK_DEV_DM DM_THIN_PROVISIONING | sed 's/^/ /'
echo '- "'$(wrap_color 'overlay' blue)'":'
check_flags OVERLAY_FS | sed 's/^/ /'
echo '- "'$(wrap_color 'zfs' blue)'":'
echo " - $(check_device /dev/zfs)"
echo " - $(check_command zfs)"
echo " - $(check_command zpool)"
} | sed 's/^/ /'
echo

2
vendor/github.com/hyperhq/hypercli/contrib/completion/REVIEWERS generated vendored Normal file
View File

@@ -0,0 +1,2 @@
Tianon Gravi <admwiggin@gmail.com> (@tianon)
Jessie Frazelle <jess@docker.com> (@jfrazelle)

2194
vendor/github.com/hyperhq/hypercli/contrib/completion/bash/docker generated vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1742
vendor/github.com/hyperhq/hypercli/contrib/completion/bash/hyper generated vendored Normal file
View File

File diff suppressed because it is too large Load Diff

402
vendor/github.com/hyperhq/hypercli/contrib/completion/fish/docker.fish generated vendored Normal file
View File

@@ -0,0 +1,402 @@
# docker.fish - docker completions for fish shell
#
# This file is generated by gen_docker_fish_completions.py from:
# https://github.com/barnybug/docker-fish-completion
#
# To install the completions:
# mkdir -p ~/.config/fish/completions
# cp docker.fish ~/.config/fish/completions
#
# Completion supported:
# - parameters
# - commands
# - containers
# - images
# - repositories
function __fish_docker_no_subcommand --description 'Test if docker has yet to be given the subcommand'
for i in (commandline -opc)
if contains -- $i attach build commit cp create diff events exec export history images import info inspect kill load login logout logs pause port ps pull push rename restart rm rmi run save search start stop tag top unpause version wait stats
return 1
end
end
return 0
end
function __fish_print_docker_containers --description 'Print a list of docker containers' -a select
switch $select
case running
docker ps -a --no-trunc | command awk 'NR>1' | command awk 'BEGIN {FS=" +"}; $5 ~ "^Up" {print $1 "\n" $(NF)}' | tr ',' '\n'
case stopped
docker ps -a --no-trunc | command awk 'NR>1' | command awk 'BEGIN {FS=" +"}; $5 ~ "^Exit" {print $1 "\n" $(NF)}' | tr ',' '\n'
case all
docker ps -a --no-trunc | command awk 'NR>1' | command awk 'BEGIN {FS=" +"}; {print $1 "\n" $(NF)}' | tr ',' '\n'
end
end
function __fish_print_docker_images --description 'Print a list of docker images'
docker images | command awk 'NR>1' | command grep -v '<none>' | command awk '{print $1":"$2}'
end
function __fish_print_docker_repositories --description 'Print a list of docker repositories'
docker images | command awk 'NR>1' | command grep -v '<none>' | command awk '{print $1}' | command sort | command uniq
end
# common options
complete -c docker -f -n '__fish_docker_no_subcommand' -l api-cors-header -d "Set CORS headers in the remote API. Default is cors disabled"
complete -c docker -f -n '__fish_docker_no_subcommand' -s b -l bridge -d 'Attach containers to a pre-existing network bridge'
complete -c docker -f -n '__fish_docker_no_subcommand' -l bip -d "Use this CIDR notation address for the network bridge's IP, not compatible with -b"
complete -c docker -f -n '__fish_docker_no_subcommand' -s D -l debug -d 'Enable debug mode'
complete -c docker -f -n '__fish_docker_no_subcommand' -s d -l daemon -d 'Enable daemon mode'
complete -c docker -f -n '__fish_docker_no_subcommand' -l dns -d 'Force Docker to use specific DNS servers'
complete -c docker -f -n '__fish_docker_no_subcommand' -l dns-opt -d 'Force Docker to use specific DNS options'
complete -c docker -f -n '__fish_docker_no_subcommand' -l dns-search -d 'Force Docker to use specific DNS search domains'
complete -c docker -f -n '__fish_docker_no_subcommand' -l exec-opt -d 'Set exec driver options'
complete -c docker -f -n '__fish_docker_no_subcommand' -l fixed-cidr -d 'IPv4 subnet for fixed IPs (e.g. 10.20.0.0/16)'
complete -c docker -f -n '__fish_docker_no_subcommand' -l fixed-cidr-v6 -d 'IPv6 subnet for fixed IPs (e.g.: 2001:a02b/48)'
complete -c docker -f -n '__fish_docker_no_subcommand' -s G -l group -d 'Group to assign the unix socket specified by -H when running in daemon mode'
complete -c docker -f -n '__fish_docker_no_subcommand' -s g -l graph -d 'Path to use as the root of the Docker runtime'
complete -c docker -f -n '__fish_docker_no_subcommand' -s H -l host -d 'The socket(s) to bind to in daemon mode or connect to in client mode, specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd.'
complete -c docker -f -n '__fish_docker_no_subcommand' -s h -l help -d 'Print usage'
complete -c docker -f -n '__fish_docker_no_subcommand' -l icc -d 'Allow unrestricted inter-container and Docker daemon host communication'
complete -c docker -f -n '__fish_docker_no_subcommand' -l insecure-registry -d 'Enable insecure communication with specified registries (no certificate verification for HTTPS and enable HTTP fallback) (e.g., localhost:5000 or 10.20.0.0/16)'
complete -c docker -f -n '__fish_docker_no_subcommand' -l ip -d 'Default IP address to use when binding container ports'
complete -c docker -f -n '__fish_docker_no_subcommand' -l ip-forward -d 'Enable net.ipv4.ip_forward and IPv6 forwarding if --fixed-cidr-v6 is defined. IPv6 forwarding may interfere with your existing IPv6 configuration when using Router Advertisement.'
complete -c docker -f -n '__fish_docker_no_subcommand' -l ip-masq -d "Enable IP masquerading for bridge's IP range"
complete -c docker -f -n '__fish_docker_no_subcommand' -l iptables -d "Enable Docker's addition of iptables rules"
complete -c docker -f -n '__fish_docker_no_subcommand' -l ipv6 -d 'Enable IPv6 networking'
complete -c docker -f -n '__fish_docker_no_subcommand' -s l -l log-level -d 'Set the logging level (debug, info, warn, error, fatal)'
complete -c docker -f -n '__fish_docker_no_subcommand' -l label -d 'Set key=value labels to the daemon (displayed in `docker info`)'
complete -c docker -f -n '__fish_docker_no_subcommand' -l mtu -d 'Set the containers network MTU'
complete -c docker -f -n '__fish_docker_no_subcommand' -s p -l pidfile -d 'Path to use for daemon PID file'
complete -c docker -f -n '__fish_docker_no_subcommand' -l registry-mirror -d 'Specify a preferred Docker registry mirror'
complete -c docker -f -n '__fish_docker_no_subcommand' -s s -l storage-driver -d 'Force the Docker runtime to use a specific storage driver'
complete -c docker -f -n '__fish_docker_no_subcommand' -l selinux-enabled -d 'Enable selinux support. SELinux does not presently support the BTRFS storage driver'
complete -c docker -f -n '__fish_docker_no_subcommand' -l storage-opt -d 'Set storage driver options'
complete -c docker -f -n '__fish_docker_no_subcommand' -l tls -d 'Use TLS; implied by --tlsverify'
complete -c docker -f -n '__fish_docker_no_subcommand' -l tlscacert -d 'Trust only remotes providing a certificate signed by the CA given here'
complete -c docker -f -n '__fish_docker_no_subcommand' -l tlscert -d 'Path to TLS certificate file'
complete -c docker -f -n '__fish_docker_no_subcommand' -l tlskey -d 'Path to TLS key file'
complete -c docker -f -n '__fish_docker_no_subcommand' -l tlsverify -d 'Use TLS and verify the remote (daemon: verify client, client: verify daemon)'
complete -c docker -f -n '__fish_docker_no_subcommand' -s v -l version -d 'Print version information and quit'
# subcommands
# attach
complete -c docker -f -n '__fish_docker_no_subcommand' -a attach -d 'Attach to a running container'
complete -c docker -A -f -n '__fish_seen_subcommand_from attach' -l help -d 'Print usage'
complete -c docker -A -f -n '__fish_seen_subcommand_from attach' -l no-stdin -d 'Do not attach STDIN'
complete -c docker -A -f -n '__fish_seen_subcommand_from attach' -l sig-proxy -d 'Proxy all received signals to the process (non-TTY mode only). SIGCHLD, SIGKILL, and SIGSTOP are not proxied.'
complete -c docker -A -f -n '__fish_seen_subcommand_from attach' -a '(__fish_print_docker_containers running)' -d "Container"
# build
complete -c docker -f -n '__fish_docker_no_subcommand' -a build -d 'Build an image from a Dockerfile'
complete -c docker -A -f -n '__fish_seen_subcommand_from build' -s f -l file -d "Name of the Dockerfile(Default is 'Dockerfile' at context root)"
complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l force-rm -d 'Always remove intermediate containers, even after unsuccessful builds'
complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l help -d 'Print usage'
complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l no-cache -d 'Do not use cache when building the image'
complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l pull -d 'Always attempt to pull a newer version of the image'
complete -c docker -A -f -n '__fish_seen_subcommand_from build' -s q -l quiet -d 'Suppress the build output and print image ID on success'
complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l rm -d 'Remove intermediate containers after a successful build'
complete -c docker -A -f -n '__fish_seen_subcommand_from build' -s t -l tag -d 'Repository name (and optionally a tag) to be applied to the resulting image in case of success'
# commit
complete -c docker -f -n '__fish_docker_no_subcommand' -a commit -d "Create a new image from a container's changes"
complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -s a -l author -d 'Author (e.g., "John Hannibal Smith <hannibal@a-team.com>")'
complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -l help -d 'Print usage'
complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -s m -l message -d 'Commit message'
complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -s p -l pause -d 'Pause container during commit'
complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -a '(__fish_print_docker_containers all)' -d "Container"
# cp
complete -c docker -f -n '__fish_docker_no_subcommand' -a cp -d "Copy files/folders between a container and the local filesystem"
complete -c docker -A -f -n '__fish_seen_subcommand_from cp' -l help -d 'Print usage'
# create
complete -c docker -f -n '__fish_docker_no_subcommand' -a create -d 'Create a new container'
complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s a -l attach -d 'Attach to STDIN, STDOUT or STDERR.'
complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l add-host -d 'Add a custom host-to-IP mapping (host:ip)'
complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l cpu-shares -d 'CPU shares (relative weight)'
complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l cap-add -d 'Add Linux capabilities'
complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l cap-drop -d 'Drop Linux capabilities'
complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l cidfile -d 'Write the container ID to the file'
complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l cpuset -d 'CPUs in which to allow execution (0-3, 0,1)'
complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l device -d 'Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm)'
complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l dns -d 'Set custom DNS servers'
complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l dns-opt -d "Set custom DNS options (Use --dns-opt='' if you don't wish to set options)"
complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l dns-search -d "Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain)"
complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s e -l env -d 'Set environment variables'
complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l entrypoint -d 'Overwrite the default ENTRYPOINT of the image'
complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l env-file -d 'Read in a line delimited file of environment variables'
complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l expose -d 'Expose a port or a range of ports (e.g. --expose=3300-3310) from the container without publishing it to your host'
complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l group-add -d 'Add additional groups to run as'
complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s h -l hostname -d 'Container host name'
complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l help -d 'Print usage'
complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s i -l interactive -d 'Keep STDIN open even if not attached'
complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l ipc -d 'Default is to create a private IPC namespace (POSIX SysV IPC) for the container'
complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l link -d 'Add link to another container in the form of <name|id>:alias'
complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s m -l memory -d 'Memory limit (format: <number>[<unit>], where unit = b, k, m or g)'
complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l mac-address -d 'Container MAC address (e.g. 92:d0:c6:0a:29:33)'
complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l memory-swap -d "Total memory usage (memory + swap), set '-1' to disable swap (format: <number>[<unit>], where unit = b, k, m or g)"
complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l name -d 'Assign a name to the container'
complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l net -d 'Set the Network mode for the container'
complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s P -l publish-all -d 'Publish all exposed ports to random ports on the host interfaces'
complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s p -l publish -d "Publish a container's port to the host"
complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l pid -d 'Default is to create a private PID namespace for the container'
complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l privileged -d 'Give extended privileges to this container'
complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l read-only -d "Mount the container's root filesystem as read only"
complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l restart -d 'Restart policy to apply when a container exits (no, on-failure[:max-retry], always)'
complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l security-opt -d 'Security Options'
complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s t -l tty -d 'Allocate a pseudo-TTY'
complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s u -l user -d 'Username or UID'
complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s v -l volume -d 'Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container)'
complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l volumes-from -d 'Mount volumes from the specified container(s)'
complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s w -l workdir -d 'Working directory inside the container'
complete -c docker -A -f -n '__fish_seen_subcommand_from create' -a '(__fish_print_docker_images)' -d "Image"
# diff
complete -c docker -f -n '__fish_docker_no_subcommand' -a diff -d "Inspect changes on a container's filesystem"
complete -c docker -A -f -n '__fish_seen_subcommand_from diff' -l help -d 'Print usage'
complete -c docker -A -f -n '__fish_seen_subcommand_from diff' -a '(__fish_print_docker_containers all)' -d "Container"
# events
complete -c docker -f -n '__fish_docker_no_subcommand' -a events -d 'Get real time events from the server'
complete -c docker -A -f -n '__fish_seen_subcommand_from events' -s f -l filter -d "Provide filter values (i.e., 'event=stop')"
complete -c docker -A -f -n '__fish_seen_subcommand_from events' -l help -d 'Print usage'
complete -c docker -A -f -n '__fish_seen_subcommand_from events' -l since -d 'Show all events created since timestamp'
complete -c docker -A -f -n '__fish_seen_subcommand_from events' -l until -d 'Stream events until this timestamp'
# exec
complete -c docker -f -n '__fish_docker_no_subcommand' -a exec -d 'Run a command in a running container'
complete -c docker -A -f -n '__fish_seen_subcommand_from exec' -s d -l detach -d 'Detached mode: run command in the background'
complete -c docker -A -f -n '__fish_seen_subcommand_from exec' -l help -d 'Print usage'
complete -c docker -A -f -n '__fish_seen_subcommand_from exec' -s i -l interactive -d 'Keep STDIN open even if not attached'
complete -c docker -A -f -n '__fish_seen_subcommand_from exec' -s t -l tty -d 'Allocate a pseudo-TTY'
complete -c docker -A -f -n '__fish_seen_subcommand_from exec' -a '(__fish_print_docker_containers running)' -d "Container"
# export
complete -c docker -f -n '__fish_docker_no_subcommand' -a export -d 'Stream the contents of a container as a tar archive'
complete -c docker -A -f -n '__fish_seen_subcommand_from export' -l help -d 'Print usage'
complete -c docker -A -f -n '__fish_seen_subcommand_from export' -a '(__fish_print_docker_containers all)' -d "Container"
# history
complete -c docker -f -n '__fish_docker_no_subcommand' -a history -d 'Show the history of an image'
complete -c docker -A -f -n '__fish_seen_subcommand_from history' -l help -d 'Print usage'
complete -c docker -A -f -n '__fish_seen_subcommand_from history' -l no-trunc -d "Don't truncate output"
complete -c docker -A -f -n '__fish_seen_subcommand_from history' -s q -l quiet -d 'Only show numeric IDs'
complete -c docker -A -f -n '__fish_seen_subcommand_from history' -a '(__fish_print_docker_images)' -d "Image"
# images
complete -c docker -f -n '__fish_docker_no_subcommand' -a images -d 'List images'
complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s a -l all -d 'Show all images (by default filter out the intermediate image layers)'
complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s f -l filter -d "Provide filter values (i.e., 'dangling=true')"
complete -c docker -A -f -n '__fish_seen_subcommand_from images' -l help -d 'Print usage'
complete -c docker -A -f -n '__fish_seen_subcommand_from images' -l no-trunc -d "Don't truncate output"
complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s q -l quiet -d 'Only show numeric IDs'
complete -c docker -A -f -n '__fish_seen_subcommand_from images' -a '(__fish_print_docker_repositories)' -d "Repository"
# import
complete -c docker -f -n '__fish_docker_no_subcommand' -a import -d 'Create a new filesystem image from the contents of a tarball'
complete -c docker -A -f -n '__fish_seen_subcommand_from import' -l help -d 'Print usage'
# info
complete -c docker -f -n '__fish_docker_no_subcommand' -a info -d 'Display system-wide information'
# inspect
complete -c docker -f -n '__fish_docker_no_subcommand' -a inspect -d 'Return low-level information on a container or image'
complete -c docker -A -f -n '__fish_seen_subcommand_from inspect' -s f -l format -d 'Format the output using the given go template.'
complete -c docker -A -f -n '__fish_seen_subcommand_from inspect' -l help -d 'Print usage'
complete -c docker -A -f -n '__fish_seen_subcommand_from inspect' -s s -l size -d 'Display total file sizes if the type is container.'
complete -c docker -A -f -n '__fish_seen_subcommand_from inspect' -a '(__fish_print_docker_images)' -d "Image"
complete -c docker -A -f -n '__fish_seen_subcommand_from inspect' -a '(__fish_print_docker_containers all)' -d "Container"
# kill
complete -c docker -f -n '__fish_docker_no_subcommand' -a kill -d 'Kill a running container'
complete -c docker -A -f -n '__fish_seen_subcommand_from kill' -l help -d 'Print usage'
complete -c docker -A -f -n '__fish_seen_subcommand_from kill' -s s -l signal -d 'Signal to send to the container'
complete -c docker -A -f -n '__fish_seen_subcommand_from kill' -a '(__fish_print_docker_containers running)' -d "Container"
# load
complete -c docker -f -n '__fish_docker_no_subcommand' -a load -d 'Load a local image or a tar file'
complete -c docker -A -f -n '__fish_seen_subcommand_from load' -l help -d 'Print usage'
complete -c docker -A -f -n '__fish_seen_subcommand_from load' -s i -l input -d 'Read from a tar archive file, instead of STDIN'
# login
complete -c docker -f -n '__fish_docker_no_subcommand' -a login -d 'Register or log in to a Docker registry server'
complete -c docker -A -f -n '__fish_seen_subcommand_from login' -s e -l email -d 'Email'
complete -c docker -A -f -n '__fish_seen_subcommand_from login' -l help -d 'Print usage'
complete -c docker -A -f -n '__fish_seen_subcommand_from login' -s p -l password -d 'Password'
complete -c docker -A -f -n '__fish_seen_subcommand_from login' -s u -l username -d 'Username'
# logout
complete -c docker -f -n '__fish_docker_no_subcommand' -a logout -d 'Log out from a Docker registry server'
# logs
complete -c docker -f -n '__fish_docker_no_subcommand' -a logs -d 'Fetch the logs of a container'
complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -s f -l follow -d 'Follow log output'
complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -l help -d 'Print usage'
complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -s t -l timestamps -d 'Show timestamps'
complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -l since -d 'Show logs since timestamp'
complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -l tail -d 'Output the specified number of lines at the end of logs (defaults to all logs)'
complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -a '(__fish_print_docker_containers running)' -d "Container"
# port
complete -c docker -f -n '__fish_docker_no_subcommand' -a port -d 'Lookup the public-facing port that is NAT-ed to PRIVATE_PORT'
complete -c docker -A -f -n '__fish_seen_subcommand_from port' -l help -d 'Print usage'
complete -c docker -A -f -n '__fish_seen_subcommand_from port' -a '(__fish_print_docker_containers running)' -d "Container"
# pause
complete -c docker -f -n '__fish_docker_no_subcommand' -a pause -d 'Pause all processes within a container'
complete -c docker -A -f -n '__fish_seen_subcommand_from pause' -a '(__fish_print_docker_containers running)' -d "Container"
# ps
complete -c docker -f -n '__fish_docker_no_subcommand' -a ps -d 'List containers'
complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s a -l all -d 'Show all containers. Only running containers are shown by default.'
complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l before -d 'Show only container created before Id or Name, include non-running ones.'
complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s f -l filter -d 'Provide filter values. Valid filters:'
complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l help -d 'Print usage'
complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s l -l latest -d 'Show only the latest created container, include non-running ones.'
complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s n -d 'Show n last created containers, include non-running ones.'
complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l no-trunc -d "Don't truncate output"
complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s q -l quiet -d 'Only display numeric IDs'
complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s s -l size -d 'Display total file sizes'
complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l since -d 'Show only containers created since Id or Name, include non-running ones.'
# pull
complete -c docker -f -n '__fish_docker_no_subcommand' -a pull -d 'Pull an image or a repository from a Docker registry server'
complete -c docker -A -f -n '__fish_seen_subcommand_from pull' -s a -l all-tags -d 'Download all tagged images in the repository'
complete -c docker -A -f -n '__fish_seen_subcommand_from pull' -l help -d 'Print usage'
complete -c docker -A -f -n '__fish_seen_subcommand_from pull' -a '(__fish_print_docker_images)' -d "Image"
complete -c docker -A -f -n '__fish_seen_subcommand_from pull' -a '(__fish_print_docker_repositories)' -d "Repository"
# push
complete -c docker -f -n '__fish_docker_no_subcommand' -a push -d 'Push an image or a repository to a Docker registry server'
complete -c docker -A -f -n '__fish_seen_subcommand_from push' -l help -d 'Print usage'
complete -c docker -A -f -n '__fish_seen_subcommand_from push' -a '(__fish_print_docker_images)' -d "Image"
complete -c docker -A -f -n '__fish_seen_subcommand_from push' -a '(__fish_print_docker_repositories)' -d "Repository"
# rename
complete -c docker -f -n '__fish_docker_no_subcommand' -a rename -d 'Rename an existing container'
# restart
complete -c docker -f -n '__fish_docker_no_subcommand' -a restart -d 'Restart a container'
complete -c docker -A -f -n '__fish_seen_subcommand_from restart' -l help -d 'Print usage'
complete -c docker -A -f -n '__fish_seen_subcommand_from restart' -s t -l time -d 'Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default is 10 seconds.'
complete -c docker -A -f -n '__fish_seen_subcommand_from restart' -a '(__fish_print_docker_containers running)' -d "Container"
# rm
complete -c docker -f -n '__fish_docker_no_subcommand' -a rm -d 'Remove one or more containers'
complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -s f -l force -d 'Force the removal of a running container (uses SIGKILL)'
complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -l help -d 'Print usage'
complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -s l -l link -d 'Remove the specified link and not the underlying container'
complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -s v -l volumes -d 'Remove the volumes associated with the container'
complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -a '(__fish_print_docker_containers stopped)' -d "Container"
# rmi
complete -c docker -f -n '__fish_docker_no_subcommand' -a rmi -d 'Remove one or more images'
complete -c docker -A -f -n '__fish_seen_subcommand_from rmi' -s f -l force -d 'Force removal of the image'
complete -c docker -A -f -n '__fish_seen_subcommand_from rmi' -l help -d 'Print usage'
complete -c docker -A -f -n '__fish_seen_subcommand_from rmi' -l no-prune -d 'Do not delete untagged parents'
complete -c docker -A -f -n '__fish_seen_subcommand_from rmi' -a '(__fish_print_docker_images)' -d "Image"
# run
complete -c docker -f -n '__fish_docker_no_subcommand' -a run -d 'Run a command in a new container'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s a -l attach -d 'Attach to STDIN, STDOUT or STDERR.'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l add-host -d 'Add a custom host-to-IP mapping (host:ip)'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s c -l cpu-shares -d 'CPU shares (relative weight)'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l cap-add -d 'Add Linux capabilities'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l cap-drop -d 'Drop Linux capabilities'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l cidfile -d 'Write the container ID to the file'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l cpuset -d 'CPUs in which to allow execution (0-3, 0,1)'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s d -l detach -d 'Detached mode: run the container in the background and print the new container ID'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l device -d 'Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm)'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l dns -d 'Set custom DNS servers'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l dns-opt -d "Set custom DNS options (Use --dns-opt='' if you don't wish to set options)"
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l dns-search -d "Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain)"
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s e -l env -d 'Set environment variables'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l entrypoint -d 'Overwrite the default ENTRYPOINT of the image'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l env-file -d 'Read in a line delimited file of environment variables'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l expose -d 'Expose a port or a range of ports (e.g. --expose=3300-3310) from the container without publishing it to your host'
complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l group-add -d 'Add additional groups to run as'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s h -l hostname -d 'Container host name'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l help -d 'Print usage'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s i -l interactive -d 'Keep STDIN open even if not attached'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l ipc -d 'Default is to create a private IPC namespace (POSIX SysV IPC) for the container'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l link -d 'Add link to another container in the form of <name|id>:alias'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s m -l memory -d 'Memory limit (format: <number>[<unit>], where unit = b, k, m or g)'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l mac-address -d 'Container MAC address (e.g. 92:d0:c6:0a:29:33)'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l memory-swap -d "Total memory usage (memory + swap), set '-1' to disable swap (format: <number>[<unit>], where unit = b, k, m or g)"
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l name -d 'Assign a name to the container'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l net -d 'Set the Network mode for the container'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s P -l publish-all -d 'Publish all exposed ports to random ports on the host interfaces'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s p -l publish -d "Publish a container's port to the host"
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l pid -d 'Default is to create a private PID namespace for the container'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l privileged -d 'Give extended privileges to this container'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l read-only -d "Mount the container's root filesystem as read only"
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l restart -d 'Restart policy to apply when a container exits (no, on-failure[:max-retry], always)'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l rm -d 'Automatically remove the container when it exits (incompatible with -d)'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l security-opt -d 'Security Options'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l sig-proxy -d 'Proxy received signals to the process (non-TTY mode only). SIGCHLD, SIGSTOP, and SIGKILL are not proxied.'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l stop-signal -d 'Signal to kill a container'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s t -l tty -d 'Allocate a pseudo-TTY'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s u -l user -d 'Username or UID'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l tmpfs -d 'Mount tmpfs on a directory'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s v -l volume -d 'Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container)'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l volumes-from -d 'Mount volumes from the specified container(s)'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s w -l workdir -d 'Working directory inside the container'
complete -c docker -A -f -n '__fish_seen_subcommand_from run' -a '(__fish_print_docker_images)' -d "Image"
# save
complete -c docker -f -n '__fish_docker_no_subcommand' -a save -d 'Save an image to a tar archive'
complete -c docker -A -f -n '__fish_seen_subcommand_from save' -l help -d 'Print usage'
complete -c docker -A -f -n '__fish_seen_subcommand_from save' -s o -l output -d 'Write to an file, instead of STDOUT'
complete -c docker -A -f -n '__fish_seen_subcommand_from save' -a '(__fish_print_docker_images)' -d "Image"
# search
complete -c docker -f -n '__fish_docker_no_subcommand' -a search -d 'Search for an image on the registry (defaults to the Docker Hub)'
complete -c docker -A -f -n '__fish_seen_subcommand_from search' -l automated -d 'Only show automated builds'
complete -c docker -A -f -n '__fish_seen_subcommand_from search' -l help -d 'Print usage'
complete -c docker -A -f -n '__fish_seen_subcommand_from search' -l no-trunc -d "Don't truncate output"
complete -c docker -A -f -n '__fish_seen_subcommand_from search' -s s -l stars -d 'Only displays with at least x stars'
# start
complete -c docker -f -n '__fish_docker_no_subcommand' -a start -d 'Start a container'
complete -c docker -A -f -n '__fish_seen_subcommand_from start' -s a -l attach -d "Attach container's STDOUT and STDERR and forward all signals to the process"
complete -c docker -A -f -n '__fish_seen_subcommand_from start' -l help -d 'Print usage'
complete -c docker -A -f -n '__fish_seen_subcommand_from start' -s i -l interactive -d "Attach container's STDIN"
complete -c docker -A -f -n '__fish_seen_subcommand_from start' -a '(__fish_print_docker_containers stopped)' -d "Container"
# stats
complete -c docker -f -n '__fish_docker_no_subcommand' -a stats -d "Display a live stream of one or more containers' resource usage statistics"
complete -c docker -A -f -n '__fish_seen_subcommand_from stats' -l help -d 'Print usage'
complete -c docker -A -f -n '__fish_seen_subcommand_from stats' -l no-stream -d 'Disable streaming stats and only pull the first result'
complete -c docker -A -f -n '__fish_seen_subcommand_from stats' -a '(__fish_print_docker_containers running)' -d "Container"
# stop
complete -c docker -f -n '__fish_docker_no_subcommand' -a stop -d 'Stop a container'
complete -c docker -A -f -n '__fish_seen_subcommand_from stop' -l help -d 'Print usage'
complete -c docker -A -f -n '__fish_seen_subcommand_from stop' -s t -l time -d 'Number of seconds to wait for the container to stop before killing it. Default is 10 seconds.'
complete -c docker -A -f -n '__fish_seen_subcommand_from stop' -a '(__fish_print_docker_containers running)' -d "Container"
# tag
complete -c docker -f -n '__fish_docker_no_subcommand' -a tag -d 'Tag an image into a repository'
complete -c docker -A -f -n '__fish_seen_subcommand_from tag' -s f -l force -d 'Force'
complete -c docker -A -f -n '__fish_seen_subcommand_from tag' -l help -d 'Print usage'
# top
complete -c docker -f -n '__fish_docker_no_subcommand' -a top -d 'Lookup the running processes of a container'
complete -c docker -A -f -n '__fish_seen_subcommand_from top' -l help -d 'Print usage'
complete -c docker -A -f -n '__fish_seen_subcommand_from top' -a '(__fish_print_docker_containers running)' -d "Container"
# unpause
complete -c docker -f -n '__fish_docker_no_subcommand' -a unpause -d 'Unpause a paused container'
complete -c docker -A -f -n '__fish_seen_subcommand_from unpause' -a '(__fish_print_docker_containers running)' -d "Container"
# version
complete -c docker -f -n '__fish_docker_no_subcommand' -a version -d 'Show the Docker version information'
# wait
complete -c docker -f -n '__fish_docker_no_subcommand' -a wait -d 'Block until a container stops, then print its exit code'
complete -c docker -A -f -n '__fish_seen_subcommand_from wait' -l help -d 'Print usage'
complete -c docker -A -f -n '__fish_seen_subcommand_from wait' -a '(__fish_print_docker_containers running)' -d "Container"

179
vendor/github.com/hyperhq/hypercli/contrib/completion/powershell/posh-docker.psm1 generated vendored Normal file
View File

@@ -0,0 +1,179 @@
# Powershell completion for docker
### Prerequisite
# Docker.exe needs to be in your PATH.
# If the command is not found, you will need to add a docker alias or add the docker installation folder (e.g. `%ProgramFiles%\Docker Toolbox`) to your PATH environment variable.
### Installation (Latest stable)
# Windows 10 / Windows Server 2016:
# 1. Open a powershell prompt
# 2. Run `Install-Module -Scope CurrentUser posh-docker`
#
# Earlier Windows versions:
# 1. Install [PackageManagement PowerShell Modules Preview](https://www.microsoft.com/en-us/download/details.aspx?id=49186)
# 2. Open a powershell prompt
# 3. Run `Install-Module -Scope CurrentUser posh-docker`
### Installation (From source)
# Copy this file to the %userprofile%\Documents\WindowsPowerShell\Modules\posh-docker directory (create directories as needed)
### Usage
# After installation, execute the following line to enable autocompletion for the current powershell session:
#
# Import-Module posh-docker
#
# To make it persistent, add the above line to your profile. For example, run `notepad $PROFILE` and insert the line above.
$global:DockerCompletion = @{}
$script:flagRegex = "^ (-[^, =]+),? ?(--[^= ]+)?"
function script:Get-Containers($filter)
{
if ($filter -eq $null)
{
docker ps -a --no-trunc --format "{{.Names}}"
} else {
docker ps -a --no-trunc --format "{{.Names}}" --filter $filter
}
}
function script:Get-AutoCompleteResult
{
param([Parameter(ValueFromPipeline=$true)] $value)
Process
{
New-Object System.Management.Automation.CompletionResult $value
}
}
filter script:MatchingCommand($commandName)
{
if ($_.StartsWith($commandName))
{
$_
}
}
$completion_Docker = {
param($commandName, $commandAst, $cursorPosition)
$command = $null
$commandParameters = @{}
$state = "Unknown"
$wordToComplete = $commandAst.CommandElements | Where-Object { $_.ToString() -eq $commandName } | Foreach-Object { $commandAst.CommandElements.IndexOf($_) }
for ($i=1; $i -lt $commandAst.CommandElements.Count; $i++)
{
$p = $commandAst.CommandElements[$i].ToString()
if ($p.StartsWith("-"))
{
if ($state -eq "Unknown" -or $state -eq "Options")
{
$commandParameters[$i] = "Option"
$state = "Options"
}
else
{
$commandParameters[$i] = "CommandOption"
$state = "CommandOptions"
}
}
else
{
if ($state -ne "CommandOptions")
{
$commandParameters[$i] = "Command"
$command = $p
$state = "CommandOptions"
}
else
{
$commandParameters[$i] = "CommandOther"
}
}
}
if ($global:DockerCompletion.Count -eq 0)
{
$global:DockerCompletion["commands"] = @{}
$global:DockerCompletion["options"] = @()
docker --help | ForEach-Object {
Write-Output $_
if ($_ -match "^ (\w+)\s+(.+)")
{
$global:DockerCompletion["commands"][$Matches[1]] = @{}
$currentCommand = $global:DockerCompletion["commands"][$Matches[1]]
$currentCommand["options"] = @()
}
elseif ($_ -match $flagRegex)
{
$global:DockerCompletion["options"] += $Matches[1]
if ($Matches[2] -ne $null)
{
$global:DockerCompletion["options"] += $Matches[2]
}
}
}
}
if ($wordToComplete -eq $null)
{
$commandToComplete = "Command"
if ($commandParameters.Count -gt 0)
{
if ($commandParameters[$commandParameters.Count] -eq "Command")
{
$commandToComplete = "CommandOther"
}
}
} else {
$commandToComplete = $commandParameters[$wordToComplete]
}
switch ($commandToComplete)
{
"Command" { $global:DockerCompletion["commands"].Keys | MatchingCommand -Command $commandName | Sort-Object | Get-AutoCompleteResult }
"Option" { $global:DockerCompletion["options"] | MatchingCommand -Command $commandName | Sort-Object | Get-AutoCompleteResult }
"CommandOption" {
$options = $global:DockerCompletion["commands"][$command]["options"]
if ($options.Count -eq 0)
{
docker $command --help | % {
if ($_ -match $flagRegex)
{
$options += $Matches[1]
if ($Matches[2] -ne $null)
{
$options += $Matches[2]
}
}
}
}
$global:DockerCompletion["commands"][$command]["options"] = $options
$options | MatchingCommand -Command $commandName | Sort-Object | Get-AutoCompleteResult
}
"CommandOther" {
$filter = $null
switch ($command)
{
"start" { $filter = "status=exited" }
"stop" { $filter = "status=running" }
}
Get-Containers $filter | MatchingCommand -Command $commandName | Sort-Object | Get-AutoCompleteResult
}
default { $global:DockerCompletion["commands"].Keys | MatchingCommand -Command $commandName }
}
}
# Register the TabExpension2 function
if (-not $global:options) { $global:options = @{CustomArgumentCompleters = @{};NativeArgumentCompleters = @{}}}
$global:options['NativeArgumentCompleters']['docker'] = $Completion_Docker
$function:tabexpansion2 = $function:tabexpansion2 -replace 'End\r\n{','End { if ($null -ne $options) { $options += $global:options} else {$options = $global:options}'

2
vendor/github.com/hyperhq/hypercli/contrib/completion/zsh/REVIEWERS generated vendored Normal file
View File

@@ -0,0 +1,2 @@
Tianon Gravi <admwiggin@gmail.com> (@tianon)
Jessie Frazelle <jess@docker.com> (@jfrazelle)

1087
vendor/github.com/hyperhq/hypercli/contrib/completion/zsh/_docker generated vendored Normal file
View File

File diff suppressed because it is too large Load Diff

11
vendor/github.com/hyperhq/hypercli/contrib/desktop-integration/README.md generated vendored Normal file
View File

@@ -0,0 +1,11 @@
Desktop Integration
===================
The ./contrib/desktop-integration contains examples of typical dockerized
desktop applications.
Examples
========
* Chromium: ./chromium/Dockerfile shows a way to dockerize a common application
* Gparted: ./gparted/Dockerfile shows a way to dockerize a common application w devices

36
vendor/github.com/hyperhq/hypercli/contrib/desktop-integration/chromium/Dockerfile generated vendored Normal file
View File

@@ -0,0 +1,36 @@
# VERSION: 0.1
# DESCRIPTION: Create chromium container with its dependencies
# AUTHOR: Jessica Frazelle <jess@docker.com>
# COMMENTS:
# This file describes how to build a Chromium container with all
# dependencies installed. It uses native X11 unix socket.
# Tested on Debian Jessie
# USAGE:
# # Download Chromium Dockerfile
# wget http://raw.githubusercontent.com/docker/docker/master/contrib/desktop-integration/chromium/Dockerfile
#
# # Build chromium image
# docker build -t chromium .
#
# # Run stateful data-on-host chromium. For ephemeral, remove -v /data/chromium:/data
# docker run -v /data/chromium:/data -v /tmp/.X11-unix:/tmp/.X11-unix \
# -e DISPLAY=unix$DISPLAY chromium
# # To run stateful dockerized data containers
# docker run --volumes-from chromium-data -v /tmp/.X11-unix:/tmp/.X11-unix \
# -e DISPLAY=unix$DISPLAY chromium
# Base docker image
FROM debian:jessie
MAINTAINER Jessica Frazelle <jess@docker.com>
# Install Chromium
RUN apt-get update && apt-get install -y \
chromium \
chromium-l10n \
libcanberra-gtk-module \
libexif-dev \
--no-install-recommends
# Autorun chromium
CMD ["/usr/bin/chromium", "--no-sandbox", "--user-data-dir=/data"]

31
vendor/github.com/hyperhq/hypercli/contrib/desktop-integration/gparted/Dockerfile generated vendored Normal file
View File

@@ -0,0 +1,31 @@
# VERSION: 0.1
# DESCRIPTION: Create gparted container with its dependencies
# AUTHOR: Jessica Frazelle <jess@docker.com>
# COMMENTS:
# This file describes how to build a gparted container with all
# dependencies installed. It uses native X11 unix socket.
# Tested on Debian Jessie
# USAGE:
# # Download gparted Dockerfile
# wget http://raw.githubusercontent.com/docker/docker/master/contrib/desktop-integration/gparted/Dockerfile
#
# # Build gparted image
# docker build -t gparted .
#
# docker run -v /tmp/.X11-unix:/tmp/.X11-unix \
# --device=/dev/sda:/dev/sda \
# -e DISPLAY=unix$DISPLAY gparted
#
# Base docker image
FROM debian:jessie
MAINTAINER Jessica Frazelle <jess@docker.com>
# Install Gparted and its dependencies
RUN apt-get update && apt-get install -y \
gparted \
libcanberra-gtk-module \
--no-install-recommends
# Autorun gparted
CMD ["/usr/sbin/gparted"]

176
vendor/github.com/hyperhq/hypercli/contrib/docker-device-tool/device_tool.go generated vendored Normal file
View File

@@ -0,0 +1,176 @@
// +build !windows
package main
import (
"flag"
"fmt"
"os"
"path"
"sort"
"strconv"
"strings"
"github.com/Sirupsen/logrus"
"github.com/docker/docker/daemon/graphdriver/devmapper"
"github.com/docker/docker/pkg/devicemapper"
)
func usage() {
fmt.Fprintf(os.Stderr, "Usage: %s <flags> [status] | [list] | [device id] | [resize new-pool-size] | [snap new-id base-id] | [remove id] | [mount id mountpoint]\n", os.Args[0])
flag.PrintDefaults()
os.Exit(1)
}
func byteSizeFromString(arg string) (int64, error) {
digits := ""
rest := ""
last := strings.LastIndexAny(arg, "0123456789")
if last >= 0 {
digits = arg[:last+1]
rest = arg[last+1:]
}
val, err := strconv.ParseInt(digits, 10, 64)
if err != nil {
return val, err
}
rest = strings.ToLower(strings.TrimSpace(rest))
var multiplier int64 = 1
switch rest {
case "":
multiplier = 1
case "k", "kb":
multiplier = 1024
case "m", "mb":
multiplier = 1024 * 1024
case "g", "gb":
multiplier = 1024 * 1024 * 1024
case "t", "tb":
multiplier = 1024 * 1024 * 1024 * 1024
default:
return 0, fmt.Errorf("Unknown size unit: %s", rest)
}
return val * multiplier, nil
}
func main() {
root := flag.String("r", "/var/lib/docker", "Docker root dir")
flDebug := flag.Bool("D", false, "Debug mode")
flag.Parse()
if *flDebug {
os.Setenv("DEBUG", "1")
logrus.SetLevel(logrus.DebugLevel)
}
if flag.NArg() < 1 {
usage()
}
args := flag.Args()
home := path.Join(*root, "devicemapper")
devices, err := devmapper.NewDeviceSet(home, false, nil, nil, nil)
if err != nil {
fmt.Println("Can't initialize device mapper: ", err)
os.Exit(1)
}
switch args[0] {
case "status":
status := devices.Status()
fmt.Printf("Pool name: %s\n", status.PoolName)
fmt.Printf("Data Loopback file: %s\n", status.DataLoopback)
fmt.Printf("Metadata Loopback file: %s\n", status.MetadataLoopback)
fmt.Printf("Sector size: %d\n", status.SectorSize)
fmt.Printf("Data use: %d of %d (%.1f %%)\n", status.Data.Used, status.Data.Total, 100.0*float64(status.Data.Used)/float64(status.Data.Total))
fmt.Printf("Metadata use: %d of %d (%.1f %%)\n", status.Metadata.Used, status.Metadata.Total, 100.0*float64(status.Metadata.Used)/float64(status.Metadata.Total))
break
case "list":
ids := devices.List()
sort.Strings(ids)
for _, id := range ids {
fmt.Println(id)
}
break
case "device":
if flag.NArg() < 2 {
usage()
}
status, err := devices.GetDeviceStatus(args[1])
if err != nil {
fmt.Println("Can't get device info: ", err)
os.Exit(1)
}
fmt.Printf("Id: %d\n", status.DeviceID)
fmt.Printf("Size: %d\n", status.Size)
fmt.Printf("Transaction Id: %d\n", status.TransactionID)
fmt.Printf("Size in Sectors: %d\n", status.SizeInSectors)
fmt.Printf("Mapped Sectors: %d\n", status.MappedSectors)
fmt.Printf("Highest Mapped Sector: %d\n", status.HighestMappedSector)
break
case "resize":
if flag.NArg() < 2 {
usage()
}
size, err := byteSizeFromString(args[1])
if err != nil {
fmt.Println("Invalid size: ", err)
os.Exit(1)
}
err = devices.ResizePool(size)
if err != nil {
fmt.Println("Error resizing pool: ", err)
os.Exit(1)
}
break
case "snap":
if flag.NArg() < 3 {
usage()
}
err := devices.AddDevice(args[1], args[2])
if err != nil {
fmt.Println("Can't create snap device: ", err)
os.Exit(1)
}
break
case "remove":
if flag.NArg() < 2 {
usage()
}
err := devicemapper.RemoveDevice(args[1])
if err != nil {
fmt.Println("Can't remove device: ", err)
os.Exit(1)
}
break
case "mount":
if flag.NArg() < 3 {
usage()
}
err := devices.MountDevice(args[1], args[2], "")
if err != nil {
fmt.Println("Can't create snap device: ", err)
os.Exit(1)
}
break
default:
fmt.Printf("Unknown command %s\n", args[0])
usage()
os.Exit(1)
}
return
}

4
vendor/github.com/hyperhq/hypercli/contrib/docker-device-tool/device_tool_windows.go generated vendored Normal file
View File

@@ -0,0 +1,4 @@
package main
func main() {
}

340
vendor/github.com/hyperhq/hypercli/contrib/docker-engine-selinux/LICENSE generated vendored Normal file
View File

@@ -0,0 +1,340 @@
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Library General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Library General
Public License instead of this License.

16
vendor/github.com/hyperhq/hypercli/contrib/docker-engine-selinux/Makefile generated vendored Normal file
View File

@@ -0,0 +1,16 @@
TARGETS?=docker
MODULES?=${TARGETS:=.pp.bz2}
SHAREDIR?=/usr/share
all: ${TARGETS:=.pp.bz2}
%.pp.bz2: %.pp
@echo Compressing $^ -\> $@
bzip2 -9 $^
%.pp: %.te
make -f ${SHAREDIR}/selinux/devel/Makefile $@
clean:
rm -f *~ *.tc *.pp *.pp.bz2
rm -rf tmp *.tar.gz

20
vendor/github.com/hyperhq/hypercli/contrib/docker-engine-selinux/docker.fc generated vendored Normal file
View File

@@ -0,0 +1,20 @@
/root/\.docker gen_context(system_u:object_r:docker_home_t,s0)
/usr/bin/docker -- gen_context(system_u:object_r:docker_exec_t,s0)
/usr/lib/systemd/system/docker.service -- gen_context(system_u:object_r:docker_unit_file_t,s0)
/etc/docker(/.*)? gen_context(system_u:object_r:docker_config_t,s0)
/var/lib/docker(/.*)? gen_context(system_u:object_r:docker_var_lib_t,s0)
/var/lib/kublet(/.*)? gen_context(system_u:object_r:docker_var_lib_t,s0)
/var/lib/docker/vfs(/.*)? gen_context(system_u:object_r:svirt_sandbox_file_t,s0)
/var/run/docker\.pid -- gen_context(system_u:object_r:docker_var_run_t,s0)
/var/run/docker\.sock -s gen_context(system_u:object_r:docker_var_run_t,s0)
/var/run/docker-client(/.*)? gen_context(system_u:object_r:docker_var_run_t,s0)
/var/lib/docker/init(/.*)? gen_context(system_u:object_r:docker_share_t,s0)
/var/lib/docker/containers/.*/hosts gen_context(system_u:object_r:docker_share_t,s0)
/var/lib/docker/containers/.*/hostname gen_context(system_u:object_r:docker_share_t,s0)
/var/lib/docker/.*/config\.env gen_context(system_u:object_r:docker_share_t,s0)

461
vendor/github.com/hyperhq/hypercli/contrib/docker-engine-selinux/docker.if generated vendored Normal file
View File

@@ -0,0 +1,461 @@
## <summary>The open-source application container engine.</summary>
########################################
## <summary>
## Execute docker in the docker domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`docker_domtrans',`
gen_require(`
type docker_t, docker_exec_t;
')
corecmd_search_bin($1)
domtrans_pattern($1, docker_exec_t, docker_t)
')
########################################
## <summary>
## Execute docker in the caller domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`docker_exec',`
gen_require(`
type docker_exec_t;
')
corecmd_search_bin($1)
can_exec($1, docker_exec_t)
')
########################################
## <summary>
## Search docker lib directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`docker_search_lib',`
gen_require(`
type docker_var_lib_t;
')
allow $1 docker_var_lib_t:dir search_dir_perms;
files_search_var_lib($1)
')
########################################
## <summary>
## Execute docker lib directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`docker_exec_lib',`
gen_require(`
type docker_var_lib_t;
')
allow $1 docker_var_lib_t:dir search_dir_perms;
can_exec($1, docker_var_lib_t)
')
########################################
## <summary>
## Read docker lib files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`docker_read_lib_files',`
gen_require(`
type docker_var_lib_t;
')
files_search_var_lib($1)
read_files_pattern($1, docker_var_lib_t, docker_var_lib_t)
')
########################################
## <summary>
## Read docker share files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`docker_read_share_files',`
gen_require(`
type docker_share_t;
')
files_search_var_lib($1)
read_files_pattern($1, docker_share_t, docker_share_t)
')
########################################
## <summary>
## Manage docker lib files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`docker_manage_lib_files',`
gen_require(`
type docker_var_lib_t;
')
files_search_var_lib($1)
manage_files_pattern($1, docker_var_lib_t, docker_var_lib_t)
manage_lnk_files_pattern($1, docker_var_lib_t, docker_var_lib_t)
')
########################################
## <summary>
## Manage docker lib directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`docker_manage_lib_dirs',`
gen_require(`
type docker_var_lib_t;
')
files_search_var_lib($1)
manage_dirs_pattern($1, docker_var_lib_t, docker_var_lib_t)
')
########################################
## <summary>
## Create objects in a docker var lib directory
## with an automatic type transition to
## a specified private type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="private_type">
## <summary>
## The type of the object to create.
## </summary>
## </param>
## <param name="object_class">
## <summary>
## The class of the object to be created.
## </summary>
## </param>
## <param name="name" optional="true">
## <summary>
## The name of the object being created.
## </summary>
## </param>
#
interface(`docker_lib_filetrans',`
gen_require(`
type docker_var_lib_t;
')
filetrans_pattern($1, docker_var_lib_t, $2, $3, $4)
')
########################################
## <summary>
## Read docker PID files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`docker_read_pid_files',`
gen_require(`
type docker_var_run_t;
')
files_search_pids($1)
read_files_pattern($1, docker_var_run_t, docker_var_run_t)
')
########################################
## <summary>
## Execute docker server in the docker domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`docker_systemctl',`
gen_require(`
type docker_t;
type docker_unit_file_t;
')
systemd_exec_systemctl($1)
init_reload_services($1)
systemd_read_fifo_file_passwd_run($1)
allow $1 docker_unit_file_t:file read_file_perms;
allow $1 docker_unit_file_t:service manage_service_perms;
ps_process_pattern($1, docker_t)
')
########################################
## <summary>
## Read and write docker shared memory.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`docker_rw_sem',`
gen_require(`
type docker_t;
')
allow $1 docker_t:sem rw_sem_perms;
')
#######################################
## <summary>
## Read and write the docker pty type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`docker_use_ptys',`
gen_require(`
type docker_devpts_t;
')
allow $1 docker_devpts_t:chr_file rw_term_perms;
')
#######################################
## <summary>
## Allow domain to create docker content
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`docker_filetrans_named_content',`
gen_require(`
type docker_var_lib_t;
type docker_share_t;
type docker_log_t;
type docker_var_run_t;
type docker_home_t;
')
files_pid_filetrans($1, docker_var_run_t, file, "docker.pid")
files_pid_filetrans($1, docker_var_run_t, sock_file, "docker.sock")
files_pid_filetrans($1, docker_var_run_t, dir, "docker-client")
files_var_lib_filetrans($1, docker_var_lib_t, dir, "docker")
filetrans_pattern($1, docker_var_lib_t, docker_share_t, file, "config.env")
filetrans_pattern($1, docker_var_lib_t, docker_share_t, file, "hosts")
filetrans_pattern($1, docker_var_lib_t, docker_share_t, file, "hostname")
filetrans_pattern($1, docker_var_lib_t, docker_share_t, file, "resolv.conf")
filetrans_pattern($1, docker_var_lib_t, docker_share_t, dir, "init")
userdom_admin_home_dir_filetrans($1, docker_home_t, dir, ".docker")
')
########################################
## <summary>
## Connect to docker over a unix stream socket.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`docker_stream_connect',`
gen_require(`
type docker_t, docker_var_run_t;
')
files_search_pids($1)
stream_connect_pattern($1, docker_var_run_t, docker_var_run_t, docker_t)
')
########################################
## <summary>
## Connect to SPC containers over a unix stream socket.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`docker_spc_stream_connect',`
gen_require(`
type spc_t, spc_var_run_t;
')
files_search_pids($1)
files_write_all_pid_sockets($1)
allow $1 spc_t:unix_stream_socket connectto;
')
########################################
## <summary>
## All of the rules required to administrate
## an docker environment
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`docker_admin',`
gen_require(`
type docker_t;
type docker_var_lib_t, docker_var_run_t;
type docker_unit_file_t;
type docker_lock_t;
type docker_log_t;
type docker_config_t;
')
allow $1 docker_t:process { ptrace signal_perms };
ps_process_pattern($1, docker_t)
admin_pattern($1, docker_config_t)
files_search_var_lib($1)
admin_pattern($1, docker_var_lib_t)
files_search_pids($1)
admin_pattern($1, docker_var_run_t)
files_search_locks($1)
admin_pattern($1, docker_lock_t)
logging_search_logs($1)
admin_pattern($1, docker_log_t)
docker_systemctl($1)
admin_pattern($1, docker_unit_file_t)
allow $1 docker_unit_file_t:service all_service_perms;
optional_policy(`
systemd_passwd_agent_exec($1)
systemd_read_fifo_file_passwd_run($1)
')
')
interface(`domain_stub_named_filetrans_domain',`
gen_require(`
attribute named_filetrans_domain;
')
')
interface(`lvm_stub',`
gen_require(`
type lvm_t;
')
')
interface(`staff_stub',`
gen_require(`
type staff_t;
')
')
interface(`virt_stub_svirt_sandbox_domain',`
gen_require(`
attribute svirt_sandbox_domain;
')
')
interface(`virt_stub_svirt_sandbox_file',`
gen_require(`
type svirt_sandbox_file_t;
')
')
interface(`fs_dontaudit_remount_tmpfs',`
gen_require(`
type tmpfs_t;
')
dontaudit $1 tmpfs_t:filesystem remount;
')
interface(`dev_dontaudit_list_all_dev_nodes',`
gen_require(`
type device_t;
')
dontaudit $1 device_t:dir list_dir_perms;
')
interface(`kernel_unlabeled_entry_type',`
gen_require(`
type unlabeled_t;
')
domain_entry_file($1, unlabeled_t)
')
interface(`kernel_unlabeled_domtrans',`
gen_require(`
type unlabeled_t;
')
read_lnk_files_pattern($1, unlabeled_t, unlabeled_t)
domain_transition_pattern($1, unlabeled_t, $2)
type_transition $1 unlabeled_t:process $2;
')
interface(`files_write_all_pid_sockets',`
gen_require(`
attribute pidfile;
')
allow $1 pidfile:sock_file write_sock_file_perms;
')
interface(`dev_dontaudit_mounton_sysfs',`
gen_require(`
type sysfs_t;
')
dontaudit $1 sysfs_t:dir mounton;
')

407
vendor/github.com/hyperhq/hypercli/contrib/docker-engine-selinux/docker.te generated vendored Normal file
View File

@@ -0,0 +1,407 @@
policy_module(docker, 1.0.0)
########################################
#
# Declarations
#
## <desc>
## <p>
## Allow sandbox containers manage fuse files
## </p>
## </desc>
gen_tunable(virt_sandbox_use_fusefs, false)
## <desc>
## <p>
## Determine whether docker can
## connect to all TCP ports.
## </p>
## </desc>
gen_tunable(docker_connect_any, false)
type docker_t;
type docker_exec_t;
init_daemon_domain(docker_t, docker_exec_t)
domain_subj_id_change_exemption(docker_t)
domain_role_change_exemption(docker_t)
type spc_t;
domain_type(spc_t)
role system_r types spc_t;
type spc_var_run_t;
files_pid_file(spc_var_run_t)
type docker_var_lib_t;
files_type(docker_var_lib_t)
type docker_home_t;
userdom_user_home_content(docker_home_t)
type docker_config_t;
files_config_file(docker_config_t)
type docker_lock_t;
files_lock_file(docker_lock_t)
type docker_log_t;
logging_log_file(docker_log_t)
type docker_tmp_t;
files_tmp_file(docker_tmp_t)
type docker_tmpfs_t;
files_tmpfs_file(docker_tmpfs_t)
type docker_var_run_t;
files_pid_file(docker_var_run_t)
type docker_unit_file_t;
systemd_unit_file(docker_unit_file_t)
type docker_devpts_t;
term_pty(docker_devpts_t)
type docker_share_t;
files_type(docker_share_t)
########################################
#
# docker local policy
#
allow docker_t self:capability { chown kill fowner fsetid mknod net_admin net_bind_service net_raw setfcap };
allow docker_t self:tun_socket relabelto;
allow docker_t self:process { getattr signal_perms setrlimit setfscreate };
allow docker_t self:fifo_file rw_fifo_file_perms;
allow docker_t self:unix_stream_socket create_stream_socket_perms;
allow docker_t self:tcp_socket create_stream_socket_perms;
allow docker_t self:udp_socket create_socket_perms;
allow docker_t self:capability2 block_suspend;
manage_files_pattern(docker_t, docker_home_t, docker_home_t)
manage_dirs_pattern(docker_t, docker_home_t, docker_home_t)
manage_lnk_files_pattern(docker_t, docker_home_t, docker_home_t)
userdom_admin_home_dir_filetrans(docker_t, docker_home_t, dir, ".docker")
manage_dirs_pattern(docker_t, docker_config_t, docker_config_t)
manage_files_pattern(docker_t, docker_config_t, docker_config_t)
files_etc_filetrans(docker_t, docker_config_t, dir, "docker")
manage_dirs_pattern(docker_t, docker_lock_t, docker_lock_t)
manage_files_pattern(docker_t, docker_lock_t, docker_lock_t)
manage_dirs_pattern(docker_t, docker_log_t, docker_log_t)
manage_files_pattern(docker_t, docker_log_t, docker_log_t)
manage_lnk_files_pattern(docker_t, docker_log_t, docker_log_t)
logging_log_filetrans(docker_t, docker_log_t, { dir file lnk_file })
allow docker_t docker_log_t:dir_file_class_set { relabelfrom relabelto };
manage_dirs_pattern(docker_t, docker_tmp_t, docker_tmp_t)
manage_files_pattern(docker_t, docker_tmp_t, docker_tmp_t)
manage_lnk_files_pattern(docker_t, docker_tmp_t, docker_tmp_t)
files_tmp_filetrans(docker_t, docker_tmp_t, { dir file lnk_file })
manage_dirs_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
manage_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
manage_lnk_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
manage_fifo_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
manage_chr_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
manage_blk_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
allow docker_t docker_tmpfs_t:dir relabelfrom;
can_exec(docker_t, docker_tmpfs_t)
fs_tmpfs_filetrans(docker_t, docker_tmpfs_t, { dir file })
allow docker_t docker_tmpfs_t:chr_file mounton;
manage_dirs_pattern(docker_t, docker_share_t, docker_share_t)
manage_files_pattern(docker_t, docker_share_t, docker_share_t)
manage_lnk_files_pattern(docker_t, docker_share_t, docker_share_t)
allow docker_t docker_share_t:dir_file_class_set { relabelfrom relabelto };
can_exec(docker_t, docker_share_t)
#docker_filetrans_named_content(docker_t)
manage_dirs_pattern(docker_t, docker_var_lib_t, docker_var_lib_t)
manage_chr_files_pattern(docker_t, docker_var_lib_t, docker_var_lib_t)
manage_blk_files_pattern(docker_t, docker_var_lib_t, docker_var_lib_t)
manage_files_pattern(docker_t, docker_var_lib_t, docker_var_lib_t)
manage_lnk_files_pattern(docker_t, docker_var_lib_t, docker_var_lib_t)
allow docker_t docker_var_lib_t:dir_file_class_set { relabelfrom relabelto };
files_var_lib_filetrans(docker_t, docker_var_lib_t, { dir file lnk_file })
manage_dirs_pattern(docker_t, docker_var_run_t, docker_var_run_t)
manage_files_pattern(docker_t, docker_var_run_t, docker_var_run_t)
manage_sock_files_pattern(docker_t, docker_var_run_t, docker_var_run_t)
manage_lnk_files_pattern(docker_t, docker_var_run_t, docker_var_run_t)
files_pid_filetrans(docker_t, docker_var_run_t, { dir file lnk_file sock_file })
allow docker_t docker_devpts_t:chr_file { relabelfrom rw_chr_file_perms setattr_chr_file_perms };
term_create_pty(docker_t, docker_devpts_t)
kernel_read_system_state(docker_t)
kernel_read_network_state(docker_t)
kernel_read_all_sysctls(docker_t)
kernel_rw_net_sysctls(docker_t)
kernel_setsched(docker_t)
kernel_read_all_proc(docker_t)
domain_use_interactive_fds(docker_t)
domain_dontaudit_read_all_domains_state(docker_t)
corecmd_exec_bin(docker_t)
corecmd_exec_shell(docker_t)
corenet_tcp_bind_generic_node(docker_t)
corenet_tcp_sendrecv_generic_if(docker_t)
corenet_tcp_sendrecv_generic_node(docker_t)
corenet_tcp_sendrecv_generic_port(docker_t)
corenet_tcp_bind_all_ports(docker_t)
corenet_tcp_connect_http_port(docker_t)
corenet_tcp_connect_commplex_main_port(docker_t)
corenet_udp_sendrecv_generic_if(docker_t)
corenet_udp_sendrecv_generic_node(docker_t)
corenet_udp_sendrecv_all_ports(docker_t)
corenet_udp_bind_generic_node(docker_t)
corenet_udp_bind_all_ports(docker_t)
files_read_config_files(docker_t)
files_dontaudit_getattr_all_dirs(docker_t)
files_dontaudit_getattr_all_files(docker_t)
fs_read_cgroup_files(docker_t)
fs_read_tmpfs_symlinks(docker_t)
fs_search_all(docker_t)
fs_getattr_all_fs(docker_t)
storage_raw_rw_fixed_disk(docker_t)
auth_use_nsswitch(docker_t)
auth_dontaudit_getattr_shadow(docker_t)
init_read_state(docker_t)
init_status(docker_t)
logging_send_audit_msgs(docker_t)
logging_send_syslog_msg(docker_t)
miscfiles_read_localization(docker_t)
mount_domtrans(docker_t)
seutil_read_default_contexts(docker_t)
seutil_read_config(docker_t)
sysnet_dns_name_resolve(docker_t)
sysnet_exec_ifconfig(docker_t)
optional_policy(`
rpm_exec(docker_t)
rpm_read_db(docker_t)
rpm_exec(docker_t)
')
optional_policy(`
fstools_domtrans(docker_t)
')
optional_policy(`
iptables_domtrans(docker_t)
')
optional_policy(`
openvswitch_stream_connect(docker_t)
')
allow docker_t self:capability { dac_override setgid setpcap setuid sys_admin sys_boot sys_chroot sys_ptrace };
allow docker_t self:process { getcap setcap setexec setpgid setsched signal_perms };
allow docker_t self:netlink_route_socket rw_netlink_socket_perms;;
allow docker_t self:netlink_audit_socket create_netlink_socket_perms;
allow docker_t self:unix_dgram_socket { create_socket_perms sendto };
allow docker_t self:unix_stream_socket { create_stream_socket_perms connectto };
allow docker_t docker_var_lib_t:dir mounton;
allow docker_t docker_var_lib_t:chr_file mounton;
can_exec(docker_t, docker_var_lib_t)
kernel_dontaudit_setsched(docker_t)
kernel_get_sysvipc_info(docker_t)
kernel_request_load_module(docker_t)
kernel_mounton_messages(docker_t)
kernel_mounton_all_proc(docker_t)
kernel_mounton_all_sysctls(docker_t)
kernel_unlabeled_entry_type(spc_t)
kernel_unlabeled_domtrans(docker_t, spc_t)
dev_getattr_all(docker_t)
dev_getattr_sysfs_fs(docker_t)
dev_read_urand(docker_t)
dev_read_lvm_control(docker_t)
dev_rw_sysfs(docker_t)
dev_rw_loop_control(docker_t)
dev_rw_lvm_control(docker_t)
files_getattr_isid_type_dirs(docker_t)
files_manage_isid_type_dirs(docker_t)
files_manage_isid_type_files(docker_t)
files_manage_isid_type_symlinks(docker_t)
files_manage_isid_type_chr_files(docker_t)
files_manage_isid_type_blk_files(docker_t)
files_exec_isid_files(docker_t)
files_mounton_isid(docker_t)
files_mounton_non_security(docker_t)
files_mounton_isid_type_chr_file(docker_t)
fs_mount_all_fs(docker_t)
fs_unmount_all_fs(docker_t)
fs_remount_all_fs(docker_t)
files_mounton_isid(docker_t)
fs_manage_cgroup_dirs(docker_t)
fs_manage_cgroup_files(docker_t)
fs_relabelfrom_xattr_fs(docker_t)
fs_relabelfrom_tmpfs(docker_t)
fs_read_tmpfs_symlinks(docker_t)
fs_list_hugetlbfs(docker_t)
term_use_generic_ptys(docker_t)
term_use_ptmx(docker_t)
term_getattr_pty_fs(docker_t)
term_relabel_pty_fs(docker_t)
term_mounton_unallocated_ttys(docker_t)
modutils_domtrans_insmod(docker_t)
systemd_status_all_unit_files(docker_t)
systemd_start_systemd_services(docker_t)
userdom_stream_connect(docker_t)
userdom_search_user_home_content(docker_t)
userdom_read_all_users_state(docker_t)
userdom_relabel_user_home_files(docker_t)
userdom_relabel_user_tmp_files(docker_t)
userdom_relabel_user_tmp_dirs(docker_t)
optional_policy(`
gpm_getattr_gpmctl(docker_t)
')
optional_policy(`
dbus_system_bus_client(docker_t)
init_dbus_chat(docker_t)
init_start_transient_unit(docker_t)
optional_policy(`
systemd_dbus_chat_logind(docker_t)
')
optional_policy(`
firewalld_dbus_chat(docker_t)
')
')
optional_policy(`
udev_read_db(docker_t)
')
optional_policy(`
virt_read_config(docker_t)
virt_exec(docker_t)
virt_stream_connect(docker_t)
virt_stream_connect_sandbox(docker_t)
virt_exec_sandbox_files(docker_t)
virt_manage_sandbox_files(docker_t)
virt_relabel_sandbox_filesystem(docker_t)
virt_transition_svirt_sandbox(docker_t, system_r)
virt_mounton_sandbox_file(docker_t)
# virt_attach_sandbox_tun_iface(docker_t)
allow docker_t svirt_sandbox_domain:tun_socket relabelfrom;
')
tunable_policy(`docker_connect_any',`
corenet_tcp_connect_all_ports(docker_t)
corenet_sendrecv_all_packets(docker_t)
corenet_tcp_sendrecv_all_ports(docker_t)
')
########################################
#
# spc local policy
#
domain_entry_file(spc_t, docker_share_t)
domain_entry_file(spc_t, docker_var_lib_t)
role system_r types spc_t;
domain_entry_file(spc_t, docker_share_t)
domain_entry_file(spc_t, docker_var_lib_t)
domtrans_pattern(docker_t, docker_share_t, spc_t)
domtrans_pattern(docker_t, docker_var_lib_t, spc_t)
allow docker_t spc_t:process { setsched signal_perms };
ps_process_pattern(docker_t, spc_t)
allow docker_t spc_t:socket_class_set { relabelto relabelfrom };
optional_policy(`
dbus_chat_system_bus(spc_t)
')
optional_policy(`
unconfined_domain_noaudit(spc_t)
')
optional_policy(`
unconfined_domain(docker_t)
')
optional_policy(`
virt_transition_svirt_sandbox(spc_t, system_r)
')
########################################
#
# docker upstream policy
#
optional_policy(`
# domain_stub_named_filetrans_domain()
gen_require(`
attribute named_filetrans_domain;
')
docker_filetrans_named_content(named_filetrans_domain)
')
optional_policy(`
lvm_stub()
docker_rw_sem(lvm_t)
')
optional_policy(`
staff_stub()
docker_stream_connect(staff_t)
docker_exec(staff_t)
')
optional_policy(`
virt_stub_svirt_sandbox_domain()
virt_stub_svirt_sandbox_file()
allow svirt_sandbox_domain self:netlink_kobject_uevent_socket create_socket_perms;
docker_read_share_files(svirt_sandbox_domain)
docker_lib_filetrans(svirt_sandbox_domain,svirt_sandbox_file_t, sock_file)
docker_use_ptys(svirt_sandbox_domain)
docker_spc_stream_connect(svirt_sandbox_domain)
fs_list_tmpfs(svirt_sandbox_domain)
fs_rw_hugetlbfs_files(svirt_sandbox_domain)
fs_dontaudit_remount_tmpfs(svirt_sandbox_domain)
dev_dontaudit_mounton_sysfs(svirt_sandbox_domain)
tunable_policy(`virt_sandbox_use_fusefs',`
fs_manage_fusefs_dirs(svirt_sandbox_domain)
fs_manage_fusefs_files(svirt_sandbox_domain)
fs_manage_fusefs_symlinks(svirt_sandbox_domain)
')
gen_require(`
attribute domain;
')
dontaudit svirt_sandbox_domain domain:key {search link};
')

BIN
vendor/github.com/hyperhq/hypercli/contrib/docker-engine-selinux/docker_selinux.8.gz generated vendored Normal file
View File

Binary file not shown.

118
vendor/github.com/hyperhq/hypercli/contrib/dockerize-disk.sh generated vendored Executable file
View File

@@ -0,0 +1,118 @@
#!/usr/bin/env bash
set -e
if ! command -v qemu-nbd &> /dev/null; then
echo >&2 'error: "qemu-nbd" not found!'
exit 1
fi
usage() {
echo "Convert disk image to docker image"
echo ""
echo "usage: $0 image-name disk-image-file [ base-image ]"
echo " ie: $0 cirros:0.3.3 cirros-0.3.3-x86_64-disk.img"
echo " $0 ubuntu:cloud ubuntu-14.04-server-cloudimg-amd64-disk1.img ubuntu:14.04"
}
if [ "$#" -lt 2 ]; then
usage
exit 1
fi
CURDIR=$(pwd)
image_name="${1%:*}"
image_tag="${1#*:}"
if [ "$image_tag" == "$1" ]; then
image_tag="latest"
fi
disk_image_file="$2"
docker_base_image="$3"
block_device=/dev/nbd0
builddir=$(mktemp -d)
cleanup() {
umount "$builddir/disk_image" || true
umount "$builddir/workdir" || true
qemu-nbd -d $block_device &> /dev/null || true
rm -rf $builddir
}
trap cleanup EXIT
# Mount disk image
modprobe nbd max_part=63
qemu-nbd -rc ${block_device} -P 1 "$disk_image_file"
mkdir "$builddir/disk_image"
mount -o ro ${block_device} "$builddir/disk_image"
mkdir "$builddir/workdir"
mkdir "$builddir/diff"
base_image_mounts=""
# Unpack base image
if [ -n "$docker_base_image" ]; then
mkdir -p "$builddir/base"
docker pull "$docker_base_image"
docker save "$docker_base_image" | tar -xC "$builddir/base"
image_id=$(docker inspect -f "{{.Id}}" "$docker_base_image")
while [ -n "$image_id" ]; do
mkdir -p "$builddir/base/$image_id/layer"
tar -xf "$builddir/base/$image_id/layer.tar" -C "$builddir/base/$image_id/layer"
base_image_mounts="${base_image_mounts}:$builddir/base/$image_id/layer=ro+wh"
image_id=$(docker inspect -f "{{.Parent}}" "$image_id")
done
fi
# Mount work directory
mount -t aufs -o "br=$builddir/diff=rw${base_image_mounts},dio,xino=/dev/shm/aufs.xino" none "$builddir/workdir"
# Update files
cd $builddir
LC_ALL=C diff -rq disk_image workdir \
| sed -re "s|Only in workdir(.*?): |DEL \1/|g;s|Only in disk_image(.*?): |ADD \1/|g;s|Files disk_image/(.+) and workdir/(.+) differ|UPDATE /\1|g" \
| while read action entry; do
case "$action" in
ADD|UPDATE)
cp -a "disk_image$entry" "workdir$entry"
;;
DEL)
rm -rf "workdir$entry"
;;
*)
echo "Error: unknown diff line: $action $entry" >&2
;;
esac
done
# Pack new image
new_image_id="$(for i in $(seq 1 32); do printf "%02x" $(($RANDOM % 256)); done)"
mkdir -p $builddir/result/$new_image_id
cd diff
tar -cf $builddir/result/$new_image_id/layer.tar *
echo "1.0" > $builddir/result/$new_image_id/VERSION
cat > $builddir/result/$new_image_id/json <<-EOS
{ "docker_version": "1.4.1"
, "id": "$new_image_id"
, "created": "$(date -u +%Y-%m-%dT%H:%M:%S.%NZ)"
EOS
if [ -n "$docker_base_image" ]; then
image_id=$(docker inspect -f "{{.Id}}" "$docker_base_image")
echo ", \"parent\": \"$image_id\"" >> $builddir/result/$new_image_id/json
fi
echo "}" >> $builddir/result/$new_image_id/json
echo "{\"$image_name\":{\"$image_tag\":\"$new_image_id\"}}" > $builddir/result/repositories
cd $builddir/result
# mkdir -p $CURDIR/$image_name
# cp -r * $CURDIR/$image_name
tar -c * | docker load

108
vendor/github.com/hyperhq/hypercli/contrib/download-frozen-image-v1.sh generated vendored Executable file
View File

@@ -0,0 +1,108 @@
#!/bin/bash
set -e
# hello-world latest ef872312fe1b 3 months ago 910 B
# hello-world latest ef872312fe1bbc5e05aae626791a47ee9b032efa8f3bda39cc0be7b56bfe59b9 3 months ago 910 B
# debian latest f6fab3b798be 10 weeks ago 85.1 MB
# debian latest f6fab3b798be3174f45aa1eb731f8182705555f89c9026d8c1ef230cbf8301dd 10 weeks ago 85.1 MB
if ! command -v curl &> /dev/null; then
echo >&2 'error: "curl" not found!'
exit 1
fi
usage() {
echo "usage: $0 dir image[:tag][@image-id] ..."
echo " ie: $0 /tmp/hello-world hello-world"
echo " $0 /tmp/debian-jessie debian:jessie"
echo " $0 /tmp/old-hello-world hello-world@ef872312fe1bbc5e05aae626791a47ee9b032efa8f3bda39cc0be7b56bfe59b9"
echo " $0 /tmp/old-debian debian:latest@f6fab3b798be3174f45aa1eb731f8182705555f89c9026d8c1ef230cbf8301dd"
[ -z "$1" ] || exit "$1"
}
dir="$1" # dir for building tar in
shift || usage 1 >&2
[ $# -gt 0 -a "$dir" ] || usage 2 >&2
mkdir -p "$dir"
# hacky workarounds for Bash 3 support (no associative arrays)
images=()
rm -f "$dir"/tags-*.tmp
# repositories[busybox]='"latest": "...", "ubuntu-14.04": "..."'
while [ $# -gt 0 ]; do
imageTag="$1"
shift
image="${imageTag%%[:@]*}"
tag="${imageTag#*:}"
imageId="${tag##*@}"
[ "$imageId" != "$tag" ] || imageId=
[ "$tag" != "$imageTag" ] || tag='latest'
tag="${tag%@*}"
imageFile="${image//\//_}" # "/" can't be in filenames :)
token="$(curl -sSL -o /dev/null -D- -H 'X-Docker-Token: true' "https://index.docker.io/v1/repositories/$image/images" | tr -d '\r' | awk -F ': *' '$1 == "X-Docker-Token" { print $2 }')"
if [ -z "$imageId" ]; then
imageId="$(curl -sSL -H "Authorization: Token $token" "https://registry-1.docker.io/v1/repositories/$image/tags/$tag")"
imageId="${imageId//\"/}"
fi
ancestryJson="$(curl -sSL -H "Authorization: Token $token" "https://registry-1.docker.io/v1/images/$imageId/ancestry")"
if [ "${ancestryJson:0:1}" != '[' ]; then
echo >&2 "error: /v1/images/$imageId/ancestry returned something unexpected:"
echo >&2 " $ancestryJson"
exit 1
fi
IFS=','
ancestry=( ${ancestryJson//[\[\] \"]/} )
unset IFS
if [ -s "$dir/tags-$imageFile.tmp" ]; then
echo -n ', ' >> "$dir/tags-$imageFile.tmp"
else
images=( "${images[@]}" "$image" )
fi
echo -n '"'"$tag"'": "'"$imageId"'"' >> "$dir/tags-$imageFile.tmp"
echo "Downloading '$imageTag' (${#ancestry[@]} layers)..."
for imageId in "${ancestry[@]}"; do
mkdir -p "$dir/$imageId"
echo '1.0' > "$dir/$imageId/VERSION"
curl -sSL -H "Authorization: Token $token" "https://registry-1.docker.io/v1/images/$imageId/json" -o "$dir/$imageId/json"
# TODO figure out why "-C -" doesn't work here
# "curl: (33) HTTP server doesn't seem to support byte ranges. Cannot resume."
# "HTTP/1.1 416 Requested Range Not Satisfiable"
if [ -f "$dir/$imageId/layer.tar" ]; then
# TODO hackpatch for no -C support :'(
echo "skipping existing ${imageId:0:12}"
continue
fi
curl -SL --progress -H "Authorization: Token $token" "https://registry-1.docker.io/v1/images/$imageId/layer" -o "$dir/$imageId/layer.tar" # -C -
done
echo
done
echo -n '{' > "$dir/repositories"
firstImage=1
for image in "${images[@]}"; do
imageFile="${image//\//_}" # "/" can't be in filenames :)
[ "$firstImage" ] || echo -n ',' >> "$dir/repositories"
firstImage=
echo -n $'\n\t' >> "$dir/repositories"
echo -n '"'"$image"'": { '"$(cat "$dir/tags-$imageFile.tmp")"' }' >> "$dir/repositories"
done
echo -n $'\n}\n' >> "$dir/repositories"
rm -f "$dir"/tags-*.tmp
echo "Download of images into '$dir' complete."
echo "Use something like the following to load the result into a Docker daemon:"
echo " tar -cC '$dir' . | docker load"

120
vendor/github.com/hyperhq/hypercli/contrib/download-frozen-image-v2.sh generated vendored Executable file
View File

@@ -0,0 +1,120 @@
#!/bin/bash
set -e
# hello-world latest ef872312fe1b 3 months ago 910 B
# hello-world latest ef872312fe1bbc5e05aae626791a47ee9b032efa8f3bda39cc0be7b56bfe59b9 3 months ago 910 B
# debian latest f6fab3b798be 10 weeks ago 85.1 MB
# debian latest f6fab3b798be3174f45aa1eb731f8182705555f89c9026d8c1ef230cbf8301dd 10 weeks ago 85.1 MB
if ! command -v curl &> /dev/null; then
echo >&2 'error: "curl" not found!'
exit 1
fi
usage() {
echo "usage: $0 dir image[:tag][@digest] ..."
echo " $0 /tmp/old-hello-world hello-world:latest@sha256:8be990ef2aeb16dbcb9271ddfe2610fa6658d13f6dfb8bc72074cc1ca36966a7"
[ -z "$1" ] || exit "$1"
}
dir="$1" # dir for building tar in
shift || usage 1 >&2
[ $# -gt 0 -a "$dir" ] || usage 2 >&2
mkdir -p "$dir"
# hacky workarounds for Bash 3 support (no associative arrays)
images=()
rm -f "$dir"/tags-*.tmp
# repositories[busybox]='"latest": "...", "ubuntu-14.04": "..."'
while [ $# -gt 0 ]; do
imageTag="$1"
shift
image="${imageTag%%[:@]*}"
imageTag="${imageTag#*:}"
digest="${imageTag##*@}"
tag="${imageTag%%@*}"
# add prefix library if passed official image
if [[ "$image" != *"/"* ]]; then
image="library/$image"
fi
imageFile="${image//\//_}" # "/" can't be in filenames :)
token="$(curl -sSL "https://auth.docker.io/token?service=registry.docker.io&scope=repository:$image:pull" | jq --raw-output .token)"
manifestJson="$(curl -sSL -H "Authorization: Bearer $token" "https://registry-1.docker.io/v2/$image/manifests/$digest")"
if [ "${manifestJson:0:1}" != '{' ]; then
echo >&2 "error: /v2/$image/manifests/$digest returned something unexpected:"
echo >&2 " $manifestJson"
exit 1
fi
layersFs=$(echo "$manifestJson" | jq --raw-output '.fsLayers | .[] | .blobSum')
IFS=$'\n'
# bash v4 on Windows CI requires CRLF separator
if [ "$(go env GOHOSTOS)" = 'windows' ]; then
major=$(echo ${BASH_VERSION%%[^0.9]} | cut -d. -f1)
if [ "$major" -ge 4 ]; then
IFS=$'\r\n'
fi
fi
layers=( ${layersFs} )
unset IFS
history=$(echo "$manifestJson" | jq '.history | [.[] | .v1Compatibility]')
imageId=$(echo "$history" | jq --raw-output .[0] | jq --raw-output .id)
if [ -s "$dir/tags-$imageFile.tmp" ]; then
echo -n ', ' >> "$dir/tags-$imageFile.tmp"
else
images=( "${images[@]}" "$image" )
fi
echo -n '"'"$tag"'": "'"$imageId"'"' >> "$dir/tags-$imageFile.tmp"
echo "Downloading '${image}:${tag}@${digest}' (${#layers[@]} layers)..."
for i in "${!layers[@]}"; do
imageJson=$(echo "$history" | jq --raw-output .[${i}])
imageId=$(echo "$imageJson" | jq --raw-output .id)
imageLayer=${layers[$i]}
mkdir -p "$dir/$imageId"
echo '1.0' > "$dir/$imageId/VERSION"
echo "$imageJson" > "$dir/$imageId/json"
# TODO figure out why "-C -" doesn't work here
# "curl: (33) HTTP server doesn't seem to support byte ranges. Cannot resume."
# "HTTP/1.1 416 Requested Range Not Satisfiable"
if [ -f "$dir/$imageId/layer.tar" ]; then
# TODO hackpatch for no -C support :'(
echo "skipping existing ${imageId:0:12}"
continue
fi
curl -SL --progress -H "Authorization: Bearer $token" "https://registry-1.docker.io/v2/$image/blobs/$imageLayer" -o "$dir/$imageId/layer.tar" # -C -
done
echo
done
echo -n '{' > "$dir/repositories"
firstImage=1
for image in "${images[@]}"; do
imageFile="${image//\//_}" # "/" can't be in filenames :)
image="${image#library\/}"
[ "$firstImage" ] || echo -n ',' >> "$dir/repositories"
firstImage=
echo -n $'\n\t' >> "$dir/repositories"
echo -n '"'"$image"'": { '"$(cat "$dir/tags-$imageFile.tmp")"' }' >> "$dir/repositories"
done
echo -n $'\n}\n' >> "$dir/repositories"
rm -f "$dir"/tags-*.tmp
echo "Download of images into '$dir' complete."
echo "Use something like the following to load the result into a Docker daemon:"
echo " tar -cC '$dir' . | docker load"

4
vendor/github.com/hyperhq/hypercli/contrib/httpserver/Dockerfile generated vendored Normal file
View File

@@ -0,0 +1,4 @@
FROM busybox
EXPOSE 80/tcp
COPY httpserver .
CMD ["./httpserver"]

12
vendor/github.com/hyperhq/hypercli/contrib/httpserver/server.go generated vendored Normal file
View File

@@ -0,0 +1,12 @@
package main
import (
"log"
"net/http"
)
func main() {
fs := http.FileServer(http.Dir("/static"))
http.Handle("/", fs)
log.Panic(http.ListenAndServe(":80", nil))
}

13
vendor/github.com/hyperhq/hypercli/contrib/init/openrc/docker.confd generated vendored Normal file
View File

@@ -0,0 +1,13 @@
# /etc/conf.d/docker: config file for /etc/init.d/docker
# where the docker daemon output gets piped
#DOCKER_LOGFILE="/var/log/docker.log"
# where docker's pid get stored
#DOCKER_PIDFILE="/run/docker.pid"
# where the docker daemon itself is run from
#DOCKER_BINARY="/usr/bin/docker"
# any other random options you want to pass to docker
DOCKER_OPTS=""

19
vendor/github.com/hyperhq/hypercli/contrib/init/openrc/docker.initd generated vendored Normal file
View File

@@ -0,0 +1,19 @@
#!/sbin/openrc-run
# Copyright 1999-2013 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
command="${DOCKER_BINARY:-/usr/bin/docker}"
pidfile="${DOCKER_PIDFILE:-/run/${RC_SVCNAME}.pid}"
command_args="daemon -p \"${pidfile}\" ${DOCKER_OPTS}"
DOCKER_LOGFILE="${DOCKER_LOGFILE:-/var/log/${RC_SVCNAME}.log}"
start_stop_daemon_args="--background \
--stderr \"${DOCKER_LOGFILE}\" --stdout \"${DOCKER_LOGFILE}\""
start_pre() {
checkpath -f -m 0644 -o root:docker "$DOCKER_LOGFILE"
ulimit -n 1048576
ulimit -u 1048576
return 0
}

3
vendor/github.com/hyperhq/hypercli/contrib/init/systemd/REVIEWERS generated vendored Normal file
View File

@@ -0,0 +1,3 @@
Lokesh Mandvekar <lsm5@fedoraproject.org> (@lsm5)
Brandon Philips <brandon.philips@coreos.com> (@philips)
Jessie Frazelle <jess@docker.com> (@jfrazelle)

18
vendor/github.com/hyperhq/hypercli/contrib/init/systemd/docker.service generated vendored Normal file
View File

@@ -0,0 +1,18 @@
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network.target docker.socket
Requires=docker.socket
[Service]
Type=notify
ExecStart=/usr/bin/docker daemon -H fd://
MountFlags=slave
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity
TasksMax=1048576
TimeoutStartSec=0
[Install]
WantedBy=multi-user.target

12
vendor/github.com/hyperhq/hypercli/contrib/init/systemd/docker.socket generated vendored Normal file
View File

@@ -0,0 +1,12 @@
[Unit]
Description=Docker Socket for the API
PartOf=docker.service
[Socket]
ListenStream=/var/run/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
[Install]
WantedBy=sockets.target

149
vendor/github.com/hyperhq/hypercli/contrib/init/sysvinit-debian/docker generated vendored Executable file
View File

@@ -0,0 +1,149 @@
#!/bin/sh
set -e
### BEGIN INIT INFO
# Provides: docker
# Required-Start: $syslog $remote_fs
# Required-Stop: $syslog $remote_fs
# Should-Start: cgroupfs-mount cgroup-lite
# Should-Stop: cgroupfs-mount cgroup-lite
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Create lightweight, portable, self-sufficient containers.
# Description:
# Docker is an open-source project to easily create lightweight, portable,
# self-sufficient containers from any application. The same container that a
# developer builds and tests on a laptop can run at scale, in production, on
# VMs, bare metal, OpenStack clusters, public clouds and more.
### END INIT INFO
export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
BASE=docker
# modify these in /etc/default/$BASE (/etc/default/docker)
DOCKER=/usr/bin/$BASE
# This is the pid file managed by docker itself
DOCKER_PIDFILE=/var/run/$BASE.pid
# This is the pid file created/managed by start-stop-daemon
DOCKER_SSD_PIDFILE=/var/run/$BASE-ssd.pid
DOCKER_LOGFILE=/var/log/$BASE.log
DOCKER_OPTS=
DOCKER_DESC="Docker"
# Get lsb functions
. /lib/lsb/init-functions
if [ -f /etc/default/$BASE ]; then
. /etc/default/$BASE
fi
# Check docker is present
if [ ! -x $DOCKER ]; then
log_failure_msg "$DOCKER not present or not executable"
exit 1
fi
check_init() {
# see also init_is_upstart in /lib/lsb/init-functions (which isn't available in Ubuntu 12.04, or we'd use it directly)
if [ -x /sbin/initctl ] && /sbin/initctl version 2>/dev/null | grep -q upstart; then
log_failure_msg "$DOCKER_DESC is managed via upstart, try using service $BASE $1"
exit 1
fi
}
fail_unless_root() {
if [ "$(id -u)" != '0' ]; then
log_failure_msg "$DOCKER_DESC must be run as root"
exit 1
fi
}
cgroupfs_mount() {
# see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount
if grep -v '^#' /etc/fstab | grep -q cgroup \
|| [ ! -e /proc/cgroups ] \
|| [ ! -d /sys/fs/cgroup ]; then
return
fi
if ! mountpoint -q /sys/fs/cgroup; then
mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup
fi
(
cd /sys/fs/cgroup
for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do
mkdir -p $sys
if ! mountpoint -q $sys; then
if ! mount -n -t cgroup -o $sys cgroup $sys; then
rmdir $sys || true
fi
fi
done
)
}
case "$1" in
start)
check_init
fail_unless_root
cgroupfs_mount
touch "$DOCKER_LOGFILE"
chgrp docker "$DOCKER_LOGFILE"
ulimit -n 1048576
if [ "$BASH" ]; then
ulimit -u 1048576
else
ulimit -p 1048576
fi
log_begin_msg "Starting $DOCKER_DESC: $BASE"
start-stop-daemon --start --background \
--no-close \
--exec "$DOCKER" \
--pidfile "$DOCKER_SSD_PIDFILE" \
--make-pidfile \
-- \
daemon -p "$DOCKER_PIDFILE" \
$DOCKER_OPTS \
>> "$DOCKER_LOGFILE" 2>&1
log_end_msg $?
;;
stop)
check_init
fail_unless_root
log_begin_msg "Stopping $DOCKER_DESC: $BASE"
start-stop-daemon --stop --pidfile "$DOCKER_SSD_PIDFILE" --retry 10
log_end_msg $?
;;
restart)
check_init
fail_unless_root
docker_pid=`cat "$DOCKER_SSD_PIDFILE" 2>/dev/null`
[ -n "$docker_pid" ] \
&& ps -p $docker_pid > /dev/null 2>&1 \
&& $0 stop
$0 start
;;
force-reload)
check_init
fail_unless_root
$0 restart
;;
status)
check_init
status_of_proc -p "$DOCKER_SSD_PIDFILE" "$DOCKER" "$DOCKER_DESC"
;;
*)
echo "Usage: service docker {start|stop|restart|status}"
exit 1
;;
esac

20
vendor/github.com/hyperhq/hypercli/contrib/init/sysvinit-debian/docker.default generated vendored Normal file
View File

@@ -0,0 +1,20 @@
# Docker Upstart and SysVinit configuration file
#
# THIS FILE DOES NOT APPLY TO SYSTEMD
#
# Please see the documentation for "systemd drop-ins":
# https://docs.docker.com/engine/articles/systemd/
#
# Customize location of Docker binary (especially for development testing).
#DOCKER="/usr/local/bin/docker"
# Use DOCKER_OPTS to modify the daemon startup options.
#DOCKER_OPTS="--dns 8.8.8.8 --dns 8.8.4.4"
# If you need Docker to use an HTTP proxy, it can also be specified here.
#export http_proxy="http://127.0.0.1:3128/"
# This is also a handy place to tweak where Docker's temporary files go.
#export TMPDIR="/mnt/bigdrive/docker-tmp"

153
vendor/github.com/hyperhq/hypercli/contrib/init/sysvinit-redhat/docker generated vendored Executable file
View File

@@ -0,0 +1,153 @@
#!/bin/sh
#
# /etc/rc.d/init.d/docker
#
# Daemon for docker.com
#
# chkconfig: 2345 95 95
# description: Daemon for docker.com
### BEGIN INIT INFO
# Provides: docker
# Required-Start: $network cgconfig
# Required-Stop:
# Should-Start:
# Should-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: start and stop docker
# Description: Daemon for docker.com
### END INIT INFO
# Source function library.
. /etc/rc.d/init.d/functions
prog="docker"
unshare=/usr/bin/unshare
exec="/usr/bin/$prog"
pidfile="/var/run/$prog.pid"
lockfile="/var/lock/subsys/$prog"
logfile="/var/log/$prog"
[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
prestart() {
service cgconfig status > /dev/null
if [[ $? != 0 ]]; then
service cgconfig start
fi
}
start() {
if [ ! -x $exec ]; then
if [ ! -e $exec ]; then
echo "Docker executable $exec not found"
else
echo "You do not have permission to execute the Docker executable $exec"
fi
exit 5
fi
check_for_cleanup
if ! [ -f $pidfile ]; then
prestart
printf "Starting $prog:\t"
echo "\n$(date)\n" >> $logfile
"$unshare" -m -- $exec daemon $other_args >> $logfile 2>&1 &
pid=$!
touch $lockfile
# wait up to 10 seconds for the pidfile to exist. see
# https://github.com/docker/docker/issues/5359
tries=0
while [ ! -f $pidfile -a $tries -lt 10 ]; do
sleep 1
tries=$((tries + 1))
echo -n '.'
done
if [ ! -f $pidfile ]; then
failure
echo
exit 1
fi
success
echo
else
failure
echo
printf "$pidfile still exists...\n"
exit 7
fi
}
stop() {
echo -n $"Stopping $prog: "
killproc -p $pidfile -d 300 $prog
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
stop
start
}
reload() {
restart
}
force_reload() {
restart
}
rh_status() {
status -p $pidfile $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
check_for_cleanup() {
if [ -f ${pidfile} ]; then
/bin/ps -fp $(cat ${pidfile}) > /dev/null || rm ${pidfile}
fi
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
restart
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
exit 2
esac
exit $?

7
vendor/github.com/hyperhq/hypercli/contrib/init/sysvinit-redhat/docker.sysconfig generated vendored Normal file
View File

@@ -0,0 +1,7 @@
# /etc/sysconfig/docker
#
# Other arguments to pass to the docker daemon process
# These will be parsed by the sysv initscript and appended
# to the arguments list passed to docker daemon
other_args=""

2
vendor/github.com/hyperhq/hypercli/contrib/init/upstart/REVIEWERS generated vendored Normal file
View File

@@ -0,0 +1,2 @@
Tianon Gravi <admwiggin@gmail.com> (@tianon)
Jessie Frazelle <jess@docker.com> (@jfrazelle)

68
vendor/github.com/hyperhq/hypercli/contrib/init/upstart/docker.conf generated vendored Normal file
View File

@@ -0,0 +1,68 @@
description "Docker daemon"
start on (filesystem and net-device-up IFACE!=lo)
stop on runlevel [!2345]
limit nofile 524288 1048576
limit nproc 524288 1048576
respawn
kill timeout 20
pre-start script
# see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount
if grep -v '^#' /etc/fstab | grep -q cgroup \
|| [ ! -e /proc/cgroups ] \
|| [ ! -d /sys/fs/cgroup ]; then
exit 0
fi
if ! mountpoint -q /sys/fs/cgroup; then
mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup
fi
(
cd /sys/fs/cgroup
for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do
mkdir -p $sys
if ! mountpoint -q $sys; then
if ! mount -n -t cgroup -o $sys cgroup $sys; then
rmdir $sys || true
fi
fi
done
)
end script
script
# modify these in /etc/default/$UPSTART_JOB (/etc/default/docker)
DOCKER=/usr/bin/$UPSTART_JOB
DOCKER_OPTS=
if [ -f /etc/default/$UPSTART_JOB ]; then
. /etc/default/$UPSTART_JOB
fi
exec "$DOCKER" daemon $DOCKER_OPTS --raw-logs
end script
# Don't emit "started" event until docker.sock is ready.
# See https://github.com/docker/docker/issues/6647
post-start script
DOCKER_OPTS=
DOCKER_SOCKET=
if [ -f /etc/default/$UPSTART_JOB ]; then
. /etc/default/$UPSTART_JOB
fi
if ! printf "%s" "$DOCKER_OPTS" | grep -qE -e '-H|--host'; then
DOCKER_SOCKET=/var/run/docker.sock
else
DOCKER_SOCKET=$(printf "%s" "$DOCKER_OPTS" | grep -oP -e '(-H|--host)\W*unix://\K(\S+)')
fi
if [ -n "$DOCKER_SOCKET" ]; then
while ! [ -e "$DOCKER_SOCKET" ]; do
initctl status $UPSTART_JOB | grep -qE "(stop|respawn)/" && exit 1
echo "Waiting for $DOCKER_SOCKET"
sleep 0.1
done
echo "$DOCKER_SOCKET is up"
fi
end script

87
vendor/github.com/hyperhq/hypercli/contrib/mkimage-alpine.sh generated vendored Executable file
View File

@@ -0,0 +1,87 @@
#!/bin/sh
set -e
[ $(id -u) -eq 0 ] || {
printf >&2 '%s requires root\n' "$0"
exit 1
}
usage() {
printf >&2 '%s: [-r release] [-m mirror] [-s] [-c additional repository]\n' "$0"
exit 1
}
tmp() {
TMP=$(mktemp -d ${TMPDIR:-/var/tmp}/alpine-docker-XXXXXXXXXX)
ROOTFS=$(mktemp -d ${TMPDIR:-/var/tmp}/alpine-docker-rootfs-XXXXXXXXXX)
trap "rm -rf $TMP $ROOTFS" EXIT TERM INT
}
apkv() {
curl -sSL $MAINREPO/$ARCH/APKINDEX.tar.gz | tar -Oxz |
grep --text '^P:apk-tools-static$' -A1 | tail -n1 | cut -d: -f2
}
getapk() {
curl -sSL $MAINREPO/$ARCH/apk-tools-static-$(apkv).apk |
tar -xz -C $TMP sbin/apk.static
}
mkbase() {
$TMP/sbin/apk.static --repository $MAINREPO --update-cache --allow-untrusted \
--root $ROOTFS --initdb add alpine-base
}
conf() {
printf '%s\n' $MAINREPO > $ROOTFS/etc/apk/repositories
printf '%s\n' $ADDITIONALREPO >> $ROOTFS/etc/apk/repositories
}
pack() {
local id
id=$(tar --numeric-owner -C $ROOTFS -c . | docker import - alpine:$REL)
docker tag $id alpine:latest
docker run -i -t --rm alpine printf 'alpine:%s with id=%s created!\n' $REL $id
}
save() {
[ $SAVE -eq 1 ] || return
tar --numeric-owner -C $ROOTFS -c . | xz > rootfs.tar.xz
}
while getopts "hr:m:s" opt; do
case $opt in
r)
REL=$OPTARG
;;
m)
MIRROR=$OPTARG
;;
s)
SAVE=1
;;
c)
ADDITIONALREPO=community
;;
*)
usage
;;
esac
done
REL=${REL:-edge}
MIRROR=${MIRROR:-http://nl.alpinelinux.org/alpine}
SAVE=${SAVE:-0}
MAINREPO=$MIRROR/$REL/main
ADDITIONALREPO=$MIRROR/$REL/community
ARCH=${ARCH:-$(uname -m)}
tmp
getapk
mkbase
conf
pack
save

92
vendor/github.com/hyperhq/hypercli/contrib/mkimage-arch-pacman.conf generated vendored Normal file
View File

@@ -0,0 +1,92 @@
#
# /etc/pacman.conf
#
# See the pacman.conf(5) manpage for option and repository directives
#
# GENERAL OPTIONS
#
[options]
# The following paths are commented out with their default values listed.
# If you wish to use different paths, uncomment and update the paths.
#RootDir = /
#DBPath = /var/lib/pacman/
#CacheDir = /var/cache/pacman/pkg/
#LogFile = /var/log/pacman.log
#GPGDir = /etc/pacman.d/gnupg/
HoldPkg = pacman glibc
#XferCommand = /usr/bin/curl -C - -f %u > %o
#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
#UseDelta = 0.7
Architecture = auto
# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
#IgnorePkg =
#IgnoreGroup =
#NoUpgrade =
#NoExtract =
# Misc options
#UseSyslog
#Color
#TotalDownload
# We cannot check disk space from within a chroot environment
#CheckSpace
#VerbosePkgLists
# By default, pacman accepts packages signed by keys that its local keyring
# trusts (see pacman-key and its man page), as well as unsigned packages.
SigLevel = Required DatabaseOptional
LocalFileSigLevel = Optional
#RemoteFileSigLevel = Required
# NOTE: You must run `pacman-key --init` before first using pacman; the local
# keyring can then be populated with the keys of all official Arch Linux
# packagers with `pacman-key --populate archlinux`.
#
# REPOSITORIES
# - can be defined here or included from another file
# - pacman will search repositories in the order defined here
# - local/custom mirrors can be added here or in separate files
# - repositories listed first will take precedence when packages
# have identical names, regardless of version number
# - URLs will have $repo replaced by the name of the current repo
# - URLs will have $arch replaced by the name of the architecture
#
# Repository entries are of the format:
# [repo-name]
# Server = ServerName
# Include = IncludePath
#
# The header [repo-name] is crucial - it must be present and
# uncommented to enable the repo.
#
# The testing repositories are disabled by default. To enable, uncomment the
# repo name header and Include lines. You can add preferred servers immediately
# after the header, and they will be used before the default mirrors.
#[testing]
#Include = /etc/pacman.d/mirrorlist
[core]
Include = /etc/pacman.d/mirrorlist
[extra]
Include = /etc/pacman.d/mirrorlist
#[community-testing]
#Include = /etc/pacman.d/mirrorlist
[community]
Include = /etc/pacman.d/mirrorlist
# An example of a custom package repository. See the pacman manpage for
# tips on creating your own repositories.
#[custom]
#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs

122
vendor/github.com/hyperhq/hypercli/contrib/mkimage-arch.sh generated vendored Executable file
View File

@@ -0,0 +1,122 @@
#!/usr/bin/env bash
# Generate a minimal filesystem for archlinux and load it into the local
# docker as "archlinux"
# requires root
set -e
hash pacstrap &>/dev/null || {
echo "Could not find pacstrap. Run pacman -S arch-install-scripts"
exit 1
}
hash expect &>/dev/null || {
echo "Could not find expect. Run pacman -S expect"
exit 1
}
export LANG="C.UTF-8"
ROOTFS=$(mktemp -d ${TMPDIR:-/var/tmp}/rootfs-archlinux-XXXXXXXXXX)
chmod 755 $ROOTFS
# packages to ignore for space savings
PKGIGNORE=(
cryptsetup
device-mapper
dhcpcd
iproute2
jfsutils
linux
lvm2
man-db
man-pages
mdadm
nano
netctl
openresolv
pciutils
pcmciautils
reiserfsprogs
s-nail
systemd-sysvcompat
usbutils
vi
xfsprogs
)
IFS=','
PKGIGNORE="${PKGIGNORE[*]}"
unset IFS
case "$(uname -m)" in
armv*)
if pacman -Q archlinuxarm-keyring >/dev/null 2>&1; then
pacman-key --init
pacman-key --populate archlinuxarm
else
echo "Could not find archlinuxarm-keyring. Please, install it and run pacman-key --populate archlinuxarm"
exit 1
fi
PACMAN_CONF='./mkimage-archarm-pacman.conf'
PACMAN_MIRRORLIST='Server = http://mirror.archlinuxarm.org/$arch/$repo'
PACMAN_EXTRA_PKGS='archlinuxarm-keyring'
EXPECT_TIMEOUT=120
ARCH_KEYRING=archlinuxarm
DOCKER_IMAGE_NAME=archlinuxarm
;;
*)
PACMAN_CONF='./mkimage-arch-pacman.conf'
PACMAN_MIRRORLIST='Server = https://mirrors.kernel.org/archlinux/$repo/os/$arch'
PACMAN_EXTRA_PKGS=''
EXPECT_TIMEOUT=60
ARCH_KEYRING=archlinux
DOCKER_IMAGE_NAME=archlinux
;;
esac
export PACMAN_MIRRORLIST
expect <<EOF
set send_slow {1 .1}
proc send {ignore arg} {
sleep .1
exp_send -s -- \$arg
}
set timeout $EXPECT_TIMEOUT
spawn pacstrap -C $PACMAN_CONF -c -d -G -i $ROOTFS base haveged $PACMAN_EXTRA_PKGS --ignore $PKGIGNORE
expect {
-exact "anyway? \[Y/n\] " { send -- "n\r"; exp_continue }
-exact "(default=all): " { send -- "\r"; exp_continue }
-exact "installation? \[Y/n\]" { send -- "y\r"; exp_continue }
}
EOF
arch-chroot $ROOTFS /bin/sh -c 'rm -r /usr/share/man/*'
arch-chroot $ROOTFS /bin/sh -c "haveged -w 1024; pacman-key --init; pkill haveged; pacman -Rs --noconfirm haveged; pacman-key --populate $ARCH_KEYRING; pkill gpg-agent"
arch-chroot $ROOTFS /bin/sh -c "ln -s /usr/share/zoneinfo/UTC /etc/localtime"
echo 'en_US.UTF-8 UTF-8' > $ROOTFS/etc/locale.gen
arch-chroot $ROOTFS locale-gen
arch-chroot $ROOTFS /bin/sh -c 'echo $PACMAN_MIRRORLIST > /etc/pacman.d/mirrorlist'
# udev doesn't work in containers, rebuild /dev
DEV=$ROOTFS/dev
rm -rf $DEV
mkdir -p $DEV
mknod -m 666 $DEV/null c 1 3
mknod -m 666 $DEV/zero c 1 5
mknod -m 666 $DEV/random c 1 8
mknod -m 666 $DEV/urandom c 1 9
mkdir -m 755 $DEV/pts
mkdir -m 1777 $DEV/shm
mknod -m 666 $DEV/tty c 5 0
mknod -m 600 $DEV/console c 5 1
mknod -m 666 $DEV/tty0 c 4 0
mknod -m 666 $DEV/full c 1 7
mknod -m 600 $DEV/initctl p
mknod -m 666 $DEV/ptmx c 5 2
ln -sf /proc/self/fd $DEV/fd
tar --numeric-owner --xattrs --acls -C $ROOTFS -c . | docker import - $DOCKER_IMAGE_NAME
docker run --rm -t $DOCKER_IMAGE_NAME echo Success.
rm -rf $ROOTFS

98
vendor/github.com/hyperhq/hypercli/contrib/mkimage-archarm-pacman.conf generated vendored Normal file
View File

@@ -0,0 +1,98 @@
#
# /etc/pacman.conf
#
# See the pacman.conf(5) manpage for option and repository directives
#
# GENERAL OPTIONS
#
[options]
# The following paths are commented out with their default values listed.
# If you wish to use different paths, uncomment and update the paths.
#RootDir = /
#DBPath = /var/lib/pacman/
#CacheDir = /var/cache/pacman/pkg/
#LogFile = /var/log/pacman.log
#GPGDir = /etc/pacman.d/gnupg/
HoldPkg = pacman glibc
#XferCommand = /usr/bin/curl -C - -f %u > %o
#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
#UseDelta = 0.7
Architecture = armv7h
# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
#IgnorePkg =
#IgnoreGroup =
#NoUpgrade =
#NoExtract =
# Misc options
#UseSyslog
#Color
#TotalDownload
# We cannot check disk space from within a chroot environment
#CheckSpace
#VerbosePkgLists
# By default, pacman accepts packages signed by keys that its local keyring
# trusts (see pacman-key and its man page), as well as unsigned packages.
SigLevel = Required DatabaseOptional
LocalFileSigLevel = Optional
#RemoteFileSigLevel = Required
# NOTE: You must run `pacman-key --init` before first using pacman; the local
# keyring can then be populated with the keys of all official Arch Linux
# packagers with `pacman-key --populate archlinux`.
#
# REPOSITORIES
# - can be defined here or included from another file
# - pacman will search repositories in the order defined here
# - local/custom mirrors can be added here or in separate files
# - repositories listed first will take precedence when packages
# have identical names, regardless of version number
# - URLs will have $repo replaced by the name of the current repo
# - URLs will have $arch replaced by the name of the architecture
#
# Repository entries are of the format:
# [repo-name]
# Server = ServerName
# Include = IncludePath
#
# The header [repo-name] is crucial - it must be present and
# uncommented to enable the repo.
#
# The testing repositories are disabled by default. To enable, uncomment the
# repo name header and Include lines. You can add preferred servers immediately
# after the header, and they will be used before the default mirrors.
#[testing]
#Include = /etc/pacman.d/mirrorlist
[core]
Include = /etc/pacman.d/mirrorlist
[extra]
Include = /etc/pacman.d/mirrorlist
#[community-testing]
#Include = /etc/pacman.d/mirrorlist
[community]
Include = /etc/pacman.d/mirrorlist
[alarm]
Include = /etc/pacman.d/mirrorlist
[aur]
Include = /etc/pacman.d/mirrorlist
# An example of a custom package repository. See the pacman manpage for
# tips on creating your own repositories.
#[custom]
#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs

43
vendor/github.com/hyperhq/hypercli/contrib/mkimage-busybox.sh generated vendored Executable file
View File

@@ -0,0 +1,43 @@
#!/usr/bin/env bash
# Generate a very minimal filesystem based on busybox-static,
# and load it into the local docker under the name "busybox".
echo >&2
echo >&2 'warning: this script is deprecated - see mkimage.sh and mkimage/busybox-static'
echo >&2
BUSYBOX=$(which busybox)
[ "$BUSYBOX" ] || {
echo "Sorry, I could not locate busybox."
echo "Try 'apt-get install busybox-static'?"
exit 1
}
set -e
ROOTFS=${TMPDIR:-/var/tmp}/rootfs-busybox-$$-$RANDOM
mkdir $ROOTFS
cd $ROOTFS
mkdir bin etc dev dev/pts lib proc sys tmp
touch etc/resolv.conf
cp /etc/nsswitch.conf etc/nsswitch.conf
echo root:x:0:0:root:/:/bin/sh > etc/passwd
echo root:x:0: > etc/group
ln -s lib lib64
ln -s bin sbin
cp $BUSYBOX bin
for X in $(busybox --list)
do
ln -s busybox bin/$X
done
rm bin/init
ln bin/busybox bin/init
cp /lib/x86_64-linux-gnu/lib{pthread,c,dl,nsl,nss_*}.so.* lib
cp /lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 lib
for X in console null ptmx random stdin stdout stderr tty urandom zero
do
cp -a /dev/$X dev
done
tar --numeric-owner -cf- . | docker import - busybox
docker run -i -u root busybox /bin/echo Success.

75
vendor/github.com/hyperhq/hypercli/contrib/mkimage-crux.sh generated vendored Executable file
View File

@@ -0,0 +1,75 @@
#!/usr/bin/env bash
# Generate a minimal filesystem for CRUX/Linux and load it into the local
# docker as "cruxlinux"
# requires root and the crux iso (http://crux.nu)
set -e
die () {
echo >&2 "$@"
exit 1
}
[ "$#" -eq 1 ] || die "1 argument(s) required, $# provided. Usage: ./mkimage-crux.sh /path/to/iso"
ISO=${1}
ROOTFS=$(mktemp -d ${TMPDIR:-/var/tmp}/rootfs-crux-XXXXXXXXXX)
CRUX=$(mktemp -d ${TMPDIR:-/var/tmp}/crux-XXXXXXXXXX)
TMP=$(mktemp -d ${TMPDIR:-/var/tmp}/XXXXXXXXXX)
VERSION=$(basename --suffix=.iso $ISO | sed 's/[^0-9.]*\([0-9.]*\).*/\1/')
# Mount the ISO
mount -o ro,loop $ISO $CRUX
# Extract pkgutils
tar -C $TMP -xf $CRUX/tools/pkgutils#*.pkg.tar.gz
# Put pkgadd in the $PATH
export PATH="$TMP/usr/bin:$PATH"
# Install core packages
mkdir -p $ROOTFS/var/lib/pkg
touch $ROOTFS/var/lib/pkg/db
for pkg in $CRUX/crux/core/*; do
pkgadd -r $ROOTFS $pkg
done
# Remove agetty and inittab config
if (grep agetty ${ROOTFS}/etc/inittab 2>&1 > /dev/null); then
echo "Removing agetty from /etc/inittab ..."
chroot ${ROOTFS} sed -i -e "/agetty/d" /etc/inittab
chroot ${ROOTFS} sed -i -e "/shutdown/d" /etc/inittab
chroot ${ROOTFS} sed -i -e "/^$/N;/^\n$/d" /etc/inittab
fi
# Remove kernel source
rm -rf $ROOTFS/usr/src/*
# udev doesn't work in containers, rebuild /dev
DEV=$ROOTFS/dev
rm -rf $DEV
mkdir -p $DEV
mknod -m 666 $DEV/null c 1 3
mknod -m 666 $DEV/zero c 1 5
mknod -m 666 $DEV/random c 1 8
mknod -m 666 $DEV/urandom c 1 9
mkdir -m 755 $DEV/pts
mkdir -m 1777 $DEV/shm
mknod -m 666 $DEV/tty c 5 0
mknod -m 600 $DEV/console c 5 1
mknod -m 666 $DEV/tty0 c 4 0
mknod -m 666 $DEV/full c 1 7
mknod -m 600 $DEV/initctl p
mknod -m 666 $DEV/ptmx c 5 2
IMAGE_ID=$(tar --numeric-owner -C $ROOTFS -c . | docker import - crux:$VERSION)
docker tag $IMAGE_ID crux:latest
docker run -i -t crux echo Success.
# Cleanup
umount $CRUX
rm -rf $ROOTFS
rm -rf $CRUX
rm -rf $TMP

297
vendor/github.com/hyperhq/hypercli/contrib/mkimage-debootstrap.sh generated vendored Executable file
View File

@@ -0,0 +1,297 @@
#!/usr/bin/env bash
set -e
echo >&2
echo >&2 'warning: this script is deprecated - see mkimage.sh and mkimage/debootstrap'
echo >&2
variant='minbase'
include='iproute,iputils-ping'
arch='amd64' # intentionally undocumented for now
skipDetection=
strictDebootstrap=
justTar=
usage() {
echo >&2
echo >&2 "usage: $0 [options] repo suite [mirror]"
echo >&2
echo >&2 'options: (not recommended)'
echo >&2 " -p set an http_proxy for debootstrap"
echo >&2 " -v $variant # change default debootstrap variant"
echo >&2 " -i $include # change default package includes"
echo >&2 " -d # strict debootstrap (do not apply any docker-specific tweaks)"
echo >&2 " -s # skip version detection and tagging (ie, precise also tagged as 12.04)"
echo >&2 " # note that this will also skip adding universe and/or security/updates to sources.list"
echo >&2 " -t # just create a tarball, especially for dockerbrew (uses repo as tarball name)"
echo >&2
echo >&2 " ie: $0 username/debian squeeze"
echo >&2 " $0 username/debian squeeze http://ftp.uk.debian.org/debian/"
echo >&2
echo >&2 " ie: $0 username/ubuntu precise"
echo >&2 " $0 username/ubuntu precise http://mirrors.melbourne.co.uk/ubuntu/"
echo >&2
echo >&2 " ie: $0 -t precise.tar.bz2 precise"
echo >&2 " $0 -t wheezy.tgz wheezy"
echo >&2 " $0 -t wheezy-uk.tar.xz wheezy http://ftp.uk.debian.org/debian/"
echo >&2
}
# these should match the names found at http://www.debian.org/releases/
debianStable=wheezy
debianUnstable=sid
# this should match the name found at http://releases.ubuntu.com/
ubuntuLatestLTS=trusty
# this should match the name found at http://releases.tanglu.org/
tangluLatest=aequorea
while getopts v:i:a:p:dst name; do
case "$name" in
p)
http_proxy="$OPTARG"
;;
v)
variant="$OPTARG"
;;
i)
include="$OPTARG"
;;
a)
arch="$OPTARG"
;;
d)
strictDebootstrap=1
;;
s)
skipDetection=1
;;
t)
justTar=1
;;
?)
usage
exit 0
;;
esac
done
shift $(($OPTIND - 1))
repo="$1"
suite="$2"
mirror="${3:-}" # stick to the default debootstrap mirror if one is not provided
if [ ! "$repo" ] || [ ! "$suite" ]; then
usage
exit 1
fi
# some rudimentary detection for whether we need to "sudo" our docker calls
docker=''
if docker version > /dev/null 2>&1; then
docker='docker'
elif sudo docker version > /dev/null 2>&1; then
docker='sudo docker'
elif command -v docker > /dev/null 2>&1; then
docker='docker'
else
echo >&2 "warning: either docker isn't installed, or your current user cannot run it;"
echo >&2 " this script is not likely to work as expected"
sleep 3
docker='docker' # give us a command-not-found later
fi
# make sure we have an absolute path to our final tarball so we can still reference it properly after we change directory
if [ "$justTar" ]; then
if [ ! -d "$(dirname "$repo")" ]; then
echo >&2 "error: $(dirname "$repo") does not exist"
exit 1
fi
repo="$(cd "$(dirname "$repo")" && pwd -P)/$(basename "$repo")"
fi
# will be filled in later, if [ -z "$skipDetection" ]
lsbDist=''
target="${TMPDIR:-/var/tmp}/docker-rootfs-debootstrap-$suite-$$-$RANDOM"
cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
returnTo="$(pwd -P)"
if [ "$suite" = 'lucid' ]; then
# lucid fails and doesn't include gpgv in minbase; "apt-get update" fails
include+=',gpgv'
fi
set -x
# bootstrap
mkdir -p "$target"
sudo http_proxy=$http_proxy debootstrap --verbose --variant="$variant" --include="$include" --arch="$arch" "$suite" "$target" "$mirror"
cd "$target"
if [ -z "$strictDebootstrap" ]; then
# prevent init scripts from running during install/update
# policy-rc.d (for most scripts)
echo $'#!/bin/sh\nexit 101' | sudo tee usr/sbin/policy-rc.d > /dev/null
sudo chmod +x usr/sbin/policy-rc.d
# initctl (for some pesky upstart scripts)
sudo chroot . dpkg-divert --local --rename --add /sbin/initctl
sudo ln -sf /bin/true sbin/initctl
# see https://github.com/docker/docker/issues/446#issuecomment-16953173
# shrink the image, since apt makes us fat (wheezy: ~157.5MB vs ~120MB)
sudo chroot . apt-get clean
if strings usr/bin/dpkg | grep -q unsafe-io; then
# while we're at it, apt is unnecessarily slow inside containers
# this forces dpkg not to call sync() after package extraction and speeds up install
# the benefit is huge on spinning disks, and the penalty is nonexistent on SSD or decent server virtualization
echo 'force-unsafe-io' | sudo tee etc/dpkg/dpkg.cfg.d/02apt-speedup > /dev/null
# we have this wrapped up in an "if" because the "force-unsafe-io"
# option was added in dpkg 1.15.8.6
# (see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584254#82),
# and ubuntu lucid/10.04 only has 1.15.5.6
fi
# we want to effectively run "apt-get clean" after every install to keep images small (see output of "apt-get clean -s" for context)
{
aptGetClean='"rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true";'
echo "DPkg::Post-Invoke { ${aptGetClean} };"
echo "APT::Update::Post-Invoke { ${aptGetClean} };"
echo 'Dir::Cache::pkgcache ""; Dir::Cache::srcpkgcache "";'
} | sudo tee etc/apt/apt.conf.d/no-cache > /dev/null
# and remove the translations, too
echo 'Acquire::Languages "none";' | sudo tee etc/apt/apt.conf.d/no-languages > /dev/null
# helpful undo lines for each the above tweaks (for lack of a better home to keep track of them):
# rm /usr/sbin/policy-rc.d
# rm /sbin/initctl; dpkg-divert --rename --remove /sbin/initctl
# rm /etc/dpkg/dpkg.cfg.d/02apt-speedup
# rm /etc/apt/apt.conf.d/no-cache
# rm /etc/apt/apt.conf.d/no-languages
if [ -z "$skipDetection" ]; then
# see also rudimentary platform detection in hack/install.sh
lsbDist=''
if [ -r etc/lsb-release ]; then
lsbDist="$(. etc/lsb-release && echo "$DISTRIB_ID")"
fi
if [ -z "$lsbDist" ] && [ -r etc/debian_version ]; then
lsbDist='Debian'
fi
case "$lsbDist" in
Debian)
# add the updates and security repositories
if [ "$suite" != "$debianUnstable" -a "$suite" != 'unstable' ]; then
# ${suite}-updates only applies to non-unstable
sudo sed -i "p; s/ $suite main$/ ${suite}-updates main/" etc/apt/sources.list
# same for security updates
echo "deb http://security.debian.org/ $suite/updates main" | sudo tee -a etc/apt/sources.list > /dev/null
fi
;;
Ubuntu)
# add the universe, updates, and security repositories
sudo sed -i "
s/ $suite main$/ $suite main universe/; p;
s/ $suite main/ ${suite}-updates main/; p;
s/ $suite-updates main/ ${suite}-security main/
" etc/apt/sources.list
;;
Tanglu)
# add the updates repository
if [ "$suite" = "$tangluLatest" ]; then
# ${suite}-updates only applies to stable Tanglu versions
sudo sed -i "p; s/ $suite main$/ ${suite}-updates main/" etc/apt/sources.list
fi
;;
SteamOS)
# add contrib and non-free
sudo sed -i "s/ $suite main$/ $suite main contrib non-free/" etc/apt/sources.list
;;
esac
fi
# make sure our packages lists are as up to date as we can get them
sudo chroot . apt-get update
sudo chroot . apt-get dist-upgrade -y
fi
if [ "$justTar" ]; then
# create the tarball file so it has the right permissions (ie, not root)
touch "$repo"
# fill the tarball
sudo tar --numeric-owner -caf "$repo" .
else
# create the image (and tag $repo:$suite)
sudo tar --numeric-owner -c . | $docker import - $repo:$suite
# test the image
$docker run -i -t $repo:$suite echo success
if [ -z "$skipDetection" ]; then
case "$lsbDist" in
Debian)
if [ "$suite" = "$debianStable" -o "$suite" = 'stable' ] && [ -r etc/debian_version ]; then
# tag latest
$docker tag $repo:$suite $repo:latest
if [ -r etc/debian_version ]; then
# tag the specific debian release version (which is only reasonable to tag on debian stable)
ver=$(cat etc/debian_version)
$docker tag $repo:$suite $repo:$ver
fi
fi
;;
Ubuntu)
if [ "$suite" = "$ubuntuLatestLTS" ]; then
# tag latest
$docker tag $repo:$suite $repo:latest
fi
if [ -r etc/lsb-release ]; then
lsbRelease="$(. etc/lsb-release && echo "$DISTRIB_RELEASE")"
if [ "$lsbRelease" ]; then
# tag specific Ubuntu version number, if available (12.04, etc.)
$docker tag $repo:$suite $repo:$lsbRelease
fi
fi
;;
Tanglu)
if [ "$suite" = "$tangluLatest" ]; then
# tag latest
$docker tag $repo:$suite $repo:latest
fi
if [ -r etc/lsb-release ]; then
lsbRelease="$(. etc/lsb-release && echo "$DISTRIB_RELEASE")"
if [ "$lsbRelease" ]; then
# tag specific Tanglu version number, if available (1.0, 2.0, etc.)
$docker tag $repo:$suite $repo:$lsbRelease
fi
fi
;;
SteamOS)
if [ -r etc/lsb-release ]; then
lsbRelease="$(. etc/lsb-release && echo "$DISTRIB_RELEASE")"
if [ "$lsbRelease" ]; then
# tag specific SteamOS version number, if available (1.0, 2.0, etc.)
$docker tag $repo:$suite $repo:$lsbRelease
fi
fi
;;
esac
fi
fi
# cleanup
cd "$returnTo"
sudo rm -rf "$target"

123
vendor/github.com/hyperhq/hypercli/contrib/mkimage-rinse.sh generated vendored Executable file
View File

@@ -0,0 +1,123 @@
#!/usr/bin/env bash
#
# Create a base CentOS Docker image.
# This script is useful on systems with rinse available (e.g.,
# building a CentOS image on Debian). See contrib/mkimage-yum.sh for
# a way to build CentOS images on systems with yum installed.
set -e
echo >&2
echo >&2 'warning: this script is deprecated - see mkimage.sh and mkimage/rinse'
echo >&2
repo="$1"
distro="$2"
mirror="$3"
if [ ! "$repo" ] || [ ! "$distro" ]; then
self="$(basename $0)"
echo >&2 "usage: $self repo distro [mirror]"
echo >&2
echo >&2 " ie: $self username/centos centos-5"
echo >&2 " $self username/centos centos-6"
echo >&2
echo >&2 " ie: $self username/slc slc-5"
echo >&2 " $self username/slc slc-6"
echo >&2
echo >&2 " ie: $self username/centos centos-5 http://vault.centos.org/5.8/os/x86_64/CentOS/"
echo >&2 " $self username/centos centos-6 http://vault.centos.org/6.3/os/x86_64/Packages/"
echo >&2
echo >&2 'See /etc/rinse for supported values of "distro" and for examples of'
echo >&2 ' expected values of "mirror".'
echo >&2
echo >&2 'This script is tested to work with the original upstream version of rinse,'
echo >&2 ' found at http://www.steve.org.uk/Software/rinse/ and also in Debian at'
echo >&2 ' http://packages.debian.org/wheezy/rinse -- as always, YMMV.'
echo >&2
exit 1
fi
target="${TMPDIR:-/var/tmp}/docker-rootfs-rinse-$distro-$$-$RANDOM"
cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
returnTo="$(pwd -P)"
rinseArgs=( --arch amd64 --distribution "$distro" --directory "$target" )
if [ "$mirror" ]; then
rinseArgs+=( --mirror "$mirror" )
fi
set -x
mkdir -p "$target"
sudo rinse "${rinseArgs[@]}"
cd "$target"
# rinse fails a little at setting up /dev, so we'll just wipe it out and create our own
sudo rm -rf dev
sudo mkdir -m 755 dev
(
cd dev
sudo ln -sf /proc/self/fd ./
sudo mkdir -m 755 pts
sudo mkdir -m 1777 shm
sudo mknod -m 600 console c 5 1
sudo mknod -m 600 initctl p
sudo mknod -m 666 full c 1 7
sudo mknod -m 666 null c 1 3
sudo mknod -m 666 ptmx c 5 2
sudo mknod -m 666 random c 1 8
sudo mknod -m 666 tty c 5 0
sudo mknod -m 666 tty0 c 4 0
sudo mknod -m 666 urandom c 1 9
sudo mknod -m 666 zero c 1 5
)
# effectively: febootstrap-minimize --keep-zoneinfo --keep-rpmdb --keep-services "$target"
# locales
sudo rm -rf usr/{{lib,share}/locale,{lib,lib64}/gconv,bin/localedef,sbin/build-locale-archive}
# docs and man pages
sudo rm -rf usr/share/{man,doc,info,gnome/help}
# cracklib
sudo rm -rf usr/share/cracklib
# i18n
sudo rm -rf usr/share/i18n
# yum cache
sudo rm -rf var/cache/yum
sudo mkdir -p --mode=0755 var/cache/yum
# sln
sudo rm -rf sbin/sln
# ldconfig
#sudo rm -rf sbin/ldconfig
sudo rm -rf etc/ld.so.cache var/cache/ldconfig
sudo mkdir -p --mode=0755 var/cache/ldconfig
# allow networking init scripts inside the container to work without extra steps
echo 'NETWORKING=yes' | sudo tee etc/sysconfig/network > /dev/null
# to restore locales later:
# yum reinstall glibc-common
version=
if [ -r etc/redhat-release ]; then
version="$(sed -E 's/^[^0-9.]*([0-9.]+).*$/\1/' etc/redhat-release)"
elif [ -r etc/SuSE-release ]; then
version="$(awk '/^VERSION/ { print $3 }' etc/SuSE-release)"
fi
if [ -z "$version" ]; then
echo >&2 "warning: cannot autodetect OS version, using $distro as tag"
sleep 20
version="$distro"
fi
sudo tar --numeric-owner -c . | docker import - $repo:$version
docker run -i -t $repo:$version echo success
cd "$returnTo"
sudo rm -rf "$target"

134
vendor/github.com/hyperhq/hypercli/contrib/mkimage-yum.sh generated vendored Executable file
View File

@@ -0,0 +1,134 @@
#!/usr/bin/env bash
#
# Create a base CentOS Docker image.
#
# This script is useful on systems with yum installed (e.g., building
# a CentOS image on CentOS). See contrib/mkimage-rinse.sh for a way
# to build CentOS images on other systems.
usage() {
cat <<EOOPTS
$(basename $0) [OPTIONS] <name>
OPTIONS:
-p "<packages>" The list of packages to install in the container.
The default is blank.
-g "<groups>" The groups of packages to install in the container.
The default is "Core".
-y <yumconf> The path to the yum config to install packages from. The
default is /etc/yum.conf for Centos/RHEL and /etc/dnf/dnf.conf for Fedora
EOOPTS
exit 1
}
# option defaults
yum_config=/etc/yum.conf
if [ -f /etc/dnf/dnf.conf ] && command -v dnf &> /dev/null; then
yum_config=/etc/dnf/dnf.conf
alias yum=dnf
fi
install_groups="Core"
while getopts ":y:p:g:h" opt; do
case $opt in
y)
yum_config=$OPTARG
;;
h)
usage
;;
p)
install_packages="$OPTARG"
;;
g)
install_groups="$OPTARG"
;;
\?)
echo "Invalid option: -$OPTARG"
usage
;;
esac
done
shift $((OPTIND - 1))
name=$1
if [[ -z $name ]]; then
usage
fi
target=$(mktemp -d --tmpdir $(basename $0).XXXXXX)
set -x
mkdir -m 755 "$target"/dev
mknod -m 600 "$target"/dev/console c 5 1
mknod -m 600 "$target"/dev/initctl p
mknod -m 666 "$target"/dev/full c 1 7
mknod -m 666 "$target"/dev/null c 1 3
mknod -m 666 "$target"/dev/ptmx c 5 2
mknod -m 666 "$target"/dev/random c 1 8
mknod -m 666 "$target"/dev/tty c 5 0
mknod -m 666 "$target"/dev/tty0 c 4 0
mknod -m 666 "$target"/dev/urandom c 1 9
mknod -m 666 "$target"/dev/zero c 1 5
# amazon linux yum will fail without vars set
if [ -d /etc/yum/vars ]; then
mkdir -p -m 755 "$target"/etc/yum
cp -a /etc/yum/vars "$target"/etc/yum/
fi
if [[ -n "$install_groups" ]];
then
yum -c "$yum_config" --installroot="$target" --releasever=/ --setopt=tsflags=nodocs \
--setopt=group_package_types=mandatory -y groupinstall $install_groups
fi
if [[ -n "$install_packages" ]];
then
yum -c "$yum_config" --installroot="$target" --releasever=/ --setopt=tsflags=nodocs \
--setopt=group_package_types=mandatory -y install $install_packages
fi
yum -c "$yum_config" --installroot="$target" -y clean all
cat > "$target"/etc/sysconfig/network <<EOF
NETWORKING=yes
HOSTNAME=localhost.localdomain
EOF
# effectively: febootstrap-minimize --keep-zoneinfo --keep-rpmdb --keep-services "$target".
# locales
rm -rf "$target"/usr/{{lib,share}/locale,{lib,lib64}/gconv,bin/localedef,sbin/build-locale-archive}
# docs and man pages
rm -rf "$target"/usr/share/{man,doc,info,gnome/help}
# cracklib
rm -rf "$target"/usr/share/cracklib
# i18n
rm -rf "$target"/usr/share/i18n
# yum cache
rm -rf "$target"/var/cache/yum
mkdir -p --mode=0755 "$target"/var/cache/yum
# sln
rm -rf "$target"/sbin/sln
# ldconfig
rm -rf "$target"/etc/ld.so.cache "$target"/var/cache/ldconfig
mkdir -p --mode=0755 "$target"/var/cache/ldconfig
version=
for file in "$target"/etc/{redhat,system}-release
do
if [ -r "$file" ]; then
version="$(sed 's/^[^0-9\]*\([0-9.]\+\).*$/\1/' "$file")"
break
fi
done
if [ -z "$version" ]; then
echo >&2 "warning: cannot autodetect OS version, using '$name' as tag"
version=$name
fi
tar --numeric-owner -c -C "$target" . | docker import - $name:$version
docker run -i -t --rm $name:$version /bin/bash -c 'echo success'
rm -rf "$target"

117
vendor/github.com/hyperhq/hypercli/contrib/mkimage.sh generated vendored Executable file
View File

@@ -0,0 +1,117 @@
#!/usr/bin/env bash
set -e
mkimg="$(basename "$0")"
usage() {
echo >&2 "usage: $mkimg [-d dir] [-t tag] [--compression algo| --no-compression] script [script-args]"
echo >&2 " ie: $mkimg -t someuser/debian debootstrap --variant=minbase jessie"
echo >&2 " $mkimg -t someuser/ubuntu debootstrap --include=ubuntu-minimal --components=main,universe trusty"
echo >&2 " $mkimg -t someuser/busybox busybox-static"
echo >&2 " $mkimg -t someuser/centos:5 rinse --distribution centos-5"
echo >&2 " $mkimg -t someuser/mageia:4 mageia-urpmi --version=4"
echo >&2 " $mkimg -t someuser/mageia:4 mageia-urpmi --version=4 --mirror=http://somemirror/"
exit 1
}
scriptDir="$(dirname "$(readlink -f "$BASH_SOURCE")")/mkimage"
optTemp=$(getopt --options '+d:t:c:hC' --longoptions 'dir:,tag:,compression:,no-compression,help' --name "$mkimg" -- "$@")
eval set -- "$optTemp"
unset optTemp
dir=
tag=
compression="auto"
while true; do
case "$1" in
-d|--dir) dir="$2" ; shift 2 ;;
-t|--tag) tag="$2" ; shift 2 ;;
--compression) compression="$2" ; shift 2 ;;
--no-compression) compression="none" ; shift 1 ;;
-h|--help) usage ;;
--) shift ; break ;;
esac
done
script="$1"
[ "$script" ] || usage
shift
if [ "$compression" == 'auto' ] || [ -z "$compression" ]
then
compression='xz'
fi
[ "$compression" == 'none' ] && compression=''
if [ ! -x "$scriptDir/$script" ]; then
echo >&2 "error: $script does not exist or is not executable"
echo >&2 " see $scriptDir for possible scripts"
exit 1
fi
# don't mistake common scripts like .febootstrap-minimize as image-creators
if [[ "$script" == .* ]]; then
echo >&2 "error: $script is a script helper, not a script"
echo >&2 " see $scriptDir for possible scripts"
exit 1
fi
delDir=
if [ -z "$dir" ]; then
dir="$(mktemp -d ${TMPDIR:-/var/tmp}/docker-mkimage.XXXXXXXXXX)"
delDir=1
fi
rootfsDir="$dir/rootfs"
( set -x; mkdir -p "$rootfsDir" )
# pass all remaining arguments to $script
"$scriptDir/$script" "$rootfsDir" "$@"
# Docker mounts tmpfs at /dev and procfs at /proc so we can remove them
rm -rf "$rootfsDir/dev" "$rootfsDir/proc"
mkdir -p "$rootfsDir/dev" "$rootfsDir/proc"
# make sure /etc/resolv.conf has something useful in it
mkdir -p "$rootfsDir/etc"
cat > "$rootfsDir/etc/resolv.conf" <<'EOF'
nameserver 8.8.8.8
nameserver 8.8.4.4
EOF
tarFile="$dir/rootfs.tar${compression:+.$compression}"
touch "$tarFile"
(
set -x
tar --numeric-owner --create --auto-compress --file "$tarFile" --directory "$rootfsDir" --transform='s,^./,,' .
)
echo >&2 "+ cat > '$dir/Dockerfile'"
cat > "$dir/Dockerfile" <<EOF
FROM scratch
ADD $(basename "$tarFile") /
EOF
# if our generated image has a decent shell, let's set a default command
for shell in /bin/bash /usr/bin/fish /usr/bin/zsh /bin/sh; do
if [ -x "$rootfsDir/$shell" ]; then
( set -x; echo 'CMD ["'"$shell"'"]' >> "$dir/Dockerfile" )
break
fi
done
( set -x; rm -rf "$rootfsDir" )
if [ "$tag" ]; then
( set -x; docker build -t "$tag" "$dir" )
elif [ "$delDir" ]; then
# if we didn't specify a tag and we're going to delete our dir, let's just build an untagged image so that we did _something_
( set -x; docker build "$dir" )
fi
if [ "$delDir" ]; then
( set -x; rm -rf "$dir" )
fi

28
vendor/github.com/hyperhq/hypercli/contrib/mkimage/.febootstrap-minimize generated vendored Executable file
View File

@@ -0,0 +1,28 @@
#!/usr/bin/env bash
set -e
rootfsDir="$1"
shift
(
cd "$rootfsDir"
# effectively: febootstrap-minimize --keep-zoneinfo --keep-rpmdb --keep-services "$target"
# locales
rm -rf usr/{{lib,share}/locale,{lib,lib64}/gconv,bin/localedef,sbin/build-locale-archive}
# docs and man pages
rm -rf usr/share/{man,doc,info,gnome/help}
# cracklib
rm -rf usr/share/cracklib
# i18n
rm -rf usr/share/i18n
# yum cache
rm -rf var/cache/yum
mkdir -p --mode=0755 var/cache/yum
# sln
rm -rf sbin/sln
# ldconfig
#rm -rf sbin/ldconfig
rm -rf etc/ld.so.cache var/cache/ldconfig
mkdir -p --mode=0755 var/cache/ldconfig
)

34
vendor/github.com/hyperhq/hypercli/contrib/mkimage/busybox-static generated vendored Executable file
View File

@@ -0,0 +1,34 @@
#!/usr/bin/env bash
set -e
rootfsDir="$1"
shift
busybox="$(which busybox 2>/dev/null || true)"
if [ -z "$busybox" ]; then
echo >&2 'error: busybox: not found'
echo >&2 ' install it with your distribution "busybox-static" package'
exit 1
fi
if ! ldd "$busybox" 2>&1 | grep -q 'not a dynamic executable'; then
echo >&2 "error: '$busybox' appears to be a dynamic executable"
echo >&2 ' you should install your distribution "busybox-static" package instead'
exit 1
fi
mkdir -p "$rootfsDir/bin"
rm -f "$rootfsDir/bin/busybox" # just in case
cp "$busybox" "$rootfsDir/bin/busybox"
(
cd "$rootfsDir"
IFS=$'\n'
modules=( $(bin/busybox --list-modules) )
unset IFS
for module in "${modules[@]}"; do
mkdir -p "$(dirname "$module")"
ln -sf /bin/busybox "$module"
done
)

240
vendor/github.com/hyperhq/hypercli/contrib/mkimage/debootstrap generated vendored Executable file
View File

@@ -0,0 +1,240 @@
#!/usr/bin/env bash
set -e
rootfsDir="$1"
shift
# we have to do a little fancy footwork to make sure "rootfsDir" becomes the second non-option argument to debootstrap
before=()
while [ $# -gt 0 ] && [[ "$1" == -* ]]; do
before+=( "$1" )
shift
done
suite="$1"
shift
# get path to "chroot" in our current PATH
chrootPath="$(type -P chroot)"
rootfs_chroot() {
# "chroot" doesn't set PATH, so we need to set it explicitly to something our new debootstrap chroot can use appropriately!
# set PATH and chroot away!
PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' \
"$chrootPath" "$rootfsDir" "$@"
}
# allow for DEBOOTSTRAP=qemu-debootstrap ./mkimage.sh ...
: ${DEBOOTSTRAP:=debootstrap}
(
set -x
$DEBOOTSTRAP "${before[@]}" "$suite" "$rootfsDir" "$@"
)
# now for some Docker-specific tweaks
# prevent init scripts from running during install/update
echo >&2 "+ echo exit 101 > '$rootfsDir/usr/sbin/policy-rc.d'"
cat > "$rootfsDir/usr/sbin/policy-rc.d" <<-'EOF'
#!/bin/sh
# For most Docker users, "apt-get install" only happens during "docker build",
# where starting services doesn't work and often fails in humorous ways. This
# prevents those failures by stopping the services from attempting to start.
exit 101
EOF
chmod +x "$rootfsDir/usr/sbin/policy-rc.d"
# prevent upstart scripts from running during install/update
(
set -x
rootfs_chroot dpkg-divert --local --rename --add /sbin/initctl
cp -a "$rootfsDir/usr/sbin/policy-rc.d" "$rootfsDir/sbin/initctl"
sed -i 's/^exit.*/exit 0/' "$rootfsDir/sbin/initctl"
)
# shrink a little, since apt makes us cache-fat (wheezy: ~157.5MB vs ~120MB)
( set -x; rootfs_chroot apt-get clean )
# this file is one APT creates to make sure we don't "autoremove" our currently
# in-use kernel, which doesn't really apply to debootstraps/Docker images that
# don't even have kernels installed
rm -f "$rootfsDir/etc/apt/apt.conf.d/01autoremove-kernels"
# Ubuntu 10.04 sucks... :)
if strings "$rootfsDir/usr/bin/dpkg" | grep -q unsafe-io; then
# force dpkg not to call sync() after package extraction (speeding up installs)
echo >&2 "+ echo force-unsafe-io > '$rootfsDir/etc/dpkg/dpkg.cfg.d/docker-apt-speedup'"
cat > "$rootfsDir/etc/dpkg/dpkg.cfg.d/docker-apt-speedup" <<-'EOF'
# For most Docker users, package installs happen during "docker build", which
# doesn't survive power loss and gets restarted clean afterwards anyhow, so
# this minor tweak gives us a nice speedup (much nicer on spinning disks,
# obviously).
force-unsafe-io
EOF
fi
if [ -d "$rootfsDir/etc/apt/apt.conf.d" ]; then
# _keep_ us lean by effectively running "apt-get clean" after every install
aptGetClean='"rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true";'
echo >&2 "+ cat > '$rootfsDir/etc/apt/apt.conf.d/docker-clean'"
cat > "$rootfsDir/etc/apt/apt.conf.d/docker-clean" <<-EOF
# Since for most Docker users, package installs happen in "docker build" steps,
# they essentially become individual layers due to the way Docker handles
# layering, especially using CoW filesystems. What this means for us is that
# the caches that APT keeps end up just wasting space in those layers, making
# our layers unnecessarily large (especially since we'll normally never use
# these caches again and will instead just "docker build" again and make a brand
# new image).
# Ideally, these would just be invoking "apt-get clean", but in our testing,
# that ended up being cyclic and we got stuck on APT's lock, so we get this fun
# creation that's essentially just "apt-get clean".
DPkg::Post-Invoke { ${aptGetClean} };
APT::Update::Post-Invoke { ${aptGetClean} };
Dir::Cache::pkgcache "";
Dir::Cache::srcpkgcache "";
# Note that we do realize this isn't the ideal way to do this, and are always
# open to better suggestions (https://github.com/docker/docker/issues).
EOF
# remove apt-cache translations for fast "apt-get update"
echo >&2 "+ echo Acquire::Languages 'none' > '$rootfsDir/etc/apt/apt.conf.d/docker-no-languages'"
cat > "$rootfsDir/etc/apt/apt.conf.d/docker-no-languages" <<-'EOF'
# In Docker, we don't often need the "Translations" files, so we're just wasting
# time and space by downloading them, and this inhibits that. For users that do
# need them, it's a simple matter to delete this file and "apt-get update". :)
Acquire::Languages "none";
EOF
echo >&2 "+ echo Acquire::GzipIndexes 'true' > '$rootfsDir/etc/apt/apt.conf.d/docker-gzip-indexes'"
cat > "$rootfsDir/etc/apt/apt.conf.d/docker-gzip-indexes" <<-'EOF'
# Since Docker users using "RUN apt-get update && apt-get install -y ..." in
# their Dockerfiles don't go delete the lists files afterwards, we want them to
# be as small as possible on-disk, so we explicitly request "gz" versions and
# tell Apt to keep them gzipped on-disk.
# For comparison, an "apt-get update" layer without this on a pristine
# "debian:wheezy" base image was "29.88 MB", where with this it was only
# "8.273 MB".
Acquire::GzipIndexes "true";
Acquire::CompressionTypes::Order:: "gz";
EOF
# update "autoremove" configuration to be aggressive about removing suggests deps that weren't manually installed
echo >&2 "+ echo Apt::AutoRemove::SuggestsImportant 'false' > '$rootfsDir/etc/apt/apt.conf.d/docker-autoremove-suggests'"
cat > "$rootfsDir/etc/apt/apt.conf.d/docker-autoremove-suggests" <<-'EOF'
# Since Docker users are looking for the smallest possible final images, the
# following emerges as a very common pattern:
# RUN apt-get update \
# && apt-get install -y <packages> \
# && <do some compilation work> \
# && apt-get purge -y --auto-remove <packages>
# By default, APT will actually _keep_ packages installed via Recommends or
# Depends if another package Suggests them, even and including if the package
# that originally caused them to be installed is removed. Setting this to
# "false" ensures that APT is appropriately aggressive about removing the
# packages it added.
# https://aptitude.alioth.debian.org/doc/en/ch02s05s05.html#configApt-AutoRemove-SuggestsImportant
Apt::AutoRemove::SuggestsImportant "false";
EOF
fi
if [ -z "$DONT_TOUCH_SOURCES_LIST" ]; then
# tweak sources.list, where appropriate
lsbDist=
if [ -z "$lsbDist" -a -r "$rootfsDir/etc/os-release" ]; then
lsbDist="$(. "$rootfsDir/etc/os-release" && echo "$ID")"
fi
if [ -z "$lsbDist" -a -r "$rootfsDir/etc/lsb-release" ]; then
lsbDist="$(. "$rootfsDir/etc/lsb-release" && echo "$DISTRIB_ID")"
fi
if [ -z "$lsbDist" -a -r "$rootfsDir/etc/debian_version" ]; then
lsbDist='Debian'
fi
# normalize to lowercase for easier matching
lsbDist="$(echo "$lsbDist" | tr '[:upper:]' '[:lower:]')"
case "$lsbDist" in
debian)
# updates and security!
if [ "$suite" != 'sid' -a "$suite" != 'unstable' ]; then
(
set -x
sed -i "
p;
s/ $suite / ${suite}-updates /
" "$rootfsDir/etc/apt/sources.list"
echo "deb http://security.debian.org $suite/updates main" >> "$rootfsDir/etc/apt/sources.list"
# squeeze-lts
if [ -f "$rootfsDir/etc/debian_version" ]; then
ltsSuite=
case "$(cat "$rootfsDir/etc/debian_version")" in
6.*) ltsSuite='squeeze-lts' ;;
#7.*) ltsSuite='wheezy-lts' ;;
#8.*) ltsSuite='jessie-lts' ;;
esac
if [ "$ltsSuite" ]; then
head -1 "$rootfsDir/etc/apt/sources.list" \
| sed "s/ $suite / $ltsSuite /" \
>> "$rootfsDir/etc/apt/sources.list"
fi
fi
)
fi
;;
ubuntu)
# add the updates and security repositories
(
set -x
sed -i "
p;
s/ $suite / ${suite}-updates /; p;
s/ $suite-updates / ${suite}-security /
" "$rootfsDir/etc/apt/sources.list"
)
;;
tanglu)
# add the updates repository
if [ "$suite" != 'devel' ]; then
(
set -x
sed -i "
p;
s/ $suite / ${suite}-updates /
" "$rootfsDir/etc/apt/sources.list"
)
fi
;;
steamos)
# add contrib and non-free if "main" is the only component
(
set -x
sed -i "s/ $suite main$/ $suite main contrib non-free/" "$rootfsDir/etc/apt/sources.list"
)
;;
esac
fi
(
set -x
# make sure we're fully up-to-date
rootfs_chroot sh -xc 'apt-get update && apt-get dist-upgrade -y'
# delete all the apt list files since they're big and get stale quickly
rm -rf "$rootfsDir/var/lib/apt/lists"/*
# this forces "apt-get update" in dependent images, which is also good
mkdir "$rootfsDir/var/lib/apt/lists/partial" # Lucid... "E: Lists directory /var/lib/apt/lists/partial is missing."
)

61
vendor/github.com/hyperhq/hypercli/contrib/mkimage/mageia-urpmi generated vendored Executable file
View File

@@ -0,0 +1,61 @@
#!/usr/bin/env bash
#
# Needs to be run from Mageia 4 or greater for kernel support for docker.
#
# Mageia 4 does not have docker available in official repos, so please
# install and run the docker binary manually.
#
# Tested working versions are for Mageia 2 onwards (inc. cauldron).
#
set -e
rootfsDir="$1"
shift
optTemp=$(getopt --options '+v:,m:' --longoptions 'version:,mirror:' --name mageia-urpmi -- "$@")
eval set -- "$optTemp"
unset optTemp
installversion=
mirror=
while true; do
case "$1" in
-v|--version) installversion="$2" ; shift 2 ;;
-m|--mirror) mirror="$2" ; shift 2 ;;
--) shift ; break ;;
esac
done
if [ -z $installversion ]; then
# Attempt to match host version
if [ -r /etc/mageia-release ]; then
installversion="$(sed 's/^[^0-9\]*\([0-9.]\+\).*$/\1/' /etc/mageia-release)"
else
echo "Error: no version supplied and unable to detect host mageia version"
exit 1
fi
fi
if [ -z $mirror ]; then
# No mirror provided, default to mirrorlist
mirror="--mirrorlist https://mirrors.mageia.org/api/mageia.$installversion.x86_64.list"
fi
(
set -x
urpmi.addmedia --distrib \
$mirror \
--urpmi-root "$rootfsDir"
urpmi basesystem-minimal urpmi \
--auto \
--no-suggests \
--urpmi-root "$rootfsDir" \
--root "$rootfsDir"
)
"$(dirname "$BASH_SOURCE")/.febootstrap-minimize" "$rootfsDir"
if [ -d "$rootfsDir/etc/sysconfig" ]; then
# allow networking init scripts inside the container to work without extra steps
echo 'NETWORKING=yes' > "$rootfsDir/etc/sysconfig/network"
fi

25
vendor/github.com/hyperhq/hypercli/contrib/mkimage/rinse generated vendored Executable file
View File

@@ -0,0 +1,25 @@
#!/usr/bin/env bash
set -e
rootfsDir="$1"
shift
# specifying --arch below is safe because "$@" can override it and the "latest" one wins :)
(
set -x
rinse --directory "$rootfsDir" --arch amd64 "$@"
)
"$(dirname "$BASH_SOURCE")/.febootstrap-minimize" "$rootfsDir"
if [ -d "$rootfsDir/etc/sysconfig" ]; then
# allow networking init scripts inside the container to work without extra steps
echo 'NETWORKING=yes' > "$rootfsDir/etc/sysconfig/network"
fi
# make sure we're fully up-to-date, too
(
set -x
chroot "$rootfsDir" yum update -y
)

65
vendor/github.com/hyperhq/hypercli/contrib/nuke-graph-directory.sh generated vendored Executable file
View File

@@ -0,0 +1,65 @@
#!/bin/sh
set -e
dir="$1"
if [ -z "$dir" ]; then
{
echo 'This script is for destroying old /var/lib/docker directories more safely than'
echo ' "rm -rf", which can cause data loss or other serious issues.'
echo
echo "usage: $0 directory"
echo " ie: $0 /var/lib/docker"
} >&2
exit 1
fi
if [ "$(id -u)" != 0 ]; then
echo >&2 "error: $0 must be run as root"
exit 1
fi
if [ ! -d "$dir" ]; then
echo >&2 "error: $dir is not a directory"
exit 1
fi
dir="$(readlink -f "$dir")"
echo
echo "Nuking $dir ..."
echo ' (if this is wrong, press Ctrl+C NOW!)'
echo
( set -x; sleep 10 )
echo
dir_in_dir() {
inner="$1"
outer="$2"
[ "${inner#$outer}" != "$inner" ]
}
# let's start by unmounting any submounts in $dir
# (like -v /home:... for example - DON'T DELETE MY HOME DIRECTORY BRU!)
for mount in $(awk '{ print $5 }' /proc/self/mountinfo); do
mount="$(readlink -f "$mount" || true)"
if dir_in_dir "$mount" "$dir"; then
( set -x; umount -f "$mount" )
fi
done
# now, let's go destroy individual btrfs subvolumes, if any exist
if command -v btrfs > /dev/null 2>&1; then
root="$(df "$dir" | awk 'NR>1 { print $NF }')"
root="${root%/}" # if root is "/", we want it to become ""
for subvol in $(btrfs subvolume list -o "$root/" 2>/dev/null | awk -F' path ' '{ print $2 }' | sort -r); do
subvolDir="$root/$subvol"
if dir_in_dir "$subvolDir" "$dir"; then
( set -x; btrfs subvolume delete "$subvolDir" )
fi
done
fi
# finally, DESTROY ALL THINGS
( set -x; rm -rf "$dir" )

22
vendor/github.com/hyperhq/hypercli/contrib/project-stats.sh generated vendored Executable file
View File

@@ -0,0 +1,22 @@
#!/usr/bin/env bash
## Run this script from the root of the docker repository
## to query project stats useful to the maintainers.
## You will need to install `pulls` and `issues` from
## https://github.com/crosbymichael/pulls
set -e
echo -n "Open pulls: "
PULLS=$(pulls | wc -l); let PULLS=$PULLS-1
echo $PULLS
echo -n "Pulls alru: "
pulls alru
echo -n "Open issues: "
ISSUES=$(issues list | wc -l); let ISSUES=$ISSUES-1
echo $ISSUES
echo -n "Issues alru: "
issues alru

105
vendor/github.com/hyperhq/hypercli/contrib/report-issue.sh generated vendored Normal file
View File

@@ -0,0 +1,105 @@
#!/bin/sh
# This is a convenience script for reporting issues that include a base
# template of information. See https://github.com/docker/docker/pull/8845
set -e
DOCKER_ISSUE_URL=${DOCKER_ISSUE_URL:-"https://github.com/docker/docker/issues/new"}
DOCKER_ISSUE_NAME_PREFIX=${DOCKER_ISSUE_NAME_PREFIX:-"Report: "}
DOCKER=${DOCKER:-"docker"}
DOCKER_COMMAND="${DOCKER}"
export DOCKER_COMMAND
# pulled from https://gist.github.com/cdown/1163649
function urlencode() {
# urlencode <string>
local length="${#1}"
for (( i = 0; i < length; i++ )); do
local c="${1:i:1}"
case $c in
[a-zA-Z0-9.~_-]) printf "$c" ;;
*) printf '%%%02X' "'$c"
esac
done
}
function template() {
# this should always match the template from CONTRIBUTING.md
cat <<- EOM
Description of problem:
\`docker version\`:
`${DOCKER_COMMAND} -D version`
\`docker info\`:
`${DOCKER_COMMAND} -D info`
\`uname -a\`:
`uname -a`
Environment details (AWS, VirtualBox, physical, etc.):
How reproducible:
Steps to Reproduce:
1.
2.
3.
Actual Results:
Expected Results:
Additional info:
EOM
}
function format_issue_url() {
if [ ${#@} -ne 2 ] ; then
return 1
fi
local issue_name=$(urlencode "${DOCKER_ISSUE_NAME_PREFIX}${1}")
local issue_body=$(urlencode "${2}")
echo "${DOCKER_ISSUE_URL}?title=${issue_name}&body=${issue_body}"
}
echo -ne "Do you use \`sudo\` to call docker? [y|N]: "
read -r -n 1 use_sudo
echo ""
if [ "x${use_sudo}" = "xy" -o "x${use_sudo}" = "xY" ]; then
export DOCKER_COMMAND="sudo ${DOCKER}"
fi
echo -ne "Title of new issue?: "
read -r issue_title
echo ""
issue_url=$(format_issue_url "${issue_title}" "$(template)")
if which xdg-open 2>/dev/null >/dev/null ; then
echo -ne "Would like to launch this report in your browser? [Y|n]: "
read -r -n 1 launch_now
echo ""
if [ "${launch_now}" != "n" -a "${launch_now}" != "N" ]; then
xdg-open "${issue_url}"
fi
fi
echo "If you would like to manually open the url, you can open this link if your browser: ${issue_url}"

12
vendor/github.com/hyperhq/hypercli/contrib/reprepro/suites.sh generated vendored Executable file
View File

@@ -0,0 +1,12 @@
#!/bin/bash
set -e
cd "$(dirname "$BASH_SOURCE")/../.."
targets_from() {
git fetch -q https://github.com/docker/docker.git "$1"
git ls-tree -r --name-only "$(git rev-parse FETCH_HEAD)" contrib/builder/deb/ | grep '/Dockerfile$' | sed -r 's!^contrib/builder/deb/|^contrib/builder/deb/amd64/|-debootstrap|/Dockerfile$!!g' | grep -v /
}
release_branch=$(git ls-remote --heads https://github.com/docker/docker.git | awk -F 'refs/heads/' '$2 ~ /^release/ { print $2 }' | sort -V | tail -1)
{ targets_from master; targets_from "$release_branch"; } | sort -u

70
vendor/github.com/hyperhq/hypercli/contrib/syntax/kate/Dockerfile.xml generated vendored Normal file
View File

@@ -0,0 +1,70 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE language SYSTEM "language.dtd">
<!-- Dockerfile syntaxfile v1.0 by James Turnbull <james@lovedthanlost.net> -->
<language name="Dockerfile" section="Other"
version="1.0" kateversion="2.4"
extensions="Dockerfile"
mimetype="text/plain"
author="James Turnbull (james@lovedthanlost.net)"
license="GPL">
<highlighting>
<list name="keywords">
<item> FROM </item>
<item> MAINTAINER </item>
<item> ENV </item>
<item> RUN </item>
<item> ONBUILD </item>
<item> COPY </item>
<item> ADD </item>
<item> VOLUME </item>
<item> EXPOSE </item>
<item> ENTRYPOINT </item>
<item> CMD </item>
<item> WORKDIR </item>
<item> USER </item>
<item> LABEL </item>
<item> STOPSIGNAL </item>
</list>
<contexts>
<context name="normal" attribute="Normal" lineEndContext="#stay">
<DetectSpaces/>
<DetectChar attribute="Comment" context="Comment" char="#"/>
<keyword attribute="Keyword" context="#stay" String="keywords"/>
<DetectIdentifier/>
<DetectChar attribute="String" context="string&quot;" char="&quot;"/>
<DetectChar attribute="String" context="string'" char="'"/>
</context>
<context attribute="Comment" lineEndContext="#pop" name="Comment">
<LineContinue attribute="Comment" context="#stay" />
</context>
<context name="string&quot;" attribute="String" lineEndContext="#pop">
<LineContinue attribute="Operator" context="#stay"/>
<DetectChar attribute="String" context="#pop" char="&quot;"/>
<DetectChar attribute="Operator" context="dollar" char="$"/>
</context>
<context name="string'" attribute="String" lineEndContext="#pop">
<LineContinue attribute="String" context="#stay"/>
<DetectChar attribute="String" context="#pop" char="'"/>
<DetectChar attribute="Operator" context="dollar" char="$"/>
</context>
</contexts>
<itemDatas>
<itemData name="Normal" defStyleNum="dsNormal" spellChecking="0"/>
<itemData name="Keyword" defStyleNum="dsKeyword" spellChecking="0"/>
<itemData name="Comment" defStyleNum="dsComment"/>
<itemData name="String" defStyleNum="dsString" spellChecking="0"/>
</itemDatas>
</highlighting>
<general>
<comments>
<comment name = "singleLine" start = "#"/>
</comments>
</general>
</language>
<!-- kate: space-indent on; indent-width 2; replace-tabs on; -->

26
vendor/github.com/hyperhq/hypercli/contrib/syntax/nano/Dockerfile.nanorc generated vendored Normal file
View File

@@ -0,0 +1,26 @@
## Syntax highlighting for Dockerfiles
syntax "Dockerfile" "Dockerfile[^/]*$"
## Keywords
icolor red "^(FROM|MAINTAINER|RUN|CMD|LABEL|EXPOSE|ENV|ADD|COPY|ENTRYPOINT|VOLUME|USER|WORKDIR|ONBUILD)[[:space:]]"
## Brackets & parenthesis
color brightgreen "(\(|\)|\[|\])"
## Double ampersand
color brightmagenta "&&"
## Comments
icolor cyan "^[[:space:]]*#.*$"
## Blank space at EOL
color ,green "[[:space:]]+$"
## Strings, single-quoted
color brightwhite "'([^']|(\\'))*'" "%[qw]\{[^}]*\}" "%[qw]\([^)]*\)" "%[qw]<[^>]*>" "%[qw]\[[^]]*\]" "%[qw]\$[^$]*\$" "%[qw]\^[^^]*\^" "%[qw]![^!]*!"
## Strings, double-quoted
color brightwhite ""([^"]|(\\"))*"" "%[QW]?\{[^}]*\}" "%[QW]?\([^)]*\)" "%[QW]?<[^>]*>" "%[QW]?\[[^]]*\]" "%[QW]?\$[^$]*\$" "%[QW]?\^[^^]*\^" "%[QW]?![^!]*!"
## Single and double quotes
color brightyellow "('|\")"

32
vendor/github.com/hyperhq/hypercli/contrib/syntax/nano/README.md generated vendored Normal file
View File

@@ -0,0 +1,32 @@
Dockerfile.nanorc
=================
Dockerfile syntax highlighting for nano
Single User Installation
------------------------
1. Create a nano syntax directory in your home directory:
* `mkdir -p ~/.nano/syntax`
2. Copy `Dockerfile.nanorc` to` ~/.nano/syntax/`
* `cp Dockerfile.nanorc ~/.nano/syntax/`
3. Add the following to your `~/.nanorc` to tell nano where to find the `Dockerfile.nanorc` file
```
## Dockerfile files
include "~/.nano/syntax/Dockerfile.nanorc"
```
System Wide Installation
------------------------
1. Create a nano syntax directory:
* `mkdir /usr/local/share/nano`
2. Copy `Dockerfile.nanorc` to `/usr/local/share/nano`
* `cp Dockerfile.nanorc /usr/local/share/nano/`
3. Add the following to your `/etc/nanorc`:
```
## Dockerfile files
include "/usr/local/share/nano/Dockerfile.nanorc"
```

24
vendor/github.com/hyperhq/hypercli/contrib/syntax/textmate/Docker.tmbundle/Preferences/Dockerfile.tmPreferences generated vendored Normal file
View File

@@ -0,0 +1,24 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>name</key>
<string>Comments</string>
<key>scope</key>
<string>source.dockerfile</string>
<key>settings</key>
<dict>
<key>shellVariables</key>
<array>
<dict>
<key>name</key>
<string>TM_COMMENT_START</string>
<key>value</key>
<string># </string>
</dict>
</array>
</dict>
<key>uuid</key>
<string>2B215AC0-A7F3-4090-9FF6-F4842BD56CA7</string>
</dict>
</plist>

143
vendor/github.com/hyperhq/hypercli/contrib/syntax/textmate/Docker.tmbundle/Syntaxes/Dockerfile.tmLanguage generated vendored Normal file
View File

@@ -0,0 +1,143 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>fileTypes</key>
<array>
<string>Dockerfile</string>
</array>
<key>name</key>
<string>Dockerfile</string>
<key>patterns</key>
<array>
<dict>
<key>captures</key>
<dict>
<key>1</key>
<dict>
<key>name</key>
<string>keyword.control.dockerfile</string>
</dict>
<key>2</key>
<dict>
<key>name</key>
<string>keyword.other.special-method.dockerfile</string>
</dict>
</dict>
<key>match</key>
<string>^\s*(?:(ONBUILD)\s+)?(FROM|MAINTAINER|RUN|EXPOSE|ENV|ADD|VOLUME|USER|WORKDIR|COPY|LABEL|STOPSIGNAL|ARG)\s</string>
</dict>
<dict>
<key>captures</key>
<dict>
<key>1</key>
<dict>
<key>name</key>
<string>keyword.operator.dockerfile</string>
</dict>
<key>2</key>
<dict>
<key>name</key>
<string>keyword.other.special-method.dockerfile</string>
</dict>
</dict>
<key>match</key>
<string>^\s*(?:(ONBUILD)\s+)?(CMD|ENTRYPOINT)\s</string>
</dict>
<dict>
<key>begin</key>
<string>"</string>
<key>beginCaptures</key>
<dict>
<key>1</key>
<dict>
<key>name</key>
<string>punctuation.definition.string.begin.dockerfile</string>
</dict>
</dict>
<key>end</key>
<string>"</string>
<key>endCaptures</key>
<dict>
<key>1</key>
<dict>
<key>name</key>
<string>punctuation.definition.string.end.dockerfile</string>
</dict>
</dict>
<key>name</key>
<string>string.quoted.double.dockerfile</string>
<key>patterns</key>
<array>
<dict>
<key>match</key>
<string>\\.</string>
<key>name</key>
<string>constant.character.escaped.dockerfile</string>
</dict>
</array>
</dict>
<dict>
<key>begin</key>
<string>'</string>
<key>beginCaptures</key>
<dict>
<key>1</key>
<dict>
<key>name</key>
<string>punctuation.definition.string.begin.dockerfile</string>
</dict>
</dict>
<key>end</key>
<string>'</string>
<key>endCaptures</key>
<dict>
<key>1</key>
<dict>
<key>name</key>
<string>punctuation.definition.string.end.dockerfile</string>
</dict>
</dict>
<key>name</key>
<string>string.quoted.single.dockerfile</string>
<key>patterns</key>
<array>
<dict>
<key>match</key>
<string>\\.</string>
<key>name</key>
<string>constant.character.escaped.dockerfile</string>
</dict>
</array>
</dict>
<dict>
<key>captures</key>
<dict>
<key>1</key>
<dict>
<key>name</key>
<string>punctuation.whitespace.comment.leading.dockerfile</string>
</dict>
<key>2</key>
<dict>
<key>name</key>
<string>comment.line.number-sign.dockerfile</string>
</dict>
<key>3</key>
<dict>
<key>name</key>
<string>punctuation.definition.comment.dockerfile</string>
</dict>
</dict>
<key>comment</key>
<string>comment.line</string>
<key>match</key>
<string>^(\s*)((#).*$\n?)</string>
</dict>
</array>
<key>scopeName</key>
<string>source.dockerfile</string>
<key>uuid</key>
<string>a39d8795-59d2-49af-aa00-fe74ee29576e</string>
</dict>
</plist>

16
vendor/github.com/hyperhq/hypercli/contrib/syntax/textmate/Docker.tmbundle/info.plist generated vendored Normal file
View File

@@ -0,0 +1,16 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>contactEmailRot13</key>
<string>germ@andz.com.ar</string>
<key>contactName</key>
<string>GermanDZ</string>
<key>description</key>
<string>Helpers for Docker.</string>
<key>name</key>
<string>Docker</string>
<key>uuid</key>
<string>8B9DDBAF-E65C-4E12-FFA7-467D4AA535B1</string>
</dict>
</plist>

17
vendor/github.com/hyperhq/hypercli/contrib/syntax/textmate/README.md generated vendored Normal file
View File

@@ -0,0 +1,17 @@
# Docker.tmbundle
Dockerfile syntax highlighting for TextMate and Sublime Text.
## Install
### Sublime Text
Available for Sublime Text under [package control](https://sublime.wbond.net/packages/Dockerfile%20Syntax%20Highlighting).
Search for *Dockerfile Syntax Highlighting*
### TextMate 2
You can install this bundle in TextMate by opening the preferences and going to the bundles tab. After installation it will be automatically updated for you.
enjoy.

1
vendor/github.com/hyperhq/hypercli/contrib/syntax/textmate/REVIEWERS generated vendored Normal file
View File

@@ -0,0 +1 @@
Asbjorn Enge <asbjorn@hanafjedle.net> (@asbjornenge)

22
vendor/github.com/hyperhq/hypercli/contrib/syntax/vim/LICENSE generated vendored Normal file
View File

@@ -0,0 +1,22 @@
Copyright (c) 2013 Honza Pokorny
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

26
vendor/github.com/hyperhq/hypercli/contrib/syntax/vim/README.md generated vendored Normal file
View File

@@ -0,0 +1,26 @@
dockerfile.vim
==============
Syntax highlighting for Dockerfiles
Installation
------------
With [pathogen](https://github.com/tpope/vim-pathogen), the usual way...
With [Vundle](https://github.com/gmarik/Vundle.vim)
Plugin 'docker/docker' , {'rtp': '/contrib/syntax/vim/'}
Features
--------
The syntax highlighting includes:
* The directives (e.g. `FROM`)
* Strings
* Comments
License
-------
BSD, short and sweet

18
vendor/github.com/hyperhq/hypercli/contrib/syntax/vim/doc/dockerfile.txt generated vendored Normal file
View File

@@ -0,0 +1,18 @@
*dockerfile.txt* Syntax highlighting for Dockerfiles
Author: Honza Pokorny <https://honza.ca>
License: BSD
INSTALLATION *installation*
Drop it on your Pathogen path and you're all set.
FEATURES *features*
The syntax highlighting includes:
* The directives (e.g. FROM)
* Strings
* Comments
vim:tw=78:et:ft=help:norl:

1
vendor/github.com/hyperhq/hypercli/contrib/syntax/vim/ftdetect/dockerfile.vim generated vendored Normal file
View File

@@ -0,0 +1 @@
au BufNewFile,BufRead [Dd]ockerfile,Dockerfile.* set filetype=dockerfile

31
vendor/github.com/hyperhq/hypercli/contrib/syntax/vim/syntax/dockerfile.vim generated vendored Normal file
View File

@@ -0,0 +1,31 @@
" dockerfile.vim - Syntax highlighting for Dockerfiles
" Maintainer: Honza Pokorny <https://honza.ca>
" Version: 0.5
if exists("b:current_syntax")
finish
endif
let b:current_syntax = "dockerfile"
syntax case ignore
syntax match dockerfileKeyword /\v^\s*(ONBUILD\s+)?(ADD|CMD|ENTRYPOINT|ENV|EXPOSE|FROM|MAINTAINER|RUN|USER|LABEL|VOLUME|WORKDIR|COPY|STOPSIGNAL|ARG)\s/
highlight link dockerfileKeyword Keyword
syntax region dockerfileString start=/\v"/ skip=/\v\\./ end=/\v"/
highlight link dockerfileString String
syntax match dockerfileComment "\v^\s*#.*$"
highlight link dockerfileComment Comment
set commentstring=#\ %s
" match "RUN", "CMD", and "ENTRYPOINT" lines, and parse them as shell
let s:current_syntax = b:current_syntax
unlet b:current_syntax
syntax include @SH syntax/sh.vim
let b:current_syntax = s:current_syntax
syntax region shLine matchgroup=dockerfileKeyword start=/\v^\s*(RUN|CMD|ENTRYPOINT)\s/ end=/\v$/ contains=@SH
" since @SH will handle "\" as part of the same line automatically, this "just works" for line continuation too, but with the caveat that it will highlight "RUN echo '" followed by a newline as if it were a block because the "'" is shell line continuation... not sure how to fix that just yet (TODO)

9
vendor/github.com/hyperhq/hypercli/contrib/syscall-test/Dockerfile generated vendored Normal file
View File

@@ -0,0 +1,9 @@
FROM buildpack-deps:jessie
COPY . /usr/src/
WORKDIR /usr/src/
RUN gcc -g -Wall -static userns.c -o /usr/bin/userns-test \
&& gcc -g -Wall -static ns.c -o /usr/bin/ns-test \
&& gcc -g -Wall -static acct.c -o /usr/bin/acct-test

16
vendor/github.com/hyperhq/hypercli/contrib/syscall-test/acct.c generated vendored Normal file
View File

@@ -0,0 +1,16 @@
#define _GNU_SOURCE
#include <unistd.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <errno.h>
int main(int argc, char **argv)
{
int err = acct("/tmp/t");
if (err == -1) {
fprintf(stderr, "acct failed: %s\n", strerror(errno));
exit(EXIT_FAILURE);
}
exit(EXIT_SUCCESS);
}

63
vendor/github.com/hyperhq/hypercli/contrib/syscall-test/ns.c generated vendored Normal file
View File

@@ -0,0 +1,63 @@
#define _GNU_SOURCE
#include <errno.h>
#include <sched.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/mman.h>
#include <sys/wait.h>
#include <unistd.h>
#define STACK_SIZE (1024 * 1024) /* Stack size for cloned child */
struct clone_args {
char **argv;
};
// child_exec is the func that will be executed as the result of clone
static int child_exec(void *stuff)
{
struct clone_args *args = (struct clone_args *)stuff;
if (execvp(args->argv[0], args->argv) != 0) {
fprintf(stderr, "failed to execvp argments %s\n",
strerror(errno));
exit(-1);
}
// we should never reach here!
exit(EXIT_FAILURE);
}
int main(int argc, char **argv)
{
struct clone_args args;
args.argv = &argv[1];
int clone_flags = CLONE_NEWNS | CLONE_NEWPID | SIGCHLD;
// allocate stack for child
char *stack; /* Start of stack buffer */
char *child_stack; /* End of stack buffer */
stack =
mmap(NULL, STACK_SIZE, PROT_READ | PROT_WRITE,
MAP_SHARED | MAP_ANON | MAP_STACK, -1, 0);
if (stack == MAP_FAILED) {
fprintf(stderr, "mmap failed: %s\n", strerror(errno));
exit(EXIT_FAILURE);
}
child_stack = stack + STACK_SIZE; /* Assume stack grows downward */
// the result of this call is that our child_exec will be run in another
// process returning it's pid
pid_t pid = clone(child_exec, child_stack, clone_flags, &args);
if (pid < 0) {
fprintf(stderr, "clone failed: %s\n", strerror(errno));
exit(EXIT_FAILURE);
}
// lets wait on our child process here before we, the parent, exits
if (waitpid(pid, NULL, 0) == -1) {
fprintf(stderr, "failed to wait pid %d\n", pid);
exit(EXIT_FAILURE);
}
exit(EXIT_SUCCESS);
}

63
vendor/github.com/hyperhq/hypercli/contrib/syscall-test/userns.c generated vendored Normal file
View File

@@ -0,0 +1,63 @@
#define _GNU_SOURCE
#include <errno.h>
#include <sched.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/mman.h>
#include <sys/wait.h>
#include <unistd.h>
#define STACK_SIZE (1024 * 1024) /* Stack size for cloned child */
struct clone_args {
char **argv;
};
// child_exec is the func that will be executed as the result of clone
static int child_exec(void *stuff)
{
struct clone_args *args = (struct clone_args *)stuff;
if (execvp(args->argv[0], args->argv) != 0) {
fprintf(stderr, "failed to execvp argments %s\n",
strerror(errno));
exit(-1);
}
// we should never reach here!
exit(EXIT_FAILURE);
}
int main(int argc, char **argv)
{
struct clone_args args;
args.argv = &argv[1];
int clone_flags = CLONE_NEWUSER | SIGCHLD;
// allocate stack for child
char *stack; /* Start of stack buffer */
char *child_stack; /* End of stack buffer */
stack =
mmap(NULL, STACK_SIZE, PROT_READ | PROT_WRITE,
MAP_SHARED | MAP_ANON | MAP_STACK, -1, 0);
if (stack == MAP_FAILED) {
fprintf(stderr, "mmap failed: %s\n", strerror(errno));
exit(EXIT_FAILURE);
}
child_stack = stack + STACK_SIZE; /* Assume stack grows downward */
// the result of this call is that our child_exec will be run in another
// process returning it's pid
pid_t pid = clone(child_exec, child_stack, clone_flags, &args);
if (pid < 0) {
fprintf(stderr, "clone failed: %s\n", strerror(errno));
exit(EXIT_FAILURE);
}
// lets wait on our child process here before we, the parent, exits
if (waitpid(pid, NULL, 0) == -1) {
fprintf(stderr, "failed to wait pid %d\n", pid);
exit(EXIT_FAILURE);
}
exit(EXIT_SUCCESS);
}

3
vendor/github.com/hyperhq/hypercli/contrib/udev/80-docker.rules generated vendored Normal file
View File

@@ -0,0 +1,3 @@
# hide docker's loopback devices from udisks, and thus from user desktops
SUBSYSTEM=="block", ENV{DM_NAME}=="docker-*", ENV{UDISKS_PRESENTATION_HIDE}="1", ENV{UDISKS_IGNORE}="1"
SUBSYSTEM=="block", DEVPATH=="/devices/virtual/block/loop*", ATTR{loop/backing_file}=="/var/lib/docker/*", ENV{UDISKS_PRESENTATION_HIDE}="1", ENV{UDISKS_IGNORE}="1"

50
vendor/github.com/hyperhq/hypercli/contrib/vagrant-docker/README.md generated vendored Normal file
View File

@@ -0,0 +1,50 @@
# Vagrant integration
Currently there are at least 4 different projects that we are aware of that deals
with integration with [Vagrant](http://vagrantup.com/) at different levels. One
approach is to use Docker as a [provisioner](http://docs.vagrantup.com/v2/provisioning/index.html)
which means you can create containers and pull base images on VMs using Docker's
CLI and the other is to use Docker as a [provider](http://docs.vagrantup.com/v2/providers/index.html),
meaning you can use Vagrant to control Docker containers.
### Provisioners
* [Vocker](https://github.com/fgrehm/vocker)
* [Ventriloquist](https://github.com/fgrehm/ventriloquist)
### Providers
* [docker-provider](https://github.com/fgrehm/docker-provider)
* [vagrant-shell](https://github.com/destructuring/vagrant-shell)
## Setting up Vagrant-docker with the Remote API
The initial Docker upstart script will not work because it runs on `127.0.0.1`, which is not accessible to the host machine. Instead, we need to change the script to connect to `0.0.0.0`. To do this, modify `/etc/init/docker.conf` to look like this:
```
description "Docker daemon"
start on filesystem
stop on runlevel [!2345]
respawn
script
/usr/bin/docker daemon -H=tcp://0.0.0.0:2375
end script
```
Once that's done, you need to set up a SSH tunnel between your host machine and the vagrant machine that's running Docker. This can be done by running the following command in a host terminal:
```
ssh -L 2375:localhost:2375 -p 2222 vagrant@localhost
```
(The first 2375 is what your host can connect to, the second 2375 is what port Docker is running on in the vagrant machine, and the 2222 is the port Vagrant is providing for SSH. If VirtualBox is the VM you're using, you can see what value "2222" should be by going to: Network > Adapter 1 > Advanced > Port Forwarding in the VirtualBox GUI.)
Note that because the port has been changed, to run docker commands from within the command line you must run them like this:
```
sudo docker -H 0.0.0.0:2375 < commands for docker >
```