From 7e9020dab454f86939243279de9a9a3192b59d18 Mon Sep 17 00:00:00 2001
From: Leona Maroni <dev@leona.is>
Date: Sat, 21 Dec 2024 13:30:39 +0100
Subject: [PATCH 1/2] docker_24: drop

---
 .../manual/release-notes/rl-2505.section.md   |  2 ++
 .../virtualization/docker/default.nix         | 31 -------------------
 pkgs/top-level/aliases.nix                    |  1 +
 pkgs/top-level/all-packages.nix               |  2 +-
 4 files changed, 4 insertions(+), 32 deletions(-)

diff --git a/nixos/doc/manual/release-notes/rl-2505.section.md b/nixos/doc/manual/release-notes/rl-2505.section.md
index fcbb79618dcfc..184fde174b449 100644
--- a/nixos/doc/manual/release-notes/rl-2505.section.md
+++ b/nixos/doc/manual/release-notes/rl-2505.section.md
@@ -160,6 +160,8 @@
 
 - `matomo` now defaults to version 5 (previously available as `matomo_5`). Version 4 has been removed as it reached EOL on December 19, 2024.
 
+- `docker_24` has been removed, as it was EOL with vulnerabilites since June 08, 2024.
+
 - `containerd` has been updated to v2, which contains breaking changes. See the [containerd
   2.0](https://github.com/containerd/containerd/blob/main/docs/containerd-2.0.md) documentation for more
   details.
diff --git a/pkgs/applications/virtualization/docker/default.nix b/pkgs/applications/virtualization/docker/default.nix
index 2e3f16108309c..5f9b0d4a2871d 100644
--- a/pkgs/applications/virtualization/docker/default.nix
+++ b/pkgs/applications/virtualization/docker/default.nix
@@ -127,17 +127,6 @@ rec {
           url = "https://github.com/moby/moby/pull/43136.patch";
           hash = "sha256-1WZfpVnnqFwLMYqaHLploOodls0gHF8OCp7MrM26iX8=";
         })
-      ] ++ lib.optionals (lib.versions.major version == "24") [
-        # docker_24 has LimitNOFILE set to "infinity", which causes a wide variety of issues in containers.
-        # Issues range from higher-than-usual ressource usage, to containers not starting at all.
-        # This patch (part of the release candidates for docker_25) simply removes this unit option
-        # making systemd use its default "1024:524288", which is sane. See commit message and/or the PR for
-        # more details: https://github.com/moby/moby/pull/45534
-        (fetchpatch {
-          name = "LimitNOFILE-systemd-default.patch";
-          url = "https://github.com/moby/moby/pull/45534/commits/c8930105bc9fc3c1a8a90886c23535cc6c41e130.patch";
-          hash = "sha256-nyGLxFrJaD0TrDqsAwOD6Iph0aHcFH9sABj1Fy74sec=";
-        })
       ];
 
       postPatch = ''
@@ -298,26 +287,6 @@ rec {
 
   # Get revisions from
   # https://github.com/moby/moby/tree/${version}/hack/dockerfile/install/*
-  docker_24 = callPackage dockerGen rec {
-    version = "24.0.9";
-    cliRev = "v${version}";
-    cliHash = "sha256-nXIZtE0X1OoQT908IGuRhVHb0tiLbqQLP0Md3YWt0/Q=";
-    mobyRev = "v${version}";
-    mobyHash = "sha256-KRS99heyMAPBnjjr7If8TOlJf6v6866S7J3YGkOhFiA=";
-    runcRev = "v1.1.12";
-    runcHash = "sha256-N77CU5XiGYIdwQNPFyluXjseTeaYuNJ//OsEUS0g/v0=";
-    containerdRev = "v1.7.13";
-    containerdHash = "sha256-y3CYDZbA2QjIn1vyq/p1F1pAVxQHi/0a6hGWZCRWzyk=";
-    tiniRev = "v0.19.0";
-    tiniHash = "sha256-ZDKu/8yE5G0RYFJdhgmCdN3obJNyRWv6K/Gd17zc1sI=";
-    knownVulnerabilities = [
-      "CVE-2024-23651"
-      "CVE-2024-23652"
-      "CVE-2024-23653"
-      "CVE-2024-41110"
-    ];
-  };
-
   docker_25 = callPackage dockerGen rec {
     version = "25.0.6";
     cliRev = "v${version}";
diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix
index df876854663d0..1d8c8605f94ec 100644
--- a/pkgs/top-level/aliases.nix
+++ b/pkgs/top-level/aliases.nix
@@ -294,6 +294,7 @@ mapAliases {
   dnnl = throw "'dnnl' has been renamed to/replaced by 'oneDNN'"; # Converted to throw 2024-10-17
   dnscrypt-wrapper = throw "dnscrypt-wrapper was removed because it has been effectively unmaintained since 2018. Use DNSCcrypt support in dnsdist instead"; # Added 2024-09-14
   docear = throw "Docear was removed because it was unmaintained upstream. JabRef, Zotero, or Mendeley are potential replacements."; # Added 2024-11-02
+  docker_24 = throw "'docker_24' has been removed because it has been unmaintained since June 2024. Use docker_25 or newer instead."; # Added 2024-12-21
   docker-compose_1 = throw "'docker-compose_1' has been removed because it has been unmaintained since May 2021. Use docker-compose instead."; # Added 2024-07-29
   docker-distribution = distribution; # Added 2023-12-26
   dolphin-emu-beta = dolphin-emu; # Added 2023-02-11
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 136e2e6d2dcb6..f280eec7739ba 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -13488,7 +13488,7 @@ with pkgs;
   };
 
   inherit (callPackage ../applications/virtualization/docker {})
-    docker_24 docker_25 docker_26 docker_27;
+    docker_25 docker_26 docker_27;
 
   docker = docker_27;
   docker-client = docker.override { clientOnly = true; };

From ba84d7fb52e515e2293574a7ac8bc8a9978d3340 Mon Sep 17 00:00:00 2001
From: Leona Maroni <dev@leona.is>
Date: Sat, 21 Dec 2024 13:31:57 +0100
Subject: [PATCH 2/2] docker: cleanup derivation of old versionOlder

---
 .../virtualization/docker/default.nix         | 26 ++-----------------
 1 file changed, 2 insertions(+), 24 deletions(-)

diff --git a/pkgs/applications/virtualization/docker/default.nix b/pkgs/applications/virtualization/docker/default.nix
index 5f9b0d4a2871d..cbfeea6c75521 100644
--- a/pkgs/applications/virtualization/docker/default.nix
+++ b/pkgs/applications/virtualization/docker/default.nix
@@ -119,16 +119,6 @@ rec {
 
       extraUserPath = lib.optionals (stdenv.hostPlatform.isLinux && !clientOnly) (lib.makeBinPath [ rootlesskit slirp4netns fuse-overlayfs ]);
 
-      patches = lib.optionals (lib.versionOlder version "23") [
-        # This patch incorporates code from a PR fixing using buildkit with the ZFS graph driver.
-        # It could be removed when a version incorporating this patch is released.
-        (fetchpatch {
-          name = "buildkit-zfs.patch";
-          url = "https://github.com/moby/moby/pull/43136.patch";
-          hash = "sha256-1WZfpVnnqFwLMYqaHLploOodls0gHF8OCp7MrM26iX8=";
-        })
-      ];
-
       postPatch = ''
         patchShebangs hack/make.sh hack/make/ hack/with-go-mod.sh
       '';
@@ -203,7 +193,7 @@ rec {
       makeWrapper pkg-config go-md2man go libtool installShellFiles
     ];
 
-    buildInputs = plugins ++ lib.optionals (lib.versionAtLeast version "23" && stdenv.hostPlatform.isLinux) [
+    buildInputs = plugins ++ lib.optionals (stdenv.hostPlatform.isLinux) [
       glibc
       glibc.static
     ];
@@ -231,7 +221,7 @@ rec {
 
     '';
 
-    outputs = ["out"] ++ lib.optional (lib.versionOlder version "23") "man";
+    outputs = ["out"];
 
     installPhase = ''
       install -Dm755 ./build/docker $out/libexec/docker/docker
@@ -252,18 +242,6 @@ rec {
       installShellCompletion --bash ./contrib/completion/bash/docker
       installShellCompletion --fish ./contrib/completion/fish/docker.fish
       installShellCompletion --zsh  ./contrib/completion/zsh/_docker
-    '' + lib.optionalString (stdenv.hostPlatform == stdenv.buildPlatform && lib.versionOlder version "23") ''
-      # Generate man pages from cobra commands
-      echo "Generate man pages from cobra"
-      mkdir -p ./man/man1
-      go build -o ./gen-manpages github.com/docker/cli/man
-      ./gen-manpages --root . --target ./man/man1
-    '' + lib.optionalString (lib.versionOlder version "23") ''
-      # Generate legacy pages from markdown
-      echo "Generate legacy manpages"
-      ./man/md2man-all.sh -q
-
-      installManPage man/*/*.[1-9]
     '';
 
     passthru = {