Merge branch 'main' into nvidia-support-core24

canonical · Jan 14, 2025 · 8108c4a · 8108c4a
2 parents a76eddf + 7d5e826
commit 8108c4a
Show file tree

Hide file tree

Showing 7 changed files with 228 additions and 32 deletions.
diff --git a/.github/ISSUE_TEMPLATE/bug.yaml b/.github/ISSUE_TEMPLATE/bug.yaml
@@ -0,0 +1,65 @@
+name: Bug Report
+description: File a bug report
+labels: "Bug"
+body:
+  - type: markdown
+    attributes:
+      value: >
+        Thanks for taking the time to fill out this bug report! Before
+        submitting your issue, make sure this has not been already
+        reported or if it works with the latest published version
+        of Docker snap.
+
+  - type: textarea
+    id: bug-description
+    attributes:
+      label: Bug description
+      description: >
+        If applicable, add screenshots to help explain your problem.
+    validations:
+      required: true
+
+  - type: textarea
+    id: reproduction
+    attributes:
+      label: To reproduce
+      description: >
+        Provide a step-by-step instruction on how to reproduce the behavior.
+    validations:
+      required: true
+
+  - type: textarea
+    id: environment
+    attributes:
+      label: Environment information for bug reproduction
+      description: >
+        Kindly copy **all** the commands below, run them in your terminal,
+        and share the results here.
+          ```bash
+            echo -e "\nDocker snap information:"
+            snap list docker
+
+            echo -e "\nPlug Connections:"
+            snap connections docker
+
+            echo -e "\nSnapd information:"
+            snap version
+
+            echo -e "\nOS release:"
+            cat /etc/os-release
+
+            echo -e "\nKernel and architecture:"
+            uname -rvm
+          ```
+      render: shell
+    validations:
+      required: true
+
+  - type: textarea
+    id: logs
+    attributes:
+      label: Additional information
+      description: >
+        Provide any additional information, including relevant logs.
+    validations:
+      required: true
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1,5 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Docker snap discussions
+    url: https://github.com/canonical/docker-snap/discussions
+    about: Questions regarding Docker snap usage
diff --git a/.github/ISSUE_TEMPLATE/feature.yaml b/.github/ISSUE_TEMPLATE/feature.yaml
@@ -0,0 +1,25 @@
+name: Task
+description: File an enhancement proposal
+labels: "Enhancement"
+body:
+  - type: markdown
+    attributes:
+      value: >
+        Thanks for taking the time to fill out this enhancement
+        proposal! Before submitting your issue, please make sure there
+        isn't already a prior issue concerning this. If there is,
+        please join that discussion instead.
+
+  - type: textarea
+    id: enhancement-proposal-what
+    attributes:
+      label: What needs to get done
+    validations:
+      required: true
+
+  - type: textarea
+    id: enhancement-proposal-why
+    attributes:
+      label: Why it needs to get done
+    validations:
+      required: true
diff --git a/.github/workflows/smoke-test.yml b/.github/workflows/smoke-test.yml
@@ -133,6 +133,14 @@ jobs:
       - name: Hello World
         run: sudo docker run --rm hello-world
 
+      - name: Hello World (syslog)
+        run: |
+          trap 'echo -e "\nerror, sad day ($?)"; sleep 1; sudo snap logs -n=20 docker.dockerd; sleep 1; sudo tail -n20 /var/log/*.log; sudo dmesg | tail -n20; sudo journalctl --no-pager | grep DENIED | grep docker' ERR
+          expectedOutput="testing-syslog-log-driver-$RANDOM-$RANDOM"
+          sudo docker run --name test-syslog --log-driver syslog bash -c 'echo "$@"' -- "$expectedOutput"
+          actualOutput="$(sudo docker logs test-syslog)"
+          [ "$actualOutput" = "$expectedOutput" ]
+          docker rm test-syslog
 
       - name: Hello World (journald)
         # NOTE: Test temporarily disabled on Noble due to a known issue with journald on Noble systems affecting docker-snap.

diff --git a/README.md b/README.md
@@ -21,13 +21,12 @@ Additional access is granted via [snap interfaces](https://snapcraft.io/docs/int
 Upon installation using the above command, the snap connects automatically to the following system interface slots:
 - [docker-support](https://snapcraft.io/docs/docker-support-interface)
 - [firewall-control](https://snapcraft.io/docs/firewall-control-interface)
-- [home](https://snapcraft.io/docs/home-interface)
+- [home](https://snapcraft.io/docs/home-interface) - only on classic/traditional distributions
 - [network](https://snapcraft.io/docs/network-interface)
 - [network-bind](https://snapcraft.io/docs/network-bind-interface)
 - [network-control](https://snapcraft.io/docs/network-control-interface)
 - [opengl](https://snapcraft.io/docs/opengl-interface)
 
-
 If you are using Ubuntu Core 16, connect the `docker:home` plug as it's not auto-connected by default:
 
 ```shell
@@ -182,6 +181,7 @@ sudo snap connect docker:support :docker-support
 sudo snap connect docker:firewall-control :firewall-control
 sudo snap connect docker:network-control :network-control
 sudo snap connect docker:docker-cli docker:docker-daemon
+sudo snap connect docker:home
 
 sudo snap disable docker
 sudo snap enable docker
@@ -192,4 +192,4 @@ sudo snap enable docker
 The snap has various tests in place:
 - [Automated smoke testing via a Github workflow](.github/workflows/smoke-test.yml)
 - [Nvidia testing via Testflinger](.github/workflows/testflinger/README.md)
-- [Spread tests](spread.md)
+- [Spread tests](spread.md)
diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml
@@ -1,39 +1,13 @@
 name: docker
-#title: Docker
 version: '27.4.1'
 summary: Docker container runtime
-description: |
-  Build and run container images with Docker.
-
-  **Usage**
-
-  * This build can only access files in the home directory. So Dockerfiles and all other files used in commands like `docker build`, `docker save` and `docker load` need to be in $HOME.
-  * You can change the configuration of this build by modifying the files in `/var/snap/docker/current/`.
-  * Additional certificates used by the Docker daemon to authenticate with registries need to be added in `/var/snap/docker/current/etc/docker/certs.d` (instead of `/etc/docker/certs.d`). This directory can be accessed by other snaps using the `docker-registry-certificates` content interface.
-  * Specifying the option `--security-opt="no-new-privileges=true"` with the `docker run` command (or the equivalent in docker-compose) will result in a failure of the container to start. This is due to an an underlying external constraint on AppArmor (see https://bugs.launchpad.net/snappy/+bug/1908448 for details).
-
-  **Running Docker as normal user**
-
-  By default, Docker is only accessible with root privileges (`sudo`). If you want to use docker as a regular user, you need to add your user to the `docker` group.
-
-      sudo addgroup --system docker
-      sudo adduser $USER docker
-      newgrp docker
-      sudo snap disable docker
-      sudo snap enable docker
-
-  **Warning:** if you add your user to the `docker` group, it will have similar power as the `root` user. For details on how this impacts security in your system, see https://docs.docker.com/engine/security/#docker-daemon-attack-surface
-
-  **Authors**
-
-  This snap is built by Canonical based on source code published by Docker, Inc. It is not endorsed or published by Docker, Inc.
-
-  Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries. Docker, Inc. and other parties may also have trademark rights in other terms used herein.
+description: Refer to https://snapcraft.io/docker
 license: (Apache-2.0 AND MIT AND GPL-2.0)
+
 grade: stable
+confinement: strict
 
 base: core24
-confinement: strict
 assumes:
   - snapd2.59.1
 

diff --git a/upgrade.sh b/upgrade.sh
@@ -0,0 +1,119 @@
+#!/bin/bash
+
+set -eux
+
+fetch_latest() {
+  # Fetch latest version from Github releases API
+  LATEST=$(curl -s "https://api.github.com/repos/moby/moby/releases?per_page=1" | jq -r '.[0].tag_name')
+}
+
+# Validate the version format
+validate_version() {
+  # Original simplified RegEx:
+  # v\d+.\d+.\d+\-*(rc.\d|rc\d|beta.\d)*
+  # By analysing the last tags on github.com/moby/moby/tags
+  # of last 3 years (since 2021).
+  if [[ "$LATEST" =~ ^v[0-9]+\.[0-9]+\.[0-9]+(-rc\.[0-9]|rc[0-9]|beta\.[0-9])?$ ]]; then
+    echo "$LATEST matches the regex."
+  else
+    echo "Version doesn't match known pattern."
+    exit 1
+  fi
+}
+
+check_yq() {
+  if ! command -v yq &>/dev/null; then
+    echo -e "yq is not installed."
+    echo -e "Please run:"
+    echo -e "\tsudo snap install yq"
+    exit 1
+  fi
+}
+
+check_new_version() {
+  if [[ "$CURRENT" == "$LATEST" ]]; then
+    echo -e "Docker snap is already updated\n"
+    exit 0
+  fi
+}
+
+main() {
+  check_yq
+
+  # Define the path to the YAML file
+  yaml_file="snap/snapcraft.yaml"
+
+  CURRENT=$(yq e '.parts.engine.source-tag' "$yaml_file")
+
+  fetch_latest
+
+  echo "Latest TAG: $LATEST"
+
+  validate_version
+
+  check_new_version
+
+  SNAP_VERSION=${LATEST#v}
+  echo -e "New snap version $SNAP_VERSION"
+
+  echo "The latest version of moby is: $LATEST"
+
+  # Fetch the Dockerfile
+  dockerfile=$(curl -s "https://raw.githubusercontent.com/moby/moby/refs/tags/$LATEST/Dockerfile")
+
+  # Declare variables and their corresponding regex patterns
+  declare -A variables=(
+    [GO_VERSION]='^ARG GO_VERSION='
+    [CONTAINERD_VERSION]='^ARG CONTAINERD_VERSION='
+    [RUNC_VERSION]='^ARG RUNC_VERSION='
+    [TINI_VERSION]='^ARG TINI_VERSION='
+    [DOCKERCLI_VERSION]='^ARG DOCKERCLI_VERSION='
+    [BUILDX_VERSION]='^ARG BUILDX_VERSION='
+    [COMPOSE_VERSION]='^ARG COMPOSE_VERSION='
+  )
+
+  # Extract versions using a loop
+  for var in "${!variables[@]}"; do
+    value=$(echo "$dockerfile" | awk -F= "/${variables[$var]}/ {print \$2}")
+
+    # Handle special cases: GO_VERSION and BUILDX_VERSION
+    if [[ "$var" == "GO_VERSION" ]]; then
+      # for GO_VERSION Extract major.minor
+      value=$(echo "$value" | awk -F. '{print $1 "." $2}')
+    elif [[ "$var" == "BUILDX_VERSION" && $value != v* ]]; then
+      value="v$value" # Prepend 'v' if missing
+    fi
+
+    declare "$var=$value"
+    echo "$var: ${!var}"
+  done
+
+  # Replace the `version:` field with the value of $SNAP_VERSION
+  yq -i ".version = \"$SNAP_VERSION\"" "$yaml_file"
+
+  # Replace fields in YAML using a loop
+  declare -A yaml_updates=(
+    [engine.source-tag]=$LATEST
+    [containerd.source-tag]=$CONTAINERD_VERSION
+    [runc.source-tag]=$RUNC_VERSION
+    [tini.source-tag]=$TINI_VERSION
+    [docker-cli.source-tag]=$DOCKERCLI_VERSION
+    [buildx.source-tag]=$BUILDX_VERSION
+    [compose-v2.source-tag]=$COMPOSE_VERSION
+  )
+
+  for part in "${!yaml_updates[@]}"; do
+    yq -i ".parts.${part} = \"${yaml_updates[$part]}\"" "$yaml_file"
+  done
+
+  # Replace `build-snaps` for `engine` with $GO_VERSION
+  yq -i '.parts.engine."build-snaps"[0] |= sub("[0-9]+\.[0-9]+", "'"$GO_VERSION"'")' "$yaml_file"
+
+  # Replace the remaining comments
+  sed -i "s/$CURRENT/$LATEST/g" "$yaml_file"
+
+  echo "YAML file updated successfully."
+
+}
+
+main