6 files changed, 118 insertions, 91 deletions
diff --git a/recipes-containers/docker/README.rootless b/recipes-containers/docker/README.rootless
new file mode 100644
index 00000000..973d72e9
--- /dev/null
+++ b/recipes-containers/docker/README.rootless
@@ -0,0 +1,39 @@
+    1  docker pull alpine
+    2  cd /var/lib/containers/storage/
+    3  ll
+    4  ls
+    5  ls -alF
+    6  ls overlay
+    7  ls overlay/
+    8  ls overlay/d4fc045c9e3a848011de66f34b81f052d4f2c15a17bb196d637e526349601820/
+    9  ll
+   10  ls -alF
+   11  cd ..
+   12  ls -alF
+   13  ls cache/
+   14  cd storage/
+   15  ll
+   16  ls alF
+   17  ls -alF
+   18  ls
+   19  cd
+   20  skopeo
+   21  ls /var/lib/docker/
+   22  ls /var/lib/docker/
+   23  cd /var/lib/docker/
+   24  ll
+   25  alias ll="ls -alF"
+   26  ll
+   27  ls containers/
+   28  ls overlay2/
+   29  skopeo --help
+   30  skopeo copy
+   31  docker images
+   32  cd
+   33  skopeo copy docker-daemon:alpine oci:alpine
+   34  skopeo copy docker-daemon:alpine:latest oci:alpine
+   35  ls alpine/
+   36  skopeo copy oci:alpine  docker-daemon:bruce:latest
+   37  docker images
+   38  docker run -it bruce /bin/sh
diff --git a/recipes-containers/docker/docker-moby_git.bb b/recipes-containers/docker/docker-moby_git.bb
index 0abb0b3f..dfbfa706 100644
--- a/recipes-containers/docker/docker-moby_git.bb
+++ b/recipes-containers/docker/docker-moby_git.bb
@@ -44,18 +44,16 @@ DESCRIPTION = "Linux container runtime \
 # so we get that tag, and make it our SRCREVS:
 #
-SRCREV_moby = "f417435e5f6216828dec57958c490c4f8bae4f98"
+SRCREV_moby = "bbd0a17ccc67e48d4a69393287b7fcc4f0578683"
-SRCREV_libnetwork = "67e0588f1ddfaf2faf4c8cae8b7ea2876434d91c"
+SRCREV_cli = "068a01ea9470df6494cc92d9e64e240805ae47a7"
-SRCREV_cli = "01f933261885c0126edb3f47fd56d048ae31265a"
+SRCREV_FORMAT = "moby"
-SRCREV_FORMAT = "moby_libnetwork"
 SRC_URI = "\
-        git://github.com/moby/moby.git;branch=25.0;name=moby;protocol=https \
+        git://github.com/moby/moby.git;nobranch=1;name=moby;protocol=https;destsuffix=${GO_SRCURI_DESTSUFFIX} \
-        git://github.com/docker/libnetwork.git;branch=master;name=libnetwork;destsuffix=git/libnetwork;protocol=https \
+        git://github.com/docker/cli;nobranch=1;name=cli;destsuffix=git/cli;protocol=https \
-        git://github.com/docker/cli;branch=25.0;name=cli;destsuffix=git/cli;protocol=https \
        file://docker.init \
-        file://0001-libnetwork-use-GO-instead-of-go.patch \
        file://0001-cli-use-external-GO111MODULE-and-cross-compiler.patch \
        file://0001-dynbinary-use-go-cross-compiler.patch;patchdir=src/import \
+        file://0001-check-config-make-CONFIG_MEMCG_SWAP-conditional.patch;patchdir=src/import \
        "
 DOCKER_COMMIT = "${SRCREV_moby}"
@@ -66,7 +64,7 @@ require docker.inc
 LICENSE = "Apache-2.0"
 LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=4859e97a9c7780e77972d989f0823f28"
-DOCKER_VERSION = "25.0.3"
+DOCKER_VERSION = "28.0.1"
 PV = "${DOCKER_VERSION}+git${SRCREV_moby}"
 CVE_PRODUCT = "docker mobyproject:moby"
diff --git a/recipes-containers/docker/docker.inc b/recipes-containers/docker/docker.inc
index 48f7d3ec..05a14f97 100644
--- a/recipes-containers/docker/docker.inc
+++ b/recipes-containers/docker/docker.inc
@@ -36,17 +36,21 @@ GO_IMPORT = "import"
 S = "${WORKDIR}/git"
 inherit systemd update-rc.d
 inherit go
 inherit goarch
 inherit pkgconfig
+REQUIRED_DISTRO_FEATURES ?= "seccomp ipv6"
+inherit features_check
 do_configure[noexec] = "1"
 # Export for possible use in Makefiles, default value comes from go.bbclass
 export GO_LINKSHARED
-DOCKER_PKG="github.com/docker/docker"
+DOCKER_PKG = "github.com/docker/docker"
 # in order to exclude devicemapper and btrfs - https://github.com/docker/docker/issues/14056
 BUILD_TAGS ?= "exclude_graphdriver_btrfs exclude_graphdriver_devicemapper"
@@ -60,8 +64,7 @@ do_compile() {
        ln -sf ../../../.. .gopath/src/"${DOCKER_PKG}"
        
        mkdir -p .gopath/src/github.com/docker
-        ln -sf ${WORKDIR}/git/libnetwork .gopath/src/github.com/docker/libnetwork
+        ln -sf ${S}/cli .gopath/src/github.com/docker/cli
-        ln -sf ${WORKDIR}/git/cli .gopath/src/github.com/docker/cli
        export GOPATH="${S}/src/import/.gopath:${S}/src/import/vendor"
        export GOROOT="${STAGING_DIR_NATIVE}/${nonarch_libdir}/${HOST_SYS}/go"
@@ -90,17 +93,13 @@ do_compile() {
        export LDFLAGS=""
        export DOCKER_VERSION=${DOCKER_VERSION}
        VERSION="${DOCKER_VERSION}" DOCKER_GITCOMMIT="${DOCKER_COMMIT}" make dynbinary
-        # build the proxy
-        cd ${S}/src/import/.gopath/src/github.com/docker/libnetwork
-        oe_runmake cross-local
 }
 do_install() {
        mkdir -p ${D}/${bindir}
-        cp ${WORKDIR}/git/cli/build/docker ${D}/${bindir}/docker
+        cp ${S}/cli/build/docker ${D}/${bindir}/docker
        cp ${S}/src/import/bundles/dynbinary-daemon/dockerd ${D}/${bindir}/dockerd
-        cp ${WORKDIR}/git/libnetwork/bin/docker-proxy* ${D}/${bindir}/docker-proxy
+        cp ${S}/src/import/bundles/dynbinary-daemon/docker-proxy ${D}/${bindir}/docker-proxy
        if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
                install -d ${D}${systemd_unitdir}/system
@@ -110,7 +109,7 @@ do_install() {
                rm -f ${D}/${systemd_unitdir}/system/docker.service.rpm
        else
                install -d ${D}${sysconfdir}/init.d
-                install -m 0755 ${WORKDIR}/docker.init ${D}${sysconfdir}/init.d/docker.init
+                install -m 0755 ${UNPACKDIR}/docker.init ${D}${sysconfdir}/init.d/docker.init
        fi
        # TLS key that docker creates at run-time if not found is what resides here
        if ${@bb.utils.contains('PACKAGECONFIG','transient-config','true','false',d)}; then
@@ -126,7 +125,7 @@ do_install() {
 SYSTEMD_PACKAGES = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${PN}','',d)}"
-SYSTEMD_SERVICE:${PN} = "${@bb.utils.contains('DISTRO_FEATURES','systemd','docker.socket','',d)}"
+SYSTEMD_SERVICE:${PN} = "${@bb.utils.contains('DISTRO_FEATURES','systemd','docker.service docker.socket','',d)}"
 SYSTEMD_AUTO_ENABLE:${PN} = "enable"
 # inverted logic warning. We ony want the sysvinit init to be installed if systemd
diff --git a/recipes-containers/docker/files/0001-check-config-make-CONFIG_MEMCG_SWAP-conditional.patch b/recipes-containers/docker/files/0001-check-config-make-CONFIG_MEMCG_SWAP-conditional.patch
new file mode 100644
index 00000000..30b1a7d8
--- /dev/null
+++ b/recipes-containers/docker/files/0001-check-config-make-CONFIG_MEMCG_SWAP-conditional.patch
@@ -0,0 +1,56 @@
+From 28c115da3c6c2e6edda08c30a779f1ffaab2fbc7 Mon Sep 17 00:00:00 2001
+From: Bruce Ashfield <bruce.ashfield@gmail.com>
+Date: Fri, 18 Oct 2024 18:27:16 +0000
+Subject: [PATCH] check-config: make CONFIG_MEMCG_SWAP conditional
+Kernel's equal to or greater than 6.1 no longer have this
+option. See this kernel commit:
+   commit e55b9f96860f6c6026cff97966a740576285e07b
+   Author: Johannes Weiner <hannes@cmpxchg.org>
+   Date:   Mon Sep 26 09:57:04 2022 -0400
+       mm: memcontrol: drop dead CONFIG_MEMCG_SWAP config symbol
+       Since 2d1c498072de ("mm: memcontrol: make swap tracking an integral part
+       of memory control"), CONFIG_MEMCG_SWAP hasn't been a user-visible config
+       option anymore, it just means CONFIG_MEMCG && CONFIG_SWAP.
+       Update the sites accordingly and drop the symbol.
+       [ While touching the docs, remove two references to CONFIG_MEMCG_KMEM,
+         which hasn't been a user-visible symbol for over half a decade. ]
+       Link: https://lkml.kernel.org/r/20220926135704.400818-5-hannes@cmpxchg.org
+       Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
+       Acked-by: Shakeel Butt <shakeelb@google.com>
+       Cc: Hugh Dickins <hughd@google.com>
+       Cc: Michal Hocko <mhocko@suse.com>
+       Cc: Roman Gushchin <roman.gushchin@linux.dev>
+       Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Upstream-Status: Inappropriate [embedded specific]
+Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
+---
+ contrib/check-config.sh | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+diff --git a/contrib/check-config.sh b/contrib/check-config.sh
+index b9cc6bf87d..3124548d99 100755
+--- a/contrib/check-config.sh
+++ b/contrib/check-config.sh
+@@ -266,7 +266,9 @@ echo 'Optional Features:'
+        check_flags CGROUP_PIDS
+ }
+ {
+-       check_flags MEMCG_SWAP
+       if [ "$kernelMajor" -lt 6 ] || [ "$kernelMajor" -eq 6 -a "$kernelMinor" -le 1 ]; then
+               check_flags MEMCG_SWAP
+       fi
+        # Kernel v5.8+ removes MEMCG_SWAP_ENABLED.
+        if [ "$kernelMajor" -lt 5 ] || [ "$kernelMajor" -eq 5 -a "$kernelMinor" -le 8 ]; then
+                CODE=${EXITCODE}
+-- 
+2.39.2
diff --git a/recipes-containers/docker/files/0001-dynbinary-use-go-cross-compiler.patch b/recipes-containers/docker/files/0001-dynbinary-use-go-cross-compiler.patch
index 160a3bca..9079d81e 100644
--- a/recipes-containers/docker/files/0001-dynbinary-use-go-cross-compiler.patch
+++ b/recipes-containers/docker/files/0001-dynbinary-use-go-cross-compiler.patch
@@ -48,7 +48,7 @@ Index: import/hack/make/.binary
                echo -n '.exe'
        fi
 }
-@@ -16,33 +16,12 @@
+@@ -16,31 +16,10 @@
 (
        export GOGC=${DOCKER_BUILD_GOGC:-1000}
 
@@ -73,17 +73,15 @@ Index: import/hack/make/.binary
 -               fi
 -       fi
 -
-        # -buildmode=pie is not supported on Windows arm64 and Linux mips*, ppc64be
-        # https://github.com/golang/go/blob/go1.19.4/src/cmd/internal/sys/supported.go#L125-L132
        if ! [ "$DOCKER_STATIC" = "1" ]; then
                # -buildmode=pie not supported when -race is enabled
                if [[ " $BUILDFLAGS " != *" -race "* ]]; then
 -                       case "$(go env GOOS)/$(go env GOARCH)" in
 +                       case "$(${GO} env GOOS)/$(${GO} env GOARCH)" in
-                                windows/arm64 | linux/mips* | linux/ppc64) ;;
+                                linux/mips* | linux/ppc64)
-                                *)
+                                        # -buildmode=pie is not supported on Linux mips*, ppc64be
-                                        BUILDFLAGS+=("-buildmode=pie")
+                                        # https://github.com/golang/go/blob/go1.23.0/src/internal/platform/supported.go#L189-L197
-@@ -66,11 +45,11 @@
+@@ -67,11 +46,11 @@
        # only necessary for non-sandboxed invocation where TARGETPLATFORM is empty
        PLATFORM_NAME=$TARGETPLATFORM
        if [ -z "$PLATFORM_NAME" ]; then
@@ -100,7 +98,7 @@ Index: import/hack/make/.binary
                fi
        fi
 
-@@ -82,7 +61,7 @@
+@@ -95,7 +74,7 @@
        if [ -n "$DOCKER_DEBUG" ]; then
                set -x
        fi
diff --git a/recipes-containers/docker/files/0001-libnetwork-use-GO-instead-of-go.patch b/recipes-containers/docker/files/0001-libnetwork-use-GO-instead-of-go.patch
deleted file mode 100644
index f94f73e4..00000000
--- a/recipes-containers/docker/files/0001-libnetwork-use-GO-instead-of-go.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From 04c07804930faad708218a3134c81de06a9c742a Mon Sep 17 00:00:00 2001
-From: Bruce Ashfield <bruce.ashfield@windriver.com>
-Date: Fri, 6 Apr 2018 23:58:22 -0400
-Subject: [PATCH] libnetwork: use $(GO) instead of go
-Ensure that the libnetwork makefile uses the go cross flags and
-utilities.
-Upstream-Status: Inappropriate [embedded specific]
-Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
---
- Makefile | 14 +++++++-------
- 1 file changed, 7 insertions(+), 7 deletions(-)
-Index: git/libnetwork/Makefile
-===================================================================
--- git.orig/libnetwork/Makefile
-+++ git/libnetwork/Makefile
-@@ -45,10 +45,10 @@
- build-local:
-        @echo "🐳 $@"
-        @mkdir -p "bin"
-       GO111MODULE=off go build -tags experimental -o "bin/dnet" ./cmd/dnet
-       GO111MODULE=off go build -o "bin/docker-proxy" ./cmd/proxy
-       CGO_ENABLED=0 go build -o "bin/diagnosticClient" ./cmd/diagnostic
-       CGO_ENABLED=0 go build -o "bin/testMain" ./cmd/networkdb-test/testMain.go
-+       GO111MODULE=off $(GO) build -trimpath -tags experimental -o "bin/dnet" ./cmd/dnet
-+       GO111MODULE=off $(GO) build -trimpath -o "bin/docker-proxy" ./cmd/proxy
-+       CGO_ENABLED=0 $(GO) build -trimpath -o "bin/diagnosticClient" ./cmd/diagnostic
-+       CGO_ENABLED=0 $(GO) build -trimpath -o "bin/testMain" ./cmd/networkdb-test/testMain.go
- 
- build-images:
-        @echo "🐳 $@"
-@@ -82,8 +82,8 @@
- 
- cross-local:
-        @echo "🐳 $@"
-       GO111MODULE=off go build -o "bin/dnet-$$GOOS-$$GOARCH" ./cmd/dnet
-       GO111MODULE=off go build -o "bin/docker-proxy-$$GOOS-$$GOARCH" ./cmd/proxy
-+       GO111MODULE=off $(GO) build -trimpath $(GO_LINKSHARED) $(GOBUILDFLAGS) -o "bin/dnet-$$GOOS-$$GOARCH" ./cmd/dnet
-+       GO111MODULE=off $(GO) build -trimpath  $(GO_LINKSHARED) $(GOBUILDFLAGS) -o "bin/docker-proxy-$$GOOS-$$GOARCH" ./cmd/proxy
- 
- # Rebuild protocol buffers.
- # These may need to be rebuilt after vendoring updates, so .proto files are declared .PHONY so they are always rebuilt.
-@@ -130,7 +130,7 @@
-        if ls $$dir/*.go &> /dev/null; then \
-                pushd . &> /dev/null ; \
-                cd $$dir ; \
-               go test ${INSIDECONTAINER} -test.parallel 5 -test.v -covermode=count -coverprofile=./profile.tmp ; \
-+               $(GO) test ${INSIDECONTAINER} -test.parallel 5 -test.v -covermode=count -coverprofile=./profile.tmp ; \
-                ret=$$? ;\
-                if [ $$ret -ne 0 ]; then exit $$ret; fi ;\
-                popd &> /dev/null; \
-@@ -145,7 +145,7 @@
- # Depends on binaries because vet will silently fail if it can not load compiled imports
- vet: ## run go vet
-        @echo "🐳 $@"
-       @test -z "$$(go vet ${PACKAGES} 2>&1 | grep -v 'constant [0-9]* not a string in call to Errorf' | egrep -v '(timestamp_test.go|duration_test.go|exit status 1)' | tee /dev/stderr)"
-+       @test -z "$$($(GO) vet ${PACKAGES} 2>&1 | grep -v 'constant [0-9]* not a string in call to Errorf' | egrep -v '(timestamp_test.go|duration_test.go|exit status 1)' | tee /dev/stderr)"
- 
- misspell:
-        @echo "🐳 $@"