Univention Bugzilla – Bug 42282
Update docker.io package to 1.12
Last modified: 2017-04-04 18:29:24 CEST
We should consider updating the docker.io package from the Jessie version 1.6.2 to something newer. Debian Stretch (testing) currently ships 1.11.2. There are quite a couple of improvements in the upstream changelog: https://github.com/docker/docker/blob/master/CHANGELOG.md I haven't evaluated the changelog fully yet, but something in the direction of content trust signing has been asked for by a customer (Ticket#2016090521000549). Docker 1.8 seems to provide that: https://blog.docker.com/2015/08/content-trust-docker-1-8/ https://docs.docker.com/engine/security/trust/content_trust/
*** Bug 41285 has been marked as a duplicate of this bug. ***
*** Bug 43215 has been marked as a duplicate of this bug. ***
For one app provider I do neeed at least docker version 1.10.
https://docs.docker.com/engine/installation/linux/debian/
I'd like to propose switching to 1.13; Mainly because it's the latest Version as of now, but 1.12 and 1.13 have very useful Features IMO. 1.12 Comes with the swarm mode, which is very handy for multiple host deployments, HA and rolling updates. 1.13 Brings nice cleanup tools (i.e. `docker system prune`). Breaks compatibility with the plugin API and all pre-1.13 installed plugins need to be installed again. Generally, Docker seldom introduces regression in new releases and every release seems to be more stable. We're seriously considering Docker at work (with swarm mode enabled) and it would be great to have it baked into UCS 4.2. Docker has Debian repositories for old-stable, stable and the next release, I guess that would packaging more easy and independent from debian-backports!? (see link by Stefan Gohmann).
Some more info about the "source packages": https://blog.docker.com/2015/07/new-apt-and-yum-repos/
I've imported and built the following packages from Debian Jessie Backports: - golang-1.6 - runc - golang-codegangsta-cli - golang-github-coreos-go-systemd - golang-github-docker-go-units - golang-github-opencontainers-specs - golang-github-seccomp-libseccomp-golang - golang-github-vishvananda-netlink - dh-golang - golang-dbus - golang-github-xeipuuv-gojsonschema - golang-testify - golang-github-xeipuuv-gojsonreference - golang-github-xeipuuv-gojsonpointer - golang-github-davecgh-go-spew - golang-github-pmezard-go-difflib - golang-objx From debian.snapshot.net golang in version 2:1.4.3-3~bpo8+1. This was necessary to build golang-1.6. From Ubuntu: - containerd - docker.io (1.12.3) So, I've decided to import the docker version from Ubuntu because docker in Debian is currently ony in sid. The Debian maintainer wrote in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850753#10: --------------------------------------------------------------------------- The reason Ubuntu is able to be more aggressive than Debian is that they've made an explicit release exception for using Docker's published "vendor" directory as-is rather than splitting it out into individual packages (which is what causes so much headache for us in Debian every new Docker release, and causes a greater number of issues such as #835686). --------------------------------------------------------------------------- The docker-engine package directly from Docker can't be build in our buildsystem. Maybe the Ubuntu package will be updated in the next weeks so that we can update to 1.13 in the UCS 4.2 final version. Currently, I've disabled the docker.io testsuite (012_rules_disable_testsuite.patch). Otherwise the build fails with: -------------------------------------------------------------------------- ok github.com/docker/docker/profiles/seccomp 0.014s coverage: 26.2% of statements ok github.com/docker/docker/reference 0.031s coverage: 87.8% of statements 2017/01/30 15:03:28 http: TLS handshake error from 127.0.0.1:56506: remote error: bad certificate 2017/01/30 15:03:28 http: TLS handshake error from 127.0.0.1:56508: remote error: bad certificate 2017/01/30 15:03:28 http: TLS handshake error from 127.0.0.1:56510: remote error: bad certificate --- FAIL: TestEndpoint (0.12s) registry_mock_test.go:263: Expected error while expanding bad endpoint: <nil> == <nil> registry_mock_test.go:263: Expected error while expanding bad endpoint: <nil> == <nil> registry_mock_test.go:263: Expected error while expanding bad endpoint: <nil> == <nil> registry_mock_test.go:263: Expected error while expanding bad endpoint: <nil> == <nil> registry_mock_test.go:263: Expected error while expanding bad endpoint: <nil> == <nil> FAIL coverage: 51.9% of statements FAIL github.com/docker/docker/registry 0.218s ok github.com/docker/docker/restartmanager 0.002s coverage: 46.9% of statements ok github.com/docker/docker/runconfig 0.017s coverage: 62.8% of statements ok github.com/docker/docker/runconfig/opts 0.041s coverage: 74.0% of statements ok github.com/docker/docker/utils 0.023s coverage: 39.1% of statements ok github.com/docker/docker/utils/templates 0.003s coverage: 50.0% of statements ok github.com/docker/docker/volume 0.022s coverage: 61.0% of statements ok github.com/docker/docker/volume/drivers 15.012s coverage: 40.7% of statements ok github.com/docker/docker/volume/local 0.029s coverage: 2.2% of statements ok github.com/docker/docker/volume/store 15.010s coverage: 59.7% of statements ? github.com/docker/docker/volume/testutils [no test files] debian/rules:89: recipe for target 'override_dh_auto_test' failed make[1]: *** [override_dh_auto_test] Error 1 --------------------------------------------------------------------------
And two more packages from Jessie backports: - libseccomp - golang-github-vishvananda-netns I had to disable the test case TestRuleAddAndLoad in golang-github-seccomp-libseccomp-golang. It failed with this message: ------------------------------------------------------------------------ === RUN TestMergeFilters --- PASS: TestMergeFilters (0.00s) === RUN TestRuleAddAndLoad --- FAIL: TestRuleAddAndLoad (0.00s) seccomp_test.go:455: Syscall should have returned error code! FAIL exit status 1 FAIL github.com/seccomp/libseccomp-golang 0.003s ------------------------------------------------------------------------ See also here: https://tests.reproducible-builds.org/debian/rb-pkg/testing/i386/golang-github-seccomp-libseccomp-golang.html
Changelog via r76214. I've created a new bug which should be checked after UCS 4.2 milestone 2: Bug #43449.
Changelog: OK Package: OK Note that after an update to 4.2, the docker CLI is unusable until restart (I simply restarted the machine). This may be a problem if the App Center is to be used immediately after an update.
The CLI might be unusable, because the old daemon is still running. That could mean, that upon restart it cannot cleanly shutdown the containers and will simply kill them after a timeout. Docker updates use a special setting to make an upgrade without shutting down the daemon (as it is usually done in Debian) so that the containers are not shutdown. With a API-breaking upgrade, the usual stop-upgrade-start should be used. Then the CLI should work without a restart and the containers will be safe.
UCS 4.2 has been released: https://docs.software-univention.de/release-notes-4.2-0-en.html https://docs.software-univention.de/release-notes-4.2-0-de.html If this error occurs again, please use "Clone This Bug".