From 8c5e99fd383b461151ef0f1e1875d1801a175c80 Mon Sep 17 00:00:00 2001 From: Robert Sturla Date: Tue, 15 Apr 2025 23:56:50 +0100 Subject: [PATCH 1/4] feat: manage docker group with systemd-sysusers Switches away from the groupadd postinstall commands to managing the docker group with sysusers. This is a declarative way to create and manage users, better suited for the atomic distros such as Silverblue. Signed-off-by: Robert Sturla Signed-off-by: Sebastiaan van Stijn --- deb/common/docker-ce.postinst | 20 -------------------- deb/common/rules | 3 +++ rpm/SPECS/docker-ce.spec | 7 ++++--- 3 files changed, 7 insertions(+), 23 deletions(-) delete mode 100755 deb/common/docker-ce.postinst diff --git a/deb/common/docker-ce.postinst b/deb/common/docker-ce.postinst deleted file mode 100755 index eeef6ca801..0000000000 --- a/deb/common/docker-ce.postinst +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/sh -set -e - -case "$1" in - configure) - if [ -z "$2" ]; then - if ! getent group docker > /dev/null; then - groupadd --system docker - fi - fi - ;; - abort-*) - # How'd we get here?? - exit 1 - ;; - *) - ;; -esac - -#DEBHELPER# diff --git a/deb/common/rules b/deb/common/rules index a25eae2e38..a138122923 100755 --- a/deb/common/rules +++ b/deb/common/rules @@ -133,6 +133,9 @@ override_dh_auto_install: install -D -p -m 0755 engine/contrib/dockerd-rootless-setuptool.sh debian/docker-ce-rootless-extras/usr/bin/dockerd-rootless-setuptool.sh # TODO: how can we install vpnkit? + # install systemd sysusers config + install -D -p -m 0644 engine/contrib/systemd-sysusers/docker.conf debian/docker-ce/usr/lib/sysusers.d/docker.conf + override_dh_installinit: # use "docker" as our service name, not "docker-ce" dh_installinit --name=docker diff --git a/rpm/SPECS/docker-ce.spec b/rpm/SPECS/docker-ce.spec index fc8cf5e7b0..3bcbb2a92a 100644 --- a/rpm/SPECS/docker-ce.spec +++ b/rpm/SPECS/docker-ce.spec @@ -84,6 +84,9 @@ install -D -p -m 0755 $(readlink -f engine/bundles/dynbinary-daemon/dockerd) ${R install -D -p -m 0755 $(readlink -f engine/bundles/dynbinary-daemon/docker-proxy) ${RPM_BUILD_ROOT}%{_bindir}/docker-proxy install -D -p -m 0755 /usr/local/bin/docker-init ${RPM_BUILD_ROOT}%{_libexecdir}/docker/docker-init +# install systemd sysusers config +install -D -p -m 0644 engine/contrib/systemd-sysusers/docker.conf ${RPM_BUILD_ROOT}%{_sysusersdir}/docker.conf + # install systemd scripts install -D -p -m 0644 engine/contrib/init/systemd/docker.service ${RPM_BUILD_ROOT}%{_unitdir}/docker.service install -D -p -m 0644 engine/contrib/init/systemd/docker.socket ${RPM_BUILD_ROOT}%{_unitdir}/docker.socket @@ -100,14 +103,12 @@ mkdir -p ${RPM_BUILD_ROOT}/etc/docker %{_libexecdir}/docker/docker-init %{_unitdir}/docker.service %{_unitdir}/docker.socket +%{_sysusersdir}/docker.conf %{_mandir}/man*/* %dir /etc/docker %post %systemd_post docker.service -if ! getent group docker > /dev/null; then - groupadd --system docker -fi %preun %systemd_preun docker.service docker.socket From e398015dadd1885bc311f73d87e254a7008b067c Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 20 May 2025 13:01:51 +0200 Subject: [PATCH 2/4] deb: use symlink to install systemd-sysusers Using [dh_installsysusers(1)]: > FILES > > debian/package.sysusers > If the file exists, it will be installed as /usr/lib/sysusers.d/package.conf. [dh_installsysusers(1)]: https://manpages.debian.org/bookworm/debhelper/dh_installsysusers.1.en.html Signed-off-by: Sebastiaan van Stijn --- deb/common/docker-ce.docker.sysusers | 1 + deb/common/rules | 3 --- 2 files changed, 1 insertion(+), 3 deletions(-) create mode 120000 deb/common/docker-ce.docker.sysusers diff --git a/deb/common/docker-ce.docker.sysusers b/deb/common/docker-ce.docker.sysusers new file mode 120000 index 0000000000..eddc9039a7 --- /dev/null +++ b/deb/common/docker-ce.docker.sysusers @@ -0,0 +1 @@ +../engine/contrib/systemd-sysusers/docker.conf \ No newline at end of file diff --git a/deb/common/rules b/deb/common/rules index a138122923..a25eae2e38 100755 --- a/deb/common/rules +++ b/deb/common/rules @@ -133,9 +133,6 @@ override_dh_auto_install: install -D -p -m 0755 engine/contrib/dockerd-rootless-setuptool.sh debian/docker-ce-rootless-extras/usr/bin/dockerd-rootless-setuptool.sh # TODO: how can we install vpnkit? - # install systemd sysusers config - install -D -p -m 0644 engine/contrib/systemd-sysusers/docker.conf debian/docker-ce/usr/lib/sysusers.d/docker.conf - override_dh_installinit: # use "docker" as our service name, not "docker-ce" dh_installinit --name=docker From c9145a6fb25d9d17a4e64ac29c6bdceec237c1f0 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 20 May 2025 23:08:09 +0200 Subject: [PATCH 3/4] try override_dh_installsysusers Signed-off-by: Sebastiaan van Stijn --- deb/common/rules | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/deb/common/rules b/deb/common/rules index a25eae2e38..3fd39ae672 100755 --- a/deb/common/rules +++ b/deb/common/rules @@ -141,6 +141,10 @@ override_dh_installsystemd: # use "docker" as our service name, not "docker-ce" dh_installsystemd --name=docker +override_dh_installsysusers: + # use "docker" as our service name, not "docker-ce" + dh_installsysusers --name=docker + override_dh_shlibdeps: dh_shlibdeps --dpkg-shlibdeps-params=--ignore-missing-info From 67e792224c85a5f577dc1692bd8e1dbddd15e1c4 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 20 May 2025 23:24:12 +0200 Subject: [PATCH 4/4] try debhelper-compat (= 13) Signed-off-by: Sebastiaan van Stijn --- deb/common/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deb/common/control b/deb/common/control index 8ddce8093c..957f9da4a8 100644 --- a/deb/common/control +++ b/deb/common/control @@ -7,7 +7,7 @@ Build-Depends: bash, ca-certificates, cmake, dh-apparmor, - debhelper-compat (= 12), + debhelper-compat (= 13), gcc, git, libc-dev,