Move to unified cgroupv2 hierarchy and upgrade docker to 20.10

.github/workflows/common.sh

@@ -28,6 +28,14 @@ function checkout_branches() {
   git -C "${SDK_OUTER_SRCDIR}/third_party/coreos-overlay" checkout -B "${TARGET_BRANCH}" "github/${BASE_BRANCH}"
 }
 
+function regenerate_manifest() {
+  CATEGORY_NAME=$1
+  PKGNAME_SIMPLE=$2
+  pushd "${SDK_OUTER_SRCDIR}/third_party/coreos-overlay" >/dev/null || exit
+  enter ebuild "${SDK_INNER_SRCDIR}/third_party/coreos-overlay/${CATEGORY_NAME}/${PKGNAME_SIMPLE}/${PKGNAME_SIMPLE}-${VERSION_NEW}.ebuild" manifest --force
+  popd || exit
+}
+
 function generate_patches() {
   CATEGORY_NAME=$1
   PKGNAME_SIMPLE=$2

.github/workflows/docker-apply-patch.sh

@@ -22,17 +22,23 @@ fi
 
 # we need to update not only the main ebuild file, but also its DOCKER_GITCOMMIT,
 # which needs to point to COMMIT_HASH that matches with $VERSION_NEW from upstream docker-ce.
-dockerEbuildOldSymlink=$(ls -1 app-emulation/docker/docker-${VERSION_OLD}.ebuild)
-dockerEbuildNewSymlink="app-emulation/docker/docker-${VERSION_NEW}.ebuild"
-dockerEbuildMain="app-emulation/docker/docker-9999.ebuild"
-git mv ${dockerEbuildOldSymlink} ${dockerEbuildNewSymlink}
-sed -i "s/DOCKER_GITCOMMIT=\"\(.*\)\"/DOCKER_GITCOMMIT=\"${COMMIT_HASH}\"/g" ${dockerEbuildMain}
-sed -i "s/v${VERSION_OLD}/v${VERSION_NEW}/g" ${dockerEbuildMain}
+dockerEbuildOld=$(ls -1 app-emulation/docker/docker-${VERSION_OLD}.ebuild)
+dockerEbuildNew="app-emulation/docker/docker-${VERSION_NEW}.ebuild"
+git mv ${dockerEbuildOld} ${dockerEbuildNew}
+sed -i "s/GIT_COMMIT=\(.*\)/GIT_COMMIT=${COMMIT_HASH}/g" ${dockerEbuildNew}
+sed -i "s/v${VERSION_OLD}/v${VERSION_NEW}/g" ${dockerEbuildNew}
+
+cliEbuildOld=$(ls -1 app-emulation/docker-cli/docker-cli-${VERSION_OLD}.ebuild)
+cliEbuildNew="app-emulation/docker-cli/docker-cli-${VERSION_NEW}.ebuild"
+git mv ${cliEbuildOld} ${cliEbuildNew}
+sed -i "s/GIT_COMMIT=\(.*\)/GIT_COMMIT=${COMMIT_CLI_HASH}/g" ${cliEbuildNew}
+sed -i "s/v${VERSION_OLD}/v${VERSION_NEW}/g" ${cliEbuildNew}
 
 # torcx ebuild file has a docker version with only major and minor versions, like 19.03.
 versionTorcx=${VERSION_OLD%.*}
 torcxEbuildFile=$(ls -1 app-torcx/docker/docker-${versionTorcx}*.ebuild | sort -ruV | head -n1)
 sed -i "s/docker-${VERSION_OLD}/docker-${VERSION_NEW}/g" ${torcxEbuildFile}
+sed -i "s/docker-cli-${VERSION_OLD}/docker-cli-${VERSION_NEW}/g" ${torcxEbuildFile}
 
 # update also docker versions used by the current docker-runc ebuild file.
 versionRunc=$(sed -n "s/^DIST docker-runc-\([0-9]*.[0-9]*.*\)\.tar.*/\1/p" app-emulation/docker-runc/Manifest | sort -ruV | head -n1)
@@ -41,6 +47,7 @@ sed -i "s/github.com\/docker\/docker-ce\/blob\/v${VERSION_OLD}/github.com\/docke
 
 popd >/dev/null || exit
 
+regenerate_manifest app-emulation docker-cli
 generate_patches app-emulation docker Docker
 
 apply_patches

.github/workflows/docker-releases-main.yml

@@ -13,12 +13,15 @@ jobs:
       - name: Fetch latest Docker release
         id: fetch-latest-release
         run: |
-          git clone https://github.com/docker/docker-ce docker
+          git clone https://github.com/docker/docker docker
+          git clone https://github.com/docker/cli docker-cli
           versionMain=$(git -C docker ls-remote --tags origin | cut -f2 | sed -n "/refs\/tags\/v[0-9]*\.[0-9]*\.[0-9]*$/s/^refs\/tags\/v//p" | egrep -v -e '(beta|rc)' | sort -ruV | head -n1)
-          commitMain=$(git -C docker rev-parse --short=7 v${versionMain})
-          rm -rf docker
+          commitMain=$(git -C docker rev-parse --short=10 v${versionMain})
+          commitCli=$(git -C docker-cli rev-parse --short=10 v${versionMain})
+          rm -rf docker docker-cli
           echo ::set-output name=VERSION_MAIN::$(echo ${versionMain})
           echo ::set-output name=COMMIT_MAIN::$(echo ${commitMain})
+          echo ::set-output name=COMMIT_CLI::$(echo ${commitCli})
           echo ::set-output name=BASE_BRANCH_MAIN::main
       - name: Set up Flatcar SDK
         id: setup-flatcar-sdk
@@ -30,6 +33,7 @@ jobs:
           BASE_BRANCH: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAIN }}
           VERSION_NEW: ${{ steps.fetch-latest-release.outputs.VERSION_MAIN }}
           COMMIT_HASH: ${{ steps.fetch-latest-release.outputs.COMMIT_MAIN }}
+          COMMIT_CLI_HASH: ${{ steps.fetch-latest-release.outputs.COMMIT_CLI }}
           PATH: ${{ steps.setup-flatcar-sdk.outputs.path }}
         run: .github/workflows/docker-apply-patch.sh
       - name: Create pull request for main

.github/workflows/runc-apply-patch.sh

@@ -36,7 +36,6 @@ VERSION_NEW_HYPHEN=${VERSION_NEW//_/-}
 sed -i "s/${VERSION_OLD_HYPHEN}/${VERSION_NEW_HYPHEN}/g" ${runcEbuildNew}
 
 # update also runc versions used by docker and containerd
-sed -i "s/docker-runc-${VERSION_OLD}/docker-runc-${VERSION_NEW}/g" app-emulation/docker/docker-9999.ebuild
 sed -i "s/docker-runc-${VERSION_OLD}/docker-runc-${VERSION_NEW}/g" app-emulation/containerd/containerd-9999.ebuild
 
 dockerVersion=$(sed -n "s/^DIST docker-\([0-9]*.[0-9]*.[0-9]*\).*/\1/p" app-emulation/docker/Manifest | sort -ruV | head -n1)

app-emulation/containerd/containerd-9999.ebuild

@@ -64,4 +64,5 @@ src_install() {
 	systemd_newunit "${FILESDIR}/${PN}-1.0.0.service" "${PN}.service"
 	insinto /usr/share/containerd
 	doins "${FILESDIR}/config.toml"
+	doins "${FILESDIR}/config-cgroupfs.toml"
 }

app-emulation/containerd/files/config-cgroupfs.toml

@@ -0,0 +1,30 @@
+# persistent data location
+root = "/var/lib/containerd"
+# runtime state information
+state = "/run/containerd"
+# set containerd as a subreaper on linux when it is not running as PID 1
+subreaper = true
+# set containerd's OOM score
+oom_score = -999
+disabled_plugins = []
+
+# grpc configuration
+[grpc]
+address = "/run/containerd/containerd.sock"
+# socket uid
+uid = 0
+# socket gid
+gid = 0
+
+[plugins.linux]
+# shim binary name/path
+shim = "containerd-shim"
+# runtime binary name/path
+runtime = "runc"
+# do not use a shim when starting containers, saves on memory but
+# live restore is not supported
+no_shim = false
+
+# config version 1; version 2 uses full plugin paths
+[plugins.cri.containerd.runtimes.runc.options]
+SystemdCgroup = false

app-emulation/containerd/files/config.toml

@@ -24,3 +24,7 @@ runtime = "runc"
 # do not use a shim when starting containers, saves on memory but
 # live restore is not supported
 no_shim = false
+
+# config version 1; version 2 uses full plugin paths
+[plugins.cri.containerd.runtimes.runc.options]
+SystemdCgroup = true

app-emulation/docker-cli/Manifest

@@ -0,0 +1 @@
+DIST docker-cli-20.10.7.tar.gz 7523515 BLAKE2B 36ae46a28ca943e75419014b8b8453dbdd36bf240b9c36aed245447241dd07635da0319fd9b6ea409ecbe4c419eec8650d94d2a296e45a9c3b02a9a47a314888 SHA512 4523ae70cb27d848da119070171af2eb84e974ac39d70be4feee105e37c949487c7f72a9bc30c32ce71bffb0787e27b7b9194ce5a8aeae57bdfeb3f2d730010f

app-emulation/docker-cli/docker-cli-20.10.7.ebuild

@@ -0,0 +1,63 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+GIT_COMMIT=f0df35096d
+EGO_PN="github.com/docker/cli"
+
+COREOS_GO_PACKAGE="${EGO_PN}"
+COREOS_GO_VERSION="go1.13"
+
+inherit bash-completion-r1  golang-vcs-snapshot coreos-go-depend
+
+DESCRIPTION="the command line binary for docker"
+HOMEPAGE="https://www.docker.com/"
+MY_PV=${PV/_/-}
+SRC_URI="https://github.com/docker/cli/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="amd64 arm64"
+IUSE="hardened"
+
+RDEPEND="!<app-emulation/docker-20.10.1"
+
+RESTRICT="installsources strip"
+
+S="${WORKDIR}/${P}/src/${EGO_PN}"
+
+src_prepare() {
+	default
+	sed -i 's@dockerd\?\.exe@@g' contrib/completion/bash/docker || die
+}
+
+src_compile() {
+	# Flatcar: override go version
+	go_export
+	export GO_BUILDTAGS="go1.13"
+
+	export DISABLE_WARN_OUTSIDE_CONTAINER=1
+	export GOPATH="${WORKDIR}/${P}"
+	# setup CFLAGS and LDFLAGS for separate build target
+	# see https://github.com/tianon/docker-overlay/pull/10
+	# FLatcar: inject our own CFLAGS/LDFLAGS for torcx
+	export CGO_CFLAGS="${CGO_CFLAGS} -I${ROOT}/usr/include"
+	export CGO_LDFLAGS="${CGO_LDFLAGS} -L${ROOT}/usr/$(get_libdir)"
+		emake \
+		LDFLAGS="$(usex hardened '-extldflags -fno-PIC' '')" \
+		VERSION="$(cat VERSION)" \
+		GITCOMMIT="${GIT_COMMIT}" \
+		dynbinary
+
+	# Flatcar: removed man page generation since they are not included in images
+}
+
+src_install() {
+	dobin build/docker
+	dobashcomp contrib/completion/bash/*
+	bashcomp_alias docker dockerd
+	insinto /usr/share/fish/vendor_completions.d/
+	doins contrib/completion/fish/docker.fish
+	insinto /usr/share/zsh/site-functions
+	doins contrib/completion/zsh/_*
+}

app-emulation/docker-cli/metadata.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>williamh@gentoo.org</email>
+		<name>William Hubbs</name>
+	</maintainer>
+</pkgmetadata>

app-emulation/docker-proxy/Manifest

@@ -1,3 +1,4 @@
-DIST docker-proxy-0.8.0_p20161019.tar.gz 2112423 SHA256 170d355ad613cc28245a6d9501bcaba930cb594a632fdd9bd52a4fa90b406932 SHA512 a7b040cdeaf15054d436b184370af0f9b23a5b6d0b2c01530b7ad539040186888bb030309e18a1a02ad252753cf4f08aa5e5ec504480a8ffb7050db76764db5b WHIRLPOOL 83fed4162e1fbe2a640dfb720ca85583f923166d0f7da3e397ec20a333dddc42d7def2231de8877569cb63bb37435d23f772413ffd6d82f8a4a8c453d75f669c
-DIST docker-proxy-0.8.0_p20170917.tar.gz 2177045 SHA256 2eee331b6ded567a36e7db708405b34032b93938682cf049025f48b96d755bf6 SHA512 673ea638fa5c560d8238d7c1d88f114430f9d8efe701804bfe30044d0c059a688cbf6b62922be50834e16ee055ef6cf015f6232f76f0d942768f9e84e95496cd WHIRLPOOL 27b33b36bbdeaff3d25977b50aa11fc5a4708482f44efe583223c1aab40091e28824eda6eb5ac8a7f20be24ef4ddcf9b6e4a043c52c9e6953ec2c95f266fb296
-DIST docker-proxy-0.8.0_p20180709.tar.gz 2718698 SHA256 572ce85f2c51a21c1cd55056cf8cb9ef1d447c2de9c82485233be9f851284299 SHA512 21d3d1bd8aafeab51a3e0a14ada4d559b5b113a48d315e91f7d70e4fa839f5c92d4068b38c28bf6929da9c11cfc61703bafc7148f64b784208d61fa14ee4545d WHIRLPOOL 4294149756e8549f7d9785db462fb32aaa5e49ff1d74653bf824726dc744f5582c66531b8052542c28cebf01c5d5280fef6b12d0b2c0b75126ef5595d3c097a7
+DIST docker-proxy-0.8.0_p20161019.tar.gz 2112423 BLAKE2B 8ce90c6dd0184773c1e2c4e31304e8a67c2c571d1ceb62b2a66c92ce277ba73ea2243e8414fbc769501bf76cb79fe890d3d0c7a0ef00d7e2889e20b6982b555e SHA512 a7b040cdeaf15054d436b184370af0f9b23a5b6d0b2c01530b7ad539040186888bb030309e18a1a02ad252753cf4f08aa5e5ec504480a8ffb7050db76764db5b
+DIST docker-proxy-0.8.0_p20170917.tar.gz 2177045 BLAKE2B 0fed1328e8216ab83b23e8e1fe1793da6e874eced7ad18d101b0b7757f1de4fa7d321fb78620a349a4ed492abb4d85c3ecbf49311698b6af156a6255dec5740e SHA512 673ea638fa5c560d8238d7c1d88f114430f9d8efe701804bfe30044d0c059a688cbf6b62922be50834e16ee055ef6cf015f6232f76f0d942768f9e84e95496cd
+DIST docker-proxy-0.8.0_p20180709.tar.gz 2718698 BLAKE2B 6214ba714ba8b01214168171f465dfaee4d8ff791db7a219a3fb92fade3e4207d36d90090790c0a3059e6fb209f3cd8bb0082ca75496108ebffb7c9b0c5092a4 SHA512 21d3d1bd8aafeab51a3e0a14ada4d559b5b113a48d315e91f7d70e4fa839f5c92d4068b38c28bf6929da9c11cfc61703bafc7148f64b784208d61fa14ee4545d
+DIST docker-proxy-0.8.0_p20210525.tar.gz 3154432 BLAKE2B 3f273cd4c2dd3c797117bebfe06eb3ae8ce3b3f70d495cb0c77a372d64e23f1d9ad31e8efef64df494cc462e9f4fda9311c99ae7e7218f0fc41b6bf44cf8c08d SHA512 6a94fe23ce1bab0a428ee4bbe20089f5a4470e72c5da156b2b1a89de01cca803374fd9cdcd4c5b25b86af1c4e956c75a1a5ad7fb6639def7bcec69859a77c047

app-emulation/docker-proxy/docker-proxy-0.8.0_p20180709.ebuild

@@ -0,0 +1,42 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+EGO_PN="github.com/docker/libnetwork"
+
+COREOS_GO_PACKAGE="${EGO_PN}"
+COREOS_GO_VERSION="go1.13"
+
+if [[ ${PV} == *9999 ]]; then
+	KEYWORDS="~amd64 ~arm64"
+	inherit golang-vcs
+else
+	EGIT_COMMIT="3ac297bc7fd0afec9051bbb47024c9bc1d75bf5b"
+	SRC_URI="https://${EGO_PN}/archive/${EGIT_COMMIT}.tar.gz -> ${P}.tar.gz"
+	KEYWORDS="amd64 arm64"
+	inherit golang-vcs-snapshot
+fi
+
+inherit coreos-go
+
+DESCRIPTION="Docker container networking"
+HOMEPAGE="https://github.com/docker/libnetwork"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+IUSE=""
+
+S=${WORKDIR}/${P}/src/${EGO_PN}
+
+RDEPEND="!<app-emulation/docker-1.13.0_rc1"
+
+RESTRICT="test" # needs dockerd
+
+src_compile() {
+	go_build "${COREOS_GO_PACKAGE}/cmd/proxy"
+}
+
+src_install() {
+	dodoc ROADMAP.md README.md CHANGELOG.md
+	newbin "${GOBIN}"/proxy docker-proxy
+}

app-emulation/docker-proxy/docker-proxy-0.8.0_p20210525.ebuild

@@ -0,0 +1 @@
+docker-proxy-9999.ebuild

app-emulation/docker-proxy/docker-proxy-9999.ebuild

@@ -11,7 +11,7 @@ if [[ ${PV} == *9999 ]]; then
 	KEYWORDS="~amd64 ~arm64"
 	inherit golang-vcs
 else
-	EGIT_COMMIT="3ac297bc7fd0afec9051bbb47024c9bc1d75bf5b"
+	EGIT_COMMIT="64b7a4574d1426139437d20e81c0b6d391130ec8"
 	SRC_URI="https://${EGO_PN}/archive/${EGIT_COMMIT}.tar.gz -> ${P}.tar.gz"
 	KEYWORDS="amd64 arm64"
 	inherit golang-vcs-snapshot
@@ -37,6 +37,6 @@ src_compile() {
 }
 
 src_install() {
-	dodoc ROADMAP.md README.md CHANGELOG.md
+	dodoc README.md CHANGELOG.md
 	newbin "${GOBIN}"/proxy docker-proxy
 }

app-emulation/docker/Manifest

@@ -1 +1 @@
-DIST docker-19.03.15.tar.gz 18284803 BLAKE2B a1fac5d841934382d12c781353546b7c7a8167d0f2dc4150659a4aece210ea7361c59de25e3d450dae20fd536ea8dc33a18e55f9565ee4fdc818166810391fbf SHA512 ffd8e683a93a6ce69789603d24457aebe3379594692cb3dadc25bc8d407771a29d76087b0ca70856707f151622b1853f283a1071311c033ff90a1e44b0d9ffbc
+DIST docker-20.10.7.tar.gz 11077660 BLAKE2B 081b36668ead0fd727ebdabc0d07fdf1992f64e3ab1e7c09933130b37f9ad60876c36d1fcda5619ba1bffac7fadafe63d7fc647868c3c6ba30429487c2ebc31b SHA512 2341faa3ebb903d74fa434712fce45e7acf0423710b97cdca11e3999db2819c4385d9a7fb3850925592f20f02c6261edbade6c9d6a2fefbc32f05a6b44ec3073