Ubuntu
docker.io package

Merge ~lucaskanashiro/ubuntu/+source/docker.io:sru-docker-groovy into ubuntu/+source/docker.io:ubuntu/groovy-devel

  1. Git
  2. lp:~lucaskanashiro/ubuntu/+source/docker.io
  3. sru-docker-groovy
  4. Merge into ubuntu/groovy-devel
Proposed by Lucas Kanashiro
Status: Merged
Approved by: Lucas Kanashiro
Approved revision: 3ee199e796ab08e90e4e4bbcd80d35830640ed92
Merged at revision: 3ee199e796ab08e90e4e4bbcd80d35830640ed92
Proposed branch: ~lucaskanashiro/ubuntu/+source/docker.io:sru-docker-groovy
Merge into: ubuntu/+source/docker.io:ubuntu/groovy-devel
Diff against target: 116 lines (+85/-0)
4 files modified
debian/changelog (+12/-0)
debian/patches/do-not-bind-docker-to-containerd.patch (+64/-0)
debian/patches/series (+1/-0)
debian/rules (+8/-0)
Reviewer Review Type Date Requested Status
Sergio Durigan Junior (community) Approve
Canonical Server Pending
Review via email: mp+395167@code.launchpad.net

Description of the change

Backport the fix for the upgrade issue which makes the docker daemon stop, stopping also all the containers running.

PPA with the proposed package:

https://launchpad.net/~lucaskanashiro/+archive/ubuntu/containerd-upgrade-issue/+packages

DEP-8 tests are passing:

autopkgtest [17:56:48]: @@@@@@@@@@@@@@@@@@@@ summary
basic-smoke PASS
docker-in-lxd PASS

To post a comment you must log in.
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

LGTM.

review: Approve
Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

Uploaded:

$ git push pkg upload/19.03.13-0ubuntu3.1
Enumerating objects: 21, done.
Counting objects: 100% (21/21), done.
Delta compression using up to 32 threads
Compressing objects: 100% (15/15), done.
Writing objects: 100% (15/15), 3.60 KiB | 1.20 MiB/s, done.
Total 15 (delta 8), reused 0 (delta 0)
To ssh://git.launchpad.net/ubuntu/+source/docker.io
 * [new tag] upload/19.03.13-0ubuntu3.1 -> upload/19.03.13-0ubuntu3.1
$ dput ubuntu ../docker.io_19.03.13-0ubuntu3.1_source.changes
Checking signature on .changes
gpg: ../docker.io_19.03.13-0ubuntu3.1_source.changes: Valid signature from F823A2729883C97C
Checking signature on .dsc
gpg: ../docker.io_19.03.13-0ubuntu3.1.dsc: Valid signature from F823A2729883C97C
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading docker.io_19.03.13-0ubuntu3.1.dsc: done.
  Uploading docker.io_19.03.13-0ubuntu3.1.debian.tar.xz: done.
  Uploading docker.io_19.03.13-0ubuntu3.1_source.changes: done.
Successfully uploaded packages.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 7894341..3d6d942 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,15 @@
6+docker.io (19.03.13-0ubuntu3.1) groovy; urgency=medium
7+
8+ * d/p/do_not_bind_docker_to_containerd.patch: Update docker.io to not
9+ stop when containerd is upgraded, by using Wants= rather than BindTo=.
10+ (LP: #1870514)
11+ * d/rules: Fix docker.io to not restart its service during package
12+ upgrades, to prevent service downtime from automatic updates via
13+ unattended-upgrade.
14+ (LP: #1906364)
15+
16+ -- Bryce Harrington <bryce@canonical.com> Fri, 04 Dec 2020 23:02:49 +0000
17+
18 docker.io (19.03.13-0ubuntu3) groovy; urgency=medium
19
20 * SECURITY UPDATE: Sensitive information disclosure
21diff --git a/debian/patches/do-not-bind-docker-to-containerd.patch b/debian/patches/do-not-bind-docker-to-containerd.patch
22new file mode 100644
23index 0000000..d2202cc
24--- /dev/null
25+++ b/debian/patches/do-not-bind-docker-to-containerd.patch
26@@ -0,0 +1,64 @@
27+From 22f15d4137cb5d090f13fc5d9093dc3085dce67b Mon Sep 17 00:00:00 2001
28+From: =?UTF-8?q?Micha=C5=82=20Kosek?= <mihao@users.noreply.github.com>
29+Date: Tue, 9 Jul 2019 15:34:13 +0200
30+Subject: [PATCH] Do not "Bind" docker "To" containerd.
31+
32+relates to https://github.com/docker/for-linux/issues/678
33+
34+When using the BindTo directive, Docker is permanently stopped by systemd
35+when containerd is temporarily killed and restarted;
36+
37+Using `Requires` achieves mostly the same, but defines a weaker dependency;
38+
39+https://www.freedesktop.org/software/systemd/man/systemd.unit.html#Requires=
40+
41+> Requires=
42+>
43+> .. If this unit gets activated, the units listed will be activated as well.
44+> If one of the other units fails to activate, and an ordering dependency
45+> After= on the failing unit is set, this unit will not be started. Besides,
46+> with or without specifying After=, this unit will be stopped if one of the
47+> other units is explicitly stopped.
48+
49+We may want to look into using `Wants=` instead of `Requires=`, because
50+that allows docker to continue running if containerd is restarted, quoting
51+the systemd documentation:
52+
53+> Often, it is a better choice to use Wants= instead of Requires= in order
54+> to achieve a system that is more robust when dealing with failing services.
55+
56+Given that docker will likely still fail if the containerd socket is not
57+present, startup will fail if containerd is not running, but if containerd
58+is restarted, the docker daemon may be able to try reconnecting.
59+
60+Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
61+---
62+ systemd/docker.service | 3 +--
63+ 1 file changed, 1 insertion(+), 2 deletions(-)
64+
65+Origin: upstream, https://github.com/docker/docker-ce-packaging/pull/508
66+Bug: https://github.com/docker/for-linux/issues/678
67+Ubuntu-Bug: https://bugs.launchpad.net/ubuntu/+source/containerd/+bug/1870514
68+Reviewed-By: Bryce Harrington <bryce@canonical.com>
69+Description: This is a backport of upstream's patch, with the path to
70+ the docker.service modified and using Wants= rather than Requires=, for
71+ reasons outlined above (Requires= did not work). The After= target
72+ also differs from upstream (we don't carry commit 36bb01538.)
73+Last-Updated: 2020-12-02
74+
75+diff --git a/systemd/docker.service b/systemd/docker.service
76+index 9c1d9e6d37..0a6a3064a4 100644
77+--- a/components/packaging/systemd/docker.service
78++++ b/components/packaging/systemd/docker.service
79+@@ -1,10 +1,10 @@
80+ [Unit]
81+ Description=Docker Application Container Engine
82+ Documentation=https://docs.docker.com
83+-BindsTo=containerd.service
84+ After=network-online.target firewalld.service containerd.service
85+ Wants=network-online.target
86+ Requires=docker.socket
87++Wants=containerd.service
88+
89+ [Service]
90+ Type=notify
91diff --git a/debian/patches/series b/debian/patches/series
92index 9dddd87..f9393b5 100644
93--- a/debian/patches/series
94+++ b/debian/patches/series
95@@ -1,2 +1,3 @@
96 41518--apparmor-parser-beta.patch
97 CVE-2020-15157.patch
98+do-not-bind-docker-to-containerd.patch
99diff --git a/debian/rules b/debian/rules
100index 0b10b04..50220a7 100755
101--- a/debian/rules
102+++ b/debian/rules
103@@ -124,5 +124,13 @@ override_dh_shlibdeps:
104 override_dh_auto_clean:
105 @# stop debhelper from doing "make clean"
106
107+override_dh_systemd_start:
108+ # We take care of determining whether the docker.io service should be
109+ # restarted during upgrades or not ourselves, based on the debconf
110+ # choice made by the user during installation. For this reason, we
111+ # invoke dh_systemd_start with "-r" in order to avoid indiscriminately
112+ # stopping the service during upgrades.
113+ dh_systemd_start --package=docker.io -r
114+
115 %:
116 dh $@ --with=bash-completion,systemd

Subscribers

People subscribed via source and target branches