snappy-hub

Merge lp:~mvo/snappy-hub/docker into lp:~snappy-dev/snappy-hub/docker

docker
Merge into docker

Proposed by Michael Vogt on 2016-01-26

Status:	Needs review
Proposed branch:	lp:~mvo/snappy-hub/docker
Merge into:	lp:~snappy-dev/snappy-hub/docker
Diff against target:	195 lines (+64/-52) 5 files modified package-dir/bin/docker-privilege (+1/-1) package-dir/meta/docker-daemon.apparmor (+10/-10) package-dir/meta/docker-privilege.apparmor (+11/-11) package-dir/meta/readme.md (+0/-20) package-dir/meta/snap.yaml (+42/-10)
To merge this branch:	bzr merge lp:~mvo/snappy-hub/docker
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Snappy Developers		2016-01-26	Pending
Review via email: mp+283998@code.launchpad.net

Description of the change

Move to the new snap.yaml syntax

lp:~mvo/snappy-hub/docker updated on 2016-03-04

41. By Michael Vogt on 2016-03-01: updated for the new interfaces syntax
42. By Michael Vogt on 2016-03-04: slot->plug, plug->slot

Unmerged revisions

42. By Michael Vogt on 2016-03-04: slot->plug, plug->slot
41. By Michael Vogt on 2016-03-01: updated for the new interfaces syntax
40. By Michael Vogt on 2016-01-26: Move to new snap.yaml

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Michael Vogt

Snappy Developers

 === modified file 'package-dir/bin/docker-privilege'
 --- package-dir/bin/docker-privilege	2015-08-11 14:04:55 +0000
 +++ package-dir/bin/docker-privilege	2016-03-04 11:27:14 +0000
@@ -1,7 +1,7 @@
  #!/bin/bash
  snappy_err () {
--    echo "This script needs to be run under snappy wrapper (/apps/bin)"
++    echo "This script needs to be run under snappy wrapper (/snaps/bin)"
      exit 1
+ }
 === modified file 'package-dir/meta/docker-daemon.apparmor'
 --- package-dir/meta/docker-daemon.apparmor	2015-10-09 14:57:33 +0000
 +++ package-dir/meta/docker-daemon.apparmor	2016-03-04 11:27:14 +0000
@@ -25,8 +25,8 @@
    # FIXME: app upgrades don't perform migration yet. When they do, remove
    # these two rules and update package-dir/bin/docker.wrap as per its comments.
    # See: https://app.asana.com/0/21120773903349/21160815722783
--  /var/lib/apps/@{APP_PKGNAME}/   w,
--  /var/lib/apps/@{APP_PKGNAME}/** wl,
++  /var/lib/snaps/@{APP_PKGNAME}/   w,
++  /var/lib/snaps/@{APP_PKGNAME}/** wl,
    # Read-only for the install directory
    @{CLICK_DIR}/@{APP_PKGNAME}/                   r,
@@ -34,21 +34,21 @@
    @{CLICK_DIR}/@{APP_PKGNAME}/@{APP_VERSION}/**  mrklix,
    # Writable home area
--  @{HOMEDIRS}/*/apps/@{APP_PKGNAME}/   rw,
--  @{HOMEDIRS}/*/apps/@{APP_PKGNAME}/** mrwklix,
++  @{HOMEDIRS}/*/snaps/@{APP_PKGNAME}/   rw,
++  @{HOMEDIRS}/*/snaps/@{APP_PKGNAME}/** mrwklix,
    # Read-only system area for other versions
--  /var/lib/apps/@{APP_PKGNAME}/   r,
--  /var/lib/apps/@{APP_PKGNAME}/** mrkix,
++  /var/lib/snaps/@{APP_PKGNAME}/   r,
++  /var/lib/snaps/@{APP_PKGNAME}/** mrkix,
--  # TODO: the write on  /var/lib/apps/@{APP_PKGNAME}/ is needed in case it
++  # TODO: the write on  /var/lib/snaps/@{APP_PKGNAME}/ is needed in case it
    # doesn't exist, but means an app could adjust inode data and affect
    # rollbacks.
--  /var/lib/apps/@{APP_PKGNAME}/                  w,
++  /var/lib/snaps/@{APP_PKGNAME}/                  w,
    # Writable system area only for this version.
--  /var/lib/apps/@{APP_PKGNAME}/@{APP_VERSION}/   w,
--  /var/lib/apps/@{APP_PKGNAME}/@{APP_VERSION}/** wl,
++  /var/lib/snaps/@{APP_PKGNAME}/@{APP_VERSION}/   w,
++  /var/lib/snaps/@{APP_PKGNAME}/@{APP_VERSION}/** wl,
    /writable/cache/docker/   rw,
    /writable/cache/docker/** mrwklix,
 === modified file 'package-dir/meta/docker-privilege.apparmor'
 --- package-dir/meta/docker-privilege.apparmor	2015-04-15 12:28:05 +0000
 +++ package-dir/meta/docker-privilege.apparmor	2016-03-04 11:27:14 +0000
@@ -133,26 +133,26 @@
    @{CLICK_DIR}/@{APP_PKGNAME}/@{APP_VERSION}/**  mrklix,
    # Read-only home area for other versions
--  owner @{HOMEDIRS}/*/apps/@{APP_PKGNAME}/                  r,
--  owner @{HOMEDIRS}/*/apps/@{APP_PKGNAME}/@{APP_VERSION}/   r,
--  owner @{HOMEDIRS}/*/apps/@{APP_PKGNAME}/@{APP_VERSION}/** mrkix,
++  owner @{HOMEDIRS}/*/snaps/@{APP_PKGNAME}/                  r,
++  owner @{HOMEDIRS}/*/snaps/@{APP_PKGNAME}/@{APP_VERSION}/   r,
++  owner @{HOMEDIRS}/*/snaps/@{APP_PKGNAME}/@{APP_VERSION}/** mrkix,
    # Writable home area for this version.
--  owner @{HOMEDIRS}/*/apps/@{APP_PKGNAME}/@{APP_VERSION}/   w,
--  owner @{HOMEDIRS}/*/apps/@{APP_PKGNAME}/@{APP_VERSION}/** wl,
++  owner @{HOMEDIRS}/*/snaps/@{APP_PKGNAME}/@{APP_VERSION}/   w,
++  owner @{HOMEDIRS}/*/snaps/@{APP_PKGNAME}/@{APP_VERSION}/** wl,
    # Read-only system area for other versions
--  /var/lib/apps/@{APP_PKGNAME}/   r,
--  /var/lib/apps/@{APP_PKGNAME}/** mrkix,
++  /var/lib/snaps/@{APP_PKGNAME}/   r,
++  /var/lib/snaps/@{APP_PKGNAME}/** mrkix,
    # TODO: the write on these is needed in case they doesn't exist, but means an
    # app could adjust inode data and affect rollbacks.
--  owner @{HOMEDIRS}/*/apps/@{APP_PKGNAME}/         w,
--  /var/lib/apps/@{APP_PKGNAME}/                  w,
++  owner @{HOMEDIRS}/*/snaps/@{APP_PKGNAME}/         w,
++  /var/lib/snaps/@{APP_PKGNAME}/                  w,
    # Writable system area only for this version
--  /var/lib/apps/@{APP_PKGNAME}/@{APP_VERSION}/   w,
--  /var/lib/apps/@{APP_PKGNAME}/@{APP_VERSION}/** wl,
++  /var/lib/snaps/@{APP_PKGNAME}/@{APP_VERSION}/   w,
++  /var/lib/snaps/@{APP_PKGNAME}/@{APP_VERSION}/** wl,
    # Writable temp area only for this version (launcher will create this
    # directory on our behalf so only allow readonly on parent). /tmp/snapps can
 === renamed file 'package-dir/meta/docker.svg' => 'package-dir/meta/icon.svg'
 === removed file 'package-dir/meta/readme.md'
 --- package-dir/meta/readme.md	2015-08-11 14:04:55 +0000
 +++ package-dir/meta/readme.md	1970-01-01 00:00:00 +0000
@@ -1,20 +0,0 @@
--Docker Framework
--This is the docker app deployment mechanism.
--
--Actual docker version: 1.6.2
--
--Apparmor profiles have been moved to /var/lib/apparmor/profiles, default profile as been modified.
--Data is stored in /var/lib/apps/docker/${version_of_snap_package}/.
--
--If you need to pass through proxies or dns, edit /apps/docker/current/etc/docker.conf accordingly and restart the docker service:
--i.e:
--FTP_PROXY=http://your.proxy:3128
--HTTP_PROXY=http://your.proxy:3128
--HTTPS_PROXY=http://your.proxy:3128
--DOCKER_OPTIONS="--dns 8.8.8.8"
--
--If you need privileged access, you can issue 'docker-privilege on'. But the confinment will be nearly inexistant.
--
--Docker can read and write to your home/apps/docker/** directory, place your Dockerfile, there.
--
--sudo systemctl restart docker_docker_${version_of_snap_package}.service
 === renamed file 'package-dir/meta/package.yaml' => 'package-dir/meta/snap.yaml'
 --- package-dir/meta/package.yaml	2015-11-13 16:04:00 +0000
 +++ package-dir/meta/snap.yaml	2016-03-04 11:27:14 +0000
@@ -1,23 +1,55 @@
  name: docker
--version: 1.6.2.005
--architectures: [amd64, armhf]
--icon: meta/docker.svg
--vendor: Pierre-Andre MOREY <pierre-andre.morey@canonical.com>
++version: 1.6.2.005-16.04.1-2
++summary: Docker Framework
++description: |
++ This is the docker app deployment mechanism.
++
++ Actual docker version: 1.6.2
++
++ Apparmor profiles have been moved to /var/lib/apparmor/profiles, default profile as been modified.
++ Data is stored in /var/lib/snaps/docker/${version_of_snap_package}/.
++
++ If you need to pass through proxies or dns, edit /snaps/docker/current/etc/docker.conf accordingly and restart the docker service:
++i.e:
++ FTP_PROXY=http://your.proxy:3128
++ HTTP_PROXY=http://your.proxy:3128
++ HTTPS_PROXY=http://your.proxy:3128
++ DOCKER_OPTIONS="--dns 8.8.8.8"
++
++ If you need privileged access, you can issue 'docker-privilege on'. But the confinment will be nearly inexistant.
++
++ Docker can read and write to your home/snaps/docker/** directory, place your Dockerfile, there.
++
++ sudo systemctl restart docker_docker_${version_of_snap_package}.service
++architecture: [amd64, armhf]
  type: framework
--services:
--  - name: docker-daemon
++apps:
++ docker-daemon:
++    command: docker-daemon
++    daemon: simple
      description: The docker app deployment mechanism
--    start: bin/docker.start
++    command: bin/docker.start
      stop: bin/docker.stop
++    plugs: [docker-daemon]
++ docker:
++    command: bin/docker
++    plugs: [docker]
++ docker-privilege:
++    command: bin/docker-privilege
++    plugs: [docker-privilege]
++plugs:
++ docker-daemon:
++    interface: old-security
      security-policy:
        apparmor: meta/docker-daemon.apparmor
        seccomp: meta/docker-daemon.seccomp
--binaries:
--  - name: bin/docker
++ docker:
++    interface: old-security
      caps:
        - docker_client
        - network-client
--  - name: bin/docker-privilege
++ docker-privilege:
++    interface: old-security
      security-policy:
        apparmor: meta/docker-privilege.apparmor
        seccomp: meta/docker-privilege.seccomp