+++ /dev/null
-config DOCKER_KERNEL_OPTIONS
- bool "Enable Basic kernel support for Docker"
- depends on PACKAGE_docker-ce
- default y
- select KERNEL_CGROUPS
- select KERNEL_CGROUP_CPUACCT
- select KERNEL_CGROUP_DEVICE
- select KERNEL_CGROUP_FREEZER
- select KERNEL_CGROUP_SCHED
- select KERNEL_NAMESPACES
- select KERNEL_CPUSETS
- select KERNEL_MEMCG
- select KERNEL_KEYS
- select KERNEL_POSIX_MQUEUE
- help
- Select needed kernel options for Docker. Options include
- cgroups, namespaces and other miscellaneous options.
- see also https://github.com/docker/engine/blob/master/contrib/check-config.sh
-
-config DOCKER_SECCOMP
- bool "Enable support for seccomp in Docker"
- depends on PACKAGE_docker-ce
- default n
- select KERNEL_SECCOMP
- select PACKAGE_libseccomp
- help
- Build Docker with support for seccomp filters.
- Select libseccomp which also pulls-in the needed kernel features.
-
-config DOCKER_RES_SHAPE
- bool "Enables support for resource shaping"
- depends on PACKAGE_docker-ce
- default n
- select KERNEL_MEMCG_SWAP
- select KERNEL_MEMCG_SWAP_ENABLED
- select KERNEL_BLK_DEV_THROTTLING
- select KERNEL_CFQ_GROUP_IOSCHED
- select KERNEL_CGROUP_PERF
- select KERNEL_CGROUP_HUGETLB
- select KERNEL_FAIR_GROUP_SCHED
- select KERNEL_NET_CLS_CGROUP
- select KERNEL_CGROUP_NET_CLASSID
- select KERNEL_CGROUP_NET_PRIO
- select KERNEL_CFS_BANDWIDTH
- select KERNEL_RT_GROUP_SCHED
-
-menu "Network"
- depends on PACKAGE_docker-ce
-
- config DOCKER_NET_OVERLAY
- bool "Enables the Overlay network feature"
- default n
- select PACKAGE_kmod-udptunnel4
- help
- Selects kernel options for the Overlay network feature.
- Includes udptunnel4
-
- config DOCKER_NET_ENCRYPT
- bool "Enable encrypted networking kernel support"
- depends on DOCKER_NET_OVERLAY
- default n
- select PACKAGE_kmod-ipsec
- select PACKAGE_kmod-ipsec4
- select PACKAGE_kmod-crypto-gcm
- select PACKAGE_kmod-crypto-ghash
- help
- Select needed kernel options for encrypted networking support.
-
- config DOCKER_NET_MACVLAN
- bool "Enables macvlan kernel support"
- default n
- select PACKAGE_kmod-macvlan
- select PACKAGE_kmod-dummy
-
- config DOCKER_NET_TFTP
- bool "Enable ftp/tftp client kernel support"
- default n
- select PACKAGE_kmod-nf-nathelper
- select PACKAGE_kmod-nf-nathelper-extra
-endmenu
-
-menu "Storage"
- depends on PACKAGE_docker-ce
-
- config DOCKER_STO_EXT4
- bool "Enables support for ext3 or ext4 as the backing filesystem"
- default n
- select KERNEL_EXT4_FS_POSIX_ACL
-
- config DOCKER_STO_BTRFS
- bool "Enables support for btrfs as the backing filesystem"
- default n
- select PACKAGE_kmod-fs-btrfs
- select KERNEL_BTRFS_FS_POSIX_ACL
-endmenu
+++ /dev/null
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=docker-ce
-PKG_VERSION:=19.03.13
-PKG_RELEASE:=5
-PKG_LICENSE:=Apache-2.0
-PKG_LICENSE_FILES:=components/cli/LICENSE components/engine/LICENSE
-
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://codeload.github.com/docker/docker-ce/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=b2ff08675738031b6d6d59a90226657c16726851957c11b5fb85a4598b933b92
-PKG_SOURCE_VERSION:=4484c46d9d # SHA1 used within the docker executables
-
-PKG_MAINTAINER:=Gerard Ryan <G.M0N3Y.2503@gmail.com>
-
-# $(1) = path to dependent package 'Makefile'
-# $(2) = relevant docker-ce '.installer' file
-define EnsureVendoredVersion
- ( \
- DEP_VER=$$$$( grep --only-matching --perl-regexp '(?<=PKG_SOURCE_VERSION:=)(.*)' "$(1)" ); \
- VEN_VER=$$$$( grep --only-matching --perl-regexp '(?<=_COMMIT:=)(.*)(?=})' "$(PKG_BUILD_DIR)/components/engine/hack/dockerfile/install/$(2)" ); \
- if [ $$$$VEN_VER != $$$$DEP_VER ]; then \
- echo "ERROR: Expected 'PKG_SOURCE_VERSION:=$$$$VEN_VER' in '$(1)', found 'PKG_SOURCE_VERSION:=$$$$DEP_VER'"; \
- exit 1; \
- fi \
- )
-endef
-
-PKG_BUILD_DEPENDS:=golang/host
-PKG_BUILD_PARALLEL:=1
-
-GO_PKG:=github.com/docker
-
-include $(INCLUDE_DIR)/package.mk
-include ../../lang/golang/golang-package.mk
-
-define Package/docker-ce/config
- source "$(SOURCE)/Config.in"
-endef
-
-define Package/docker-ce
- SECTION:=utils
- CATEGORY:=Utilities
- TITLE:=Docker Community Edition
- URL:=https://www.docker.com/
- DEPENDS:=$(GO_ARCH_DEPENDS) @(aarch64||arm||x86_64) +btrfs-progs +ca-certificates +cgroupfs-mount +containerd +libdevmapper +libnetwork +tini \
- +DOCKER_SECCOMP:libseccomp +iptables-mod-extra +kmod-br-netfilter +kmod-ikconfig +kmod-nf-conntrack-netlink +kmod-nf-ipvs +kmod-veth
- USERID:=docker:docker
- MENU:=1
-endef
-
-define Package/docker-ce/conffiles
-/etc/config/dockerd
-endef
-
-define Package/docker-ce/description
- Docker Engine is used by millions enables containerized applications
- to run anywhere consistently on any infrastructure.
-endef
-
-define Build/Prepare
- $(Build/Prepare/Default)
-
- # Verify dependencies are the vendored version
- $(call EnsureVendoredVersion,../containerd/Makefile,containerd.installer)
- $(call EnsureVendoredVersion,../libnetwork/Makefile,proxy.installer)
- $(call EnsureVendoredVersion,../runc/Makefile,runc.installer)
- $(call EnsureVendoredVersion,../tini/Makefile,tini.installer)
-endef
-
-define Build/Configure
- # move so GoPackage/Build/Configure will get the correct path
- mv $(PKG_BUILD_DIR)/components/engine $(PKG_BUILD_DIR)/
- mv $(PKG_BUILD_DIR)/components/cli $(PKG_BUILD_DIR)/
-
- # docker generates files at build time so we'll just symlink for now and call GoPackage/Build/Configure later
- mkdir -p $(GO_PKG_BUILD_DIR)/bin \
- $(GO_PKG_BUILD_DIR)/src \
- $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/ \
- $(GO_BUILD_CACHE_DIR)
- $(LN) $(PKG_BUILD_DIR)/cli $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/cli
- $(LN) $(PKG_BUILD_DIR)/engine $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/docker
-endef
-
-ifeq ($(CONFIG_DOCKER_SECCOMP),y)
-BUILDTAGS:=seccomp
-else
-BUILDTAGS:=
-endif
-
-define Build/Compile
- ( \
- export $(GO_PKG_VARS) \
- GITCOMMIT=$(PKG_SOURCE_VERSION) \
- DOCKER_GITCOMMIT=$(PKG_SOURCE_VERSION) \
- DOCKER_BUILDTAGS='$(BUILDTAGS)' \
- VERSION=$(PKG_VERSION) \
- \
- && echo "Compiling CLI..." \
- && cd $(PKG_BUILD_DIR)/cli \
- && ./scripts/build/binary \
- \
- && echo "Compiling Engine..." \
- && cd $(PKG_BUILD_DIR)/engine \
- && ./hack/make.sh binary \
- )
-
- # done here to include autogenerated files also
- rm $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/cli
- rm $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/docker
- $(call GoPackage/Build/Configure)
-endef
-
-define Package/docker-ce/install
- $(INSTALL_DIR) $(1)/usr/bin/
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/cli/build/docker $(1)/usr/bin/
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/engine/bundles/binary-daemon/dockerd $(1)/usr/bin/
-
- $(INSTALL_DIR) $(1)/opt/docker/
- $(INSTALL_DIR) $(1)/usr/share/docker/
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/engine/contrib/check-config.sh $(1)/usr/share/docker/
-
- $(INSTALL_DIR) $(1)/etc/init.d
- $(INSTALL_BIN) ./files/dockerd.init $(1)/etc/init.d/dockerd
-
- $(INSTALL_DIR) $(1)/etc/config
- $(INSTALL_CONF) ./files/etc/config/dockerd $(1)/etc/config/dockerd
-
- # Must be after systcl 11-br-netfilter.conf from kmod-br-netfilter
- $(INSTALL_DIR) $(1)/etc/sysctl.d
- $(INSTALL_DATA) ./files/etc/sysctl.d/sysctl-br-netfilter-ip.conf \
- $(1)/etc/sysctl.d/12-br-netfilter-ip.conf
-endef
-
-define Package/docker-ce/postinst
-#!/bin/sh
-[ -n "$$IPKG_INSTROOT" ] || {
- /etc/init.d/dockerd enable
- /etc/init.d/dockerd uciadd
- /etc/init.d/dockerd start
-}
-endef
-
-define Package/docker-ce/prerm
-#!/bin/sh
-[ -n "$$IPKG_INSTROOT" ] || {
- /etc/init.d/dockerd disable
- /etc/init.d/dockerd stop
- /etc/init.d/dockerd ucidel
-}
-endef
-
-$(eval $(call BuildPackage,docker-ce))
+++ /dev/null
-#!/bin/sh /etc/rc.common
-
-USE_PROCD=1
-START=25
-
-extra_command "uciadd" "<interface> <device> <zone> Add docker bridge configuration to network and firewall uci config"
-extra_command "ucidel" "<interface> <device> <zone> Delete docker bridge configuration from network and firewall uci config"
-
-DOCKER_CONF_DIR="/tmp/dockerd"
-DOCKERD_CONF="${DOCKER_CONF_DIR}/daemon.json"
-
-uci_quiet() {
- uci -q "${@}" >/dev/null
-}
-
-json_add_array_string() {
- json_add_string "" "${1}"
-}
-
-boot() {
- uciadd
- rc_procd start_service
-}
-
-uciadd() {
- local iface="${1}"
- local device="${2}"
- local zone="${3}"
-
- [ -z "${iface}" ] && {
- iface="docker"
- device="docker0"
- zone="docker"
- }
-
- /etc/init.d/dockerd running && {
- echo "Please stop dockerd service first"
- exit 0
- }
-
- # Add network interface
- if ! uci_quiet get network.${iface}; then
- logger -t "dockerd-init" -p notice "Adding docker default interface to network uci config (${iface})"
- uci_quiet add network interface
- uci_quiet rename network.@interface[-1]="${iface}"
- uci_quiet set network.@interface[-1].ifname="${device}"
- uci_quiet set network.@interface[-1].proto="none"
- uci_quiet set network.@interface[-1].auto="0"
- uci_quiet commit network
- fi
-
- # Add docker bridge device
- if ! uci_quiet get network.${device}; then
- logger -t "dockerd-init" -p notice "Adding docker default bridge device to network uci config (${device})"
- uci_quiet add network device
- uci_quiet rename network.@device[-1]="${device}"
- uci_quiet set network.@device[-1].type="bridge"
- uci_quiet set network.@device[-1].name="${device}"
- uci_quiet add_list network.@device[-1].ifname="${device}"
- uci_quiet commit network
- fi
-
- # Add firewall zone
- if ! uci_quiet get firewall.${zone}; then
- logger -t "dockerd-init" -p notice "Adding docker default firewall zone to firewall uci config (${zone})"
- uci_quiet add firewall zone
- uci_quiet rename firewall.@zone[-1]="${zone}"
- uci_quiet set firewall.@zone[-1].network="${iface}"
- uci_quiet set firewall.@zone[-1].input="REJECT"
- uci_quiet set firewall.@zone[-1].output="ACCEPT"
- uci_quiet set firewall.@zone[-1].forward="REJECT"
- uci_quiet set firewall.@zone[-1].name="${zone}"
- uci_quiet commit firewall
- fi
-
- reload_config
-}
-
-ucidel() {
- local iface="${1}"
- local device="${2}"
- local zone="${3}"
-
- [ -z "${iface}" ] && {
- iface="docker"
- device="docker0"
- zone="docker"
- }
-
- /etc/init.d/dockerd running && {
- echo "Please stop dockerd service first"
- exit 0
- }
-
- if uci_quiet get network.${device}; then
- logger -t "dockerd-init" -p notice "Deleting docker default bridge device from network uci config (${device})"
- uci_quiet delete network.${device}
- uci_quiet commit network
- fi
-
- if uci_quiet get network.${iface}; then
- logger -t "dockerd-init" -p notice "Deleting docker default interface from network uci config (${iface})"
- uci_quiet delete network.${iface}
- uci_quiet commit network
- fi
-
- if uci_quiet get firewall.${zone}; then
- logger -t "dockerd-init" -p notice "Deleting docker firewall zone from firewall uci config (${zone})"
- uci_quiet delete firewall.${zone}
- uci_quiet commit firewall
- fi
-
- reload_config
-}
-
-process_config() {
- local alt_config_file data_root log_level iptables bip
-
- [ -f /etc/config/dockerd ] || {
- # Use the daemon default configuration
- DOCKERD_CONF=""
- return 0
- }
-
- # reset configuration
- rm -fr "${DOCKER_CONF_DIR}"
- mkdir -p "${DOCKER_CONF_DIR}"
-
- config_load 'dockerd'
- config_get alt_config_file globals alt_config_file
- [ -n "${alt_config_file}" ] && [ -f "${alt_config_file}" ] && {
- ln -s "${alt_config_file}" "${DOCKERD_CONF}"
- return 0
- }
-
- config_get data_root globals data_root "/opt/docker/"
- config_get log_level globals log_level "warn"
- config_get_bool iptables globals iptables "1"
- config_get bip globals bip ""
-
- . /usr/share/libubox/jshn.sh
- json_init
- json_add_string "data-root" "${data_root}"
- json_add_string "log-level" "${log_level}"
- [ -z "${bip}" ] || json_add_string "bip" "${bip}"
- json_add_array "registry-mirrors"
- config_list_foreach globals registry_mirrors json_add_array_string
- json_close_array
- json_add_array "hosts"
- config_list_foreach globals hosts json_add_array_string
- json_close_array
-
- json_add_boolean iptables "${iptables}"
- [ "${iptables}" -ne "0" ] && config_foreach iptables_add_blocking_rule firewall
-
- json_dump > "${DOCKERD_CONF}"
-}
-
-start_service() {
- local nofile=$(cat /proc/sys/fs/nr_open)
-
- process_config
-
- procd_open_instance
- procd_set_param stderr 1
- if [ -z "${DOCKERD_CONF}" ]; then
- procd_set_param command /usr/bin/dockerd
- else
- procd_set_param command /usr/bin/dockerd --config-file="${DOCKERD_CONF}"
- fi
- procd_set_param limits nofile="${nofile} ${nofile}"
- procd_close_instance
-}
-
-reload_service() {
- process_config
- procd_send_signal dockerd
-}
-
-service_triggers() {
- procd_add_reload_trigger 'dockerd'
-}
-
-iptables_add_blocking_rule() {
- local cfg="${1}"
-
- local device=""
- local extra_iptables_args=""
-
- handle_iptables_rule() {
- local interface="${1}"
- local outbound="${2}"
- local extra_iptables_args="${3}"
-
- local inbound=""
-
- . /lib/functions/network.sh
- network_get_physdev inbound "${interface}"
-
- [ -z "${inbound}" ] && {
- logger -t "dockerd-init" -p notice "Unable to get physical device for interface ${interface}"
- return
- }
-
- # Ignore errors as it might already be present
- iptables --table filter --new DOCKER-USER 2>/dev/null
- if ! iptables --table filter --check DOCKER-USER --in-interface "${inbound}" --out-interface "${outbound}" ${extra_iptables_args} --jump DROP 2>/dev/null; then
- logger -t "dockerd-init" -p notice "Drop traffic from ${inbound} to ${outbound}"
- iptables --table filter --insert DOCKER-USER --in-interface "${inbound}" --out-interface "${outbound}" ${extra_iptables_args} --jump DROP
- fi
- }
-
- config_get device "${cfg}" device
-
- [ -z "${device}" ] && {
- logger -t "dockerd-init" -p notice "No device configured for ${cfg}"
- return
- }
-
- config_get extra_iptables_args "${cfg}" extra_iptables_args
- config_list_foreach "${cfg}" blocked_interfaces handle_iptables_rule "${device}" "${extra_iptables_args}"
-}
-
-stop_service() {
- if /etc/init.d/dockerd running; then
- service_stop "/usr/bin/dockerd"
- fi
-}
+++ /dev/null
-# The following settings require a restart of docker to take full effect, A reload will only have partial or no effect:
-# bip
-# blocked_interfaces
-# extra_iptables_args
-# device
-
-config globals 'globals'
-# option alt_config_file "/etc/docker/daemon.json"
- option data_root "/opt/docker/"
- option log_level "warn"
- list hosts "unix:///var/run/docker.sock"
- option bip "172.18.0.1/24"
-# option iptables "0"
-# list registry_mirrors "https://<my-docker-mirror-host>"
-# list registry_mirrors "https://hub.docker.com"
-
-# Docker ignores fw3 rules and by default all external source IPs are allowed to connect to the Docker host.
-# See https://docs.docker.com/network/iptables/ for more details.
-# firewall config changes are only additive i.e firewall will need to be restarted first to clear old changes,
-# then docker restarted to load in new changes.
-config firewall 'firewall'
- option device 'docker0'
- list blocked_interfaces 'wan'
-# option extra_iptables_args '--match conntrack ! --ctstate RELATED,ESTABLISHED' # allow outbound connections
+++ /dev/null
-# Do not edit, changes to this file will be lost on upgrades
-# /etc/sysctl.conf can be used to customize sysctl settings
-
-# enable bridge firewalling for docker
-net.bridge.bridge-nf-call-ip6tables=1
-net.bridge.bridge-nf-call-iptables=1
-
+++ /dev/null
-Index: docker-ce-18.09.0/components/engine/hack/make.sh
-===================================================================
---- docker-ce-18.09.0.orig/components/engine/hack/make.sh
-+++ docker-ce-18.09.0/components/engine/hack/make.sh
-@@ -129,7 +129,7 @@ fi
- # with a newer libdevmapper than the one it was built with.
- if \
- command -v gcc &> /dev/null \
-- && ! ( echo -e '#include <libdevmapper.h>\nint main() { dm_task_deferred_remove(NULL); }'| gcc -xc - -o /dev/null $(pkg-config --libs devmapper) &> /dev/null ) \
-+ && ! ( echo -e '#include <libdevmapper.h>\nint main() { dm_task_deferred_remove(NULL); }'| gcc -xc - -o /dev/null $(pkg-config --libs libdevmapper) &> /dev/null ) \
- ; then
- add_buildtag libdm dlsym_deferred_remove
- fi
+++ /dev/null
-From 2fdfb4404ab811cb00227a3de111437b829e55cf Mon Sep 17 00:00:00 2001
-From: Hongxu Jia <hongxu.jia@windriver.com>
-Date: Wed, 17 Jul 2019 17:34:04 +0800
-Subject: [PATCH] imporve hardcoded CC on cross compile
-
-Since commit applied in moby [61a3285 Support cross-compile for arm]
-it hardcoded var-CC to support cross-compile for arm
-
-Correct it with "${parameter:-word}" format, it is helpful for user
-define toolchains
-
-(Use Default Values. If parameter is unset or null, the expansion of
-word is substituted. Otherwise, the value of parameter is substituted.)
-
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
-Upstream-commit: 3c701e4db1b8646c2324ae524b4e7ca1b1147a07
-Component: engine
----
- components/engine/hack/make/.binary | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/components/engine/hack/make/.binary b/components/engine/hack/make/.binary
-index 53de6749e5..66f4ca05f3 100644
---- a/components/engine/hack/make/.binary
-+++ b/components/engine/hack/make/.binary
-@@ -44,27 +44,27 @@ if [ "$(go env GOOS)/$(go env GOARCH)" != "$(go env GOHOSTOS)/$(go env GOHOSTARC
- # must be cross-compiling!
- case "$(go env GOOS)/$(go env GOARCH)" in
- windows/amd64)
-- export CC=x86_64-w64-mingw32-gcc
-+ export CC="${CC:-x86_64-w64-mingw32-gcc}"
- export CGO_ENABLED=1
- ;;
- linux/arm)
- case "${GOARM}" in
- 5|"")
-- export CC=arm-linux-gnueabi-gcc
-+ export CC="${CC:-arm-linux-gnueabi-gcc}"
- export CGO_ENABLED=1
- ;;
- 7)
-- export CC=arm-linux-gnueabihf-gcc
-+ export CC="${CC:-arm-linux-gnueabihf-gcc}"
- export CGO_ENABLED=1
- ;;
- esac
- ;;
- linux/arm64)
-- export CC=aarch64-linux-gnu-gcc
-+ export CC="${CC:-aarch64-linux-gnu-gcc}"
- export CGO_ENABLED=1
- ;;
- linux/amd64)
-- export CC=x86_64-linux-gnu-gcc
-+ export CC="${CC:-x86_64-linux-gnu-gcc}"
- export CGO_ENABLED=1
- ;;
- esac
--- /dev/null
+config DOCKER_KERNEL_OPTIONS
+ bool "Enable Basic kernel support for Docker"
+ depends on PACKAGE_docker-ce
+ default y
+ select KERNEL_CGROUPS
+ select KERNEL_CGROUP_CPUACCT
+ select KERNEL_CGROUP_DEVICE
+ select KERNEL_CGROUP_FREEZER
+ select KERNEL_CGROUP_SCHED
+ select KERNEL_NAMESPACES
+ select KERNEL_CPUSETS
+ select KERNEL_MEMCG
+ select KERNEL_KEYS
+ select KERNEL_POSIX_MQUEUE
+ help
+ Select needed kernel options for Docker. Options include
+ cgroups, namespaces and other miscellaneous options.
+ see also https://github.com/docker/engine/blob/master/contrib/check-config.sh
+
+config DOCKER_SECCOMP
+ bool "Enable support for seccomp in Docker"
+ depends on PACKAGE_docker-ce
+ default n
+ select KERNEL_SECCOMP
+ select PACKAGE_libseccomp
+ help
+ Build Docker with support for seccomp filters.
+ Select libseccomp which also pulls-in the needed kernel features.
+
+config DOCKER_RES_SHAPE
+ bool "Enables support for resource shaping"
+ depends on PACKAGE_docker-ce
+ default n
+ select KERNEL_MEMCG_SWAP
+ select KERNEL_MEMCG_SWAP_ENABLED
+ select KERNEL_BLK_DEV_THROTTLING
+ select KERNEL_CFQ_GROUP_IOSCHED
+ select KERNEL_CGROUP_PERF
+ select KERNEL_CGROUP_HUGETLB
+ select KERNEL_FAIR_GROUP_SCHED
+ select KERNEL_NET_CLS_CGROUP
+ select KERNEL_CGROUP_NET_CLASSID
+ select KERNEL_CGROUP_NET_PRIO
+ select KERNEL_CFS_BANDWIDTH
+ select KERNEL_RT_GROUP_SCHED
+
+menu "Network"
+ depends on PACKAGE_docker-ce
+
+ config DOCKER_NET_OVERLAY
+ bool "Enables the Overlay network feature"
+ default n
+ select PACKAGE_kmod-udptunnel4
+ help
+ Selects kernel options for the Overlay network feature.
+ Includes udptunnel4
+
+ config DOCKER_NET_ENCRYPT
+ bool "Enable encrypted networking kernel support"
+ depends on DOCKER_NET_OVERLAY
+ default n
+ select PACKAGE_kmod-ipsec
+ select PACKAGE_kmod-ipsec4
+ select PACKAGE_kmod-crypto-gcm
+ select PACKAGE_kmod-crypto-ghash
+ help
+ Select needed kernel options for encrypted networking support.
+
+ config DOCKER_NET_MACVLAN
+ bool "Enables macvlan kernel support"
+ default n
+ select PACKAGE_kmod-macvlan
+ select PACKAGE_kmod-dummy
+
+ config DOCKER_NET_TFTP
+ bool "Enable ftp/tftp client kernel support"
+ default n
+ select PACKAGE_kmod-nf-nathelper
+ select PACKAGE_kmod-nf-nathelper-extra
+endmenu
+
+menu "Storage"
+ depends on PACKAGE_docker-ce
+
+ config DOCKER_STO_EXT4
+ bool "Enables support for ext3 or ext4 as the backing filesystem"
+ default n
+ select KERNEL_EXT4_FS_POSIX_ACL
+
+ config DOCKER_STO_BTRFS
+ bool "Enables support for btrfs as the backing filesystem"
+ default n
+ select PACKAGE_kmod-fs-btrfs
+ select KERNEL_BTRFS_FS_POSIX_ACL
+endmenu
--- /dev/null
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=docker-ce
+PKG_VERSION:=19.03.13
+PKG_RELEASE:=5
+PKG_LICENSE:=Apache-2.0
+PKG_LICENSE_FILES:=components/cli/LICENSE components/engine/LICENSE
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://codeload.github.com/docker/docker-ce/tar.gz/v$(PKG_VERSION)?
+PKG_HASH:=b2ff08675738031b6d6d59a90226657c16726851957c11b5fb85a4598b933b92
+PKG_SOURCE_VERSION:=4484c46d9d # SHA1 used within the docker executables
+
+PKG_MAINTAINER:=Gerard Ryan <G.M0N3Y.2503@gmail.com>
+
+# $(1) = path to dependent package 'Makefile'
+# $(2) = relevant docker-ce '.installer' file
+define EnsureVendoredVersion
+ ( \
+ DEP_VER=$$$$( grep --only-matching --perl-regexp '(?<=PKG_SOURCE_VERSION:=)(.*)' "$(1)" ); \
+ VEN_VER=$$$$( grep --only-matching --perl-regexp '(?<=_COMMIT:=)(.*)(?=})' "$(PKG_BUILD_DIR)/components/engine/hack/dockerfile/install/$(2)" ); \
+ if [ $$$$VEN_VER != $$$$DEP_VER ]; then \
+ echo "ERROR: Expected 'PKG_SOURCE_VERSION:=$$$$VEN_VER' in '$(1)', found 'PKG_SOURCE_VERSION:=$$$$DEP_VER'"; \
+ exit 1; \
+ fi \
+ )
+endef
+
+PKG_BUILD_DEPENDS:=golang/host
+PKG_BUILD_PARALLEL:=1
+
+GO_PKG:=github.com/docker
+
+include $(INCLUDE_DIR)/package.mk
+include ../../lang/golang/golang-package.mk
+
+define Package/docker-ce/config
+ source "$(SOURCE)/Config.in"
+endef
+
+define Package/docker-ce
+ SECTION:=utils
+ CATEGORY:=Utilities
+ TITLE:=Docker Community Edition
+ URL:=https://www.docker.com/
+ DEPENDS:=$(GO_ARCH_DEPENDS) @(aarch64||arm||x86_64) +btrfs-progs +ca-certificates +cgroupfs-mount +containerd +libdevmapper +libnetwork +tini \
+ +DOCKER_SECCOMP:libseccomp +iptables-mod-extra +kmod-br-netfilter +kmod-ikconfig +kmod-nf-conntrack-netlink +kmod-nf-ipvs +kmod-veth
+ USERID:=docker:docker
+ MENU:=1
+endef
+
+define Package/docker-ce/conffiles
+/etc/config/dockerd
+endef
+
+define Package/docker-ce/description
+ Docker Engine is used by millions enables containerized applications
+ to run anywhere consistently on any infrastructure.
+endef
+
+define Build/Prepare
+ $(Build/Prepare/Default)
+
+ # Verify dependencies are the vendored version
+ $(call EnsureVendoredVersion,../containerd/Makefile,containerd.installer)
+ $(call EnsureVendoredVersion,../libnetwork/Makefile,proxy.installer)
+ $(call EnsureVendoredVersion,../runc/Makefile,runc.installer)
+ $(call EnsureVendoredVersion,../tini/Makefile,tini.installer)
+endef
+
+define Build/Configure
+ # move so GoPackage/Build/Configure will get the correct path
+ mv $(PKG_BUILD_DIR)/components/engine $(PKG_BUILD_DIR)/
+ mv $(PKG_BUILD_DIR)/components/cli $(PKG_BUILD_DIR)/
+
+ # docker generates files at build time so we'll just symlink for now and call GoPackage/Build/Configure later
+ mkdir -p $(GO_PKG_BUILD_DIR)/bin \
+ $(GO_PKG_BUILD_DIR)/src \
+ $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/ \
+ $(GO_BUILD_CACHE_DIR)
+ $(LN) $(PKG_BUILD_DIR)/cli $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/cli
+ $(LN) $(PKG_BUILD_DIR)/engine $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/docker
+endef
+
+ifeq ($(CONFIG_DOCKER_SECCOMP),y)
+BUILDTAGS:=seccomp
+else
+BUILDTAGS:=
+endif
+
+define Build/Compile
+ ( \
+ export $(GO_PKG_VARS) \
+ GITCOMMIT=$(PKG_SOURCE_VERSION) \
+ DOCKER_GITCOMMIT=$(PKG_SOURCE_VERSION) \
+ DOCKER_BUILDTAGS='$(BUILDTAGS)' \
+ VERSION=$(PKG_VERSION) \
+ \
+ && echo "Compiling CLI..." \
+ && cd $(PKG_BUILD_DIR)/cli \
+ && ./scripts/build/binary \
+ \
+ && echo "Compiling Engine..." \
+ && cd $(PKG_BUILD_DIR)/engine \
+ && ./hack/make.sh binary \
+ )
+
+ # done here to include autogenerated files also
+ rm $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/cli
+ rm $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/docker
+ $(call GoPackage/Build/Configure)
+endef
+
+define Package/docker-ce/install
+ $(INSTALL_DIR) $(1)/usr/bin/
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/cli/build/docker $(1)/usr/bin/
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/engine/bundles/binary-daemon/dockerd $(1)/usr/bin/
+
+ $(INSTALL_DIR) $(1)/opt/docker/
+ $(INSTALL_DIR) $(1)/usr/share/docker/
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/engine/contrib/check-config.sh $(1)/usr/share/docker/
+
+ $(INSTALL_DIR) $(1)/etc/init.d
+ $(INSTALL_BIN) ./files/dockerd.init $(1)/etc/init.d/dockerd
+
+ $(INSTALL_DIR) $(1)/etc/config
+ $(INSTALL_CONF) ./files/etc/config/dockerd $(1)/etc/config/dockerd
+
+ # Must be after systcl 11-br-netfilter.conf from kmod-br-netfilter
+ $(INSTALL_DIR) $(1)/etc/sysctl.d
+ $(INSTALL_DATA) ./files/etc/sysctl.d/sysctl-br-netfilter-ip.conf \
+ $(1)/etc/sysctl.d/12-br-netfilter-ip.conf
+endef
+
+define Package/docker-ce/postinst
+#!/bin/sh
+[ -n "$$IPKG_INSTROOT" ] || {
+ /etc/init.d/dockerd enable
+ /etc/init.d/dockerd uciadd
+ /etc/init.d/dockerd start
+}
+endef
+
+define Package/docker-ce/prerm
+#!/bin/sh
+[ -n "$$IPKG_INSTROOT" ] || {
+ /etc/init.d/dockerd disable
+ /etc/init.d/dockerd stop
+ /etc/init.d/dockerd ucidel
+}
+endef
+
+$(eval $(call BuildPackage,docker-ce))
--- /dev/null
+#!/bin/sh /etc/rc.common
+
+USE_PROCD=1
+START=25
+
+extra_command "uciadd" "<interface> <device> <zone> Add docker bridge configuration to network and firewall uci config"
+extra_command "ucidel" "<interface> <device> <zone> Delete docker bridge configuration from network and firewall uci config"
+
+DOCKER_CONF_DIR="/tmp/dockerd"
+DOCKERD_CONF="${DOCKER_CONF_DIR}/daemon.json"
+
+uci_quiet() {
+ uci -q "${@}" >/dev/null
+}
+
+json_add_array_string() {
+ json_add_string "" "${1}"
+}
+
+boot() {
+ uciadd
+ rc_procd start_service
+}
+
+uciadd() {
+ local iface="${1}"
+ local device="${2}"
+ local zone="${3}"
+
+ [ -z "${iface}" ] && {
+ iface="docker"
+ device="docker0"
+ zone="docker"
+ }
+
+ /etc/init.d/dockerd running && {
+ echo "Please stop dockerd service first"
+ exit 0
+ }
+
+ # Add network interface
+ if ! uci_quiet get network.${iface}; then
+ logger -t "dockerd-init" -p notice "Adding docker default interface to network uci config (${iface})"
+ uci_quiet add network interface
+ uci_quiet rename network.@interface[-1]="${iface}"
+ uci_quiet set network.@interface[-1].ifname="${device}"
+ uci_quiet set network.@interface[-1].proto="none"
+ uci_quiet set network.@interface[-1].auto="0"
+ uci_quiet commit network
+ fi
+
+ # Add docker bridge device
+ if ! uci_quiet get network.${device}; then
+ logger -t "dockerd-init" -p notice "Adding docker default bridge device to network uci config (${device})"
+ uci_quiet add network device
+ uci_quiet rename network.@device[-1]="${device}"
+ uci_quiet set network.@device[-1].type="bridge"
+ uci_quiet set network.@device[-1].name="${device}"
+ uci_quiet add_list network.@device[-1].ifname="${device}"
+ uci_quiet commit network
+ fi
+
+ # Add firewall zone
+ if ! uci_quiet get firewall.${zone}; then
+ logger -t "dockerd-init" -p notice "Adding docker default firewall zone to firewall uci config (${zone})"
+ uci_quiet add firewall zone
+ uci_quiet rename firewall.@zone[-1]="${zone}"
+ uci_quiet set firewall.@zone[-1].network="${iface}"
+ uci_quiet set firewall.@zone[-1].input="REJECT"
+ uci_quiet set firewall.@zone[-1].output="ACCEPT"
+ uci_quiet set firewall.@zone[-1].forward="REJECT"
+ uci_quiet set firewall.@zone[-1].name="${zone}"
+ uci_quiet commit firewall
+ fi
+
+ reload_config
+}
+
+ucidel() {
+ local iface="${1}"
+ local device="${2}"
+ local zone="${3}"
+
+ [ -z "${iface}" ] && {
+ iface="docker"
+ device="docker0"
+ zone="docker"
+ }
+
+ /etc/init.d/dockerd running && {
+ echo "Please stop dockerd service first"
+ exit 0
+ }
+
+ if uci_quiet get network.${device}; then
+ logger -t "dockerd-init" -p notice "Deleting docker default bridge device from network uci config (${device})"
+ uci_quiet delete network.${device}
+ uci_quiet commit network
+ fi
+
+ if uci_quiet get network.${iface}; then
+ logger -t "dockerd-init" -p notice "Deleting docker default interface from network uci config (${iface})"
+ uci_quiet delete network.${iface}
+ uci_quiet commit network
+ fi
+
+ if uci_quiet get firewall.${zone}; then
+ logger -t "dockerd-init" -p notice "Deleting docker firewall zone from firewall uci config (${zone})"
+ uci_quiet delete firewall.${zone}
+ uci_quiet commit firewall
+ fi
+
+ reload_config
+}
+
+process_config() {
+ local alt_config_file data_root log_level iptables bip
+
+ [ -f /etc/config/dockerd ] || {
+ # Use the daemon default configuration
+ DOCKERD_CONF=""
+ return 0
+ }
+
+ # reset configuration
+ rm -fr "${DOCKER_CONF_DIR}"
+ mkdir -p "${DOCKER_CONF_DIR}"
+
+ config_load 'dockerd'
+ config_get alt_config_file globals alt_config_file
+ [ -n "${alt_config_file}" ] && [ -f "${alt_config_file}" ] && {
+ ln -s "${alt_config_file}" "${DOCKERD_CONF}"
+ return 0
+ }
+
+ config_get data_root globals data_root "/opt/docker/"
+ config_get log_level globals log_level "warn"
+ config_get_bool iptables globals iptables "1"
+ config_get bip globals bip ""
+
+ . /usr/share/libubox/jshn.sh
+ json_init
+ json_add_string "data-root" "${data_root}"
+ json_add_string "log-level" "${log_level}"
+ [ -z "${bip}" ] || json_add_string "bip" "${bip}"
+ json_add_array "registry-mirrors"
+ config_list_foreach globals registry_mirrors json_add_array_string
+ json_close_array
+ json_add_array "hosts"
+ config_list_foreach globals hosts json_add_array_string
+ json_close_array
+
+ json_add_boolean iptables "${iptables}"
+ [ "${iptables}" -ne "0" ] && config_foreach iptables_add_blocking_rule firewall
+
+ json_dump > "${DOCKERD_CONF}"
+}
+
+start_service() {
+ local nofile=$(cat /proc/sys/fs/nr_open)
+
+ process_config
+
+ procd_open_instance
+ procd_set_param stderr 1
+ if [ -z "${DOCKERD_CONF}" ]; then
+ procd_set_param command /usr/bin/dockerd
+ else
+ procd_set_param command /usr/bin/dockerd --config-file="${DOCKERD_CONF}"
+ fi
+ procd_set_param limits nofile="${nofile} ${nofile}"
+ procd_close_instance
+}
+
+reload_service() {
+ process_config
+ procd_send_signal dockerd
+}
+
+service_triggers() {
+ procd_add_reload_trigger 'dockerd'
+}
+
+iptables_add_blocking_rule() {
+ local cfg="${1}"
+
+ local device=""
+ local extra_iptables_args=""
+
+ handle_iptables_rule() {
+ local interface="${1}"
+ local outbound="${2}"
+ local extra_iptables_args="${3}"
+
+ local inbound=""
+
+ . /lib/functions/network.sh
+ network_get_physdev inbound "${interface}"
+
+ [ -z "${inbound}" ] && {
+ logger -t "dockerd-init" -p notice "Unable to get physical device for interface ${interface}"
+ return
+ }
+
+ # Ignore errors as it might already be present
+ iptables --table filter --new DOCKER-USER 2>/dev/null
+ if ! iptables --table filter --check DOCKER-USER --in-interface "${inbound}" --out-interface "${outbound}" ${extra_iptables_args} --jump DROP 2>/dev/null; then
+ logger -t "dockerd-init" -p notice "Drop traffic from ${inbound} to ${outbound}"
+ iptables --table filter --insert DOCKER-USER --in-interface "${inbound}" --out-interface "${outbound}" ${extra_iptables_args} --jump DROP
+ fi
+ }
+
+ config_get device "${cfg}" device
+
+ [ -z "${device}" ] && {
+ logger -t "dockerd-init" -p notice "No device configured for ${cfg}"
+ return
+ }
+
+ config_get extra_iptables_args "${cfg}" extra_iptables_args
+ config_list_foreach "${cfg}" blocked_interfaces handle_iptables_rule "${device}" "${extra_iptables_args}"
+}
+
+stop_service() {
+ if /etc/init.d/dockerd running; then
+ service_stop "/usr/bin/dockerd"
+ fi
+}
--- /dev/null
+# The following settings require a restart of docker to take full effect, A reload will only have partial or no effect:
+# bip
+# blocked_interfaces
+# extra_iptables_args
+# device
+
+config globals 'globals'
+# option alt_config_file "/etc/docker/daemon.json"
+ option data_root "/opt/docker/"
+ option log_level "warn"
+ list hosts "unix:///var/run/docker.sock"
+ option bip "172.18.0.1/24"
+# option iptables "0"
+# list registry_mirrors "https://<my-docker-mirror-host>"
+# list registry_mirrors "https://hub.docker.com"
+
+# Docker ignores fw3 rules and by default all external source IPs are allowed to connect to the Docker host.
+# See https://docs.docker.com/network/iptables/ for more details.
+# firewall config changes are only additive i.e firewall will need to be restarted first to clear old changes,
+# then docker restarted to load in new changes.
+config firewall 'firewall'
+ option device 'docker0'
+ list blocked_interfaces 'wan'
+# option extra_iptables_args '--match conntrack ! --ctstate RELATED,ESTABLISHED' # allow outbound connections
--- /dev/null
+# Do not edit, changes to this file will be lost on upgrades
+# /etc/sysctl.conf can be used to customize sysctl settings
+
+# enable bridge firewalling for docker
+net.bridge.bridge-nf-call-ip6tables=1
+net.bridge.bridge-nf-call-iptables=1
+
--- /dev/null
+Index: docker-ce-18.09.0/components/engine/hack/make.sh
+===================================================================
+--- docker-ce-18.09.0.orig/components/engine/hack/make.sh
++++ docker-ce-18.09.0/components/engine/hack/make.sh
+@@ -129,7 +129,7 @@ fi
+ # with a newer libdevmapper than the one it was built with.
+ if \
+ command -v gcc &> /dev/null \
+- && ! ( echo -e '#include <libdevmapper.h>\nint main() { dm_task_deferred_remove(NULL); }'| gcc -xc - -o /dev/null $(pkg-config --libs devmapper) &> /dev/null ) \
++ && ! ( echo -e '#include <libdevmapper.h>\nint main() { dm_task_deferred_remove(NULL); }'| gcc -xc - -o /dev/null $(pkg-config --libs libdevmapper) &> /dev/null ) \
+ ; then
+ add_buildtag libdm dlsym_deferred_remove
+ fi
--- /dev/null
+From 2fdfb4404ab811cb00227a3de111437b829e55cf Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Wed, 17 Jul 2019 17:34:04 +0800
+Subject: [PATCH] imporve hardcoded CC on cross compile
+
+Since commit applied in moby [61a3285 Support cross-compile for arm]
+it hardcoded var-CC to support cross-compile for arm
+
+Correct it with "${parameter:-word}" format, it is helpful for user
+define toolchains
+
+(Use Default Values. If parameter is unset or null, the expansion of
+word is substituted. Otherwise, the value of parameter is substituted.)
+
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+Upstream-commit: 3c701e4db1b8646c2324ae524b4e7ca1b1147a07
+Component: engine
+---
+ components/engine/hack/make/.binary | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/components/engine/hack/make/.binary b/components/engine/hack/make/.binary
+index 53de6749e5..66f4ca05f3 100644
+--- a/components/engine/hack/make/.binary
++++ b/components/engine/hack/make/.binary
+@@ -44,27 +44,27 @@ if [ "$(go env GOOS)/$(go env GOARCH)" != "$(go env GOHOSTOS)/$(go env GOHOSTARC
+ # must be cross-compiling!
+ case "$(go env GOOS)/$(go env GOARCH)" in
+ windows/amd64)
+- export CC=x86_64-w64-mingw32-gcc
++ export CC="${CC:-x86_64-w64-mingw32-gcc}"
+ export CGO_ENABLED=1
+ ;;
+ linux/arm)
+ case "${GOARM}" in
+ 5|"")
+- export CC=arm-linux-gnueabi-gcc
++ export CC="${CC:-arm-linux-gnueabi-gcc}"
+ export CGO_ENABLED=1
+ ;;
+ 7)
+- export CC=arm-linux-gnueabihf-gcc
++ export CC="${CC:-arm-linux-gnueabihf-gcc}"
+ export CGO_ENABLED=1
+ ;;
+ esac
+ ;;
+ linux/arm64)
+- export CC=aarch64-linux-gnu-gcc
++ export CC="${CC:-aarch64-linux-gnu-gcc}"
+ export CGO_ENABLED=1
+ ;;
+ linux/amd64)
+- export CC=x86_64-linux-gnu-gcc
++ export CC="${CC:-x86_64-linux-gnu-gcc}"
+ export CGO_ENABLED=1
+ ;;
+ esac