From 98568994e130e085210545964fee648bdd8f91c1 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sat, 20 Jul 2024 12:45:08 +0200 Subject: [PATCH 1/2] rpm: remove conditional weak-dependencies for CentOS/RHEL 7 These conditionals were added in incfee3a64519ec5361b406eb6439aed7e3768b7c2 and bb4bd31ab60fe5bc496021d2606882db913c5bad, because weak dependencies were introduced in CentOS/RHEL 8 and higher (see [1], [2]), but not yet available in CentOS/RHEL 7. Now that CentOS/RHEL 7 reached EOL and removed from our packaging (in 88a6cdca6c22c13641b6b288f095e1b868b6c05d, 67c89e9aa09f178771a8a804d31b3212414b5fde), all supported RPM distros now support weak dependencies, so we can remove the conditionals. [1]: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/packaging_and_distributing_software/new-features-in-rhel-8_packaging-and-distributing-software#support-for-weak-dependencies_new-features-in-rhel-8 [2]: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/packaging_and_distributing_software/new-features-in-rhel-8_packaging-and-distributing-software#boolean-dependencies-syntax Signed-off-by: Sebastiaan van Stijn --- rpm/SPECS/docker-ce-cli.spec | 9 --------- rpm/SPECS/docker-ce.spec | 8 -------- rpm/SPECS/docker-compose-plugin.spec | 6 ------ 3 files changed, 23 deletions(-) diff --git a/rpm/SPECS/docker-ce-cli.spec b/rpm/SPECS/docker-ce-cli.spec index 2dfec9c29a..6ffe9bb08b 100644 --- a/rpm/SPECS/docker-ce-cli.spec +++ b/rpm/SPECS/docker-ce-cli.spec @@ -16,17 +16,8 @@ Packager: Docker Requires: /bin/sh Requires: /usr/sbin/groupadd -# CentOS 7 and RHEL 7 do not yet support weak dependencies -# -# Note that we're not using <= 7 here, to account for other RPM distros, such -# as Fedora, which would not have the rhel macro set (so default to 0). -%if 0%{?rhel} == 7 -Requires: docker-buildx-plugin -Requires: docker-compose-plugin -%else Recommends: docker-buildx-plugin Recommends: docker-compose-plugin -%endif BuildRequires: make BuildRequires: libtool-ltdl-devel diff --git a/rpm/SPECS/docker-ce.spec b/rpm/SPECS/docker-ce.spec index c7b60b0b98..052e7a543b 100644 --- a/rpm/SPECS/docker-ce.spec +++ b/rpm/SPECS/docker-ce.spec @@ -15,15 +15,7 @@ Packager: Docker Requires: /usr/sbin/groupadd Requires: docker-ce-cli -# CentOS 7 and RHEL 7 do not yet support weak dependencies -# -# Note that we're not using <= 7 here, to account for other RPM distros, such -# as Fedora, which would not have the rhel macro set (so default to 0). -%if 0%{?rhel} == 7 -Requires: docker-ce-rootless-extras -%else Recommends: docker-ce-rootless-extras -%endif Requires: container-selinux >= 2:2.74 Requires: libseccomp >= 2.3 Requires: systemd diff --git a/rpm/SPECS/docker-compose-plugin.spec b/rpm/SPECS/docker-compose-plugin.spec index 097c6cbdbf..382069bb04 100644 --- a/rpm/SPECS/docker-compose-plugin.spec +++ b/rpm/SPECS/docker-compose-plugin.spec @@ -12,13 +12,7 @@ URL: https://github.com/docker/compose/ Vendor: Docker Packager: Docker -# CentOS 7 and RHEL 7 do not yet support weak dependencies. -# -# Note that we're not using <= 7 here, to account for other RPM distros, such -# as Fedora, which would not have the rhel macro set (so default to 0). -%if 0%{?rhel} != 7 Enhances: docker-ce-cli -%endif BuildRequires: bash From 57e225272c464e5eb5d0807d445223f50c8b7a7d Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sat, 20 Jul 2024 13:15:07 +0200 Subject: [PATCH 2/2] rpm: remove RLIMIT_NOFILE patch for EL 7 systems Now that CentOS/RHEL 7 and 8 reached EOL and removed from our packaging (in 88a6cdca6c22c13641b6b288f095e1b868b6c05d, 67c89e9aa09f178771a8a804d31b3212414b5fde), we can remove the patch. > RLIMIT_NOFILE defaults to an unusable value on EL 7 systems, but more > modern systems have sane defaults. As such, patch the systemd unit only > on EL 7 systems to ensure correct behaviour. This reverts commit 4e7a147bbcda213c77b62067f435803f5f117573. Signed-off-by: Sebastiaan van Stijn --- rpm/Makefile | 5 ----- rpm/SPECS/docker-ce.spec | 4 ---- rpm/patches/01-rlimit_nofile-rhel7.patch | 15 --------------- 3 files changed, 24 deletions(-) delete mode 100644 rpm/patches/01-rlimit_nofile-rhel7.patch diff --git a/rpm/Makefile b/rpm/Makefile index caa3cbdf93..81b8fe2db6 100644 --- a/rpm/Makefile +++ b/rpm/Makefile @@ -94,11 +94,6 @@ $(DISTROS): sources .PHONY: sources sources: rpmbuild/SOURCES/engine.tgz rpmbuild/SOURCES/cli.tgz rpmbuild/SOURCES/buildx.tgz rpmbuild/SOURCES/compose.tgz -sources: rpmbuild/SOURCES/01-rlimit_nofile-rhel7.patch - -rpmbuild/SOURCES/%.patch: - mkdir -p $(@D) - cp $(CURDIR)/patches/$(@F) $@ rpmbuild/SOURCES/engine.tgz: mkdir -p $(@D) diff --git a/rpm/SPECS/docker-ce.spec b/rpm/SPECS/docker-ce.spec index 052e7a543b..bcfaa475e9 100644 --- a/rpm/SPECS/docker-ce.spec +++ b/rpm/SPECS/docker-ce.spec @@ -5,7 +5,6 @@ Version: %{_version} Release: %{_release}%{?dist} Epoch: 3 Source0: engine.tgz -Patch0: 01-rlimit_nofile-rhel7.patch Summary: The open-source application container engine Group: Tools/Docker License: ASL 2.0 @@ -70,9 +69,6 @@ depending on a particular stack or provider. %prep %setup -q -c -n src -a 0 -%if 0%{?rhel} == 7 -%patch -p1 -P 0 -%endif %build diff --git a/rpm/patches/01-rlimit_nofile-rhel7.patch b/rpm/patches/01-rlimit_nofile-rhel7.patch deleted file mode 100644 index 55a50aff88..0000000000 --- a/rpm/patches/01-rlimit_nofile-rhel7.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff --git i/engine/contrib/init/systemd/docker.service w/engine/contrib/init/systemd/docker.service -index d8c7867057..b73ecf7363 100644 ---- i/engine/contrib/init/systemd/docker.service -+++ w/engine/contrib/init/systemd/docker.service -@@ -30,6 +30,10 @@ StartLimitInterval=60s - # in the kernel. We recommend using cgroups to do container-local accounting. - LimitNPROC=infinity - LimitCORE=infinity -+# Older systemd versions default to a LimitNOFILE of 1024:1024, which is insufficient for many -+# applications including dockerd itself and will be inherited. Raise the hard limit, while -+# preserving the soft limit for select(2). -+LimitNOFILE=1024:524288 - - # Comment TasksMax if your systemd version does not support it. - # Only systemd 226 and above support this option.