From fbdeaf51033541f3c6e1fde04bd77f1dd65c8ba4 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 11 Dec 2024 17:45:11 +0100 Subject: [PATCH 1/5] deb, rpm: remove libseccomp-dev, libseccomp2 dependencies We used to have `libseccomp-dev` as a build-time dependency, but this part is handled by the OCI runtime (runc). Similarly, the `libseccomp2` runtime dependency is used by `runc`, not by `dockerd` directly. The docker-ce package depends on `containerd.io`, which defines `libseccomp2` as a dependency, so we can remove it from the docker-ce package; apt-cache depends containerd.io containerd.io Depends: libc6 Depends: libseccomp2 Conflicts: containerd Conflicts: runc Replaces: containerd containerd.io Replaces: runc containerd.io Signed-off-by: Sebastiaan van Stijn --- deb/common/control | 3 --- rpm/SPECS/docker-ce.spec | 2 -- 2 files changed, 5 deletions(-) diff --git a/deb/common/control b/deb/common/control index 45687798e2..b2748a203d 100644 --- a/deb/common/control +++ b/deb/common/control @@ -12,8 +12,6 @@ Build-Depends: bash, git, libc-dev, libltdl-dev, - libseccomp-dev, - libseccomp2, libsystemd-dev, libtool, make, @@ -28,7 +26,6 @@ Architecture: linux-any Depends: containerd.io (>= 1.6.24), docker-ce-cli, iptables, - libseccomp2 (>= 2.3.0), ${shlibs:Depends} Recommends: apparmor, ca-certificates, diff --git a/rpm/SPECS/docker-ce.spec b/rpm/SPECS/docker-ce.spec index bb8cdc913d..49efd34235 100644 --- a/rpm/SPECS/docker-ce.spec +++ b/rpm/SPECS/docker-ce.spec @@ -18,7 +18,6 @@ Recommends: kmod Requires: docker-ce-cli Recommends: docker-ce-rootless-extras Requires: container-selinux >= 2:2.74 -Requires: libseccomp >= 2.3 Requires: systemd Requires: iptables %if %{undefined rhel} || 0%{?rhel} < 9 @@ -36,7 +35,6 @@ BuildRequires: gcc BuildRequires: git BuildRequires: glibc-static BuildRequires: libarchive -BuildRequires: libseccomp-devel BuildRequires: libselinux-devel BuildRequires: libtool BuildRequires: libtool-ltdl-devel From fee28deafa04144cf9e463b3888c3db8770821cc Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 11 Dec 2024 18:42:56 +0100 Subject: [PATCH 2/5] rpm: remove libselinux-devel dependency The selinux code we use is purely a go implementation, and nothing links libselinux. Signed-off-by: Sebastiaan van Stijn --- rpm/SPECS/docker-ce.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/rpm/SPECS/docker-ce.spec b/rpm/SPECS/docker-ce.spec index 49efd34235..9b3f2e2973 100644 --- a/rpm/SPECS/docker-ce.spec +++ b/rpm/SPECS/docker-ce.spec @@ -35,7 +35,6 @@ BuildRequires: gcc BuildRequires: git BuildRequires: glibc-static BuildRequires: libarchive -BuildRequires: libselinux-devel BuildRequires: libtool BuildRequires: libtool-ltdl-devel BuildRequires: make From c684248e59f808f7851eea1d5e740855d3a9ada7 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 11 Dec 2024 18:33:37 +0100 Subject: [PATCH 3/5] rpm: remove selinux-policy-devel This dependency was added in [docker@42d8fe6], at which time we were building a docker-selinux policy with additional policies, but we're now depending on the distro's `container-selinux` package and it was removed in the moby repository in [docker@bfe5cab], so we can remove it here as well. [docker@42d8fe6]: https://github.com/moby/moby/commit/42d8fe610548843376f035e1649444178f8497fb [docker@bfe5cab]: https://github.com/moby/moby/commit/bfe5cab13bf0c83624fde0ab74f223bfa15d04c2 Signed-off-by: Sebastiaan van Stijn --- rpm/SPECS/docker-ce.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/rpm/SPECS/docker-ce.spec b/rpm/SPECS/docker-ce.spec index 9b3f2e2973..b0eca945e3 100644 --- a/rpm/SPECS/docker-ce.spec +++ b/rpm/SPECS/docker-ce.spec @@ -40,7 +40,6 @@ BuildRequires: libtool-ltdl-devel BuildRequires: make BuildRequires: pkgconfig BuildRequires: pkgconfig(systemd) -BuildRequires: selinux-policy-devel BuildRequires: systemd-devel BuildRequires: tar BuildRequires: which From 85327c1b869c911ca9f3ed50fdd0b8b583c89857 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 11 Dec 2024 19:04:37 +0100 Subject: [PATCH 4/5] rpm: remove version-constraint for container-selinux The version constraint was added in e4b1c10a6b99b875cd5e37bbfef0b9a6ce58a518, later updated in a246b19b0723d41a8e58ff42d3af52fd57a7e94d to prevent old versions to be used, as they had some issues. Current version on RHEL8 (which is the oldest rpm distro we build for) is 2:2.229, so we can remove this explicit constraint. Installing: container-selinux noarch 2:2.229.0-2.module+el8.10.0+22417+2fb00970 ubi-8-appstream-rpms 71 k Signed-off-by: Sebastiaan van Stijn --- rpm/SPECS/docker-ce.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rpm/SPECS/docker-ce.spec b/rpm/SPECS/docker-ce.spec index b0eca945e3..156714adca 100644 --- a/rpm/SPECS/docker-ce.spec +++ b/rpm/SPECS/docker-ce.spec @@ -17,7 +17,7 @@ Requires: /usr/sbin/groupadd Recommends: kmod Requires: docker-ce-cli Recommends: docker-ce-rootless-extras -Requires: container-selinux >= 2:2.74 +Requires: container-selinux Requires: systemd Requires: iptables %if %{undefined rhel} || 0%{?rhel} < 9 From ffad9399d5159c5a5cd115cdc583d7bf73c1ba24 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 11 Dec 2024 18:36:33 +0100 Subject: [PATCH 5/5] deb: remove aufs-tools The AuFS storage driver was deprecated and removed, so we can remove it as a suggested dependency. Signed-off-by: Sebastiaan van Stijn --- deb/common/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deb/common/control b/deb/common/control index b2748a203d..d82904ceb3 100644 --- a/deb/common/control +++ b/deb/common/control @@ -36,7 +36,7 @@ Recommends: apparmor, pigz, procps, xz-utils -Suggests: aufs-tools [amd64], cgroupfs-mount | cgroup-lite +Suggests: cgroupfs-mount | cgroup-lite Conflicts: docker (<< 1.5~), docker-engine, docker.io