deb, rpm: remove libseccomp-dev, libseccomp2, libselinux-devel, selinux-policy-devel, aufs-tools dependenciies #1124
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We used to have `libseccomp-dev` as a build-time dependency, but this
part is handled by the OCI runtime (runc). Similarly, the `libseccomp2`
runtime dependency is used by `runc`, not by `dockerd` directly.
The docker-ce package depends on `containerd.io`, which defines `libseccomp2`
as a dependency, so we can remove it from the docker-ce package;
apt-cache depends containerd.io
containerd.io
Depends: libc6
Depends: libseccomp2
Conflicts: containerd
Conflicts: runc
Replaces: containerd
containerd.io
Replaces: runc
containerd.io
Signed-off-by: Sebastiaan van Stijn <[email protected]>
The selinux code we use is purely a go implementation, and nothing links libselinux. Signed-off-by: Sebastiaan van Stijn <[email protected]>
This dependency was added in [docker/docker-ce-packaging@42d8fe6], at which time we were building a docker-selinux policy with additional policies, but we're now depending on the distro's `container-selinux` package and it was removed in the moby repository in [docker/docker-ce-packaging@bfe5cab], so we can remove it here as well. [docker/docker-ce-packaging@42d8fe6]: moby/moby@42d8fe6 [docker/docker-ce-packaging@bfe5cab]: moby/moby@bfe5cab Signed-off-by: Sebastiaan van Stijn <[email protected]>
The version constraint was added in e4b1c10, later updated in a246b19 to prevent old versions to be used, as they had some issues. Current version on RHEL8 (which is the oldest rpm distro we build for) is 2:2.229, so we can remove this explicit constraint. Installing: container-selinux noarch 2:2.229.0-2.module+el8.10.0+22417+2fb00970 ubi-8-appstream-rpms 71 k Signed-off-by: Sebastiaan van Stijn <[email protected]>
The AuFS storage driver was deprecated and removed, so we can remove it as a suggested dependency. Signed-off-by: Sebastiaan van Stijn <[email protected]>
|
cc @neersighted @tianon @vvoland ptal 🤗 |
neersighted
approved these changes
Dec 12, 2024
thaJeztah
commented
Dec 12, 2024
| @@ -39,7 +36,7 @@ Recommends: apparmor, | |||
| pigz, | |||
| procps, | |||
| xz-utils | |||
| Suggests: aufs-tools [amd64], cgroupfs-mount | cgroup-lite | |||
There was a problem hiding this comment.
Double checked if it wasn't there for some other obscure purpose, but this was originally added as part of;
There was a problem hiding this comment.
☝️ looks like there's potentially some other bits left behind in moby related to AuFS; I see auplink in there, and it looks like we still account for that in our AppArmor template; https://github.com/moby/moby/blob/7faa4ecfbfe5f641578931ff120c6e0f8faae16a/contrib/apparmor/template.go#L118-L136
|
Let me bring this one in; CI is happy 😄 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
deb, rpm: remove libseccomp-dev, libseccomp2 dependencies
We used to have
libseccomp-devas a build-time dependency, but thispart is handled by the OCI runtime (runc). Similarly, the
libseccomp2runtime dependency is used by
runc, not bydockerddirectly.The docker-ce package depends on
containerd.io, which defineslibseccomp2as a dependency, so we can remove it from the docker-ce package;
rpm: remove libselinux-devel dependency
The selinux code we use is purely a go implementation, and nothing links
libselinux.
rpm: remove selinux-policy-devel
This dependency was added in docker@42d8fe6, at which time we were building
a docker-selinux policy with additional policies, but we're now depending
on the distro's
container-selinuxpackage and it was removed in the mobyrepository in docker@bfe5cab, so we can remove it here as well.
deb: remove aufs-tools
The AuFS storage driver was deprecated and removed, so we can remove it
as a suggested dependency.
rpm: remove version-constraint for container-selinux
The version constraint was added in e4b1c10,
later updated in a246b19 to prevent old
versions to be used, as they had some issues.
Current version on RHEL8 (which is the oldest rpm distro we build for) is
2:2.229, so we can remove this explicit constraint.
- A picture of a cute animal (not mandatory but encouraged)