From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id 6EzpJ3FYZl9nVAAA0tVLHw (envelope-from ) for ; Sat, 19 Sep 2020 19:13:53 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id SAL2I3FYZl8gagAA1q6Kng (envelope-from ) for ; Sat, 19 Sep 2020 19:13:53 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 9928C9401AE for ; Sat, 19 Sep 2020 19:13:52 +0000 (UTC) Received: from localhost ([::1]:57710 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kJiIx-0003X3-Hl for larch@yhetil.org; Sat, 19 Sep 2020 15:13:51 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:54562) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kJi9D-0007ho-Ma for guix-devel@gnu.org; Sat, 19 Sep 2020 15:03:47 -0400 Received: from mail-lf1-x12a.google.com ([2a00:1450:4864:20::12a]:35551) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kJi9A-0003Pb-L8 for guix-devel@gnu.org; Sat, 19 Sep 2020 15:03:47 -0400 Received: by mail-lf1-x12a.google.com with SMTP id w11so9760701lfn.2 for ; Sat, 19 Sep 2020 12:03:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=ZBtJ/xrzXFBpWDXcrwjgPTyEbMO416NiZNf1UKnl+js=; b=FAudxuLhJgMfbx5fs5DVIIFSaaurf5olhJ1y95uhzx63WgjJmFZAoFSp+raYlvEDUG 2mmVWwjHKq7lW4c9ijbftT466jEG5knjFVY9Kh5WtZqTUHfiTZtwcd7suVaEeVbeIgHI FC3hSWgy1bQe0TXR2/cntG9t//cjkemIE8Gt7WKgjE7fcUY0bEKE5OtimRxH73CEQ2Zl iOENNejzoMXBdt0prMKe1GzRzUfWPzRsVgM5AwEsVTPaDKOGpE/33fCYtWZJ4Kbh9dwm 1jF7aLgJXsiEMrDVCfm3RsPgG3szDCvpd58kjuVy7oG0Fz0wXG9x3P3dhkz0zm9esnad /Gzw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=ZBtJ/xrzXFBpWDXcrwjgPTyEbMO416NiZNf1UKnl+js=; b=CIPuKRQ3UAzC76qU/91RZ6VAhtn4HXuSeEEP3q6oCNKtbXpFGIdiUqW/+y03zfjily SS5hMmEL30SKVTNqPmygSuMJDeRnWA3i33drCUbroC4JWDlrn2TDNnmG25J8PWcFP4T9 8PRByRto2jKENuPQ2XHKm7nnAuTX8zoFJFdU7bRdzx50h2OPu3kwaUlz9TDOGivTJWUi YcCR5JFP6taYAWR9Bjlqm1OuwDfuQgMw5OxCgRU40A2LP8gAZbyR+RGbPYAH3ZPa0ncR EEOrI5lypUo6H+pbJWpBVGktoblxQ2i6OwzJccWbgEUCwgaGJPkZ6OIh//7u/5l2Z0qU m3tg== X-Gm-Message-State: AOAM531x/AMenV+l/Zlf9lFKUuigd1xXIBfngR/1pt9XbxHKtl4eu7hr pRmi04yptEKU9HX/fRvYZJmTHimWH384Rj9spmXwKSWt+mc= X-Google-Smtp-Source: ABdhPJw0dRe59BA9bIOCwzgiCC7lXcrxUfllMRd3jL6JQi2hoMtwAKdRZhiBKPjLFE2B7lfP2f+Tiel+F0d0jzVeBOM= X-Received: by 2002:ac2:43d5:: with SMTP id u21mr14879377lfl.135.1600542220657; Sat, 19 Sep 2020 12:03:40 -0700 (PDT) MIME-Version: 1.0 From: Jesse Dowell Date: Sat, 19 Sep 2020 15:03:29 -0400 Message-ID: Subject: Adjustments to Docker related packages and service To: guix-devel@gnu.org Content-Type: multipart/mixed; boundary="00000000000082ed9b05afaf463e" Received-SPF: pass client-ip=2a00:1450:4864:20::12a; envelope-from=jesse.dowell@gmail.com; helo=mail-lf1-x12a.google.com X-detected-operating-system: by eggs.gnu.org: No matching host in p0f cache. That's all we know. X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Mailman-Approved-At: Sat, 19 Sep 2020 15:13:42 -0400 X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=fail (body hash did not verify) header.d=gmail.com header.s=20161025 header.b=FAudxuLh; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Spam-Score: 1.19 X-TUID: LwI7mIMlRbaK --00000000000082ed9b05afaf463e Content-Type: multipart/alternative; boundary="00000000000082ed9905afaf463c" --00000000000082ed9905afaf463c Content-Type: text/plain; charset="UTF-8" Hello Guix, I've been maintaining a set of patches to Docker in Guix that fix/modify various aspects of the package and service in ways that are helpful to me. I'd like to get these changes upstream if possible but I don't know which of these changes might be qualified as a patch vs a bug fix. Also, it's possible that I'm unaware of side-effects that these changes might have on use-cases outside of my own scope of work. The patches are attached. I think that each patch might stand independently on its own but I haven't tested them in that configuration. A quick summary of each patch.... 0001-gnu-docker-Synchronize-docker-dependencies-with-the-.patch This patch synchronizes docker-libnetwork and go-sctp with the current version of docker. Without this patch, I've encountered some issues (I forget the specifics offhand - sorry). Also, I believe this is an appropriate change based on comments in the guix source code for the packages and build instructions I've seen elsewhere. 0002-gnu-docker-compile-docker-with-seccomp-enabled.patch I utilize docker seccomp profiles and the current version of docker on guix does not support them. This seems safe enough to enable for everyone but perhaps there's something I'm overlooking? 0003-services-docker-shepherd-service-fix-enable-proxy-op.patch This is a bug fix. I don't think the current code properly disables the userland-proxy when the option is set to false. 0004-gnu-docker-use-nftables-via-iptables-legacy.patch I'm guessing this patch won't fly as-is but it's helpful for systems using nftables instead of iptables. I could try to adjust it to make it flexible if there's any interest. That's everything. Any suggestions or comments would be much appreciated. Best, Jesse --00000000000082ed9905afaf463c Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hello Guix,

I've been maintaining a= set of patches to Docker in Guix that fix/modify various aspects of the pa= ckage and service in ways that are helpful to me.

= I'd like to get these changes upstream if possible but I don't know= which of these changes might be qualified as a patch vs a bug fix. Also, i= t's possible that I'm unaware of side-effects that these changes mi= ght have on use-cases outside of my own scope=C2=A0of work.

<= /div>
The patches are attached. I think that each patch might stand ind= ependently on its own but I haven't tested them in that configuration.<= /div>

A quick summary of each patch....

0001-gnu-docker-Synchronize-docker-dependencies-with-the-.patch

This patch synchronizes docker-libnetwork and go= -sctp with the current version of docker. Without this patch, I've enco= untered some issues (I forget the specifics offhand - sorry). Also, I belie= ve this is an appropriate change based on comments in the guix source code = for the packages and build instructions I've seen elsewhere.=C2=A0

0002-gnu-docker-compile-docker-with-seccomp-enabled.pa= tch

I utilize docker seccomp profiles and the = current version of docker on guix does not support them. This seems safe en= ough to enable for everyone but perhaps there's something I'm overl= ooking?

0003-services-docker-shepherd-service-fix-= enable-proxy-op.patch

This is a bug fix. I don= 't think the current code properly disables the userland-proxy when the= option is set to false.

0004-gnu-docker-use-nftab= les-via-iptables-legacy.patch

I'm guessing= this patch won't fly as-is but it's helpful for systems using nfta= bles instead of iptables. I could try to adjust it to make it flexible if t= here's any interest.

That's everything. An= y suggestions or comments would be much appreciated.

Best,
Jesse
--00000000000082ed9905afaf463c-- --00000000000082ed9b05afaf463e Content-Type: text/x-patch; charset="US-ASCII"; name="0001-gnu-docker-Synchronize-docker-dependencies-with-the-.patch" Content-Disposition: attachment; filename="0001-gnu-docker-Synchronize-docker-dependencies-with-the-.patch" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_kfa1hjy50 RnJvbSA1M2U4MDk3MGY2OWYyZTE1YmU4ZDMyMGE4ZTE5OTVmZmQwYmQ4Y2IwIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBKZXNzZSBEb3dlbGwgPGplc3NlZG93ZWxsQGdtYWlsLmNvbT4K RGF0ZTogU2F0LCAxOSBTZXAgMjAyMCAxMjowODoyNyAtMDQwMApTdWJqZWN0OiBbUEFUQ0ggMS80 XSBnbnU6IGRvY2tlcjogU3luY2hyb25pemUgZG9ja2VyIGRlcGVuZGVuY2llcyB3aXRoIHRoZQog Y3VycmVudCB2ZXJzaW9uIG9mIGRvY2tlci4KCi0tLQogZ251L3BhY2thZ2VzL2RvY2tlci5zY20g ICAgIHwgMTcgKysrKysrKysrKy0tLS0tLS0KIGdudS9wYWNrYWdlcy9uZXR3b3JraW5nLnNjbSB8 ICA4ICsrKysrLS0tCiAyIGZpbGVzIGNoYW5nZWQsIDE1IGluc2VydGlvbnMoKyksIDEwIGRlbGV0 aW9ucygtKQoKZGlmZiAtLWdpdCBhL2dudS9wYWNrYWdlcy9kb2NrZXIuc2NtIGIvZ251L3BhY2th Z2VzL2RvY2tlci5zY20KaW5kZXggYmM3ZTAyZWM0Ni4uNjk5MDVlNTliYiAxMDA2NDQKLS0tIGEv Z251L3BhY2thZ2VzL2RvY2tlci5zY20KKysrIGIvZ251L3BhY2thZ2VzL2RvY2tlci5zY20KQEAg LTQ4LDYgKzQ4LDggQEAKICAgIzp1c2UtbW9kdWxlIChnbnUgcGFja2FnZXMgdmVyc2lvbi1jb250 cm9sKQogICAjOnVzZS1tb2R1bGUgKGdudSBwYWNrYWdlcyB2aXJ0dWFsaXphdGlvbikpCiAKKzs7 IE5vdGUgLSB3aGVuIGNoYW5naW5nIERvY2tlciB2ZXJzaW9ucyBpdCBpcyBpbXBvcnRhbnQgdG8g dXBkYXRlIHRoZSB2ZXJzaW9ucworOzsgb2Ygc2V2ZXJhbCBhc3NvY2lhdGVkIHBhY2thZ2VzIChk b2NrZXItbGlibmV0d29yayBhbmQgZ28tc2N0cCkuCiAoZGVmaW5lICVkb2NrZXItdmVyc2lvbiAi MTkuMDMuMTIiKQogCiAoZGVmaW5lLXB1YmxpYyBweXRob24tZG9ja2VyCkBAIC0yNDYsOSArMjQ4 LDEwIEBAIG5ldHdvcmsgYXR0YWNobWVudHMuIikKIChkZWZpbmUgZG9ja2VyLWxpYm5ldHdvcmsK ICAgOzsgVGhlcmUgYXJlIG5vIHJlY2VudCByZWxlYXNlIGZvciBsaWJuZXR3b3JrLCBzbyBjaG9v c2UgdGhlIGxhc3QgY29tbWl0IG9mCiAgIDs7IHRoZSBicmFuY2ggdGhhdCBEb2NrZXIgdXNlcywg YXMgY2FuIGJlIHNlZW4gaW4gdGhlIERvY2tlciBzb3VyY2UgZmlsZQotICA7OyAnaGFjay9kb2Nr ZXJmaWxlL2luc3RhbGwvcHJveHkuaW5zdGFsbGVyJy4KLSAgKGxldCAoKGNvbW1pdCAiNDcyNWYy MTYzZmIyMTRhNjMxMmYzYmVhZTU5OTFmODM4ZWMzNjMyNiIpCi0gICAgICAgICh2ZXJzaW9uICIx OC4wOSIpCisgIDs7ICdoYWNrL2RvY2tlcmZpbGUvaW5zdGFsbC9wcm94eS5pbnN0YWxsZXInLiBO T1RFIC0gSXQgaXMgaW1wb3J0YW50IHRoYXQKKyAgOzsgdGhpcyB2ZXJzaW9uIGlzIGtlcHQgaW4g c3luYyB3aXRoIHRoZSB2ZXJzaW9uIG9mIERvY2tlciBiZWluZyB1c2VkLgorICAobGV0ICgoY29t bWl0ICIwMjZhYWJhYTY1OTgzMjgwNGIwMTc1NGFhYWRkMmMwZjQyMGM2OGI2IikKKyAgICAgICAg KHZlcnNpb24gIjE5LjAzIikKICAgICAgICAgKHJldmlzaW9uICIxIikpCiAgICAgKHBhY2thZ2UK ICAgICAgIChuYW1lICJkb2NrZXItbGlibmV0d29yayIpCkBAIC0yNTYsMTIgKzI1OSwxMiBAQCBu ZXR3b3JrIGF0dGFjaG1lbnRzLiIpCiAgICAgICAoc291cmNlIChvcmlnaW4KICAgICAgICAgICAg ICAgICAobWV0aG9kIGdpdC1mZXRjaCkKICAgICAgICAgICAgICAgICAodXJpIChnaXQtcmVmZXJl bmNlCi0gICAgICAgICAgICAgICAgICAgICAgKHVybCAiaHR0cHM6Ly9naXRodWIuY29tL2RvY2tl ci9saWJuZXR3b3JrIikKKyAgICAgICAgICAgICAgICAgICAgICAodXJsICJodHRwczovL2dpdGh1 Yi5jb20vbW9ieS9saWJuZXR3b3JrIikKICAgICAgICAgICAgICAgICAgICAgICAoY29tbWl0IGNv bW1pdCkpKQogICAgICAgICAgICAgICAgIChmaWxlLW5hbWUgKGdpdC1maWxlLW5hbWUgbmFtZSB2 ZXJzaW9uKSkKICAgICAgICAgICAgICAgICAoc2hhMjU2CiAgICAgICAgICAgICAgICAgIChiYXNl MzIKLSAgICAgICAgICAgICAgICAgICIxenBueGtpOHFmemhhNmxqYWhwd2Qzdmt6bWpoc3ZrbWY3 M3c2Y3JtNGlseHh3NXZucGZiIikpCisgICAgICAgICAgICAgICAgICAiMGJsaTIxdm41djdic3N3 M3lkeW00amZkanNsZGhiNDdmbGQ4OGtuZzdkMTM4d2w3MGxrdyIpKQogICAgICAgICAgICAgICAg IDs7IERlbGV0ZSBidW5kbGVkICgidmVuZG9yZWQiKSBmcmVlIHNvZnR3YXJlIHNvdXJjZSBjb2Rl LgogICAgICAgICAgICAgICAgIChtb2R1bGVzICcoKGd1aXggYnVpbGQgdXRpbHMpKSkKICAgICAg ICAgICAgICAgICAoc25pcHBldCAnKGJlZ2luCkBAIC0yNjksOCArMjcyLDggQEAgbmV0d29yayBh dHRhY2htZW50cy4iKQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICN0KSkpKQogICAgICAg KGJ1aWxkLXN5c3RlbSBnby1idWlsZC1zeXN0ZW0pCiAgICAgICAoYXJndW1lbnRzCi0gICAgICAg YCgjOmltcG9ydC1wYXRoICJnaXRodWIuY29tL2RvY2tlci9saWJuZXR3b3JrLyIpKQotICAgICAg KGhvbWUtcGFnZSAiaHR0cHM6Ly9naXRodWIuY29tL2RvY2tlci9saWJuZXR3b3JrLyIpCisgICAg ICAgYCgjOmltcG9ydC1wYXRoICJnaXRodWIuY29tL21vYnkvbGlibmV0d29yay8iKSkKKyAgICAg IChob21lLXBhZ2UgImh0dHBzOi8vZ2l0aHViLmNvbS9tb2J5L2xpYm5ldHdvcmsvIikKICAgICAg IChzeW5vcHNpcyAiTmV0d29ya2luZyBmb3IgY29udGFpbmVycyIpCiAgICAgICAoZGVzY3JpcHRp b24gIkxpYm5ldHdvcmsgcHJvdmlkZXMgYSBuYXRpdmUgR28gaW1wbGVtZW50YXRpb24gZm9yCiBj b25uZWN0aW5nIGNvbnRhaW5lcnMuICBUaGUgZ29hbCBvZiBAY29kZXtsaWJuZXR3b3JrfSBpcyB0 byBkZWxpdmVyIGEgcm9idXN0CmRpZmYgLS1naXQgYS9nbnUvcGFja2FnZXMvbmV0d29ya2luZy5z Y20gYi9nbnUvcGFja2FnZXMvbmV0d29ya2luZy5zY20KaW5kZXggMWMyZTdjZjk3OS4uOTY0NzAx YWYxYSAxMDA2NDQKLS0tIGEvZ251L3BhY2thZ2VzL25ldHdvcmtpbmcuc2NtCisrKyBiL2dudS9w YWNrYWdlcy9uZXR3b3JraW5nLnNjbQpAQCAtMTQzNSw4ICsxNDM1LDEwIEBAIGhhbmRsaW5nIG5l dHdvcmsgbmFtZXNwYWNlcyBpbiBHby4iKQogICAgICAgKGxpY2Vuc2UgbGljZW5zZTphc2wyLjAp KSkpCiAKIChkZWZpbmUtcHVibGljIGdvLXNjdHAKLSAgOzsgZG9ja2VyLWxpYm5ldHdvcmstY21k LXByb3h5IHJlcXVpcmVzIHRoaXMgZXhhY3QgY29tbWl0LgotICAobGV0ICgoY29tbWl0ICIwNzE5 MWY4MzdmZWRkMmYxM2QxZWM3YjVmODg1ZjBmM2VjNTRiMWNiIikKKyAgOzsgZG9ja2VyLWxpYm5l dHdvcmstY21kLXByb3h5IHJlcXVpcmVzIHRoaXMgZXhhY3QgY29tbWl0LiAgTk9URSAtIEl0IGlz CisgIDs7IGltcG9ydGFudCB0aGF0IHRoaXMgdmVyc2lvbiBpcyBrZXB0IGluIHN5bmMgd2l0aCB0 aGUgY3VycmVudCB2ZXJzaW9uIG9mCisgIDs7IERvY2tlciBhbmQgaXRzIGFzc29jaWF0ZWQgZGVw ZW5kZW5jaWVzLgorICAobGV0ICgoY29tbWl0ICI2ZTJjYjEzNjYxMTFkY2Y1NDdjMTM1MzFlM2Ey NjNhMDY3NzE1ODQ3IikKICAgICAgICAgKHJldmlzaW9uICIxIikpCiAgICAgKHBhY2thZ2UKICAg ICAgIChuYW1lICJnby1zY3RwIikKQEAgLTE0NDksNyArMTQ1MSw3IEBAIGhhbmRsaW5nIG5ldHdv cmsgbmFtZXNwYWNlcyBpbiBHby4iKQogICAgICAgICAgICAgICAgIChmaWxlLW5hbWUgKGdpdC1m aWxlLW5hbWUgbmFtZSB2ZXJzaW9uKSkKICAgICAgICAgICAgICAgICAoc2hhMjU2CiAgICAgICAg ICAgICAgICAgIChiYXNlMzIKLSAgICAgICAgICAgICAgICAgICIxbWs5bmNtMTBnd2k1cG41d2N3 NHNrYnlmNHFnN241cWRmMW1pbTRnZjNtcmNrdmk2ZzZoIikpKSkKKyAgICAgICAgICAgICAgICAg ICIxYmE5MGZtcGR3eGExYmE0aHJzamhpM2dmeTNwd216N3g4YW13MXA1ZGM5cDVhN25ucXJiIikp KSkKICAgICAgIChidWlsZC1zeXN0ZW0gZ28tYnVpbGQtc3lzdGVtKQogICAgICAgKGFyZ3VtZW50 cwogICAgICAgIGAoIzppbXBvcnQtcGF0aCAiZ2l0aHViLmNvbS9pc2hpZGF3YXRhcnUvc2N0cCIp KQotLSAKMi4yOC4wCgo= --00000000000082ed9b05afaf463e Content-Type: text/x-patch; charset="US-ASCII"; name="0003-services-docker-shepherd-service-fix-enable-proxy-op.patch" Content-Disposition: attachment; filename="0003-services-docker-shepherd-service-fix-enable-proxy-op.patch" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_kfa1hjz72 RnJvbSBlNWVjYzkwNTFhZTE0MTcyYWNiYWIxZThiODFlMDM4ZjUxYTdiZGYwIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBKZXNzZSBEb3dlbGwgPGplc3NlZG93ZWxsQGdtYWlsLmNvbT4K RGF0ZTogU2F0LCAxOSBTZXAgMjAyMCAxMjo0MDozOCAtMDQwMApTdWJqZWN0OiBbUEFUQ0ggMy80 XSBzZXJ2aWNlczogZG9ja2VyLXNoZXBoZXJkLXNlcnZpY2U6IGZpeCBlbmFibGUtcHJveHk/CiBv cHRpb24KClRoZSB1c2VybGFuZCBwcm94eSBvcHRpb24gZG9lcyBub3QgcHJvcGVybHkgZGlzYWJs ZSB0aGUgdXNlcmxhbmQgcHJveHkgd2hlbgpzZXQgdG8gZmFsc2UuIERvY2tlciBkZWZhdWx0cyB0 byBlbmFibGluZyB0aGUgdXNlcmxhbmQgcHJveHkgaWYgdGhlIG9wdGlvbiBpcwp1bnNldCBvbiB0 aGUgY29tbWFuZCBsaW5lLgotLS0KIGdudS9zZXJ2aWNlcy9kb2NrZXIuc2NtIHwgNiArKystLS0K IDEgZmlsZSBjaGFuZ2VkLCAzIGluc2VydGlvbnMoKyksIDMgZGVsZXRpb25zKC0pCgpkaWZmIC0t Z2l0IGEvZ251L3NlcnZpY2VzL2RvY2tlci5zY20gYi9nbnUvc2VydmljZXMvZG9ja2VyLnNjbQpp bmRleCBhNGVjY2M3OTI4Li5kYjdmZGQ1ZjRlIDEwMDY0NAotLS0gYS9nbnUvc2VydmljZXMvZG9j a2VyLnNjbQorKysgYi9nbnUvc2VydmljZXMvZG9ja2VyLnNjbQpAQCAtMTIxLDkgKzEyMSw5IEBA IGxvb3AtYmFjayBjb21tdW5pY2F0aW9ucy4iKQogICAgICAgICAgICAgICAgICAgICAgICAgICAg IyRAKGlmIGRlYnVnPwogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICcoIi0tZGVi dWciICItLWxvZy1sZXZlbD1kZWJ1ZyIpCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgJygpKQotICAgICAgICAgICAgICAgICAgICAgICAgICAgKGlmICMkZW5hYmxlLXByb3h5PyAi LS11c2VybGFuZC1wcm94eSIgIiIpCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAiLS11c2Vy bGFuZC1wcm94eS1wYXRoIiAoc3RyaW5nLWFwcGVuZCAjJHByb3h5Ci0gICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiL2Jpbi9w cm94eSIpCisgICAgICAgICAgICAgICAgICAgICAgICAgICAjJEAoaWYgZW5hYmxlLXByb3h5Pwor ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICcoIi0tdXNlcmxhbmQtcHJveHk9dHJ1 ZSIgKHN0cmluZy1hcHBlbmQgIi0tdXNlcmxhbmQtcHJveHktcGF0aD0iIHByb3h5ICIvYmluL3By b3h5IikpCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJygiLS11c2VybGFuZC1w cm94eT1mYWxzZSIpKQogICAgICAgICAgICAgICAgICAgICAgICAgICAgKGlmICMkZW5hYmxlLWlw dGFibGVzPwogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICItLWlwdGFibGVzIgogICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICItLWlwdGFibGVzPWZhbHNlIikpCi0tIAoyLjI4 LjAKCg== --00000000000082ed9b05afaf463e Content-Type: text/x-patch; charset="US-ASCII"; name="0002-gnu-docker-compile-docker-with-seccomp-enabled.patch" Content-Disposition: attachment; filename="0002-gnu-docker-compile-docker-with-seccomp-enabled.patch" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_kfa1hjyw1 RnJvbSAxNjNlODRiMmRjM2QxM2Q3MTZmYTFkYjI3YWI5Mzg5M2E1NDE5MzAzIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBKZXNzZSBEb3dlbGwgPGplc3NlZG93ZWxsQGdtYWlsLmNvbT4K RGF0ZTogU2F0LCAxOSBTZXAgMjAyMCAxMjozNDo0NyAtMDQwMApTdWJqZWN0OiBbUEFUQ0ggMi80 XSBnbnU6IGRvY2tlcjogY29tcGlsZSBkb2NrZXIgd2l0aCBzZWNjb21wIGVuYWJsZWQKCi0tLQog Z251L3BhY2thZ2VzL2RvY2tlci5zY20gfCAxICsKIDEgZmlsZSBjaGFuZ2VkLCAxIGluc2VydGlv bigrKQoKZGlmZiAtLWdpdCBhL2dudS9wYWNrYWdlcy9kb2NrZXIuc2NtIGIvZ251L3BhY2thZ2Vz L2RvY2tlci5zY20KaW5kZXggNjk5MDVlNTliYi4uODI1YWExZWYwZiAxMDA2NDQKLS0tIGEvZ251 L3BhY2thZ2VzL2RvY2tlci5zY20KKysrIGIvZ251L3BhY2thZ2VzL2RvY2tlci5zY20KQEAgLTUx Nyw2ICs1MTcsNyBAQCBidWlsdC1pbiByZWdpc3RyeSBzZXJ2ZXIgb2YgRG9ja2VyLiIpCiAgICAg ICAgICAgICAgI3QpKQogICAgICAgICAgKHJlcGxhY2UgJ2NvbmZpZ3VyZQogICAgICAgICAgICAo bGFtYmRhIF8KKyAgICAgICAgICAgICAoc2V0ZW52ICJET0NLRVJfQlVJTERUQUdTIiAic2VjY29t cCIpCiAgICAgICAgICAgICAgKHNldGVudiAiRE9DS0VSX0dJVENPTU1JVCIgKHN0cmluZy1hcHBl bmQgInYiICwlZG9ja2VyLXZlcnNpb24pKQogICAgICAgICAgICAgIChzZXRlbnYgIlZFUlNJT04i IChzdHJpbmctYXBwZW5kICwlZG9ja2VyLXZlcnNpb24gIi1jZSIpKQogICAgICAgICAgICAgIDs7 IEF1dG9tYXRpY2FsbHkgdXNlIGJ1bmRsZWQgZGVwZW5kZW5jaWVzLgotLSAKMi4yOC4wCgo= --00000000000082ed9b05afaf463e Content-Type: text/x-patch; charset="US-ASCII"; name="0004-gnu-docker-use-nftables-via-iptables-legacy.patch" Content-Disposition: attachment; filename="0004-gnu-docker-use-nftables-via-iptables-legacy.patch" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_kfa1hjzi3 RnJvbSBhYzMyNzc0NzdiZGE2NzQxZmYzYThhZjk1MzBjMmZkNjhlMmJiMDYyIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBKZXNzZSBEb3dlbGwgPGplc3NlZG93ZWxsQGdtYWlsLmNvbT4K RGF0ZTogU2F0LCAxOSBTZXAgMjAyMCAxMjo0NTozOSAtMDQwMApTdWJqZWN0OiBbUEFUQ0ggNC80 XSBnbnU6IGRvY2tlcjogdXNlIG5mdGFibGVzIHZpYSBpcHRhYmxlcy1sZWdhY3kKCi0tLQogZ251 L3BhY2thZ2VzL2RvY2tlci5zY20gfCA0ICsrLS0KIDEgZmlsZSBjaGFuZ2VkLCAyIGluc2VydGlv bnMoKyksIDIgZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEvZ251L3BhY2thZ2VzL2RvY2tlci5z Y20gYi9nbnUvcGFja2FnZXMvZG9ja2VyLnNjbQppbmRleCA4MjVhYTFlZjBmLi4zMjJmMDAwMjZm IDEwMDY0NAotLS0gYS9nbnUvcGFja2FnZXMvZG9ja2VyLnNjbQorKysgYi9nbnUvcGFja2FnZXMv ZG9ja2VyLnNjbQpAQCAtNDM4LDggKzQzOCw4IEBAIGJ1aWx0LWluIHJlZ2lzdHJ5IHNlcnZlciBv ZiBEb2NrZXIuIikKICAgICAgICAgICAgICAgICAgICgicHZkaXNwbGF5IiAibHZtMiIgInNiaW4v cHZkaXNwbGF5IikKICAgICAgICAgICAgICAgICAgICgiYmxraWQiICJ1dGlsLWxpbnV4IiAic2Jp bi9ibGtpZCIpCiAgICAgICAgICAgICAgICAgICAoInVucGlneiIgInBpZ3oiICJiaW4vdW5waWd6 IikKLSAgICAgICAgICAgICAgICAgICgiaXB0YWJsZXMiICJpcHRhYmxlcyIgInNiaW4vaXB0YWJs ZXMiKQotICAgICAgICAgICAgICAgICAgKCJpcHRhYmxlcy1sZWdhY3kiICJpcHRhYmxlcyIgInNi aW4vaXB0YWJsZXMiKQorICAgICAgICAgICAgICAgICAgKCJpcHRhYmxlcyIgImlwdGFibGVzIiAi c2Jpbi9pcHRhYmxlcy1uZnQiKQorICAgICAgICAgICAgICAgICAgKCJpcHRhYmxlcy1sZWdhY3ki ICJpcHRhYmxlcyIgInNiaW4vaXB0YWJsZXMtbGVnYWN5IikKICAgICAgICAgICAgICAgICAgICgi aXAiICJpcHJvdXRlMiIgInNiaW4vaXAiKSkKIAogICAgICAgICAgICAgICAgICAoc3Vic3RpdHV0 ZS1Db21tYW5kKgotLSAKMi4yOC4wCgo= --00000000000082ed9b05afaf463e--