Docker 23.0.2 has been released on March 28: https://github.com/moby/moby/releases/tag/v23.0.2 The Github advisory for the issue is here: https://github.com/moby/buildkit/security/advisories/GHSA-gc89-7gcr-jxqc But I don't know which piece of software it's referring to in its versions listed. I assume it's something that Docker/moby bundles.
Seems to be a security issue related to the docker build command part.
Status: NEW => ASSIGNED
Docker 23.0.2 has been released on April 4: https://github.com/moby/moby/releases/tag/v23.0.3 It fixes more security issues and references this advisory: https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw
Whiteboard: (none) => MGA8TOOSummary: docker new security issue CVE-2023-26054 => docker new security issues CVE-2023-26054 and CVE-2023-2884[0-2]Status comment: (none) => Fixed upstream in 23.0.3
Ping. Also good to update for functionality on par with other distros, such as user asking in https://forums.mageia.org/en/viewtopic.php?t=14941
CC: (none) => fri
https://github.com/moby/moby/releases/tag/v24.0.2 released last hour :)
@Bruno What do you think?
CC: (none) => yves.brungard_mageia
I think that it needs to be updated of course, but I already encountered issues with 23.0.2 with vendored content: ../../../../../src/vendor/github.com/docker/docker/daemon/config/config.go:16:2: use of vendored package not allowed And if you try to remove the vendored content you get another error :-( So I was stuck with that and didn't had enough time to dig more. And it won't happen till end of next week, sorry.
A new full docker stack is on its way to cauldron updates_testing. Would be great to have it tested so we can provide these updates very early in mga9 live. You'll have to install: docker-24.0.5-2.mga8.x86_64.rpm docker-containerd-1.7.3-1.mga8.x86_64.rpm opencontainers-runc-1.1.9-1.mga8.x86_64.rpm docker-logrotate-24.0.5-2.mga8.x86_64.rpm golang-github-mrunalp-fileutils-0.5.0-3.mga8.x86_64.rpm to test it. Much more details available at: https://brunocornec.wordpress.com/2023/08/17/docker-stack-updates-for-mageia-9/
Assignee: bruno => qa-bugs
Status comment: Fixed upstream in 23.0.3 => (none)
CC: (none) => bruno
Great news, thanks a lot. I was briefly playing around with it and I found out that 'docker compose' gives the result docker: 'compose' is not a docker command See 'docker --help' But the 'docker --version' command gives me the correct version of 24.0.5, build: ced099660009713e0e845eeb754e6050dbaa45d0 In this version compose should be already a docker command afaik. Not sure if I did something wrong here, or this is a bug.
CC: (none) => timoofone
docker-compose is a package, not a command. $ urpmq -i docker-compose|grep -e ^Source -e ^Summary|sort -u Source RPM : docker-compose-1.26.2-1.mga8.src.rpm Summary : Multi-container orchestration for Docker
CC: (none) => davidwhodgins
(In reply to Timo Netzer from comment #8) > Great news, thanks a lot. I was briefly playing around with it and I found > out that 'docker compose' gives the result > > docker: 'compose' is not a docker command > See 'docker --help' > > But the 'docker --version' command gives me the correct version of 24.0.5, > build: ced099660009713e0e845eeb754e6050dbaa45d0 > > In this version compose should be already a docker command afaik. > > Not sure if I did something wrong here, or this is a bug. It's the case if you also install the new docker-compose plugin which gives you the docker compose command with docker 24.0.5 *and* docker-compose-2 Tested here with success. For dave, moving from docker-compoe-1 to docker-compose-2 changes the way people have to invoke the composer: Before it was a python script called docker-compose. Now it's a docker go plugin installed and dynamically loaded by the docker compose command. Hoe that is clarifying stuff.
Now that Cauldron has transformed into Mageia 10, what is the status of this with regard to Mageia 9? According to drakrpm, Docker in Mageia 9 is version 20.10.22-1.mga9. Qarepo can't find any packages containing "docker" in the M9 update testing repos, and we have no M9 list here to work with.
CC: (none) => andrewsfarm
The package will need to be resubmitted to the build system as it is not in updates testing for m9.
Version: Cauldron => 9Keywords: (none) => feedback
I see on my mirror: 9/SRPMS/core/updates_testing/golang-github-mrunalp-fileutils-0.5.0-3.mga9.src.rpm 9/SRPMS/core/updates_testing/docker-24.0.5-2.mga9.src.rpm 9/SRPMS/core/updates_testing/docker-containerd-1.7.3-1.mga9.src.rpm 9/SRPMS/core/updates_testing/golang-1.21.0-1.mga9.src.rpm 9/SRPMS/core/updates_testing/opencontainers-runc-1.1.9-1.mga9.src.rpm We first need to have golang-1.21 validated *and* and updated on the build system so I can re-submit docker-compose v2 and docker-buildx which are not built without it. What request should I do on which ML to have the freeze push done ? Should QA test first that ?
Keywords: feedback => (none)
Check a mirror that is fully up-to-date such as http://distrib-coffee.ipsl.jussieu.fr/pub/linux/Mageia/distrib/9/SRPMS/core/updates_testing/ It currently only has ... [DIR] media_info/ 2023-08-28 19:36 - [DIR] repodata/ 2023-08-28 19:36 - [ ] darktable-4.4.2-1.mga9.src.rpm 2023-08-28 10:23 5.8M [ ] gnucobol-3.2-1.mga9.src.rpm 2023-08-27 19:49 8.0M [ ] kernel-6.4.12-1.mga9.src.rpm 2023-08-28 13:38 136M [ ] kmod-virtualbox-7.0.10-26.mga9.src.rpm 2023-08-28 14:46 165K [ ] kmod-xtables-addons-3.24-42.mga9.src.rpm 2023-08-28 14:46 142K [ ] libdrm-2.4.116-1.mga9.src.rpm 2023-08-27 16:44 521K [ ] mesa-23.1.6-1.mga9.src.rpm 2023-08-27 18:45 18M [ ] mixxx-2.3.6-1.mga9.src.rpm 2023-08-28 19:36 38M [ ] systemd-253.8-1.mga9.src.rpm 2023-08-28 14:54 12M Note that all of the m9 updates testing repos were created as empty repos as part of the release process. Mirrors that have not been updated since the release still have things from cauldron updates testing, but don't have the final iso images. After golang has been pushed as a qa validated update, request that it be pushed to the build system on the dev and/or sysadmin-discuss ml.
Oops, sorry, I removed the --delete options to my mirror to avoid issues while mga9 was syncing and forgot to add it bacK; Indeded, they are now missing :-( So I pushed first golang on cauldron and 9 for updates_testing (seems the build farm has issues on ARM) I'll now pushed the other not depending on it, that QA will be able to test, and once it's ready the rest.
Mageia 8, x86_64 Installed updates. docker-24.0.5-2.mga8.x86_64.rpm docker-containerd-1.7.3-1.mga8.x86_64.rpm opencontainers-runc-1.1.9-1.mga8.x86_64.rpm docker-logrotate-24.0.5-2.mga8.x86_64.rpm golang-github-mrunalp-fileutils-0.5.0-3.mga8.x86_64.rpm Started docker daemon. Running Bruno's docker lab examples: $ docker run hello-world Hello from Docker! This message shows that your installation appears to be working correctly. .... $ docker run -it fedora:latest bash [root@6e92aa797427 /]# <in another terminal> $ docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 6e92aa797427 fedora:latest "bash" 27 seconds ago Up 27 seconds adoring_hermann 9c35fce8ed65 hello-world "/hello" 5 minutes ago Exited (0) 5 minutes ago romantic_lamarr a791ac49e724 fedora:latest "bash" 5 weeks ago Exited (0) 5 weeks ago blissful_williamson $ docker rm a791ac49e724 a791ac49e724 <continuing docker run> [root@6e92aa797427 /]# dnf install ruby Fedora 38 - x86_64 5.7 MB/s | 83 MB 00:14 [...] Install 11 Packages Total download size: 5.5 M Installed size: 19 M Is this ok [y/N]: y [...] Installed: ruby-3.2.2-180.fc38.x86_64 ruby-default-gems-3.2.2-180.fc38.noarch [...] Complete! [root@6e92aa797427 /]# dnf install irb Last metadata expiration check: 1:02:07 ago on Tue Sep 5 15:54:12 2023. Dependencies resolved. [...] Installed: rubygem-irb-1.6.2-180.fc38.noarch Complete! [root@6e92aa797427 /]# irb irb(main):001:0> require 'prime' e': cannot load such file -- prime (LoadError) from <internal:/usr/share/rubygems/rubygems/core_ext/kernel_require.rb>: [...] <Pushing my luck there but the REPL works> [root@6e92aa797427 /]# exit $ docker run -it debian bash Unable to find image 'debian:latest' locally latest: Pulling from library/debian de4cac68b616: Pull complete Digest: sha256:b91baba9c2cae5edbe3b0ff50ae8f05157e3ae6f018372dcfc3aba224acb392b Status: Downloaded newer image for debian:latest root@5a32bd732037:/# ls /proc/sys abi debug dev fs fscache kernel net sunrpc user vm root@5a32bd732037:/# apt-get install -y cowsay fortune root@5a32bd732037:/# /usr/games/fortune | /usr/games/cowsay _________________________________________ < A day for firm decisions!!!!! Or is it? > ----------------------------------------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || root@5a32bd732037:/# exit Have a vague memory that there is a command available to test mrunalp-fileutils. Apart from that, docker looks fine for Mageia 8.
CC: (none) => tarazed25
Whiteboard: MGA8TOO => MGA8TOO MGA8-64-OK
MGA9-64, Xfce, VirtualBox The following 88 packages are going to be installed: - appstream-util-0.8.0-2.mga9.x86_64 - autoconf-2.71-5.mga9.noarch - automake-1.16.5-3.mga9.noarch - autopoint-0.21.1-2.mga9.x86_64 - cgroup-0.41-5.mga9.x86_64 - cmake-rpm-macros-9-9.mga9.noarch - ctags-6.0.0-3.mga9.x86_64 - debugedit-5.0-5.mga9.x86_64 - docbook-style-dsssl-1.79-20.mga9.noarch - docbook-style-xsl-1.79.2-6.mga9.noarch - docbook-utils-0.6.14-24.mga9.noarch - docker-24.0.5-2.mga9.x86_64 - docker-containerd-1.7.3-1.mga9.x86_64 - docker-devel-24.0.5-2.mga9.x86_64 - docker-fish-completion-24.0.5-2.mga9.x86_64 - docker-logrotate-24.0.5-2.mga9.x86_64 - docker-nano-24.0.5-2.mga9.x86_64 - docker-zsh-completion-24.0.5-2.mga9.x86_64 - dwz-0.15-1.mga9.x86_64 - efi-srpm-macros-5-3.mga9.noarch - elfutils-0.189-1.mga9.x86_64 - fish-3.6.1-1.mga9.x86_64 - fonts-srpm-macros-2.0.5-6.mga9.noarch - gcc-12.3.0-3.mga9.x86_64 - gcc-c++-12.3.0-3.mga9.x86_64 - gcc-cpp-12.3.0-3.mga9.x86_64 - gcc-plugins-12.3.0-3.mga9.x86_64 - gdb-headless-12.1-7.mga9.x86_64 - gdb-minimal-12.1-7.mga9.x86_64 - glibc-2.36-49.mga9.x86_64 - glibc-devel-2.36-49.mga9.x86_64 - go-srpm-macros-3.2.0-1.mga9.noarch - golang-1.21.0-1.mga9.x86_64 - golang-bin-1.21.0-1.mga9.x86_64 - golang-src-1.21.0-1.mga9.noarch - gtk-doc-1.33.2-6.mga9.noarch - guile3.0-runtime-3.0.8-2.mga9.x86_64 - help2man-1.49.3-1.mga9.noarch - isl-0.24-2.mga9.x86_64 - kernel-userspace-headers-6.5.3-1.mga9.x86_64 - lib64babeltrace1-1.5.11-1.mga9.x86_64 - lib64cgroup1-0.41-5.mga9.x86_64 - lib64guile3.0_1-3.0.8-2.mga9.x86_64 - lib64ipt2-2.0.5-2.mga9.x86_64 - lib64isl23-0.24-2.mga9.x86_64 - lib64mpc3-1.3.1-1.mga9.x86_64 - lib64openjade0-1.3.3-0.pre1.27.mga9.x86_64 - lib64osp5-1.5.2-25.mga9.x86_64 - lib64pcre1-8.45-3.mga9.x86_64 - lib64pcre16_0-8.45-3.mga9.x86_64 - lib64pcre32_0-8.45-3.mga9.x86_64 - lib64pcreposix1-8.45-3.mga9.x86_64 - lib64source-highlight4-3.1.9-13.mga9.x86_64 - lib64xcrypt-devel-4.4.33-3.mga9.x86_64 - libgomp-devel-12.3.0-3.mga9.x86_64 - libstdc++-devel-12.3.0-3.mga9.x86_64 - libstdc++-python-devel-12.3.0-3.mga9.x86_64 - libtool-base-2.4.7-1.mga9.x86_64 - lua-srpm-macros-1-6.mga9.noarch - m4-1.4.19-2.mga9.x86_64 - make-4.4.1-1.mga9.x86_64 - ocaml-srpm-macros-7-1.mga9.noarch - opencontainers-runc-1.1.9-1.mga9.x86_64 - openjade-1.3.3-0.pre1.27.mga9.x86_64 - opensp-1.5.2-25.mga9.x86_64 - pcre-8.45-3.mga9.x86_64 - perl-Exporter-Tiny-1.6.0-1.mga9.noarch - perl-File-Slurp-9999.320.0-2.mga9.noarch - perl-List-MoreUtils-0.430.0-6.mga9.noarch - perl-List-MoreUtils-XS-0.430-5.mga9.x86_64 - perl-SGMLSpm-1.03ii-5.mga9.noarch - perl-srpm-macros-1-35.mga9.noarch - perl-YAML-1.300.0-3.mga9.noarch - perl-YAML-Tiny-1.730.0-4.mga9.noarch - python3-enchant-3.2.2-1.mga9.noarch - python3-file-magic-5.44-1.mga9.noarch - python3-pygments-2.13.0-1.mga9.noarch - python3-rpm-generators-12-9.mga9.noarch - rpm-build-4.18.0-7.mga9.x86_64 - rpm-mageia-setup-build-2.71-1.mga9.x86_64 - rpmlint-1.11-7.mga9.noarch - rpmlint-mageia-policy-0.2.29-8.mga9.noarch - rust-srpm-macros-24-1.mga9.noarch - source-highlight-3.1.9-13.mga9.x86_64 - spec-helper-0.31.24-1.mga9.noarch - xsltproc-1.1.38-1.mga9.x86_64 - zsh-5.9-3.mga9.x86_64 - zstd-1.5.5-1.mga9.x86_64 832MB of additional disk space will be used. $ docker --version Docker version 24.0.5, build ced099660009713e0e845eeb754e6050dbaa45d0 requires service to be running. That won't start: # systemctl restart docker Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xeu docker.service" for details. # systemctl status docker.service × docker.service - Docker Application Container Engine Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; preset: disabled) Active: failed (Result: exit-code) since Sat 2023-09-16 11:17:57 CDT; 12s ago TriggeredBy: × docker.socket Docs: http://docs.docker.com Process: 2027 ExecStartPre=/usr/sbin/docker-network-cleanup (code=exited, status=0/SUCCESS) Process: 2030 ExecStart=/usr/sbin/dockerd $OPTIONS $DOCKER_STORAGE_OPTIONS $DOCKER_NETWORK_OPTIONS $INSECURE_REGISTRY (code=exited, status=1/FAILURE) Process: 2039 ExecStopPost=/usr/sbin/docker-network-cleanup (code=exited, status=0/SUCCESS) Main PID: 2030 (code=exited, status=1/FAILURE) CPU: 58ms Sep 16 11:17:57 localhost systemd[1]: docker.service: Scheduled restart job, restart counter is at 3. Sep 16 11:17:57 localhost systemd[1]: Stopped docker.service. Sep 16 11:17:57 localhost systemd[1]: docker.service: Start request repeated too quickly. Sep 16 11:17:57 localhost systemd[1]: docker.service: Failed with result 'exit-code'. Sep 16 11:17:57 localhost systemd[1]: Failed to start docker.service. # journalctl -xeu docker.service Sep 16 11:17:57 localhost systemd[1]: Stopped docker.service. ░░ Subject: A stop job for unit docker.service has finished ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A stop job for unit docker.service has finished. ░░ ░░ The job identifier is 1894 and the job result is done. Sep 16 11:17:57 localhost systemd[1]: docker.service: Start request repeated too quickly. Sep 16 11:17:57 localhost systemd[1]: docker.service: Failed with result 'exit-code'. ░░ Subject: Unit failed ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ The unit docker.service has entered the 'failed' state with result 'exit-code'. Sep 16 11:17:57 localhost systemd[1]: Failed to start docker.service. ░░ Subject: A start job for unit docker.service has failed ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit docker.service has finished with a failure. ░░ ░░ The job identifier is 1894 and the job result is failed. ...skipping... Sep 16 11:17:57 localhost systemd[1]: Stopped docker.service. ░░ Subject: A stop job for unit docker.service has finished ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A stop job for unit docker.service has finished. ░░ ░░ The job identifier is 1894 and the job result is done. Sep 16 11:17:57 localhost systemd[1]: docker.service: Start request repeated too quickly. Sep 16 11:17:57 localhost systemd[1]: docker.service: Failed with result 'exit-code'. ░░ Subject: Unit failed ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ The unit docker.service has entered the 'failed' state with result 'exit-code'. Sep 16 11:17:57 localhost systemd[1]: Failed to start docker.service. ░░ Subject: A start job for unit docker.service has failed ░░ Defined-By: systemd ░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel ░░ ░░ A start job for unit docker.service has finished with a failure. ░░ ░░ The job identifier is 1894 and the job result is failed. lines 305-327/327 (END) ------------ I'm not a docker user by default - but not working for me. Note: I'm using RPM and not DNF.
CC: (none) => brtians1Keywords: (none) => feedback
@Brian with reference to comment 21. Have I missed something? Have not seen golang-1.21 in testing yet. See comment 13. Was hanging back for a full package list for docker as well. Concerning starting the service: Have you added yourself to the docker group? Problem here before I did that. The service starts alright for docker version 20.10.22 and the hello-world check succeeds.