1 # Copyright 1999-2025 Gentoo Authors

     2 # Distributed under the terms of the GNU General Public License v2

     3 

     4 EAPI=8

     5 MY_PV=${PV/_/-}

     6 inherit go-module linux-info optfeature systemd toolchain-funcs udev

     7 GIT_COMMIT=c710b88579fcb5e0d53f96dcae976d79323b9166

     8 

     9 DESCRIPTION="The core functions you need to create Docker images and run Docker containers"

    10 HOMEPAGE="https://www.docker.com/"

    11 SRC_URI="https://github.com/moby/moby/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz"

    12 S="${WORKDIR}/moby-${PV}"

    13 

    14 LICENSE="Apache-2.0"

    15 SLOT="0"

    16 KEYWORDS="amd64 ~arm arm64 ppc64 ~riscv ~x86"

    17 IUSE="apparmor btrfs +container-init cuda +overlay2 seccomp selinux systemd"

    18 

    19 DEPEND="

    20 	acct-group/docker

    21 	>=dev-db/sqlite-3.7.9:3

    22 	apparmor? ( sys-libs/libapparmor )

    23 	btrfs? ( >=sys-fs/btrfs-progs-3.16.1 )

    24 	seccomp? ( >=sys-libs/libseccomp-2.2.1 )

    25 	systemd? ( sys-apps/systemd )

    26 "

    27 

    28 # https://github.com/moby/moby/blob/master/project/PACKAGERS.md#runtime-dependencies

    29 # https://github.com/moby/moby/blob/master/project/PACKAGERS.md#optional-dependencies

    30 RDEPEND="

    31 	${DEPEND}

    32 	>=net-firewall/iptables-1.4

    33 	sys-process/procps

    34 	>=dev-vcs/git-1.7

    35 	>=app-arch/xz-utils-4.9

    36 	>=app-containers/containerd-1.7.24[apparmor?,btrfs?,seccomp?]

    37 	>=app-containers/runc-1.2.2[apparmor?,seccomp?]

    38 	!app-containers/docker-proxy

    39 	!<app-containers/docker-cli-${PV}

    40 	container-init? ( >=sys-process/tini-0.19.0[static] )

    41 	cuda? ( app-containers/nvidia-container-toolkit )

    42 	selinux? ( sec-policy/selinux-docker )

    43 "

    44 

    45 # https://github.com/docker/docker/blob/master/project/PACKAGERS.md#build-dependencies

    46 BDEPEND="

    47 	dev-go/go-md2man

    48 	virtual/pkgconfig

    49 "

    50 # tests require running dockerd as root and downloading containers

    51 RESTRICT="installsources strip test"

    52 

    53 # https://bugs.gentoo.org/748984 https://github.com/etcd-io/etcd/pull/12552

    54 pkg_setup() {

    55 	# this is based on "contrib/check-config.sh" from upstream's sources

    56 	# required features.

    57 	CONFIG_CHECK="

    58 		~NAMESPACES ~NET_NS ~PID_NS ~IPC_NS ~UTS_NS

    59 		~CGROUPS ~CGROUP_CPUACCT ~CGROUP_DEVICE ~CGROUP_FREEZER ~CGROUP_SCHED ~CPUSETS ~MEMCG

    60 		~KEYS

    61 		~VETH ~BRIDGE ~BRIDGE_NETFILTER

    62 		~IP_NF_FILTER ~IP_NF_TARGET_MASQUERADE

    63 		~NETFILTER_XT_MATCH_ADDRTYPE

    64 		~NETFILTER_XT_MATCH_CONNTRACK

    65 		~NETFILTER_XT_MATCH_IPVS

    66 		~NETFILTER_XT_MARK

    67 		~IP_NF_NAT ~NF_NAT

    68 		~POSIX_MQUEUE

    69 	"

    70 	WARNING_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE: is required for bind-mounting /dev/mqueue into containers"

    71 

    72 	if kernel_is lt 4 8; then

    73 		CONFIG_CHECK+="

    74 			~DEVPTS_MULTIPLE_INSTANCES

    75 		"

    76 	fi

    77 

    78 	if kernel_is le 5 1; then

    79 		CONFIG_CHECK+="

    80 			~NF_NAT_IPV4

    81 		"

    82 	fi

    83 

    84 	if kernel_is le 5 2; then

    85 		CONFIG_CHECK+="

    86 			~NF_NAT_NEEDED

    87 		"

    88 	fi

    89 

    90 	if kernel_is ge 4 15; then

    91 		CONFIG_CHECK+="

    92 			~CGROUP_BPF

    93 		"

    94 	fi

    95 

    96 	# optional features

    97 	CONFIG_CHECK+="

    98 		~USER_NS

    99 	"

   100 

   101 	if use seccomp; then

   102 		CONFIG_CHECK+="

   103 			~SECCOMP ~SECCOMP_FILTER

   104 		"

   105 	fi

   106 

   107 	CONFIG_CHECK+="

   108 		~CGROUP_PIDS

   109 	"

   110 

   111 	if kernel_is lt 6 1; then

   112 		CONFIG_CHECK+="

   113 			~MEMCG_SWAP

   114 			"

   115 	fi

   116 

   117 	if kernel_is le 5 8; then

   118 		CONFIG_CHECK+="

   119 			~MEMCG_SWAP_ENABLED

   120 		"

   121 	fi

   122 

   123 	CONFIG_CHECK+="

   124 		~!LEGACY_VSYSCALL_NATIVE

   125 		"

   126 	if kernel_is lt 5 19; then

   127 		CONFIG_CHECK+="

   128 			~LEGACY_VSYSCALL_EMULATE

   129 			"

   130 	fi

   131 	CONFIG_CHECK+="

   132 		~!LEGACY_VSYSCALL_NONE

   133 		"

   134 	WARNING_LEGACY_VSYSCALL_NONE="CONFIG_LEGACY_VSYSCALL_NONE enabled: \

   135 		Containers with <=glibc-2.13 will not work"

   136 

   137 	if kernel_is le 4 5; then

   138 		CONFIG_CHECK+="

   139 			~MEMCG_KMEM

   140 		"

   141 	fi

   142 

   143 	if kernel_is lt 5; then

   144 		CONFIG_CHECK+="

   145 			~IOSCHED_CFQ ~CFQ_GROUP_IOSCHED

   146 		"

   147 	fi

   148 

   149 	CONFIG_CHECK+="

   150 		~BLK_CGROUP ~BLK_DEV_THROTTLING

   151 		~CGROUP_PERF

   152 		~CGROUP_HUGETLB

   153 		~NET_CLS_CGROUP ~CGROUP_NET_PRIO

   154 		~CFS_BANDWIDTH ~FAIR_GROUP_SCHED

   155 		~IP_NF_TARGET_REDIRECT

   156 		~IP_VS

   157 		~IP_VS_NFCT

   158 		~IP_VS_PROTO_TCP

   159 		~IP_VS_PROTO_UDP

   160 		~IP_VS_RR

   161 		"

   162 

   163 	if use selinux; then

   164 		CONFIG_CHECK+="

   165 			~SECURITY_SELINUX

   166 			"

   167 	fi

   168 

   169 	if use apparmor; then

   170 		CONFIG_CHECK+="

   171 			~SECURITY_APPARMOR

   172 			"

   173 	fi

   174 

   175 	# if ! is_set EXT4_USE_FOR_EXT2; then

   176 	#	check_flags EXT3_FS EXT3_FS_XATTR EXT3_FS_POSIX_ACL EXT3_FS_SECURITY

   177 	#	if ! is_set EXT3_FS || ! is_set EXT3_FS_XATTR || ! is_set EXT3_FS_POSIX_ACL || ! is_set EXT3_FS_SECURITY; then

   178 	#		echo "    $(wrap_color '(enable these ext3 configs if you are using ext3 as backing filesystem)' bold black)"

   179 	#	fi

   180 	# fi

   181 

   182 	CONFIG_CHECK+="

   183 		~EXT4_FS ~EXT4_FS_POSIX_ACL ~EXT4_FS_SECURITY

   184 	"

   185 

   186 	# if ! is_set EXT4_FS || ! is_set EXT4_FS_POSIX_ACL || ! is_set EXT4_FS_SECURITY; then

   187 	#	if is_set EXT4_USE_FOR_EXT2; then

   188 	#		echo "    $(wrap_color 'enable these ext4 configs if you are using ext3 or ext4 as backing filesystem' bold black)"

   189 	#	else

   190 	#		echo "    $(wrap_color 'enable these ext4 configs if you are using ext4 as backing filesystem' bold black)"

   191 	#	fi

   192 	# fi

   193 

   194 	# network drivers

   195 	CONFIG_CHECK+="

   196 		~VXLAN ~BRIDGE_VLAN_FILTERING

   197 		~CRYPTO ~CRYPTO_AEAD ~CRYPTO_GCM ~CRYPTO_SEQIV ~CRYPTO_GHASH

   198 		~XFRM ~XFRM_USER ~XFRM_ALGO ~INET_ESP

   199 	"

   200 	if kernel_is le 5 3; then

   201 		CONFIG_CHECK+="

   202 			~INET_XFRM_MODE_TRANSPORT

   203 		"

   204 	fi

   205 

   206 	CONFIG_CHECK+="

   207 		~IPVLAN

   208 		"

   209 	CONFIG_CHECK+="

   210 		~MACVLAN ~DUMMY

   211 		"

   212 	CONFIG_CHECK+="

   213 		~NF_NAT_FTP ~NF_CONNTRACK_FTP ~NF_NAT_TFTP ~NF_CONNTRACK_TFTP

   214 	"

   215 

   216 	# storage drivers

   217 	if use btrfs; then

   218 		CONFIG_CHECK+="

   219 			~BTRFS_FS

   220 			~BTRFS_FS_POSIX_ACL

   221 		"

   222 	fi

   223 

   224 	CONFIG_CHECK+="

   225 		~OVERLAY_FS

   226 	"

   227 

   228 	linux-info_pkg_setup

   229 }

   230 

   231 src_unpack() {

   232 	default

   233 	cd "${S}"

   234 	[[ -f go.mod ]] || ln -s vendor.mod go.mod || die

   235 	[[ -f go.sum ]] || ln -s vendor.sum go.sum || die

   236 }

   237 

   238 src_compile() {

   239 	export DOCKER_GITCOMMIT="${GIT_COMMIT}"

   240 	export VERSION=${PV}

   241 	tc-export PKG_CONFIG

   242 

   243 	# setup CFLAGS and LDFLAGS for separate build target

   244 	# see https://github.com/tianon/docker-overlay/pull/10

   245 	CGO_CFLAGS+=" -I${ESYSROOT}/usr/include"

   246 	CGO_LDFLAGS+=" -L${ESYSROOT}/usr/$(get_libdir)"

   247 

   248 	# let's set up some optional features :)

   249 	export DOCKER_BUILDTAGS=''

   250 	for gd in btrfs overlay2; do

   251 		if ! use $gd; then

   252 			DOCKER_BUILDTAGS+=" exclude_graphdriver_${gd//-/}"

   253 		fi

   254 	done

   255 

   256 	for tag in apparmor seccomp; do

   257 		if use $tag; then

   258 			DOCKER_BUILDTAGS+=" $tag"

   259 		fi

   260 	done

   261 

   262 	export AUTO_GOPATH=1

   263 	export EXCLUDE_AUTO_BUILDTAG_JOURNALD=$(usex systemd '' 'y')

   264 	export GO_MD2MAN=/usr/bin/go-md2man

   265 

   266 	# build binaries

   267 	./hack/make.sh dynbinary || die 'dynbinary failed'

   268 

   269 	# build man page

   270 	cd man || die

   271 	emake || die

   272 }

   273 

   274 src_install() {

   275 	dosym containerd /usr/bin/docker-containerd

   276 	dosym containerd-shim-runc-v2 /usr/bin/docker-containerd-shim

   277 	dosym runc /usr/bin/docker-runc

   278 	use container-init && dosym tini /usr/bin/docker-init

   279 	dobin bundles/dynbinary-daemon/dockerd

   280 	dobin bundles/dynbinary-daemon/docker-proxy

   281 	for f in dockerd-rootless-setuptool.sh dockerd-rootless.sh; do

   282 		dosym ../share/docker/contrib/${f} /usr/bin/${f}

   283 	done

   284 

   285 	newinitd contrib/init/openrc/docker.initd docker

   286 	newconfd contrib/init/openrc/docker.confd docker

   287 

   288 	systemd_dounit contrib/init/systemd/docker.{service,socket}

   289 

   290 	udev_dorules contrib/udev/*.rules

   291 

   292 	dodoc AUTHORS CONTRIBUTING.md NOTICE README.md

   293 	dodoc -r docs/*

   294 	doman man/man8/dockerd.8

   295 

   296 	# note: intentionally not using "doins" so that we preserve +x bits

   297 	dodir /usr/share/${PN}/contrib

   298 	cp -R contrib/* "${ED}/usr/share/${PN}/contrib"

   299 }

   300 

   301 pkg_postinst() {

   302 	udev_reload

   303 

   304 	elog

   305 	elog "To use Docker, the Docker daemon must be running as root. To automatically"

   306 	elog "start the Docker daemon at boot:"

   307 	if systemd_is_booted || has_version sys-apps/systemd; then

   308 		elog "  systemctl enable docker.service"

   309 	else

   310 		elog "  rc-update add docker default"

   311 	fi

   312 	elog

   313 	elog "To use Docker as a non-root user, add yourself to the 'docker' group:"

   314 	elog '  usermod -aG docker <youruser>'

   315 	elog

   316 

   317 	if has_version sys-fs/zfs; then

   318 		elog " ZFS storage driver is available"

   319 		elog " Check https://docs.docker.com/storage/storagedriver/zfs-driver for more info"

   320 		elog

   321 	fi

   322 

   323 	optfeature "rootless mode support" sys-apps/shadow

   324 	optfeature "rootless mode support" sys-apps/rootlesskit

   325 	optfeature_header "for rootless mode you also need a network stack"

   326 	optfeature "rootless mode network stack" app-containers/slirp4netns

   327 }

   328 

   329 pkg_postrm() {

   330 	udev_reload

   331 }