From a4650b242f9a06aa1db0c262da4685f638a9cd80 Mon Sep 17 00:00:00 2001
From: Justin Cormack <justin.cormack@docker.com>
Date: Mon, 17 Jul 2017 20:37:01 +0100
Subject: [PATCH] Use the upstream dind package to run docker

It is pretty close to our docker package, if we adjust the command
that is run to avoid the actual dind startup script. We can't use
the normal docker image as it does not have mkfs and so on.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
---
 blueprints/docker-for-mac/docker-17.06-ce.yml |  8 +++-
 examples/docker.yml                           |  4 +-
 pkg/docker-ce/Dockerfile                      | 48 -------------------
 pkg/docker-ce/Makefile                        |  4 --
 projects/compose/compose-dynamic.yml          |  4 +-
 projects/compose/compose-static.yml           |  4 +-
 projects/kubernetes/image-cache/Dockerfile    |  2 +-
 projects/kubernetes/kube-master.yml           |  4 +-
 projects/kubernetes/kube-node.yml             |  4 +-
 .../000_docker-bench/test-docker-bench.yml    |  4 +-
 10 files changed, 20 insertions(+), 66 deletions(-)
 delete mode 100644 pkg/docker-ce/Dockerfile
 delete mode 100644 pkg/docker-ce/Makefile

diff --git a/blueprints/docker-for-mac/docker-17.06-ce.yml b/blueprints/docker-for-mac/docker-17.06-ce.yml
index 3d64257b1..e56038da4 100644
--- a/blueprints/docker-for-mac/docker-17.06-ce.yml
+++ b/blueprints/docker-for-mac/docker-17.06-ce.yml
@@ -3,7 +3,7 @@ services:
   # Bind mounts /var/run to allow vsudd to connect to docker.sock, /var/vpnkit
   # for vpnkit coordination and /var/config/docker for the configuration file.
   - name: docker-dfm
-    image: linuxkit/docker-ce:9b937df179bdbebbc70243779978057df0b54190
+    image: docker:17.06.0-ce-dind
     capabilities:
      - all
     net: host
@@ -18,7 +18,7 @@ services:
      - /var/config/docker:/var/config/docker
      - /usr/bin/vpnkit-expose-port:/usr/bin/vpnkit-expose-port # userland proxy
      - /usr/bin/vpnkit-iptables-wrapper:/usr/bin/iptables # iptables wrapper 
-    command: [ "/usr/bin/docker-init", "/usr/bin/dockerd", "--",
+    command: [ "/usr/local/bin/docker-init", "/usr/local/bin/dockerd", "--",
             "--config-file", "/var/config/docker/daemon.json",
             "--swarm-default-advertise-addr=eth0",
             "--userland-proxy-path", "/usr/bin/vpnkit-expose-port",
@@ -27,3 +27,7 @@ services:
 files:
     - path: /var/config/docker/daemon.json
       contents: '{ "debug": true }'
+
+trust:
+    org:
+        - library
diff --git a/examples/docker.yml b/examples/docker.yml
index 885e12b0a..b119e77fe 100644
--- a/examples/docker.yml
+++ b/examples/docker.yml
@@ -30,7 +30,7 @@ services:
   - name: ntpd
     image: linuxkit/openntpd:19370f5d9bec84eb91073b7196b732f1301d9c90
   - name: docker
-    image: linuxkit/docker-ce:9b937df179bdbebbc70243779978057df0b54190
+    image: docker:17.06.0-ce-dind
     capabilities:
      - all
     net: host
@@ -41,9 +41,11 @@ services:
      - /var/lib/docker:/var/lib/docker
      - /lib/modules:/lib/modules
      - /etc/docker/daemon.json:/etc/docker/daemon.json
+    command: ["/usr/local/bin/docker-init", "/usr/local/bin/dockerd"]
 files:
   - path: etc/docker/daemon.json
     contents: '{"debug": true}'
 trust:
   org:
     - linuxkit
+    - library
diff --git a/pkg/docker-ce/Dockerfile b/pkg/docker-ce/Dockerfile
deleted file mode 100644
index fd741e1de..000000000
--- a/pkg/docker-ce/Dockerfile
+++ /dev/null
@@ -1,48 +0,0 @@
-FROM linuxkit/alpine:9bcf61f605ef0ce36cc94d59b8eac307862de6e1 AS mirror
-
-# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#runtime-dependencies
-# removed openssl as I do not think server needs it
-RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/
-RUN apk add --no-cache --initdb -p /out \
-	alpine-baselayout \
-	btrfs-progs \
-	busybox \
-	ca-certificates \
-	curl \
-	e2fsprogs \
-	e2fsprogs-extra \
-	iptables \
-	musl \
-	xfsprogs \
-	xz
-RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache
-
-FROM scratch
-COPY --from=mirror /out/ /
-
-# set up Docker group
-# set up subuid/subgid so that "--userns-remap=default" works out-of-the-box
-RUN set -x \
-	&& addgroup -S docker \
-	&& addgroup -S dockremap \
-	&& adduser -S -G dockremap dockremap \
-	&& echo 'dockremap:165536:65536' >> /etc/subuid \
-	&& echo 'dockremap:165536:65536' >> /etc/subgid
-
-# DOCKER_TYPE is stable, edge or test
-ENV DOCKER_TYPE stable
-ENV DOCKER_VERSION 17.06.0-ce
-ENV DOCKER_SHA256 e582486c9db0f4229deba9f8517145f8af6c5fae7a1243e6b07876bd3e706620
-
-# we could avoid installing client here I suppose
-RUN set -x \
-	&& curl -fSL "https://download.docker.com/linux/static/${DOCKER_TYPE}/$(uname -m)/docker-${DOCKER_VERSION}.tgz" -o docker.tgz \
-	&& echo "${DOCKER_SHA256} *docker.tgz" | sha256sum -c - \
-	&& tar -xzvf docker.tgz \
-	&& mv docker/* /usr/bin/ \
-	&& rmdir docker \
-	&& rm docker.tgz \
-	&& docker -v
-
-# use the Docker copy of tini as our init for zombie reaping
-ENTRYPOINT ["/usr/bin/docker-init", "/usr/bin/dockerd"]
diff --git a/pkg/docker-ce/Makefile b/pkg/docker-ce/Makefile
deleted file mode 100644
index efd826209..000000000
--- a/pkg/docker-ce/Makefile
+++ /dev/null
@@ -1,4 +0,0 @@
-IMAGE=docker-ce
-NETWORK=1
-
-include ../package.mk
diff --git a/projects/compose/compose-dynamic.yml b/projects/compose/compose-dynamic.yml
index 72a02db42..3bffd7d85 100644
--- a/projects/compose/compose-dynamic.yml
+++ b/projects/compose/compose-dynamic.yml
@@ -27,10 +27,9 @@ services:
   - name: ntpd
     image: linuxkit/openntpd:19370f5d9bec84eb91073b7196b732f1301d9c90
   - name: docker
-    image: linuxkit/docker-ce:9b937df179bdbebbc70243779978057df0b54190
+    image: docker:17.06.0-ce-dind
     capabilities:
      - all
-    net: host
     mounts:
      - type: cgroup
        options: ["rw","nosuid","noexec","nodev","relatime"]
@@ -39,6 +38,7 @@ services:
      - /lib/modules:/lib/modules
      - /var/run:/var/run
      - /var/html:/var/html
+    command: ["/usr/bin/docker-init", "/usr/bin/dockerd"]
   - name: compose
     image: linuxkitprojects/compose:0535e78608f57702745dfd56fbe78d28d237e469
     binds:
diff --git a/projects/compose/compose-static.yml b/projects/compose/compose-static.yml
index c6450da70..a1b4cac26 100644
--- a/projects/compose/compose-static.yml
+++ b/projects/compose/compose-static.yml
@@ -27,10 +27,9 @@ services:
   - name: ntpd
     image: linuxkit/openntpd:19370f5d9bec84eb91073b7196b732f1301d9c90
   - name: docker
-    image: linuxkit/docker-ce:9b937df179bdbebbc70243779978057df0b54190
+    image: docker:17.06.0-ce-dind
     capabilities:
      - all
-    net: host
     mounts:
      - type: cgroup
        options: ["rw","nosuid","noexec","nodev","relatime"]
@@ -39,6 +38,7 @@ services:
      - /lib/modules:/lib/modules
      - /var/run:/var/run
      - /var/html:/var/html
+    command: ["/usr/bin/docker-init", "/usr/bin/dockerd"]
   - name: compose
     image: linuxkitprojects/compose:0535e78608f57702745dfd56fbe78d28d237e469
     binds:
diff --git a/projects/kubernetes/image-cache/Dockerfile b/projects/kubernetes/image-cache/Dockerfile
index ebdfbed2f..ae402273c 100644
--- a/projects/kubernetes/image-cache/Dockerfile
+++ b/projects/kubernetes/image-cache/Dockerfile
@@ -1,4 +1,4 @@
-FROM linuxkit/docker-ce:9b937df179bdbebbc70243779978057df0b54190
+FROM docker:17.06.0-ce-dind
 ADD . /images
 ENTRYPOINT [ "/bin/sh", "-c" ]
 CMD [ "for image in /images/*.tar ; do docker image load -i $image && rm -f $image ; done" ]
diff --git a/projects/kubernetes/kube-master.yml b/projects/kubernetes/kube-master.yml
index 81a522eb8..9ac253df9 100644
--- a/projects/kubernetes/kube-master.yml
+++ b/projects/kubernetes/kube-master.yml
@@ -38,10 +38,9 @@ services:
   - name: sshd
     image: linuxkit/sshd:89b2e91d7d1bf2f40220be0e3ed586e74746cceb
   - name: docker
-    image: linuxkit/docker-ce:9b937df179bdbebbc70243779978057df0b54190
+    image: docker:17.06.0-ce-dind
     capabilities:
      - all
-    net: host
     pid: host
     mounts:
      - type: cgroup
@@ -54,6 +53,7 @@ services:
      - /etc/cni:/etc/cni:rshared,rbind
      - /opt/cni:/opt/cni:rshared,rbind
     rootfsPropagation: shared
+    command: ["/usr/local/bin/docker-init", "/usr/local/bin/dockerd"]
   - name: kubernetes-image-cache-common
     image: linuxkit/kubernetes:latest-image-cache-common
     binds:
diff --git a/projects/kubernetes/kube-node.yml b/projects/kubernetes/kube-node.yml
index f85667b54..bf1a099a7 100644
--- a/projects/kubernetes/kube-node.yml
+++ b/projects/kubernetes/kube-node.yml
@@ -38,10 +38,9 @@ services:
   - name: sshd
     image: linuxkit/sshd:89b2e91d7d1bf2f40220be0e3ed586e74746cceb
   - name: docker
-    image: linuxkit/docker-ce:9b937df179bdbebbc70243779978057df0b54190
+    image: docker:17.06.0-ce-dind
     capabilities:
      - all
-    net: host
     pid: host
     mounts:
      - type: cgroup
@@ -54,6 +53,7 @@ services:
      - /etc/cni:/etc/cni:rshared,rbind
      - /opt/cni:/opt/cni:rshared,rbind
     rootfsPropagation: shared
+    command: ["/usr/local/bin/docker-init", "/usr/local/bin/dockerd"]
   - name: kubernetes-image-cache-common
     image: linuxkit/kubernetes:latest-image-cache-common
     binds:
diff --git a/test/cases/030_security/000_docker-bench/test-docker-bench.yml b/test/cases/030_security/000_docker-bench/test-docker-bench.yml
index 43a8d16c5..f529a136b 100644
--- a/test/cases/030_security/000_docker-bench/test-docker-bench.yml
+++ b/test/cases/030_security/000_docker-bench/test-docker-bench.yml
@@ -24,10 +24,9 @@ services:
   - name: dhcpcd
     image: linuxkit/dhcpcd:4b7b8bb024cebb1bbb9c8026d44d7cbc8e202c41
   - name: docker
-    image: linuxkit/docker-ce:9b937df179bdbebbc70243779978057df0b54190
+    image: docker:17.06.0-ce-dind
     capabilities:
      - all
-    net: host
     mounts:
      - type: cgroup
        options: ["rw","nosuid","noexec","nodev","relatime"]
@@ -35,6 +34,7 @@ services:
      - /var/lib/docker:/var/lib/docker
      - /lib/modules:/lib/modules
      - /run:/var/run
+    command: ["/usr/local/bin/docker-init", "/usr/local/bin/dockerd"]
   - name: test-docker-bench
     image: linuxkit/test-docker-bench:4999d3484771e8466580c0dc2e479595e49faa85
     ipc: host