From 3ef5f27e49f6ce3b268111337642cb02f1ff924a Mon Sep 17 00:00:00 2001
From: Dennis Chen <dennis.chen@arm.com>
Date: Fri, 14 Jul 2017 09:10:42 +0000
Subject: [PATCH 1/6] ARM64: specify external firware binary for containerized
 qemu

Current implementation uses a fixed firmware(bios) binary
installed by the build process of the qemu container image,
which will prevent us from providing an external firmware binary
outside the container. This patch removes this limitation, thus we
can assign a firware binary image file with "-fw" option.

Signed-off-by: Dennis Chen <dennis.chen@arm.com>
---
 src/cmd/linuxkit/run_qemu.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/cmd/linuxkit/run_qemu.go b/src/cmd/linuxkit/run_qemu.go
index 176feb922..210faa630 100644
--- a/src/cmd/linuxkit/run_qemu.go
+++ b/src/cmd/linuxkit/run_qemu.go
@@ -302,6 +302,13 @@ func runQemuContainer(config QemuConfig) error {
 	var args []string
 	config, args = buildQemuCmdline(config)
 
+	// if user specify the "-fw" parameter, this should override the default in container context,
+	// with "-v" option, we will have the chance to assign an external FW binary to the containerized qemu
+	// instead of the fixed FW bin instealled by the build process of the image.
+	if config.UEFI {
+		binds = append(binds, "-v", fmt.Sprintf("%[1]s:%[1]s", config.FWPath))
+	}
+
 	dockerArgs := append([]string{"run", "--interactive", "--rm", "-w", cwd}, binds...)
 	dockerArgsImg := append([]string{"run", "--rm", "-w", cwd}, binds...)
 

From 92e180c985bf5f0ce5c79ea27dd647e1667f7346 Mon Sep 17 00:00:00 2001
From: Ian Campbell <ijc@docker.com>
Date: Fri, 14 Jul 2017 11:32:28 +0100
Subject: [PATCH 2/6] alpine: stash the original /etc/apk/repositories for
 downstream use

If a user of linuxkit/alpine wants to produce an image with apk in it then it
is useful for them to have the original upstream repository list.

The new hash is linuxkit/alpine:3744607156e6b67e3e7d083b15be9e7722215e73

Signed-off-by: Ian Campbell <ijc@docker.com>
---
 tools/alpine/Dockerfile | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/tools/alpine/Dockerfile b/tools/alpine/Dockerfile
index 9d84cb095..2018615b4 100644
--- a/tools/alpine/Dockerfile
+++ b/tools/alpine/Dockerfile
@@ -27,8 +27,8 @@ RUN abuild-sign /mirror/$(uname -m)/APKINDEX.tar.gz
 # fetch OVMF for qemu EFI boot (this is not added as a package)
 RUN apk add -X http://dl-cdn.alpinelinux.org/alpine/edge/community ovmf
 
-# set this as our repo
-RUN echo "/mirror" > /etc/apk/repositories && apk update
+# set this as our repo but keep a copy of the upstream for downstream use
+RUN mv /etc/apk/repositories /etc/apk/repositories.upstream && echo "/mirror" > /etc/apk/repositories && apk update
 
 # add Go validation tools
 COPY go-compile.sh /go/bin/
@@ -41,6 +41,7 @@ RUN go get -u github.com/LK4D4/vndr
 FROM alpine:3.6
 
 COPY --from=mirror /etc/apk/repositories /etc/apk/repositories
+COPY --from=mirror /etc/apk/repositories.upstream /etc/apk/repositories.upstream
 COPY --from=mirror /etc/apk/keys /etc/apk/keys/
 COPY --from=mirror /mirror /mirror/
 COPY --from=mirror /go/bin /go/bin/

From 59e71c18213c09045ac8b9caff5419c7934a1086 Mon Sep 17 00:00:00 2001
From: Ian Campbell <ijc@docker.com>
Date: Fri, 14 Jul 2017 11:49:42 +0100
Subject: [PATCH 3/6] alpine: Record image has in versions file

Otherwise the only record is if the pusher happens to remember to put it in the
commit message (tollerable) or the github PR (not great).

Also add the same show-tag target as `pkg/package.mk` supports, although with a
very different implementation.

The actual hash is unchanged from the previous commit.

Signed-off-by: Ian Campbell <ijc@docker.com>
---
 tools/alpine/Makefile | 6 +++++-
 tools/alpine/versions | 1 +
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/tools/alpine/Makefile b/tools/alpine/Makefile
index 6769afad4..25624ba4d 100644
--- a/tools/alpine/Makefile
+++ b/tools/alpine/Makefile
@@ -6,6 +6,9 @@ BASE=alpine:3.6
 
 default: push
 
+show-tag:
+	@sed -n -e '1s/# \(.*\/.*:[0-9a-f]\{40\}\)/\1/p;q' versions
+
 hash: Dockerfile Makefile packages
 	DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
 	docker build --no-cache -t $(IMAGE):build .
@@ -15,7 +18,8 @@ push: hash
 	DOCKER_CONTENT_TRUST=1 docker pull $(ORG)/$(IMAGE):$(shell cat hash) || \
 		(docker tag $(IMAGE):build $(ORG)/$(IMAGE):$(shell cat hash) && \
 		 DOCKER_CONTENT_TRUST=1 docker push $(ORG)/$(IMAGE):$(shell cat hash))
-	docker run --rm $(IMAGE):build find /mirror -name '*.apk' -exec basename '{}' .apk \; | sort | (echo '# automatically generated list of installed packages'; cat -) > versions
+	echo "# $(ORG)/$(IMAGE):$(shell cat hash)" > versions
+	docker run --rm $(IMAGE):build find /mirror -name '*.apk' -exec basename '{}' .apk \; | sort | (echo '# automatically generated list of installed packages'; cat -) >> versions
 	docker rmi $(IMAGE):build
 	rm -f hash
 
diff --git a/tools/alpine/versions b/tools/alpine/versions
index b14adcee4..0fa55b7fa 100644
--- a/tools/alpine/versions
+++ b/tools/alpine/versions
@@ -1,3 +1,4 @@
+# linuxkit/alpine:3744607156e6b67e3e7d083b15be9e7722215e73
 # automatically generated list of installed packages
 abuild-3.0.0_rc2-r7
 alpine-baselayout-3.0.4-r0

From b79f677418ece3398e9b1c8911418269bee0828a Mon Sep 17 00:00:00 2001
From: Rolf Neugebauer <rolf.neugebauer@docker.com>
Date: Fri, 14 Jul 2017 14:52:54 +0100
Subject: [PATCH 4/6] build: Upda moby tool to the latest

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 357110f90..2fe8c69c3 100644
--- a/Makefile
+++ b/Makefile
@@ -20,7 +20,7 @@ endif
 
 PREFIX?=/usr/local/
 
-MOBY_COMMIT=4db06aa1732b44a8cadd9c8577df0aa5c716e701
+MOBY_COMMIT=a824287800b1871fde9859f5b2bd9009eaefa990
 MOBY_VERSION=0.0
 bin/moby: tmp_moby_bin.tar | bin
 	tar xf $<

From cbc8d4a21c53ee17d0286c647f1f3cc27de8a9a7 Mon Sep 17 00:00:00 2001
From: Rolf Neugebauer <rolf.neugebauer@docker.com>
Date: Thu, 13 Jul 2017 17:00:30 +0100
Subject: [PATCH 5/6] pkg: Add LCOW init package

This package build the init filesystem for LCOW (Linux Containers
on Windows) based on the instructions from:
https://github.com/Microsoft/opengcs.git

We also pull in a udhcpd config script from a specific version of
busybox which was the tip of master at the time this was added.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
---
 pkg/init-lcow/Dockerfile | 41 ++++++++++++++++++++++++++++++++++++++++
 pkg/init-lcow/Makefile   |  4 ++++
 2 files changed, 45 insertions(+)
 create mode 100644 pkg/init-lcow/Dockerfile
 create mode 100644 pkg/init-lcow/Makefile

diff --git a/pkg/init-lcow/Dockerfile b/pkg/init-lcow/Dockerfile
new file mode 100644
index 000000000..39cb751c8
--- /dev/null
+++ b/pkg/init-lcow/Dockerfile
@@ -0,0 +1,41 @@
+FROM linuxkit/alpine:3744607156e6b67e3e7d083b15be9e7722215e73 AS mirror
+RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/
+RUN apk add --no-cache --initdb -p /out \
+    alpine-baselayout \
+    busybox \
+    e2fsprogs \
+    musl
+RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache
+
+FROM linuxkit/alpine:3744607156e6b67e3e7d083b15be9e7722215e73 AS build
+RUN apk add --no-cache build-base curl git go musl-dev
+ENV GOPATH=/go PATH=$PATH:/go/bin
+ENV OPENGCS_COMMIT=4e4e6f28a03e974e6c32f00a91d51f9605821fdd
+RUN git clone https://github.com/Microsoft/opengcs.git /go/src/github.com/Microsoft/opengcs && \
+    cd /go/src/github.com/Microsoft/opengcs && \
+    git checkout $OPENGCS_COMMIT && \
+    cd service && \
+    make
+RUN mkdir /out && \
+    cp -r /go/src/github.com/Microsoft/opengcs/service/bin /out/bin && \
+    cp /go/src/github.com/Microsoft/opengcs/kernelconfig/4.11/scripts/init_script /out/init && \
+    chmod ugo+rx /out/init && \
+    mkdir /out/sbin && \
+    curl -fSL "https://raw.githubusercontent.com/mirror/busybox/38d966943f5288bb1f2e7219f50a92753c730b14/examples/udhcp/simple.script" -o /out/sbin/udhcpc_config.script && \
+    chmod ugo+rx /out/sbin/udhcpc_config.script && \
+    mkdir -p /out/root/integration && \
+    cp /go/src/github.com/Microsoft/opengcs/kernelconfig/4.11/prebuildSandbox.vhdx /out/root/integration/prebuildSandbox.vhdx
+
+# This d line below should be removed once
+# https://github.com/Microsoft/opengcs/issues/52 is addressed and then
+# runc should be added via the YAML file
+FROM linuxkit/runc:a0f2894e50bacbd1ff82be41edff8b8e06e0b161 AS runc
+
+FROM scratch
+ENTRYPOINT []
+CMD []
+WORKDIR /
+COPY --from=mirror /out/ /
+COPY --from=build /out/ /
+COPY --from=runc /usr/bin/runc /sbin/runc
+
diff --git a/pkg/init-lcow/Makefile b/pkg/init-lcow/Makefile
new file mode 100644
index 000000000..64157d26b
--- /dev/null
+++ b/pkg/init-lcow/Makefile
@@ -0,0 +1,4 @@
+IMAGE=init-lcow
+NETWORK=1
+
+include ../package.mk

From 5dca5db06b0cc62d047930a43d96e180a43a1188 Mon Sep 17 00:00:00 2001
From: Rolf Neugebauer <rolf.neugebauer@docker.com>
Date: Thu, 13 Jul 2017 17:27:59 +0100
Subject: [PATCH 6/6] blueprints: Add blueprint for LCOW

See the README for instructions on how to use

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
---
 blueprints/README.md | 12 ++++++++++++
 blueprints/lcow.yml  |  9 +++++++++
 2 files changed, 21 insertions(+)
 create mode 100644 blueprints/lcow.yml

diff --git a/blueprints/README.md b/blueprints/README.md
index 21a96ac71..cebbae73a 100644
--- a/blueprints/README.md
+++ b/blueprints/README.md
@@ -19,6 +19,7 @@ the [examples/](../examples/) directory.
 - Packet.net
 - ...
 
+
 ### Docker for Mac
 
 An initial blueprint for the open source components of Docker for Mac is available in [docker-for-mac](docker-for-mac). The blueprint has support for controlling `dockerd` from the host via `vsudd` and port forwarding with VPNKit. It requires HyperKit, VPNKit and a Docker client on the host to run. The easiest way to install these at the moment is to install a recent version of Docker for Mac.
@@ -42,3 +43,14 @@ $ docker -H unix://docker-for-mac-state/guest.00000947 ps
 CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
 ```
 
+### Linux Containers On Windows (LCOW)
+
+The [LCOW](./lcow.yml) file contains the blueprint for building a
+minimal Linux kernel and initrd for Linux Containers on
+Windows. Invoke it with `moby build lcow.yml` and you get a
+`lcow-kernel` and `lcow-initrd.img`. Rename `lcow-kernel` to
+`bootx64.efi` and `lcow-initrd.img` to `initrd.img` and then
+follow
+[these instructions](https://github.com/moby/moby/issues/33850). The
+process for creating the image is
+documented [here](https://github.com/Microsoft/opengcs).
diff --git a/blueprints/lcow.yml b/blueprints/lcow.yml
new file mode 100644
index 000000000..e2dc12e41
--- /dev/null
+++ b/blueprints/lcow.yml
@@ -0,0 +1,9 @@
+kernel:
+  image: linuxkit/kernel:4.11.9
+  cmdline: "console=ttyS0"
+  tar: none
+init:
+  - linuxkit/init-lcow:ae67df4c4cabb35aae06898cb94fe03972a172e9
+trust:
+  org:
+    - linuxkit