contrib: Move scripts for foreign kernels to contrib

Also adjust the kernel docs to point to the new location.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>

contrib/docker-for-mac/README.md

@@ -0,0 +1,49 @@
+# Blueprints
+
+This directory will contain the blueprints for base systems on the platforms that we support with LinuxKit.
+
+These will be used for running tests, and for the low level parts of blueprints for higher level systems.
+
+These include all the platforms that Docker has editions on, and all platforms that our community supports.
+The detailed blueprints will be addded soon for at least the following platforms. There are WIP versions in
+the [examples/](../examples/) directory.
+
+- MacOS
+- Windows Hyper-V
+- VMWare
+- KVM
+- AWS
+- Azure
+- GCP
+- BlueMix
+- Packet.net
+- ...
+
+
+### Docker for Mac
+
+An initial blueprint for the open source components of Docker for Mac is available in [docker-for-mac](docker-for-mac). The blueprint has support for controlling `dockerd` from the host via `vsudd` and port forwarding with VPNKit. It requires HyperKit, VPNKit and a Docker client on the host to run. The easiest way to install these at the moment is to install a recent version of Docker for Mac.
+
+To build it with the latest Docker CE:
+
+```
+$ linuxkit build -name docker-for-mac base.yml docker-ce.yml
+```
+
+To run the VM with a 4G disk:
+
+```
+linuxkit run hyperkit -networking=vpnkit -vsock-ports=2376 -disk size=4096M -data-file ./metadata.json docker-for-mac
+```
+
+In another terminal you should now be able to access docker via the socket `guest.00000947` in the state directory (`docker-for-mac-state/` by default):
+
+```
+$ docker -H unix://docker-for-mac-state/guest.00000948 ps
+CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
+```
+
+### Linux Containers On Windows (LCOW)
+
+The LCOW blueprint has moved to [its own
+repository](https://github.com/linuxkit/lcow).

contrib/docker-for-mac/base.yml

@@ -0,0 +1,85 @@
+# This is a blueprint for building the open source components of Docker for Mac
+kernel:
+  image: linuxkit/kernel:4.9.77
+  cmdline: "console=ttyS0 page_poison=1"
+init:
+  - linuxkit/vpnkit-expose-port:728e5fe9e6b818d9825b28826b929ae75a386e9e # install vpnkit-expose-port and vpnkit-iptables-wrapper on host
+  - linuxkit/init:be8756f0a6005279d2409a8790b4dd8b2ac11df9
+  - linuxkit/runc:7b15b00b4e3507d62e3ed8d44dfe650561cd35ff
+  - linuxkit/containerd:78706a05d00a7385ff2b6b7db280041338e4b34a
+  - linuxkit/ca-certificates:de21b84d9b055ad9dcecc57965b654a7a24ef8e0
+onboot:
+  # support metadata for optional config in /run/config
+  - name: metadata
+    image: linuxkit/metadata:9b288a0b461a3dbc584d126f3d4c54b4d588e557
+  - name: sysctl
+    image: linuxkit/sysctl:4d6cdb119b1e6b0606b35a2f6b28edf5088beb12
+  - name: sysfs
+    image: linuxkit/sysfs:1284b4a7061a5cc426425f0fb00748192505a05f
+  - name: binfmt
+    image: linuxkit/binfmt:4b1d7a8dab03c09855fb4b6060a42b2294674b47
+  # Format and mount the disk image in /var/lib/docker
+  - name: format
+    image: linuxkit/format:5a1140cb65e733f26de727fa684fef1326e9d5ab
+  - name: mount
+    image: linuxkit/mount:3c37d46558c794e8535daa805e7037cb8e82c141
+    command: ["/usr/bin/mountie", "/var/lib"]
+  # make a swap file on the mounted disk
+  - name: swap
+    image: linuxkit/swap:b3d5db11b14168874a01b5ea4398186321be836f
+    command: ["/swap.sh", "--path", "/var/lib/swap", "--size", "1024M"]
+  # mount-vpnkit mounts the 9p share used by vpnkit to coordinate port forwarding
+  - name: mount-vpnkit
+    image: alpine:3.7
+    binds:
+        - /var/:/host_var:rbind,rshared
+    capabilities:
+        - CAP_SYS_ADMIN
+    rootfsPropagation: shared
+    command: ["sh", "-c", "mkdir -p /host_var/vpnkit/port && mount -v -t 9p -o trans=virtio,dfltuid=1001,dfltgid=50,version=9p2000 port /host_var/vpnkit"]
+  # move logs to the mounted disk (this is a temporary fix until we can limit the log sizes)
+  - name: move-logs
+    image: alpine:3.7
+    binds:
+        - /var:/host_var
+    command: ["sh", "-c", "mv -v /host_var/log /host_var/lib && ln -vs /var/lib/log /host_var/log"]
+  - name: dhcpcd
+    image: linuxkit/dhcpcd:0d59a6cc03412289ef4313f2491ec666c1715cc9
+    command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
+services:
+  # Enable acpi to shutdown on power events
+  - name: acpid
+    image: linuxkit/acpid:fa37afe931844fb834e1906ec244d13b031741b9
+  # Enable getty for easier debugging
+  - name: getty
+    image: linuxkit/getty:22e27189b6b354e1d5d38fc0536a5af3f2adb79f
+    env:
+        - INSECURE=true
+  # Run ntpd to keep time synchronised in the VM
+  - name: ntpd
+    image: linuxkit/openntpd:536e5947607c9e6a6771957c2ff817230cba0d3c
+  # VSOCK to unix domain socket forwarding. Forwards guest /var/run/docker.sock
+  # to a socket on the host.
+  - name: vsudd
+    image: linuxkit/vsudd:e4e8de4d4fae94e851fbf3d5a0455d766747ac2b
+    binds:
+        - /var/run:/var/run
+    command: ["/vsudd", "-inport", "2376:unix:/var/run/docker.sock"]
+  # vpnkit-forwarder forwards network traffic to/from the host via VSOCK port 62373. 
+  # It needs access to the vpnkit 9P coordination share 
+  - name: vpnkit-forwarder
+    image: linuxkit/vpnkit-forwarder:89b97912eb8eb14acbf9f6304a92aa366e59d49e
+    binds:
+        - /var/vpnkit:/port
+    net: host
+    command: ["/vpnkit-forwarder", "-vsockPort", "62373"]
+  # Monitor for image deletes and invoke a TRIM on the container filesystem
+  - name: trim-after-delete
+    image: linuxkit/trim-after-delete:5dad8b705f9c0ab2bb7e43a8cada06f3422feb54
+  # When the host resumes from sleep, force a clock resync
+  - name: host-timesync-daemon
+    image: linuxkit/host-timesync-daemon:085e1910de6f311f96a823eaa10ffd6d92ec9679
+
+trust:
+    org:
+        - linuxkit

contrib/docker-for-mac/docker-ce.yml

@@ -0,0 +1,31 @@
+services:
+  # Run dockerd with the vpnkit userland proxy from the vpnkit-forwarder container.
+  # Bind mounts /var/run to allow vsudd to connect to docker.sock, /var/vpnkit
+  # for vpnkit coordination and /run/config/docker for the configuration file.
+  - name: docker-dfm
+    image: docker:17.07.0-ce-dind
+    capabilities:
+     - all
+    net: host
+    mounts:
+     - type: cgroup
+       options: ["rw","nosuid","noexec","nodev","relatime"]
+    binds:
+     - /etc/resolv.conf:/etc/resolv.conf
+     - /var/lib/docker:/var/lib/docker
+     - /lib/modules:/lib/modules
+     - /var/vpnkit:/port # vpnkit control 9p mount
+     - /var/run:/var/run
+     - /run/config/docker:/var/config/docker
+     - /usr/bin/vpnkit-expose-port:/usr/bin/vpnkit-expose-port # userland proxy
+     - /usr/bin/vpnkit-iptables-wrapper:/usr/bin/iptables # iptables wrapper 
+    command: [ "/usr/local/bin/docker-init", "/usr/local/bin/dockerd", "--",
+            "--config-file", "/var/config/docker/daemon.json",
+            "--swarm-default-advertise-addr=eth0",
+            "--userland-proxy-path", "/usr/bin/vpnkit-expose-port",
+            "--storage-driver", "overlay2" ]
+    runtime:
+      mkdir: ["/var/lib/docker"]
+trust:
+    org:
+        - library

contrib/docker-for-mac/metadata.json

@@ -0,0 +1,10 @@
+{
+  "docker": {
+    "entries": {
+      "daemon.json": {
+        "perm": "0644",
+        "content": "{ \"debug\": true }"
+      }
+    }
+  }
+}

contrib/foreign-kernels/Dockerfile.deb

@@ -0,0 +1,27 @@
+FROM alpine:3.7 AS extract
+
+ARG DEB_URLS
+
+RUN apk add --no-cache curl dpkg tar && true
+WORKDIR /deb
+RUN mkdir extract
+RUN for url in ${DEB_URLS}; do \
+        echo "Extracting: $url"; \
+        curl -fsSL -o dl.deb $url && \
+        dpkg-deb -x dl.deb . ;\
+    done
+
+RUN for d in lib/modules/*; do depmod -b . $(basename $d); done
+
+RUN mkdir /out
+RUN cp -a boot/vmlinuz-* /out/kernel
+RUN cp -a boot/config-* /out/kernel_config
+RUN cp -a boot/System.map-* /out/System.map
+RUN tar cf /out/kernel.tar lib
+RUN tar cf /out/kernel-dev.tar usr || true
+
+FROM scratch
+WORKDIR /
+ENTRYPOINT []
+CMD []
+COPY --from=extract /out/* /

contrib/foreign-kernels/Dockerfile.rpm

@@ -0,0 +1,28 @@
+FROM alpine:3.7 AS extract
+
+ARG RPM_URLS
+
+RUN apk add --no-cache curl rpm tar && true
+WORKDIR /rpm
+RUN mkdir extract
+RUN for url in ${RPM_URLS}; do \
+        echo "Extracting: $url"; \
+        curl -fsSL -o dl.rpm $url && \
+        rpm2cpio dl.rpm | cpio -idm ;\
+    done
+
+RUN for d in lib/modules/*; do depmod -b . $(basename $d); done
+
+RUN mkdir /out
+# With some fedora rpms, the kernel and system map are in modules directory
+RUN cp -a boot/vmlinuz-* /out/kernel || mv lib/modules/*/vmlinuz /out/kernel
+RUN cp -a boot/config-* /out/kernel_config || mv lib/modules/*/config /out/kernel_config
+RUN cp -a boot/System.map-* /out/System.map || mv lib/modules/*/System.map /out/System.map
+RUN tar cf /out/kernel.tar lib
+RUN tar cf /out/kernel-dev.tar usr || true
+
+FROM scratch
+WORKDIR /
+ENTRYPOINT []
+CMD []
+COPY --from=extract /out/* /

contrib/foreign-kernels/README.md

@@ -0,0 +1,31 @@
+# Using "foreign" kernels
+
+This directory contains a number of scripts to re-package other
+distributions kernels into a LinuxKit kernel package. The scripts
+download the relevant `rpm`s or `deb`s and create a local docker image
+which can be used in LinuxKit. You can optionally push the package to
+hub, if you like.
+
+All scripts take slightly different command line arguments (which
+could be improved) as each distribution uses different naming
+conventions and repository layouts.
+
+## Example
+
+To build a package using the `4.14.11` from the mainline [ppa
+repository](http://kernel.ubuntu.com/~kernel-ppa/mainline), first
+build the package:
+
+```sh
+./mainline.sh foobar/kernel-mainline v4.14.11 041411 201801022143
+```
+
+Here `v4.14.11` is the sub-directory of the [ppa
+repository](http://kernel.ubuntu.com/~kernel-ppa/mainline), `041411`
+seems to be another version used in the name of the `deb`s, and
+`201801022143` is the date. You can find the names by browsing the
+[ppa repository](http://kernel.ubuntu.com/~kernel-ppa/mainline).
+
+
+The result is a local image `foobar/kernel-mainline:4.14.11`, which
+can be used in a YAML file like a normal LinuxKit kernel image.

contrib/foreign-kernels/centos.sh

@@ -0,0 +1,25 @@
+#! /bin/sh
+
+if [ "$#" -ne 3 ]; then
+    echo "Usage: $0 <org/repo> <base url> <kernel version>"
+    echo
+    echo "Example:"
+    echo "$0 foobar/kernel-centos http://mirror.centos.org/centos/7/os/x86_64/Packages 3.10.0-693.el7"
+    echo
+    echo "This will create a local LinuxKit kernel package:"
+    echo "foobar/kernel-centos:3.10.0-693.el7"
+    echo "which you can then push to hub or just use locally"
+    exit 1
+fi
+
+REPO=$1
+URL=$2
+VER=$3
+ARCH=x86_64
+
+KERNEL_RPM="$URL/kernel-$VER.$ARCH.rpm"
+HEADERS_RPM="$URL/kernel-headers-$VER.$ARCH.rpm"
+
+RPM_URLS="$KERNEL_RPM $HEADERS_RPM"
+
+docker build -t "$REPO:$VER" -f Dockerfile.rpm --no-cache --build-arg RPM_URLS="$RPM_URLS" .

contrib/foreign-kernels/debian.sh

@@ -0,0 +1,30 @@
+#! /bin/sh
+
+if [ "$#" -ne 3 ]; then
+    echo "Usage: $0 <org/repo> <ABI version> <kernel version>"
+    echo
+    echo "Example:"
+    echo "$0 foobar/kernel-debian 4.14.0-2 4.14.7-1"
+    echo
+    echo "This will create a local LinuxKit kernel package:"
+    echo "foobar/kernel-debian:4.14.7-1"
+    echo "which you can then push to hub or just use locally"
+    exit 1
+fi
+
+# List all available kernels with:
+# curl -s http://mirrors.kernel.org/debian/pool/main/l/linux/ | sed -n 's/.*href="\([^"]*\).*/\1/p' | grep -o "linux-image-[0-9]\.[0-9]\+\.[0-9]\+-[0-9]\+-amd64[^ ]\+_amd64\.deb
+
+REPO=$1
+VER1=$2
+VER2=$3
+URL=http://mirrors.kernel.org/debian/pool/main/l/linux
+ARCH=amd64
+
+KERNEL_DEB="${URL}/linux-image-${VER1}-${ARCH}_${VER2}_${ARCH}.deb"
+HEADERS_DEB="${URL}/linux-headers-${VER1}-${ARCH}_${VER2}_${ARCH}.deb"
+HEADERS_ALL_DEB="${URL}/linux-headers-${VER1}-all_${VER2}_${ARCH}.deb"
+
+DEB_URLS="${KERNEL_DEB} ${HEADERS_DEB} ${HEADERS_ALL_DEB}"
+
+docker build -t "${REPO}:${VER2}" -f Dockerfile.deb --no-cache --build-arg DEB_URLS="${DEB_URLS}" .

contrib/foreign-kernels/fedora.sh

@@ -0,0 +1,28 @@
+#! /bin/sh
+
+if [ "$#" -ne 3 ]; then
+    echo "Usage: $0 <org/repo> <base url> <kernel version>"
+    echo
+    echo "Example:"
+    echo "$0 foobar/kernel-fedora http://mirrors.kernel.org/fedora/releases/27/Everything/x86_64/os/Packages/k/ 4.13.9-300.fc27"
+    echo
+    echo "This will create a local LinuxKit kernel package:"
+    echo "foobar/kernel-fedora:4.13.9-300.fc27"
+    echo "which you can then push to hub or just use locally"
+    exit 1
+fi
+
+REPO=$1
+URL=$2
+VER=$3
+ARCH=x86_64
+
+KERNEL_RPM="$URL/kernel-$VER.$ARCH.rpm"
+CORE_RPM="$URL/kernel-core-$VER.$ARCH.rpm"
+MOD_RPM="$URL/kernel-modules-$VER.$ARCH.rpm"
+MOD_EXTRA_RPM="$URL/kernel-modules-extra-$VER.$ARCH.rpm"
+HEADERS_RPM="$URL/kernel-headers-$VER.$ARCH.rpm"
+
+RPM_URLS="$KERNEL_RPM $CORE_RPM $MOD_RPM $MOD_EXTRA_RPM $HEADERS_RPM"
+
+docker build -t "$REPO:$VER" -f Dockerfile.rpm --no-cache --build-arg RPM_URLS="$RPM_URLS" .

contrib/foreign-kernels/mainline.sh

@@ -0,0 +1,31 @@
+#! /bin/sh
+
+if [ "$#" -ne 4 ]; then
+    echo "Usage: $0 <org/repo> <base url> <kernel version> <version> <date>"
+    echo
+    echo "Example:"
+    echo "$0 foobar/kernel-mainline v4.14.11 041411 201801022143"
+    echo
+    echo "This will create a local LinuxKit kernel package:"
+    echo "foobar/kernel-mainline:4.14.11"
+    echo "which you can then push to hub or just use locally"
+    exit 1
+fi
+
+REPO=$1
+VER=$2
+VER1=$3
+DATE=$4
+BASE_URL=http://kernel.ubuntu.com/~kernel-ppa/mainline
+ARCH=amd64
+# Strip leading 'v'
+KVER=${VER:1}
+URL="${BASE_URL}/${VER}"
+
+KERNEL_DEB="${URL}/linux-image-${KVER}-${VER1}-generic_${KVER}-${VER1}.${DATE}_${ARCH}.deb"
+HEADERS_DEB="${URL}/linux-headers-${KVER}-${VER1}-generic_${KVER}-${VER1}.${DATE}_${ARCH}.deb"
+HEADERS_ALL_DEB="${URL}/linux-headers-${KVER}-${VER1}_${KVER}-${VER1}.${DATE}_all.deb"
+
+DEB_URLS="${KERNEL_DEB} ${HEADERS_DEB} ${HEADERS_ALL_DEB}"
+
+docker build -t "${REPO}:${KVER}" -f Dockerfile.deb --no-cache --build-arg DEB_URLS="${DEB_URLS}" .

contrib/foreign-kernels/ubuntu.sh

@@ -0,0 +1,31 @@
+#! /bin/sh
+
+if [ "$#" -ne 3 ]; then
+    echo "Usage: $0 <org/repo> <kernel version> <sub version>"
+    echo
+    echo "Example:"
+    echo "$0 foobar/kernel-ubuntu 4.14.0-13 15"
+    echo
+    echo "This will create a local LinuxKit kernel package:"
+    echo "foobar/kernel-ubuntu:4.14.0-13.15"
+    echo "which you can then push to hub or just use locally"
+    exit 1
+fi
+
+# List all available kernels with:
+# curl -s http://mirrors.kernel.org/ubuntu/pool/main/l/linux/ | sed -n 's/.*href="\([^"]*\).*/\1/p' | grep -o "linux-image-[0-9]\.[0-9]\+\.[0-9]\+-[0-9]\+-generic_[^ ]\+amd64\.deb"
+
+REPO=$1
+VER1=$2
+VER2=$3
+URL=http://mirrors.kernel.org/ubuntu/pool/main/l/linux
+ARCH=amd64
+
+KERNEL_DEB="${URL}/linux-image-${VER1}-generic_${VER1}.${VER2}_${ARCH}.deb"
+KERNEL_EXTRA_DEB="${URL}/linux-image-extra-${VER1}-generic_${VER1}.${VER2}_${ARCH}.deb"
+HEADERS_DEB="${URL}/linux-headers-${VER1}-generic_${VER1}.${VER2}_${ARCH}.deb"
+HEADERS_ALL_DEB="${URL}/linux-headers-${VER1}_${VER1}.${VER2}_all.deb"
+
+DEB_URLS="${KERNEL_DEB} ${KERNEL_EXTRA_DEB} ${HEADERS_DEB} ${HEADERS_ALL_DEB}"
+
+docker build -t "${REPO}:${VER1}.${VER2}" -f Dockerfile.deb --no-cache --build-arg DEB_URLS="${DEB_URLS}" .