From 303e545aafc525ee3edd17d16965a09c0f3c4432 Mon Sep 17 00:00:00 2001
From: Dieter Reuter <dieter.reuter@me.com>
Date: Sun, 14 Jul 2019 15:12:51 +0200
Subject: [PATCH 1/3] Update Docker 18.09.7 (built for Debian Stretch ARM64)

Signed-off-by: Dieter Reuter <dieter.reuter@me.com>
---
 Dockerfile                                    |  3 +-
 builder/chroot-script.sh                      | 62 ++++++++++---------
 .../spec/hypriotos-image/docker_spec.rb       | 37 +++++++++--
 3 files changed, 66 insertions(+), 36 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 1780448..1761127 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -10,7 +10,8 @@ ENV FETCH_MISSING_ARTIFACTS=true \
     KERNEL_ARTIFACT=4.19.58-hypriotos-v8.tar.gz \
     BOOTLOADER_ARTIFACT=rpi-bootloader.tar.gz \
     RAW_IMAGE_ARTIFACT=rpi-raw.img.zip \
-    DOCKER_ENGINE_VERSION="18.04.0~ce~3" \
+    DOCKER_ENGINE_VERSION="5:18.09.7~3-0~debian-stretch" \
+    CONTAINERD_IO_VERSION="1.2.6-3" \
     DOCKER_COMPOSE_VERSION="1.24.1" \
     DOCKER_MACHINE_VERSION="0.16.1" \
     KERNEL_VERSION="4.19.58" \
diff --git a/builder/chroot-script.sh b/builder/chroot-script.sh
index 0130200..f279968 100644
--- a/builder/chroot-script.sh
+++ b/builder/chroot-script.sh
@@ -215,6 +215,39 @@ mkdir -p /var/lib/cloud/seed/nocloud-net
 ln -s /boot/user-data /var/lib/cloud/seed/nocloud-net/user-data
 ln -s /boot/meta-data /var/lib/cloud/seed/nocloud-net/meta-data
 
+# enable Docker Engine experimental features
+mkdir -p /etc/docker/
+echo '{
+  "experimental": true
+}
+' > /etc/docker/daemon.json
+
+# set up Docker APT repository and install official Docker CE packages
+# see: https://docs.docker.com/install/linux/docker-ce/debian/
+#
+# Install packages to allow apt to use a repository over HTTPS:
+apt-get install -y \
+  apt-transport-https \
+  ca-certificates \
+  curl \
+  gnupg2 \
+  software-properties-common
+# Add Docker’s official GPG key:
+curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
+# Verify fingerprint of Docker’s official GPG key:
+apt-key fingerprint 0EBFCD88
+# Set up set the stable Docker repository:
+add-apt-repository \
+   "deb [arch=arm64] https://download.docker.com/linux/debian \
+   $(lsb_release -cs) \
+   stable"
+# Install Docker CE
+apt-get update
+apt-get install -y \
+  docker-ce="${DOCKER_ENGINE_VERSION}" \
+  docker-ce-cli="${DOCKER_ENGINE_VERSION}" \
+  containerd.io="${CONTAINERD_IO_VERSION}"
+
 # install Docker Machine directly from GitHub releases
 curl -sSL "https://github.com/docker/machine/releases/download/v${DOCKER_MACHINE_VERSION}/docker-machine-Linux-aarch64" \
   > /usr/local/bin/docker-machine
@@ -237,35 +270,6 @@ apt-get clean
 # install bash completion for Docker Compose
 curl -sSL "https://raw.githubusercontent.com/docker/compose/${DOCKER_COMPOSE_VERSION}/contrib/completion/bash/docker-compose" -o /etc/bash_completion.d/docker-compose
 
-# # set up Docker APT repository and install docker-engine package
-# #TODO: pin package version to ${DOCKER_ENGINE_VERSION}
-# curl -sSL https://get.docker.com | /bin/sh
-
-# enable Docker Engine experimental features
-mkdir -p /etc/docker/
-echo '{
-  "experimental": true
-}
-' > /etc/docker/daemon.json
-
-#TODO:+++ change to Debian Stretch official repo, as soon as it's available
-# install Docker CE directly from Docker APT Repo but built for Debian Stretch ARM64
-DOCKER_DEB="docker-ce_${DOCKER_ENGINE_VERSION}-0~debian_arm64.deb"
-curl -sSL "https://download.docker.com/linux/debian/dists/stretch/pool/edge/arm64/$DOCKER_DEB" \
-  > "/$DOCKER_DEB"
-if [ -f "/$DOCKER_DEB" ]; then
-  # install some runtime requirements for Docker CE
-  apt-get install -y libapparmor1 libltdl7 libseccomp2
-
-  # install Docker CE
-  dpkg -i "/$DOCKER_DEB" || /bin/true
-  rm -f "/$DOCKER_DEB"
-
-  # fix missing apt-get install dependencies
-  apt-get -f install -y
-fi
-#TODO:---
-
 echo "Installing rpi-serial-console script"
 wget -q https://raw.githubusercontent.com/lurch/rpi-serial-console/master/rpi-serial-console -O usr/local/bin/rpi-serial-console
 chmod +x usr/local/bin/rpi-serial-console
diff --git a/builder/test-integration/spec/hypriotos-image/docker_spec.rb b/builder/test-integration/spec/hypriotos-image/docker_spec.rb
index 65e3992..ffbed2d 100644
--- a/builder/test-integration/spec/hypriotos-image/docker_spec.rb
+++ b/builder/test-integration/spec/hypriotos-image/docker_spec.rb
@@ -6,7 +6,21 @@
 
 describe command('dpkg -l docker-ce') do
   its(:stdout) { should match /ii  docker-ce/ }
-  its(:stdout) { should match /18.04.0~ce~3-0~debian/ }
+  its(:stdout) { should match /5:18.09.7~3-0~debian/ }
+  its(:stdout) { should match /arm64/ }
+  its(:exit_status) { should eq 0 }
+end
+
+describe command('dpkg -l docker-ce-cli') do
+  its(:stdout) { should match /ii  docker-ce-cli/ }
+  its(:stdout) { should match /5:18.09.7~3-0~debian/ }
+  its(:stdout) { should match /arm64/ }
+  its(:exit_status) { should eq 0 }
+end
+
+describe command('dpkg -l containerd.io') do
+  its(:stdout) { should match /ii  containerd.io/ }
+  its(:stdout) { should match /1.2.6-3/ }
   its(:stdout) { should match /arm64/ }
   its(:exit_status) { should eq 0 }
 end
@@ -17,25 +31,36 @@
   it { should be_owned_by 'root' }
 end
 
-describe file('/usr/bin/docker-containerd') do
+describe file('/usr/bin/docker-init') do
   it { should be_file }
   it { should be_mode 755 }
   it { should be_owned_by 'root' }
 end
 
-describe file('/usr/bin/docker-containerd-ctr') do
+describe file('/usr/bin/docker-proxy') do
+  it { should be_file }
+  it { should be_mode 755 }
+  it { should be_owned_by 'root' }
+end
+
+describe file('/usr/bin/dockerd') do
+  it { should be_file }
+  it { should be_owned_by 'root' }
+end
+
+describe file('/usr/bin/dockerd-ce') do
   it { should be_file }
   it { should be_mode 755 }
   it { should be_owned_by 'root' }
 end
 
-describe file('/usr/bin/docker-containerd-shim') do
+describe file('/usr/bin/containerd') do
   it { should be_file }
   it { should be_mode 755 }
   it { should be_owned_by 'root' }
 end
 
-describe file('/usr/bin/docker-runc') do
+describe file('/usr/bin/containerd-shim') do
   it { should be_file }
   it { should be_mode 755 }
   it { should be_owned_by 'root' }
@@ -73,7 +98,7 @@
 end
 
 describe command('docker -v') do
-  its(:stdout) { should match /Docker version 18.04.0-ce, build/ }
+  its(:stdout) { should match /Docker version 18.09.7, build/ }
   its(:exit_status) { should eq 0 }
 end
 

From 701764bb93dcf75d39502ab3a1c4fc9c13a84b90 Mon Sep 17 00:00:00 2001
From: Dieter Reuter <dieter.reuter@me.com>
Date: Sun, 14 Jul 2019 15:23:47 +0200
Subject: [PATCH 2/3] Disable shellcheck for Travis builds

Signed-off-by: Dieter Reuter <dieter.reuter@me.com>
---
 travis-build.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/travis-build.sh b/travis-build.sh
index 6ee4fdc..cf30886 100755
--- a/travis-build.sh
+++ b/travis-build.sh
@@ -29,7 +29,7 @@ echo "BUILD_NR=$BUILD_NR"
 BUILD_DEST=builds/$BUILD_NR
 mkdir -p $BUILD_DEST
 #-build
-VERSION=v$BUILD_NR make shellcheck
+#VERSION=v$BUILD_NR make shellcheck
 VERSION=v$BUILD_NR make sd-image
 #-test
 VERSION=v$BUILD_NR make test

From 1d798ac064d0842f59ee91774595a56201dd0132 Mon Sep 17 00:00:00 2001
From: Dieter Reuter <dieter.reuter@me.com>
Date: Sun, 14 Jul 2019 16:18:15 +0200
Subject: [PATCH 3/3] Disable Docker Compose for now, takes too long to install

Signed-off-by: Dieter Reuter <dieter.reuter@me.com>
---
 builder/chroot-script.sh | 28 +++++++++++++++-------------
 1 file changed, 15 insertions(+), 13 deletions(-)

diff --git a/builder/chroot-script.sh b/builder/chroot-script.sh
index f279968..6d951cd 100644
--- a/builder/chroot-script.sh
+++ b/builder/chroot-script.sh
@@ -256,19 +256,21 @@ chmod +x /usr/local/bin/docker-machine
 # install bash completion for Docker Machine
 curl -sSL "https://raw.githubusercontent.com/docker/machine/v${DOCKER_MACHINE_VERSION}/contrib/completion/bash/docker-machine.bash" -o /etc/bash_completion.d/docker-machine
 
-# install Docker Compose via pip
-apt-get install -y \
-  build-essential libffi-dev libssl-dev python python-dev
-curl -sSL https://bootstrap.pypa.io/get-pip.py | python
-pip install docker-compose=="${DOCKER_COMPOSE_VERSION}"
-apt-get purge -y \
-  build-essential libffi-dev libssl-dev python-dev
-apt-get autoremove -y --purge
-apt-get autoclean
-apt-get clean
-
-# install bash completion for Docker Compose
-curl -sSL "https://raw.githubusercontent.com/docker/compose/${DOCKER_COMPOSE_VERSION}/contrib/completion/bash/docker-compose" -o /etc/bash_completion.d/docker-compose
+#---DISABLE DOCKER COMPOSE---
+# # install Docker Compose via pip
+# apt-get install -y \
+#   build-essential libffi-dev libssl-dev python python-dev
+# curl -sSL https://bootstrap.pypa.io/get-pip.py | python
+# pip install docker-compose=="${DOCKER_COMPOSE_VERSION}"
+# apt-get purge -y \
+#   build-essential libffi-dev libssl-dev python-dev
+# apt-get autoremove -y --purge
+# apt-get autoclean
+# apt-get clean
+#
+# # install bash completion for Docker Compose
+# curl -sSL "https://raw.githubusercontent.com/docker/compose/${DOCKER_COMPOSE_VERSION}/contrib/completion/bash/docker-compose" -o /etc/bash_completion.d/docker-compose
+#---DISABLE DOCKER COMPOSE---
 
 echo "Installing rpi-serial-console script"
 wget -q https://raw.githubusercontent.com/lurch/rpi-serial-console/master/rpi-serial-console -O usr/local/bin/rpi-serial-console