From 8edfa0abf8bf5a6f34b8266f81580f6aabecde5a Mon Sep 17 00:00:00 2001
From: Ying Xie <ying.xie@microsoft.com>
Date: Wed, 2 Jan 2019 18:09:57 +0000
Subject: [PATCH 1/2] [docker] Upgrade docker engine to docker-ce 18.09.0~3-0

- Initially install docker 1.11.1 for docker image loading. 1.11.1
  doesn't require docker service running in target filesystem root
  to load images. The latest version supports so is 1.12.2-0.
- After all docker images have been loaded, upgrade docker engine to
  docker ce 18.09.0~3-0. Also due to the complicity of chroot
  installation. Removing docker-engine.prerm is needed for successful
  uninstall of version 1.11.1.
- New version deprecated docker daemon sub-command, using dockerd
  instead. (Deprecated 1.13.0 and removed in 17.12).
- dockerd -H fd:// doesn't work. Change to -H unix://.

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
---
 ThirdPartyLicenses.txt           |  2 +-
 build_debian.sh                  | 63 ++++++++++++++++++++++++++------
 files/docker/docker.service.conf |  2 +-
 3 files changed, 54 insertions(+), 13 deletions(-)

diff --git a/ThirdPartyLicenses.txt b/ThirdPartyLicenses.txt
index 376506337e79..89aa5e8f7f33 100644
--- a/ThirdPartyLicenses.txt
+++ b/ThirdPartyLicenses.txt
@@ -977,7 +977,7 @@ Microsoft is offering you a license to use the following components, to the exte
  * <http://www.gnu.org/philosophy/why-not-lgpl.html>.
  */
 
-4. apt-clean, apt-gzip-indexes, apt-no-languages imported from docker v1.11.1
+4. apt-clean, apt-gzip-indexes, apt-no-languages imported from docker ce 18.09.0~3-0
 /*
  *                                 Apache License
  *                           Version 2.0, January 2004
diff --git a/build_debian.sh b/build_debian.sh
index b4384113a114..c4430de8a876 100755
--- a/build_debian.sh
+++ b/build_debian.sh
@@ -10,6 +10,35 @@
 ##   PASSWORD
 ##          The password, expected by chpasswd command
 
+function install_docker_deb()
+{
+    url=$1
+    docker_deb_temp=`mktemp`
+    trap_push "rm -f $docker_deb_temp"
+    wget $url -qO $docker_deb_temp
+    sudo dpkg --root=$FILESYSTEM_ROOT -i $docker_deb_temp || \
+        sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f
+}
+
+function upgrade_docker_deb()
+{
+    url=$1
+    docker_deb_temp=`mktemp`
+    trap_push "rm -f $docker_deb_temp"
+    wget $url -qO $docker_deb_temp
+    sudo dpkg --force-conflicts --force-overwrite --root=$FILESYSTEM_ROOT -i $docker_deb_temp
+}
+
+function prepare_docker_upgrade()
+{
+    ## This upgrade preparation is very verion speific. Because we are chroot'ing
+    ## to create installer image. The docker service is not really running in the
+    ## target file system root. Removing docker-engine.prerm will avoid stopping
+    ## the never-started service and failing.
+    sudo LANG=C rm $FILESYSTEM_ROOT/var/lib/dpkg/info/docker-engine.prerm
+    sudo dpkg --root=$FILESYSTEM_ROOT -r docker-engine
+}
+
 ## Default user
 [ -n "$USERNAME" ] || {
     echo "Error: no or empty USERNAME"
@@ -29,7 +58,9 @@
 set -x -e
 
 ## docker engine version (with platform)
-DOCKER_VERSION=1.11.1-0~stretch_amd64
+DOCKER_INIT_VERSION=1.11.1-0~stretch_amd64
+CONTAINERD_VERSION=1.2.0-1_amd64
+DOCKER_VERSION=18.09.0~3-0~debian-stretch_amd64
 LINUX_KERNEL_VERSION=4.9.0-8
 
 ## Working directory to prepare the file system
@@ -159,17 +190,12 @@ echo '[INFO] Install docker'
 ## Install apparmor utils since they're missing and apparmor is enabled in the kernel
 ## Otherwise Docker will fail to start
 sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install apparmor
-docker_deb_url=https://apt.dockerproject.org/repo/pool/main/d/docker-engine/docker-engine_${DOCKER_VERSION}.deb
-docker_deb_temp=`mktemp`
-trap_push "rm -f $docker_deb_temp"
-wget $docker_deb_url -qO $docker_deb_temp
-sudo dpkg --root=$FILESYSTEM_ROOT -i $docker_deb_temp || \
-    sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f
 
-## Add docker config drop-in to select aufs, otherwise it may select other storage driver
-sudo mkdir -p $FILESYSTEM_ROOT/etc/systemd/system/docker.service.d/
-## Note: $_ means last argument of last command
-sudo cp files/docker/docker.service.conf $_
+## Install lower version docker to load docker images into target installer.
+## The higher version docker requires docker daemon running in order to load
+## docker images. Which is not possible with chroot.
+docker_deb_url=https://apt.dockerproject.org/repo/pool/main/d/docker-engine/docker-engine_${DOCKER_INIT_VERSION}.deb
+install_docker_deb ${docker_deb_url}
 
 ## Create default user
 ## Note: user should be in the group with the same name, and also in sudo/docker group
@@ -375,6 +401,21 @@ if [ -f sonic_debian_extension.sh ]; then
     ./sonic_debian_extension.sh $FILESYSTEM_ROOT $PLATFORM_DIR
 fi
 
+## Upgrade docker to target version. Docker images are loaded by
+## sonic_debian_extension.sh
+prepare_docker_upgrade
+containerd_deb_url=https://download.docker.com/linux/debian/dists/stretch/pool/stable/amd64/containerd.io_${CONTAINERD_VERSION}.deb
+upgrade_docker_deb ${containerd_deb_url}
+docker_cli_deb_url=https://download.docker.com/linux/debian/dists/stretch/pool/stable/amd64/docker-ce-cli_${DOCKER_VERSION}.deb
+upgrade_docker_deb ${docker_cli_deb_url}
+docker_deb_url=https://download.docker.com/linux/debian/dists/stretch/pool/stable/amd64/docker-ce_${DOCKER_VERSION}.deb
+upgrade_docker_deb ${docker_deb_url}
+
+## Add docker config drop-in to select aufs, otherwise it may select other storage driver
+sudo mkdir -p $FILESYSTEM_ROOT/etc/systemd/system/docker.service.d/
+## Note: $_ means last argument of last command
+sudo cp files/docker/docker.service.conf $_
+
 ## Organization specific extensions such as Configuration & Scripts for features like AAA, ZTP...
 if [ "${enable_organization_extensions}" = "y" ]; then
    if [ -f files/build_templates/organization_extensions.sh ]; then
diff --git a/files/docker/docker.service.conf b/files/docker/docker.service.conf
index b124d94f70d1..38895d5c5a28 100644
--- a/files/docker/docker.service.conf
+++ b/files/docker/docker.service.conf
@@ -1,3 +1,3 @@
 [Service]
 ExecStart=
-ExecStart=/usr/bin/docker daemon -H fd:// --storage-driver=overlay --bip=240.127.1.1/24  --iptables=false
+ExecStart=/usr/bin/dockerd -H unix:// --storage-driver=overlay --bip=240.127.1.1/24  --iptables=false

From d2ea110cf5aca82407cb74e636b41959add514a2 Mon Sep 17 00:00:00 2001
From: Ying Xie <ying.xie@microsoft.com>
Date: Fri, 4 Jan 2019 05:07:11 +0000
Subject: [PATCH 2/2] address review comment

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
---
 ThirdPartyLicenses.txt | 2 +-
 build_debian.sh        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/ThirdPartyLicenses.txt b/ThirdPartyLicenses.txt
index 89aa5e8f7f33..376506337e79 100644
--- a/ThirdPartyLicenses.txt
+++ b/ThirdPartyLicenses.txt
@@ -977,7 +977,7 @@ Microsoft is offering you a license to use the following components, to the exte
  * <http://www.gnu.org/philosophy/why-not-lgpl.html>.
  */
 
-4. apt-clean, apt-gzip-indexes, apt-no-languages imported from docker ce 18.09.0~3-0
+4. apt-clean, apt-gzip-indexes, apt-no-languages imported from docker v1.11.1
 /*
  *                                 Apache License
  *                           Version 2.0, January 2004
diff --git a/build_debian.sh b/build_debian.sh
index c4430de8a876..134a66493636 100755
--- a/build_debian.sh
+++ b/build_debian.sh
@@ -31,7 +31,7 @@ function upgrade_docker_deb()
 
 function prepare_docker_upgrade()
 {
-    ## This upgrade preparation is very verion speific. Because we are chroot'ing
+    ## This upgrade preparation is very verion specific. Because we are chroot'ing
     ## to create installer image. The docker service is not really running in the
     ## target file system root. Removing docker-engine.prerm will avoid stopping
     ## the never-started service and failing.