Upgrade to Docker 18.02

Dockerfile

@@ -1,11 +1,10 @@
 # Inspired by https://github.com/mumoshu/dcind
-FROM alpine:3.7
+FROM docker:dind
 
 LABEL maintainer.1="André Hähnel <[email protected]>" \
       maintainer.2="Sebastian Mendel <[email protected]>"
 
-ENV DOCKER_VERSION=17.05.0-ce \
-    DOCKER_COMPOSE_VERSION=1.19.0 \
+ENV DOCKER_COMPOSE_VERSION=1.19.0 \
     ENTRYKIT_VERSION=0.4.0
 
 # Install Docker and Docker Compose
@@ -19,10 +18,7 @@ RUN apk --update --no-cache add \
     py-pip \
     redis \
  && apk upgrade \
- && curl https://get.docker.com/builds/Linux/x86_64/docker-${DOCKER_VERSION}.tgz | tar zx \
- && mv /docker/* /bin/ && chmod +x /bin/docker* \
  && pip install docker-compose==${DOCKER_COMPOSE_VERSION} \
- && pip install docker-squash \
 # Install entrykit
  && curl -L https://github.com/progrium/entrykit/releases/download/v${ENTRYKIT_VERSION}/entrykit_${ENTRYKIT_VERSION}_Linux_x86_64.tgz | tar zx \
  && chmod +x entrykit \
@@ -41,5 +37,5 @@ ENTRYPOINT [ \
 	"switch", \
 		"shell=/bin/sh", "--", \
 	"codep", \
-		"/bin/dockerd" \
+		"/usr/local/bin/dockerd" \
 ]

docker-lib.sh

@@ -1,4 +1,5 @@
-# Ref: https://github.com/concourse/docker-image-resource/blob/master/assets/common.sh
+LOG_FILE=${LOG_FILE:-/tmp/docker.log}
+SKIP_PRIVILEGED=${SKIP_PRIVILEGED:-false}
 
 sanitize_cgroups() {
   mkdir -p /sys/fs/cgroup
@@ -13,7 +14,7 @@ sanitize_cgroups() {
       continue
     fi
 
-    grouping="$(cat /proc/self/cgroup | cut -d: -f2 | grep "\\<$sys\\>")"
+    grouping="$(cat /proc/self/cgroup | cut -d: -f2 | grep "\\<$sys\\>")" || true
     if [ -z "$grouping" ]; then
       # subsystem not mounted anywhere; mount it on its own
       grouping="$sys"
@@ -38,34 +39,47 @@ sanitize_cgroups() {
       ln -s "$mountpoint" "/sys/fs/cgroup/$sys"
     fi
   done
+
+  if ! test -e /sys/fs/cgroup/systemd ; then
+    mkdir /sys/fs/cgroup/systemd
+    mount -t cgroup -o none,name=systemd none /sys/fs/cgroup/systemd
+  fi
 }
 
 start_docker() {
   mkdir -p /var/log
   mkdir -p /var/run
 
-  sanitize_cgroups
+  if [ "$SKIP_PRIVILEGED" = "false" ]; then
+    sanitize_cgroups
 
-  # check for /proc/sys being mounted readonly, as systemd does
-  if grep '/proc/sys\s\+\w\+\s\+ro,' /proc/mounts >/dev/null; then
-    mount -o remount,rw /proc/sys
+    # check for /proc/sys being mounted readonly, as systemd does
+    if grep '/proc/sys\s\+\w\+\s\+ro,' /proc/mounts >/dev/null; then
+      mount -o remount,rw /proc/sys
+    fi
   fi
 
   local mtu=$(cat /sys/class/net/$(ip route get 8.8.8.8|awk '{ print $5 }')/mtu)
   local server_args="--mtu ${mtu}"
   local registry=""
 
-  for registry in $1; do
-    server_args="${server_args} --insecure-registry ${registry}"
-  done
+  if [ -n "$1" ]; then
+    server_args="${server_args} --max-concurrent-downloads=$1"
+  fi
 
   if [ -n "$2" ]; then
-    server_args="${server_args} --registry-mirror=$2"
+    server_args="${server_args} --max-concurrent-uploads=$2"
   fi
 
-  server_args="${server_args} --experimental=true"
+  for registry in $3; do
+    server_args="${server_args} --insecure-registry ${registry}"
+  done
+
+  if [ -n "$4" ]; then
+    server_args="${server_args} --registry-mirror $4"
+  fi
 
-  dockerd --data-root /scratch/docker ${server_args} >/tmp/docker.log 2>&1 &
+  dockerd --data-root /scratch/docker ${server_args} >$LOG_FILE 2>&1 &
   echo $! > /tmp/docker.pid
 
   trap stop_docker EXIT
@@ -84,5 +98,106 @@ stop_docker() {
     return 0
   fi
 
-  kill $pid
+  kill -TERM $pid
+}
+
+log_in() {
+  local username="$1"
+  local password="$2"
+  local registry="$3"
+
+  if [ -n "${username}" ] && [ -n "${password}" ]; then
+    docker login -u "${username}" -p "${password}" ${registry}
+  else
+    mkdir -p ~/.docker
+    echo '{"credsStore":"ecr-login"}' >> ~/.docker/config.json
+  fi
+}
+
+private_registry() {
+  local repository="${1}"
+
+  if echo "${repository}" | fgrep -q '/' ; then
+    local registry="$(extract_registry "${repository}")"
+    if echo "${registry}" | fgrep -q '.' ; then
+      return 0
+    fi
+  fi
+
+  return 1
+}
+
+extract_registry() {
+  local repository="${1}"
+
+  echo "${repository}" | cut -d/ -f1
+}
+
+extract_repository() {
+  local long_repository="${1}"
+
+  echo "${long_repository}" | cut -d/ -f2-
+}
+
+image_from_tag() {
+  docker images --no-trunc "$1" | awk "{if (\$2 == \"$2\") print \$3}"
+}
+
+image_from_digest() {
+  docker images --no-trunc --digests "$1" | awk "{if (\$3 == \"$2\") print \$4}"
+}
+
+certs_to_file() {
+  local raw_ca_certs="${1}"
+  local cert_count="$(echo $raw_ca_certs | jq -r '. | length')"
+
+  for i in $(seq 0 $(expr "$cert_count" - 1));
+  do
+    local cert_dir="/etc/docker/certs.d/$(echo $raw_ca_certs | jq -r .[$i].domain)"
+    mkdir -p "$cert_dir"
+    echo $raw_ca_certs | jq -r .[$i].cert >> "${cert_dir}/ca.crt"
+  done
+}
+
+set_client_certs() {
+  local raw_client_certs="${1}"
+  local cert_count="$(echo $raw_client_certs | jq -r '. | length')"
+
+  for i in $(seq 0 $(expr "$cert_count" - 1));
+  do
+    local cert_dir="/etc/docker/certs.d/$(echo $raw_client_certs | jq -r .[$i].domain)"
+    [ -d "$cert_dir" ] || mkdir -p "$cert_dir"
+    echo $raw_client_certs | jq -r .[$i].cert >> "${cert_dir}/client.cert"
+    echo $raw_client_certs | jq -r .[$i].key >> "${cert_dir}/client.key"
+  done
+}
+
+docker_pull() {
+  GREEN='\033[0;32m'
+  RED='\033[0;31m'
+  NC='\033[0m' # No Color
+
+  pull_attempt=1
+  max_attempts=3
+  while [ "$pull_attempt" -le "$max_attempts" ]; do
+    printf "Pulling ${GREEN}%s${NC}" "$1"
+
+    if [ "$pull_attempt" != "1" ]; then
+      printf " (attempt %s of %s)" "$pull_attempt" "$max_attempts"
+    fi
+
+    printf "...\n"
+
+    if docker pull "$1"; then
+      printf "\nSuccessfully pulled ${GREEN}%s${NC}.\n\n" "$1"
+      return
+    fi
+
+    echo
+
+    pull_attempt=$(expr "$pull_attempt" + 1)
+  done
+
+  printf "\n${RED}Failed to pull image %s.${NC}" "$1"
+  exit 1
 }