From 9cdeb805a4ca6909c054e1958c90ad66a7a22477 Mon Sep 17 00:00:00 2001
From: Yifeng Xiao <yifengx@vmware.com>
Date: Mon, 25 Feb 2019 09:11:42 +0800
Subject: [PATCH] Upgrade docker to 18.06 on Appliance and DCH

Upgrade docker to docker-18.06.2-1.ph2 on Appliance and DCH. This
version include patch for CVE-2019-5736.
---
 .drone.yml                                    |  4 +-
 dinv/dch-photon-18.06/Dockerfile              | 57 +++++++++++++++++++
 .../LATEST                                    |  0
 installer/build/bootable/build-base.sh        |  2 +-
 4 files changed, 60 insertions(+), 3 deletions(-)
 create mode 100644 dinv/dch-photon-18.06/Dockerfile
 rename dinv/{dch-photon-17.06 => dch-photon-18.06}/LATEST (100%)

diff --git a/.drone.yml b/.drone.yml
index a277df2c04..8dd772fe48 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -265,7 +265,7 @@ pipeline:
       - tests/bundle_dev_builds.sh
     when:
       repo: vmware/vic-product
-      event: [push, tag]
+      event: [push, tag,  pull_request]
       branch: [master, 'releases/*', 'feature/*', 'refs/tags/*']
       status: [success, failure]
 
@@ -322,7 +322,7 @@ pipeline:
     cache_control: 'public,max-age=3600'
     when:
       repo: vmware/vic-product
-      event: [push]
+      event: [push, pull_request]
       branch: [master]
       status: success
 
diff --git a/dinv/dch-photon-18.06/Dockerfile b/dinv/dch-photon-18.06/Dockerfile
new file mode 100644
index 0000000000..731329c7c3
--- /dev/null
+++ b/dinv/dch-photon-18.06/Dockerfile
@@ -0,0 +1,57 @@
+# Build certgen in separate container
+FROM golang:1.8 AS build-env
+# copy the non-version specific files first so version specific can overwrite
+ADD . /go/src/dinv
+ADD ./dch-photon-17.06/* /go/src/dinv/
+RUN cd /go/src/dinv && go get -v ./... && go build -o dinv && strip dinv
+
+# Build photon base image
+FROM photon:2.0 as base
+
+# Create temporary chroot environment
+ENV TEMP_CHROOT /temp_chroot
+
+RUN mkdir /data &&\
+    mkdir $TEMP_CHROOT &&\
+    mkdir -p $TEMP_CHROOT/var/lib/rpm &&\
+    tdnf install -y rpm &&\
+    rpm --root $TEMP_CHROOT/ --initdb &&\
+    rpm --root $TEMP_CHROOT --import /etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY
+
+RUN echo "> Installing photon base system in chroot, killing output to avoid offending drone" &&\
+    tdnf --releasever 2.0 --installroot $TEMP_CHROOT/ --refresh install -y \
+    bash-4.4.12-3.ph2 \
+    photon-release-2.0-2.ph2 \
+    photon-repos-2.0-2.ph2 \
+    tdnf-1.2.3-4.ph2 \
+    docker-18.06.2-1.ph2 \
+    procps-ng-3.3.15-2.ph2 \
+    iptables-1.6.1-4.ph2 > /dev/null 2>&1
+
+RUN cp /etc/resolv.conf $TEMP_CHROOT/etc/
+RUN mkdir $TEMP_CHROOT/certs
+COPY --from=build-env /go/src/dinv/dinv $TEMP_CHROOT/
+
+# Cleanup
+RUN cd $TEMP_CHROOT && rm -rf usr/src/ && rm -rf home/* && rm -rf var/log/*
+
+# Build rootfs
+RUN cd $TEMP_CHROOT && cp -pr etc/skel/. root/.
+
+# Build container
+FROM scratch
+
+LABEL maintainer "yifengx@vmware.com"
+
+ENV TERM linux
+
+COPY --from=base /temp_chroot /
+
+EXPOSE 2375 2376
+
+VOLUME /certs
+VOLUME /var/lib/docker
+
+WORKDIR /
+
+ENTRYPOINT [ "/dinv" ]
diff --git a/dinv/dch-photon-17.06/LATEST b/dinv/dch-photon-18.06/LATEST
similarity index 100%
rename from dinv/dch-photon-17.06/LATEST
rename to dinv/dch-photon-18.06/LATEST
diff --git a/installer/build/bootable/build-base.sh b/installer/build/bootable/build-base.sh
index eb3b841d48..67234956f0 100755
--- a/installer/build/bootable/build-base.sh
+++ b/installer/build/bootable/build-base.sh
@@ -86,7 +86,7 @@ function set_base() {
     iproute2 iptables iputils \
     cdrkit xfsprogs sudo \
     lvm2 parted gptfdisk \
-    e2fsprogs docker-17.06.0-9.ph2 gzip \
+    e2fsprogs docker-18.06.2-1.ph2 gzip \
     net-tools logrotate sshpass
 
   log3 "installing package dependencies"