From f66a00651399987a0643010f8d8f3df4a9b9ef32 Mon Sep 17 00:00:00 2001
From: David Michael <david.michael@coreos.com>
Date: Mon, 15 May 2017 17:21:30 -0700
Subject: [PATCH 1/5] coreos-base/coreos-init: drop Docker

---
 ...eos-init-0.0.1-r143.ebuild => coreos-init-0.0.1-r144.ebuild} | 0
 .../coreos-base/coreos-init/coreos-init-9999.ebuild             | 2 --
 2 files changed, 2 deletions(-)
 rename sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/{coreos-init-0.0.1-r143.ebuild => coreos-init-0.0.1-r144.ebuild} (100%)

diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-0.0.1-r143.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-0.0.1-r144.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-0.0.1-r143.ebuild
rename to sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-0.0.1-r144.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-9999.ebuild
index 3e579b5d7b..a6967152bf 100644
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-9999.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-9999.ebuild
@@ -29,7 +29,6 @@ REQUIRED_USE="symlink-usr"
 # Daemons we enable here must installed during build/install in addition to
 # during runtime so the systemd unit enable step works.
 DEPEND="
-	app-emulation/docker
 	net-misc/openssh
 	net-nds/rpcbind
 	!<dev-db/etcd-0.0.1-r6
@@ -49,7 +48,6 @@ src_install() {
 
 	# Enable some sockets that aren't enabled by their own ebuilds.
 	systemd_enable_service sockets.target sshd.socket
-	systemd_enable_service sockets.target docker.socket
 
 	# Enable some services that aren't enabled elsewhere.
 	systemd_enable_service rpcbind.target rpcbind.service

From 721e8b74b335e0690e2895e3eb5f24345ba3f657 Mon Sep 17 00:00:00 2001
From: David Michael <david.michael@coreos.com>
Date: Tue, 13 Jun 2017 12:03:30 -0700
Subject: [PATCH 2/5] coreos-base/coreos: drop Docker

---
 .../{coreos-0.0.1-r283.ebuild => coreos-0.0.1-r284.ebuild}       | 0
 .../coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild        | 1 -
 2 files changed, 1 deletion(-)
 rename sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/{coreos-0.0.1-r283.ebuild => coreos-0.0.1-r284.ebuild} (100%)

diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1-r283.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1-r284.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1-r283.ebuild
rename to sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1-r284.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild
index 89e479f295..a50c37286d 100644
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild
@@ -102,7 +102,6 @@ RDEPEND="${RDEPEND}
 	app-crypt/gnupg
 	app-crypt/tpmpolicy
 	app-editors/vim
-	app-emulation/docker
 	app-emulation/rkt
 	app-emulation/actool
 	app-misc/ca-certificates

From 4c0f8a4a9f4edf130409426b8dc2a536d3a349c7 Mon Sep 17 00:00:00 2001
From: David Michael <david.michael@coreos.com>
Date: Mon, 15 May 2017 17:27:41 -0700
Subject: [PATCH 3/5] app-torcx/docker: package Docker for torcx

---
 .../app-torcx/docker/docker-1.12.ebuild       | 26 +++++++++++++++++
 .../app-torcx/docker/docker-17.05.ebuild      | 28 ++++++++++++++++++
 .../docker/files/docker-1.12-manifest.json    | 27 +++++++++++++++++
 .../docker/files/docker-17.05-manifest.json   | 29 +++++++++++++++++++
 .../coreos-overlay/profiles/categories        |  1 +
 5 files changed, 111 insertions(+)
 create mode 100644 sdk_container/src/third_party/coreos-overlay/app-torcx/docker/docker-1.12.ebuild
 create mode 100644 sdk_container/src/third_party/coreos-overlay/app-torcx/docker/docker-17.05.ebuild
 create mode 100644 sdk_container/src/third_party/coreos-overlay/app-torcx/docker/files/docker-1.12-manifest.json
 create mode 100644 sdk_container/src/third_party/coreos-overlay/app-torcx/docker/files/docker-17.05-manifest.json

diff --git a/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/docker-1.12.ebuild b/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/docker-1.12.ebuild
new file mode 100644
index 0000000000..2878868b25
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/docker-1.12.ebuild
@@ -0,0 +1,26 @@
+# Copyright (c) 2017 CoreOS, Inc.. All rights reserved.
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=2
+
+DESCRIPTION="Packages to be installed in a torcx image for Docker"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="amd64 arm64"
+
+# Explicitly list all packages that will be built into the image.
+RDEPEND="
+	=app-emulation/docker-1.12.6-r5
+	=app-emulation/containerd-0.2.5-r2
+	=app-emulation/runc-1.0.0_rc2_p9
+"
+
+src_install() {
+	insinto /.torcx
+	newins "${FILESDIR}/${PN}-${PV}-manifest.json" manifest.json
+
+	# Enable the Docker socket by default.
+	local unitdir=/usr/lib/systemd/system
+	dosym ../docker.socket "${unitdir}/sockets.target.wants/docker.socket"
+}
diff --git a/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/docker-17.05.ebuild b/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/docker-17.05.ebuild
new file mode 100644
index 0000000000..8cbbc4830e
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/docker-17.05.ebuild
@@ -0,0 +1,28 @@
+# Copyright (c) 2017 CoreOS, Inc.. All rights reserved.
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=2
+
+DESCRIPTION="Packages to be installed in a torcx image for Docker"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="amd64 arm64"
+
+# Explicitly list all packages that will be built into the image.
+RDEPEND="
+	=app-emulation/docker-17.05.0
+	=app-emulation/containerd-0.2.7_p2
+	=app-emulation/docker-proxy-0.8.0_p20170410
+	=app-emulation/runc-1.0.0_rc2_p137
+	=sys-process/tini-0.13.2
+"
+
+src_install() {
+	insinto /.torcx
+	newins "${FILESDIR}/${PN}-${PV}-manifest.json" manifest.json
+
+	# Enable the Docker socket by default.
+	local unitdir=/usr/lib/systemd/system
+	dosym ../docker.socket "${unitdir}/sockets.target.wants/docker.socket"
+}
diff --git a/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/files/docker-1.12-manifest.json b/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/files/docker-1.12-manifest.json
new file mode 100644
index 0000000000..b8bdf18da4
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/files/docker-1.12-manifest.json
@@ -0,0 +1,27 @@
+{
+    "kind": "image-manifest-v0",
+    "value": {
+        "bin": [
+            "/bin/containerd",
+            "/bin/containerd-shim",
+            "/bin/ctr",
+            "/bin/docker",
+            "/bin/docker-containerd",
+            "/bin/docker-containerd-shim",
+            "/bin/docker-proxy",
+            "/bin/docker-runc",
+            "/bin/dockerd",
+            "/bin/runc"
+        ],
+        "network": [
+            "/lib/systemd/network/50-docker.network",
+            "/lib/systemd/network/90-docker-veth.network"
+        ],
+        "units": [
+            "/lib/systemd/system/containerd.service",
+            "/lib/systemd/system/docker.service",
+            "/lib/systemd/system/docker.socket",
+            "/lib/systemd/system/sockets.target.wants"
+        ]
+    }
+}
diff --git a/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/files/docker-17.05-manifest.json b/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/files/docker-17.05-manifest.json
new file mode 100644
index 0000000000..190f9e8538
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/files/docker-17.05-manifest.json
@@ -0,0 +1,29 @@
+{
+    "kind": "image-manifest-v0",
+    "value": {
+        "bin": [
+            "/bin/containerd",
+            "/bin/containerd-shim",
+            "/bin/ctr",
+            "/bin/docker",
+            "/bin/docker-containerd",
+            "/bin/docker-containerd-shim",
+            "/bin/docker-init",
+            "/bin/docker-proxy",
+            "/bin/docker-runc",
+            "/bin/dockerd",
+            "/bin/runc",
+            "/bin/tini"
+        ],
+        "network": [
+            "/lib/systemd/network/50-docker.network",
+            "/lib/systemd/network/90-docker-veth.network"
+        ],
+        "units": [
+            "/lib/systemd/system/containerd.service",
+            "/lib/systemd/system/docker.service",
+            "/lib/systemd/system/docker.socket",
+            "/lib/systemd/system/sockets.target.wants"
+        ]
+    }
+}
diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/categories b/sdk_container/src/third_party/coreos-overlay/profiles/categories
index 6c9a7f4078..55f2602a34 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/categories
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/categories
@@ -21,6 +21,7 @@ app-pda
 app-portage
 app-shells
 app-text
+app-torcx
 app-vim
 app-xemacs
 chromeos-base

From 8a2241f45a847a3f8f92f661f18a687a8e088fab Mon Sep 17 00:00:00 2001
From: David Michael <david.michael@coreos.com>
Date: Tue, 13 Jun 2017 12:20:31 -0700
Subject: [PATCH 4/5] app-arch/torcx: enable Docker in the vendor profile

This also adds placeholder wrapper scripts so previous commands
still work.  The dockerd wrapper was taken from the Docker package
to account for users that edited docker.service instead of using
dropins to configure it.
---
 .../app-arch/torcx/files/compat-wrapper.sh    | 33 +++++++++++++++
 .../app-arch/torcx/files/dockerd-wrapper.sh   | 41 +++++++++++++++++++
 .../app-arch/torcx/files/vendor.json          | 11 +++++
 .../app-arch/torcx/torcx-9999.ebuild          |  8 ++++
 4 files changed, 93 insertions(+)
 create mode 100644 sdk_container/src/third_party/coreos-overlay/app-arch/torcx/files/compat-wrapper.sh
 create mode 100644 sdk_container/src/third_party/coreos-overlay/app-arch/torcx/files/dockerd-wrapper.sh

diff --git a/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/files/compat-wrapper.sh b/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/files/compat-wrapper.sh
new file mode 100644
index 0000000000..122162deca
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/files/compat-wrapper.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+set -e
+
+bin=${0##*/}
+seal=/run/metadata/torcx
+
+if [ -z "${bin}" ]
+then
+        echo 'Failed to determine the executed program name.' 1>&2
+        exit 1
+fi
+
+if [ -s "${seal}" ]
+then
+        . "${seal}"
+else
+        echo "The program ${bin} is managed by torcx, which did not run." 1>&2
+        exit 1
+fi
+
+if [ -z "${TORCX_BINDIR-}" ]
+then
+        echo "The torcx seal file ${seal} is invalid." 1>&2
+        exit 1
+fi
+
+if [ ! -x "${TORCX_BINDIR}/${bin}" ]
+then
+        echo "The current torcx profile did not install a ${bin} program." 1>&2
+        exit 1
+fi
+
+PATH="${TORCX_BINDIR}${PATH:+:${PATH}}" exec "${TORCX_BINDIR}/${bin}" "$@"
diff --git a/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/files/dockerd-wrapper.sh b/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/files/dockerd-wrapper.sh
new file mode 100644
index 0000000000..2a94d06561
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/files/dockerd-wrapper.sh
@@ -0,0 +1,41 @@
+#!/bin/bash
+# Wrapper for launching docker daemons with selinux default on
+# This wrapper script has been deprecated (euank: 2017-05-09) and is retained
+# for backwards compatibility.
+
+set -e
+
+parse_docker_args() {
+    local flag
+    while [[ $# -gt 0 ]]; do
+        flag="$1"
+        shift
+
+        # treat --flag=foo and --flag foo identically
+        if [[ "${flag}" == *=* ]]; then
+            set -- "${flag#*=}" "$@"
+            flag="${flag%=*}"
+        fi
+
+        case "${flag}" in
+            --selinux-enabled)
+                ARG_SELINUX="$1"
+                shift
+                ;;
+            *)
+                # ignore everything else
+                ;;
+        esac
+    done
+}
+
+parse_docker_args "$@"
+
+USE_SELINUX=""
+# Do not override selinux if it is already explicitly configured.
+if [[ -z "${ARG_SELINUX}" ]]; then
+        # If unspecified, default on
+        USE_SELINUX="--selinux-enabled"
+fi
+
+exec dockerd "$@" ${USE_SELINUX}
diff --git a/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/files/vendor.json b/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/files/vendor.json
index e69de29bb2..4480c4e767 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/files/vendor.json
+++ b/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/files/vendor.json
@@ -0,0 +1,11 @@
+{
+    "kind": "profile-manifest-v0",
+    "value": {
+        "images": [
+            {
+                "name": "docker",
+                "reference": "com.coreos.cl"
+            }
+        ]
+    }
+}
diff --git a/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-9999.ebuild
index 228da33af2..f603802656 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-9999.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-9999.ebuild
@@ -46,4 +46,12 @@ src_install() {
 	insinto "${vendordir}/profiles"
 	doins "${FILESDIR}/vendor.json"
 	dodir "${vendordir}/store"
+
+	# Preserve program paths for torcx packages.
+	newbin "${FILESDIR}/compat-wrapper.sh" docker
+	for link in {docker-,}{containerd{,-shim},runc} ctr docker-{init,proxy} dockerd tini
+	do ln -fns docker "${ED}/usr/bin/${link}"
+	done
+	exeinto /usr/lib/coreos
+	newexe "${FILESDIR}/dockerd-wrapper.sh" dockerd
 }

From c9e21659fb0a0c3b88b16707bb8cc75f57da24a7 Mon Sep 17 00:00:00 2001
From: David Michael <david.michael@coreos.com>
Date: Thu, 15 Jun 2017 08:56:14 -0700
Subject: [PATCH 5/5] app-arch/torcx: bump to 0.1.0 alpha 2a

---
 .../{torcx-0.1.0_alpha1.ebuild => torcx-0.1.0_alpha2.ebuild}    | 0
 .../third_party/coreos-overlay/app-arch/torcx/torcx-9999.ebuild | 2 +-
 2 files changed, 1 insertion(+), 1 deletion(-)
 rename sdk_container/src/third_party/coreos-overlay/app-arch/torcx/{torcx-0.1.0_alpha1.ebuild => torcx-0.1.0_alpha2.ebuild} (100%)

diff --git a/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-0.1.0_alpha1.ebuild b/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-0.1.0_alpha2.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-0.1.0_alpha1.ebuild
rename to sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-0.1.0_alpha2.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-9999.ebuild
index f603802656..2cbca95b21 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-9999.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-9999.ebuild
@@ -11,7 +11,7 @@ COREOS_GO_VERSION="go1.8"
 if [[ "${PV}" == 9999 ]]; then
 	KEYWORDS="~amd64 ~arm64"
 else
-	CROS_WORKON_COMMIT="1987d1c516c6925280fade659569d5062999a1db" # v0.1.0-alpha.1a
+	CROS_WORKON_COMMIT="72f5f2721b867b158f14657d0ebe97fad8019a7a" # v0.1.0-alpha.2a
 	KEYWORDS="amd64 arm64"
 fi