*: purge dockerinit from source code

dockerinit has been around for a very long time. It was originally used
as a way for us to do configuration for LXC containers once the
container had started. LXC is no longer supported, and /.dockerinit has
been dead code for quite a while. This removes all code and references
in code to dockerinit.

Signed-off-by: Aleksa Sarai <asarai@suse.com>

Dockerfile

@@ -96,8 +96,7 @@ RUN set -x \
 ENV PATH /osxcross/target/bin:$PATH
 
 # install seccomp
-# this can be changed to the ubuntu package libseccomp-dev if dockerinit is removed,
-# we need libseccomp.a (which the package does not provide) for dockerinit
+# TODO: switch to libseccomp-dev since dockerinit is gone
 ENV SECCOMP_VERSION 2.2.3
 RUN set -x \
 	&& export SECCOMP_PATH="$(mktemp -d)" \
@@ -114,7 +113,7 @@ RUN set -x \
 
 # Install Go
 # IMPORTANT: If the version of Go is updated, the Windows to Linux CI machines
-#            will need updating, to avoid errors. Ping #docker-maintainers on IRC 
+#            will need updating, to avoid errors. Ping #docker-maintainers on IRC
 #            with a heads-up.
 ENV GO_VERSION 1.5.3
 RUN curl -fsSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" \

Dockerfile.armhf

@@ -111,8 +111,7 @@ RUN git clone https://github.com/golang/lint.git /go/src/github.com/golang/lint
 	&& go install -v github.com/golang/lint/golint
 
 # install seccomp
-# this can be changed to the ubuntu package libseccomp-dev if dockerinit is removed,
-# we need libseccomp.a (which the package does not provide) for dockerinit
+# TODO: switch to libseccomp-dev since dockerinit is gone
 ENV SECCOMP_VERSION 2.2.3
 RUN set -x \
 	&& export SECCOMP_PATH="$(mktemp -d)" \

Dockerfile.gccgo

@@ -42,8 +42,7 @@ RUN cd /usr/local/lvm2 \
 # see https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL
 
 # install seccomp
-# this can be changed to the ubuntu package libseccomp-dev if dockerinit is removed,
-# we need libseccomp.a (which the package does not provide) for dockerinit
+# TODO: switch to libseccomp-dev since dockerinit is gone
 ENV SECCOMP_VERSION v2.2.3
 RUN set -x \
     && export SECCOMP_PATH=$(mktemp -d) \

api/client/info.go

@@ -74,8 +74,6 @@ func (cli *DockerCli) CmdInfo(args ...string) error {
 		fmt.Fprintf(cli.out, " Goroutines: %d\n", info.NGoroutines)
 		fmt.Fprintf(cli.out, " System Time: %s\n", info.SystemTime)
 		fmt.Fprintf(cli.out, " EventsListeners: %d\n", info.NEventsListener)
-		fmt.Fprintf(cli.out, " Init SHA1: %s\n", info.InitSha1)
-		fmt.Fprintf(cli.out, " Init Path: %s\n", info.InitPath)
 		fmt.Fprintf(cli.out, " Docker Root Dir: %s\n", info.DockerRootDir)
 	}
 

container/container_unix.go

@@ -63,10 +63,6 @@ func (container *Container) CreateDaemonEnvironment(linkedEnv []string) []string
 	env := []string{
 		"PATH=" + system.DefaultPathEnv,
 		"HOSTNAME=" + fullHostname,
-		// Note: we don't set HOME here because it'll get autoset intelligently
-		// based on the value of USER inside dockerinit, but only if it isn't
-		// set already (ie, that can be overridden by setting HOME via -e or ENV
-		// in a Dockerfile).
 	}
 	if container.Config.Tty {
 		env = append(env, "TERM=xterm")

contrib/builder/rpm/generate.sh

@@ -118,9 +118,7 @@ for version in "${versions[@]}"; do
 
 	echo >> "$version/Dockerfile"
 
-	# fedora does not have a libseccomp.a for compiling static dockerinit
-	# ONLY install libseccomp.a from source, this can be removed once dockerinit is removed
-	# TODO remove this manual seccomp compilation once dockerinit is gone or no longer needs to be statically compiled
+	# TODO remove this since dockerinit is finally gone
 	case "$from" in
 		fedora:*)
 			awk '$1 == "ENV" && $2 == "SECCOMP_VERSION" { print; exit }' ../../../Dockerfile >> "$version/Dockerfile"

daemon/container_operations_unix.go

@@ -254,7 +254,6 @@ func (daemon *Daemon) populateCommand(c *container.Container, env []string) erro
 	c.Command = &execdriver.Command{
 		CommonCommand: execdriver.CommonCommand{
 			ID:            c.ID,
-			InitPath:      "/.dockerinit",
 			MountLabel:    c.GetMountLabel(),
 			Network:       en,
 			ProcessConfig: processConfig,

daemon/container_operations_windows.go

@@ -124,7 +124,6 @@ func (daemon *Daemon) populateCommand(c *container.Container, env []string) erro
 		CommonCommand: execdriver.CommonCommand{
 			ID:            c.ID,
 			Rootfs:        c.BaseFS,
-			InitPath:      "/.dockerinit",
 			WorkingDir:    c.Config.WorkingDir,
 			Network:       en,
 			MountLabel:    c.GetMountLabel(),

daemon/daemon_unix.go

@@ -688,8 +688,7 @@ func initBridgeDriver(controller libnetwork.NetworkController, config *Config) e
 }
 
 // setupInitLayer populates a directory with mountpoints suitable
-// for bind-mounting dockerinit into the container. The mountpoint is simply an
-// empty file at /.dockerinit
+// for bind-mounting things into the container.
 //
 // This extra layer is used by all containers as the top-most ro layer. It protects
 // the container from unwanted side-effects on the rw layer.
@@ -699,7 +698,6 @@ func setupInitLayer(initLayer string, rootUID, rootGID int) error {
 		"/dev/shm":         "dir",
 		"/proc":            "dir",
 		"/sys":             "dir",
-		"/.dockerinit":     "file",
 		"/.dockerenv":      "file",
 		"/etc/resolv.conf": "file",
 		"/etc/hosts":       "file",

daemon/execdriver/driver.go

@@ -131,7 +131,6 @@ type CommonProcessConfig struct {
 type CommonCommand struct {
 	ContainerPid  int           `json:"container_pid"` // the pid for the process inside a container
 	ID            string        `json:"id"`
-	InitPath      string        `json:"initpath"`    // dockerinit
 	MountLabel    string        `json:"mount_label"` // TODO Windows. More involved, but can be factored out
 	Mounts        []Mount       `json:"mounts"`
 	Network       *Network      `json:"network"`

daemon/info.go

@@ -49,11 +49,6 @@ func (daemon *Daemon) SystemInfo() (*types.Info, error) {
 		logrus.Errorf("Could not read system memory info: %v", err)
 	}
 
-	// if we still have the original dockerinit binary from before
-	// we copied it locally, let's return the path to that, since
-	// that's more intuitive (the copied path is trivial to derive
-	// by hand given VERSION)
-	initPath := utils.DockerInitPath("")
 	sysInfo := sysinfo.New(true)
 
 	var cRunning, cPaused, cStopped int32
@@ -94,8 +89,6 @@ func (daemon *Daemon) SystemInfo() (*types.Info, error) {
 		OSType:             platform.OSType,
 		Architecture:       platform.Architecture,
 		RegistryConfig:     daemon.RegistryService.Config,
-		InitSha1:           dockerversion.InitSHA1,
-		InitPath:           initPath,
 		NCPU:               runtime.NumCPU(),
 		MemTotal:           meminfo.MemTotal,
 		DockerRootDir:      daemon.configStore.Root,

dockerinit/dockerinit.go

@@ -1,11 +0,0 @@
-package main
-
-import (
-	_ "github.com/docker/docker/daemon/execdriver/native"
-	"github.com/docker/docker/pkg/reexec"
-)
-
-func main() {
-	// Running in init mode
-	reexec.Init()
-}

dockerversion/version_lib.go

@@ -9,8 +9,5 @@ const (
 	GitCommit string = "library-import"
 	Version   string = "library-import"
 	BuildTime string = "library-import"
-
 	IAmStatic string = "library-import"
-	InitSHA1  string = "library-import"
-	InitPath  string = "library-import"
 )

hack/.vendor-helpers.sh

@@ -76,7 +76,6 @@ _dockerfile_env() {
 clean() {
 	local packages=(
 		"${PROJECT}/docker" # package main
-		"${PROJECT}/dockerinit" # package main
 		"${PROJECT}/integration-cli" # external tests
 	)
 	local dockerPlatforms=( ${DOCKER_ENGINE_OSARCH:="linux/amd64"} $(_dockerfile_env DOCKER_CROSSPLATFORMS) )

hack/make.sh

@@ -237,7 +237,6 @@ test_env() {
 		HOME="$ABS_DEST/fake-HOME" \
 		PATH="$PATH" \
 		TEMP="$TEMP" \
-		TEST_DOCKERINIT_PATH="$TEST_DOCKERINIT_PATH" \
 		"$@"
 }
 

hack/make/.build-deb/rules

@@ -17,14 +17,12 @@ override_dh_auto_test:
 	./bundles/$(VERSION)/dynbinary/docker -v
 
 override_dh_strip:
-	# the SHA1 of dockerinit is important: don't strip it
-	# also, Go has lots of problems with stripping, so just don't
+	# Go has lots of problems with stripping, so just don't
 
 override_dh_auto_install:
 	mkdir -p debian/docker-engine/usr/bin
 	cp -aT "$$(readlink -f bundles/$(VERSION)/dynbinary/docker)" debian/docker-engine/usr/bin/docker
 	mkdir -p debian/docker-engine/usr/lib/docker
-	cp -aT "$$(readlink -f bundles/$(VERSION)/dynbinary/dockerinit)" debian/docker-engine/usr/lib/docker/dockerinit
 
 override_dh_installinit:
 	# use "docker" as our service name, not "docker-engine"

hack/make/.build-rpm/docker-engine.spec

@@ -11,11 +11,6 @@ URL: https://dockerproject.org
 Vendor: Docker
 Packager: Docker <support@docker.com>
 
-# docker builds in a checksum of dockerinit into docker,
-# # so stripping the binaries breaks docker
-%global __os_install_post %{_rpmconfigdir}/brp-compress
-%global debug_package %{nil}
-
 # is_systemd conditional
 %if 0%{?fedora} >= 21 || 0%{?centos} >= 7 || 0%{?rhel} >= 7 || 0%{?suse_version} >= 1300
 %global is_systemd 1
@@ -124,10 +119,6 @@ export DOCKER_GITCOMMIT=%{_gitcommit}
 install -d $RPM_BUILD_ROOT/%{_bindir}
 install -p -m 755 bundles/%{_origversion}/dynbinary/docker-%{_origversion} $RPM_BUILD_ROOT/%{_bindir}/docker
 
-# install dockerinit
-install -d $RPM_BUILD_ROOT/%{_libexecdir}/docker
-install -p -m 755 bundles/%{_origversion}/dynbinary/dockerinit-%{_origversion} $RPM_BUILD_ROOT/%{_libexecdir}/docker/dockerinit
-
 # install udev rules
 install -d $RPM_BUILD_ROOT/%{_sysconfdir}/udev/rules.d
 install -p -m 644 contrib/udev/80-docker.rules $RPM_BUILD_ROOT/%{_sysconfdir}/udev/rules.d/80-docker.rules
@@ -175,7 +166,6 @@ install -p -m 644 contrib/syntax/nano/Dockerfile.nanorc $RPM_BUILD_ROOT/usr/shar
 %files
 %doc AUTHORS CHANGELOG.md CONTRIBUTING.md LICENSE MAINTAINERS NOTICE README.md
 /%{_bindir}/docker
-/%{_libexecdir}/docker/dockerinit
 /%{_sysconfdir}/udev/rules.d/80-docker.rules
 %if 0%{?is_systemd}
 /%{_unitdir}/docker.service

hack/make/.dockerinit

@@ -1,33 +0,0 @@
-#!/bin/bash
-set -e
-
-IAMSTATIC="true"
-source "${MAKEDIR}/.go-autogen"
-
-# dockerinit still needs to be a static binary, even if docker is dynamic
-go build \
-	-o "$DEST/dockerinit-$VERSION" \
-	"${BUILDFLAGS[@]}" \
-	-ldflags "
-		$LDFLAGS
-		$LDFLAGS_STATIC
-		-extldflags \"$EXTLDFLAGS_STATIC\"
-	" \
-	./dockerinit
-
-echo "Created binary: $DEST/dockerinit-$VERSION"
-ln -sf "dockerinit-$VERSION" "$DEST/dockerinit"
-
-sha1sum=
-if command -v sha1sum &> /dev/null; then
-	sha1sum=sha1sum
-elif command -v shasum &> /dev/null; then
-	# Mac OS X - why couldn't they just use the same command name and be happy?
-	sha1sum=shasum
-else
-	echo >&2 'error: cannot find sha1sum command or equivalent'
-	exit 1
-fi
-
-# sha1 our new dockerinit to ensure separate docker and dockerinit always run in a perfect pair compiled for one another
-export DOCKER_INITSHA1=$($sha1sum "$DEST/dockerinit-$VERSION" | cut -d' ' -f1)

hack/make/.dockerinit-gccgo

@@ -1,31 +0,0 @@
-#!/bin/bash
-set -e
-
-IAMSTATIC="true"
-source "${MAKEDIR}/.go-autogen"
-
-# dockerinit still needs to be a static binary, even if docker is dynamic
-go build --compiler=gccgo \
-	-o "$DEST/dockerinit-$VERSION" \
-	"${BUILDFLAGS[@]}" \
-	--gccgoflags "
-		-g
-		-Wl,--no-export-dynamic
-		$EXTLDFLAGS_STATIC
-		-lnetgo
-	" \
-	./dockerinit
-
-echo "Created binary: $DEST/dockerinit-$VERSION"
-ln -sf "dockerinit-$VERSION" "$DEST/dockerinit"
-
-sha1sum=
-if command -v sha1sum &> /dev/null; then
-	sha1sum=sha1sum
-else
-	echo >&2 'error: cannot find sha1sum command or equivalent'
-	exit 1
-fi
-
-# sha1 our new dockerinit to ensure separate docker and dockerinit always run in a perfect pair compiled for one another
-export DOCKER_INITSHA1=$($sha1sum "$DEST/dockerinit-$VERSION" | cut -d' ' -f1)

hack/make/.go-autogen

@@ -14,10 +14,7 @@ const (
 	GitCommit string = "$GITCOMMIT"
 	Version   string = "$VERSION"
 	BuildTime string = "$BUILDTIME"
-
 	IAmStatic string = "${IAMSTATIC:-true}"
-	InitSHA1  string = "$DOCKER_INITSHA1"
-	InitPath  string = "$DOCKER_INITPATH"
 )
 // AUTOGENERATED FILE; see $BASH_SOURCE
 DVEOF
@@ -44,9 +41,9 @@ When make binary is run, the Dockerfile prepares the build environment by:
 
 make.sh invokes hack/make/.go-autogen to:
 
- - Run rsrc to create a binary file (autogen/winresources/rsrc.syso) that 
-   contains the manifest and icon. This file is automatically picked up by 
-   'go build', so no post-processing steps are required. The sources for 
+ - Run rsrc to create a binary file (autogen/winresources/rsrc.syso) that
+   contains the manifest and icon. This file is automatically picked up by
+   'go build', so no post-processing steps are required. The sources for
    rsrc.syso are under hack/make/.resources-windows.
 
 */

hack/make/dynbinary

@@ -1,16 +1,6 @@
 #!/bin/bash
 set -e
 
-if [ -z "$DOCKER_CLIENTONLY" ]; then
-	source "${MAKEDIR}/.dockerinit"
-
-	hash_files "$DEST/dockerinit-$VERSION"
-else
-	# DOCKER_CLIENTONLY must be truthy, so we don't need to bother with dockerinit :)
-	export DOCKER_INITSHA1=""
-fi
-# DOCKER_INITSHA1 is exported so that other bundlescripts can easily access it later without recalculating it
-
 (
 	export IAMSTATIC="false"
 	export LDFLAGS_STATIC_DOCKER=''

hack/make/dyngccgo

@@ -1,16 +1,6 @@
 #!/bin/bash
 set -e
 
-if [ -z "$DOCKER_CLIENTONLY" ]; then
-	source "${MAKEDIR}/.dockerinit-gccgo"
-
-	hash_files "$DEST/dockerinit-$VERSION"
-else
-	# DOCKER_CLIENTONLY must be truthy, so we don't need to bother with dockerinit :)
-	export DOCKER_INITSHA1=""
-fi
-# DOCKER_INITSHA1 is exported so that other bundlescripts can easily access it later without recalculating it
-
 (
 	export IAMSTATIC="false"
 	export EXTLDFLAGS_STATIC=''

integration-cli/docker_cli_diff_test.go

@@ -27,10 +27,10 @@ func (s *DockerSuite) TestDiffFilenameShownInOutput(c *check.C) {
 }
 
 // test to ensure GH #3840 doesn't occur any more
-func (s *DockerSuite) TestDiffEnsureDockerinitFilesAreIgnored(c *check.C) {
+func (s *DockerSuite) TestDiffEnsureInitLayerFilesAreIgnored(c *check.C) {
 	testRequires(c, DaemonIsLinux)
 	// this is a list of files which shouldn't show up in `docker diff`
-	dockerinitFiles := []string{"/etc/resolv.conf", "/etc/hostname", "/etc/hosts", "/.dockerinit", "/.dockerenv"}
+	initLayerFiles := []string{"/etc/resolv.conf", "/etc/hostname", "/etc/hosts", "/.dockerenv"}
 	containerCount := 5
 
 	// we might not run into this problem from the first run, so start a few containers
@@ -41,7 +41,7 @@ func (s *DockerSuite) TestDiffEnsureDockerinitFilesAreIgnored(c *check.C) {
 		cleanCID := strings.TrimSpace(out)
 		out, _ = dockerCmd(c, "diff", cleanCID)
 
-		for _, filename := range dockerinitFiles {
+		for _, filename := range initLayerFiles {
 			c.Assert(out, checker.Not(checker.Contains), filename)
 		}
 	}

pkg/mount/mountinfo_linux_test.go

@@ -224,7 +224,6 @@ const (
 43 16 0:34 / /proc/fs/nfsd rw,nosuid,nodev,noexec,relatime - nfsd nfsd rw
 44 15 0:35 / /home/tianon/.gvfs rw,nosuid,nodev,relatime - fuse.gvfs-fuse-daemon gvfs-fuse-daemon rw,user_id=1000,group_id=1000
 68 15 0:3336 / /var/lib/docker/aufs/mnt/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd rw,relatime - aufs none rw,si=9b4a7640128db39c
-85 68 8:6 /var/lib/docker/init/dockerinit-0.7.2-dev//deleted /var/lib/docker/aufs/mnt/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/.dockerinit rw,noatime,nodiratime - ext4 /dev/sda6 rw,data=ordered
 86 68 8:6 /var/lib/docker/containers/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/config.env /var/lib/docker/aufs/mnt/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/.dockerenv rw,noatime,nodiratime - ext4 /dev/sda6 rw,data=ordered
 87 68 8:6 /etc/resolv.conf /var/lib/docker/aufs/mnt/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/etc/resolv.conf rw,noatime,nodiratime - ext4 /dev/sda6 rw,data=ordered
 88 68 8:6 /var/lib/docker/containers/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/hostname /var/lib/docker/aufs/mnt/3597a1a6d6298c1decc339ebb90aad6f7d6ba2e15af3131b1f85e7ee4787a0cd/etc/hostname rw,noatime,nodiratime - ext4 /dev/sda6 rw,data=ordered

utils/utils.go

@@ -1,124 +1,17 @@
 package utils
 
 import (
-	"crypto/sha1"
-	"encoding/hex"
 	"fmt"
-	"io"
 	"io/ioutil"
 	"os"
-	"os/exec"
-	"path/filepath"
 	"runtime"
 	"strings"
 
 	"github.com/docker/distribution/registry/api/errcode"
-	"github.com/docker/docker/dockerversion"
 	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/stringid"
 )
 
-// SelfPath figures out the absolute path of our own binary (if it's still around).
-func SelfPath() string {
-	path, err := exec.LookPath(os.Args[0])
-	if err != nil {
-		if os.IsNotExist(err) {
-			return ""
-		}
-		if execErr, ok := err.(*exec.Error); ok && os.IsNotExist(execErr.Err) {
-			return ""
-		}
-		panic(err)
-	}
-	path, err = filepath.Abs(path)
-	if err != nil {
-		if os.IsNotExist(err) {
-			return ""
-		}
-		panic(err)
-	}
-	return path
-}
-
-func dockerInitSha1(target string) string {
-	f, err := os.Open(target)
-	if err != nil {
-		return ""
-	}
-	defer f.Close()
-	h := sha1.New()
-	_, err = io.Copy(h, f)
-	if err != nil {
-		return ""
-	}
-	return hex.EncodeToString(h.Sum(nil))
-}
-
-func isValidDockerInitPath(target string, selfPath string) bool { // target and selfPath should be absolute (InitPath and SelfPath already do this)
-	if target == "" {
-		return false
-	}
-	if dockerversion.IAmStatic == "true" {
-		if selfPath == "" {
-			return false
-		}
-		if target == selfPath {
-			return true
-		}
-		targetFileInfo, err := os.Lstat(target)
-		if err != nil {
-			return false
-		}
-		selfPathFileInfo, err := os.Lstat(selfPath)
-		if err != nil {
-			return false
-		}
-		return os.SameFile(targetFileInfo, selfPathFileInfo)
-	}
-	return dockerversion.InitSHA1 != "" && dockerInitSha1(target) == dockerversion.InitSHA1
-}
-
-// DockerInitPath figures out the path of our dockerinit (which may be SelfPath())
-func DockerInitPath(localCopy string) string {
-	selfPath := SelfPath()
-	if isValidDockerInitPath(selfPath, selfPath) {
-		// if we're valid, don't bother checking anything else
-		return selfPath
-	}
-	var possibleInits = []string{
-		localCopy,
-		dockerversion.InitPath,
-		filepath.Join(filepath.Dir(selfPath), "dockerinit"),
-
-		// FHS 3.0 Draft: "/usr/libexec includes internal binaries that are not intended to be executed directly by users or shell scripts. Applications may use a single subdirectory under /usr/libexec."
-		// https://www.linuxbase.org/betaspecs/fhs/fhs.html#usrlibexec
-		"/usr/libexec/docker/dockerinit",
-		"/usr/local/libexec/docker/dockerinit",
-
-		// FHS 2.3: "/usr/lib includes object files, libraries, and internal binaries that are not intended to be executed directly by users or shell scripts."
-		// https://refspecs.linuxfoundation.org/FHS_2.3/fhs-2.3.html#USRLIBLIBRARIESFORPROGRAMMINGANDPA
-		"/usr/lib/docker/dockerinit",
-		"/usr/local/lib/docker/dockerinit",
-	}
-	for _, dockerInit := range possibleInits {
-		if dockerInit == "" {
-			continue
-		}
-		path, err := exec.LookPath(dockerInit)
-		if err == nil {
-			path, err = filepath.Abs(path)
-			if err != nil {
-				// LookPath already validated that this file exists and is executable (following symlinks), so how could Abs fail?
-				panic(err)
-			}
-			if isValidDockerInitPath(path, selfPath) {
-				return path
-			}
-		}
-	}
-	return ""
-}
-
 var globalTestID string
 
 // TestDirectory creates a new temporary directory and returns its path.