From 4344bd8f14e114f8f805a9fc6b816afc6f59e22a Mon Sep 17 00:00:00 2001
From: Kir Kolyshkin <kolyshkin@gmail.com>
Date: Fri, 27 Nov 2020 13:52:15 -0800
Subject: [PATCH 1/3] Dockerfile: use binary criu release

This "reverts" commit 9ff7b82f9. We use the repo provided and maintained
by the CRIU team instead of compiling it from source.

While at it,

1. Don't install packages that were solely needed to compile CRIU.

2. Combine all apt-related stuff into a single step, so we don't
   download and then remove apt metadata 3 times.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
---
 Dockerfile | 38 ++++++++------------------------------
 1 file changed, 8 insertions(+), 30 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index d8935434244..f3d58f89a4b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,17 +1,21 @@
 ARG GO_VERSION=1.15
 ARG BATS_VERSION=v1.2.0
-ARG CRIU_VERSION=v3.15
 
 FROM golang:${GO_VERSION}-buster
 ARG DEBIAN_FRONTEND=noninteractive
 
-RUN dpkg --add-architecture armel \
+RUN echo 'deb https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_10/ /' > /etc/apt/sources.list.d/criu.list \
+    && wget -nv https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_10/Release.key -O- | apt-key add - \
+    && echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_10/ /' > /etc/apt/sources.list.d/skopeo.list \
+    && wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/Debian_10/Release.key -O- | apt-key add - \
+    && dpkg --add-architecture armel \
     && dpkg --add-architecture armhf \
     && dpkg --add-architecture arm64 \
     && dpkg --add-architecture ppc64el \
     && apt-get update \
     && apt-get install -y --no-install-recommends \
         build-essential \
+        criu \
         crossbuild-essential-arm64 \
         crossbuild-essential-armel \
         crossbuild-essential-armhf \
@@ -21,12 +25,6 @@ RUN dpkg --add-architecture armel \
         iptables \
         jq \
         kmod \
-        libaio-dev \
-        libcap-dev \
-        libnet-dev \
-        libnl-3-dev \
-        libprotobuf-c-dev \
-        libprotobuf-dev \
         libseccomp-dev \
         libseccomp-dev:arm64 \
         libseccomp-dev:armel \
@@ -34,13 +32,12 @@ RUN dpkg --add-architecture armel \
         libseccomp-dev:ppc64el \
         libseccomp2 \
         pkg-config \
-        protobuf-c-compiler \
-        protobuf-compiler \
         python-minimal \
+        skopeo \
         sudo \
         uidmap \
     && apt-get clean \
-    && rm -rf /var/cache/apt /var/lib/apt/lists/*;
+    && rm -rf /var/cache/apt /var/lib/apt/lists/* /etc/apt/sources.list.d/*.list
 
 # Add a dummy user for the rootless integration tests. While runC does
 # not require an entry in /etc/passwd to operate, one of the tests uses
@@ -57,25 +54,6 @@ RUN cd /tmp \
     && ./install.sh /usr/local \
     && rm -rf /tmp/bats-core
 
-# install criu
-ARG CRIU_VERSION
-RUN mkdir -p /usr/src/criu \
-    && curl -fsSL https://github.com/checkpoint-restore/criu/archive/${CRIU_VERSION}.tar.gz | tar -C /usr/src/criu/ -xz --strip-components=1 \
-    && cd /usr/src/criu \
-    && echo 1 > .gitid \
-    && make -j $(nproc) install-criu \
-    && cd - \
-    && rm -rf /usr/src/criu
-
-# install skopeo
-RUN echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_10/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list \
-    && wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/Debian_10/Release.key -O- | sudo apt-key add - \
-    && apt-get update \
-    && apt-get install -y --no-install-recommends skopeo \
-    && rm -rf /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list \
-    && apt-get clean \
-    && rm -rf /var/cache/apt /var/lib/apt/lists/*;
-
 # install umoci
 RUN curl -o /usr/local/bin/umoci -fsSL https://github.com/opencontainers/umoci/releases/download/v0.4.5/umoci.amd64 \
     && chmod +x /usr/local/bin/umoci

From f15c4cca2cd2200e66833da902ade74a9215234b Mon Sep 17 00:00:00 2001
From: Kir Kolyshkin <kolyshkin@gmail.com>
Date: Tue, 1 Dec 2020 16:19:38 -0800
Subject: [PATCH 2/3] Update umoci to 0.4.6

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
---
 Dockerfile           | 4 +++-
 Vagrantfile.centos7  | 3 ++-
 Vagrantfile.fedora33 | 3 ++-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index f3d58f89a4b..08c6e5dc282 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,6 @@
 ARG GO_VERSION=1.15
 ARG BATS_VERSION=v1.2.0
+ARG UMOCI_VERSION=v0.4.6
 
 FROM golang:${GO_VERSION}-buster
 ARG DEBIAN_FRONTEND=noninteractive
@@ -55,7 +56,8 @@ RUN cd /tmp \
     && rm -rf /tmp/bats-core
 
 # install umoci
-RUN curl -o /usr/local/bin/umoci -fsSL https://github.com/opencontainers/umoci/releases/download/v0.4.5/umoci.amd64 \
+ARG UMOCI_VERSION
+RUN curl -o /usr/local/bin/umoci -fsSL https://github.com/opencontainers/umoci/releases/download/${UMOCI_VERSION}/umoci.amd64 \
     && chmod +x /usr/local/bin/umoci
 
 COPY script/tmpmount /
diff --git a/Vagrantfile.centos7 b/Vagrantfile.centos7
index 75b74766ccf..f6f6d204eb5 100644
--- a/Vagrantfile.centos7
+++ b/Vagrantfile.centos7
@@ -17,6 +17,7 @@ Vagrant.configure("2") do |config|
     # configuration
     GO_VERSION="1.15"
     BATS_VERSION="v1.2.0"
+    UMOCI_VERSION="v0.4.6"
 
     # install yum packages
     yum install -y -q epel-release
@@ -28,7 +29,7 @@ Vagrant.configure("2") do |config|
     curl -fsSL "https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz" | tar Cxz /usr/local
 
     # Install umoci
-    curl -o /usr/local/bin/umoci -fsSL https://github.com/opencontainers/umoci/releases/download/v0.4.5/umoci.amd64
+    curl -o /usr/local/bin/umoci -fsSL https://github.com/opencontainers/umoci/releases/download/${UMOCI_VERSION}/umoci.amd64
     chmod +x /usr/local/bin/umoci
 
     # install bats
diff --git a/Vagrantfile.fedora33 b/Vagrantfile.fedora33
index 6e4a63145fb..a32bed4a07e 100644
--- a/Vagrantfile.fedora33
+++ b/Vagrantfile.fedora33
@@ -37,7 +37,8 @@ EOF
     chown -R rootless.rootless /home/rootless
 
     # Install umoci
-    curl -o /usr/local/bin/umoci -fsSL https://github.com/opencontainers/umoci/releases/download/v0.4.5/umoci.amd64
+    UMOCI_VERSION=v0.4.6
+    curl -o /usr/local/bin/umoci -fsSL https://github.com/opencontainers/umoci/releases/download/${UMOCI_VERSION}/umoci.amd64
     chmod +x /usr/local/bin/umoci
 
     # Add busybox for libcontainer/integration tests

From be56333fff500f146b6be5f118869581ca12e9ca Mon Sep 17 00:00:00 2001
From: Kir Kolyshkin <kolyshkin@gmail.com>
Date: Tue, 1 Dec 2020 16:41:46 -0800
Subject: [PATCH 3/3] bats: update to 1.2.1

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
---
 Dockerfile          | 2 +-
 Vagrantfile.centos7 | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 08c6e5dc282..bb22f4d8fdb 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 ARG GO_VERSION=1.15
-ARG BATS_VERSION=v1.2.0
+ARG BATS_VERSION=v1.2.1
 ARG UMOCI_VERSION=v0.4.6
 
 FROM golang:${GO_VERSION}-buster
diff --git a/Vagrantfile.centos7 b/Vagrantfile.centos7
index f6f6d204eb5..29fd9b1be12 100644
--- a/Vagrantfile.centos7
+++ b/Vagrantfile.centos7
@@ -16,7 +16,7 @@ Vagrant.configure("2") do |config|
 
     # configuration
     GO_VERSION="1.15"
-    BATS_VERSION="v1.2.0"
+    BATS_VERSION="v1.2.1"
     UMOCI_VERSION="v0.4.6"
 
     # install yum packages