From b9b565e06884c33b5991a40d01526dc5154cf5ab Mon Sep 17 00:00:00 2001
From: Florian Eckert <fe@dev.tdt.de>
Date: Fri, 19 Jun 2020 13:17:32 +0200
Subject: [PATCH 1/4] docker-ce: add uci support for dockerd

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
---
 utils/docker-ce/Makefile                 |  7 ++++
 utils/docker-ce/files/dockerd.init       | 48 +++++++++++++++++++++++-
 utils/docker-ce/files/etc/config/dockerd |  7 ++++
 3 files changed, 61 insertions(+), 1 deletion(-)
 create mode 100644 utils/docker-ce/files/etc/config/dockerd

diff --git a/utils/docker-ce/Makefile b/utils/docker-ce/Makefile
index 43f51c688..ec09baa41 100644
--- a/utils/docker-ce/Makefile
+++ b/utils/docker-ce/Makefile
@@ -49,6 +49,10 @@ define Package/docker-ce
   MENU:=1
 endef
 
+define Package/docker-ce/conffiles
+/etc/config/dockerd
+endef
+
 define Package/docker-ce/description
   Docker Engine is used by millions enables containerized applications
   to run anywhere consistently on any infrastructure.
@@ -123,6 +127,9 @@ define Package/docker-ce/install
 	$(INSTALL_DIR) $(1)/etc/docker
 	$(INSTALL_CONF) ./files/daemon.json $(1)/etc/docker/
 
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_CONF) ./files/etc/config/dockerd $(1)/etc/config/dockerd
+
 	# Must be after systcl 11-br-netfilter.conf from kmod-br-netfilter
 	$(INSTALL_DIR) $(1)/etc/sysctl.d
 	$(INSTALL_DATA) ./files/etc/sysctl.d/sysctl-br-netfilter-ip.conf \
diff --git a/utils/docker-ce/files/dockerd.init b/utils/docker-ce/files/dockerd.init
index 5fc327ff6..3b77f1131 100644
--- a/utils/docker-ce/files/dockerd.init
+++ b/utils/docker-ce/files/dockerd.init
@@ -3,12 +3,58 @@
 USE_PROCD=1
 START=25
 
+DOCKERD_CONF="/tmp/dockerd/daemon.json"
+
+json_add_array_string() {
+	json_add_string "" "$1"
+}
+
+process_config() {
+	local alt_config_file data_root log_level
+
+	rm -f "$DOCKERD_CONF"
+
+	[ -f /etc/config/dockerd ] || {
+		# Use the daemon default configuration
+		DOCKERD_CONF=""
+		return 0
+	}
+
+	config_load 'dockerd'
+
+	config_get alt_config_file globals alt_config_file
+	[ -n "$alt_config_file" ] && [ -f "$alt_config_file" ] && {
+		ln -s "$alt_config_file" "$DOCKERD_CONF"
+		return 0
+	}
+
+	config_get data_root globals data_root "/opt/docker/"
+	config_get log_level globals log_level "warn"
+
+	. /usr/share/libubox/jshn.sh
+	json_init
+	json_add_string "data-root" "$data_root"
+	json_add_string "log-level" "$log_level"
+	json_add_array "registry-mirrors"
+	config_list_foreach globals registry_mirror json_add_array_string
+	json_close_array
+
+	mkdir -p /tmp/dockerd
+	json_dump > "$DOCKERD_CONF"
+}
+
 start_service() {
 	local nofile=$(cat /proc/sys/fs/nr_open)
 
+	process_config
+
 	procd_open_instance
 	procd_set_param stderr 1
-	procd_set_param command /usr/bin/dockerd
+	if [ -z "$DOCKERD_CONF" ]; then
+		procd_set_param command /usr/bin/dockerd
+	else
+		procd_set_param command /usr/bin/dockerd --config-file="$DOCKERD_CONF"
+	fi
 	procd_set_param limits nofile="${nofile} ${nofile}"
 	procd_close_instance
 }
diff --git a/utils/docker-ce/files/etc/config/dockerd b/utils/docker-ce/files/etc/config/dockerd
new file mode 100644
index 000000000..28f04829b
--- /dev/null
+++ b/utils/docker-ce/files/etc/config/dockerd
@@ -0,0 +1,7 @@
+
+config globals 'globals'
+#	option alt_config_file "/etc/docker/daemon.json"
+	option data_root "/opt/docker/"
+	option log_level "warn"
+#	list registry_mirror "https://<my-docker-mirror-host>"
+#	list registry_mirror "https://hub.docker.com"

From a3d8d7d997eba0a0fc7099fb8f24c9f49617bf6f Mon Sep 17 00:00:00 2001
From: Florian Eckert <fe@dev.tdt.de>
Date: Tue, 7 Jul 2020 15:01:23 +0200
Subject: [PATCH 2/4] docker-ce: remove obsulte docker default configuration
 file

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
---
 utils/docker-ce/Makefile          | 3 ---
 utils/docker-ce/files/daemon.json | 4 ----
 2 files changed, 7 deletions(-)
 delete mode 100644 utils/docker-ce/files/daemon.json

diff --git a/utils/docker-ce/Makefile b/utils/docker-ce/Makefile
index ec09baa41..51aac7197 100644
--- a/utils/docker-ce/Makefile
+++ b/utils/docker-ce/Makefile
@@ -124,9 +124,6 @@ define Package/docker-ce/install
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_BIN) ./files/dockerd.init $(1)/etc/init.d/dockerd
 
-	$(INSTALL_DIR) $(1)/etc/docker
-	$(INSTALL_CONF) ./files/daemon.json $(1)/etc/docker/
-
 	$(INSTALL_DIR) $(1)/etc/config
 	$(INSTALL_CONF) ./files/etc/config/dockerd $(1)/etc/config/dockerd
 
diff --git a/utils/docker-ce/files/daemon.json b/utils/docker-ce/files/daemon.json
deleted file mode 100644
index 53c03211f..000000000
--- a/utils/docker-ce/files/daemon.json
+++ /dev/null
@@ -1,4 +0,0 @@
-{
-    "data-root": "/opt/docker/",
-    "log-level": "warn"
-}

From 2407497230da42632135c4b7c0540d0f490acd56 Mon Sep 17 00:00:00 2001
From: Florian Eckert <fe@dev.tdt.de>
Date: Wed, 24 Jun 2020 09:25:50 +0200
Subject: [PATCH 3/4] docker-ce: cleanup firewall rules on service stop

Until now, the firewall rules from the dockerd were preserved after the
service was stopped. This is not nice. With this change the firewall rules
created by dockerd will be deleted when the dockerd service is stopped.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
---
 utils/docker-ce/files/dockerd.init | 33 ++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/utils/docker-ce/files/dockerd.init b/utils/docker-ce/files/dockerd.init
index 3b77f1131..a61dc89e8 100644
--- a/utils/docker-ce/files/dockerd.init
+++ b/utils/docker-ce/files/dockerd.init
@@ -58,3 +58,36 @@ start_service() {
 	procd_set_param limits nofile="${nofile} ${nofile}"
 	procd_close_instance
 }
+
+ip4tables_remove_nat() {
+	iptables -t nat -D OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
+	iptables -t nat -D PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
+
+	iptables -t nat -F DOCKER
+	iptables -t nat -X DOCKER
+}
+
+ip4tables_remove_filter() {
+	iptables -t filter -D FORWARD -j DOCKER-USER
+	iptables -t filter -D FORWARD -j DOCKER-ISOLATION-STAGE-1
+	iptables -t filter -D FORWARD -o docker0 -j DOCKER
+
+	iptables -t filter -F DOCKER
+	iptables -t filter -F DOCKER-ISOLATION-STAGE-1
+	iptables -t filter -F DOCKER-ISOLATION-STAGE-2
+	iptables -t filter -F DOCKER-USER
+
+	iptables -t filter -X DOCKER
+	iptables -t filter -X DOCKER-ISOLATION-STAGE-1
+	iptables -t filter -X DOCKER-ISOLATION-STAGE-2
+	iptables -t filter -X DOCKER-USER
+}
+
+ip4tables_remove() {
+	ip4tables_remove_nat
+	ip4tables_remove_filter
+}
+
+stop_service() {
+	ip4tables_remove
+}

From 7765f5c602c559c750e582207c51d32a4b6685b8 Mon Sep 17 00:00:00 2001
From: Florian Eckert <fe@dev.tdt.de>
Date: Fri, 19 Jun 2020 14:13:41 +0200
Subject: [PATCH 4/4] docker-ce: update PKG_RELEASE

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
---
 utils/docker-ce/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/utils/docker-ce/Makefile b/utils/docker-ce/Makefile
index 51aac7197..7ec7ce602 100644
--- a/utils/docker-ce/Makefile
+++ b/utils/docker-ce/Makefile
@@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=docker-ce
 PKG_VERSION:=19.03.12
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 PKG_LICENSE:=Apache-2.0
 PKG_LICENSE_FILES:=components/cli/LICENSE components/engine/LICENSE