Changes

Dockerfile: use DEBIAN_FRONTEND=noninteractive
Using a build-arg so that we don't have to specify it for each
`apt-get install`, and to preserve that the `DEBIAN_FRONTEND` is 
preserved in the image itself (which changes the default behavior, and
can be surprising if the image is run interactively).`
With this patch, some (harmless, but possibly confusing) errors are no
longer printed during build, for example:
```patch
Unpacking libgcc1:armhf (1:6.3.0-18+deb9u1) ...
Selecting previously unselected package libc6:armhf.
Preparing to unpack .../04-libc6_2.24-11+deb9u4_armhf.deb ...
-debconf: unable to initialize frontend: Dialog
-debconf: (TERM is not set, so the dialog frontend is not usable.)
-debconf: falling back to frontend: Readline
Unpacking libc6:armhf (2.24-11+deb9u4) ...
Selecting previously unselected package libgcc1:arm64.
Preparing to unpack .../05-libgcc1_1%3a6.3.0-18+deb9u1_arm64.deb ...
Unpacking libgcc1:arm64 (1:6.3.0-18+deb9u1) ...
Selecting previously unselected package libc6:arm64.
Preparing to unpack .../06-libc6_2.24-11+deb9u4_arm64.deb ...
-debconf: unable to initialize frontend: Dialog
-debconf: (TERM is not set, so the dialog frontend is not usable.)
-debconf: falling back to frontend: Readline
```
Looks like some output is now also printed on stdout instead of stderr
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

Jenkinsfile: move static and cross compilation to unit-validate stage
Signed-off-by: Tibor Vass <tibor@docker.com>

hack: unmount leftover daemon root folders
Signed-off-by: Tibor Vass <tibor@docker.com>

Jenkinsfile: reduce time of integration tests by dividing tests into 3
parallel runs
Signed-off-by: Tibor Vass <tibor@docker.com>

add powerpc-master stage to Jenkinsfile
The powerpc-master stage will just run the integration-cli tests. The 
existing powerpc stage will run the unit tests and the integration 
tests. In this way, PR check jobs will be shorter, but all integration 
tests will run after PR is merged to master.
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>

add z-master stage to Jenkinsfile
The z-master stage will just run the integration-cli tests. The existing
z stage will run the unit tests and the integration tests. In this way,
PR check jobs will be shorter, but all integration tests will run after
PR is merged to master.
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>

set timeouts in Jenkinsfile to 2 hrs
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>

use environment for power jobs in Jenkinsfile
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>

use environment for z jobs in Jenkinsfile
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>

be more lenient on junit report gathering in Jenkinsfile
In case a job fails before even generating a report file.
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>

rename z bundles in Jenkinsfile
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>

rename powerpc bundles in Jenkinsfile
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>

fix bundles filenames in Jenkinsfile
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>

fix some spelling mistakes
Signed-off-by: SataQiu <qiushida@beyondcent.com>

Jenkinsfile: send junit.xml in the stage that produced it
This will send the results directly after the tests complete, and make
the stage more atomic.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

Jenkinsfile: collect junit.xml for all architectures
Jenkins groups them per stage, so collecting them for all architectures 
is possible (without them conflicting or becoming ambiguous)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

Bump golang 1.12.8 (CVE-2019-9512, CVE-2019-9514)
go1.12.8 (released 2019/08/13) includes security fixes to the net/http
and net/url packages. See the Go 1.12.8 milestone on our issue tracker
for details:
https://github.com/golang/go/issues?q=milestone%3AGo1.12.8
- net/http: Denial of Service vulnerabilities in the HTTP/2
implementation
 net/http and golang.org/x/net/http2 servers that accept direct
connections from untrusted
 clients could be remotely made to allocate an unlimited amount of
memory, until the program
 crashes. Servers will now close connections if the send queue
accumulates too many control
 messages.
 The issues are CVE-2019-9512 and CVE-2019-9514, and Go issue
golang.org/issue/33606.
 Thanks to Jonathan Looney from Netflix for discovering and reporting
these issues.
 This is also fixed in version v0.0.0-20190813141303-74dc4d7220e7 of
golang.org/x/net/http2.
 net/url: parsing validation issue
- url.Parse would accept URLs with malformed hosts, such that the Host
field could have arbitrary
 suffixes that would appear in neither Hostname() nor Port(), allowing
authorization bypasses
 in certain applications. Note that URLs with invalid, not numeric ports
will now return an error
 from url.Parse.
 The issue is CVE-2019-14809 and Go issue golang.org/issue/29098.
 Thanks to Julian Hector and Nikolai Krein from Cure53, and Adi Cohen
(adico.me) for discovering
 and reporting this issue.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

Adjust tests for changes in Go 1.12.8 / 1.11.13
``` 00:38:11 === Failed 00:38:11 === FAIL: opts
TestParseDockerDaemonHost (0.00s) 00:38:11     hosts_test.go:87: tcp
tcp:a.b.c.d address expected error "Invalid bind address format:
tcp:a.b.c.d" return, got "parse tcp://tcp:a.b.c.d: invalid port
\":a.b.c.d\" after host" and addr 00:38:11     hosts_test.go:87: tcp
tcp:a.b.c.d/path address expected error "Invalid bind address format:
tcp:a.b.c.d/path" return, got "parse tcp://tcp:a.b.c.d/path: invalid
port \":a.b.c.d\" after host" and addr 00:38:11 00:38:11 === FAIL: opts
TestParseTCP (0.00s) 00:38:11     hosts_test.go:129: tcp tcp:a.b.c.d
address expected error Invalid bind address format: tcp:a.b.c.d return,
got parse tcp://tcp:a.b.c.d: invalid port ":a.b.c.d" after host and addr 
00:38:11     hosts_test.go:129: tcp tcp:a.b.c.d/path address expected
error Invalid bind address format: tcp:a.b.c.d/path return, got parse
tcp://tcp:a.b.c.d/path: invalid port ":a.b.c.d" after host and addr
```
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

Dockerfile: update CRIU to v3.12
New features
- build CRIU with Android NDK
- C/R of
 - IP RAW sockets
 - lsm: dump and restore any SELinux process label
 - support restoring ghost files on readonly mounts
Bugfixes
 - Do not lock network if running in the host network namespace
- Fix RPC configuration file handling
- util: don't leak file descriptors to third-party tools
- small fixes here and there
Improvements
- travis: switch to the Ubuntu Xenial
- travis-ci: Enable ia32 tests
- Many improvements and bug fixes in the libcriu
 - Changes in the API and ABI (SONAME increased from 1 to 2)
full diff:
https://github.com/checkpoint-restore/criu/compare/v3.11...v3.12
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

docker-py: fix linting issues reported by shellcheck
- SC2006: use $(...) notation instead of legacy backticked `...`
- SC2086: double quote to prevent globbing and word splitting
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

docker-py: run without tty to disable color output
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

docker-py: use --mount for bind-mounting docker.sock
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

docker-py: output junit.xml for test-results
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

Jenkinsfile: build dynamic binary for docker-py, to match makefile
This also makes sure that we can test all functionality of the daemon,
because some features are not available on static binaries.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

Jenkinsfile: save docker-py artifacts
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>