github.com/containerd/nerdctl/v2@v2.0.0-beta.5.0.20240520001846-b5758f54fa28/Dockerfile (about) 1 # Copyright The containerd Authors. 2 3 # Licensed under the Apache License, Version 2.0 (the "License"); 4 # you may not use this file except in compliance with the License. 5 # You may obtain a copy of the License at 6 7 # http://www.apache.org/licenses/LICENSE-2.0 8 9 # Unless required by applicable law or agreed to in writing, software 10 # distributed under the License is distributed on an "AS IS" BASIS, 11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 # See the License for the specific language governing permissions and 13 # limitations under the License. 14 15 # ----------------------------------------------------------------------------- 16 # Usage: `docker run -it --privileged <IMAGE>`. Make sure to add `-t` and `--privileged`. 17 18 # TODO: verify commit hash 19 20 # Basic deps 21 ARG CONTAINERD_VERSION=v1.7.16 22 ARG RUNC_VERSION=v1.1.12 23 ARG CNI_PLUGINS_VERSION=v1.4.1 24 25 # Extra deps: Build 26 ARG BUILDKIT_VERSION=v0.13.2 27 # Extra deps: Lazy-pulling 28 ARG STARGZ_SNAPSHOTTER_VERSION=v0.15.1 29 # Extra deps: Encryption 30 ARG IMGCRYPT_VERSION=v1.1.10 31 # Extra deps: Rootless 32 ARG ROOTLESSKIT_VERSION=v2.1.0 33 ARG SLIRP4NETNS_VERSION=v1.3.0 34 # Extra deps: bypass4netns 35 ARG BYPASS4NETNS_VERSION=v0.4.1 36 # Extra deps: FUSE-OverlayFS 37 ARG FUSE_OVERLAYFS_VERSION=v1.13 38 ARG CONTAINERD_FUSE_OVERLAYFS_VERSION=v1.0.8 39 # Extra deps: IPFS 40 ARG KUBO_VERSION=v0.27.0 41 # Extra deps: Init 42 ARG TINI_VERSION=v0.19.0 43 # Extra deps: Debug 44 ARG BUILDG_VERSION=v0.4.1 45 46 # Test deps 47 ARG GO_VERSION=1.22 48 ARG UBUNTU_VERSION=22.04 49 ARG CONTAINERIZED_SYSTEMD_VERSION=v0.1.1 50 ARG GOTESTSUM_VERSION=v1.11.0 51 ARG NYDUS_VERSION=v2.2.4 52 ARG SOCI_SNAPSHOTTER_VERSION=0.4.0 53 54 FROM --platform=$BUILDPLATFORM tonistiigi/xx:1.4.0 AS xx 55 56 57 FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-bullseye AS build-base-debian 58 COPY --from=xx / / 59 ENV DEBIAN_FRONTEND=noninteractive 60 RUN apt-get update && \ 61 apt-get install -y git pkg-config dpkg-dev 62 ARG TARGETARCH 63 # libbtrfs: for containerd 64 # libseccomp: for runc and bypass4netns 65 RUN xx-apt-get update && \ 66 xx-apt-get install -y binutils gcc libc6-dev libbtrfs-dev libseccomp-dev 67 68 # runc still requires Go 1.21 69 # https://github.com/opencontainers/runc/issues/4233 70 FROM --platform=$BUILDPLATFORM golang:1.21-bullseye AS build-base-debian-go121 71 COPY --from=xx / / 72 ENV DEBIAN_FRONTEND=noninteractive 73 RUN apt-get update && \ 74 apt-get install -y git pkg-config dpkg-dev 75 ARG TARGETARCH 76 # libseccomp: for runc 77 RUN xx-apt-get update && \ 78 xx-apt-get install -y binutils gcc libc6-dev libseccomp-dev 79 80 FROM build-base-debian AS build-containerd 81 ARG TARGETARCH 82 ARG CONTAINERD_VERSION 83 RUN git clone https://github.com/containerd/containerd.git /go/src/github.com/containerd/containerd 84 WORKDIR /go/src/github.com/containerd/containerd 85 RUN git checkout ${CONTAINERD_VERSION} && \ 86 mkdir -p /out /out/$TARGETARCH && \ 87 cp -a containerd.service /out 88 RUN GO=xx-go make STATIC=1 && \ 89 cp -a bin/containerd bin/containerd-shim-runc-v2 bin/ctr /out/$TARGETARCH 90 91 # runc still requires Go 1.21 92 # https://github.com/opencontainers/runc/issues/4233 93 FROM build-base-debian-go121 AS build-runc 94 ARG RUNC_VERSION 95 ARG TARGETARCH 96 RUN git clone https://github.com/opencontainers/runc.git /go/src/github.com/opencontainers/runc 97 WORKDIR /go/src/github.com/opencontainers/runc 98 RUN git checkout ${RUNC_VERSION} && \ 99 mkdir -p /out 100 ENV CGO_ENABLED=1 101 RUN GO=xx-go make static && \ 102 xx-verify --static runc && cp -v -a runc /out/runc.${TARGETARCH} 103 104 FROM build-base-debian AS build-bypass4netns 105 ARG BYPASS4NETNS_VERSION 106 ARG TARGETARCH 107 RUN git clone https://github.com/rootless-containers/bypass4netns.git /go/src/github.com/rootless-containers/bypass4netns 108 WORKDIR /go/src/github.com/rootless-containers/bypass4netns 109 RUN git checkout ${BYPASS4NETNS_VERSION} && \ 110 mkdir -p /out/${TARGETARCH} 111 ENV CGO_ENABLED=1 112 RUN GO=xx-go make static && \ 113 xx-verify --static bypass4netns && cp -a bypass4netns bypass4netnsd /out/${TARGETARCH} 114 115 FROM build-base-debian AS build-kubo 116 ARG KUBO_VERSION 117 ARG TARGETARCH 118 RUN git clone https://github.com/ipfs/kubo.git /go/src/github.com/ipfs/kubo 119 WORKDIR /go/src/github.com/ipfs/kubo 120 RUN git checkout ${KUBO_VERSION} && \ 121 mkdir -p /out/${TARGETARCH} 122 ENV CGO_ENABLED=0 123 RUN xx-go --wrap && \ 124 make build && \ 125 xx-verify --static cmd/ipfs/ipfs && cp -a cmd/ipfs/ipfs /out/${TARGETARCH} 126 127 FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-alpine AS build-base 128 RUN apk add --no-cache make git curl 129 COPY . /go/src/github.com/containerd/nerdctl 130 WORKDIR /go/src/github.com/containerd/nerdctl 131 132 FROM build-base AS build-minimal 133 RUN BINDIR=/out/bin make binaries install 134 # We do not set CMD to `go test` here, because it requires systemd 135 136 FROM build-base AS build-full 137 ARG TARGETARCH 138 ENV GOARCH=${TARGETARCH} 139 RUN BINDIR=/out/bin make binaries install 140 WORKDIR /nowhere 141 COPY ./Dockerfile.d/SHA256SUMS.d/ /SHA256SUMS.d 142 COPY README.md /out/share/doc/nerdctl/ 143 COPY docs /out/share/doc/nerdctl/docs 144 RUN echo "${TARGETARCH:-amd64}" | sed -e s/amd64/x86_64/ -e s/arm64/aarch64/ | tee /target_uname_m 145 RUN mkdir -p /out/share/doc/nerdctl-full && \ 146 echo "# nerdctl (full distribution)" > /out/share/doc/nerdctl-full/README.md && \ 147 echo "- nerdctl: $(cd /go/src/github.com/containerd/nerdctl && git describe --tags)" >> /out/share/doc/nerdctl-full/README.md 148 ARG CONTAINERD_VERSION 149 COPY --from=build-containerd /out/${TARGETARCH:-amd64}/* /out/bin/ 150 COPY --from=build-containerd /out/containerd.service /out/lib/systemd/system/containerd.service 151 RUN echo "- containerd: ${CONTAINERD_VERSION}" >> /out/share/doc/nerdctl-full/README.md 152 ARG RUNC_VERSION 153 COPY --from=build-runc /out/runc.${TARGETARCH:-amd64} /out/bin/runc 154 RUN echo "- runc: ${RUNC_VERSION}" >> /out/share/doc/nerdctl-full/README.md 155 ARG CNI_PLUGINS_VERSION 156 RUN fname="cni-plugins-${TARGETOS:-linux}-${TARGETARCH:-amd64}-${CNI_PLUGINS_VERSION}.tgz" && \ 157 curl -o "${fname}" -fSL "https://github.com/containernetworking/plugins/releases/download/${CNI_PLUGINS_VERSION}/${fname}" && \ 158 grep "${fname}" "/SHA256SUMS.d/cni-plugins-${CNI_PLUGINS_VERSION}" | sha256sum -c && \ 159 mkdir -p /out/libexec/cni && \ 160 tar xzf "${fname}" -C /out/libexec/cni && \ 161 rm -f "${fname}" && \ 162 echo "- CNI plugins: ${CNI_PLUGINS_VERSION}" >> /out/share/doc/nerdctl-full/README.md 163 ARG BUILDKIT_VERSION 164 RUN fname="buildkit-${BUILDKIT_VERSION}.${TARGETOS:-linux}-${TARGETARCH:-amd64}.tar.gz" && \ 165 curl -o "${fname}" -fSL "https://github.com/moby/buildkit/releases/download/${BUILDKIT_VERSION}/${fname}" && \ 166 grep "${fname}" "/SHA256SUMS.d/buildkit-${BUILDKIT_VERSION}" | sha256sum -c && \ 167 tar xzf "${fname}" -C /out && \ 168 rm -f "${fname}" /out/bin/buildkit-qemu-* /out/bin/buildkit-cni-* /out/bin/buildkit-runc && \ 169 for f in /out/libexec/cni/*; do ln -s ../libexec/cni/$(basename $f) /out/bin/buildkit-cni-$(basename $f); done && \ 170 echo "- BuildKit: ${BUILDKIT_VERSION}" >> /out/share/doc/nerdctl-full/README.md 171 # NOTE: github.com/moby/buildkit/examples/systemd is not included in BuildKit v0.8.x, will be included in v0.9.x 172 RUN cd /out/lib/systemd/system && \ 173 sedcomm='s@bin/containerd@bin/buildkitd@g; s@(Description|Documentation)=.*@@' && \ 174 sed -E "${sedcomm}" containerd.service > buildkit.service && \ 175 echo "" >> buildkit.service && \ 176 echo "# This file was converted from containerd.service, with \`sed -E '${sedcomm}'\`" >> buildkit.service 177 ARG STARGZ_SNAPSHOTTER_VERSION 178 RUN fname="stargz-snapshotter-${STARGZ_SNAPSHOTTER_VERSION}-${TARGETOS:-linux}-${TARGETARCH:-amd64}.tar.gz" && \ 179 curl -o "${fname}" -fSL "https://github.com/containerd/stargz-snapshotter/releases/download/${STARGZ_SNAPSHOTTER_VERSION}/${fname}" && \ 180 curl -o "stargz-snapshotter.service" -fSL "https://raw.githubusercontent.com/containerd/stargz-snapshotter/${STARGZ_SNAPSHOTTER_VERSION}/script/config/etc/systemd/system/stargz-snapshotter.service" && \ 181 grep "${fname}" "/SHA256SUMS.d/stargz-snapshotter-${STARGZ_SNAPSHOTTER_VERSION}" | sha256sum -c - && \ 182 grep "stargz-snapshotter.service" "/SHA256SUMS.d/stargz-snapshotter-${STARGZ_SNAPSHOTTER_VERSION}" | sha256sum -c - && \ 183 tar xzf "${fname}" -C /out/bin && \ 184 rm -f "${fname}" /out/bin/stargz-store && \ 185 mv stargz-snapshotter.service /out/lib/systemd/system/stargz-snapshotter.service && \ 186 echo "- Stargz Snapshotter: ${STARGZ_SNAPSHOTTER_VERSION}" >> /out/share/doc/nerdctl-full/README.md 187 ARG IMGCRYPT_VERSION 188 RUN git clone https://github.com/containerd/imgcrypt.git /go/src/github.com/containerd/imgcrypt && \ 189 cd /go/src/github.com/containerd/imgcrypt && \ 190 git checkout "${IMGCRYPT_VERSION}" && \ 191 CGO_ENABLED=0 make && DESTDIR=/out make install && \ 192 echo "- imgcrypt: ${IMGCRYPT_VERSION}" >> /out/share/doc/nerdctl-full/README.md 193 ARG ROOTLESSKIT_VERSION 194 RUN fname="rootlesskit-$(cat /target_uname_m).tar.gz" && \ 195 curl -o "${fname}" -fSL "https://github.com/rootless-containers/rootlesskit/releases/download/${ROOTLESSKIT_VERSION}/${fname}" && \ 196 grep "${fname}" "/SHA256SUMS.d/rootlesskit-${ROOTLESSKIT_VERSION}" | sha256sum -c && \ 197 tar xzf "${fname}" -C /out/bin && \ 198 rm -f "${fname}" /out/bin/rootlesskit-docker-proxy && \ 199 echo "- RootlessKit: ${ROOTLESSKIT_VERSION}" >> /out/share/doc/nerdctl-full/README.md 200 ARG SLIRP4NETNS_VERSION 201 RUN fname="slirp4netns-$(cat /target_uname_m)" && \ 202 curl -o "${fname}" -fSL "https://github.com/rootless-containers/slirp4netns/releases/download/${SLIRP4NETNS_VERSION}/${fname}" && \ 203 grep "${fname}" "/SHA256SUMS.d/slirp4netns-${SLIRP4NETNS_VERSION}" | sha256sum -c && \ 204 mv "${fname}" /out/bin/slirp4netns && \ 205 chmod +x /out/bin/slirp4netns && \ 206 echo "- slirp4netns: ${SLIRP4NETNS_VERSION}" >> /out/share/doc/nerdctl-full/README.md 207 ARG BYPASS4NETNS_VERSION 208 COPY --from=build-bypass4netns /out/${TARGETARCH:-amd64}/* /out/bin/ 209 RUN echo "- bypass4netns: ${BYPASS4NETNS_VERSION}" >> /out/share/doc/nerdctl-full/README.md 210 ARG FUSE_OVERLAYFS_VERSION 211 RUN fname="fuse-overlayfs-$(cat /target_uname_m)" && \ 212 curl -o "${fname}" -fSL "https://github.com/containers/fuse-overlayfs/releases/download/${FUSE_OVERLAYFS_VERSION}/${fname}" && \ 213 grep "${fname}" "/SHA256SUMS.d/fuse-overlayfs-${FUSE_OVERLAYFS_VERSION}" | sha256sum -c && \ 214 mv "${fname}" /out/bin/fuse-overlayfs && \ 215 chmod +x /out/bin/fuse-overlayfs && \ 216 echo "- fuse-overlayfs: ${FUSE_OVERLAYFS_VERSION}" >> /out/share/doc/nerdctl-full/README.md 217 ARG CONTAINERD_FUSE_OVERLAYFS_VERSION 218 RUN fname="containerd-fuse-overlayfs-${CONTAINERD_FUSE_OVERLAYFS_VERSION/v}-${TARGETOS:-linux}-${TARGETARCH:-amd64}.tar.gz" && \ 219 curl -o "${fname}" -fSL "https://github.com/containerd/fuse-overlayfs-snapshotter/releases/download/${CONTAINERD_FUSE_OVERLAYFS_VERSION}/${fname}" && \ 220 grep "${fname}" "/SHA256SUMS.d/containerd-fuse-overlayfs-${CONTAINERD_FUSE_OVERLAYFS_VERSION}" | sha256sum -c && \ 221 tar xzf "${fname}" -C /out/bin && \ 222 rm -f "${fname}" && \ 223 echo "- containerd-fuse-overlayfs: ${CONTAINERD_FUSE_OVERLAYFS_VERSION}" >> /out/share/doc/nerdctl-full/README.md 224 ARG KUBO_VERSION 225 COPY --from=build-kubo /out/${TARGETARCH:-amd64}/* /out/bin/ 226 RUN echo "- Kubo (IPFS): ${KUBO_VERSION}" >> /out/share/doc/nerdctl-full/README.md 227 ARG TINI_VERSION 228 RUN fname="tini-static-${TARGETARCH:-amd64}" && \ 229 curl -o "${fname}" -fSL "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/${fname}" && \ 230 grep "${fname}" "/SHA256SUMS.d/tini-${TINI_VERSION}" | sha256sum -c && \ 231 cp -a "${fname}" /out/bin/tini && chmod +x /out/bin/tini && \ 232 echo "- Tini: ${TINI_VERSION}" >> /out/share/doc/nerdctl-full/README.md 233 ARG BUILDG_VERSION 234 RUN fname="buildg-${BUILDG_VERSION}-${TARGETOS:-linux}-${TARGETARCH:-amd64}.tar.gz" && \ 235 curl -o "${fname}" -fSL "https://github.com/ktock/buildg/releases/download/${BUILDG_VERSION}/${fname}" && \ 236 grep "${fname}" "/SHA256SUMS.d/buildg-${BUILDG_VERSION}" | sha256sum -c && \ 237 tar xzf "${fname}" -C /out/bin && \ 238 rm -f "${fname}" && \ 239 echo "- buildg: ${BUILDG_VERSION}" >> /out/share/doc/nerdctl-full/README.md 240 241 RUN echo "" >> /out/share/doc/nerdctl-full/README.md && \ 242 echo "## License" >> /out/share/doc/nerdctl-full/README.md && \ 243 echo "- bin/slirp4netns: [GNU GENERAL PUBLIC LICENSE, Version 2](https://github.com/rootless-containers/slirp4netns/blob/${SLIRP4NETNS_VERSION}/COPYING)" >> /out/share/doc/nerdctl-full/README.md && \ 244 echo "- bin/fuse-overlayfs: [GNU GENERAL PUBLIC LICENSE, Version 2](https://github.com/containers/fuse-overlayfs/blob/${FUSE_OVERLAYFS_VERSION}/COPYING)" >> /out/share/doc/nerdctl-full/README.md && \ 245 echo "- bin/ipfs: [Combination of MIT-only license and dual MIT/Apache-2.0 license](https://github.com/ipfs/kubo/blob/${KUBO_VERSION}/LICENSE)" >> /out/share/doc/nerdctl-full/README.md && \ 246 echo "- bin/{runc,bypass4netns,bypass4netnsd}: Apache License 2.0, statically linked with libseccomp ([LGPL 2.1](https://github.com/seccomp/libseccomp/blob/main/LICENSE), source code available at https://github.com/seccomp/libseccomp/)" >> /out/share/doc/nerdctl-full/README.md && \ 247 echo "- bin/tini: [MIT License](https://github.com/krallin/tini/blob/${TINI_VERSION}/LICENSE)" >> /out/share/doc/nerdctl-full/README.md && \ 248 echo "- Other files: [Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0)" >> /out/share/doc/nerdctl-full/README.md && \ 249 (cd /out && find ! -type d | sort | xargs sha256sum > /tmp/SHA256SUMS ) && \ 250 mv /tmp/SHA256SUMS /out/share/doc/nerdctl-full/SHA256SUMS && \ 251 chown -R 0:0 /out 252 253 FROM scratch AS out-full 254 COPY --from=build-full /out / 255 256 FROM ubuntu:${UBUNTU_VERSION} AS base 257 # fuse3 is required by stargz snapshotter 258 RUN apt-get update && \ 259 apt-get install -qq -y --no-install-recommends \ 260 apparmor \ 261 bash-completion \ 262 ca-certificates curl \ 263 iproute2 iptables \ 264 dbus dbus-user-session systemd systemd-sysv \ 265 fuse3 266 ARG CONTAINERIZED_SYSTEMD_VERSION 267 RUN curl -L -o /docker-entrypoint.sh https://raw.githubusercontent.com/AkihiroSuda/containerized-systemd/${CONTAINERIZED_SYSTEMD_VERSION}/docker-entrypoint.sh && \ 268 chmod +x /docker-entrypoint.sh 269 COPY --from=out-full / /usr/local/ 270 RUN perl -pi -e 's/multi-user.target/docker-entrypoint.target/g' /usr/local/lib/systemd/system/*.service && \ 271 systemctl enable containerd buildkit stargz-snapshotter && \ 272 mkdir -p /etc/bash_completion.d && \ 273 nerdctl completion bash >/etc/bash_completion.d/nerdctl && \ 274 mkdir -p -m 0755 /etc/cni 275 COPY ./Dockerfile.d/etc_containerd_config.toml /etc/containerd/config.toml 276 COPY ./Dockerfile.d/etc_buildkit_buildkitd.toml /etc/buildkit/buildkitd.toml 277 VOLUME /var/lib/containerd 278 VOLUME /var/lib/buildkit 279 VOLUME /var/lib/containerd-stargz-grpc 280 VOLUME /var/lib/nerdctl 281 ENTRYPOINT ["/docker-entrypoint.sh"] 282 CMD ["bash", "--login", "-i"] 283 284 # convert GO_VERSION=1.16 to the latest release such as "go1.16.1" 285 FROM golang:${GO_VERSION}-alpine AS goversion 286 RUN go env GOVERSION > /GOVERSION 287 288 FROM base AS test-integration 289 ARG DEBIAN_FRONTEND=noninteractive 290 # `expect` package contains `unbuffer(1)`, which is used for emulating TTY for testing 291 RUN apt-get update && \ 292 apt-get install -qq -y \ 293 expect git 294 COPY --from=goversion /GOVERSION /GOVERSION 295 ARG TARGETARCH 296 RUN curl -L https://golang.org/dl/$(cat /GOVERSION).linux-${TARGETARCH:-amd64}.tar.gz | tar xzvC /usr/local 297 ENV PATH=/usr/local/go/bin:$PATH 298 ARG GOTESTSUM_VERSION 299 RUN GOBIN=/usr/local/bin go install gotest.tools/gotestsum@${GOTESTSUM_VERSION} 300 COPY . /go/src/github.com/containerd/nerdctl 301 WORKDIR /go/src/github.com/containerd/nerdctl 302 VOLUME /tmp 303 ENV CGO_ENABLED=0 304 # copy cosign binary for integration test 305 COPY --from=gcr.io/projectsigstore/cosign:v2.2.3@sha256:8fc9cad121611e8479f65f79f2e5bea58949e8a87ffac2a42cb99cf0ff079ba7 /ko-app/cosign /usr/local/bin/cosign 306 # installing soci for integration test 307 ARG SOCI_SNAPSHOTTER_VERSION 308 RUN fname="soci-snapshotter-${SOCI_SNAPSHOTTER_VERSION}-${TARGETOS:-linux}-${TARGETARCH:-amd64}.tar.gz" && \ 309 curl -o "${fname}" -fSL "https://github.com/awslabs/soci-snapshotter/releases/download/v${SOCI_SNAPSHOTTER_VERSION}/${fname}" && \ 310 tar -C /usr/local/bin -xvf "${fname}" soci soci-snapshotter-grpc 311 # enable offline ipfs for integration test 312 COPY ./Dockerfile.d/test-integration-etc_containerd-stargz-grpc_config.toml /etc/containerd-stargz-grpc/config.toml 313 COPY ./Dockerfile.d/test-integration-ipfs-offline.service /usr/local/lib/systemd/system/ 314 COPY ./Dockerfile.d/test-integration-buildkit-nerdctl-test.service /usr/local/lib/systemd/system/ 315 COPY ./Dockerfile.d/test-integration-soci-snapshotter.service /usr/local/lib/systemd/system/ 316 RUN cp /usr/local/bin/tini /usr/local/bin/tini-custom 317 # using test integration containerd config 318 COPY ./Dockerfile.d/test-integration-etc_containerd_config.toml /etc/containerd/config.toml 319 # install ipfs service. avoid using 5001(api)/8080(gateway) which are reserved by tests. 320 RUN systemctl enable test-integration-ipfs-offline test-integration-buildkit-nerdctl-test test-integration-soci-snapshotter && \ 321 ipfs init && \ 322 ipfs config Addresses.API "/ip4/127.0.0.1/tcp/5888" && \ 323 ipfs config Addresses.Gateway "/ip4/127.0.0.1/tcp/5889" 324 # install nydus components 325 ARG NYDUS_VERSION 326 RUN curl -L -o nydus-static.tgz "https://github.com/dragonflyoss/image-service/releases/download/${NYDUS_VERSION}/nydus-static-${NYDUS_VERSION}-linux-${TARGETARCH}.tgz" && \ 327 tar xzf nydus-static.tgz && \ 328 mv nydus-static/nydus-image nydus-static/nydusd nydus-static/nydusify /usr/bin/ && \ 329 rm nydus-static.tgz 330 CMD ["gotestsum", "--format=testname", "--rerun-fails=2", "--packages=github.com/containerd/nerdctl/v2/cmd/nerdctl/...", \ 331 "--", "-timeout=30m", "-args", "-test.kill-daemon"] 332 333 FROM test-integration AS test-integration-rootless 334 # Install SSH for creating systemd user session. 335 # (`sudo` does not work for this purpose, 336 # OTOH `machinectl shell` can create the session but does not propagate exit code) 337 RUN apt-get update && \ 338 apt-get install -qq -y \ 339 uidmap \ 340 openssh-server openssh-client 341 # TODO: update containerized-systemd to enable sshd by default, or allow `systemctl wants <TARGET> sshd` here 342 RUN ssh-keygen -q -t rsa -f /root/.ssh/id_rsa -N '' && \ 343 useradd -m -s /bin/bash rootless && \ 344 mkdir -p -m 0700 /home/rootless/.ssh && \ 345 cp -a /root/.ssh/id_rsa.pub /home/rootless/.ssh/authorized_keys && \ 346 mkdir -p /home/rootless/.local/share && \ 347 chown -R rootless:rootless /home/rootless 348 COPY ./Dockerfile.d/etc_systemd_system_user@.service.d_delegate.conf /etc/systemd/system/user@.service.d/delegate.conf 349 # ipfs daemon for rootless containerd will be enabled in /test-integration-rootless.sh 350 RUN systemctl disable test-integration-ipfs-offline 351 VOLUME /home/rootless/.local/share 352 RUN go test -o /usr/local/bin/nerdctl.test -c ./cmd/nerdctl 353 COPY ./Dockerfile.d/test-integration-rootless.sh / 354 CMD ["/test-integration-rootless.sh", \ 355 "gotestsum", "--format=testname", "--rerun-fails=2", "--raw-command", \ 356 "--", "/usr/local/go/bin/go", "tool", "test2json", "-t", "-p", "github.com/containerd/nerdctl/v2/cmd/nerdctl", \ 357 "/usr/local/bin/nerdctl.test", "-test.v", "-test.timeout=30m", "-test.kill-daemon"] 358 359 # test for CONTAINERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER=slirp4netns 360 FROM test-integration-rootless AS test-integration-rootless-port-slirp4netns 361 COPY ./Dockerfile.d/home_rootless_.config_systemd_user_containerd.service.d_port-slirp4netns.conf /home/rootless/.config/systemd/user/containerd.service.d/port-slirp4netns.conf 362 RUN chown -R rootless:rootless /home/rootless/.config 363 364 FROM test-integration AS test-integration-ipv6 365 CMD ["gotestsum", "--format=testname", "--rerun-fails=2", "--packages=github.com/containerd/nerdctl/v2/cmd/nerdctl/...", \ 366 "--", "-timeout=30m", "-args", "-test.kill-daemon", "-test.ipv6"] 367 368 FROM base AS demo