github.com/containerd/nerdctl@v1.7.7/Dockerfile (about) 1 # Copyright The containerd Authors. 2 3 # Licensed under the Apache License, Version 2.0 (the "License"); 4 # you may not use this file except in compliance with the License. 5 # You may obtain a copy of the License at 6 7 # http://www.apache.org/licenses/LICENSE-2.0 8 9 # Unless required by applicable law or agreed to in writing, software 10 # distributed under the License is distributed on an "AS IS" BASIS, 11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 # See the License for the specific language governing permissions and 13 # limitations under the License. 14 15 # ----------------------------------------------------------------------------- 16 # Usage: `docker run -it --privileged <IMAGE>`. Make sure to add `-t` and `--privileged`. 17 18 # TODO: verify commit hash 19 20 # Basic deps 21 ARG CONTAINERD_VERSION=v1.7.22 22 ARG RUNC_VERSION=v1.1.14 23 ARG CNI_PLUGINS_VERSION=v1.5.1 24 25 # Extra deps: Build 26 ARG BUILDKIT_VERSION=v0.15.2 27 # Extra deps: Lazy-pulling 28 ARG STARGZ_SNAPSHOTTER_VERSION=v0.15.1 29 # Extra deps: Encryption 30 ARG IMGCRYPT_VERSION=v1.1.11 31 # Extra deps: Rootless 32 ARG ROOTLESSKIT_VERSION=v2.3.1 33 ARG SLIRP4NETNS_VERSION=v1.3.1 34 # Extra deps: bypass4netns 35 ARG BYPASS4NETNS_VERSION=v0.4.1 36 # Extra deps: FUSE-OverlayFS 37 ARG FUSE_OVERLAYFS_VERSION=v1.13 38 ARG CONTAINERD_FUSE_OVERLAYFS_VERSION=v1.0.8 39 # Extra deps: IPFS 40 ARG KUBO_VERSION=v0.29.0 41 # Extra deps: Init 42 ARG TINI_VERSION=v0.19.0 43 # Extra deps: Debug 44 ARG BUILDG_VERSION=v0.4.1 45 46 # Test deps 47 ARG GO_VERSION=1.23 48 ARG UBUNTU_VERSION=24.04 49 ARG CONTAINERIZED_SYSTEMD_VERSION=v0.1.1 50 ARG GOTESTSUM_VERSION=v1.12.0 51 ARG NYDUS_VERSION=v2.2.5 52 ARG SOCI_SNAPSHOTTER_VERSION=0.7.0 53 54 FROM --platform=$BUILDPLATFORM tonistiigi/xx:1.5.0 AS xx 55 56 57 FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-bookworm AS build-base-debian 58 COPY --from=xx / / 59 ENV DEBIAN_FRONTEND=noninteractive 60 RUN apt-get update && \ 61 apt-get install -y git pkg-config dpkg-dev 62 ARG TARGETARCH 63 # libbtrfs: for containerd 64 # libseccomp: for runc and bypass4netns 65 RUN xx-apt-get update && \ 66 xx-apt-get install -y binutils gcc libc6-dev libbtrfs-dev libseccomp-dev pkg-config 67 68 FROM build-base-debian AS build-containerd 69 ARG TARGETARCH 70 ARG CONTAINERD_VERSION 71 RUN git clone https://github.com/containerd/containerd.git /go/src/github.com/containerd/containerd 72 WORKDIR /go/src/github.com/containerd/containerd 73 RUN git checkout ${CONTAINERD_VERSION} && \ 74 mkdir -p /out /out/$TARGETARCH && \ 75 cp -a containerd.service /out 76 RUN GO=xx-go make STATIC=1 && \ 77 cp -a bin/containerd bin/containerd-shim-runc-v2 bin/ctr /out/$TARGETARCH 78 79 FROM build-base-debian AS build-runc 80 ARG RUNC_VERSION 81 ARG TARGETARCH 82 RUN git clone https://github.com/opencontainers/runc.git /go/src/github.com/opencontainers/runc 83 WORKDIR /go/src/github.com/opencontainers/runc 84 RUN git checkout ${RUNC_VERSION} && \ 85 mkdir -p /out 86 ENV CGO_ENABLED=1 87 RUN GO=xx-go make static && \ 88 xx-verify --static runc && cp -v -a runc /out/runc.${TARGETARCH} 89 90 FROM build-base-debian AS build-bypass4netns 91 ARG BYPASS4NETNS_VERSION 92 ARG TARGETARCH 93 RUN git clone https://github.com/rootless-containers/bypass4netns.git /go/src/github.com/rootless-containers/bypass4netns 94 WORKDIR /go/src/github.com/rootless-containers/bypass4netns 95 RUN git checkout ${BYPASS4NETNS_VERSION} && \ 96 mkdir -p /out/${TARGETARCH} 97 ENV CGO_ENABLED=1 98 RUN GO=xx-go make static && \ 99 xx-verify --static bypass4netns && cp -a bypass4netns bypass4netnsd /out/${TARGETARCH} 100 101 FROM build-base-debian AS build-kubo 102 ARG KUBO_VERSION 103 ARG TARGETARCH 104 RUN git clone https://github.com/ipfs/kubo.git /go/src/github.com/ipfs/kubo 105 WORKDIR /go/src/github.com/ipfs/kubo 106 RUN git checkout ${KUBO_VERSION} && \ 107 mkdir -p /out/${TARGETARCH} 108 ENV CGO_ENABLED=0 109 RUN xx-go --wrap && \ 110 make build && \ 111 xx-verify --static cmd/ipfs/ipfs && cp -a cmd/ipfs/ipfs /out/${TARGETARCH} 112 113 FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-alpine AS build-base 114 RUN apk add --no-cache make git curl 115 COPY . /go/src/github.com/containerd/nerdctl 116 WORKDIR /go/src/github.com/containerd/nerdctl 117 118 FROM build-base AS build-minimal 119 RUN BINDIR=/out/bin make binaries install 120 # We do not set CMD to `go test` here, because it requires systemd 121 122 FROM build-base AS build-full 123 ARG TARGETARCH 124 ENV GOARCH=${TARGETARCH} 125 RUN BINDIR=/out/bin make binaries install 126 WORKDIR /nowhere 127 COPY ./Dockerfile.d/SHA256SUMS.d/ /SHA256SUMS.d 128 COPY README.md /out/share/doc/nerdctl/ 129 COPY docs /out/share/doc/nerdctl/docs 130 RUN echo "${TARGETARCH:-amd64}" | sed -e s/amd64/x86_64/ -e s/arm64/aarch64/ | tee /target_uname_m 131 RUN mkdir -p /out/share/doc/nerdctl-full && \ 132 echo "# nerdctl (full distribution)" > /out/share/doc/nerdctl-full/README.md && \ 133 echo "- nerdctl: $(cd /go/src/github.com/containerd/nerdctl && git describe --tags)" >> /out/share/doc/nerdctl-full/README.md 134 ARG CONTAINERD_VERSION 135 COPY --from=build-containerd /out/${TARGETARCH:-amd64}/* /out/bin/ 136 COPY --from=build-containerd /out/containerd.service /out/lib/systemd/system/containerd.service 137 RUN echo "- containerd: ${CONTAINERD_VERSION}" >> /out/share/doc/nerdctl-full/README.md 138 ARG RUNC_VERSION 139 COPY --from=build-runc /out/runc.${TARGETARCH:-amd64} /out/bin/runc 140 RUN echo "- runc: ${RUNC_VERSION}" >> /out/share/doc/nerdctl-full/README.md 141 ARG CNI_PLUGINS_VERSION 142 RUN fname="cni-plugins-${TARGETOS:-linux}-${TARGETARCH:-amd64}-${CNI_PLUGINS_VERSION}.tgz" && \ 143 curl -o "${fname}" -fSL "https://github.com/containernetworking/plugins/releases/download/${CNI_PLUGINS_VERSION}/${fname}" && \ 144 grep "${fname}" "/SHA256SUMS.d/cni-plugins-${CNI_PLUGINS_VERSION}" | sha256sum -c && \ 145 mkdir -p /out/libexec/cni && \ 146 tar xzf "${fname}" -C /out/libexec/cni && \ 147 rm -f "${fname}" && \ 148 echo "- CNI plugins: ${CNI_PLUGINS_VERSION}" >> /out/share/doc/nerdctl-full/README.md 149 ARG BUILDKIT_VERSION 150 RUN fname="buildkit-${BUILDKIT_VERSION}.${TARGETOS:-linux}-${TARGETARCH:-amd64}.tar.gz" && \ 151 curl -o "${fname}" -fSL "https://github.com/moby/buildkit/releases/download/${BUILDKIT_VERSION}/${fname}" && \ 152 grep "${fname}" "/SHA256SUMS.d/buildkit-${BUILDKIT_VERSION}" | sha256sum -c && \ 153 tar xzf "${fname}" -C /out && \ 154 rm -f "${fname}" /out/bin/buildkit-qemu-* /out/bin/buildkit-runc && \ 155 echo "- BuildKit: ${BUILDKIT_VERSION}" >> /out/share/doc/nerdctl-full/README.md 156 # NOTE: github.com/moby/buildkit/examples/systemd is not included in BuildKit v0.8.x, will be included in v0.9.x 157 RUN cd /out/lib/systemd/system && \ 158 sedcomm='s@bin/containerd@bin/buildkitd@g; s@(Description|Documentation)=.*@@' && \ 159 sed -E "${sedcomm}" containerd.service > buildkit.service && \ 160 echo "" >> buildkit.service && \ 161 echo "# This file was converted from containerd.service, with \`sed -E '${sedcomm}'\`" >> buildkit.service 162 ARG STARGZ_SNAPSHOTTER_VERSION 163 RUN fname="stargz-snapshotter-${STARGZ_SNAPSHOTTER_VERSION}-${TARGETOS:-linux}-${TARGETARCH:-amd64}.tar.gz" && \ 164 curl -o "${fname}" -fSL "https://github.com/containerd/stargz-snapshotter/releases/download/${STARGZ_SNAPSHOTTER_VERSION}/${fname}" && \ 165 curl -o "stargz-snapshotter.service" -fSL "https://raw.githubusercontent.com/containerd/stargz-snapshotter/${STARGZ_SNAPSHOTTER_VERSION}/script/config/etc/systemd/system/stargz-snapshotter.service" && \ 166 grep "${fname}" "/SHA256SUMS.d/stargz-snapshotter-${STARGZ_SNAPSHOTTER_VERSION}" | sha256sum -c - && \ 167 grep "stargz-snapshotter.service" "/SHA256SUMS.d/stargz-snapshotter-${STARGZ_SNAPSHOTTER_VERSION}" | sha256sum -c - && \ 168 tar xzf "${fname}" -C /out/bin && \ 169 rm -f "${fname}" /out/bin/stargz-store && \ 170 mv stargz-snapshotter.service /out/lib/systemd/system/stargz-snapshotter.service && \ 171 echo "- Stargz Snapshotter: ${STARGZ_SNAPSHOTTER_VERSION}" >> /out/share/doc/nerdctl-full/README.md 172 ARG IMGCRYPT_VERSION 173 RUN git clone https://github.com/containerd/imgcrypt.git /go/src/github.com/containerd/imgcrypt && \ 174 cd /go/src/github.com/containerd/imgcrypt && \ 175 git checkout "${IMGCRYPT_VERSION}" && \ 176 CGO_ENABLED=0 make && DESTDIR=/out make install && \ 177 echo "- imgcrypt: ${IMGCRYPT_VERSION}" >> /out/share/doc/nerdctl-full/README.md 178 ARG ROOTLESSKIT_VERSION 179 RUN fname="rootlesskit-$(cat /target_uname_m).tar.gz" && \ 180 curl -o "${fname}" -fSL "https://github.com/rootless-containers/rootlesskit/releases/download/${ROOTLESSKIT_VERSION}/${fname}" && \ 181 grep "${fname}" "/SHA256SUMS.d/rootlesskit-${ROOTLESSKIT_VERSION}" | sha256sum -c && \ 182 tar xzf "${fname}" -C /out/bin && \ 183 rm -f "${fname}" /out/bin/rootlesskit-docker-proxy && \ 184 echo "- RootlessKit: ${ROOTLESSKIT_VERSION}" >> /out/share/doc/nerdctl-full/README.md 185 ARG SLIRP4NETNS_VERSION 186 RUN fname="slirp4netns-$(cat /target_uname_m)" && \ 187 curl -o "${fname}" -fSL "https://github.com/rootless-containers/slirp4netns/releases/download/${SLIRP4NETNS_VERSION}/${fname}" && \ 188 grep "${fname}" "/SHA256SUMS.d/slirp4netns-${SLIRP4NETNS_VERSION}" | sha256sum -c && \ 189 mv "${fname}" /out/bin/slirp4netns && \ 190 chmod +x /out/bin/slirp4netns && \ 191 echo "- slirp4netns: ${SLIRP4NETNS_VERSION}" >> /out/share/doc/nerdctl-full/README.md 192 ARG BYPASS4NETNS_VERSION 193 COPY --from=build-bypass4netns /out/${TARGETARCH:-amd64}/* /out/bin/ 194 RUN echo "- bypass4netns: ${BYPASS4NETNS_VERSION}" >> /out/share/doc/nerdctl-full/README.md 195 ARG FUSE_OVERLAYFS_VERSION 196 RUN fname="fuse-overlayfs-$(cat /target_uname_m)" && \ 197 curl -o "${fname}" -fSL "https://github.com/containers/fuse-overlayfs/releases/download/${FUSE_OVERLAYFS_VERSION}/${fname}" && \ 198 grep "${fname}" "/SHA256SUMS.d/fuse-overlayfs-${FUSE_OVERLAYFS_VERSION}" | sha256sum -c && \ 199 mv "${fname}" /out/bin/fuse-overlayfs && \ 200 chmod +x /out/bin/fuse-overlayfs && \ 201 echo "- fuse-overlayfs: ${FUSE_OVERLAYFS_VERSION}" >> /out/share/doc/nerdctl-full/README.md 202 ARG CONTAINERD_FUSE_OVERLAYFS_VERSION 203 RUN fname="containerd-fuse-overlayfs-${CONTAINERD_FUSE_OVERLAYFS_VERSION/v}-${TARGETOS:-linux}-${TARGETARCH:-amd64}.tar.gz" && \ 204 curl -o "${fname}" -fSL "https://github.com/containerd/fuse-overlayfs-snapshotter/releases/download/${CONTAINERD_FUSE_OVERLAYFS_VERSION}/${fname}" && \ 205 grep "${fname}" "/SHA256SUMS.d/containerd-fuse-overlayfs-${CONTAINERD_FUSE_OVERLAYFS_VERSION}" | sha256sum -c && \ 206 tar xzf "${fname}" -C /out/bin && \ 207 rm -f "${fname}" && \ 208 echo "- containerd-fuse-overlayfs: ${CONTAINERD_FUSE_OVERLAYFS_VERSION}" >> /out/share/doc/nerdctl-full/README.md 209 ARG KUBO_VERSION 210 COPY --from=build-kubo /out/${TARGETARCH:-amd64}/* /out/bin/ 211 RUN echo "- Kubo (IPFS): ${KUBO_VERSION}" >> /out/share/doc/nerdctl-full/README.md 212 ARG TINI_VERSION 213 RUN fname="tini-static-${TARGETARCH:-amd64}" && \ 214 curl -o "${fname}" -fSL "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/${fname}" && \ 215 grep "${fname}" "/SHA256SUMS.d/tini-${TINI_VERSION}" | sha256sum -c && \ 216 cp -a "${fname}" /out/bin/tini && chmod +x /out/bin/tini && \ 217 echo "- Tini: ${TINI_VERSION}" >> /out/share/doc/nerdctl-full/README.md 218 ARG BUILDG_VERSION 219 RUN fname="buildg-${BUILDG_VERSION}-${TARGETOS:-linux}-${TARGETARCH:-amd64}.tar.gz" && \ 220 curl -o "${fname}" -fSL "https://github.com/ktock/buildg/releases/download/${BUILDG_VERSION}/${fname}" && \ 221 grep "${fname}" "/SHA256SUMS.d/buildg-${BUILDG_VERSION}" | sha256sum -c && \ 222 tar xzf "${fname}" -C /out/bin && \ 223 rm -f "${fname}" && \ 224 echo "- buildg: ${BUILDG_VERSION}" >> /out/share/doc/nerdctl-full/README.md 225 226 RUN echo "" >> /out/share/doc/nerdctl-full/README.md && \ 227 echo "## License" >> /out/share/doc/nerdctl-full/README.md && \ 228 echo "- bin/slirp4netns: [GNU GENERAL PUBLIC LICENSE, Version 2](https://github.com/rootless-containers/slirp4netns/blob/${SLIRP4NETNS_VERSION}/COPYING)" >> /out/share/doc/nerdctl-full/README.md && \ 229 echo "- bin/fuse-overlayfs: [GNU GENERAL PUBLIC LICENSE, Version 2](https://github.com/containers/fuse-overlayfs/blob/${FUSE_OVERLAYFS_VERSION}/COPYING)" >> /out/share/doc/nerdctl-full/README.md && \ 230 echo "- bin/ipfs: [Combination of MIT-only license and dual MIT/Apache-2.0 license](https://github.com/ipfs/kubo/blob/${KUBO_VERSION}/LICENSE)" >> /out/share/doc/nerdctl-full/README.md && \ 231 echo "- bin/{runc,bypass4netns,bypass4netnsd}: Apache License 2.0, statically linked with libseccomp ([LGPL 2.1](https://github.com/seccomp/libseccomp/blob/main/LICENSE), source code available at https://github.com/seccomp/libseccomp/)" >> /out/share/doc/nerdctl-full/README.md && \ 232 echo "- bin/tini: [MIT License](https://github.com/krallin/tini/blob/${TINI_VERSION}/LICENSE)" >> /out/share/doc/nerdctl-full/README.md && \ 233 echo "- Other files: [Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0)" >> /out/share/doc/nerdctl-full/README.md && \ 234 (cd /out && find ! -type d | sort | xargs sha256sum > /tmp/SHA256SUMS ) && \ 235 mv /tmp/SHA256SUMS /out/share/doc/nerdctl-full/SHA256SUMS && \ 236 chown -R 0:0 /out 237 238 FROM scratch AS out-full 239 COPY --from=build-full /out / 240 241 FROM ubuntu:${UBUNTU_VERSION} AS base 242 # fuse3 is required by stargz snapshotter 243 RUN apt-get update && \ 244 apt-get install -qq -y --no-install-recommends \ 245 apparmor \ 246 bash-completion \ 247 ca-certificates curl \ 248 iproute2 iptables \ 249 dbus dbus-user-session systemd systemd-sysv \ 250 fuse3 251 ARG CONTAINERIZED_SYSTEMD_VERSION 252 RUN curl -L -o /docker-entrypoint.sh https://raw.githubusercontent.com/AkihiroSuda/containerized-systemd/${CONTAINERIZED_SYSTEMD_VERSION}/docker-entrypoint.sh && \ 253 chmod +x /docker-entrypoint.sh 254 COPY --from=out-full / /usr/local/ 255 RUN perl -pi -e 's/multi-user.target/docker-entrypoint.target/g' /usr/local/lib/systemd/system/*.service && \ 256 systemctl enable containerd buildkit stargz-snapshotter && \ 257 mkdir -p /etc/bash_completion.d && \ 258 nerdctl completion bash >/etc/bash_completion.d/nerdctl && \ 259 mkdir -p -m 0755 /etc/cni 260 COPY ./Dockerfile.d/etc_containerd_config.toml /etc/containerd/config.toml 261 COPY ./Dockerfile.d/etc_buildkit_buildkitd.toml /etc/buildkit/buildkitd.toml 262 VOLUME /var/lib/containerd 263 VOLUME /var/lib/buildkit 264 VOLUME /var/lib/containerd-stargz-grpc 265 VOLUME /var/lib/nerdctl 266 ENTRYPOINT ["/docker-entrypoint.sh"] 267 CMD ["bash", "--login", "-i"] 268 269 # convert GO_VERSION=1.16 to the latest release such as "go1.16.1" 270 FROM golang:${GO_VERSION}-alpine AS goversion 271 RUN go env GOVERSION > /GOVERSION 272 273 FROM base AS test-integration 274 ARG DEBIAN_FRONTEND=noninteractive 275 # `expect` package contains `unbuffer(1)`, which is used for emulating TTY for testing 276 RUN apt-get update && \ 277 apt-get install -qq -y \ 278 expect git 279 COPY --from=goversion /GOVERSION /GOVERSION 280 ARG TARGETARCH 281 RUN curl -L https://golang.org/dl/$(cat /GOVERSION).linux-${TARGETARCH:-amd64}.tar.gz | tar xzvC /usr/local 282 ENV PATH=/usr/local/go/bin:$PATH 283 ARG GOTESTSUM_VERSION 284 RUN GOBIN=/usr/local/bin go install gotest.tools/gotestsum@${GOTESTSUM_VERSION} 285 COPY . /go/src/github.com/containerd/nerdctl 286 WORKDIR /go/src/github.com/containerd/nerdctl 287 VOLUME /tmp 288 ENV CGO_ENABLED=0 289 # copy cosign binary for integration test 290 COPY --from=gcr.io/projectsigstore/cosign:v2.2.3@sha256:8fc9cad121611e8479f65f79f2e5bea58949e8a87ffac2a42cb99cf0ff079ba7 /ko-app/cosign /usr/local/bin/cosign 291 # installing soci for integration test 292 ARG SOCI_SNAPSHOTTER_VERSION 293 RUN fname="soci-snapshotter-${SOCI_SNAPSHOTTER_VERSION}-${TARGETOS:-linux}-${TARGETARCH:-amd64}.tar.gz" && \ 294 curl -o "${fname}" -fSL "https://github.com/awslabs/soci-snapshotter/releases/download/v${SOCI_SNAPSHOTTER_VERSION}/${fname}" && \ 295 tar -C /usr/local/bin -xvf "${fname}" soci soci-snapshotter-grpc 296 # enable offline ipfs for integration test 297 COPY ./Dockerfile.d/test-integration-etc_containerd-stargz-grpc_config.toml /etc/containerd-stargz-grpc/config.toml 298 COPY ./Dockerfile.d/test-integration-ipfs-offline.service /usr/local/lib/systemd/system/ 299 COPY ./Dockerfile.d/test-integration-buildkit-nerdctl-test.service /usr/local/lib/systemd/system/ 300 COPY ./Dockerfile.d/test-integration-soci-snapshotter.service /usr/local/lib/systemd/system/ 301 RUN cp /usr/local/bin/tini /usr/local/bin/tini-custom 302 # using test integration containerd config 303 COPY ./Dockerfile.d/test-integration-etc_containerd_config.toml /etc/containerd/config.toml 304 # install ipfs service. avoid using 5001(api)/8080(gateway) which are reserved by tests. 305 RUN systemctl enable test-integration-ipfs-offline test-integration-buildkit-nerdctl-test test-integration-soci-snapshotter && \ 306 ipfs init && \ 307 ipfs config Addresses.API "/ip4/127.0.0.1/tcp/5888" && \ 308 ipfs config Addresses.Gateway "/ip4/127.0.0.1/tcp/5889" 309 # install nydus components 310 ARG NYDUS_VERSION 311 RUN curl -L -o nydus-static.tgz "https://github.com/dragonflyoss/image-service/releases/download/${NYDUS_VERSION}/nydus-static-${NYDUS_VERSION}-linux-${TARGETARCH}.tgz" && \ 312 tar xzf nydus-static.tgz && \ 313 mv nydus-static/nydus-image nydus-static/nydusd nydus-static/nydusify /usr/bin/ && \ 314 rm nydus-static.tgz 315 CMD ["gotestsum", "--format=testname", "--rerun-fails=2", "--packages=github.com/containerd/nerdctl/cmd/nerdctl/...", \ 316 "--", "-timeout=30m", "-args", "-test.kill-daemon"] 317 318 FROM test-integration AS test-integration-rootless 319 # Install SSH for creating systemd user session. 320 # (`sudo` does not work for this purpose, 321 # OTOH `machinectl shell` can create the session but does not propagate exit code) 322 RUN apt-get update && \ 323 apt-get install -qq -y \ 324 uidmap \ 325 openssh-server openssh-client 326 # TODO: update containerized-systemd to enable sshd by default, or allow `systemctl wants <TARGET> ssh` here 327 RUN ssh-keygen -q -t rsa -f /root/.ssh/id_rsa -N '' && \ 328 useradd -m -s /bin/bash rootless && \ 329 mkdir -p -m 0700 /home/rootless/.ssh && \ 330 cp -a /root/.ssh/id_rsa.pub /home/rootless/.ssh/authorized_keys && \ 331 mkdir -p /home/rootless/.local/share && \ 332 chown -R rootless:rootless /home/rootless 333 COPY ./Dockerfile.d/etc_systemd_system_user@.service.d_delegate.conf /etc/systemd/system/user@.service.d/delegate.conf 334 # ipfs daemon for rootless containerd will be enabled in /test-integration-rootless.sh 335 RUN systemctl disable test-integration-ipfs-offline 336 VOLUME /home/rootless/.local/share 337 RUN go test -o /usr/local/bin/nerdctl.test -c ./cmd/nerdctl 338 COPY ./Dockerfile.d/test-integration-rootless.sh / 339 CMD ["/test-integration-rootless.sh", \ 340 "gotestsum", "--format=testname", "--rerun-fails=2", "--raw-command", \ 341 "--", "/usr/local/go/bin/go", "tool", "test2json", "-t", "-p", "github.com/containerd/nerdctl/cmd/nerdctl", \ 342 "/usr/local/bin/nerdctl.test", "-test.v", "-test.timeout=30m", "-test.kill-daemon"] 343 344 # test for CONTAINERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER=slirp4netns 345 FROM test-integration-rootless AS test-integration-rootless-port-slirp4netns 346 COPY ./Dockerfile.d/home_rootless_.config_systemd_user_containerd.service.d_port-slirp4netns.conf /home/rootless/.config/systemd/user/containerd.service.d/port-slirp4netns.conf 347 RUN chown -R rootless:rootless /home/rootless/.config 348 349 FROM test-integration AS test-integration-ipv6 350 CMD ["gotestsum", "--format=testname", "--rerun-fails=2", "--packages=github.com/containerd/nerdctl/cmd/nerdctl/...", \ 351 "--", "-timeout=30m", "-args", "-test.kill-daemon", "-test.ipv6"] 352 353 FROM base AS demo