github.com/demonoid81/moby@v0.0.0-20200517203328-62dd8e17c460/Dockerfile (about)

     1  # syntax=docker/dockerfile:1.1.7-experimental
     2  
     3  ARG CROSS="false"
     4  ARG SYSTEMD="false"
     5  # IMPORTANT: When updating this please note that stdlib archive/tar pkg is vendored
     6  ARG GO_VERSION=1.13.10
     7  ARG DEBIAN_FRONTEND=noninteractive
     8  ARG VPNKIT_VERSION=0.4.0
     9  ARG DOCKER_BUILDTAGS="apparmor seccomp selinux"
    10  ARG GOLANG_IMAGE="golang:${GO_VERSION}-buster"
    11  
    12  FROM ${GOLANG_IMAGE} AS base
    13  RUN echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache
    14  ARG APT_MIRROR
    15  RUN sed -ri "s/(httpredir|deb).debian.org/${APT_MIRROR:-deb.debian.org}/g" /etc/apt/sources.list \
    16   && sed -ri "s/(security).debian.org/${APT_MIRROR:-security.debian.org}/g" /etc/apt/sources.list
    17  ENV GO111MODULE=off
    18  
    19  FROM base AS criu
    20  ARG DEBIAN_FRONTEND
    21  # Install dependency packages specific to criu
    22  RUN --mount=type=cache,sharing=locked,id=moby-criu-aptlib,target=/var/lib/apt \
    23      --mount=type=cache,sharing=locked,id=moby-criu-aptcache,target=/var/cache/apt \
    24          apt-get update && apt-get install -y --no-install-recommends \
    25              libcap-dev \
    26              libnet-dev \
    27              libnl-3-dev \
    28              libprotobuf-c-dev \
    29              libprotobuf-dev \
    30              protobuf-c-compiler \
    31              protobuf-compiler \
    32              python-protobuf
    33  
    34  # Install CRIU for checkpoint/restore support
    35  ENV CRIU_VERSION 3.13
    36  RUN mkdir -p /usr/src/criu \
    37      && curl -sSL https://github.com/checkpoint-restore/criu/archive/v${CRIU_VERSION}.tar.gz | tar -C /usr/src/criu/ -xz --strip-components=1 \
    38      && cd /usr/src/criu \
    39      && make \
    40      && make PREFIX=/build/ install-criu
    41  
    42  FROM base AS registry
    43  WORKDIR /go/src/github.com/docker/distribution
    44  # Install two versions of the registry. The first one is a recent version that
    45  # supports both schema 1 and 2 manifests. The second one is an older version that
    46  # only supports schema1 manifests. This allows integration-cli tests to cover
    47  # push/pull with both schema1 and schema2 manifests.
    48  # The old version of the registry is not working on arm64, so installation is
    49  # skipped on that architecture.
    50  ENV REGISTRY_COMMIT_SCHEMA1 ec87e9b6971d831f0eff752ddb54fb64693e51cd
    51  ENV REGISTRY_COMMIT 47a064d4195a9b56133891bbb13620c3ac83a827
    52  RUN --mount=type=cache,target=/root/.cache/go-build \
    53      --mount=type=cache,target=/go/pkg/mod \
    54      --mount=type=tmpfs,target=/go/src/ \
    55          set -x \
    56          && git clone https://github.com/docker/distribution.git . \
    57          && git checkout -q "$REGISTRY_COMMIT" \
    58          && GOPATH="/go/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
    59             go build -buildmode=pie -o /build/registry-v2 github.com/docker/distribution/cmd/registry \
    60          && case $(dpkg --print-architecture) in \
    61                 amd64|armhf|ppc64*|s390x) \
    62                 git checkout -q "$REGISTRY_COMMIT_SCHEMA1"; \
    63                 GOPATH="/go/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH"; \
    64                     go build -buildmode=pie -o /build/registry-v2-schema1 github.com/docker/distribution/cmd/registry; \
    65                  ;; \
    66             esac
    67  
    68  FROM base AS swagger
    69  WORKDIR $GOPATH/src/github.com/go-swagger/go-swagger
    70  # Install go-swagger for validating swagger.yaml
    71  # This is https://github.com/kolyshkin/go-swagger/tree/golang-1.13-fix
    72  # TODO: move to under moby/ or fix upstream go-swagger to work for us.
    73  ENV GO_SWAGGER_COMMIT 5e6cb12f7c82ce78e45ba71fa6cb1928094db050
    74  RUN --mount=type=cache,target=/root/.cache/go-build \
    75      --mount=type=cache,target=/go/pkg/mod \
    76      --mount=type=tmpfs,target=/go/src/ \
    77          set -x \
    78          && git clone https://github.com/kolyshkin/go-swagger.git . \
    79          && git checkout -q "$GO_SWAGGER_COMMIT" \
    80          && go build -o /build/swagger github.com/go-swagger/go-swagger/cmd/swagger
    81  
    82  FROM base AS frozen-images
    83  ARG DEBIAN_FRONTEND
    84  RUN --mount=type=cache,sharing=locked,id=moby-frozen-images-aptlib,target=/var/lib/apt \
    85      --mount=type=cache,sharing=locked,id=moby-frozen-images-aptcache,target=/var/cache/apt \
    86         apt-get update && apt-get install -y --no-install-recommends \
    87             ca-certificates \
    88             jq
    89  # Get useful and necessary Hub images so we can "docker load" locally instead of pulling
    90  COPY contrib/download-frozen-image-v2.sh /
    91  RUN /download-frozen-image-v2.sh /build \
    92          buildpack-deps:jessie@sha256:dd86dced7c9cd2a724e779730f0a53f93b7ef42228d4344b25ce9a42a1486251 \
    93          busybox:latest@sha256:bbc3a03235220b170ba48a157dd097dd1379299370e1ed99ce976df0355d24f0 \
    94          busybox:glibc@sha256:0b55a30394294ab23b9afd58fab94e61a923f5834fba7ddbae7f8e0c11ba85e6 \
    95          debian:jessie@sha256:287a20c5f73087ab406e6b364833e3fb7b3ae63ca0eb3486555dc27ed32c6e60 \
    96          hello-world:latest@sha256:be0cd392e45be79ffeffa6b05338b98ebb16c87b255f48e297ec7f98e123905c
    97  # See also ensureFrozenImagesLinux() in "integration-cli/fixtures_linux_daemon_test.go" (which needs to be updated when adding images to this list)
    98  
    99  FROM base AS cross-false
   100  
   101  FROM --platform=linux/amd64 base AS cross-true
   102  ARG DEBIAN_FRONTEND
   103  RUN dpkg --add-architecture arm64
   104  RUN dpkg --add-architecture armel
   105  RUN dpkg --add-architecture armhf
   106  RUN --mount=type=cache,sharing=locked,id=moby-cross-true-aptlib,target=/var/lib/apt \
   107      --mount=type=cache,sharing=locked,id=moby-cross-true-aptcache,target=/var/cache/apt \
   108          apt-get update && apt-get install -y --no-install-recommends \
   109              crossbuild-essential-arm64 \
   110              crossbuild-essential-armel \
   111              crossbuild-essential-armhf
   112  
   113  FROM cross-${CROSS} as dev-base
   114  
   115  FROM dev-base AS runtime-dev-cross-false
   116  ARG DEBIAN_FRONTEND
   117  RUN --mount=type=cache,sharing=locked,id=moby-cross-false-aptlib,target=/var/lib/apt \
   118      --mount=type=cache,sharing=locked,id=moby-cross-false-aptcache,target=/var/cache/apt \
   119          apt-get update && apt-get install -y --no-install-recommends \
   120              binutils-mingw-w64 \
   121              g++-mingw-w64-x86-64 \
   122              libapparmor-dev \
   123              libbtrfs-dev \
   124              libdevmapper-dev \
   125              libseccomp-dev \
   126              libsystemd-dev \
   127              libudev-dev
   128  
   129  FROM --platform=linux/amd64 runtime-dev-cross-false AS runtime-dev-cross-true
   130  ARG DEBIAN_FRONTEND
   131  # These crossbuild packages rely on gcc-<arch>, but this doesn't want to install
   132  # on non-amd64 systems.
   133  # Additionally, the crossbuild-amd64 is currently only on debian:buster, so
   134  # other architectures cannnot crossbuild amd64.
   135  RUN --mount=type=cache,sharing=locked,id=moby-cross-true-aptlib,target=/var/lib/apt \
   136      --mount=type=cache,sharing=locked,id=moby-cross-true-aptcache,target=/var/cache/apt \
   137          apt-get update && apt-get install -y --no-install-recommends \
   138              libapparmor-dev:arm64 \
   139              libapparmor-dev:armel \
   140              libapparmor-dev:armhf \
   141              libseccomp-dev:arm64 \
   142              libseccomp-dev:armel \
   143              libseccomp-dev:armhf
   144  
   145  FROM runtime-dev-cross-${CROSS} AS runtime-dev
   146  
   147  FROM base AS tomlv
   148  ARG TOMLV_COMMIT
   149  RUN --mount=type=cache,target=/root/.cache/go-build \
   150      --mount=type=cache,target=/go/pkg/mod \
   151      --mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \
   152          PREFIX=/build /tmp/install/install.sh tomlv
   153  
   154  FROM base AS vndr
   155  ARG VNDR_COMMIT
   156  RUN --mount=type=cache,target=/root/.cache/go-build \
   157      --mount=type=cache,target=/go/pkg/mod \
   158      --mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \
   159          PREFIX=/build /tmp/install/install.sh vndr
   160  
   161  FROM dev-base AS containerd
   162  ARG DEBIAN_FRONTEND
   163  RUN --mount=type=cache,sharing=locked,id=moby-containerd-aptlib,target=/var/lib/apt \
   164      --mount=type=cache,sharing=locked,id=moby-containerd-aptcache,target=/var/cache/apt \
   165          apt-get update && apt-get install -y --no-install-recommends \
   166              libbtrfs-dev
   167  ARG CONTAINERD_COMMIT
   168  RUN --mount=type=cache,target=/root/.cache/go-build \
   169      --mount=type=cache,target=/go/pkg/mod \
   170      --mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \
   171          PREFIX=/build /tmp/install/install.sh containerd
   172  
   173  FROM dev-base AS proxy
   174  ARG LIBNETWORK_COMMIT
   175  RUN --mount=type=cache,target=/root/.cache/go-build \
   176      --mount=type=cache,target=/go/pkg/mod \
   177      --mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \
   178          PREFIX=/build /tmp/install/install.sh proxy
   179  
   180  FROM base AS golangci_lint
   181  ARG GOLANGCI_LINT_COMMIT
   182  RUN --mount=type=cache,target=/root/.cache/go-build \
   183      --mount=type=cache,target=/go/pkg/mod \
   184      --mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \
   185          PREFIX=/build /tmp/install/install.sh golangci_lint
   186  
   187  FROM base AS gotestsum
   188  ARG GOTESTSUM_COMMIT
   189  RUN --mount=type=cache,target=/root/.cache/go-build \
   190      --mount=type=cache,target=/go/pkg/mod \
   191      --mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \
   192          PREFIX=/build /tmp/install/install.sh gotestsum
   193  
   194  FROM base AS shfmt
   195  ARG SHFMT_COMMIT
   196  RUN --mount=type=cache,target=/root/.cache/go-build \
   197      --mount=type=cache,target=/go/pkg/mod \
   198      --mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \
   199          PREFIX=/build /tmp/install/install.sh shfmt
   200  
   201  FROM dev-base AS dockercli
   202  ARG DOCKERCLI_CHANNEL
   203  ARG DOCKERCLI_VERSION
   204  RUN --mount=type=cache,target=/root/.cache/go-build \
   205      --mount=type=cache,target=/go/pkg/mod \
   206      --mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \
   207          PREFIX=/build /tmp/install/install.sh dockercli
   208  
   209  FROM runtime-dev AS runc
   210  ARG RUNC_COMMIT
   211  ARG RUNC_BUILDTAGS
   212  RUN --mount=type=cache,target=/root/.cache/go-build \
   213      --mount=type=cache,target=/go/pkg/mod \
   214      --mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \
   215          PREFIX=/build /tmp/install/install.sh runc
   216  
   217  FROM dev-base AS tini
   218  ARG DEBIAN_FRONTEND
   219  ARG TINI_COMMIT
   220  RUN --mount=type=cache,sharing=locked,id=moby-tini-aptlib,target=/var/lib/apt \
   221      --mount=type=cache,sharing=locked,id=moby-tini-aptcache,target=/var/cache/apt \
   222          apt-get update && apt-get install -y --no-install-recommends \
   223              cmake \
   224              vim-common
   225  RUN --mount=type=cache,target=/root/.cache/go-build \
   226      --mount=type=cache,target=/go/pkg/mod \
   227      --mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \
   228          PREFIX=/build /tmp/install/install.sh tini
   229  
   230  FROM dev-base AS rootlesskit
   231  ARG ROOTLESSKIT_COMMIT
   232  RUN --mount=type=cache,target=/root/.cache/go-build \
   233      --mount=type=cache,target=/go/pkg/mod \
   234      --mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \
   235          PREFIX=/build /tmp/install/install.sh rootlesskit
   236  COPY ./contrib/dockerd-rootless.sh /build
   237  
   238  FROM djs55/vpnkit:${VPNKIT_VERSION} AS vpnkit
   239  
   240  # TODO: Some of this is only really needed for testing, it would be nice to split this up
   241  FROM runtime-dev AS dev-systemd-false
   242  ARG DEBIAN_FRONTEND
   243  RUN groupadd -r docker
   244  RUN useradd --create-home --gid docker unprivilegeduser \
   245   && mkdir -p /home/unprivilegeduser/.local/share/docker \
   246   && chown -R unprivilegeduser /home/unprivilegeduser
   247  # Let us use a .bashrc file
   248  RUN ln -sfv /go/src/github.com/demonoid81/moby/.bashrc ~/.bashrc
   249  # Activate bash completion and include Docker's completion if mounted with DOCKER_BASH_COMPLETION_PATH
   250  RUN echo "source /usr/share/bash-completion/bash_completion" >> /etc/bash.bashrc
   251  RUN ln -s /usr/local/completion/bash/docker /etc/bash_completion.d/docker
   252  RUN ldconfig
   253  # This should only install packages that are specifically needed for the dev environment and nothing else
   254  # Do you really need to add another package here? Can it be done in a different build stage?
   255  RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \
   256      --mount=type=cache,sharing=locked,id=moby-dev-aptcache,target=/var/cache/apt \
   257          apt-get update && apt-get install -y --no-install-recommends \
   258              apparmor \
   259              aufs-tools \
   260              bash-completion \
   261              bzip2 \
   262              iptables \
   263              jq \
   264              libcap2-bin \
   265              libnet1 \
   266              libnl-3-200 \
   267              libprotobuf-c1 \
   268              net-tools \
   269              pigz \
   270              python3-pip \
   271              python3-setuptools \
   272              python3-wheel \
   273              sudo \
   274              thin-provisioning-tools \
   275              uidmap \
   276              vim \
   277              vim-common \
   278              xfsprogs \
   279              xz-utils \
   280              zip
   281  
   282  
   283  # Switch to use iptables instead of nftables (to match the CI hosts)
   284  # TODO use some kind of runtime auto-detection instead if/when nftables is supported (https://github.com/moby/moby/issues/26824)
   285  RUN update-alternatives --set iptables  /usr/sbin/iptables-legacy  || true \
   286   && update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy || true \
   287   && update-alternatives --set arptables /usr/sbin/arptables-legacy || true
   288  
   289  RUN pip3 install yamllint==1.16.0
   290  
   291  COPY --from=dockercli     /build/ /usr/local/cli
   292  COPY --from=frozen-images /build/ /docker-frozen-images
   293  COPY --from=swagger       /build/ /usr/local/bin/
   294  COPY --from=tomlv         /build/ /usr/local/bin/
   295  COPY --from=tini          /build/ /usr/local/bin/
   296  COPY --from=registry      /build/ /usr/local/bin/
   297  COPY --from=criu          /build/ /usr/local/
   298  COPY --from=vndr          /build/ /usr/local/bin/
   299  COPY --from=gotestsum     /build/ /usr/local/bin/
   300  COPY --from=golangci_lint /build/ /usr/local/bin/
   301  COPY --from=shfmt         /build/ /usr/local/bin/
   302  COPY --from=runc          /build/ /usr/local/bin/
   303  COPY --from=containerd    /build/ /usr/local/bin/
   304  COPY --from=rootlesskit   /build/ /usr/local/bin/
   305  COPY --from=vpnkit        /vpnkit /usr/local/bin/vpnkit.x86_64
   306  COPY --from=proxy         /build/ /usr/local/bin/
   307  ENV PATH=/usr/local/cli:$PATH
   308  ARG DOCKER_BUILDTAGS
   309  ENV DOCKER_BUILDTAGS="${DOCKER_BUILDTAGS}"
   310  WORKDIR /go/src/github.com/demonoid81/moby
   311  VOLUME /var/lib/docker
   312  VOLUME /home/unprivilegeduser/.local/share/docker
   313  # Wrap all commands in the "docker-in-docker" script to allow nested containers
   314  ENTRYPOINT ["hack/dind"]
   315  
   316  FROM dev-systemd-false AS dev-systemd-true
   317  RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \
   318      --mount=type=cache,sharing=locked,id=moby-dev-aptcache,target=/var/cache/apt \
   319          apt-get update && apt-get install -y --no-install-recommends \
   320              dbus \
   321              dbus-user-session \
   322              systemd \
   323              systemd-sysv
   324  RUN mkdir -p hack \
   325    && curl -o hack/dind-systemd https://raw.githubusercontent.com/AkihiroSuda/containerized-systemd/b70bac0daeea120456764248164c21684ade7d0d/docker-entrypoint.sh \
   326    && chmod +x hack/dind-systemd
   327  ENTRYPOINT ["hack/dind-systemd"]
   328  
   329  FROM dev-systemd-${SYSTEMD} AS dev
   330  
   331  FROM runtime-dev AS binary-base
   332  ARG DOCKER_GITCOMMIT=HEAD
   333  ENV DOCKER_GITCOMMIT=${DOCKER_GITCOMMIT}
   334  ARG VERSION
   335  ENV VERSION=${VERSION}
   336  ARG PLATFORM
   337  ENV PLATFORM=${PLATFORM}
   338  ARG PRODUCT
   339  ENV PRODUCT=${PRODUCT}
   340  ARG DEFAULT_PRODUCT_LICENSE
   341  ENV DEFAULT_PRODUCT_LICENSE=${DEFAULT_PRODUCT_LICENSE}
   342  ARG DOCKER_BUILDTAGS
   343  ENV DOCKER_BUILDTAGS="${DOCKER_BUILDTAGS}"
   344  ENV PREFIX=/build
   345  # TODO: This is here because hack/make.sh binary copies these extras binaries
   346  # from $PATH into the bundles dir.
   347  # It would be nice to handle this in a different way.
   348  COPY --from=tini        /build/ /usr/local/bin/
   349  COPY --from=runc        /build/ /usr/local/bin/
   350  COPY --from=containerd  /build/ /usr/local/bin/
   351  COPY --from=rootlesskit /build/ /usr/local/bin/
   352  COPY --from=proxy       /build/ /usr/local/bin/
   353  COPY --from=vpnkit      /vpnkit /usr/local/bin/vpnkit.x86_64
   354  WORKDIR /go/src/github.com/demonoid81/moby
   355  
   356  FROM binary-base AS build-binary
   357  RUN --mount=type=cache,target=/root/.cache/go-build \
   358      --mount=type=bind,target=/go/src/github.com/demonoid81/moby \
   359          hack/make.sh binary
   360  
   361  FROM binary-base AS build-dynbinary
   362  RUN --mount=type=cache,target=/root/.cache/go-build \
   363      --mount=type=bind,target=/go/src/github.com/demonoid81/moby \
   364          hack/make.sh dynbinary
   365  
   366  FROM binary-base AS build-cross
   367  ARG DOCKER_CROSSPLATFORMS
   368  RUN --mount=type=cache,target=/root/.cache/go-build \
   369      --mount=type=bind,target=/go/src/github.com/demonoid81/moby \
   370      --mount=type=tmpfs,target=/go/src/github.com/demonoid81/moby/autogen \
   371          hack/make.sh cross
   372  
   373  FROM scratch AS binary
   374  COPY --from=build-binary /build/bundles/ /
   375  
   376  FROM scratch AS dynbinary
   377  COPY --from=build-dynbinary /build/bundles/ /
   378  
   379  FROM scratch AS cross
   380  COPY --from=build-cross /build/bundles/ /
   381  
   382  FROM dev AS final
   383  COPY . /go/src/github.com/demonoid81/moby