github.com/devdivbcp/moby@v17.12.0-ce-rc1.0.20200726071732-2d4bfdc789ad+incompatible/Dockerfile (about) 1 # This file describes the standard way to build Docker, using docker 2 # 3 # Usage: 4 # 5 # # Use make to build a development environment image and run it in a container. 6 # # This is slow the first time. 7 # make BIND_DIR=. shell 8 # 9 # The following commands are executed inside the running container. 10 11 # # Make a dockerd binary. 12 # # hack/make.sh binary 13 # 14 # # Install dockerd to /usr/local/bin 15 # # make install 16 # 17 # # Run unit tests 18 # # hack/test/unit 19 # 20 # # Run tests e.g. integration, py 21 # # hack/make.sh binary test-integration test-docker-py 22 # 23 # Note: AppArmor used to mess with privileged mode, but this is no longer 24 # the case. Therefore, you don't have to disable it anymore. 25 # 26 27 ARG CROSS="false" 28 # IMPORTANT: When updating this please note that stdlib archive/tar pkg is vendored 29 ARG GO_VERSION=1.13.14 30 ARG DEBIAN_FRONTEND=noninteractive 31 ARG VPNKIT_DIGEST=e508a17cfacc8fd39261d5b4e397df2b953690da577e2c987a47630cd0c42f8e 32 33 FROM golang:${GO_VERSION}-buster AS base 34 ARG APT_MIRROR 35 RUN sed -ri "s/(httpredir|deb).debian.org/${APT_MIRROR:-deb.debian.org}/g" /etc/apt/sources.list \ 36 && sed -ri "s/(security).debian.org/${APT_MIRROR:-security.debian.org}/g" /etc/apt/sources.list 37 ENV GO111MODULE=off 38 39 FROM base AS criu 40 ARG DEBIAN_FRONTEND 41 # Install dependency packages specific to criu 42 RUN apt-get update && apt-get install -y --no-install-recommends \ 43 libcap-dev \ 44 libnet-dev \ 45 libnl-3-dev \ 46 libprotobuf-c-dev \ 47 libprotobuf-dev \ 48 protobuf-c-compiler \ 49 protobuf-compiler \ 50 python-protobuf \ 51 && rm -rf /var/lib/apt/lists/* 52 53 # Install CRIU for checkpoint/restore support 54 ARG CRIU_VERSION=3.14 55 RUN mkdir -p /usr/src/criu \ 56 && curl -sSL https://github.com/checkpoint-restore/criu/archive/v${CRIU_VERSION}.tar.gz | tar -C /usr/src/criu/ -xz --strip-components=1 \ 57 && cd /usr/src/criu \ 58 && make \ 59 && make PREFIX=/build/ install-criu 60 61 FROM base AS registry 62 # Install two versions of the registry. The first is an older version that 63 # only supports schema1 manifests. The second is a newer version that supports 64 # both. This allows integration-cli tests to cover push/pull with both schema1 65 # and schema2 manifests. 66 ENV REGISTRY_COMMIT_SCHEMA1 ec87e9b6971d831f0eff752ddb54fb64693e51cd 67 ENV REGISTRY_COMMIT 47a064d4195a9b56133891bbb13620c3ac83a827 68 RUN set -x \ 69 && export GOPATH="$(mktemp -d)" \ 70 && git clone https://github.com/docker/distribution.git "$GOPATH/src/github.com/docker/distribution" \ 71 && (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT") \ 72 && GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \ 73 go build -buildmode=pie -o /build/registry-v2 github.com/docker/distribution/cmd/registry \ 74 && case $(dpkg --print-architecture) in \ 75 amd64|ppc64*|s390x) \ 76 (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT_SCHEMA1"); \ 77 GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH"; \ 78 go build -buildmode=pie -o /build/registry-v2-schema1 github.com/docker/distribution/cmd/registry; \ 79 ;; \ 80 esac \ 81 && rm -rf "$GOPATH" 82 83 FROM base AS swagger 84 # Install go-swagger for validating swagger.yaml 85 # This is https://github.com/kolyshkin/go-swagger/tree/golang-1.13-fix 86 # TODO: move to under moby/ or fix upstream go-swagger to work for us. 87 ENV GO_SWAGGER_COMMIT 5793aa66d4b4112c2602c716516e24710e4adbb5 88 RUN set -x \ 89 && export GOPATH="$(mktemp -d)" \ 90 && git clone https://github.com/kolyshkin/go-swagger.git "$GOPATH/src/github.com/go-swagger/go-swagger" \ 91 && (cd "$GOPATH/src/github.com/go-swagger/go-swagger" && git checkout -q "$GO_SWAGGER_COMMIT") \ 92 && go build -o /build/swagger github.com/go-swagger/go-swagger/cmd/swagger \ 93 && rm -rf "$GOPATH" 94 95 FROM base AS frozen-images 96 ARG DEBIAN_FRONTEND 97 RUN apt-get update && apt-get install -y --no-install-recommends \ 98 ca-certificates \ 99 jq \ 100 && rm -rf /var/lib/apt/lists/* 101 # Get useful and necessary Hub images so we can "docker load" locally instead of pulling 102 COPY contrib/download-frozen-image-v2.sh / 103 RUN /download-frozen-image-v2.sh /build \ 104 buildpack-deps:jessie@sha256:dd86dced7c9cd2a724e779730f0a53f93b7ef42228d4344b25ce9a42a1486251 \ 105 busybox:latest@sha256:bbc3a03235220b170ba48a157dd097dd1379299370e1ed99ce976df0355d24f0 \ 106 busybox:glibc@sha256:0b55a30394294ab23b9afd58fab94e61a923f5834fba7ddbae7f8e0c11ba85e6 \ 107 debian:jessie@sha256:287a20c5f73087ab406e6b364833e3fb7b3ae63ca0eb3486555dc27ed32c6e60 \ 108 hello-world:latest@sha256:be0cd392e45be79ffeffa6b05338b98ebb16c87b255f48e297ec7f98e123905c 109 # See also ensureFrozenImagesLinux() in "integration-cli/fixtures_linux_daemon_test.go" (which needs to be updated when adding images to this list) 110 111 FROM base AS cross-false 112 113 FROM base AS cross-true 114 ARG DEBIAN_FRONTEND 115 RUN dpkg --add-architecture arm64 116 RUN dpkg --add-architecture armel 117 RUN dpkg --add-architecture armhf 118 RUN if [ "$(go env GOHOSTARCH)" = "amd64" ]; then \ 119 apt-get update && apt-get install -y --no-install-recommends \ 120 crossbuild-essential-arm64 \ 121 crossbuild-essential-armel \ 122 crossbuild-essential-armhf \ 123 && rm -rf /var/lib/apt/lists/*; \ 124 fi 125 126 FROM cross-${CROSS} as dev-base 127 128 FROM dev-base AS runtime-dev-cross-false 129 ARG DEBIAN_FRONTEND 130 RUN apt-get update && apt-get install -y --no-install-recommends \ 131 libapparmor-dev \ 132 libseccomp-dev \ 133 && rm -rf /var/lib/apt/lists/* 134 135 FROM cross-true AS runtime-dev-cross-true 136 ARG DEBIAN_FRONTEND 137 # These crossbuild packages rely on gcc-<arch>, but this doesn't want to install 138 # on non-amd64 systems. 139 # Additionally, the crossbuild-amd64 is currently only on debian:buster, so 140 # other architectures cannnot crossbuild amd64. 141 RUN if [ "$(go env GOHOSTARCH)" = "amd64" ]; then \ 142 apt-get update && apt-get install -y --no-install-recommends \ 143 libapparmor-dev:arm64 \ 144 libapparmor-dev:armel \ 145 libapparmor-dev:armhf \ 146 libseccomp-dev:arm64 \ 147 libseccomp-dev:armel \ 148 libseccomp-dev:armhf \ 149 # install this arches seccomp here due to compat issues with the v0 builder 150 # This is as opposed to inheriting from runtime-dev-cross-false 151 libapparmor-dev \ 152 libseccomp-dev \ 153 && rm -rf /var/lib/apt/lists/*; \ 154 fi 155 156 FROM runtime-dev-cross-${CROSS} AS runtime-dev 157 158 FROM base AS tomlv 159 ENV INSTALL_BINARY_NAME=tomlv 160 ARG TOMLV_COMMIT 161 COPY hack/dockerfile/install/install.sh ./install.sh 162 COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ 163 RUN PREFIX=/build ./install.sh $INSTALL_BINARY_NAME 164 165 FROM base AS vndr 166 ENV INSTALL_BINARY_NAME=vndr 167 ARG VNDR_COMMIT 168 COPY hack/dockerfile/install/install.sh ./install.sh 169 COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ 170 RUN PREFIX=/build ./install.sh $INSTALL_BINARY_NAME 171 172 FROM dev-base AS containerd 173 ARG DEBIAN_FRONTEND 174 ARG CONTAINERD_COMMIT 175 RUN apt-get update && apt-get install -y --no-install-recommends \ 176 libbtrfs-dev \ 177 && rm -rf /var/lib/apt/lists/* 178 ENV INSTALL_BINARY_NAME=containerd 179 COPY hack/dockerfile/install/install.sh ./install.sh 180 COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ 181 RUN PREFIX=/build ./install.sh $INSTALL_BINARY_NAME 182 183 FROM dev-base AS proxy 184 ENV INSTALL_BINARY_NAME=proxy 185 ARG LIBNETWORK_COMMIT 186 COPY hack/dockerfile/install/install.sh ./install.sh 187 COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ 188 RUN PREFIX=/build ./install.sh $INSTALL_BINARY_NAME 189 190 FROM base AS gometalinter 191 ENV INSTALL_BINARY_NAME=gometalinter 192 COPY hack/dockerfile/install/install.sh ./install.sh 193 COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ 194 RUN PREFIX=/build ./install.sh $INSTALL_BINARY_NAME 195 196 FROM base AS gotestsum 197 ENV INSTALL_BINARY_NAME=gotestsum 198 ARG GOTESTSUM_COMMIT 199 COPY hack/dockerfile/install/install.sh ./install.sh 200 COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ 201 RUN PREFIX=/build ./install.sh $INSTALL_BINARY_NAME 202 203 FROM dev-base AS dockercli 204 ENV INSTALL_BINARY_NAME=dockercli 205 ARG DOCKERCLI_CHANNEL 206 ARG DOCKERCLI_VERSION 207 COPY hack/dockerfile/install/install.sh ./install.sh 208 COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ 209 RUN PREFIX=/build ./install.sh $INSTALL_BINARY_NAME 210 211 FROM runtime-dev AS runc 212 ENV INSTALL_BINARY_NAME=runc 213 ARG RUNC_COMMIT 214 ARG RUNC_BUILDTAGS 215 COPY hack/dockerfile/install/install.sh ./install.sh 216 COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ 217 RUN PREFIX=/build ./install.sh $INSTALL_BINARY_NAME 218 219 FROM dev-base AS tini 220 ARG DEBIAN_FRONTEND 221 ARG TINI_COMMIT 222 RUN apt-get update && apt-get install -y --no-install-recommends \ 223 cmake \ 224 vim-common \ 225 && rm -rf /var/lib/apt/lists/* 226 COPY hack/dockerfile/install/install.sh ./install.sh 227 ENV INSTALL_BINARY_NAME=tini 228 COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ 229 RUN PREFIX=/build ./install.sh $INSTALL_BINARY_NAME 230 231 FROM dev-base AS rootlesskit 232 ENV INSTALL_BINARY_NAME=rootlesskit 233 ARG ROOTLESSKIT_COMMIT 234 COPY hack/dockerfile/install/install.sh ./install.sh 235 COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ 236 RUN PREFIX=/build/ ./install.sh $INSTALL_BINARY_NAME 237 COPY ./contrib/dockerd-rootless.sh /build 238 239 FROM djs55/vpnkit@sha256:${VPNKIT_DIGEST} AS vpnkit 240 241 # TODO: Some of this is only really needed for testing, it would be nice to split this up 242 FROM runtime-dev AS dev 243 ARG DEBIAN_FRONTEND 244 RUN groupadd -r docker 245 RUN useradd --create-home --gid docker unprivilegeduser 246 # Let us use a .bashrc file 247 RUN ln -sfv /go/src/github.com/docker/docker/.bashrc ~/.bashrc 248 # Activate bash completion and include Docker's completion if mounted with DOCKER_BASH_COMPLETION_PATH 249 RUN echo "source /usr/share/bash-completion/bash_completion" >> /etc/bash.bashrc 250 RUN ln -s /usr/local/completion/bash/docker /etc/bash_completion.d/docker 251 RUN ldconfig 252 # This should only install packages that are specifically needed for the dev environment and nothing else 253 # Do you really need to add another package here? Can it be done in a different build stage? 254 RUN apt-get update && apt-get install -y --no-install-recommends \ 255 apparmor \ 256 aufs-tools \ 257 bash-completion \ 258 binutils-mingw-w64 \ 259 libbtrfs-dev \ 260 bzip2 \ 261 g++-mingw-w64-x86-64 \ 262 iptables \ 263 jq \ 264 libcap2-bin \ 265 libdevmapper-dev \ 266 libnet1 \ 267 libnl-3-200 \ 268 libprotobuf-c1 \ 269 libsystemd-dev \ 270 libudev-dev \ 271 net-tools \ 272 pigz \ 273 python3-pip \ 274 python3-setuptools \ 275 python3-wheel \ 276 thin-provisioning-tools \ 277 vim \ 278 vim-common \ 279 xfsprogs \ 280 xz-utils \ 281 zip \ 282 && rm -rf /var/lib/apt/lists/* 283 284 # Switch to use iptables instead of nftables (to match the host machine) 285 RUN update-alternatives --set iptables /usr/sbin/iptables-legacy || true \ 286 && update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy || true \ 287 && update-alternatives --set arptables /usr/sbin/arptables-legacy || true 288 289 RUN pip3 install yamllint==1.16.0 290 291 COPY --from=dockercli /build/ /usr/local/cli 292 COPY --from=frozen-images /build/ /docker-frozen-images 293 COPY --from=swagger /build/ /usr/local/bin/ 294 COPY --from=tomlv /build/ /usr/local/bin/ 295 COPY --from=tini /build/ /usr/local/bin/ 296 COPY --from=registry /build/ /usr/local/bin/ 297 COPY --from=criu /build/ /usr/local/ 298 COPY --from=vndr /build/ /usr/local/bin/ 299 COPY --from=gotestsum /build/ /usr/local/bin/ 300 COPY --from=gometalinter /build/ /usr/local/bin/ 301 COPY --from=runc /build/ /usr/local/bin/ 302 COPY --from=containerd /build/ /usr/local/bin/ 303 COPY --from=rootlesskit /build/ /usr/local/bin/ 304 COPY --from=vpnkit /vpnkit /usr/local/bin/vpnkit.x86_64 305 COPY --from=proxy /build/ /usr/local/bin/ 306 307 ENV PATH=/usr/local/cli:$PATH 308 ENV DOCKER_BUILDTAGS apparmor seccomp selinux 309 WORKDIR /go/src/github.com/docker/docker 310 VOLUME /var/lib/docker 311 # Wrap all commands in the "docker-in-docker" script to allow nested containers 312 ENTRYPOINT ["hack/dind"] 313 314 FROM dev AS final 315 # Upload docker source 316 COPY . /go/src/github.com/docker/docker