github.com/moby/docker@v26.1.3+incompatible/Dockerfile (about) 1 # syntax=docker/dockerfile:1.7 2 3 ARG GO_VERSION=1.21.10 4 ARG BASE_DEBIAN_DISTRO="bookworm" 5 ARG GOLANG_IMAGE="golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO}" 6 ARG XX_VERSION=1.4.0 7 8 ARG VPNKIT_VERSION=0.5.0 9 10 ARG DOCKERCLI_REPOSITORY="https://github.com/docker/cli.git" 11 ARG DOCKERCLI_VERSION=v26.0.0 12 # cli version used for integration-cli tests 13 ARG DOCKERCLI_INTEGRATION_REPOSITORY="https://github.com/docker/cli.git" 14 ARG DOCKERCLI_INTEGRATION_VERSION=v17.06.2-ce 15 ARG BUILDX_VERSION=0.13.1 16 ARG COMPOSE_VERSION=v2.25.0 17 18 ARG SYSTEMD="false" 19 ARG DOCKER_STATIC=1 20 21 # REGISTRY_VERSION specifies the version of the registry to download from 22 # https://hub.docker.com/r/distribution/distribution. This version of 23 # the registry is used to test schema 2 manifests. Generally, the version 24 # specified here should match a current release. 25 ARG REGISTRY_VERSION=2.8.3 26 27 # delve is currently only supported on linux/amd64 and linux/arm64; 28 # https://github.com/go-delve/delve/blob/v1.8.1/pkg/proc/native/support_sentinel.go#L1-L6 29 ARG DELVE_SUPPORTED=${TARGETPLATFORM#linux/amd64} DELVE_SUPPORTED=${DELVE_SUPPORTED#linux/arm64} 30 ARG DELVE_SUPPORTED=${DELVE_SUPPORTED:+"unsupported"} 31 ARG DELVE_SUPPORTED=${DELVE_SUPPORTED:-"supported"} 32 33 # cross compilation helper 34 FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx 35 36 # dummy stage to make sure the image is built for deps that don't support some 37 # architectures 38 FROM --platform=$BUILDPLATFORM busybox AS build-dummy 39 RUN mkdir -p /build 40 FROM scratch AS binary-dummy 41 COPY --from=build-dummy /build /build 42 43 # base 44 FROM --platform=$BUILDPLATFORM ${GOLANG_IMAGE} AS base 45 COPY --from=xx / / 46 RUN echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache 47 RUN apt-get update && apt-get install --no-install-recommends -y file 48 ENV GO111MODULE=off 49 ENV GOTOOLCHAIN=local 50 51 FROM base AS criu 52 ADD --chmod=0644 https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_11/Release.key /etc/apt/trusted.gpg.d/criu.gpg.asc 53 RUN --mount=type=cache,sharing=locked,id=moby-criu-aptlib,target=/var/lib/apt \ 54 --mount=type=cache,sharing=locked,id=moby-criu-aptcache,target=/var/cache/apt \ 55 echo 'deb https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_12/ /' > /etc/apt/sources.list.d/criu.list \ 56 && apt-get update \ 57 && apt-get install -y --no-install-recommends criu \ 58 && install -D /usr/sbin/criu /build/criu \ 59 && /build/criu --version 60 61 # registry 62 FROM base AS registry-src 63 WORKDIR /usr/src/registry 64 RUN git init . && git remote add origin "https://github.com/distribution/distribution.git" 65 66 FROM base AS registry 67 WORKDIR /go/src/github.com/docker/distribution 68 69 # REGISTRY_VERSION_SCHEMA1 specifies the version of the registry to build and 70 # install from the https://github.com/docker/distribution repository. This is 71 # an older (pre v2.3.0) version of the registry that only supports schema1 72 # manifests. This version of the registry is not working on arm64, so installation 73 # is skipped on that architecture. 74 ARG REGISTRY_VERSION_SCHEMA1=v2.1.0 75 ARG TARGETPLATFORM 76 RUN --mount=from=registry-src,src=/usr/src/registry,rw \ 77 --mount=type=cache,target=/root/.cache/go-build,id=registry-build-$TARGETPLATFORM \ 78 --mount=type=cache,target=/go/pkg/mod \ 79 --mount=type=tmpfs,target=/go/src <<EOT 80 set -ex 81 export GOPATH="/go/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" 82 # Make the /build directory no matter what so that it doesn't fail on arm64 or 83 # any other platform where we don't build this registry 84 mkdir /build 85 case $TARGETPLATFORM in 86 linux/amd64|linux/arm/v7|linux/ppc64le|linux/s390x) 87 git fetch -q --depth 1 origin "${REGISTRY_VERSION_SCHEMA1}" +refs/tags/*:refs/tags/* 88 git checkout -q FETCH_HEAD 89 CGO_ENABLED=0 xx-go build -o /build/registry-v2-schema1 -v ./cmd/registry 90 xx-verify /build/registry-v2-schema1 91 ;; 92 esac 93 EOT 94 95 FROM distribution/distribution:$REGISTRY_VERSION AS registry-v2 96 RUN mkdir /build && mv /bin/registry /build/registry-v2 97 98 # go-swagger 99 FROM base AS swagger-src 100 WORKDIR /usr/src/swagger 101 # Currently uses a fork from https://github.com/kolyshkin/go-swagger/tree/golang-1.13-fix 102 # TODO: move to under moby/ or fix upstream go-swagger to work for us. 103 RUN git init . && git remote add origin "https://github.com/kolyshkin/go-swagger.git" 104 # GO_SWAGGER_COMMIT specifies the version of the go-swagger binary to build and 105 # install. Go-swagger is used in CI for validating swagger.yaml in hack/validate/swagger-gen 106 ARG GO_SWAGGER_COMMIT=c56166c036004ba7a3a321e5951ba472b9ae298c 107 RUN git fetch -q --depth 1 origin "${GO_SWAGGER_COMMIT}" && git checkout -q FETCH_HEAD 108 109 FROM base AS swagger 110 WORKDIR /go/src/github.com/go-swagger/go-swagger 111 ARG TARGETPLATFORM 112 RUN --mount=from=swagger-src,src=/usr/src/swagger,rw \ 113 --mount=type=cache,target=/root/.cache/go-build,id=swagger-build-$TARGETPLATFORM \ 114 --mount=type=cache,target=/go/pkg/mod \ 115 --mount=type=tmpfs,target=/go/src/ <<EOT 116 set -e 117 xx-go build -o /build/swagger ./cmd/swagger 118 xx-verify /build/swagger 119 EOT 120 121 # frozen-images 122 # See also frozenImages in "testutil/environment/protect.go" (which needs to 123 # be updated when adding images to this list) 124 FROM debian:${BASE_DEBIAN_DISTRO} AS frozen-images 125 RUN --mount=type=cache,sharing=locked,id=moby-frozen-images-aptlib,target=/var/lib/apt \ 126 --mount=type=cache,sharing=locked,id=moby-frozen-images-aptcache,target=/var/cache/apt \ 127 apt-get update && apt-get install -y --no-install-recommends \ 128 ca-certificates \ 129 curl \ 130 jq 131 # Get useful and necessary Hub images so we can "docker load" locally instead of pulling 132 COPY contrib/download-frozen-image-v2.sh / 133 ARG TARGETARCH 134 ARG TARGETVARIANT 135 RUN /download-frozen-image-v2.sh /build \ 136 busybox:latest@sha256:95cf004f559831017cdf4628aaf1bb30133677be8702a8c5f2994629f637a209 \ 137 busybox:glibc@sha256:1f81263701cddf6402afe9f33fca0266d9fff379e59b1748f33d3072da71ee85 \ 138 debian:bookworm-slim@sha256:2bc5c236e9b262645a323e9088dfa3bb1ecb16cc75811daf40a23a824d665be9 \ 139 hello-world:latest@sha256:d58e752213a51785838f9eed2b7a498ffa1cb3aa7f946dda11af39286c3db9a9 \ 140 arm32v7/hello-world:latest@sha256:50b8560ad574c779908da71f7ce370c0a2471c098d44d1c8f6b513c5a55eeeb1 141 142 # delve 143 FROM base AS delve-src 144 WORKDIR /usr/src/delve 145 RUN git init . && git remote add origin "https://github.com/go-delve/delve.git" 146 # DELVE_VERSION specifies the version of the Delve debugger binary 147 # from the https://github.com/go-delve/delve repository. 148 # It can be used to run Docker with a possibility of 149 # attaching debugger to it. 150 ARG DELVE_VERSION=v1.21.1 151 RUN git fetch -q --depth 1 origin "${DELVE_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD 152 153 FROM base AS delve-supported 154 WORKDIR /usr/src/delve 155 ARG TARGETPLATFORM 156 RUN --mount=from=delve-src,src=/usr/src/delve,rw \ 157 --mount=type=cache,target=/root/.cache/go-build,id=delve-build-$TARGETPLATFORM \ 158 --mount=type=cache,target=/go/pkg/mod <<EOT 159 set -e 160 GO111MODULE=on xx-go build -o /build/dlv ./cmd/dlv 161 xx-verify /build/dlv 162 EOT 163 164 FROM binary-dummy AS delve-unsupported 165 FROM delve-${DELVE_SUPPORTED} AS delve 166 167 FROM base AS tomll 168 # GOTOML_VERSION specifies the version of the tomll binary to build and install 169 # from the https://github.com/pelletier/go-toml repository. This binary is used 170 # in CI in the hack/validate/toml script. 171 # 172 # When updating this version, consider updating the github.com/pelletier/go-toml 173 # dependency in vendor.mod accordingly. 174 ARG GOTOML_VERSION=v1.8.1 175 RUN --mount=type=cache,target=/root/.cache/go-build \ 176 --mount=type=cache,target=/go/pkg/mod \ 177 GOBIN=/build/ GO111MODULE=on go install "github.com/pelletier/go-toml/cmd/tomll@${GOTOML_VERSION}" \ 178 && /build/tomll --help 179 180 FROM base AS gowinres 181 # GOWINRES_VERSION defines go-winres tool version 182 ARG GOWINRES_VERSION=v0.3.1 183 RUN --mount=type=cache,target=/root/.cache/go-build \ 184 --mount=type=cache,target=/go/pkg/mod \ 185 GOBIN=/build/ GO111MODULE=on go install "github.com/tc-hib/go-winres@${GOWINRES_VERSION}" \ 186 && /build/go-winres --help 187 188 # containerd 189 FROM base AS containerd-src 190 WORKDIR /usr/src/containerd 191 RUN git init . && git remote add origin "https://github.com/containerd/containerd.git" 192 # CONTAINERD_VERSION is used to build containerd binaries, and used for the 193 # integration tests. The distributed docker .deb and .rpm packages depend on a 194 # separate (containerd.io) package, which may be a different version as is 195 # specified here. The containerd golang package is also pinned in vendor.mod. 196 # When updating the binary version you may also need to update the vendor 197 # version to pick up bug fixes or new APIs, however, usually the Go packages 198 # are built from a commit from the master branch. 199 ARG CONTAINERD_VERSION=v1.7.15 200 RUN git fetch -q --depth 1 origin "${CONTAINERD_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD 201 202 FROM base AS containerd-build 203 WORKDIR /go/src/github.com/containerd/containerd 204 ARG TARGETPLATFORM 205 RUN --mount=type=cache,sharing=locked,id=moby-containerd-aptlib,target=/var/lib/apt \ 206 --mount=type=cache,sharing=locked,id=moby-containerd-aptcache,target=/var/cache/apt \ 207 apt-get update && xx-apt-get install -y --no-install-recommends \ 208 gcc \ 209 libbtrfs-dev \ 210 libsecret-1-dev \ 211 pkg-config 212 ARG DOCKER_STATIC 213 RUN --mount=from=containerd-src,src=/usr/src/containerd,rw \ 214 --mount=type=cache,target=/root/.cache/go-build,id=containerd-build-$TARGETPLATFORM <<EOT 215 set -e 216 export CC=$(xx-info)-gcc 217 export CGO_ENABLED=$([ "$DOCKER_STATIC" = "1" ] && echo "0" || echo "1") 218 xx-go --wrap 219 make $([ "$DOCKER_STATIC" = "1" ] && echo "STATIC=1") binaries 220 xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") bin/containerd 221 xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") bin/containerd-shim-runc-v2 222 xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") bin/ctr 223 mkdir /build 224 mv bin/containerd bin/containerd-shim-runc-v2 bin/ctr /build 225 EOT 226 227 FROM containerd-build AS containerd-linux 228 FROM binary-dummy AS containerd-windows 229 FROM containerd-${TARGETOS} AS containerd 230 231 FROM base AS golangci_lint 232 ARG GOLANGCI_LINT_VERSION=v1.55.2 233 RUN --mount=type=cache,target=/root/.cache/go-build \ 234 --mount=type=cache,target=/go/pkg/mod \ 235 GOBIN=/build/ GO111MODULE=on go install "github.com/golangci/golangci-lint/cmd/golangci-lint@${GOLANGCI_LINT_VERSION}" \ 236 && /build/golangci-lint --version 237 238 FROM base AS gotestsum 239 ARG GOTESTSUM_VERSION=v1.8.2 240 RUN --mount=type=cache,target=/root/.cache/go-build \ 241 --mount=type=cache,target=/go/pkg/mod \ 242 GOBIN=/build/ GO111MODULE=on go install "gotest.tools/gotestsum@${GOTESTSUM_VERSION}" \ 243 && /build/gotestsum --version 244 245 FROM base AS shfmt 246 ARG SHFMT_VERSION=v3.8.0 247 RUN --mount=type=cache,target=/root/.cache/go-build \ 248 --mount=type=cache,target=/go/pkg/mod \ 249 GOBIN=/build/ GO111MODULE=on go install "mvdan.cc/sh/v3/cmd/shfmt@${SHFMT_VERSION}" \ 250 && /build/shfmt --version 251 252 FROM base AS gopls 253 RUN --mount=type=cache,target=/root/.cache/go-build \ 254 --mount=type=cache,target=/go/pkg/mod \ 255 GOBIN=/build/ GO111MODULE=on go install "golang.org/x/tools/gopls@latest" \ 256 && /build/gopls version 257 258 FROM base AS dockercli 259 WORKDIR /go/src/github.com/docker/cli 260 ARG DOCKERCLI_REPOSITORY 261 ARG DOCKERCLI_VERSION 262 ARG TARGETPLATFORM 263 RUN --mount=source=hack/dockerfile/cli.sh,target=/download-or-build-cli.sh \ 264 --mount=type=cache,id=dockercli-git-$TARGETPLATFORM,sharing=locked,target=./.git \ 265 --mount=type=cache,target=/root/.cache/go-build,id=dockercli-build-$TARGETPLATFORM \ 266 rm -f ./.git/*.lock \ 267 && /download-or-build-cli.sh ${DOCKERCLI_VERSION} ${DOCKERCLI_REPOSITORY} /build \ 268 && /build/docker --version 269 270 FROM base AS dockercli-integration 271 WORKDIR /go/src/github.com/docker/cli 272 ARG DOCKERCLI_INTEGRATION_REPOSITORY 273 ARG DOCKERCLI_INTEGRATION_VERSION 274 ARG TARGETPLATFORM 275 RUN --mount=source=hack/dockerfile/cli.sh,target=/download-or-build-cli.sh \ 276 --mount=type=cache,id=dockercli-git-$TARGETPLATFORM,sharing=locked,target=./.git \ 277 --mount=type=cache,target=/root/.cache/go-build,id=dockercli-build-$TARGETPLATFORM \ 278 rm -f ./.git/*.lock \ 279 && /download-or-build-cli.sh ${DOCKERCLI_INTEGRATION_VERSION} ${DOCKERCLI_INTEGRATION_REPOSITORY} /build \ 280 && /build/docker --version 281 282 # runc 283 FROM base AS runc-src 284 WORKDIR /usr/src/runc 285 RUN git init . && git remote add origin "https://github.com/opencontainers/runc.git" 286 # RUNC_VERSION should match the version that is used by the containerd version 287 # that is used. If you need to update runc, open a pull request in the containerd 288 # project first, and update both after that is merged. When updating RUNC_VERSION, 289 # consider updating runc in vendor.mod accordingly. 290 ARG RUNC_VERSION=v1.1.12 291 RUN git fetch -q --depth 1 origin "${RUNC_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD 292 293 FROM base AS runc-build 294 WORKDIR /go/src/github.com/opencontainers/runc 295 ARG TARGETPLATFORM 296 RUN --mount=type=cache,sharing=locked,id=moby-runc-aptlib,target=/var/lib/apt \ 297 --mount=type=cache,sharing=locked,id=moby-runc-aptcache,target=/var/cache/apt \ 298 apt-get update && xx-apt-get install -y --no-install-recommends \ 299 dpkg-dev \ 300 gcc \ 301 libc6-dev \ 302 libseccomp-dev \ 303 pkg-config 304 ARG DOCKER_STATIC 305 RUN --mount=from=runc-src,src=/usr/src/runc,rw \ 306 --mount=type=cache,target=/root/.cache/go-build,id=runc-build-$TARGETPLATFORM <<EOT 307 set -e 308 xx-go --wrap 309 CGO_ENABLED=1 make "$([ "$DOCKER_STATIC" = "1" ] && echo "static" || echo "runc")" 310 xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") runc 311 mkdir /build 312 mv runc /build/ 313 EOT 314 315 FROM runc-build AS runc-linux 316 FROM binary-dummy AS runc-windows 317 FROM runc-${TARGETOS} AS runc 318 319 # tini 320 FROM base AS tini-src 321 WORKDIR /usr/src/tini 322 RUN git init . && git remote add origin "https://github.com/krallin/tini.git" 323 # TINI_VERSION specifies the version of tini (docker-init) to build. This 324 # binary is used when starting containers with the `--init` option. 325 ARG TINI_VERSION=v0.19.0 326 RUN git fetch -q --depth 1 origin "${TINI_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD 327 328 FROM base AS tini-build 329 WORKDIR /go/src/github.com/krallin/tini 330 RUN --mount=type=cache,sharing=locked,id=moby-tini-aptlib,target=/var/lib/apt \ 331 --mount=type=cache,sharing=locked,id=moby-tini-aptcache,target=/var/cache/apt \ 332 apt-get update && apt-get install -y --no-install-recommends cmake 333 ARG TARGETPLATFORM 334 RUN --mount=type=cache,sharing=locked,id=moby-tini-aptlib,target=/var/lib/apt \ 335 --mount=type=cache,sharing=locked,id=moby-tini-aptcache,target=/var/cache/apt \ 336 xx-apt-get install -y --no-install-recommends \ 337 gcc \ 338 libc6-dev \ 339 pkg-config 340 RUN --mount=from=tini-src,src=/usr/src/tini,rw \ 341 --mount=type=cache,target=/root/.cache/go-build,id=tini-build-$TARGETPLATFORM <<EOT 342 set -e 343 CC=$(xx-info)-gcc cmake . 344 make tini-static 345 xx-verify --static tini-static 346 mkdir /build 347 mv tini-static /build/docker-init 348 EOT 349 350 FROM tini-build AS tini-linux 351 FROM binary-dummy AS tini-windows 352 FROM tini-${TARGETOS} AS tini 353 354 # rootlesskit 355 FROM base AS rootlesskit-src 356 WORKDIR /usr/src/rootlesskit 357 RUN git init . && git remote add origin "https://github.com/rootless-containers/rootlesskit.git" 358 # When updating, also update vendor.mod and hack/dockerfile/install/rootlesskit.installer accordingly. 359 ARG ROOTLESSKIT_VERSION=v2.0.2 360 RUN git fetch -q --depth 1 origin "${ROOTLESSKIT_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD 361 362 FROM base AS rootlesskit-build 363 WORKDIR /go/src/github.com/rootless-containers/rootlesskit 364 ARG TARGETPLATFORM 365 RUN --mount=type=cache,sharing=locked,id=moby-rootlesskit-aptlib,target=/var/lib/apt \ 366 --mount=type=cache,sharing=locked,id=moby-rootlesskit-aptcache,target=/var/cache/apt \ 367 apt-get update && xx-apt-get install -y --no-install-recommends \ 368 gcc \ 369 libc6-dev \ 370 pkg-config 371 ENV GO111MODULE=on 372 ARG DOCKER_STATIC 373 RUN --mount=from=rootlesskit-src,src=/usr/src/rootlesskit,rw \ 374 --mount=type=cache,target=/go/pkg/mod \ 375 --mount=type=cache,target=/root/.cache/go-build,id=rootlesskit-build-$TARGETPLATFORM <<EOT 376 set -e 377 export CGO_ENABLED=$([ "$DOCKER_STATIC" = "1" ] && echo "0" || echo "1") 378 xx-go build -o /build/rootlesskit -ldflags="$([ "$DOCKER_STATIC" != "1" ] && echo "-linkmode=external")" ./cmd/rootlesskit 379 xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") /build/rootlesskit 380 xx-go build -o /build/rootlesskit-docker-proxy -ldflags="$([ "$DOCKER_STATIC" != "1" ] && echo "-linkmode=external")" ./cmd/rootlesskit-docker-proxy 381 xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") /build/rootlesskit-docker-proxy 382 EOT 383 COPY --link ./contrib/dockerd-rootless.sh /build/ 384 COPY --link ./contrib/dockerd-rootless-setuptool.sh /build/ 385 386 FROM rootlesskit-build AS rootlesskit-linux 387 FROM binary-dummy AS rootlesskit-windows 388 FROM rootlesskit-${TARGETOS} AS rootlesskit 389 390 FROM base AS crun 391 ARG CRUN_VERSION=1.12 392 RUN --mount=type=cache,sharing=locked,id=moby-crun-aptlib,target=/var/lib/apt \ 393 --mount=type=cache,sharing=locked,id=moby-crun-aptcache,target=/var/cache/apt \ 394 apt-get update && apt-get install -y --no-install-recommends \ 395 autoconf \ 396 automake \ 397 build-essential \ 398 libcap-dev \ 399 libprotobuf-c-dev \ 400 libseccomp-dev \ 401 libsystemd-dev \ 402 libtool \ 403 libudev-dev \ 404 libyajl-dev \ 405 python3 \ 406 ; 407 RUN --mount=type=tmpfs,target=/tmp/crun-build \ 408 git clone https://github.com/containers/crun.git /tmp/crun-build && \ 409 cd /tmp/crun-build && \ 410 git checkout -q "${CRUN_VERSION}" && \ 411 ./autogen.sh && \ 412 ./configure --bindir=/build && \ 413 make -j install 414 415 # vpnkit 416 # use dummy scratch stage to avoid build to fail for unsupported platforms 417 FROM scratch AS vpnkit-windows 418 FROM scratch AS vpnkit-linux-386 419 FROM scratch AS vpnkit-linux-arm 420 FROM scratch AS vpnkit-linux-ppc64le 421 FROM scratch AS vpnkit-linux-riscv64 422 FROM scratch AS vpnkit-linux-s390x 423 FROM djs55/vpnkit:${VPNKIT_VERSION} AS vpnkit-linux-amd64 424 FROM djs55/vpnkit:${VPNKIT_VERSION} AS vpnkit-linux-arm64 425 FROM vpnkit-linux-${TARGETARCH} AS vpnkit-linux 426 FROM vpnkit-${TARGETOS} AS vpnkit 427 428 # containerutility 429 FROM base AS containerutil-src 430 WORKDIR /usr/src/containerutil 431 RUN git init . && git remote add origin "https://github.com/docker-archive/windows-container-utility.git" 432 ARG CONTAINERUTILITY_VERSION=aa1ba87e99b68e0113bd27ec26c60b88f9d4ccd9 433 RUN git fetch -q --depth 1 origin "${CONTAINERUTILITY_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD 434 435 FROM base AS containerutil-build 436 WORKDIR /usr/src/containerutil 437 ARG TARGETPLATFORM 438 RUN xx-apt-get install -y --no-install-recommends \ 439 gcc \ 440 g++ \ 441 libc6-dev \ 442 pkg-config 443 RUN --mount=from=containerutil-src,src=/usr/src/containerutil,rw \ 444 --mount=type=cache,target=/root/.cache/go-build,id=containerutil-build-$TARGETPLATFORM <<EOT 445 set -e 446 CC="$(xx-info)-gcc" CXX="$(xx-info)-g++" make 447 xx-verify --static containerutility.exe 448 mkdir /build 449 mv containerutility.exe /build/ 450 EOT 451 452 FROM binary-dummy AS containerutil-linux 453 FROM containerutil-build AS containerutil-windows-amd64 454 FROM containerutil-windows-${TARGETARCH} AS containerutil-windows 455 FROM containerutil-${TARGETOS} AS containerutil 456 FROM docker/buildx-bin:${BUILDX_VERSION} as buildx 457 FROM docker/compose-bin:${COMPOSE_VERSION} as compose 458 459 FROM base AS dev-systemd-false 460 COPY --link --from=frozen-images /build/ /docker-frozen-images 461 COPY --link --from=swagger /build/ /usr/local/bin/ 462 COPY --link --from=delve /build/ /usr/local/bin/ 463 COPY --link --from=tomll /build/ /usr/local/bin/ 464 COPY --link --from=gowinres /build/ /usr/local/bin/ 465 COPY --link --from=tini /build/ /usr/local/bin/ 466 COPY --link --from=registry /build/ /usr/local/bin/ 467 COPY --link --from=registry-v2 /build/ /usr/local/bin/ 468 469 # Skip the CRIU stage for now, as the opensuse package repository is sometimes 470 # unstable, and we're currently not using it in CI. 471 # 472 # FIXME(thaJeztah): re-enable this stage when https://github.com/moby/moby/issues/38963 is resolved (see https://github.com/moby/moby/pull/38984) 473 # COPY --link --from=criu /build/ /usr/local/bin/ 474 COPY --link --from=gotestsum /build/ /usr/local/bin/ 475 COPY --link --from=golangci_lint /build/ /usr/local/bin/ 476 COPY --link --from=shfmt /build/ /usr/local/bin/ 477 COPY --link --from=runc /build/ /usr/local/bin/ 478 COPY --link --from=containerd /build/ /usr/local/bin/ 479 COPY --link --from=rootlesskit /build/ /usr/local/bin/ 480 COPY --link --from=vpnkit / /usr/local/bin/ 481 COPY --link --from=containerutil /build/ /usr/local/bin/ 482 COPY --link --from=crun /build/ /usr/local/bin/ 483 COPY --link hack/dockerfile/etc/docker/ /etc/docker/ 484 COPY --link --from=buildx /buildx /usr/local/libexec/docker/cli-plugins/docker-buildx 485 COPY --link --from=compose /docker-compose /usr/libexec/docker/cli-plugins/docker-compose 486 487 ENV PATH=/usr/local/cli:$PATH 488 ENV TEST_CLIENT_BINARY=/usr/local/cli-integration/docker 489 ENV CONTAINERD_ADDRESS=/run/docker/containerd/containerd.sock 490 ENV CONTAINERD_NAMESPACE=moby 491 WORKDIR /go/src/github.com/docker/docker 492 VOLUME /var/lib/docker 493 VOLUME /home/unprivilegeduser/.local/share/docker 494 # Wrap all commands in the "docker-in-docker" script to allow nested containers 495 ENTRYPOINT ["hack/dind"] 496 497 FROM dev-systemd-false AS dev-systemd-true 498 RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \ 499 --mount=type=cache,sharing=locked,id=moby-dev-aptcache,target=/var/cache/apt \ 500 apt-get update && apt-get install -y --no-install-recommends \ 501 dbus \ 502 dbus-user-session \ 503 systemd \ 504 systemd-sysv 505 ENTRYPOINT ["hack/dind-systemd"] 506 507 FROM dev-systemd-${SYSTEMD} AS dev-base 508 RUN groupadd -r docker 509 RUN useradd --create-home --gid docker unprivilegeduser \ 510 && mkdir -p /home/unprivilegeduser/.local/share/docker \ 511 && chown -R unprivilegeduser /home/unprivilegeduser 512 # Let us use a .bashrc file 513 RUN ln -sfv /go/src/github.com/docker/docker/.bashrc ~/.bashrc 514 # Activate bash completion and include Docker's completion if mounted with DOCKER_BASH_COMPLETION_PATH 515 RUN echo "source /usr/share/bash-completion/bash_completion" >> /etc/bash.bashrc 516 RUN ln -s /usr/local/completion/bash/docker /etc/bash_completion.d/docker 517 RUN ldconfig 518 # Set dev environment as safe git directory to prevent "dubious ownership" errors 519 # when bind-mounting the source into the dev-container. See https://github.com/moby/moby/pull/44930 520 RUN git config --global --add safe.directory $GOPATH/src/github.com/docker/docker 521 # This should only install packages that are specifically needed for the dev environment and nothing else 522 # Do you really need to add another package here? Can it be done in a different build stage? 523 RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \ 524 --mount=type=cache,sharing=locked,id=moby-dev-aptcache,target=/var/cache/apt \ 525 apt-get update && apt-get install -y --no-install-recommends \ 526 apparmor \ 527 bash-completion \ 528 bzip2 \ 529 inetutils-ping \ 530 iproute2 \ 531 iptables \ 532 jq \ 533 libcap2-bin \ 534 libnet1 \ 535 libnl-3-200 \ 536 libprotobuf-c1 \ 537 libyajl2 \ 538 net-tools \ 539 patch \ 540 pigz \ 541 sudo \ 542 systemd-journal-remote \ 543 thin-provisioning-tools \ 544 uidmap \ 545 vim \ 546 vim-common \ 547 xfsprogs \ 548 xz-utils \ 549 zip \ 550 zstd 551 # Switch to use iptables instead of nftables (to match the CI hosts) 552 # TODO use some kind of runtime auto-detection instead if/when nftables is supported (https://github.com/moby/moby/issues/26824) 553 RUN update-alternatives --set iptables /usr/sbin/iptables-legacy || true \ 554 && update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy || true \ 555 && update-alternatives --set arptables /usr/sbin/arptables-legacy || true 556 RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \ 557 --mount=type=cache,sharing=locked,id=moby-dev-aptcache,target=/var/cache/apt \ 558 apt-get update && apt-get install --no-install-recommends -y \ 559 gcc \ 560 pkg-config \ 561 dpkg-dev \ 562 libapparmor-dev \ 563 libseccomp-dev \ 564 libsecret-1-dev \ 565 libsystemd-dev \ 566 libudev-dev \ 567 yamllint 568 COPY --link --from=dockercli /build/ /usr/local/cli 569 COPY --link --from=dockercli-integration /build/ /usr/local/cli-integration 570 571 FROM base AS build 572 COPY --from=gowinres /build/ /usr/local/bin/ 573 WORKDIR /go/src/github.com/docker/docker 574 ENV GO111MODULE=off 575 ENV CGO_ENABLED=1 576 RUN --mount=type=cache,sharing=locked,id=moby-build-aptlib,target=/var/lib/apt \ 577 --mount=type=cache,sharing=locked,id=moby-build-aptcache,target=/var/cache/apt \ 578 apt-get update && apt-get install --no-install-recommends -y \ 579 clang \ 580 lld \ 581 llvm 582 ARG TARGETPLATFORM 583 RUN --mount=type=cache,sharing=locked,id=moby-build-aptlib,target=/var/lib/apt \ 584 --mount=type=cache,sharing=locked,id=moby-build-aptcache,target=/var/cache/apt \ 585 xx-apt-get install --no-install-recommends -y \ 586 dpkg-dev \ 587 gcc \ 588 libapparmor-dev \ 589 libc6-dev \ 590 libseccomp-dev \ 591 libsecret-1-dev \ 592 libsystemd-dev \ 593 libudev-dev \ 594 pkg-config 595 ARG DOCKER_BUILDTAGS 596 ARG DOCKER_DEBUG 597 ARG DOCKER_GITCOMMIT=HEAD 598 ARG DOCKER_LDFLAGS 599 ARG DOCKER_STATIC 600 ARG VERSION 601 ARG PLATFORM 602 ARG PRODUCT 603 ARG DEFAULT_PRODUCT_LICENSE 604 ARG PACKAGER_NAME 605 # PREFIX overrides DEST dir in make.sh script otherwise it fails because of 606 # read only mount in current work dir 607 ENV PREFIX=/tmp 608 RUN <<EOT 609 # in bullseye arm64 target does not link with lld so configure it to use ld instead 610 if [ "$(xx-info arch)" = "arm64" ]; then 611 XX_CC_PREFER_LINKER=ld xx-clang --setup-target-triple 612 fi 613 EOT 614 RUN --mount=type=bind,target=.,rw \ 615 --mount=type=tmpfs,target=cli/winresources/dockerd \ 616 --mount=type=tmpfs,target=cli/winresources/docker-proxy \ 617 --mount=type=cache,target=/root/.cache/go-build,id=moby-build-$TARGETPLATFORM <<EOT 618 set -e 619 target=$([ "$DOCKER_STATIC" = "1" ] && echo "binary" || echo "dynbinary") 620 xx-go --wrap 621 PKG_CONFIG=$(xx-go env PKG_CONFIG) ./hack/make.sh $target 622 xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") /tmp/bundles/${target}-daemon/dockerd$([ "$(xx-info os)" = "windows" ] && echo ".exe") 623 xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") /tmp/bundles/${target}-daemon/docker-proxy$([ "$(xx-info os)" = "windows" ] && echo ".exe") 624 mkdir /build 625 mv /tmp/bundles/${target}-daemon/* /build/ 626 EOT 627 628 # usage: 629 # > docker buildx bake binary 630 # > DOCKER_STATIC=0 docker buildx bake binary 631 # or 632 # > make binary 633 # > make dynbinary 634 FROM scratch AS binary 635 COPY --from=build /build/ / 636 637 # usage: 638 # > docker buildx bake all 639 FROM scratch AS all 640 COPY --link --from=tini /build/ / 641 COPY --link --from=runc /build/ / 642 COPY --link --from=containerd /build/ / 643 COPY --link --from=rootlesskit /build/ / 644 COPY --link --from=containerutil /build/ / 645 COPY --link --from=vpnkit / / 646 COPY --link --from=build /build / 647 648 # smoke tests 649 # usage: 650 # > docker buildx bake binary-smoketest 651 FROM --platform=$TARGETPLATFORM base AS smoketest 652 WORKDIR /usr/local/bin 653 COPY --from=build /build . 654 RUN <<EOT 655 set -ex 656 file dockerd 657 dockerd --version 658 file docker-proxy 659 docker-proxy --version 660 EOT 661 662 # devcontainer is a stage used by .devcontainer/devcontainer.json 663 FROM dev-base AS devcontainer 664 COPY --link . . 665 COPY --link --from=gopls /build/ /usr/local/bin/ 666 667 # usage: 668 # > make shell 669 # > SYSTEMD=true make shell 670 FROM dev-base AS dev 671 COPY --link . .