github.com/rumpl/bof@v23.0.0-rc.2+incompatible/Dockerfile (about) 1 # syntax=docker/dockerfile:1 2 3 ARG GO_VERSION=1.19.5 4 ARG BASE_DEBIAN_DISTRO="bullseye" 5 ARG GOLANG_IMAGE="golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO}" 6 ARG XX_VERSION=1.1.2 7 8 ARG VPNKIT_VERSION=0.5.0 9 ARG DOCKERCLI_VERSION=v17.06.2-ce 10 11 ARG SYSTEMD="false" 12 ARG DEBIAN_FRONTEND=noninteractive 13 ARG DOCKER_STATIC=1 14 15 # cross compilation helper 16 FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx 17 18 # dummy stage to make sure the image is built for deps that don't support some 19 # architectures 20 FROM --platform=$BUILDPLATFORM busybox AS build-dummy 21 RUN mkdir -p /build 22 FROM scratch AS binary-dummy 23 COPY --from=build-dummy /build /build 24 25 # base 26 FROM --platform=$BUILDPLATFORM ${GOLANG_IMAGE} AS base 27 COPY --from=xx / / 28 RUN echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache 29 ARG APT_MIRROR 30 RUN sed -ri "s/(httpredir|deb).debian.org/${APT_MIRROR:-deb.debian.org}/g" /etc/apt/sources.list \ 31 && sed -ri "s/(security).debian.org/${APT_MIRROR:-security.debian.org}/g" /etc/apt/sources.list 32 ARG DEBIAN_FRONTEND 33 RUN apt-get update && apt-get install --no-install-recommends -y file 34 ENV GO111MODULE=off 35 36 FROM base AS criu 37 ARG DEBIAN_FRONTEND 38 ADD --chmod=0644 https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_11/Release.key /etc/apt/trusted.gpg.d/criu.gpg.asc 39 RUN --mount=type=cache,sharing=locked,id=moby-criu-aptlib,target=/var/lib/apt \ 40 --mount=type=cache,sharing=locked,id=moby-criu-aptcache,target=/var/cache/apt \ 41 echo 'deb https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_11/ /' > /etc/apt/sources.list.d/criu.list \ 42 && apt-get update \ 43 && apt-get install -y --no-install-recommends criu \ 44 && install -D /usr/sbin/criu /build/criu 45 46 # registry 47 FROM base AS registry-src 48 WORKDIR /usr/src/registry 49 RUN git init . && git remote add origin "https://github.com/distribution/distribution.git" 50 51 FROM base AS registry 52 WORKDIR /go/src/github.com/docker/distribution 53 # REGISTRY_VERSION specifies the version of the registry to build and install 54 # from the https://github.com/docker/distribution repository. This version of 55 # the registry is used to test both schema 1 and schema 2 manifests. Generally, 56 # the version specified here should match a current release. 57 ARG REGISTRY_VERSION=v2.3.0 58 # REGISTRY_VERSION_SCHEMA1 specifies the version of the registry to build and 59 # install from the https://github.com/docker/distribution repository. This is 60 # an older (pre v2.3.0) version of the registry that only supports schema1 61 # manifests. This version of the registry is not working on arm64, so installation 62 # is skipped on that architecture. 63 ARG REGISTRY_VERSION_SCHEMA1=v2.1.0 64 ARG TARGETPLATFORM 65 RUN --mount=from=registry-src,src=/usr/src/registry,rw \ 66 --mount=type=cache,target=/root/.cache/go-build,id=registry-build-$TARGETPLATFORM \ 67 --mount=type=cache,target=/go/pkg/mod \ 68 --mount=type=tmpfs,target=/go/src <<EOT 69 set -ex 70 git fetch -q --depth 1 origin "${REGISTRY_VERSION}" +refs/tags/*:refs/tags/* 71 git checkout -q FETCH_HEAD 72 export GOPATH="/go/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" 73 CGO_ENABLED=0 xx-go build -o /build/registry-v2 -v ./cmd/registry 74 xx-verify /build/registry-v2 75 case $TARGETPLATFORM in 76 linux/amd64|linux/arm/v7|linux/ppc64le|linux/s390x) 77 git fetch -q --depth 1 origin "${REGISTRY_VERSION_SCHEMA1}" +refs/tags/*:refs/tags/* 78 git checkout -q FETCH_HEAD 79 CGO_ENABLED=0 xx-go build -o /build/registry-v2-schema1 -v ./cmd/registry 80 xx-verify /build/registry-v2-schema1 81 ;; 82 esac 83 EOT 84 85 # go-swagger 86 FROM base AS swagger-src 87 WORKDIR /usr/src/swagger 88 # Currently uses a fork from https://github.com/kolyshkin/go-swagger/tree/golang-1.13-fix 89 # TODO: move to under moby/ or fix upstream go-swagger to work for us. 90 RUN git init . && git remote add origin "https://github.com/kolyshkin/go-swagger.git" 91 # GO_SWAGGER_COMMIT specifies the version of the go-swagger binary to build and 92 # install. Go-swagger is used in CI for validating swagger.yaml in hack/validate/swagger-gen 93 ARG GO_SWAGGER_COMMIT=c56166c036004ba7a3a321e5951ba472b9ae298c 94 RUN git fetch -q --depth 1 origin "${GO_SWAGGER_COMMIT}" && git checkout -q FETCH_HEAD 95 96 FROM base AS swagger 97 WORKDIR /go/src/github.com/go-swagger/go-swagger 98 ARG TARGETPLATFORM 99 RUN --mount=from=swagger-src,src=/usr/src/swagger,rw \ 100 --mount=type=cache,target=/root/.cache/go-build,id=swagger-build-$TARGETPLATFORM \ 101 --mount=type=cache,target=/go/pkg/mod \ 102 --mount=type=tmpfs,target=/go/src/ <<EOT 103 set -e 104 xx-go build -o /build/swagger ./cmd/swagger 105 xx-verify /build/swagger 106 EOT 107 108 # frozen-images 109 # See also frozenImages in "testutil/environment/protect.go" (which needs to 110 # be updated when adding images to this list) 111 FROM debian:${BASE_DEBIAN_DISTRO} AS frozen-images 112 ARG DEBIAN_FRONTEND 113 RUN --mount=type=cache,sharing=locked,id=moby-frozen-images-aptlib,target=/var/lib/apt \ 114 --mount=type=cache,sharing=locked,id=moby-frozen-images-aptcache,target=/var/cache/apt \ 115 apt-get update && apt-get install -y --no-install-recommends \ 116 ca-certificates \ 117 curl \ 118 jq 119 # Get useful and necessary Hub images so we can "docker load" locally instead of pulling 120 COPY contrib/download-frozen-image-v2.sh / 121 ARG TARGETARCH 122 ARG TARGETVARIANT 123 RUN /download-frozen-image-v2.sh /build \ 124 busybox:latest@sha256:95cf004f559831017cdf4628aaf1bb30133677be8702a8c5f2994629f637a209 \ 125 busybox:glibc@sha256:1f81263701cddf6402afe9f33fca0266d9fff379e59b1748f33d3072da71ee85 \ 126 debian:bullseye-slim@sha256:dacf278785a4daa9de07596ec739dbc07131e189942772210709c5c0777e8437 \ 127 hello-world:latest@sha256:d58e752213a51785838f9eed2b7a498ffa1cb3aa7f946dda11af39286c3db9a9 \ 128 arm32v7/hello-world:latest@sha256:50b8560ad574c779908da71f7ce370c0a2471c098d44d1c8f6b513c5a55eeeb1 129 130 # delve 131 FROM base AS delve-src 132 WORKDIR /usr/src/delve 133 RUN git init . && git remote add origin "https://github.com/go-delve/delve.git" 134 # DELVE_VERSION specifies the version of the Delve debugger binary 135 # from the https://github.com/go-delve/delve repository. 136 # It can be used to run Docker with a possibility of 137 # attaching debugger to it. 138 ARG DELVE_VERSION=v1.9.1 139 RUN git fetch -q --depth 1 origin "${DELVE_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD 140 141 FROM base AS delve-build 142 WORKDIR /usr/src/delve 143 ARG TARGETPLATFORM 144 RUN --mount=from=delve-src,src=/usr/src/delve,rw \ 145 --mount=type=cache,target=/root/.cache/go-build,id=delve-build-$TARGETPLATFORM \ 146 --mount=type=cache,target=/go/pkg/mod <<EOT 147 set -e 148 GO111MODULE=on xx-go build -o /build/dlv ./cmd/dlv 149 xx-verify /build/dlv 150 EOT 151 152 # delve is currently only supported on linux/amd64 and linux/arm64; 153 # https://github.com/go-delve/delve/blob/v1.8.1/pkg/proc/native/support_sentinel.go#L1-L6 154 FROM binary-dummy AS delve-windows 155 FROM binary-dummy AS delve-linux-arm 156 FROM binary-dummy AS delve-linux-ppc64le 157 FROM binary-dummy AS delve-linux-s390x 158 FROM delve-build AS delve-linux-amd64 159 FROM delve-build AS delve-linux-arm64 160 FROM delve-linux-${TARGETARCH} AS delve-linux 161 FROM delve-${TARGETOS} AS delve 162 163 FROM base AS tomll 164 # GOTOML_VERSION specifies the version of the tomll binary to build and install 165 # from the https://github.com/pelletier/go-toml repository. This binary is used 166 # in CI in the hack/validate/toml script. 167 # 168 # When updating this version, consider updating the github.com/pelletier/go-toml 169 # dependency in vendor.mod accordingly. 170 ARG GOTOML_VERSION=v1.8.1 171 RUN --mount=type=cache,target=/root/.cache/go-build \ 172 --mount=type=cache,target=/go/pkg/mod \ 173 GOBIN=/build/ GO111MODULE=on go install "github.com/pelletier/go-toml/cmd/tomll@${GOTOML_VERSION}" \ 174 && /build/tomll --help 175 176 FROM base AS gowinres 177 # GOWINRES_VERSION defines go-winres tool version 178 ARG GOWINRES_VERSION=v0.3.0 179 RUN --mount=type=cache,target=/root/.cache/go-build \ 180 --mount=type=cache,target=/go/pkg/mod \ 181 GOBIN=/build/ GO111MODULE=on go install "github.com/tc-hib/go-winres@${GOWINRES_VERSION}" \ 182 && /build/go-winres --help 183 184 # containerd 185 FROM base AS containerd-src 186 WORKDIR /usr/src/containerd 187 RUN git init . && git remote add origin "https://github.com/containerd/containerd.git" 188 # CONTAINERD_VERSION is used to build containerd binaries, and used for the 189 # integration tests. The distributed docker .deb and .rpm packages depend on a 190 # separate (containerd.io) package, which may be a different version as is 191 # specified here. The containerd golang package is also pinned in vendor.mod. 192 # When updating the binary version you may also need to update the vendor 193 # version to pick up bug fixes or new APIs, however, usually the Go packages 194 # are built from a commit from the master branch. 195 ARG CONTAINERD_VERSION=v1.6.15 196 RUN git fetch -q --depth 1 origin "${CONTAINERD_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD 197 198 FROM base AS containerd-build 199 WORKDIR /go/src/github.com/containerd/containerd 200 ARG DEBIAN_FRONTEND 201 ARG TARGETPLATFORM 202 RUN --mount=type=cache,sharing=locked,id=moby-containerd-aptlib,target=/var/lib/apt \ 203 --mount=type=cache,sharing=locked,id=moby-containerd-aptcache,target=/var/cache/apt \ 204 apt-get update && xx-apt-get install -y --no-install-recommends \ 205 gcc libbtrfs-dev libsecret-1-dev 206 ARG DOCKER_STATIC 207 RUN --mount=from=containerd-src,src=/usr/src/containerd,rw \ 208 --mount=type=cache,target=/root/.cache/go-build,id=containerd-build-$TARGETPLATFORM <<EOT 209 set -e 210 export CC=$(xx-info)-gcc 211 export CGO_ENABLED=$([ "$DOCKER_STATIC" = "1" ] && echo "0" || echo "1") 212 xx-go --wrap 213 make $([ "$DOCKER_STATIC" = "1" ] && echo "STATIC=1") binaries 214 xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") bin/containerd 215 xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") bin/containerd-shim-runc-v2 216 xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") bin/ctr 217 mkdir /build 218 mv bin/containerd bin/containerd-shim-runc-v2 bin/ctr /build 219 EOT 220 221 FROM containerd-build AS containerd-linux 222 FROM binary-dummy AS containerd-windows 223 FROM containerd-${TARGETOS} AS containerd 224 225 FROM base AS golangci_lint 226 # FIXME: when updating golangci-lint, remove the temporary "nolint" in https://github.com/moby/moby/blob/7860686a8df15eea9def9e6189c6f9eca031bb6f/libnetwork/networkdb/cluster.go#L246 227 ARG GOLANGCI_LINT_VERSION=v1.49.0 228 RUN --mount=type=cache,target=/root/.cache/go-build \ 229 --mount=type=cache,target=/go/pkg/mod \ 230 GOBIN=/build/ GO111MODULE=on go install "github.com/golangci/golangci-lint/cmd/golangci-lint@${GOLANGCI_LINT_VERSION}" \ 231 && /build/golangci-lint --version 232 233 FROM base AS gotestsum 234 ARG GOTESTSUM_VERSION=v1.8.2 235 RUN --mount=type=cache,target=/root/.cache/go-build \ 236 --mount=type=cache,target=/go/pkg/mod \ 237 GOBIN=/build/ GO111MODULE=on go install "gotest.tools/gotestsum@${GOTESTSUM_VERSION}" \ 238 && /build/gotestsum --version 239 240 FROM base AS shfmt 241 ARG SHFMT_VERSION=v3.0.2 242 RUN --mount=type=cache,target=/root/.cache/go-build \ 243 --mount=type=cache,target=/go/pkg/mod \ 244 GOBIN=/build/ GO111MODULE=on go install "mvdan.cc/sh/v3/cmd/shfmt@${SHFMT_VERSION}" \ 245 && /build/shfmt --version 246 247 # dockercli 248 FROM base AS dockercli-src 249 WORKDIR /tmp/dockercli 250 RUN git init . && git remote add origin "https://github.com/docker/cli.git" 251 ARG DOCKERCLI_VERSION 252 RUN git fetch -q --depth 1 origin "${DOCKERCLI_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD 253 RUN [ -d ./components/cli ] && mv ./components/cli /usr/src/dockercli || mv /tmp/dockercli /usr/src/dockercli 254 WORKDIR /usr/src/dockercli 255 256 FROM base AS dockercli 257 WORKDIR /go/src/github.com/docker/cli 258 ARG DOCKERCLI_VERSION 259 ARG DOCKERCLI_CHANNEL=stable 260 ARG TARGETPLATFORM 261 RUN xx-apt-get install -y --no-install-recommends gcc libc6-dev 262 RUN --mount=from=dockercli-src,src=/usr/src/dockercli,rw \ 263 --mount=type=cache,target=/root/.cache/go-build,id=dockercli-build-$TARGETPLATFORM <<EOT 264 set -e 265 DOWNLOAD_URL="https://download.docker.com/linux/static/${DOCKERCLI_CHANNEL}/$(xx-info march)/docker-${DOCKERCLI_VERSION#v}.tgz" 266 if curl --head --silent --fail "${DOWNLOAD_URL}" 1>/dev/null 2>&1; then 267 mkdir /build 268 curl -Ls "${DOWNLOAD_URL}" | tar -xz docker/docker 269 mv docker/docker /build/docker 270 else 271 CGO_ENABLED=0 xx-go build -o /build/docker ./cmd/docker 272 fi 273 xx-verify /build/docker 274 EOT 275 276 # runc 277 FROM base AS runc-src 278 WORKDIR /usr/src/runc 279 RUN git init . && git remote add origin "https://github.com/opencontainers/runc.git" 280 # RUNC_VERSION should match the version that is used by the containerd version 281 # that is used. If you need to update runc, open a pull request in the containerd 282 # project first, and update both after that is merged. When updating RUNC_VERSION, 283 # consider updating runc in vendor.mod accordingly. 284 ARG RUNC_VERSION=v1.1.4 285 RUN git fetch -q --depth 1 origin "${RUNC_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD 286 287 FROM base AS runc-build 288 WORKDIR /go/src/github.com/opencontainers/runc 289 ARG DEBIAN_FRONTEND 290 ARG TARGETPLATFORM 291 RUN --mount=type=cache,sharing=locked,id=moby-runc-aptlib,target=/var/lib/apt \ 292 --mount=type=cache,sharing=locked,id=moby-runc-aptcache,target=/var/cache/apt \ 293 apt-get update && xx-apt-get install -y --no-install-recommends \ 294 dpkg-dev gcc libc6-dev libseccomp-dev 295 ARG DOCKER_STATIC 296 RUN --mount=from=runc-src,src=/usr/src/runc,rw \ 297 --mount=type=cache,target=/root/.cache/go-build,id=runc-build-$TARGETPLATFORM <<EOT 298 set -e 299 xx-go --wrap 300 CGO_ENABLED=1 make "$([ "$DOCKER_STATIC" = "1" ] && echo "static" || echo "runc")" 301 xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") runc 302 mkdir /build 303 mv runc /build/ 304 EOT 305 306 FROM runc-build AS runc-linux 307 FROM binary-dummy AS runc-windows 308 FROM runc-${TARGETOS} AS runc 309 310 # tini 311 FROM base AS tini-src 312 WORKDIR /usr/src/tini 313 RUN git init . && git remote add origin "https://github.com/krallin/tini.git" 314 # TINI_VERSION specifies the version of tini (docker-init) to build. This 315 # binary is used when starting containers with the `--init` option. 316 ARG TINI_VERSION=v0.19.0 317 RUN git fetch -q --depth 1 origin "${TINI_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD 318 319 FROM base AS tini-build 320 WORKDIR /go/src/github.com/krallin/tini 321 ARG DEBIAN_FRONTEND 322 RUN --mount=type=cache,sharing=locked,id=moby-tini-aptlib,target=/var/lib/apt \ 323 --mount=type=cache,sharing=locked,id=moby-tini-aptcache,target=/var/cache/apt \ 324 apt-get update && apt-get install -y --no-install-recommends cmake 325 ARG TARGETPLATFORM 326 RUN --mount=type=cache,sharing=locked,id=moby-tini-aptlib,target=/var/lib/apt \ 327 --mount=type=cache,sharing=locked,id=moby-tini-aptcache,target=/var/cache/apt \ 328 xx-apt-get install -y --no-install-recommends \ 329 gcc libc6-dev 330 RUN --mount=from=tini-src,src=/usr/src/tini,rw \ 331 --mount=type=cache,target=/root/.cache/go-build,id=tini-build-$TARGETPLATFORM <<EOT 332 set -e 333 CC=$(xx-info)-gcc cmake . 334 make tini-static 335 xx-verify --static tini-static 336 mkdir /build 337 mv tini-static /build/docker-init 338 EOT 339 340 FROM tini-build AS tini-linux 341 FROM binary-dummy AS tini-windows 342 FROM tini-${TARGETOS} AS tini 343 344 # rootlesskit 345 FROM base AS rootlesskit-src 346 WORKDIR /usr/src/rootlesskit 347 RUN git init . && git remote add origin "https://github.com/rootless-containers/rootlesskit.git" 348 # When updating, also update rootlesskit commit in vendor.mod accordingly. 349 ARG ROOTLESSKIT_VERSION=v1.1.0 350 RUN git fetch -q --depth 1 origin "${ROOTLESSKIT_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD 351 352 FROM base AS rootlesskit-build 353 WORKDIR /go/src/github.com/rootless-containers/rootlesskit 354 ARG DEBIAN_FRONTEND 355 ARG TARGETPLATFORM 356 RUN --mount=type=cache,sharing=locked,id=moby-rootlesskit-aptlib,target=/var/lib/apt \ 357 --mount=type=cache,sharing=locked,id=moby-rootlesskit-aptcache,target=/var/cache/apt \ 358 apt-get update && xx-apt-get install -y --no-install-recommends \ 359 gcc libc6-dev 360 ENV GO111MODULE=on 361 ARG DOCKER_STATIC 362 RUN --mount=from=rootlesskit-src,src=/usr/src/rootlesskit,rw \ 363 --mount=type=cache,target=/go/pkg/mod \ 364 --mount=type=cache,target=/root/.cache/go-build,id=rootlesskit-build-$TARGETPLATFORM <<EOT 365 set -e 366 export CGO_ENABLED=$([ "$DOCKER_STATIC" = "1" ] && echo "0" || echo "1") 367 xx-go build -o /build/rootlesskit -ldflags="$([ "$DOCKER_STATIC" != "1" ] && echo "-linkmode=external")" ./cmd/rootlesskit 368 xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") /build/rootlesskit 369 xx-go build -o /build/rootlesskit-docker-proxy -ldflags="$([ "$DOCKER_STATIC" != "1" ] && echo "-linkmode=external")" ./cmd/rootlesskit-docker-proxy 370 xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") /build/rootlesskit-docker-proxy 371 EOT 372 COPY ./contrib/dockerd-rootless.sh /build/ 373 COPY ./contrib/dockerd-rootless-setuptool.sh /build/ 374 375 FROM rootlesskit-build AS rootlesskit-linux 376 FROM binary-dummy AS rootlesskit-windows 377 FROM rootlesskit-${TARGETOS} AS rootlesskit 378 379 FROM base AS crun 380 ARG CRUN_VERSION=1.4.5 381 RUN --mount=type=cache,sharing=locked,id=moby-crun-aptlib,target=/var/lib/apt \ 382 --mount=type=cache,sharing=locked,id=moby-crun-aptcache,target=/var/cache/apt \ 383 apt-get update && apt-get install -y --no-install-recommends \ 384 autoconf \ 385 automake \ 386 build-essential \ 387 libcap-dev \ 388 libprotobuf-c-dev \ 389 libseccomp-dev \ 390 libsystemd-dev \ 391 libtool \ 392 libudev-dev \ 393 libyajl-dev \ 394 python3 \ 395 ; 396 RUN --mount=type=tmpfs,target=/tmp/crun-build \ 397 git clone https://github.com/containers/crun.git /tmp/crun-build && \ 398 cd /tmp/crun-build && \ 399 git checkout -q "${CRUN_VERSION}" && \ 400 ./autogen.sh && \ 401 ./configure --bindir=/build && \ 402 make -j install 403 404 # vpnkit 405 # use dummy scratch stage to avoid build to fail for unsupported platforms 406 FROM scratch AS vpnkit-windows 407 FROM scratch AS vpnkit-linux-386 408 FROM scratch AS vpnkit-linux-arm 409 FROM scratch AS vpnkit-linux-ppc64le 410 FROM scratch AS vpnkit-linux-riscv64 411 FROM scratch AS vpnkit-linux-s390x 412 FROM djs55/vpnkit:${VPNKIT_VERSION} AS vpnkit-linux-amd64 413 FROM djs55/vpnkit:${VPNKIT_VERSION} AS vpnkit-linux-arm64 414 FROM vpnkit-linux-${TARGETARCH} AS vpnkit-linux 415 FROM vpnkit-${TARGETOS} AS vpnkit 416 417 # containerutility 418 FROM base AS containerutil-src 419 WORKDIR /usr/src/containerutil 420 RUN git init . && git remote add origin "https://github.com/docker-archive/windows-container-utility.git" 421 ARG CONTAINERUTILITY_VERSION=aa1ba87e99b68e0113bd27ec26c60b88f9d4ccd9 422 RUN git fetch -q --depth 1 origin "${CONTAINERUTILITY_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD 423 424 FROM base AS containerutil-build 425 WORKDIR /usr/src/containerutil 426 ARG TARGETPLATFORM 427 RUN xx-apt-get install -y --no-install-recommends gcc g++ libc6-dev 428 RUN --mount=from=containerutil-src,src=/usr/src/containerutil,rw \ 429 --mount=type=cache,target=/root/.cache/go-build,id=containerutil-build-$TARGETPLATFORM <<EOT 430 set -e 431 CC="$(xx-info)-gcc" CXX="$(xx-info)-g++" make 432 xx-verify --static containerutility.exe 433 mkdir /build 434 mv containerutility.exe /build/ 435 EOT 436 437 FROM binary-dummy AS containerutil-linux 438 FROM containerutil-build AS containerutil-windows-amd64 439 FROM containerutil-windows-${TARGETARCH} AS containerutil-windows 440 FROM containerutil-${TARGETOS} AS containerutil 441 442 FROM base AS dev-systemd-false 443 COPY --from=dockercli /build/ /usr/local/cli 444 COPY --from=frozen-images /build/ /docker-frozen-images 445 COPY --from=swagger /build/ /usr/local/bin/ 446 COPY --from=delve /build/ /usr/local/bin/ 447 COPY --from=tomll /build/ /usr/local/bin/ 448 COPY --from=gowinres /build/ /usr/local/bin/ 449 COPY --from=tini /build/ /usr/local/bin/ 450 COPY --from=registry /build/ /usr/local/bin/ 451 COPY --from=criu /build/ /usr/local/bin/ 452 COPY --from=gotestsum /build/ /usr/local/bin/ 453 COPY --from=golangci_lint /build/ /usr/local/bin/ 454 COPY --from=shfmt /build/ /usr/local/bin/ 455 COPY --from=runc /build/ /usr/local/bin/ 456 COPY --from=containerd /build/ /usr/local/bin/ 457 COPY --from=rootlesskit /build/ /usr/local/bin/ 458 COPY --from=vpnkit / /usr/local/bin/ 459 COPY --from=containerutil /build/ /usr/local/bin/ 460 COPY --from=crun /build/ /usr/local/bin/ 461 COPY hack/dockerfile/etc/docker/ /etc/docker/ 462 ENV PATH=/usr/local/cli:$PATH 463 WORKDIR /go/src/github.com/docker/docker 464 VOLUME /var/lib/docker 465 VOLUME /home/unprivilegeduser/.local/share/docker 466 # Wrap all commands in the "docker-in-docker" script to allow nested containers 467 ENTRYPOINT ["hack/dind"] 468 469 FROM dev-systemd-false AS dev-systemd-true 470 RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \ 471 --mount=type=cache,sharing=locked,id=moby-dev-aptcache,target=/var/cache/apt \ 472 apt-get update && apt-get install -y --no-install-recommends \ 473 dbus \ 474 dbus-user-session \ 475 systemd \ 476 systemd-sysv 477 RUN mkdir -p hack \ 478 && curl -o hack/dind-systemd https://raw.githubusercontent.com/AkihiroSuda/containerized-systemd/b70bac0daeea120456764248164c21684ade7d0d/docker-entrypoint.sh \ 479 && chmod +x hack/dind-systemd 480 ENTRYPOINT ["hack/dind-systemd"] 481 482 FROM dev-systemd-${SYSTEMD} AS dev-base 483 ARG DEBIAN_FRONTEND 484 RUN groupadd -r docker 485 RUN useradd --create-home --gid docker unprivilegeduser \ 486 && mkdir -p /home/unprivilegeduser/.local/share/docker \ 487 && chown -R unprivilegeduser /home/unprivilegeduser 488 # Let us use a .bashrc file 489 RUN ln -sfv /go/src/github.com/docker/docker/.bashrc ~/.bashrc 490 # Activate bash completion and include Docker's completion if mounted with DOCKER_BASH_COMPLETION_PATH 491 RUN echo "source /usr/share/bash-completion/bash_completion" >> /etc/bash.bashrc 492 RUN ln -s /usr/local/completion/bash/docker /etc/bash_completion.d/docker 493 RUN ldconfig 494 # This should only install packages that are specifically needed for the dev environment and nothing else 495 # Do you really need to add another package here? Can it be done in a different build stage? 496 RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \ 497 --mount=type=cache,sharing=locked,id=moby-dev-aptcache,target=/var/cache/apt \ 498 apt-get update && apt-get install -y --no-install-recommends \ 499 apparmor \ 500 bash-completion \ 501 bzip2 \ 502 inetutils-ping \ 503 iproute2 \ 504 iptables \ 505 jq \ 506 libcap2-bin \ 507 libnet1 \ 508 libnl-3-200 \ 509 libprotobuf-c1 \ 510 libyajl2 \ 511 net-tools \ 512 patch \ 513 pigz \ 514 python3-pip \ 515 python3-setuptools \ 516 python3-wheel \ 517 sudo \ 518 thin-provisioning-tools \ 519 uidmap \ 520 vim \ 521 vim-common \ 522 xfsprogs \ 523 xz-utils \ 524 zip \ 525 zstd 526 # Switch to use iptables instead of nftables (to match the CI hosts) 527 # TODO use some kind of runtime auto-detection instead if/when nftables is supported (https://github.com/moby/moby/issues/26824) 528 RUN update-alternatives --set iptables /usr/sbin/iptables-legacy || true \ 529 && update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy || true \ 530 && update-alternatives --set arptables /usr/sbin/arptables-legacy || true 531 ARG YAMLLINT_VERSION=1.27.1 532 RUN pip3 install yamllint==${YAMLLINT_VERSION} 533 RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \ 534 --mount=type=cache,sharing=locked,id=moby-dev-aptcache,target=/var/cache/apt \ 535 apt-get update && apt-get install --no-install-recommends -y \ 536 gcc \ 537 pkg-config \ 538 dpkg-dev \ 539 libapparmor-dev \ 540 libdevmapper-dev \ 541 libseccomp-dev \ 542 libsecret-1-dev \ 543 libsystemd-dev \ 544 libudev-dev 545 546 FROM base AS build 547 COPY --from=gowinres /build/ /usr/local/bin/ 548 WORKDIR /go/src/github.com/docker/docker 549 ENV GO111MODULE=off 550 ENV CGO_ENABLED=1 551 ARG DEBIAN_FRONTEND 552 ARG TARGETPLATFORM 553 RUN --mount=type=cache,sharing=locked,id=moby-build-aptlib,target=/var/lib/apt \ 554 --mount=type=cache,sharing=locked,id=moby-build-aptcache,target=/var/cache/apt \ 555 xx-apt-get install --no-install-recommends -y \ 556 gcc \ 557 libapparmor-dev \ 558 libc6-dev \ 559 libdevmapper-dev \ 560 libseccomp-dev \ 561 libsecret-1-dev \ 562 libsystemd-dev \ 563 libudev-dev 564 ARG DOCKER_BUILDTAGS 565 ARG DOCKER_DEBUG 566 ARG DOCKER_GITCOMMIT=HEAD 567 ARG DOCKER_LDFLAGS 568 ARG DOCKER_STATIC 569 ARG VERSION 570 ARG PLATFORM 571 ARG PRODUCT 572 ARG DEFAULT_PRODUCT_LICENSE 573 ARG PACKAGER_NAME 574 # PREFIX overrides DEST dir in make.sh script otherwise it fails because of 575 # read only mount in current work dir 576 ENV PREFIX=/tmp 577 RUN --mount=type=bind,target=. \ 578 --mount=type=tmpfs,target=cli/winresources/dockerd \ 579 --mount=type=tmpfs,target=cli/winresources/docker-proxy \ 580 --mount=type=cache,target=/root/.cache/go-build,id=moby-build-$TARGETPLATFORM <<EOT 581 set -e 582 target=$([ "$DOCKER_STATIC" = "1" ] && echo "binary" || echo "dynbinary") 583 xx-go --wrap 584 ./hack/make.sh $target 585 xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") /tmp/bundles/${target}-daemon/dockerd$([ "$(xx-info os)" = "windows" ] && echo ".exe") 586 xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") /tmp/bundles/${target}-daemon/docker-proxy$([ "$(xx-info os)" = "windows" ] && echo ".exe") 587 mkdir /build 588 mv /tmp/bundles/${target}-daemon/* /build/ 589 EOT 590 591 # usage: 592 # > docker buildx bake binary 593 # > DOCKER_STATIC=0 docker buildx bake binary 594 # or 595 # > make binary 596 # > make dynbinary 597 FROM scratch AS binary 598 COPY --from=build /build/ / 599 600 # usage: 601 # > docker buildx bake all 602 FROM scratch AS all 603 COPY --from=tini /build/ / 604 COPY --from=runc /build/ / 605 COPY --from=containerd /build/ / 606 COPY --from=rootlesskit /build/ / 607 COPY --from=containerutil /build/ / 608 COPY --from=vpnkit / / 609 COPY --from=build /build / 610 611 # usage: 612 # > make shell 613 # > SYSTEMD=true make shell 614 FROM dev-base AS dev 615 COPY . .