github.com/tonistiigi/docker@v0.10.1-0.20240229224939-974013b0dc6a/Dockerfile (about) 1 # syntax=docker/dockerfile:1 2 3 ARG GO_VERSION=1.21.7 4 ARG BASE_DEBIAN_DISTRO="bookworm" 5 ARG GOLANG_IMAGE="golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO}" 6 ARG XX_VERSION=1.2.1 7 8 ARG VPNKIT_VERSION=0.5.0 9 10 ARG DOCKERCLI_REPOSITORY="https://github.com/docker/cli.git" 11 ARG DOCKERCLI_VERSION=v25.0.2 12 # cli version used for integration-cli tests 13 ARG DOCKERCLI_INTEGRATION_REPOSITORY="https://github.com/docker/cli.git" 14 ARG DOCKERCLI_INTEGRATION_VERSION=v17.06.2-ce 15 ARG BUILDX_VERSION=0.12.1 16 ARG COMPOSE_VERSION=v2.24.5 17 18 ARG SYSTEMD="false" 19 ARG DOCKER_STATIC=1 20 21 # REGISTRY_VERSION specifies the version of the registry to download from 22 # https://hub.docker.com/r/distribution/distribution. This version of 23 # the registry is used to test schema 2 manifests. Generally, the version 24 # specified here should match a current release. 25 ARG REGISTRY_VERSION=2.8.3 26 27 # cross compilation helper 28 FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx 29 30 # dummy stage to make sure the image is built for deps that don't support some 31 # architectures 32 FROM --platform=$BUILDPLATFORM busybox AS build-dummy 33 RUN mkdir -p /build 34 FROM scratch AS binary-dummy 35 COPY --from=build-dummy /build /build 36 37 # base 38 FROM --platform=$BUILDPLATFORM ${GOLANG_IMAGE} AS base 39 COPY --from=xx / / 40 RUN echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache 41 RUN apt-get update && apt-get install --no-install-recommends -y file 42 ENV GO111MODULE=off 43 ENV GOTOOLCHAIN=local 44 45 FROM base AS criu 46 ADD --chmod=0644 https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_11/Release.key /etc/apt/trusted.gpg.d/criu.gpg.asc 47 RUN --mount=type=cache,sharing=locked,id=moby-criu-aptlib,target=/var/lib/apt \ 48 --mount=type=cache,sharing=locked,id=moby-criu-aptcache,target=/var/cache/apt \ 49 echo 'deb https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_12/ /' > /etc/apt/sources.list.d/criu.list \ 50 && apt-get update \ 51 && apt-get install -y --no-install-recommends criu \ 52 && install -D /usr/sbin/criu /build/criu \ 53 && /build/criu --version 54 55 # registry 56 FROM base AS registry-src 57 WORKDIR /usr/src/registry 58 RUN git init . && git remote add origin "https://github.com/distribution/distribution.git" 59 60 FROM base AS registry 61 WORKDIR /go/src/github.com/docker/distribution 62 63 # REGISTRY_VERSION_SCHEMA1 specifies the version of the registry to build and 64 # install from the https://github.com/docker/distribution repository. This is 65 # an older (pre v2.3.0) version of the registry that only supports schema1 66 # manifests. This version of the registry is not working on arm64, so installation 67 # is skipped on that architecture. 68 ARG REGISTRY_VERSION_SCHEMA1=v2.1.0 69 ARG TARGETPLATFORM 70 RUN --mount=from=registry-src,src=/usr/src/registry,rw \ 71 --mount=type=cache,target=/root/.cache/go-build,id=registry-build-$TARGETPLATFORM \ 72 --mount=type=cache,target=/go/pkg/mod \ 73 --mount=type=tmpfs,target=/go/src <<EOT 74 set -ex 75 export GOPATH="/go/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" 76 # Make the /build directory no matter what so that it doesn't fail on arm64 or 77 # any other platform where we don't build this registry 78 mkdir /build 79 case $TARGETPLATFORM in 80 linux/amd64|linux/arm/v7|linux/ppc64le|linux/s390x) 81 git fetch -q --depth 1 origin "${REGISTRY_VERSION_SCHEMA1}" +refs/tags/*:refs/tags/* 82 git checkout -q FETCH_HEAD 83 CGO_ENABLED=0 xx-go build -o /build/registry-v2-schema1 -v ./cmd/registry 84 xx-verify /build/registry-v2-schema1 85 ;; 86 esac 87 EOT 88 89 FROM distribution/distribution:$REGISTRY_VERSION AS registry-v2 90 RUN mkdir /build && mv /bin/registry /build/registry-v2 91 92 # go-swagger 93 FROM base AS swagger-src 94 WORKDIR /usr/src/swagger 95 # Currently uses a fork from https://github.com/kolyshkin/go-swagger/tree/golang-1.13-fix 96 # TODO: move to under moby/ or fix upstream go-swagger to work for us. 97 RUN git init . && git remote add origin "https://github.com/kolyshkin/go-swagger.git" 98 # GO_SWAGGER_COMMIT specifies the version of the go-swagger binary to build and 99 # install. Go-swagger is used in CI for validating swagger.yaml in hack/validate/swagger-gen 100 ARG GO_SWAGGER_COMMIT=c56166c036004ba7a3a321e5951ba472b9ae298c 101 RUN git fetch -q --depth 1 origin "${GO_SWAGGER_COMMIT}" && git checkout -q FETCH_HEAD 102 103 FROM base AS swagger 104 WORKDIR /go/src/github.com/go-swagger/go-swagger 105 ARG TARGETPLATFORM 106 RUN --mount=from=swagger-src,src=/usr/src/swagger,rw \ 107 --mount=type=cache,target=/root/.cache/go-build,id=swagger-build-$TARGETPLATFORM \ 108 --mount=type=cache,target=/go/pkg/mod \ 109 --mount=type=tmpfs,target=/go/src/ <<EOT 110 set -e 111 xx-go build -o /build/swagger ./cmd/swagger 112 xx-verify /build/swagger 113 EOT 114 115 # frozen-images 116 # See also frozenImages in "testutil/environment/protect.go" (which needs to 117 # be updated when adding images to this list) 118 FROM debian:${BASE_DEBIAN_DISTRO} AS frozen-images 119 RUN --mount=type=cache,sharing=locked,id=moby-frozen-images-aptlib,target=/var/lib/apt \ 120 --mount=type=cache,sharing=locked,id=moby-frozen-images-aptcache,target=/var/cache/apt \ 121 apt-get update && apt-get install -y --no-install-recommends \ 122 ca-certificates \ 123 curl \ 124 jq 125 # Get useful and necessary Hub images so we can "docker load" locally instead of pulling 126 COPY contrib/download-frozen-image-v2.sh / 127 ARG TARGETARCH 128 ARG TARGETVARIANT 129 RUN /download-frozen-image-v2.sh /build \ 130 busybox:latest@sha256:95cf004f559831017cdf4628aaf1bb30133677be8702a8c5f2994629f637a209 \ 131 busybox:glibc@sha256:1f81263701cddf6402afe9f33fca0266d9fff379e59b1748f33d3072da71ee85 \ 132 debian:bookworm-slim@sha256:2bc5c236e9b262645a323e9088dfa3bb1ecb16cc75811daf40a23a824d665be9 \ 133 hello-world:latest@sha256:d58e752213a51785838f9eed2b7a498ffa1cb3aa7f946dda11af39286c3db9a9 \ 134 arm32v7/hello-world:latest@sha256:50b8560ad574c779908da71f7ce370c0a2471c098d44d1c8f6b513c5a55eeeb1 135 136 # delve 137 FROM base AS delve-src 138 WORKDIR /usr/src/delve 139 RUN git init . && git remote add origin "https://github.com/go-delve/delve.git" 140 # DELVE_VERSION specifies the version of the Delve debugger binary 141 # from the https://github.com/go-delve/delve repository. 142 # It can be used to run Docker with a possibility of 143 # attaching debugger to it. 144 ARG DELVE_VERSION=v1.21.1 145 RUN git fetch -q --depth 1 origin "${DELVE_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD 146 147 FROM base AS delve-build 148 WORKDIR /usr/src/delve 149 ARG TARGETPLATFORM 150 RUN --mount=from=delve-src,src=/usr/src/delve,rw \ 151 --mount=type=cache,target=/root/.cache/go-build,id=delve-build-$TARGETPLATFORM \ 152 --mount=type=cache,target=/go/pkg/mod <<EOT 153 set -e 154 GO111MODULE=on xx-go build -o /build/dlv ./cmd/dlv 155 xx-verify /build/dlv 156 EOT 157 158 # delve is currently only supported on linux/amd64 and linux/arm64; 159 # https://github.com/go-delve/delve/blob/v1.8.1/pkg/proc/native/support_sentinel.go#L1-L6 160 FROM binary-dummy AS delve-windows 161 FROM binary-dummy AS delve-linux-arm 162 FROM binary-dummy AS delve-linux-ppc64le 163 FROM binary-dummy AS delve-linux-s390x 164 FROM delve-build AS delve-linux-amd64 165 FROM delve-build AS delve-linux-arm64 166 FROM delve-linux-${TARGETARCH} AS delve-linux 167 FROM delve-${TARGETOS} AS delve 168 169 FROM base AS tomll 170 # GOTOML_VERSION specifies the version of the tomll binary to build and install 171 # from the https://github.com/pelletier/go-toml repository. This binary is used 172 # in CI in the hack/validate/toml script. 173 # 174 # When updating this version, consider updating the github.com/pelletier/go-toml 175 # dependency in vendor.mod accordingly. 176 ARG GOTOML_VERSION=v1.8.1 177 RUN --mount=type=cache,target=/root/.cache/go-build \ 178 --mount=type=cache,target=/go/pkg/mod \ 179 GOBIN=/build/ GO111MODULE=on go install "github.com/pelletier/go-toml/cmd/tomll@${GOTOML_VERSION}" \ 180 && /build/tomll --help 181 182 FROM base AS gowinres 183 # GOWINRES_VERSION defines go-winres tool version 184 ARG GOWINRES_VERSION=v0.3.1 185 RUN --mount=type=cache,target=/root/.cache/go-build \ 186 --mount=type=cache,target=/go/pkg/mod \ 187 GOBIN=/build/ GO111MODULE=on go install "github.com/tc-hib/go-winres@${GOWINRES_VERSION}" \ 188 && /build/go-winres --help 189 190 # containerd 191 FROM base AS containerd-src 192 WORKDIR /usr/src/containerd 193 RUN git init . && git remote add origin "https://github.com/containerd/containerd.git" 194 # CONTAINERD_VERSION is used to build containerd binaries, and used for the 195 # integration tests. The distributed docker .deb and .rpm packages depend on a 196 # separate (containerd.io) package, which may be a different version as is 197 # specified here. The containerd golang package is also pinned in vendor.mod. 198 # When updating the binary version you may also need to update the vendor 199 # version to pick up bug fixes or new APIs, however, usually the Go packages 200 # are built from a commit from the master branch. 201 ARG CONTAINERD_VERSION=v1.7.13 202 RUN git fetch -q --depth 1 origin "${CONTAINERD_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD 203 204 FROM base AS containerd-build 205 WORKDIR /go/src/github.com/containerd/containerd 206 ARG TARGETPLATFORM 207 RUN --mount=type=cache,sharing=locked,id=moby-containerd-aptlib,target=/var/lib/apt \ 208 --mount=type=cache,sharing=locked,id=moby-containerd-aptcache,target=/var/cache/apt \ 209 apt-get update && xx-apt-get install -y --no-install-recommends \ 210 gcc \ 211 libbtrfs-dev \ 212 libsecret-1-dev \ 213 pkg-config 214 ARG DOCKER_STATIC 215 RUN --mount=from=containerd-src,src=/usr/src/containerd,rw \ 216 --mount=type=cache,target=/root/.cache/go-build,id=containerd-build-$TARGETPLATFORM <<EOT 217 set -e 218 export CC=$(xx-info)-gcc 219 export CGO_ENABLED=$([ "$DOCKER_STATIC" = "1" ] && echo "0" || echo "1") 220 xx-go --wrap 221 make $([ "$DOCKER_STATIC" = "1" ] && echo "STATIC=1") binaries 222 xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") bin/containerd 223 xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") bin/containerd-shim-runc-v2 224 xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") bin/ctr 225 mkdir /build 226 mv bin/containerd bin/containerd-shim-runc-v2 bin/ctr /build 227 EOT 228 229 FROM containerd-build AS containerd-linux 230 FROM binary-dummy AS containerd-windows 231 FROM containerd-${TARGETOS} AS containerd 232 233 FROM base AS golangci_lint 234 ARG GOLANGCI_LINT_VERSION=v1.55.2 235 RUN --mount=type=cache,target=/root/.cache/go-build \ 236 --mount=type=cache,target=/go/pkg/mod \ 237 GOBIN=/build/ GO111MODULE=on go install "github.com/golangci/golangci-lint/cmd/golangci-lint@${GOLANGCI_LINT_VERSION}" \ 238 && /build/golangci-lint --version 239 240 FROM base AS gotestsum 241 ARG GOTESTSUM_VERSION=v1.8.2 242 RUN --mount=type=cache,target=/root/.cache/go-build \ 243 --mount=type=cache,target=/go/pkg/mod \ 244 GOBIN=/build/ GO111MODULE=on go install "gotest.tools/gotestsum@${GOTESTSUM_VERSION}" \ 245 && /build/gotestsum --version 246 247 FROM base AS shfmt 248 ARG SHFMT_VERSION=v3.6.0 249 RUN --mount=type=cache,target=/root/.cache/go-build \ 250 --mount=type=cache,target=/go/pkg/mod \ 251 GOBIN=/build/ GO111MODULE=on go install "mvdan.cc/sh/v3/cmd/shfmt@${SHFMT_VERSION}" \ 252 && /build/shfmt --version 253 254 FROM base AS dockercli 255 WORKDIR /go/src/github.com/docker/cli 256 ARG DOCKERCLI_REPOSITORY 257 ARG DOCKERCLI_VERSION 258 ARG TARGETPLATFORM 259 RUN --mount=source=hack/dockerfile/cli.sh,target=/download-or-build-cli.sh \ 260 --mount=type=cache,id=dockercli-git-$TARGETPLATFORM,sharing=locked,target=./.git \ 261 --mount=type=cache,target=/root/.cache/go-build,id=dockercli-build-$TARGETPLATFORM \ 262 rm -f ./.git/*.lock \ 263 && /download-or-build-cli.sh ${DOCKERCLI_VERSION} ${DOCKERCLI_REPOSITORY} /build \ 264 && /build/docker --version 265 266 FROM base AS dockercli-integration 267 WORKDIR /go/src/github.com/docker/cli 268 ARG DOCKERCLI_INTEGRATION_REPOSITORY 269 ARG DOCKERCLI_INTEGRATION_VERSION 270 ARG TARGETPLATFORM 271 RUN --mount=source=hack/dockerfile/cli.sh,target=/download-or-build-cli.sh \ 272 --mount=type=cache,id=dockercli-git-$TARGETPLATFORM,sharing=locked,target=./.git \ 273 --mount=type=cache,target=/root/.cache/go-build,id=dockercli-build-$TARGETPLATFORM \ 274 rm -f ./.git/*.lock \ 275 && /download-or-build-cli.sh ${DOCKERCLI_INTEGRATION_VERSION} ${DOCKERCLI_INTEGRATION_REPOSITORY} /build \ 276 && /build/docker --version 277 278 # runc 279 FROM base AS runc-src 280 WORKDIR /usr/src/runc 281 RUN git init . && git remote add origin "https://github.com/opencontainers/runc.git" 282 # RUNC_VERSION should match the version that is used by the containerd version 283 # that is used. If you need to update runc, open a pull request in the containerd 284 # project first, and update both after that is merged. When updating RUNC_VERSION, 285 # consider updating runc in vendor.mod accordingly. 286 ARG RUNC_VERSION=v1.1.12 287 RUN git fetch -q --depth 1 origin "${RUNC_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD 288 289 FROM base AS runc-build 290 WORKDIR /go/src/github.com/opencontainers/runc 291 ARG TARGETPLATFORM 292 RUN --mount=type=cache,sharing=locked,id=moby-runc-aptlib,target=/var/lib/apt \ 293 --mount=type=cache,sharing=locked,id=moby-runc-aptcache,target=/var/cache/apt \ 294 apt-get update && xx-apt-get install -y --no-install-recommends \ 295 dpkg-dev \ 296 gcc \ 297 libc6-dev \ 298 libseccomp-dev \ 299 pkg-config 300 ARG DOCKER_STATIC 301 RUN --mount=from=runc-src,src=/usr/src/runc,rw \ 302 --mount=type=cache,target=/root/.cache/go-build,id=runc-build-$TARGETPLATFORM <<EOT 303 set -e 304 xx-go --wrap 305 CGO_ENABLED=1 make "$([ "$DOCKER_STATIC" = "1" ] && echo "static" || echo "runc")" 306 xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") runc 307 mkdir /build 308 mv runc /build/ 309 EOT 310 311 FROM runc-build AS runc-linux 312 FROM binary-dummy AS runc-windows 313 FROM runc-${TARGETOS} AS runc 314 315 # tini 316 FROM base AS tini-src 317 WORKDIR /usr/src/tini 318 RUN git init . && git remote add origin "https://github.com/krallin/tini.git" 319 # TINI_VERSION specifies the version of tini (docker-init) to build. This 320 # binary is used when starting containers with the `--init` option. 321 ARG TINI_VERSION=v0.19.0 322 RUN git fetch -q --depth 1 origin "${TINI_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD 323 324 FROM base AS tini-build 325 WORKDIR /go/src/github.com/krallin/tini 326 RUN --mount=type=cache,sharing=locked,id=moby-tini-aptlib,target=/var/lib/apt \ 327 --mount=type=cache,sharing=locked,id=moby-tini-aptcache,target=/var/cache/apt \ 328 apt-get update && apt-get install -y --no-install-recommends cmake 329 ARG TARGETPLATFORM 330 RUN --mount=type=cache,sharing=locked,id=moby-tini-aptlib,target=/var/lib/apt \ 331 --mount=type=cache,sharing=locked,id=moby-tini-aptcache,target=/var/cache/apt \ 332 xx-apt-get install -y --no-install-recommends \ 333 gcc \ 334 libc6-dev \ 335 pkg-config 336 RUN --mount=from=tini-src,src=/usr/src/tini,rw \ 337 --mount=type=cache,target=/root/.cache/go-build,id=tini-build-$TARGETPLATFORM <<EOT 338 set -e 339 CC=$(xx-info)-gcc cmake . 340 make tini-static 341 xx-verify --static tini-static 342 mkdir /build 343 mv tini-static /build/docker-init 344 EOT 345 346 FROM tini-build AS tini-linux 347 FROM binary-dummy AS tini-windows 348 FROM tini-${TARGETOS} AS tini 349 350 # rootlesskit 351 FROM base AS rootlesskit-src 352 WORKDIR /usr/src/rootlesskit 353 RUN git init . && git remote add origin "https://github.com/rootless-containers/rootlesskit.git" 354 # When updating, also update vendor.mod and hack/dockerfile/install/rootlesskit.installer accordingly. 355 ARG ROOTLESSKIT_VERSION=v2.0.1 356 RUN git fetch -q --depth 1 origin "${ROOTLESSKIT_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD 357 358 FROM base AS rootlesskit-build 359 WORKDIR /go/src/github.com/rootless-containers/rootlesskit 360 ARG TARGETPLATFORM 361 RUN --mount=type=cache,sharing=locked,id=moby-rootlesskit-aptlib,target=/var/lib/apt \ 362 --mount=type=cache,sharing=locked,id=moby-rootlesskit-aptcache,target=/var/cache/apt \ 363 apt-get update && xx-apt-get install -y --no-install-recommends \ 364 gcc \ 365 libc6-dev \ 366 pkg-config 367 ENV GO111MODULE=on 368 ARG DOCKER_STATIC 369 RUN --mount=from=rootlesskit-src,src=/usr/src/rootlesskit,rw \ 370 --mount=type=cache,target=/go/pkg/mod \ 371 --mount=type=cache,target=/root/.cache/go-build,id=rootlesskit-build-$TARGETPLATFORM <<EOT 372 set -e 373 export CGO_ENABLED=$([ "$DOCKER_STATIC" = "1" ] && echo "0" || echo "1") 374 xx-go build -o /build/rootlesskit -ldflags="$([ "$DOCKER_STATIC" != "1" ] && echo "-linkmode=external")" ./cmd/rootlesskit 375 xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") /build/rootlesskit 376 xx-go build -o /build/rootlesskit-docker-proxy -ldflags="$([ "$DOCKER_STATIC" != "1" ] && echo "-linkmode=external")" ./cmd/rootlesskit-docker-proxy 377 xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") /build/rootlesskit-docker-proxy 378 EOT 379 COPY --link ./contrib/dockerd-rootless.sh /build/ 380 COPY --link ./contrib/dockerd-rootless-setuptool.sh /build/ 381 382 FROM rootlesskit-build AS rootlesskit-linux 383 FROM binary-dummy AS rootlesskit-windows 384 FROM rootlesskit-${TARGETOS} AS rootlesskit 385 386 FROM base AS crun 387 ARG CRUN_VERSION=1.12 388 RUN --mount=type=cache,sharing=locked,id=moby-crun-aptlib,target=/var/lib/apt \ 389 --mount=type=cache,sharing=locked,id=moby-crun-aptcache,target=/var/cache/apt \ 390 apt-get update && apt-get install -y --no-install-recommends \ 391 autoconf \ 392 automake \ 393 build-essential \ 394 libcap-dev \ 395 libprotobuf-c-dev \ 396 libseccomp-dev \ 397 libsystemd-dev \ 398 libtool \ 399 libudev-dev \ 400 libyajl-dev \ 401 python3 \ 402 ; 403 RUN --mount=type=tmpfs,target=/tmp/crun-build \ 404 git clone https://github.com/containers/crun.git /tmp/crun-build && \ 405 cd /tmp/crun-build && \ 406 git checkout -q "${CRUN_VERSION}" && \ 407 ./autogen.sh && \ 408 ./configure --bindir=/build && \ 409 make -j install 410 411 # vpnkit 412 # use dummy scratch stage to avoid build to fail for unsupported platforms 413 FROM scratch AS vpnkit-windows 414 FROM scratch AS vpnkit-linux-386 415 FROM scratch AS vpnkit-linux-arm 416 FROM scratch AS vpnkit-linux-ppc64le 417 FROM scratch AS vpnkit-linux-riscv64 418 FROM scratch AS vpnkit-linux-s390x 419 FROM djs55/vpnkit:${VPNKIT_VERSION} AS vpnkit-linux-amd64 420 FROM djs55/vpnkit:${VPNKIT_VERSION} AS vpnkit-linux-arm64 421 FROM vpnkit-linux-${TARGETARCH} AS vpnkit-linux 422 FROM vpnkit-${TARGETOS} AS vpnkit 423 424 # containerutility 425 FROM base AS containerutil-src 426 WORKDIR /usr/src/containerutil 427 RUN git init . && git remote add origin "https://github.com/docker-archive/windows-container-utility.git" 428 ARG CONTAINERUTILITY_VERSION=aa1ba87e99b68e0113bd27ec26c60b88f9d4ccd9 429 RUN git fetch -q --depth 1 origin "${CONTAINERUTILITY_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD 430 431 FROM base AS containerutil-build 432 WORKDIR /usr/src/containerutil 433 ARG TARGETPLATFORM 434 RUN xx-apt-get install -y --no-install-recommends \ 435 gcc \ 436 g++ \ 437 libc6-dev \ 438 pkg-config 439 RUN --mount=from=containerutil-src,src=/usr/src/containerutil,rw \ 440 --mount=type=cache,target=/root/.cache/go-build,id=containerutil-build-$TARGETPLATFORM <<EOT 441 set -e 442 CC="$(xx-info)-gcc" CXX="$(xx-info)-g++" make 443 xx-verify --static containerutility.exe 444 mkdir /build 445 mv containerutility.exe /build/ 446 EOT 447 448 FROM binary-dummy AS containerutil-linux 449 FROM containerutil-build AS containerutil-windows-amd64 450 FROM containerutil-windows-${TARGETARCH} AS containerutil-windows 451 FROM containerutil-${TARGETOS} AS containerutil 452 FROM docker/buildx-bin:${BUILDX_VERSION} as buildx 453 FROM docker/compose-bin:${COMPOSE_VERSION} as compose 454 455 FROM base AS dev-systemd-false 456 COPY --link --from=frozen-images /build/ /docker-frozen-images 457 COPY --link --from=swagger /build/ /usr/local/bin/ 458 COPY --link --from=delve /build/ /usr/local/bin/ 459 COPY --link --from=tomll /build/ /usr/local/bin/ 460 COPY --link --from=gowinres /build/ /usr/local/bin/ 461 COPY --link --from=tini /build/ /usr/local/bin/ 462 COPY --link --from=registry /build/ /usr/local/bin/ 463 COPY --link --from=registry-v2 /build/ /usr/local/bin/ 464 465 # Skip the CRIU stage for now, as the opensuse package repository is sometimes 466 # unstable, and we're currently not using it in CI. 467 # 468 # FIXME(thaJeztah): re-enable this stage when https://github.com/moby/moby/issues/38963 is resolved (see https://github.com/moby/moby/pull/38984) 469 # COPY --link --from=criu /build/ /usr/local/bin/ 470 COPY --link --from=gotestsum /build/ /usr/local/bin/ 471 COPY --link --from=golangci_lint /build/ /usr/local/bin/ 472 COPY --link --from=shfmt /build/ /usr/local/bin/ 473 COPY --link --from=runc /build/ /usr/local/bin/ 474 COPY --link --from=containerd /build/ /usr/local/bin/ 475 COPY --link --from=rootlesskit /build/ /usr/local/bin/ 476 COPY --link --from=vpnkit / /usr/local/bin/ 477 COPY --link --from=containerutil /build/ /usr/local/bin/ 478 COPY --link --from=crun /build/ /usr/local/bin/ 479 COPY --link hack/dockerfile/etc/docker/ /etc/docker/ 480 COPY --link --from=buildx /buildx /usr/local/libexec/docker/cli-plugins/docker-buildx 481 COPY --link --from=compose /docker-compose /usr/libexec/docker/cli-plugins/docker-compose 482 483 ENV PATH=/usr/local/cli:$PATH 484 ENV TEST_CLIENT_BINARY=/usr/local/cli-integration/docker 485 ENV CONTAINERD_ADDRESS=/run/docker/containerd/containerd.sock 486 ENV CONTAINERD_NAMESPACE=moby 487 WORKDIR /go/src/github.com/docker/docker 488 VOLUME /var/lib/docker 489 VOLUME /home/unprivilegeduser/.local/share/docker 490 # Wrap all commands in the "docker-in-docker" script to allow nested containers 491 ENTRYPOINT ["hack/dind"] 492 493 FROM dev-systemd-false AS dev-systemd-true 494 RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \ 495 --mount=type=cache,sharing=locked,id=moby-dev-aptcache,target=/var/cache/apt \ 496 apt-get update && apt-get install -y --no-install-recommends \ 497 dbus \ 498 dbus-user-session \ 499 systemd \ 500 systemd-sysv 501 ENTRYPOINT ["hack/dind-systemd"] 502 503 FROM dev-systemd-${SYSTEMD} AS dev-base 504 RUN groupadd -r docker 505 RUN useradd --create-home --gid docker unprivilegeduser \ 506 && mkdir -p /home/unprivilegeduser/.local/share/docker \ 507 && chown -R unprivilegeduser /home/unprivilegeduser 508 # Let us use a .bashrc file 509 RUN ln -sfv /go/src/github.com/docker/docker/.bashrc ~/.bashrc 510 # Activate bash completion and include Docker's completion if mounted with DOCKER_BASH_COMPLETION_PATH 511 RUN echo "source /usr/share/bash-completion/bash_completion" >> /etc/bash.bashrc 512 RUN ln -s /usr/local/completion/bash/docker /etc/bash_completion.d/docker 513 RUN ldconfig 514 # Set dev environment as safe git directory to prevent "dubious ownership" errors 515 # when bind-mounting the source into the dev-container. See https://github.com/moby/moby/pull/44930 516 RUN git config --global --add safe.directory $GOPATH/src/github.com/docker/docker 517 # This should only install packages that are specifically needed for the dev environment and nothing else 518 # Do you really need to add another package here? Can it be done in a different build stage? 519 RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \ 520 --mount=type=cache,sharing=locked,id=moby-dev-aptcache,target=/var/cache/apt \ 521 apt-get update && apt-get install -y --no-install-recommends \ 522 apparmor \ 523 bash-completion \ 524 bzip2 \ 525 inetutils-ping \ 526 iproute2 \ 527 iptables \ 528 jq \ 529 libcap2-bin \ 530 libnet1 \ 531 libnl-3-200 \ 532 libprotobuf-c1 \ 533 libyajl2 \ 534 net-tools \ 535 patch \ 536 pigz \ 537 sudo \ 538 systemd-journal-remote \ 539 thin-provisioning-tools \ 540 uidmap \ 541 vim \ 542 vim-common \ 543 xfsprogs \ 544 xz-utils \ 545 zip \ 546 zstd 547 # Switch to use iptables instead of nftables (to match the CI hosts) 548 # TODO use some kind of runtime auto-detection instead if/when nftables is supported (https://github.com/moby/moby/issues/26824) 549 RUN update-alternatives --set iptables /usr/sbin/iptables-legacy || true \ 550 && update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy || true \ 551 && update-alternatives --set arptables /usr/sbin/arptables-legacy || true 552 RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \ 553 --mount=type=cache,sharing=locked,id=moby-dev-aptcache,target=/var/cache/apt \ 554 apt-get update && apt-get install --no-install-recommends -y \ 555 gcc \ 556 pkg-config \ 557 dpkg-dev \ 558 libapparmor-dev \ 559 libseccomp-dev \ 560 libsecret-1-dev \ 561 libsystemd-dev \ 562 libudev-dev \ 563 yamllint 564 COPY --link --from=dockercli /build/ /usr/local/cli 565 COPY --link --from=dockercli-integration /build/ /usr/local/cli-integration 566 567 FROM base AS build 568 COPY --from=gowinres /build/ /usr/local/bin/ 569 WORKDIR /go/src/github.com/docker/docker 570 ENV GO111MODULE=off 571 ENV CGO_ENABLED=1 572 RUN --mount=type=cache,sharing=locked,id=moby-build-aptlib,target=/var/lib/apt \ 573 --mount=type=cache,sharing=locked,id=moby-build-aptcache,target=/var/cache/apt \ 574 apt-get update && apt-get install --no-install-recommends -y \ 575 clang \ 576 lld \ 577 llvm 578 ARG TARGETPLATFORM 579 RUN --mount=type=cache,sharing=locked,id=moby-build-aptlib,target=/var/lib/apt \ 580 --mount=type=cache,sharing=locked,id=moby-build-aptcache,target=/var/cache/apt \ 581 xx-apt-get install --no-install-recommends -y \ 582 dpkg-dev \ 583 gcc \ 584 libapparmor-dev \ 585 libc6-dev \ 586 libseccomp-dev \ 587 libsecret-1-dev \ 588 libsystemd-dev \ 589 libudev-dev \ 590 pkg-config 591 ARG DOCKER_BUILDTAGS 592 ARG DOCKER_DEBUG 593 ARG DOCKER_GITCOMMIT=HEAD 594 ARG DOCKER_LDFLAGS 595 ARG DOCKER_STATIC 596 ARG VERSION 597 ARG PLATFORM 598 ARG PRODUCT 599 ARG DEFAULT_PRODUCT_LICENSE 600 ARG PACKAGER_NAME 601 # PREFIX overrides DEST dir in make.sh script otherwise it fails because of 602 # read only mount in current work dir 603 ENV PREFIX=/tmp 604 RUN <<EOT 605 # in bullseye arm64 target does not link with lld so configure it to use ld instead 606 if [ "$(xx-info arch)" = "arm64" ]; then 607 XX_CC_PREFER_LINKER=ld xx-clang --setup-target-triple 608 fi 609 EOT 610 RUN --mount=type=bind,target=.,rw \ 611 --mount=type=tmpfs,target=cli/winresources/dockerd \ 612 --mount=type=tmpfs,target=cli/winresources/docker-proxy \ 613 --mount=type=cache,target=/root/.cache/go-build,id=moby-build-$TARGETPLATFORM <<EOT 614 set -e 615 target=$([ "$DOCKER_STATIC" = "1" ] && echo "binary" || echo "dynbinary") 616 xx-go --wrap 617 PKG_CONFIG=$(xx-go env PKG_CONFIG) ./hack/make.sh $target 618 xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") /tmp/bundles/${target}-daemon/dockerd$([ "$(xx-info os)" = "windows" ] && echo ".exe") 619 xx-verify $([ "$DOCKER_STATIC" = "1" ] && echo "--static") /tmp/bundles/${target}-daemon/docker-proxy$([ "$(xx-info os)" = "windows" ] && echo ".exe") 620 mkdir /build 621 mv /tmp/bundles/${target}-daemon/* /build/ 622 EOT 623 624 # usage: 625 # > docker buildx bake binary 626 # > DOCKER_STATIC=0 docker buildx bake binary 627 # or 628 # > make binary 629 # > make dynbinary 630 FROM scratch AS binary 631 COPY --from=build /build/ / 632 633 # usage: 634 # > docker buildx bake all 635 FROM scratch AS all 636 COPY --link --from=tini /build/ / 637 COPY --link --from=runc /build/ / 638 COPY --link --from=containerd /build/ / 639 COPY --link --from=rootlesskit /build/ / 640 COPY --link --from=containerutil /build/ / 641 COPY --link --from=vpnkit / / 642 COPY --link --from=build /build / 643 644 # smoke tests 645 # usage: 646 # > docker buildx bake binary-smoketest 647 FROM --platform=$TARGETPLATFORM base AS smoketest 648 WORKDIR /usr/local/bin 649 COPY --from=build /build . 650 RUN <<EOT 651 set -ex 652 file dockerd 653 dockerd --version 654 file docker-proxy 655 docker-proxy --version 656 EOT 657 658 # usage: 659 # > make shell 660 # > SYSTEMD=true make shell 661 FROM dev-base AS dev 662 COPY --link . .