github.com/wozhu6104/docker@v20.10.10+incompatible/Dockerfile (about) 1 # syntax=docker/dockerfile:1.2 2 3 ARG CROSS="false" 4 ARG SYSTEMD="false" 5 # IMPORTANT: When updating this please note that stdlib archive/tar pkg is vendored 6 ARG GO_VERSION=1.16.9 7 ARG DEBIAN_FRONTEND=noninteractive 8 ARG VPNKIT_VERSION=0.5.0 9 ARG DOCKER_BUILDTAGS="apparmor seccomp" 10 11 ARG BASE_DEBIAN_DISTRO="buster" 12 ARG GOLANG_IMAGE="golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO}" 13 14 FROM ${GOLANG_IMAGE} AS base 15 RUN echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache 16 ARG APT_MIRROR 17 RUN sed -ri "s/(httpredir|deb).debian.org/${APT_MIRROR:-deb.debian.org}/g" /etc/apt/sources.list \ 18 && sed -ri "s/(security).debian.org/${APT_MIRROR:-security.debian.org}/g" /etc/apt/sources.list 19 ENV GO111MODULE=off 20 21 FROM base AS criu 22 ARG DEBIAN_FRONTEND 23 # Install dependency packages specific to criu 24 RUN --mount=type=cache,sharing=locked,id=moby-criu-aptlib,target=/var/lib/apt \ 25 --mount=type=cache,sharing=locked,id=moby-criu-aptcache,target=/var/cache/apt \ 26 apt-get update && apt-get install -y --no-install-recommends \ 27 libcap-dev \ 28 libnet-dev \ 29 libnl-3-dev \ 30 libprotobuf-c-dev \ 31 libprotobuf-dev \ 32 protobuf-c-compiler \ 33 protobuf-compiler \ 34 python-protobuf 35 36 # Install CRIU for checkpoint/restore support 37 ARG CRIU_VERSION=3.14 38 RUN mkdir -p /usr/src/criu \ 39 && curl -sSL https://github.com/checkpoint-restore/criu/archive/v${CRIU_VERSION}.tar.gz | tar -C /usr/src/criu/ -xz --strip-components=1 \ 40 && cd /usr/src/criu \ 41 && make \ 42 && make PREFIX=/build/ install-criu 43 44 FROM base AS registry 45 WORKDIR /go/src/github.com/docker/distribution 46 # Install two versions of the registry. The first one is a recent version that 47 # supports both schema 1 and 2 manifests. The second one is an older version that 48 # only supports schema1 manifests. This allows integration-cli tests to cover 49 # push/pull with both schema1 and schema2 manifests. 50 # The old version of the registry is not working on arm64, so installation is 51 # skipped on that architecture. 52 ENV REGISTRY_COMMIT_SCHEMA1 ec87e9b6971d831f0eff752ddb54fb64693e51cd 53 ENV REGISTRY_COMMIT 47a064d4195a9b56133891bbb13620c3ac83a827 54 RUN --mount=type=cache,target=/root/.cache/go-build \ 55 --mount=type=cache,target=/go/pkg/mod \ 56 --mount=type=tmpfs,target=/go/src/ \ 57 set -x \ 58 && git clone https://github.com/docker/distribution.git . \ 59 && git checkout -q "$REGISTRY_COMMIT" \ 60 && GOPATH="/go/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \ 61 go build -buildmode=pie -o /build/registry-v2 github.com/docker/distribution/cmd/registry \ 62 && case $(dpkg --print-architecture) in \ 63 amd64|armhf|ppc64*|s390x) \ 64 git checkout -q "$REGISTRY_COMMIT_SCHEMA1"; \ 65 GOPATH="/go/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH"; \ 66 go build -buildmode=pie -o /build/registry-v2-schema1 github.com/docker/distribution/cmd/registry; \ 67 ;; \ 68 esac 69 70 FROM base AS swagger 71 WORKDIR $GOPATH/src/github.com/go-swagger/go-swagger 72 # Install go-swagger for validating swagger.yaml 73 # This is https://github.com/kolyshkin/go-swagger/tree/golang-1.13-fix 74 # TODO: move to under moby/ or fix upstream go-swagger to work for us. 75 ENV GO_SWAGGER_COMMIT c56166c036004ba7a3a321e5951ba472b9ae298c 76 RUN --mount=type=cache,target=/root/.cache/go-build \ 77 --mount=type=cache,target=/go/pkg/mod \ 78 --mount=type=tmpfs,target=/go/src/ \ 79 set -x \ 80 && git clone https://github.com/kolyshkin/go-swagger.git . \ 81 && git checkout -q "$GO_SWAGGER_COMMIT" \ 82 && go build -o /build/swagger github.com/go-swagger/go-swagger/cmd/swagger 83 84 FROM debian:${BASE_DEBIAN_DISTRO} AS frozen-images 85 ARG DEBIAN_FRONTEND 86 RUN --mount=type=cache,sharing=locked,id=moby-frozen-images-aptlib,target=/var/lib/apt \ 87 --mount=type=cache,sharing=locked,id=moby-frozen-images-aptcache,target=/var/cache/apt \ 88 apt-get update && apt-get install -y --no-install-recommends \ 89 ca-certificates \ 90 curl \ 91 jq 92 # Get useful and necessary Hub images so we can "docker load" locally instead of pulling 93 COPY contrib/download-frozen-image-v2.sh / 94 ARG TARGETARCH 95 RUN /download-frozen-image-v2.sh /build \ 96 buildpack-deps:buster@sha256:d0abb4b1e5c664828b93e8b6ac84d10bce45ee469999bef88304be04a2709491 \ 97 busybox:latest@sha256:95cf004f559831017cdf4628aaf1bb30133677be8702a8c5f2994629f637a209 \ 98 busybox:glibc@sha256:1f81263701cddf6402afe9f33fca0266d9fff379e59b1748f33d3072da71ee85 \ 99 debian:bullseye@sha256:7190e972ab16aefea4d758ebe42a293f4e5c5be63595f4d03a5b9bf6839a4344 \ 100 hello-world:latest@sha256:d58e752213a51785838f9eed2b7a498ffa1cb3aa7f946dda11af39286c3db9a9 \ 101 arm32v7/hello-world:latest@sha256:50b8560ad574c779908da71f7ce370c0a2471c098d44d1c8f6b513c5a55eeeb1 102 # See also frozenImages in "testutil/environment/protect.go" (which needs to be updated when adding images to this list) 103 104 FROM base AS cross-false 105 106 FROM --platform=linux/amd64 base AS cross-true 107 ARG DEBIAN_FRONTEND 108 RUN dpkg --add-architecture arm64 109 RUN dpkg --add-architecture armel 110 RUN dpkg --add-architecture armhf 111 RUN --mount=type=cache,sharing=locked,id=moby-cross-true-aptlib,target=/var/lib/apt \ 112 --mount=type=cache,sharing=locked,id=moby-cross-true-aptcache,target=/var/cache/apt \ 113 apt-get update && apt-get install -y --no-install-recommends \ 114 crossbuild-essential-arm64 \ 115 crossbuild-essential-armel \ 116 crossbuild-essential-armhf 117 118 FROM cross-${CROSS} as dev-base 119 120 FROM dev-base AS runtime-dev-cross-false 121 ARG DEBIAN_FRONTEND 122 RUN echo 'deb http://deb.debian.org/debian buster-backports main' > /etc/apt/sources.list.d/backports.list 123 RUN --mount=type=cache,sharing=locked,id=moby-cross-false-aptlib,target=/var/lib/apt \ 124 --mount=type=cache,sharing=locked,id=moby-cross-false-aptcache,target=/var/cache/apt \ 125 apt-get update && apt-get install -y --no-install-recommends \ 126 binutils-mingw-w64 \ 127 g++-mingw-w64-x86-64 \ 128 libapparmor-dev \ 129 libbtrfs-dev \ 130 libdevmapper-dev \ 131 libseccomp-dev/buster-backports \ 132 libsystemd-dev \ 133 libudev-dev 134 135 FROM --platform=linux/amd64 runtime-dev-cross-false AS runtime-dev-cross-true 136 ARG DEBIAN_FRONTEND 137 # These crossbuild packages rely on gcc-<arch>, but this doesn't want to install 138 # on non-amd64 systems. 139 # Additionally, the crossbuild-amd64 is currently only on debian:buster, so 140 # other architectures cannnot crossbuild amd64. 141 RUN echo 'deb http://deb.debian.org/debian buster-backports main' > /etc/apt/sources.list.d/backports.list 142 RUN --mount=type=cache,sharing=locked,id=moby-cross-true-aptlib,target=/var/lib/apt \ 143 --mount=type=cache,sharing=locked,id=moby-cross-true-aptcache,target=/var/cache/apt \ 144 apt-get update && apt-get install -y --no-install-recommends \ 145 libapparmor-dev:arm64 \ 146 libapparmor-dev:armel \ 147 libapparmor-dev:armhf \ 148 libseccomp-dev:arm64/buster-backports \ 149 libseccomp-dev:armel/buster-backports \ 150 libseccomp-dev:armhf/buster-backports 151 152 FROM runtime-dev-cross-${CROSS} AS runtime-dev 153 154 FROM base AS tomlv 155 ARG TOMLV_COMMIT 156 RUN --mount=type=cache,target=/root/.cache/go-build \ 157 --mount=type=cache,target=/go/pkg/mod \ 158 --mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \ 159 PREFIX=/build /tmp/install/install.sh tomlv 160 161 FROM base AS vndr 162 ARG VNDR_COMMIT 163 RUN --mount=type=cache,target=/root/.cache/go-build \ 164 --mount=type=cache,target=/go/pkg/mod \ 165 --mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \ 166 PREFIX=/build /tmp/install/install.sh vndr 167 168 FROM dev-base AS containerd 169 ARG DEBIAN_FRONTEND 170 RUN --mount=type=cache,sharing=locked,id=moby-containerd-aptlib,target=/var/lib/apt \ 171 --mount=type=cache,sharing=locked,id=moby-containerd-aptcache,target=/var/cache/apt \ 172 apt-get update && apt-get install -y --no-install-recommends \ 173 libbtrfs-dev 174 ARG CONTAINERD_COMMIT 175 RUN --mount=type=cache,target=/root/.cache/go-build \ 176 --mount=type=cache,target=/go/pkg/mod \ 177 --mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \ 178 PREFIX=/build /tmp/install/install.sh containerd 179 180 FROM dev-base AS proxy 181 ARG LIBNETWORK_COMMIT 182 RUN --mount=type=cache,target=/root/.cache/go-build \ 183 --mount=type=cache,target=/go/pkg/mod \ 184 --mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \ 185 PREFIX=/build /tmp/install/install.sh proxy 186 187 FROM base AS golangci_lint 188 ARG GOLANGCI_LINT_COMMIT 189 RUN --mount=type=cache,target=/root/.cache/go-build \ 190 --mount=type=cache,target=/go/pkg/mod \ 191 --mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \ 192 PREFIX=/build /tmp/install/install.sh golangci_lint 193 194 FROM base AS gotestsum 195 ARG GOTESTSUM_COMMIT 196 RUN --mount=type=cache,target=/root/.cache/go-build \ 197 --mount=type=cache,target=/go/pkg/mod \ 198 --mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \ 199 PREFIX=/build /tmp/install/install.sh gotestsum 200 201 FROM base AS shfmt 202 ARG SHFMT_COMMIT 203 RUN --mount=type=cache,target=/root/.cache/go-build \ 204 --mount=type=cache,target=/go/pkg/mod \ 205 --mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \ 206 PREFIX=/build /tmp/install/install.sh shfmt 207 208 FROM dev-base AS dockercli 209 ARG DOCKERCLI_CHANNEL 210 ARG DOCKERCLI_VERSION 211 RUN --mount=type=cache,target=/root/.cache/go-build \ 212 --mount=type=cache,target=/go/pkg/mod \ 213 --mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \ 214 PREFIX=/build /tmp/install/install.sh dockercli 215 216 FROM runtime-dev AS runc 217 ARG RUNC_COMMIT 218 ARG RUNC_BUILDTAGS 219 RUN --mount=type=cache,target=/root/.cache/go-build \ 220 --mount=type=cache,target=/go/pkg/mod \ 221 --mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \ 222 PREFIX=/build /tmp/install/install.sh runc 223 224 FROM dev-base AS tini 225 ARG DEBIAN_FRONTEND 226 ARG TINI_COMMIT 227 RUN --mount=type=cache,sharing=locked,id=moby-tini-aptlib,target=/var/lib/apt \ 228 --mount=type=cache,sharing=locked,id=moby-tini-aptcache,target=/var/cache/apt \ 229 apt-get update && apt-get install -y --no-install-recommends \ 230 cmake \ 231 vim-common 232 RUN --mount=type=cache,target=/root/.cache/go-build \ 233 --mount=type=cache,target=/go/pkg/mod \ 234 --mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \ 235 PREFIX=/build /tmp/install/install.sh tini 236 237 FROM dev-base AS rootlesskit 238 ARG ROOTLESSKIT_COMMIT 239 RUN --mount=type=cache,target=/root/.cache/go-build \ 240 --mount=type=cache,target=/go/pkg/mod \ 241 --mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \ 242 PREFIX=/build /tmp/install/install.sh rootlesskit 243 COPY ./contrib/dockerd-rootless.sh /build 244 COPY ./contrib/dockerd-rootless-setuptool.sh /build 245 246 FROM --platform=amd64 djs55/vpnkit:${VPNKIT_VERSION} AS vpnkit-amd64 247 248 FROM --platform=arm64 djs55/vpnkit:${VPNKIT_VERSION} AS vpnkit-arm64 249 250 FROM scratch AS vpnkit 251 COPY --from=vpnkit-amd64 /vpnkit /build/vpnkit.x86_64 252 COPY --from=vpnkit-arm64 /vpnkit /build/vpnkit.aarch64 253 254 # TODO: Some of this is only really needed for testing, it would be nice to split this up 255 FROM runtime-dev AS dev-systemd-false 256 ARG DEBIAN_FRONTEND 257 RUN groupadd -r docker 258 RUN useradd --create-home --gid docker unprivilegeduser \ 259 && mkdir -p /home/unprivilegeduser/.local/share/docker \ 260 && chown -R unprivilegeduser /home/unprivilegeduser 261 # Let us use a .bashrc file 262 RUN ln -sfv /go/src/github.com/docker/docker/.bashrc ~/.bashrc 263 # Activate bash completion and include Docker's completion if mounted with DOCKER_BASH_COMPLETION_PATH 264 RUN echo "source /usr/share/bash-completion/bash_completion" >> /etc/bash.bashrc 265 RUN ln -s /usr/local/completion/bash/docker /etc/bash_completion.d/docker 266 RUN ldconfig 267 # This should only install packages that are specifically needed for the dev environment and nothing else 268 # Do you really need to add another package here? Can it be done in a different build stage? 269 RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \ 270 --mount=type=cache,sharing=locked,id=moby-dev-aptcache,target=/var/cache/apt \ 271 apt-get update && apt-get install -y --no-install-recommends \ 272 apparmor \ 273 aufs-tools \ 274 bash-completion \ 275 bzip2 \ 276 iptables \ 277 jq \ 278 libcap2-bin \ 279 libnet1 \ 280 libnl-3-200 \ 281 libprotobuf-c1 \ 282 net-tools \ 283 patch \ 284 pigz \ 285 python3-pip \ 286 python3-setuptools \ 287 python3-wheel \ 288 sudo \ 289 thin-provisioning-tools \ 290 uidmap \ 291 vim \ 292 vim-common \ 293 xfsprogs \ 294 xz-utils \ 295 zip 296 297 298 # Switch to use iptables instead of nftables (to match the CI hosts) 299 # TODO use some kind of runtime auto-detection instead if/when nftables is supported (https://github.com/moby/moby/issues/26824) 300 RUN update-alternatives --set iptables /usr/sbin/iptables-legacy || true \ 301 && update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy || true \ 302 && update-alternatives --set arptables /usr/sbin/arptables-legacy || true 303 304 RUN pip3 install yamllint==1.26.1 305 306 COPY --from=dockercli /build/ /usr/local/cli 307 COPY --from=frozen-images /build/ /docker-frozen-images 308 COPY --from=swagger /build/ /usr/local/bin/ 309 COPY --from=tomlv /build/ /usr/local/bin/ 310 COPY --from=tini /build/ /usr/local/bin/ 311 COPY --from=registry /build/ /usr/local/bin/ 312 COPY --from=criu /build/ /usr/local/ 313 COPY --from=vndr /build/ /usr/local/bin/ 314 COPY --from=gotestsum /build/ /usr/local/bin/ 315 COPY --from=golangci_lint /build/ /usr/local/bin/ 316 COPY --from=shfmt /build/ /usr/local/bin/ 317 COPY --from=runc /build/ /usr/local/bin/ 318 COPY --from=containerd /build/ /usr/local/bin/ 319 COPY --from=rootlesskit /build/ /usr/local/bin/ 320 COPY --from=vpnkit /build/ /usr/local/bin/ 321 COPY --from=proxy /build/ /usr/local/bin/ 322 ENV PATH=/usr/local/cli:$PATH 323 ARG DOCKER_BUILDTAGS 324 ENV DOCKER_BUILDTAGS="${DOCKER_BUILDTAGS}" 325 WORKDIR /go/src/github.com/docker/docker 326 VOLUME /var/lib/docker 327 VOLUME /home/unprivilegeduser/.local/share/docker 328 # Wrap all commands in the "docker-in-docker" script to allow nested containers 329 ENTRYPOINT ["hack/dind"] 330 331 FROM dev-systemd-false AS dev-systemd-true 332 RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \ 333 --mount=type=cache,sharing=locked,id=moby-dev-aptcache,target=/var/cache/apt \ 334 apt-get update && apt-get install -y --no-install-recommends \ 335 dbus \ 336 dbus-user-session \ 337 systemd \ 338 systemd-sysv 339 RUN mkdir -p hack \ 340 && curl -o hack/dind-systemd https://raw.githubusercontent.com/AkihiroSuda/containerized-systemd/b70bac0daeea120456764248164c21684ade7d0d/docker-entrypoint.sh \ 341 && chmod +x hack/dind-systemd 342 ENTRYPOINT ["hack/dind-systemd"] 343 344 FROM dev-systemd-${SYSTEMD} AS dev 345 346 FROM runtime-dev AS binary-base 347 ARG DOCKER_GITCOMMIT=HEAD 348 ENV DOCKER_GITCOMMIT=${DOCKER_GITCOMMIT} 349 ARG VERSION 350 ENV VERSION=${VERSION} 351 ARG PLATFORM 352 ENV PLATFORM=${PLATFORM} 353 ARG PRODUCT 354 ENV PRODUCT=${PRODUCT} 355 ARG DEFAULT_PRODUCT_LICENSE 356 ENV DEFAULT_PRODUCT_LICENSE=${DEFAULT_PRODUCT_LICENSE} 357 ARG DOCKER_BUILDTAGS 358 ENV DOCKER_BUILDTAGS="${DOCKER_BUILDTAGS}" 359 ENV PREFIX=/build 360 # TODO: This is here because hack/make.sh binary copies these extras binaries 361 # from $PATH into the bundles dir. 362 # It would be nice to handle this in a different way. 363 COPY --from=tini /build/ /usr/local/bin/ 364 COPY --from=runc /build/ /usr/local/bin/ 365 COPY --from=containerd /build/ /usr/local/bin/ 366 COPY --from=rootlesskit /build/ /usr/local/bin/ 367 COPY --from=proxy /build/ /usr/local/bin/ 368 COPY --from=vpnkit /build/ /usr/local/bin/ 369 WORKDIR /go/src/github.com/docker/docker 370 371 FROM binary-base AS build-binary 372 RUN --mount=type=cache,target=/root/.cache/go-build \ 373 --mount=type=bind,target=/go/src/github.com/docker/docker \ 374 hack/make.sh binary 375 376 FROM binary-base AS build-dynbinary 377 RUN --mount=type=cache,target=/root/.cache/go-build \ 378 --mount=type=bind,target=/go/src/github.com/docker/docker \ 379 hack/make.sh dynbinary 380 381 FROM binary-base AS build-cross 382 ARG DOCKER_CROSSPLATFORMS 383 RUN --mount=type=cache,target=/root/.cache/go-build \ 384 --mount=type=bind,target=/go/src/github.com/docker/docker \ 385 --mount=type=tmpfs,target=/go/src/github.com/docker/docker/autogen \ 386 hack/make.sh cross 387 388 FROM scratch AS binary 389 COPY --from=build-binary /build/bundles/ / 390 391 FROM scratch AS dynbinary 392 COPY --from=build-dynbinary /build/bundles/ / 393 394 FROM scratch AS cross 395 COPY --from=build-cross /build/bundles/ / 396 397 FROM dev AS final 398 COPY . /go/src/github.com/docker/docker