github.com/zhouyu0/docker-note@v0.0.0-20190722021225-b8d3825084db/Dockerfile (about) 1 # This file describes the standard way to build Docker, using docker 2 # 3 # Usage: 4 # 5 # # Use make to build a development environment image and run it in a container. 6 # # This is slow the first time. 7 # make BIND_DIR=. shell 8 # 9 # The following commands are executed inside the running container. 10 11 # # Make a dockerd binary. 12 # # hack/make.sh binary 13 # 14 # # Install dockerd to /usr/local/bin 15 # # make install 16 # 17 # # Run unit tests 18 # # hack/test/unit 19 # 20 # # Run tests e.g. integration, py 21 # # hack/make.sh binary test-integration test-docker-py 22 # 23 # Note: AppArmor used to mess with privileged mode, but this is no longer 24 # the case. Therefore, you don't have to disable it anymore. 25 # 26 27 FROM golang:1.10.8 AS base 28 # FIXME(vdemeester) this is kept for other script depending on it to not fail right away 29 # Remove this once the other scripts uses something else to detect the version 30 ENV GO_VERSION 1.10.8 31 # allow replacing httpredir or deb mirror 32 ARG APT_MIRROR=deb.debian.org 33 RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list 34 35 FROM base AS criu 36 # Install CRIU for checkpoint/restore support 37 ENV CRIU_VERSION 3.6 38 # Install dependency packages specific to criu 39 RUN apt-get update && apt-get install -y \ 40 libnet-dev \ 41 libprotobuf-c0-dev \ 42 libprotobuf-dev \ 43 libnl-3-dev \ 44 libcap-dev \ 45 protobuf-compiler \ 46 protobuf-c-compiler \ 47 python-protobuf \ 48 && mkdir -p /usr/src/criu \ 49 && curl -sSL https://github.com/checkpoint-restore/criu/archive/v${CRIU_VERSION}.tar.gz | tar -C /usr/src/criu/ -xz --strip-components=1 \ 50 && cd /usr/src/criu \ 51 && make \ 52 && make PREFIX=/build/ install-criu 53 54 FROM base AS registry 55 # Install two versions of the registry. The first is an older version that 56 # only supports schema1 manifests. The second is a newer version that supports 57 # both. This allows integration-cli tests to cover push/pull with both schema1 58 # and schema2 manifests. 59 ENV REGISTRY_COMMIT_SCHEMA1 ec87e9b6971d831f0eff752ddb54fb64693e51cd 60 ENV REGISTRY_COMMIT 47a064d4195a9b56133891bbb13620c3ac83a827 61 RUN set -x \ 62 && export GOPATH="$(mktemp -d)" \ 63 && git clone https://github.com/docker/distribution.git "$GOPATH/src/github.com/docker/distribution" \ 64 && (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT") \ 65 && GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \ 66 go build -buildmode=pie -o /build/registry-v2 github.com/docker/distribution/cmd/registry \ 67 && case $(dpkg --print-architecture) in \ 68 amd64|ppc64*|s390x) \ 69 (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT_SCHEMA1"); \ 70 GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH"; \ 71 go build -buildmode=pie -o /build/registry-v2-schema1 github.com/docker/distribution/cmd/registry; \ 72 ;; \ 73 esac \ 74 && rm -rf "$GOPATH" 75 76 77 78 FROM base AS docker-py 79 # Get the "docker-py" source so we can run their integration tests 80 ENV DOCKER_PY_COMMIT ac922192959870774ad8428344d9faa0555f7ba6 81 RUN git clone https://github.com/docker/docker-py.git /build \ 82 && cd /build \ 83 && git checkout -q $DOCKER_PY_COMMIT 84 85 86 87 FROM base AS swagger 88 # Install go-swagger for validating swagger.yaml 89 ENV GO_SWAGGER_COMMIT c28258affb0b6251755d92489ef685af8d4ff3eb 90 RUN set -x \ 91 && export GOPATH="$(mktemp -d)" \ 92 && git clone https://github.com/go-swagger/go-swagger.git "$GOPATH/src/github.com/go-swagger/go-swagger" \ 93 && (cd "$GOPATH/src/github.com/go-swagger/go-swagger" && git checkout -q "$GO_SWAGGER_COMMIT") \ 94 && go build -o /build/swagger github.com/go-swagger/go-swagger/cmd/swagger \ 95 && rm -rf "$GOPATH" 96 97 98 FROM base AS frozen-images 99 RUN apt-get update && apt-get install -y jq ca-certificates --no-install-recommends 100 # Get useful and necessary Hub images so we can "docker load" locally instead of pulling 101 COPY contrib/download-frozen-image-v2.sh / 102 RUN /download-frozen-image-v2.sh /build \ 103 buildpack-deps:jessie@sha256:dd86dced7c9cd2a724e779730f0a53f93b7ef42228d4344b25ce9a42a1486251 \ 104 busybox:latest@sha256:bbc3a03235220b170ba48a157dd097dd1379299370e1ed99ce976df0355d24f0 \ 105 busybox:glibc@sha256:0b55a30394294ab23b9afd58fab94e61a923f5834fba7ddbae7f8e0c11ba85e6 \ 106 debian:jessie@sha256:287a20c5f73087ab406e6b364833e3fb7b3ae63ca0eb3486555dc27ed32c6e60 \ 107 hello-world:latest@sha256:be0cd392e45be79ffeffa6b05338b98ebb16c87b255f48e297ec7f98e123905c 108 # See also ensureFrozenImagesLinux() in "integration-cli/fixtures_linux_daemon_test.go" (which needs to be updated when adding images to this list) 109 110 # Just a little hack so we don't have to install these deps twice, once for runc and once for dockerd 111 FROM base AS runtime-dev 112 RUN apt-get update && apt-get install -y \ 113 libapparmor-dev \ 114 libseccomp-dev 115 116 117 FROM base AS tomlv 118 ENV INSTALL_BINARY_NAME=tomlv 119 COPY hack/dockerfile/install/install.sh ./install.sh 120 COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ 121 RUN PREFIX=/build/ ./install.sh $INSTALL_BINARY_NAME 122 123 FROM base AS vndr 124 ENV INSTALL_BINARY_NAME=vndr 125 COPY hack/dockerfile/install/install.sh ./install.sh 126 COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ 127 RUN PREFIX=/build/ ./install.sh $INSTALL_BINARY_NAME 128 129 FROM base AS containerd 130 RUN apt-get update && apt-get install -y btrfs-tools 131 ENV INSTALL_BINARY_NAME=containerd 132 COPY hack/dockerfile/install/install.sh ./install.sh 133 COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ 134 RUN PREFIX=/build/ ./install.sh $INSTALL_BINARY_NAME 135 136 FROM base AS proxy 137 ENV INSTALL_BINARY_NAME=proxy 138 COPY hack/dockerfile/install/install.sh ./install.sh 139 COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ 140 RUN PREFIX=/build/ ./install.sh $INSTALL_BINARY_NAME 141 142 FROM base AS gometalinter 143 ENV INSTALL_BINARY_NAME=gometalinter 144 COPY hack/dockerfile/install/install.sh ./install.sh 145 COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ 146 RUN PREFIX=/build/ ./install.sh $INSTALL_BINARY_NAME 147 148 FROM base AS dockercli 149 ENV INSTALL_BINARY_NAME=dockercli 150 COPY hack/dockerfile/install/install.sh ./install.sh 151 COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ 152 RUN PREFIX=/build/ ./install.sh $INSTALL_BINARY_NAME 153 154 FROM runtime-dev AS runc 155 ENV INSTALL_BINARY_NAME=runc 156 COPY hack/dockerfile/install/install.sh ./install.sh 157 COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ 158 RUN PREFIX=/build/ ./install.sh $INSTALL_BINARY_NAME 159 160 FROM base AS tini 161 RUN apt-get update && apt-get install -y cmake vim-common 162 COPY hack/dockerfile/install/install.sh ./install.sh 163 ENV INSTALL_BINARY_NAME=tini 164 COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ 165 RUN PREFIX=/build/ ./install.sh $INSTALL_BINARY_NAME 166 167 168 169 # TODO: Some of this is only really needed for testing, it would be nice to split this up 170 FROM runtime-dev AS dev 171 RUN groupadd -r docker 172 RUN useradd --create-home --gid docker unprivilegeduser 173 # Let us use a .bashrc file 174 RUN ln -sfv /go/src/github.com/docker/docker/.bashrc ~/.bashrc 175 # Activate bash completion and include Docker's completion if mounted with DOCKER_BASH_COMPLETION_PATH 176 RUN echo "source /usr/share/bash-completion/bash_completion" >> /etc/bash.bashrc 177 RUN ln -s /usr/local/completion/bash/docker /etc/bash_completion.d/docker 178 RUN ldconfig 179 # This should only install packages that are specifically needed for the dev environment and nothing else 180 # Do you really need to add another package here? Can it be done in a different build stage? 181 RUN apt-get update && apt-get install -y \ 182 apparmor \ 183 aufs-tools \ 184 bash-completion \ 185 btrfs-tools \ 186 iptables \ 187 jq \ 188 libcap2-bin \ 189 libdevmapper-dev \ 190 # libffi-dev and libssl-dev appear to be required for compiling paramiko on s390x/ppc64le 191 libffi-dev \ 192 libssl-dev \ 193 libudev-dev \ 194 libsystemd-dev \ 195 binutils-mingw-w64 \ 196 g++-mingw-w64-x86-64 \ 197 net-tools \ 198 pigz \ 199 python-backports.ssl-match-hostname \ 200 python-dev \ 201 # python-cffi appears to be required for compiling paramiko on s390x/ppc64le 202 python-cffi \ 203 python-mock \ 204 python-pip \ 205 python-requests \ 206 python-setuptools \ 207 python-websocket \ 208 python-wheel \ 209 thin-provisioning-tools \ 210 vim \ 211 vim-common \ 212 xfsprogs \ 213 zip \ 214 bzip2 \ 215 xz-utils \ 216 --no-install-recommends 217 COPY --from=swagger /build/swagger* /usr/local/bin/ 218 COPY --from=frozen-images /build/ /docker-frozen-images 219 COPY --from=gometalinter /build/ /usr/local/bin/ 220 COPY --from=tomlv /build/ /usr/local/bin/ 221 COPY --from=vndr /build/ /usr/local/bin/ 222 COPY --from=tini /build/ /usr/local/bin/ 223 COPY --from=runc /build/ /usr/local/bin/ 224 COPY --from=containerd /build/ /usr/local/bin/ 225 COPY --from=proxy /build/ /usr/local/bin/ 226 COPY --from=dockercli /build/ /usr/local/cli 227 COPY --from=registry /build/registry* /usr/local/bin/ 228 COPY --from=criu /build/ /usr/local/ 229 COPY --from=docker-py /build/ /docker-py 230 # TODO: This is for the docker-py tests, which shouldn't really be needed for 231 # this image, but currently CI is expecting to run this image. This should be 232 # split out into a separate image, including all the `python-*` deps installed 233 # above. 234 RUN cd /docker-py \ 235 && pip install docker-pycreds==0.4.0 \ 236 && pip install paramiko==2.4.2 \ 237 && pip install yamllint==1.5.0 \ 238 && pip install -r test-requirements.txt 239 240 ENV PATH=/usr/local/cli:$PATH 241 ENV DOCKER_BUILDTAGS apparmor seccomp selinux 242 # Options for hack/validate/gometalinter 243 ENV GOMETALINTER_OPTS="--deadline=2m" 244 WORKDIR /go/src/github.com/docker/docker 245 VOLUME /var/lib/docker 246 # Wrap all commands in the "docker-in-docker" script to allow nested containers 247 ENTRYPOINT ["hack/dind"] 248 249 FROM dev AS final 250 # Upload docker source 251 COPY . /go/src/github.com/docker/docker