github.com/zhouyu0/docker-note@v0.0.0-20190722021225-b8d3825084db/Dockerfile (about)

     1  # This file describes the standard way to build Docker, using docker
     2  #
     3  # Usage:
     4  #
     5  # # Use make to build a development environment image and run it in a container.
     6  # # This is slow the first time.
     7  # make BIND_DIR=. shell
     8  #
     9  # The following commands are executed inside the running container.
    10  
    11  # # Make a dockerd binary.
    12  # # hack/make.sh binary
    13  #
    14  # # Install dockerd to /usr/local/bin
    15  # # make install
    16  #
    17  # # Run unit tests
    18  # # hack/test/unit
    19  #
    20  # # Run tests e.g. integration, py
    21  # # hack/make.sh binary test-integration test-docker-py
    22  #
    23  # Note: AppArmor used to mess with privileged mode, but this is no longer
    24  # the case. Therefore, you don't have to disable it anymore.
    25  #
    26  
    27  FROM golang:1.10.8 AS base
    28  # FIXME(vdemeester) this is kept for other script depending on it to not fail right away
    29  # Remove this once the other scripts uses something else to detect the version
    30  ENV GO_VERSION 1.10.8
    31  # allow replacing httpredir or deb mirror
    32  ARG APT_MIRROR=deb.debian.org
    33  RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
    34  
    35  FROM base AS criu
    36  # Install CRIU for checkpoint/restore support
    37  ENV CRIU_VERSION 3.6
    38  # Install dependency packages specific to criu
    39  RUN apt-get update && apt-get install -y \
    40  	libnet-dev \
    41  	libprotobuf-c0-dev \
    42  	libprotobuf-dev \
    43  	libnl-3-dev \
    44  	libcap-dev \
    45  	protobuf-compiler \
    46  	protobuf-c-compiler \
    47  	python-protobuf \
    48  	&& mkdir -p /usr/src/criu \
    49  	&& curl -sSL https://github.com/checkpoint-restore/criu/archive/v${CRIU_VERSION}.tar.gz | tar -C /usr/src/criu/ -xz --strip-components=1 \
    50  	&& cd /usr/src/criu \
    51  	&& make \
    52  	&& make PREFIX=/build/ install-criu
    53  
    54  FROM base AS registry
    55  # Install two versions of the registry. The first is an older version that
    56  # only supports schema1 manifests. The second is a newer version that supports
    57  # both. This allows integration-cli tests to cover push/pull with both schema1
    58  # and schema2 manifests.
    59  ENV REGISTRY_COMMIT_SCHEMA1 ec87e9b6971d831f0eff752ddb54fb64693e51cd
    60  ENV REGISTRY_COMMIT 47a064d4195a9b56133891bbb13620c3ac83a827
    61  RUN set -x \
    62  	&& export GOPATH="$(mktemp -d)" \
    63  	&& git clone https://github.com/docker/distribution.git "$GOPATH/src/github.com/docker/distribution" \
    64  	&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT") \
    65  	&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
    66  		go build -buildmode=pie -o /build/registry-v2 github.com/docker/distribution/cmd/registry \
    67  	&& case $(dpkg --print-architecture) in \
    68  		amd64|ppc64*|s390x) \
    69  		(cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT_SCHEMA1"); \
    70  		GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH"; \
    71  			go build -buildmode=pie -o /build/registry-v2-schema1 github.com/docker/distribution/cmd/registry; \
    72  		;; \
    73  	   esac \
    74  	&& rm -rf "$GOPATH"
    75  
    76  
    77  
    78  FROM base AS docker-py
    79  # Get the "docker-py" source so we can run their integration tests
    80  ENV DOCKER_PY_COMMIT ac922192959870774ad8428344d9faa0555f7ba6
    81  RUN git clone https://github.com/docker/docker-py.git /build \
    82  	&& cd /build \
    83  	&& git checkout -q $DOCKER_PY_COMMIT
    84  
    85  
    86  
    87  FROM base AS swagger
    88  # Install go-swagger for validating swagger.yaml
    89  ENV GO_SWAGGER_COMMIT c28258affb0b6251755d92489ef685af8d4ff3eb
    90  RUN set -x \
    91  	&& export GOPATH="$(mktemp -d)" \
    92  	&& git clone https://github.com/go-swagger/go-swagger.git "$GOPATH/src/github.com/go-swagger/go-swagger" \
    93  	&& (cd "$GOPATH/src/github.com/go-swagger/go-swagger" && git checkout -q "$GO_SWAGGER_COMMIT") \
    94  	&& go build -o /build/swagger github.com/go-swagger/go-swagger/cmd/swagger \
    95  	&& rm -rf "$GOPATH"
    96  
    97  
    98  FROM base AS frozen-images
    99  RUN apt-get update && apt-get install -y jq ca-certificates --no-install-recommends
   100  # Get useful and necessary Hub images so we can "docker load" locally instead of pulling
   101  COPY contrib/download-frozen-image-v2.sh /
   102  RUN /download-frozen-image-v2.sh /build \
   103  	buildpack-deps:jessie@sha256:dd86dced7c9cd2a724e779730f0a53f93b7ef42228d4344b25ce9a42a1486251 \
   104  	busybox:latest@sha256:bbc3a03235220b170ba48a157dd097dd1379299370e1ed99ce976df0355d24f0 \
   105  	busybox:glibc@sha256:0b55a30394294ab23b9afd58fab94e61a923f5834fba7ddbae7f8e0c11ba85e6 \
   106  	debian:jessie@sha256:287a20c5f73087ab406e6b364833e3fb7b3ae63ca0eb3486555dc27ed32c6e60 \
   107  	hello-world:latest@sha256:be0cd392e45be79ffeffa6b05338b98ebb16c87b255f48e297ec7f98e123905c
   108  # See also ensureFrozenImagesLinux() in "integration-cli/fixtures_linux_daemon_test.go" (which needs to be updated when adding images to this list)
   109  
   110  # Just a little hack so we don't have to install these deps twice, once for runc and once for dockerd
   111  FROM base AS runtime-dev
   112  RUN apt-get update && apt-get install -y \
   113  	libapparmor-dev \
   114  	libseccomp-dev
   115  
   116  
   117  FROM base AS tomlv
   118  ENV INSTALL_BINARY_NAME=tomlv
   119  COPY hack/dockerfile/install/install.sh ./install.sh
   120  COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./
   121  RUN PREFIX=/build/ ./install.sh $INSTALL_BINARY_NAME
   122  
   123  FROM base AS vndr
   124  ENV INSTALL_BINARY_NAME=vndr
   125  COPY hack/dockerfile/install/install.sh ./install.sh
   126  COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./
   127  RUN PREFIX=/build/ ./install.sh $INSTALL_BINARY_NAME
   128  
   129  FROM base AS containerd
   130  RUN apt-get update && apt-get install -y btrfs-tools
   131  ENV INSTALL_BINARY_NAME=containerd
   132  COPY hack/dockerfile/install/install.sh ./install.sh
   133  COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./
   134  RUN PREFIX=/build/ ./install.sh $INSTALL_BINARY_NAME
   135  
   136  FROM base AS proxy
   137  ENV INSTALL_BINARY_NAME=proxy
   138  COPY hack/dockerfile/install/install.sh ./install.sh
   139  COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./
   140  RUN PREFIX=/build/ ./install.sh $INSTALL_BINARY_NAME
   141  
   142  FROM base AS gometalinter
   143  ENV INSTALL_BINARY_NAME=gometalinter
   144  COPY hack/dockerfile/install/install.sh ./install.sh
   145  COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./
   146  RUN PREFIX=/build/ ./install.sh $INSTALL_BINARY_NAME
   147  
   148  FROM base AS dockercli
   149  ENV INSTALL_BINARY_NAME=dockercli
   150  COPY hack/dockerfile/install/install.sh ./install.sh
   151  COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./
   152  RUN PREFIX=/build/ ./install.sh $INSTALL_BINARY_NAME
   153  
   154  FROM runtime-dev AS runc
   155  ENV INSTALL_BINARY_NAME=runc
   156  COPY hack/dockerfile/install/install.sh ./install.sh
   157  COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./
   158  RUN PREFIX=/build/ ./install.sh $INSTALL_BINARY_NAME
   159  
   160  FROM base AS tini
   161  RUN apt-get update && apt-get install -y cmake vim-common
   162  COPY hack/dockerfile/install/install.sh ./install.sh
   163  ENV INSTALL_BINARY_NAME=tini
   164  COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./
   165  RUN PREFIX=/build/ ./install.sh $INSTALL_BINARY_NAME
   166  
   167  
   168  
   169  # TODO: Some of this is only really needed for testing, it would be nice to split this up
   170  FROM runtime-dev AS dev
   171  RUN groupadd -r docker
   172  RUN useradd --create-home --gid docker unprivilegeduser
   173  # Let us use a .bashrc file
   174  RUN ln -sfv /go/src/github.com/docker/docker/.bashrc ~/.bashrc
   175  # Activate bash completion and include Docker's completion if mounted with DOCKER_BASH_COMPLETION_PATH
   176  RUN echo "source /usr/share/bash-completion/bash_completion" >> /etc/bash.bashrc
   177  RUN ln -s /usr/local/completion/bash/docker /etc/bash_completion.d/docker
   178  RUN ldconfig
   179  # This should only install packages that are specifically needed for the dev environment and nothing else
   180  # Do you really need to add another package here? Can it be done in a different build stage?
   181  RUN apt-get update && apt-get install -y \
   182  	apparmor \
   183  	aufs-tools \
   184  	bash-completion \
   185  	btrfs-tools \
   186  	iptables \
   187  	jq \
   188  	libcap2-bin \
   189  	libdevmapper-dev \
   190  # libffi-dev and libssl-dev appear to be required for compiling paramiko on s390x/ppc64le
   191  	libffi-dev \
   192  	libssl-dev \
   193  	libudev-dev \
   194  	libsystemd-dev \
   195  	binutils-mingw-w64 \
   196  	g++-mingw-w64-x86-64 \
   197  	net-tools \
   198  	pigz \
   199  	python-backports.ssl-match-hostname \
   200  	python-dev \
   201  # python-cffi appears to be required for compiling paramiko on s390x/ppc64le
   202  	python-cffi \
   203  	python-mock \
   204  	python-pip \
   205  	python-requests \
   206  	python-setuptools \
   207  	python-websocket \
   208  	python-wheel \
   209  	thin-provisioning-tools \
   210  	vim \
   211  	vim-common \
   212  	xfsprogs \
   213  	zip \
   214  	bzip2 \
   215  	xz-utils \
   216  	--no-install-recommends
   217  COPY --from=swagger /build/swagger* /usr/local/bin/
   218  COPY --from=frozen-images /build/ /docker-frozen-images
   219  COPY --from=gometalinter /build/ /usr/local/bin/
   220  COPY --from=tomlv /build/ /usr/local/bin/
   221  COPY --from=vndr /build/ /usr/local/bin/
   222  COPY --from=tini /build/ /usr/local/bin/
   223  COPY --from=runc /build/ /usr/local/bin/
   224  COPY --from=containerd /build/ /usr/local/bin/
   225  COPY --from=proxy /build/ /usr/local/bin/
   226  COPY --from=dockercli /build/ /usr/local/cli
   227  COPY --from=registry /build/registry* /usr/local/bin/
   228  COPY --from=criu /build/ /usr/local/
   229  COPY --from=docker-py /build/ /docker-py
   230  # TODO: This is for the docker-py tests, which shouldn't really be needed for
   231  # this image, but currently CI is expecting to run this image. This should be
   232  # split out into a separate image, including all the `python-*` deps installed
   233  # above.
   234  RUN cd /docker-py \
   235  	&& pip install docker-pycreds==0.4.0 \
   236  	&& pip install paramiko==2.4.2 \
   237  	&& pip install yamllint==1.5.0 \
   238  	&& pip install -r test-requirements.txt
   239  
   240  ENV PATH=/usr/local/cli:$PATH
   241  ENV DOCKER_BUILDTAGS apparmor seccomp selinux
   242  # Options for hack/validate/gometalinter
   243  ENV GOMETALINTER_OPTS="--deadline=2m"
   244  WORKDIR /go/src/github.com/docker/docker
   245  VOLUME /var/lib/docker
   246  # Wrap all commands in the "docker-in-docker" script to allow nested containers
   247  ENTRYPOINT ["hack/dind"]
   248  
   249  FROM dev AS final
   250  # Upload docker source
   251  COPY . /go/src/github.com/docker/docker