2022-09-08 12:56:56 +00:00
|
|
|
# syntax=docker/dockerfile:1
|
2013-09-07 02:58:05 +00:00
|
|
|
|
2019-04-06 00:20:06 +00:00
|
|
|
ARG CROSS="false"
|
2020-02-10 17:55:16 +00:00
|
|
|
ARG SYSTEMD="false"
|
2020-01-17 19:55:42 +00:00
|
|
|
# IMPORTANT: When updating this please note that stdlib archive/tar pkg is vendored
|
[20.10] update to go1.18.9
Includes security fixes for net/http (CVE-2022-41717, CVE-2022-41720),
and os (CVE-2022-41720).
These minor releases include 2 security fixes following the security policy:
- os, net/http: avoid escapes from os.DirFS and http.Dir on Windows
The os.DirFS function and http.Dir type provide access to a tree of files
rooted at a given directory. These functions permitted access to Windows
device files under that root. For example, os.DirFS("C:/tmp").Open("COM1")
would open the COM1 device.
Both os.DirFS and http.Dir only provide read-only filesystem access.
In addition, on Windows, an os.DirFS for the directory \(the root of the
current drive) can permit a maliciously crafted path to escape from the
drive and access any path on the system.
The behavior of os.DirFS("") has changed. Previously, an empty root was
treated equivalently to "/", so os.DirFS("").Open("tmp") would open the
path "/tmp". This now returns an error.
This is CVE-2022-41720 and Go issue https://go.dev/issue/56694.
- net/http: limit canonical header cache by bytes, not entries
An attacker can cause excessive memory growth in a Go server accepting
HTTP/2 requests.
HTTP/2 server connections contain a cache of HTTP header keys sent by
the client. While the total number of entries in this cache is capped,
an attacker sending very large keys can cause the server to allocate
approximately 64 MiB per open connection.
This issue is also fixed in golang.org/x/net/http2 vX.Y.Z, for users
manually configuring HTTP/2.
Thanks to Josselin Costanzi for reporting this issue.
This is CVE-2022-41717 and Go issue https://go.dev/issue/56350.
View the release notes for more information:
https://go.dev/doc/devel/release#go1.18.9
And the milestone on the issue tracker:
https://github.com/golang/go/issues?q=milestone%3AGo1.18.9+label%3ACherryPickApproved
Full diff: https://github.com/golang/go/compare/go1.18.8...go1.18.9
The golang.org/x/net fix is in https://github.com/golang/net/commit/1e63c2f08a10a150fa02c50ece89b340ae64efe4
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-06 21:59:13 +00:00
|
|
|
ARG GO_VERSION=1.18.9
|
2019-08-11 15:08:33 +00:00
|
|
|
ARG DEBIAN_FRONTEND=noninteractive
|
2021-02-24 05:05:38 +00:00
|
|
|
ARG VPNKIT_VERSION=0.5.0
|
2020-12-14 10:46:58 +00:00
|
|
|
ARG DOCKER_BUILDTAGS="apparmor seccomp"
|
2020-09-18 22:40:45 +00:00
|
|
|
|
2022-09-08 12:56:56 +00:00
|
|
|
ARG BASE_DEBIAN_DISTRO="bullseye"
|
2020-09-18 22:40:45 +00:00
|
|
|
ARG GOLANG_IMAGE="golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO}"
|
2019-04-06 00:20:06 +00:00
|
|
|
|
2020-03-30 14:27:59 +00:00
|
|
|
FROM ${GOLANG_IMAGE} AS base
|
2019-05-22 23:49:55 +00:00
|
|
|
RUN echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache
|
2019-07-16 10:16:56 +00:00
|
|
|
ARG APT_MIRROR
|
|
|
|
RUN sed -ri "s/(httpredir|deb).debian.org/${APT_MIRROR:-deb.debian.org}/g" /etc/apt/sources.list \
|
|
|
|
&& sed -ri "s/(security).debian.org/${APT_MIRROR:-security.debian.org}/g" /etc/apt/sources.list
|
2019-09-11 07:36:53 +00:00
|
|
|
ENV GO111MODULE=off
|
2016-11-20 22:14:51 +00:00
|
|
|
|
2017-09-29 21:09:14 +00:00
|
|
|
FROM base AS criu
|
2019-08-11 15:08:33 +00:00
|
|
|
ARG DEBIAN_FRONTEND
|
2019-05-22 23:49:55 +00:00
|
|
|
# Install dependency packages specific to criu
|
|
|
|
RUN --mount=type=cache,sharing=locked,id=moby-criu-aptlib,target=/var/lib/apt \
|
2019-10-05 20:41:27 +00:00
|
|
|
--mount=type=cache,sharing=locked,id=moby-criu-aptcache,target=/var/cache/apt \
|
|
|
|
apt-get update && apt-get install -y --no-install-recommends \
|
2019-10-05 20:56:32 +00:00
|
|
|
libcap-dev \
|
2019-10-05 20:41:27 +00:00
|
|
|
libnet-dev \
|
2019-10-05 20:56:32 +00:00
|
|
|
libnl-3-dev \
|
2019-10-05 20:41:27 +00:00
|
|
|
libprotobuf-c-dev \
|
|
|
|
libprotobuf-dev \
|
|
|
|
protobuf-c-compiler \
|
2019-10-05 20:56:32 +00:00
|
|
|
protobuf-compiler \
|
2022-09-08 12:56:56 +00:00
|
|
|
python3-protobuf
|
2019-05-22 23:49:55 +00:00
|
|
|
|
2016-05-12 14:52:00 +00:00
|
|
|
# Install CRIU for checkpoint/restore support
|
2020-05-03 00:03:01 +00:00
|
|
|
ARG CRIU_VERSION=3.14
|
2019-07-30 23:49:57 +00:00
|
|
|
RUN mkdir -p /usr/src/criu \
|
2019-10-05 20:41:27 +00:00
|
|
|
&& curl -sSL https://github.com/checkpoint-restore/criu/archive/v${CRIU_VERSION}.tar.gz | tar -C /usr/src/criu/ -xz --strip-components=1 \
|
|
|
|
&& cd /usr/src/criu \
|
|
|
|
&& make \
|
|
|
|
&& make PREFIX=/build/ install-criu
|
2017-09-29 21:09:14 +00:00
|
|
|
|
2018-02-27 08:20:55 +00:00
|
|
|
FROM base AS registry
|
2020-01-10 13:07:01 +00:00
|
|
|
WORKDIR /go/src/github.com/docker/distribution
|
2020-01-10 13:32:46 +00:00
|
|
|
# Install two versions of the registry. The first one is a recent version that
|
|
|
|
# supports both schema 1 and 2 manifests. The second one is an older version that
|
|
|
|
# only supports schema1 manifests. This allows integration-cli tests to cover
|
|
|
|
# push/pull with both schema1 and schema2 manifests.
|
|
|
|
# The old version of the registry is not working on arm64, so installation is
|
|
|
|
# skipped on that architecture.
|
2019-06-17 21:50:31 +00:00
|
|
|
ENV REGISTRY_COMMIT_SCHEMA1 ec87e9b6971d831f0eff752ddb54fb64693e51cd
|
2016-01-19 21:28:51 +00:00
|
|
|
ENV REGISTRY_COMMIT 47a064d4195a9b56133891bbb13620c3ac83a827
|
2019-05-22 23:49:55 +00:00
|
|
|
RUN --mount=type=cache,target=/root/.cache/go-build \
|
2019-10-05 20:41:27 +00:00
|
|
|
--mount=type=cache,target=/go/pkg/mod \
|
2020-01-10 13:07:01 +00:00
|
|
|
--mount=type=tmpfs,target=/go/src/ \
|
2019-10-05 20:41:27 +00:00
|
|
|
set -x \
|
2020-01-10 13:07:01 +00:00
|
|
|
&& git clone https://github.com/docker/distribution.git . \
|
|
|
|
&& git checkout -q "$REGISTRY_COMMIT" \
|
|
|
|
&& GOPATH="/go/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
|
2019-10-05 20:41:27 +00:00
|
|
|
go build -buildmode=pie -o /build/registry-v2 github.com/docker/distribution/cmd/registry \
|
|
|
|
&& case $(dpkg --print-architecture) in \
|
2020-01-10 13:32:46 +00:00
|
|
|
amd64|armhf|ppc64*|s390x) \
|
2020-01-10 13:07:01 +00:00
|
|
|
git checkout -q "$REGISTRY_COMMIT_SCHEMA1"; \
|
|
|
|
GOPATH="/go/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH"; \
|
2019-10-05 20:41:27 +00:00
|
|
|
go build -buildmode=pie -o /build/registry-v2-schema1 github.com/docker/distribution/cmd/registry; \
|
|
|
|
;; \
|
2020-01-10 13:07:01 +00:00
|
|
|
esac
|
2015-01-21 03:40:19 +00:00
|
|
|
|
2018-02-27 08:20:55 +00:00
|
|
|
FROM base AS swagger
|
2020-01-10 13:07:01 +00:00
|
|
|
WORKDIR $GOPATH/src/github.com/go-swagger/go-swagger
|
2016-11-03 17:15:27 +00:00
|
|
|
# Install go-swagger for validating swagger.yaml
|
2019-10-04 01:57:29 +00:00
|
|
|
# This is https://github.com/kolyshkin/go-swagger/tree/golang-1.13-fix
|
|
|
|
# TODO: move to under moby/ or fix upstream go-swagger to work for us.
|
2021-07-02 13:00:47 +00:00
|
|
|
ENV GO_SWAGGER_COMMIT c56166c036004ba7a3a321e5951ba472b9ae298c
|
2019-05-22 23:49:55 +00:00
|
|
|
RUN --mount=type=cache,target=/root/.cache/go-build \
|
2019-10-05 20:41:27 +00:00
|
|
|
--mount=type=cache,target=/go/pkg/mod \
|
2020-01-10 13:07:01 +00:00
|
|
|
--mount=type=tmpfs,target=/go/src/ \
|
2019-10-05 20:41:27 +00:00
|
|
|
set -x \
|
2020-01-10 13:07:01 +00:00
|
|
|
&& git clone https://github.com/kolyshkin/go-swagger.git . \
|
|
|
|
&& git checkout -q "$GO_SWAGGER_COMMIT" \
|
|
|
|
&& go build -o /build/swagger github.com/go-swagger/go-swagger/cmd/swagger
|
2016-11-03 17:15:27 +00:00
|
|
|
|
2020-09-18 22:40:45 +00:00
|
|
|
FROM debian:${BASE_DEBIAN_DISTRO} AS frozen-images
|
2019-08-11 15:08:33 +00:00
|
|
|
ARG DEBIAN_FRONTEND
|
2019-05-22 23:49:55 +00:00
|
|
|
RUN --mount=type=cache,sharing=locked,id=moby-frozen-images-aptlib,target=/var/lib/apt \
|
2019-10-05 20:41:27 +00:00
|
|
|
--mount=type=cache,sharing=locked,id=moby-frozen-images-aptcache,target=/var/cache/apt \
|
|
|
|
apt-get update && apt-get install -y --no-install-recommends \
|
|
|
|
ca-certificates \
|
2020-09-18 22:40:45 +00:00
|
|
|
curl \
|
2019-10-05 20:41:27 +00:00
|
|
|
jq
|
2015-03-07 01:12:41 +00:00
|
|
|
# Get useful and necessary Hub images so we can "docker load" locally instead of pulling
|
2017-09-29 21:09:14 +00:00
|
|
|
COPY contrib/download-frozen-image-v2.sh /
|
2020-09-29 22:39:49 +00:00
|
|
|
ARG TARGETARCH
|
2018-04-13 18:45:57 +00:00
|
|
|
RUN /download-frozen-image-v2.sh /build \
|
2020-06-30 03:06:03 +00:00
|
|
|
busybox:latest@sha256:95cf004f559831017cdf4628aaf1bb30133677be8702a8c5f2994629f637a209 \
|
|
|
|
busybox:glibc@sha256:1f81263701cddf6402afe9f33fca0266d9fff379e59b1748f33d3072da71ee85 \
|
2022-09-08 12:56:56 +00:00
|
|
|
debian:bullseye-slim@sha256:dacf278785a4daa9de07596ec739dbc07131e189942772210709c5c0777e8437 \
|
2020-10-15 23:01:17 +00:00
|
|
|
hello-world:latest@sha256:d58e752213a51785838f9eed2b7a498ffa1cb3aa7f946dda11af39286c3db9a9 \
|
|
|
|
arm32v7/hello-world:latest@sha256:50b8560ad574c779908da71f7ce370c0a2471c098d44d1c8f6b513c5a55eeeb1
|
2020-12-02 09:11:57 +00:00
|
|
|
# See also frozenImages in "testutil/environment/protect.go" (which needs to be updated when adding images to this list)
|
2015-02-28 05:53:36 +00:00
|
|
|
|
2019-04-16 23:31:49 +00:00
|
|
|
FROM base AS cross-false
|
2017-09-29 21:09:14 +00:00
|
|
|
|
2019-10-08 17:54:39 +00:00
|
|
|
FROM --platform=linux/amd64 base AS cross-true
|
2019-08-11 15:08:33 +00:00
|
|
|
ARG DEBIAN_FRONTEND
|
2019-04-06 00:20:06 +00:00
|
|
|
RUN dpkg --add-architecture arm64
|
|
|
|
RUN dpkg --add-architecture armel
|
2019-10-05 20:56:32 +00:00
|
|
|
RUN dpkg --add-architecture armhf
|
2022-09-08 12:56:56 +00:00
|
|
|
RUN dpkg --add-architecture ppc64el
|
|
|
|
RUN dpkg --add-architecture s390x
|
2019-05-22 23:49:55 +00:00
|
|
|
RUN --mount=type=cache,sharing=locked,id=moby-cross-true-aptlib,target=/var/lib/apt \
|
2019-10-05 20:41:27 +00:00
|
|
|
--mount=type=cache,sharing=locked,id=moby-cross-true-aptcache,target=/var/cache/apt \
|
|
|
|
apt-get update && apt-get install -y --no-install-recommends \
|
2019-10-05 20:56:32 +00:00
|
|
|
crossbuild-essential-arm64 \
|
|
|
|
crossbuild-essential-armel \
|
2022-09-08 12:56:56 +00:00
|
|
|
crossbuild-essential-armhf \
|
|
|
|
crossbuild-essential-ppc64el \
|
|
|
|
crossbuild-essential-s390x
|
2019-04-16 23:31:49 +00:00
|
|
|
|
|
|
|
FROM cross-${CROSS} as dev-base
|
|
|
|
|
|
|
|
FROM dev-base AS runtime-dev-cross-false
|
2019-08-11 15:08:33 +00:00
|
|
|
ARG DEBIAN_FRONTEND
|
2019-05-22 23:49:55 +00:00
|
|
|
RUN --mount=type=cache,sharing=locked,id=moby-cross-false-aptlib,target=/var/lib/apt \
|
2019-10-05 20:41:27 +00:00
|
|
|
--mount=type=cache,sharing=locked,id=moby-cross-false-aptcache,target=/var/cache/apt \
|
|
|
|
apt-get update && apt-get install -y --no-install-recommends \
|
2019-11-05 20:11:49 +00:00
|
|
|
binutils-mingw-w64 \
|
|
|
|
g++-mingw-w64-x86-64 \
|
2019-10-05 20:41:27 +00:00
|
|
|
libapparmor-dev \
|
2019-07-17 12:37:56 +00:00
|
|
|
libbtrfs-dev \
|
2019-11-05 20:11:49 +00:00
|
|
|
libdevmapper-dev \
|
2022-09-08 12:56:56 +00:00
|
|
|
libseccomp-dev \
|
2019-11-05 20:11:49 +00:00
|
|
|
libsystemd-dev \
|
|
|
|
libudev-dev
|
2019-05-22 23:49:55 +00:00
|
|
|
|
2019-11-05 20:11:49 +00:00
|
|
|
FROM --platform=linux/amd64 runtime-dev-cross-false AS runtime-dev-cross-true
|
2019-08-11 15:08:33 +00:00
|
|
|
ARG DEBIAN_FRONTEND
|
2019-04-06 00:20:06 +00:00
|
|
|
# These crossbuild packages rely on gcc-<arch>, but this doesn't want to install
|
2022-09-08 12:56:56 +00:00
|
|
|
# on non-amd64 systems, so other architectures cannot crossbuild amd64.
|
2019-05-22 23:49:55 +00:00
|
|
|
RUN --mount=type=cache,sharing=locked,id=moby-cross-true-aptlib,target=/var/lib/apt \
|
2019-10-05 20:41:27 +00:00
|
|
|
--mount=type=cache,sharing=locked,id=moby-cross-true-aptcache,target=/var/cache/apt \
|
|
|
|
apt-get update && apt-get install -y --no-install-recommends \
|
|
|
|
libapparmor-dev:arm64 \
|
|
|
|
libapparmor-dev:armel \
|
2019-10-05 20:56:32 +00:00
|
|
|
libapparmor-dev:armhf \
|
2022-09-08 12:56:56 +00:00
|
|
|
libapparmor-dev:ppc64el \
|
|
|
|
libapparmor-dev:s390x \
|
|
|
|
libseccomp-dev:arm64 \
|
|
|
|
libseccomp-dev:armel \
|
|
|
|
libseccomp-dev:armhf \
|
|
|
|
libseccomp-dev:ppc64el \
|
|
|
|
libseccomp-dev:s390x
|
2019-05-22 23:49:55 +00:00
|
|
|
|
2019-04-06 00:20:06 +00:00
|
|
|
FROM runtime-dev-cross-${CROSS} AS runtime-dev
|
2017-09-29 21:09:14 +00:00
|
|
|
|
2018-02-27 08:20:55 +00:00
|
|
|
FROM base AS tomlv
|
2019-09-12 20:22:56 +00:00
|
|
|
ARG TOMLV_COMMIT
|
2019-05-22 23:49:55 +00:00
|
|
|
RUN --mount=type=cache,target=/root/.cache/go-build \
|
2019-10-05 20:41:27 +00:00
|
|
|
--mount=type=cache,target=/go/pkg/mod \
|
2020-01-15 14:38:51 +00:00
|
|
|
--mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \
|
|
|
|
PREFIX=/build /tmp/install/install.sh tomlv
|
2017-09-29 21:09:14 +00:00
|
|
|
|
2018-02-27 08:20:55 +00:00
|
|
|
FROM base AS vndr
|
2021-07-26 12:48:52 +00:00
|
|
|
ARG VNDR_VERSION
|
2019-05-22 23:49:55 +00:00
|
|
|
RUN --mount=type=cache,target=/root/.cache/go-build \
|
2019-10-05 20:41:27 +00:00
|
|
|
--mount=type=cache,target=/go/pkg/mod \
|
2020-01-15 14:38:51 +00:00
|
|
|
--mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \
|
|
|
|
PREFIX=/build /tmp/install/install.sh vndr
|
2017-09-29 21:09:14 +00:00
|
|
|
|
2019-04-16 23:31:49 +00:00
|
|
|
FROM dev-base AS containerd
|
2019-08-11 15:08:33 +00:00
|
|
|
ARG DEBIAN_FRONTEND
|
2019-05-22 23:49:55 +00:00
|
|
|
RUN --mount=type=cache,sharing=locked,id=moby-containerd-aptlib,target=/var/lib/apt \
|
2019-10-05 20:41:27 +00:00
|
|
|
--mount=type=cache,sharing=locked,id=moby-containerd-aptcache,target=/var/cache/apt \
|
|
|
|
apt-get update && apt-get install -y --no-install-recommends \
|
2019-07-17 12:37:56 +00:00
|
|
|
libbtrfs-dev
|
2021-07-26 12:48:52 +00:00
|
|
|
ARG CONTAINERD_VERSION
|
2019-05-22 23:49:55 +00:00
|
|
|
RUN --mount=type=cache,target=/root/.cache/go-build \
|
2019-10-05 20:41:27 +00:00
|
|
|
--mount=type=cache,target=/go/pkg/mod \
|
2020-01-15 14:38:51 +00:00
|
|
|
--mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \
|
|
|
|
PREFIX=/build /tmp/install/install.sh containerd
|
2017-09-29 21:09:14 +00:00
|
|
|
|
2019-04-16 23:31:49 +00:00
|
|
|
FROM dev-base AS proxy
|
2019-09-12 20:22:56 +00:00
|
|
|
ARG LIBNETWORK_COMMIT
|
2019-05-22 23:49:55 +00:00
|
|
|
RUN --mount=type=cache,target=/root/.cache/go-build \
|
2019-10-05 20:41:27 +00:00
|
|
|
--mount=type=cache,target=/go/pkg/mod \
|
2020-01-15 14:38:51 +00:00
|
|
|
--mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \
|
|
|
|
PREFIX=/build /tmp/install/install.sh proxy
|
2017-09-29 21:09:14 +00:00
|
|
|
|
2019-08-05 10:32:43 +00:00
|
|
|
FROM base AS golangci_lint
|
2021-07-26 12:48:52 +00:00
|
|
|
ARG GOLANGCI_LINT_VERSION
|
2019-05-22 23:49:55 +00:00
|
|
|
RUN --mount=type=cache,target=/root/.cache/go-build \
|
2019-10-05 20:41:27 +00:00
|
|
|
--mount=type=cache,target=/go/pkg/mod \
|
2020-01-15 14:38:51 +00:00
|
|
|
--mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \
|
|
|
|
PREFIX=/build /tmp/install/install.sh golangci_lint
|
2017-09-29 21:09:14 +00:00
|
|
|
|
2019-07-31 00:07:30 +00:00
|
|
|
FROM base AS gotestsum
|
2021-07-26 12:48:52 +00:00
|
|
|
ARG GOTESTSUM_VERSION
|
2019-05-22 23:49:55 +00:00
|
|
|
RUN --mount=type=cache,target=/root/.cache/go-build \
|
2019-10-05 20:41:27 +00:00
|
|
|
--mount=type=cache,target=/go/pkg/mod \
|
2020-01-15 14:38:51 +00:00
|
|
|
--mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \
|
|
|
|
PREFIX=/build /tmp/install/install.sh gotestsum
|
2019-07-31 00:07:30 +00:00
|
|
|
|
2020-02-29 15:31:43 +00:00
|
|
|
FROM base AS shfmt
|
2021-07-26 12:48:52 +00:00
|
|
|
ARG SHFMT_VERSION
|
2020-02-29 15:31:43 +00:00
|
|
|
RUN --mount=type=cache,target=/root/.cache/go-build \
|
|
|
|
--mount=type=cache,target=/go/pkg/mod \
|
2020-01-15 14:38:51 +00:00
|
|
|
--mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \
|
|
|
|
PREFIX=/build /tmp/install/install.sh shfmt
|
2020-02-29 15:31:43 +00:00
|
|
|
|
2019-04-16 23:31:49 +00:00
|
|
|
FROM dev-base AS dockercli
|
2019-09-12 20:22:56 +00:00
|
|
|
ARG DOCKERCLI_CHANNEL
|
|
|
|
ARG DOCKERCLI_VERSION
|
2019-05-22 23:49:55 +00:00
|
|
|
RUN --mount=type=cache,target=/root/.cache/go-build \
|
2019-10-05 20:41:27 +00:00
|
|
|
--mount=type=cache,target=/go/pkg/mod \
|
2020-01-15 14:38:51 +00:00
|
|
|
--mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \
|
|
|
|
PREFIX=/build /tmp/install/install.sh dockercli
|
2017-09-29 21:09:14 +00:00
|
|
|
|
|
|
|
FROM runtime-dev AS runc
|
2021-07-26 12:48:52 +00:00
|
|
|
ARG RUNC_VERSION
|
2019-09-12 20:22:56 +00:00
|
|
|
ARG RUNC_BUILDTAGS
|
2019-05-22 23:49:55 +00:00
|
|
|
RUN --mount=type=cache,target=/root/.cache/go-build \
|
2019-10-05 20:41:27 +00:00
|
|
|
--mount=type=cache,target=/go/pkg/mod \
|
2020-01-15 14:38:51 +00:00
|
|
|
--mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \
|
|
|
|
PREFIX=/build /tmp/install/install.sh runc
|
2017-09-29 21:09:14 +00:00
|
|
|
|
2019-04-16 23:31:49 +00:00
|
|
|
FROM dev-base AS tini
|
2019-08-11 15:08:33 +00:00
|
|
|
ARG DEBIAN_FRONTEND
|
2021-07-26 12:48:52 +00:00
|
|
|
ARG TINI_VERSION
|
2019-05-22 23:49:55 +00:00
|
|
|
RUN --mount=type=cache,sharing=locked,id=moby-tini-aptlib,target=/var/lib/apt \
|
2019-10-05 20:41:27 +00:00
|
|
|
--mount=type=cache,sharing=locked,id=moby-tini-aptcache,target=/var/cache/apt \
|
|
|
|
apt-get update && apt-get install -y --no-install-recommends \
|
|
|
|
cmake \
|
|
|
|
vim-common
|
2019-05-22 23:49:55 +00:00
|
|
|
RUN --mount=type=cache,target=/root/.cache/go-build \
|
2019-10-05 20:41:27 +00:00
|
|
|
--mount=type=cache,target=/go/pkg/mod \
|
2020-01-15 14:38:51 +00:00
|
|
|
--mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \
|
|
|
|
PREFIX=/build /tmp/install/install.sh tini
|
2017-09-29 21:09:14 +00:00
|
|
|
|
2019-04-16 23:31:49 +00:00
|
|
|
FROM dev-base AS rootlesskit
|
2021-07-26 12:48:52 +00:00
|
|
|
ARG ROOTLESSKIT_VERSION
|
2019-05-22 23:49:55 +00:00
|
|
|
RUN --mount=type=cache,target=/root/.cache/go-build \
|
2019-10-05 20:41:27 +00:00
|
|
|
--mount=type=cache,target=/go/pkg/mod \
|
2020-01-15 14:38:51 +00:00
|
|
|
--mount=type=bind,src=hack/dockerfile/install,target=/tmp/install \
|
|
|
|
PREFIX=/build /tmp/install/install.sh rootlesskit
|
2018-10-15 07:52:53 +00:00
|
|
|
COPY ./contrib/dockerd-rootless.sh /build
|
2020-05-11 13:12:50 +00:00
|
|
|
COPY ./contrib/dockerd-rootless-setuptool.sh /build
|
2017-09-29 21:09:14 +00:00
|
|
|
|
2021-02-24 05:05:38 +00:00
|
|
|
FROM --platform=amd64 djs55/vpnkit:${VPNKIT_VERSION} AS vpnkit-amd64
|
|
|
|
|
|
|
|
FROM --platform=arm64 djs55/vpnkit:${VPNKIT_VERSION} AS vpnkit-arm64
|
|
|
|
|
|
|
|
FROM scratch AS vpnkit
|
|
|
|
COPY --from=vpnkit-amd64 /vpnkit /build/vpnkit.x86_64
|
|
|
|
COPY --from=vpnkit-arm64 /vpnkit /build/vpnkit.aarch64
|
2019-10-05 20:46:49 +00:00
|
|
|
|
2017-09-29 21:09:14 +00:00
|
|
|
# TODO: Some of this is only really needed for testing, it would be nice to split this up
|
2020-02-10 17:55:16 +00:00
|
|
|
FROM runtime-dev AS dev-systemd-false
|
2019-08-11 15:08:33 +00:00
|
|
|
ARG DEBIAN_FRONTEND
|
2017-09-29 21:09:14 +00:00
|
|
|
RUN groupadd -r docker
|
2020-02-18 09:43:56 +00:00
|
|
|
RUN useradd --create-home --gid docker unprivilegeduser \
|
|
|
|
&& mkdir -p /home/unprivilegeduser/.local/share/docker \
|
|
|
|
&& chown -R unprivilegeduser /home/unprivilegeduser
|
2018-06-29 10:39:36 +00:00
|
|
|
# Let us use a .bashrc file
|
|
|
|
RUN ln -sfv /go/src/github.com/docker/docker/.bashrc ~/.bashrc
|
2017-06-24 21:51:06 +00:00
|
|
|
# Activate bash completion and include Docker's completion if mounted with DOCKER_BASH_COMPLETION_PATH
|
|
|
|
RUN echo "source /usr/share/bash-completion/bash_completion" >> /etc/bash.bashrc
|
2017-06-23 16:05:38 +00:00
|
|
|
RUN ln -s /usr/local/completion/bash/docker /etc/bash_completion.d/docker
|
2017-09-29 21:09:14 +00:00
|
|
|
RUN ldconfig
|
|
|
|
# This should only install packages that are specifically needed for the dev environment and nothing else
|
|
|
|
# Do you really need to add another package here? Can it be done in a different build stage?
|
2019-05-22 23:49:55 +00:00
|
|
|
RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \
|
2019-10-05 20:41:27 +00:00
|
|
|
--mount=type=cache,sharing=locked,id=moby-dev-aptcache,target=/var/cache/apt \
|
|
|
|
apt-get update && apt-get install -y --no-install-recommends \
|
|
|
|
apparmor \
|
|
|
|
bash-completion \
|
2019-10-05 20:56:32 +00:00
|
|
|
bzip2 \
|
2022-09-08 12:56:56 +00:00
|
|
|
inetutils-ping \
|
|
|
|
iproute2 \
|
2019-10-05 20:41:27 +00:00
|
|
|
iptables \
|
|
|
|
jq \
|
|
|
|
libcap2-bin \
|
2019-10-05 20:56:32 +00:00
|
|
|
libnet1 \
|
|
|
|
libnl-3-200 \
|
|
|
|
libprotobuf-c1 \
|
2019-10-05 20:41:27 +00:00
|
|
|
net-tools \
|
2020-07-15 11:45:41 +00:00
|
|
|
patch \
|
2019-10-05 20:41:27 +00:00
|
|
|
pigz \
|
|
|
|
python3-pip \
|
|
|
|
python3-setuptools \
|
|
|
|
python3-wheel \
|
2020-02-18 09:43:56 +00:00
|
|
|
sudo \
|
2019-10-05 20:41:27 +00:00
|
|
|
thin-provisioning-tools \
|
2020-02-18 09:43:56 +00:00
|
|
|
uidmap \
|
2019-10-05 20:41:27 +00:00
|
|
|
vim \
|
|
|
|
vim-common \
|
|
|
|
xfsprogs \
|
|
|
|
xz-utils \
|
2019-10-05 20:56:32 +00:00
|
|
|
zip
|
2019-05-22 23:49:55 +00:00
|
|
|
|
2019-07-30 23:59:02 +00:00
|
|
|
|
2020-02-25 23:31:07 +00:00
|
|
|
# Switch to use iptables instead of nftables (to match the CI hosts)
|
|
|
|
# TODO use some kind of runtime auto-detection instead if/when nftables is supported (https://github.com/moby/moby/issues/26824)
|
2019-07-22 15:22:13 +00:00
|
|
|
RUN update-alternatives --set iptables /usr/sbin/iptables-legacy || true \
|
|
|
|
&& update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy || true \
|
|
|
|
&& update-alternatives --set arptables /usr/sbin/arptables-legacy || true
|
|
|
|
|
2021-04-15 19:29:20 +00:00
|
|
|
RUN pip3 install yamllint==1.26.1
|
2019-07-30 23:59:02 +00:00
|
|
|
|
2019-10-05 21:10:32 +00:00
|
|
|
COPY --from=dockercli /build/ /usr/local/cli
|
2018-04-13 18:45:57 +00:00
|
|
|
COPY --from=frozen-images /build/ /docker-frozen-images
|
2019-10-05 21:10:32 +00:00
|
|
|
COPY --from=swagger /build/ /usr/local/bin/
|
|
|
|
COPY --from=tomlv /build/ /usr/local/bin/
|
|
|
|
COPY --from=tini /build/ /usr/local/bin/
|
|
|
|
COPY --from=registry /build/ /usr/local/bin/
|
|
|
|
COPY --from=criu /build/ /usr/local/
|
|
|
|
COPY --from=vndr /build/ /usr/local/bin/
|
|
|
|
COPY --from=gotestsum /build/ /usr/local/bin/
|
2019-10-05 20:59:51 +00:00
|
|
|
COPY --from=golangci_lint /build/ /usr/local/bin/
|
2020-02-29 15:31:43 +00:00
|
|
|
COPY --from=shfmt /build/ /usr/local/bin/
|
2019-10-05 21:10:32 +00:00
|
|
|
COPY --from=runc /build/ /usr/local/bin/
|
|
|
|
COPY --from=containerd /build/ /usr/local/bin/
|
|
|
|
COPY --from=rootlesskit /build/ /usr/local/bin/
|
2021-02-24 05:05:38 +00:00
|
|
|
COPY --from=vpnkit /build/ /usr/local/bin/
|
2019-10-05 21:10:32 +00:00
|
|
|
COPY --from=proxy /build/ /usr/local/bin/
|
2017-09-29 21:09:14 +00:00
|
|
|
ENV PATH=/usr/local/cli:$PATH
|
2019-11-05 20:11:49 +00:00
|
|
|
ARG DOCKER_BUILDTAGS
|
|
|
|
ENV DOCKER_BUILDTAGS="${DOCKER_BUILDTAGS}"
|
2017-09-29 21:09:14 +00:00
|
|
|
WORKDIR /go/src/github.com/docker/docker
|
|
|
|
VOLUME /var/lib/docker
|
2020-02-18 09:43:56 +00:00
|
|
|
VOLUME /home/unprivilegeduser/.local/share/docker
|
2017-09-29 21:09:14 +00:00
|
|
|
# Wrap all commands in the "docker-in-docker" script to allow nested containers
|
|
|
|
ENTRYPOINT ["hack/dind"]
|
2019-10-08 18:17:15 +00:00
|
|
|
|
2020-02-10 17:55:16 +00:00
|
|
|
FROM dev-systemd-false AS dev-systemd-true
|
|
|
|
RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \
|
|
|
|
--mount=type=cache,sharing=locked,id=moby-dev-aptcache,target=/var/cache/apt \
|
|
|
|
apt-get update && apt-get install -y --no-install-recommends \
|
|
|
|
dbus \
|
|
|
|
dbus-user-session \
|
|
|
|
systemd \
|
|
|
|
systemd-sysv
|
|
|
|
RUN mkdir -p hack \
|
|
|
|
&& curl -o hack/dind-systemd https://raw.githubusercontent.com/AkihiroSuda/containerized-systemd/b70bac0daeea120456764248164c21684ade7d0d/docker-entrypoint.sh \
|
|
|
|
&& chmod +x hack/dind-systemd
|
|
|
|
ENTRYPOINT ["hack/dind-systemd"]
|
|
|
|
|
2020-03-06 06:36:54 +00:00
|
|
|
FROM dev-systemd-${SYSTEMD} AS dev
|
|
|
|
|
2019-11-05 21:41:04 +00:00
|
|
|
FROM runtime-dev AS binary-base
|
2019-05-22 23:49:55 +00:00
|
|
|
ARG DOCKER_GITCOMMIT=HEAD
|
2019-10-16 17:09:10 +00:00
|
|
|
ENV DOCKER_GITCOMMIT=${DOCKER_GITCOMMIT}
|
|
|
|
ARG VERSION
|
|
|
|
ENV VERSION=${VERSION}
|
|
|
|
ARG PLATFORM
|
|
|
|
ENV PLATFORM=${PLATFORM}
|
|
|
|
ARG PRODUCT
|
|
|
|
ENV PRODUCT=${PRODUCT}
|
|
|
|
ARG DEFAULT_PRODUCT_LICENSE
|
|
|
|
ENV DEFAULT_PRODUCT_LICENSE=${DEFAULT_PRODUCT_LICENSE}
|
2019-11-05 20:11:49 +00:00
|
|
|
ARG DOCKER_BUILDTAGS
|
|
|
|
ENV DOCKER_BUILDTAGS="${DOCKER_BUILDTAGS}"
|
2019-11-05 21:41:04 +00:00
|
|
|
ENV PREFIX=/build
|
2019-11-05 20:11:49 +00:00
|
|
|
# TODO: This is here because hack/make.sh binary copies these extras binaries
|
|
|
|
# from $PATH into the bundles dir.
|
|
|
|
# It would be nice to handle this in a different way.
|
|
|
|
COPY --from=tini /build/ /usr/local/bin/
|
|
|
|
COPY --from=runc /build/ /usr/local/bin/
|
|
|
|
COPY --from=containerd /build/ /usr/local/bin/
|
|
|
|
COPY --from=rootlesskit /build/ /usr/local/bin/
|
|
|
|
COPY --from=proxy /build/ /usr/local/bin/
|
2021-02-24 05:05:38 +00:00
|
|
|
COPY --from=vpnkit /build/ /usr/local/bin/
|
2019-11-05 21:41:04 +00:00
|
|
|
WORKDIR /go/src/github.com/docker/docker
|
2019-10-16 17:09:10 +00:00
|
|
|
|
|
|
|
FROM binary-base AS build-binary
|
2019-05-22 23:49:55 +00:00
|
|
|
RUN --mount=type=cache,target=/root/.cache/go-build \
|
2019-11-05 21:41:04 +00:00
|
|
|
--mount=type=bind,target=/go/src/github.com/docker/docker \
|
2019-10-05 20:41:27 +00:00
|
|
|
hack/make.sh binary
|
2019-05-22 23:49:55 +00:00
|
|
|
|
2019-10-16 17:09:10 +00:00
|
|
|
FROM binary-base AS build-dynbinary
|
2019-05-22 23:49:55 +00:00
|
|
|
RUN --mount=type=cache,target=/root/.cache/go-build \
|
2019-11-05 21:41:04 +00:00
|
|
|
--mount=type=bind,target=/go/src/github.com/docker/docker \
|
2019-10-05 20:41:27 +00:00
|
|
|
hack/make.sh dynbinary
|
2019-05-22 23:49:55 +00:00
|
|
|
|
2019-10-16 17:09:10 +00:00
|
|
|
FROM binary-base AS build-cross
|
|
|
|
ARG DOCKER_CROSSPLATFORMS
|
2019-11-05 21:41:04 +00:00
|
|
|
RUN --mount=type=cache,target=/root/.cache/go-build \
|
|
|
|
--mount=type=bind,target=/go/src/github.com/docker/docker \
|
2020-01-30 23:31:44 +00:00
|
|
|
--mount=type=tmpfs,target=/go/src/github.com/docker/docker/autogen \
|
2019-10-05 20:41:27 +00:00
|
|
|
hack/make.sh cross
|
2019-05-22 23:49:55 +00:00
|
|
|
|
|
|
|
FROM scratch AS binary
|
2019-11-05 21:41:04 +00:00
|
|
|
COPY --from=build-binary /build/bundles/ /
|
2019-05-22 23:49:55 +00:00
|
|
|
|
|
|
|
FROM scratch AS dynbinary
|
2019-12-30 21:20:11 +00:00
|
|
|
COPY --from=build-dynbinary /build/bundles/ /
|
2019-05-22 23:49:55 +00:00
|
|
|
|
|
|
|
FROM scratch AS cross
|
2019-12-30 21:20:11 +00:00
|
|
|
COPY --from=build-cross /build/bundles/ /
|
2018-12-14 01:26:10 +00:00
|
|
|
|
2020-03-06 06:36:54 +00:00
|
|
|
FROM dev AS final
|
2019-11-05 21:41:04 +00:00
|
|
|
COPY . /go/src/github.com/docker/docker
|