2022-07-02 15:01:57 +00:00
# syntax=docker/dockerfile:1
2013-09-07 02:58:05 +00:00
2019-04-06 00:20:06 +00:00
ARG CROSS = "false"
2020-02-10 17:55:16 +00:00
ARG SYSTEMD = "false"
update to go1.19.4
Includes security fixes for net/http (CVE-2022-41717, CVE-2022-41720),
and os (CVE-2022-41720).
These minor releases include 2 security fixes following the security policy:
- os, net/http: avoid escapes from os.DirFS and http.Dir on Windows
The os.DirFS function and http.Dir type provide access to a tree of files
rooted at a given directory. These functions permitted access to Windows
device files under that root. For example, os.DirFS("C:/tmp").Open("COM1")
would open the COM1 device.
Both os.DirFS and http.Dir only provide read-only filesystem access.
In addition, on Windows, an os.DirFS for the directory \(the root of the
current drive) can permit a maliciously crafted path to escape from the
drive and access any path on the system.
The behavior of os.DirFS("") has changed. Previously, an empty root was
treated equivalently to "/", so os.DirFS("").Open("tmp") would open the
path "/tmp". This now returns an error.
This is CVE-2022-41720 and Go issue https://go.dev/issue/56694.
- net/http: limit canonical header cache by bytes, not entries
An attacker can cause excessive memory growth in a Go server accepting
HTTP/2 requests.
HTTP/2 server connections contain a cache of HTTP header keys sent by
the client. While the total number of entries in this cache is capped,
an attacker sending very large keys can cause the server to allocate
approximately 64 MiB per open connection.
This issue is also fixed in golang.org/x/net/http2 vX.Y.Z, for users
manually configuring HTTP/2.
Thanks to Josselin Costanzi for reporting this issue.
This is CVE-2022-41717 and Go issue https://go.dev/issue/56350.
View the release notes for more information:
https://go.dev/doc/devel/release#go1.19.4
And the milestone on the issue tracker:
https://github.com/golang/go/issues?q=milestone%3AGo1.19.4+label%3ACherryPickApproved
Full diff: https://github.com/golang/go/compare/go1.19.3...go1.19.4
The golang.org/x/net fix is in https://github.com/golang/net/commit/1e63c2f08a10a150fa02c50ece89b340ae64efe4
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-06 21:57:25 +00:00
ARG GO_VERSION = 1 .19.4
2019-08-11 15:08:33 +00:00
ARG DEBIAN_FRONTEND = noninteractive
2021-02-24 05:05:38 +00:00
ARG VPNKIT_VERSION = 0 .5.0
2020-09-18 22:40:45 +00:00
2021-08-19 19:16:01 +00:00
ARG BASE_DEBIAN_DISTRO = "bullseye"
2020-09-18 22:40:45 +00:00
ARG GOLANG_IMAGE = " golang: ${ GO_VERSION } - ${ BASE_DEBIAN_DISTRO } "
2019-04-06 00:20:06 +00:00
2020-03-30 14:27:59 +00:00
FROM ${GOLANG_IMAGE} AS base
2019-05-22 23:49:55 +00:00
RUN echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache
2019-07-16 10:16:56 +00:00
ARG APT_MIRROR
RUN sed -ri " s/(httpredir|deb).debian.org/ ${ APT_MIRROR :- deb .debian.org } /g " /etc/apt/sources.list \
&& sed -ri " s/(security).debian.org/ ${ APT_MIRROR :- security .debian.org } /g " /etc/apt/sources.list
2019-09-11 07:36:53 +00:00
ENV GO111MODULE = off
2016-11-20 22:14:51 +00:00
2017-09-29 21:09:14 +00:00
FROM base AS criu
2019-08-11 15:08:33 +00:00
ARG DEBIAN_FRONTEND
2021-09-27 11:34:41 +00:00
ADD --chmod= 0644 https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_11/Release.key /etc/apt/trusted.gpg.d/criu.gpg.asc
2019-05-22 23:49:55 +00:00
RUN --mount= type = cache,sharing= locked,id= moby-criu-aptlib,target= /var/lib/apt \
2019-10-05 20:41:27 +00:00
--mount= type = cache,sharing= locked,id= moby-criu-aptcache,target= /var/cache/apt \
2021-09-27 11:34:41 +00:00
echo 'deb https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_11/ /' > /etc/apt/sources.list.d/criu.list \
2020-12-02 01:02:42 +00:00
&& apt-get update \
&& apt-get install -y --no-install-recommends criu \
&& install -D /usr/sbin/criu /build/criu
2017-09-29 21:09:14 +00:00
2018-02-27 08:20:55 +00:00
FROM base AS registry
2020-01-10 13:07:01 +00:00
WORKDIR /go/src/github.com/docker/distribution
2021-08-23 11:57:40 +00:00
2021-09-24 14:47:18 +00:00
# REGISTRY_VERSION specifies the version of the registry to build and install
2021-08-23 11:57:40 +00:00
# from the https://github.com/docker/distribution repository. This version of
# the registry is used to test both schema 1 and schema 2 manifests. Generally,
# the version specified here should match a current release.
2021-09-24 14:47:18 +00:00
ARG REGISTRY_VERSION = v2.3.0
2021-08-23 11:57:40 +00:00
2022-03-01 06:26:35 +00:00
# REGISTRY_VERSION_SCHEMA1 specifies the version of the registry to build and
2021-08-23 11:57:40 +00:00
# install from the https://github.com/docker/distribution repository. This is
# an older (pre v2.3.0) version of the registry that only supports schema1
# manifests. This version of the registry is not working on arm64, so installation
# is skipped on that architecture.
2021-09-24 14:47:18 +00:00
ARG REGISTRY_VERSION_SCHEMA1 = v2.1.0
2019-05-22 23:49:55 +00:00
RUN --mount= type = cache,target= /root/.cache/go-build \
2019-10-05 20:41:27 +00:00
--mount= type = cache,target= /go/pkg/mod \
2020-01-10 13:07:01 +00:00
--mount= type = tmpfs,target= /go/src/ \
2019-10-05 20:41:27 +00:00
set -x \
2020-01-10 13:07:01 +00:00
&& git clone https://github.com/docker/distribution.git . \
2021-09-24 14:47:18 +00:00
&& git checkout -q " $REGISTRY_VERSION " \
2020-01-10 13:07:01 +00:00
&& GOPATH = " /go/src/github.com/docker/distribution/Godeps/_workspace: $GOPATH " \
2019-10-05 20:41:27 +00:00
go build -buildmode= pie -o /build/registry-v2 github.com/docker/distribution/cmd/registry \
&& case $( dpkg --print-architecture) in \
2020-01-10 13:32:46 +00:00
amd64| armhf| ppc64*| s390x) \
2021-09-24 14:47:18 +00:00
git checkout -q " $REGISTRY_VERSION_SCHEMA1 " ; \
2020-01-10 13:07:01 +00:00
GOPATH = " /go/src/github.com/docker/distribution/Godeps/_workspace: $GOPATH " ; \
2019-10-05 20:41:27 +00:00
go build -buildmode= pie -o /build/registry-v2-schema1 github.com/docker/distribution/cmd/registry; \
; ; \
2020-01-10 13:07:01 +00:00
esac
2015-01-21 03:40:19 +00:00
2018-02-27 08:20:55 +00:00
FROM base AS swagger
2020-01-10 13:07:01 +00:00
WORKDIR $GOPATH/src/github.com/go-swagger/go-swagger
2021-08-23 11:57:40 +00:00
# GO_SWAGGER_COMMIT specifies the version of the go-swagger binary to build and
# install. Go-swagger is used in CI for validating swagger.yaml in hack/validate/swagger-gen
#
# Currently uses a fork from https://github.com/kolyshkin/go-swagger/tree/golang-1.13-fix,
2019-10-04 01:57:29 +00:00
# TODO: move to under moby/ or fix upstream go-swagger to work for us.
2021-07-02 13:00:47 +00:00
ENV GO_SWAGGER_COMMIT c56166c036004ba7a3a321e5951ba472b9ae298c
2019-05-22 23:49:55 +00:00
RUN --mount= type = cache,target= /root/.cache/go-build \
2019-10-05 20:41:27 +00:00
--mount= type = cache,target= /go/pkg/mod \
2020-01-10 13:07:01 +00:00
--mount= type = tmpfs,target= /go/src/ \
2019-10-05 20:41:27 +00:00
set -x \
2020-01-10 13:07:01 +00:00
&& git clone https://github.com/kolyshkin/go-swagger.git . \
&& git checkout -q " $GO_SWAGGER_COMMIT " \
&& go build -o /build/swagger github.com/go-swagger/go-swagger/cmd/swagger
2016-11-03 17:15:27 +00:00
2022-09-08 14:13:41 +00:00
# frozen-images
# See also frozenImages in "testutil/environment/protect.go" (which needs to
# be updated when adding images to this list)
2020-09-18 22:40:45 +00:00
FROM debian:${BASE_DEBIAN_DISTRO} AS frozen-images
2019-08-11 15:08:33 +00:00
ARG DEBIAN_FRONTEND
2019-05-22 23:49:55 +00:00
RUN --mount= type = cache,sharing= locked,id= moby-frozen-images-aptlib,target= /var/lib/apt \
2019-10-05 20:41:27 +00:00
--mount= type = cache,sharing= locked,id= moby-frozen-images-aptcache,target= /var/cache/apt \
apt-get update && apt-get install -y --no-install-recommends \
ca-certificates \
2020-09-18 22:40:45 +00:00
curl \
2019-10-05 20:41:27 +00:00
jq
2015-03-07 01:12:41 +00:00
# Get useful and necessary Hub images so we can "docker load" locally instead of pulling
2017-09-29 21:09:14 +00:00
COPY contrib/download-frozen-image-v2.sh /
2020-09-29 22:39:49 +00:00
ARG TARGETARCH
2022-09-08 14:13:41 +00:00
ARG TARGETVARIANT
2018-04-13 18:45:57 +00:00
RUN /download-frozen-image-v2.sh /build \
2020-06-30 03:06:03 +00:00
busybox:latest@sha256:95cf004f559831017cdf4628aaf1bb30133677be8702a8c5f2994629f637a209 \
busybox:glibc@sha256:1f81263701cddf6402afe9f33fca0266d9fff379e59b1748f33d3072da71ee85 \
2021-08-19 21:40:38 +00:00
debian:bullseye-slim@sha256:dacf278785a4daa9de07596ec739dbc07131e189942772210709c5c0777e8437 \
2020-10-15 23:01:17 +00:00
hello-world:latest@sha256:d58e752213a51785838f9eed2b7a498ffa1cb3aa7f946dda11af39286c3db9a9 \
arm32v7/hello-world:latest@sha256:50b8560ad574c779908da71f7ce370c0a2471c098d44d1c8f6b513c5a55eeeb1
2015-02-28 05:53:36 +00:00
2019-04-16 23:31:49 +00:00
FROM base AS cross-false
2017-09-29 21:09:14 +00:00
2019-10-08 17:54:39 +00:00
FROM --platform=linux/amd64 base AS cross-true
2019-08-11 15:08:33 +00:00
ARG DEBIAN_FRONTEND
2019-04-06 00:20:06 +00:00
RUN dpkg --add-architecture arm64
RUN dpkg --add-architecture armel
2019-10-05 20:56:32 +00:00
RUN dpkg --add-architecture armhf
2021-06-15 08:49:04 +00:00
RUN dpkg --add-architecture ppc64el
2021-06-14 09:06:42 +00:00
RUN dpkg --add-architecture s390x
2019-05-22 23:49:55 +00:00
RUN --mount= type = cache,sharing= locked,id= moby-cross-true-aptlib,target= /var/lib/apt \
2019-10-05 20:41:27 +00:00
--mount= type = cache,sharing= locked,id= moby-cross-true-aptcache,target= /var/cache/apt \
apt-get update && apt-get install -y --no-install-recommends \
2019-10-05 20:56:32 +00:00
crossbuild-essential-arm64 \
crossbuild-essential-armel \
2021-06-15 08:49:04 +00:00
crossbuild-essential-armhf \
2021-06-14 09:06:42 +00:00
crossbuild-essential-ppc64el \
crossbuild-essential-s390x
2019-04-16 23:31:49 +00:00
2021-08-23 11:57:40 +00:00
FROM cross-${CROSS} AS dev-base
2019-04-16 23:31:49 +00:00
FROM dev-base AS runtime-dev-cross-false
2019-08-11 15:08:33 +00:00
ARG DEBIAN_FRONTEND
2019-05-22 23:49:55 +00:00
RUN --mount= type = cache,sharing= locked,id= moby-cross-false-aptlib,target= /var/lib/apt \
2019-10-05 20:41:27 +00:00
--mount= type = cache,sharing= locked,id= moby-cross-false-aptcache,target= /var/cache/apt \
apt-get update && apt-get install -y --no-install-recommends \
2019-11-05 20:11:49 +00:00
binutils-mingw-w64 \
g++-mingw-w64-x86-64 \
2019-10-05 20:41:27 +00:00
libapparmor-dev \
2019-07-17 12:37:56 +00:00
libbtrfs-dev \
2019-11-05 20:11:49 +00:00
libdevmapper-dev \
2021-08-19 19:16:01 +00:00
libseccomp-dev \
2019-11-05 20:11:49 +00:00
libsystemd-dev \
libudev-dev
2019-05-22 23:49:55 +00:00
2019-11-05 20:11:49 +00:00
FROM --platform=linux/amd64 runtime-dev-cross-false AS runtime-dev-cross-true
2019-08-11 15:08:33 +00:00
ARG DEBIAN_FRONTEND
2019-04-06 00:20:06 +00:00
# These crossbuild packages rely on gcc-<arch>, but this doesn't want to install
2022-03-01 06:26:35 +00:00
# on non-amd64 systems, so other architectures cannot crossbuild amd64.
2019-05-22 23:49:55 +00:00
RUN --mount= type = cache,sharing= locked,id= moby-cross-true-aptlib,target= /var/lib/apt \
2019-10-05 20:41:27 +00:00
--mount= type = cache,sharing= locked,id= moby-cross-true-aptcache,target= /var/cache/apt \
apt-get update && apt-get install -y --no-install-recommends \
libapparmor-dev:arm64 \
libapparmor-dev:armel \
2021-06-15 08:49:04 +00:00
libapparmor-dev:armhf \
2021-06-14 09:06:42 +00:00
libapparmor-dev:ppc64el \
2021-08-19 19:32:18 +00:00
libapparmor-dev:s390x \
libseccomp-dev:arm64 \
libseccomp-dev:armel \
libseccomp-dev:armhf \
libseccomp-dev:ppc64el \
libseccomp-dev:s390x
2019-05-22 23:49:55 +00:00
2019-04-06 00:20:06 +00:00
FROM runtime-dev-cross-${CROSS} AS runtime-dev
2017-09-29 21:09:14 +00:00
2022-02-20 18:21:10 +00:00
FROM base AS delve
# DELVE_VERSION specifies the version of the Delve debugger binary
# from the https://github.com/go-delve/delve repository.
# It can be used to run Docker with a possibility of
# attaching debugger to it.
#
ARG DELVE_VERSION = v1.8.1
2022-07-02 13:39:02 +00:00
# Delve on Linux is currently only supported on amd64 and arm64;
# https://github.com/go-delve/delve/blob/v1.8.1/pkg/proc/native/support_sentinel.go#L1-L6
2022-02-20 18:21:10 +00:00
RUN --mount= type = cache,target= /root/.cache/go-build \
--mount= type = cache,target= /go/pkg/mod \
2022-07-02 13:39:02 +00:00
case $( dpkg --print-architecture) in \
amd64| arm64) \
GOBIN = /build/ GO111MODULE = on go install " github.com/go-delve/delve/cmd/dlv@ ${ DELVE_VERSION } " \
&& /build/dlv --help \
; ; \
*) \
mkdir -p /build/ \
; ; \
esac
2022-02-20 18:21:10 +00:00
validate/toml: switch to github.com/pelletier/go-toml
The github.com/BurntSushi/toml project is no longer maintained,
and containerd is switching to this project instead, so start
moving our code as well.
This patch only changes the binary used during validation (tbh,
we could probably remove this validation step, but leaving that
for now).
I manually verified that the hack/verify/toml still works by adding a commit
that makes the MAINTAINERS file invalid;
diff --git a/MAINTAINERS b/MAINTAINERS
index b739e7e20c..81ababd8de 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -23,7 +23,7 @@
# a subsystem, they are responsible for doing so and holding the
# subsystem maintainers accountable. If ownership is unclear, they are the de facto owners.
- people = [
+ people =
"akihirosuda",
"anusha",
"coolljt0725",
Running `hack/verify/toml` was able to detect the broken format;
hack/validate/toml
(27, 4): keys cannot contain , characterThese files are not valid TOML:
- MAINTAINERS
Please reformat the above files as valid TOML
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-04-02 14:02:34 +00:00
FROM base AS tomll
2021-08-23 11:57:40 +00:00
# GOTOML_VERSION specifies the version of the tomll binary to build and install
# from the https://github.com/pelletier/go-toml repository. This binary is used
# in CI in the hack/validate/toml script.
#
# When updating this version, consider updating the github.com/pelletier/go-toml
2021-12-15 19:35:04 +00:00
# dependency in vendor.mod accordingly.
2021-08-23 11:57:40 +00:00
ARG GOTOML_VERSION = v1.8.1
2019-05-22 23:49:55 +00:00
RUN --mount= type = cache,target= /root/.cache/go-build \
2019-10-05 20:41:27 +00:00
--mount= type = cache,target= /go/pkg/mod \
2021-08-23 11:57:40 +00:00
GOBIN = /build/ GO111MODULE = on go install " github.com/pelletier/go-toml/cmd/tomll@ ${ GOTOML_VERSION } " \
&& /build/tomll --help
2017-09-29 21:09:14 +00:00
2022-04-14 17:52:23 +00:00
FROM base AS gowinres
# GOWINRES_VERSION defines go-winres tool version
2022-11-17 16:32:06 +00:00
ARG GOWINRES_VERSION = v0.3.0
2022-04-14 17:52:23 +00:00
RUN --mount= type = cache,target= /root/.cache/go-build \
--mount= type = cache,target= /go/pkg/mod \
GOBIN = /build/ GO111MODULE = on go install " github.com/tc-hib/go-winres@ ${ GOWINRES_VERSION } " \
&& /build/go-winres --help
2019-04-16 23:31:49 +00:00
FROM dev-base AS containerd
2019-08-11 15:08:33 +00:00
ARG DEBIAN_FRONTEND
2019-05-22 23:49:55 +00:00
RUN --mount= type = cache,sharing= locked,id= moby-containerd-aptlib,target= /var/lib/apt \
2019-10-05 20:41:27 +00:00
--mount= type = cache,sharing= locked,id= moby-containerd-aptcache,target= /var/cache/apt \
apt-get update && apt-get install -y --no-install-recommends \
2019-07-17 12:37:56 +00:00
libbtrfs-dev
2021-07-26 12:48:52 +00:00
ARG CONTAINERD_VERSION
2021-08-23 11:57:40 +00:00
COPY /hack/dockerfile/install/install.sh /hack/dockerfile/install/containerd.installer /
2019-05-22 23:49:55 +00:00
RUN --mount= type = cache,target= /root/.cache/go-build \
2019-10-05 20:41:27 +00:00
--mount= type = cache,target= /go/pkg/mod \
2021-08-23 11:57:40 +00:00
PREFIX = /build /install.sh containerd
2017-09-29 21:09:14 +00:00
2019-08-05 10:32:43 +00:00
FROM base AS golangci_lint
2022-09-03 21:20:23 +00:00
# FIXME: when updating golangci-lint, remove the temporary "nolint" in https://github.com/moby/moby/blob/7860686a8df15eea9def9e6189c6f9eca031bb6f/libnetwork/networkdb/cluster.go#L246
ARG GOLANGCI_LINT_VERSION = v1.49.0
2019-05-22 23:49:55 +00:00
RUN --mount= type = cache,target= /root/.cache/go-build \
2019-10-05 20:41:27 +00:00
--mount= type = cache,target= /go/pkg/mod \
2021-08-23 11:57:40 +00:00
GOBIN = /build/ GO111MODULE = on go install " github.com/golangci/golangci-lint/cmd/golangci-lint@ ${ GOLANGCI_LINT_VERSION } " \
&& /build/golangci-lint --version
2017-09-29 21:09:14 +00:00
2019-07-31 00:07:30 +00:00
FROM base AS gotestsum
2022-11-17 16:05:20 +00:00
ARG GOTESTSUM_VERSION = v1.8.2
2019-05-22 23:49:55 +00:00
RUN --mount= type = cache,target= /root/.cache/go-build \
2019-10-05 20:41:27 +00:00
--mount= type = cache,target= /go/pkg/mod \
2021-08-23 11:57:40 +00:00
GOBIN = /build/ GO111MODULE = on go install " gotest.tools/gotestsum@ ${ GOTESTSUM_VERSION } " \
&& /build/gotestsum --version
2019-07-31 00:07:30 +00:00
2020-02-29 15:31:43 +00:00
FROM base AS shfmt
2021-08-23 11:57:40 +00:00
ARG SHFMT_VERSION = v3.0.2
2020-02-29 15:31:43 +00:00
RUN --mount= type = cache,target= /root/.cache/go-build \
--mount= type = cache,target= /go/pkg/mod \
2021-08-23 11:57:40 +00:00
GOBIN = /build/ GO111MODULE = on go install " mvdan.cc/sh/v3/cmd/shfmt@ ${ SHFMT_VERSION } " \
&& /build/shfmt --version
2020-02-29 15:31:43 +00:00
2019-04-16 23:31:49 +00:00
FROM dev-base AS dockercli
2019-09-12 20:22:56 +00:00
ARG DOCKERCLI_CHANNEL
ARG DOCKERCLI_VERSION
2021-08-23 11:57:40 +00:00
COPY /hack/dockerfile/install/install.sh /hack/dockerfile/install/dockercli.installer /
2019-05-22 23:49:55 +00:00
RUN --mount= type = cache,target= /root/.cache/go-build \
2019-10-05 20:41:27 +00:00
--mount= type = cache,target= /go/pkg/mod \
2021-08-23 11:57:40 +00:00
PREFIX = /build /install.sh dockercli
2017-09-29 21:09:14 +00:00
FROM runtime-dev AS runc
2021-07-26 12:48:52 +00:00
ARG RUNC_VERSION
2019-09-12 20:22:56 +00:00
ARG RUNC_BUILDTAGS
2021-08-23 11:57:40 +00:00
COPY /hack/dockerfile/install/install.sh /hack/dockerfile/install/runc.installer /
2019-05-22 23:49:55 +00:00
RUN --mount= type = cache,target= /root/.cache/go-build \
2019-10-05 20:41:27 +00:00
--mount= type = cache,target= /go/pkg/mod \
2021-08-23 11:57:40 +00:00
PREFIX = /build /install.sh runc
2017-09-29 21:09:14 +00:00
2019-04-16 23:31:49 +00:00
FROM dev-base AS tini
2019-08-11 15:08:33 +00:00
ARG DEBIAN_FRONTEND
2021-07-26 12:48:52 +00:00
ARG TINI_VERSION
2019-05-22 23:49:55 +00:00
RUN --mount= type = cache,sharing= locked,id= moby-tini-aptlib,target= /var/lib/apt \
2019-10-05 20:41:27 +00:00
--mount= type = cache,sharing= locked,id= moby-tini-aptcache,target= /var/cache/apt \
apt-get update && apt-get install -y --no-install-recommends \
cmake \
vim-common
2021-08-23 11:57:40 +00:00
COPY /hack/dockerfile/install/install.sh /hack/dockerfile/install/tini.installer /
2019-05-22 23:49:55 +00:00
RUN --mount= type = cache,target= /root/.cache/go-build \
2019-10-05 20:41:27 +00:00
--mount= type = cache,target= /go/pkg/mod \
2021-08-23 11:57:40 +00:00
PREFIX = /build /install.sh tini
2017-09-29 21:09:14 +00:00
2019-04-16 23:31:49 +00:00
FROM dev-base AS rootlesskit
2021-07-26 12:48:52 +00:00
ARG ROOTLESSKIT_VERSION
2021-08-23 11:57:40 +00:00
ARG PREFIX = /build
COPY /hack/dockerfile/install/install.sh /hack/dockerfile/install/rootlesskit.installer /
2019-05-22 23:49:55 +00:00
RUN --mount= type = cache,target= /root/.cache/go-build \
2019-10-05 20:41:27 +00:00
--mount= type = cache,target= /go/pkg/mod \
2021-08-23 11:57:40 +00:00
/install.sh rootlesskit \
&& " ${ PREFIX } " /rootlesskit --version \
&& " ${ PREFIX } " /rootlesskit-docker-proxy --help
2018-10-15 07:52:53 +00:00
COPY ./contrib/dockerd-rootless.sh /build
2020-05-11 13:12:50 +00:00
COPY ./contrib/dockerd-rootless-setuptool.sh /build
2017-09-29 21:09:14 +00:00
2022-06-10 21:19:40 +00:00
FROM base AS crun
ARG CRUN_VERSION = 1 .4.5
RUN --mount= type = cache,sharing= locked,id= moby-crun-aptlib,target= /var/lib/apt \
--mount= type = cache,sharing= locked,id= moby-crun-aptcache,target= /var/cache/apt \
apt-get update && apt-get install -y --no-install-recommends \
autoconf \
automake \
build-essential \
libcap-dev \
libprotobuf-c-dev \
libseccomp-dev \
libsystemd-dev \
libtool \
libudev-dev \
libyajl-dev \
python3 \
;
RUN --mount= type = tmpfs,target= /tmp/crun-build \
git clone https://github.com/containers/crun.git /tmp/crun-build && \
cd /tmp/crun-build && \
git checkout -q " ${ CRUN_VERSION } " && \
./autogen.sh && \
./configure --bindir= /build && \
make -j install
2022-11-17 23:23:20 +00:00
# vpnkit
# use dummy scratch stage to avoid build to fail for unsupported platforms
FROM scratch AS vpnkit-windows
FROM scratch AS vpnkit-linux-386
FROM scratch AS vpnkit-linux-arm
FROM scratch AS vpnkit-linux-ppc64le
FROM scratch AS vpnkit-linux-riscv64
FROM scratch AS vpnkit-linux-s390x
FROM djs55/vpnkit:${VPNKIT_VERSION} AS vpnkit-linux-amd64
FROM djs55/vpnkit:${VPNKIT_VERSION} AS vpnkit-linux-arm64
FROM vpnkit-linux-${TARGETARCH} AS vpnkit-linux
FROM vpnkit-${TARGETOS} AS vpnkit
2019-10-05 20:46:49 +00:00
2017-09-29 21:09:14 +00:00
# TODO: Some of this is only really needed for testing, it would be nice to split this up
2020-02-10 17:55:16 +00:00
FROM runtime-dev AS dev-systemd-false
2019-08-11 15:08:33 +00:00
ARG DEBIAN_FRONTEND
2017-09-29 21:09:14 +00:00
RUN groupadd -r docker
2020-02-18 09:43:56 +00:00
RUN useradd --create-home --gid docker unprivilegeduser \
&& mkdir -p /home/unprivilegeduser/.local/share/docker \
&& chown -R unprivilegeduser /home/unprivilegeduser
2018-06-29 10:39:36 +00:00
# Let us use a .bashrc file
RUN ln -sfv /go/src/github.com/docker/docker/.bashrc ~/.bashrc
2017-06-24 21:51:06 +00:00
# Activate bash completion and include Docker's completion if mounted with DOCKER_BASH_COMPLETION_PATH
RUN echo "source /usr/share/bash-completion/bash_completion" >> /etc/bash.bashrc
2017-06-23 16:05:38 +00:00
RUN ln -s /usr/local/completion/bash/docker /etc/bash_completion.d/docker
2017-09-29 21:09:14 +00:00
RUN ldconfig
# This should only install packages that are specifically needed for the dev environment and nothing else
# Do you really need to add another package here? Can it be done in a different build stage?
2019-05-22 23:49:55 +00:00
RUN --mount= type = cache,sharing= locked,id= moby-dev-aptlib,target= /var/lib/apt \
2019-10-05 20:41:27 +00:00
--mount= type = cache,sharing= locked,id= moby-dev-aptcache,target= /var/cache/apt \
apt-get update && apt-get install -y --no-install-recommends \
apparmor \
bash-completion \
2019-10-05 20:56:32 +00:00
bzip2 \
2021-08-19 19:16:01 +00:00
inetutils-ping \
iproute2 \
2019-10-05 20:41:27 +00:00
iptables \
jq \
libcap2-bin \
2019-10-05 20:56:32 +00:00
libnet1 \
libnl-3-200 \
libprotobuf-c1 \
2022-06-10 21:19:40 +00:00
libyajl2 \
2019-10-05 20:41:27 +00:00
net-tools \
2020-07-15 11:45:41 +00:00
patch \
2019-10-05 20:41:27 +00:00
pigz \
python3-pip \
python3-setuptools \
python3-wheel \
2020-02-18 09:43:56 +00:00
sudo \
2022-02-02 21:39:35 +00:00
systemd-journal-remote \
2019-10-05 20:41:27 +00:00
thin-provisioning-tools \
2020-02-18 09:43:56 +00:00
uidmap \
2019-10-05 20:41:27 +00:00
vim \
vim-common \
xfsprogs \
xz-utils \
2020-12-08 09:56:32 +00:00
zip \
zstd
2019-05-22 23:49:55 +00:00
2019-07-30 23:59:02 +00:00
2020-02-25 23:31:07 +00:00
# Switch to use iptables instead of nftables (to match the CI hosts)
# TODO use some kind of runtime auto-detection instead if/when nftables is supported (https://github.com/moby/moby/issues/26824)
2019-07-22 15:22:13 +00:00
RUN update-alternatives --set iptables /usr/sbin/iptables-legacy || true \
&& update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy || true \
&& update-alternatives --set arptables /usr/sbin/arptables-legacy || true
2022-08-26 07:21:29 +00:00
ARG YAMLLINT_VERSION = 1 .27.1
RUN pip3 install yamllint = = ${ YAMLLINT_VERSION }
2019-07-30 23:59:02 +00:00
2019-10-05 21:10:32 +00:00
COPY --from= dockercli /build/ /usr/local/cli
2018-04-13 18:45:57 +00:00
COPY --from= frozen-images /build/ /docker-frozen-images
2019-10-05 21:10:32 +00:00
COPY --from= swagger /build/ /usr/local/bin/
2022-02-20 18:21:10 +00:00
COPY --from= delve /build/ /usr/local/bin/
validate/toml: switch to github.com/pelletier/go-toml
The github.com/BurntSushi/toml project is no longer maintained,
and containerd is switching to this project instead, so start
moving our code as well.
This patch only changes the binary used during validation (tbh,
we could probably remove this validation step, but leaving that
for now).
I manually verified that the hack/verify/toml still works by adding a commit
that makes the MAINTAINERS file invalid;
diff --git a/MAINTAINERS b/MAINTAINERS
index b739e7e20c..81ababd8de 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -23,7 +23,7 @@
# a subsystem, they are responsible for doing so and holding the
# subsystem maintainers accountable. If ownership is unclear, they are the de facto owners.
- people = [
+ people =
"akihirosuda",
"anusha",
"coolljt0725",
Running `hack/verify/toml` was able to detect the broken format;
hack/validate/toml
(27, 4): keys cannot contain , characterThese files are not valid TOML:
- MAINTAINERS
Please reformat the above files as valid TOML
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-04-02 14:02:34 +00:00
COPY --from= tomll /build/ /usr/local/bin/
2022-04-14 17:52:23 +00:00
COPY --from= gowinres /build/ /usr/local/bin/
2019-10-05 21:10:32 +00:00
COPY --from= tini /build/ /usr/local/bin/
COPY --from= registry /build/ /usr/local/bin/
2020-12-02 01:02:42 +00:00
COPY --from= criu /build/ /usr/local/bin/
2019-10-05 21:10:32 +00:00
COPY --from= gotestsum /build/ /usr/local/bin/
2019-10-05 20:59:51 +00:00
COPY --from= golangci_lint /build/ /usr/local/bin/
2020-02-29 15:31:43 +00:00
COPY --from= shfmt /build/ /usr/local/bin/
2019-10-05 21:10:32 +00:00
COPY --from= runc /build/ /usr/local/bin/
COPY --from= containerd /build/ /usr/local/bin/
COPY --from= rootlesskit /build/ /usr/local/bin/
2022-11-17 23:23:20 +00:00
COPY --from= vpnkit / /usr/local/bin/
2022-06-10 21:19:40 +00:00
COPY --from= crun /build/ /usr/local/bin/
COPY hack/dockerfile/etc/docker/ /etc/docker/
2017-09-29 21:09:14 +00:00
ENV PATH = /usr/local/cli:$PATH
2019-11-05 20:11:49 +00:00
ARG DOCKER_BUILDTAGS
ENV DOCKER_BUILDTAGS = " ${ DOCKER_BUILDTAGS } "
2017-09-29 21:09:14 +00:00
WORKDIR /go/src/github.com/docker/docker
VOLUME /var/lib/docker
2020-02-18 09:43:56 +00:00
VOLUME /home/unprivilegeduser/.local/share/docker
2017-09-29 21:09:14 +00:00
# Wrap all commands in the "docker-in-docker" script to allow nested containers
ENTRYPOINT [ "hack/dind" ]
2019-10-08 18:17:15 +00:00
2020-02-10 17:55:16 +00:00
FROM dev-systemd-false AS dev-systemd-true
RUN --mount= type = cache,sharing= locked,id= moby-dev-aptlib,target= /var/lib/apt \
--mount= type = cache,sharing= locked,id= moby-dev-aptcache,target= /var/cache/apt \
apt-get update && apt-get install -y --no-install-recommends \
dbus \
dbus-user-session \
systemd \
systemd-sysv
ENTRYPOINT [ "hack/dind-systemd" ]
2020-03-06 06:36:54 +00:00
FROM dev-systemd-${SYSTEMD} AS dev
2019-11-05 21:41:04 +00:00
FROM runtime-dev AS binary-base
2019-05-22 23:49:55 +00:00
ARG DOCKER_GITCOMMIT = HEAD
2019-10-16 17:09:10 +00:00
ENV DOCKER_GITCOMMIT = ${ DOCKER_GITCOMMIT }
ARG VERSION
ENV VERSION = ${ VERSION }
ARG PLATFORM
ENV PLATFORM = ${ PLATFORM }
ARG PRODUCT
ENV PRODUCT = ${ PRODUCT }
ARG DEFAULT_PRODUCT_LICENSE
ENV DEFAULT_PRODUCT_LICENSE = ${ DEFAULT_PRODUCT_LICENSE }
2022-04-14 17:52:23 +00:00
ARG PACKAGER_NAME
ENV PACKAGER_NAME = ${ PACKAGER_NAME }
2019-11-05 20:11:49 +00:00
ARG DOCKER_BUILDTAGS
ENV DOCKER_BUILDTAGS = " ${ DOCKER_BUILDTAGS } "
2019-11-05 21:41:04 +00:00
ENV PREFIX = /build
2019-11-05 20:11:49 +00:00
# TODO: This is here because hack/make.sh binary copies these extras binaries
# from $PATH into the bundles dir.
# It would be nice to handle this in a different way.
2022-04-14 17:52:23 +00:00
COPY --from= tini /build/ /usr/local/bin/
COPY --from= runc /build/ /usr/local/bin/
COPY --from= containerd /build/ /usr/local/bin/
COPY --from= rootlesskit /build/ /usr/local/bin/
2022-11-17 23:23:20 +00:00
COPY --from= vpnkit / /usr/local/bin/
2022-04-14 17:52:23 +00:00
COPY --from= gowinres /build/ /usr/local/bin/
2019-11-05 21:41:04 +00:00
WORKDIR /go/src/github.com/docker/docker
2019-10-16 17:09:10 +00:00
FROM binary-base AS build-binary
2022-04-14 17:52:23 +00:00
RUN --mount= type = cache,target= /root/.cache \
--mount= type = bind,target= .,ro \
--mount= type = tmpfs,target= cli/winresources/dockerd \
--mount= type = tmpfs,target= cli/winresources/docker-proxy \
2019-10-05 20:41:27 +00:00
hack/make.sh binary
2019-05-22 23:49:55 +00:00
2019-10-16 17:09:10 +00:00
FROM binary-base AS build-dynbinary
2022-04-14 17:52:23 +00:00
RUN --mount= type = cache,target= /root/.cache \
--mount= type = bind,target= .,ro \
--mount= type = tmpfs,target= cli/winresources/dockerd \
--mount= type = tmpfs,target= cli/winresources/docker-proxy \
2019-10-05 20:41:27 +00:00
hack/make.sh dynbinary
2019-05-22 23:49:55 +00:00
2019-10-16 17:09:10 +00:00
FROM binary-base AS build-cross
ARG DOCKER_CROSSPLATFORMS
2022-04-14 17:52:23 +00:00
RUN --mount= type = cache,target= /root/.cache \
--mount= type = bind,target= .,ro \
--mount= type = tmpfs,target= cli/winresources/dockerd \
--mount= type = tmpfs,target= cli/winresources/docker-proxy \
2019-10-05 20:41:27 +00:00
hack/make.sh cross
2019-05-22 23:49:55 +00:00
FROM scratch AS binary
2019-11-05 21:41:04 +00:00
COPY --from= build-binary /build/bundles/ /
2019-05-22 23:49:55 +00:00
FROM scratch AS dynbinary
2019-12-30 21:20:11 +00:00
COPY --from= build-dynbinary /build/bundles/ /
2019-05-22 23:49:55 +00:00
FROM scratch AS cross
2019-12-30 21:20:11 +00:00
COPY --from= build-cross /build/bundles/ /
2018-12-14 01:26:10 +00:00
2020-03-06 06:36:54 +00:00
FROM dev AS final
2019-11-05 21:41:04 +00:00
COPY . /go/src/github.com/docker/docker