9f1fc40a |
# This file describes the standard way to build Docker, using docker |
fa806f26 |
#
# Usage:
# |
ba49e8c4 |
# # Use make to build a development environment image and run it in a container.
# # This is slow the first time.
# make BIND_DIR=. shell |
fa806f26 |
# |
ba49e8c4 |
# The following commands are executed inside the running container.
# # Make a dockerd binary.
# # hack/make.sh binary |
d757bd09 |
# |
ba49e8c4 |
# # Install dockerd to /usr/local/bin
# # make install
#
# # Run unit tests
# # hack/test/unit
#
# # Run tests e.g. integration, py
# # hack/make.sh binary test-integration test-docker-py |
fa806f26 |
# |
cd440188 |
# Note: AppArmor used to mess with privileged mode, but this is no longer |
31638ab2 |
# the case. Therefore, you don't have to disable it anymore.
# |
fa806f26 |
|
61a32858 |
ARG CROSS="false" |
aa6a9891 |
# IMPORTANT: When updating this please note that stdlib archive/tar pkg is vendored |
9fe29182 |
ARG GO_VERSION=1.13.15 |
f7a3fb8f |
ARG DEBIAN_FRONTEND=noninteractive |
cb813fae |
ARG VPNKIT_DIGEST=e508a17cfacc8fd39261d5b4e397df2b953690da577e2c987a47630cd0c42f8e |
61a32858 |
|
4aaf3ead |
FROM golang:${GO_VERSION}-buster AS base |
3bf3a1ae |
ARG APT_MIRROR
RUN sed -ri "s/(httpredir|deb).debian.org/${APT_MIRROR:-deb.debian.org}/g" /etc/apt/sources.list \
&& sed -ri "s/(security).debian.org/${APT_MIRROR:-security.debian.org}/g" /etc/apt/sources.list |
075e057d |
ENV GO111MODULE=off |
060196ee |
|
d539038d |
FROM base AS criu |
f7a3fb8f |
ARG DEBIAN_FRONTEND |
1e49fdca |
# Install dependency packages specific to criu |
d6ba2b6a |
RUN apt-get update && apt-get install -y --no-install-recommends \ |
ddfeaf32 |
libcap-dev \ |
0499db23 |
libnet-dev \ |
ddfeaf32 |
libnl-3-dev \ |
0499db23 |
libprotobuf-c-dev \
libprotobuf-dev \
protobuf-c-compiler \ |
ddfeaf32 |
protobuf-compiler \ |
0499db23 |
python-protobuf \
&& rm -rf /var/lib/apt/lists/* |
c77e7cb3 |
# Install CRIU for checkpoint/restore support |
4c245122 |
ARG CRIU_VERSION=3.14 |
d6ba2b6a |
RUN mkdir -p /usr/src/criu \ |
0499db23 |
&& curl -sSL https://github.com/checkpoint-restore/criu/archive/v${CRIU_VERSION}.tar.gz | tar -C /usr/src/criu/ -xz --strip-components=1 \
&& cd /usr/src/criu \
&& make \
&& make PREFIX=/build/ install-criu |
d539038d |
|
572cb664 |
FROM base AS registry |
21ae66c6 |
# Install two versions of the registry. The first is an older version that
# only supports schema1 manifests. The second is a newer version that supports
# both. This allows integration-cli tests to cover push/pull with both schema1
# and schema2 manifests.
ENV REGISTRY_COMMIT_SCHEMA1 ec87e9b6971d831f0eff752ddb54fb64693e51cd |
588e27f9 |
ENV REGISTRY_COMMIT 47a064d4195a9b56133891bbb13620c3ac83a827 |
681f4d84 |
RUN set -x \ |
0499db23 |
&& export GOPATH="$(mktemp -d)" \
&& git clone https://github.com/docker/distribution.git "$GOPATH/src/github.com/docker/distribution" \
&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT") \
&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
go build -buildmode=pie -o /build/registry-v2 github.com/docker/distribution/cmd/registry \
&& case $(dpkg --print-architecture) in \
amd64|ppc64*|s390x) \
(cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT_SCHEMA1"); \
GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH"; \
go build -buildmode=pie -o /build/registry-v2-schema1 github.com/docker/distribution/cmd/registry; \
;; \
esac \
&& rm -rf "$GOPATH" |
681f4d84 |
|
572cb664 |
FROM base AS swagger |
5c4abd10 |
# Install go-swagger for validating swagger.yaml |
fdad1684 |
# This is https://github.com/kolyshkin/go-swagger/tree/golang-1.13-fix
# TODO: move to under moby/ or fix upstream go-swagger to work for us.
ENV GO_SWAGGER_COMMIT 5793aa66d4b4112c2602c716516e24710e4adbb5 |
29d77aca |
RUN set -x \ |
0499db23 |
&& export GOPATH="$(mktemp -d)" \
&& git clone https://github.com/kolyshkin/go-swagger.git "$GOPATH/src/github.com/go-swagger/go-swagger" \
&& (cd "$GOPATH/src/github.com/go-swagger/go-swagger" && git checkout -q "$GO_SWAGGER_COMMIT") \
&& go build -o /build/swagger github.com/go-swagger/go-swagger/cmd/swagger \
&& rm -rf "$GOPATH" |
5c4abd10 |
|
572cb664 |
FROM base AS frozen-images |
f7a3fb8f |
ARG DEBIAN_FRONTEND |
d6ba2b6a |
RUN apt-get update && apt-get install -y --no-install-recommends \ |
0499db23 |
ca-certificates \
jq \
&& rm -rf /var/lib/apt/lists/* |
09b4c258 |
# Get useful and necessary Hub images so we can "docker load" locally instead of pulling |
d539038d |
COPY contrib/download-frozen-image-v2.sh / |
00555f7b |
RUN /download-frozen-image-v2.sh /build \ |
0499db23 |
buildpack-deps:jessie@sha256:dd86dced7c9cd2a724e779730f0a53f93b7ef42228d4344b25ce9a42a1486251 \
busybox:latest@sha256:bbc3a03235220b170ba48a157dd097dd1379299370e1ed99ce976df0355d24f0 \
busybox:glibc@sha256:0b55a30394294ab23b9afd58fab94e61a923f5834fba7ddbae7f8e0c11ba85e6 \
debian:jessie@sha256:287a20c5f73087ab406e6b364833e3fb7b3ae63ca0eb3486555dc27ed32c6e60 \
hello-world:latest@sha256:be0cd392e45be79ffeffa6b05338b98ebb16c87b255f48e297ec7f98e123905c |
1ecd8ed5 |
# See also ensureFrozenImagesLinux() in "integration-cli/fixtures_linux_daemon_test.go" (which needs to be updated when adding images to this list) |
351074ed |
|
f067a0ac |
FROM base AS cross-false |
d539038d |
|
f067a0ac |
FROM base AS cross-true |
f7a3fb8f |
ARG DEBIAN_FRONTEND |
61a32858 |
RUN dpkg --add-architecture arm64
RUN dpkg --add-architecture armel |
ddfeaf32 |
RUN dpkg --add-architecture armhf |
f067a0ac |
RUN if [ "$(go env GOHOSTARCH)" = "amd64" ]; then \ |
0499db23 |
apt-get update && apt-get install -y --no-install-recommends \
crossbuild-essential-arm64 \
crossbuild-essential-armel \ |
ddfeaf32 |
crossbuild-essential-armhf \ |
0499db23 |
&& rm -rf /var/lib/apt/lists/*; \
fi |
f067a0ac |
FROM cross-${CROSS} as dev-base
FROM dev-base AS runtime-dev-cross-false |
f7a3fb8f |
ARG DEBIAN_FRONTEND |
d6ba2b6a |
RUN apt-get update && apt-get install -y --no-install-recommends \ |
0499db23 |
libapparmor-dev \
libseccomp-dev \
&& rm -rf /var/lib/apt/lists/*
|
f067a0ac |
FROM cross-true AS runtime-dev-cross-true |
f7a3fb8f |
ARG DEBIAN_FRONTEND |
61a32858 |
# These crossbuild packages rely on gcc-<arch>, but this doesn't want to install
# on non-amd64 systems.
# Additionally, the crossbuild-amd64 is currently only on debian:buster, so
# other architectures cannnot crossbuild amd64.
RUN if [ "$(go env GOHOSTARCH)" = "amd64" ]; then \ |
0499db23 |
apt-get update && apt-get install -y --no-install-recommends \
libapparmor-dev:arm64 \
libapparmor-dev:armel \ |
ddfeaf32 |
libapparmor-dev:armhf \
libseccomp-dev:arm64 \
libseccomp-dev:armel \
libseccomp-dev:armhf \ |
0499db23 |
# install this arches seccomp here due to compat issues with the v0 builder
# This is as opposed to inheriting from runtime-dev-cross-false
libapparmor-dev \
libseccomp-dev \
&& rm -rf /var/lib/apt/lists/*; \
fi |
61a32858 |
FROM runtime-dev-cross-${CROSS} AS runtime-dev |
d539038d |
|
572cb664 |
FROM base AS tomlv |
d539038d |
ENV INSTALL_BINARY_NAME=tomlv |
f3009e2f |
ARG TOMLV_COMMIT |
d539038d |
COPY hack/dockerfile/install/install.sh ./install.sh
COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ |
5d5adcd8 |
RUN PREFIX=/build ./install.sh $INSTALL_BINARY_NAME |
d539038d |
|
572cb664 |
FROM base AS vndr |
d539038d |
ENV INSTALL_BINARY_NAME=vndr |
f3009e2f |
ARG VNDR_COMMIT |
d539038d |
COPY hack/dockerfile/install/install.sh ./install.sh
COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ |
5d5adcd8 |
RUN PREFIX=/build ./install.sh $INSTALL_BINARY_NAME |
d539038d |
|
f067a0ac |
FROM dev-base AS containerd |
f7a3fb8f |
ARG DEBIAN_FRONTEND |
f3009e2f |
ARG CONTAINERD_COMMIT |
d6ba2b6a |
RUN apt-get update && apt-get install -y --no-install-recommends \ |
4aaf3ead |
libbtrfs-dev \ |
0499db23 |
&& rm -rf /var/lib/apt/lists/* |
d539038d |
ENV INSTALL_BINARY_NAME=containerd
COPY hack/dockerfile/install/install.sh ./install.sh
COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ |
5d5adcd8 |
RUN PREFIX=/build ./install.sh $INSTALL_BINARY_NAME |
d539038d |
|
f067a0ac |
FROM dev-base AS proxy |
d539038d |
ENV INSTALL_BINARY_NAME=proxy |
f3009e2f |
ARG LIBNETWORK_COMMIT |
d539038d |
COPY hack/dockerfile/install/install.sh ./install.sh
COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ |
5d5adcd8 |
RUN PREFIX=/build ./install.sh $INSTALL_BINARY_NAME |
d539038d |
|
572cb664 |
FROM base AS gometalinter |
d539038d |
ENV INSTALL_BINARY_NAME=gometalinter
COPY hack/dockerfile/install/install.sh ./install.sh
COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ |
5d5adcd8 |
RUN PREFIX=/build ./install.sh $INSTALL_BINARY_NAME |
d539038d |
|
24144dbd |
FROM base AS gotestsum
ENV INSTALL_BINARY_NAME=gotestsum |
f3009e2f |
ARG GOTESTSUM_COMMIT |
24144dbd |
COPY hack/dockerfile/install/install.sh ./install.sh
COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./
RUN PREFIX=/build ./install.sh $INSTALL_BINARY_NAME
|
f067a0ac |
FROM dev-base AS dockercli |
d539038d |
ENV INSTALL_BINARY_NAME=dockercli |
f3009e2f |
ARG DOCKERCLI_CHANNEL
ARG DOCKERCLI_VERSION |
d539038d |
COPY hack/dockerfile/install/install.sh ./install.sh
COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ |
5d5adcd8 |
RUN PREFIX=/build ./install.sh $INSTALL_BINARY_NAME |
d539038d |
FROM runtime-dev AS runc
ENV INSTALL_BINARY_NAME=runc |
f3009e2f |
ARG RUNC_COMMIT
ARG RUNC_BUILDTAGS |
d539038d |
COPY hack/dockerfile/install/install.sh ./install.sh
COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ |
5d5adcd8 |
RUN PREFIX=/build ./install.sh $INSTALL_BINARY_NAME |
d539038d |
|
f067a0ac |
FROM dev-base AS tini |
f7a3fb8f |
ARG DEBIAN_FRONTEND |
f3009e2f |
ARG TINI_COMMIT |
d6ba2b6a |
RUN apt-get update && apt-get install -y --no-install-recommends \ |
0499db23 |
cmake \
vim-common \
&& rm -rf /var/lib/apt/lists/* |
d539038d |
COPY hack/dockerfile/install/install.sh ./install.sh
ENV INSTALL_BINARY_NAME=tini
COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ |
5d5adcd8 |
RUN PREFIX=/build ./install.sh $INSTALL_BINARY_NAME |
d539038d |
|
f067a0ac |
FROM dev-base AS rootlesskit |
ec87479b |
ENV INSTALL_BINARY_NAME=rootlesskit |
f3009e2f |
ARG ROOTLESSKIT_COMMIT |
ec87479b |
COPY hack/dockerfile/install/install.sh ./install.sh
COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./
RUN PREFIX=/build/ ./install.sh $INSTALL_BINARY_NAME
COPY ./contrib/dockerd-rootless.sh /build |
d539038d |
|
cb813fae |
FROM djs55/vpnkit@sha256:${VPNKIT_DIGEST} AS vpnkit
|
d539038d |
# TODO: Some of this is only really needed for testing, it would be nice to split this up
FROM runtime-dev AS dev |
f7a3fb8f |
ARG DEBIAN_FRONTEND |
d539038d |
RUN groupadd -r docker
RUN useradd --create-home --gid docker unprivilegeduser |
f2c58576 |
# Let us use a .bashrc file
RUN ln -sfv /go/src/github.com/docker/docker/.bashrc ~/.bashrc |
cec5ca75 |
# Activate bash completion and include Docker's completion if mounted with DOCKER_BASH_COMPLETION_PATH
RUN echo "source /usr/share/bash-completion/bash_completion" >> /etc/bash.bashrc |
0e2c424a |
RUN ln -s /usr/local/completion/bash/docker /etc/bash_completion.d/docker |
d539038d |
RUN ldconfig
# This should only install packages that are specifically needed for the dev environment and nothing else
# Do you really need to add another package here? Can it be done in a different build stage? |
d6ba2b6a |
RUN apt-get update && apt-get install -y --no-install-recommends \ |
0499db23 |
apparmor \
aufs-tools \
bash-completion \ |
ddfeaf32 |
binutils-mingw-w64 \ |
4aaf3ead |
libbtrfs-dev \ |
ddfeaf32 |
bzip2 \
g++-mingw-w64-x86-64 \ |
0499db23 |
iptables \
jq \
libcap2-bin \
libdevmapper-dev \ |
ddfeaf32 |
libnet1 \
libnl-3-200 \
libprotobuf-c1 \ |
0499db23 |
libsystemd-dev \ |
ddfeaf32 |
libudev-dev \ |
0499db23 |
net-tools \
pigz \
python3-pip \
python3-setuptools \
python3-wheel \
thin-provisioning-tools \
vim \
vim-common \
xfsprogs \
xz-utils \ |
ddfeaf32 |
zip \ |
0499db23 |
&& rm -rf /var/lib/apt/lists/* |
61e218a5 |
|
68db0c17 |
# Switch to use iptables instead of nftables (to match the host machine)
RUN update-alternatives --set iptables /usr/sbin/iptables-legacy || true \
&& update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy || true \
&& update-alternatives --set arptables /usr/sbin/arptables-legacy || true
|
61e218a5 |
RUN pip3 install yamllint==1.16.0
|
237843a0 |
COPY --from=dockercli /build/ /usr/local/cli |
00555f7b |
COPY --from=frozen-images /build/ /docker-frozen-images |
237843a0 |
COPY --from=swagger /build/ /usr/local/bin/
COPY --from=tomlv /build/ /usr/local/bin/
COPY --from=tini /build/ /usr/local/bin/
COPY --from=registry /build/ /usr/local/bin/
COPY --from=criu /build/ /usr/local/
COPY --from=vndr /build/ /usr/local/bin/
COPY --from=gotestsum /build/ /usr/local/bin/
COPY --from=gometalinter /build/ /usr/local/bin/
COPY --from=runc /build/ /usr/local/bin/
COPY --from=containerd /build/ /usr/local/bin/
COPY --from=rootlesskit /build/ /usr/local/bin/
COPY --from=vpnkit /vpnkit /usr/local/bin/vpnkit.x86_64
COPY --from=proxy /build/ /usr/local/bin/ |
0e2c424a |
|
d539038d |
ENV PATH=/usr/local/cli:$PATH
ENV DOCKER_BUILDTAGS apparmor seccomp selinux
WORKDIR /go/src/github.com/docker/docker
VOLUME /var/lib/docker
# Wrap all commands in the "docker-in-docker" script to allow nested containers
ENTRYPOINT ["hack/dind"] |
e6d7df2e |
FROM dev AS final |
47838051 |
# Upload docker source |
179e9deb |
COPY . /go/src/github.com/docker/docker |