This makes the binary build targets use a minimal build env instead of
having to build all the stuff needed for the full dev enviornment.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
... | ... |
@@ -4,6 +4,7 @@ ARG CROSS="false" |
4 | 4 |
ARG GO_VERSION=1.13.4 |
5 | 5 |
ARG DEBIAN_FRONTEND=noninteractive |
6 | 6 |
ARG VPNKIT_DIGEST=e508a17cfacc8fd39261d5b4e397df2b953690da577e2c987a47630cd0c42f8e |
7 |
+ARG DOCKER_BUILDTAGS="apparmor seccomp selinux" |
|
7 | 8 |
|
8 | 9 |
FROM golang:${GO_VERSION}-stretch AS base |
9 | 10 |
RUN echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache |
... | ... |
@@ -111,10 +112,16 @@ ARG DEBIAN_FRONTEND |
111 | 111 |
RUN --mount=type=cache,sharing=locked,id=moby-cross-false-aptlib,target=/var/lib/apt \ |
112 | 112 |
--mount=type=cache,sharing=locked,id=moby-cross-false-aptcache,target=/var/cache/apt \ |
113 | 113 |
apt-get update && apt-get install -y --no-install-recommends \ |
114 |
+ binutils-mingw-w64 \ |
|
115 |
+ btrfs-tools \ |
|
116 |
+ g++-mingw-w64-x86-64 \ |
|
114 | 117 |
libapparmor-dev \ |
115 |
- libseccomp-dev |
|
118 |
+ libdevmapper-dev \ |
|
119 |
+ libseccomp-dev \ |
|
120 |
+ libsystemd-dev \ |
|
121 |
+ libudev-dev |
|
116 | 122 |
|
117 |
-FROM --platform=linux/amd64 cross-true AS runtime-dev-cross-true |
|
123 |
+FROM --platform=linux/amd64 runtime-dev-cross-false AS runtime-dev-cross-true |
|
118 | 124 |
ARG DEBIAN_FRONTEND |
119 | 125 |
# These crossbuild packages rely on gcc-<arch>, but this doesn't want to install |
120 | 126 |
# on non-amd64 systems. |
... | ... |
@@ -128,11 +135,7 @@ RUN --mount=type=cache,sharing=locked,id=moby-cross-true-aptlib,target=/var/lib/ |
128 | 128 |
libapparmor-dev:armhf \ |
129 | 129 |
libseccomp-dev:arm64 \ |
130 | 130 |
libseccomp-dev:armel \ |
131 |
- libseccomp-dev:armhf \ |
|
132 |
- # install this arches seccomp here due to compat issues with the v0 builder |
|
133 |
- # This is as opposed to inheriting from runtime-dev-cross-false |
|
134 |
- libapparmor-dev \ |
|
135 |
- libseccomp-dev |
|
131 |
+ libseccomp-dev:armhf |
|
136 | 132 |
|
137 | 133 |
FROM runtime-dev-cross-${CROSS} AS runtime-dev |
138 | 134 |
|
... | ... |
@@ -261,19 +264,13 @@ RUN --mount=type=cache,sharing=locked,id=moby-dev-aptlib,target=/var/lib/apt \ |
261 | 261 |
apparmor \ |
262 | 262 |
aufs-tools \ |
263 | 263 |
bash-completion \ |
264 |
- binutils-mingw-w64 \ |
|
265 |
- btrfs-tools \ |
|
266 | 264 |
bzip2 \ |
267 |
- g++-mingw-w64-x86-64 \ |
|
268 | 265 |
iptables \ |
269 | 266 |
jq \ |
270 | 267 |
libcap2-bin \ |
271 |
- libdevmapper-dev \ |
|
272 | 268 |
libnet1 \ |
273 | 269 |
libnl-3-200 \ |
274 | 270 |
libprotobuf-c1 \ |
275 |
- libsystemd-dev \ |
|
276 |
- libudev-dev \ |
|
277 | 271 |
net-tools \ |
278 | 272 |
pigz \ |
279 | 273 |
python3-pip \ |
... | ... |
@@ -304,15 +301,17 @@ COPY --from=containerd /build/ /usr/local/bin/ |
304 | 304 |
COPY --from=rootlesskit /build/ /usr/local/bin/ |
305 | 305 |
COPY --from=vpnkit /vpnkit /usr/local/bin/vpnkit.x86_64 |
306 | 306 |
COPY --from=proxy /build/ /usr/local/bin/ |
307 |
- |
|
308 | 307 |
ENV PATH=/usr/local/cli:$PATH |
309 |
-ENV DOCKER_BUILDTAGS apparmor seccomp selinux |
|
308 |
+ARG DOCKER_BUILDTAGS |
|
309 |
+ENV DOCKER_BUILDTAGS="${DOCKER_BUILDTAGS}" |
|
310 | 310 |
WORKDIR /go/src/github.com/docker/docker |
311 | 311 |
VOLUME /var/lib/docker |
312 | 312 |
# Wrap all commands in the "docker-in-docker" script to allow nested containers |
313 | 313 |
ENTRYPOINT ["hack/dind"] |
314 | 314 |
|
315 |
-FROM dev AS src |
|
315 |
+FROM runtime-dev AS src |
|
316 |
+# Make arg inheritable |
|
317 |
+WORKDIR /go/src/github.com/docker/docker |
|
316 | 318 |
COPY . /go/src/github.com/docker/docker |
317 | 319 |
|
318 | 320 |
FROM src AS binary-base |
... | ... |
@@ -326,6 +325,16 @@ ARG PRODUCT |
326 | 326 |
ENV PRODUCT=${PRODUCT} |
327 | 327 |
ARG DEFAULT_PRODUCT_LICENSE |
328 | 328 |
ENV DEFAULT_PRODUCT_LICENSE=${DEFAULT_PRODUCT_LICENSE} |
329 |
+ARG DOCKER_BUILDTAGS |
|
330 |
+ENV DOCKER_BUILDTAGS="${DOCKER_BUILDTAGS}" |
|
331 |
+# TODO: This is here because hack/make.sh binary copies these extras binaries |
|
332 |
+# from $PATH into the bundles dir. |
|
333 |
+# It would be nice to handle this in a different way. |
|
334 |
+COPY --from=tini /build/ /usr/local/bin/ |
|
335 |
+COPY --from=runc /build/ /usr/local/bin/ |
|
336 |
+COPY --from=containerd /build/ /usr/local/bin/ |
|
337 |
+COPY --from=rootlesskit /build/ /usr/local/bin/ |
|
338 |
+COPY --from=proxy /build/ /usr/local/bin/ |
|
329 | 339 |
|
330 | 340 |
FROM binary-base AS build-binary |
331 | 341 |
RUN --mount=type=cache,target=/root/.cache/go-build \ |
... | ... |
@@ -337,7 +346,6 @@ RUN --mount=type=cache,target=/root/.cache/go-build \ |
337 | 337 |
|
338 | 338 |
FROM binary-base AS build-cross |
339 | 339 |
ARG DOCKER_CROSSPLATFORMS |
340 |
-RUN --mount=type=cache,target=/root/.cache/go-build \ |
|
341 | 340 |
hack/make.sh cross |
342 | 341 |
|
343 | 342 |
FROM scratch AS binary |