2022-07-02 11:01:57 -04:00
# syntax=docker/dockerfile:1
2013-09-06 22:58:05 -04:00
2019-04-05 20:20:06 -04:00
ARG CROSS = "false"
2020-02-10 12:55:16 -05:00
ARG SYSTEMD = "false"
Update to go 1.19.2 to address CVE-2022-2879, CVE-2022-2880, CVE-2022-41715
From the mailing list:
We have just released Go versions 1.19.2 and 1.18.7, minor point releases.
These minor releases include 3 security fixes following the security policy:
- archive/tar: unbounded memory consumption when reading headers
Reader.Read did not set a limit on the maximum size of file headers.
A maliciously crafted archive could cause Read to allocate unbounded
amounts of memory, potentially causing resource exhaustion or panics.
Reader.Read now limits the maximum size of header blocks to 1 MiB.
Thanks to Adam Korczynski (ADA Logics) and OSS-Fuzz for reporting this issue.
This is CVE-2022-2879 and Go issue https://go.dev/issue/54853.
- net/http/httputil: ReverseProxy should not forward unparseable query parameters
Requests forwarded by ReverseProxy included the raw query parameters from the
inbound request, including unparseable parameters rejected by net/http. This
could permit query parameter smuggling when a Go proxy forwards a parameter
with an unparseable value.
ReverseProxy will now sanitize the query parameters in the forwarded query
when the outbound request's Form field is set after the ReverseProxy.Director
function returns, indicating that the proxy has parsed the query parameters.
Proxies which do not parse query parameters continue to forward the original
query parameters unchanged.
Thanks to Gal Goldstein (Security Researcher, Oxeye) and
Daniel Abeles (Head of Research, Oxeye) for reporting this issue.
This is CVE-2022-2880 and Go issue https://go.dev/issue/54663.
- regexp/syntax: limit memory used by parsing regexps
The parsed regexp representation is linear in the size of the input,
but in some cases the constant factor can be as high as 40,000,
making relatively small regexps consume much larger amounts of memory.
Each regexp being parsed is now limited to a 256 MB memory footprint.
Regular expressions whose representation would use more space than that
are now rejected. Normal use of regular expressions is unaffected.
Thanks to Adam Korczynski (ADA Logics) and OSS-Fuzz for reporting this issue.
This is CVE-2022-41715 and Go issue https://go.dev/issue/55949.
View the release notes for more information: https://go.dev/doc/devel/release#go1.19.2
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-10-04 14:41:45 -04:00
ARG GO_VERSION = 1 .19.2
2019-08-11 11:08:33 -04:00
ARG DEBIAN_FRONTEND = noninteractive
2021-02-24 00:05:38 -05:00
ARG VPNKIT_VERSION = 0 .5.0
2020-09-18 18:40:45 -04:00
2021-08-19 15:16:01 -04:00
ARG BASE_DEBIAN_DISTRO = "bullseye"
2020-09-18 18:40:45 -04:00
ARG GOLANG_IMAGE = " golang: ${ GO_VERSION } - ${ BASE_DEBIAN_DISTRO } "
2019-04-05 20:20:06 -04:00
2020-03-30 10:27:59 -04:00
FROM ${GOLANG_IMAGE} AS base
2019-05-22 19:49:55 -04:00
RUN echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache
2019-07-16 06:16:56 -04:00
ARG APT_MIRROR
RUN sed -ri " s/(httpredir|deb).debian.org/ ${ APT_MIRROR :- deb .debian.org } /g " /etc/apt/sources.list \
&& sed -ri " s/(security).debian.org/ ${ APT_MIRROR :- security .debian.org } /g " /etc/apt/sources.list
2019-09-11 03:36:53 -04:00
ENV GO111MODULE = off
2016-11-20 17:14:51 -05:00
2017-09-29 17:09:14 -04:00
FROM base AS criu
2019-08-11 11:08:33 -04:00
ARG DEBIAN_FRONTEND
2021-09-27 07:34:41 -04:00
ADD --chmod= 0644 https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_11/Release.key /etc/apt/trusted.gpg.d/criu.gpg.asc
2019-05-22 19:49:55 -04:00
RUN --mount= type = cache,sharing= locked,id= moby-criu-aptlib,target= /var/lib/apt \
2019-10-05 16:41:27 -04:00
--mount= type = cache,sharing= locked,id= moby-criu-aptcache,target= /var/cache/apt \
2021-09-27 07:34:41 -04:00
echo 'deb https://download.opensuse.org/repositories/devel:/tools:/criu/Debian_11/ /' > /etc/apt/sources.list.d/criu.list \
2020-12-01 20:02:42 -05:00
&& apt-get update \
&& apt-get install -y --no-install-recommends criu \
&& install -D /usr/sbin/criu /build/criu
2017-09-29 17:09:14 -04:00
2018-02-27 03:20:55 -05:00
FROM base AS registry
2020-01-10 08:07:01 -05:00
WORKDIR /go/src/github.com/docker/distribution
2021-08-23 07:57:40 -04:00
2021-09-24 10:47:18 -04:00
# REGISTRY_VERSION specifies the version of the registry to build and install
2021-08-23 07:57:40 -04:00
# from the https://github.com/docker/distribution repository. This version of
# the registry is used to test both schema 1 and schema 2 manifests. Generally,
# the version specified here should match a current release.
2021-09-24 10:47:18 -04:00
ARG REGISTRY_VERSION = v2.3.0
2021-08-23 07:57:40 -04:00
2022-03-01 01:26:35 -05:00
# REGISTRY_VERSION_SCHEMA1 specifies the version of the registry to build and
2021-08-23 07:57:40 -04:00
# install from the https://github.com/docker/distribution repository. This is
# an older (pre v2.3.0) version of the registry that only supports schema1
# manifests. This version of the registry is not working on arm64, so installation
# is skipped on that architecture.
2021-09-24 10:47:18 -04:00
ARG REGISTRY_VERSION_SCHEMA1 = v2.1.0
2019-05-22 19:49:55 -04:00
RUN --mount= type = cache,target= /root/.cache/go-build \
2019-10-05 16:41:27 -04:00
--mount= type = cache,target= /go/pkg/mod \
2020-01-10 08:07:01 -05:00
--mount= type = tmpfs,target= /go/src/ \
2019-10-05 16:41:27 -04:00
set -x \
2020-01-10 08:07:01 -05:00
&& git clone https://github.com/docker/distribution.git . \
2021-09-24 10:47:18 -04:00
&& git checkout -q " $REGISTRY_VERSION " \
2020-01-10 08:07:01 -05:00
&& GOPATH = " /go/src/github.com/docker/distribution/Godeps/_workspace: $GOPATH " \
2019-10-05 16:41:27 -04:00
go build -buildmode= pie -o /build/registry-v2 github.com/docker/distribution/cmd/registry \
&& case $( dpkg --print-architecture) in \
2020-01-10 08:32:46 -05:00
amd64| armhf| ppc64*| s390x) \
2021-09-24 10:47:18 -04:00
git checkout -q " $REGISTRY_VERSION_SCHEMA1 " ; \
2020-01-10 08:07:01 -05:00
GOPATH = " /go/src/github.com/docker/distribution/Godeps/_workspace: $GOPATH " ; \
2019-10-05 16:41:27 -04:00
go build -buildmode= pie -o /build/registry-v2-schema1 github.com/docker/distribution/cmd/registry; \
; ; \
2020-01-10 08:07:01 -05:00
esac
2015-01-20 22:40:19 -05:00
2018-02-27 03:20:55 -05:00
FROM base AS swagger
2020-01-10 08:07:01 -05:00
WORKDIR $GOPATH/src/github.com/go-swagger/go-swagger
2021-08-23 07:57:40 -04:00
# GO_SWAGGER_COMMIT specifies the version of the go-swagger binary to build and
# install. Go-swagger is used in CI for validating swagger.yaml in hack/validate/swagger-gen
#
# Currently uses a fork from https://github.com/kolyshkin/go-swagger/tree/golang-1.13-fix,
2019-10-03 21:57:29 -04:00
# TODO: move to under moby/ or fix upstream go-swagger to work for us.
2021-07-02 09:00:47 -04:00
ENV GO_SWAGGER_COMMIT c56166c036004ba7a3a321e5951ba472b9ae298c
2019-05-22 19:49:55 -04:00
RUN --mount= type = cache,target= /root/.cache/go-build \
2019-10-05 16:41:27 -04:00
--mount= type = cache,target= /go/pkg/mod \
2020-01-10 08:07:01 -05:00
--mount= type = tmpfs,target= /go/src/ \
2019-10-05 16:41:27 -04:00
set -x \
2020-01-10 08:07:01 -05:00
&& git clone https://github.com/kolyshkin/go-swagger.git . \
&& git checkout -q " $GO_SWAGGER_COMMIT " \
&& go build -o /build/swagger github.com/go-swagger/go-swagger/cmd/swagger
2016-11-03 13:15:27 -04:00
2020-09-18 18:40:45 -04:00
FROM debian:${BASE_DEBIAN_DISTRO} AS frozen-images
2019-08-11 11:08:33 -04:00
ARG DEBIAN_FRONTEND
2019-05-22 19:49:55 -04:00
RUN --mount= type = cache,sharing= locked,id= moby-frozen-images-aptlib,target= /var/lib/apt \
2019-10-05 16:41:27 -04:00
--mount= type = cache,sharing= locked,id= moby-frozen-images-aptcache,target= /var/cache/apt \
apt-get update && apt-get install -y --no-install-recommends \
ca-certificates \
2020-09-18 18:40:45 -04:00
curl \
2019-10-05 16:41:27 -04:00
jq
2015-03-06 20:12:41 -05:00
# Get useful and necessary Hub images so we can "docker load" locally instead of pulling
2017-09-29 17:09:14 -04:00
COPY contrib/download-frozen-image-v2.sh /
2020-09-29 18:39:49 -04:00
ARG TARGETARCH
2018-04-13 14:45:57 -04:00
RUN /download-frozen-image-v2.sh /build \
2020-06-29 23:06:03 -04:00
busybox:latest@sha256:95cf004f559831017cdf4628aaf1bb30133677be8702a8c5f2994629f637a209 \
busybox:glibc@sha256:1f81263701cddf6402afe9f33fca0266d9fff379e59b1748f33d3072da71ee85 \
2021-08-19 17:40:38 -04:00
debian:bullseye-slim@sha256:dacf278785a4daa9de07596ec739dbc07131e189942772210709c5c0777e8437 \
2020-10-15 19:01:17 -04:00
hello-world:latest@sha256:d58e752213a51785838f9eed2b7a498ffa1cb3aa7f946dda11af39286c3db9a9 \
arm32v7/hello-world:latest@sha256:50b8560ad574c779908da71f7ce370c0a2471c098d44d1c8f6b513c5a55eeeb1
2020-12-02 04:11:57 -05:00
# See also frozenImages in "testutil/environment/protect.go" (which needs to be updated when adding images to this list)
2015-02-28 00:53:36 -05:00
2019-04-16 19:31:49 -04:00
FROM base AS cross-false
2017-09-29 17:09:14 -04:00
2019-10-08 13:54:39 -04:00
FROM --platform=linux/amd64 base AS cross-true
2019-08-11 11:08:33 -04:00
ARG DEBIAN_FRONTEND
2019-04-05 20:20:06 -04:00
RUN dpkg --add-architecture arm64
RUN dpkg --add-architecture armel
2019-10-05 16:56:32 -04:00
RUN dpkg --add-architecture armhf
2021-06-15 04:49:04 -04:00
RUN dpkg --add-architecture ppc64el
2021-06-14 05:06:42 -04:00
RUN dpkg --add-architecture s390x
2019-05-22 19:49:55 -04:00
RUN --mount= type = cache,sharing= locked,id= moby-cross-true-aptlib,target= /var/lib/apt \
2019-10-05 16:41:27 -04:00
--mount= type = cache,sharing= locked,id= moby-cross-true-aptcache,target= /var/cache/apt \
apt-get update && apt-get install -y --no-install-recommends \
2019-10-05 16:56:32 -04:00
crossbuild-essential-arm64 \
crossbuild-essential-armel \
2021-06-15 04:49:04 -04:00
crossbuild-essential-armhf \
2021-06-14 05:06:42 -04:00
crossbuild-essential-ppc64el \
crossbuild-essential-s390x
2019-04-16 19:31:49 -04:00
2021-08-23 07:57:40 -04:00
FROM cross-${CROSS} AS dev-base
2019-04-16 19:31:49 -04:00
FROM dev-base AS runtime-dev-cross-false
2019-08-11 11:08:33 -04:00
ARG DEBIAN_FRONTEND
2019-05-22 19:49:55 -04:00
RUN --mount= type = cache,sharing= locked,id= moby-cross-false-aptlib,target= /var/lib/apt \
2019-10-05 16:41:27 -04:00
--mount= type = cache,sharing= locked,id= moby-cross-false-aptcache,target= /var/cache/apt \
apt-get update && apt-get install -y --no-install-recommends \
2019-11-05 15:11:49 -05:00
binutils-mingw-w64 \
g++-mingw-w64-x86-64 \
2019-10-05 16:41:27 -04:00
libapparmor-dev \
2019-07-17 08:37:56 -04:00
libbtrfs-dev \
2019-11-05 15:11:49 -05:00
libdevmapper-dev \
2021-08-19 15:16:01 -04:00
libseccomp-dev \
2019-11-05 15:11:49 -05:00
libsystemd-dev \
libudev-dev
2019-05-22 19:49:55 -04:00
2019-11-05 15:11:49 -05:00
FROM --platform=linux/amd64 runtime-dev-cross-false AS runtime-dev-cross-true
2019-08-11 11:08:33 -04:00
ARG DEBIAN_FRONTEND
2019-04-05 20:20:06 -04:00
# These crossbuild packages rely on gcc-<arch>, but this doesn't want to install
2022-03-01 01:26:35 -05:00
# on non-amd64 systems, so other architectures cannot crossbuild amd64.
2019-05-22 19:49:55 -04:00
RUN --mount= type = cache,sharing= locked,id= moby-cross-true-aptlib,target= /var/lib/apt \
2019-10-05 16:41:27 -04:00
--mount= type = cache,sharing= locked,id= moby-cross-true-aptcache,target= /var/cache/apt \
apt-get update && apt-get install -y --no-install-recommends \
libapparmor-dev:arm64 \
libapparmor-dev:armel \
2021-06-15 04:49:04 -04:00
libapparmor-dev:armhf \
2021-06-14 05:06:42 -04:00
libapparmor-dev:ppc64el \
2021-08-19 15:32:18 -04:00
libapparmor-dev:s390x \
libseccomp-dev:arm64 \
libseccomp-dev:armel \
libseccomp-dev:armhf \
libseccomp-dev:ppc64el \
libseccomp-dev:s390x
2019-05-22 19:49:55 -04:00
2019-04-05 20:20:06 -04:00
FROM runtime-dev-cross-${CROSS} AS runtime-dev
2017-09-29 17:09:14 -04:00
2022-02-20 13:21:10 -05:00
FROM base AS delve
# DELVE_VERSION specifies the version of the Delve debugger binary
# from the https://github.com/go-delve/delve repository.
# It can be used to run Docker with a possibility of
# attaching debugger to it.
#
ARG DELVE_VERSION = v1.8.1
2022-07-02 09:39:02 -04:00
# Delve on Linux is currently only supported on amd64 and arm64;
# https://github.com/go-delve/delve/blob/v1.8.1/pkg/proc/native/support_sentinel.go#L1-L6
2022-02-20 13:21:10 -05:00
RUN --mount= type = cache,target= /root/.cache/go-build \
--mount= type = cache,target= /go/pkg/mod \
2022-07-02 09:39:02 -04:00
case $( dpkg --print-architecture) in \
amd64| arm64) \
GOBIN = /build/ GO111MODULE = on go install " github.com/go-delve/delve/cmd/dlv@ ${ DELVE_VERSION } " \
&& /build/dlv --help \
; ; \
*) \
mkdir -p /build/ \
; ; \
esac
2022-02-20 13:21:10 -05:00
validate/toml: switch to github.com/pelletier/go-toml
The github.com/BurntSushi/toml project is no longer maintained,
and containerd is switching to this project instead, so start
moving our code as well.
This patch only changes the binary used during validation (tbh,
we could probably remove this validation step, but leaving that
for now).
I manually verified that the hack/verify/toml still works by adding a commit
that makes the MAINTAINERS file invalid;
diff --git a/MAINTAINERS b/MAINTAINERS
index b739e7e20c..81ababd8de 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -23,7 +23,7 @@
# a subsystem, they are responsible for doing so and holding the
# subsystem maintainers accountable. If ownership is unclear, they are the de facto owners.
- people = [
+ people =
"akihirosuda",
"anusha",
"coolljt0725",
Running `hack/verify/toml` was able to detect the broken format;
hack/validate/toml
(27, 4): keys cannot contain , characterThese files are not valid TOML:
- MAINTAINERS
Please reformat the above files as valid TOML
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-04-02 10:02:34 -04:00
FROM base AS tomll
2021-08-23 07:57:40 -04:00
# GOTOML_VERSION specifies the version of the tomll binary to build and install
# from the https://github.com/pelletier/go-toml repository. This binary is used
# in CI in the hack/validate/toml script.
#
# When updating this version, consider updating the github.com/pelletier/go-toml
2021-12-15 14:35:04 -05:00
# dependency in vendor.mod accordingly.
2021-08-23 07:57:40 -04:00
ARG GOTOML_VERSION = v1.8.1
2019-05-22 19:49:55 -04:00
RUN --mount= type = cache,target= /root/.cache/go-build \
2019-10-05 16:41:27 -04:00
--mount= type = cache,target= /go/pkg/mod \
2021-08-23 07:57:40 -04:00
GOBIN = /build/ GO111MODULE = on go install " github.com/pelletier/go-toml/cmd/tomll@ ${ GOTOML_VERSION } " \
&& /build/tomll --help
2017-09-29 17:09:14 -04:00
2022-04-14 13:52:23 -04:00
FROM base AS gowinres
# GOWINRES_VERSION defines go-winres tool version
ARG GOWINRES_VERSION = v0.2.3
RUN --mount= type = cache,target= /root/.cache/go-build \
--mount= type = cache,target= /go/pkg/mod \
GOBIN = /build/ GO111MODULE = on go install " github.com/tc-hib/go-winres@ ${ GOWINRES_VERSION } " \
&& /build/go-winres --help
2019-04-16 19:31:49 -04:00
FROM dev-base AS containerd
2019-08-11 11:08:33 -04:00
ARG DEBIAN_FRONTEND
2019-05-22 19:49:55 -04:00
RUN --mount= type = cache,sharing= locked,id= moby-containerd-aptlib,target= /var/lib/apt \
2019-10-05 16:41:27 -04:00
--mount= type = cache,sharing= locked,id= moby-containerd-aptcache,target= /var/cache/apt \
apt-get update && apt-get install -y --no-install-recommends \
2019-07-17 08:37:56 -04:00
libbtrfs-dev
2021-07-26 08:48:52 -04:00
ARG CONTAINERD_VERSION
2021-08-23 07:57:40 -04:00
COPY /hack/dockerfile/install/install.sh /hack/dockerfile/install/containerd.installer /
2019-05-22 19:49:55 -04:00
RUN --mount= type = cache,target= /root/.cache/go-build \
2019-10-05 16:41:27 -04:00
--mount= type = cache,target= /go/pkg/mod \
2021-08-23 07:57:40 -04:00
PREFIX = /build /install.sh containerd
2017-09-29 17:09:14 -04:00
2019-08-05 06:32:43 -04:00
FROM base AS golangci_lint
2022-09-03 17:20:23 -04:00
# FIXME: when updating golangci-lint, remove the temporary "nolint" in https://github.com/moby/moby/blob/7860686a8df15eea9def9e6189c6f9eca031bb6f/libnetwork/networkdb/cluster.go#L246
ARG GOLANGCI_LINT_VERSION = v1.49.0
2019-05-22 19:49:55 -04:00
RUN --mount= type = cache,target= /root/.cache/go-build \
2019-10-05 16:41:27 -04:00
--mount= type = cache,target= /go/pkg/mod \
2021-08-23 07:57:40 -04:00
GOBIN = /build/ GO111MODULE = on go install " github.com/golangci/golangci-lint/cmd/golangci-lint@ ${ GOLANGCI_LINT_VERSION } " \
&& /build/golangci-lint --version
2017-09-29 17:09:14 -04:00
2019-07-30 20:07:30 -04:00
FROM base AS gotestsum
2022-05-27 11:59:58 -04:00
ARG GOTESTSUM_VERSION = v1.8.1
2019-05-22 19:49:55 -04:00
RUN --mount= type = cache,target= /root/.cache/go-build \
2019-10-05 16:41:27 -04:00
--mount= type = cache,target= /go/pkg/mod \
2021-08-23 07:57:40 -04:00
GOBIN = /build/ GO111MODULE = on go install " gotest.tools/gotestsum@ ${ GOTESTSUM_VERSION } " \
&& /build/gotestsum --version
2019-07-30 20:07:30 -04:00
2020-02-29 10:31:43 -05:00
FROM base AS shfmt
2021-08-23 07:57:40 -04:00
ARG SHFMT_VERSION = v3.0.2
2020-02-29 10:31:43 -05:00
RUN --mount= type = cache,target= /root/.cache/go-build \
--mount= type = cache,target= /go/pkg/mod \
2021-08-23 07:57:40 -04:00
GOBIN = /build/ GO111MODULE = on go install " mvdan.cc/sh/v3/cmd/shfmt@ ${ SHFMT_VERSION } " \
&& /build/shfmt --version
2020-02-29 10:31:43 -05:00
2019-04-16 19:31:49 -04:00
FROM dev-base AS dockercli
2019-09-12 16:22:56 -04:00
ARG DOCKERCLI_CHANNEL
ARG DOCKERCLI_VERSION
2021-08-23 07:57:40 -04:00
COPY /hack/dockerfile/install/install.sh /hack/dockerfile/install/dockercli.installer /
2019-05-22 19:49:55 -04:00
RUN --mount= type = cache,target= /root/.cache/go-build \
2019-10-05 16:41:27 -04:00
--mount= type = cache,target= /go/pkg/mod \
2021-08-23 07:57:40 -04:00
PREFIX = /build /install.sh dockercli
2017-09-29 17:09:14 -04:00
FROM runtime-dev AS runc
2021-07-26 08:48:52 -04:00
ARG RUNC_VERSION
2019-09-12 16:22:56 -04:00
ARG RUNC_BUILDTAGS
2021-08-23 07:57:40 -04:00
COPY /hack/dockerfile/install/install.sh /hack/dockerfile/install/runc.installer /
2019-05-22 19:49:55 -04:00
RUN --mount= type = cache,target= /root/.cache/go-build \
2019-10-05 16:41:27 -04:00
--mount= type = cache,target= /go/pkg/mod \
2021-08-23 07:57:40 -04:00
PREFIX = /build /install.sh runc
2017-09-29 17:09:14 -04:00
2019-04-16 19:31:49 -04:00
FROM dev-base AS tini
2019-08-11 11:08:33 -04:00
ARG DEBIAN_FRONTEND
2021-07-26 08:48:52 -04:00
ARG TINI_VERSION
2019-05-22 19:49:55 -04:00
RUN --mount= type = cache,sharing= locked,id= moby-tini-aptlib,target= /var/lib/apt \
2019-10-05 16:41:27 -04:00
--mount= type = cache,sharing= locked,id= moby-tini-aptcache,target= /var/cache/apt \
apt-get update && apt-get install -y --no-install-recommends \
cmake \
vim-common
2021-08-23 07:57:40 -04:00
COPY /hack/dockerfile/install/install.sh /hack/dockerfile/install/tini.installer /
2019-05-22 19:49:55 -04:00
RUN --mount= type = cache,target= /root/.cache/go-build \
2019-10-05 16:41:27 -04:00
--mount= type = cache,target= /go/pkg/mod \
2021-08-23 07:57:40 -04:00
PREFIX = /build /install.sh tini
2017-09-29 17:09:14 -04:00
2019-04-16 19:31:49 -04:00
FROM dev-base AS rootlesskit
2021-07-26 08:48:52 -04:00
ARG ROOTLESSKIT_VERSION
2021-08-23 07:57:40 -04:00
ARG PREFIX = /build
COPY /hack/dockerfile/install/install.sh /hack/dockerfile/install/rootlesskit.installer /
2019-05-22 19:49:55 -04:00
RUN --mount= type = cache,target= /root/.cache/go-build \
2019-10-05 16:41:27 -04:00
--mount= type = cache,target= /go/pkg/mod \
2021-08-23 07:57:40 -04:00
/install.sh rootlesskit \
&& " ${ PREFIX } " /rootlesskit --version \
&& " ${ PREFIX } " /rootlesskit-docker-proxy --help
2018-10-15 03:52:53 -04:00
COPY ./contrib/dockerd-rootless.sh /build
2020-05-11 09:12:50 -04:00
COPY ./contrib/dockerd-rootless-setuptool.sh /build
2017-09-29 17:09:14 -04:00
2022-06-10 17:19:40 -04:00
FROM base AS crun
ARG CRUN_VERSION = 1 .4.5
RUN --mount= type = cache,sharing= locked,id= moby-crun-aptlib,target= /var/lib/apt \
--mount= type = cache,sharing= locked,id= moby-crun-aptcache,target= /var/cache/apt \
apt-get update && apt-get install -y --no-install-recommends \
autoconf \
automake \
build-essential \
libcap-dev \
libprotobuf-c-dev \
libseccomp-dev \
libsystemd-dev \
libtool \
libudev-dev \
libyajl-dev \
python3 \
;
RUN --mount= type = tmpfs,target= /tmp/crun-build \
git clone https://github.com/containers/crun.git /tmp/crun-build && \
cd /tmp/crun-build && \
git checkout -q " ${ CRUN_VERSION } " && \
./autogen.sh && \
./configure --bindir= /build && \
make -j install
2021-02-24 00:05:38 -05:00
FROM --platform=amd64 djs55/vpnkit:${VPNKIT_VERSION} AS vpnkit-amd64
FROM --platform=arm64 djs55/vpnkit:${VPNKIT_VERSION} AS vpnkit-arm64
FROM scratch AS vpnkit
COPY --from= vpnkit-amd64 /vpnkit /build/vpnkit.x86_64
COPY --from= vpnkit-arm64 /vpnkit /build/vpnkit.aarch64
2019-10-05 16:46:49 -04:00
2017-09-29 17:09:14 -04:00
# TODO: Some of this is only really needed for testing, it would be nice to split this up
2020-02-10 12:55:16 -05:00
FROM runtime-dev AS dev-systemd-false
2019-08-11 11:08:33 -04:00
ARG DEBIAN_FRONTEND
2017-09-29 17:09:14 -04:00
RUN groupadd -r docker
2020-02-18 04:43:56 -05:00
RUN useradd --create-home --gid docker unprivilegeduser \
&& mkdir -p /home/unprivilegeduser/.local/share/docker \
&& chown -R unprivilegeduser /home/unprivilegeduser
2018-06-29 06:39:36 -04:00
# Let us use a .bashrc file
RUN ln -sfv /go/src/github.com/docker/docker/.bashrc ~/.bashrc
2017-06-24 17:51:06 -04:00
# Activate bash completion and include Docker's completion if mounted with DOCKER_BASH_COMPLETION_PATH
RUN echo "source /usr/share/bash-completion/bash_completion" >> /etc/bash.bashrc
2017-06-23 12:05:38 -04:00
RUN ln -s /usr/local/completion/bash/docker /etc/bash_completion.d/docker
2017-09-29 17:09:14 -04:00
RUN ldconfig
# This should only install packages that are specifically needed for the dev environment and nothing else
# Do you really need to add another package here? Can it be done in a different build stage?
2019-05-22 19:49:55 -04:00
RUN --mount= type = cache,sharing= locked,id= moby-dev-aptlib,target= /var/lib/apt \
2019-10-05 16:41:27 -04:00
--mount= type = cache,sharing= locked,id= moby-dev-aptcache,target= /var/cache/apt \
apt-get update && apt-get install -y --no-install-recommends \
apparmor \
bash-completion \
2019-10-05 16:56:32 -04:00
bzip2 \
2021-08-19 15:16:01 -04:00
inetutils-ping \
iproute2 \
2019-10-05 16:41:27 -04:00
iptables \
jq \
libcap2-bin \
2019-10-05 16:56:32 -04:00
libnet1 \
libnl-3-200 \
libprotobuf-c1 \
2022-06-10 17:19:40 -04:00
libyajl2 \
2019-10-05 16:41:27 -04:00
net-tools \
2020-07-15 07:45:41 -04:00
patch \
2019-10-05 16:41:27 -04:00
pigz \
python3-pip \
python3-setuptools \
python3-wheel \
2020-02-18 04:43:56 -05:00
sudo \
2022-02-02 16:39:35 -05:00
systemd-journal-remote \
2019-10-05 16:41:27 -04:00
thin-provisioning-tools \
2020-02-18 04:43:56 -05:00
uidmap \
2019-10-05 16:41:27 -04:00
vim \
vim-common \
xfsprogs \
xz-utils \
2020-12-08 04:56:32 -05:00
zip \
zstd
2019-05-22 19:49:55 -04:00
2019-07-30 19:59:02 -04:00
2020-02-25 18:31:07 -05:00
# Switch to use iptables instead of nftables (to match the CI hosts)
# TODO use some kind of runtime auto-detection instead if/when nftables is supported (https://github.com/moby/moby/issues/26824)
2019-07-22 11:22:13 -04:00
RUN update-alternatives --set iptables /usr/sbin/iptables-legacy || true \
&& update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy || true \
&& update-alternatives --set arptables /usr/sbin/arptables-legacy || true
2022-08-26 03:21:29 -04:00
ARG YAMLLINT_VERSION = 1 .27.1
RUN pip3 install yamllint = = ${ YAMLLINT_VERSION }
2019-07-30 19:59:02 -04:00
2019-10-05 17:10:32 -04:00
COPY --from= dockercli /build/ /usr/local/cli
2018-04-13 14:45:57 -04:00
COPY --from= frozen-images /build/ /docker-frozen-images
2019-10-05 17:10:32 -04:00
COPY --from= swagger /build/ /usr/local/bin/
2022-02-20 13:21:10 -05:00
COPY --from= delve /build/ /usr/local/bin/
validate/toml: switch to github.com/pelletier/go-toml
The github.com/BurntSushi/toml project is no longer maintained,
and containerd is switching to this project instead, so start
moving our code as well.
This patch only changes the binary used during validation (tbh,
we could probably remove this validation step, but leaving that
for now).
I manually verified that the hack/verify/toml still works by adding a commit
that makes the MAINTAINERS file invalid;
diff --git a/MAINTAINERS b/MAINTAINERS
index b739e7e20c..81ababd8de 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -23,7 +23,7 @@
# a subsystem, they are responsible for doing so and holding the
# subsystem maintainers accountable. If ownership is unclear, they are the de facto owners.
- people = [
+ people =
"akihirosuda",
"anusha",
"coolljt0725",
Running `hack/verify/toml` was able to detect the broken format;
hack/validate/toml
(27, 4): keys cannot contain , characterThese files are not valid TOML:
- MAINTAINERS
Please reformat the above files as valid TOML
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-04-02 10:02:34 -04:00
COPY --from= tomll /build/ /usr/local/bin/
2022-04-14 13:52:23 -04:00
COPY --from= gowinres /build/ /usr/local/bin/
2019-10-05 17:10:32 -04:00
COPY --from= tini /build/ /usr/local/bin/
COPY --from= registry /build/ /usr/local/bin/
2020-12-01 20:02:42 -05:00
COPY --from= criu /build/ /usr/local/bin/
2019-10-05 17:10:32 -04:00
COPY --from= gotestsum /build/ /usr/local/bin/
2019-10-05 16:59:51 -04:00
COPY --from= golangci_lint /build/ /usr/local/bin/
2020-02-29 10:31:43 -05:00
COPY --from= shfmt /build/ /usr/local/bin/
2019-10-05 17:10:32 -04:00
COPY --from= runc /build/ /usr/local/bin/
COPY --from= containerd /build/ /usr/local/bin/
COPY --from= rootlesskit /build/ /usr/local/bin/
2021-02-24 00:05:38 -05:00
COPY --from= vpnkit /build/ /usr/local/bin/
2022-06-10 17:19:40 -04:00
COPY --from= crun /build/ /usr/local/bin/
COPY hack/dockerfile/etc/docker/ /etc/docker/
2017-09-29 17:09:14 -04:00
ENV PATH = /usr/local/cli:$PATH
2019-11-05 15:11:49 -05:00
ARG DOCKER_BUILDTAGS
ENV DOCKER_BUILDTAGS = " ${ DOCKER_BUILDTAGS } "
2017-09-29 17:09:14 -04:00
WORKDIR /go/src/github.com/docker/docker
VOLUME /var/lib/docker
2020-02-18 04:43:56 -05:00
VOLUME /home/unprivilegeduser/.local/share/docker
2017-09-29 17:09:14 -04:00
# Wrap all commands in the "docker-in-docker" script to allow nested containers
ENTRYPOINT [ "hack/dind" ]
2019-10-08 14:17:15 -04:00
2020-02-10 12:55:16 -05:00
FROM dev-systemd-false AS dev-systemd-true
RUN --mount= type = cache,sharing= locked,id= moby-dev-aptlib,target= /var/lib/apt \
--mount= type = cache,sharing= locked,id= moby-dev-aptcache,target= /var/cache/apt \
apt-get update && apt-get install -y --no-install-recommends \
dbus \
dbus-user-session \
systemd \
systemd-sysv
ENTRYPOINT [ "hack/dind-systemd" ]
2020-03-06 01:36:54 -05:00
FROM dev-systemd-${SYSTEMD} AS dev
2019-11-05 16:41:04 -05:00
FROM runtime-dev AS binary-base
2019-05-22 19:49:55 -04:00
ARG DOCKER_GITCOMMIT = HEAD
2019-10-16 13:09:10 -04:00
ENV DOCKER_GITCOMMIT = ${ DOCKER_GITCOMMIT }
ARG VERSION
ENV VERSION = ${ VERSION }
ARG PLATFORM
ENV PLATFORM = ${ PLATFORM }
ARG PRODUCT
ENV PRODUCT = ${ PRODUCT }
ARG DEFAULT_PRODUCT_LICENSE
ENV DEFAULT_PRODUCT_LICENSE = ${ DEFAULT_PRODUCT_LICENSE }
2022-04-14 13:52:23 -04:00
ARG PACKAGER_NAME
ENV PACKAGER_NAME = ${ PACKAGER_NAME }
2019-11-05 15:11:49 -05:00
ARG DOCKER_BUILDTAGS
ENV DOCKER_BUILDTAGS = " ${ DOCKER_BUILDTAGS } "
2019-11-05 16:41:04 -05:00
ENV PREFIX = /build
2019-11-05 15:11:49 -05:00
# TODO: This is here because hack/make.sh binary copies these extras binaries
# from $PATH into the bundles dir.
# It would be nice to handle this in a different way.
2022-04-14 13:52:23 -04:00
COPY --from= tini /build/ /usr/local/bin/
COPY --from= runc /build/ /usr/local/bin/
COPY --from= containerd /build/ /usr/local/bin/
COPY --from= rootlesskit /build/ /usr/local/bin/
COPY --from= vpnkit /build/ /usr/local/bin/
COPY --from= gowinres /build/ /usr/local/bin/
2019-11-05 16:41:04 -05:00
WORKDIR /go/src/github.com/docker/docker
2019-10-16 13:09:10 -04:00
FROM binary-base AS build-binary
2022-04-14 13:52:23 -04:00
RUN --mount= type = cache,target= /root/.cache \
--mount= type = bind,target= .,ro \
--mount= type = tmpfs,target= cli/winresources/dockerd \
--mount= type = tmpfs,target= cli/winresources/docker-proxy \
2019-10-05 16:41:27 -04:00
hack/make.sh binary
2019-05-22 19:49:55 -04:00
2019-10-16 13:09:10 -04:00
FROM binary-base AS build-dynbinary
2022-04-14 13:52:23 -04:00
RUN --mount= type = cache,target= /root/.cache \
--mount= type = bind,target= .,ro \
--mount= type = tmpfs,target= cli/winresources/dockerd \
--mount= type = tmpfs,target= cli/winresources/docker-proxy \
2019-10-05 16:41:27 -04:00
hack/make.sh dynbinary
2019-05-22 19:49:55 -04:00
2019-10-16 13:09:10 -04:00
FROM binary-base AS build-cross
ARG DOCKER_CROSSPLATFORMS
2022-04-14 13:52:23 -04:00
RUN --mount= type = cache,target= /root/.cache \
--mount= type = bind,target= .,ro \
--mount= type = tmpfs,target= cli/winresources/dockerd \
--mount= type = tmpfs,target= cli/winresources/docker-proxy \
2019-10-05 16:41:27 -04:00
hack/make.sh cross
2019-05-22 19:49:55 -04:00
FROM scratch AS binary
2019-11-05 16:41:04 -05:00
COPY --from= build-binary /build/bundles/ /
2019-05-22 19:49:55 -04:00
FROM scratch AS dynbinary
2019-12-30 16:20:11 -05:00
COPY --from= build-dynbinary /build/bundles/ /
2019-05-22 19:49:55 -04:00
FROM scratch AS cross
2019-12-30 16:20:11 -05:00
COPY --from= build-cross /build/bundles/ /
2018-12-13 20:26:10 -05:00
2020-03-06 01:36:54 -05:00
FROM dev AS final
2019-11-05 16:41:04 -05:00
COPY . /go/src/github.com/docker/docker