2013-06-22 02:42:17 +00:00
|
|
|
# This file describes the standard way to build Docker, using docker
|
2013-09-07 02:58:05 +00:00
|
|
|
#
|
|
|
|
|
# Usage:
|
|
|
|
|
#
|
|
|
|
|
# # Assemble the full dev environment. This is slow the first time.
|
|
|
|
|
# docker build -t docker .
|
|
|
|
|
#
|
2013-09-07 03:16:13 +00:00
|
|
|
# # Mount your source in an interactive container for quick testing:
|
2014-07-24 22:19:50 +00:00
|
|
|
# docker run -v `pwd`:/go/src/github.com/docker/docker --privileged -i -t docker bash
|
2013-09-07 03:16:13 +00:00
|
|
|
#
|
2013-09-07 02:58:05 +00:00
|
|
|
# # Run the test suite:
|
2017-04-17 19:18:13 +00:00
|
|
|
# docker run -e DOCKER_GITCOMMIT=foo --privileged docker hack/make.sh test-unit test-integration-cli test-docker-py
|
2013-09-07 02:58:05 +00:00
|
|
|
#
|
|
|
|
|
# # Publish a release:
|
2014-03-13 17:46:02 +00:00
|
|
|
# docker run --privileged \
|
2013-09-30 19:57:30 +00:00
|
|
|
# -e AWS_S3_BUCKET=baz \
|
|
|
|
|
# -e AWS_ACCESS_KEY=foo \
|
|
|
|
|
# -e AWS_SECRET_KEY=bar \
|
|
|
|
|
# -e GPG_PASSPHRASE=gloubiboulga \
|
|
|
|
|
# docker hack/release.sh
|
|
|
|
|
#
|
2015-06-13 16:21:50 +00:00
|
|
|
# Note: AppArmor used to mess with privileged mode, but this is no longer
|
2013-10-31 21:58:43 +00:00
|
|
|
# the case. Therefore, you don't have to disable it anymore.
|
|
|
|
|
#
|
2013-09-07 02:58:05 +00:00
|
|
|
|
2016-02-12 16:56:11 +00:00
|
|
|
FROM debian:jessie
|
2013-09-30 19:57:30 +00:00
|
|
|
|
2016-11-20 22:14:51 +00:00
|
|
|
# allow replacing httpredir or deb mirror
|
|
|
|
|
ARG APT_MIRROR=deb.debian.org
|
|
|
|
|
RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
|
|
|
|
|
|
2013-12-25 03:40:41 +00:00
|
|
|
# Packaged dependencies
|
2014-12-24 07:12:27 +00:00
|
|
|
RUN apt-get update && apt-get install -y \
|
2015-01-10 02:22:19 +00:00
|
|
|
apparmor \
|
2016-03-25 14:54:36 +00:00
|
|
|
apt-utils \
|
2013-12-25 03:40:41 +00:00
|
|
|
aufs-tools \
|
2014-01-27 22:34:46 +00:00
|
|
|
automake \
|
2015-03-29 12:42:48 +00:00
|
|
|
bash-completion \
|
2016-04-23 22:11:08 +00:00
|
|
|
binutils-mingw-w64 \
|
2016-03-25 14:54:36 +00:00
|
|
|
bsdmainutils \
|
2014-02-02 04:40:51 +00:00
|
|
|
btrfs-tools \
|
2013-12-25 03:40:41 +00:00
|
|
|
build-essential \
|
2016-11-03 16:47:50 +00:00
|
|
|
cmake \
|
2015-06-02 00:21:09 +00:00
|
|
|
createrepo \
|
2013-12-25 03:40:41 +00:00
|
|
|
curl \
|
|
|
|
|
dpkg-sig \
|
2015-08-10 19:51:54 +00:00
|
|
|
gcc-mingw-w64 \
|
2013-12-25 03:40:41 +00:00
|
|
|
git \
|
|
|
|
|
iptables \
|
2015-08-31 17:06:22 +00:00
|
|
|
jq \
|
2016-11-17 21:00:59 +00:00
|
|
|
less \
|
2014-01-27 22:34:46 +00:00
|
|
|
libapparmor-dev \
|
|
|
|
|
libcap-dev \
|
2016-05-12 14:52:00 +00:00
|
|
|
libnl-3-dev \
|
|
|
|
|
libprotobuf-c0-dev \
|
2016-09-29 17:58:24 +00:00
|
|
|
libprotobuf-dev \
|
Add log reading to the journald log driver
If a logdriver doesn't register a callback function to validate log
options, it won't be usable. Fix the journald driver by adding a dummy
validator.
Teach the client and the daemon's "logs" logic that the server can also
supply "logs" data via the "journald" driver. Update documentation and
tests that depend on error messages.
Add support for reading log data from the systemd journal to the
journald log driver. The internal logic uses a goroutine to scan the
journal for matching entries after any specified cutoff time, formats
the messages from those entries as JSONLog messages, and stuffs the
results down a pipe whose reading end we hand back to the caller.
If we are missing any of the 'linux', 'cgo', or 'journald' build tags,
however, we don't implement a reader, so the 'logs' endpoint will still
return an error.
Make the necessary changes to the build setup to ensure that support for
reading container logs from the systemd journal is built.
Rename the Jmap member of the journald logdriver's struct to "vars" to
make it non-public, and to make it easier to tell that it's just there
to hold additional variable values that we want journald to record along
with log data that we're sending to it.
In the client, don't assume that we know which logdrivers the server
implements, and remove the check that looks at the server. It's
redundant because the server already knows, and the check also makes
using older clients with newer servers (which may have new logdrivers in
them) unnecessarily hard.
When we try to "logs" and have to report that the container's logdriver
doesn't support reading, send the error message through the
might-be-a-multiplexer so that clients which are expecting multiplexed
data will be able to properly display the error, instead of tripping
over the data and printing a less helpful "Unrecognized input header"
error.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> (github: nalind)
2015-07-23 15:02:56 +00:00
|
|
|
libsystemd-journal-dev \
|
2015-11-15 02:01:24 +00:00
|
|
|
libtool \
|
2013-12-25 03:40:41 +00:00
|
|
|
mercurial \
|
2016-02-12 16:56:11 +00:00
|
|
|
net-tools \
|
Add log reading to the journald log driver
If a logdriver doesn't register a callback function to validate log
options, it won't be usable. Fix the journald driver by adding a dummy
validator.
Teach the client and the daemon's "logs" logic that the server can also
supply "logs" data via the "journald" driver. Update documentation and
tests that depend on error messages.
Add support for reading log data from the systemd journal to the
journald log driver. The internal logic uses a goroutine to scan the
journal for matching entries after any specified cutoff time, formats
the messages from those entries as JSONLog messages, and stuffs the
results down a pipe whose reading end we hand back to the caller.
If we are missing any of the 'linux', 'cgo', or 'journald' build tags,
however, we don't implement a reader, so the 'logs' endpoint will still
return an error.
Make the necessary changes to the build setup to ensure that support for
reading container logs from the systemd journal is built.
Rename the Jmap member of the journald logdriver's struct to "vars" to
make it non-public, and to make it easier to tell that it's just there
to hold additional variable values that we want journald to record along
with log data that we're sending to it.
In the client, don't assume that we know which logdrivers the server
implements, and remove the check that looks at the server. It's
redundant because the server already knows, and the check also makes
using older clients with newer servers (which may have new logdrivers in
them) unnecessarily hard.
When we try to "logs" and have to report that the container's logdriver
doesn't support reading, send the error message through the
might-be-a-multiplexer so that clients which are expecting multiplexed
data will be able to properly display the error, instead of tripping
over the data and printing a less helpful "Unrecognized input header"
error.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> (github: nalind)
2015-07-23 15:02:56 +00:00
|
|
|
pkg-config \
|
2016-05-12 14:52:00 +00:00
|
|
|
protobuf-compiler \
|
|
|
|
|
protobuf-c-compiler \
|
2015-11-22 10:32:10 +00:00
|
|
|
python-dev \
|
2014-12-15 19:44:15 +00:00
|
|
|
python-mock \
|
|
|
|
|
python-pip \
|
2014-12-19 07:20:59 +00:00
|
|
|
python-websocket \
|
2016-11-17 21:00:59 +00:00
|
|
|
tar \
|
|
|
|
|
vim \
|
2016-11-03 16:47:50 +00:00
|
|
|
vim-common \
|
2016-11-17 21:00:59 +00:00
|
|
|
xfsprogs \
|
2016-03-31 16:27:50 +00:00
|
|
|
zip \
|
2015-11-09 01:59:09 +00:00
|
|
|
--no-install-recommends \
|
2016-05-31 23:45:42 +00:00
|
|
|
&& pip install awscli==1.10.15
|
2013-12-25 03:40:41 +00:00
|
|
|
# Get lvm2 source for compiling statically
|
2016-01-05 05:50:15 +00:00
|
|
|
ENV LVM2_VERSION 2.02.103
|
|
|
|
|
RUN mkdir -p /usr/local/lvm2 \
|
|
|
|
|
&& curl -fsSL "https://mirrors.kernel.org/sourceware/lvm2/LVM2.${LVM2_VERSION}.tgz" \
|
|
|
|
|
| tar -xzC /usr/local/lvm2 --strip-components=1
|
2016-09-22 02:15:18 +00:00
|
|
|
# See https://git.fedorahosted.org/cgit/lvm2.git/refs/tags for release tags
|
2013-12-25 03:40:41 +00:00
|
|
|
|
|
|
|
|
# Compile and install lvm2
|
2014-12-24 07:12:27 +00:00
|
|
|
RUN cd /usr/local/lvm2 \
|
2016-01-05 05:50:15 +00:00
|
|
|
&& ./configure \
|
|
|
|
|
--build="$(gcc -print-multiarch)" \
|
|
|
|
|
--enable-static_link \
|
2014-12-24 07:12:27 +00:00
|
|
|
&& make device-mapper \
|
|
|
|
|
&& make install_device-mapper
|
2016-09-22 02:15:18 +00:00
|
|
|
# See https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL
|
2013-09-30 19:57:30 +00:00
|
|
|
|
2017-03-07 22:19:46 +00:00
|
|
|
# Install seccomp: the version shipped upstream is too old
|
|
|
|
|
ENV SECCOMP_VERSION 2.3.2
|
2016-01-20 06:42:05 +00:00
|
|
|
RUN set -x \
|
|
|
|
|
&& export SECCOMP_PATH="$(mktemp -d)" \
|
|
|
|
|
&& curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_VERSION}/libseccomp-${SECCOMP_VERSION}.tar.gz" \
|
|
|
|
|
| tar -xzC "$SECCOMP_PATH" --strip-components=1 \
|
|
|
|
|
&& ( \
|
|
|
|
|
cd "$SECCOMP_PATH" \
|
|
|
|
|
&& ./configure --prefix=/usr/local \
|
|
|
|
|
&& make \
|
|
|
|
|
&& make install \
|
|
|
|
|
&& ldconfig \
|
|
|
|
|
) \
|
|
|
|
|
&& rm -rf "$SECCOMP_PATH"
|
|
|
|
|
|
2013-10-05 02:25:15 +00:00
|
|
|
# Install Go
|
2016-01-14 20:20:19 +00:00
|
|
|
# IMPORTANT: If the version of Go is updated, the Windows to Linux CI machines
|
2016-01-20 11:53:54 +00:00
|
|
|
# will need updating, to avoid errors. Ping #docker-maintainers on IRC
|
2016-01-14 20:20:19 +00:00
|
|
|
# with a heads-up.
|
2017-05-25 01:11:16 +00:00
|
|
|
ENV GO_VERSION 1.8.3
|
2016-11-04 14:03:41 +00:00
|
|
|
RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" \
|
2016-01-05 05:50:15 +00:00
|
|
|
| tar -xzC /usr/local
|
2016-04-15 21:34:24 +00:00
|
|
|
|
2015-01-09 06:07:15 +00:00
|
|
|
ENV PATH /go/bin:/usr/local/go/bin:$PATH
|
2016-10-31 18:22:28 +00:00
|
|
|
ENV GOPATH /go
|
2013-12-19 06:06:14 +00:00
|
|
|
|
2016-08-23 16:01:28 +00:00
|
|
|
# Dependency for golint
|
2015-11-02 16:32:49 +00:00
|
|
|
ENV GO_TOOLS_COMMIT 823804e1ae08dbb14eb807afc7db9993bc9e3cc3
|
2015-04-14 02:26:04 +00:00
|
|
|
RUN git clone https://github.com/golang/tools.git /go/src/golang.org/x/tools \
|
2016-08-23 16:01:28 +00:00
|
|
|
&& (cd /go/src/golang.org/x/tools && git checkout -q $GO_TOOLS_COMMIT)
|
|
|
|
|
|
2015-07-21 01:32:55 +00:00
|
|
|
# Grab Go's lint tool
|
2015-11-02 16:32:49 +00:00
|
|
|
ENV GO_LINT_COMMIT 32a87160691b3c96046c0c678fe57c5bef761456
|
2015-07-21 01:32:55 +00:00
|
|
|
RUN git clone https://github.com/golang/lint.git /go/src/github.com/golang/lint \
|
|
|
|
|
&& (cd /go/src/github.com/golang/lint && git checkout -q $GO_LINT_COMMIT) \
|
|
|
|
|
&& go install -v github.com/golang/lint/golint
|
2015-04-01 04:48:03 +00:00
|
|
|
|
2016-05-12 14:52:00 +00:00
|
|
|
# Install CRIU for checkpoint/restore support
|
2017-03-31 18:13:14 +00:00
|
|
|
ENV CRIU_VERSION 2.12.1
|
|
|
|
|
# Install dependancy packages specific to criu
|
|
|
|
|
RUN apt-get install libnet-dev -y && \
|
|
|
|
|
mkdir -p /usr/src/criu \
|
2016-05-12 14:52:00 +00:00
|
|
|
&& curl -sSL https://github.com/xemul/criu/archive/v${CRIU_VERSION}.tar.gz | tar -v -C /usr/src/criu/ -xz --strip-components=1 \
|
|
|
|
|
&& cd /usr/src/criu \
|
|
|
|
|
&& make \
|
|
|
|
|
&& make install-criu
|
|
|
|
|
|
2015-12-18 23:06:23 +00:00
|
|
|
# Install two versions of the registry. The first is an older version that
|
|
|
|
|
# only supports schema1 manifests. The second is a newer version that supports
|
|
|
|
|
# both. This allows integration-cli tests to cover push/pull with both schema1
|
|
|
|
|
# and schema2 manifests.
|
|
|
|
|
ENV REGISTRY_COMMIT_SCHEMA1 ec87e9b6971d831f0eff752ddb54fb64693e51cd
|
2016-01-19 21:28:51 +00:00
|
|
|
ENV REGISTRY_COMMIT 47a064d4195a9b56133891bbb13620c3ac83a827
|
2015-01-21 03:40:19 +00:00
|
|
|
RUN set -x \
|
2015-06-05 22:20:04 +00:00
|
|
|
&& export GOPATH="$(mktemp -d)" \
|
|
|
|
|
&& git clone https://github.com/docker/distribution.git "$GOPATH/src/github.com/docker/distribution" \
|
|
|
|
|
&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT") \
|
|
|
|
|
&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
|
|
|
|
|
go build -o /usr/local/bin/registry-v2 github.com/docker/distribution/cmd/registry \
|
2015-12-18 23:06:23 +00:00
|
|
|
&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT_SCHEMA1") \
|
|
|
|
|
&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
|
|
|
|
|
go build -o /usr/local/bin/registry-v2-schema1 github.com/docker/distribution/cmd/registry \
|
2015-06-05 22:20:04 +00:00
|
|
|
&& rm -rf "$GOPATH"
|
2015-01-21 03:40:19 +00:00
|
|
|
|
2016-04-29 08:59:19 +00:00
|
|
|
# Install notary and notary-server
|
2016-11-28 18:29:17 +00:00
|
|
|
ENV NOTARY_VERSION v0.5.0
|
2015-07-20 05:56:10 +00:00
|
|
|
RUN set -x \
|
|
|
|
|
&& export GOPATH="$(mktemp -d)" \
|
|
|
|
|
&& git clone https://github.com/docker/notary.git "$GOPATH/src/github.com/docker/notary" \
|
2016-01-08 02:43:01 +00:00
|
|
|
&& (cd "$GOPATH/src/github.com/docker/notary" && git checkout -q "$NOTARY_VERSION") \
|
2016-03-24 22:41:34 +00:00
|
|
|
&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
|
2015-07-20 05:56:10 +00:00
|
|
|
go build -o /usr/local/bin/notary-server github.com/docker/notary/cmd/notary-server \
|
2016-03-24 22:41:34 +00:00
|
|
|
&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
|
2015-12-24 00:34:46 +00:00
|
|
|
go build -o /usr/local/bin/notary github.com/docker/notary/cmd/notary \
|
2015-07-20 05:56:10 +00:00
|
|
|
&& rm -rf "$GOPATH"
|
|
|
|
|
|
2014-12-19 07:20:59 +00:00
|
|
|
# Get the "docker-py" source so we can run their integration tests
|
2017-06-21 03:05:11 +00:00
|
|
|
ENV DOCKER_PY_COMMIT a962578e515185cf06506050b2200c0b81aa84ef
|
2017-03-16 11:59:10 +00:00
|
|
|
# To run integration tests docker-pycreds is required.
|
|
|
|
|
# Before running the integration tests conftest.py is
|
|
|
|
|
# loaded which results in loads auth.py that
|
|
|
|
|
# imports the docker-pycreds module.
|
2015-01-13 19:34:55 +00:00
|
|
|
RUN git clone https://github.com/docker/docker-py.git /docker-py \
|
|
|
|
|
&& cd /docker-py \
|
2015-10-28 16:56:50 +00:00
|
|
|
&& git checkout -q $DOCKER_PY_COMMIT \
|
2017-02-09 10:48:33 +00:00
|
|
|
&& pip install docker-pycreds==0.2.1 \
|
2015-10-28 16:56:50 +00:00
|
|
|
&& pip install -r test-requirements.txt
|
2014-12-19 07:20:59 +00:00
|
|
|
|
2016-11-03 17:15:27 +00:00
|
|
|
# Install yamllint for validating swagger.yaml
|
|
|
|
|
RUN pip install yamllint==1.5.0
|
|
|
|
|
|
|
|
|
|
# Install go-swagger for validating swagger.yaml
|
|
|
|
|
ENV GO_SWAGGER_COMMIT c28258affb0b6251755d92489ef685af8d4ff3eb
|
|
|
|
|
RUN git clone https://github.com/go-swagger/go-swagger.git /go/src/github.com/go-swagger/go-swagger \
|
|
|
|
|
&& (cd /go/src/github.com/go-swagger/go-swagger && git checkout -q $GO_SWAGGER_COMMIT) \
|
|
|
|
|
&& go install -v github.com/go-swagger/go-swagger/cmd/swagger
|
|
|
|
|
|
2014-01-29 20:13:32 +00:00
|
|
|
# Set user.email so crosbymichael's in-container merge commits go smoothly
|
2014-12-24 07:12:27 +00:00
|
|
|
RUN git config --global user.email 'docker-dummy@example.com'
|
2014-01-29 20:13:32 +00:00
|
|
|
|
2014-05-19 20:55:28 +00:00
|
|
|
# Add an unprivileged user to be used for tests which need it
|
2014-05-23 20:29:31 +00:00
|
|
|
RUN groupadd -r docker
|
|
|
|
|
RUN useradd --create-home --gid docker unprivilegeduser
|
2014-05-19 20:55:28 +00:00
|
|
|
|
2014-12-24 07:12:27 +00:00
|
|
|
VOLUME /var/lib/docker
|
|
|
|
|
WORKDIR /go/src/github.com/docker/docker
|
2017-06-20 20:39:52 +00:00
|
|
|
ENV DOCKER_BUILDTAGS apparmor seccomp selinux
|
2014-12-24 07:12:27 +00:00
|
|
|
|
2015-03-02 17:33:26 +00:00
|
|
|
# Let us use a .bashrc file
|
|
|
|
|
RUN ln -sfv $PWD/.bashrc ~/.bashrc
|
2016-07-18 21:26:35 +00:00
|
|
|
# Add integration helps to bashrc
|
|
|
|
|
RUN echo "source $PWD/hack/make/.integration-test-helpers" >> /etc/bash.bashrc
|
2015-03-02 17:33:26 +00:00
|
|
|
|
2015-03-07 01:12:41 +00:00
|
|
|
# Get useful and necessary Hub images so we can "docker load" locally instead of pulling
|
2015-08-31 17:06:22 +00:00
|
|
|
COPY contrib/download-frozen-image-v2.sh /go/src/github.com/docker/docker/contrib/
|
|
|
|
|
RUN ./contrib/download-frozen-image-v2.sh /docker-frozen-images \
|
2016-12-31 19:11:30 +00:00
|
|
|
buildpack-deps:jessie@sha256:85b379ec16065e4fe4127eb1c5fb1bcc03c559bd36dbb2e22ff496de55925fa6 \
|
|
|
|
|
busybox:latest@sha256:32f093055929dbc23dec4d03e09dfe971f5973a9ca5cf059cbfb644c206aa83f \
|
|
|
|
|
debian:jessie@sha256:72f784399fd2719b4cb4e16ef8e369a39dc67f53d978cd3e2e7bf4e502c7b793 \
|
|
|
|
|
hello-world:latest@sha256:c5515758d4c5e1e838e9cd307f6c6a0d620b5e07e6f927b07d05f6d12a1ac8d7
|
|
|
|
|
# See also ensureFrozenImagesLinux() in "integration-cli/fixtures_linux_daemon_test.go" (which needs to be updated when adding images to this list)
|
2015-02-28 05:53:36 +00:00
|
|
|
|
2017-04-17 23:18:46 +00:00
|
|
|
# Install tomlv, vndr, runc, containerd, tini, docker-proxy dockercli
|
2016-09-23 16:20:57 +00:00
|
|
|
# Please edit hack/dockerfile/install-binaries.sh to update them.
|
2016-10-24 22:18:58 +00:00
|
|
|
COPY hack/dockerfile/binaries-commits /tmp/binaries-commits
|
2016-09-23 16:20:57 +00:00
|
|
|
COPY hack/dockerfile/install-binaries.sh /tmp/install-binaries.sh
|
2017-06-20 20:39:52 +00:00
|
|
|
RUN /tmp/install-binaries.sh tomlv vndr runc containerd tini proxy dockercli
|
2017-04-17 23:18:46 +00:00
|
|
|
ENV PATH=/usr/local/cli:$PATH
|
2016-06-27 21:38:47 +00:00
|
|
|
|
2017-06-23 16:05:38 +00:00
|
|
|
# Activate bash completion if mounted with DOCKER_BASH_COMPLETION_PATH
|
|
|
|
|
RUN ln -s /usr/local/completion/bash/docker /etc/bash_completion.d/docker
|
|
|
|
|
|
2013-09-07 02:19:03 +00:00
|
|
|
# Wrap all commands in the "docker-in-docker" script to allow nested containers
|
2014-12-24 07:12:27 +00:00
|
|
|
ENTRYPOINT ["hack/dind"]
|
2013-09-30 19:57:30 +00:00
|
|
|
|
2013-09-07 03:14:03 +00:00
|
|
|
# Upload docker source
|
2014-12-24 07:12:27 +00:00
|
|
|
COPY . /go/src/github.com/docker/docker
|