2014-03-04 23:40:12 -05:00
# Dear Packager,
2013-09-10 02:39:55 -04:00
2014-03-05 00:51:34 -05:00
If you are looking to make Docker available on your favorite software
2014-03-04 23:40:12 -05:00
distribution, this document is for you. It summarizes the requirements for
building and running the Docker client and the Docker daemon.
2013-09-10 02:39:55 -04:00
2014-03-04 23:40:12 -05:00
## Getting Started
2013-09-10 02:39:55 -04:00
2014-03-04 23:40:12 -05:00
We want to help you package Docker successfully. Before doing any packaging, a
good first step is to introduce yourself on the [docker-dev mailing
2014-03-05 00:51:34 -05:00
list](https://groups.google.com/d/forum/docker-dev), explain what you're trying
to achieve, and tell us how we can help. Don't worry, we don't bite! There might
even be someone already working on packaging for the same distro!
2013-09-10 02:39:55 -04:00
2014-03-04 23:40:12 -05:00
You can also join the IRC channel - #docker and #docker -dev on Freenode are both
active and friendly.
2013-09-10 02:39:55 -04:00
2014-03-04 23:41:59 -05:00
We like to refer to Tianon ("@tianon" on GitHub and "tianon" on IRC) as our
"Packagers Relations", since he's always working to make sure our packagers have
a good, healthy upstream to work with (both in our communication and in our
build scripts). If you're having any kind of trouble, feel free to ping him
2014-03-05 00:51:34 -05:00
directly. He also likes to keep track of what distributions we have packagers
for, so feel free to reach out to him even just to say "Hi!"
2013-09-10 02:39:55 -04:00
2014-03-04 23:40:12 -05:00
## Package Name
2013-09-10 02:39:55 -04:00
2014-03-04 23:40:12 -05:00
If possible, your package should be called "docker". If that name is already
2015-07-15 17:01:04 -04:00
taken, a second choice is "docker-engine". Another possible choice is "docker.io".
2013-09-10 14:30:14 -04:00
2014-03-04 23:40:12 -05:00
## Official Build vs Distro Build
2013-09-10 14:30:14 -04:00
2014-03-04 23:40:12 -05:00
The Docker project maintains its own build and release toolchain. It is pretty
neat and entirely based on Docker (surprise!). This toolchain is the canonical
2014-03-05 00:51:34 -05:00
way to build Docker. We encourage you to give it a try, and if the circumstances
allow you to use it, we recommend that you do.
2013-09-10 14:30:14 -04:00
2014-03-04 23:40:12 -05:00
You might not be able to use the official build toolchain - usually because your
distribution has a toolchain and packaging policy of its own. We get it! Your
house, your rules. The rest of this document should give you the information you
need to package Docker your way, without denaturing it in the process.
2014-03-05 00:51:34 -05:00
## Build Dependencies
2013-09-10 02:39:55 -04:00
2014-03-05 00:51:34 -05:00
To build Docker, you will need the following:
2013-09-10 02:39:55 -04:00
2014-12-19 17:28:12 -05:00
* A recent version of Git and Mercurial
2015-04-20 16:06:17 -04:00
* Go version 1.4 or later
2014-03-05 10:20:42 -05:00
* A clean checkout of the source added to a valid [Go
2015-04-11 13:58:09 -04:00
workspace](https://golang.org/doc/code.html#Workspaces) under the path
2014-07-24 18:19:50 -04:00
*src/github.com/docker/docker* (unless you plan to use `AUTO_GOPATH` ,
2014-12-19 17:28:12 -05:00
explained in more detail below)
2014-03-05 10:20:42 -05:00
To build the Docker daemon, you will additionally need:
* An amd64/x86_64 machine running Linux
2013-10-28 23:57:20 -04:00
* SQLite version 3.7.9 or later
2014-03-04 23:40:12 -05:00
* libdevmapper version 1.02.68-cvs (2012-01-26) or later from lvm2 version
2.02.89 or later
2014-12-19 17:28:12 -05:00
* btrfs-progs version 3.16.1 or later (unless using an older version is
2015-04-03 03:30:12 -04:00
absolutely necessary, in which case 3.8 is the minimum)
2015-12-29 11:47:20 -05:00
* libseccomp version 2.2.1 or later (for build tag seccomp)
2015-10-30 21:16:29 -04:00
* yubico-piv-tool version 1.1.0 or later (for experimental)
2014-03-05 10:20:42 -05:00
Be sure to also check out Docker's Dockerfile for the most up-to-date list of
these build-time dependencies.
2013-09-10 02:39:55 -04:00
2014-03-05 00:51:34 -05:00
### Go Dependencies
2013-09-10 02:39:55 -04:00
2014-03-05 00:51:34 -05:00
All Go dependencies are vendored under "./vendor". They are used by the official
build, so the source of truth for the current version of each dependency is
whatever is in "./vendor".
2013-09-10 02:39:55 -04:00
2014-03-05 00:51:34 -05:00
To use the vendored dependencies, simply make sure the path to "./vendor" is
included in `GOPATH` (or use `AUTO_GOPATH` , as explained below).
2013-09-10 02:39:55 -04:00
2014-03-05 00:51:34 -05:00
If you would rather (or must, due to distro policy) package these dependencies
yourself, take a look at "./hack/vendor.sh" for an easy-to-parse list of the
exact version for each.
2013-09-10 02:39:55 -04:00
2014-03-04 23:40:12 -05:00
NOTE: if you're not able to package the exact version (to the exact commit) of a
given dependency, please get in touch so we can remediate! Who knows what
discrepancies can be caused by even the slightest deviation. We promise to do
our best to make everybody happy.
2013-09-10 02:39:55 -04:00
2014-02-03 00:40:58 -05:00
## Stripping Binaries
2013-09-10 02:39:55 -04:00
2014-03-04 23:40:12 -05:00
Please, please, please do not strip any compiled binaries. This is really
important.
2013-09-10 02:39:55 -04:00
2014-03-05 00:51:34 -05:00
In our own testing, stripping the resulting binaries sometimes results in a
binary that appears to work, but more often causes random panics, segfaults, and
other issues. Even if the binary appears to work, please don't strip.
2014-02-03 00:40:58 -05:00
See the following quotes from Dave Cheney, which explain this position better
from the upstream Golang perspective.
### [go issue #5855, comment #3](https://code.google.com/p/go/issues/detail?id=5855#c3)
> Super super important: Do not strip go binaries or archives. It isn't tested,
> often breaks, and doesn't work.
### [launchpad golang issue #1200255, comment #8](https://bugs.launchpad.net/ubuntu/+source/golang/+bug/1200255/comments/8)
> To quote myself: "Please do not strip Go binaries, it is not supported, not
> tested, is often broken, and doesn't do what you want"
>
> To unpack that a bit
>
> * not supported, as in, we don't support it, and recommend against it when
> asked
> * not tested, we don't test stripped binaries as part of the build CI process
> * is often broken, stripping a go binary will produce anywhere from no, to
> subtle, to outright execution failure, see above
### [launchpad golang issue #1200255, comment #13](https://bugs.launchpad.net/ubuntu/+source/golang/+bug/1200255/comments/13)
> To clarify my previous statements.
>
> * I do not disagree with the debian policy, it is there for a good reason
> * Having said that, it stripping Go binaries doesn't work, and nobody is
> looking at making it work, so there is that.
>
> Thanks for patching the build formula.
2013-09-10 02:39:55 -04:00
## Building Docker
2014-03-05 00:51:34 -05:00
Please use our build script ("./hack/make.sh") for all your compilation of
Docker. If there's something you need that it isn't doing, or something it could
be doing to make your life as a packager easier, please get in touch with Tianon
and help us rectify the situation. Chances are good that other packagers have
probably run into the same problems and a fix might already be in the works, but
none of us will know for sure unless you harass Tianon about it. :)
All the commands listed within this section should be run with the Docker source
checkout as the current working directory.
### `AUTO_GOPATH`
If you'd rather not be bothered with the hassles that setting up `GOPATH`
appropriately can be, and prefer to just get a "build that works", you should
add something similar to this to whatever script or process you're using to
build Docker:
2013-09-10 02:39:55 -04:00
2013-10-18 01:36:28 -04:00
```bash
2014-03-05 00:51:34 -05:00
export AUTO_GOPATH=1
2013-09-10 02:39:55 -04:00
```
2014-03-05 00:51:34 -05:00
This will cause the build scripts to set up a reasonable `GOPATH` that
2014-07-24 18:19:50 -04:00
automatically and properly includes both docker/docker from the local
2014-03-05 00:51:34 -05:00
directory, and the local "./vendor" directory as necessary.
2013-09-10 02:39:55 -04:00
2014-03-06 15:39:17 -05:00
### `DOCKER_BUILDTAGS`
If you're building a binary that may need to be used on platforms that include
AppArmor, you will need to set `DOCKER_BUILDTAGS` as follows:
```bash
export DOCKER_BUILDTAGS='apparmor'
```
2014-07-22 00:00:26 -04:00
If you're building a binary that may need to be used on platforms that include
SELinux, you will need to use the `selinux` build tag:
```bash
export DOCKER_BUILDTAGS='selinux'
```
2014-03-14 14:23:54 -04:00
There are build tags for disabling graphdrivers as well. By default, support
for all graphdrivers are built in.
2014-03-13 17:39:25 -04:00
To disable btrfs:
```bash
export DOCKER_BUILDTAGS='exclude_graphdriver_btrfs'
```
To disable devicemapper:
2014-03-14 14:23:54 -04:00
```bash
export DOCKER_BUILDTAGS='exclude_graphdriver_devicemapper'
```
2014-03-13 17:39:25 -04:00
To disable aufs:
2014-03-14 14:23:54 -04:00
```bash
export DOCKER_BUILDTAGS='exclude_graphdriver_aufs'
```
2014-07-22 00:00:26 -04:00
NOTE: if you need to set more than one build tag, space separate them:
2014-03-18 16:49:16 -04:00
```bash
2014-07-22 00:00:26 -04:00
export DOCKER_BUILDTAGS='apparmor selinux exclude_graphdriver_aufs'
2014-03-18 16:49:16 -04:00
```
2014-03-05 00:51:34 -05:00
### Static Daemon
If it is feasible within the constraints of your distribution, you should
seriously consider packaging Docker as a single static binary. A good comparison
is Busybox, which is often packaged statically as a feature to enable mass
portability. Because of the unique way Docker operates, being similarly static
is a "feature".
2013-09-10 02:39:55 -04:00
2014-03-05 00:51:34 -05:00
To build a static Docker daemon binary, run the following command (first
ensuring that all the necessary libraries are available in static form for
linking - see the "Build Dependencies" section above, and the relevant lines
within Docker's own Dockerfile that set up our official build environment):
```bash
./hack/make.sh binary
```
2013-09-10 02:39:55 -04:00
2014-03-05 00:51:34 -05:00
This will create a static binary under
"./bundles/$VERSION/binary/docker-$VERSION", where "$VERSION" is the contents of
the file "./VERSION". This binary is usually installed somewhere like
"/usr/bin/docker".
2013-09-10 02:39:55 -04:00
2014-03-05 00:51:34 -05:00
### Dynamic Daemon / Client-only Binary
2013-09-10 02:39:55 -04:00
2014-03-06 23:22:25 -05:00
If you are only interested in a Docker client binary, set `DOCKER_CLIENTONLY` to a non-empty value using something similar to the following: (which will prevent the extra step of compiling dockerinit)
```bash
export DOCKER_CLIENTONLY=1
```
2014-03-05 00:51:34 -05:00
If you need to (due to distro policy, distro library availability, or for other
reasons) create a dynamically compiled daemon binary, or if you are only
interested in creating a client binary for Docker, use something similar to the
following:
2013-10-18 01:40:41 -04:00
```bash
./hack/make.sh dynbinary
```
2014-03-05 00:51:34 -05:00
This will create "./bundles/$VERSION/dynbinary/docker-$VERSION", which for
client-only builds is the important file to grab and install as appropriate.
For daemon builds, you will also need to grab and install
"./bundles/$VERSION/dynbinary/dockerinit-$VERSION", which is created from the
minimal set of Docker's codebase that _must_ be compiled statically (and is thus
a pure static binary). The acceptable locations Docker will search for this file
are as follows (in order):
2013-10-18 01:40:41 -04:00
2014-03-05 00:51:34 -05:00
* as "dockerinit" in the same directory as the daemon binary (ie, if docker is
installed at "/usr/bin/docker", then "/usr/bin/dockerinit" will be the first
place this file is searched for)
* "/usr/libexec/docker/dockerinit" or "/usr/local/libexec/docker/dockerinit"
2015-04-11 13:58:09 -04:00
([FHS 3.0 Draft](https://www.linuxbase.org/betaspecs/fhs/fhs.html#usrlibexec))
2014-03-05 00:51:34 -05:00
* "/usr/lib/docker/dockerinit" or "/usr/local/lib/docker/dockerinit" ([FHS
2015-04-11 13:58:09 -04:00
2.3](https://refspecs.linuxfoundation.org/FHS_2.3/fhs-2.3.html#USRLIBLIBRARIESFORPROGRAMMINGANDPA))
2013-09-10 02:39:55 -04:00
2014-03-05 00:51:34 -05:00
If (and please, only if) one of the paths above is insufficient due to distro
policy or similar issues, you may use the `DOCKER_INITPATH` environment variable
at compile-time as follows to set a different path for Docker to search:
2013-09-10 02:39:55 -04:00
```bash
2014-03-05 00:51:34 -05:00
export DOCKER_INITPATH=/usr/lib/docker.io/dockerinit
2013-09-10 02:39:55 -04:00
```
2014-03-05 00:51:34 -05:00
If you find yourself needing this, please don't hesitate to reach out to Tianon
to see if it would be reasonable or helpful to add more paths to Docker's list,
especially if there's a relevant standard worth referencing (such as the FHS).
2013-09-10 02:39:55 -04:00
2014-03-05 00:51:34 -05:00
Also, it goes without saying, but for the purposes of the daemon please consider
these two binaries ("docker" and "dockerinit") as if they were a single unit.
Mixing and matching can cause undesired consequences, and will fail to run
properly.
2013-09-10 02:39:55 -04:00
2014-03-04 23:40:12 -05:00
## System Dependencies
2014-03-04 23:25:00 -05:00
2014-03-05 00:51:34 -05:00
### Runtime Dependencies
2013-09-10 02:39:55 -04:00
2014-03-05 00:51:34 -05:00
To function properly, the Docker daemon needs the following software to be
installed and available at runtime:
2013-09-10 02:39:55 -04:00
* iptables version 1.4 or later
2014-04-15 16:57:43 -04:00
* procps (or similar provider of a "ps" executable)
2015-11-11 17:29:02 -05:00
* e2fsprogs version 1.4.12 or later (in use: mkfs.ext4, tune2fs)
* xfsprogs (in use: mkfs.xfs)
2014-03-05 00:51:34 -05:00
* XZ Utils version 4.9 or later
2014-03-12 03:58:53 -04:00
* a [properly
mounted](https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount)
cgroupfs hierarchy (having a single, all-encompassing "cgroup" mount point
2014-07-24 18:19:50 -04:00
[is ](https://github.com/docker/docker/issues/2683 )
[not ](https://github.com/docker/docker/issues/3485 )
[sufficient ](https://github.com/docker/docker/issues/4568 ))
2014-03-05 00:51:34 -05:00
Additionally, the Docker client needs the following software to be installed and
available at runtime:
2013-10-28 23:57:20 -04:00
* Git version 1.7 or later
2013-09-10 02:39:55 -04:00
2014-03-05 00:51:34 -05:00
### Kernel Requirements
2013-09-10 02:39:55 -04:00
2014-03-05 00:51:34 -05:00
The Docker daemon has very specific kernel requirements. Most pre-packaged
kernels already include the necessary options enabled. If you are building your
own kernel, you will either need to discover the options necessary via trial and
2014-03-04 23:25:00 -05:00
error, or check out the [Gentoo
ebuild](https://github.com/tianon/docker-overlay/blob/master/app-emulation/docker/docker-9999.ebuild),
2014-03-05 00:51:34 -05:00
in which a list is maintained (and if there are any issues or discrepancies in
that list, please contact Tianon so they can be rectified).
2013-09-10 02:39:55 -04:00
2014-03-05 00:51:34 -05:00
Note that in client mode, there are no specific kernel requirements, and that
the client will even run on alternative platforms such as Mac OS X / Darwin.
2013-09-10 02:39:55 -04:00
2014-03-05 00:51:34 -05:00
### Optional Dependencies
2014-03-04 23:25:00 -05:00
Some of Docker's features are activated by using optional command-line flags or
by having support for them in the kernel or userspace. A few examples include:
* AUFS graph driver (requires AUFS patches/support enabled in the kernel, and at
least the "auplink" utility from aufs-tools)
2014-08-01 01:37:38 -04:00
* BTRFS graph driver (requires BTRFS support enabled in the kernel)
2014-09-03 10:26:19 -04:00
* ZFS graph driver (requires userspace zfs-utils and a corresponding kernel module)
2015-11-18 04:42:12 -05:00
* Libseccomp to allow running seccomp profiles with containers
2014-03-04 23:25:00 -05:00
2014-03-05 00:51:34 -05:00
## Daemon Init Script
2013-09-10 02:39:55 -04:00
2014-03-04 23:40:12 -05:00
Docker expects to run as a daemon at machine startup. Your package will need to
include a script for your distro's process supervisor of choice. Be sure to
check out the "contrib/init" folder in case a suitable init script already
2014-03-05 00:51:34 -05:00
exists (and if one does not, contact Tianon about whether it might be
appropriate for your distro's init script to live there too!).
2013-09-10 02:39:55 -04:00
2014-03-05 00:51:34 -05:00
In general, Docker should be run as root, similar to the following:
2013-09-10 02:39:55 -04:00
2013-10-18 01:36:28 -04:00
```bash
2015-08-10 08:48:08 -04:00
docker daemon
2013-09-10 02:39:55 -04:00
```
2014-03-05 00:51:34 -05:00
Generally, a `DOCKER_OPTS` variable of some kind is available for adding more
flags (such as changing the graph driver to use BTRFS, switching the location of
"/var/lib/docker", etc).
## Communicate
As a final note, please do feel free to reach out to Tianon at any time for
pretty much anything. He really does love hearing from our packagers and wants
to make sure we're not being a "hostile upstream". As should be a given, we
appreciate the work our packagers do to make sure we have broad distribution!