Merge pull request #2179 from AkihiroSuda/apk-fuse-overlayfs
Dockerfile: install fuse-overlayfs from apkv0.9
commit
4e0a5733a3
19
Dockerfile
19
Dockerfile
|
@ -10,10 +10,9 @@ ARG REGISTRY_VERSION=2.7.1
|
||||||
ARG ROOTLESSKIT_VERSION=v0.14.2
|
ARG ROOTLESSKIT_VERSION=v0.14.2
|
||||||
ARG CNI_VERSION=v0.9.1
|
ARG CNI_VERSION=v0.9.1
|
||||||
ARG SHADOW_VERSION=4.8.1
|
ARG SHADOW_VERSION=4.8.1
|
||||||
ARG FUSEOVERLAYFS_VERSION=v1.5.0
|
|
||||||
ARG STARGZ_SNAPSHOTTER_VERSION=v0.5.0
|
ARG STARGZ_SNAPSHOTTER_VERSION=v0.5.0
|
||||||
|
|
||||||
ARG ALPINE_VERSION=3.12
|
ARG ALPINE_VERSION=3.14
|
||||||
|
|
||||||
# git stage is used for checking out remote repository sources
|
# git stage is used for checking out remote repository sources
|
||||||
FROM --platform=$BUILDPLATFORM alpine:${ALPINE_VERSION} AS git
|
FROM --platform=$BUILDPLATFORM alpine:${ALPINE_VERSION} AS git
|
||||||
|
@ -179,16 +178,6 @@ RUN --mount=target=/root/.cache,type=cache \
|
||||||
xx-verify --static /out/containerd-stargz-grpc && \
|
xx-verify --static /out/containerd-stargz-grpc && \
|
||||||
xx-verify --static /out/ctr-remote
|
xx-verify --static /out/ctr-remote
|
||||||
|
|
||||||
FROM --platform=$BUILDPLATFORM alpine:${ALPINE_VERSION} AS fuse-overlayfs
|
|
||||||
RUN apk add --no-cache curl
|
|
||||||
COPY --from=xx / /
|
|
||||||
ARG FUSEOVERLAYFS_VERSION
|
|
||||||
ARG TARGETPLATFORM
|
|
||||||
RUN mkdir /out && \
|
|
||||||
curl -sSL -o /out/fuse-overlayfs https://github.com/containers/fuse-overlayfs/releases/download/${FUSEOVERLAYFS_VERSION}/fuse-overlayfs-$(xx-info march) && \
|
|
||||||
chmod +x /out/fuse-overlayfs && \
|
|
||||||
xx-verify --static /out/fuse-overlayfs
|
|
||||||
|
|
||||||
# Copy together all binaries needed for oci worker mode
|
# Copy together all binaries needed for oci worker mode
|
||||||
FROM buildkit-export AS buildkit-buildkitd.oci_only
|
FROM buildkit-export AS buildkit-buildkitd.oci_only
|
||||||
COPY --from=buildkitd.oci_only /usr/bin/buildkitd.oci_only /usr/bin/
|
COPY --from=buildkitd.oci_only /usr/bin/buildkitd.oci_only /usr/bin/
|
||||||
|
@ -260,9 +249,10 @@ ENV BUILDKIT_RUN_NETWORK_INTEGRATION_TESTS=1 BUILDKIT_CNI_INIT_LOCK_PATH=/run/bu
|
||||||
FROM integration-tests AS dev-env
|
FROM integration-tests AS dev-env
|
||||||
VOLUME /var/lib/buildkit
|
VOLUME /var/lib/buildkit
|
||||||
|
|
||||||
# newuidmap & newgidmap binaries (shadow-uidmap 4.7-r1) shipped with alpine cannot be executed without CAP_SYS_ADMIN,
|
# newuidmap & newgidmap binaries (shadow-uidmap 4.8.1-r0) shipped with alpine cannot be executed without CAP_SYS_ADMIN,
|
||||||
# because the binaries are built without libcap-dev.
|
# because the binaries are built without libcap-dev.
|
||||||
# So we need to build the binaries with libcap enabled.
|
# So we need to build the binaries with libcap enabled.
|
||||||
|
# TODO: ask the Alpine upstream to enable libcap: https://github.com/moby/buildkit/issues/2038
|
||||||
FROM --platform=$BUILDPLATFORM alpine:${ALPINE_VERSION} AS idmap
|
FROM --platform=$BUILDPLATFORM alpine:${ALPINE_VERSION} AS idmap
|
||||||
RUN apk add --no-cache git autoconf automake clang lld gettext-dev libtool make byacc binutils
|
RUN apk add --no-cache git autoconf automake clang lld gettext-dev libtool make byacc binutils
|
||||||
COPY --from=xx / /
|
COPY --from=xx / /
|
||||||
|
@ -278,10 +268,9 @@ RUN CC=$(xx-clang --print-target-triple)-clang ./autogen.sh --disable-nls --disa
|
||||||
|
|
||||||
# Rootless mode.
|
# Rootless mode.
|
||||||
FROM alpine:${ALPINE_VERSION} AS rootless
|
FROM alpine:${ALPINE_VERSION} AS rootless
|
||||||
RUN apk add --no-cache fuse3 git openssh pigz xz
|
RUN apk add --no-cache fuse3 fuse-overlayfs git openssh pigz xz
|
||||||
COPY --from=idmap /usr/bin/newuidmap /usr/bin/newuidmap
|
COPY --from=idmap /usr/bin/newuidmap /usr/bin/newuidmap
|
||||||
COPY --from=idmap /usr/bin/newgidmap /usr/bin/newgidmap
|
COPY --from=idmap /usr/bin/newgidmap /usr/bin/newgidmap
|
||||||
COPY --from=fuse-overlayfs /out/fuse-overlayfs /usr/bin/
|
|
||||||
# we could just set CAP_SETUID filecap rather than `chmod u+s`, but requires kernel >= 4.14
|
# we could just set CAP_SETUID filecap rather than `chmod u+s`, but requires kernel >= 4.14
|
||||||
RUN chmod u+s /usr/bin/newuidmap /usr/bin/newgidmap \
|
RUN chmod u+s /usr/bin/newuidmap /usr/bin/newgidmap \
|
||||||
&& adduser -D -u 1000 user \
|
&& adduser -D -u 1000 user \
|
||||||
|
|
Loading…
Reference in New Issue