diff --git a/pkg/docker-ce/Dockerfile b/pkg/docker-ce/Dockerfile index 7837bd3f0..1fcf50c34 100644 --- a/pkg/docker-ce/Dockerfile +++ b/pkg/docker-ce/Dockerfile @@ -1,15 +1,9 @@ -FROM alpine:3.5 +FROM linuxkit/alpine:f0169b60fb260d74025496ae6fd93213fecaba8f@sha256:23743c7206ebe8a609442c5ac7084a26ed45ce8f5213960428bca264225849f1 AS mirror -# Docker daemon only minimal Alpine install - -# set up Docker group -# set up subuid/subgid so that "--userns-remap=default" works out-of-the-box -RUN set -x \ - && addgroup -S docker \ - && addgroup -S dockremap \ - && adduser -S -G dockremap dockremap \ - && echo 'dockremap:165536:65536' >> /etc/subuid \ - && echo 'dockremap:165536:65536' >> /etc/subgid +FROM alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8 +COPY --from=mirror /etc/apk/repositories /etc/apk/repositories +COPY --from=mirror /etc/apk/keys /etc/apk/keys/ +COPY --from=mirror /mirror /mirror/ # https://github.com/docker/docker/blob/master/project/PACKAGERS.md#runtime-dependencies # removed openssl as I do not think server needs it @@ -22,6 +16,16 @@ RUN apk add --no-cache \ iptables \ xfsprogs \ xz +RUN rm -rf /mirror /etc/apk/repositories /etc/apk/keys + +# set up Docker group +# set up subuid/subgid so that "--userns-remap=default" works out-of-the-box +RUN set -x \ + && addgroup -S docker \ + && addgroup -S dockremap \ + && adduser -S -G dockremap dockremap \ + && echo 'dockremap:165536:65536' >> /etc/subuid \ + && echo 'dockremap:165536:65536' >> /etc/subgid ENV DOCKER_BUCKET get.docker.com ENV DOCKER_VERSION 17.04.0-ce diff --git a/pkg/docker-ce/Makefile b/pkg/docker-ce/Makefile index 66c0a7e28..0fb994e43 100644 --- a/pkg/docker-ce/Makefile +++ b/pkg/docker-ce/Makefile @@ -1,29 +1,14 @@ .PHONY: tag push - -BASE=alpine:3.5 -IMAGE=docker-ce - default: push -hash: Dockerfile - DOCKER_CONTENT_TRUST=1 docker pull $(BASE) - tar cf - $^ | docker build --no-cache -t $(IMAGE):build - - docker run --entrypoint /bin/sh --rm $(IMAGE):build -c 'cat $^ /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > $@ +IMAGE=docker-ce +DEPS=Dockerfile -push: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - (docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) && \ - docker push linuxkit/$(IMAGE):$(shell cat hash)) - docker rmi $(IMAGE):build - rm -f hash +HASH?=$(shell git ls-tree HEAD -- ../$(notdir $(CURDIR)) | awk '{print $$3}') -tag: hash - docker pull linuxkit/$(IMAGE):$(shell cat hash) || \ - docker tag $(IMAGE):build linuxkit/$(IMAGE):$(shell cat hash) - docker rmi $(IMAGE):build - rm -f hash +tag: $(DEPS) + docker build --squash --no-cache -t linuxkit/$(IMAGE):$(HASH) . -clean: - rm -f hash - -.DELETE_ON_ERROR: +push: tag + docker pull linuxkit/$(IMAGE):$(HASH) || \ + docker push linuxkit/$(IMAGE):$(HASH)