Change containerd and runc to use multistage builds from new Alpine base

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2025-09-20 00:27:27 +00:00 · 2017-05-08 22:37:59 +01:00
parent f2fc503bb0
commit 61bbbf0808
23 changed files with 52 additions and 84 deletions
--- a/pkg/runc/Dockerfile
+++ b/pkg/runc/Dockerfile
@@ -1,15 +1,16 @@
-FROM golang:1.7-alpine3.5
+FROM linuxkit/alpine:d0cef04aa75159e373fa08a49478ed6bf4adb9b4@sha256:4d8e181db968645b8b3308d2fe725e6f7bb9d9d44a9c3c7782e86c02a6d9e0f1 as alpine
 RUN \
-  apk update && apk upgrade -a && \
-  apk add --no-cache \
+  apk add \
  bash \
  gcc \
  git \
+  go \
  libc-dev \
  libseccomp-dev \
  linux-headers \
  make \
  && true
+ENV GOPATH=/root/go
 ENV RUNC_COMMIT=ac50e77bbb440dcab354a328c79754e2502b79ca
 RUN mkdir -p $GOPATH/src/github.com/opencontainers && \
  cd $GOPATH/src/github.com/opencontainers && \
@@ -19,6 +20,8 @@ RUN git checkout $RUNC_COMMIT
 # TODO static pie, currently no easy way to change build options
 RUN make static BUILDTAGS="seccomp"
 RUN cp runc /usr/bin/
+
+FROM scratch
+ENTRYPOINT []
 WORKDIR /
-RUN printf "FROM scratch\nCOPY /usr/bin/runc /usr/bin/\n" > Dockerfile
-CMD ["tar", "cf", "-", "Dockerfile", "usr/bin/runc"]
+COPY --from=alpine /usr/bin/runc /usr/bin/