Split out init to have standalone runc, containerd

Also add ca-certificates to base, needed to use `dist` to pull. Make two stage builds for `containerd` and `runc` so they have a from `scratch` second stage. Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2025-09-19 18:12:10 +00:00 · 2017-04-07 16:25:18 +01:00
parent 9553bbf514
commit a54a694772
17 changed files with 80 additions and 55 deletions
--- a/pkg/runc/Dockerfile
+++ b/pkg/runc/Dockerfile
@@ -0,0 +1,24 @@
+FROM golang:1.7-alpine3.5
+RUN \
+  apk update && apk upgrade -a && \
+  apk add --no-cache \
+  bash \
+  gcc \
+  git \
+  libc-dev \
+  libseccomp-dev \
+  linux-headers \
+  make \
+  && true
+ENV RUNC_COMMIT=ac50e77bbb440dcab354a328c79754e2502b79ca
+RUN mkdir -p $GOPATH/src/github.com/opencontainers && \
+  cd $GOPATH/src/github.com/opencontainers && \
+  git clone https://github.com/opencontainers/runc.git
+WORKDIR $GOPATH/src/github.com/opencontainers/runc
+RUN git checkout $RUNC_COMMIT
+# TODO static pie, currently no easy way to change build options
+RUN make static BUILDTAGS="seccomp"
+RUN cp runc /usr/bin/
+WORKDIR /
+RUN printf "FROM scratch\nCOPY /usr/bin/runc /usr/bin/\n" > Dockerfile
+CMD ["tar", "cf", "-", "Dockerfile", "usr/bin/runc"]