Skip to content

Instantly share code, notes, and snippets.

@awesomebytes

awesomebytes/Dockerfile

Forked from Tryum/Dockerfile
Created May 3, 2018 09:15
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save awesomebytes/4678028a4366dae0df1068e81d86b52f to your computer and use it in GitHub Desktop.
Save awesomebytes/4678028a4366dae0df1068e81d86b52f to your computer and use it in GitHub Desktop.
Download ZIP
Dockerfile to build 32 bit Docker container, for 32 bit docker daemon dev
Raw
Dockerfile
# This file describes the standard way to build Docker, using docker
#
# Usage:
#
# # Assemble the full dev environment. This is slow the first time.
# docker build -t docker .
#
# # Mount your source in an interactive container for quick testing:
# docker run -v `pwd`:/go/src/github.com/docker/docker --privileged -i -t docker bash
#
# # Run the test suite:
# docker run --privileged docker hack/make.sh test
#
# # Publish a release:
# docker run --privileged \
# -e AWS_S3_BUCKET=baz \
# -e AWS_ACCESS_KEY=foo \
# -e AWS_SECRET_KEY=bar \
# -e GPG_PASSPHRASE=gloubiboulga \
# docker hack/release.sh
#
# Note: AppArmor used to mess with privileged mode, but this is no longer
# the case. Therefore, you don't have to disable it anymore.
#
FROM prateekgogia/ubuntu32
# add zfs ppa
RUN apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys E871F18B51E0147C77796AC81196BA81F6B0FC61
RUN echo deb http://ppa.launchpad.net/zfs-native/stable/ubuntu trusty main > /etc/apt/sources.list.d/zfs.list
# add llvm repo
RUN apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 6084F3CF814B57C1CF12EFD515CF4D18AF4F7421
RUN echo deb http://llvm.org/apt/trusty/ llvm-toolchain-trusty main > /etc/apt/sources.list.d/llvm.list
# Packaged dependencies
RUN apt-get update && apt-get install -y \
apparmor \
aufs-tools \
automake \
bash-completion \
btrfs-tools \
build-essential \
clang-3.6 \
createrepo \
curl \
dpkg-sig \
gcc-mingw-w64 \
git \
iptables \
jq \
libapparmor-dev \
libcap-dev \
libltdl-dev \
libsqlite3-dev \
libsystemd-journal-dev \
libtool \
mercurial \
pkg-config \
python-dev \
python-mock \
python-pip \
python-websocket \
s3cmd=1.1.0* \
ubuntu-zfs \
xfsprogs \
libzfs-dev \
tar \
--no-install-recommends \
&& ln -snf /usr/bin/clang-3.6 /usr/local/bin/clang \
&& ln -snf /usr/bin/clang++-3.6 /usr/local/bin/clang++
# Get lvm2 source for compiling statically
ENV LVM2_VERSION 2.02.103
RUN mkdir -p /usr/local/lvm2 \
&& curl -fsSL "https://mirrors.kernel.org/sourceware/lvm2/LVM2.${LVM2_VERSION}.tgz" \
| tar -xzC /usr/local/lvm2 --strip-components=1
# see https://git.fedorahosted.org/cgit/lvm2.git/refs/tags for release tags
# Compile and install lvm2
RUN cd /usr/local/lvm2 \
&& ./configure \
--build="$(gcc -print-multiarch)" \
--enable-static_link \
&& make device-mapper \
&& make install_device-mapper
# see https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL
# Install Go
# IMPORTANT: If the version of Go is updated, the Windows to Linux CI machines
# will need updating, to avoid errors. Ping #docker-maintainers on IRC
# with a heads-up.
ENV GO_VERSION 1.7
RUN curl -fsSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-386.tar.gz" \
| tar -xzC /usr/local
ENV PATH /go/bin:/usr/local/go/bin:$PATH
ENV GOPATH /go:/go/src/github.com/docker/docker/vendor
# Compile Go for cross compilation
ENV DOCKER_CROSSPLATFORMS \
linux/386 linux/arm \
darwin/amd64 \
freebsd/amd64 freebsd/386 freebsd/arm \
windows/amd64 windows/386
# (set an explicit GOARM of 5 for maximum compatibility)
ENV GOARM 5
# This has been commented out and kept as reference because we don't support compiling with older Go anymore.
# ENV GOFMT_VERSION 1.3.3
# RUN curl -sSL https://storage.googleapis.com/golang/go${GOFMT_VERSION}.$(go env GOOS)-$(go env GOARCH).tar.gz | tar -C /go/bin -xz --strip-components=2 go/bin/gofmt
ENV GO_TOOLS_COMMIT 823804e1ae08dbb14eb807afc7db9993bc9e3cc3
# Grab Go's cover tool for dead-simple code coverage testing
# Grab Go's vet tool for examining go code to find suspicious constructs
# and help prevent errors that the compiler might not catch
RUN git clone https://github.com/golang/tools.git /go/src/golang.org/x/tools \
&& (cd /go/src/golang.org/x/tools && git checkout -q $GO_TOOLS_COMMIT) \
&& go install -v golang.org/x/tools/cmd/cover \
&& go install -v golang.org/x/tools/cmd/vet
# Grab Go's lint tool
ENV GO_LINT_COMMIT 32a87160691b3c96046c0c678fe57c5bef761456
RUN git clone https://github.com/golang/lint.git /go/src/github.com/golang/lint \
&& (cd /go/src/github.com/golang/lint && git checkout -q $GO_LINT_COMMIT) \
&& go install -v github.com/golang/lint/golint
# Configure the container for OSX cross compilation
ENV OSX_SDK MacOSX10.11.sdk
RUN set -x \
&& export OSXCROSS_PATH="/osxcross" \
&& git clone --depth 1 https://github.com/tpoechtrager/osxcross.git $OSXCROSS_PATH \
&& curl -sSL https://s3.dockerproject.org/darwin/${OSX_SDK}.tar.xz -o "${OSXCROSS_PATH}/tarballs/${OSX_SDK}.tar.xz" \
&& UNATTENDED=yes OSX_VERSION_MIN=10.6 ${OSXCROSS_PATH}/build.sh
ENV PATH /osxcross/target/bin:$PATH
# install seccomp
# this can be changed to the ubuntu package libseccomp-dev if dockerinit is removed,
# we need libseccomp.a (which the package does not provide) for dockerinit
ENV SECCOMP_VERSION 2.2.3
RUN set -x \
&& export SECCOMP_PATH="$(mktemp -d)" \
&& curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_VERSION}/libseccomp-${SECCOMP_VERSION}.tar.gz" \
| tar -xzC "$SECCOMP_PATH" --strip-components=1 \
&& ( \
cd "$SECCOMP_PATH" \
&& ./configure --prefix=/usr/local \
&& make \
&& make install \
&& ldconfig \
) \
&& rm -rf "$SECCOMP_PATH"
# Install two versions of the registry. The first is an older version that
# only supports schema1 manifests. The second is a newer version that supports
# both. This allows integration-cli tests to cover push/pull with both schema1
# and schema2 manifests.
ENV REGISTRY_COMMIT_SCHEMA1 ec87e9b6971d831f0eff752ddb54fb64693e51cd
ENV REGISTRY_COMMIT cb08de17d74bef86ce6c5abe8b240e282f5750be
RUN set -x \
&& export GOPATH="$(mktemp -d)" \
&& git clone https://github.com/docker/distribution.git "$GOPATH/src/github.com/docker/distribution" \
&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT") \
&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
go build -o /usr/local/bin/registry-v2 github.com/docker/distribution/cmd/registry \
&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT_SCHEMA1") \
&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
go build -o /usr/local/bin/registry-v2-schema1 github.com/docker/distribution/cmd/registry \
&& rm -rf "$GOPATH"
# Install notary server
ENV NOTARY_VERSION docker-v1.10-3
RUN set -x \
&& export GOPATH="$(mktemp -d)" \
&& git clone https://github.com/docker/notary.git "$GOPATH/src/github.com/docker/notary" \
&& (cd "$GOPATH/src/github.com/docker/notary" && git checkout -q "$NOTARY_VERSION") \
&& GOPATH="$GOPATH/src/github.com/docker/notary/Godeps/_workspace:$GOPATH" \
go build -o /usr/local/bin/notary-server github.com/docker/notary/cmd/notary-server \
&& GOPATH="$GOPATH/src/github.com/docker/notary/Godeps/_workspace:$GOPATH" \
go build -o /usr/local/bin/notary github.com/docker/notary/cmd/notary \
&& rm -rf "$GOPATH"
# Get the "docker-py" source so we can run their integration tests
ENV DOCKER_PY_COMMIT e2878cbcc3a7eef99917adc1be252800b0e41ece
RUN git clone https://github.com/docker/docker-py.git /docker-py \
&& cd /docker-py \
&& git checkout -q $DOCKER_PY_COMMIT \
&& pip install -r test-requirements.txt
# Setup s3cmd config
RUN { \
echo '[default]'; \
echo 'access_key=$AWS_ACCESS_KEY'; \
echo 'secret_key=$AWS_SECRET_KEY'; \
} > ~/.s3cfg
# Set user.email so crosbymichael's in-container merge commits go smoothly
RUN git config --global user.email 'docker-dummy@example.com'
# Add an unprivileged user to be used for tests which need it
RUN groupadd -r docker
RUN useradd --create-home --gid docker unprivilegeduser
VOLUME /var/lib/docker
WORKDIR /go/src/github.com/docker/docker
ENV DOCKER_BUILDTAGS apparmor seccomp selinux
# Let us use a .bashrc file
RUN ln -sfv $PWD/.bashrc ~/.bashrc
# Register Docker's bash completion.
RUN ln -sv $PWD/contrib/completion/bash/docker /etc/bash_completion.d/docker
# Get useful and necessary Hub images so we can "docker load" locally instead of pulling
COPY contrib/download-frozen-image-v2.sh /go/src/github.com/docker/docker/contrib/
RUN ./contrib/download-frozen-image-v2.sh /docker-frozen-images \
buildpack-deps:jessie@sha256:25785f89240fbcdd8a74bdaf30dd5599a9523882c6dfc567f2e9ef7cf6f79db6 \
busybox:latest@sha256:e4f93f6ed15a0cdd342f5aae387886fba0ab98af0a102da6276eaf24d6e6ade0 \
debian:jessie@sha256:f968f10b4b523737e253a97eac59b0d1420b5c19b69928d35801a6373ffe330e \
hello-world:latest@sha256:8be990ef2aeb16dbcb9271ddfe2610fa6658d13f6dfb8bc72074cc1ca36966a7
# see also "hack/make/.ensure-frozen-images" (which needs to be updated any time this list is)
# Download man page generator
RUN set -x \
&& export GOPATH="$(mktemp -d)" \
&& git clone --depth 1 -b v1.0.4 https://github.com/cpuguy83/go-md2man.git "$GOPATH/src/github.com/cpuguy83/go-md2man" \
&& git clone --depth 1 -b v1.4 https://github.com/russross/blackfriday.git "$GOPATH/src/github.com/russross/blackfriday" \
&& go get -v -d github.com/cpuguy83/go-md2man \
&& go build -v -o /usr/local/bin/go-md2man github.com/cpuguy83/go-md2man \
&& rm -rf "$GOPATH"
# Download toml validator
ENV TOMLV_COMMIT 9baf8a8a9f2ed20a8e54160840c492f937eeaf9a
RUN set -x \
&& export GOPATH="$(mktemp -d)" \
&& git clone https://github.com/BurntSushi/toml.git "$GOPATH/src/github.com/BurntSushi/toml" \
&& (cd "$GOPATH/src/github.com/BurntSushi/toml" && git checkout -q "$TOMLV_COMMIT") \
&& go build -v -o /usr/local/bin/tomlv github.com/BurntSushi/toml/cmd/tomlv \
&& rm -rf "$GOPATH"
# Install runc
ENV RUNC_COMMIT cc29e3dded8e27ba8f65738f40d251c885030a28
RUN set -x \
&& export GOPATH="$(mktemp -d)" \
&& git clone https://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \
&& cd "$GOPATH/src/github.com/opencontainers/runc" \
&& git checkout -q "$RUNC_COMMIT" \
&& make static BUILDTAGS="seccomp apparmor selinux" \
&& cp runc /usr/local/bin/docker-runc \
&& rm -rf "$GOPATH"
# Install containerd
ENV CONTAINERD_COMMIT 8508d2bec90b96403143a1104cdcbd56f6aeb361
RUN set -x \
&& export GOPATH="$(mktemp -d)" \
&& git clone https://github.com/docker/containerd.git "$GOPATH/src/github.com/docker/containerd" \
&& cd "$GOPATH/src/github.com/docker/containerd" \
&& git checkout -q "$CONTAINERD_COMMIT" \
&& make static \
&& cp bin/containerd /usr/local/bin/docker-containerd \
&& cp bin/containerd-shim /usr/local/bin/docker-containerd-shim \
&& cp bin/ctr /usr/local/bin/docker-containerd-ctr \
&& rm -rf "$GOPATH"
# Build/install the tool for embedding resources in Windows binaries
ENV RSRC_COMMIT ba14da1f827188454a4591717fff29999010887f
RUN set -x \
&& export GOPATH="$(mktemp -d)" \
&& git clone https://github.com/akavel/rsrc.git "$GOPATH/src/github.com/akavel/rsrc" \
&& (cd "$GOPATH/src/github.com/akavel/rsrc" && git checkout -q "$RSRC_COMMIT") \
&& go build -v -o /usr/local/bin/rsrc github.com/akavel/rsrc \
&& rm -rf "$GOPATH"
# Wrap all commands in the "docker-in-docker" script to allow nested containers
ENTRYPOINT ["hack/dind"]
# Upload docker source
COPY . /go/src/github.com/docker/docker
@dberardo-com
Copy link

is it possible to use this technique to INSTALL and run docker on a 32bit linux machine? Or is this meant to be used to run a 32bit docker container on a 64bit machine?

@awesomebytes
Copy link
Author

I don't remember the details exactly as this was a while ago. However, I remember I was building docker for a 32bit OS. This produced binaries to run docker. The problem I had after trying to run them was that the kernel of my 32bit OS didn't have the necessary modules to run docker. So I never got to really use it. My system had no root access so I could not do anything to make this work.

I used a 32bit virtual machine to build those docker binaries for a 32bit machine.

Running 32bit containers on a 64bit machine should just work I think.

May I ask what kind of 32bit OS machine do you have @dberardo-com ? Maybe I can provide more help.

@dberardo-com
Copy link

thanks for the very fast response @awesomebytes

i am trying to follow this guide in the meantime: https://mwhiteley.com/linux-containers/2013/08/31/docker-on-i386.html

as i do have root access to the machine, which is running an old debian jessie OS (i could upgrade it in case).

have you also tried to build docker using the guide above?

@awesomebytes
Copy link
Author

That guide looks familiar @dberardo-com I remember I managed to compile it with one of the guides I found online. Unfortunately it was a very experimental process and I can't find the notes anymore.

I guess you are stuck with a 32bit machine, right? Otherwise you wouldn't be trying to do this.

You could also try to use podman (some friends recommended it) or lxc instead of docker. It may be easier to build (and maybe there are even 32bit builds?)

@dberardo-com
Copy link

the guide from the link alsoo requires installation of lxc on this line:

sudo apt-get -y install git linux-image-extra-$(uname -r) lxc xz-utils

but in fact the command fails because the system cannot find the module linux-image-extra

$ sudo apt-cache search linux-image-extra
>

For Docker, we need a few more prerequisites such as the Linux Containers userspace tools and a kernel module for the Advanced Multi Layered Unification Filesystem.

maybe this was the problem you also encountered?

and to answer your question: yes ... we use very low power edge devices and many of them are based on 32bit architectures. We want to try out containerization on them but seems that docker is playing against us. Would you recommend having a look at podman or lxc? i have no experience at all with them

@awesomebytes
Copy link
Author

Sounds like needing:

For Docker, we need a few more prerequisites such as the Linux Containers userspace tools and a kernel module for the Advanced Multi Layered Unification Filesystem.

Makes a lot of sense as you need some kind of kernel support to run containers.

However, this issue, with fixing PR: containers/podman#6397
Makes me think podman should build for 32bit systems.
I do think that newer your OS the better to get better support, maybe?

@dberardo-com
Copy link

thanks for the advice. I think i am giving up with the idea of installing docker on a 32bit linux machine (although it seems to be easy to install docker on a 32bit WINDOWS machine ... which surprises me ... ).

I think i will explore a bit more the podman / lxc combination, but i wonder: if both docker and lxc are OCI compliant, is it possible to use the same docker images to run on lxc ? Or is my thought too utopistic ?

@awesomebytes
Copy link
Author

As far as I understood, you can use docker images in podman / lxc. I understood that lxc is a bit more barebone and podman is basically the same than docker but without a daemon (which could be more convenient for some cases).

@dberardo-com
Copy link

our sysadmin uses lxc with Proxmox VE so he might give some more insights on the matter.

I will try to dive a bit deeper on the matter and let you know (if this interests you).

Do you know if lxc / podman has also some kind of declarative system like docker-compose? that would be amazing

@awesomebytes
Copy link
Author

awesomebytes commented Jun 30, 2021
edited

Seems like someone made 'podman-compose': https://github.com/containers/podman-compose

And this post from redhat seems to point that you can user docker-compose with podman: https://www.redhat.com/sysadmin/podman-docker-compose

Looking good!

I will try to dive a bit deeper on the matter and let you know (if this interests you).

I am indeed interested. In the times I did this research I was very unfamiliar with docker, nowadays I've been using it for a while and I'm interested in learning more about podman. And of course, the possibility of running this on 32bit. Who knows if in the future I'll be using some low powered device that's 32bits again!

@dberardo-com
Copy link

in fact we gained quite a bit of knowledge on using docker in cloud environments, but when you go lower to the edge it seems to reach its limits...

what i will try to achieve next will be running a docker image using lxc inside OpenWRT 19 with 32bit and less architecture. It seems that this OS supports lxc, but not podman (i could try to cross-compile it myself.

Will let you know how that goes.

It seems that docker compose support on podman is quite fresh, i will tune in and see where it goes.

Do you know if lxc / podman systems can interact with k8s ? that would make lxc reach a whole new level

@awesomebytes
Copy link
Author

As far as I know k8s can interact with whatever container technology. However, I've never used it.

I've used docker for embedded arm64 systems and with normal amd64 systems, both high performance and low power. Docker doesn't really use any resources (other than a lot of disk if you don't take care of image sizes).
For embedded devices running multiple things I did go on a different approach where i run multiple things in one image/container which is a bit unusual.

Anyways, good luck! I'm keen to hear more

@dberardo-com
Copy link

here i am back. i gave docker 32bit compilation a try again, and got into building problems ... i was using the links shared in the past on this post including:

in particular in the last link from SO they mention a simple script which should work to build the docker32 bit image but in fact it does not work. Also i think they miss the important step of building the image using the buld toolkit of docker which i believe is a must ??

However, i have decided to move on and give a try to Podman but quickly realize that i am struggling to install it on Debian 9.
Is there any official way on how to achieve this? in case you know @awesomebytes ?

@awesomebytes
Copy link
Author

@dberardo-com I do not know of any way, sorry. 32bit systems are becoming more and more rare so the world of unsupported software is only growing.

I wish you good luck, and I'd love to know if you manage to make it work, but you are on a hard path!

@dberardo-com
Copy link

thanks for the update, let's see how that turns out

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment