-
Notifications
You must be signed in to change notification settings - Fork 21
/
Dockerfile
60 lines (59 loc) · 2.34 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
ARG BCI_IMAGE=registry.suse.com/bci/bci-base
ARG GO_IMAGE=rancher/hardened-build-base:v1.22.7b1
FROM ${BCI_IMAGE} as bci
FROM ${GO_IMAGE} as builder
ARG GOOS="linux"
ARG TARGETARCH
# setup required packages
RUN set -x && \
apk --no-cache add \
btrfs-progs-dev \
btrfs-progs-static \
file \
gcc \
git \
libselinux-dev \
libseccomp-dev \
libseccomp-static \
make \
mercurial \
subversion \
unzip
RUN if [ "${TARGETARCH}" == "arm64" ]; then \
curl -LO https://github.com/protocolbuffers/protobuf/releases/download/v3.17.3/protoc-3.17.3-linux-aarch_64.zip; \
unzip protoc-3.17.3-linux-aarch_64.zip -d /usr; \
else \
curl -LO https://github.com/protocolbuffers/protobuf/releases/download/v3.17.3/protoc-3.17.3-linux-x86_64.zip; \
unzip protoc-3.17.3-linux-x86_64.zip -d /usr; \
fi
# setup containerd build
ARG SRC="github.com/k3s-io/containerd"
ARG PKG="github.com/containerd/containerd"
ARG TAG="v1.7.11-k3s1"
RUN git clone --depth=1 https://${SRC}.git $GOPATH/src/${PKG}
WORKDIR $GOPATH/src/${PKG}
RUN git fetch --tags --depth=1 origin ${TAG}
RUN git checkout tags/${TAG} -b ${TAG}
RUN export GO_LDFLAGS="-linkmode=external \
-X ${PKG}/version.Version=${TAG} \
-X ${PKG}/version.Package=${SRC} \
-X ${PKG}/version.Revision=$(git rev-parse HEAD) \
" && \
export GO_BUILDTAGS="apparmor,seccomp,selinux,static_build,netgo,osusergo" && \
export GO_BUILDFLAGS="-gcflags=-trimpath=${GOPATH}/src -tags=${GO_BUILDTAGS}" && \
go-build-static.sh ${GO_BUILDFLAGS} -o bin/ctr ./cmd/ctr && \
go-build-static.sh ${GO_BUILDFLAGS} -o bin/containerd ./cmd/containerd && \
go-build-static.sh ${GO_BUILDFLAGS} -o bin/containerd-stress ./cmd/containerd-stress && \
go-build-static.sh ${GO_BUILDFLAGS} -o bin/containerd-shim ./cmd/containerd-shim && \
go-build-static.sh ${GO_BUILDFLAGS} -o bin/containerd-shim-runc-v1 ./cmd/containerd-shim-runc-v1 && \
go-build-static.sh ${GO_BUILDFLAGS} -o bin/containerd-shim-runc-v2 ./cmd/containerd-shim-runc-v2
RUN go-assert-static.sh bin/*
RUN if [ "${TARGETARCH}" = "amd64" ]; then \
go-assert-boring.sh \
bin/ctr \
bin/containerd; \
fi
RUN install -s bin/* /usr/local/bin
RUN containerd --version
FROM bci
COPY --from=builder /usr/local/bin/ /usr/local/bin/