registry/Dockerfile

ARG GO_VERSION=1.13.8

FROM golang:${GO_VERSION}-alpine3.11 AS build

ENV DISTRIBUTION_DIR /go/src/github.com/docker/distribution
ENV BUILDTAGS include_oss include_gcs

ARG GOOS=linux
ARG GOARCH=amd64
ARG GOARM=6
ARG VERSION
ARG REVISION

RUN set -ex \
    && apk add --no-cache make git file

WORKDIR $DISTRIBUTION_DIR
COPY . $DISTRIBUTION_DIR
RUN CGO_ENABLED=0 make PREFIX=/go clean binaries && file ./bin/registry | grep "statically linked"

FROM alpine:3.11

RUN set -ex \
    && apk add --no-cache ca-certificates apache2-utils

COPY cmd/registry/config-dev.yml /etc/docker/registry/config.yml
COPY --from=build /go/src/github.com/docker/distribution/bin/registry /bin/registry
VOLUME ["/var/lib/registry"]
EXPOSE 5000
ENTRYPOINT ["registry"]
CMD ["serve", "/etc/docker/registry/config.yml"]
Update Golang 1.13.8 full diff: https://github.com/golang/go/compare/go1.13.7...go1.13.8 go1.13.8 (released 2020/02/12) includes fixes to the runtime, the crypto/x509, and net/http packages. See the Go 1.13.8 milestone on the issue tracker for details. https://github.com/golang/go/issues?q=milestone%3AGo1.13.8+label%3ACherryPickApproved Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2020-02-22 16:59:03 +00:00			`ARG GO_VERSION=1.13.8`
Update Golang 1.13.7 (CVE-2020-0601, CVE-2020-7919) full diff: https://github.com/golang/go/compare/go1.13.4...go1.13.7 go1.13.7 (released 2020/01/28) includes two security fixes. One mitigates the CVE-2020-0601 certificate verification bypass on Windows. The other affects only 32-bit architectures. https://github.com/golang/go/issues?q=milestone%3AGo1.13.7+label%3ACherryPickApproved - X.509 certificate validation bypass on Windows 10 A Windows vulnerability allows attackers to spoof valid certificate chains when the system root store is in use. These releases include a mitigation for Go applications, but it’s strongly recommended that affected users install the Windows security update to protect their system. This issue is CVE-2020-0601 and Go issue golang.org/issue/36834. - Panic in crypto/x509 certificate parsing and golang.org/x/crypto/cryptobyte On 32-bit architectures, a malformed input to crypto/x509 or the ASN.1 parsing functions of golang.org/x/crypto/cryptobyte can lead to a panic. The malformed certificate can be delivered via a crypto/tls connection to a client, or to a server that accepts client certificates. net/http clients can be made to crash by an HTTPS server, while net/http servers that accept client certificates will recover the panic and are unaffected. Thanks to Project Wycheproof for providing the test cases that led to the discovery of this issue. The issue is CVE-2020-7919 and Go issue golang.org/issue/36837. This is also fixed in version v0.0.0-20200124225646-8b5121be2f68 of golang.org/x/crypto/cryptobyte. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2020-01-29 12:15:29 +00:00
Dockerfile: use alpine 3.11 Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2020-01-29 12:17:07 +00:00			`FROM golang:${GO_VERSION}-alpine3.11 AS build`
Dockerfile: build with the RADOS driver Signed-off-by: Vincent Giersch <vincent.giersch@ovh.net> 2015-06-01 10:15:53 +00:00
Update the Dockerfile to use the Godeps versions of libraries and to explicitly use golang:1.4 This speeds up the build (and makes it more consistent) since it doesn't have to clone a bunch of repos. :+1: Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com> 2015-01-21 03:04:19 +00:00			`ENV DISTRIBUTION_DIR /go/src/github.com/docker/distribution`
Use same env var in Dockerfile and Makefile Ensures that build tags get set in the Dockerfile so that OSS and GCS drivers are built into the official registry binary. Closes #2819 Signed-off-by: Ryan Abrams <rdabrams@gmail.com> (cherry picked from commit bf74e4f91d114a3fc8e8ab1249f99c15e12bef94) Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2019-01-16 19:14:22 +00:00			`ENV BUILDTAGS include_oss include_gcs`
Update Dockerfile to use Makefile to build binary Signed-off-by: Stephen J Day <stephen.day@docker.com> 2015-01-29 23:37:22 +00:00
Add ARGs for cross-compiling Add build args. Defaults to Linux/x64 so no change to existing image, but can build for other platforms - e.g. ``` docker build --build-arg GOOS=windows -t distribution-builder:windows . ``` Signed-off-by: Elton Stoneman <elton@sixeyed.com> 2017-05-23 08:58:05 +00:00			`ARG GOOS=linux`
			`ARG GOARCH=amd64`
Add GOARM flag to dockerfile When building with arm on alpine, GOARM should be set to 6 by default. Signed-off-by: Derek McGowan <derek@mcgstyle.net> 2018-11-28 18:40:29 +00:00			`ARG GOARM=6`
allow for VERSION and REVISION to be passed in during docker builds Signed-off-by: Alex Laties <agl@tumblr.com> 2019-06-26 21:50:29 +00:00			`ARG VERSION`
			`ARG REVISION`
Add ARGs for cross-compiling Add build args. Defaults to Linux/x64 so no change to existing image, but can build for other platforms - e.g. ``` docker build --build-arg GOOS=windows -t distribution-builder:windows . ``` Signed-off-by: Elton Stoneman <elton@sixeyed.com> 2017-05-23 08:58:05 +00:00
reorder Dockerfile steps for better layer caching Running `apk add` before copying source into the image takes better adavantage of layer caching when developing and regularly building the image. This avoids source code changes invalidating the `apk add` layer and causing that step to run on every image build. Signed-off-by: Adam Duke <adam.v.duke@gmail.com> 2016-07-21 23:14:32 +00:00			`RUN set -ex \`
update Dockerfile to multi-stage Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com> 2018-10-15 22:46:01 +00:00			`&& apk add --no-cache make git file`
reorder Dockerfile steps for better layer caching Running `apk add` before copying source into the image takes better adavantage of layer caching when developing and regularly building the image. This avoids source code changes invalidating the `apk add` layer and causing that step to run on every image build. Signed-off-by: Adam Duke <adam.v.duke@gmail.com> 2016-07-21 23:14:32 +00:00
Update the Dockerfile to use the Godeps versions of libraries and to explicitly use golang:1.4 This speeds up the build (and makes it more consistent) since it doesn't have to clone a bunch of repos. :+1: Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com> 2015-01-21 03:04:19 +00:00			`WORKDIR $DISTRIBUTION_DIR`
			`COPY . $DISTRIBUTION_DIR`
update Dockerfile to multi-stage Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com> 2018-10-15 22:46:01 +00:00			`RUN CGO_ENABLED=0 make PREFIX=/go clean binaries && file ./bin/registry \| grep "statically linked"`
Initial Dockerfile for running registry 2014-12-10 23:57:41 +00:00
Dockerfile: use alpine 3.11 Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2020-01-29 12:17:07 +00:00			`FROM alpine:3.11`
change default Dockerfile to install ssl utils Signed-off-by: andyzhangx <xiazhang@microsoft.com> 2019-01-10 03:47:21 +00:00
			`RUN set -ex \`
			`&& apk add --no-cache ca-certificates apache2-utils`

update Dockerfile to multi-stage Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com> 2018-10-15 22:46:01 +00:00			`COPY cmd/registry/config-dev.yml /etc/docker/registry/config.yml`
			`COPY --from=build /go/src/github.com/docker/distribution/bin/registry /bin/registry`
Updating the location of the volume to match the new location of the default registry data location. Signed-off-by: Jeff Nickoloff <jeff@allingeek.com> 2015-06-11 04:24:16 +00:00			`VOLUME ["/var/lib/registry"]`
Initial Dockerfile for running registry 2014-12-10 23:57:41 +00:00			`EXPOSE 5000`
Use entrypoint in Dockerfile Signed-off-by: Ben Firshman <ben@firshman.co.uk> 2015-04-06 14:05:11 +00:00			`ENTRYPOINT ["registry"]`
Implements garbage collection subcommand - Includes a change in the command to run the registry. The registry server itself is now started up as a subcommand. - Includes changes to the high level interfaces to support enumeration of various registry objects. Signed-off-by: Andrew T Nguyen <andrew.nguyen@docker.com> 2016-01-19 22:26:15 +00:00			`CMD ["serve", "/etc/docker/registry/config.yml"]`