Docker镜像反推Dockerfile文件
以nginx为例,我们要分析一下该镜像构建以及产出的Dockerfile过程
docker history
这个工具是docker自带的,一般情况下它可以满足我们查看构建过程的需求,但是不会很完美
看一下帮助文档
docker history --help
Usage: docker history [OPTIONS] IMAGE
Show the history of an image
Aliases:
docker image history, docker history
Options:
--format string Format output using a custom template:
'table': Print output in table format
with column headers (default)
'table TEMPLATE': Print output in table format
using the given Go template
'json': Print in JSON format
'TEMPLATE': Print output using the given
Go template.
Refer to https://docs.docker.com/go/formatting/
for more information about formatting output with
templates
-H, --human Print sizes and dates in human readable format
(default true)
--no-trunc Don't truncate output
-q, --quiet Only show image IDs
进行查询
docker history nginx
IMAGE CREATED CREATED BY SIZE COMMENT
92b11f67642b 8 weeks ago CMD ["nginx" "-g" "daemon off;"] 0B buildkit.dockerfile.v0
<missing> 8 weeks ago STOPSIGNAL SIGQUIT 0B buildkit.dockerfile.v0
<missing> 8 weeks ago EXPOSE map[80/tcp:{}] 0B buildkit.dockerfile.v0
<missing> 8 weeks ago ENTRYPOINT ["/docker-entrypoint.sh"] 0B buildkit.dockerfile.v0
<missing> 8 weeks ago COPY 30-tune-worker-processes.sh /docker-ent鈥? 4.62kB buildkit.dockerfile.v0
<missing> 8 weeks ago COPY 20-envsubst-on-templates.sh /docker-ent鈥? 3.02kB buildkit.dockerfile.v0
<missing> 8 weeks ago COPY 15-local-resolvers.envsh /docker-entryp鈥? 336B buildkit.dockerfile.v0
<missing> 8 weeks ago COPY 10-listen-on-ipv6-by-default.sh /docker鈥? 2.12kB buildkit.dockerfile.v0
<missing> 8 weeks ago COPY docker-entrypoint.sh / # buildkit 1.62kB buildkit.dockerfile.v0
<missing> 8 weeks ago RUN /bin/sh -c set -x && groupadd --syst鈥? 112MB buildkit.dockerfile.v0
<missing> 8 weeks ago ENV PKG_RELEASE=1~bookworm 0B buildkit.dockerfile.v0
<missing> 8 weeks ago ENV NJS_VERSION=0.8.3 0B buildkit.dockerfile.v0
<missing> 8 weeks ago ENV NGINX_VERSION=1.25.4 0B buildkit.dockerfile.v0
<missing> 8 weeks ago LABEL maintainer=NGINX Docker Maintainers <d鈥? 0B buildkit.dockerfile.v0
<missing> 8 weeks ago /bin/sh -c #(nop) CMD ["bash"] 0B
<missing> 8 weeks ago /bin/sh -c #(nop) ADD file:b86ae1c7ca3586d8f鈥? 74.8MB
由于是逆序排序,所以我们需要从下往上看,并且呢命令比较长的话不是很友好。还有它删除了RUN命令,仅仅可以看到RUN命令后面的内容。
为了看完整的过程,可以使用如下命令
docker history --format {{.CreatedBy}} --no-trunc=true 镜像名称/镜像ID|sed "s?/bin/sh\ -c\ \#(nop)\ ??g"|sed "s?/bin/sh\ -c?RUN?g" | tac
示例:
docker history --format {{.CreatedBy}} --no-trunc=true nginx|sed "s?/bin/sh\ -c\ \#(nop)\ ??g"|sed "s?/bin/sh\ -c?RUN?g" | tac
输出结果:
ADD file:d4bb05cb4d403a78b4ab5cd8d620330659d5aeb25f847d104ebc02c3a0f32624 in /
CMD ["bash"]
LABEL maintainer=NGINX Docker Maintainers <docker-maint@nginx.com>
ENV NGINX_VERSION=1.25.4
ENV NJS_VERSION=0.8.3
ENV PKG_RELEASE=1~bookworm
RUN RUN set -x && groupadd --system --gid 101 nginx && useradd --system --gid nginx --no-create-home --home /nonexistent --comment "nginx user" --shell /bin/false --uid 101 nginx && apt-get update && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates && NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; NGINX_GPGKEY_PATH=/usr/share/keyrings/nginx-archive-keyring.gpg; export GNUPGHOME="$(mktemp -d)"; found=''; for server in hkp://keyserver.ubuntu.com:80 pgp.mit.edu ; do echo "Fetching GPG key $NGINX_GPGKEY from $server"; gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; done; test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; gpg1 --export "$NGINX_GPGKEY" > "$NGINX_GPGKEY_PATH" ; rm -rf "$GNUPGHOME"; apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* && dpkgArch="$(dpkg --print-architecture)" && nginxPackages=" nginx=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} " && case "$dpkgArch" in amd64|arm64) echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list && apt-get update ;; *) echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list && tempDir="$(mktemp -d)" && chmod 777 "$tempDir" && savedAptMark="$(apt-mark showmanual)" && apt-get update && apt-get build-dep -y $nginxPackages && ( cd "$tempDir" && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" apt-get source --compile $nginxPackages ) && apt-mark showmanual | xargs apt-mark auto > /dev/null && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } && ls -lAFh "$tempDir" && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) && grep '^Package: ' "$tempDir/Packages" && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list && apt-get -o Acquire::GzipIndexes=false update ;; esac && apt-get install --no-install-recommends --no-install-suggests -y $nginxPackages gettext-base curl && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list && if [ -n "$tempDir" ]; then apt-get purge -y --auto-remove && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; fi && ln -sf /dev/stdout /var/log/nginx/access.log && ln -sf /dev/stderr /var/log/nginx/error.log && mkdir /docker-entrypoint.d # buildkit
COPY docker-entrypoint.sh / # buildkit
COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d # buildkit
COPY 15-local-resolvers.envsh /docker-entrypoint.d # buildkit
COPY 20-envsubst-on-templates.sh /docker-entrypoint.d # buildkit
COPY 30-tune-worker-processes.sh /docker-entrypoint.d # buildkit
ENTRYPOINT ["/docker-entrypoint.sh"]
EXPOSE map[80/tcp:{}]
STOPSIGNAL SIGQUIT
CMD ["nginx" "-g" "daemon off;"]
评论区