docker challenge https://labs.iximiuz.com/challenges/pick-the-right-distroless-base-image
- 使用 logs 来查看容器的日志
exec /server: no such file or directory- 暂时看不出来啥问题,猜测是 CMD 位置错误,后面意识到理解错误了
- 使用 dive 来查看 container 信息
- 使用
cp来复制二进制 server 文件到本地运行,没有报错 (8080 端口)docker cp status-checker:/server .
- 根据提示使用
file和ldd来查看文件动态链接的 so 文件
root@docker-01:~# file server
server: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=016df6500c2c3df1dd3ce82d9e9a5bd547584c97, for GNU/Linux 3.2.0, with debug_info, not strippedroot@docker-01:~# ldd server
linux-vdso.so.1 (0x00007ffde5df1000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fbc097e4000)
/lib64/ld-linux-x86-64.so.2 (0x00007fbc0a379000)[!NOTE]
linux-vdso.so.11 没有实体文件,文件 GNU/LINUX 编译,那么需要 libc,动态连接/lib64/ld-linux-x86-64.so.2
- 现在根据上面的理解修改成下面的 Dockerfile
FROM scratch
COPY ./server /server
COPY ./libc.so.6 /lib/x86_64-linux-gnu/libc.so.6
COPY ./ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2
CMD ["/server"]docker build -t tmp .- build 的时候
COPY出现无文件的错误 文件必须和 dockerfile 文件的同级目录下 2The
<src>path must be inside the build context; you can’t useCOPY ../something /something, because the builder can only access files from the context, and../somethingspecifies a parent file or directory of the build context root.
- build 的时候
- 使用
docker run -p 8080:8080 --name status-checker tmp curl localhost:8080报错tls: failed to verify certificate: x509: certificate signed by unknown authority- 发现需要安装
ca-certificates - 重新修改3
FROM golang:alpine as builder
RUN apk update && apk upgrade && apk add --no-cache ca-certificates
RUN update-ca-certificates
FROM scratch
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY ./server /server
COPY ./libc.so.6 /lib/x86_64-linux-gnu/libc.so.6
COPY ./ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2
CMD ["/server"]- 重新 build 并运行通过测试