Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

What is the purpose of COPY --from=gloursdocker/docker / /? #401

Open
lucassus opened this issue Nov 6, 2023 · 10 comments
Open

What is the purpose of COPY --from=gloursdocker/docker / /? #401

lucassus opened this issue Nov 6, 2023 · 10 comments

Comments

@lucassus
Copy link

lucassus commented Nov 6, 2023

This instruction, for some reason, is used in many examples.
The comment install Docker tools (cli, buildx, compose) in my opinion, is not really helpful.
@zozitak
Copy link

zozitak commented Nov 15, 2023

google search first result to "gloursdocker/docker" :
https://registry.hub.docker.com/layers/gloursdocker/docker/latest/images/sha256-a66243282b1165f556ec4a91d749c1ebc81dd28bcfbce653ccf49b01ae3b3fdf

@lucassus
Copy link
Author

@zozitak thank you. I saw it, but still it's pretty hard to figure out what it exactly does.

@arjuuuuunnnnn
Copy link

Copying all the contents of the root directory (/) from the gloursdocker/docker image into the root directory (/) of the current build stage

@ehhc
Copy link

ehhc commented Apr 30, 2024

Copying all the contents of the root directory (/) from the gloursdocker/docker image into the root directory (/) of the current build stage

Thanks for your answer. I believe, most of us here understand, what that command literally does. I hopped for a bit more explanation on why the root directory was copied and some elaboration about the effects of this copying…

@arjuuuuunnnnn
Copy link

Copying all the contents of the root directory (/) from the gloursdocker/docker image into the root directory (/) of the current build stage

Thanks for your answer. I believe, most of us here understand, what that command literally does. I hopped for a bit more explanation on why the root directory was copied and some elaboration about the effects of this copying…

When you build a Docker image, each instruction in the Dockerfile creates a new layer on top of the previous one

gloursdocker/docker this is the official docker image which has all the base files required for the application

so here we are copying the entire contents of the gloursdocker/docker to our docker image
as there is already an image of gloursdocker/docker which is official image of docker

we need not build the same image again and used the cached one from gloursdocker/docker
also coming to the question 'why the root directory was copied'

  • to include the entire contents of that base image as the foundation for the new Docker image being built

@antun
Copy link

antun commented Aug 27, 2024

I found this thread after asking myself the same question, and like @lucassus , I'm still unclear of what the purpose of the line is?

I understand it copies some files from the gloursdocker/docker image, but those files are not required for the fastapi application. If you remove that line, the fastapi will still build/run successfully.

The files it copies - such as docker and docker-compose - are used from the host rather than inside the container, so the purpose of copying them into an image during build time is a mystery. Maybe there's a specific use case, but I can't think of what it might be.

@lucassus
Copy link
Author

TBH my first thought was that this copy from gloursdocker/docker might be a way to inject some malware. Imagine a situation where someone silently does something nasty with this image.

@AngryVelociraptor
Copy link

AngryVelociraptor commented Oct 20, 2024
edited
Loading

TBH my first thought was that this copy from gloursdocker/docker might be a way to inject some malware. Imagine a situation where someone silently does something nasty with this image.

Yes, this is my thought as well. An example repository where lots of devs copy/paste from is an ideal place to slip some malware into.
@glours needs to provide some explanation here. As it stands, I find this deeply suspicious.

@mikesir87
Copy link
Member

Thanks all for raising this! I'll be sure to raise this internally and see if we can get this resolved ASAP.

The reasoning for it... many of the examples in this repo were previously updated to support Docker's dev environment feature, which required additional support and tooling inside of the image. Since then, dev environments have been deprecated and the Compsoe-based configuration was removed. But, it appears the Dockerfiles were not updated.

We'll get it fixed. And yes, it is understandable to have security concerns for this. In the meantime, feel free to ignore this line as it should not affect the running of any of the examples in this repo.

@OneCricketeer
Copy link

I feel like I've seen an "ad" for Dev Environments in Docker Desktop, but I assumed that was another name for .devcontainer? If not, it would be nice to see that offered as an alternative to whatever this Dev Environment feature was.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@lucassus @mikesir87 @OneCricketeer @antun @ehhc @zozitak @AngryVelociraptor @arjuuuuunnnnn