CML2.9.0と同時リリースされたリファレンスプラットフォームに含まれるコンテナイメージ
CML 2.9.0から新たにコンテナ機能がサポートされています。CML 2.9.0と同時に公開されたリファレンスプラットフォーム「refplat-20250616-fcs-iso」に含まれるコンテナイメージの一覧はSupport for Container Imagesに書かれています。
ここには「splunk」というイメージについて言及されているのですが、「refplat-20250616-fcs-iso」にはこのイメージは含まれていないようです。つまり、実際に含まれているコンテナイメージは以下のようです。
- chrome-136-0-7103-113-1.tar.gz
- dnsmasq-2-9-0.tar.gz
- firefox-138-0-4-build1.tar.gz
- frr-10-2-1-r1.tar.gz
- net-tools-1-0-0.tar.gz
- nginx-3-38.tar.gz
- radius-3-2-1.tar.gz
- syslog-3-38.tar.gz
- tacplus-f4-0-4-28.tar.gz
- thousandeyes-ea-1-210-0.tar.gz
先日、dfimageでDockerコンテナイメージからDockerfileを復元するで触れたdfimageを使い、これらのイメージのDockerfileを確認してみました。
検証環境¶
| 対象 | バージョン |
|---|---|
| Ubuntu | 24.04.2 LTS |
1.chrome-136-0-7103-113-1.tar.gz¶
# dfimage chrome:136.0.7103.113-1
FROM chrome:136.0.7103.113-1
# debian.sh --arch 'amd64' out/ 'bookworm' '@1742169600'
ARG uid=2000
ARG version=136.0.7103.113-1
RUN |2 uid=2000 version=136.0.7103.113-1 RUN test -n "${uid}" || (echo "docker build-arg uid must be set" && false) # buildkit
COPY google-chrome.gpg /usr/share/keyrings/google-chrome.gpg # buildkit
RUN |2 uid=2000 version=136.0.7103.113-1 RUN echo "deb [arch=amd64 signed-by=/usr/share/keyrings/google-chrome.gpg] http://dl.google.com/linux/chrome/deb/ stable main" >/etc/apt/sources.list.d/google-chrome.list # buildkit
RUN |2 uid=2000 version=136.0.7103.113-1 RUN apt-get update && apt-get upgrade -y && \
DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \
software-properties-common \
apt-transport-https \
curl ca-certificates \
i3 \
xdotool \
google-chrome-stable=${version} && \
apt-get autoremove && apt-get clean && rm -rf /var/lib/apt/lists/* && \
useradd -l --create-home --shell /bin/bash -u ${uid} --user-group debian # buildkit
COPY i3config /home/debian/.config/i3/config # buildkit
RUN |2 uid=2000 version=136.0.7103.113-1 RUN mkdir -p /var/run/dbus && \
ln -s /home/debian/.dbus-socket /var/run/dbus/system_bus_socket && \
chown -R debian:debian /home/debian/.config /var/run/dbus/system_bus_socket # buildkit
USER debian
COPY start.sh /start.sh # buildkit
CMD ["/start.sh"]
2.dnsmasq-2-9-0.tar.gz¶
# dfimage dnsmasq:2.9.0
FROM dnsmasq:2.9.0
# debian.sh --arch 'amd64' out/ 'bookworm' '@1742169600'
ENV DEBIAN_FRONTEND=noninteractive
RUN RUN apt-get update && \
apt-get upgrade -y && \
apt-get install -y --no-install-recommends dnsmasq dnsutils && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* # buildkit
COPY dnsmasq.conf /etc/dnsmasq.conf # buildkit
CMD ["dnsmasq" "--no-daemon" "--log-queries" "--log-dhcp" "--log-facility=-"]
3.firefox-138-0-4-build1.tar.gz¶
# dfimage firefox:138.0.4-build1
FROM firefox:138.0.4-build1
# debian.sh --arch 'amd64' out/ 'bookworm' '@1742169600'
ARG uid=2000
ARG version=138.0.4~build1
RUN |2 uid=2000 version=138.0.4~build1 RUN test -n "${uid}" || (echo "docker build-arg uid must be set" && false) # buildkit
RUN |2 uid=2000 version=138.0.4~build1 RUN apt-get update && apt-get upgrade -y && \
DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y curl ca-certificates # buildkit
RUN |2 uid=2000 version=138.0.4~build1 RUN install -d -m 0755 /etc/apt/keyrings && install -d -m 0755 /etc/apt/preferences.d # buildkit
COPY 35baa0b33e9eb396f59ca838c0ba5ce6dc6315a3.asc /etc/apt/trusted.gpg.d/mozilla.gpg # buildkit
COPY mozilla-signing-key.gpg /etc/apt/keyrings/packages.mozilla.org.asc # buildkit
RUN |2 uid=2000 version=138.0.4~build1 RUN echo "deb [signed-by=/etc/apt/keyrings/packages.mozilla.org.asc] https://packages.mozilla.org/apt mozilla main" >/etc/apt/sources.list.d/mozilla.list # buildkit
RUN |2 uid=2000 version=138.0.4~build1 RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \
ca-certificates \
i3 \
xdotool \
firefox=${version} && \
apt-get autoremove && apt-get clean && rm -rf /var/lib/apt/lists/* && \
useradd -l --create-home --shell /bin/bash -u ${uid} --user-group debian # buildkit
COPY policies.json /usr/lib/firefox/distribution/policies.json # buildkit
USER debian
COPY i3config /home/debian/.config/i3/config # buildkit
COPY start.sh /start.sh # buildkit
CMD ["/start.sh"]
4.frr-10-2-1-r1.tar.gz¶
# dfimage frr:10.2.1-r1
FROM frr:10.2.1-r1
ADD alpine-minirootfs-3.21.3-x86_64.tar.gz / # buildkit
CMD ["/bin/sh"]
COPY start.sh /start.sh # buildkit
RUN RUN apk add --no-cache busybox-extras frr ethtool && \
mkdir /config && \
chmod 700 /start.sh && \
echo "service integrated-vtysh-config" >>/etc/frr/vtysh.conf && \
touch /etc/frr/frr.conf && chmod 777 /etc/frr/frr.conf && \
chmod 777 /etc/frr # buildkit
ENTRYPOINT ["/start.sh"]
5.net-tools-1-0-0.tar.gz¶
# dfimage net-tools:1.0.0
FROM net-tools:1.0.0
# debian.sh --arch 'amd64' out/ 'bookworm' '@1742169600'
ENV DEBIAN_FRONTEND=noninteractive
RUN RUN apt-get update && \
apt-get upgrade -y && \
apt-get install -y --no-install-recommends \
bash iproute2 iputils-ping net-tools mtr-tiny iperf3 traceroute fping \
sensible-utils curl telnet netcat-openbsd socat snmp termshark \
openssh-client vim nano less jq yq httpie procps dnsutils bash dhcping nmap && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* # buildkit
COPY mibs.tar.gz / # buildkit
RUN RUN tar zxvf mibs.tar.gz && rm mibs.tar.gz # buildkit
COPY motd /etc/motd # buildkit
RUN RUN echo "cat /etc/motd" >> /root/.bashrc # buildkit
ENTRYPOINT ["/bin/bash" "-i"]
CMD []
6.nginx-3-38.tar.gz¶
# dfimage nginx:3.38
FROM nginx:3.38
# debian.sh --arch 'amd64' out/ 'bookworm' '@1745798400'
LABEL maintainer=NGINX Docker Maintainers <docker-maint@nginx.com>
ENV NGINX_VERSION=1.27.5
ENV NJS_VERSION=0.8.10
ENV NJS_RELEASE=1~bookworm
ENV PKG_RELEASE=1~bookworm
ENV DYNPKG_RELEASE=1~bookworm
RUN RUN set -x \
&& groupadd --system --gid 101 nginx \
&& useradd --system --gid nginx --no-create-home --home /nonexistent --comment "nginx user" --shell /bin/false --uid 101 nginx \
&& apt-get update \
&& apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \
&& \
NGINX_GPGKEYS="573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 8540A6F18833A80E9C1653A42FD21310B49F6B46 9E9BE90EACBCDE69FE9B204CBCDCD8A38D88A2B3"; \
NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; \
export GNUPGHOME="$(mktemp -d)"; \
found=''; \
for NGINX_GPGKEY in $NGINX_GPGKEYS; do \
for server in \
hkp://keyserver.ubuntu.com:80 \
pgp.mit.edu \
; do \
echo "Fetching GPG key $NGINX_GPGKEY from $server"; \
gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \
done; \
test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \
done; \
gpg1 --export "$NGINX_GPGKEYS" > "$NGINX_GPGKEY_PATH" ; \
rm -rf "$GNUPGHOME"; \
apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \
&& dpkgArch="$(dpkg --print-architecture)" \
&& nginxPackages=" \
nginx=${NGINX_VERSION}-${PKG_RELEASE} \
nginx-module-xslt=${NGINX_VERSION}-${DYNPKG_RELEASE} \
nginx-module-geoip=${NGINX_VERSION}-${DYNPKG_RELEASE} \
nginx-module-image-filter=${NGINX_VERSION}-${DYNPKG_RELEASE} \
nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} \
" \
&& case "$dpkgArch" in \
amd64|arm64) \
echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \
&& apt-get update \
;; \
*) \
tempDir="$(mktemp -d)" \
&& chmod 777 "$tempDir" \
&& savedAptMark="$(apt-mark showmanual)" \
&& apt-get update \
&& apt-get install --no-install-recommends --no-install-suggests -y \
curl \
devscripts \
equivs \
git \
libxml2-utils \
lsb-release \
xsltproc \
&& ( \
cd "$tempDir" \
&& REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \
&& REVISION=${REVISION%~*} \
&& curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz \
&& PKGOSSCHECKSUM="c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 *${REVISION}.tar.gz" \
&& if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \
echo "pkg-oss tarball checksum verification succeeded!"; \
else \
echo "pkg-oss tarball checksum verification failed!"; \
exit 1; \
fi \
&& tar xzvf ${REVISION}.tar.gz \
&& cd pkg-oss-${REVISION} \
&& cd debian \
&& for target in base module-geoip module-image-filter module-njs module-xslt; do \
make rules-$target; \
mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \
debuild-$target/nginx-$NGINX_VERSION/debian/control; \
done \
&& make base module-geoip module-image-filter module-njs module-xslt \
) \
&& apt-mark showmanual | xargs apt-mark auto > /dev/null \
&& { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \
&& ls -lAFh "$tempDir" \
&& ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \
&& grep '^Package: ' "$tempDir/Packages" \
&& echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \
&& apt-get -o Acquire::GzipIndexes=false update \
;; \
esac \
&& apt-get install --no-install-recommends --no-install-suggests -y \
$nginxPackages \
gettext-base \
curl \
&& apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \
&& if [ -n "$tempDir" ]; then \
apt-get purge -y --auto-remove \
&& rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \
fi \
&& ln -sf /dev/stdout /var/log/nginx/access.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log \
&& mkdir /docker-entrypoint.d # buildkit
COPY docker-entrypoint.sh / # buildkit
COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d # buildkit
COPY 15-local-resolvers.envsh /docker-entrypoint.d # buildkit
COPY 20-envsubst-on-templates.sh /docker-entrypoint.d # buildkit
COPY 30-tune-worker-processes.sh /docker-entrypoint.d # buildkit
ENTRYPOINT ["/docker-entrypoint.sh"]
EXPOSE map[80/tcp:{}]
STOPSIGNAL SIGQUIT
CMD ["nginx" "-g" "daemon off;"]
7.radius-3-2-1.tar.gz¶
# dfimage radius:3.2.1
FROM radius:3.2.1
# debian.sh --arch 'amd64' out/ 'bookworm' '@1742169600'
ENV DEBIAN_FRONTEND=noninteractive
RUN RUN apt-get update && \
apt-get upgrade -y && \
apt-get install -y --no-install-recommends freeradius && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* # buildkit
RUN RUN mv /etc/freeradius/3.0/radiusd.conf /etc/freeradius/3.0/radiusd.conf-original && \
mv /etc/freeradius/3.0/clients.conf /etc/freeradius/3.0/clients.conf-original && \
mv /etc/freeradius/3.0/mods-config/files/authorize /etc/freeradius/3.0/mods-config/files/authorize-original # buildkit
COPY radiusd.conf /etc/freeradius/3.0/radiusd.conf # buildkit
COPY clients.conf /etc/freeradius/3.0/clients.conf # buildkit
COPY users /etc/freeradius/3.0/mods-config/files/authorize # buildkit
EXPOSE map[1812/udp:{}]
EXPOSE map[1813/udp:{}]
CMD ["freeradius" "-f" "-lstdout"]
8.syslog-3-38.tar.gz¶
# dfimage syslog:3.38
FROM syslog:3.38
# debian.sh --arch 'amd64' out/ 'bookworm' '@1742169600'
ENV DEBIAN_FRONTEND=noninteractive
RUN RUN apt-get update && \
apt-get upgrade -y && \
apt-get install -y --no-install-recommends syslog-ng && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* # buildkit
COPY syslog-ng.conf /etc/syslog-ng/syslog-ng.conf # buildkit
CMD ["syslog-ng" "--stderr" "--verbose" "--foreground" "--no-caps"]
9.tacplus-f4-0-4-28.tar.gz¶
# dfimage tacplus:f4.0.4.28
FROM tacplus:f4.0.4.28
# debian.sh --arch 'amd64' out/ 'bookworm' '@1742169600'
COPY /usr/local/ /usr/local/ # buildkit
COPY /usr/lib/x86_64-linux-gnu/libwrap* /usr/lib/x86_64-linux-gnu/ # buildkit
COPY /usr/lib/x86_64-linux-gnu/libnsl* /usr/lib/x86_64-linux-gnu/ # buildkit
COPY /usr/lib/x86_64-linux-gnu/libtirpc* /usr/lib/x86_64-linux-gnu/ # buildkit
COPY /usr/lib/x86_64-linux-gnu/libgssapi* /usr/lib/x86_64-linux-gnu/ # buildkit
COPY /usr/lib/x86_64-linux-gnu/libkrb5* /usr/lib/x86_64-linux-gnu/ # buildkit
COPY /usr/lib/x86_64-linux-gnu/libk5crypto* /usr/lib/x86_64-linux-gnu/ # buildkit
COPY /usr/lib/x86_64-linux-gnu/libkeyutils* /usr/lib/x86_64-linux-gnu/ # buildkit
EXPOSE map[49/tcp:{}]
ENV LD_LIBRARY_PATH=/usr/local/lib
CMD ["/usr/local/sbin/tac_plus" "-t" "-G" "-C" "/etc/tac_plus.conf" "-d8" "-d16" "-l" "/var/log/tac_plus.log"]
10.thousandeyes-ea-1-210-0.tar.gz¶
このイメージは別のリポジトリからイメージをロードしているようで、Dockerfileを復元できませんでした。
# dfimage thousandeyes/enterprise-agent:latest-agent
FROM thousandeyes/enterprise-agent:latest-agent