diff --git a/Dockerfile b/Dockerfile index 9c6aa7036..4942292e1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,6 +9,17 @@ RUN corepack enable WORKDIR /app ARG CLAWDBOT_DOCKER_APT_PACKAGES="" +ARG CLAWDBOT_DOCKER_OFFICIAL_REPO="" +RUN if [ -n "$CLAWDBOT_DOCKER_OFFICIAL_REPO" ]; then \ + apt-get update && \ + DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends ca-certificates curl gnupg && \ + install -m 0755 -d /etc/apt/keyrings && \ + curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg && \ + chmod a+r /etc/apt/keyrings/docker.gpg && \ + echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian bookworm stable" > /etc/apt/sources.list.d/docker.list && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/*; \ + fi RUN if [ -n "$CLAWDBOT_DOCKER_APT_PACKAGES" ]; then \ apt-get update && \ DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends $CLAWDBOT_DOCKER_APT_PACKAGES && \ diff --git a/docker-setup.sh b/docker-setup.sh index 0f7571e96..1f61e74c4 100755 --- a/docker-setup.sh +++ b/docker-setup.sh @@ -31,6 +31,7 @@ export CLAWDBOT_BRIDGE_PORT="${CLAWDBOT_BRIDGE_PORT:-18790}" export CLAWDBOT_GATEWAY_BIND="${CLAWDBOT_GATEWAY_BIND:-lan}" export CLAWDBOT_IMAGE="$IMAGE_NAME" export CLAWDBOT_DOCKER_APT_PACKAGES="${CLAWDBOT_DOCKER_APT_PACKAGES:-}" +export CLAWDBOT_DOCKER_OFFICIAL_REPO="${CLAWDBOT_DOCKER_OFFICIAL_REPO:-}" if [[ -z "${CLAWDBOT_GATEWAY_TOKEN:-}" ]]; then if command -v openssl >/dev/null 2>&1; then @@ -163,11 +164,13 @@ upsert_env "$ENV_FILE" \ CLAWDBOT_IMAGE \ CLAWDBOT_EXTRA_MOUNTS \ CLAWDBOT_HOME_VOLUME \ - CLAWDBOT_DOCKER_APT_PACKAGES + CLAWDBOT_DOCKER_APT_PACKAGES \ + CLAWDBOT_DOCKER_OFFICIAL_REPO echo "==> Building Docker image: $IMAGE_NAME" docker build \ --build-arg "CLAWDBOT_DOCKER_APT_PACKAGES=${CLAWDBOT_DOCKER_APT_PACKAGES}" \ + --build-arg "CLAWDBOT_DOCKER_OFFICIAL_REPO=${CLAWDBOT_DOCKER_OFFICIAL_REPO}" \ -t "$IMAGE_NAME" \ -f "$ROOT_DIR/Dockerfile" \ "$ROOT_DIR" diff --git a/docs/install/docker.md b/docs/install/docker.md index 8ca80e53b..59f33904f 100644 --- a/docs/install/docker.md +++ b/docs/install/docker.md @@ -45,6 +45,7 @@ This script: Optional env vars: - `CLAWDBOT_DOCKER_APT_PACKAGES` — install extra apt packages during build +- `CLAWDBOT_DOCKER_OFFICIAL_REPO` — add Docker's official APT repository to the image - `CLAWDBOT_EXTRA_MOUNTS` — add extra host bind mounts - `CLAWDBOT_HOME_VOLUME` — persist `/home/node` in a named volume @@ -133,6 +134,28 @@ Notes: - If you change `CLAWDBOT_DOCKER_APT_PACKAGES`, rerun `docker-setup.sh` to rebuild the image. +### Add Docker official APT repository (optional) + +If you need Docker CLI tools (e.g. `docker-ce-cli`) inside the image, set +`CLAWDBOT_DOCKER_OFFICIAL_REPO` before running `docker-setup.sh`. This +configures Docker's official APT repository with GPG key verification during +the image build, so packages from it can be installed via +`CLAWDBOT_DOCKER_APT_PACKAGES`. + +Example: + +```bash +export CLAWDBOT_DOCKER_OFFICIAL_REPO=1 +export CLAWDBOT_DOCKER_APT_PACKAGES="docker-ce-cli" +./docker-setup.sh +``` + +Notes: +- Set to any non-empty value to enable (e.g. `1`). +- The repository is added before `CLAWDBOT_DOCKER_APT_PACKAGES` runs, so Docker + packages are available for installation in the same build. +- If you change this value, rerun `docker-setup.sh` to rebuild the image. + ### Faster rebuilds (recommended) To speed up rebuilds, order your Dockerfile so dependency layers are cached.