Merge 64bbabea78 into 4583f88626

Dockerfile

@@ -9,6 +9,17 @@ RUN corepack enable
 WORKDIR /app
 
 ARG CLAWDBOT_DOCKER_APT_PACKAGES=""
+ARG CLAWDBOT_DOCKER_OFFICIAL_REPO=""
+RUN if [ -n "$CLAWDBOT_DOCKER_OFFICIAL_REPO" ]; then \
+      apt-get update && \
+      DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends ca-certificates curl gnupg && \
+      install -m 0755 -d /etc/apt/keyrings && \
+      curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg && \
+      chmod a+r /etc/apt/keyrings/docker.gpg && \
+      echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian bookworm stable" > /etc/apt/sources.list.d/docker.list && \
+      apt-get clean && \
+      rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/*; \
+    fi
 RUN if [ -n "$CLAWDBOT_DOCKER_APT_PACKAGES" ]; then \
       apt-get update && \
       DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends $CLAWDBOT_DOCKER_APT_PACKAGES && \

docker-setup.sh

@@ -31,6 +31,7 @@ export CLAWDBOT_BRIDGE_PORT="${CLAWDBOT_BRIDGE_PORT:-18790}"
 export CLAWDBOT_GATEWAY_BIND="${CLAWDBOT_GATEWAY_BIND:-lan}"
 export CLAWDBOT_IMAGE="$IMAGE_NAME"
 export CLAWDBOT_DOCKER_APT_PACKAGES="${CLAWDBOT_DOCKER_APT_PACKAGES:-}"
+export CLAWDBOT_DOCKER_OFFICIAL_REPO="${CLAWDBOT_DOCKER_OFFICIAL_REPO:-}"
 
 if [[ -z "${CLAWDBOT_GATEWAY_TOKEN:-}" ]]; then
   if command -v openssl >/dev/null 2>&1; then
@@ -163,11 +164,13 @@ upsert_env "$ENV_FILE" \
   CLAWDBOT_IMAGE \
   CLAWDBOT_EXTRA_MOUNTS \
   CLAWDBOT_HOME_VOLUME \
-  CLAWDBOT_DOCKER_APT_PACKAGES
+  CLAWDBOT_DOCKER_APT_PACKAGES \
+  CLAWDBOT_DOCKER_OFFICIAL_REPO
 
 echo "==> Building Docker image: $IMAGE_NAME"
 docker build \
   --build-arg "CLAWDBOT_DOCKER_APT_PACKAGES=${CLAWDBOT_DOCKER_APT_PACKAGES}" \
+  --build-arg "CLAWDBOT_DOCKER_OFFICIAL_REPO=${CLAWDBOT_DOCKER_OFFICIAL_REPO}" \
   -t "$IMAGE_NAME" \
   -f "$ROOT_DIR/Dockerfile" \
   "$ROOT_DIR"

docs/install/docker.md

@@ -45,6 +45,7 @@ This script:
 
 Optional env vars:
 - `CLAWDBOT_DOCKER_APT_PACKAGES` — install extra apt packages during build
+- `CLAWDBOT_DOCKER_OFFICIAL_REPO` — add Docker's official APT repository to the image
 - `CLAWDBOT_EXTRA_MOUNTS` — add extra host bind mounts
 - `CLAWDBOT_HOME_VOLUME` — persist `/home/node` in a named volume
 
@@ -133,6 +134,28 @@ Notes:
 - If you change `CLAWDBOT_DOCKER_APT_PACKAGES`, rerun `docker-setup.sh` to rebuild
   the image.
 
+### Add Docker official APT repository (optional)
+
+If you need Docker CLI tools (e.g. `docker-ce-cli`) inside the image, set
+`CLAWDBOT_DOCKER_OFFICIAL_REPO` before running `docker-setup.sh`. This
+configures Docker's official APT repository with GPG key verification during
+the image build, so packages from it can be installed via
+`CLAWDBOT_DOCKER_APT_PACKAGES`.
+
+Example:
+
+```bash
+export CLAWDBOT_DOCKER_OFFICIAL_REPO=1
+export CLAWDBOT_DOCKER_APT_PACKAGES="docker-ce-cli"
+./docker-setup.sh
+```
+
+Notes:
+- Set to any non-empty value to enable (e.g. `1`).
+- The repository is added before `CLAWDBOT_DOCKER_APT_PACKAGES` runs, so Docker
+  packages are available for installation in the same build.
+- If you change this value, rerun `docker-setup.sh` to rebuild the image.
+
 ### Faster rebuilds (recommended)
 
 To speed up rebuilds, order your Dockerfile so dependency layers are cached.