Merge 64bbabea78 into 4583f88626

2026-01-29 19:00:20 +00:00 · 2026-01-29 19:00:20 +00:00 · 03a928546d
commit 03a928546d
parent 4583f88626 64bbabea78
3 changed files with 38 additions and 1 deletions
--- a/11
+++ b/11
@ -9,6 +9,17 @@ RUN corepack enable
 WORKDIR /app

 ARG CLAWDBOT_DOCKER_APT_PACKAGES=""
+ARG CLAWDBOT_DOCKER_OFFICIAL_REPO=""
+RUN if [ -n "$CLAWDBOT_DOCKER_OFFICIAL_REPO" ]; then \
+      apt-get update && \
+      DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends ca-certificates curl gnupg && \
+      install -m 0755 -d /etc/apt/keyrings && \
+      curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg && \
+      chmod a+r /etc/apt/keyrings/docker.gpg && \
+      echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian bookworm stable" > /etc/apt/sources.list.d/docker.list && \
+      apt-get clean && \
+      rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/*; \
+    fi
 RUN if [ -n "$CLAWDBOT_DOCKER_APT_PACKAGES" ]; then \
      apt-get update && \
      DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends $CLAWDBOT_DOCKER_APT_PACKAGES && \
--- a/docker-setup.sh
+++ b/docker-setup.sh
@ -31,6 +31,7 @@ export CLAWDBOT_BRIDGE_PORT="${CLAWDBOT_BRIDGE_PORT:-18790}"
 export CLAWDBOT_GATEWAY_BIND="${CLAWDBOT_GATEWAY_BIND:-lan}"
 export CLAWDBOT_IMAGE="$IMAGE_NAME"
 export CLAWDBOT_DOCKER_APT_PACKAGES="${CLAWDBOT_DOCKER_APT_PACKAGES:-}"
+export CLAWDBOT_DOCKER_OFFICIAL_REPO="${CLAWDBOT_DOCKER_OFFICIAL_REPO:-}"

 if [[ -z "${CLAWDBOT_GATEWAY_TOKEN:-}" ]]; then
  if command -v openssl >/dev/null 2>&1; then
@ -163,11 +164,13 @@ upsert_env "$ENV_FILE" \
  CLAWDBOT_IMAGE \
  CLAWDBOT_EXTRA_MOUNTS \
  CLAWDBOT_HOME_VOLUME \
-  CLAWDBOT_DOCKER_APT_PACKAGES
+  CLAWDBOT_DOCKER_APT_PACKAGES \
+  CLAWDBOT_DOCKER_OFFICIAL_REPO

 echo "==> Building Docker image: $IMAGE_NAME"
 docker build \
  --build-arg "CLAWDBOT_DOCKER_APT_PACKAGES=${CLAWDBOT_DOCKER_APT_PACKAGES}" \
+  --build-arg "CLAWDBOT_DOCKER_OFFICIAL_REPO=${CLAWDBOT_DOCKER_OFFICIAL_REPO}" \
  -t "$IMAGE_NAME" \
  -f "$ROOT_DIR/Dockerfile" \
  "$ROOT_DIR"
--- a/docs/install/docker.md
+++ b/docs/install/docker.md
@ -45,6 +45,7 @@ This script:

 Optional env vars:
 - `CLAWDBOT_DOCKER_APT_PACKAGES` — install extra apt packages during build
+- `CLAWDBOT_DOCKER_OFFICIAL_REPO` — add Docker's official APT repository to the image
 - `CLAWDBOT_EXTRA_MOUNTS` — add extra host bind mounts
 - `CLAWDBOT_HOME_VOLUME` — persist `/home/node` in a named volume

@ -133,6 +134,28 @@ Notes:
 - If you change `CLAWDBOT_DOCKER_APT_PACKAGES`, rerun `docker-setup.sh` to rebuild
  the image.

+### Add Docker official APT repository (optional)
+
+If you need Docker CLI tools (e.g. `docker-ce-cli`) inside the image, set
+`CLAWDBOT_DOCKER_OFFICIAL_REPO` before running `docker-setup.sh`. This
+configures Docker's official APT repository with GPG key verification during
+the image build, so packages from it can be installed via
+`CLAWDBOT_DOCKER_APT_PACKAGES`.
+
+Example:
+
+```bash
+export CLAWDBOT_DOCKER_OFFICIAL_REPO=1
+export CLAWDBOT_DOCKER_APT_PACKAGES="docker-ce-cli"
+./docker-setup.sh
+```
+
+Notes:
+- Set to any non-empty value to enable (e.g. `1`).
+- The repository is added before `CLAWDBOT_DOCKER_APT_PACKAGES` runs, so Docker
+  packages are available for installation in the same build.
+- If you change this value, rerun `docker-setup.sh` to rebuild the image.
+
 ### Faster rebuilds (recommended)

 To speed up rebuilds, order your Dockerfile so dependency layers are cached.