Formed in 2009, the Archive Team (not to be confused with the archive.org Archive-It Team) is a rogue archivist collective dedicated to saving copies of rapidly dying or deleted websites for the sake of history and digital heritage. The group is 100% composed of volunteers and interested parties, and has expanded into a large amount of related projects for saving online and digital history.
Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upIntroduce windows images #362
Conversation
|
A couple of things we'll need to think about:
|
This would also involve updating their SHA256-sums which are used instead of GPG signature checking. |
|
I keep the Windows Dockerfiles up to date with this update.sh |
|
We could switch over to GPG signature checking for Windows as well. But I only found https://www.gpg4win.org/package-integrity.html which burries the gpg.exe into a exe installer and eventually not working in Nanoserver. It is complex to get rid of the temporary exe installer again I guess. But once we have PR moby/moby#31257 in offical Docker engine we could run the gpg installer in windowsservercore, then download and check GPG signature and extract the ZIPs and finally draft small windowsservercore and nanoserver images with multiple FROM instructions. In my dockerfiles repo I could switch to this approach as I'm using AppVeyory and can switch to master builds of dockerd.exe very easily. |
|
That would be a way to do it. See a proof-of-concept at
which does the gpg installation, adding the gpg keys, downloading SHA256SUMS.txt.asc checking the signature and grepping the checksum for the zip file and the final sha256 check itself. |
|
@StefanScherer could you include updates to the files @chorrell mentions? You can look at the python repo for examples of |
StefanScherer
force-pushed the
StefanScherer:introduce-windows-images
branch
2 times, most recently
from
2dab140
to
3d6a793
|
@SimenB I've updated the |
|
@nodejs/docker any reason not to merge this? If not, how do we handle CI? @tianon does this look correct to you? Is using multi-stage builds ok? |
|
@StefanScherer could you paste the output from running Edit: oops, wrong tag. Fat thumbs! |
|
Maybe I should add Yarn as well? |
Definitely! |
|
|
||
| FROM microsoft/nanoserver | ||
|
|
||
| SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
StefanScherer
Jul 23, 2017
Author
Three things:
- set the default SHELL to PowerShell to simplify the next RUN instructions.
$ErrorActionPreference = 'Stop'is equivalent toset -e, correct$ProgressPreference = 'SilentlyContinue'to improve speed for downloading files and expanding ZIP files. It disables the progress output.
| @@ -1,3 +1,4 @@ | |||
| bashbrew-arch variants | |||
| amd64 default,alpine,onbuild,slim,wheezy | |||
| ppc64le default,onbuild,slim | |||
| windows-amd64 windowsservercore,windowsservercore/onbuild,nanoserver,nanoserver/onbuild | |||
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
StefanScherer
Jul 23, 2017
Author
I used windows-amd64 as it seems to be used for other official images, see https://github.com/docker-library/official-images/blob/master/README.md#architectures-other-than-amd64. It's a combination of OS + ARCH.
This comment has been minimized.
This comment has been minimized.
|
@SimenB This is the output of |
|
I had a look at Yarn how to install it on Windows. I can't take the similar way as on Linux, there is no *.asc file and there is only a MSI package. But they provide a Chocolatey package that does the download + checksum check here. |
| local variants | ||
| variants=$(grep "$arch" architectures | sed -E 's/'"$arch"'\s*//' | sed -E 's/,/ /g') | ||
| variants=$(grep "^$arch" architectures | sed -E 's/'"$arch"'\s*//' | sed -E 's/,/ /g') |
This comment has been minimized.
This comment has been minimized.
|
I am not familiar with Windows images. I believe you verify them in your windows machine. Need people who is familiar with windows to review these Dockerfiles. and Others are LGTM |
|
Oh, a Should we ask the Yarn team to provide a GPG signature for the MSI package? |
|
@yhwang Don't worry. Adding AppVeyor CI would help testing further pull requests for the Windows images. I have added an Think of AppVeyor = Travis, but for Windows :-) |
|
Do we need to use the msi? Why not just download the JS file (that's what the other images do, right?)? /Cc @Daniel15 as he has done lots of work on yarn packaging (and use Windows!) |
|
I thought about |
Why can't we do the same for windows? AFAIK there are no native dependencies, it should be pure JS |
|
@SimenB Good idea. Yes, even the .tar.gz has the |
|
Still not so easy, I need 7-Zip to extract the .tar.gz |
|
Hm, trying to make atomic multi-line |
If you think having no windows images is better than somewhat heftier images, that's perfectly fine. |
|
Oh we're coming closer to nanoserver images without a multi-stage build. tar + curl will be part of next nanoserver images ( https://blogs.technet.microsoft.com/virtualization/2017/12/19/tar-and-curl-come-to-windows/ ). So we only have to convince that yarn should be shipped as tar or zip instead of an msi and have the gpg binary. |
|
We just download a tarball for linux, why not windows (as long as we check the signature)? (I might have forgotten some reasons why since summer, but I'd love to land this) |
Daniel15
commented
Dec 19, 2017
|
Yarn has no native dependencies, so the same tarball works on both Linux and Windows. The installer contains the exact same files as the tarball, it just does some extra config (adds Yarn to the system path) and is Authenticode signed. |
|
I will review nanoserver + yarn once the new nanoserver-insider:17063 are available. Today's announcement was only for Windows 10. |
fkorotkov
commented
Feb 21, 2018
|
Thank you for working on node images! It's a great help for the whole community. I've noticed that I was wondering if we can include |
v-karbovnichy
commented
Mar 3, 2018
|
Anyone, any news on this? |
|
We will see new Docker images with next semi-annual Windows Server 1803(?) in the next few weeks. These have With these two binaries it would be possible to download and extract eg. node-v8.10.0-win-x64.zip and the yarn.tar.gz. But in NanoServer we still have no sha checksum tool and also the GPG binaries I use are 32bit, so they won't work in NanoServer. To produce NanoServer based images we still depend on multi-stage builds. The Windows Server Core based images have the disadvantage that you maybe have to download a really fat Windows Update layer if your Windows Server does not have the correct base image already pulled. So I'm really looking forward to use multi-stage builds for the Windows Dockerfiles. :-) |
JustinBeckwith
commented
May 6, 2019
|
I know this issue has been floating around for a while, but we're really excited to see something like this land :) Anything we can do to help? |
|
docker-library/official-images#5929 has landed, so we should be able to use multi-staged builds now. @StefanScherer wanna refresh this? |
|
Thanks @SimenB for the heads-up. That are very good news. A lot things changed since then, a lot of base images for different Windows OS versions are available, nanoserver:sac2016 and 1709 is already deprecated. Do you know if this repo also has access to multiple Windows Server versions? The golang repo uses eg. |
|
I don't know, maybe @tianon could chime in? |
|
If any other official images can, I believe that we also can, just need help from official image team. Maybe we can resolve some of the conflicts first? |
|
The main obstacles at the time was that there was that we were unable to install a GPG tool to validate the download on nanoserver. |
|
I would recommend just ditching PGP verification for Windows -- IMO the added overhead of installing a tool isn't worth the benefit (a SHA256 or similar should be sufficient). What I'd recommend for getting Nano Server accepted here is to structure this with Windows Server Core variants that Nano Server uses via See docker-library/openjdk@e4f01b5 for an example of this approach I've just played with over on OpenJDK (although that one will ultimately likely not end up getting published due to https://bugs.openjdk.java.net/browse/JDK-8218486 / https://bugs.openjdk.java.net/browse/JDK-8225425 which still plagues even OpenJDK 13 -- Nano Server really just doesn't seem to be actually supported by OpenJDK, and I'd caution only going forward with Nano Server here if the Node.js community is going to support Nano Server officially). |
Daniel15
commented
Jul 3, 2019
|
Do you even need PGP verification on Windows, if you're using Authenticode verification? |
|
I have a version with MSI and Authenticode in #827, but that won't work on nanoserver |
@nodejs/build is this something you can chime in on? Regardless of ^, we could start with |
|
I've not seen any discussion of nanoserver on the Node side and there are no instances in our CI. @joaocgreis is this in your plans at all? |
|
It might be possible to add Nano Server to CI, we are looking into this. cc @MichelLopez |
|
Well, for nanoserver you only need a Windows Server 2016/2019 with Docker engine, then you can run nanoserver containers. There is no nanoserver OS anymore, only as a lightweight container image. |
dmbarry86
commented
Jul 27, 2020
|
What's the latest status with this PR? Doesn't appear to have been any activity for quite a while. I ask because I am looking for exactly this image (node + windowsservercore) for one of our projects. |
StefanScherer commentedMar 22, 2017
This PR introduces Dockerfiles for both Windows base OS images
windowsservercoreandnanoserver.You can use AppVeyor for test builds like the Travis builds for Linux. The
appveyor.ymlis provided with this PR. It runstest-build.ps1which builds and tests the images like thetest-build.shscript.See https://ci.appveyor.com/project/StefanScherer/docker-node for an example.
Supersedes #222 and #223