Introduce windows images#362
Uh oh!
There was an error while loading. Please reload this page.
Conversation
chorrell commented Mar 22, 2017
A couple of things we'll need to think about:
|
pesho commented Mar 22, 2017
This would also involve updating their SHA256-sums which are used instead of GPG signature checking. |
StefanScherer commented Mar 22, 2017
I keep the Windows Dockerfiles up to date with this update.sh |
StefanScherer commented Apr 1, 2017
We could switch over to GPG signature checking for Windows as well. But I only found https://www.gpg4win.org/package-integrity.html which burries the gpg.exe into a exe installer and eventually not working in Nanoserver. It is complex to get rid of the temporary exe installer again I guess. But once we have PR moby/moby#31257 in offical Docker engine we could run the gpg installer in windowsservercore, then download and check GPG signature and extract the ZIPs and finally draft small windowsservercore and nanoserver images with multiple FROM instructions. In my dockerfiles repo I could switch to this approach as I'm using AppVeyory and can switch to master builds of dockerd.exe very easily. |
That would be a way to do it. See a proof-of-concept at
which does the gpg installation, adding the gpg keys, downloading SHA256SUMS.txt.asc checking the signature and grepping the checksum for the zip file and the final sha256 check itself. |
SimenB commented Jul 22, 2017
@StefanScherer could you include updates to the files @chorrell mentions? You can look at the python repo for examples of |
StefanSchererforce-pushed the introduce-windows-images branch 2 times, most recently from 2dab140 to 3d6a793CompareStefanScherer commented Jul 23, 2017
@SimenB I've updated the |
@nodejs/docker any reason not to merge this? If not, how do we handle CI? @tianon does this look correct to you? Is using multi-stage builds ok? |
@StefanScherer could you paste the output from running Edit: oops, wrong tag. Fat thumbs! |
StefanScherer commented Jul 23, 2017
Maybe I should add Yarn as well? |
SimenB commented Jul 23, 2017
Definitely! |
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
Uh oh!
There was an error while loading. Please reload this page.
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
Uh oh!
There was an error while loading. Please reload this page.
StefanScherer commented Jul 23, 2017
@SimenB This is the output of |
StefanScherer commented Jul 23, 2017
I had a look at Yarn how to install it on Windows. I can't take the similar way as on Linux, there is no *.asc file and there is only a MSI package. But they provide a Chocolatey package that does the download + checksum check here. |
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
Uh oh!
There was an error while loading. Please reload this page.
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
Uh oh!
There was an error while loading. Please reload this page.
StefanScherer commented Jul 23, 2017
Oh, a Should we ask the Yarn team to provide a GPG signature for the MSI package? |
StefanScherer commented Jul 23, 2017
@yhwang Don't worry. Adding AppVeyor CI would help testing further pull requests for the Windows images. I have added an Think of AppVeyor = Travis, but for Windows :-) |
Do we need to use the msi? Why not just download the JS file (that's what the other images do, right?)? /Cc @Daniel15 as he has done lots of work on yarn packaging (and use Windows!) |
StefanScherer commented Jul 23, 2017
I thought about |
SimenB commented Jul 23, 2017
Why can't we do the same for windows? AFAIK there are no native dependencies, it should be pure JS |
StefanScherer commented Jul 23, 2017
@SimenB Good idea. Yes, even the .tar.gz has the |
StefanScherer commented Jul 23, 2017
Still not so easy, I need 7-Zip to extract the .tar.gz 😂 |
JustinBeckwith commented May 6, 2019
I know this issue has been floating around for a while, but we're really excited to see something like this land :) Anything we can do to help? |
SimenB commented Jun 28, 2019
docker-library/official-images#5929 has landed, so we should be able to use multi-staged builds now. @StefanScherer wanna refresh this? |
StefanScherer commented Jun 28, 2019
Thanks @SimenB for the heads-up. That are very good news. A lot things changed since then, a lot of base images for different Windows OS versions are available, nanoserver:sac2016 and 1709 is already deprecated. Do you know if this repo also has access to multiple Windows Server versions? The golang repo uses eg. |
SimenB commented Jun 28, 2019
I don't know, maybe @tianon could chime in? 🙂 |
PeterDaveHello commented Jun 30, 2019
If any other official images can, I believe that we also can, just need help from official image team. Maybe we can resolve some of the conflicts first? |
LaurentGoderre commented Jul 3, 2019
The main obstacles at the time was that there was that we were unable to install a GPG tool to validate the download on nanoserver. |
tianon commented Jul 3, 2019
I would recommend just ditching PGP verification for Windows -- IMO the added overhead of installing a tool isn't worth the benefit (a SHA256 or similar should be sufficient). What I'd recommend for getting Nano Server accepted here is to structure this with Windows Server Core variants that Nano Server uses via See docker-library/openjdk@e4f01b5 for an example of this approach I've just played with over on OpenJDK (although that one will ultimately likely not end up getting published due to https://bugs.openjdk.java.net/browse/JDK-8218486 / https://bugs.openjdk.java.net/browse/JDK-8225425 which still plagues even OpenJDK 13 -- Nano Server really just doesn't seem to be actually supported by OpenJDK, and I'd caution only going forward with Nano Server here if the Node.js community is going to support Nano Server officially). |
Daniel15 commented Jul 3, 2019
Do you even need PGP verification on Windows, if you're using Authenticode verification? |
nschonni commented Jul 4, 2019
I have a version with MSI and Authenticode in #827, but that won't work on nanoserver |
SimenB commented Jul 4, 2019
@nodejs/build is this something you can chime in on? Regardless of ^, we could start with |
mhdawson commented Jul 4, 2019
I've not seen any discussion of nanoserver on the Node side and there are no instances in our CI. @joaocgreis is this in your plans at all? |
joaocgreis commented Jul 8, 2019
It might be possible to add Nano Server to CI, we are looking into this. cc @MichelLopez |
StefanScherer commented Jul 10, 2019
Well, for nanoserver you only need a Windows Server 2016/2019 with Docker engine, then you can run nanoserver containers. There is no nanoserver OS anymore, only as a lightweight container image. |
dmbarry86 commented Jul 27, 2020
What's the latest status with this PR? Doesn't appear to have been any activity for quite a while. I ask because I am looking for exactly this image (node + windowsservercore) for one of our projects. |
behroozbc commented Jul 3, 2021
hi dont any update about it?? |
Hello @StefanScherer, This issue is somewhat blocking the release of a product here at Microsoft (it creates a sub-par experience where we have to embed nodejs in our image instead of using an official image). I'm willing to spend some engineering time needed to make this happen. What was the reasoning behind closing this PR, except the fact it was open quite a long time ago? What is needed to get a Windows-based NodeJS image? Thanks in advance for your answer! |
SimenB commented Feb 17, 2022
@tianon@yosifkit any new thoughts on this, or is #362 (comment) still the current state of affairs? Any versions you recommend (or not)? |
tianon commented Feb 17, 2022
My suggestion would be to start with a Windows Server Core version and only doing checksum validation (which can be done in raw PowerShell -- I can provide examples if necessary). I'm willing to work on an initial version from what Stefan's built here too, if you want. |
cmaneu commented Feb 21, 2022
@tianon let me know if you need anything from me (pair programming, testing on different Windows VMs, ...). |
tianon commented Feb 24, 2022
Here's a first pass: (verbose on the FROM mcr.microsoft.com/windows/servercore:1809 SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] # PATH isn't actually set in the Docker image, so we have to set it from within the containerRUN $newPath = ('C:\nodejs;{0}\Yarn\bin;{1}' -f $env:LOCALAPPDATA, $env:PATH); \ Write-Host ('Updating PATH:{0}' -f $newPath); \ [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine) # doing this first to share cache across versions more aggressivelyENV NODE_VERSION 17.6.0 ENV NODE_SHA256 eb9ff1dde916436716fe9054e6b5fd310e7f6bac3599bbd0cb335d4ac8b0cc96 RUN $url = ('https://nodejs.org/dist/v{0}/node-v{0}-win-x64.zip' -f $env:NODE_VERSION); \ Write-Host ('Downloading{0} ...' -f $url); \ Invoke-WebRequest -Uri $url -OutFile 'node.zip'; \ \ Write-Host ('Verifying sha256 ({0}) ...' -f $env:NODE_SHA256); \ if ((Get-FileHash node.zip -Algorithm sha256).Hash -ne $env:NODE_SHA256){throw 'SHA256 mismatch' }; \ \ Write-Host 'Expanding ...'; \ Expand-Archive node.zip -DestinationPath C:\; \ \ Write-Host 'Renaming ...'; \ Rename-Item -Path ('C:\node-v{0}-win-x64' -f $env:NODE_VERSION) -NewName 'C:\nodejs'; \ \ Write-Host 'Removing ...'; \ Remove-Item node.zip -Force; \ \ Write-Host 'Verifying ("node --version") ...'; \ node --version; \ Write-Host 'Verifying ("npm --version") ...'; \ npm --version; \ \ Write-Host 'Complete.'ENV YARN_VERSION 1.22.17 # "It is recommended to install Yarn through the npm package manager" (https://classic.yarnpkg.com/en/docs/install)RUN Write-Host 'Installing "yarn" ...'; \ npm install --global ('yarn@{0}' -f $env:YARN_VERSION); \ \ Write-Host 'Verifying ("yarn --version") ...'; \ yarn --version; \ \ Write-Host 'Complete.'CMD [ "node" ]One fun quirk here (that's a quirk of Windows containers in general) is that you can |
@tianon Thanks a lot your Dockerfile works gr8 🎉 I only encountered one problem when using parcel-bundler because vc_redist is missing So one should also add something like this to the Dockerfile RUN $url = 'https://aka.ms/vs/17/release/vc_redist.x64.exe'; \ Write-Host ('Downloading{0} ...' -f $url); \ Invoke-WebRequest -Uri $url -OutFile vcredist_x64.exe; \ \ Write-Host ('Installing vcredist_x64.exe ...'); \ Start-Process -filepath "vcredist_x64.exe" -ArgumentList "/install", "/passive", \ "/norestart", "'/log c:/temp/a.txt'" -PassThru | wait-process; \ \ Write-Host 'Removing vcredist_x64.exe ...'; \ Remove-Item vcredist_x64.exe -Force; \ \ Write-Host 'Complete.'I put it before the node installation for caching reasons |
Coconaut5 commented Jan 8, 2024
Whats the status on this? Will node never host images compatible for docker-windows? |
20 participants
This PR introduces Dockerfiles for both Windows base OS images
windowsservercoreandnanoserver.You can use AppVeyor for test builds like the Travis builds for Linux. The
appveyor.ymlis provided with this PR. It runstest-build.ps1which builds and tests the images like thetest-build.shscript.See https://ci.appveyor.com/project/StefanScherer/docker-node for an example.
Supersedes #222 and #223