Multi-stage, FROM scratch, w/ networking.

<p>The recent posts about multi-stage docker builds produced containers that were still larger than needed. Likewise, tutorials I&#39;ve found that start &#34;FROM scratch&#34; copy the ca-certificates.crt file from the local system. Here is a simple dockerfile which should portably produce the smallest container possible while still enabling networking: <a href="https://github.com/daved/goecho" rel="nofollow">https://github.com/daved/goecho</a></p> <pre><code>FROM golang:1.8.1 ENV APP /app WORKDIR /go/src${APP}/ COPY *.go . RUN CGO_ENABLED=0 GOOS=linux; go build -a -tags netgo - ldflags &#39;-w&#39; -o ${APP} FROM scratch ENV CERTS /etc/ssl/certs/ca-certificates.crt COPY --from=0 ${CERTS} ${CERTS} COPY --from=0 ${APP} ${APP} EXPOSE 25000 ENTRYPOINT [ &#34;/app&#34; ] </code></pre> <ul> <li>Docker 17.05 was posted to the &#34;edge&#34; release channel for Ubuntu a handful of hours ago. I assume that means it has also hit for other OSes.</li> </ul> <hr/>**评论：**<br/><br/>Oliviaruth: <pre><p>Cool! Is this availible with docker hub automated builds yet?</p></pre>daveddev: <pre><p>I think so too, thanks! I wish I could answer whether the above dockerfile is compatible with hub automated builds, but I don&#39;t use that feature. Nonetheless, my guess is that any valid dockerfile will work.</p></pre>: <pre><p>[deleted]</p></pre>