What is the purpose of `COPY --from=gloursdocker/docker / /`?

[lucassus]

This instruction, for some reason, is used in many examples. The comment install Docker tools (cli, buildx, compose) in my opinion, is not really helpful.

[zozitak]

google search first result to "gloursdocker/docker" : https://registry.hub.docker.com/layers/gloursdocker/docker/latest/images/sha256-a66243282b1165f556ec4a91d749c1ebc81dd28bcfbce653ccf49b01ae3b3fdf

[lucassus]

@zozitak thank you. I saw it, but still it's pretty hard to figure out what it exactly does.

[arjuuuuunnnnn]

Copying all the contents of the root directory (/) from the gloursdocker/docker image into the root directory (/) of the current build stage

[ehhc]

Copying all the contents of the root directory (/) from the gloursdocker/docker image into the root directory (/) of the current build stage

Thanks for your answer. I believe, most of us here understand, what that command literally does. I hopped for a bit more explanation on why the root directory was copied and some elaboration about the effects of this copying…

[arjuuuuunnnnn]

Copying all the contents of the root directory (/) from the gloursdocker/docker image into the root directory (/) of the current build stage

Thanks for your answer. I believe, most of us here understand, what that command literally does. I hopped for a bit more explanation on why the root directory was copied and some elaboration about the effects of this copying…

When you build a Docker image, each instruction in the Dockerfile creates a new layer on top of the previous one

gloursdocker/docker this is the official docker image which has all the base files required for the application

so here we are copying the entire contents of the gloursdocker/docker to our docker image as there is already an image of gloursdocker/docker which is official image of docker

we need not build the same image again and used the cached one from gloursdocker/docker also coming to the question 'why the root directory was copied'

• to include the entire contents of that base image as the foundation for the new Docker image being built

[antun]

I found this thread after asking myself the same question, and like @lucassus , I'm still unclear of what the purpose of the line is?

I understand it copies some files from the gloursdocker/docker image, but those files are not required for the fastapi application. If you remove that line, the fastapi will still build/run successfully.

The files it copies - such as docker and docker-compose - are used from the host rather than inside the container, so the purpose of copying them into an image during build time is a mystery. Maybe there's a specific use case, but I can't think of what it might be.

[lucassus]

TBH my first thought was that this copy from gloursdocker/docker might be a way to inject some malware. Imagine a situation where someone silently does something nasty with this image.

[AngryVelociraptor]

TBH my first thought was that this copy from gloursdocker/docker might be a way to inject some malware. Imagine a situation where someone silently does something nasty with this image.

Yes, this is my thought as well. An example repository where lots of devs copy/paste from is an ideal place to slip some malware into. @glours needs to provide some explanation here. As it stands, I find this deeply suspicious.

[mikesir87]

Thanks all for raising this! I'll be sure to raise this internally and see if we can get this resolved ASAP.

The reasoning for it... many of the examples in this repo were previously updated to support Docker's dev environment feature, which required additional support and tooling inside of the image. Since then, dev environments have been deprecated and the Compsoe-based configuration was removed. But, it appears the Dockerfiles were not updated.

We'll get it fixed. And yes, it is understandable to have security concerns for this. In the meantime, feel free to ignore this line as it should not affect the running of any of the examples in this repo.