如何强制 Docker 重新运行`apt-get update`？

您可以尝试以下方法：

FROM ubuntu:16.04

# LAYER 1
RUN echo "$(date), layer1" > /tmp/cache.txt

# LAYER 2
RUN echo "$(date), layer2" >> /tmp/cache.txt

# LAYER 3
ARG FORCE_UPDATE=no
RUN echo "$(date), layer3" >> /tmp/cache.txt

# LAYER 4
RUN echo "$(date), layer4" >> /tmp/cache.txt

CMD ["cat", "/tmp/cache.txt"]

第一次构建镜像

$ docker build -t serverfault:900445 .
Sending build context to Docker daemon  2.048kB
Step 1/7 : FROM ubuntu:16.04
 ---> 0458a4468cbc
Step 2/7 : RUN echo "$(date), layer1" > /tmp/cache.txt
 ---> Running in ac7f6b1e915a
Removing intermediate container ac7f6b1e915a
 ---> 42a6d14cc4cc
Step 3/7 : RUN echo "$(date), layer2" >> /tmp/cache.txt
 ---> Running in ba4cf5b54c35
Removing intermediate container ba4cf5b54c35
 ---> 783957979b21
Step 4/7 : ARG FORCE_UPDATE=no
 ---> Running in 818fd652d5cb
Removing intermediate container 818fd652d5cb
 ---> b8afb473cd9d
Step 5/7 : RUN echo "$(date), layer3" >> /tmp/cache.txt
 ---> Running in 38c0e6cbb94e
Removing intermediate container 38c0e6cbb94e
 ---> 03ac41df5bfa
Step 6/7 : RUN echo "$(date), layer4" >> /tmp/cache.txt
 ---> Running in 0294b5a4078e
Removing intermediate container 0294b5a4078e
 ---> 141667a2d5f3
Step 7/7 : CMD ["cat", "/tmp/cache.txt"]
 ---> Running in 86b852d8222d
Removing intermediate container 86b852d8222d
 ---> dcd57aca0c25
Successfully built dcd57aca0c25
Successfully tagged serverfault:900445

正如我们所见，所有层都已构建。再跑一次

$ docker build -t serverfault:900445 .
Sending build context to Docker daemon  2.048kB
Step 1/7 : FROM ubuntu:16.04
 ---> 0458a4468cbc
Step 2/7 : RUN echo "$(date), layer1" > /tmp/cache.txt
 ---> Using cache
 ---> 42a6d14cc4cc
Step 3/7 : RUN echo "$(date), layer2" >> /tmp/cache.txt
 ---> Using cache
 ---> 783957979b21
Step 4/7 : ARG FORCE_UPDATE=no
 ---> Using cache
 ---> b8afb473cd9d
Step 5/7 : RUN echo "$(date), layer3" >> /tmp/cache.txt
 ---> Using cache
 ---> 03ac41df5bfa
Step 6/7 : RUN echo "$(date), layer4" >> /tmp/cache.txt
 ---> Using cache
 ---> 141667a2d5f3
Step 7/7 : CMD ["cat", "/tmp/cache.txt"]
 ---> Using cache
 ---> dcd57aca0c25
Successfully built dcd57aca0c25
Successfully tagged serverfault:900445

现在所有图层都从缓存中获取。简单检查

$ docker run -it --rm serverfault:900445
Wed Mar  7 15:44:22 UTC 2018, layer1
Wed Mar  7 15:44:23 UTC 2018, layer2
Wed Mar  7 15:44:24 UTC 2018, layer3
Wed Mar  7 15:44:25 UTC 2018, layer4

现在，如果您需要为某些特定图层强制更新缓存，请使用以下命令

$ docker build --build-arg FORCE_UPDATE=$(date '+%s') -t serverfault:900445 .
Sending build context to Docker daemon  2.048kB
Step 1/7 : FROM ubuntu:16.04
 ---> 0458a4468cbc
Step 2/7 : RUN echo "$(date), layer1" > /tmp/cache.txt
 ---> Using cache
 ---> 42a6d14cc4cc
Step 3/7 : RUN echo "$(date), layer2" >> /tmp/cache.txt
 ---> Using cache
 ---> 783957979b21
Step 4/7 : ARG FORCE_UPDATE=no
 ---> Using cache
 ---> b8afb473cd9d
Step 5/7 : RUN echo "$(date), layer3" >> /tmp/cache.txt
 ---> Running in f8ad1cd195eb
Removing intermediate container f8ad1cd195eb
 ---> b22972691095
Step 6/7 : RUN echo "$(date), layer4" >> /tmp/cache.txt
 ---> Running in 9994175a082e
Removing intermediate container 9994175a082e
 ---> 7ed42904373f
Step 7/7 : CMD ["cat", "/tmp/cache.txt"]
 ---> Running in 67de76e45d43
Removing intermediate container 67de76e45d43
 ---> 833f3faf9fd7
Successfully built 833f3faf9fd7
Successfully tagged serverfault:900445

如您所见，第 1,2 层是从缓存中获取的，但第 3 层和所有最新层均已重建

$ docker run -it --rm serverfault:900445
Wed Mar  7 15:44:22 UTC 2018, layer1
Wed Mar  7 15:44:23 UTC 2018, layer2
Wed Mar  7 15:45:35 UTC 2018, layer3
Wed Mar  7 15:45:35 UTC 2018, layer4

再重复一次

$ docker build --build-arg FORCE_UPDATE=$(date '+%s') -t serverfault:900445 .
Sending build context to Docker daemon  2.048kB
Step 1/7 : FROM ubuntu:16.04
 ---> 0458a4468cbc
Step 2/7 : RUN echo "$(date), layer1" > /tmp/cache.txt
 ---> Using cache
 ---> 42a6d14cc4cc
Step 3/7 : RUN echo "$(date), layer2" >> /tmp/cache.txt
 ---> Using cache
 ---> 783957979b21
Step 4/7 : ARG FORCE_UPDATE=no
 ---> Using cache
 ---> b8afb473cd9d
Step 5/7 : RUN echo "$(date), layer3" >> /tmp/cache.txt
 ---> Running in 618880ba45be
Removing intermediate container 618880ba45be
 ---> b0512372ddfd
Step 6/7 : RUN echo "$(date), layer4" >> /tmp/cache.txt
 ---> Running in 0cb552431048
Removing intermediate container 0cb552431048
 ---> 61be6f0c0f21
Step 7/7 : CMD ["cat", "/tmp/cache.txt"]
 ---> Running in 5f9ee850c28e
Removing intermediate container 5f9ee850c28e
 ---> ac73b7754107
Successfully built ac73b7754107
Successfully tagged serverfault:900445


$ docker run -it --rm serverfault:900445
Wed Mar  7 15:44:22 UTC 2018, layer1
Wed Mar  7 15:44:23 UTC 2018, layer2
Wed Mar  7 15:46:10 UTC 2018, layer3
Wed Mar  7 15:46:11 UTC 2018, layer4

我采取的另一种方法是使用LABEL命令：

FROM ...

# Update this date to re-run apt-get.
LABEL package.date=2021-09-12

RUN apt-get ...

然后，只要标签中的日期发生更改，之后的每个命令都会再次运行。作为奖励，日期已内置到图像中，因此您可以使用它来检索它，docker inspect --format '{{ index .Config.Labels "package.dates" }}' <container>以便您可以检查您的图像以查找任何一段时间没有任何安全更新的图像，即使它们最近已重建。

另一个可以节省更新包时间的技巧是先更新基础镜像。使用这样的 Dockerfile：

FROM debian:stable
...

您可以运行docker pull debian:stable以将该标签/图像更新到最新版本。当您下一次构建 Docker 镜像时，它将从该新版本开始并在此之后重建所有内容，因为还没有任何缓存层从该新基础镜像开始。

通常，基本映像会定期更新以包含最新的软件包，因此首先更新通常会导致以下apt-get update需要下载的软件包数量较少。