dooc-openclaw-image (2026.5.28)

Published 2026-06-01 16:51:41 +00:00 by navicore in navicore/dooc-openclaw-image

Pull the image from the command line:

docker pull git.navicore.tech/navicore/dooc-openclaw-image:2026.5.28

Digest

sha256:d066075b8e4421fa630e3e926afc95d84e6e26a20df014e4a527d033695532be

For more information on the Container registry, see the documentation.

OpenClaw gateway and CLI runtime container image

# debian.sh --arch 'amd64' out/ 'bookworm' '@1771804800'

RUN /bin/sh -c groupadd --gid 1000 node && useradd --uid 1000 --gid node --shell /bin/bash --create-home node # buildkit

ENV NODE_VERSION=24.14.0

RUN /bin/sh -c ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" && case "${dpkgArch##*-}" in amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; i386) ARCH='x86' OPENSSL_ARCH='linux-elf';; *) echo "unsupported architecture"; exit 1 ;; esac && set -ex && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends && rm -rf /var/lib/apt/lists/* && export GNUPGHOME="$(mktemp -d)" && for key in 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 CC68F5A3106FF448322E48ED27F5E38D5B0A215F 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C 108F52B48DB57BB0CC439B2997B01419BD92F80A A363A499291CBBC940DD62E41F10027AF002F8B0 ; do { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; done && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc && gpgconf --kill all && rm -rf "$GNUPGHOME" && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; && apt-mark auto '.*' > /dev/null && find /usr/local -type f -executable -exec ldd '{}' ';' | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' | sort -u | xargs -r dpkg-query --search | cut -d: -f1 | sort -u | xargs -r apt-mark manual && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false && ln -s /usr/local/bin/node /usr/local/bin/nodejs && node --version && npm --version && rm -rf /tmp/* # buildkit

ENV YARN_VERSION=1.22.22

RUN /bin/sh -c set -ex && savedAptMark="$(apt-mark showmanual)" && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends && rm -rf /var/lib/apt/lists/* && export GNUPGHOME="$(mktemp -d)" && for key in 6A010C5166006599AA17F08146C2130DFD2497F5 ; do { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; done && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz && gpgconf --kill all && rm -rf "$GNUPGHOME" && mkdir -p /opt && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz && apt-mark auto '.*' > /dev/null && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } && find /usr/local -type f -executable -exec ldd '{}' ';' | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' | sort -u | xargs -r dpkg-query --search | cut -d: -f1 | sort -u | xargs -r apt-mark manual && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false && yarn --version && rm -rf /tmp/* # buildkit

COPY docker-entrypoint.sh /usr/local/bin/ # buildkit

ENTRYPOINT ["docker-entrypoint.sh"]

CMD ["node"]

ARG OPENCLAW_NODE_BOOKWORM_SLIM_DIGEST=sha256:e8e2e91b1378f83c5b2dd15f0247f34110e2fe895f6ca7719dbb780f929368eb

LABEL org.opencontainers.image.base.name=docker.io/library/node:24-bookworm-slim org.opencontainers.image.base.digest=sha256:e8e2e91b1378f83c5b2dd15f0247f34110e2fe895f6ca7719dbb780f929368eb

ARG OPENCLAW_BUNDLED_PLUGIN_DIR=extensions

LABEL org.opencontainers.image.source=https://github.com/openclaw/openclaw org.opencontainers.image.url=https://openclaw.ai org.opencontainers.image.documentation=https://docs.openclaw.ai/install/docker org.opencontainers.image.licenses=MIT org.opencontainers.image.title=OpenClaw org.opencontainers.image.description=OpenClaw gateway and CLI runtime container image

WORKDIR /app

RUN |2 OPENCLAW_NODE_BOOKWORM_SLIM_DIGEST=sha256:e8e2e91b1378f83c5b2dd15f0247f34110e2fe895f6ca7719dbb780f929368eb OPENCLAW_BUNDLED_PLUGIN_DIR=extensions /bin/sh -c apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends ca-certificates curl git hostname lsof openssl procps python3 tini && update-ca-certificates # buildkit

RUN |2 OPENCLAW_NODE_BOOKWORM_SLIM_DIGEST=sha256:e8e2e91b1378f83c5b2dd15f0247f34110e2fe895f6ca7719dbb780f929368eb OPENCLAW_BUNDLED_PLUGIN_DIR=extensions /bin/sh -c chown node:node /app # buildkit

COPY --chown=node:node /app/dist ./dist # buildkit

COPY --chown=node:node /app/node_modules ./node_modules # buildkit

COPY --chown=node:node /app/package.json . # buildkit

COPY --chown=node:node /app/pnpm-workspace.yaml . # buildkit

COPY --chown=node:node /app/patches ./patches # buildkit

COPY --chown=node:node /app/openclaw.mjs . # buildkit

COPY --chown=node:node /app/src/agents/templates ./src/agents/templates # buildkit

COPY --chown=node:node /app/extensions ./extensions # buildkit

COPY --chown=node:node /app/skills ./skills # buildkit

COPY --chown=node:node /app/docs ./docs # buildkit

COPY --chown=node:node /app/qa ./qa # buildkit

ENV COREPACK_HOME=/usr/local/share/corepack

RUN |2 OPENCLAW_NODE_BOOKWORM_SLIM_DIGEST=sha256:e8e2e91b1378f83c5b2dd15f0247f34110e2fe895f6ca7719dbb780f929368eb OPENCLAW_BUNDLED_PLUGIN_DIR=extensions /bin/sh -c install -d -m 0755 "$COREPACK_HOME" && corepack enable && for attempt in 1 2 3 4 5; do if corepack prepare "$(node -p "require('./package.json').packageManager")" --activate; then break; fi; if [ "$attempt" -eq 5 ]; then exit 1; fi; sleep $((attempt * 2)); done && chmod -R a+rX "$COREPACK_HOME" # buildkit

ARG OPENCLAW_IMAGE_APT_PACKAGES

ARG OPENCLAW_DOCKER_APT_PACKAGES=

RUN |4 OPENCLAW_NODE_BOOKWORM_SLIM_DIGEST=sha256:e8e2e91b1378f83c5b2dd15f0247f34110e2fe895f6ca7719dbb780f929368eb OPENCLAW_BUNDLED_PLUGIN_DIR=extensions OPENCLAW_IMAGE_APT_PACKAGES= OPENCLAW_DOCKER_APT_PACKAGES= /bin/sh -c packages="${OPENCLAW_IMAGE_APT_PACKAGES-$OPENCLAW_DOCKER_APT_PACKAGES}"; if [ -n "$packages" ]; then apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends $packages; fi # buildkit

ARG OPENCLAW_IMAGE_PIP_PACKAGES=

RUN |5 OPENCLAW_NODE_BOOKWORM_SLIM_DIGEST=sha256:e8e2e91b1378f83c5b2dd15f0247f34110e2fe895f6ca7719dbb780f929368eb OPENCLAW_BUNDLED_PLUGIN_DIR=extensions OPENCLAW_IMAGE_APT_PACKAGES= OPENCLAW_DOCKER_APT_PACKAGES= OPENCLAW_IMAGE_PIP_PACKAGES= /bin/sh -c if [ -n "$OPENCLAW_IMAGE_PIP_PACKAGES" ]; then if ! python3 -m pip --version >/dev/null 2>&1; then apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends python3-pip; fi && python3 -m pip install --no-cache-dir --break-system-packages $OPENCLAW_IMAGE_PIP_PACKAGES; fi # buildkit

ARG OPENCLAW_INSTALL_BROWSER=

ENV PLAYWRIGHT_BROWSERS_PATH=/home/node/.cache/ms-playwright

RUN |6 OPENCLAW_NODE_BOOKWORM_SLIM_DIGEST=sha256:e8e2e91b1378f83c5b2dd15f0247f34110e2fe895f6ca7719dbb780f929368eb OPENCLAW_BUNDLED_PLUGIN_DIR=extensions OPENCLAW_IMAGE_APT_PACKAGES= OPENCLAW_DOCKER_APT_PACKAGES= OPENCLAW_IMAGE_PIP_PACKAGES= OPENCLAW_INSTALL_BROWSER= /bin/sh -c if [ -n "$OPENCLAW_INSTALL_BROWSER" ]; then apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends xvfb && mkdir -p "$PLAYWRIGHT_BROWSERS_PATH" && node /app/node_modules/playwright-core/cli.js install --with-deps chromium && chown -R node:node "$PLAYWRIGHT_BROWSERS_PATH"; fi # buildkit

ARG OPENCLAW_INSTALL_DOCKER_CLI=

ARG OPENCLAW_DOCKER_GPG_FINGERPRINT=9DC858229FC7DD38854AE2D88D81803C0EBFCD88

RUN |8 OPENCLAW_NODE_BOOKWORM_SLIM_DIGEST=sha256:e8e2e91b1378f83c5b2dd15f0247f34110e2fe895f6ca7719dbb780f929368eb OPENCLAW_BUNDLED_PLUGIN_DIR=extensions OPENCLAW_IMAGE_APT_PACKAGES= OPENCLAW_DOCKER_APT_PACKAGES= OPENCLAW_IMAGE_PIP_PACKAGES= OPENCLAW_INSTALL_BROWSER= OPENCLAW_INSTALL_DOCKER_CLI= OPENCLAW_DOCKER_GPG_FINGERPRINT=9DC858229FC7DD38854AE2D88D81803C0EBFCD88 /bin/sh -c if [ -n "$OPENCLAW_INSTALL_DOCKER_CLI" ]; then apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends ca-certificates curl gnupg && install -m 0755 -d /etc/apt/keyrings && curl -fsSL https://download.docker.com/linux/debian/gpg -o /tmp/docker.gpg.asc && expected_fingerprint="$(printf '%s' "$OPENCLAW_DOCKER_GPG_FINGERPRINT" | tr '[:lower:]' '[:upper:]' | tr -d '[:space:]')" && docker_gpg_pub_count="$(gpg --batch --show-keys --with-colons /tmp/docker.gpg.asc | awk -F: '$1 == "pub" { c++ } END { print c+0 }')" && if [ "$docker_gpg_pub_count" != "1" ]; then echo "ERROR: Docker apt key must contain exactly one public key (found $docker_gpg_pub_count); refusing a multi-key file." >&2; exit 1; fi && actual_fingerprint="$(gpg --batch --show-keys --with-colons /tmp/docker.gpg.asc | awk -F: '$1 == "fpr" { print toupper($10); exit }')" && if [ -z "$actual_fingerprint" ] || [ "$actual_fingerprint" != "$expected_fingerprint" ]; then echo "ERROR: Docker apt key fingerprint mismatch (expected $expected_fingerprint, got ${actual_fingerprint:-<empty>})" >&2; exit 1; fi && gpg --dearmor -o /etc/apt/keyrings/docker.gpg /tmp/docker.gpg.asc && rm -f /tmp/docker.gpg.asc && chmod a+r /etc/apt/keyrings/docker.gpg && printf 'deb [arch=%s signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian bookworm stable\n' "$(dpkg --print-architecture)" > /etc/apt/sources.list.d/docker.list && apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends docker-ce-cli docker-compose-plugin; fi # buildkit

ENV NODE_ENV=production

USER node

HEALTHCHECK {Test:[CMD-SHELL node -e "fetch('http://127.0.0.1:18789/healthz').then((r)=>process.exit(r.ok?0:1)).catch(()=>process.exit(1))"] Interval:3m0s Timeout:10s StartPeriod:15s StartInterval:0s Retries:3}

ENTRYPOINT ["tini" "-s" "--"]

CMD ["node" "openclaw.mjs" "gateway"]

USER root

/bin/sh -c apt-get update && apt-get install -y --no-install-recommends python3 python3-pip git build-essential pkg-config libssl-dev curl ca-certificates jq ripgrep fd-find sqlite3 unzip && ln -s /usr/bin/fdfind /usr/local/bin/fd && pip3 install --break-system-packages agentmail python-dotenv && rm -rf /var/lib/apt/lists/*

/bin/sh -c curl -fsSL https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -o /usr/local/bin/yq && chmod +x /usr/local/bin/yq

ENV RUSTUP_HOME=/usr/local/rustup CARGO_HOME=/usr/local/cargo PATH=/usr/local/cargo/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

/bin/sh -c curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --profile default -c rustfmt -c clippy -c rust-src

/bin/sh -c cargo install forgejo-cli just bat --locked && rm -rf /usr/local/cargo/registry /usr/local/cargo/git

/bin/sh -c chown -R 1000:1000 /usr/local/rustup /usr/local/cargo

/bin/sh -c npx clawhub@latest install agentmail --force

COPY dir:05c7412d9f642c8031e006a882b601f82191f6c1beb3e7988d457a3ef9d2157c in /app/skills/

COPY file:c2dd1e6b5e75f1a1b0620e232383ad53dfb91626bdcb95f04a4d7490a00eb4b6 in /entrypoint.sh

/bin/sh -c chmod +x /entrypoint.sh

USER 1000

ENTRYPOINT ["/entrypoint.sh"]

Key	Value
org.opencontainers.image.base.digest	sha256:e8e2e91b1378f83c5b2dd15f0247f34110e2fe895f6ca7719dbb780f929368eb
org.opencontainers.image.base.name	docker.io/library/node:24-bookworm-slim
org.opencontainers.image.created	2026-05-30T19:47:32Z
org.opencontainers.image.description	OpenClaw gateway and CLI runtime container image
org.opencontainers.image.documentation	https://docs.openclaw.ai/install/docker
org.opencontainers.image.licenses	MIT
org.opencontainers.image.revision	e93216080aa1f425d3ab127014603eba8e365b2d
org.opencontainers.image.source	https://github.com/openclaw/openclaw
org.opencontainers.image.title	OpenClaw
org.opencontainers.image.url	https://openclaw.ai
org.opencontainers.image.version	2026.5.28