Add multi-stage builds and ARM support

8b59d9bd · Pavel Ševčík · 5c23469f · 8b59d9bd · 8b59d9bd · 8b59d9bd
Verified Commit 8b59d9bd authored Feb 18, 2022 by Pavel Ševčík
7 changed files
--- a/docker/my-dojo/bitcoin/Dockerfile
+++ b/docker/my-dojo/bitcoin/Dockerfile
-FROM    debian:buster-slim
+FROM    debian:buster-slim AS builder


 #################################################################
 # INSTALL BITCOIN
 #################################################################
-ENV     BITCOIN_HOME        /home/bitcoin
 ENV     BITCOIN_VERSION     22.0
 ENV     BITCOIN_URL         https://bitcoincore.org/bin/bitcoin-core-22.0
-ENV     BITCOIN_FILE        bitcoin-22.0-x86_64-linux-gnu.tar.gz
+ENV     BITCOIN_FILE_AMD64  bitcoin-22.0-x86_64-linux-gnu.tar.gz
+ENV     BITCOIN_FILE_ARM64  bitcoin-22.0-aarch64-linux-gnu.tar.gz
+ENV     BITCOIN_FILE_PPCLE  bitcoin-22.0-powerpc64le-linux-gnu.tar.gz
 ENV     BITCOIN_SHASUMS     SHA256SUMS
 ENV     BITCOIN_SHASUMS_ASC SHA256SUMS.asc

@@ -18,31 +19,54 @@ ENV     KEYS1 71A3B16735405025D447E8F274810B012346C9A6 01EA5486DE18A882D4C268459
 # keys to fetch from keys.openpgp.org
 ENV     KEYS2 637DB1E23370F84AFF88CCE03152347D07DA627C 82921A4B88FD454B7EB8CE3C796C4109063D4EAF

-ARG     BITCOIND_LINUX_UID
-ARG     BITCOIND_LINUX_GID
-ARG     TOR_LINUX_GID
-

 RUN     set -ex && \
        apt-get update && \
-        apt-get install -qq --no-install-recommends ca-certificates dirmngr gosu gpg gpg-agent wget python3 && \
+        apt-get install -qq --no-install-recommends ca-certificates dirmngr gosu gpg gpg-agent wget && \
        rm -rf /var/lib/apt/lists/*

 # Build and install bitcoin binaries
 RUN     set -ex && \
        cd /tmp && \
+        arch="$(dpkg --print-architecture)"; arch="${arch##*-}"; \
+        case "$arch" in \
+          'amd64') \
+            FILE="$BITCOIN_FILE_AMD64"; \
+            ;; \
+          'arm64') \
+            FILE="$BITCOIN_FILE_ARM64"; \
+            ;; \
+          'ppc64el') \
+          	FILE="$BITCOIN_FILE_PPCLE"; \
+          	;; \
+          *) echo >&2 "error: unsupported architecture '$arch' (likely packaging update needed)"; exit 1 ;; \
+        esac; \
        gpg --batch --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys $KEYS1 && \
        gpg --batch --keyserver hkps://keys.openpgp.org:443 --recv-keys $KEYS2 && \
        gpg --list-keys | tail -n +3 | tee /tmp/keys.txt && \
        gpg --list-keys $KEYS | diff - /tmp/keys.txt && \
        wget -qO "$BITCOIN_SHASUMS" "$BITCOIN_URL/$BITCOIN_SHASUMS" && \
        wget -qO "$BITCOIN_SHASUMS_ASC" "$BITCOIN_URL/$BITCOIN_SHASUMS_ASC" && \
-        wget -qO "$BITCOIN_FILE" "$BITCOIN_URL/$BITCOIN_FILE" && \
+        wget -qO "$FILE" "$BITCOIN_URL/$FILE" && \
        gpg --batch --verify "$BITCOIN_SHASUMS_ASC" "$BITCOIN_SHASUMS" && \
        sha256sum --ignore-missing --check "$BITCOIN_SHASUMS" && \
-        tar -xzvf "$BITCOIN_FILE" -C /usr/local --strip-components=1 --exclude=*-qt && \
+        tar -xzvf "$FILE" -C /usr/local --strip-components=1 --exclude=*-qt && \
        rm -rf /tmp/*

+FROM    debian:buster-slim
+
+ENV     BITCOIN_HOME        /home/bitcoin
+
+ARG     BITCOIND_LINUX_UID
+ARG     BITCOIND_LINUX_GID
+ARG     TOR_LINUX_GID
+
+COPY    --from=builder /usr/local/ /usr/local/
+
+RUN     set -ex && \
+        apt-get update && \
+        apt-get install -qq --no-install-recommends python3
+
 # Create groups bitcoin & tor
 # Create user bitcoin and add it to groups
 RUN     addgroup --system -gid ${BITCOIND_LINUX_GID} bitcoin && \

--- a/docker/my-dojo/explorer/Dockerfile
+++ b/docker/my-dojo/explorer/Dockerfile
-FROM    node:14-alpine
+FROM    node:14-alpine AS builder

-ENV     NODE_ENV production
+ENV     NODE_ENV             production

 ENV     APP_DIR              /home/node/app

@@ -9,7 +9,7 @@ ENV     EXPLORER_VERSION     3.3.0

 # Install netcat
 RUN     set -ex && \
-        apk --no-cache add bash gcc g++ make python3 git netcat-openbsd
+        apk --no-cache add gcc g++ make python3 git netcat-openbsd

 # Download the source code and install it
 RUN     set -ex && \
@@ -18,8 +18,17 @@ RUN     set -ex && \
        tar -xzvf explorer.tar.gz -C "$APP_DIR/" --strip-components 1 && \
        rm explorer.tar.gz && \
        cd "$APP_DIR" && \
-        npm install --only=prod && \
-        chown -R node:node "$APP_DIR"
+        npm install --only=prod
+
+FROM    node:14-alpine
+
+ENV     NODE_ENV        production
+ENV     APP_DIR         /home/node/app
+
+RUN     set -ex && \
+        apk --no-cache add bash
+
+COPY    --from=builder $APP_DIR $APP_DIR

 # Copy restart script
 COPY    ./restart.sh "$APP_DIR/restart.sh"
@@ -28,6 +37,9 @@ RUN     chown node:node "$APP_DIR/restart.sh" && \
        chmod u+x "$APP_DIR/restart.sh" && \
        chmod g+x "$APP_DIR/restart.sh"

+# Change ownership of all files
+RUN     chown -R node:node "$APP_DIR"
+
 EXPOSE  3002

 USER    node
--- a/docker/my-dojo/indexer/Dockerfile
+++ b/docker/my-dojo/indexer/Dockerfile
-FROM    rust:1.42.0-slim-buster
+FROM    rust:1.42.0-slim-buster AS builder

-ENV     INDEXER_HOME        /home/indexer
 ENV     INDEXER_VERSION     0.5.0
 ENV     INDEXER_URL         https://code.samourai.io/dojo/addrindexrs.git

+RUN     apt-get update && \
+        apt-get install -y clang cmake git
+
+# Install addrindexrs
+RUN     mkdir /tmp/addrindexrs && \
+        cd /tmp/addrindexrs && \
+        git clone "$INDEXER_URL" "/tmp/addrindexrs" && \
+        git checkout "tags/v$INDEXER_VERSION"
+
+RUN     cd /tmp/addrindexrs && \
+        cargo install --locked --path .
+
+FROM    debian:buster-slim
+
+ENV     INDEXER_HOME        /home/indexer
+
 ARG     INDEXER_LINUX_GID
 ARG     INDEXER_LINUX_UID

-RUN     apt-get update && \
-        apt-get install -y clang cmake git && \
-        apt-get install -y libsnappy-dev
+COPY    --from=builder /usr/local/cargo/bin/addrindexrs /usr/bin/addrindexrs

 # Create group and user indexer
 RUN     addgroup --system -gid ${INDEXER_LINUX_GID} indexer && \
@@ -32,15 +45,6 @@ RUN     chown indexer:indexer /wait-for-it.sh && \

 USER    indexer

-# Install addrindexrs
-RUN     cd "$INDEXER_HOME" && \
-        git clone "$INDEXER_URL" "$INDEXER_HOME/addrindexrs" && \
-        cd addrindexrs && \
-        git checkout "tags/v$INDEXER_VERSION"
-
-RUN     cd "$INDEXER_HOME/addrindexrs" && \
-        cargo install --locked --path .
-
 EXPOSE  50001
 EXPOSE  8080


--- a/docker/my-dojo/mysql/Dockerfile
+++ b/docker/my-dojo/mysql/Dockerfile
-FROM    mysql:5.7.25
+FROM    mariadb:10.7.1

 # Copy mysql config
 COPY    ./docker/my-dojo/mysql/mysql-dojo.cnf /etc/mysql/conf.d/mysql-dojo.cnf
@@ -10,4 +10,4 @@ RUN     chmod u+x /update-db.sh && \
        chmod g+x /update-db.sh

 # Copy content of mysql scripts into /docker-entrypoint-initdb.d
-COPY    ./db-scripts/ /docker-entrypoint-initdb.d
\ No newline at end of file
+COPY    ./db-scripts/ /docker-entrypoint-initdb.d
--- a/docker/my-dojo/node/Dockerfile
+++ b/docker/my-dojo/node/Dockerfile
+FROM    node:14-alpine AS builder
+
+ENV     NODE_ENV    production
+ENV     APP_DIR     /home/node/app
+
+RUN     set -ex && \
+        apk --no-cache add gcc g++ make python3 curl cmake
+
+# Create app directory
+RUN     mkdir "$APP_DIR"
+
+# Copy app source files into APP_DIR
+COPY    . "$APP_DIR"
+
+# Install node modules required by the app
+RUN     cd "$APP_DIR" && \
+        npm ci --only=production
+
 FROM    node:14-alpine

-ENV     NODE_ENV production
+ENV     NODE_ENV    production
+ENV     APP_DIR     /home/node/app

-ENV     APP_DIR                 /home/node/app
 ARG     TOR_LINUX_GID

 RUN     set -ex && \
-        apk --no-cache add shadow bash gcc g++ make python3 curl cmake
+        apk --no-cache add shadow bash

 # Add node user to tor group
 RUN     addgroup -S -g ${TOR_LINUX_GID} tor && \
@@ -15,15 +33,8 @@ RUN     addgroup -S -g ${TOR_LINUX_GID} tor && \
 # Install forever
 RUN     npm install -g forever

-# Create app directory
-RUN     mkdir "$APP_DIR"
-
 # Copy app source files into APP_DIR
-COPY    . "$APP_DIR"
-
-# Install node modules required by the app
-RUN     cd "$APP_DIR" && \
-        npm ci --only=production
+COPY    --from=builder $APP_DIR $APP_DIR

 # Copy config file
 COPY    ./docker/my-dojo/node/keys.index.js "$APP_DIR/keys/index.js"

--- a/docker/my-dojo/tor/Dockerfile
+++ b/docker/my-dojo/tor/Dockerfile
-FROM    debian:buster-slim
+FROM    golang:1.16.6-buster AS builder

-ENV     TOR_HOME            /var/lib/tor
 ENV     TOR_URL             https://dist.torproject.org
 ENV     TOR_MIRROR_URL      https://tor.eff.org/dist
-ENV     TOR_VERSION         0.4.6.7
-ENV     TOR_GPG_KS_URI      hkp://keyserver.ubuntu.com:80
+ENV     TOR_VERSION         0.4.6.9
+ENV     TOR_GPG_KS_URI      hkps://keyserver.ubuntu.com:443
 ENV     TOR_GPG_KEY1        0xEB5A896A28988BF5
 ENV     TOR_GPG_KEY2        0xC218525819F78451
 ENV     TOR_GPG_KEY3        0x21194EBB165733EA
 ENV     TOR_GPG_KEY4        0x6AFEE6D49E92B601

-ENV     GOLANG_DL_URL       https://dl.google.com/go
-ENV     GOLANG_ARCHIVE      go1.16.6.linux-amd64.tar.gz
-ENV     GOLANG_SHA256       be333ef18b3016e9d7cb7b1ff1fdb0cac800ca0be4cf2290fe613b3d069dfe0d
-
 ENV     OBFS4_URL           https://github.com/Yawning/obfs4.git
-ENV     OBFS4_VERSION       0.0.11
-
-ARG     TOR_LINUX_UID
-ARG     TOR_LINUX_GID
+ENV     OBFS4_VERSION       0.0.13


 # Install Tor
@@ -37,10 +29,7 @@ RUN     set -ex && \
        if [ $res -gt 0 ]; then \
          wget -qO "tor-$TOR_VERSION.tar.gz.asc" "$TOR_MIRROR_URL/tor-$TOR_VERSION.tar.gz.asc"; \
        fi && \
-        gpg --keyserver "$TOR_GPG_KS_URI" --recv-keys "$TOR_GPG_KEY1" && \
-        gpg --keyserver "$TOR_GPG_KS_URI" --recv-keys "$TOR_GPG_KEY2" && \
-        gpg --keyserver "$TOR_GPG_KS_URI" --recv-keys "$TOR_GPG_KEY3" && \
-        gpg --keyserver "$TOR_GPG_KS_URI" --recv-keys "$TOR_GPG_KEY4" && \
+        gpg --batch --keyserver "$TOR_GPG_KS_URI" --recv-keys $TOR_GPG_KEY1 $TOR_GPG_KEY2 $TOR_GPG_KEY3 $TOR_GPG_KEY4 && \
        gpg --verify "tor-$TOR_VERSION.tar.gz.asc" && \
        tar -xzvf "tor-$TOR_VERSION.tar.gz" -C /usr/local/src && \
        cd "/usr/local/src/tor-$TOR_VERSION" && \
@@ -55,21 +44,34 @@ RUN     set -ex && \
        rm "tor-$TOR_VERSION.tar.gz.asc"

 # Install Golang & OBFS4 proxy
-RUN     cd /usr/local/src && \
-        echo "$GOLANG_SHA256 *$GOLANG_ARCHIVE" > GO_CHECKSUMS && \
-        wget "$GOLANG_DL_URL/$GOLANG_ARCHIVE" && \
-        sha256sum -c GO_CHECKSUMS 2>&1 | grep OK && \
-        tar -C /usr/local/lib -xzf "$GOLANG_ARCHIVE" && \
-        ln -s /usr/local/lib/go/bin/go /usr/local/bin/ && \
-        git clone "$OBFS4_URL" /usr/local/src/obfs4proxy && \
-        cd obfs4proxy && \
+RUN     git clone "$OBFS4_URL" /usr/local/src/obfs4proxy && \
+        cd /usr/local/src/obfs4proxy && \
        git checkout "tags/obfs4proxy-$OBFS4_VERSION" && \
        go build -o obfs4proxy/obfs4proxy ./obfs4proxy && \
        cp ./obfs4proxy/obfs4proxy /usr/local/bin && \
        cd .. && \
-        rm "$GOLANG_ARCHIVE" && \
        rm -rf obfs4proxy

+FROM    debian:buster-slim
+
+ENV     TOR_HOME        /var/lib/tor
+ENV     TOR_BIN         /usr/local/bin/tor
+ENV     TOR_CONF        /etc/tor
+ENV     TOR_MAN         /usr/local/share/man
+ENV     OBFS_PROXY      /usr/local/bin/obfs4proxy
+
+ARG     TOR_LINUX_UID
+ARG     TOR_LINUX_GID
+
+COPY    --from=builder $TOR_BIN $TOR_BIN
+COPY    --from=builder $TOR_CONF $TOR_CONF
+COPY    --from=builder $TOR_MAN $TOR_MAN
+COPY    --from=builder $OBFS_PROXY $OBFS_PROXY
+
+RUN     set -ex && \
+        apt-get update && \
+        apt-get install -y libevent-dev
+
 # Create group & user tor
 RUN     addgroup --system -gid ${TOR_LINUX_GID} tor && \
        adduser --system --ingroup tor -uid ${TOR_LINUX_UID} tor

--- a/docker/my-dojo/whirlpool/Dockerfile
+++ b/docker/my-dojo/whirlpool/Dockerfile
-FROM    debian:buster-slim
+FROM    debian:buster-slim AS builder

-ENV     WHIRLPOOL_HOME                /home/whirlpool
 ENV     WHIRLPOOL_DIR                 /usr/local/whirlpool-cli

-ARG     WHIRLPOOL_LINUX_UID
-ARG     WHIRLPOOL_LINUX_GID
-
 # Install prerequisites
-# Create group & user whirlpool
-# Create /usr/share/man/man1 directory
-# Create .whirlpool-cli subdirectory of WHIRLPOOL_HOME
-# Create /usr/local/src/whirlpool-cli directory
-
-RUN     mkdir -p /usr/share/man/man1
-
 RUN     set -ex && \
        apt-get update && \
-        apt-get install -y libevent-dev zlib1g-dev libssl-dev gcc make automake ca-certificates autoconf musl-dev coreutils gpg wget default-jdk && \
-        addgroup --system -gid ${WHIRLPOOL_LINUX_GID} whirlpool && \
-        adduser --system --ingroup whirlpool -uid ${WHIRLPOOL_LINUX_UID} whirlpool && \
-        mkdir -p "$WHIRLPOOL_HOME/.whirlpool-cli" && \
-        chown -Rv whirlpool:whirlpool "$WHIRLPOOL_HOME" && \
-        chmod -R 750 "$WHIRLPOOL_HOME" && \
-        mkdir -p "$WHIRLPOOL_DIR"
+        apt-get install -y libevent-dev zlib1g-dev libssl-dev gcc make automake ca-certificates autoconf musl-dev coreutils gpg wget

 # Install Tor
 ENV     WHIRLPOOL_TOR_URL             https://dist.torproject.org
 ENV     WHIRLPOOL_TOR_MIRROR_URL      https://tor.eff.org/dist
-ENV     WHIRLPOOL_TOR_VERSION         0.4.6.6
-ENV     WHIRLPOOL_TOR_GPG_KS_URI      hkp://keyserver.ubuntu.com:80
+ENV     WHIRLPOOL_TOR_VERSION         0.4.6.9
+ENV     WHIRLPOOL_TOR_GPG_KS_URI      hkps://keyserver.ubuntu.com:443
 ENV     WHIRLPOOL_TOR_GPG_KEY1        0xEB5A896A28988BF5
 ENV     WHIRLPOOL_TOR_GPG_KEY2        0xC218525819F78451
 ENV     WHIRLPOOL_TOR_GPG_KEY3        0x21194EBB165733EA
@@ -47,10 +30,7 @@ RUN     set -ex && \
        if [ $res -gt 0 ]; then \
          wget -qO "tor-$WHIRLPOOL_TOR_VERSION.tar.gz.asc" "$WHIRLPOOL_TOR_MIRROR_URL/tor-$WHIRLPOOL_TOR_VERSION.tar.gz.asc" ; \
        fi && \
-        gpg --keyserver "$WHIRLPOOL_TOR_GPG_KS_URI" --recv-keys "$WHIRLPOOL_TOR_GPG_KEY1" && \
-        gpg --keyserver "$WHIRLPOOL_TOR_GPG_KS_URI" --recv-keys "$WHIRLPOOL_TOR_GPG_KEY2" && \
-        gpg --keyserver "$WHIRLPOOL_TOR_GPG_KS_URI" --recv-keys "$WHIRLPOOL_TOR_GPG_KEY3" && \
-        gpg --keyserver "$WHIRLPOOL_TOR_GPG_KS_URI" --recv-keys "$WHIRLPOOL_TOR_GPG_KEY4" && \
+        gpg --batch --keyserver "$WHIRLPOOL_TOR_GPG_KS_URI" --recv-keys $WHIRLPOOL_TOR_GPG_KEY1 $WHIRLPOOL_TOR_GPG_KEY2 $WHIRLPOOL_TOR_GPG_KEY3 $WHIRLPOOL_TOR_GPG_KEY4 && \
        gpg --verify "tor-$WHIRLPOOL_TOR_VERSION.tar.gz.asc" && \
        tar -xzvf "tor-$WHIRLPOOL_TOR_VERSION.tar.gz" -C /usr/local/src && \
        cd "/usr/local/src/tor-$WHIRLPOOL_TOR_VERSION" && \
@@ -73,14 +53,47 @@ ENV     WHIRLPOOL_SHA256              78894b934716988eddb8da6db9c6734a3ded416fe6


 RUN     set -ex && \
+        mkdir -p "$WHIRLPOOL_DIR" && \
        cd "$WHIRLPOOL_DIR" && \
        echo "$WHIRLPOOL_SHA256 *$WHIRLPOOL_JAR" > WHIRLPOOL_CHECKSUMS && \
        wget -qO "$WHIRLPOOL_JAR" "$WHIRLPOOL_URL/$WHIRLPOOL_VERSION_HASH/$WHIRLPOOL_JAR" && \
        sha256sum -c WHIRLPOOL_CHECKSUMS 2>&1 | grep OK && \
-        mv "$WHIRLPOOL_JAR" whirlpool-client-cli-run.jar && \
-        chown -Rv whirlpool:whirlpool "$WHIRLPOOL_DIR" && \
+        mv "$WHIRLPOOL_JAR" whirlpool-client-cli-run.jar
+
+FROM    debian:buster-slim
+
+ENV     TOR_HOME        /var/lib/tor
+ENV     TOR_BIN         /usr/local/bin/tor
+ENV     TOR_CONF        /etc/tor
+ENV     TOR_MAN         /usr/local/share/man
+
+ENV     WHIRLPOOL_HOME  /home/whirlpool
+ENV     WHIRLPOOL_DIR   /usr/local/whirlpool-cli
+
+ARG     WHIRLPOOL_LINUX_UID
+ARG     WHIRLPOOL_LINUX_GID
+
+RUN     mkdir -p /usr/share/man/man1
+
+RUN     set -ex && \
+        apt-get update && \
+        apt-get install -qqy default-jdk libevent-dev
+
+RUN     addgroup --system -gid ${WHIRLPOOL_LINUX_GID} whirlpool && \
+        adduser --system --ingroup whirlpool -uid ${WHIRLPOOL_LINUX_UID} whirlpool
+
+COPY    --from=builder $TOR_BIN $TOR_BIN
+COPY    --from=builder $TOR_CONF $TOR_CONF
+COPY    --from=builder $TOR_MAN $TOR_MAN
+COPY    --from=builder $WHIRLPOOL_DIR $WHIRLPOOL_DIR
+
+RUN     chown -Rv whirlpool:whirlpool "$WHIRLPOOL_DIR" && \
        chmod -R 750 "$WHIRLPOOL_DIR"

+RUN     mkdir -p "$WHIRLPOOL_HOME/.whirlpool-cli" && \
+        chown -Rv whirlpool:whirlpool "$WHIRLPOOL_HOME" && \
+        chmod -R 750 "$WHIRLPOOL_HOME"
+
 # Copy restart script
 COPY    ./restart.sh /restart.sh