Verified Commit 8b59d9bd authored by Pavel Ševčík's avatar Pavel Ševčík
Browse files

Add multi-stage builds and ARM support

parent 5c23469f
FROM debian:buster-slim
FROM debian:buster-slim AS builder
#################################################################
# INSTALL BITCOIN
#################################################################
ENV BITCOIN_HOME /home/bitcoin
ENV BITCOIN_VERSION 22.0
ENV BITCOIN_URL https://bitcoincore.org/bin/bitcoin-core-22.0
ENV BITCOIN_FILE bitcoin-22.0-x86_64-linux-gnu.tar.gz
ENV BITCOIN_FILE_AMD64 bitcoin-22.0-x86_64-linux-gnu.tar.gz
ENV BITCOIN_FILE_ARM64 bitcoin-22.0-aarch64-linux-gnu.tar.gz
ENV BITCOIN_FILE_PPCLE bitcoin-22.0-powerpc64le-linux-gnu.tar.gz
ENV BITCOIN_SHASUMS SHA256SUMS
ENV BITCOIN_SHASUMS_ASC SHA256SUMS.asc
......@@ -18,31 +19,54 @@ ENV KEYS1 71A3B16735405025D447E8F274810B012346C9A6 01EA5486DE18A882D4C268459
# keys to fetch from keys.openpgp.org
ENV KEYS2 637DB1E23370F84AFF88CCE03152347D07DA627C 82921A4B88FD454B7EB8CE3C796C4109063D4EAF
ARG BITCOIND_LINUX_UID
ARG BITCOIND_LINUX_GID
ARG TOR_LINUX_GID
RUN set -ex && \
apt-get update && \
apt-get install -qq --no-install-recommends ca-certificates dirmngr gosu gpg gpg-agent wget python3 && \
apt-get install -qq --no-install-recommends ca-certificates dirmngr gosu gpg gpg-agent wget && \
rm -rf /var/lib/apt/lists/*
# Build and install bitcoin binaries
RUN set -ex && \
cd /tmp && \
arch="$(dpkg --print-architecture)"; arch="${arch##*-}"; \
case "$arch" in \
'amd64') \
FILE="$BITCOIN_FILE_AMD64"; \
;; \
'arm64') \
FILE="$BITCOIN_FILE_ARM64"; \
;; \
'ppc64el') \
FILE="$BITCOIN_FILE_PPCLE"; \
;; \
*) echo >&2 "error: unsupported architecture '$arch' (likely packaging update needed)"; exit 1 ;; \
esac; \
gpg --batch --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys $KEYS1 && \
gpg --batch --keyserver hkps://keys.openpgp.org:443 --recv-keys $KEYS2 && \
gpg --list-keys | tail -n +3 | tee /tmp/keys.txt && \
gpg --list-keys $KEYS | diff - /tmp/keys.txt && \
wget -qO "$BITCOIN_SHASUMS" "$BITCOIN_URL/$BITCOIN_SHASUMS" && \
wget -qO "$BITCOIN_SHASUMS_ASC" "$BITCOIN_URL/$BITCOIN_SHASUMS_ASC" && \
wget -qO "$BITCOIN_FILE" "$BITCOIN_URL/$BITCOIN_FILE" && \
wget -qO "$FILE" "$BITCOIN_URL/$FILE" && \
gpg --batch --verify "$BITCOIN_SHASUMS_ASC" "$BITCOIN_SHASUMS" && \
sha256sum --ignore-missing --check "$BITCOIN_SHASUMS" && \
tar -xzvf "$BITCOIN_FILE" -C /usr/local --strip-components=1 --exclude=*-qt && \
tar -xzvf "$FILE" -C /usr/local --strip-components=1 --exclude=*-qt && \
rm -rf /tmp/*
FROM debian:buster-slim
ENV BITCOIN_HOME /home/bitcoin
ARG BITCOIND_LINUX_UID
ARG BITCOIND_LINUX_GID
ARG TOR_LINUX_GID
COPY --from=builder /usr/local/ /usr/local/
RUN set -ex && \
apt-get update && \
apt-get install -qq --no-install-recommends python3
# Create groups bitcoin & tor
# Create user bitcoin and add it to groups
RUN addgroup --system -gid ${BITCOIND_LINUX_GID} bitcoin && \
......
FROM node:14-alpine
FROM node:14-alpine AS builder
ENV NODE_ENV production
ENV NODE_ENV production
ENV APP_DIR /home/node/app
......@@ -9,7 +9,7 @@ ENV EXPLORER_VERSION 3.3.0
# Install netcat
RUN set -ex && \
apk --no-cache add bash gcc g++ make python3 git netcat-openbsd
apk --no-cache add gcc g++ make python3 git netcat-openbsd
# Download the source code and install it
RUN set -ex && \
......@@ -18,8 +18,17 @@ RUN set -ex && \
tar -xzvf explorer.tar.gz -C "$APP_DIR/" --strip-components 1 && \
rm explorer.tar.gz && \
cd "$APP_DIR" && \
npm install --only=prod && \
chown -R node:node "$APP_DIR"
npm install --only=prod
FROM node:14-alpine
ENV NODE_ENV production
ENV APP_DIR /home/node/app
RUN set -ex && \
apk --no-cache add bash
COPY --from=builder $APP_DIR $APP_DIR
# Copy restart script
COPY ./restart.sh "$APP_DIR/restart.sh"
......@@ -28,6 +37,9 @@ RUN chown node:node "$APP_DIR/restart.sh" && \
chmod u+x "$APP_DIR/restart.sh" && \
chmod g+x "$APP_DIR/restart.sh"
# Change ownership of all files
RUN chown -R node:node "$APP_DIR"
EXPOSE 3002
USER node
FROM rust:1.42.0-slim-buster
FROM rust:1.42.0-slim-buster AS builder
ENV INDEXER_HOME /home/indexer
ENV INDEXER_VERSION 0.5.0
ENV INDEXER_URL https://code.samourai.io/dojo/addrindexrs.git
RUN apt-get update && \
apt-get install -y clang cmake git
# Install addrindexrs
RUN mkdir /tmp/addrindexrs && \
cd /tmp/addrindexrs && \
git clone "$INDEXER_URL" "/tmp/addrindexrs" && \
git checkout "tags/v$INDEXER_VERSION"
RUN cd /tmp/addrindexrs && \
cargo install --locked --path .
FROM debian:buster-slim
ENV INDEXER_HOME /home/indexer
ARG INDEXER_LINUX_GID
ARG INDEXER_LINUX_UID
RUN apt-get update && \
apt-get install -y clang cmake git && \
apt-get install -y libsnappy-dev
COPY --from=builder /usr/local/cargo/bin/addrindexrs /usr/bin/addrindexrs
# Create group and user indexer
RUN addgroup --system -gid ${INDEXER_LINUX_GID} indexer && \
......@@ -32,15 +45,6 @@ RUN chown indexer:indexer /wait-for-it.sh && \
USER indexer
# Install addrindexrs
RUN cd "$INDEXER_HOME" && \
git clone "$INDEXER_URL" "$INDEXER_HOME/addrindexrs" && \
cd addrindexrs && \
git checkout "tags/v$INDEXER_VERSION"
RUN cd "$INDEXER_HOME/addrindexrs" && \
cargo install --locked --path .
EXPOSE 50001
EXPOSE 8080
......
FROM mysql:5.7.25
FROM mariadb:10.7.1
# Copy mysql config
COPY ./docker/my-dojo/mysql/mysql-dojo.cnf /etc/mysql/conf.d/mysql-dojo.cnf
......@@ -10,4 +10,4 @@ RUN chmod u+x /update-db.sh && \
chmod g+x /update-db.sh
# Copy content of mysql scripts into /docker-entrypoint-initdb.d
COPY ./db-scripts/ /docker-entrypoint-initdb.d
\ No newline at end of file
COPY ./db-scripts/ /docker-entrypoint-initdb.d
FROM node:14-alpine AS builder
ENV NODE_ENV production
ENV APP_DIR /home/node/app
RUN set -ex && \
apk --no-cache add gcc g++ make python3 curl cmake
# Create app directory
RUN mkdir "$APP_DIR"
# Copy app source files into APP_DIR
COPY . "$APP_DIR"
# Install node modules required by the app
RUN cd "$APP_DIR" && \
npm ci --only=production
FROM node:14-alpine
ENV NODE_ENV production
ENV NODE_ENV production
ENV APP_DIR /home/node/app
ENV APP_DIR /home/node/app
ARG TOR_LINUX_GID
RUN set -ex && \
apk --no-cache add shadow bash gcc g++ make python3 curl cmake
apk --no-cache add shadow bash
# Add node user to tor group
RUN addgroup -S -g ${TOR_LINUX_GID} tor && \
......@@ -15,15 +33,8 @@ RUN addgroup -S -g ${TOR_LINUX_GID} tor && \
# Install forever
RUN npm install -g forever
# Create app directory
RUN mkdir "$APP_DIR"
# Copy app source files into APP_DIR
COPY . "$APP_DIR"
# Install node modules required by the app
RUN cd "$APP_DIR" && \
npm ci --only=production
COPY --from=builder $APP_DIR $APP_DIR
# Copy config file
COPY ./docker/my-dojo/node/keys.index.js "$APP_DIR/keys/index.js"
......
FROM debian:buster-slim
FROM golang:1.16.6-buster AS builder
ENV TOR_HOME /var/lib/tor
ENV TOR_URL https://dist.torproject.org
ENV TOR_MIRROR_URL https://tor.eff.org/dist
ENV TOR_VERSION 0.4.6.7
ENV TOR_GPG_KS_URI hkp://keyserver.ubuntu.com:80
ENV TOR_VERSION 0.4.6.9
ENV TOR_GPG_KS_URI hkps://keyserver.ubuntu.com:443
ENV TOR_GPG_KEY1 0xEB5A896A28988BF5
ENV TOR_GPG_KEY2 0xC218525819F78451
ENV TOR_GPG_KEY3 0x21194EBB165733EA
ENV TOR_GPG_KEY4 0x6AFEE6D49E92B601
ENV GOLANG_DL_URL https://dl.google.com/go
ENV GOLANG_ARCHIVE go1.16.6.linux-amd64.tar.gz
ENV GOLANG_SHA256 be333ef18b3016e9d7cb7b1ff1fdb0cac800ca0be4cf2290fe613b3d069dfe0d
ENV OBFS4_URL https://github.com/Yawning/obfs4.git
ENV OBFS4_VERSION 0.0.11
ARG TOR_LINUX_UID
ARG TOR_LINUX_GID
ENV OBFS4_VERSION 0.0.13
# Install Tor
......@@ -37,10 +29,7 @@ RUN set -ex && \
if [ $res -gt 0 ]; then \
wget -qO "tor-$TOR_VERSION.tar.gz.asc" "$TOR_MIRROR_URL/tor-$TOR_VERSION.tar.gz.asc"; \
fi && \
gpg --keyserver "$TOR_GPG_KS_URI" --recv-keys "$TOR_GPG_KEY1" && \
gpg --keyserver "$TOR_GPG_KS_URI" --recv-keys "$TOR_GPG_KEY2" && \
gpg --keyserver "$TOR_GPG_KS_URI" --recv-keys "$TOR_GPG_KEY3" && \
gpg --keyserver "$TOR_GPG_KS_URI" --recv-keys "$TOR_GPG_KEY4" && \
gpg --batch --keyserver "$TOR_GPG_KS_URI" --recv-keys $TOR_GPG_KEY1 $TOR_GPG_KEY2 $TOR_GPG_KEY3 $TOR_GPG_KEY4 && \
gpg --verify "tor-$TOR_VERSION.tar.gz.asc" && \
tar -xzvf "tor-$TOR_VERSION.tar.gz" -C /usr/local/src && \
cd "/usr/local/src/tor-$TOR_VERSION" && \
......@@ -55,21 +44,34 @@ RUN set -ex && \
rm "tor-$TOR_VERSION.tar.gz.asc"
# Install Golang & OBFS4 proxy
RUN cd /usr/local/src && \
echo "$GOLANG_SHA256 *$GOLANG_ARCHIVE" > GO_CHECKSUMS && \
wget "$GOLANG_DL_URL/$GOLANG_ARCHIVE" && \
sha256sum -c GO_CHECKSUMS 2>&1 | grep OK && \
tar -C /usr/local/lib -xzf "$GOLANG_ARCHIVE" && \
ln -s /usr/local/lib/go/bin/go /usr/local/bin/ && \
git clone "$OBFS4_URL" /usr/local/src/obfs4proxy && \
cd obfs4proxy && \
RUN git clone "$OBFS4_URL" /usr/local/src/obfs4proxy && \
cd /usr/local/src/obfs4proxy && \
git checkout "tags/obfs4proxy-$OBFS4_VERSION" && \
go build -o obfs4proxy/obfs4proxy ./obfs4proxy && \
cp ./obfs4proxy/obfs4proxy /usr/local/bin && \
cd .. && \
rm "$GOLANG_ARCHIVE" && \
rm -rf obfs4proxy
FROM debian:buster-slim
ENV TOR_HOME /var/lib/tor
ENV TOR_BIN /usr/local/bin/tor
ENV TOR_CONF /etc/tor
ENV TOR_MAN /usr/local/share/man
ENV OBFS_PROXY /usr/local/bin/obfs4proxy
ARG TOR_LINUX_UID
ARG TOR_LINUX_GID
COPY --from=builder $TOR_BIN $TOR_BIN
COPY --from=builder $TOR_CONF $TOR_CONF
COPY --from=builder $TOR_MAN $TOR_MAN
COPY --from=builder $OBFS_PROXY $OBFS_PROXY
RUN set -ex && \
apt-get update && \
apt-get install -y libevent-dev
# Create group & user tor
RUN addgroup --system -gid ${TOR_LINUX_GID} tor && \
adduser --system --ingroup tor -uid ${TOR_LINUX_UID} tor
......
FROM debian:buster-slim
FROM debian:buster-slim AS builder
ENV WHIRLPOOL_HOME /home/whirlpool
ENV WHIRLPOOL_DIR /usr/local/whirlpool-cli
ARG WHIRLPOOL_LINUX_UID
ARG WHIRLPOOL_LINUX_GID
# Install prerequisites
# Create group & user whirlpool
# Create /usr/share/man/man1 directory
# Create .whirlpool-cli subdirectory of WHIRLPOOL_HOME
# Create /usr/local/src/whirlpool-cli directory
RUN mkdir -p /usr/share/man/man1
RUN set -ex && \
apt-get update && \
apt-get install -y libevent-dev zlib1g-dev libssl-dev gcc make automake ca-certificates autoconf musl-dev coreutils gpg wget default-jdk && \
addgroup --system -gid ${WHIRLPOOL_LINUX_GID} whirlpool && \
adduser --system --ingroup whirlpool -uid ${WHIRLPOOL_LINUX_UID} whirlpool && \
mkdir -p "$WHIRLPOOL_HOME/.whirlpool-cli" && \
chown -Rv whirlpool:whirlpool "$WHIRLPOOL_HOME" && \
chmod -R 750 "$WHIRLPOOL_HOME" && \
mkdir -p "$WHIRLPOOL_DIR"
apt-get install -y libevent-dev zlib1g-dev libssl-dev gcc make automake ca-certificates autoconf musl-dev coreutils gpg wget
# Install Tor
ENV WHIRLPOOL_TOR_URL https://dist.torproject.org
ENV WHIRLPOOL_TOR_MIRROR_URL https://tor.eff.org/dist
ENV WHIRLPOOL_TOR_VERSION 0.4.6.6
ENV WHIRLPOOL_TOR_GPG_KS_URI hkp://keyserver.ubuntu.com:80
ENV WHIRLPOOL_TOR_VERSION 0.4.6.9
ENV WHIRLPOOL_TOR_GPG_KS_URI hkps://keyserver.ubuntu.com:443
ENV WHIRLPOOL_TOR_GPG_KEY1 0xEB5A896A28988BF5
ENV WHIRLPOOL_TOR_GPG_KEY2 0xC218525819F78451
ENV WHIRLPOOL_TOR_GPG_KEY3 0x21194EBB165733EA
......@@ -47,10 +30,7 @@ RUN set -ex && \
if [ $res -gt 0 ]; then \
wget -qO "tor-$WHIRLPOOL_TOR_VERSION.tar.gz.asc" "$WHIRLPOOL_TOR_MIRROR_URL/tor-$WHIRLPOOL_TOR_VERSION.tar.gz.asc" ; \
fi && \
gpg --keyserver "$WHIRLPOOL_TOR_GPG_KS_URI" --recv-keys "$WHIRLPOOL_TOR_GPG_KEY1" && \
gpg --keyserver "$WHIRLPOOL_TOR_GPG_KS_URI" --recv-keys "$WHIRLPOOL_TOR_GPG_KEY2" && \
gpg --keyserver "$WHIRLPOOL_TOR_GPG_KS_URI" --recv-keys "$WHIRLPOOL_TOR_GPG_KEY3" && \
gpg --keyserver "$WHIRLPOOL_TOR_GPG_KS_URI" --recv-keys "$WHIRLPOOL_TOR_GPG_KEY4" && \
gpg --batch --keyserver "$WHIRLPOOL_TOR_GPG_KS_URI" --recv-keys $WHIRLPOOL_TOR_GPG_KEY1 $WHIRLPOOL_TOR_GPG_KEY2 $WHIRLPOOL_TOR_GPG_KEY3 $WHIRLPOOL_TOR_GPG_KEY4 && \
gpg --verify "tor-$WHIRLPOOL_TOR_VERSION.tar.gz.asc" && \
tar -xzvf "tor-$WHIRLPOOL_TOR_VERSION.tar.gz" -C /usr/local/src && \
cd "/usr/local/src/tor-$WHIRLPOOL_TOR_VERSION" && \
......@@ -73,14 +53,47 @@ ENV WHIRLPOOL_SHA256 78894b934716988eddb8da6db9c6734a3ded416fe6
RUN set -ex && \
mkdir -p "$WHIRLPOOL_DIR" && \
cd "$WHIRLPOOL_DIR" && \
echo "$WHIRLPOOL_SHA256 *$WHIRLPOOL_JAR" > WHIRLPOOL_CHECKSUMS && \
wget -qO "$WHIRLPOOL_JAR" "$WHIRLPOOL_URL/$WHIRLPOOL_VERSION_HASH/$WHIRLPOOL_JAR" && \
sha256sum -c WHIRLPOOL_CHECKSUMS 2>&1 | grep OK && \
mv "$WHIRLPOOL_JAR" whirlpool-client-cli-run.jar && \
chown -Rv whirlpool:whirlpool "$WHIRLPOOL_DIR" && \
mv "$WHIRLPOOL_JAR" whirlpool-client-cli-run.jar
FROM debian:buster-slim
ENV TOR_HOME /var/lib/tor
ENV TOR_BIN /usr/local/bin/tor
ENV TOR_CONF /etc/tor
ENV TOR_MAN /usr/local/share/man
ENV WHIRLPOOL_HOME /home/whirlpool
ENV WHIRLPOOL_DIR /usr/local/whirlpool-cli
ARG WHIRLPOOL_LINUX_UID
ARG WHIRLPOOL_LINUX_GID
RUN mkdir -p /usr/share/man/man1
RUN set -ex && \
apt-get update && \
apt-get install -qqy default-jdk libevent-dev
RUN addgroup --system -gid ${WHIRLPOOL_LINUX_GID} whirlpool && \
adduser --system --ingroup whirlpool -uid ${WHIRLPOOL_LINUX_UID} whirlpool
COPY --from=builder $TOR_BIN $TOR_BIN
COPY --from=builder $TOR_CONF $TOR_CONF
COPY --from=builder $TOR_MAN $TOR_MAN
COPY --from=builder $WHIRLPOOL_DIR $WHIRLPOOL_DIR
RUN chown -Rv whirlpool:whirlpool "$WHIRLPOOL_DIR" && \
chmod -R 750 "$WHIRLPOOL_DIR"
RUN mkdir -p "$WHIRLPOOL_HOME/.whirlpool-cli" && \
chown -Rv whirlpool:whirlpool "$WHIRLPOOL_HOME" && \
chmod -R 750 "$WHIRLPOOL_HOME"
# Copy restart script
COPY ./restart.sh /restart.sh
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment