From 48887c610285239b68e1114a2ebd5c72d41ad880 Mon Sep 17 00:00:00 2001 From: Yann Autissier Date: Tue, 17 May 2022 03:47:31 +0200 Subject: [PATCH] add dockerfile --- Makefile | 2 + docker/docker-compose.yml | 22 ++++++++++ docker/dpgpid/Dockerfile | 85 +++++++++++++++++++++++++++++++++++++++ requirements.txt | 7 ++++ specs/dpgpid_spec.sh | 8 +++- specs/gpgkey_spec.sh | 8 +++- 6 files changed, 130 insertions(+), 2 deletions(-) create mode 100644 docker/docker-compose.yml create mode 100644 docker/dpgpid/Dockerfile create mode 100644 requirements.txt diff --git a/Makefile b/Makefile index b65639d..1cb0380 100644 --- a/Makefile +++ b/Makefile @@ -1,3 +1,5 @@ +-include $(if $(MYOS),$(MYOS),../myos)/make/include.mk + PREFIX ?= /usr/local BINDIR ?= $(PREFIX)/bin diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml new file mode 100644 index 0000000..4ea12f8 --- /dev/null +++ b/docker/docker-compose.yml @@ -0,0 +1,22 @@ +version: '3.6' + +services: + dpgpid: + build: + args: + - DOCKER_BUILD_DIR=docker/dpgpid + - GID=${GID} + - UID=${UID} + - USER=${USER} + context: .. + dockerfile: docker/dpgpid/Dockerfile + command: tail -f /dev/null + image: ${DOCKER_REPOSITORY}/dpgpid:${DOCKER_IMAGE_TAG} + networks: + - private + restart: always + +networks: + private: + external: true + name: ${DOCKER_NETWORK_PRIVATE} diff --git a/docker/dpgpid/Dockerfile b/docker/dpgpid/Dockerfile new file mode 100644 index 0000000..de17bd2 --- /dev/null +++ b/docker/dpgpid/Dockerfile @@ -0,0 +1,85 @@ +ARG PYTHON_RELEASE=3.10 +FROM python:${PYTHON_RELEASE}-alpine as dist +LABEL maintainer aynic.os + +ARG DOCKER_BUILD_DIR=. +ARG OPERATING_SYSTEM=Linux +ARG PROCESSOR_ARCHITECTURE=x86_64 +ARG PYTHON_RELEASE=3.10 + +WORKDIR /opt/dpgpid +COPY requirements.txt ./ +RUN apk add --no-cache --virtual .build-deps \ + g++ \ + libffi-dev \ + protobuf \ + && /usr/local/bin/python${PYTHON_RELEASE} -m venv ./ \ + && ./bin/pip${PYTHON_RELEASE} install -U pip wheel \ + && ./bin/pip${PYTHON_RELEASE} install -r ./requirements.txt \ + && wget https://github.com/libp2p/go-libp2p-core/raw/master/crypto/pb/crypto.proto \ + && protoc --python_out=./lib/python${PYTHON_RELEASE}/site-packages/ crypto.proto \ + && rm -rf /root/.cache ./build ./crypto.proto \ + && apk del --no-network .build-deps \ + && find ./lib -type f -executable \ + -exec scanelf --needed --nobanner --format '%n#p' '{}' ';' \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /lib/"$1" -o -e /usr/lib/"$1" -o -e /opt/dpgpid/lib/python'"${PYTHON_RELEASE}"'/site-packages/*/"$1" ]") == 0 { next } { print "so:" $1 }' \ + | xargs -rt apk add --no-cache + +RUN apk add --repository https://dl-cdn.alpinelinux.org/alpine/edge/testing \ + envsubst \ + && apk add --no-cache \ + bash \ + ca-certificates \ + libc6-compat \ + libsodium \ + make \ + gpg \ + && OS="$(echo ${OPERATING_SYSTEM} |awk '{print tolower($0)}')"; \ + ARCH="$(echo ${PROCESSOR_ARCHITECTURE})"; \ + wget -qO - https://github.com/koalaman/shellcheck/releases/download/stable/shellcheck-stable.${OS}.${ARCH}.tar.xz |tar --strip-components 1 -C /usr/local/bin -xJf - \ + && mkdir -p /usr/local/lib/shellspec \ + && wget -qO - https://github.com/shellspec/shellspec/archive/latest.tar.gz |tar --strip-components 1 -C /usr/local/lib/shellspec -xzf - \ + && ln -s /usr/local/lib/shellspec/shellspec /usr/local/bin/shellspec + +COPY --from=ipfs/go-ipfs:v0.13.0-rc1 /usr/local/bin/ipfs /usr/local/bin/ +COPY README.md ./ +COPY COPYING ./ +COPY Makefile ./ +COPY dpgpid ./bin/dpgpid +COPY gpgkey ./bin/gpgkey + +ENV PATH=/opt/dpgpid/bin:$PATH + +ENTRYPOINT [] +CMD ["bash"] + +FROM dist as master +ARG UID +ARG USER +ENV UID=${UID:-999} +ENV GID=${UID} +ENV USER=dpgpid + +# If we provide a specific UID +RUN let $UID >/dev/null 2>&1 \ +# Remove user with $UID if it is not our $USER + && if [ "$(getent passwd $UID |awk 'BEGIN {FS=":"} {print $1}')" != "$USER" ]; then \ + sed -i '/^'$(getent passwd $UID |awk 'BEGIN {FS=":"} {print $1}')':x:'$UID':/d' /etc/passwd; \ + sed -i '/^'$(getent group $GID |awk 'BEGIN {FS=":"} {print $1}')':x:'$GID':/d' /etc/group; \ + fi \ +# Force $UID if our $USER already exists + && sed -i 's/^'$USER':x:[0-9]\+:[0-9]\+:/'$USER':x:'$UID':'$GID':/' /etc/passwd \ + && sed -i 's/^'$USER':x:[0-9]\+:/'$USER':x:'$GID':/' /etc/group \ +# Create $USER if it does not exist + && if [ "$(getent passwd $UID)" = "" ]; then \ + echo "$USER:x:$UID:$GID::/home/$USER:/bin/false" >> /etc/passwd; \ + echo "$USER:!:$(($(date +%s) / 60 / 60 / 24)):0:99999:7:::" >> /etc/shadow; \ + echo "$USER:x:$GID:" >> /etc/group; \ + fi \ + && mkdir -p /home/$USER \ + && chown $UID:$GID /home/$USER \ + || true + +USER $USER diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..95d3cbb --- /dev/null +++ b/requirements.txt @@ -0,0 +1,7 @@ +argparse +base58 +configparser +cryptography +duniterpy +google +protobuf diff --git a/specs/dpgpid_spec.sh b/specs/dpgpid_spec.sh index 2f9a601..a4ed1cd 100644 --- a/specs/dpgpid_spec.sh +++ b/specs/dpgpid_spec.sh @@ -2,7 +2,13 @@ set -eu dpgpid() { - ./dpgpid "$@" + if [ -x ./dpgpid ]; then + ./dpgpid "$@" + elif [ -x ./bin/dpgpid ]; then + ./bin/dpgpid "$@" + else + dpgpid "$@" + fi } Describe 'Dependency' diff --git a/specs/gpgkey_spec.sh b/specs/gpgkey_spec.sh index a787b53..da00919 100644 --- a/specs/gpgkey_spec.sh +++ b/specs/gpgkey_spec.sh @@ -2,7 +2,13 @@ set -eu gpgkey() { - ./gpgkey "$@" + if [ -x ./gpgkey ]; then + ./gpgkey "$@" + elif [ -x ./bin/gpgkey ]; then + ./bin/gpgkey "$@" + else + gpgkey "$@" + fi } Describe 'Dependency'