docker: fix gitian support, optimize container layer count and improve script consistency (#4983)

* contrib: set the working directory to /src/dash to allow for cloning gitian dependencies

* contrib: place the home directory inside /home instead of root

* contrib: add notes about sharing ccache across the network

* contrib: chown based on the (u/g)id env vars instead of the associated username

* contrib: reduce layer count by reducing run invocations

* contrib: develop container cleanup and maintenance

- add apt-cacher-ng, gpg, lsb-release, screen as a package dependencies
- reorder packages in alphabetical order
- correct documentation
- create and add user to the docker group to satisfy Gitian's needs
- reduce the number of RUN calls to reduce layer count
This commit is contained in:
Kittywhiskers Van Gogh 2022-08-23 01:12:36 +05:30 committed by GitHub
parent 5a7f6a7133
commit 6699b0228f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 85 additions and 46 deletions

View File

@ -53,7 +53,7 @@ ARG GROUP_ID=1000
ENV USER_ID ${USER_ID}
ENV GROUP_ID ${GROUP_ID}
RUN groupadd -g ${GROUP_ID} dash
RUN useradd -u ${USER_ID} -g dash -s /bin/bash -m -d /dash dash
RUN useradd -u ${USER_ID} -g dash -s /bin/bash -m -d /home/dash dash
# Packages needed for all target builds
RUN apt-get update && apt-get install $APT_ARGS \
@ -101,14 +101,16 @@ RUN \
update-alternatives --set x86_64-w64-mingw32-g++ /usr/bin/x86_64-w64-mingw32-g++-posix; \
exit 0
RUN mkdir /dash-src && \
RUN \
mkdir -p /src/dash && \
mkdir -p /cache/ccache && \
mkdir /cache/depends && \
mkdir /cache/sdk-sources && \
chown $USER_ID:$GROUP_ID /dash-src && \
chown $USER_ID:$GROUP_ID /cache && \
chown $USER_ID:$GROUP_ID /cache -R
chown ${USER_ID}:${GROUP_ID} /src && \
chown ${USER_ID}:${GROUP_ID} -R /src && \
chown ${USER_ID}:${GROUP_ID} /cache && \
chown ${USER_ID}:${GROUP_ID} -R /cache
WORKDIR /dash-src
WORKDIR /src/dash
USER dash

View File

@ -5,15 +5,15 @@ LABEL description="Dockerised DashCore, built from Travis"
ARG USER_ID
ARG GROUP_ID
ENV HOME /dash
ENV HOME /home/dash
# add user with specified (or default) user/group ids
ENV USER_ID ${USER_ID:-1000}
ENV GROUP_ID ${GROUP_ID:-1000}
RUN groupadd -g ${GROUP_ID} dash
RUN useradd -u ${USER_ID} -g dash -s /bin/bash -m -d /dash dash
RUN mkdir /dash/.dashcore
RUN chown dash:dash -R /dash
RUN groupadd -g ${GROUP_ID} dash && \
useradd -u ${USER_ID} -g dash -s /bin/bash -m -d /home/dash dash && \
mkdir /home/dash/.dashcore && \
chown ${USER_ID}:${GROUP_ID} -R /home/dash
COPY bin/* /usr/local/bin/
@ -21,8 +21,8 @@ RUN chmod a+x /usr/local/bin/*
USER dash
VOLUME ["/dash"]
VOLUME ["/home/dash"]
EXPOSE 9998 9999 19998 19999
WORKDIR /dash
WORKDIR /home/dash

View File

@ -16,7 +16,7 @@ RUN apt-get update && \
wget \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /dash
WORKDIR /home/dash
COPY . .
@ -38,8 +38,8 @@ RUN make -j`nproc | awk '{x=$1/2; print x}'` && make install
RUN mkdir built-target && \
case "$TARGETPLATFORM" in \
"linux/arm64") cp depends/arm-linux-gnueabihf/bin/dash* /dash/built-target ;; \
"linux/amd64") cp depends/x86_64-pc-linux-gnu/bin/dash* /dash/built-target ;; \
"linux/arm64") cp depends/arm-linux-gnueabihf/bin/dash* /home/dash/built-target ;; \
"linux/amd64") cp depends/x86_64-pc-linux-gnu/bin/dash* /home/dash/built-target ;; \
esac
FROM ubuntu:focal
@ -50,15 +50,15 @@ ARG USER_ID
ARG GROUP_ID
ARG TAG
ENV HOME /dash
ENV HOME /home/dash
# add user with specified (or default) user/group ids
ENV USER_ID ${USER_ID:-1000}
ENV GROUP_ID ${GROUP_ID:-1000}
RUN groupadd -g ${GROUP_ID} dash && \
useradd -u ${USER_ID} -g dash -s /bin/bash -m -d /dash dash && \
mkdir /dash/.dashcore && \
chown dash:dash -R /dash
useradd -u ${USER_ID} -g dash -s /bin/bash -m -d /home/dash dash && \
mkdir /home/dash/.dashcore && \
chown ${USER_ID}:${GROUP_ID} -R /home/dash
RUN apt-get update && \
apt-get -y install --no-install-recommends \
@ -66,15 +66,15 @@ RUN apt-get update && \
ca-certificates \
&& rm -rf /var/lib/apt/lists/*
COPY --from=builder /dash/built-target/dash* /usr/local/bin
COPY --from=builder /home/dash/built-target/dash* /usr/local/bin
USER dash
VOLUME ["/dash"]
VOLUME ["/home/dash"]
COPY docker/docker-entrypoint.sh /docker-entrypoint.sh
ENTRYPOINT ["/docker-entrypoint.sh"]
EXPOSE 9998 9999 19998 19999
WORKDIR /dash
WORKDIR /home/dash

View File

@ -7,15 +7,15 @@ ARG USER_ID
ARG GROUP_ID
ARG BRANCH
ENV HOME /dash
ENV HOME /home/dash
# add user with specified (or default) user/group ids
ENV USER_ID ${USER_ID:-1000}
ENV GROUP_ID ${GROUP_ID:-1000}
RUN groupadd -g ${GROUP_ID} dash && \
useradd -u ${USER_ID} -g dash -s /bin/bash -m -d /dash dash && \
mkdir /dash/.dashcore && \
chown dash:dash -R /dash
useradd -u ${USER_ID} -g dash -s /bin/bash -m -d /home/dash dash && \
mkdir /home/dash/.dashcore && \
chown ${USER_ID}:${GROUP_ID} -R /home/dash
RUN apt-get update && \
apt-get -y install --no-install-recommends \
@ -23,23 +23,23 @@ RUN apt-get update && \
ca-certificates \
&& rm -rf /var/lib/apt/lists/*
COPY dashcore-binaries/${BRANCH}/dashcore* /dash
COPY dashcore-binaries/${BRANCH}/dashcore* /home/dash
RUN mach=$(uname -m) \
&& case $mach in aarch64) arch="aarch64-linux-gnu"; ;; x86_64) arch="x86_64-linux-gnu"; ;; *) echo "ERROR: Machine type $mach not supported."; ;; esac \
&& cd /dash \
&& cd /home/dash \
&& tar xvzf dashcore*$arch.tar.gz \
&& echo $(ls -1 /dash) \
&& echo $(ls -1 /home/dash) \
&& cp dashcore-*/bin/* /usr/local/bin \
&& rm -rf dash*
USER dash
VOLUME ["/dash"]
VOLUME ["/home/dash"]
COPY dash/contrib/containers/deploy/docker-entrypoint.sh /docker-entrypoint.sh
ENTRYPOINT ["/docker-entrypoint.sh"]
EXPOSE 9998 9999 19998 19999
WORKDIR /dash
WORKDIR /home/dash

View File

@ -6,15 +6,15 @@ ARG USER_ID
ARG GROUP_ID
ARG TAG
ENV HOME /dash
ENV HOME /home/dash
# add user with specified (or default) user/group ids
ENV USER_ID ${USER_ID:-1000}
ENV GROUP_ID ${GROUP_ID:-1000}
RUN groupadd -g ${GROUP_ID} dash && \
useradd -u ${USER_ID} -g dash -s /bin/bash -m -d /dash dash && \
mkdir /dash/.dashcore && \
chown dash:dash -R /dash
useradd -u ${USER_ID} -g dash -s /bin/bash -m -d /home/dash dash && \
mkdir /home/dash/.dashcore && \
chown ${USER_ID}:${GROUP_ID} -R /home/dash
RUN apt-get update && \
apt-get -y install --no-install-recommends \
@ -32,11 +32,11 @@ RUN mach=$(uname -m) \
USER dash
VOLUME ["/dash"]
VOLUME ["/home/dash"]
COPY docker-entrypoint.sh /docker-entrypoint.sh
ENTRYPOINT ["/docker-entrypoint.sh"]
EXPOSE 9998 9999 19998 19999
WORKDIR /dash
WORKDIR /home/dash

View File

@ -8,19 +8,34 @@ INCLUDE+ ci/Dockerfile
# just started configuring this image, give us root access
USER root
# Make development environment more standalone
RUN apt-get update && \
apt-get install $APT_ARGS \
apt-cacher-ng \
gdb \
gpg \
lsb-release \
nano \
openssh-client \
screen \
sudo \
zsh \
&& \
rm -rf /var/lib/apt/lists/*
# Discourage root access, this is an interactive instance
#
# Sometimes these commands are run repetitively _after_ the non-sudo
# user was introduced and therefore these commands would fail
# To mitigate the build halting, we've added "|| true" so that it
# To mitigate the build halting, you can add "|| true" so that it
# unconditionally returns 0
#
RUN apt-get update && apt-get install $APT_ARGS sudo && rm -rf /var/lib/apt/lists/*
RUN usermod -aG sudo dash
RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
# Make development environment more standalone
RUN apt-get update && apt-get install $APT_ARGS nano openssh-client zsh gdb && rm -rf /var/lib/apt/lists/*
# Also, we create the group `docker` and add our user to it to meet
# Gitian's requirements
#
RUN groupadd docker && \
usermod -aG sudo,docker dash && \
echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
# Disable noninteractive mode
ENV DEBIAN_FRONTEND="dialog"

View File

@ -26,4 +26,26 @@ services:
- type: bind
# source: /host/$PWD # Workaround needed on non-Linux hosts
source: ../../..
target: /dash-src
target: /src/dash
# Sharing your ccache
#
# As the container is supposed to be a reproducible replica of the build
# environment 1:1, it will not interact with your filesystem except as
# defined in this file. This comes with the disadvantage of having to engage
# in repeated re-compilation of object files, which will prolong your build
# times and make the process more arduous. Therefore it is recommended to share
# your local ccache with the container. The example below connects to a remote
# samba share and can be adopted to fit your needs.
#
# NOTE: Only the first line is a continuation of the services.container.volumes
# definition
# - cache:/home/dash/.ccache
#
# volumes:
# cache:
# driver_opts:
# type: cifs
# o: "username=example,password=changemeplsfix"
# device: "//127.0.0.1/cache"