mirror of
https://github.com/dashpay/dash.git
synced 2024-12-25 03:52:49 +01:00
docker: fix gitian support, optimize container layer count and improve script consistency (#4983)
* contrib: set the working directory to /src/dash to allow for cloning gitian dependencies * contrib: place the home directory inside /home instead of root * contrib: add notes about sharing ccache across the network * contrib: chown based on the (u/g)id env vars instead of the associated username * contrib: reduce layer count by reducing run invocations * contrib: develop container cleanup and maintenance - add apt-cacher-ng, gpg, lsb-release, screen as a package dependencies - reorder packages in alphabetical order - correct documentation - create and add user to the docker group to satisfy Gitian's needs - reduce the number of RUN calls to reduce layer count
This commit is contained in:
parent
5a7f6a7133
commit
6699b0228f
@ -53,7 +53,7 @@ ARG GROUP_ID=1000
|
|||||||
ENV USER_ID ${USER_ID}
|
ENV USER_ID ${USER_ID}
|
||||||
ENV GROUP_ID ${GROUP_ID}
|
ENV GROUP_ID ${GROUP_ID}
|
||||||
RUN groupadd -g ${GROUP_ID} dash
|
RUN groupadd -g ${GROUP_ID} dash
|
||||||
RUN useradd -u ${USER_ID} -g dash -s /bin/bash -m -d /dash dash
|
RUN useradd -u ${USER_ID} -g dash -s /bin/bash -m -d /home/dash dash
|
||||||
|
|
||||||
# Packages needed for all target builds
|
# Packages needed for all target builds
|
||||||
RUN apt-get update && apt-get install $APT_ARGS \
|
RUN apt-get update && apt-get install $APT_ARGS \
|
||||||
@ -101,14 +101,16 @@ RUN \
|
|||||||
update-alternatives --set x86_64-w64-mingw32-g++ /usr/bin/x86_64-w64-mingw32-g++-posix; \
|
update-alternatives --set x86_64-w64-mingw32-g++ /usr/bin/x86_64-w64-mingw32-g++-posix; \
|
||||||
exit 0
|
exit 0
|
||||||
|
|
||||||
RUN mkdir /dash-src && \
|
RUN \
|
||||||
|
mkdir -p /src/dash && \
|
||||||
mkdir -p /cache/ccache && \
|
mkdir -p /cache/ccache && \
|
||||||
mkdir /cache/depends && \
|
mkdir /cache/depends && \
|
||||||
mkdir /cache/sdk-sources && \
|
mkdir /cache/sdk-sources && \
|
||||||
chown $USER_ID:$GROUP_ID /dash-src && \
|
chown ${USER_ID}:${GROUP_ID} /src && \
|
||||||
chown $USER_ID:$GROUP_ID /cache && \
|
chown ${USER_ID}:${GROUP_ID} -R /src && \
|
||||||
chown $USER_ID:$GROUP_ID /cache -R
|
chown ${USER_ID}:${GROUP_ID} /cache && \
|
||||||
|
chown ${USER_ID}:${GROUP_ID} -R /cache
|
||||||
|
|
||||||
WORKDIR /dash-src
|
WORKDIR /src/dash
|
||||||
|
|
||||||
USER dash
|
USER dash
|
||||||
|
@ -5,15 +5,15 @@ LABEL description="Dockerised DashCore, built from Travis"
|
|||||||
ARG USER_ID
|
ARG USER_ID
|
||||||
ARG GROUP_ID
|
ARG GROUP_ID
|
||||||
|
|
||||||
ENV HOME /dash
|
ENV HOME /home/dash
|
||||||
|
|
||||||
# add user with specified (or default) user/group ids
|
# add user with specified (or default) user/group ids
|
||||||
ENV USER_ID ${USER_ID:-1000}
|
ENV USER_ID ${USER_ID:-1000}
|
||||||
ENV GROUP_ID ${GROUP_ID:-1000}
|
ENV GROUP_ID ${GROUP_ID:-1000}
|
||||||
RUN groupadd -g ${GROUP_ID} dash
|
RUN groupadd -g ${GROUP_ID} dash && \
|
||||||
RUN useradd -u ${USER_ID} -g dash -s /bin/bash -m -d /dash dash
|
useradd -u ${USER_ID} -g dash -s /bin/bash -m -d /home/dash dash && \
|
||||||
RUN mkdir /dash/.dashcore
|
mkdir /home/dash/.dashcore && \
|
||||||
RUN chown dash:dash -R /dash
|
chown ${USER_ID}:${GROUP_ID} -R /home/dash
|
||||||
|
|
||||||
COPY bin/* /usr/local/bin/
|
COPY bin/* /usr/local/bin/
|
||||||
|
|
||||||
@ -21,8 +21,8 @@ RUN chmod a+x /usr/local/bin/*
|
|||||||
|
|
||||||
USER dash
|
USER dash
|
||||||
|
|
||||||
VOLUME ["/dash"]
|
VOLUME ["/home/dash"]
|
||||||
|
|
||||||
EXPOSE 9998 9999 19998 19999
|
EXPOSE 9998 9999 19998 19999
|
||||||
|
|
||||||
WORKDIR /dash
|
WORKDIR /home/dash
|
||||||
|
@ -16,7 +16,7 @@ RUN apt-get update && \
|
|||||||
wget \
|
wget \
|
||||||
&& rm -rf /var/lib/apt/lists/*
|
&& rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
WORKDIR /dash
|
WORKDIR /home/dash
|
||||||
|
|
||||||
COPY . .
|
COPY . .
|
||||||
|
|
||||||
@ -38,8 +38,8 @@ RUN make -j`nproc | awk '{x=$1/2; print x}'` && make install
|
|||||||
|
|
||||||
RUN mkdir built-target && \
|
RUN mkdir built-target && \
|
||||||
case "$TARGETPLATFORM" in \
|
case "$TARGETPLATFORM" in \
|
||||||
"linux/arm64") cp depends/arm-linux-gnueabihf/bin/dash* /dash/built-target ;; \
|
"linux/arm64") cp depends/arm-linux-gnueabihf/bin/dash* /home/dash/built-target ;; \
|
||||||
"linux/amd64") cp depends/x86_64-pc-linux-gnu/bin/dash* /dash/built-target ;; \
|
"linux/amd64") cp depends/x86_64-pc-linux-gnu/bin/dash* /home/dash/built-target ;; \
|
||||||
esac
|
esac
|
||||||
|
|
||||||
FROM ubuntu:focal
|
FROM ubuntu:focal
|
||||||
@ -50,15 +50,15 @@ ARG USER_ID
|
|||||||
ARG GROUP_ID
|
ARG GROUP_ID
|
||||||
ARG TAG
|
ARG TAG
|
||||||
|
|
||||||
ENV HOME /dash
|
ENV HOME /home/dash
|
||||||
|
|
||||||
# add user with specified (or default) user/group ids
|
# add user with specified (or default) user/group ids
|
||||||
ENV USER_ID ${USER_ID:-1000}
|
ENV USER_ID ${USER_ID:-1000}
|
||||||
ENV GROUP_ID ${GROUP_ID:-1000}
|
ENV GROUP_ID ${GROUP_ID:-1000}
|
||||||
RUN groupadd -g ${GROUP_ID} dash && \
|
RUN groupadd -g ${GROUP_ID} dash && \
|
||||||
useradd -u ${USER_ID} -g dash -s /bin/bash -m -d /dash dash && \
|
useradd -u ${USER_ID} -g dash -s /bin/bash -m -d /home/dash dash && \
|
||||||
mkdir /dash/.dashcore && \
|
mkdir /home/dash/.dashcore && \
|
||||||
chown dash:dash -R /dash
|
chown ${USER_ID}:${GROUP_ID} -R /home/dash
|
||||||
|
|
||||||
RUN apt-get update && \
|
RUN apt-get update && \
|
||||||
apt-get -y install --no-install-recommends \
|
apt-get -y install --no-install-recommends \
|
||||||
@ -66,15 +66,15 @@ RUN apt-get update && \
|
|||||||
ca-certificates \
|
ca-certificates \
|
||||||
&& rm -rf /var/lib/apt/lists/*
|
&& rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
COPY --from=builder /dash/built-target/dash* /usr/local/bin
|
COPY --from=builder /home/dash/built-target/dash* /usr/local/bin
|
||||||
|
|
||||||
USER dash
|
USER dash
|
||||||
|
|
||||||
VOLUME ["/dash"]
|
VOLUME ["/home/dash"]
|
||||||
|
|
||||||
COPY docker/docker-entrypoint.sh /docker-entrypoint.sh
|
COPY docker/docker-entrypoint.sh /docker-entrypoint.sh
|
||||||
ENTRYPOINT ["/docker-entrypoint.sh"]
|
ENTRYPOINT ["/docker-entrypoint.sh"]
|
||||||
|
|
||||||
EXPOSE 9998 9999 19998 19999
|
EXPOSE 9998 9999 19998 19999
|
||||||
|
|
||||||
WORKDIR /dash
|
WORKDIR /home/dash
|
||||||
|
@ -7,15 +7,15 @@ ARG USER_ID
|
|||||||
ARG GROUP_ID
|
ARG GROUP_ID
|
||||||
ARG BRANCH
|
ARG BRANCH
|
||||||
|
|
||||||
ENV HOME /dash
|
ENV HOME /home/dash
|
||||||
|
|
||||||
# add user with specified (or default) user/group ids
|
# add user with specified (or default) user/group ids
|
||||||
ENV USER_ID ${USER_ID:-1000}
|
ENV USER_ID ${USER_ID:-1000}
|
||||||
ENV GROUP_ID ${GROUP_ID:-1000}
|
ENV GROUP_ID ${GROUP_ID:-1000}
|
||||||
RUN groupadd -g ${GROUP_ID} dash && \
|
RUN groupadd -g ${GROUP_ID} dash && \
|
||||||
useradd -u ${USER_ID} -g dash -s /bin/bash -m -d /dash dash && \
|
useradd -u ${USER_ID} -g dash -s /bin/bash -m -d /home/dash dash && \
|
||||||
mkdir /dash/.dashcore && \
|
mkdir /home/dash/.dashcore && \
|
||||||
chown dash:dash -R /dash
|
chown ${USER_ID}:${GROUP_ID} -R /home/dash
|
||||||
|
|
||||||
RUN apt-get update && \
|
RUN apt-get update && \
|
||||||
apt-get -y install --no-install-recommends \
|
apt-get -y install --no-install-recommends \
|
||||||
@ -23,23 +23,23 @@ RUN apt-get update && \
|
|||||||
ca-certificates \
|
ca-certificates \
|
||||||
&& rm -rf /var/lib/apt/lists/*
|
&& rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
COPY dashcore-binaries/${BRANCH}/dashcore* /dash
|
COPY dashcore-binaries/${BRANCH}/dashcore* /home/dash
|
||||||
|
|
||||||
RUN mach=$(uname -m) \
|
RUN mach=$(uname -m) \
|
||||||
&& case $mach in aarch64) arch="aarch64-linux-gnu"; ;; x86_64) arch="x86_64-linux-gnu"; ;; *) echo "ERROR: Machine type $mach not supported."; ;; esac \
|
&& case $mach in aarch64) arch="aarch64-linux-gnu"; ;; x86_64) arch="x86_64-linux-gnu"; ;; *) echo "ERROR: Machine type $mach not supported."; ;; esac \
|
||||||
&& cd /dash \
|
&& cd /home/dash \
|
||||||
&& tar xvzf dashcore*$arch.tar.gz \
|
&& tar xvzf dashcore*$arch.tar.gz \
|
||||||
&& echo $(ls -1 /dash) \
|
&& echo $(ls -1 /home/dash) \
|
||||||
&& cp dashcore-*/bin/* /usr/local/bin \
|
&& cp dashcore-*/bin/* /usr/local/bin \
|
||||||
&& rm -rf dash*
|
&& rm -rf dash*
|
||||||
|
|
||||||
USER dash
|
USER dash
|
||||||
|
|
||||||
VOLUME ["/dash"]
|
VOLUME ["/home/dash"]
|
||||||
|
|
||||||
COPY dash/contrib/containers/deploy/docker-entrypoint.sh /docker-entrypoint.sh
|
COPY dash/contrib/containers/deploy/docker-entrypoint.sh /docker-entrypoint.sh
|
||||||
ENTRYPOINT ["/docker-entrypoint.sh"]
|
ENTRYPOINT ["/docker-entrypoint.sh"]
|
||||||
|
|
||||||
EXPOSE 9998 9999 19998 19999
|
EXPOSE 9998 9999 19998 19999
|
||||||
|
|
||||||
WORKDIR /dash
|
WORKDIR /home/dash
|
||||||
|
@ -6,15 +6,15 @@ ARG USER_ID
|
|||||||
ARG GROUP_ID
|
ARG GROUP_ID
|
||||||
ARG TAG
|
ARG TAG
|
||||||
|
|
||||||
ENV HOME /dash
|
ENV HOME /home/dash
|
||||||
|
|
||||||
# add user with specified (or default) user/group ids
|
# add user with specified (or default) user/group ids
|
||||||
ENV USER_ID ${USER_ID:-1000}
|
ENV USER_ID ${USER_ID:-1000}
|
||||||
ENV GROUP_ID ${GROUP_ID:-1000}
|
ENV GROUP_ID ${GROUP_ID:-1000}
|
||||||
RUN groupadd -g ${GROUP_ID} dash && \
|
RUN groupadd -g ${GROUP_ID} dash && \
|
||||||
useradd -u ${USER_ID} -g dash -s /bin/bash -m -d /dash dash && \
|
useradd -u ${USER_ID} -g dash -s /bin/bash -m -d /home/dash dash && \
|
||||||
mkdir /dash/.dashcore && \
|
mkdir /home/dash/.dashcore && \
|
||||||
chown dash:dash -R /dash
|
chown ${USER_ID}:${GROUP_ID} -R /home/dash
|
||||||
|
|
||||||
RUN apt-get update && \
|
RUN apt-get update && \
|
||||||
apt-get -y install --no-install-recommends \
|
apt-get -y install --no-install-recommends \
|
||||||
@ -32,11 +32,11 @@ RUN mach=$(uname -m) \
|
|||||||
|
|
||||||
USER dash
|
USER dash
|
||||||
|
|
||||||
VOLUME ["/dash"]
|
VOLUME ["/home/dash"]
|
||||||
|
|
||||||
COPY docker-entrypoint.sh /docker-entrypoint.sh
|
COPY docker-entrypoint.sh /docker-entrypoint.sh
|
||||||
ENTRYPOINT ["/docker-entrypoint.sh"]
|
ENTRYPOINT ["/docker-entrypoint.sh"]
|
||||||
|
|
||||||
EXPOSE 9998 9999 19998 19999
|
EXPOSE 9998 9999 19998 19999
|
||||||
|
|
||||||
WORKDIR /dash
|
WORKDIR /home/dash
|
||||||
|
@ -8,19 +8,34 @@ INCLUDE+ ci/Dockerfile
|
|||||||
# just started configuring this image, give us root access
|
# just started configuring this image, give us root access
|
||||||
USER root
|
USER root
|
||||||
|
|
||||||
|
# Make development environment more standalone
|
||||||
|
RUN apt-get update && \
|
||||||
|
apt-get install $APT_ARGS \
|
||||||
|
apt-cacher-ng \
|
||||||
|
gdb \
|
||||||
|
gpg \
|
||||||
|
lsb-release \
|
||||||
|
nano \
|
||||||
|
openssh-client \
|
||||||
|
screen \
|
||||||
|
sudo \
|
||||||
|
zsh \
|
||||||
|
&& \
|
||||||
|
rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
# Discourage root access, this is an interactive instance
|
# Discourage root access, this is an interactive instance
|
||||||
#
|
#
|
||||||
# Sometimes these commands are run repetitively _after_ the non-sudo
|
# Sometimes these commands are run repetitively _after_ the non-sudo
|
||||||
# user was introduced and therefore these commands would fail
|
# user was introduced and therefore these commands would fail
|
||||||
# To mitigate the build halting, we've added "|| true" so that it
|
# To mitigate the build halting, you can add "|| true" so that it
|
||||||
# unconditionally returns 0
|
# unconditionally returns 0
|
||||||
#
|
#
|
||||||
RUN apt-get update && apt-get install $APT_ARGS sudo && rm -rf /var/lib/apt/lists/*
|
# Also, we create the group `docker` and add our user to it to meet
|
||||||
RUN usermod -aG sudo dash
|
# Gitian's requirements
|
||||||
RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
|
#
|
||||||
|
RUN groupadd docker && \
|
||||||
# Make development environment more standalone
|
usermod -aG sudo,docker dash && \
|
||||||
RUN apt-get update && apt-get install $APT_ARGS nano openssh-client zsh gdb && rm -rf /var/lib/apt/lists/*
|
echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
|
||||||
|
|
||||||
# Disable noninteractive mode
|
# Disable noninteractive mode
|
||||||
ENV DEBIAN_FRONTEND="dialog"
|
ENV DEBIAN_FRONTEND="dialog"
|
||||||
|
@ -26,4 +26,26 @@ services:
|
|||||||
- type: bind
|
- type: bind
|
||||||
# source: /host/$PWD # Workaround needed on non-Linux hosts
|
# source: /host/$PWD # Workaround needed on non-Linux hosts
|
||||||
source: ../../..
|
source: ../../..
|
||||||
target: /dash-src
|
target: /src/dash
|
||||||
|
|
||||||
|
# Sharing your ccache
|
||||||
|
#
|
||||||
|
# As the container is supposed to be a reproducible replica of the build
|
||||||
|
# environment 1:1, it will not interact with your filesystem except as
|
||||||
|
# defined in this file. This comes with the disadvantage of having to engage
|
||||||
|
# in repeated re-compilation of object files, which will prolong your build
|
||||||
|
# times and make the process more arduous. Therefore it is recommended to share
|
||||||
|
# your local ccache with the container. The example below connects to a remote
|
||||||
|
# samba share and can be adopted to fit your needs.
|
||||||
|
#
|
||||||
|
# NOTE: Only the first line is a continuation of the services.container.volumes
|
||||||
|
# definition
|
||||||
|
|
||||||
|
# - cache:/home/dash/.ccache
|
||||||
|
#
|
||||||
|
# volumes:
|
||||||
|
# cache:
|
||||||
|
# driver_opts:
|
||||||
|
# type: cifs
|
||||||
|
# o: "username=example,password=changemeplsfix"
|
||||||
|
# device: "//127.0.0.1/cache"
|
||||||
|
Loading…
Reference in New Issue
Block a user