-
Notifications
You must be signed in to change notification settings - Fork 8
/
Dockerfile
141 lines (124 loc) · 2.85 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
# Multistage docker build, requires docker 17.05
ARG ALPINE_TAG=3.20
# Builder stage
FROM alpine:${ALPINE_TAG} as builder
ARG MONERO_TAG
RUN test -n "${MONERO_TAG}"
RUN set -ex && \
apk update && \
apk upgrade && \
apk add \
autoconf \
automake \
boost-dev \
clang-dev \
cmake \
cppzmq \
curl \
doxygen \
file \
gettext \
git \
go \
gperf \
graphviz-dev \
hidapi-dev \
icu-data-full \
libtool \
libsodium-dev \
libudev-zero-dev \
libusb-dev \
linux-headers \
llvm-libunwind-dev \
make \
openssl-dev \
patch \
perl \
python3 \
qt5-qttools-dev \
rapidjson-dev \
readline-dev \
samurai \
unbound-dev \
zeromq-dev \
zlib-dev
# Build the fixuid tool
RUN set -ex && \
go install github.com/boxboat/[email protected] && \
chmod 4755 /root/go/bin/fixuid
# Clone Monero and submodules
RUN git clone \
--recursive --depth 1 -b ${MONERO_TAG} \
https://github.com/monero-project/monero.git \
/usr/src/monero
WORKDIR /usr/src/monero
# patches needed to work with alpine
COPY patches patches
RUN set -ex && \
patch -p1 < patches/easylogging.patch && \
patch -p1 < patches/epee.patch && \
patch -p1 < patches/miniupnpc.patch && \
patch -p1 < patches/monero.patch
# Build monero, but like, be nice about it.
RUN set -ex && \
cmake \
-Wno-dev \
-B build \
-G Ninja \
-D ARCH="x86-64" \
-D BUILD_64=on \
-D BUILD_TAG="linux-x64" \
-D BUILD_TESTS=off \
-D MANUAL_SUBMODULES=1 \
-D STACK_TRACE=off \
-D CMAKE_BUILD_TYPE=Release \
-D CMAKE_C_COMPILER=clang \
-D CMAKE_CXX_COMPILER=clang++ \
-D CMAKE_INSTALL_PREFIX=/usr \
&& \
nice -n 19 \
ionice -c2 -n7 \
cmake --build build
# Runtime stage
FROM alpine:${ALPINE_TAG} as runtime
RUN set -ex && \
apk update && \
apk upgrade --no-cache && \
apk add --no-cache \
boost \
ca-certificates \
hidapi \
libsodium-dev \
libudev-zero \
libusb \
llvm-libunwind \
openssl \
rapidjson \
readline \
unbound \
zeromq \
zlib
COPY --from=builder /root/go/bin/fixuid /usr/local/bin/fixuid
COPY --from=builder /usr/src/monero/build/bin/* /usr/local/bin/
# Create a dedicated user and configure fixuid
ARG MONERO_USER="monero"
RUN set -ex && \
addgroup -g 1000 ${MONERO_USER} && \
adduser -u 1000 -G ${MONERO_USER} -h /home/${MONERO_USER} -s /bin/ash -D ${MONERO_USER} && \
mkdir -p /etc/fixuid && \
printf "user: ${MONERO_USER}\ngroup: ${MONERO_USER}\n" > /etc/fixuid/config.yml
USER "${MONERO_USER}:${MONERO_USER}"
# Define a volume for the blockchain and wallet files
ARG MONERO_HOME="/home/${MONERO_USER}/.bitmonero"
VOLUME ${MONERO_HOME}
WORKDIR ${MONERO_HOME}
COPY entrypoint.sh /entrypoint.sh
ENTRYPOINT [ "/entrypoint.sh" ]
CMD [ "monerod", \
"--p2p-bind-ip=0.0.0.0", \
"--p2p-bind-port=18080", \
"--rpc-bind-ip=0.0.0.0", \
"--rpc-bind-port=18081", \
"--non-interactive", \
"--confirm-external-bind" ]
EXPOSE 18080 18081