diff --git a/lbrycrd/Dockerfile b/lbrycrd/Dockerfile index b5b2c3f..0b1c949 100644 --- a/lbrycrd/Dockerfile +++ b/lbrycrd/Dockerfile @@ -1,45 +1,30 @@ -## This base image is for running latest lbrycrdd -# For some reason I may switch this image over to Alpine when I can RCA why it won't start. -FROM ubuntu:18.04 +FROM ubuntu:18.04 as prep LABEL MAINTAINER="leopere [at] nixc [dot] us" +## TODO: Implement version pinning. `apt-get install curl=` +RUN apt-get update && \ + apt-get -y install unzip curl build-essential && \ + apt-get autoclean -y && \ + rm -rf /var/lib/apt/lists/* +WORKDIR / +SHELL ["/bin/bash", "-o", "pipefail", "-c"] +COPY stuff/start.sh start +COPY stuff/healthcheck.sh healthcheck +COPY stuff/fix-permissions.c fix-permissions.c +RUN curl -L -o ./lbrycrd-linux.zip $(curl -s https://api.github.com/repos/lbryio/lbrycrd/releases | grep -F 'lbrycrd-linux.zip' | grep download | head -n 1 | cut -d'"' -f4) && \ + unzip ./lbrycrd-linux.zip && \ + gcc fix-permissions.c -o fix-permissions && \ + chmod +x ./lbrycrdd ./lbrycrd-cli ./lbrycrd-tx ./start ./healthcheck ./fix-permissions +FROM ubuntu:18.04 as app +COPY --from=prep /lbrycrdd /lbrycrd-cli /lbrycrd-tx /start /healthcheck /fix-permissions /usr/bin/ RUN addgroup --gid 1000 lbrycrd && \ - adduser lbrycrd --uid 1000 --gid 1000 --gecos GECOS --shell /bin/bash --disabled-password --home /data && \ - apt-get update && \ - apt-get -y install unzip wget curl && \ - apt-get autoclean -y && \ - rm -rf /var/lib/apt/lists/* - -## TODO: Consider adding debugpaste or variant -# RUN wget -O /usr/bin/debugpaste https://github.com/nixc-us/debugpaste-it/raw/master/bin/debugpaste_64 && \ -# chmod +x /usr/bin/debugpaste - -RUN wget -O /usr/bin/lbrycrd-linux.zip https://github.com/lbryio/lbrycrd/releases/download/v0.12.2.2/lbrycrd-linux.zip && \ - cd /usr/bin/ && \ - unzip lbrycrd-linux.zip && \ - rm lbrycrd-linux.zip && \ - chmod +x lbrycrdd lbrycrd-cli lbrycrd-tx - -COPY stuff/debugpaste-it.sh /usr/local/bin/debugpaste-it -COPY stuff/start.sh /usr/local/bin/start -COPY stuff/docker-entrypoint.sh /usr/local/bin/docker-entrypoint -COPY stuff/healthcheck.sh /usr/local/bin/healthcheck - -# USER lbrycrd -# RUN mkdir /data + adduser lbrycrd --uid 1000 --gid 1000 --gecos GECOS --shell /bin/bash --disabled-password --home /data && \ + chmod a+s /usr/bin/fix-permissions VOLUME ["/data"] WORKDIR /data - ## TODO: Implement healthcheck. # HEALTHCHECK ["healthcheck"] +EXPOSE 9246 9245 -## Exposing daemon port and RPC port -EXPOSE 9245 9246 - -## TODO: Decide what's important for lbrycrd and possibly add an entrypoint. -## Maybe catch things that might match things that can be easily executed in the -## lbrycrd cli and if nothing is entered just default to the containers shell. -## For now this is a placeholder that executes /bin/bash on `docker exec` -# ENTRYPOINT ["docker-entrypoint"] - +USER lbrycrd CMD ["start"] diff --git a/lbrycrd/stuff/fix-permissions.c b/lbrycrd/stuff/fix-permissions.c new file mode 100644 index 0000000..d287c14 --- /dev/null +++ b/lbrycrd/stuff/fix-permissions.c @@ -0,0 +1,9 @@ +#include +int main() { + // This program needs to run with setuid == root + // This needs to be in a compiled language because you cannot setuid bash scripts + setuid(0); + execle("/bin/bash", "bash", "-c", + "/bin/chown -R lbrycrd:lbrycrd /data && /bin/chmod -R 755 /data/", + (char*) NULL, (char*) NULL); +} diff --git a/lbrycrd/stuff/start.sh b/lbrycrd/stuff/start.sh index e25ded5..6b6a41c 100755 --- a/lbrycrd/stuff/start.sh +++ b/lbrycrd/stuff/start.sh @@ -6,35 +6,36 @@ # ## not specified it will only create an index for transactions that are related to the wallet or have unspent outputs. # ## This is specific to chainquery. +# The config file does not exist in the container image. It must be mounted, or +# if not, a default config is generated using environment variables. +CONFIG_PATH=/etc/lbry/lbrycrd.conf +if [ -f "$CONFIG_PATH" ] +then + echo "Using the config file that was mounted into the container." +else + echo "Creating a fresh config file from environment variables." + ## Set config params + mkdir -p `dirname $CONFIG_PATH` + echo "rpcuser=$RPC_USER" > $CONFIG_PATH + echo "rpcpassword=$RPC_PASSWORD" >> $CONFIG_PATH + echo "rpcallowip=$RPC_ALLOW_IP" >> $CONFIG_PATH + echo "rpcport=9245" >> $CONFIG_PATH + echo "rpcbind=0.0.0.0" >> $CONFIG_PATH + #echo "bind=0.0.0.0" >> $CONFIG_PATH +fi + ## Ensure perms are correct prior to running main binary -mkdir -p /data/.lbrycrd -chown -R lbrycrd:lbrycrd /data -chmod -R 755 /data/ - -## TODO: Consider a config directory for future magic. -# chown -R 1000:1000 /etc/lbrycrd -# chmod -R 755 /etc/lbrycrd -rm -f /var/run/lbrycrd.pid - - -## Set config params -## TODO: Make this more automagic in the future. -echo "rpcuser=$RPC_USER" > /data/.lbrycrd/lbrycrd.conf -echo "rpcpassword=$RPC_PASSWORD" >> /data/.lbrycrd/lbrycrd.conf -echo "rpcallowip=$RPC_ALLOW_IP" >> /data/.lbrycrd/lbrycrd.conf -echo "rpcport=9245" >> /data/.lbrycrd/lbrycrd.conf -echo "rpcbind=0.0.0.0" >> /data/.lbrycrd/lbrycrd.conf -#echo "bind=0.0.0.0" >> /data/.lbrycrd/lbrycrd.conf +/usr/bin/fix-permissions ## Control this invocation through envvar. case $RUN_MODE in default ) - su -c "lbrycrdd -server -conf=/data/.lbrycrd/lbrycrd.conf -printtoconsole" lbrycrd + lbrycrdd -server -conf=$CONFIG_PATH -printtoconsole ;; reindex ) - su -c "lbrycrdd -server -txindex -reindex -conf=/data/.lbrycrd/lbrycrd.conf -printtoconsole" lbrycrd + lbrycrdd -server -txindex -reindex -conf=$CONFIG_PATH -printtoconsole ;; chainquery ) - su -c "lbrycrdd -server -txindex -conf=/data/.lbrycrd/lbrycrd.conf -printtoconsole" lbrycrd + lbrycrdd -server -txindex -conf=$CONFIG_PATH -printtoconsole ;; esac