Merge pull request #47 from EnigmaCurry/setuid
Adds new multi-stage Dockerfile for lbrycrd and mountable config files.
This commit is contained in:
commit
d82e79100f
3 changed files with 52 additions and 57 deletions
|
@ -1,45 +1,30 @@
|
|||
## This base image is for running latest lbrycrdd
|
||||
# For some reason I may switch this image over to Alpine when I can RCA why it won't start.
|
||||
FROM ubuntu:18.04
|
||||
FROM ubuntu:18.04 as prep
|
||||
LABEL MAINTAINER="leopere [at] nixc [dot] us"
|
||||
## TODO: Implement version pinning. `apt-get install curl=<version>`
|
||||
RUN apt-get update && \
|
||||
apt-get -y install unzip curl build-essential && \
|
||||
apt-get autoclean -y && \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
WORKDIR /
|
||||
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
|
||||
COPY stuff/start.sh start
|
||||
COPY stuff/healthcheck.sh healthcheck
|
||||
COPY stuff/fix-permissions.c fix-permissions.c
|
||||
RUN curl -L -o ./lbrycrd-linux.zip $(curl -s https://api.github.com/repos/lbryio/lbrycrd/releases | grep -F 'lbrycrd-linux.zip' | grep download | head -n 1 | cut -d'"' -f4) && \
|
||||
unzip ./lbrycrd-linux.zip && \
|
||||
gcc fix-permissions.c -o fix-permissions && \
|
||||
chmod +x ./lbrycrdd ./lbrycrd-cli ./lbrycrd-tx ./start ./healthcheck ./fix-permissions
|
||||
|
||||
FROM ubuntu:18.04 as app
|
||||
COPY --from=prep /lbrycrdd /lbrycrd-cli /lbrycrd-tx /start /healthcheck /fix-permissions /usr/bin/
|
||||
RUN addgroup --gid 1000 lbrycrd && \
|
||||
adduser lbrycrd --uid 1000 --gid 1000 --gecos GECOS --shell /bin/bash --disabled-password --home /data && \
|
||||
apt-get update && \
|
||||
apt-get -y install unzip wget curl && \
|
||||
apt-get autoclean -y && \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
## TODO: Consider adding debugpaste or variant
|
||||
# RUN wget -O /usr/bin/debugpaste https://github.com/nixc-us/debugpaste-it/raw/master/bin/debugpaste_64 && \
|
||||
# chmod +x /usr/bin/debugpaste
|
||||
|
||||
RUN wget -O /usr/bin/lbrycrd-linux.zip https://github.com/lbryio/lbrycrd/releases/download/v0.12.2.2/lbrycrd-linux.zip && \
|
||||
cd /usr/bin/ && \
|
||||
unzip lbrycrd-linux.zip && \
|
||||
rm lbrycrd-linux.zip && \
|
||||
chmod +x lbrycrdd lbrycrd-cli lbrycrd-tx
|
||||
|
||||
COPY stuff/debugpaste-it.sh /usr/local/bin/debugpaste-it
|
||||
COPY stuff/start.sh /usr/local/bin/start
|
||||
COPY stuff/docker-entrypoint.sh /usr/local/bin/docker-entrypoint
|
||||
COPY stuff/healthcheck.sh /usr/local/bin/healthcheck
|
||||
|
||||
# USER lbrycrd
|
||||
# RUN mkdir /data
|
||||
adduser lbrycrd --uid 1000 --gid 1000 --gecos GECOS --shell /bin/bash --disabled-password --home /data && \
|
||||
chmod a+s /usr/bin/fix-permissions
|
||||
VOLUME ["/data"]
|
||||
WORKDIR /data
|
||||
|
||||
## TODO: Implement healthcheck.
|
||||
# HEALTHCHECK ["healthcheck"]
|
||||
EXPOSE 9246 9245
|
||||
|
||||
## Exposing daemon port and RPC port
|
||||
EXPOSE 9245 9246
|
||||
|
||||
## TODO: Decide what's important for lbrycrd and possibly add an entrypoint.
|
||||
## Maybe catch things that might match things that can be easily executed in the
|
||||
## lbrycrd cli and if nothing is entered just default to the containers shell.
|
||||
## For now this is a placeholder that executes /bin/bash on `docker exec`
|
||||
# ENTRYPOINT ["docker-entrypoint"]
|
||||
|
||||
USER lbrycrd
|
||||
CMD ["start"]
|
||||
|
|
9
lbrycrd/stuff/fix-permissions.c
Normal file
9
lbrycrd/stuff/fix-permissions.c
Normal file
|
@ -0,0 +1,9 @@
|
|||
#include <unistd.h>
|
||||
int main() {
|
||||
// This program needs to run with setuid == root
|
||||
// This needs to be in a compiled language because you cannot setuid bash scripts
|
||||
setuid(0);
|
||||
execle("/bin/bash", "bash", "-c",
|
||||
"/bin/chown -R lbrycrd:lbrycrd /data && /bin/chmod -R 755 /data/",
|
||||
(char*) NULL, (char*) NULL);
|
||||
}
|
|
@ -6,35 +6,36 @@
|
|||
# ## not specified it will only create an index for transactions that are related to the wallet or have unspent outputs.
|
||||
# ## This is specific to chainquery.
|
||||
|
||||
# The config file does not exist in the container image. It must be mounted, or
|
||||
# if not, a default config is generated using environment variables.
|
||||
CONFIG_PATH=/etc/lbry/lbrycrd.conf
|
||||
if [ -f "$CONFIG_PATH" ]
|
||||
then
|
||||
echo "Using the config file that was mounted into the container."
|
||||
else
|
||||
echo "Creating a fresh config file from environment variables."
|
||||
## Set config params
|
||||
mkdir -p `dirname $CONFIG_PATH`
|
||||
echo "rpcuser=$RPC_USER" > $CONFIG_PATH
|
||||
echo "rpcpassword=$RPC_PASSWORD" >> $CONFIG_PATH
|
||||
echo "rpcallowip=$RPC_ALLOW_IP" >> $CONFIG_PATH
|
||||
echo "rpcport=9245" >> $CONFIG_PATH
|
||||
echo "rpcbind=0.0.0.0" >> $CONFIG_PATH
|
||||
#echo "bind=0.0.0.0" >> $CONFIG_PATH
|
||||
fi
|
||||
|
||||
## Ensure perms are correct prior to running main binary
|
||||
mkdir -p /data/.lbrycrd
|
||||
chown -R lbrycrd:lbrycrd /data
|
||||
chmod -R 755 /data/
|
||||
|
||||
## TODO: Consider a config directory for future magic.
|
||||
# chown -R 1000:1000 /etc/lbrycrd
|
||||
# chmod -R 755 /etc/lbrycrd
|
||||
rm -f /var/run/lbrycrd.pid
|
||||
|
||||
|
||||
## Set config params
|
||||
## TODO: Make this more automagic in the future.
|
||||
echo "rpcuser=$RPC_USER" > /data/.lbrycrd/lbrycrd.conf
|
||||
echo "rpcpassword=$RPC_PASSWORD" >> /data/.lbrycrd/lbrycrd.conf
|
||||
echo "rpcallowip=$RPC_ALLOW_IP" >> /data/.lbrycrd/lbrycrd.conf
|
||||
echo "rpcport=9245" >> /data/.lbrycrd/lbrycrd.conf
|
||||
echo "rpcbind=0.0.0.0" >> /data/.lbrycrd/lbrycrd.conf
|
||||
#echo "bind=0.0.0.0" >> /data/.lbrycrd/lbrycrd.conf
|
||||
/usr/bin/fix-permissions
|
||||
|
||||
## Control this invocation through envvar.
|
||||
case $RUN_MODE in
|
||||
default )
|
||||
su -c "lbrycrdd -server -conf=/data/.lbrycrd/lbrycrd.conf -printtoconsole" lbrycrd
|
||||
lbrycrdd -server -conf=$CONFIG_PATH -printtoconsole
|
||||
;;
|
||||
reindex )
|
||||
su -c "lbrycrdd -server -txindex -reindex -conf=/data/.lbrycrd/lbrycrd.conf -printtoconsole" lbrycrd
|
||||
lbrycrdd -server -txindex -reindex -conf=$CONFIG_PATH -printtoconsole
|
||||
;;
|
||||
chainquery )
|
||||
su -c "lbrycrdd -server -txindex -conf=/data/.lbrycrd/lbrycrd.conf -printtoconsole" lbrycrd
|
||||
lbrycrdd -server -txindex -conf=$CONFIG_PATH -printtoconsole
|
||||
;;
|
||||
esac
|
||||
|
|
Loading…
Reference in a new issue