Merge pull request #47 from EnigmaCurry/setuid
Adds new multi-stage Dockerfile for lbrycrd and mountable config files.
This commit is contained in:
commit
d82e79100f
3 changed files with 52 additions and 57 deletions
|
@ -1,45 +1,30 @@
|
||||||
## This base image is for running latest lbrycrdd
|
FROM ubuntu:18.04 as prep
|
||||||
# For some reason I may switch this image over to Alpine when I can RCA why it won't start.
|
|
||||||
FROM ubuntu:18.04
|
|
||||||
LABEL MAINTAINER="leopere [at] nixc [dot] us"
|
LABEL MAINTAINER="leopere [at] nixc [dot] us"
|
||||||
|
## TODO: Implement version pinning. `apt-get install curl=<version>`
|
||||||
RUN addgroup --gid 1000 lbrycrd && \
|
RUN apt-get update && \
|
||||||
adduser lbrycrd --uid 1000 --gid 1000 --gecos GECOS --shell /bin/bash --disabled-password --home /data && \
|
apt-get -y install unzip curl build-essential && \
|
||||||
apt-get update && \
|
|
||||||
apt-get -y install unzip wget curl && \
|
|
||||||
apt-get autoclean -y && \
|
apt-get autoclean -y && \
|
||||||
rm -rf /var/lib/apt/lists/*
|
rm -rf /var/lib/apt/lists/*
|
||||||
|
WORKDIR /
|
||||||
|
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
|
||||||
|
COPY stuff/start.sh start
|
||||||
|
COPY stuff/healthcheck.sh healthcheck
|
||||||
|
COPY stuff/fix-permissions.c fix-permissions.c
|
||||||
|
RUN curl -L -o ./lbrycrd-linux.zip $(curl -s https://api.github.com/repos/lbryio/lbrycrd/releases | grep -F 'lbrycrd-linux.zip' | grep download | head -n 1 | cut -d'"' -f4) && \
|
||||||
|
unzip ./lbrycrd-linux.zip && \
|
||||||
|
gcc fix-permissions.c -o fix-permissions && \
|
||||||
|
chmod +x ./lbrycrdd ./lbrycrd-cli ./lbrycrd-tx ./start ./healthcheck ./fix-permissions
|
||||||
|
|
||||||
## TODO: Consider adding debugpaste or variant
|
FROM ubuntu:18.04 as app
|
||||||
# RUN wget -O /usr/bin/debugpaste https://github.com/nixc-us/debugpaste-it/raw/master/bin/debugpaste_64 && \
|
COPY --from=prep /lbrycrdd /lbrycrd-cli /lbrycrd-tx /start /healthcheck /fix-permissions /usr/bin/
|
||||||
# chmod +x /usr/bin/debugpaste
|
RUN addgroup --gid 1000 lbrycrd && \
|
||||||
|
adduser lbrycrd --uid 1000 --gid 1000 --gecos GECOS --shell /bin/bash --disabled-password --home /data && \
|
||||||
RUN wget -O /usr/bin/lbrycrd-linux.zip https://github.com/lbryio/lbrycrd/releases/download/v0.12.2.2/lbrycrd-linux.zip && \
|
chmod a+s /usr/bin/fix-permissions
|
||||||
cd /usr/bin/ && \
|
|
||||||
unzip lbrycrd-linux.zip && \
|
|
||||||
rm lbrycrd-linux.zip && \
|
|
||||||
chmod +x lbrycrdd lbrycrd-cli lbrycrd-tx
|
|
||||||
|
|
||||||
COPY stuff/debugpaste-it.sh /usr/local/bin/debugpaste-it
|
|
||||||
COPY stuff/start.sh /usr/local/bin/start
|
|
||||||
COPY stuff/docker-entrypoint.sh /usr/local/bin/docker-entrypoint
|
|
||||||
COPY stuff/healthcheck.sh /usr/local/bin/healthcheck
|
|
||||||
|
|
||||||
# USER lbrycrd
|
|
||||||
# RUN mkdir /data
|
|
||||||
VOLUME ["/data"]
|
VOLUME ["/data"]
|
||||||
WORKDIR /data
|
WORKDIR /data
|
||||||
|
|
||||||
## TODO: Implement healthcheck.
|
## TODO: Implement healthcheck.
|
||||||
# HEALTHCHECK ["healthcheck"]
|
# HEALTHCHECK ["healthcheck"]
|
||||||
|
EXPOSE 9246 9245
|
||||||
|
|
||||||
## Exposing daemon port and RPC port
|
USER lbrycrd
|
||||||
EXPOSE 9245 9246
|
|
||||||
|
|
||||||
## TODO: Decide what's important for lbrycrd and possibly add an entrypoint.
|
|
||||||
## Maybe catch things that might match things that can be easily executed in the
|
|
||||||
## lbrycrd cli and if nothing is entered just default to the containers shell.
|
|
||||||
## For now this is a placeholder that executes /bin/bash on `docker exec`
|
|
||||||
# ENTRYPOINT ["docker-entrypoint"]
|
|
||||||
|
|
||||||
CMD ["start"]
|
CMD ["start"]
|
||||||
|
|
9
lbrycrd/stuff/fix-permissions.c
Normal file
9
lbrycrd/stuff/fix-permissions.c
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
#include <unistd.h>
|
||||||
|
int main() {
|
||||||
|
// This program needs to run with setuid == root
|
||||||
|
// This needs to be in a compiled language because you cannot setuid bash scripts
|
||||||
|
setuid(0);
|
||||||
|
execle("/bin/bash", "bash", "-c",
|
||||||
|
"/bin/chown -R lbrycrd:lbrycrd /data && /bin/chmod -R 755 /data/",
|
||||||
|
(char*) NULL, (char*) NULL);
|
||||||
|
}
|
|
@ -6,35 +6,36 @@
|
||||||
# ## not specified it will only create an index for transactions that are related to the wallet or have unspent outputs.
|
# ## not specified it will only create an index for transactions that are related to the wallet or have unspent outputs.
|
||||||
# ## This is specific to chainquery.
|
# ## This is specific to chainquery.
|
||||||
|
|
||||||
## Ensure perms are correct prior to running main binary
|
# The config file does not exist in the container image. It must be mounted, or
|
||||||
mkdir -p /data/.lbrycrd
|
# if not, a default config is generated using environment variables.
|
||||||
chown -R lbrycrd:lbrycrd /data
|
CONFIG_PATH=/etc/lbry/lbrycrd.conf
|
||||||
chmod -R 755 /data/
|
if [ -f "$CONFIG_PATH" ]
|
||||||
|
then
|
||||||
## TODO: Consider a config directory for future magic.
|
echo "Using the config file that was mounted into the container."
|
||||||
# chown -R 1000:1000 /etc/lbrycrd
|
else
|
||||||
# chmod -R 755 /etc/lbrycrd
|
echo "Creating a fresh config file from environment variables."
|
||||||
rm -f /var/run/lbrycrd.pid
|
|
||||||
|
|
||||||
|
|
||||||
## Set config params
|
## Set config params
|
||||||
## TODO: Make this more automagic in the future.
|
mkdir -p `dirname $CONFIG_PATH`
|
||||||
echo "rpcuser=$RPC_USER" > /data/.lbrycrd/lbrycrd.conf
|
echo "rpcuser=$RPC_USER" > $CONFIG_PATH
|
||||||
echo "rpcpassword=$RPC_PASSWORD" >> /data/.lbrycrd/lbrycrd.conf
|
echo "rpcpassword=$RPC_PASSWORD" >> $CONFIG_PATH
|
||||||
echo "rpcallowip=$RPC_ALLOW_IP" >> /data/.lbrycrd/lbrycrd.conf
|
echo "rpcallowip=$RPC_ALLOW_IP" >> $CONFIG_PATH
|
||||||
echo "rpcport=9245" >> /data/.lbrycrd/lbrycrd.conf
|
echo "rpcport=9245" >> $CONFIG_PATH
|
||||||
echo "rpcbind=0.0.0.0" >> /data/.lbrycrd/lbrycrd.conf
|
echo "rpcbind=0.0.0.0" >> $CONFIG_PATH
|
||||||
#echo "bind=0.0.0.0" >> /data/.lbrycrd/lbrycrd.conf
|
#echo "bind=0.0.0.0" >> $CONFIG_PATH
|
||||||
|
fi
|
||||||
|
|
||||||
|
## Ensure perms are correct prior to running main binary
|
||||||
|
/usr/bin/fix-permissions
|
||||||
|
|
||||||
## Control this invocation through envvar.
|
## Control this invocation through envvar.
|
||||||
case $RUN_MODE in
|
case $RUN_MODE in
|
||||||
default )
|
default )
|
||||||
su -c "lbrycrdd -server -conf=/data/.lbrycrd/lbrycrd.conf -printtoconsole" lbrycrd
|
lbrycrdd -server -conf=$CONFIG_PATH -printtoconsole
|
||||||
;;
|
;;
|
||||||
reindex )
|
reindex )
|
||||||
su -c "lbrycrdd -server -txindex -reindex -conf=/data/.lbrycrd/lbrycrd.conf -printtoconsole" lbrycrd
|
lbrycrdd -server -txindex -reindex -conf=$CONFIG_PATH -printtoconsole
|
||||||
;;
|
;;
|
||||||
chainquery )
|
chainquery )
|
||||||
su -c "lbrycrdd -server -txindex -conf=/data/.lbrycrd/lbrycrd.conf -printtoconsole" lbrycrd
|
lbrycrdd -server -txindex -conf=$CONFIG_PATH -printtoconsole
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
Loading…
Reference in a new issue