Adds new multi-stage Dockerfile for lbrycrd and mountable config files. #47

Merged
EnigmaCurry merged 1 commit from setuid into master 2019-04-17 01:44:55 +02:00
EnigmaCurry commented 2019-04-17 01:26:57 +02:00 (Migrated from github.com)

This Dockerfile was originally outlined by @Leopere here:
https://github.com/lbryio/lbry-docker/pull/46#issuecomment-483779947

This follows threads from #45 and #46

I've made the following additions:

  • Made it so the config file can be mounted to /etc/lbry/lbrycrd.conf
    • If no config file is mounted, then the config is created from the environment variables just as before.
  • Added 'USER lbrycrd' to the Dockerfile.
    • Previously with the de-escalation of priviliges was only occuring if you used start.sh command. This makes it so all commands run as the lbrycrd user.
  • Added fix-permissions command, a simple c-wrapper around bash and setuid=root so that we can still change the file permissions even though we are no longer running as root.
    • This needed to be written in c only because you can't setuid in bash.
    • See https://unix.stackexchange.com/a/2910
    • Nice thing about the multi-stage docker build is that we can pull over just the 8KB executable into the final image, and not the whole compiler chain.
This Dockerfile was originally outlined by @Leopere here: https://github.com/lbryio/lbry-docker/pull/46#issuecomment-483779947 This follows threads from #45 and #46 I've made the following additions: * Made it so the config file can be mounted to /etc/lbry/lbrycrd.conf * If no config file is mounted, then the config is created from the environment variables just as before. * Added 'USER lbrycrd' to the Dockerfile. * Previously with the de-escalation of priviliges was only occuring if you used start.sh command. This makes it so all commands run as the lbrycrd user. * Added fix-permissions command, a simple c-wrapper around bash and setuid=root so that we can still change the file permissions even though we are no longer running as root. * This needed to be written in c only because you can't setuid in bash. * See https://unix.stackexchange.com/a/2910 * Nice thing about the multi-stage docker build is that we can pull over just the 8KB executable into the final image, and not the whole compiler chain.
Leopere commented 2019-04-17 01:41:35 +02:00 (Migrated from github.com)

I love it, and it builds and runs now yes?

I love it, and it builds and runs now yes?
EnigmaCurry commented 2019-04-17 01:42:09 +02:00 (Migrated from github.com)

Yes, I ran through my exact instructions in #45 to test it.

Yes, I ran through my exact instructions in #45 to test it.
Leopere commented 2019-04-17 01:44:29 +02:00 (Migrated from github.com)

Since this is a feature I hadn't finished personally and you've taken it the rest of the way I'll consider this acceptable and merge it thank you very much for your time and effort if there is a LBC wallet you can post LBRY.io will send you a tip feel free to join the Discord and get the details there.

Since this is a feature I hadn't finished personally and you've taken it the rest of the way I'll consider this acceptable and merge it thank you very much for your time and effort if there is a LBC wallet you can post LBRY.io will send you a tip feel free to join the Discord and get the details there.
Sign in to join this conversation.
No reviewers
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: LBRYCommunity/lbry-docker#47
No description provided.