-
-
Notifications
You must be signed in to change notification settings - Fork 3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docker: switch from musl to glibc, and simplify stuff
The Dockerfile now has two stages: build and assembly. This allows for a full-fledged debian build container, while still resulting in a super-thin busybox image. License: MIT Signed-off-by: Lars Gierth <larsg@systemli.org>
- Loading branch information
Lars Gierth
committed
Sep 8, 2017
1 parent
f55a7a0
commit 2fa39fb
Showing
4 changed files
with
94 additions
and
85 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,3 +1,5 @@ | ||
| Dockerfile | ||
| Dockerfile.fast | ||
| .git/ | ||
| !.git/HEAD | ||
| !.git/refs/ | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,55 +1,69 @@ | ||
| FROM alpine:edge | ||
| FROM golang:1.9-stretch | ||
| MAINTAINER Lars Gierth <lgierth@ipfs.io> | ||
|
|
||
| # This is a copy of /Dockerfile, | ||
| # except that we optimize for build time, instead of image size. | ||
| # | ||
| # Please keep these two Dockerfiles in sync. | ||
|
|
||
| ENV GX_IPFS "" | ||
| ENV SRC_DIR /go/src/github.com/ipfs/go-ipfs | ||
|
|
||
| COPY ./package.json $SRC_DIR/package.json | ||
|
|
||
| RUN set -x \ | ||
| && go get github.com/whyrusleeping/gx \ | ||
| && go get github.com/whyrusleeping/gx-go \ | ||
| # Allows using a custom (i.e. local) IPFS API endpoint. | ||
| && ([ -z "$GX_IPFS" ] || echo $GX_IPFS > /root/.ipfs/api) \ | ||
| # Fetch the dependencies so we don't have to do it everytime. | ||
| && cd $SRC_DIR \ | ||
| && gx install | ||
|
|
||
| COPY . $SRC_DIR | ||
|
|
||
| # Build the thing. | ||
| RUN set -x \ | ||
| && cd $SRC_DIR \ | ||
| # Required for getting the HEAD commit hash via git rev-parse. | ||
| && mkdir .git/objects \ | ||
| # Build the thing. | ||
| && make build \ | ||
| && mv cmd/ipfs/ipfs /usr/local/bin/ipfs \ | ||
| && mv bin/container_daemon /usr/local/bin/start_ipfs | ||
|
|
||
| # This installs a very simple program acting as the init process. | ||
| # Makes sure signals are properly passed to the ipfs daemon process. | ||
| ENV TINI_VERSION v0.16.1 | ||
| ADD https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini /sbin/tini | ||
| RUN chmod +x /sbin/tini | ||
|
|
||
| # Ports for Swarm TCP, Swarm uTP, API, Gateway, Swarm Websockets | ||
| EXPOSE 4001 | ||
| EXPOSE 4002/udp | ||
| EXPOSE 5001 | ||
| EXPOSE 8080 | ||
| EXPOSE 8081 | ||
|
|
||
| ENV GX_IPFS "" | ||
| # Create the fs-repo directory and switch to a non-privileged user. | ||
| ENV IPFS_PATH /data/ipfs | ||
| ENV IPFS_LOGGING "" | ||
| ENV GOPATH /go | ||
| ENV PATH /go/bin:$PATH | ||
| ENV SRC_PATH /go/src/github.com/ipfs/go-ipfs | ||
| RUN mkdir -p $IPFS_PATH \ | ||
| && useradd -s /usr/sbin/nologin -d $IPFS_PATH -u 1000 -g 100 ipfs \ | ||
| && chown 1000:100 $IPFS_PATH | ||
| USER ipfs | ||
|
|
||
| # Expose the fs-repo as a volume. | ||
| # start_ipfs initializes an fs-repo if none is mounted. | ||
| # Important this happens after the USER directive so permission are correct. | ||
| VOLUME $IPFS_PATH | ||
|
|
||
| # This is an optimization which avoids rebuilding | ||
| # of the gx dependencies every time anything changes. | ||
| # gx will only be invoked if the dependencies have changed. | ||
| # | ||
| # Put differently: if package.json has changed, | ||
| # the image-id after this COPY command will change, | ||
| # and trigger a re-run of all following commands. | ||
| COPY ./package.json $SRC_PATH/package.json | ||
|
|
||
| RUN apk add --no-cache --virtual .build-deps-ipfs musl-dev gcc go git \ | ||
| && apk add --no-cache tini su-exec bash wget ca-certificates \ | ||
| && adduser -D -h $IPFS_PATH -u 1000 ipfs \ | ||
| && go get -u github.com/whyrusleeping/gx \ | ||
| && go get -u github.com/whyrusleeping/gx-go \ | ||
| && ([ -z "$GX_IPFS" ] || echo $GX_IPFS > $IPFS_PATH/api) \ | ||
| && cd $SRC_PATH \ | ||
| && gx --verbose install --global | ||
|
|
||
| COPY . $SRC_PATH | ||
|
|
||
| RUN cd $SRC_PATH \ | ||
| && mkdir .git/objects && commit=$(git rev-parse --short HEAD) \ | ||
| && echo "ldflags=-X github.com/ipfs/go-ipfs/repo/config.CurrentCommit=$commit" \ | ||
| && cd $SRC_PATH/cmd/ipfs \ | ||
| && go build -ldflags "-X github.com/ipfs/go-ipfs/repo/config.CurrentCommit=$commit" \ | ||
| && cp ipfs /usr/local/bin/ipfs \ | ||
| && cp $SRC_PATH/bin/container_daemon /usr/local/bin/start_ipfs \ | ||
| && chmod 755 /usr/local/bin/start_ipfs \ | ||
| && apk del --purge .build-deps-ipfs && rm -rf $GOPATH && rm -vf $IPFS_PATH/api | ||
| # The default logging level | ||
| ENV IPFS_LOGGING "" | ||
|
|
||
| # This just makes sure that: | ||
| # 1. There's an fs-repo, and initializes one if there isn't. | ||
| # 2. The API and Gateway are accessible from outside the container. | ||
| ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/start_ipfs"] | ||
|
|
||
| # Execute the daemon subcommand by default | ||
| CMD ["daemon", "--migrate=true"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters