Skip to content

Commit

Permalink
Merge pull request #6 from privacybydesign/dockerize
Browse files Browse the repository at this point in the history
Dockerize
  • Loading branch information
bobhageman authored Nov 7, 2023
2 parents 7594cbe + 335da4f commit 757ff9c
Show file tree
Hide file tree
Showing 5 changed files with 106 additions and 15 deletions.
43 changes: 43 additions & 0 deletions .github/workflows/delivery.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
name: Delivery

on:
push:
branches: [ master ]
release:
# Note: a current limitation is that when a release is edited after publication, then the Docker tags are not automatically updated.
types: [ published ]

permissions:
contents: write
packages: write

jobs:
publish-docker-image:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4

- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/${{ github.repository }}
tags: |
type=semver,pattern={{major}}.{{minor}}.{{patch}}
type=raw,value=edge
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Build container and push to GitHub Container Registry
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
24 changes: 24 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
FROM golang:1-alpine as build

# Build binary
COPY . /atumd
WORKDIR /atumd
RUN go build -a -ldflags '-extldflags "-static"' -o "/bin/atumd" .

# Create application user
RUN adduser -D -u 1000 -g atumd atumd

# Start building the final image
FROM scratch

# Ensure the application user and group is set
COPY --from=build /etc/passwd /etc/passwd
COPY --from=build /etc/group /etc/group

# Copy binary from build stage
COPY --from=build --chown=atumd:atumd /bin/atumd /bin/atumd

# Switch to application user
USER atumd

ENTRYPOINT ["atumd"]
31 changes: 19 additions & 12 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,24 +1,33 @@
atumd
=====

Post-quantum trusted time-stamping service.
See [go-atum](https://github.com/bwesterb/go-atum) for more information
on the protocol.
Post-quantum trusted time-stamping service.
See [go-atum](https://github.com/bwesterb/go-atum) for more information on the protocol.

Setup
-----
To install `atumd`, run

```
go get github.com/bwesterb/atumd
```

Then create a `config.yaml`:
Create a `config.yaml` file:

```yaml
bindAddr: :8080
canonicalUrl: http://localhost:8080
```
For all configuration options, see [config.yaml.example](config.yaml.example)
**Run using Docker**
The easiest way to run `atumd` for development purposes is using Docker.

````
docker-compose up
````

**Run using GO**
To install `atumd`, run

```
go install github.com/bwesterb/atumd
```
and run
Expand All @@ -29,12 +38,10 @@ atumd
You probably want to configure a proper webserver like `nginx` to act
as proxy and set a corresponding sane `canonicalUrl` with HTTPS.
For more configuration options, see [config.yaml.example](config.yaml.example)

Warnings concerning redundancy and backups
------------------------------------------
`atumd` uses the **statefull** XMSS[MT] Siganture scheme. Each signature
`atumd` uses the **statefull** XMSS[MT] Signature scheme. Each signature
has a *sequence number* (seqno) and a sequence number
[must not](https://eprint.iacr.org/2016/1042.pdf) be reused as it
is likely to lead to signature forgery.
Expand Down
6 changes: 3 additions & 3 deletions config.yaml.example
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# You probably want to configure these
canonicalUrl: https://path.to/rproxy
bindAddr: localhost:8080
bindAddr: :8080

# Maximum size of nonce to sign. Best to keep above 64.
maxNonceSize: 128
Expand All @@ -20,8 +20,8 @@ disableOtherSigAlg: false

# Path to store private keys. Will be generated if not present.
# WARNING: do not make backups or copies of xmssmt.key. See the README.
xmssmtKeyPath: xmssmt.key
ed25519KeyPath: ed25519.key
xmssmtKeyPath: /.secrets/xmssmt.key
ed25519KeyPath: /.secrets/ed25519.key

# XMSS(MT) instance to use.
xmssmtAlg: XMSSMT-SHAKE_40/4_256
Expand Down
17 changes: 17 additions & 0 deletions docker-compose.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
version: '3.1'

services:

atumd:
build:
context: .
dockerfile: Dockerfile
volumes:
- "./config.yaml:/config/config.yaml"
- "./.secrets:/.secrets"
ports:
- "8080:8080"
expose:
- 8080
command:
- "-config=/config/config.yaml"

0 comments on commit 757ff9c

Please sign in to comment.