coosld/kubo
1
0
Fork 0
mirror of https://github.com/ipfs/kubo.git synced 2026-02-25 12:27:43 +08:00
Code Issues Actions 14 Packages Projects Releases Wiki Activity

Merge pull request #6828 from ipfs/feat/improve-docker

Browse Source 
update dockerfile and use openssl
This commit is contained in:
Steven Allen 2020-01-16 16:06:46 +01:00 committed by GitHub
commit 7e5dc5875c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
Dockerfile
View File

@ -1,6 +1,12 @@
FROM golang:1.13.4-buster
FROM golang:1.13.6-buster
LABEL maintainer="Steven Allen <steven@stebalien.com>"
# Install deps
RUN apt-get update && apt-get install -y \
libssl-dev \
ca-certificates \
fuse
ENV SRC_DIR /go-ipfs
# Download packages first so they can be cached.
@ -14,12 +20,12 @@ COPY . $SRC_DIR
# Also: fix getting HEAD commit hash via git rev-parse.
RUN cd $SRC_DIR \
&& mkdir .git/objects \
&& make build
&& make build GOFLAGS=-tags=openssl
# Get su-exec, a very minimal tool for dropping privileges,
# and tini, a very minimal init daemon for containers
ENV SUEXEC_VERSION v0.2
ENV TINI_VERSION v0.16.1
ENV TINI_VERSION v0.18.0
RUN set -x \
&& cd /tmp \
&& git clone https://github.com/ncopa/su-exec.git \
@ -30,12 +36,6 @@ RUN set -x \
&& wget -q -O tini https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini \
&& chmod +x tini
# Get the TLS CA certificates, they're not provided by busybox.
RUN apt-get update && apt-get install -y ca-certificates
# Install FUSE
RUN apt-get update && apt-get install -y fuse
# Now comes the actual target image, which aims to be as small as possible.
FROM busybox:1.31.0-glibc
LABEL maintainer="Steven Allen <stven@stebalien.com>"
@ -52,9 +52,16 @@ COPY --from=0 /etc/ssl/certs /etc/ssl/certs
# Add suid bit on fusermount so it will run properly
RUN chmod 4755 /usr/local/bin/fusermount
# Fix permissions on start_ipfs (ignore the build machine's permissions)
RUN chmod 0755 /usr/local/bin/start_ipfs
# This shared lib (part of glibc) doesn't seem to be included with busybox.
COPY --from=0 /lib/x86_64-linux-gnu/libdl.so.2 /lib/libdl.so.2
# Copy over SSL libraries.
COPY --from=0 /usr/lib/x86_64-linux-gnu/libssl.so* /usr/lib/
COPY --from=0 /usr/lib/x86_64-linux-gnu/libcrypto.so* /usr/lib/
# Swarm TCP; should be exposed to the public
EXPOSE 4001
# Daemon API; must not be exposed publicly but to client services under you control