As of now,
$ docker pull ipfs/go-ipfs
Using default tag: latest
latest: Pulling from ipfs/go-ipfs
Digest: sha256:31cc5713ef3e3e81bf868cbb56c19de2d15d661743d8b6077804dee26e929ac5
Status: Image is up to date for ipfs/go-ipfs:latest
ipfs daemon will start as root user:
$ docker run --rm --entrypoint=/bin/sh ipfs/go-ipfs -c whoami
root
but later on will drop priviledges:
$ docker logs ipfs/go-ipfs |head -n 1
Changing user to ipfs
With this change applied, ipfs daemon starts as ipfs user right from
the begining:
$ docker run --rm --entrypoint=/bin/sh ipfs/go-ipfs -c whoami
ipfs
License: MIT
Signed-off-by: Mykola Nikishov <mn@mn.com.ua>
Go 1.11 changes the output of `go fmt` slightly so we either need to
all *downgrade* or *upgrade*. Let's upgrade.
License: MIT
Signed-off-by: Steven Allen <steven@stebalien.com>
License: MIT
Signed-off-by: Łukasz Magiera <magik6k@gmail.com>
Signed-off-by: Victor Bjelkholm <git@victor.earth>
Signed-off-by: Steven Allen <steven@stebalien.com>
I think this was unintended: useradd -g sets the gecos field to "100".
Probably we meant to use -G to set the ipfs user group.
-G does not take gids, so it needs to be set by name.
The group with gid 100 is "users".
Additionally, since we install the ca-certificates package
(which is already installed), at least we should attempt to update it
to get the latest version of certs.
License: MIT
Signed-off-by: Hector Sanjuan <hector@protocol.ai>
The Dockerfile now has two stages: build and assembly.
This allows for a full-fledged debian build container,
while still resulting in a super-thin busybox image.
License: MIT
Signed-off-by: Lars Gierth <larsg@systemli.org>
This patch is delaying the point where permissions are dropped into the `start_ipfs` script. This way, instead of exiting on permission issues, we can fix them on our own inside the script, then drop privileges and continue doing ipfs specific stuff with the correct user.
I've removed the `chmod 0777` step from the readme since it's not needed anymore.
License: MIT
Signed-off-by: kpcyrd <git@rxv.cc>
After the discussion in https://github.com/ipfs/go-ipfs/pull/3573 this patch prints a deprecation warning if:
1) the image has been executed with additional arguments
2) the first argument isn't daemon
This way people are able to migrate to the new syntax without any breaking changes.
License: MIT
Signed-off-by: kpcyrd <git@rxv.cc>
There's only ever one version of a given package
per Alpine release, so GO_VERSION is superfluous
and only breaks the build if the go packages is updated.
License: MIT
Signed-off-by: Lars Gierth <larsg@systemli.org>
