coosld/kubo
1
0
Fork 0
mirror of https://github.com/ipfs/kubo.git synced 2026-03-09 18:28:08 +08:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
5d7fae6055
kubo/Dockerfile.fast
Hector Sanjuan b57539c109 Dockerfiles: do not set gecos field on user add. Set group. 
I think this was unintended: useradd -g sets the gecos field to "100".
Probably we meant to use -G to set the ipfs user group.

-G does not take gids, so it needs to be set by name.
The group with gid 100 is "users".

Additionally, since we install the ca-certificates package
(which is already installed), at least we should attempt to update it
to get the latest version of certs.

License: MIT
Signed-off-by: Hector Sanjuan <hector@protocol.ai>
2017-10-20 20:59:26 +02:00

78 lines
2.2 KiB
Docker
Raw Blame History

FROM golang:1.9-stretch
MAINTAINER Lars Gierth <lgierth@ipfs.io>
# This is a copy of /Dockerfile,
# except that we optimize for build time, instead of image size.
#
# Please keep these two Dockerfiles in sync.
ENV GX_IPFS ""
ENV SRC_DIR /go/src/github.com/ipfs/go-ipfs
COPY ./package.json $SRC_DIR/package.json
RUN set -x \
&& go get github.com/whyrusleeping/gx \
&& go get github.com/whyrusleeping/gx-go \
# Allows using a custom (i.e. local) IPFS API endpoint.
&& ([ -z "$GX_IPFS" ] || echo $GX_IPFS > /root/.ipfs/api) \
# Fetch the dependencies so we don't have to do it everytime.
&& cd $SRC_DIR \
&& gx install
COPY . $SRC_DIR
# Build the thing.
RUN set -x \
&& cd $SRC_DIR \
# Required for getting the HEAD commit hash via git rev-parse.
&& mkdir .git/objects \
# Build the thing.
&& make build \
&& mv cmd/ipfs/ipfs /usr/local/bin/ipfs \
&& mv bin/container_daemon /usr/local/bin/start_ipfs
ENV SUEXEC_VERSION v0.2
ENV TINI_VERSION v0.16.1
RUN set -x \
# Get su-exec, a very minimal tool for dropping privileges
&& cd /tmp \
&& git clone https://github.com/ncopa/su-exec.git \
&& cd su-exec \
&& git checkout -q $SUEXEC_VERSION \
&& make \
# Get tini, a very minimal init daemon for containers
&& cd /tmp \
&& wget -q -O tini https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini \
&& chmod +x tini \
# Install them
&& mv su-exec/su-exec tini /sbin/
# Ports for Swarm TCP, Swarm uTP, API, Gateway, Swarm Websockets
EXPOSE 4001
EXPOSE 4002/udp
EXPOSE 5001
EXPOSE 8080
EXPOSE 8081
# Create the fs-repo directory and switch to a non-privileged user.
ENV IPFS_PATH /data/ipfs
RUN mkdir -p $IPFS_PATH \
&& useradd -s /usr/sbin/nologin -d $IPFS_PATH -u 1000 -G users ipfs \
&& chown ipfs:users $IPFS_PATH
# Expose the fs-repo as a volume.
# start_ipfs initializes an fs-repo if none is mounted.
VOLUME $IPFS_PATH
# The default logging level
ENV IPFS_LOGGING ""
# This just makes sure that:
# 1. There's an fs-repo, and initializes one if there isn't.
# 2. The API and Gateway are accessible from outside the container.
ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/start_ipfs"]
# Execute the daemon subcommand by default
CMD ["daemon", "--migrate=true"]
Reference in New Issue View Git Blame Copy Permalink