Dockerfile Parts (#428)

* De-duplicate Dockerfiles by using a bash file to concatenate common parts Resolves #375. Dockerfiles are still committed to the repo to avoid a dependency on bash. * Add a CI job to confirm the committed dockerfiles are the currently generated ones * Create dedicated Dockerfiles per processor network Ensures the compromising of network-specific dependencies doesn't lead to a compromise of the build process for all processors. * Dockerfile corrections * Correct call to build processor Docker image in tests/processor
2025-12-09 04:39:24 +00:00 · 2023-11-12 23:55:15 -05:00
parent c328e5ea68
commit 351436a258
32 changed files with 511 additions and 154 deletions
--- a/orchestration/coins/monero/Dockerfile
+++ b/orchestration/coins/monero/Dockerfile
@@ -1,4 +1,14 @@
-FROM alpine:latest as builder
+FROM alpine:latest as mimalloc
+
+RUN apk update && apk upgrade && apk --no-cache add gcc g++ libc-dev make cmake git
+RUN git clone https://github.com/microsoft/mimalloc && \
+  cd mimalloc && \
+  mkdir -p out/secure && \
+  cd out/secure && \
+  cmake -DMI_SECURE=ON ../.. && \
+  make && \
+  cp ./libmimalloc-secure.so ../../../libmimalloc.so
+FROM alpine:latest as monero

 # https://downloads.getmonero.org/cli/monero-linux-x64-v0.18.3.1.tar.bz2
 # Verification will fail if MONERO_VERSION doesn't match the latest
@@ -8,17 +18,6 @@ FROM alpine:latest as builder
 # Most publish a asc file for each release / build architecture ¯\_(ツ)_/¯
 ENV MONERO_VERSION=0.18.3.1

-WORKDIR /home/monero
-
-RUN apk update && apk --no-cache add gcc g++ libc-dev make cmake git
-RUN git clone https://github.com/microsoft/mimalloc && \
-  cd mimalloc && \
-  mkdir -p out/secure && \
-  cd out/secure && \
-  cmake -DMI_SECURE=ON ../.. && \
-  make && \
-  cp ./libmimalloc-secure.so ../../../libmimalloc.so
-
 RUN apk --no-cache add gnupg

 # Download Monero
@@ -30,17 +29,15 @@ RUN gpg --keyserver hkp://keyserver.ubuntu.com:80 --keyserver-options no-self-si
  gpg --verify hashes-v${MONERO_VERSION}.txt && \
  grep "$(sha256sum monero-linux-x64-v${MONERO_VERSION}.tar.bz2 | cut -c 1-64)" hashes-v${MONERO_VERSION}.txt

-# Cleanup
+# Extract it
 RUN tar -xvjf monero-linux-x64-v${MONERO_VERSION}.tar.bz2 --strip-components=1
-
-# Build the actual image
 FROM alpine:latest as image

-COPY --from=builder /home/monero/libmimalloc.so /usr/lib
+COPY --from=mimalloc libmimalloc.so /usr/lib
 ENV LD_PRELOAD=libmimalloc.so

-# Upgrade packages
-RUN apk update && apk upgrade && apk --no-cache add gcompat
+RUN apk update && apk upgrade
+RUN apk --no-cache add gcompat

 # Switch to a non-root user
 # System user (not a human), shell of nologin, no password assigned
@@ -48,7 +45,7 @@ RUN adduser -S -s /sbin/nologin -D monero
 USER monero

 WORKDIR /home/monero
-COPY --from=builder --chown=monero /home/monero/monerod /bin
+COPY --from=monero --chown=monero monerod /bin
 ADD scripts /scripts

 EXPOSE 18080 18081
--- a/orchestration/coins/monero/Dockerfile.monero
+++ b/orchestration/coins/monero/Dockerfile.monero
@@ -0,0 +1,23 @@
+FROM alpine:latest as monero
+
+# https://downloads.getmonero.org/cli/monero-linux-x64-v0.18.3.1.tar.bz2
+# Verification will fail if MONERO_VERSION doesn't match the latest
+# due to the way monero publishes releases. They overwrite a single hashes.txt
+# file with each release, meaning we can only grab the SHA256 of the latest
+# release.
+# Most publish a asc file for each release / build architecture ¯\_(ツ)_/¯
+ENV MONERO_VERSION=0.18.3.1
+
+RUN apk --no-cache add gnupg
+
+# Download Monero
+RUN wget https://downloads.getmonero.org/cli/monero-linux-x64-v${MONERO_VERSION}.tar.bz2
+
+# Verify Binary -- fingerprint from https://github.com/monero-project/monero-site/issues/1949
+ADD ./temp/hashes-v${MONERO_VERSION}.txt .
+RUN gpg --keyserver hkp://keyserver.ubuntu.com:80 --keyserver-options no-self-sigs-only --receive-keys 81AC591FE9C4B65C5806AFC3F0AF4D462A0BDF92 && \
+  gpg --verify hashes-v${MONERO_VERSION}.txt && \
+  grep "$(sha256sum monero-linux-x64-v${MONERO_VERSION}.tar.bz2 | cut -c 1-64)" hashes-v${MONERO_VERSION}.txt
+
+# Extract it
+RUN tar -xvjf monero-linux-x64-v${MONERO_VERSION}.tar.bz2 --strip-components=1
--- a/orchestration/coins/monero/Dockerfile.monero.end
+++ b/orchestration/coins/monero/Dockerfile.monero.end
@@ -0,0 +1,13 @@
+RUN apk --no-cache add gcompat
+
+# Switch to a non-root user
+# System user (not a human), shell of nologin, no password assigned
+RUN adduser -S -s /sbin/nologin -D monero
+USER monero
+
+WORKDIR /home/monero
+COPY --from=monero --chown=monero monerod /bin
+ADD scripts /scripts
+
+EXPOSE 18080 18081
+# VOLUME /home/monero/.bitmonero