From 50c06a08bd0412d0641e96a77bdb84117addc435 Mon Sep 17 00:00:00 2001 From: Michael Balsillie Date: Sat, 1 Apr 2023 02:10:15 +0200 Subject: [PATCH] initial commit --- Dockerfile | 174 +++++++++++++++++++++++++++++++++++++++++++++++++++++ build.sh | 17 ++++++ 2 files changed, 191 insertions(+) create mode 100644 Dockerfile create mode 100755 build.sh diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..c401f20 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,174 @@ +# Initial base from https://github.com/leonardochaia/docker-monerod/blob/master/src/Dockerfile +# Alpine specifics from https://github.com/cornfeedhobo/docker-monero/blob/f96711415f97af1fc9364977d1f5f5ecd313aad0/Dockerfile + +# Set Monero branch or tag to build +ARG MONERO_BRANCH + +# Set the proper HEAD commit hash for the given branch/tag in MONERO_BRANCH +ARG MONERO_COMMIT_HASH + +# Select Alpine 3.x for the build image base +FROM alpine:3.16 as build + +# Upgrade base image +RUN set -ex && apk --update --no-cache upgrade + +# Install all dependencies for a static build +RUN set -ex && apk add --update --no-cache \ + autoconf \ + automake \ + boost \ + boost-atomic \ + boost-build \ + boost-build-doc \ + boost-chrono \ + boost-container \ + boost-context \ + boost-contract \ + boost-coroutine \ + boost-date_time \ + boost-dev \ + boost-doc \ + boost-fiber \ + boost-filesystem \ + boost-graph \ + boost-iostreams \ + boost-libs \ + boost-locale \ + boost-log \ + boost-log_setup \ + boost-math \ + boost-prg_exec_monitor \ + boost-program_options \ + boost-python3 \ + boost-random \ + boost-regex \ + boost-serialization \ + boost-stacktrace_basic \ + boost-stacktrace_noop \ + boost-static \ + boost-system \ + boost-thread \ + boost-timer \ + boost-type_erasure \ + boost-unit_test_framework \ + boost-wave \ + boost-wserialization \ + ca-certificates \ + cmake \ + curl \ + dev86 \ + doxygen \ + eudev-dev \ + file \ + g++ \ + git \ + graphviz \ + libexecinfo-dev \ + libsodium-dev \ + libtool \ + libusb-dev \ + linux-headers \ + make \ + miniupnpc-dev \ + ncurses-dev \ + openssl-dev \ + pcsc-lite-dev \ + pkgconf \ + protobuf-dev \ + rapidjson-dev \ + readline-dev \ + zeromq-dev + +# Set necessary args and environment variables for building Monero +ARG MONERO_BRANCH +ARG MONERO_COMMIT_HASH +ARG NPROC +ARG TARGETARCH +ENV CFLAGS='-fPIC' +ENV CXXFLAGS='-fPIC -DELPP_FEATURE_CRASH_LOG' +ENV USE_SINGLE_BUILDDIR 1 +ENV BOOST_DEBUG 1 + +# Build expat, a dependency for libunbound +RUN set -ex && wget https://github.com/libexpat/libexpat/releases/download/R_2_4_8/expat-2.4.8.tar.bz2 && \ + echo "a247a7f6bbb21cf2ca81ea4cbb916bfb9717ca523631675f99b3d4a5678dcd16 expat-2.4.8.tar.bz2" | sha256sum -c && \ + tar -xf expat-2.4.8.tar.bz2 && \ + rm expat-2.4.8.tar.bz2 && \ + cd expat-2.4.8 && \ + ./configure --enable-static --disable-shared --prefix=/usr && \ + make -j${NPROC:-$(nproc)} && \ + make -j${NPROC:-$(nproc)} install + +# Build libunbound for static builds +WORKDIR /tmp +RUN set -ex && wget https://www.nlnetlabs.nl/downloads/unbound/unbound-1.16.1.tar.gz && \ + echo "2fe4762abccd564a0738d5d502f57ead273e681e92d50d7fba32d11103174e9a unbound-1.16.1.tar.gz" | sha256sum -c && \ + tar -xzf unbound-1.16.1.tar.gz && \ + rm unbound-1.16.1.tar.gz && \ + cd unbound-1.16.1 && \ + ./configure --disable-shared --enable-static --without-pyunbound --with-libexpat=/usr --with-ssl=/usr --with-libevent=no --without-pythonmodule --disable-flto --with-pthreads --with-libunbound-only --with-pic && \ + make -j${NPROC:-$(nproc)} && \ + make -j${NPROC:-$(nproc)} install + +# Switch to Monero source directory +WORKDIR /monero + +# Git pull Monero source at specified tag/branch and compile statically-linked monerod binary +RUN set -ex && git clone --recursive --branch ${MONERO_BRANCH} \ + --depth 1 --shallow-submodules \ + https://github.com/monero-project/monero . \ + && test `git rev-parse HEAD` = ${MONERO_COMMIT_HASH} || exit 1 \ + && case ${TARGETARCH:-amd64} in \ + "arm64") CMAKE_ARCH="armv8-a"; CMAKE_BUILD_TAG="linux-armv8" ;; \ + "amd64") CMAKE_ARCH="x86-64"; CMAKE_BUILD_TAG="linux-x64" ;; \ + *) echo "Dockerfile does not support this platform"; exit 1 ;; \ + esac \ + && mkdir -p build/release && cd build/release \ + && cmake -D ARCH=${CMAKE_ARCH} -D STATIC=ON -D BUILD_64=ON -D CMAKE_BUILD_TYPE=Release -D BUILD_TAG=${CMAKE_BUILD_TAG} ../.. \ + && cd /monero && nice -n 19 ionice -c2 -n7 make -j${NPROC:-$(nproc)} -C build/release daemon + +# Begin final image build +# Select Alpine 3.x for the base image +FROM alpine:3.16 + +# Upgrade base image +RUN set -ex && apk --update --no-cache upgrade + +# Install all dependencies for static binaries + curl for healthcheck +RUN set -ex && apk add --update --no-cache \ + curl \ + ca-certificates \ + libexecinfo \ + libsodium \ + ncurses-libs \ + pcsc-lite-libs \ + readline \ + tzdata \ + zeromq + +# Add user and setup directories for monerod +RUN set -ex && \ + adduser -u 1000 -Ds /bin/bash monero && \ + mkdir -p /home/monero/.bitmonero && \ + chown -R monero:monero /home/monero/.bitmonero +USER monero + +# Add the built monerod binary +COPY --chown=monero:monero --from=build /monero/build/release/bin/monerod /usr/local/bin/monerod + +# Switch to home directory +WORKDIR /home/monero + +# Expose p2p port +EXPOSE 18080 + +# Expose RPC port +EXPOSE 18081 + +# Add HEALTHCHECK against get_info endpoint +HEALTHCHECK --interval=30s --timeout=5s CMD curl --fail http://localhost:18081/get_info || exit 1 + +# Start monerod with required --non-interactive flag and sane defaults that are overridden by user input (if applicable) +ENTRYPOINT ["monerod"] +CMD ["--rpc-restricted-bind-ip=0.0.0.0", "--rpc-restricted-bind-port=18089", "--no-igd", "--no-zmq", "--enable-dns-blocklist"] diff --git a/build.sh b/build.sh new file mode 100755 index 0000000..95f15c8 --- /dev/null +++ b/build.sh @@ -0,0 +1,17 @@ +#!/bin/bash +MONERO_BRANCH="v0.18.2.0" +MONERO_COMMIT_HASH="99be9a044f3854f339548e2d99c539c18d7b1b01" +REGISTRY="code.balsillie.net" +ORG="containers" +IMAGE="monerod" +IMAGE_FULL="$REGISTRY/$ORG/$IMAGE" +docker build \ + --pull \ + -f ./Dockerfile \ + -t "$IMAGE_FULL:latest" \ + -t "$IMAGE_FULL:$MONERO_BRANCH" \ + --build-arg MONERO_BRANCH="$MONERO_BRANCH" \ + --build-arg MONERO_COMMIT_HASH="$MONERO_COMMIT_HASH" \ + . +docker push -a "$IMAGE_FULL" +