remove geoip

belodetek · Dec 3, 2023 · 0dc3ae3 · 0dc3ae3
1 parent 686ac30
commit 0dc3ae3
Showing 1 changed file with 153 additions and 162 deletions.
diff --git a/unzoner/Dockerfile.template b/unzoner/Dockerfile.template
@@ -20,26 +20,26 @@ ARG DNS_SUB_DOMAIN
 ENV DEBIAN_FRONTEND noninteractive
 
 RUN install_packages \
-    automake \
-    bison \
-    ca-certificates \
-    cmake \
-    curl \
-    fakeroot \
-    flex \
-    gawk \
-    gettext \
-    libcap-ng-dev \
-    libev-dev \
-    liblz4-dev \
-    liblzo2-dev \
-    libnl-genl-3-dev \
-    libpam0g-dev \
-    libssl-dev \
-    libtool \
-    libudns-dev \
-    openssl \
-    python3-venv
+	automake \
+	bison \
+	ca-certificates \
+	cmake \
+	curl \
+	fakeroot \
+	flex \
+	gawk \
+	gettext \
+	libcap-ng-dev \
+	libev-dev \
+	liblz4-dev \
+	liblzo2-dev \
+	libnl-genl-3-dev \
+	libpam0g-dev \
+	libssl-dev \
+	libtool \
+	libudns-dev \
+	openssl \
+	python3-venv
 
 WORKDIR /data
 
@@ -50,12 +50,12 @@ ENV LD_LIBRARY_PATH="/usr/local/ssl/lib64:$LD_LIBRARY_PATH"
 RUN update-ca-certificates
 
 RUN if [ "$BUILD_OPENSSL" = '1' ]; then \
-    set -x; git clone --depth 1 --branch openssl-$BUILD_OPENSSL_VERSION https://github.com/openssl/openssl \
-    && cd openssl \
-    && chown -hR openssl:openssl . \
-    && if [ '%%BALENA_ARCH%%' = 'armv7hf' ]; then ./config --prefix=/usr/local/ssl shared threads no-async $ARM_OPTIMISE_FLAGS; \
-    elif [ '%%BALENA_ARCH%%' = 'aarch64' ]; then ./config --prefix=/usr/local/ssl shared threads no-async $AARCH64_OPTIMISE_FLAGS; \
-    else ./config --prefix=/usr/local/ssl shared threads no-async; fi && make -j $(nproc); fi
+	set -x; git clone --depth 1 --branch openssl-$BUILD_OPENSSL_VERSION https://github.com/openssl/openssl \
+	&& cd openssl \
+	&& chown -hR openssl:openssl . \
+	&& if [ '%%BALENA_ARCH%%' = 'armv7hf' ]; then ./config --prefix=/usr/local/ssl shared threads no-async $ARM_OPTIMISE_FLAGS; \
+	elif [ '%%BALENA_ARCH%%' = 'aarch64' ]; then ./config --prefix=/usr/local/ssl shared threads no-async $AARCH64_OPTIMISE_FLAGS; \
+	else ./config --prefix=/usr/local/ssl shared threads no-async; fi && make -j $(nproc); fi
 
 USER openssl
 
@@ -66,33 +66,33 @@ USER root
 RUN (deluser --remove-home openssl && delgroup openssl) || true
 
 RUN if [ "$BUILD_OPENSSL" = '1' ]; then \
-    set -x; cd openssl && id && make install_sw && ldconfig /usr/local/ssl/lib64 \
-    && /usr/local/ssl/bin/openssl version && ldd /usr/local/ssl/bin/openssl; fi
+	set -x; cd openssl && id && make install_sw && ldconfig /usr/local/ssl/lib64 \
+	&& /usr/local/ssl/bin/openssl version && ldd /usr/local/ssl/bin/openssl; fi
 
 # https://stackoverflow.com/a/39006247/1559300
 RUN if [ "$BUILD_OPENVPN" = '1' ]; then \
-    set -x; curl --retry 3 --silent --fail -o openvpn-$BUILD_OPENVPN_VERSION.tar.gz https://swupdate.openvpn.org/community/releases/openvpn-$BUILD_OPENVPN_VERSION.tar.gz \
-    && tar -xvf openvpn-$BUILD_OPENVPN_VERSION.tar.gz && cd openvpn-$BUILD_OPENVPN_VERSION \
-    && if [ "$BUILD_OPENSSL" = '1' ]; then CFLAGS='-I/usr/local/ssl/include -Wl,-rpath=/usr/local/ssl/lib -Wl,-rpath=/usr/local/ssl/lib64 -L/usr/local/ssl/lib -L/usr/local/ssl/lib64' ./configure; else ./configure; fi \
-    && make -j $(nproc) && make check && make install \
-    && /usr/local/sbin/openvpn --version \
-    && ldd /usr/local/sbin/openvpn; fi
+	set -x; curl --retry 3 --silent --fail -o openvpn-$BUILD_OPENVPN_VERSION.tar.gz https://swupdate.openvpn.org/community/releases/openvpn-$BUILD_OPENVPN_VERSION.tar.gz \
+	&& tar -xvf openvpn-$BUILD_OPENVPN_VERSION.tar.gz && cd openvpn-$BUILD_OPENVPN_VERSION \
+	&& if [ "$BUILD_OPENSSL" = '1' ]; then CFLAGS='-I/usr/local/ssl/include -Wl,-rpath=/usr/local/ssl/lib -Wl,-rpath=/usr/local/ssl/lib64 -L/usr/local/ssl/lib -L/usr/local/ssl/lib64' ./configure; else ./configure; fi \
+	&& make -j $(nproc) && make check && make install \
+	&& /usr/local/sbin/openvpn --version \
+	&& ldd /usr/local/sbin/openvpn; fi
 
 RUN if [ "$BUILD_SNIPROXY" = '1' ]; then \
-    git clone https://github.com/dlundquist/sniproxy.git \
-    && cd sniproxy \
-    && git checkout $BUILD_SNIPROXY_VERSION \
-    && ./autogen.sh \
-    && ./configure \
-    && make install; fi
+	git clone https://github.com/dlundquist/sniproxy.git \
+	&& cd sniproxy \
+	&& git checkout $BUILD_SNIPROXY_VERSION \
+	&& ./autogen.sh \
+	&& ./configure \
+	&& make install; fi
 
 RUN if [ "$BUILD_BIRD" = '1' ]; then \
-    set -x; wget -qO bird-$BUILD_BIRD_VERSION.tar.gz https://bird.network.cz/download/bird-$BUILD_BIRD_VERSION.tar.gz \
-    && tar -xvf bird-$BUILD_BIRD_VERSION.tar.gz && cd bird-$BUILD_BIRD_VERSION \
-    && mkdir -p tools/ \
-    && wget -qO tools/config.guess 'http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD' \
-    && wget -qO tools/config.sub 'http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD' \
-    && autoreconf && ./configure && make -j $(nproc) && make install; fi
+	set -x; wget -qO bird-$BUILD_BIRD_VERSION.tar.gz https://bird.network.cz/download/bird-$BUILD_BIRD_VERSION.tar.gz \
+	&& tar -xvf bird-$BUILD_BIRD_VERSION.tar.gz && cd bird-$BUILD_BIRD_VERSION \
+	&& mkdir -p tools/ \
+	&& wget -qO tools/config.guess 'http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD' \
+	&& wget -qO tools/config.sub 'http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD' \
+	&& autoreconf && ./configure && make -j $(nproc) && make install; fi
 
 WORKDIR /root
 
@@ -105,7 +105,7 @@ ENV PATH="$VIRTUAL_ENV/bin:$PATH"
 COPY requirements.txt /requirements.txt
 
 RUN pip3 install --upgrade pip setuptools wheel \
-    && pip3 install --upgrade -r /requirements.txt
+	&& pip3 install --upgrade -r /requirements.txt
 
 COPY src/tests/requirements.txt /_requirements.txt
 
@@ -127,40 +127,33 @@ WORKDIR /root/build
 RUN set -a && . /run/secrets/env && src/tests/run
 
 RUN if [ "$COMPILE_CODE" = '1' ]; then \
-    install_packages ccache \
-    && pip3 install --upgrade \
-    nuitka \
-    ordered-set \
-    patchelf \
-    && mkdir -p app && cd app \
-    && nuitka3 \
-    --remove-output \
-    --assume-yes-for-downloads \
-    --output-dir=$(uname -m) \
-    --plugin-enable=pylint-warnings \
-    --standalone application.py \
-    && cd "$(uname -m)/application.dist" && ln -s ../../templates/ && cd ../.. \
-    && cd .. && mkdir -p src && cd src \
-    && for src in log gen_hash as_prefixes main auth client; do \
-    nuitka3 \
-    --remove-output \
-    --assume-yes-for-downloads \
-    --output-dir=$(uname -m) \
-    --plugin-enable=pylint-warnings \
-    --standalone $src.py; done; fi
+	install_packages ccache \
+	&& pip3 install --upgrade \
+	nuitka \
+	ordered-set \
+	patchelf \
+	&& mkdir -p app && cd app \
+	&& nuitka3 \
+	--remove-output \
+	--assume-yes-for-downloads \
+	--output-dir=$(uname -m) \
+	--plugin-enable=pylint-warnings \
+	--standalone application.py \
+	&& cd "$(uname -m)/application.dist" && ln -s ../../templates/ && cd ../.. \
+	&& cd .. && mkdir -p src && cd src \
+	&& for src in log gen_hash as_prefixes main auth client; do \
+	nuitka3 \
+	--remove-output \
+	--assume-yes-for-downloads \
+	--output-dir=$(uname -m) \
+	--plugin-enable=pylint-warnings \
+	--standalone $src.py; done; fi
 
 # creates encrypted app.tgz.enc bundle
 RUN set -a && . /run/secrets/env && utils/encrypt.sh
 
 WORKDIR /opt
 
-RUN set -a \
-    && . /run/secrets/env \
-    && mkdir -p /usr/share/GeoIP/ \
-    && wget -q "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-Country&license_key=$MAXMIND_LICENSE_KEY&suffix=tar.gz" -O - | gunzip -d - > /usr/share/GeoIP/GeoIP.dat \
-    && wget -q "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-City&license_key=$MAXMIND_LICENSE_KEY&suffix=tar.gz" -O - | gunzip -d - > /usr/share/GeoIP/GeoLiteCity.dat \
-    && wget -q "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-ASN&license_key=$MAXMIND_LICENSE_KEY&suffix=tar.gz" -O - | gunzip -d - > /usr/share/GeoIP/GeoIPASNum.dat
-
 COPY systemd/* ./systemd/
 
 
@@ -191,110 +184,108 @@ COPY --from=build /usr/local/ /usr/local/
 
 COPY --from=build /root/venv3/ /root/venv3/
 
-COPY --from=build /usr/share/GeoIP/ /usr/share/GeoIP/
-
 COPY --from=build /opt/systemd/entry.sh /usr/bin/entry.sh
 
 COPY --from=build /opt/systemd/balena.service /etc/systemd/system/balena.service
 
-RUN update-ca-certificates
-
 RUN [ -f /usr/local/sbin/openvpn ] || install_packages openvpn
 
 RUN [ -f /usr/local/sbin/sniproxy ] || install_packages sniproxy
 
 RUN [ -f /usr/local/ssl/bin/openssl ] && (rm -f /usr/local/bin/openssl && ln -s /usr/local/ssl/bin/openssl /usr/local/bin/openssl) \
-    || install_packages openssl
+	|| install_packages openssl
 
 RUN which bird || install_packages bird
 
 RUN install_packages \
-    bash \
-    bridge-utils \
-    ca-certificates \
-    coreutils \
-    cryptsetup \
-    curl \
-    dbus \
-    dnsmasq \
-    dnsutils \
-    e2fsprogs \
-    fdisk \
-    findutils \
-    gawk \
-    geoip-bin \
-    geoip-database \
-    gettext \
-    git \
-    grep \
-    haveged \
-    hdparm \
-    hostapd \
-    iftop \
-    iperf \
-    iproute2 \
-    ipset \
-    iptables \
-    iputils-ping \
-    iputils-tracepath \
-    iw \
-    jq \
-    kmod \
-    libcap-ng0 \
-    libev4 \
-    libevent-2.1 \
-    liblz4-1 \
-    liblzo2-2 \
-    libnl-genl-3-200 \
-    libpcre3 \
-    libtool \
-    libudns0 \
-    linux-firmware \
-    lsof \
-    miniupnpc \
-    mtr \
-    net-tools \
-    netcat-openbsd \
-    nmap \
-    openntpd \
-    openssh-server \
-    procps \
-    psmisc \
-    sipcalc\
-    socat \
-    stunnel \
-    sysstat \
-    systemd-sysv \
-    tcpdump \
-    telnet \
-    udev \
-    usbutils \
-    vim \
-    wget \
-    whois \
-    wireless-tools \
-    zlib1g
+	bash \
+	bridge-utils \
+	ca-certificates \
+	coreutils \
+	cryptsetup \
+	curl \
+	dbus \
+	dnsmasq \
+	dnsutils \
+	e2fsprogs \
+	fdisk \
+	findutils \
+	gawk \
+	geoip-bin \
+	geoip-database \
+	gettext \
+	git \
+	grep \
+	haveged \
+	hdparm \
+	hostapd \
+	iftop \
+	iperf \
+	iproute2 \
+	ipset \
+	iptables \
+	iputils-ping \
+	iputils-tracepath \
+	iw \
+	jq \
+	kmod \
+	libcap-ng0 \
+	libev4 \
+	libevent-2.1 \
+	liblz4-1 \
+	liblzo2-2 \
+	libnl-genl-3-200 \
+	libpcre3 \
+	libtool \
+	libudns0 \
+	linux-firmware \
+	lsof \
+	miniupnpc \
+	mtr \
+	net-tools \
+	netcat-openbsd \
+	nmap \
+	openntpd \
+	openssh-server \
+	procps \
+	psmisc \
+	sipcalc\
+	socat \
+	stunnel \
+	sysstat \
+	systemd-sysv \
+	tcpdump \
+	telnet \
+	udev \
+	usbutils \
+	vim \
+	wget \
+	whois \
+	wireless-tools \
+	zlib1g
+
+RUN update-ca-certificates
 
 RUN (groupadd bird || true) && (useradd -r -g bird bird || true)
 
 RUN systemctl set-default multi-user.target \
-    && systemctl mask \
-    apt-daily-upgrade.timer \
-    apt-daily.timer \
-    dev-hugepages.mount \
-    dev-mqueue.mount \
-    display-manager.service \
-    getty.target \
-    getty@.service \
-    graphical.target \
-    sys-fs-fuse-connections.mount \
-    sys-kernel-config.mount \
-    sys-kernel-debug.mount \
-    systemd-logind.service \
-    systemd-remount-fs.service \
-    && systemctl enable /etc/systemd/system/balena.service \
-    ssh.service \
-    openntpd.service
+	&& systemctl mask \
+	apt-daily-upgrade.timer \
+	apt-daily.timer \
+	dev-hugepages.mount \
+	dev-mqueue.mount \
+	display-manager.service \
+	getty.target \
+	getty@.service \
+	graphical.target \
+	sys-fs-fuse-connections.mount \
+	sys-kernel-config.mount \
+	sys-kernel-debug.mount \
+	systemd-logind.service \
+	systemd-remount-fs.service \
+	&& systemctl enable /etc/systemd/system/balena.service \
+	ssh.service \
+	openntpd.service
 
 STOPSIGNAL SIGRTMIN+3