Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Dockerfile and build-docker workflow #2666

Merged
merged 8 commits into from
Nov 7, 2022
Merged

Conversation

abitmore
Copy link
Member

@abitmore abitmore commented Oct 30, 2022

PR for #2011.

Changes:

@abitmore abitmore added this to the 6.1.0 - Feature Release milestone Oct 30, 2022
@abitmore abitmore changed the title Update Docker Hub repository path to a variable Update build-docker workflow Oct 30, 2022
@abitmore abitmore force-pushed the update-build-docker branch from 45e0874 to 97cb479 Compare October 31, 2022 00:15
@abitmore abitmore force-pushed the update-build-docker branch from 97cb479 to 6abef18 Compare October 31, 2022 00:19
- Set UID to 10000 and GID to 10001 statically
- Run with the bitshares user
This is a temporary solution compatible with older images.
@abitmore abitmore changed the title Update build-docker workflow Update Dockerfile and build-docker workflow Nov 1, 2022
@sonarqubecloud
Copy link

sonarqubecloud bot commented Nov 7, 2022

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@abitmore abitmore merged commit 62a9441 into develop Nov 7, 2022
@abitmore abitmore deleted the update-build-docker branch November 7, 2022 01:54
#
# Obtain version
mkdir -p /etc/bitshares && \
git rev-parse --short HEAD > /etc/bitshares/version && \
cd / && \
rm -rf /bitshares-core

# Home directory $HOME
# The final image

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like how you separated the build and runtime envionronments. Should make the final image smaller with fewer attack vectors.

# default execute entry
CMD ["/usr/local/bin/bitsharesentry.sh"]
ENTRYPOINT ["/usr/local/bin/bitsharesentry.sh"]

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good idea to use an ENTRYPOINT VS a CMD.

# Plugins need to be provided in a space-separated list, which
# makes it necessary to write it like this
if [[ ! -z "$BITSHARESD_PLUGINS" ]]; then
exec "$BITSHARESD" --data-dir "${HOME}" ${ARGS} ${BITSHARESD_ARGS} --plugins "${BITSHARESD_PLUGINS}"
exec /usr/bin/setpriv --reuid=bitshares --regid=bitshares --clear-groups \

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are you using setpriv here as part of the temp workaround related to commenting out line 111 above?

Copy link
Member Author

@abitmore abitmore Nov 27, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, setpriv is used here to drop root privileges. For this, it is better than su.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants