build fixuid in the container and minor fixes

cornfeedhobo · Dec 14, 2021 · 1a3bec0 · 1a3bec0
1 parent 5c3ee84
commit 1a3bec0
Show file tree

Hide file tree

Showing 3 changed files with 49 additions and 41 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -58,6 +58,7 @@ RUN set -ex && apk add --no-cache \
 		file \
 		g++ \
 		git \
+		go \
 		graphviz \
 		libexecinfo-dev \
 		libsodium-dev \
@@ -76,12 +77,6 @@ RUN set -ex && apk add --no-cache \
 		unbound-dev \
 		zeromq-dev
 
-# Install fixuid tool
-RUN set -ex && \
-	curl -SsL https://github.com/boxboat/fixuid/releases/download/v0.5.1/fixuid-0.5.1-linux-amd64.tar.gz | tar -C /usr/local/bin -xzf - && \
-	chown root:root /usr/local/bin/fixuid && \
-	chmod 4755 /usr/local/bin/fixuid
-
 WORKDIR /usr/src
 
 ENV CFLAGS="-fPIC"
@@ -95,6 +90,11 @@ RUN set -ex \
 	&& git submodule update \
 	&& nice -n 19 ionice -c2 -n7 make -j${NPROC:-$(nproc)} ${MONERO_TARGET}
 
+# Install fixuid tool
+RUN set -ex && \
+	go install github.com/boxboat/[email protected] && \
+	chmod 4755 /root/go/bin/fixuid
+
 
 # Runtime stage
 FROM alpine:3.15
@@ -168,7 +168,7 @@ RUN set -ex && \
 			;; \
 	esac
 
-COPY --from=builder /usr/local/bin/fixuid /usr/local/bin/fixuid
+COPY --from=builder /root/go/bin/fixuid /usr/local/bin/fixuid
 COPY --from=builder /usr/src/monero/build/Linux/_no_branch_/release/bin/* /usr/local/bin/
 
 ADD entrypoint.sh /entrypoint.sh
@@ -178,7 +178,7 @@ ENTRYPOINT [ "/entrypoint.sh" ]
 ARG MONERO_USER="monero"
 RUN set -ex && \
 	addgroup -g 1000 ${MONERO_USER} && \
-	adduser -u 1000 -G ${MONERO_USER} -h /home/${MONERO_USER} -s /bin/sh -D ${MONERO_USER} && \
+	adduser -u 1000 -G ${MONERO_USER} -h /home/${MONERO_USER} -s /bin/ash -D ${MONERO_USER} && \
 	mkdir -p /etc/fixuid && \
 	printf "user: ${MONERO_USER}\ngroup: ${MONERO_USER}\n" > /etc/fixuid/config.yml
 USER "${MONERO_USER}:${MONERO_USER}"

diff --git a/build.sh b/build.sh
@@ -1,49 +1,57 @@
 #!/usr/bin/env bash
 
-set -eux
+set -eu
+
+if [ -n "${DEBUG:-}" ]; then
+	set -x
+fi
 
 repo='monero-project/monero'
 branch="$(git rev-parse --abbrev-ref HEAD)"
 
 tag="${branch}"
+declare -a tags=( "${tag}" )
 if [ "${branch}" = 'master' ]; then
 	tag="$(curl -LSs "https://api.github.com/repos/${repo}/releases/latest" | jq -r '.tag_name')"
+	tags=( "${tag}" 'latest')
 fi
 
-read tag_type tag_sha < <(echo $(curl -LSs "https://api.github.com/repos/${repo}/git/ref/tags/${tag}" | jq -r '.object.type,.object.sha') )
-if [ ! $tag_type = 'commit' ]; then
+read -r tag_type tag_sha < <(curl -LSs "https://api.github.com/repos/${repo}/git/ref/tags/${tag}" | jq -r '.object.type,.object.sha')
+if [ ! "${tag_type}" = 'commit' ]; then
 	tag_sha="$(curl -LSs "https://api.github.com/repos/${repo}/git/tags/${tag_sha}" | jq -r '.object.sha')"
 fi
 
 build_date="$(date -u +'%Y-%m-%dT%H:%M:%SZ')"
 build_flags="${1:-}"
 
-docker build ${build_flags} \
-	--build-arg "BUILD_DATE=${build_date}" \
-	--build-arg "MONERO_VERSION=${tag}" \
-	--build-arg "MONERO_HASH=${tag_sha}" \
-	--build-arg "MONERO_TARGET=release" \
-	-t cornfeedhobo/monero:${tag} .
-
-docker build ${build_flags} \
-	--build-arg "BUILD_DATE=${build_date}" \
-	--build-arg "MONERO_VERSION=${tag}" \
-	--build-arg "MONERO_HASH=${tag_sha}" \
-	--build-arg "MONERO_TARGET=release-static" \
-	-t cornfeedhobo/monero:${tag}-static .
-
-if [ "${branch}" = 'master' ]; then
-	docker build ${build_flags} \
-		--build-arg "BUILD_DATE=${build_date}" \
-		--build-arg "MONERO_VERSION=${tag}" \
-		--build-arg "MONERO_HASH=${tag_sha}" \
-		--build-arg "MONERO_TARGET=release" \
-		-t cornfeedhobo/monero:latest .
-
-	docker build ${build_flags} \
-		--build-arg "BUILD_DATE=${build_date}" \
-		--build-arg "MONERO_VERSION=${tag}" \
-		--build-arg "MONERO_HASH=${tag_sha}" \
-		--build-arg "MONERO_TARGET=release-static" \
-		-t cornfeedhobo/monero:latest-static .
-fi
+build_script=''
+for t in "${tags[@]}"; do
+	for s in '' '-static'; do
+		build_script+="$(cat <<-ENDSCRIPT
+			docker build ${build_flags} \
+				--build-arg "BUILD_DATE=${build_date}" \
+				--build-arg "MONERO_VERSION=${tag}" \
+				--build-arg "MONERO_HASH=${tag_sha}" \
+				--build-arg "MONERO_TARGET=release${s}" \
+				-t cornfeedhobo/monero:${t}${s} .
+		ENDSCRIPT
+		)"
+		build_script+=$'\n'
+	done
+done
+build_script="$(sed -e "s/[[:space:]]\+/ /g" <<< "${build_script}")"
+
+echo -e "${build_script}\n"
+
+echo 'Are you ready to proceed?'
+select confirm in 'Yes' 'No'; do
+	case $confirm in
+		Yes)
+			eval "${build_script}"
+			exit
+			;;
+		*)
+			exit
+			;;
+	esac
+done
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -16,7 +16,7 @@ if [ "$1" = 'monerod' ]; then
 	fi
 	# start the daemon using fixuid
 	# to adjust permissions if needed
-	fixuid "$@"
+	exec fixuid -q "$@"
 fi
 
 # otherwise, don't get in their way