From 07f3a83dfd8ad51d97b5dc92bd10279706b71f4c Mon Sep 17 00:00:00 2001 From: danb Date: Sat, 11 May 2024 16:04:28 -0400 Subject: [PATCH] image updates --- gaiad/Dockerfile | 120 +++++++++++++++++++++++++++++++++++++++++++++ kujirad/Dockerfile | 2 +- 2 files changed, 121 insertions(+), 1 deletion(-) create mode 100644 gaiad/Dockerfile diff --git a/gaiad/Dockerfile b/gaiad/Dockerfile new file mode 100644 index 0000000..42fac9e --- /dev/null +++ b/gaiad/Dockerfile @@ -0,0 +1,120 @@ +FROM golang:1.21-alpine3.17 AS build-env + +# Customize to your build env + +# TARGETPLATFORM should be one of linux/amd64 or linux/arm64. +ARG TARGETPLATFORM + +# Use muslc for static libs +ARG BUILD_TAGS=muslc +ARG VERSION +ARG LD_FLAGS=-linkmode=external \ +-extldflags '-Wl,-z,muldefs -static' + +# Install cli tools for building and final image +RUN apk add --update --no-cache make git bash gcc linux-headers eudev-dev ncurses-dev openssh curl jq +RUN apk add --no-cache musl-dev + +# Build +WORKDIR /go/src/github.com/cosmos +RUN git clone https://github.com/cosmos/gaia.git +WORKDIR /go/src/github.com/cosmos/gaia +RUN git fetch +RUN git checkout ${VERSION} +WORKDIR /go/src/github.com/cosmos/gaia + +# Install CosmWasm. +RUN set -eux; \ + WASM_VERSION=$(go list -m all | grep github.com/CosmWasm/wasmvm | awk '{print $NF}'); \ + echo ${WASM_VERSION} ;\ + if [ ! -z "${WASM_VERSION}" ]; then \ + wget -O /lib/libwasmvm_muslc.a https://github.com/CosmWasm/wasmvm/releases/download/${WASM_VERSION}/libwasmvm_muslc.$(uname -m).a; \ + fi; \ + go mod download; + +# Build Chain Binary +RUN if [ "${TARGETPLATFORM}" = "linux/amd64" ] ; then \ + BUILD_TAGS=${BUILD_TAGS} make install ; \ + fi + +RUN if [ "${TARGETPLATFORM}" = "linux/arm64" ] ; then \ + BUILD_TAGS=${BUILD_TAGS} make install ; \ + fi + +# Use busybox to create a user +FROM busybox:stable-musl AS busybox +RUN addgroup --gid 1137 -S defiant && adduser --uid 1137 -S defiant -G defiant + +# Use scratch for the final image +FROM scratch +WORKDIR /bin + +# Label should match your github repo +LABEL org.opencontainers.image.source="https://github.com/defiantlabs/gaiad:${VERSION}" + +# Installs all binaries built with go. +COPY --from=build-env /go/bin/gaiad /bin + +# Other binaries we want to keep. +COPY --from=build-env /usr/bin/ldd /bin/ldd +COPY --from=build-env /usr/bin/curl /bin/curl +COPY --from=build-env /usr/bin/jq /bin/jq + +# Install Libraries +COPY --from=build-env /usr/lib/libgcc_s.so.1 /lib/ +COPY --from=build-env /lib/ld-musl*.so.1* /lib + +# jq Libraries +COPY --from=build-env /usr/lib/libonig.so.5 /lib + +# curl Libraries +COPY --from=build-env /usr/lib/libcurl.so.4 /lib +COPY --from=build-env /lib/libz.so.1 /lib +COPY --from=build-env /usr/lib/libnghttp2.so.14 /lib +COPY --from=build-env /lib/libssl.so* /lib +COPY --from=build-env /lib/libcrypto.so* /lib +COPY --from=build-env /usr/lib/libbrotlidec.so.1 /lib +COPY --from=build-env /usr/lib/libbrotlicommon.so.1 /lib + +# Install trusted CA certificates for curl +COPY --from=build-env /etc/ssl/cert.pem /etc/ssl/cert.pem +COPY --from=build-env /etc/ssl/cert.pem /etc/ssl/ca-certificates.crt +COPY --from=build-env /etc/ssl/cert.pem /etc/ssl/certs/ca-certificates.crt + +# Install cli tools from busybox +COPY --from=busybox /bin/ln /bin/ln +COPY --from=busybox /bin/ln /bin/sh + +# Link each binary you want to sh to save space. +RUN for binary in \ +dd \ +vi \ +chown \ +id \ +cp \ +ls \ +sh \ +cat \ +less \ +grep \ +sleep \ +env \ +tar \ +tee \ +du \ +sort \ +head \ +df \ +nc \ +netstat \ +; do ln sh $binary; done + + +# Copy user +COPY --from=busybox /etc/passwd /etc/passwd +COPY --from=busybox --chown=1137:1137 /home/defiant /home/defiant + +# Set home directory and user +WORKDIR /home/defiant +RUN chown -R defiant /home/defiant +USER defiant diff --git a/kujirad/Dockerfile b/kujirad/Dockerfile index c19af05..64e31dd 100644 --- a/kujirad/Dockerfile +++ b/kujirad/Dockerfile @@ -6,7 +6,7 @@ ARG TARGETPLATFORM # Use muslc for static libs ARG BUILD_TAGS="muslc" ARG VERSION=v1.0.2 -ARG ORACLE_VERSION=v0.12.4 +ARG ORACLE_VERSION=v0.12.5 ARG LD_FLAGS=-linkmode=external \ -extldflags '-Wl,-z,muldefs -static'