open.source/magic-wormhole
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
443c402f60
magic-wormhole/Dockerfile
Jonathan Lange cb67511848 Do not refer to transit server in Dockerfile 
https://github.com/warner/magic-wormhole/pull/263 removed the transit server,
breaking the Dockerfile.

This fixes the Dockerfile to run just the rendezvous server.
2018-01-01 13:07:36 +00:00

90 lines
3.2 KiB
Docker
Raw Blame History

#
# Attempts are made to follow the guidelines at
# https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/
#
FROM library/ubuntu:16.04
# If there are security updates for any of the packages we install,
# bump the date in this environment variable to invalidate the Docker
# build cache and force installation of the new packages. Otherwise,
# Docker's image/layer cache may prevent the security update from
# being retrieved.
ENV SECURITY_UPDATES="2017-15-01"
# Tell apt/dpkg/debconf that we're non-interactive so it won't write
# annoying warnings as it installs the software we ask for. Making
# this an `ARG` sets it in the environment for the duration of the
# _build_ only - preventing this from having any effect on a container
# running this image (which shouldn't really be installing more
# software but who knows...).
ARG DEBIAN_FRONTEND=noninteractive
# We'll do an upgrade because the base Ubuntu image isn't guaranteed
# to include the latest security updates. This is counter to best
# practice recommendations but security updates are important.
RUN apt-get --quiet update && \
apt-get --quiet install -y unattended-upgrades && \
unattended-upgrade --minimal_upgrade_steps && \
rm -rf /var/lib/apt/lists/*
# libffi-dev should probably be a build-dep for python-nacl and python-openssl
# but isn't for some reason. Also, versioneer depends on the git cli to
# compute the source version.
RUN apt-get --quiet update && apt-get --quiet install -y \
libffi-dev \
python-virtualenv \
git \
&& rm -rf /var/lib/apt/lists/*
# Source repositories seem to be disabled on the Xenial image now. Enable
# them so we can actually get some build deps.
RUN sed -i -e 's/^# deb-src/deb-src/' /etc/apt/sources.list
# magic-wormhole depends on these and pip wants to build them both from
# source.
RUN apt-get --quiet update && apt-get --quiet build-dep -y \
python-openssl \
python-nacl \
&& rm -rf /var/lib/apt/lists/*
# Create a virtualenv into which to install magicwormhole in to.
RUN virtualenv /app/env
# Get a newer version of pip. The version in the virtualenv installed from
# Ubuntu might not be very recent, depending on when the build happens.
RUN /app/env/bin/pip install --upgrade pip
# Create a less privileged account to actually use to run the server.
ENV WORMHOLE_USER_NAME="wormhole"
# Force the allocated user to uid 1000 because we hard-code 1000 below.
RUN adduser --uid 1000 --disabled-password --gecos "" "${WORMHOLE_USER_NAME}"
# Facilitate network connections to the application. The rendezvous server
# listens on 4000 by default.
EXPOSE 4000
# Put the source somewhere pip will be able to see it.
ADD . /magic-wormhole
# Get the app we want to run!
WORKDIR /magic-wormhole
RUN /app/env/bin/pip install .
# Run the application with this working directory.
WORKDIR /app/run
# And give it to the user the application will run as.
RUN chown ${WORMHOLE_USER_NAME} /app/run
# Switch to a non-root user.
USER 1000
# This makes starting a server succinct.
ENTRYPOINT ["/app/env/bin/wormhole-server", "start", "--no-daemon"]
# By default, start up a pretty reasonable server. This can easily be
# overridden by another command which will get added to the entrypoint.
CMD ["--rendezvous", "tcp:4000"]
Reference in New Issue View Git Blame Copy Permalink