open.source/magic-wormhole
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
615986b0dc
magic-wormhole/Dockerfile
Jean-Paul Calderone d1aacc11af Fixes for Versioneer in the image 
Versioneer wants git cli installed so it can ask about git revision
info.  So, install it.

Versioneer also cares about the name of the source directory.  So,
change it.

This gets us a version number like "0.9.2+257.g48b1f02" which is at
least better than "0+unknown".
2017-05-31 11:04:33 -04:00

91 lines
3.3 KiB
Docker
Raw Blame History

#
# Attempts are made to follow the guidelines at
# https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/
#
FROM library/ubuntu:16.04
# If there are security updates for any of the packages we install,
# bump the date in this environment variable to invalidate the Docker
# build cache and force installation of the new packages. Otherwise,
# Docker's image/layer cache may prevent the security update from
# being retrieved.
ENV SECURITY_UPDATES="2017-15-01"
# Tell apt/dpkg/debconf that we're non-interactive so it won't write
# annoying warnings as it installs the software we ask for. Making
# this an `ARG` sets it in the environment for the duration of the
# _build_ only - preventing this from having any effect on a container
# running this image (which shouldn't really be installing more
# software but who knows...).
ARG DEBIAN_FRONTEND=noninteractive
# We'll do an upgrade because the base Ubuntu image isn't guaranteed
# to include the latest security updates. This is counter to best
# practice recommendations but security updates are important.
RUN apt-get --quiet update && \
apt-get --quiet install -y unattended-upgrades && \
unattended-upgrade --minimal_upgrade_steps && \
rm -rf /var/lib/apt/lists/*
# libffi-dev should probably be a build-dep for python-nacl and python-openssl
# but isn't for some reason. Also, versioneer depends on the git cli to
# compute the source version.
RUN apt-get --quiet update && apt-get --quiet install -y \
libffi-dev \
python-virtualenv \
git \
&& rm -rf /var/lib/apt/lists/*
# Source repositories seem to be disabled on the Xenial image now. Enable
# them so we can actually get some build deps.
RUN sed -i -e 's/^# deb-src/deb-src/' /etc/apt/sources.list
# magic-wormhole depends on these and pip wants to build them both from
# source.
RUN apt-get --quiet update && apt-get --quiet build-dep -y \
python-openssl \
python-nacl \
&& rm -rf /var/lib/apt/lists/*
# Create a virtualenv into which to install magicwormhole in to.
RUN virtualenv /app/env
# Get a newer version of pip. The version in the virtualenv installed from
# Ubuntu might not be very recent, depending on when the build happens.
RUN /app/env/bin/pip install --upgrade pip
# Create a less privileged account to actually use to run the server.
ENV WORMHOLE_USER_NAME="wormhole"
# Force the allocated user to uid 1000 because we hard-code 1000 below.
RUN adduser --uid 1000 --disabled-password --gecos "" "${WORMHOLE_USER_NAME}"
# Facilitate network connections to the application. The rendezvous server
# listens on 4000 by default. The transit relay server on 4001.
EXPOSE 4000
EXPOSE 4001
# Put the source somewhere pip will be able to see it.
ADD . /magic-wormhole
# Get the app we want to run!
WORKDIR /magic-wormhole
RUN /app/env/bin/pip install .
# Run the application with this working directory.
WORKDIR /app/run
# And give it to the user the application will run as.
RUN chown ${WORMHOLE_USER_NAME} /app/run
# Switch to a non-root user.
USER 1000
# This makes starting a server succinct.
ENTRYPOINT ["/app/env/bin/wormhole-server", "start", "--no-daemon"]
# By default, start up a pretty reasonable server. This can easily be
# overridden by another command which will get added to the entrypoint.
CMD ["--rendezvous", "tcp:4000", "--transit", "tcp:4001"]
Reference in New Issue View Git Blame Copy Permalink