diff --git a/docker/Dockerfile b/docker/Dockerfile index 9bcd432..ef29998 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,70 +1,96 @@ +# syntax=docker/dockerfile:3 + ## BitDeals Module Dockerfile +## the Module user +ARG UNAME="module" +ARG UHOME="/home/$UNAME" + ## Base image -FROM debian:bullseye +FROM debian:bullseye AS updated-debian + +SHELL ["/bin/bash", "-exo", "pipefail", "-c"] LABEL name="BitDeals Module" -EXPOSE 4977/tcp 80/tcp +EXPOSE 4999 80 +## Debian update; install dependencies for GPG +ARG DEBIAN_FRONTEND=noninteractive +RUN apt-get update ; \ + apt-get upgrade -y ; \ + apt-get -y install --no-install-recommends gpg gpg-agent ; \ + apt-get clean ; \ + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + ## Add the Module user -ARG UNAME=module -ARG UHOME="/home/$UNAME" +ARG UNAME +ARG UHOME RUN useradd --create-home --home-dir $UHOME $UNAME -## Debian update; install dependencies for: C++ compiler; OpenPGP; Libbitcoin; GPG +FROM updated-debian AS development + +## Debian update; install dependencies for: C++ compiler; OpenPGP; Libbitcoin ARG DEBIAN_FRONTEND=noninteractive -RUN set -ex ; apt-get update && apt-get upgrade -y ; \ - apt-get -y install --no-install-recommends build-essential libssl-dev libcurl4-openssl-dev make cmake gcc g++ git ; \ - apt-get -y install --no-install-recommends libgmp-dev libbz2-dev libzip-dev ; \ - apt-get -y install --no-install-recommends autoconf automake libtool pkg-config wget ; \ - apt-get -y install --no-install-recommends gpg gpg-agent - +RUN apt-get update +RUN apt-get -y install --no-install-recommends build-essential libssl-dev libcurl4-openssl-dev make cmake gcc g++ git +RUN apt-get -y install --no-install-recommends libgmp-dev libbz2-dev libzip-dev +RUN apt-get -y install --no-install-recommends autoconf automake libtool pkg-config wget + ## Avoid error: "Server Certificate Verification Failed. CRLfile: none" -RUN set -ex ; apt-get update ; apt-get install -y --reinstall ca-certificates #; rm -Rf /var/lib/apt/lists/* +RUN apt-get install -y --reinstall ca-certificates + +ARG UNAME +ARG UHOME ## Install OpenPGP -RUN set -ex ; su -l --shell /bin/bash $UNAME -c 'git clone https://github.com/calccrypto/OpenPGP ; \ +RUN su -l --shell /bin/bash $UNAME -c 'git clone https://github.com/calccrypto/OpenPGP ; \ mkdir OpenPGP/build ; cd OpenPGP/build ; \ sed -i "s/master/main/" ../contrib/cmake/GoogleTest.txt.in ; \ cmake -DUSE_OPENSSL=ON -DGPG_COMPATIBLE=ON .. ; \ make' ; \ cd $UHOME/OpenPGP/build/ ; \ - make install ; \ - rm -Rf $UHOME/OpenPGP + make install ## Install Yaml-cpp -RUN set -ex ; su -l --shell /bin/bash $UNAME -c 'git clone https://github.com/jbeder/yaml-cpp ; \ +RUN su -l --shell /bin/bash $UNAME -c 'git clone https://github.com/jbeder/yaml-cpp ; \ mkdir yaml-cpp/build ; cd yaml-cpp/build ; \ cmake .. ; \ make' ; \ cd $UHOME/yaml-cpp/build/ ; \ - make install ; \ - rm -Rf $UHOME/yaml-cpp + make install ## Install Libbitcoin explorer -RUN set -ex ; su -l --shell /bin/bash $UNAME -c 'wget https://raw.githubusercontent.com/libbitcoin/libbitcoin-explorer/version3/install.sh ; \ +RUN su -l --shell /bin/bash $UNAME -c 'wget https://raw.githubusercontent.com/libbitcoin/libbitcoin-explorer/version3/install.sh ; \ chmod +x install.sh' ; \ cd $UHOME ; \ sed -i '/git clone / s/git.*$/while true; do & \&\& break; done/' install.sh ; \ sed -i '/wget / s/wget.*$/while true; do & \&\& break; done/' install.sh ; \ - ./install.sh --build-boost --build-zmq --disable-shared ; \ - rm -Rf $UHOME/build-libbitcoin-explorer $UHOME/install.sh + ./install.sh --build-boost --build-zmq --disable-shared ## Install BitDeals dm -RUN set -ex ; su -l --shell /bin/bash $UNAME -c 'cd '$UHOME' ; \ +RUN su -l --shell /bin/bash $UNAME -c 'cd '$UHOME' ; \ git clone https://bitbucket.org/bitdeals/apostol-dm.git ; \ cd apostol-dm ; \ ./configure ; \ cd cmake-build-release ; \ make' ; \ cd $UHOME/apostol-dm/cmake-build-release ;\ - make install ; \ - rm -Rf $UHOME/apostol-dm + make install + +FROM updated-debian + +COPY --from=development /usr/local/ /usr/local/ +COPY --from=development /etc/dm/ /etc/dm/ +COPY --from=development /usr/sbin/dm /usr/sbin/dm +COPY --from=development /etc/init.d/dm /etc/init.d/dm + +#dm: error while loading shared libraries: libOpenPGP.so: cannot open shared object file: No such file or directory +RUN ldconfig ## Copy configuration helper script -ADD https://bitbucket.org/bitdeals/apostol-dm/raw/master/docker/entrypoint.sh /entrypoint.sh -#COPY ./entrypoint.sh /entrypoint.sh -RUN set -ex ; chmod 755 /entrypoint.sh +#ADD https://bitbucket.org/bitdeals/apostol-dm/raw/master/docker/entrypoint.sh /entrypoint.sh +COPY ./entrypoint.sh /entrypoint.sh +RUN chmod 755 /entrypoint.sh ENTRYPOINT ["/entrypoint.sh"] diff --git a/docker/README.md b/docker/README.md index 21dc9df..36b9689 100644 --- a/docker/README.md +++ b/docker/README.md @@ -25,9 +25,6 @@ services: image: bitdeals/apostol-dm container_name: bitdeals-dm environment: - - PUID=1000 - - PGID=1000 - - TZ=UTC - TESTNET=1 #optional - BITCOIN=
#optional - FEE=<0.1%> #optional @@ -40,8 +37,8 @@ services: volumes: - bitdeals-conf:/etc/dm ports: - - 4977:4977/tcp - - 80:80/tcp + - 4977:4977 + - 80:80 restart: unless-stopped ``` diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index dd24235..b4ca468 100644 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -7,31 +7,32 @@ ## ## Daemon config files -DM_CONF_FILE="/etc/dm/dm.conf" +DM_CONF_FILES=$(find /etc/dm/ -name "*.conf") OAUTH_CONF_FILE="/etc/dm/oauth2/default.json" PGP_PUB_FILE="/etc/dm/pgp.pub" PGP_SEC_FILE="/etc/dm/pgp.sec" BX_CONF_FILE="/usr/local/etc/libbitcoin/bx.cfg" ## Write a variables to config file -sed -i "/\[main\]/,/\[/ s/user=.*/user=module/" "$DM_CONF_FILE" -sed -i "/\[main\]/,/\[/ s/group=.*/group=module/" "$DM_CONF_FILE" -sed -i "/\[daemon\]/,/\[/ s/daemon=.*/daemon=false/" "$DM_CONF_FILE" -sed -i "/\[server\]/,/\[/ s/listen=.*/listen=0.0.0.0/" "$DM_CONF_FILE" +sed -i "/\[main\]/,/\[/ s/.*user=.*/user=module/" $DM_CONF_FILES +sed -i "/\[main\]/,/\[/ s/.*group=.*/group=module/" $DM_CONF_FILES +sed -i "/\[daemon\]/,/\[/ s/.*daemon=.*/daemon=false/" $DM_CONF_FILES +sed -i "/\[server\]/,/\[/ s/.*listen=.*/listen=0.0.0.0/" $DM_CONF_FILES ## Write the PGP keys locations to the config -sed -i "/\[pgp\]/,/\[/ s%^private=.*%private=$PGP_SEC_FILE%" "$DM_CONF_FILE" -sed -i "/\[pgp\]/,/\[/ s%^public=.*%public=$PGP_PUB_FILE%" "$DM_CONF_FILE" +sed -i "/\[pgp\]/,/\[/ s%^private=.*%private=$PGP_SEC_FILE%" $DM_CONF_FILES +sed -i "/\[pgp\]/,/\[/ s%^public=.*%public=$PGP_PUB_FILE%" $DM_CONF_FILES ## Write a user variables to the daemon config files. ## This code removes '/' from user variables to sanitize `sed` code injections. -test -z "$BITCOIN" || sed -i "/\[module\]/,/\[/ s/^address=.*/address=${BITCOIN//\/}/" "$DM_CONF_FILE" -test -z "$FEE" || sed -i "/\[module\]/,/\[/ s/^fee=.*/fee=${FEE//\/}/" "$DM_CONF_FILE" -test -z "$PASSWORD" || sed -i "/\[pgp\]/,/\[/ s/^passphrase=.*/passphrase=${PASSWORD//\/}/" "$DM_CONF_FILE" +test -z "$BITCOIN" || sed -i "/\[module\]/,/\[/ s/^address=.*/address=${BITCOIN//\/}/" $DM_CONF_FILES +test -z "$FEE" || sed -i "/\[module\]/,/\[/ s/^fee=.*/fee=${FEE//\/}/" $DM_CONF_FILES +test -z "$PASSWORD" || sed -i "/\[pgp\]/,/\[/ s/^passphrase=.*/passphrase=${PASSWORD//\/}/" $DM_CONF_FILES test -z "$CLIENT_ID" || sed -i "/\"web\": {/,/}/ s/\"client_id\".*/\"client_id\": \"${CLIENT_ID//\/}\",/" "$OAUTH_CONF_FILE" test -z "$CLIENT_SECRET" || sed -i "/\"web\": {/,/}/ s/\"client_secret\".*/\"client_secret\": \"${CLIENT_SECRET//\/}\",/" "$OAUTH_CONF_FILE" test -z "$PGP_PUB" || echo "$PGP_PUB" > "$PGP_PUB_FILE" test -z "$PGP_SEC" || echo "$PGP_SEC" > "$PGP_SEC_FILE" +test "$TESTNET" = 1 -o "$TESTNET" = true && sed -i "/\[main\]/,/\[/ s/.*testnet=.*/testnet=true/" $DM_CONF_FILES ## Create new PGP keys. If PGP file is empty. if [ ! -e "$PGP_SEC_FILE" ] @@ -65,7 +66,7 @@ EOF pkill gpg-agent 2>/dev/null else - echo -e "\nNOTE:Your PGP keyfiles location: $(dirname $PGP_PUB_FILE) \n" + echo -e "\nNOTE:Your PGP keyfiles location: $(dirname $PGP_PUB_FILE)" fi ## Change PGP keyfiles owner @@ -76,6 +77,23 @@ test -e "$PGP_SEC_FILE" && chmod 600 "$PGP_SEC_FILE" ## Get bitcoin address from the daemon config DM_BITCOIN="$(sed -n '/^[ \t]*\[module\]/,/\[/s/^[ \t]*address[ \t]*=[ \t]*//p' $DM_CONF_FILE)" +## Setup testnet settings in libbitcoin-explorer config +test "$TESTNET" = 1 -o "$TESTNET" = true && \ + sed -i -e "/\[wallet\]/,/\[/ s/wif_version? =.*/wif_version = 239/" \ + -e "/\[wallet\]/,/\[/ s/hd_public_version =.*/hd_public_version = 70617039/" \ + -e "/\[wallet\]/,/\[/ s/hd_secret_version =.*/hd_secret_version = 70615956/" \ + -e "/\[wallet\]/,/\[/ s/pay_to_public_key_hash_version =.*/pay_to_public_key_hash_version = 111/" \ + -e "/\[wallet\]/,/\[/ s/pay_to_script_hash_version =.*/pay_to_script_hash_version = 196/" \ + -e "/\[network\]/,/\[/ s/identifier =.*/identifier = 118034699/" \ + -e "/seed = mainnet[0-9].libbitcoin.net:8333/ s/^/#/" \ + -e "/url = tcp:\/\/mainnet.libbitcoin.net:9091/ s/^/#/" \ + -e "/block_url = tcp:\/\/mainnet.libbitcoin.net:9093/ s/^/#/" \ + -e "/transaction_url = tcp:\/\/mainnet.libbitcoin.net:9094/ s/^/#/" \ + -e "/#seed = testnet[0-9].libbitcoin.net:18333/ s/^#//" \ + -e "/#url = tcp:\/\/testnet.libbitcoin.net:19091/ s/^#//" \ + -e "/#block_url = tcp:\/\/testnet.libbitcoin.net:19093/ s/^#//" \ + -e "/#transaction_url = tcp:\/\/testnet.libbitcoin.net:19094/ s/^#//" "$BX_CONF_FILE" + ## Create new Bitcoin keys. If address is empty. if [ -z "$DM_BITCOIN" ] then @@ -84,23 +102,6 @@ then B=$(tput bold) N=$(tput sgr0) - ## Setup testnet settings in libbitcoin-explorer config - test $TESTNET -eq 1 && \ - sed -i -e "/\[wallet\]/,/\[/ s/wif_version? =.*/wif_version = 239/" \ - -e "/\[wallet\]/,/\[/ s/hd_public_version =.*/hd_public_version = 70617039/" \ - -e "/\[wallet\]/,/\[/ s/hd_secret_version =.*/hd_secret_version = 70615956/" \ - -e "/\[wallet\]/,/\[/ s/pay_to_public_key_hash_version =.*/pay_to_public_key_hash_version = 111/" \ - -e "/\[wallet\]/,/\[/ s/pay_to_script_hash_version =.*/pay_to_script_hash_version = 196/" \ - -e "/\[network\]/,/\[/ s/identifier =.*/identifier = 118034699/" \ - -e "/seed = mainnet[0-9].libbitcoin.net:8333/ s/^/#/" \ - -e "/url = tcp:\/\/mainnet.libbitcoin.net:9091/ s/^/#/" \ - -e "/block_url = tcp:\/\/mainnet.libbitcoin.net:9093/ s/^/#/" \ - -e "/transaction_url = tcp:\/\/mainnet.libbitcoin.net:9094/ s/^/#/" \ - -e "/#seed = testnet[0-9].libbitcoin.net:18333/ s/^#//" \ - -e "/#url = tcp:\/\/testnet.libbitcoin.net:19091/ s/^#//" \ - -e "/#block_url = tcp:\/\/testnet.libbitcoin.net:19093/ s/^#//" \ - -e "/#transaction_url = tcp:\/\/testnet.libbitcoin.net:19094/ s/^#//" "$BX_CONF_FILE" - ## Generate bitcoin keys PRIVKEY="$(cat /dev/random | tr -cd "[:digit:]" | head -c 64)" PUBKEY="$(bx ec-to-public $PRIVKEY)" @@ -108,7 +109,7 @@ then PRIVKEYWIF="$(bx ec-to-wif $PRIVKEY)" ## Write the bitcoin address to the daemon config - sed -i "/\[module\]/,/\[/ s/^address=.*/address=$BITCOIN/" "$DM_CONF_FILE" + sed -i "/\[module\]/,/\[/ s/^address=.*/address=$BITCOIN/" $DM_CONF_FILES ## Show bitcoin keys echo -e "Please backup these\t${B}BITCOIN KEYS:${N}" @@ -120,11 +121,11 @@ fi ## Password notice echo "$PASSWORD" | grep -q "/" && \ - ( echo -n -e "\n$(tput bold)WARN:$(tput sgr0)Please, write your 'passphrase=$PASSWORD'" | grep --color=auto -z -E "/" ; echo -n -e " to $DM_CONF_FILE manually.\n" ) + ( echo -n -e "\n$(tput bold)WARN:$(tput sgr0)Please, write your 'passphrase=$PASSWORD'" | grep --color=auto -z -E "/" ; echo -n -e " to $DM_CONF_FILE manually." ) ## API credentials notice test -z "$CLIENT_ID" -o -z "$CLIENT_SECRET" && \ echo -e "NOTE:Please visit a BitDeals site to get your API credentials: $(tput smul)\$CLIENT_ID$(tput rmul) and $(tput smul)\$CLIENT_SECRET$(tput rmul).\n" ## Run the daemon -exec /usr/sbin/dm -p /etc/dm -c /etc/dm/dm.conf +exec /usr/sbin/dm -p /etc/dm -c /etc/dm/dm.conf $@