Dockerfile для bitdeals-dm

docker/Dockerfile

@@ -0,0 +1,70 @@
+## BitDeals Module Dockerfile
+
+## Base image
+FROM debian:bullseye
+
+LABEL name="BitDeals Module"
+EXPOSE 4977/tcp 80/tcp
+
+## Add the Module user
+ARG UNAME=module
+ARG UHOME="/home/$UNAME"
+RUN useradd --create-home --home-dir $UHOME $UNAME 
+
+## Debian update; install dependencies for: C++ compiler; OpenPGP; Libbitcoin; GPG
+ARG DEBIAN_FRONTEND=noninteractive
+RUN set -ex ; apt-get update && apt-get upgrade -y ; \
+	apt-get -y install --no-install-recommends build-essential libssl-dev libcurl4-openssl-dev make cmake gcc g++ git ; \
+	apt-get -y install --no-install-recommends libgmp-dev libbz2-dev libzip-dev ; \ 
+	apt-get -y install --no-install-recommends autoconf automake libtool pkg-config wget ; \
+	apt-get -y install --no-install-recommends gpg gpg-agent
+ 
+## Avoid error: "Server Certificate Verification Failed. CRLfile: none"
+RUN set -ex ; apt-get update ; apt-get install -y --reinstall ca-certificates #; rm -Rf /var/lib/apt/lists/* 
+
+## Install OpenPGP
+RUN set -ex ; su -l --shell /bin/bash  $UNAME -c 'git clone https://github.com/calccrypto/OpenPGP ; \
+	mkdir OpenPGP/build ; cd OpenPGP/build ; \
+	sed -i "s/master/main/" ../contrib/cmake/GoogleTest.txt.in ; \
+	cmake -DUSE_OPENSSL=ON -DGPG_COMPATIBLE=ON .. ; \
+	make' ; \
+	cd $UHOME/OpenPGP/build/ ; \
+	make install ; \
+	rm -Rf $UHOME/OpenPGP 
+
+## Install Yaml-cpp
+RUN set -ex ; su -l --shell /bin/bash $UNAME -c 'git clone https://github.com/jbeder/yaml-cpp ; \
+	mkdir yaml-cpp/build ; cd yaml-cpp/build ; \
+	cmake .. ; \
+	make' ; \
+	cd $UHOME/yaml-cpp/build/ ; \
+	make install ; \
+	rm -Rf $UHOME/yaml-cpp  
+
+## Install Libbitcoin explorer
+RUN set -ex ; su -l --shell /bin/bash $UNAME -c 'wget https://raw.githubusercontent.com/libbitcoin/libbitcoin-explorer/version3/install.sh ; \
+	chmod +x install.sh' ; \
+	cd $UHOME ; \
+	sed -i '/git clone / s/git.*$/while true; do & \&\& break; done/' install.sh ; \
+	sed -i '/wget / s/wget.*$/while true; do & \&\& break; done/' install.sh ; \
+	./install.sh --build-boost --build-zmq --disable-shared ; \
+	rm -Rf $UHOME/build-libbitcoin-explorer $UHOME/install.sh
+
+## Install BitDeals dm
+RUN set -ex ; su -l --shell /bin/bash $UNAME -c 'cd '$UHOME' ; \
+	git clone https://bitbucket.org/bitdeals/apostol-dm.git ; \
+	cd apostol-dm ; \
+	./configure ; \
+	cd cmake-build-release ; \
+	make' ; \
+	cd $UHOME/apostol-dm/cmake-build-release ;\
+	make install ; \
+	rm -Rf $UHOME/apostol-dm
+
+## Copy configuration helper script
+#ADD https://bitbucket.org/bitdeals/apostol-dm/docker/entrypoint.sh /entrypoint.sh
+COPY ./entrypoint.sh /entrypoint.sh
+RUN set -ex ; chmod 755 /entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]
+

docker/entrypoint.sh

@@ -0,0 +1,112 @@
+#!/bin/bash
+
+##
+## BitDeals Module configuration helper script for Docker Container.
+## It writes an Environment variables to the daemon config files.
+## And can generate a Bitcoing and PGP key filies at first start.
+##
+
+## Daemon config files
+DM_CONF_FILE="/etc/dm/dm.conf"
+OAUTH_CONF_FILE="/etc/dm/oauth2/default.json"
+PGP_PUB_FILE="/etc/dm/pgp.pub"
+PGP_SEC_FILE="/etc/dm/pgp.sec"
+
+## Write a variables to config file
+sed -i "/\[main\]/,/\[/ s/user=.*/user=module/" "$DM_CONF_FILE"
+sed -i "/\[main\]/,/\[/ s/group=.*/group=module/" "$DM_CONF_FILE"
+sed -i "/\[daemon\]/,/\[/ s/daemon=.*/daemon=false/" "$DM_CONF_FILE"
+sed -i "/\[server\]/,/\[/ s/listen=.*/listen=0.0.0.0/" "$DM_CONF_FILE"
+
+## Write the PGP keys locations to the config
+sed -i "/\[pgp\]/,/\[/ s%^private=.*%private=$PGP_SEC_FILE%" "$DM_CONF_FILE"
+sed -i "/\[pgp\]/,/\[/ s%^public=.*%public=$PGP_PUB_FILE%" "$DM_CONF_FILE"
+
+## Write a user variables to the daemon config files.
+## This code removes '/' from user variables to sanitize `sed` code injections.
+test -z "$BITCOIN" || sed -i "/\[module\]/,/\[/ s/^address=.*/address=${BITCOIN//\/}/" "$DM_CONF_FILE"
+test -z "$FEE" || sed -i "/\[module\]/,/\[/ s/^fee=.*/fee=${FEE//\/}/" "$DM_CONF_FILE"
+test -z "$PASSWORD" || sed -i "/\[pgp\]/,/\[/ s/^passphrase=.*/passphrase=${PASSWORD//\/}/" "$DM_CONF_FILE"
+test -z "$CLIENT_ID" || sed -i "/\"web\": {/,/}/ s/\"client_id\".*/\"client_id\": \"${CLIENT_ID//\/}\",/" "$OAUTH_CONF_FILE"
+test -z "$CLIENT_SECRET" || sed -i "/\"web\": {/,/}/ s/\"client_secret\".*/\"client_secret\": \"${CLIENT_SECRET//\/}\",/" "$OAUTH_CONF_FILE"
+test -z "$PGP_PUB" || echo "$PGP_PUB" > "$PGP_PUB_FILE"
+test -z "$PGP_SEC" || echo "$PGP_SEC" > "$PGP_SEC_FILE"
+
+## Create new PGP keys. If PGP file is empty.
+if [ ! -e "$PGP_SEC_FILE" ] 
+then
+	echo -e "\nThe PGP key is empty. Generating new PGP key...\n"
+	test -z "$ACCOUNT_URL" && { echo -n "Please enter your site URL like https://example.com : " ; read ACCOUNT_URL ;}
+
+	#GNUPGHOME="$(mktemp -d)" ;#- works for gpg2
+	gpg --faked-system-time $(TZ=UTC date --date=$(date +'%Y-%m-%d') +%s) \
+		--pinentry-mode loopback --passphrase "$PASSWORD" \
+		--batch --gen-key 2>/dev/null <<-EOF
+	Key-Type: RSA
+	Key-Usage: cert,sign
+	Key-Length: 1024
+	Subkey-Type: RSA
+	Subkey-Usage: encr
+	Subkey-Length: 1024
+	Name-Real: Account_URL
+	Name-Comment: ${ACCOUNT_URL:-https://example.com}
+	Expire-Date: 0
+EOF
+	echo
+	tput setaf 7
+	#cat $GNUPGHOME/openpgp-revocs.d/*.rev
+	cat /root/.gnupg/openpgp-revocs.d/*.rev | sed -e "/^pub/,+2 { s/.*/$(tput sgr0)$(tput bold)&$(tput sgr0)$(tput setaf 7)/; }"
+	tput setaf 3
+	gpg --armor --export | tee "$PGP_PUB_FILE"
+	tput setaf 4
+	gpg --armor --export-secret-keys | tee "$PGP_SEC_FILE"
+	tput sgr0
+
+	pkill gpg-agent 2>/dev/null
+else
+	echo -e "\nNOTE:Your PGP keyfiles location: $(dirname $PGP_PUB_FILE) \n"
+fi
+
+## Change PGP keyfiles owner
+test -e "$PGP_PUB_FILE" && chown module:module "$PGP_PUB_FILE"
+test -e "$PGP_SEC_FILE" && chown module:module "$PGP_SEC_FILE"
+test -e "$PGP_SEC_FILE" && chmod 600 "$PGP_SEC_FILE"
+
+## Get bitcoin address from the daemon config
+DM_BITCOIN="$(sed -n '/^[ \t]*\[module\]/,/\[/s/^[ \t]*address[ \t]*=[ \t]*//p' $DM_CONF_FILE)"
+
+## Create new Bitcoin keys. If address is empty.
+if [ -z "$DM_BITCOIN" ]
+then
+	echo -e "\nThe Bitcoin key is empty. Generating new Bitcoin key...\n"
+
+	B=$(tput bold)
+	N=$(tput sgr0)
+
+	## Generate bitcoin keys
+	PRIVKEY="$(cat /dev/random | tr -cd "[:digit:]" | head -c 64)"
+	PUBKEY="$(bx ec-to-public $PRIVKEY)"
+	BITCOIN="$(bx ec-to-address $PUBKEY)"
+	PRIVKEYWIF="$(bx ec-to-wif $PRIVKEY)"
+
+	## Write the bitcoin address to the daemon config
+	sed -i "/\[module\]/,/\[/ s/^address=.*/address=$BITCOIN/" "$DM_CONF_FILE"
+
+	## Show bitcoin keys
+	echo -e "Please backup these\t${B}BITCOIN KEYS:${N}"
+	echo -e "PRIVATE KEY (raw form):\t${B}$PRIVKEY${N}"
+	echo -e "PRIVATE KEY (WIF form):\t${B}$PRIVKEYWIF${N}"
+	echo -e "Bitcoin public key:\t${B}$PUBKEY${N}"
+	echo -e "Bitcoin address:\t${B}$BITCOIN${N}\n"
+fi
+
+## Password notice
+echo "$PASSWORD" | grep -q "/" && \
+	( echo -e "\n$(tput bold)WARN:$(tput sgr0)Please, write your 'passphrase=$PASSWORD' to $DM_CONF_FILE manually.\n" | grep --color=auto "/")
+## API credentials notice
+test -z "$CLIENT_ID" -o -z "$CLIENT_SECRET" && \
+	echo -e "NOTE:Please visit a BitDeals site to get your API credentials: $(tput smul)\$CLIENT_ID$(tput rmul) and $(tput smul)\$CLIENT_SECRET$(tput rmul).\n"
+
+## Run the daemon
+exec /usr/sbin/dm -p /etc/dm -c /etc/dm/dm.conf
+