fixates 1.14.7 bullseye

1.14.5/bullseye/Dockerfile

@@ -34,7 +34,8 @@ RUN apt-get update && apt-get install --no-install-recommends -y \
     && rm -rf /var/lib/apt/lists/*
 
 # fetch tools and setup signers
-RUN git clone --depth 1 ${REPO_GITIAN_BUILDER} gitian \
+RUN bash -o pipefail \
+    && git clone --depth 1 ${REPO_GITIAN_BUILDER} gitian \
     && git clone --depth 1 ${REPO_GITIAN_SIGS} sigs \
     && git clone --depth 1 -b v${RLS_VERSION} ${REPO_DOGECOIN_CORE} dogecoin \
     && find dogecoin/contrib/gitian-keys -name "*.pgp" |xargs -n 1 gpg --import
@@ -53,48 +54,62 @@ RUN set -ex && ARCHITECTURE=$(dpkg --print-architecture) \
        | grep OK | shuf -n 1 | sed s/:.*// > random_signer.txt \
     && grep ${RLS_FILE_NAME} sigs/${SIG_PATH}/$(cat random_signer.txt)/*assert | sha256sum -c \
     && grep ${RLS_FILE_NAME} SHASUMS | sha256sum -c \
-    && mv ${RLS_FILE_NAME} dogecoin.tar.gz
+    && tar -zxvf ${RLS_FILE_NAME} \
+        dogecoin-${RLS_VERSION}/bin/dogecoind \
+        dogecoin-${RLS_VERSION}/bin/dogecoin-cli \
+        dogecoin-${RLS_VERSION}/bin/dogecoin-tx \
+        --strip-components=1
+
+COPY entrypoint.py /entrypoint.py
 
 FROM debian:bullseye-slim AS final
 
-ENV USER=dogecoin
-ENV DATADIR=/${USER}/.dogecoin
+ARG USER=
+ENV USER=${USER}
+ARG APP_UID=
+ENV APP_UID=${APP_UID}
+ARG APP_GID=
+ENV APP_GID=${APP_GID}
+ENV DATADIR=/home/${USER}/.dogecoin
 
-# Root configuration to mimic user
-ENV HOME=/${USER}
+# RUN echo ${USER} ${APP_UID} ${APP_GID} && exit 1
 
-RUN useradd ${USER} --home-dir ${HOME}
+RUN echo ${USER} ${APP_UID} ${APP_GID} \
+    && groupadd -g ${APP_GID} ${USER} \
+    && useradd -m --uid ${APP_UID} ${USER} -g ${APP_GID} \
+    && mkdir -p ${DATADIR} \
+    && chgrp -R ${APP_GID} ${DATADIR} \
+    && chown -R ${APP_UID}:${APP_GID} ${DATADIR} \
+    && chmod -R 1007 ${DATADIR}
 
-WORKDIR /tmp
+WORKDIR /home/${USER}
 
-# Copy the downloaded binary from the verify stage
-COPY --from=verify /verify/dogecoin.tar.gz ./
+# Copy the downloaded binaries into the container system from the verify stage.
+COPY --from=verify \
+    /verify/bin/dogecoind \
+    /verify/bin/dogecoin-cli \
+    /verify/bin/dogecoin-tx /usr/local/bin/
 
-# Move downloaded binaries and man pages in the container system.
-# Setuid on binaries with $USER rights, to limit root usage.
-RUN tar -xvf dogecoin.tar.gz --strip-components=1 \
-    && cp bin/dogecoind bin/dogecoin-cli bin/dogecoin-tx /usr/local/bin/ \
-    && chown ${USER}:${USER} /usr/local/bin/dogecoin* \
-    && chmod 4555 /usr/local/bin/dogecoin* \
-    && rm -rf *
+COPY /entrypoint.py /usr/local/bin/
 
-WORKDIR ${HOME}
+# Set permissions on copied files
+RUN chmod g+x /usr/local/bin/*
 
 # P2P network (mainnet, testnet & regnet respectively)
 EXPOSE 22556 44556 18444
 
 # RPC interface (mainnet, testnet & regnet respectively)
 EXPOSE 22555 44555 18332
 
-VOLUME ["/dogecoin/.dogecoin"]
+VOLUME ["${DATADIR}"]
 
 # Dependencies install
 RUN apt-get update && apt-get install --no-install-recommends -y \
     python3 \
     && rm -rf /var/lib/apt/lists/*
 
-COPY entrypoint.py /usr/local/bin/entrypoint.py
-RUN chmod 500 /usr/local/bin/entrypoint.py
+USER ${APP_UID}:${APP_GID}
 
 ENTRYPOINT ["entrypoint.py"]
+
 CMD ["dogecoind"]

1.14.5/bullseye/build.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+wget https://raw.githubusercontent.com/dogecoin/dogecoin/master/share/rpcuser/rpcuser.py
+chmod +x rpcuser.py
+./rpcuser.py dogecoin > auth
+rpcauth=$(cat auth | grep "rpcauth")
+rpcpassword=$(cat auth | sed '1,/Your password:/d')
+echo daemon=1 > dogecoin.conf
+echo server=1 >> dogecoin.conf
+echo listen=1 >> dogecoin.conf
+echo wallet=1 >> dogecoin.conf
+echo bind=0.0.0.0:22556 >> dogecoin.conf
+echo bind=[::]:22556 >> dogecoin.conf
+echo rpcbind=127.0.0.1:22555 >> dogecoin.conf
+echo rpcallowip=0.0.0.0/0 >> dogecoin.conf
+echo rpcuser=dogecoin >> dogecoin.conf
+echo $rpcauth >> dogecoin.conf
+echo rpcpassword=$rpcpassword >> dogecoin.conf
+echo harddustlimit=0.001 >> dogecoin.conf
+rm rpcuser.py auth
+
+docker build --no-cache --build-arg "APP_UID=$(id -u $USER)" --build-arg "APP_GID=$(id -g $USER)" --build-arg "USER=dogecoin" -t xanimo/dogecoin:1.14.5 .

1.14.5/bullseye/docker-compose.yml

@@ -0,0 +1,19 @@
+version: "3.8"
+
+name: dogecoin
+services:
+  dogecoin:
+    build: .
+    image: xanimo/dogecoin:1.14.5
+    volumes:
+    - dogecoin:/home/dogecoin/.dogecoin
+    env_file:
+      - .env
+
+volumes:
+  dogecoin:
+    driver: local
+    driver_opts:
+      o: bind
+      type: none
+      device: /mnt/volumes/.dogecoin

1.14.5/bullseye/dogecoin.conf

@@ -0,0 +1,12 @@
+daemon=1
+server=1
+listen=1
+wallet=1
+bind=0.0.0.0:18444
+bind=[::]:18444
+rpcbind=127.0.0.1:18443
+rpcallowip=0.0.0.0/0
+rpcuser=dogecoin
+rpcauth=dogecoin:b60e8cbd94e52a801ef34f1346422bd9$e6c36a71f0d353f225178dcd0efa576e32b06127184dce4a080d43f8be48ddfe
+rpcpassword=DAN8LP5r5PnE-Q48B3JWiilmK5mbJb7zAcDAUC0ctxQ
+harddustlimit=0.001

1.14.5/bullseye/entrypoint.py

@@ -4,7 +4,7 @@
 """
 import argparse
 import os
-import pwd
+# import pwd
 import shutil
 import sys
 import subprocess
@@ -70,7 +70,6 @@ def executable_options(executable):
 def create_datadir():
     """
     Create data directory used by dogecoin daemon.
-
     Create manually the directory while root at container creation,
     root rights needed to create folder with host volume.
     """
@@ -81,11 +80,15 @@ def create_datadir():
 
     #Try to get datadir from environment
     datadir = argv.datadir or os.environ.get("DATADIR")
-
+    print(datadir)
+    print(argv.datadir)
     os.makedirs(datadir, exist_ok=True)
 
+    app_uid = os.environ["APP_UID"]
+    app_gid = os.environ["APP_GID"]
     user = os.environ["USER"]
-    subprocess.run(["chown", "-R", f"{user}:{user}", datadir], check=True)
+    subprocess.run(["chmod", "-R", "1700", datadir], check=True)
+    subprocess.run(["chown", "-R", f"{app_uid}:{app_gid}", f"/home/{user}/.dogecoin"], check=True)
 
 def convert_env(executable):
     """
@@ -131,9 +134,9 @@ def run_executable(executable, executable_args):
 
     #Switch process from root to user.
     #Equivalent to use gosu or su-exec
-    user_info = pwd.getpwnam(os.environ['USER'])
-    os.setgid(user_info.pw_gid)
-    os.setuid(user_info.pw_uid)
+    # user_info = pwd.getpwnam(os.environ['USER'])
+    # os.setgid(user_info.pw_gid)
+    # os.setuid(user_info.pw_uid)
 
     #Run container command
     return execute(executable, executable_args)
@@ -142,6 +145,7 @@ def main():
     """
     Main routine
     """
+
     if sys.argv[1].startswith("-"):
         executable = "dogecoind"
     else:

1.14.5/bullseye/run.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+if [[ -f .lock ]]; then
+    touch .lock
+    docker volume create dogecoin
+fi
+
+if docker inspect dogecoin | grep '"Status":' | grep "running"; then
+    docker stop dogecoin
+fi
+
+docker run -d -e APP_UID=$(id -u $USER) -e APP_GID=$(id -g $USER) -u "$(id -u $USER):$(id -g $USER)" -it --rm --name dogecoin -t xanimo/dogecoin:1.14.5 --regtest

1.14.6/bullseye/.env

@@ -0,0 +1,12 @@
+daemon=1
+server=1
+listen=1
+wallet=1
+bind=0.0.0.0:22556
+bind=[::]:22556
+rpcbind=127.0.0.1:22555
+rpcallowip=0.0.0.0/0
+rpcuser=dogecoin
+rpcauth=dogecoin:a1300ebb8da7f280ad66b969264c22dd$0c9869c90bfc813708540a13146c63823463ee51b5d3d6abceb11674b5eb600a
+rpcpassword=jdjKm44i1UpmTicidJiaSNmUc-klDlervv_U-8uInp4
+harddustlimit=0.001

1.14.6/bullseye/Dockerfile

@@ -0,0 +1,109 @@
+FROM debian:bullseye-slim AS verify
+
+WORKDIR /verify
+
+# github repository locations
+ARG REPO_GITIAN_BUILDER=https://github.com/devrandom/gitian-builder.git
+ARG REPO_GITIAN_SIGS=https://github.com/dogecoin/gitian.sigs.git
+ARG REPO_DOGECOIN_CORE=https://github.com/dogecoin/dogecoin.git
+
+# Specify release variables
+ARG RLS_VERSION=1.14.6
+ARG RLS_OS=linux
+ARG RLS_LIB=gnu
+ARG RLS_ARCH=
+
+# static derived variables
+ARG SIG_PATH=${RLS_VERSION}-${RLS_OS}
+ARG DESCRIPTOR_PATH=dogecoin/contrib/gitian-descriptors/gitian-${RLS_OS}.yml
+ARG RLS_LOCATION=https://github.com/dogecoin/dogecoin/releases/download/v${RLS_VERSION}
+
+# install system requirements
+RUN apt-get update && apt-get install --no-install-recommends -y \
+    wget \
+    git \
+    ruby \
+    gpg \
+    gpg-agent \
+    && rm -rf /var/lib/apt/lists/*
+
+# fetch tools and setup signers
+RUN bash -o pipefail \
+    && git clone --depth 1 ${REPO_GITIAN_BUILDER} gitian \
+    && git clone --depth 1 ${REPO_GITIAN_SIGS} sigs \
+    && git clone --depth 1 -b v${RLS_VERSION} ${REPO_DOGECOIN_CORE} dogecoin \
+    && find dogecoin/contrib/gitian-keys -name "*.pgp" |xargs -n 1 gpg --import
+
+# determine architecture, download release binary
+# and verify against random OK signer and pinned shasums
+RUN set -ex && ARCHITECTURE=$(dpkg --print-architecture) \
+    && if [ "${ARCHITECTURE}" = "amd64" ]; then RLS_ARCH=x86_64 ; fi \
+    && if [ "${ARCHITECTURE}" = "arm64" ]; then RLS_ARCH=aarch64; fi \
+    && if [ "${ARCHITECTURE}" = "armhf" ]; then RLS_ARCH=arm && RLS_LIB=gnueabihf; fi \
+    && if [ "${ARCHITECTURE}" = "i386" ]; then RLS_ARCH=i686-pc; fi \
+    && if [ "${RLS_ARCH}" = "" ]; then echo "Could not determine architecture" >&2; exit 1; fi \
+    && RLS_FILE_NAME=dogecoin-${RLS_VERSION}-${RLS_ARCH}-${RLS_OS}-${RLS_LIB}.tar.gz \
+    && wget ${RLS_LOCATION}/${RLS_FILE_NAME} \
+    && wget ${RLS_LOCATION}/SHA256SUMS.asc \
+    && gitian/bin/gverify --no-markup -d sigs -r ${SIG_PATH} ${DESCRIPTOR_PATH} \
+       | grep OK | shuf -n 1 | sed s/:.*// > random_signer.txt \
+    && grep ${RLS_FILE_NAME} sigs/${SIG_PATH}/$(cat random_signer.txt)/*assert | sha256sum -c \
+    && grep ${RLS_FILE_NAME} SHA256SUMS.asc | sha256sum -c \
+    && tar -zxvf ${RLS_FILE_NAME} \
+        dogecoin-${RLS_VERSION}/bin/dogecoind \
+        dogecoin-${RLS_VERSION}/bin/dogecoin-cli \
+        dogecoin-${RLS_VERSION}/bin/dogecoin-tx \
+        --strip-components=1
+
+COPY entrypoint.py /entrypoint.py
+
+FROM debian:bullseye-slim AS final
+
+ARG USER=
+ENV USER=${USER:-"dogecoin"}
+ARG APP_UID=
+ENV APP_UID=${APP_UID}
+ARG APP_GID=
+ENV APP_GID=${APP_GID}
+ENV DATADIR=/home/${USER}/.dogecoin
+
+# RUN echo ${USER} ${APP_UID} ${APP_GID} && exit 1
+
+RUN groupadd -g ${APP_GID} ${USER} \
+    && useradd -m --uid ${APP_UID} ${USER} -g ${APP_GID} \
+    && mkdir -p ${DATADIR} \
+    && chgrp -R ${APP_GID} ${DATADIR} \
+    && chown -R "${APP_UID}:${APP_GID}" ${DATADIR} \
+    && chmod -R 1007 ${DATADIR}
+
+WORKDIR /home/${USER}
+
+# Copy the downloaded binaries into the container system from the verify stage.
+COPY --from=verify \
+    /verify/bin/dogecoind \
+    /verify/bin/dogecoin-cli \
+    /verify/bin/dogecoin-tx /usr/local/bin/
+
+COPY /entrypoint.py /usr/local/bin/
+
+# Set permissions on copied files
+RUN chmod g+x /usr/local/bin/*
+
+# P2P network (mainnet, testnet & regnet respectively)
+EXPOSE 22556 44556 18444
+
+# RPC interface (mainnet, testnet & regnet respectively)
+EXPOSE 22555 44555 18332
+
+VOLUME ["${DATADIR}"]
+
+# Dependencies install
+RUN apt-get update && apt-get install --no-install-recommends -y \
+    python3 \
+    && rm -rf /var/lib/apt/lists/*
+
+USER "${APP_UID}:${APP_GID}"
+
+ENTRYPOINT ["entrypoint.py"]
+
+CMD ["dogecoind", "-reindex"]

1.14.6/bullseye/PLATFORMS

@@ -0,0 +1,4 @@
+linux/amd64
+linux/arm64
+linux/arm/v7
+linux/386

1.14.6/bullseye/build.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+
+wget https://raw.githubusercontent.com/dogecoin/dogecoin/master/share/rpcuser/rpcuser.py
+chmod +x rpcuser.py
+./rpcuser.py dogecoin > auth
+rpcauth=$(cat auth | grep "rpcauth")
+rpcpassword=$(cat auth | sed '1,/Your password:/d')
+echo daemon=1 > dogecoin.conf
+echo server=1 >> dogecoin.conf
+echo listen=1 >> dogecoin.conf
+echo wallet=1 >> dogecoin.conf
+echo bind=0.0.0.0:22556 >> dogecoin.conf
+echo bind=[::]:22556 >> dogecoin.conf
+echo rpcbind=127.0.0.1:22555 >> dogecoin.conf
+echo rpcallowip=0.0.0.0/0 >> dogecoin.conf
+echo rpcuser=dogecoin >> dogecoin.conf
+echo $rpcauth >> dogecoin.conf
+echo rpcpassword=$rpcpassword >> dogecoin.conf
+echo harddustlimit=0.001 >> dogecoin.conf
+echo reindex=1
+echo txindex=1
+cat dogecoin.conf > .env
+
+docker build --no-cache --build-arg "APP_UID=$(id -u $USER)" --build-arg "APP_GID=$(id -g $USER)" --build-arg "USER=dogecoin" -t xanimo/dogecoin:1.14.6 .
+rm rpcuser.py auth dogecoin.conf

1.14.6/bullseye/docker-compose.yml

@@ -0,0 +1,19 @@
+version: "3.8"
+
+name: dogecoin
+services:
+  dogecoin:
+    build: .
+    image: xanimo/dogecoin:1.14.6
+    volumes:
+    - dogecoin:/home/dogecoin/.dogecoin
+    env_file:
+      - .env
+
+volumes:
+  dogecoin:
+    driver: local
+    driver_opts:
+      o: bind
+      type: none
+      device: /mnt/volumes/.dogecoin