-
Notifications
You must be signed in to change notification settings - Fork 550
/
Copy pathDockerfile-delegation-stateless-verifier
105 lines (78 loc) · 3.51 KB
/
Dockerfile-delegation-stateless-verifier
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
#################################################################################################
# The "stateless verification build" Stage
# - builds stateless verification tool
# - should not include any data related to joining a specific network, only the node software itself
#################################################################################################
FROM gcr.io/o1labs-192920/mina-toolchain@sha256:c810338e2c3973f7c674d0607048725917ce2be23b949c4bc9760c01122f884b AS builder
# Use --build-arg "DUNE_PROFILE=dev" to build a dev image or for CI
ARG DUNE_PROFILE=devnet
# branch to checkout on first clone (this will be the only availible branch in the container)
# can also be a tagged release
ARG MINA_BRANCH=sventimir/stateless-verification-tool
# repo to checkout the branch from
ARG MINA_REPO=https://github.com/MinaProtocol/mina
# location of repo used for pins and external package commits
ARG MINA_DIR=mina
ENV PATH "$PATH:/usr/lib/go/bin:$HOME/.cargo/bin"
# git will clone into an empty dir, but this also helps us set the workdir in advance
RUN cd $HOME && rm -rf $HOME/${MINA_DIR} \
&& git clone \
-b "${MINA_BRANCH}" \
--depth 1 \
--shallow-submodules \
--recurse-submodules \
${MINA_REPO} ${HOME}/${MINA_DIR}
WORKDIR $HOME/${MINA_DIR}
RUN git submodule sync && git submodule update --init --recursive
RUN mkdir ${HOME}/app
# HACK: build without special cpu features to allow more people to run delegation verification tool
# RUN ./scripts/zexe-standardize.sh
RUN eval $(opam config env) \
&& dune build --profile=${DUNE_PROFILE} \
src/app/delegation_verify/delegation_verify.exe \
&& cp _build/default/src/app/delegation_verify/delegation_verify.exe ./delegation-verify \
&& rm -rf _build
USER root
# copy binary to /bin
RUN cp ./delegation-verify /bin/delegation-verify
# add authenticate.sh to image
RUN cp src/app/delegation_verify/scripts/authenticate.sh /bin/authenticate.sh
# Runtime image
FROM ubuntu:latest
# Copy resources from builder to runtime image
COPY --from=builder /bin/delegation-verify /bin/delegation-verify
COPY --from=builder /bin/authenticate.sh /bin/authenticate.sh
# awscli and cqlsh-expansion are used by the delegation verification tool
RUN apt-get update && apt-get install -y python3 python3-pip jq libjemalloc2 wget dnsutils gawk
RUN pip3 install awscli
RUN pip3 install cqlsh-expansion
RUN pip3 install pytz
# Install libssl1.1.1b (not in apt)
RUN wget https://www.openssl.org/source/openssl-1.1.1b.tar.gz
RUN mkdir /opt/openssl
RUN tar xfvz openssl-1.1.1b.tar.gz --directory /opt/openssl
RUN rm openssl-1.1.1b.tar.gz
ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/opt/openssl/lib"
ENV PATH="$PATH:/opt/openssl/bin"
RUN cd /opt/openssl/openssl-1.1.1b && ./config --prefix=/opt/openssl --openssldir=/opt/openssl/ssl
RUN cd /opt/openssl/openssl-1.1.1b && make && make install
# Rename openssl old binary
RUN mv /usr/bin/openssl /usr/bin/openssl.old
# Install libffi7
RUN wget http://es.archive.ubuntu.com/ubuntu/pool/main/libf/libffi/libffi7_3.3-4_amd64.deb
RUN dpkg -i libffi7_3.3-4_amd64.deb
RUN rm libffi7_3.3-4_amd64.deb
# Make symlinks
RUN ln -s /usr/local/bin/aws /bin/aws
RUN ln -s /usr/local/bin/cqlsh /bin/cqlsh
RUN ln -s /usr/local/bin/cqlsh-expansion /bin/cqlsh-expansion
RUN /usr/local/bin/cqlsh-expansion.init
# make binary and script executable
RUN chmod +x /bin/authenticate.sh /bin/delegation-verify
# set up timezone
ENV DEBIAN_FRONTEND="noninteractive"
ENV TZ="Etc/UTC"
RUN apt install tzdata
# set home to root dir
ENV HOME="/root"
ENTRYPOINT ["/bin/delegation-verify"]