From 97e4fb629828b54450071ba6c5d04370dab02612 Mon Sep 17 00:00:00 2001 From: Nico Flaig Date: Tue, 6 Aug 2024 21:36:46 +0100 Subject: [PATCH 1/3] Switch Lodestar docker build to debian --- lodestar/Dockerfile.binary | 2 +- lodestar/Dockerfile.source | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lodestar/Dockerfile.binary b/lodestar/Dockerfile.binary index 613f0cf2..9f4ca503 100644 --- a/lodestar/Dockerfile.binary +++ b/lodestar/Dockerfile.binary @@ -7,7 +7,7 @@ FROM ${DOCKER_REPO}:${DOCKER_TAG} ARG BUILD_TARGET ARG SRC_REPO -RUN apk update && apk add --no-cache ca-certificates tzdata bash su-exec git && rm -rf /var/cache/apk/* +RUN apt-get update && apt-get install -y g++ make python3 python3-setuptools && apt-get clean && rm -rf /var/lib/apt/lists/* ARG USER=lsconsensus ARG UID=10002 diff --git a/lodestar/Dockerfile.source b/lodestar/Dockerfile.source index 513a8a0e..eda60580 100644 --- a/lodestar/Dockerfile.source +++ b/lodestar/Dockerfile.source @@ -1,4 +1,4 @@ -FROM node:22-alpine AS builder +FROM node:22.4-slim AS builder # Here only to avoid build-time errors ARG DOCKER_TAG @@ -7,7 +7,7 @@ ARG DOCKER_REPO ARG BUILD_TARGET ARG SRC_REPO -RUN apk update && apk add --no-cache git g++ make python3 py3-setuptools bash && rm -rf /var/cache/apk/* +RUN apt-get update && apt-get install -y g++ make python3 python3-setuptools && apt-get clean && rm -rf /var/lib/apt/lists/* WORKDIR /usr/app @@ -16,9 +16,9 @@ RUN bash -c "cd .. && rm -rf app && git clone ${SRC_REPO} app && cd app && git c && if [[ ${BUILD_TARGET} =~ pr-.+ ]]; then git fetch origin pull/$(echo ${BUILD_TARGET} | cut -d '-' -f 2)/head:ls-pr; git checkout ls-pr; else git checkout ${BUILD_TARGET}; fi \ && yarn install --non-interactive --frozen-lockfile && yarn build" -FROM node:22-alpine +FROM node:22.4-slim -RUN apk update && apk add --no-cache ca-certificates tzdata bash su-exec git && rm -rf /var/cache/apk/* +RUN apt-get update && apt-get install -y g++ make python3 python3-setuptools && apt-get clean && rm -rf /var/lib/apt/lists/* ARG USER=lsconsensus ARG UID=10002 From fc2b6e95e7c023cd26f1c0cbec8d7f6a2d3e0f1c Mon Sep 17 00:00:00 2001 From: Nico Flaig Date: Tue, 6 Aug 2024 22:08:38 +0100 Subject: [PATCH 2/3] Fix install commands --- lodestar/Dockerfile.binary | 2 +- lodestar/Dockerfile.source | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lodestar/Dockerfile.binary b/lodestar/Dockerfile.binary index 9f4ca503..6e27f36a 100644 --- a/lodestar/Dockerfile.binary +++ b/lodestar/Dockerfile.binary @@ -7,7 +7,7 @@ FROM ${DOCKER_REPO}:${DOCKER_TAG} ARG BUILD_TARGET ARG SRC_REPO -RUN apt-get update && apt-get install -y g++ make python3 python3-setuptools && apt-get clean && rm -rf /var/lib/apt/lists/* +RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates tzdata bash su-exec git && apt-get clean && rm -rf /var/lib/apt/lists/* ARG USER=lsconsensus ARG UID=10002 diff --git a/lodestar/Dockerfile.source b/lodestar/Dockerfile.source index eda60580..5f04976b 100644 --- a/lodestar/Dockerfile.source +++ b/lodestar/Dockerfile.source @@ -7,7 +7,7 @@ ARG DOCKER_REPO ARG BUILD_TARGET ARG SRC_REPO -RUN apt-get update && apt-get install -y g++ make python3 python3-setuptools && apt-get clean && rm -rf /var/lib/apt/lists/* +RUN apt-get update && apt-get install -y --no-install-recommends git g++ make python3 python3-setuptools bash && apt-get clean && rm -rf /var/lib/apt/lists/* WORKDIR /usr/app @@ -18,7 +18,7 @@ RUN bash -c "cd .. && rm -rf app && git clone ${SRC_REPO} app && cd app && git c FROM node:22.4-slim -RUN apt-get update && apt-get install -y g++ make python3 python3-setuptools && apt-get clean && rm -rf /var/lib/apt/lists/* +RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates tzdata bash su-exec git && apt-get clean && rm -rf /var/lib/apt/lists/* ARG USER=lsconsensus ARG UID=10002 From 7f9679b75a25d362160ad372030a656e257ce148 Mon Sep 17 00:00:00 2001 From: Nico Flaig Date: Tue, 6 Aug 2024 22:19:57 +0100 Subject: [PATCH 3/3] Replace su-exec with gosu --- lodestar/Dockerfile.binary | 2 +- lodestar/Dockerfile.source | 2 +- lodestar/docker-entrypoint-vc.sh | 2 +- lodestar/docker-entrypoint.sh | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lodestar/Dockerfile.binary b/lodestar/Dockerfile.binary index 6e27f36a..2323f00a 100644 --- a/lodestar/Dockerfile.binary +++ b/lodestar/Dockerfile.binary @@ -7,7 +7,7 @@ FROM ${DOCKER_REPO}:${DOCKER_TAG} ARG BUILD_TARGET ARG SRC_REPO -RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates tzdata bash su-exec git && apt-get clean && rm -rf /var/lib/apt/lists/* +RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates tzdata bash gosu git && apt-get clean && rm -rf /var/lib/apt/lists/* ARG USER=lsconsensus ARG UID=10002 diff --git a/lodestar/Dockerfile.source b/lodestar/Dockerfile.source index 5f04976b..dc5a2f3f 100644 --- a/lodestar/Dockerfile.source +++ b/lodestar/Dockerfile.source @@ -18,7 +18,7 @@ RUN bash -c "cd .. && rm -rf app && git clone ${SRC_REPO} app && cd app && git c FROM node:22.4-slim -RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates tzdata bash su-exec git && apt-get clean && rm -rf /var/lib/apt/lists/* +RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates tzdata bash gosu git && apt-get clean && rm -rf /var/lib/apt/lists/* ARG USER=lsconsensus ARG UID=10002 diff --git a/lodestar/docker-entrypoint-vc.sh b/lodestar/docker-entrypoint-vc.sh index b204b340..4814e71b 100755 --- a/lodestar/docker-entrypoint-vc.sh +++ b/lodestar/docker-entrypoint-vc.sh @@ -3,7 +3,7 @@ set -Eeuo pipefail if [ "$(id -u)" = '0' ]; then chown -R lsvalidator:lsvalidator /var/lib/lodestar - exec su-exec lsvalidator docker-entrypoint.sh "$@" + exec gosu lsvalidator docker-entrypoint.sh "$@" fi if [[ "${NETWORK}" =~ ^https?:// ]]; then diff --git a/lodestar/docker-entrypoint.sh b/lodestar/docker-entrypoint.sh index 23834cb3..2b2b915f 100755 --- a/lodestar/docker-entrypoint.sh +++ b/lodestar/docker-entrypoint.sh @@ -2,7 +2,7 @@ if [ "$(id -u)" = '0' ]; then chown -R lsconsensus:lsconsensus /var/lib/lodestar - exec su-exec lsconsensus docker-entrypoint.sh "$@" + exec gosu lsconsensus docker-entrypoint.sh "$@" fi # Remove old low-entropy token, related to Sigma Prime security audit