diff options
author | Lauri Ojansivu <x@xet7.org> | 2018-07-02 18:40:08 +0300 |
---|---|---|
committer | Lauri Ojansivu <x@xet7.org> | 2018-07-02 18:40:08 +0300 |
commit | bbdb6a90b29040aeb6afe8541e3549b043b2610d (patch) | |
tree | 46c974fd1efe55203cee3cec1631ff1d0b95869d | |
parent | 8fbbc104f7e2b680698d286859adab9adf5ff2ae (diff) | |
download | wekan-bbdb6a90b29040aeb6afe8541e3549b043b2610d.tar.gz wekan-bbdb6a90b29040aeb6afe8541e3549b043b2610d.tar.bz2 wekan-bbdb6a90b29040aeb6afe8541e3549b043b2610d.zip |
Download node from sandstorm in Dockerfile.
-rw-r--r-- | Dockerfile | 83 |
1 files changed, 68 insertions, 15 deletions
@@ -28,10 +28,10 @@ ENV SRC_PATH ${SRC_PATH:-./} COPY ${SRC_PATH} /home/wekan/app RUN \ - # Add non-root user wekan + echo "=== Add non-root user wekan" && \ useradd --user-group --system --home-dir /home/wekan wekan && \ \ - # OS dependencies + echo "=== OS dependencies" && \ apt-get update -y && apt-get install -y --no-install-recommends ${BUILD_DEPS} && \ \ # Download nodejs @@ -45,13 +45,65 @@ RUN \ # Also see beginning of wekan/server/authentication.js # import Fiber from "fibers"; # Fiber.poolSize = 1e9; + echo "=== Getting newest Node from Sandstorm fork of Node" && \ + echo "=== Source: https://github.com/sandstorm-io/node ===" && \ + \ + # From https://github.com/sandstorm-io/sandstorm/blob/master/branch.conf + SANDSTORM_BRANCH_NUMBER=0 && \ + \ + # From https://github.com/sandstorm-io/sandstorm/blob/master/release.sh + SANDSTORM_CHANNEL=dev && \ + SANDSTORM_LAST_BUILD=$(curl -fs https://install.sandstorm.io/$SANDSTORM_CHANNEL) && \ + \ + echo "=== Latest Sandstorm Release: ${SANDSTORM_LAST_BUILD}===" && \ + if (( SANDSTORM_LAST_BUILD / 1000 > SANDSTORM_BRANCH_NUMBER )); && \ + then && \ + echo "SANDSTORM BRANCH ERROR: $CHANNEL has already moved past this branch!" >&2 && \ + echo " I refuse to replace it with an older branch." >&2 && \ + exit 1 && \ + fi && \ + BASE_BUILD=$(( BRANCH_NUMBER * 1000 )) && \ + BUILD=$(( BASE_BUILD > LAST_BUILD ? BASE_BUILD : LAST_BUILD + 1 )) && \ + BUILD_MINOR="$(( $BUILD % 1000 ))" && \ + DISPLAY_VERSION="${BRANCH_NUMBER}.${BUILD_MINOR}" && \ + TAG_NAME="v${DISPLAY_VERSION}" && \ + SIGNING_KEY_ID=160D2D577518B58D94C9800B63F227499DA8CCBD && \ + TARBALL=sandstorm-$SANDSTORM_LAST_BUILD.tar.xz && \ + NODE_EXE=sandstorm-$SANDSTORM_LAST_BUILD/bin/node && \ + echo "=== Downloading Sandstorm GPG keys to verify Sandstorm release" && \ + # Do verification in custom GPG workspace + # https://docs.sandstorm.io/en/latest/install/#option-3-pgp-verified-install + export GNUPGHOME=$(mktemp -d) && \ + curl https://raw.githubusercontent.com/sandstorm-io/sandstorm/master/keys/release-keyring.gpg | gpg --import && \ + wget https://raw.githubusercontent.com/sandstorm-io/sandstorm/master/keys/release-certificate.kentonv.sig && \ + gpg --decrypt release-certificate.kentonv.sig && \ + echo "=== Downloading Sandstorm release from https://dl.sandstorm.io/${TARBALL} ===" && \ + wget https://dl.sandstorm.io/$TARBALL && \ + echo "=== Downloading signature for Sandstorm release from https://dl.sandstorm.io/${TARBALL}.sig ===" && \ + wget https://dl.sandstorm.io/$TARBALL.sig && \ + echo "=== Verifying signature of Sandstorm release" && \ + gpg --verify $TARBALL.sig $TARBALL && \ + \ + if [ $? -eq 0 ] && \ + then && \ + echo "=== All is well. Good signature in Sandstorm." && \ + else && \ + echo "=== PROBLEM WITH SANDSTORM SIGNATURE." && \ + exit 1 && \ + fi && \ + echo "=== Extracting Node from Sandstorm release tarball" && \ + # --strip 2 removes path of 2 subdirectories + tar -xf $TARBALL $NODE_EXE --strip=2 && \ + echo "=== Deleting Sandstorm release tarball and signature" && \ + rm $TARBALL $TARBALL.sig release-certificate.kentonv.si* && \ + # == OLD == # Download node version 8.11.1 that has fix included, node binary copied from Sandstorm # Description at https://releases.wekan.team/node.txt - wget https://releases.wekan.team/node-${NODE_VERSION}-${ARCHITECTURE}.tar.gz && \ - echo "308d0caaef0a1da3e98d1a1615016aad9659b3caf31d0f09ced20cabedb8acbf node-v8.11.1-linux-x64.tar.gz" >> SHASUMS256.txt.asc && \ - \ + ##wget https://releases.wekan.team/node-${NODE_VERSION}-${ARCHITECTURE}.tar.gz && \ + ##echo "308d0caaef0a1da3e98d1a1615016aad9659b3caf31d0f09ced20cabedb8acbf node-v8.11.1-linux-x64.tar.gz" >> SHASUMS256.txt.asc && \ + ##\ # Verify nodejs authenticity - grep ${NODE_VERSION}-${ARCHITECTURE}.tar.gz SHASUMS256.txt.asc | shasum -a 256 -c - && \ + ##grep ${NODE_VERSION}-${ARCHITECTURE}.tar.gz SHASUMS256.txt.asc | shasum -a 256 -c - && \ #export GNUPGHOME="$(mktemp -d)" && \ #\ # Try other key servers if ha.pool.sks-keyservers.net is unreachable @@ -75,24 +127,25 @@ RUN \ # Ignore socket files then delete files then delete directories #find "$GNUPGHOME" -type f | xargs rm -f && \ #find "$GNUPGHOME" -type d | xargs rm -fR && \ - rm -f SHASUMS256.txt.asc && \ + ##rm -f SHASUMS256.txt.asc && \ \ # Install Node - tar xvzf node-${NODE_VERSION}-${ARCHITECTURE}.tar.gz && \ - rm node-${NODE_VERSION}-${ARCHITECTURE}.tar.gz && \ - mv node-${NODE_VERSION}-${ARCHITECTURE} /opt/nodejs && \ + #tar xvzf node-${NODE_VERSION}-${ARCHITECTURE}.tar.gz && \ + #rm node-${NODE_VERSION}-${ARCHITECTURE}.tar.gz && \ + #mv node-${NODE_VERSION}-${ARCHITECTURE} /opt/nodejs && \ + mv node /opt/nodejs && \ ln -s /opt/nodejs/bin/node /usr/bin/node && \ ln -s /opt/nodejs/bin/npm /usr/bin/npm && \ \ #DOES NOT WORK: paxctl fix for alpine linux: https://github.com/wekan/wekan/issues/1303 #paxctl -mC `which node` && \ \ - # Install Node dependencies + echo "=== Install Node dependencies" && \ npm install -g npm@${NPM_VERSION} && \ npm install -g node-gyp && \ npm install -g fibers@${FIBERS_VERSION} && \ \ - # Change user to wekan and install meteor + echo "=== Change user to wekan and install meteor" && \ cd /home/wekan/ && \ chown wekan:wekan --recursive /home/wekan && \ curl https://install.meteor.com -o /home/wekan/install_meteor.sh && \ @@ -107,7 +160,7 @@ RUN \ gosu wekan:wekan git clone --recursive --depth 1 -b release/METEOR@${METEOR_EDGE} git://github.com/meteor/meteor.git /home/wekan/.meteor; \ fi; \ \ - # Get additional packages + echo "=== Get additional packages" && \ mkdir -p /home/wekan/app/packages && \ chown wekan:wekan --recursive /home/wekan && \ cd /home/wekan/app/packages && \ @@ -117,7 +170,7 @@ RUN \ cd /home/wekan/.meteor && \ gosu wekan:wekan /home/wekan/.meteor/meteor -- help; \ \ - # Build app + echo "=== Build app" && \ cd /home/wekan/app && \ gosu wekan:wekan /home/wekan/.meteor/meteor add standard-minifier-js && \ gosu wekan:wekan /home/wekan/.meteor/meteor npm install && \ @@ -135,7 +188,7 @@ RUN \ #gosu wekan:wekan npm install bcrypt && \ mv /home/wekan/app_build/bundle /build && \ \ - # Cleanup + echo "=== Cleanup" && \ apt-get remove --purge -y ${BUILD_DEPS} && \ apt-get autoremove -y && \ rm -R /var/lib/apt/lists/* && \ |