Dockerfile (12055B)
1 FROM docker.io/library/debian:trixie AS base-system 2 3 # FIXMEs: 4 # - debian packages should be built with a nightly tag 5 # - the final image contains all build dependencies, this isn't really necessary 6 # - the final image contains -dev packages, not really necessary 7 # - GNUnet build dependencies are excessive, maybe we can just build the required libs? 8 9 RUN DEBIAN_FRONTEND=noninteractive \ 10 apt-get update && \ 11 apt-get -y upgrade && \ 12 apt-get --no-install-recommends install -y \ 13 autoconf \ 14 autopoint \ 15 golang \ 16 build-essential \ 17 po-debconf \ 18 debhelper-compat \ 19 apt-utils \ 20 libtool \ 21 texinfo \ 22 libgcrypt-dev \ 23 libidn11-dev \ 24 zlib1g-dev \ 25 libunistring-dev \ 26 libjansson-dev \ 27 git \ 28 libsqlite3-dev \ 29 libpq-dev \ 30 libmicrohttpd-dev \ 31 libsodium-dev \ 32 libqrencode-dev \ 33 zip \ 34 unzip \ 35 jq \ 36 meson \ 37 npm \ 38 openjdk-21-jre-headless \ 39 openjdk-21-jdk-headless \ 40 default-jre-headless \ 41 nano \ 42 procps \ 43 python3-jinja2 \ 44 python3-pip \ 45 python3-poetry-core \ 46 python3-sphinx \ 47 python3-sphinx-rtd-theme \ 48 python3-sphinx-multiversion \ 49 python3-venv \ 50 python3-dev \ 51 nodejs \ 52 iptables \ 53 miniupnpc \ 54 libextractor-dev \ 55 libbluetooth-dev \ 56 libcurl4-gnutls-dev \ 57 libogg-dev \ 58 libopus-dev \ 59 libpulse-dev \ 60 fakeroot \ 61 libzbar-dev \ 62 libltdl-dev \ 63 net-tools \ 64 python3-flask \ 65 python3-flask-babel \ 66 python3-bs4 \ 67 python3-requests \ 68 python3-click \ 69 pybuild-plugin-pyproject \ 70 pandoc 71 72 # FIXME: Try to use debian packages where possible and otherwise really use 73 # a venv or per-user installation of the package. 74 RUN pip3 install --break-system-packages sphinx-book-theme sphinx-markdown-builder sphinxcontrib-jquery 75 76 # GNUnet 77 FROM base-system AS gnunet 78 79 COPY buildconfig/gnunet.tag buildconfig/gnunet.checkout /buildconfig/ 80 WORKDIR /build 81 RUN TAG=$(cat /buildconfig/gnunet.tag) && \ 82 git clone git://git.gnunet.org/gnunet \ 83 --branch $TAG && \ 84 cd gnunet && git checkout $(cat /buildconfig/gnunet.checkout) 85 WORKDIR /build/gnunet 86 RUN ./bootstrap 87 RUN dpkg-buildpackage -rfakeroot -b -uc -us 88 WORKDIR / 89 RUN mkdir -p /packages/gnunet 90 RUN mv /build/*.deb /packages/gnunet 91 RUN rm -rf /build 92 RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install --no-install-recommends -y /packages/gnunet/*.deb 93 WORKDIR / 94 95 ## Directory 96 #FROM base-system AS taler-directory 97 # 98 #COPY buildconfig/taler-directory.* /buildconfig/ 99 #WORKDIR /build 100 #RUN TAG=$(cat /buildconfig/taler-directory.tag) && \ 101 # git clone git://git.gnunet.org/taldir \ 102 # --branch $TAG && \ 103 # cd taldir && git checkout $(cat /buildconfig/taler-directory.checkout) 104 #WORKDIR /build/taldir 105 #RUN ./bootstrap 106 #RUN dpkg-buildpackage -rfakeroot -b -uc -us 107 #WORKDIR / 108 #RUN mkdir -p /packages/taldir 109 #RUN mv /build/*.deb /packages/taldir 110 #RUN rm -rf /build 111 #RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install --no-install-recommends -y /packages/taldir/*.deb 112 #WORKDIR / 113 114 ## Mailbox 115 #FROM base-system AS taler-mailbox 116 # 117 #COPY buildconfig/taler-mailbox.* /buildconfig/ 118 #WORKDIR /build 119 #RUN TAG=$(cat /buildconfig/taler-mailbox.tag) && \ 120 # git clone git://git.gnunet.org/taler-mailbox \ 121 # --branch $TAG && \ 122 # cd taler-mailbox && git checkout $(cat /buildconfig/taler-mailbox.checkout) 123 #WORKDIR /build/taler-mailbox 124 #RUN ./bootstrap 125 #RUN dpkg-buildpackage -rfakeroot -b -uc -us 126 #WORKDIR / 127 #RUN mkdir -p /packages/taler-mailbox 128 #RUN mv /build/*.deb /packages/taler-mailbox 129 #RUN rm -rf /build 130 #RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install --no-install-recommends -y /packages/taler-mailbox/*.deb 131 #WORKDIR / 132 133 # Exchange 134 FROM gnunet as exchange 135 136 COPY buildconfig/exchange.tag buildconfig/exchange.checkout /buildconfig/ 137 WORKDIR /build 138 RUN TAG=$(cat /buildconfig/exchange.tag) && \ 139 git clone git://git.taler.net/exchange \ 140 --branch $TAG && \ 141 cd exchange && git checkout $(cat /buildconfig/exchange.checkout) 142 WORKDIR /build/exchange 143 RUN ./bootstrap 144 RUN dpkg-buildpackage -rfakeroot -b -uc -us 145 WORKDIR / 146 RUN mkdir -p /packages/exchange 147 RUN mv /build/*.deb /packages/exchange 148 RUN rm -rf /build 149 RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install --no-install-recommends -y /packages/exchange/*.deb 150 WORKDIR / 151 152 # Donau 153 FROM exchange as donau 154 COPY buildconfig/donau.tag buildconfig/donau.checkout /buildconfig/ 155 WORKDIR /build 156 RUN TAG=$(cat /buildconfig/donau.tag) && \ 157 git clone git://git.taler.net/donau \ 158 --branch $TAG && \ 159 cd donau && git checkout $(cat /buildconfig/donau.checkout) 160 WORKDIR /build/donau 161 RUN ./bootstrap && \ 162 ./configure --prefix=/usr \ 163 --disable-doc 164 RUN dpkg-buildpackage -rfakeroot -b -uc -us 165 WORKDIR / 166 RUN mkdir -p /packages/donau 167 RUN mv /build/*.deb /packages/donau 168 RUN rm -rf /build 169 RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install --no-install-recommends -y /packages/donau/*.deb 170 WORKDIR / 171 172 # Merchant 173 # FROM exchange as merchant 174 FROM donau as merchant 175 176 COPY buildconfig/merchant.tag buildconfig/merchant.checkout /buildconfig/ 177 WORKDIR /build 178 RUN TAG=$(cat /buildconfig/merchant.tag) && \ 179 git clone git://git.taler.net/merchant \ 180 --branch $TAG && \ 181 cd merchant && git checkout $(cat /buildconfig/merchant.checkout) 182 WORKDIR /build/merchant 183 RUN ./bootstrap && \ 184 ./configure --prefix=/usr \ 185 --disable-doc 186 RUN dpkg-buildpackage -rfakeroot -b -uc -us 187 WORKDIR / 188 RUN mkdir -p /packages/merchant 189 RUN mv /build/*.deb /packages/merchant 190 RUN rm -rf /build 191 RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install --no-install-recommends -y /packages/merchant/*.deb 192 WORKDIR / 193 194 # Challenger 195 FROM exchange as challenger 196 197 COPY buildconfig/challenger.tag buildconfig/challenger.checkout /buildconfig/ 198 WORKDIR /build 199 RUN TAG=$(cat /buildconfig/challenger.tag) && \ 200 git clone git://git.taler.net/challenger \ 201 --branch $TAG && \ 202 cd challenger && git checkout $(cat /buildconfig/challenger.checkout) 203 WORKDIR /build/challenger 204 RUN ./bootstrap && \ 205 ./configure --prefix=/usr \ 206 --disable-doc 207 RUN dpkg-buildpackage -rfakeroot -b -uc -us 208 WORKDIR / 209 RUN mkdir -p /packages/challenger 210 RUN mv /build/*.deb /packages/challenger 211 RUN rm -rf /build 212 RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install --no-install-recommends -y /packages/challenger/*.deb 213 WORKDIR / 214 215 # Libeufin 216 FROM base-system as libeufin 217 218 WORKDIR /build 219 COPY buildconfig/libeufin.tag buildconfig/libeufin.checkout /buildconfig/ 220 RUN TAG=$(cat /buildconfig/libeufin.tag) && \ 221 git clone git://git.taler.net/libeufin \ 222 --branch $TAG && \ 223 cd libeufin && git checkout $(cat /buildconfig/libeufin.checkout) 224 WORKDIR /build/libeufin 225 RUN ./bootstrap 226 RUN ./configure --prefix=/usr 227 RUN dpkg-buildpackage -rfakeroot -b -uc -us 228 WORKDIR / 229 RUN mkdir -p /packages/libeufin 230 RUN mv /build/*.deb /packages/libeufin 231 RUN rm -rf /build 232 RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install --no-install-recommends -y /packages/libeufin/*.deb 233 234 # Merchant demos 235 FROM base-system as merchant-demos 236 237 WORKDIR /build 238 COPY buildconfig/merchant-demos.tag buildconfig/merchant-demos.checkout /buildconfig/ 239 RUN TAG=$(cat /buildconfig/merchant-demos.tag) && \ 240 git clone git://git.taler.net/taler-merchant-demos \ 241 --branch $TAG && \ 242 cd taler-merchant-demos && git checkout $(cat /buildconfig/merchant-demos.checkout) 243 WORKDIR /build/taler-merchant-demos 244 RUN ./bootstrap 245 RUN dpkg-buildpackage -rfakeroot -b -uc -us 246 WORKDIR / 247 RUN mkdir -p /packages/merchant-demos 248 RUN mv /build/*.deb /packages/merchant-demos 249 RUN rm -rf /build 250 RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install --no-install-recommends -y /packages/merchant-demos/*.deb 251 252 # taler-typescript-core tools (taler-wallet-cli and taler-harness) 253 FROM base-system as wallet 254 WORKDIR /build 255 COPY buildconfig/wallet.tag buildconfig/wallet.checkout /buildconfig/ 256 RUN TAG=$(cat /buildconfig/wallet.tag) && \ 257 git clone git://git.taler.net/taler-typescript-core \ 258 --branch $TAG && \ 259 cd taler-typescript-core && git checkout $(cat /buildconfig/wallet.checkout) 260 RUN npm install -g pnpm@^9.10.0 261 WORKDIR /build/taler-typescript-core 262 RUN ./bootstrap 263 # Install standalone merchant SPA 264 WORKDIR /build/taler-typescript-core/packages/merchant-backoffice-ui 265 RUN ./configure --prefix=/usr/local 266 RUN make install 267 # taler-wallet-cli 268 WORKDIR /build/taler-typescript-core/packages/taler-wallet-cli 269 RUN ./configure --prefix=/usr/local 270 RUN make deps 271 RUN dpkg-buildpackage -rfakeroot -b -uc -us 272 # taler-harness 273 WORKDIR /build/taler-typescript-core/packages/taler-harness 274 RUN ./configure --prefix=/usr/local 275 RUN pnpm install --frozen-lockfile --filter @gnu-taler/taler-harness... 276 RUN pnpm run --filter @gnu-taler/taler-harness... compile 277 RUN dpkg-buildpackage -rfakeroot -b -uc -us 278 # copy debs 279 WORKDIR / 280 RUN mkdir -p /packages/wallet 281 RUN mv /build/taler-typescript-core/packages/*.deb /packages/wallet 282 RUN rm -rf /build 283 RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install --no-install-recommends -y /packages/wallet/*.deb 284 285 ## Sync 286 #FROM merchant as sync 287 #COPY buildconfig/sync.* /buildconfig/ 288 #WORKDIR /build 289 #RUN TAG=$(cat /buildconfig/sync.tag) && \ 290 # git clone git://git.taler.net/sync \ 291 # --branch $TAG && \ 292 # cd sync && git checkout $(cat /buildconfig/sync.checkout) 293 #WORKDIR /build/sync 294 #RUN ./bootstrap 295 #RUN dpkg-buildpackage -rfakeroot -b -uc -us 296 #WORKDIR / 297 #RUN mkdir -p /packages/sync 298 #RUN mv /build/*.deb /packages/sync 299 #RUN rm -rf /build 300 #RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install --no-install-recommends -y /packages/sync/*.deb 301 #WORKDIR / 302 303 304 FROM base-system as turnstile 305 COPY buildconfig/turnstile.tag buildconfig/turnstile.checkout /buildconfig/ 306 RUN TAG=$(cat /buildconfig/turnstile.tag) && \ 307 cd /opt/ && \ 308 git clone git://git.taler.net/turnstile \ 309 --branch $TAG && \ 310 cd /opt/turnstile && git checkout $(cat /buildconfig/turnstile.checkout) 311 312 # Final image 313 FROM base-system as taler-final 314 RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get -y upgrade && apt-get --no-install-recommends install -y \ 315 gpg 316 COPY apt/caddy-stable.list /etc/apt/sources.list.d/caddy-stable.list 317 COPY apt/caddy-stable-archive-keyring.gpg /tmp/caddy-stable-archive-keyring.gpg 318 RUN gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg /tmp/caddy-stable-archive-keyring.gpg 319 RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get -y upgrade && apt-get --no-install-recommends install -y \ 320 emacs \ 321 vim \ 322 curl \ 323 postgresql \ 324 bash-completion \ 325 sudo \ 326 less \ 327 caddy \ 328 s-nail \ 329 systemd-coredump \ 330 libnss3-tools \ 331 uuid-runtime \ 332 php \ 333 composer \ 334 php-pgsql \ 335 php-fpm \ 336 php-dom \ 337 php-gd \ 338 php-curl \ 339 ; 340 341 RUN mkdir -p /packages 342 COPY --from=gnunet /packages/gnunet/* /packages/ 343 #COPY --from=taler-directory /packages/taldir/* /packages/ 344 #COPY --from=taler-mailbox /packages/taler-mailbox/* /packages/ 345 COPY --from=exchange /packages/exchange/* /packages/ 346 COPY --from=merchant /packages/merchant/* /packages/ 347 COPY --from=wallet /packages/wallet/* /packages/ 348 COPY --from=wallet /usr/local/share/taler-merchant-backoffice /usr/local/share/taler-merchant-backoffice 349 COPY --from=libeufin /packages/libeufin/* /packages/ 350 COPY --from=merchant-demos /packages/merchant-demos/* /packages/ 351 COPY --from=challenger /packages/challenger/* /packages/ 352 COPY --from=donau /packages/donau/* /packages/ 353 COPY --from=turnstile /opt/turnstile /opt/turnstile 354 RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get -y upgrade && \ 355 apt-get install --no-install-recommends -y /packages/*.deb 356 COPY systemd/setup-sandcastle.service /etc/systemd/system/ 357 RUN systemctl enable setup-sandcastle.service 358 # Disable potentially problem-causing services 359 RUN systemctl disable postgresql && \ 360 systemctl disable apache2 || true 361 RUN sed -i /etc/postgresql/17/main/postgresql.conf -e 's/^port[ ]*=.*$/port = 5432/' 362 # Not ready yet! 363 #RUN systemctl disable taler-mailbox 364 365 # Disable systemd services that have permission issues 366 # and thus fail, clobbering the systemd status. 367 RUN systemctl mask systemd-modules-load.service 368 RUN systemctl disable proc-sys-fs-binfmt_misc.automount