Dockerfile (12001B)
1 FROM docker.io/library/debian:trixie AS base-system 2 3 # FIXMEs: 4 # - debian packages should be built with a nightly tag 5 # - the final image contains all build dependencies, this isn't really necessary 6 # - the final image contains -dev packages, not really necessary 7 # - GNUnet build dependencies are excessive, maybe we can just build the required libs? 8 9 RUN DEBIAN_FRONTEND=noninteractive \ 10 apt-get update && \ 11 apt-get -y upgrade && \ 12 apt-get --no-install-recommends install -y \ 13 autoconf \ 14 autopoint \ 15 golang \ 16 build-essential \ 17 po-debconf \ 18 debhelper-compat \ 19 apt-utils \ 20 libtool \ 21 texinfo \ 22 libgcrypt-dev \ 23 libidn11-dev \ 24 zlib1g-dev \ 25 libunistring-dev \ 26 libjansson-dev \ 27 git \ 28 libsqlite3-dev \ 29 libpq-dev \ 30 libmicrohttpd-dev \ 31 libsodium-dev \ 32 libqrencode-dev \ 33 zip \ 34 unzip \ 35 jq \ 36 meson \ 37 npm \ 38 openjdk-21-jre-headless \ 39 openjdk-21-jdk-headless \ 40 default-jre-headless \ 41 nano \ 42 procps \ 43 python3-jinja2 \ 44 python3-pip \ 45 python3-poetry-core \ 46 python3-sphinx \ 47 python3-sphinx-rtd-theme \ 48 python3-sphinx-multiversion \ 49 python3-venv \ 50 python3-dev \ 51 nodejs \ 52 iptables \ 53 miniupnpc \ 54 libextractor-dev \ 55 libbluetooth-dev \ 56 libcurl4-gnutls-dev \ 57 libogg-dev \ 58 libopus-dev \ 59 libpulse-dev \ 60 fakeroot \ 61 libzbar-dev \ 62 libltdl-dev \ 63 net-tools \ 64 python3-flask \ 65 python3-flask-babel \ 66 python3-bs4 \ 67 python3-requests \ 68 python3-click \ 69 pybuild-plugin-pyproject \ 70 pandoc 71 72 # FIXME: Try to use debian packages where possible and otherwise really use 73 # a venv or per-user installation of the package. 74 RUN pip3 install --break-system-packages sphinx-book-theme sphinx-markdown-builder sphinxcontrib-jquery 75 76 # GNUnet 77 FROM base-system AS gnunet 78 79 COPY buildconfig/gnunet.tag buildconfig/gnunet.checkout /buildconfig/ 80 WORKDIR /build 81 RUN TAG=$(cat /buildconfig/gnunet.tag) && \ 82 git clone git://git.gnunet.org/gnunet \ 83 --branch $TAG && \ 84 cd gnunet && git checkout $(cat /buildconfig/gnunet.checkout) 85 WORKDIR /build/gnunet 86 RUN ./bootstrap 87 RUN dpkg-buildpackage -rfakeroot -b -uc -us 88 WORKDIR / 89 RUN mkdir -p /packages/gnunet 90 RUN mv /build/*.deb /packages/gnunet 91 RUN rm -rf /build 92 RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install --no-install-recommends -y /packages/gnunet/*.deb 93 WORKDIR / 94 95 # Directory 96 FROM base-system AS taler-directory 97 98 COPY buildconfig/taler-directory.* /buildconfig/ 99 WORKDIR /build 100 RUN TAG=$(cat /buildconfig/taler-directory.tag) && \ 101 git clone git://git.gnunet.org/taldir \ 102 --branch $TAG && \ 103 cd taldir && git checkout $(cat /buildconfig/taler-directory.checkout) 104 WORKDIR /build/taldir 105 RUN ./bootstrap 106 RUN dpkg-buildpackage -rfakeroot -b -uc -us 107 WORKDIR / 108 RUN mkdir -p /packages/taldir 109 RUN mv /build/*.deb /packages/taldir 110 RUN rm -rf /build 111 RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install --no-install-recommends -y /packages/taldir/*.deb 112 WORKDIR / 113 114 # Mailbox 115 FROM base-system AS taler-mailbox 116 117 COPY buildconfig/taler-mailbox.* /buildconfig/ 118 WORKDIR /build 119 RUN TAG=$(cat /buildconfig/taler-mailbox.tag) && \ 120 git clone git://git.gnunet.org/taler-mailbox \ 121 --branch $TAG && \ 122 cd taler-mailbox && git checkout $(cat /buildconfig/taler-mailbox.checkout) 123 WORKDIR /build/taler-mailbox 124 RUN dpkg-buildpackage -rfakeroot -b -uc -us 125 WORKDIR / 126 RUN mkdir -p /packages/taler-mailbox 127 RUN mv /build/*.deb /packages/taler-mailbox 128 RUN rm -rf /build 129 RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install --no-install-recommends -y /packages/taler-mailbox/*.deb 130 WORKDIR / 131 132 # Exchange 133 FROM gnunet as exchange 134 135 COPY buildconfig/exchange.tag buildconfig/exchange.checkout /buildconfig/ 136 WORKDIR /build 137 RUN TAG=$(cat /buildconfig/exchange.tag) && \ 138 git clone git://git.taler.net/exchange \ 139 --branch $TAG && \ 140 cd exchange && git checkout $(cat /buildconfig/exchange.checkout) 141 WORKDIR /build/exchange 142 RUN ./bootstrap 143 RUN dpkg-buildpackage -rfakeroot -b -uc -us 144 WORKDIR / 145 RUN mkdir -p /packages/exchange 146 RUN mv /build/*.deb /packages/exchange 147 RUN rm -rf /build 148 RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install --no-install-recommends -y /packages/exchange/*.deb 149 WORKDIR / 150 151 # Donau 152 FROM exchange as donau 153 COPY buildconfig/donau.tag buildconfig/donau.checkout /buildconfig/ 154 WORKDIR /build 155 RUN TAG=$(cat /buildconfig/donau.tag) && \ 156 git clone git://git.taler.net/donau \ 157 --branch $TAG && \ 158 cd donau && git checkout $(cat /buildconfig/donau.checkout) 159 WORKDIR /build/donau 160 RUN ./bootstrap && \ 161 ./configure --prefix=/usr \ 162 --disable-doc 163 RUN dpkg-buildpackage -rfakeroot -b -uc -us 164 WORKDIR / 165 RUN mkdir -p /packages/donau 166 RUN mv /build/*.deb /packages/donau 167 RUN rm -rf /build 168 RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install --no-install-recommends -y /packages/donau/*.deb 169 WORKDIR / 170 171 # Merchant 172 # FROM exchange as merchant 173 FROM donau as merchant 174 175 COPY buildconfig/merchant.tag buildconfig/merchant.checkout /buildconfig/ 176 WORKDIR /build 177 RUN TAG=$(cat /buildconfig/merchant.tag) && \ 178 git clone git://git.taler.net/merchant \ 179 --branch $TAG && \ 180 cd merchant && git checkout $(cat /buildconfig/merchant.checkout) 181 WORKDIR /build/merchant 182 RUN ./bootstrap && \ 183 ./configure --prefix=/usr \ 184 --disable-doc 185 RUN dpkg-buildpackage -rfakeroot -b -uc -us 186 WORKDIR / 187 RUN mkdir -p /packages/merchant 188 RUN mv /build/*.deb /packages/merchant 189 RUN rm -rf /build 190 RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install --no-install-recommends -y /packages/merchant/*.deb 191 WORKDIR / 192 193 # Challenger 194 FROM exchange as challenger 195 196 COPY buildconfig/challenger.tag buildconfig/challenger.checkout /buildconfig/ 197 WORKDIR /build 198 RUN TAG=$(cat /buildconfig/challenger.tag) && \ 199 git clone git://git.taler.net/challenger \ 200 --branch $TAG && \ 201 cd challenger && git checkout $(cat /buildconfig/challenger.checkout) 202 WORKDIR /build/challenger 203 RUN ./bootstrap && \ 204 ./configure --prefix=/usr \ 205 --disable-doc 206 RUN dpkg-buildpackage -rfakeroot -b -uc -us 207 WORKDIR / 208 RUN mkdir -p /packages/challenger 209 RUN mv /build/*.deb /packages/challenger 210 RUN rm -rf /build 211 RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install --no-install-recommends -y /packages/challenger/*.deb 212 WORKDIR / 213 214 # Libeufin 215 FROM base-system as libeufin 216 217 WORKDIR /build 218 COPY buildconfig/libeufin.tag buildconfig/libeufin.checkout /buildconfig/ 219 RUN TAG=$(cat /buildconfig/libeufin.tag) && \ 220 git clone git://git.taler.net/libeufin \ 221 --branch $TAG && \ 222 cd libeufin && git checkout $(cat /buildconfig/libeufin.checkout) 223 WORKDIR /build/libeufin 224 RUN ./bootstrap 225 RUN ./configure --prefix=/usr 226 RUN dpkg-buildpackage -rfakeroot -b -uc -us 227 WORKDIR / 228 RUN mkdir -p /packages/libeufin 229 RUN mv /build/*.deb /packages/libeufin 230 RUN rm -rf /build 231 RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install --no-install-recommends -y /packages/libeufin/*.deb 232 233 # Merchant demos 234 FROM base-system as merchant-demos 235 236 WORKDIR /build 237 COPY buildconfig/merchant-demos.tag buildconfig/merchant-demos.checkout /buildconfig/ 238 RUN TAG=$(cat /buildconfig/merchant-demos.tag) && \ 239 git clone git://git.taler.net/taler-merchant-demos \ 240 --branch $TAG && \ 241 cd taler-merchant-demos && git checkout $(cat /buildconfig/merchant-demos.checkout) 242 WORKDIR /build/taler-merchant-demos 243 RUN ./bootstrap 244 RUN dpkg-buildpackage -rfakeroot -b -uc -us 245 WORKDIR / 246 RUN mkdir -p /packages/merchant-demos 247 RUN mv /build/*.deb /packages/merchant-demos 248 RUN rm -rf /build 249 RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install --no-install-recommends -y /packages/merchant-demos/*.deb 250 251 # taler-typescript-core tools (taler-wallet-cli and taler-harness) 252 FROM base-system as wallet 253 WORKDIR /build 254 COPY buildconfig/wallet.tag buildconfig/wallet.checkout /buildconfig/ 255 RUN TAG=$(cat /buildconfig/wallet.tag) && \ 256 git clone git://git.taler.net/taler-typescript-core \ 257 --branch $TAG && \ 258 cd taler-typescript-core && git checkout $(cat /buildconfig/wallet.checkout) 259 RUN npm install -g pnpm@^9.10.0 260 WORKDIR /build/taler-typescript-core 261 RUN ./bootstrap 262 # Install standalone merchant SPA 263 WORKDIR /build/taler-typescript-core/packages/merchant-backoffice-ui 264 RUN ./configure --prefix=/usr/local 265 RUN make install 266 # taler-wallet-cli 267 WORKDIR /build/taler-typescript-core/packages/taler-wallet-cli 268 RUN ./configure --prefix=/usr/local 269 RUN make deps 270 RUN dpkg-buildpackage -rfakeroot -b -uc -us 271 # taler-harness 272 WORKDIR /build/taler-typescript-core/packages/taler-harness 273 RUN ./configure --prefix=/usr/local 274 RUN pnpm install --frozen-lockfile --filter @gnu-taler/taler-harness... 275 RUN pnpm run --filter @gnu-taler/taler-harness... compile 276 RUN dpkg-buildpackage -rfakeroot -b -uc -us 277 # copy debs 278 WORKDIR / 279 RUN mkdir -p /packages/wallet 280 RUN mv /build/taler-typescript-core/packages/*.deb /packages/wallet 281 RUN rm -rf /build 282 RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install --no-install-recommends -y /packages/wallet/*.deb 283 284 ## Sync 285 #FROM merchant as sync 286 #COPY buildconfig/sync.* /buildconfig/ 287 #WORKDIR /build 288 #RUN TAG=$(cat /buildconfig/sync.tag) && \ 289 # git clone git://git.taler.net/sync \ 290 # --branch $TAG && \ 291 # cd sync && git checkout $(cat /buildconfig/sync.checkout) 292 #WORKDIR /build/sync 293 #RUN ./bootstrap 294 #RUN dpkg-buildpackage -rfakeroot -b -uc -us 295 #WORKDIR / 296 #RUN mkdir -p /packages/sync 297 #RUN mv /build/*.deb /packages/sync 298 #RUN rm -rf /build 299 #RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install --no-install-recommends -y /packages/sync/*.deb 300 #WORKDIR / 301 302 303 FROM base-system as turnstile 304 COPY buildconfig/turnstile.tag buildconfig/turnstile.checkout /buildconfig/ 305 RUN TAG=$(cat /buildconfig/turnstile.tag) && \ 306 cd /opt/ && \ 307 git clone git://git.taler.net/turnstile \ 308 --branch $TAG && \ 309 cd /opt/turnstile && git checkout $(cat /buildconfig/turnstile.checkout) 310 311 # Final image 312 FROM base-system as taler-final 313 RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get -y upgrade && apt-get --no-install-recommends install -y \ 314 gpg 315 COPY apt/caddy-stable.list /etc/apt/sources.list.d/caddy-stable.list 316 COPY apt/caddy-stable-archive-keyring.gpg /tmp/caddy-stable-archive-keyring.gpg 317 RUN gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg /tmp/caddy-stable-archive-keyring.gpg 318 RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get -y upgrade && apt-get --no-install-recommends install -y \ 319 emacs \ 320 vim \ 321 curl \ 322 postgresql \ 323 bash-completion \ 324 sudo \ 325 less \ 326 caddy \ 327 s-nail \ 328 systemd-coredump \ 329 libnss3-tools \ 330 uuid-runtime \ 331 php \ 332 composer \ 333 php-pgsql \ 334 php-fpm \ 335 php-dom \ 336 php-gd \ 337 php-curl \ 338 ; 339 340 RUN mkdir -p /packages 341 COPY --from=gnunet /packages/gnunet/* /packages/ 342 COPY --from=taler-directory /packages/taldir/* /packages/ 343 COPY --from=taler-mailbox /packages/taler-mailbox/* /packages/ 344 COPY --from=exchange /packages/exchange/* /packages/ 345 COPY --from=merchant /packages/merchant/* /packages/ 346 COPY --from=wallet /packages/wallet/* /packages/ 347 COPY --from=wallet /usr/local/share/taler-merchant-backoffice /usr/local/share/taler-merchant-backoffice 348 COPY --from=libeufin /packages/libeufin/* /packages/ 349 COPY --from=merchant-demos /packages/merchant-demos/* /packages/ 350 COPY --from=challenger /packages/challenger/* /packages/ 351 COPY --from=donau /packages/donau/* /packages/ 352 COPY --from=turnstile /opt/turnstile /opt/turnstile 353 RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get -y upgrade && \ 354 apt-get install --no-install-recommends -y /packages/*.deb 355 COPY systemd/setup-sandcastle.service /etc/systemd/system/ 356 RUN systemctl enable setup-sandcastle.service 357 # Disable potentially problem-causing services 358 RUN systemctl disable postgresql && \ 359 systemctl disable apache2 || true 360 RUN sed -i /etc/postgresql/17/main/postgresql.conf -e 's/^port[ ]*=.*$/port = 5432/' 361 # Not ready yet! 362 #RUN systemctl disable taler-mailbox 363 364 # Disable systemd services that have permission issues 365 # and thus fail, clobbering the systemd status. 366 RUN systemctl mask systemd-modules-load.service 367 RUN systemctl disable proc-sys-fs-binfmt_misc.automount