Switch Dogecoin image to rootless and distroless

Author: benjamin102014

images/dogecoind/Dockerfile

@@ -1,82 +1,52 @@
 # syntax=docker/dockerfile:1.3-labs
-FROM ubuntu:22.04 as build
+FROM debian:12@sha256:b6507e340c43553136f5078284c8c68d86ec8262b1724dde73c325e8d3dcdeba as build
 
 ARG VERSION=v1.14.9
 
 ENV DEBIAN_FRONTEND="noninteractive" TZ="Europe/London"
 
 RUN <<-EOF
-    apt-get -y update && \
-    apt-get -y install \
-    git \
-    build-essential \
-    libtool \
-    autotools-dev \
-    automake \
-    pkg-config \
-    bsdmainutils \
-    python3 \
-    python3-pip \
-    libevent-dev \
-    libboost-system-dev \
-    libboost-filesystem-dev \
-    libboost-chrono-dev \
-    libboost-test-dev \
-    libboost-thread-dev \
-    libboost-program-options-dev \
-    libssl-dev \
-    libzmq3-dev \
-    acl
+    set -e
+    apt-get -y update && apt-get -y install \
+        git \
+        build-essential \
+        cmake \
+        libtool \
+        pkg-config \
+        curl
 EOF
 
-RUN <<-EOF
-    echo "* soft nofile 1048576" >> /etc/security/limits.conf && \
-    echo "* hard nofile 1048576" >> /etc/security/limits.conf && \
-    echo "{{ ops_user }} soft nofile 1048576" >> /etc/security/limits.conf && \
-    echo "{{ ops_user }} hard nofile 1048576" >> /etc/security/limits.conf && \
-    cat /etc/security/limits.conf && \
-    ulimit -Sn
-EOF
-
-RUN pip install --upgrade pip && pip3 install pexpect
-
 RUN git clone --single-branch --branch "${VERSION}" https://github.com/dogecoin/dogecoin.git /opt/dogecoin
 
 WORKDIR /opt/dogecoin
 
 RUN <<-EOF
-    bash ./autogen.sh && \
-    bash ./configure --disable-wallet --without-gui --disable-tests --disable-bench --prefix=/opt/dogecoin/build && \
-    echo $(getconf _NPROCESSORS_ONLN) && \
-    make -j $(getconf _NPROCESSORS_ONLN) && \
-    make install && \
-    mkdir -p /opt/dogecoin/.dogecoin/db && \
-    chmod 755 /opt/dogecoin/.dogecoin/db
+    set -e
+    make -C /opt/dogecoin/depends/ -j $(getconf _NPROCESSORS_ONLN) NO_QT=1 NO_QR=1 NO_WALLET=1 NO_BDB=1
+    ./autogen.sh
+    ./configure \
+        --disable-wallet \
+        --without-gui \
+        --disable-tests \
+        --disable-bench \
+        --prefix=/opt/dogecoin/depends/x86_64-pc-linux-gnu/
+    make -j $(getconf _NPROCESSORS_ONLN)
+    make install
+    find /opt/dogecoin/depends/x86_64-pc-linux-gnu/bin -type f -executable -exec strip -s {} + 2>/dev/null || true
 EOF
 
-COPY ./dogecoin.conf /opt/dogecoin/.dogecoin/dogecoin.conf
+COPY dogecoin.conf /opt/dogecoin/.dogecoin/dogecoin.conf
 
-FROM ubuntu:22.04
-COPY --from=build /opt/dogecoin/ /opt/dogecoin/
+RUN <<-EOF
+    set -e
+    mkdir -p /opt/dogecoin/.dogecoin/db
+EOF
+
+FROM gcr.io/distroless/cc-debian12:nonroot@sha256:d1b8e4c52be1111aa108e959ef2a822299bb70fd1819dd250871a2601ca1e4b6 as final
 
 ENV DEBIAN_FRONTEND="noninteractive" TZ="Europe/London"
-ENV PATH="/opt/dogecoin/build/bin:${PATH}"
 
-RUN <<-EOF
-    apt-get -y update && \
-    apt-get -y install \
-    libevent-dev \
-    libboost-system-dev \
-    libboost-filesystem-dev \
-    libboost-chrono-dev \
-    libboost-test-dev \
-    libboost-thread-dev \
-    libboost-program-options-dev \
-    libzmq3-dev \
-    net-tools \
-    curl \
-    jq \
-    netcat
-EOF
+COPY --from=build --chown=65532:65532 /opt/dogecoin/depends/x86_64-pc-linux-gnu/bin/ /opt/dogecoin/bin/
+COPY --from=build --chown=65532:65532 /opt/dogecoin/.dogecoin/ /opt/dogecoin/.dogecoin/
 
-ENTRYPOINT ["dogecoind", "-conf=/opt/dogecoin/.dogecoin/dogecoin.conf", "-datadir=/opt/dogecoin/.dogecoin/db", "-printtoconsole", "-txindex=1"]
+ENTRYPOINT ["/opt/dogecoin/bin/dogecoind", "-conf=/opt/dogecoin/.dogecoin/dogecoin.conf", "-datadir=/opt/dogecoin/.dogecoin/db", "-printtoconsole", "-txindex=1"]

images/dogecoind/Dockerfile-wls

@@ -1 +1 @@
-docker build --progress=plain -t flarefoundation/dogecoin:1.14.9 .
+docker build -t flarefoundation/dogecoin:1.14.9 .