temporarily add a nonroot variant until distroless trixie release

Author: klemenfn

images/rippled/Dockerfile.2.6.2.uid_65532

@@ -0,0 +1,141 @@
+# syntax=docker/dockerfile:1.3-labs
+FROM debian:trixie@sha256:8f6a88feef3ed01a300dafb87f208977f39dccda1fd120e878129463f7fa3b8f as build
+
+ARG VERSION=2.6.2
+
+ENV DEBIAN_FRONTEND="noninteractive" TZ="Europe/London"
+
+RUN <<-EOF
+    set -e
+    apt-get -y update && apt-get -y install \
+        python3-venv \
+        curl \
+        git \
+        build-essential \
+        cmake
+EOF
+
+RUN <<-EOF
+    set -e
+    echo "conan" > /tmp/requirements.in
+    python3 -m venv /opt/conan_env
+    /opt/conan_env/bin/python -m pip install pip-tools
+    /opt/conan_env/bin/pip-compile --generate-hashes --output-file=/tmp/requirements.txt /tmp/requirements.in
+    /opt/conan_env/bin/python -m pip install -r /tmp/requirements.txt --require-hashes
+EOF
+
+RUN git clone --single-branch --branch "${VERSION}" https://github.com/ripple/rippled.git /opt/ripple
+
+WORKDIR /opt/ripple
+
+ENV PATH="/opt/conan_env/bin:$PATH"
+
+# https://github.com/XRPLF/rippled/blob/develop/BUILD.md
+RUN <<-EOF
+    set -e
+    git config --global http.postBuffer 1048576000
+    conan config install /opt/ripple/conan/profiles/default -tf $(conan config home)/profiles
+    conan remote add --index 0 xrplf "https://conan.ripplex.io"
+    mkdir cmake_build
+EOF
+
+RUN <<-EOF
+    set -e
+    cd cmake_build
+    conan install \
+        .. \
+        --profile:host=default \
+        --profile:build=default \
+        --output-folder . \
+        --build missing \
+        --settings build_type=Release
+EOF
+
+RUN <<-EOF
+    set -e
+    cd cmake_build
+    cmake \
+        -DCMAKE_BUILD_TYPE=Release \
+        -DCMAKE_TOOLCHAIN_FILE:FILEPATH=build/generators/conan_toolchain.cmake \
+        -DCMAKE_INSTALL_PREFIX=/opt/ripple/build \
+        -Dstatic=ON \
+        -Dxrpld=ON \
+        -Dtests=OFF \
+        -B./ ..
+EOF
+
+RUN <<-EOF
+    set -e
+    cd cmake_build
+    cmake --build . --target install -- -j 8
+    find /opt/ripple/build/bin -type f -executable -exec strip -s {} + 2>/dev/null || true
+    mkdir -p /opt/ripple/.ripple/db
+EOF
+
+WORKDIR /opt/validator-keys-tool
+
+RUN git clone --single-branch --branch "master" https://github.com/ripple/validator-keys-tool.git /opt/validator-keys-tool && \
+    git checkout 05742108d4b7c0b7d9a97c073acd690d2c75a2b4
+
+RUN <<-EOF
+    set -e
+    mkdir .build
+    cd .build
+    conan install \
+       .. \
+       --profile:host=default \
+       --profile:build=default \
+       --output-folder . \
+       --build missing \
+       --settings build_type=Release
+    cmake -DCMAKE_POLICY_DEFAULT_CMP0091=NEW \
+        -DCMAKE_TOOLCHAIN_FILE:FILEPATH=conan_toolchain.cmake \
+        -DCMAKE_BUILD_TYPE=Release \
+        ..
+EOF
+
+RUN <<-EOF
+    set -e
+    cd .build
+    cmake --build .
+EOF
+
+COPY rippled.conf validators.txt /opt/ripple/.ripple/
+
+FROM debian:trixie@sha256:8f6a88feef3ed01a300dafb87f208977f39dccda1fd120e878129463f7fa3b8f
+
+COPY --from=build --chown=65532:65532 /opt/ripple/build/bin/ /opt/ripple/bin/
+COPY --from=build --chown=65532:65532 /opt/ripple/.ripple/ /opt/ripple/.ripple/
+
+ENV DEBIAN_FRONTEND="noninteractive" TZ="Europe/London"
+ENV PATH="/opt/ripple/bin:${PATH}"
+
+RUN <<-EOF
+apt-get -y update && \
+apt-get -y install \
+net-tools \
+curl \
+jq \
+netcat-openbsd \
+procps
+EOF
+
+RUN <<-EOF
+    groupadd -r -g 65532 nonroot && \
+    useradd -r -u 65532 -g nonroot -d /opt/ripple -s /sbin/nologin nonroot
+EOF
+
+RUN <<-EOF
+    mkdir -p /opt/ripple/.ripple/db && \
+    chmod 755 /opt/ripple/.ripple/db && \
+    chown -R 65532:65532 /opt/ripple
+EOF
+
+RUN mkdir -p /var/log/rippled && \
+    chmod 775 /var/log/rippled && \
+    chown 65532:65532 /var/log/rippled
+
+USER 65532:65532
+
+# https://xrpl.org/commandline-usage.html
+ENTRYPOINT ["rippled", "--conf=/opt/ripple/.ripple/rippled.conf", "--fg"]