From 96d131a2704e59a4aa4f26bb2fcc39403f3806b1 Mon Sep 17 00:00:00 2001 From: 4NK Dev Date: Sun, 21 Sep 2025 18:24:26 +0000 Subject: [PATCH] ci: docker_tag=ext - Migrate to Debian base with minimal packages --- Dockerfile | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1ee6b23..d9a1f58 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,33 +16,33 @@ RUN cargo build --release FROM debian:bookworm-slim RUN apt-get update && apt-get upgrade -y && \ apt-get install -y --fix-missing \ - ca-certificates curl jq && \ + ca-certificates curl jq git && \ rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* -# Créer l'utilisateur bitcoin -RUN useradd -m -d /home/bitcoin -u 1000 bitcoin +# Création d'un utilisateur non-root +RUN useradd -m -u 1000 appuser && \ + mkdir -p /app && chown -R appuser:appuser /app COPY --from=builder /app/target/release/sdk_relay /usr/local/bin/sdk_relay -RUN chown bitcoin:bitcoin /usr/local/bin/sdk_relay && \ - chmod 755 /usr/local/bin/sdk_relay +RUN chmod +x /usr/local/bin/sdk_relay && \ + chown appuser:appuser /usr/local/bin/sdk_relay # Configuration via build arg ARG CONF -RUN echo "$CONF" > /home/bitcoin/.conf && \ - chown bitcoin:bitcoin /home/bitcoin/.conf && \ - chmod 644 /home/bitcoin/.conf +RUN echo "$CONF" > /app/.conf && \ + chown appuser:appuser /app/.conf && \ + chmod 644 /app/.conf # Créer le répertoire .4nk avec les bonnes permissions -RUN mkdir -p /home/bitcoin/.4nk && \ - chown -R bitcoin:bitcoin /home/bitcoin/.4nk && \ - chmod 755 /home/bitcoin/.4nk +RUN mkdir -p /app/.4nk && \ + chown -R appuser:appuser /app/.4nk && \ + chmod 755 /app/.4nk -WORKDIR /home/bitcoin -USER bitcoin -ENV HOME=/home/bitcoin +WORKDIR /app +USER appuser +ENV HOME=/app -VOLUME ["/home/bitcoin/.4nk"] -VOLUME ["/home/bitcoin/.bitcoin"] +VOLUME ["/app/.4nk"] EXPOSE 8090 8091 -ENTRYPOINT ["sdk_relay", "--config", "/home/bitcoin/.conf"] \ No newline at end of file +ENTRYPOINT ["sdk_relay", "--config", "/app/.conf"] \ No newline at end of file