Download node from sandstorm in Dockerfile.

author: Lauri Ojansivu <x@xet7.org> 2018-07-02 18:40:08 +0300
committer: Lauri Ojansivu <x@xet7.org> 2018-07-02 18:40:08 +0300
commit: bbdb6a90b29040aeb6afe8541e3549b043b2610d (patch)
tree: 46c974fd1efe55203cee3cec1631ff1d0b95869d
parent: 8fbbc104f7e2b680698d286859adab9adf5ff2ae (diff)
download: wekan-bbdb6a90b29040aeb6afe8541e3549b043b2610d.tar.gz
wekan-bbdb6a90b29040aeb6afe8541e3549b043b2610d.tar.bz2
wekan-bbdb6a90b29040aeb6afe8541e3549b043b2610d.zip
1 files changed, 68 insertions, 15 deletions
diff --git a/Dockerfile b/Dockerfile
index 8b8b6a09..e6bc5382 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -28,10 +28,10 @@ ENV SRC_PATH ${SRC_PATH:-./}
 COPY ${SRC_PATH} /home/wekan/app
 
 RUN \
-    # Add non-root user wekan
+    echo "=== Add non-root user wekan" && \
     useradd --user-group --system --home-dir /home/wekan wekan && \
     \
-    # OS dependencies
+    echo "=== OS dependencies" && \
     apt-get update -y && apt-get install -y --no-install-recommends ${BUILD_DEPS} && \
     \
     # Download nodejs
@@ -45,13 +45,65 @@ RUN \
     # Also see beginning of wekan/server/authentication.js
     #   import Fiber from "fibers";
     #   Fiber.poolSize = 1e9;
+    echo "=== Getting newest Node from Sandstorm fork of Node" && \
+    echo "=== Source: https://github.com/sandstorm-io/node ===" && \
+    \
+    # From https://github.com/sandstorm-io/sandstorm/blob/master/branch.conf
+    SANDSTORM_BRANCH_NUMBER=0 && \
+    \
+    # From https://github.com/sandstorm-io/sandstorm/blob/master/release.sh
+    SANDSTORM_CHANNEL=dev && \
+    SANDSTORM_LAST_BUILD=$(curl -fs https://install.sandstorm.io/$SANDSTORM_CHANNEL) && \
+    \
+    echo "=== Latest Sandstorm Release: ${SANDSTORM_LAST_BUILD}===" && \
+    if (( SANDSTORM_LAST_BUILD / 1000 > SANDSTORM_BRANCH_NUMBER )); && \
+    then && \
+      echo "SANDSTORM BRANCH ERROR: $CHANNEL has already moved past this branch!" >&2 && \
+      echo "  I refuse to replace it with an older branch." >&2 && \
+      exit 1 && \
+    fi && \
+    BASE_BUILD=$(( BRANCH_NUMBER * 1000 )) && \
+    BUILD=$(( BASE_BUILD > LAST_BUILD ? BASE_BUILD : LAST_BUILD + 1 )) && \
+    BUILD_MINOR="$(( $BUILD % 1000 ))" && \
+    DISPLAY_VERSION="${BRANCH_NUMBER}.${BUILD_MINOR}" && \
+    TAG_NAME="v${DISPLAY_VERSION}" && \
+    SIGNING_KEY_ID=160D2D577518B58D94C9800B63F227499DA8CCBD && \
+    TARBALL=sandstorm-$SANDSTORM_LAST_BUILD.tar.xz && \
+    NODE_EXE=sandstorm-$SANDSTORM_LAST_BUILD/bin/node && \
+    echo "=== Downloading Sandstorm GPG keys to verify Sandstorm release" && \
+    # Do verification in custom GPG workspace
+    # https://docs.sandstorm.io/en/latest/install/#option-3-pgp-verified-install
+    export GNUPGHOME=$(mktemp -d) && \
+    curl https://raw.githubusercontent.com/sandstorm-io/sandstorm/master/keys/release-keyring.gpg | gpg --import && \
+    wget https://raw.githubusercontent.com/sandstorm-io/sandstorm/master/keys/release-certificate.kentonv.sig && \
+    gpg --decrypt release-certificate.kentonv.sig && \
+    echo "=== Downloading Sandstorm release from https://dl.sandstorm.io/${TARBALL} ===" && \
+    wget https://dl.sandstorm.io/$TARBALL && \
+    echo "=== Downloading signature for Sandstorm release from https://dl.sandstorm.io/${TARBALL}.sig ===" && \
+    wget https://dl.sandstorm.io/$TARBALL.sig && \
+    echo "=== Verifying signature of Sandstorm release" && \
+    gpg --verify $TARBALL.sig $TARBALL && \
+    \
+    if [ $? -eq 0 ] && \
+    then && \
+      echo "=== All is well. Good signature in Sandstorm." && \
+    else && \
+      echo "=== PROBLEM WITH SANDSTORM SIGNATURE." && \
+      exit 1 && \
+    fi && \
+    echo "=== Extracting Node from Sandstorm release tarball" && \
+    # --strip 2 removes path of 2 subdirectories
+    tar -xf $TARBALL $NODE_EXE --strip=2 && \
+    echo "=== Deleting Sandstorm release tarball and signature" && \
+    rm $TARBALL $TARBALL.sig release-certificate.kentonv.si* && \
+    # == OLD ==
     # Download node version 8.11.1 that has fix included, node binary copied from Sandstorm
     # Description at https://releases.wekan.team/node.txt
-    wget https://releases.wekan.team/node-${NODE_VERSION}-${ARCHITECTURE}.tar.gz && \
-    echo "308d0caaef0a1da3e98d1a1615016aad9659b3caf31d0f09ced20cabedb8acbf  node-v8.11.1-linux-x64.tar.gz" >> SHASUMS256.txt.asc && \
-    \
+    ##wget https://releases.wekan.team/node-${NODE_VERSION}-${ARCHITECTURE}.tar.gz && \
+    ##echo "308d0caaef0a1da3e98d1a1615016aad9659b3caf31d0f09ced20cabedb8acbf  node-v8.11.1-linux-x64.tar.gz" >> SHASUMS256.txt.asc && \
+    ##\
     # Verify nodejs authenticity
-    grep ${NODE_VERSION}-${ARCHITECTURE}.tar.gz SHASUMS256.txt.asc | shasum -a 256 -c - && \
+    ##grep ${NODE_VERSION}-${ARCHITECTURE}.tar.gz SHASUMS256.txt.asc | shasum -a 256 -c - && \
     #export GNUPGHOME="$(mktemp -d)" && \
     #\
     # Try other key servers if ha.pool.sks-keyservers.net is unreachable
@@ -75,24 +127,25 @@ RUN \
     # Ignore socket files then delete files then delete directories
     #find "$GNUPGHOME" -type f | xargs rm -f && \
     #find "$GNUPGHOME" -type d | xargs rm -fR && \
-    rm -f SHASUMS256.txt.asc && \
+    ##rm -f SHASUMS256.txt.asc && \
     \
     # Install Node
-    tar xvzf node-${NODE_VERSION}-${ARCHITECTURE}.tar.gz && \
-    rm node-${NODE_VERSION}-${ARCHITECTURE}.tar.gz && \
-    mv node-${NODE_VERSION}-${ARCHITECTURE} /opt/nodejs && \
+    #tar xvzf node-${NODE_VERSION}-${ARCHITECTURE}.tar.gz && \
+    #rm node-${NODE_VERSION}-${ARCHITECTURE}.tar.gz && \
+    #mv node-${NODE_VERSION}-${ARCHITECTURE} /opt/nodejs && \
+    mv node /opt/nodejs && \
     ln -s /opt/nodejs/bin/node /usr/bin/node && \
     ln -s /opt/nodejs/bin/npm /usr/bin/npm && \
     \
     #DOES NOT WORK: paxctl fix for alpine linux: https://github.com/wekan/wekan/issues/1303
     #paxctl -mC `which node` && \
     \
-    # Install Node dependencies
+    echo "=== Install Node dependencies" && \
     npm install -g npm@${NPM_VERSION} && \
     npm install -g node-gyp && \
     npm install -g fibers@${FIBERS_VERSION} && \
     \
-    # Change user to wekan and install meteor
+    echo "=== Change user to wekan and install meteor" && \
     cd /home/wekan/ && \
     chown wekan:wekan --recursive /home/wekan && \
     curl https://install.meteor.com -o /home/wekan/install_meteor.sh && \
@@ -107,7 +160,7 @@ RUN \
       gosu wekan:wekan git clone --recursive --depth 1 -b release/METEOR@${METEOR_EDGE} git://github.com/meteor/meteor.git /home/wekan/.meteor; \
     fi; \
     \
-    # Get additional packages
+    echo "=== Get additional packages" && \
     mkdir -p /home/wekan/app/packages && \
     chown wekan:wekan --recursive /home/wekan && \
     cd /home/wekan/app/packages && \
@@ -117,7 +170,7 @@ RUN \
     cd /home/wekan/.meteor && \
     gosu wekan:wekan /home/wekan/.meteor/meteor -- help; \
     \
-    # Build app
+    echo "=== Build app" && \
     cd /home/wekan/app && \
     gosu wekan:wekan /home/wekan/.meteor/meteor add standard-minifier-js && \
     gosu wekan:wekan /home/wekan/.meteor/meteor npm install && \
@@ -135,7 +188,7 @@ RUN \
     #gosu wekan:wekan npm install bcrypt && \
     mv /home/wekan/app_build/bundle /build && \
     \
-    # Cleanup
+    echo "=== Cleanup" && \
     apt-get remove --purge -y ${BUILD_DEPS} && \
     apt-get autoremove -y && \
     rm -R /var/lib/apt/lists/* && \
author	Lauri Ojansivu <x@xet7.org>	2018-07-02 18:40:08 +0300
committer	Lauri Ojansivu <x@xet7.org>	2018-07-02 18:40:08 +0300
commit	bbdb6a90b29040aeb6afe8541e3549b043b2610d (patch)
tree	46c974fd1efe55203cee3cec1631ff1d0b95869d
parent	8fbbc104f7e2b680698d286859adab9adf5ff2ae (diff)
download	wekan-bbdb6a90b29040aeb6afe8541e3549b043b2610d.tar.gz wekan-bbdb6a90b29040aeb6afe8541e3549b043b2610d.tar.bz2 wekan-bbdb6a90b29040aeb6afe8541e3549b043b2610d.zip