summaryrefslogtreecommitdiffstats
path: root/docker
diff options
context:
space:
mode:
authortleydxdy <koubeshio@tutanota.com>2020-05-01 09:35:34 +0800
committerGitHub <noreply@github.com>2020-04-30 20:35:34 -0500
commitbd2c7e3bb900e6a9134c4fad08497b399195eb85 (patch)
tree1f3b93aa21491c86efa005153289f0fd19ab4478 /docker
parent9d23cf33fd6c062c055c0fd41141749eaa709a88 (diff)
downloadinvidious-bd2c7e3bb900e6a9134c4fad08497b399195eb85.tar.gz
invidious-bd2c7e3bb900e6a9134c4fad08497b399195eb85.tar.bz2
invidious-bd2c7e3bb900e6a9134c4fad08497b399195eb85.zip
Verify download, fix invidious file permission (#949)
* Fix docker
Diffstat (limited to 'docker')
-rw-r--r--docker/Dockerfile29
1 files changed, 14 insertions, 15 deletions
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 11ab6ed2..d0e4827a 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,27 +1,25 @@
FROM alpine:edge AS builder
-RUN apk add --no-cache crystal shards libc-dev \
+RUN apk add --no-cache curl crystal shards libc-dev \
yaml-dev libxml2-dev sqlite-dev zlib-dev openssl-dev \
- sqlite-static zlib-static openssl-libs-static
+ yaml-static sqlite-static zlib-static openssl-libs-static
WORKDIR /invidious
-COPY ./shard.yml ./shard.yml
-RUN shards update && shards install
-RUN apk add --no-cache curl && \
- curl -Lo /etc/apk/keys/omarroth.rsa.pub https://github.com/omarroth/boringssl-alpine/releases/download/1.1.0-r0/omarroth.rsa.pub && \
+RUN curl -Lo /etc/apk/keys/omarroth.rsa.pub https://github.com/omarroth/boringssl-alpine/releases/download/1.1.0-r0/omarroth.rsa.pub && \
curl -Lo boringssl-dev.apk https://github.com/omarroth/boringssl-alpine/releases/download/1.1.0-r0/boringssl-dev-1.1.0-r0.apk && \
curl -Lo lsquic.apk https://github.com/omarroth/lsquic-alpine/releases/download/2.6.3-r0/lsquic-2.6.3-r0.apk && \
- tar -xf boringssl-dev.apk && \
- tar -xf lsquic.apk
-RUN mv ./usr/lib/libcrypto.a ./lib/lsquic/src/lsquic/ext/libcrypto.a && \
- mv ./usr/lib/libssl.a ./lib/lsquic/src/lsquic/ext/libssl.a && \
- mv ./usr/lib/liblsquic.a ./lib/lsquic/src/lsquic/ext/liblsquic.a
+ apk verify --no-cache boringssl-dev.apk lsquic.apk && \
+ tar -xf boringssl-dev.apk usr/lib/libcrypto.a usr/lib/libssl.a && \
+ tar -xf lsquic.apk usr/lib/liblsquic.a && \
+ rm /etc/apk/keys/omarroth.rsa.pub boringssl-dev.apk lsquic.apk
+COPY ./shard.yml ./shard.yml
+RUN shards update && shards install && \
+ mv ./usr/lib/* ./lib/lsquic/src/lsquic/ext && \
+ rm -r ./usr /root/.cache
COPY ./src/ ./src/
# TODO: .git folder is required for building – this is destructive.
# See definition of CURRENT_BRANCH, CURRENT_COMMIT and CURRENT_VERSION.
COPY ./.git/ ./.git/
RUN crystal build ./src/invidious.cr \
--static --warnings all --error-on-warnings \
-# TODO: Remove next line, see https://github.com/crystal-lang/crystal/issues/7946
- -Dmusl \
--link-flags "-lxml2 -llzma"
FROM alpine:latest
@@ -30,10 +28,11 @@ WORKDIR /invidious
RUN addgroup -g 1000 -S invidious && \
adduser -u 1000 -S invidious -G invidious
COPY ./assets/ ./assets/
-COPY ./config/config.yml ./config/config.yml
+COPY --chown=invidious ./config/config.yml ./config/config.yml
+RUN sed -i 's/host: \(127.0.0.1\|localhost\)/host: postgres/' config/config.yml
COPY ./config/sql/ ./config/sql/
COPY ./locales/ ./locales/
-RUN sed -i 's/host: \(127.0.0.1\|localhost\)/host: postgres/' config/config.yml
COPY --from=builder /invidious/invidious .
+
USER invidious
CMD [ "/invidious/invidious" ]
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-17 11:02:17 +0000