Set user/group id for monero user with clean up (#117)

Co-authored-by: Deverick <5827364+deverickapollo@users.noreply.github.com>
2025-08-18 14:57:50 +02:00 · 2025-08-18 14:57:50 +02:00 · df0330af26
commit df0330af26
parent f09a468d22
5 changed files with 80 additions and 170 deletions
--- a/Monero/0.18.4.0/Dockerfile
+++ b/Monero/0.18.4.0/Dockerfile
@ -0,0 +1,70 @@
+FROM debian:trixie-slim AS builder
+
+# Install dependencies
+RUN apt-get update && apt-get -y --no-install-recommends install bzip2 ca-certificates wget
+
+# Set necessary variables for the current Monero version
+ARG TARGETPLATFORM
+ENV MONERO_VERSION=0.18.4.0
+
+# Select and download binary based on build architecture
+RUN set -ex \
+    && case "${TARGETPLATFORM}" in \
+        "linux/amd64") \
+            ARCH="x64" \
+            FILE_CHECKSUM="16cb74c899922887827845a41d37c7f3121462792a540843f2fcabcc1603993f" \
+            ;; \
+        "linux/arm64") \
+            ARCH="armv8" \
+            FILE_CHECKSUM="f252b6a24e801535bf36fbaaa7b2d6ae44b1efc5d427803d483e3c3a17d6f2cd" \
+            ;; \
+        "linux/arm/v7") \
+            ARCH="armv7" \
+            FILE_CHECKSUM="b35b5e8d27d799cea6cf3ff539a672125292784739db41181b92a9c73e1c325b" \
+            ;; \
+        *) \
+            echo "Unsupported architecture: ${TARGETPLATFORM}" \
+            exit 1 \
+            ;; \
+    esac \
+    && export FILE=monero-linux-${ARCH}-v${MONERO_VERSION}.tar.bz2 \
+	&& cd /tmp \
+	&& wget -qO ${FILE} https://downloads.getmonero.org/cli/${FILE} \
+	&& echo "${FILE_CHECKSUM} ${FILE}" | sha256sum -c - \
+	&& mkdir bin \
+	&& tar -jxf ${FILE} -C bin --strip-components=1 \
+	&& find bin/ -type f -executable -exec chmod a+x {} \;
+
+FROM debian:trixie-slim
+COPY --from=builder "/tmp/bin" /usr/local/bin
+
+RUN apt-get update && apt-get -y --no-install-recommends install gosu && rm -rf /var/lib/apt/lists/*
+
+# Create user and group id for monero user
+ARG MONERO_USER_ID=980
+ARG MONERO_GROUP_ID=980
+
+# Add monero user
+RUN groupadd -r -g $MONERO_GROUP_ID monero && useradd -r -m -u $MONERO_USER_ID -g monero monero
+
+# Copy notifier script
+COPY ./scripts /scripts/
+RUN find /scripts/ -type f -print0 | xargs -0 chmod a+x
+
+# Create data and wallet directories
+ENV MONERO_DATA=/data
+ENV MONERO_WALLET=/wallet
+RUN mkdir -p "$MONERO_DATA" "$MONERO_WALLET" \
+    && chown -R monero:monero "$MONERO_DATA" "$MONERO_WALLET" \
+    && ln -sfn "$MONERO_DATA" /home/monero/.bitmonero \
+    && chown -h monero:monero /home/monero/.bitmonero
+
+# Specify necessary volumes
+VOLUME /data
+VOLUME /wallet
+
+# Expose p2p, RPC, and ZMQ ports
+EXPOSE 18080 18081 18082
+
+COPY ./scripts/docker-entrypoint.sh /entrypoint.sh
+ENTRYPOINT ["/entrypoint.sh"]
--- a/Monero/0.18.4.0/linuxamd64.Dockerfile
+++ b/Monero/0.18.4.0/linuxamd64.Dockerfile
@ -1,52 +0,0 @@
-# Set base image
-FROM debian:bookworm-slim
-
-# Set necessary environment variables for the current Monero version and hash
-ENV FILE=monero-linux-x64-v0.18.4.0.tar.bz2
-ENV FILE_CHECKSUM=16cb74c899922887827845a41d37c7f3121462792a540843f2fcabcc1603993f
-
-# Set SHELL options per https://github.com/hadolint/hadolint/wiki/DL4006
-SHELL ["/bin/bash", "-o", "pipefail", "-c"]
-
-# Install dependencies
-RUN apt-get update \
-    && apt-get upgrade -y \
-    && apt-get -y --no-install-recommends install bzip2 ca-certificates wget curl \
-    && apt-get -y autoremove \
-    && apt-get clean autoclean \
-    && rm -rf /var/lib/apt/lists/*
-
-# Download specified Monero tar.gz and verify downloaded binary against hardcoded checksum
-RUN wget -qO $FILE https://downloads.getmonero.org/cli/$FILE && \
-    echo "$FILE_CHECKSUM $FILE" | sha256sum -c - 
-
-# Extract and set permissions on Monero binaries
-RUN mkdir -p extracted && \
-    tar -jxvf $FILE -C /extracted && \
-    find /extracted/ -type f -print0 | xargs -0 chmod a+x && \
-    find /extracted/ -type f -print0 | xargs -0 mv -t /usr/local/bin/ && \
-    rm -rf extracted && rm $FILE
-
-# Copy notifier script
-COPY ./scripts /scripts/
-RUN find /scripts/ -type f -print0 | xargs -0 chmod a+x
-
-# Create monero user
-RUN adduser --system --group --disabled-password monero && \
-	mkdir -p /wallet /home/monero/.bitmonero && \
-	chown -R monero:monero /home/monero/.bitmonero && \
-	chown -R monero:monero /home/monero && \
-	chown -R monero:monero /wallet
-
-# Specify necessary volumes
-VOLUME /home/monero/.bitmonero
-VOLUME /wallet
-
-# Expose p2p, RPC, and ZMQ ports
-EXPOSE 18080
-EXPOSE 18081
-EXPOSE 18082
-
-# Switch to user monero
-USER monero
-ENV HOME=/home/monero
--- a/Monero/0.18.4.0/linuxarm32v7.Dockerfile
+++ b/Monero/0.18.4.0/linuxarm32v7.Dockerfile
@ -1,59 +0,0 @@
-# Use manifest image which supports all architectures
-FROM debian:bookworm-slim AS builder
-
-RUN set -ex \
-	&& apt-get update \
-	&& apt-get install -qq --no-install-recommends ca-certificates wget bzip2
-RUN apt-get install -qq --no-install-recommends qemu-user-static binfmt-support
-
-ENV MONERO_VERSION=0.18.4.0
-ENV FILE=monero-linux-armv7-v${MONERO_VERSION}.tar.bz2
-ENV FILE_CHECKSUM=b35b5e8d27d799cea6cf3ff539a672125292784739db41181b92a9c73e1c325b
-
-# Download and verify Monero binaries
-RUN set -ex \
-	&& cd /tmp \
-	&& wget -qO ${FILE} https://downloads.getmonero.org/cli/${FILE} \
-	&& echo "${FILE_CHECKSUM} ${FILE}" | sha256sum -c - \
-	&& mkdir bin \
-	&& tar -jxf ${FILE} -C bin --strip-components=1 \
-	&& find bin/ -type f -executable -exec chmod a+x {} \;
-
-# Making sure the final image is ARM32 despite being built on x64
-FROM --platform=arm debian:bookworm-slim
-
-COPY --from=builder "/tmp/bin" /usr/local/bin
-COPY --from=builder /usr/bin/qemu-arm-static /usr/bin/qemu-arm-static
-
-# Install runtime dependencies
-RUN apt-get update \
-    && apt-get upgrade -y \
-    && apt-get install -qq --no-install-recommends ca-certificates curl \
-    && apt-get clean \
-    && apt-get autoclean \
-    && apt-get autoremove \
-    && rm -rf /var/lib/apt/lists/*
-
-# Copy notifier script
-COPY ./scripts /scripts/
-RUN find /scripts/ -type f -print0 | xargs -0 chmod a+x
-
-# Create monero user
-RUN adduser --system --group --disabled-password monero && \
-	mkdir -p /wallet /home/monero/.bitmonero && \
-	chown -R monero:monero /home/monero/.bitmonero && \
-	chown -R monero:monero /home/monero && \
-	chown -R monero:monero /wallet
-
-# Specify necessary volumes
-VOLUME /home/monero/.bitmonero
-VOLUME /wallet
-
-# Expose p2p, RPC, and ZMQ ports
-EXPOSE 18080
-EXPOSE 18081
-EXPOSE 18082
-
-# Switch to user monero
-USER monero
-ENV HOME=/home/monero
--- a/Monero/0.18.4.0/linuxarm64v8.Dockerfile
+++ b/Monero/0.18.4.0/linuxarm64v8.Dockerfile
@ -1,59 +0,0 @@
-# Use manifest image which supports all architectures
-FROM debian:bookworm-slim AS builder
-
-RUN set -ex \
-	&& apt-get update \
-	&& apt-get install -qq --no-install-recommends ca-certificates wget bzip2
-RUN apt-get install -qq --no-install-recommends qemu-user-static binfmt-support
-
-ENV MONERO_VERSION=0.18.4.0
-ENV FILE=monero-linux-armv8-v${MONERO_VERSION}.tar.bz2
-ENV FILE_CHECKSUM=f252b6a24e801535bf36fbaaa7b2d6ae44b1efc5d427803d483e3c3a17d6f2cd
-
-# Download and verify Monero binaries
-RUN set -ex \
-	&& cd /tmp \
-	&& wget -qO ${FILE} https://downloads.getmonero.org/cli/${FILE} \
-	&& echo "${FILE_CHECKSUM} ${FILE}" | sha256sum -c - \
-	&& mkdir bin \
-	&& tar -jxf ${FILE} -C bin --strip-components=1 \
-	&& find bin/ -type f -executable -exec chmod a+x {} \;
-
-# Making sure the final image is ARM64 despite being built on x64
-FROM --platform=arm64 debian:bookworm-slim
-
-COPY --from=builder "/tmp/bin" /usr/local/bin
-COPY --from=builder /usr/bin/qemu-aarch64-static /usr/bin/qemu-aarch64-static
-
-# Install runtime dependencies
-RUN apt-get update \
-	&& apt-get upgrade -y \
-	&& apt-get install -qq --no-install-recommends ca-certificates curl \
-	&& apt-get clean \
-	&& apt-get autoclean \
-	&& apt-get autoremove \
-	&& rm -rf /var/lib/apt/lists/*
-
-# Copy notifier script
-COPY ./scripts /scripts/
-RUN find /scripts/ -type f -print0 | xargs -0 chmod a+x
-
-# Create monero user
-RUN adduser --system --group --disabled-password monero && \
-	mkdir -p /wallet /home/monero/.bitmonero && \
-	chown -R monero:monero /home/monero/.bitmonero && \
-	chown -R monero:monero /home/monero && \
-	chown -R monero:monero /wallet
-
-# Specify necessary volumes
-VOLUME /home/monero/.bitmonero
-VOLUME /wallet
-
-# Expose p2p, RPC, and ZMQ ports
-EXPOSE 18080
-EXPOSE 18081
-EXPOSE 18082
-
-# Switch to user monero
-USER monero
-ENV HOME=/home/monero
--- a/Monero/0.18.4.0/scripts/docker-entrypoint.sh
+++ b/Monero/0.18.4.0/scripts/docker-entrypoint.sh
@ -0,0 +1,10 @@
+#!/bin/bash
+set -e
+
+# Set permissions for directories
+chown -R monero "$MONERO_DATA"
+chown -R monero:monero "$MONERO_WALLET"
+ln -sfn "$MONERO_DATA" /home/monero/.bitmonero
+chown -h monero:monero /home/monero/.bitmonero
+
+gosu monero "$@"