From 5e0a938915c43b6dc3443faad9a265a7abcf5d50 Mon Sep 17 00:00:00 2001 From: Nicko Guyer Date: Tue, 9 Jan 2024 16:58:44 -0500 Subject: [PATCH 1/7] Use non-root user in Docker image Signed-off-by: Nicko Guyer --- Dockerfile | 41 +++++++++++++++++++++++++++++++---------- manifest.json | 2 +- 2 files changed, 32 insertions(+), 11 deletions(-) diff --git a/Dockerfile b/Dockerfile index e3ec754599..758a352aee 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,15 +11,27 @@ ARG BUILD_VERSION ARG GIT_REF RUN apk add make gcc build-base curl git WORKDIR /firefly -ADD go.mod go.sum ./ +RUN chgrp -R 0 /firefly \ + && chmod -R g+rwX /firefly \ + && mkdir /.cache \ + && chgrp -R 0 /.cache \ + && chmod -R g+rwX /.cache +USER 1001 +ADD --chown=1001:0 go.mod go.sum ./ RUN go mod download -ADD . . +ADD --chown=1001:0 . . RUN make build FROM --platform=$FABRIC_BUILDER_PLATFORM $FABRIC_BUILDER_TAG AS fabric-builder RUN apk add libc6-compat WORKDIR /firefly/smart_contracts/fabric/firefly-go -ADD smart_contracts/fabric/firefly-go . +RUN chgrp -R 0 /firefly \ + && chmod -R g+rwX /firefly \ + && mkdir /.cache \ + && chgrp -R 0 /.cache \ + && chmod -R g+rwX /.cache +USER 1001 +ADD --chown=1001:0 smart_contracts/fabric/firefly-go . RUN GO111MODULE=on go mod vendor WORKDIR /tmp/fabric RUN wget https://github.com/hyperledger/fabric/releases/download/v2.3.2/hyperledger-fabric-linux-amd64-2.3.2.tar.gz @@ -29,9 +41,12 @@ RUN ./bin/peer lifecycle chaincode package /firefly/smart_contracts/fabric/firef FROM $SOLIDITY_BUILDER_TAG AS solidity-builder WORKDIR /firefly/solidity_firefly -ADD smart_contracts/ethereum/solidity_firefly/ . -RUN apk add jq \ - && mkdir -p build/contracts \ +RUN apk add jq +RUN chgrp -R 0 /firefly \ + && chmod -R g+rwX /firefly +ADD --chown=1001:0 smart_contracts/ethereum/solidity_firefly/ . +USER 1001 +RUN mkdir -p build/contracts \ && cd contracts \ && solc --combined-json abi,bin,devdoc -o ../build/contracts Firefly.sol \ && cd ../build/contracts \ @@ -42,15 +57,21 @@ ARG UI_TAG ARG UI_RELEASE RUN apk add --update --no-cache sqlite postgresql-client curl jq WORKDIR /firefly +RUN chgrp -R 0 /firefly \ + && chmod -R g+rwX /firefly \ + && mkdir /etc/firefly \ + && chgrp -R 0 /etc/firefly \ + && chmod -R g+rwX /etc/firefly RUN curl -sL "https://github.com/golang-migrate/migrate/releases/download/$(curl -sL https://api.github.com/repos/golang-migrate/migrate/releases/latest | jq -r '.name')/migrate.linux-amd64.tar.gz" | tar xz \ && chmod +x ./migrate \ && mv ./migrate /usr/bin/migrate -COPY --from=firefly-builder /firefly/firefly ./firefly -COPY --from=firefly-builder /firefly/db ./db -COPY --from=solidity-builder /firefly/solidity_firefly/build/contracts ./contracts -COPY --from=fabric-builder /firefly/smart_contracts/fabric/firefly-go/firefly_fabric.tar.gz ./contracts/firefly_fabric.tar.gz +COPY --from=firefly-builder --chown=1001:0 /firefly/firefly ./firefly +COPY --from=firefly-builder --chown=1001:0 /firefly/db ./db +COPY --from=solidity-builder --chown=1001:0 /firefly/solidity_firefly/build/contracts ./contracts +COPY --from=fabric-builder --chown=1001:0 /firefly/smart_contracts/fabric/firefly-go/firefly_fabric.tar.gz ./contracts/firefly_fabric.tar.gz ENV UI_RELEASE https://github.com/hyperledger/firefly-ui/releases/download/$UI_TAG/$UI_RELEASE.tgz RUN mkdir /firefly/frontend \ && curl -sLo - $UI_RELEASE | tar -C /firefly/frontend -zxvf - RUN ln -s /firefly/firefly /usr/bin/firefly +USER 1001 ENTRYPOINT [ "firefly" ] diff --git a/manifest.json b/manifest.json index d8c0a98d98..1e9b5e6833 100644 --- a/manifest.json +++ b/manifest.json @@ -59,6 +59,6 @@ "release": "v1.2.0" }, "cli": { - "tag": "v1.2.1" + "tag": "14387a519ef794e41b85c039e40ddc419fd5967a" } } \ No newline at end of file From f3e4ccdcd5d5451f25e1155fc364d11622626ba5 Mon Sep 17 00:00:00 2001 From: Nicko Guyer Date: Wed, 10 Jan 2024 13:46:25 -0500 Subject: [PATCH 2/7] Remove unused Dockerfile Signed-off-by: Nicko Guyer --- smart_contracts/fabric/firefly-go/Dockerfile | 9 --------- 1 file changed, 9 deletions(-) delete mode 100644 smart_contracts/fabric/firefly-go/Dockerfile diff --git a/smart_contracts/fabric/firefly-go/Dockerfile b/smart_contracts/fabric/firefly-go/Dockerfile deleted file mode 100644 index 4329d558eb..0000000000 --- a/smart_contracts/fabric/firefly-go/Dockerfile +++ /dev/null @@ -1,9 +0,0 @@ -FROM golang:1.18 - -WORKDIR /app -COPY firefly.go go.mod go.sum ./ -COPY chaincode/ ./chaincode/ -COPY batchpin/ ./batchpin/ -RUN ls -la ./ \ - && GO111MODULE=on GOOS=linux CGO_ENABLED=0 go build -o firefly.bin firefly.go - From 204de1e65c6440720634758e5875b110633405fe Mon Sep 17 00:00:00 2001 From: Nicko Guyer Date: Wed, 10 Jan 2024 14:16:41 -0500 Subject: [PATCH 3/7] Pin package versions in Dockerfile Signed-off-by: Nicko Guyer --- Dockerfile | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 758a352aee..45772edd32 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,7 +9,11 @@ ARG GIT_REF FROM $FIREFLY_BUILDER_TAG AS firefly-builder ARG BUILD_VERSION ARG GIT_REF -RUN apk add make gcc build-base curl git +RUN apk add make=4.3-r0 \ + gcc=11.2.1_git20220219-r2 \ + build-base=0.5-r3 \ + curl=8.5.0-r0 \ + git=2.36.6-r0 WORKDIR /firefly RUN chgrp -R 0 /firefly \ && chmod -R g+rwX /firefly \ @@ -23,7 +27,7 @@ ADD --chown=1001:0 . . RUN make build FROM --platform=$FABRIC_BUILDER_PLATFORM $FABRIC_BUILDER_TAG AS fabric-builder -RUN apk add libc6-compat +RUN apk add libc6-compat=1.2.3-r3 WORKDIR /firefly/smart_contracts/fabric/firefly-go RUN chgrp -R 0 /firefly \ && chmod -R g+rwX /firefly \ @@ -41,7 +45,6 @@ RUN ./bin/peer lifecycle chaincode package /firefly/smart_contracts/fabric/firef FROM $SOLIDITY_BUILDER_TAG AS solidity-builder WORKDIR /firefly/solidity_firefly -RUN apk add jq RUN chgrp -R 0 /firefly \ && chmod -R g+rwX /firefly ADD --chown=1001:0 smart_contracts/ethereum/solidity_firefly/ . @@ -55,7 +58,11 @@ RUN mkdir -p build/contracts \ FROM $BASE_TAG ARG UI_TAG ARG UI_RELEASE -RUN apk add --update --no-cache sqlite postgresql-client curl jq +RUN apk add --update --no-cache \ + sqlite=3.40.1-r0 \ + postgresql14-client=14.10-r0 \ + curl=8.5.0-r0 \ + jq=1.6-r1 WORKDIR /firefly RUN chgrp -R 0 /firefly \ && chmod -R g+rwX /firefly \ From 5670f4f11b297b88faeecdb62554316a704212fc Mon Sep 17 00:00:00 2001 From: Nicko Guyer Date: Wed, 28 Feb 2024 12:32:28 -0500 Subject: [PATCH 4/7] Fix build issues after merge Signed-off-by: Nicko Guyer --- Dockerfile | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9d0362f8bc..45cd5023d8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,11 +9,11 @@ ARG GIT_REF FROM $FIREFLY_BUILDER_TAG AS firefly-builder ARG BUILD_VERSION ARG GIT_REF -RUN apk add make=4.3-r0 \ - gcc=11.2.1_git20220219-r2 \ +RUN apk add make=4.4.1-r2 \ + gcc=13.2.1_git20231014-r0 \ build-base=0.5-r3 \ curl=8.5.0-r0 \ - git=2.36.6-r0 + git=2.43.0-r0 WORKDIR /firefly RUN chgrp -R 0 /firefly \ && chmod -R g+rwX /firefly \ @@ -27,7 +27,7 @@ ADD --chown=1001:0 . . RUN make build FROM --platform=$FABRIC_BUILDER_PLATFORM $FABRIC_BUILDER_TAG AS fabric-builder -RUN apk add libc6-compat=1.2.3-r3 +RUN apk add gcompat=1.1.0-r4 WORKDIR /firefly/smart_contracts/fabric/firefly-go RUN chgrp -R 0 /firefly \ && chmod -R g+rwX /firefly \ @@ -67,10 +67,10 @@ FROM $BASE_TAG ARG UI_TAG ARG UI_RELEASE RUN apk add --update --no-cache \ - sqlite=3.40.1-r0 \ - postgresql14-client=14.10-r0 \ + sqlite=3.44.2-r0 \ + postgresql16-client=16.2-r0 \ curl=8.5.0-r0 \ - jq=1.6-r1 + jq=1.7.1-r0 WORKDIR /firefly RUN chgrp -R 0 /firefly \ && chmod -R g+rwX /firefly \ From 3ea255d22618d882271185a2a0f6d00361def893 Mon Sep 17 00:00:00 2001 From: Nicko Guyer Date: Wed, 28 Feb 2024 13:09:58 -0500 Subject: [PATCH 5/7] Update FireFly CLI Signed-off-by: Nicko Guyer --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index e2707f44a1..1a2ef7dcca 100644 --- a/manifest.json +++ b/manifest.json @@ -59,6 +59,6 @@ "release": "v1.2.0" }, "cli": { - "tag": "14387a519ef794e41b85c039e40ddc419fd5967a" + "tag": "v1.3.0-rc.1" } } From a3ed31d9636faff01f90267de28bbe5e6d375aaf Mon Sep 17 00:00:00 2001 From: Nicko Guyer Date: Wed, 28 Feb 2024 14:47:16 -0500 Subject: [PATCH 6/7] Update FireFly CLI Signed-off-by: Nicko Guyer --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index 1a2ef7dcca..c966d9ae1e 100644 --- a/manifest.json +++ b/manifest.json @@ -59,6 +59,6 @@ "release": "v1.2.0" }, "cli": { - "tag": "v1.3.0-rc.1" + "tag": "aa46145bfd7da8d91f54f8c8726c7d0dd17c9561" } } From 45940ce36ab2720f2c4345bcbf77a1978e6ba633 Mon Sep 17 00:00:00 2001 From: Nicko Guyer Date: Wed, 28 Feb 2024 15:31:56 -0500 Subject: [PATCH 7/7] Update FireFly CLI Signed-off-by: Nicko Guyer --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index c966d9ae1e..3d50771f2f 100644 --- a/manifest.json +++ b/manifest.json @@ -59,6 +59,6 @@ "release": "v1.2.0" }, "cli": { - "tag": "aa46145bfd7da8d91f54f8c8726c7d0dd17c9561" + "tag": "c71842f6d2df5167859d5ae87caf14a4e16c5ee1" } }