lncm/docker-ipfs

This repo builds go-ipfs in a completely reproducible, and auditable way, and packages it into radically minimal Docker containers provided for various CPU architectures.

Details

• All git-tags (and most commits) are signed by D8CA1776EB9265491D07CE67F546ECBEA809CB18
• All git-tags (and most commits) are opentimestamps-ed
• All built binaries should be reproducible
• Each build produces binaries for: amd64, arm64v8, arm32v7, and arm32v6
• Each version is provided in two flavors:
  • nofuse (default) builds IPFS w/o fuse - only API/RPC/CLI communication is possible, but it requires zero extra config
  • fuse builds IPFS with fuse support, and allows for mounting of /ipfs/, and /ipns/
• All architectures are aggregated under an easy-to-use Docker Manifest
• All git-tags are build automatically, and with an auditable trace
• Each successful build of a git tag pushes result Docker image to Docker Hub
• Each successful build of a git tag uploads result Go binaries to Github Releases
• Images pushed to Docker Hub are never deleted (even if lnd version gets overriden, previous one is preserved)
• All final images are based on Alpine for minimum base size
• All binaries are compressed with upx
• Each git-tag build is tagged with a unique tag number

Tags

NOTE: For an always up-to-date list see: https://hub.docker.com/r/lncm/ipfs/tags

• latest nofuse v0.4.22 v0.4 v0.4.22-nofuse v0.4-nofuse
• fuse v0.4.22-fuse v0.4-fuse
• v0.4.21

Usage

Pull

First pull the image from Docker Hub:

docker pull lncm/ipfs:v0.4.22

NOTE: Running above will automatically choose native architecture of your CPU.

Or, to pull a specific CPU architecture:

docker pull lncm/ipfs:v0.4.22-fuse-arm64

Start

Then to start ipfs, execute:

docker run  -it  --rm  --detach \
    -v ~/.ipfs:/data/.ipfs \
    -p 4001:4001 \
    -p 5001:5001 \
    --name ipfs \
    lncm/ipfs:v0.4.22

That will runs ipfs with:

• all data generated by the container is stored in ~/.ipfs on your host machine,
• all data is created as owned by used with UID 1000
• port 4001 is reachable on the localhost for the peer-to-peer communication,
• control port 5001 is reachable on the localhost for RPC communication,
• created container will get named ipfs,
• that command will run the container in the background and print the ID of the container being run.

Start (w/fuse)

Then to start ipfs, execute:

docker run  -it  --rm  \
    -v "~/.ipfs:/data/.ipfs" \
    -v "./ipfs:/ipfs/" \
    -v "./ipns:/ipns/" \
    -p 4001:4001 \
    -p 5001:5001 \
    --cap-add SYS_ADMIN \
    --device /dev/fuse:/dev/fuse:mrw \
    --name ipfs \
    lncm/ipfs:v0.4.22-fuse

That will runs ipfs with:

• Extra permission granted is SYS_ADMIN, and container gains access to device /dev/fuse
• all data generated by the container is stored in ~/.ipfs on your host machine,
• all file-system level data is in ./ipfs/, and ./ipns/ in your current directory
• all data is created as owned by root
• port 4001 is reachable on the localhost for the peer-to-peer communication,
• control port 5001 is reachable on the localhost for RPC communication,
• created container will get named ipfs,
• that command will run the container in the background and print the ID of the container being run.

Interact

To issue any commands to a running container, do:

docker exec -it ipfs BINARY COMMAND

Examples:

docker exec -it ipfs  ipfs --help
docker exec -it ipfs  ipfs --version
docker exec -it ipfs  ipfs id
docker exec -it ipfs  ipfs swarm peers
docker exec -it ipfs  ipfs stats bw

Releases

After git-tag push, the release process is fully automated. That being said there are a few things that need to be done to prepare for the release.