Switch Nimbus source build to alpine (eth-educators#1878)

yorickdowne · Jul 19, 2024 · 0a79ca5 · 0a79ca5
1 parent 0c29886
commit 0a79ca5
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 23 deletions.
diff --git a/nimbus/Dockerfile.source b/nimbus/Dockerfile.source
@@ -1,5 +1,5 @@
-# Build Nimbus in a stock debian container
-FROM debian:bookworm-slim AS builder
+# Build Nimbus in a stock alpine container
+FROM alpine:3 AS builder
 
 # Included here to avoid build-time complaints
 ARG DOCKER_TAG
@@ -10,28 +10,19 @@ ARG DOCKER_VC_REPO
 ARG BUILD_TARGET
 ARG SRC_REPO
 
-RUN apt-get update && apt-get install -y build-essential git ca-certificates
+RUN apk update && apk add --no-cache make gcc musl-dev linux-headers git bash git-lfs nim
 
 WORKDIR /usr/src
-RUN bash -c "git clone --recurse-submodules -j8 ${SRC_REPO} nimbus-eth2 && cd nimbus-eth2 && git config advice.detachedHead false && git fetch --all --tags && if [[ ${BUILD_TARGET} =~ pr-.+ ]]; then git fetch origin pull/$(echo ${BUILD_TARGET} | cut -d '-' -f 2)/head:nim-pr; git checkout nim-pr; else git checkout ${BUILD_TARGET}; fi && make -j$(nproc) update && make -j$(nproc) nimbus_beacon_node nimbus_validator_client"
+RUN bash -c "git clone --recurse-submodules -j8 ${SRC_REPO} nimbus-eth2 && cd nimbus-eth2 && git config advice.detachedHead false && git fetch --all --tags && if [[ ${BUILD_TARGET} =~ pr-.+ ]]; then git fetch origin pull/$(echo ${BUILD_TARGET} | cut -d '-' -f 2)/head:nim-pr; git checkout nim-pr; else git checkout ${BUILD_TARGET}; fi && make USE_SYSTEM_NIM=1 -j$(nproc) update && make USE_SYSTEM_NIM=1 -j$(nproc) nimbus_beacon_node nimbus_validator_client"
 
 # Pull all binaries into a second stage deploy debian container
-FROM debian:bookworm-slim AS consensus
+FROM alpine:3 AS consensus
 
 ARG USER=user
 ARG UID=10002
 
-RUN apt-get update && DEBIAN_FRONTEND=noninteractive TZ=Etc/UTC apt-get install -y --no-install-recommends \
-  ca-certificates bash tzdata git curl \
-  && apt-get clean \
-  && rm -rf /var/lib/apt/lists/*
-
-RUN set -eux; \
-        apt-get update; \
-        apt-get install -y gosu; \
-        rm -rf /var/lib/apt/lists/*; \
-# verify that the binary works
-        gosu nobody true
+RUN apk update && apk add \
+  ca-certificates bash tzdata git curl su-exec gcc
 
 # See https://stackoverflow.com/a/55757473/12429735RUN
 RUN adduser \
@@ -56,15 +47,13 @@ USER ${USER}
 
 ENTRYPOINT ["nimbus_beacon_node"]
 
-FROM debian:bookworm-slim AS validator
+FROM alpine:3 AS validator
 
 ARG USER=user
 ARG UID=10000
 
-RUN apt-get update && DEBIAN_FRONTEND=noninteractive TZ=Etc/UTC apt-get install -y --no-install-recommends \
-  ca-certificates bash tzdata curl \
-  && apt-get clean \
-  && rm -rf /var/lib/apt/lists/*
+RUN apk update && apk add \
+  ca-certificates bash tzdata curl su-exec gcc
 
 # See https://stackoverflow.com/a/55757473/12429735RUN
 RUN adduser \

diff --git a/nimbus/docker-entrypoint-vc.sh b/nimbus/docker-entrypoint-vc.sh
@@ -2,7 +2,7 @@
 
 if [ "$(id -u)" = '0' ]; then
   chown -R user:user /var/lib/nimbus
-  exec gosu user docker-entrypoint-vc.sh "$@"
+  exec su-exec user docker-entrypoint-vc.sh "$@"
 fi
 
 # Remove old low-entropy token, related to Sigma Prime security audit

diff --git a/nimbus/docker-entrypoint.sh b/nimbus/docker-entrypoint.sh
@@ -2,7 +2,12 @@
 
 if [ "$(id -u)" = '0' ]; then
   chown -R user:user /var/lib/nimbus
-  exec gosu user docker-entrypoint.sh "$@"
+  if command -v gosu &>/dev/null; then
+    __as_user=gosu
+  else
+    __as_user=su-exec
+  fi
+  exec ${__as_user} user docker-entrypoint.sh "$@"
 fi
 
 # Remove old low-entropy token, related to Sigma Prime security audit