Merge branch 'build-docker' into 'master'

Fix docker build

Closes #6

See merge request i2p-hackers/i2p.i2p!19

.dockerignore

@@ -0,0 +1,31 @@
+.idea
+.git
+Dockerfile
+
+
+# Gradle
+.gradle
+build
+apps/BOB/build
+apps/addressbook/build
+apps/desktopgui/build
+apps/i2pcontrol/build
+apps/i2psnark/build
+apps/i2ptunnel/build
+apps/imagegen/build
+apps/jetty/build
+apps/jrobin/build
+apps/ministreaming/java/build
+apps/ministreaming/build
+apps/routerconsole/build
+apps/sam/build
+apps/streaming/build
+apps/susidns/build
+apps/susimail/build
+apps/systray/build
+core/java/build
+core/build
+installer/build
+router/java/build
+router/build
+

.gitlab-ci.yml

@@ -2,6 +2,7 @@ image: openjdk:8-alpine
 
 stages:
     - test
+    - build
 
 cache:
     key: ${CI_COMMIT_REF_SLUG}
@@ -23,3 +24,45 @@ test:
         - master
         - merge_requests
         - tags
+
+# Make sure we can build a docker image
+# It's cached for later jobs
+build_docker:
+    stage: build
+    image: docker:19.03.12
+    services:
+        - docker:19.03.12-dind
+    script:
+        # Try to load latest branch image from local tar or from registry
+        - docker load -i ci-exports/$CI_COMMIT_REF_SLUG.tar || docker pull $CI_REGISTRY_IMAGE:latest || true
+        - docker build --cache-from $CI_REGISTRY_IMAGE:latest --tag $CI_REGISTRY_IMAGE:latest .
+        - mkdir -p ci-exports/
+        - docker save $CI_REGISTRY_IMAGE:latest > ci-exports/$CI_COMMIT_REF_SLUG.tar
+    variables:
+        # When using dind service, we need to instruct docker to talk with
+        # the daemon started inside of the service. The daemon is available
+        # with a network connection instead of the default
+        # /var/run/docker.sock socket. Docker 19.03 does this automatically
+        # by setting the DOCKER_HOST in
+        # https://github.com/docker-library/docker/blob/d45051476babc297257df490d22cbd806f1b11e4/19.03/docker-entrypoint.sh#L23-L29
+        #
+        # The 'docker' hostname is the alias of the service container as described at
+        # https://docs.gitlab.com/ee/ci/docker/using_docker_images.html#accessing-the-services.
+        #
+        # Specify to Docker where to create the certificates, Docker will
+        # create them automatically on boot, and will create
+        # `/certs/client` that will be shared between the service and job
+        # container, thanks to volume mount from config.toml
+        DOCKER_TLS_CERTDIR: "/certs"
+        # Use TLS https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#tls-enabled
+        DOCKER_HOST: tcp://docker:2376
+    cache:
+        # The same key should be used across branches
+        key: "$CI_COMMIT_REF_SLUG"
+        paths:
+            - ci-exports/
+    only:
+        - master
+        - merge_requests
+        - tags
+

Docker.entrypoint.sh

@@ -1,14 +0,0 @@
-#!/bin/sh
-
-export JAVA_HOME=/opt/jdk/jre
-
-# Ensure user rights
-chown -R i2p:nobody /opt/i2p
-chmod -R u+rwx /opt/i2p
-
-gosu i2p /opt/i2p/i2psvc /opt/i2p/wrapper.config wrapper.pidfile=/var/tmp/i2p.pid \
-   wrapper.name=i2p \
-   wrapper.displayname="I2P Service" \
-   wrapper.statusfile=/var/tmp/i2p.status \
-   wrapper.java.statusfile=/var/tmp/i2p.java.status \
-   wrapper.logfile=/var/tmp/wrapper.log

Dockerfile

@@ -1,62 +1,47 @@
-FROM meeh/java8server:latest
-# Docker image based on Alpine with Java.
+# Use a multi-stage build to reduce the size of the resulting image
+# We need alpine >v3 in order to install an apache-ant > 1.9
+FROM alpine:3 as builder
+ENV I2P_PREFIX="/opt/i2p"
 
-# We use Oracle Java to run I2P, but uses the openjdk to build it.
+WORKDIR /tmp/build
+COPY . ./
 
+# Build installer
+RUN apk --no-cache add build-base gettext tar bzip2 apache-ant openjdk8 expect
+RUN echo "noExe=true" >> build.properties
+RUN ant installer-linux
+RUN mkdir -p /opt
+RUN mv i2pinstall*.jar /tmp/i2pinstall.jar
 
-MAINTAINER Mikal Villa <mikal@sigterm.no>
+# Install i2p using the installer into I2P_PREFIX
+RUN expect -f ./Docker.expt
+RUN cd ${I2P_PREFIX}
+RUN rm -fr man docs *.bat *.command *.app
 
-ENV GIT_BRANCH="master"
+# Second stage only using the installer from the last stage
+# ---------------------------------------------------------
+# We can't use alpine here as the java service wrapper is built with glibc
+# alpine uses musl
+FROM openjdk:11.0-jre-slim
+
+ARG I2P_UID=1000
+ARG I2P_USER=i2p
 ENV I2P_PREFIX="/opt/i2p"
 ENV PATH=${I2P_PREFIX}/bin:$PATH
-ENV JAVA_HOME=/usr/lib/jvm/default-jvm
 
-ENV GOSU_VERSION=1.7
-ENV GOSU_SHASUM="34049cfc713e8b74b90d6de49690fa601dc040021980812b2f1f691534be8a50  /usr/local/bin/gosu"
+# "install" i2p by copying over installed files
+COPY --from=builder /opt/i2p ${I2P_PREFIX}
+COPY docker/* /opt/i2p/
 
-RUN mkdir /user && adduser -S -h /user i2p && chown -R i2p:nobody /user
+# Setup user and fix permissions in
+RUN adduser --system --uid ${I2P_UID} --home /user ${I2P_USER} \
+    && chown -R ${I2P_USER} /user \
+    && chown -R ${I2P_USER} ${I2P_PREFIX} \
+    && chmod -R u+rwx ${I2P_PREFIX}
 
-# Adding files first, since Docker.expt is required for installation
-ADD Docker.expt /tmp/Docker.expt
-ADD Docker.entrypoint.sh /entrypoint.sh
+EXPOSE 7654 7656 7657 7658 4444 6668 8998 7659 7660 4445
 
-# Required for wget https
-RUN apk add --no-cache openssl
-# Gosu is a replacement for su/sudo in docker and not a backdoor :) See https://github.com/tianon/gosu
-RUN wget -O /usr/local/bin/gosu https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-amd64 \
-    && echo "${GOSU_SHASUM}" | sha256sum -c && chmod +x /usr/local/bin/gosu
-
-#
-# Each RUN is a layer, adding the dependencies and building i2pd in one layer takes around 8-900Mb, so to keep the
-# image under 200mb we need to remove all the build dependencies in the same "RUN" / layer.
-#
-
-# The main layer
-RUN apk --no-cache add build-base git gettext tar bzip2 apache-ant openjdk8 expect \
-    && mkdir -p /usr/src/build \
-    && cd /usr/src/build \
-    && git clone -b ${GIT_BRANCH} https://github.com/i2p/i2p.i2p.git \
-    && cd /usr/src/build/i2p.i2p \
-    && echo "noExe=true" >> build.properties \
-    && ant installer-linux \
-    && cp i2pinstall*.jar /tmp/i2pinstall.jar \
-    && mkdir -p /opt \
-    && chown i2p:root /opt \
-    && chmod u+rw /opt \
-    && gosu i2p expect -f /tmp/Docker.expt \
-    && cd ${I2P_PREFIX} \
-    && rm -fr man docs *.bat *.command *.app /tmp/i2pinstall.jar /tmp/Docker.expt \
-    && rm -fr /usr/src/build \
-    && apk --purge del build-base apache-ant expect tcl expat git openjdk8 openjdk8-jre openjdk8-jre-base openjdk8-jre-lib bzip2 tar \
-      binutils-libs binutils pkgconfig libcurl libc-dev musl-dev g++ make fortify-headers pkgconf giflib libssh2 libxdmcp libxcb \
-      libx11 pcre alsa-lib libxi libxrender libxml2 readline bash openssl \
-    && rm -fr /usr/lib/jvm/default-jre \
-    && ln -sf /opt/jdk/jre /usr/lib/jvm/default-jre \
-    && chmod a+x /entrypoint.sh
-
-
-
-EXPOSE 7654 7656 7657 7658 4444 6668 8998 7659 7660 4445 15000-20000
-
-ENTRYPOINT [ "/entrypoint.sh" ]
+USER i2p
+ENTRYPOINT [ "/opt/i2p/i2psvc" ]
+CMD [ "/opt/i2p/wrapper.config", "wrapper.pidfile=/var/tmp/i2p.pid", "wrapper.name=i2p", "wrapper.displayname=\"I2P Service\"" , "wrapper.statusfile=/var/tmp/i2p.status", "wrapper.java.statusfile=/var/tmp/i2p.java.status", "wrapper.logfile=/var/tmp/wrapper.log" ]
 

docker/clients.config

@@ -0,0 +1,61 @@
+# NOTE: This I2P config file must use UTF-8 encoding
+#
+# If you have a 'split' directory installation, with configuration
+# files in ~/.i2p (Linux), %LOCALAPPDATA%\I2P (Windows),
+# or /Users/(user)/Library/Application Support/i2p (Mac), be sure to
+# edit the file in the configuration directory, NOT the install directory.
+# When running as a Linux daemon, the configuration directory is /var/lib/i2p
+# and the install directory is /usr/share/i2p .
+# When running as a Windows service, the configuration directory is \ProgramData\i2p
+# and the install directory is \Program Files\i2p .
+#
+# On first run, this file will be split into individual config files
+# in clients.config.d/ in the configuration directory.
+# Look in that directory for the file to edit.
+#
+
+# fire up the web console
+## There are several choices, here are some examples:
+## non-SSL, bind to local IPv4 only
+#clientApp.0.args=7657 127.0.0.1 ./webapps/
+## non-SSL, bind to local IPv6 only
+#clientApp.0.args=7657 ::1 ./webapps/
+## non-SSL, bind to all IPv4 addresses
+#clientApp.0.args=7657 0.0.0.0 ./webapps/
+## non-SSL, bind to all IPv6 addresses
+#clientApp.0.args=7657 :: ./webapps/
+## For SSL only, change clientApp.4.args below to https://
+## SSL only
+#clientApp.0.args=-s 7657 ::1,127.0.0.1 ./webapps/
+## non-SSL and SSL
+#clientApp.0.args=7657 ::1,127.0.0.1 -s 7667 ::1,127.0.0.1 ./webapps/
+## non-SSL only, both IPv6 and IPv4 local interfaces
+clientApp.0.args=7657 0.0.0.0 ./webapps/
+clientApp.0.main=net.i2p.router.web.RouterConsoleRunner
+clientApp.0.name=webConsole
+clientApp.0.onBoot=true
+
+# start up the SAM bridge so other client apps can connect
+clientApp.1.main=net.i2p.sam.SAMBridge
+clientApp.1.name=SAMBridge
+clientApp.1.args=sam.keys 0.0.0.0 7656 i2cp.tcp.host=localhost i2cp.tcp.port=7654
+clientApp.1.startOnLoad=false
+
+# poke the i2ptunnels defined in i2ptunnel.config
+clientApp.2.main=net.i2p.i2ptunnel.TunnelControllerGroup
+clientApp.2.name=Tunnels
+clientApp.2.args=i2ptunnel.config
+
+# run our own eepsite with a seperate jetty instance
+clientApp.3.main=org.mortbay.jetty.Server
+clientApp.3.name=eepsite
+clientApp.3.args=eepsite/jetty.xml
+clientApp.3.delay=30
+clientApp.3.startOnLoad=false
+
+# load a browser pointing at the web console whenever we start up
+clientApp.4.main=net.i2p.apps.systray.UrlLauncher
+clientApp.4.name=consoleBrowser
+clientApp.4.args=http://localhost:7657/
+clientApp.4.delay=5
+clientApp.4.startOnLoad=false

docker/i2ptunnel.config

@@ -0,0 +1,161 @@
+# NOTE: This I2P config file must use UTF-8 encoding
+#
+# If you have a 'split' directory installation, with configuration
+# files in ~/.i2p (Linux), %LOCALAPPDATA%\I2P (Windows),
+# or /Users/(user)/Library/Application Support/i2p (Mac), be sure to
+# edit the file in the configuration directory, NOT the install directory.
+# When running as a Linux daemon, the configuration directory is /var/lib/i2p
+# and the install directory is /usr/share/i2p .
+# When running as a Windows service, the configuration directory is \ProgramData\i2p
+# and the install directory is \Program Files\i2p .
+#
+# On first run, this file will be split into individual config files
+# in i2ptunnel.config.d/ in the configuration directory.
+# Look in that directory for the file to edit.
+#
+
+# eepproxy
+tunnel.0.name=I2P HTTP Proxy
+tunnel.0.description=HTTP proxy for browsing eepsites and the web
+tunnel.0.type=httpclient
+tunnel.0.sharedClient=true
+tunnel.0.interface=0.0.0.0
+tunnel.0.listenPort=4444
+tunnel.0.proxyList=false.i2p
+tunnel.0.i2cpHost=127.0.0.1
+tunnel.0.i2cpPort=7654
+tunnel.0.option.inbound.nickname=shared clients
+tunnel.0.option.outbound.nickname=shared clients
+tunnel.0.option.i2cp.leaseSetEncType=4,0
+tunnel.0.option.i2cp.reduceIdleTime=900000
+tunnel.0.option.i2cp.reduceOnIdle=true
+tunnel.0.option.i2cp.reduceQuantity=1
+tunnel.0.option.i2p.streaming.connectDelay=1000
+tunnel.0.option.i2ptunnel.httpclient.SSLOutproxies=false.i2p
+tunnel.0.option.inbound.length=3
+tunnel.0.option.inbound.lengthVariance=0
+tunnel.0.option.outbound.length=3
+tunnel.0.option.outbound.lengthVariance=0
+tunnel.0.option.outbound.priority=10
+tunnel.0.startOnLoad=true
+
+# irc
+tunnel.1.name=Irc2P
+tunnel.1.description=IRC tunnel to access the Irc2P network
+tunnel.1.type=ircclient
+tunnel.1.sharedClient=false
+tunnel.1.interface=0.0.0.0
+tunnel.1.listenPort=6668
+tunnel.1.targetDestination=irc.postman.i2p:6667,irc.echelon.i2p:6667
+tunnel.1.i2cpHost=127.0.0.1
+tunnel.1.i2cpPort=7654
+tunnel.1.option.inbound.nickname=Irc2P
+tunnel.1.option.outbound.nickname=Irc2P
+tunnel.1.option.i2cp.closeIdleTime=1200000
+tunnel.1.option.i2cp.closeOnIdle=true
+tunnel.1.option.i2cp.delayOpen=true
+tunnel.1.option.i2cp.destination.sigType=7
+tunnel.1.option.i2cp.leaseSetEncType=4,0
+tunnel.1.option.i2cp.newDestOnResume=false
+tunnel.1.option.i2cp.reduceIdleTime=600000
+tunnel.1.option.i2cp.reduceOnIdle=true
+tunnel.1.option.i2cp.reduceQuantity=1
+tunnel.1.option.i2p.streaming.connectDelay=1000
+tunnel.1.option.i2p.streaming.maxWindowSize=16
+tunnel.1.option.inbound.length=3
+tunnel.1.option.inbound.lengthVariance=0
+tunnel.1.option.outbound.length=3
+tunnel.1.option.outbound.lengthVariance=0
+tunnel.1.option.outbound.priority=15
+tunnel.1.startOnLoad=true
+
+# local eepserver
+tunnel.3.name=I2P webserver
+tunnel.3.description=My eepsite
+tunnel.3.type=httpserver
+tunnel.3.targetHost=127.0.0.1
+tunnel.3.targetPort=7658
+tunnel.3.spoofedHost=mysite.i2p
+tunnel.3.privKeyFile=eepsite/eepPriv.dat
+tunnel.3.i2cpHost=127.0.0.1
+tunnel.3.i2cpPort=7654
+tunnel.3.option.inbound.nickname=eepsite
+tunnel.3.option.outbound.nickname=eepsite
+tunnel.3.option.i2cp.destination.sigType=7
+tunnel.3.option.i2cp.leaseSetEncType=4,0
+tunnel.3.option.inbound.length=3
+tunnel.3.option.inbound.lengthVariance=0
+tunnel.3.option.outbound.length=3
+tunnel.3.option.outbound.lengthVariance=0
+# uncomment for HTTPS to port 7668
+#tunnel.3.option.targetForPort.443=127.0.0.1:7668
+tunnel.3.startOnLoad=false
+
+# postman's SMTP server - see hq.postman.i2p
+tunnel.4.description=smtp server
+tunnel.4.i2cpHost=127.0.0.1
+tunnel.4.i2cpPort=7654
+tunnel.4.interface=127.0.0.1
+tunnel.4.listenPort=7659
+tunnel.4.name=smtp.postman.i2p
+tunnel.4.option.inbound.nickname=shared clients
+tunnel.4.option.outbound.nickname=shared clients
+tunnel.4.option.i2cp.leaseSetEncType=4,0
+tunnel.4.option.i2cp.reduceIdleTime=900000
+tunnel.4.option.i2cp.reduceOnIdle=true
+tunnel.4.option.i2cp.reduceQuantity=1
+tunnel.4.option.inbound.length=3
+tunnel.4.option.inbound.lengthVariance=0
+tunnel.4.option.outbound.length=3
+tunnel.4.option.outbound.lengthVariance=0
+tunnel.4.startOnLoad=true
+tunnel.4.targetDestination=smtp.postman.i2p:25
+tunnel.4.type=client
+tunnel.4.sharedClient=true
+
+# postman's POP3 server - see hq.postman.i2p
+tunnel.2.name=pop3.postman.i2p
+tunnel.2.description=pop3 server
+tunnel.2.i2cpHost=127.0.0.1
+tunnel.2.i2cpPort=7654
+tunnel.2.interface=127.0.0.1
+tunnel.2.listenPort=7660
+tunnel.2.option.inbound.nickname=shared clients
+tunnel.2.option.outbound.nickname=shared clients
+tunnel.2.option.i2cp.leaseSetEncType=4,0
+tunnel.2.option.i2cp.reduceIdleTime=900000
+tunnel.2.option.i2cp.reduceOnIdle=true
+tunnel.2.option.i2cp.reduceQuantity=1
+tunnel.2.option.i2p.streaming.connectDelay=1000
+tunnel.2.option.inbound.length=3
+tunnel.2.option.inbound.lengthVariance=0
+tunnel.2.option.outbound.length=3
+tunnel.2.option.outbound.lengthVariance=0
+tunnel.2.startOnLoad=true
+tunnel.2.targetDestination=pop.postman.i2p:110
+tunnel.2.type=client
+tunnel.2.sharedClient=true
+
+# HTTPS (CONNECT) outproxy
+tunnel.5.name=I2P HTTPS Proxy
+tunnel.5.description=HTTPS proxy for browsing eepsites and the web
+tunnel.5.type=connectclient
+tunnel.5.sharedClient=true
+tunnel.5.interface=127.0.0.1
+tunnel.5.listenPort=4445
+tunnel.5.proxyList=outproxy-tor.meeh.i2p
+tunnel.5.i2cpHost=127.0.0.1
+tunnel.5.i2cpPort=7654
+tunnel.5.option.inbound.nickname=shared clients
+tunnel.5.option.outbound.nickname=shared clients
+tunnel.5.option.i2cp.leaseSetEncType=4,0
+tunnel.5.option.i2cp.reduceIdleTime=900000
+tunnel.5.option.i2cp.reduceOnIdle=true
+tunnel.5.option.i2cp.reduceQuantity=1
+tunnel.5.option.i2p.streaming.connectDelay=1000
+tunnel.5.option.inbound.length=3
+tunnel.5.option.inbound.lengthVariance=0
+tunnel.5.option.outbound.length=3
+tunnel.5.option.outbound.lengthVariance=0
+tunnel.5.startOnLoad=true
+