phoenix
phoenix copied to clipboard
ACINQ
4 issues in Dockerfile (--no-install-recommends not used, RUN not combined, running as root, no commit for tor lib)
- Add --no-install-recommends for apt-get install commands:
adding --no-install-recommends for apt-get install commands will probably/may reduce the amount of packages installed (then the package list may need to be increased with some required dependencies for the usage which are part of the recommended list, like for example ca-certificates package)
https://github.com/ACINQ/phoenix/blob/67e5a9754d92dc58d3082afa42e4918049244b05/Dockerfile#L50 https://github.com/ACINQ/phoenix/blob/67e5a9754d92dc58d3082afa42e4918049244b05/Dockerfile#L53
- Combine RUN commands
https://github.com/ACINQ/phoenix/blob/67e5a9754d92dc58d3082afa42e4918049244b05/Dockerfile#L77-L82 https://github.com/ACINQ/phoenix/blob/67e5a9754d92dc58d3082afa42e4918049244b05/Dockerfile#L55-L63
each RUN command create layer, it's better to use less RUN commands instead, such as:
RUN set -ex; \
command1; \
command2;
- Checkout specific commit of Tor_Onion_Proxy_Library
https://github.com/ACINQ/phoenix/blob/67e5a9754d92dc58d3082afa42e4918049244b05/Dockerfile#L66
Doesn't use git checkout to check commit/tag, thus always will use latest commit which is not reproducible.
- Running as root in container
Currently every command is run under root in the container, it's better to run whats possible under regular user instead.
Use USER directive to change to user created with useradd -ms /bin/bash appuser (ubuntu) or adduser -D appuser (alpine) commands
We've been working on migrating Phoenix to a completely new stack based on Kotlin multi-platform:
- https://github.com/acinq/lightning-kmp
- https://github.com/acinq/phoenix-kmm
Any work on deterministic builds will be done over there.
