-
-
Notifications
You must be signed in to change notification settings - Fork 41
/
Dockerfile
154 lines (136 loc) · 4.16 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
# create an up-to-date base image for everything
FROM alpine:latest AS base
RUN \
apk --no-cache --update-cache upgrade
# run-time dependencies
RUN \
apk --no-cache add \
7zip \
bash \
curl \
doas \
libcrypto3 \
libssl3 \
python3 \
qt6-qtbase \
qt6-qtbase-sqlite \
tini \
tzdata \
zlib
# image for building
FROM base AS builder
ARG QBT_VERSION \
BOOST_VERSION_MAJOR="1" \
BOOST_VERSION_MINOR="86" \
BOOST_VERSION_PATCH="0" \
LIBBT_VERSION="RC_1_2" \
LIBBT_CMAKE_FLAGS=""
# check environment variables
RUN \
if [ -z "${QBT_VERSION}" ]; then \
echo 'Missing QBT_VERSION variable. Check your command line arguments.' && \
exit 1 ; \
fi
# alpine linux packages:
# https://git.alpinelinux.org/aports/tree/community/libtorrent-rasterbar/APKBUILD
# https://git.alpinelinux.org/aports/tree/community/qbittorrent/APKBUILD
RUN \
apk add \
cmake \
git \
g++ \
make \
ninja \
openssl-dev \
qt6-qtbase-dev \
qt6-qttools-dev \
zlib-dev
# compiler, linker options:
# https://gcc.gnu.org/onlinedocs/gcc/Option-Summary.html
# https://gcc.gnu.org/onlinedocs/gcc/Link-Options.html
# https://sourceware.org/binutils/docs/ld/Options.html
ENV CFLAGS="-pipe -fstack-clash-protection -fstack-protector-strong -fno-plt -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3 -D_GLIBCXX_ASSERTIONS" \
CXXFLAGS="-pipe -fstack-clash-protection -fstack-protector-strong -fno-plt -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3 -D_GLIBCXX_ASSERTIONS" \
LDFLAGS="-gz -Wl,-O1,--as-needed,--sort-common,-z,now,-z,pack-relative-relocs,-z,relro"
# prepare boost
RUN \
wget -O boost.tar.gz "https://archives.boost.io/release/$BOOST_VERSION_MAJOR.$BOOST_VERSION_MINOR.$BOOST_VERSION_PATCH/source/boost_${BOOST_VERSION_MAJOR}_${BOOST_VERSION_MINOR}_${BOOST_VERSION_PATCH}.tar.gz" && \
tar -xf boost.tar.gz && \
mv boost_* boost
# build libtorrent
RUN \
git clone \
--branch "${LIBBT_VERSION}" \
--depth 1 \
--recurse-submodules \
https://github.com/arvidn/libtorrent.git && \
cd libtorrent && \
cmake \
-B build \
-G Ninja \
-DBUILD_SHARED_LIBS=OFF \
-DCMAKE_BUILD_TYPE=RelWithDebInfo \
-DCMAKE_CXX_STANDARD=20 \
-DCMAKE_INSTALL_PREFIX=/usr \
-DCMAKE_INTERPROCEDURAL_OPTIMIZATION=ON \
-DBOOST_ROOT=/boost \
-Ddeprecated-functions=OFF \
$LIBBT_CMAKE_FLAGS && \
cmake --build build -j $(nproc) && \
cmake --install build
# build qbittorrent
RUN \
if [ "${QBT_VERSION}" = "devel" ]; then \
git clone \
--depth 1 \
--recurse-submodules \
https://github.com/qbittorrent/qBittorrent.git && \
cd qBittorrent ; \
else \
wget "https://github.com/qbittorrent/qBittorrent/archive/refs/tags/release-${QBT_VERSION}.tar.gz" && \
tar -xf "release-${QBT_VERSION}.tar.gz" && \
cd "qBittorrent-release-${QBT_VERSION}" ; \
fi && \
cmake \
-B build \
-G Ninja \
-DCMAKE_BUILD_TYPE=RelWithDebInfo \
-DCMAKE_INSTALL_PREFIX=/usr \
-DCMAKE_INTERPROCEDURAL_OPTIMIZATION=ON \
-DBOOST_ROOT=/boost \
-DGUI=OFF && \
cmake --build build -j $(nproc) && \
cmake --install build
RUN \
ldd /usr/bin/qbittorrent-nox | sort -f
# record compile-time Software Bill of Materials (sbom)
RUN \
printf "Software Bill of Materials for building qbittorrent-nox\n\n" >> /sbom.txt && \
echo "boost $BOOST_VERSION_MAJOR.$BOOST_VERSION_MINOR.$BOOST_VERSION_PATCH" >> /sbom.txt && \
cd libtorrent && \
echo "libtorrent-rasterbar git $(git rev-parse HEAD)" >> /sbom.txt && \
cd .. && \
if [ "${QBT_VERSION}" = "devel" ]; then \
cd qBittorrent && \
echo "qBittorrent git $(git rev-parse HEAD)" >> /sbom.txt && \
cd .. ; \
else \
echo "qBittorrent ${QBT_VERSION}" >> /sbom.txt ; \
fi && \
echo >> /sbom.txt && \
apk list -I | sort >> /sbom.txt && \
cat /sbom.txt
# image for running
FROM base
RUN \
adduser \
-D \
-H \
-s /sbin/nologin \
-u 1000 \
qbtUser && \
echo "permit nopass :root" >> "/etc/doas.d/doas.conf"
COPY --from=builder /usr/bin/qbittorrent-nox /usr/bin/qbittorrent-nox
COPY --from=builder /sbom.txt /sbom.txt
COPY entrypoint.sh /entrypoint.sh
ENTRYPOINT ["/sbin/tini", "-g", "--", "/entrypoint.sh"]