-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathDockerfile
More file actions
177 lines (153 loc) Β· 5.68 KB
/
Dockerfile
File metadata and controls
177 lines (153 loc) Β· 5.68 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
# ========= Stage 1: Build rapidsnark =========
ARG BUILDPLATFORM=linux/amd64
FROM --platform=${BUILDPLATFORM} debian:bookworm-slim AS rapidsnark-builder
WORKDIR /src
# Install build dependencies for rapidsnark
RUN apt-get update && \
apt-get install --no-install-recommends -y \
build-essential \
cmake \
libgmp-dev \
libsodium-dev \
nasm \
curl \
m4 \
git \
ca-certificates \
&& apt-get clean && \
rm -rf /var/lib/apt/lists/*
# Clone and build rapidsnark
RUN git clone https://github.com/iden3/rapidsnark.git && \
cd rapidsnark && \
git submodule init && \
git submodule update
WORKDIR /src/rapidsnark
# Build GMP and rapidsnark
RUN ./build_gmp.sh host && \
make host
# ========= Stage 2: Build circuits from worm-privacy/witness =========
FROM rapidsnark-builder AS circuits-builder
WORKDIR /src
# Install git and nlohmann-json for witness build
RUN apt-get update && \
apt-get install --no-install-recommends -y git nlohmann-json3-dev pkg-config && \
apt-get clean && rm -rf /var/lib/apt/lists/*
# Clone and build witness circuits
RUN git clone https://github.com/worm-privacy/witness && \
cd witness && \
make all
# ========= Stage 3: Build Rust worm-miner =========
ARG BUILDPLATFORM=linux/amd64
FROM --platform=${BUILDPLATFORM} rustlang/rust:nightly-bookworm AS rust-builder
WORKDIR /src
# Install additional dependencies for Rust build
RUN apt-get update && \
apt-get install --no-install-recommends -y \
build-essential \
cmake \
libgmp-dev \
libsodium-dev \
nasm \
curl \
m4 \
git \
pkg-config \
libssl-dev \
libclang-dev \
nlohmann-json3-dev \
&& apt-get clean && \
rm -rf /var/lib/apt/lists/*
# Build args for Rust flags configuration
# By default, use conservative flags for wider compatibility
ARG RUSTFLAGS="-C target-cpu=x86-64 -C target-feature=-avx,-avx2,-fma"
ENV RUSTFLAGS="${RUSTFLAGS}"
ENV CARGO_UNSTABLE_EDITION2024=true
# Copy worm-miner source
COPY Cargo.toml .
COPY cli/Cargo.toml ./cli/Cargo.toml
RUN mkdir -p cli/src && echo "fn main() {}" > cli/src/main.rs
COPY common/Cargo.toml ./common/Cargo.toml
RUN mkdir -p common/src && echo "fn main() {}" > common/src/main.rs
COPY server/Cargo.toml ./server/Cargo.toml
RUN mkdir -p server/src && echo "fn main() {}" > server/src/main.rs
RUN cargo +nightly build --release --workspace
# Copy rapidsnark libraries and replace precompiled ones
COPY --from=rapidsnark-builder /src/rapidsnark/package/lib /src/rapidsnark-libs/lib
COPY --from=rapidsnark-builder /src/rapidsnark/package/include /src/rapidsnark-libs/include
COPY --from=circuits-builder /src/witness/libcircuits.a /src/rapidsnark-libs/
# Create symbolic links to our built libraries in the expected location
RUN mkdir -p /tmp/witness/rapidsnark-linux-x86_64-v0.0.7/lib && \
mkdir -p /tmp/witness/rapidsnark-linux-x86_64-v0.0.7/include && \
cp /src/rapidsnark-libs/lib/* /tmp/witness/rapidsnark-linux-x86_64-v0.0.7/lib/ && \
cp /src/rapidsnark-libs/include/* /tmp/witness/rapidsnark-linux-x86_64-v0.0.7/include/ && \
cp /src/rapidsnark-libs/libcircuits.a /tmp/witness/
# Copy the witness source for the circuits build
COPY --from=circuits-builder /src/witness/proof_of_burn /tmp/witness/proof_of_burn
COPY --from=circuits-builder /src/witness/spend /tmp/witness/spend
COPY --from=circuits-builder /src/witness/fr /tmp/witness/fr
COPY --from=circuits-builder /src/witness/Makefile /tmp/witness/
COPY common/src common/src
COPY cli/src cli/src
COPY server/src server/src
# Build the Rust application (release)
RUN cargo +nightly build --release --bin server
# ========= Stage 4: Final runtime image =========
ARG BUILDPLATFORM=linux/amd64
FROM --platform=${BUILDPLATFORM} debian:bookworm-slim
WORKDIR /app
# Runtime dependencies
RUN apt-get update && \
apt-get install --no-install-recommends -y \
ca-certificates \
libc6-dev \
libgmp10 \
libsodium23 \
libgomp1 \
libstdc++6 \
wget \
make \
&& apt-get clean && \
rm -rf /var/lib/apt/lists/*
# Copy the compiled binary
COPY --from=rust-builder /src/target/release/server /usr/local/bin/worm-miner
# Copy Makefile for artifact download helper
COPY Makefile /usr/local/share/worm-miner/Makefile
# Create directories
RUN mkdir -p /root/.worm-miner /usr/local/share/worm-miner
# Create artifact download helper script (includes actual download)
RUN set -e; \
printf '%s\n' \
'#!/usr/bin/env bash' \
'set -euo pipefail' \
'echo "π Downloading worm-miner artifacts..."' \
'cd /usr/local/share/worm-miner' \
'make WGET_ARGS=-q download_params' \
'echo "β
Artifacts downloaded to /root/.worm-miner/"' \
'echo "π Contents:"' \
'ls -lah /root/.worm-miner/' \
> /usr/local/bin/worm-miner-download-artifacts && \
chmod +x /usr/local/bin/worm-miner-download-artifacts
# Auto-download params on first container start if missing (disable with AUTO_DOWNLOAD=0)
RUN set -e; \
printf '%s\n' \
'#!/usr/bin/env bash' \
'set -euo pipefail' \
'' \
'# Auto-download params on first run' \
'if [ "${AUTO_DOWNLOAD:-1}" = "1" ]; then' \
' if [ ! -s /root/.worm-miner/proof_of_burn.zkey ] || [ ! -s /root/.worm-miner/proof_of_burn.dat ]; then' \
' echo "π Params missing; downloading...";' \
' /usr/local/bin/worm-miner-download-artifacts;' \
' else' \
' echo "β
Params present; skipping download.";' \
' fi' \
'fi' \
'' \
'exec /usr/local/bin/worm-miner "$@"' \
> /usr/local/bin/docker-entrypoint.sh && \
chmod +x /usr/local/bin/docker-entrypoint.sh
# Document the default server port
EXPOSE 8080
# Entrypoint wrapper (auto-download then exec worm-miner)
ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
CMD ["--help"]