Viacheslav/GrapheneOS-AttestationServer-Docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
MoonDev
2026-02-05 23:16:18 +03:00
commit 780e1a7f01
7 changed files with 403 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
Dockerfile Normal file
View File

@@ -0,0 +1,63 @@
FROM eclipse-temurin:21-jdk-jammy AS builder
WORKDIR /build
RUN apt-get update && apt-get install -y git && rm -rf /var/lib/apt/lists/*
RUN git clone --depth 1 --recurse-submodules https://github.com/GrapheneOS/AttestationServer.git .
# Patch the server to bind to 0.0.0.0 instead of localhost (::1)
# This is required for Docker networking to work
RUN sed -i 's/new InetSocketAddress("::1", 8080)/new InetSocketAddress("0.0.0.0", 8080)/' \
src/main/java/app/attestation/server/AttestationServer.java
# Optional: Patch the domain if you want to use a custom domain
# Uncomment and modify the following line for your domain:
# RUN sed -i 's/attestation.app/your-domain.com/g' \
# src/main/java/app/attestation/server/AttestationServer.java
RUN chmod +x gradlew && ./gradlew build -x test --no-daemon
# Process static files (replace {{css|...}} and {{js|...}} templates with SRI hashes)
RUN apt-get update && apt-get install -y --no-install-recommends \
openssl sed \
&& rm -rf /var/lib/apt/lists/*
COPY process-static-docker.sh /tmp/process-static.sh
RUN chmod +x /tmp/process-static.sh && /tmp/process-static.sh
# --- Runtime ---
FROM eclipse-temurin:21-jre-jammy
RUN apt-get update && apt-get install -y \
curl \
&& rm -rf /var/lib/apt/lists/*
RUN useradd -r -s /bin/false -u 1000 attestation
WORKDIR /app
# Copy the custom sqlite4java native library from the submodule
# This is built with newer SQLite that supports STRICT tables
RUN mkdir -p /app/libs
COPY --from=builder /build/libs/sqlite4java-prebuilt/libsqlite4java-linux-amd64-1.0.392.so /app/libs/
# Copy all JARs from builder
COPY --from=builder /build/build/libs/*.jar ./libs/
# Copy processed static files
COPY --from=builder /build/static ./static-orig/
COPY entrypoint.sh .
RUN chmod +x /app/entrypoint.sh
# Create directories and set permissions
# /data - for SQLite databases
# /srv/static - for sharing static files with caddy
RUN mkdir -p /data /srv/static && \
chown -R attestation:attestation /app /data /srv/static
EXPOSE 8080
# Run as root initially to fix permissions, entrypoint will drop privileges
ENTRYPOINT ["/app/entrypoint.sh"]