github/tor-guard-relay
1
1
Fork 0
mirror of https://github.com/r3bo0tbx1/tor-guard-relay.git synced 2026-04-06 00:32:04 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
67767fd9c5f5ed06feeed5af1e0bf52996389ca3
tor-guard-relay/Dockerfile
rE-Bo0t.bx1 90b65ee469 🔖 release(v1.1.6): bind mount fix, full repo audit, workflow fixes 
🔧 Entrypoint:
- Detect wrong ownership on /var/lib/tor and /var/lib/tor/keys at startup
  with actionable chown commands before Tor fails cryptically in Phase 4
- Accept DEBUG=TRUE, DEBUG=1, DEBUG=yes (case-insensitive)
- Fix signal trap bug: inner cleanup_verify_tmp no longer overwrites
  the global TERM/INT handler (could skip graceful shutdown)

🛡️ Security:
- Deprecate all versions < v1.1.5 (CVE-2025-15467, OpenSSL CVSS 9.8)
- Add deprecation notice to README and SECURITY.md
- Update lifecycle tables in CHANGELOG and SECURITY

🐛 Bug Fixes:
- Fix bootstrap detection in migrate-from-official.sh
  (parsed non-existent "bootstrap_percent" field — now "bootstrap")
- Fix health JSON docs across 4 files: uptime_seconds → uptime,
  add missing pid/errors fields, correct reachable type to string
- Fix validate.yml: bash -n → sh -n (POSIX script, not bash)

📚 Documentation:
- Add "Bind Mount Ownership" troubleshooting section to README
- Fix chown 1000:1000 typo → 100:101 in TROUBLESHOOTING-BRIDGE-MIGRATION.md
- Add [1.1.6] changelog entry
- Update version references across 20+ files to v1.1.6
- Update 47x alpine:3.22.2 → 3.23.3 across migration docs/scripts
- Fix tool count 4 → 5 in DEPLOYMENT, ARCHITECTURE, TROUBLESHOOTING
- Remove 5 broken links (CLAUDE.md, CONTRIBUTORS.md, SECURITY-AUDIT-REPORT.md)
- Fix stale image tags (:1.1.1/:1.1.2 → :latest) in 4 files
- Rewrite PR template as clean reusable form

⚙️ Workflow (release.yml):
- Fix duplicate title in release body (name + body both had ## 🧅 header)
- Fix trailing --- not being stripped from changelog extract
- Fix Full Changelog link comparing current tag to itself
- Extract Alpine version from Dockerfile instead of hardcoding
- Add fetch-depth: 0 for git history in release-notes job
- Fix fallback commit range when no conventional commits found

🐳 Dockerfiles:
- Fix stale base.name label (alpine:3.23.0 → alpine:3.23.3)
- Fix trailing whitespace after backslash in Dockerfile.edge

📋 Templates:
- Update cosmos-compose and docker-compose versions to 1.1.6
2026-02-08 16:04:22 +05:30

98 lines
3.6 KiB
Docker
Raw Blame History

# syntax=docker/dockerfile:1.21
FROM golang:1.26rc3-alpine AS builder
RUN apk add --no-cache git
WORKDIR /go/src/lyrebird
RUN git clone https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird.git . \
&& go get golang.org/x/crypto@latest \
&& go get golang.org/x/net@latest \
&& go get github.com/pion/interceptor@latest \
&& go get github.com/cloudflare/circl@latest \
&& go mod tidy \
&& CGO_ENABLED=0 go build -ldflags="-s -w" -o /usr/bin/lyrebird ./cmd/lyrebird
FROM alpine:3.23.3
ARG BUILD_DATE
ARG BUILD_VERSION
ARG TARGETARCH
LABEL maintainer="rE-Bo0t.bx1 <r3bo0tbx1@brokenbotnet.com>" \
org.opencontainers.image.title="Tor Guard Relay (Latest)" \
org.opencontainers.image.description="🧅 Ultra-optimized Tor Guard/Exit/Bridge Relay AIO (Stable)" \
org.opencontainers.image.version="${BUILD_VERSION}" \
org.opencontainers.image.created="${BUILD_DATE}" \
org.opencontainers.image.source="https://github.com/r3bo0tbx1/tor-guard-relay" \
org.opencontainers.image.documentation="https://github.com/r3bo0tbx1/tor-guard-relay#readme" \
org.opencontainers.image.licenses="MIT" \
org.opencontainers.image.vendor="r3bo0tbx1" \
org.opencontainers.image.authors="rE-Bo0t.bx1 <r3bo0tbx1@brokenbotnet.com>" \
org.opencontainers.image.url="https://github.com/r3bo0tbx1/tor-guard-relay" \
org.opencontainers.image.base.name="docker.io/library/alpine:3.23.3" \
org.opencontainers.image.revision="${TARGETARCH}"
SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
RUN set -eux \
&& deluser klogd || true \
&& addgroup -g 101 -S tor \
&& adduser -u 100 -S -D -H -h /var/lib/tor -G tor -s /sbin/nologin tor \
&& apk upgrade --no-cache \
&& apk add --no-cache \
tor \
tini \
&& mkdir -p /var/lib/tor /var/log/tor /run/tor /etc/tor \
&& chown -R tor:tor /var/lib/tor /var/log/tor /run/tor /etc/tor \
&& chmod 700 /var/lib/tor \
&& chmod 755 /var/log/tor /run/tor /etc/tor \
&& rm -f /etc/tor/torrc \
&& printf "Version: %s\nBuild Date: %s\nArchitecture: %s\n" \
"${BUILD_VERSION:-unversioned}" "${BUILD_DATE:-unknown}" "${TARGETARCH:-amd64}" > /build-info.txt \
&& rm -rf /var/cache/apk/*
COPY --from=builder /usr/bin/lyrebird /usr/bin/lyrebird
COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
COPY healthcheck.sh /usr/local/bin/healthcheck.sh
COPY tools/status /usr/local/bin/status
COPY tools/health /usr/local/bin/health
COPY tools/fingerprint /usr/local/bin/fingerprint
COPY tools/bridge-line /usr/local/bin/bridge-line
COPY tools/gen-auth /usr/local/bin/gen-auth
RUN set -eux \
&& chmod +x /usr/local/bin/docker-entrypoint.sh \
/usr/local/bin/healthcheck.sh \
/usr/local/bin/status \
/usr/local/bin/health \
/usr/local/bin/fingerprint \
/usr/local/bin/bridge-line \
/usr/local/bin/gen-auth \
&& echo "🧩 Registered diagnostic tools:" \
&& ls -lh /usr/local/bin/status /usr/local/bin/health /usr/local/bin/fingerprint /usr/local/bin/bridge-line
ENV TOR_DATA_DIR=/var/lib/tor \
TOR_LOG_DIR=/var/log/tor \
TOR_CONFIG=/etc/tor/torrc \
TOR_RELAY_MODE=guard \
TOR_NICKNAME="" \
TOR_CONTACT_INFO="" \
TOR_ORPORT=9001 \
TOR_OBFS4_PORT=9002 \
TOR_BANDWIDTH_RATE="" \
TOR_BANDWIDTH_BURST="" \
TOR_EXIT_POLICY="" \
PATH="/usr/local/bin:$PATH"
RUN rm -rf /usr/share/man /tmp/* /var/tmp/* /root/.cache/*
USER tor
EXPOSE 9001 9002
HEALTHCHECK --interval=10m --timeout=15s --start-period=30s --retries=3 \
CMD /usr/local/bin/healthcheck.sh
ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/docker-entrypoint.sh"]
CMD ["tor", "-f", "/etc/tor/torrc"]
Reference in New Issue View Git Blame Copy Permalink