diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..e3edefb --- /dev/null +++ b/Dockerfile @@ -0,0 +1,24 @@ +FROM rust:1.61 as builder + +WORKDIR /app +COPY . /app +RUN cargo build --release --all-features --bin bindle-server + +FROM rust:1.61-slim-buster + +ARG USERNAME=bindle +ARG USER_UID=1000 +ARG USER_GID=$USER_UID + +VOLUME [ "/bindle-data" ] + +ENV BINDLE_IP_ADDRESS_PORT="0.0.0.0:8080" +ENV BINDLE_DIRECTORY="/bindle-data/bindles" + +RUN groupadd --gid $USER_GID $USERNAME \ + && useradd --uid $USER_UID --gid $USER_GID -m $USERNAME + +COPY --from=builder --chown=$USERNAME /app/target/release/bindle-server /usr/local/bin/bindle-server + +USER $USERNAME +CMD ["/usr/local/bin/bindle-server", "--unauthenticated", "--keyring", "/bindle-data/keyring.toml"] diff --git a/Makefile b/Makefile index fbd4fc7..fd39127 100644 --- a/Makefile +++ b/Makefile @@ -80,3 +80,7 @@ build-client: $(CERT_NAME).crt.pem: openssl req -newkey rsa:2048 -nodes -keyout $(CERT_NAME).key.pem -x509 -days 365 -out $(CERT_NAME).crt.pem + +.PHONY: build-docker-image +build-docker-image: + docker build -t deislabs/bindle:dev . diff --git a/docs/README.md b/docs/README.md index dd51792..4c318cc 100644 --- a/docs/README.md +++ b/docs/README.md @@ -219,6 +219,62 @@ This file can be moved from system to system, just like OpenPGP or SSH key sets. - To create a signing key for a client, use `bindle keys create` - By default, if Bindle does not find an existing keyring, it creates one of these when it first starts. +## Running bindle-server in container + +1. Run `make build-docker-image` to build `deislabs/bindle:dev` image. +2. Create a signing key. +```console +$ BINDLE_TEMP=$(mktemp -d) +$ echo $BINDLE_TEMP +$ export BINDLE_KEYRING=$BINDLE_TEMP/client/keyring.toml +$ bindle keys create "VishnuJin" -f $BINDLE_TEMP/client/secret_keys.toml +``` +3. Setup a folder for server and copy public keyring in it. +```console +$ mkdir $BINDLE_TEMP/server +$ cp $BINDLE_TEMP/client/keyring.toml $BINDLE_TEMP/server/keyring.toml +``` +4. Start `bindle-server` container. +```console +$ docker run --name bindle -d --restart=unless-stopped -e RUST_LOG=debug -v $BINDLE_TEMP/server:/bindle-data -p 8080:8080 deislabs/bindle:dev +``` +5. Send a signed-invoice. +```console +$ cat < invoice.toml +bindleVersion = "1.0.0" + +[bindle] +name = "mybindle" +version = "0.1.0" +authors = ["Matt Butcher "] +description = "My first bindle" + +[annotations] +myname = "myvalue" + +$ export BINDLE_URL="http://localhost:8080/v1/" +# signing the invoice +$ bindle sign-invoice invoice.toml -o signed-invoice.toml -l "VishnuJin" -f $BINDLE_TEMP/client/secret_keys.toml +$ bindle push-invoice signed-invoice.toml +Invoice mybindle/0.1.0 created +``` +6. Check the signed invoice. +```console +$ bindle keys fetch +$ bindle info mybindle/0.1.0 +# request for mybindle/0.1.0 +bindleVersion = "1.0.0" + +[bindle] +name = "mybindle" +description = "My first bindle" +version = "0.1.0" +authors = ["Matt Butcher "] + +[annotations] +myname = "myvalue" +``` + ## Specification 1. The specification for the Bindle format and design begins with the [Bindle Specification](bindle-spec.md).