41 lines
1.2 KiB
Docker
41 lines
1.2 KiB
Docker
# VaultMesh Sentinel Verifier
|
|
# Minimal image for deterministic verification tasks
|
|
# No daemon, no ports, stateless
|
|
|
|
FROM python:3.12-slim
|
|
|
|
LABEL org.opencontainers.image.title="VaultMesh Sentinel"
|
|
LABEL org.opencontainers.image.description="Deterministic seal bundle verifier"
|
|
LABEL org.opencontainers.image.source="https://gitlab.com/vaultsovereign/ops"
|
|
|
|
# Avoid interactive prompts
|
|
ENV DEBIAN_FRONTEND=noninteractive
|
|
ENV PYTHONDONTWRITEBYTECODE=1
|
|
ENV PYTHONUNBUFFERED=1
|
|
|
|
# Install minimal dependencies
|
|
RUN apt-get update && apt-get install -y --no-install-recommends \
|
|
git \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# Create non-root user
|
|
RUN useradd --create-home --shell /bin/bash sentinel
|
|
USER sentinel
|
|
WORKDIR /home/sentinel
|
|
|
|
# Install Python dependencies
|
|
COPY --chown=sentinel:sentinel pyproject.toml requirements.txt* ./
|
|
RUN pip install --user --no-cache-dir click blake3
|
|
|
|
# Copy application code
|
|
COPY --chown=sentinel:sentinel cli/ ./cli/
|
|
COPY --chown=sentinel:sentinel tools/ ./tools/
|
|
COPY --chown=sentinel:sentinel ledger/ ./ledger/
|
|
|
|
# Set PATH for user-installed packages
|
|
ENV PATH="/home/sentinel/.local/bin:${PATH}"
|
|
|
|
# Default entrypoint - verifier help
|
|
ENTRYPOINT ["python3"]
|
|
CMD ["tools/vm_verify_sentinel_bundle.py", "--help"]
|