Official container image

Description

Having a pre-built container image can be handy for Onion Service operators, and could be used by suites like Onionspray and Oniongroove to pre-generate service keys.

Tasks

• Create a Dockerfile. References/starting points:
  • mkp224o's Dockerfile.
  • onion-csr's Dockerfile.
• Build:
  • Build container images with kaniko.
  • Build container images with podman.
  • Ensure scheduled rebuilds are configured, so fresh images are published regularly.
• Test:
  • Test the image through CI (doing the same tests done in the current build job).
  • Consider (if possible) to always run the cleanup-container job, to prevent dangling (and failed) images in the registry.
  • Consider catching errors on the curl process from the cleanup-container CI job.
• Publish:
  • Publish images at GitLab's container registry.
  • Upload the build image to the Docker Registry?
  • Update the Composer file to use the pre-built images.
  • Setup Container Registry cleanup policy. No need for that, since CI already cleans uneeded image tags.
• Document:
  • Bonus: update TPA docs (if not already done).
  • Update the documentation, including:
    • One-liner to generate a vanity address using docker/podman.
• Optimize (moved to #34):
  • Try to optimize image size.
  • Support for customized mkp224o build flags.

Time estimation

• Complexity: very small (0.5 day)
• Uncertainty: low (x1.1)
• Reference (adapted)

added time estimate of 4h

added CI Icebox Onion Services labels

marked this issue as related to #4 (closed)

marked this issue as related to onionprobe#66

marked this issue as related to onionspray#60

changed milestone to %Onionmine 1.10

changed the description

changed the description

added Doing Project 145 Q1 labels and removed Icebox label

assigned to @rhatto

changed due date to March 27, 2025

changed the description

mentioned in commit rhatto/onionmine@2989dcc9

mentioned in merge request !31 (merged)

mentioned in commit 02505e2c

marked the checklist item Create a Dockerfile. References/starting points: as completed

marked the checklist item Build container images with podman. as completed

changed the description

mentioned in merge request !33 (merged)

mentioned in commit e6ab5880

mentioned in merge request !34 (merged)

mentioned in commit f03ac3c9

mentioned in issue #4 (closed)

changed the description

mentioned in issue #32 (closed)

mentioned in merge request !37 (merged)

changed the description

mentioned in commit 169f0b48

marked the checklist item Test the image through CI (doing the same tests done in the current build job). as completed

marked the checklist item Ensure scheduled rebuilds are configured, so fresh images are published regularly. as completed

changed the description

marked the checklist item Publish images at GitLab's container registry. as completed

marked the checklist item Update the Composer file to use the pre-built images. as completed

changed the description

marked the checklist item Build: as completed

changed the description

marked the checklist item Consider (if possible) to always run the cleanup-container job, to prevent dangling (and failed) images in the registry. as completed

changed the description

marked the checklist item Test: as completed

marked the checklist item One-liner to generate a vanity address using docker/podman. as completed

marked the checklist item Update the documentation, including: as completed

marked the checklist item Document: as completed

marked the checklist item Publish: as completed

changed the description

One-liner for generating a vanity address

Onionmine tutorial now written with a one-liner to generate an .onion address using a container image (also works with podman):

mkdir pools
docker run --mount type=bind,src=pools,target=/app/onionmine/pools \
  containers.torproject.org/tpo/onion-services/onionmine/onionmine \
  generate test

cc: @gus

changed the description

marked this issue as related to #34

mentioned in issue #34

changed the description

removed Doing label

added 18h 23m of time spent

closed