Skip to content

docker hard image#2078

Open
asmogo wants to merge 6 commits into
cashubtc:mainfrom
asmogo:feat/docker-hard-image
Open

docker hard image#2078
asmogo wants to merge 6 commits into
cashubtc:mainfrom
asmogo:feat/docker-hard-image

Conversation

@asmogo

@asmogo asmogo commented Jun 10, 2026

Copy link
Copy Markdown
Collaborator

Description

docker image without /bin/sh built from scratch image.

Notes to the reviewers

Suggested CHANGELOG Updates

CHANGED

ADDED

REMOVED

FIXED

Checklist

  • I followed the code style guidelines
  • I ran just quick-check before committing
  • If the Wallet API was modified (added/removed/changed), I have reflected those changes in the FFI bindings (crates/cdk-ffi)

@github-project-automation github-project-automation Bot moved this to Backlog in CDK Jun 10, 2026
@codecov

codecov Bot commented Jun 10, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 70.18%. Comparing base (2ac4708) to head (ce54475).
⚠️ Report is 46 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2078      +/-   ##
==========================================
+ Coverage   69.08%   70.18%   +1.09%     
==========================================
  Files         352      355       +3     
  Lines       69568    71119    +1551     
==========================================
+ Hits        48064    49914    +1850     
+ Misses      21504    21205     -299

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

prusnak
prusnak reviewed Jun 15, 2026
View reviewed changes
Comment thread Dockerfile.hardened
Comment on lines +21 to +22
SQLITE_TMPDIR=/data \
TMPDIR=/data

@prusnak prusnak Jun 15, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't we want to create /tmp too and point SQLITE_TMPDIR and TMPDIR there?

Mixing data files and temp files together sounds bad.

@asmogo asmogo Jun 19, 2026

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you are right. We probably don't have to create the directory at all.
I'm going to update this. Thanks.

cdk-bot
cdk-bot reviewed Jun 15, 2026
View reviewed changes

@cdk-bot cdk-bot left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Verified findings approved for disclosure:

  • README references nonexistent docker-compose.hardened.yaml (low) - Users following the new hardened-image Compose instructions will fail with a missing compose file and have no in-repo compose configuration applying the described hardening flags.

Comment thread crates/cdk-mintd/README.md
cashubtc/mintd:latest-hardened
```

Or use the Compose file that applies the same runtime hardening:

@cdk-bot cdk-bot Jun 15, 2026

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The new hardened-image README section points users to docker-compose -f docker-compose.hardened.yaml up, but this PR only adds Dockerfile.hardened and no docker-compose.hardened.yaml exists in the repository. Users following the documented Compose workflow will hit a missing-file error. Please either add the referenced Compose file with the runtime hardening settings described here, or remove/adjust this paragraph.

@thesimplekid thesimplekid added this to the 0.18.0 milestone Jun 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cdk-bot cdk-bot cdk-bot left review comments

+1 more reviewer

@prusnak prusnak prusnak left review comments

Reviewers whose approvals may not affect merge requirements

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

CDK
Status: Backlog

Milestone

0.18.0

Development

Successfully merging this pull request may close these issues.

4 participants

@asmogo @prusnak @cdk-bot @thesimplekid