Cardano Node Docker open-source release

2020-08-27 · computing

For those who have been following my updates, you’ll know that recently I’ve been spending a lot of time designing, building, and testing the [CRAB] Cardano high-availability stake pool, for the ADA cryptocurrency. As part of that, I’ve repackaged Cardano Node independently, as an opinionated alternative to the official container images, testing and running it in a highly-available infrastructure I originally designed for Isoxya. Today, I’m pleased to announce that I’m releasing the Docker image code open-source, as well as publishing pre-compiled container images to the Docker Hub registry.

Images

There are two images built from this repo:

  • build (Dockerfile): this is an image of dependencies, such as is suitable for development; packaged images are also constructed from this, making builds more deterministic and debuggable

  • package (pkg/Dockerfile): this is an image of packaged programs, with minimal dependencies, such as is suitable for running within a deployed environment; this image requires an intermediary CI step, moving compiled binaries from the build image into this image

Versions

Versions are in the format x.y.z.b, where x.y.z is the Cardano Node version, and .b is the build version. There might be multiple builds for each version, and not all versions might be built. Versions intentionally lag behind the official releases, to give me chance to perform additional QA. For example, 1.18.0 was released normally, 1.18.1 wasn’t released since there was an upstream build issue and then the release was pulled anyway, 1.19.0 wasn’t released for days because of an upstream build issue and then was released only with a cherry-picked patch, meaning it didn’t track the official repository, but rather my own patched version.

Lots of tags are written; however, only those tagged in the above format are considered suitable for installation. Do not leave the tag implicit or use latest except for development or staging, since intermediate tags are almost certainly unstable; instead, specify the tag you want. This is good advice for use of containers in general. For this image, you can choose the granularity based on your preferences or deployment requirements; e.g. 1.19.0 is released under 1.19.0.0, 1.19.0, 1.19, and 1.

Security

If you care about security, you’ll very probably want to build this container image for yourself, rather than rely on what I publish to a registry. Whilst being wary of pre-compiled artefacts is always good advice, this is even more important for software with a financial incentive, such as cryptocurrency software. It is likely a matter of time before someone exploits a stake pool by offering malicious images.

Disclaimer

Your particular attention is drawn to the disclaimers in the licence. For example, if this image doesn’t work and causes your stake pool downtime, or there’s a bug which affects your pledge or financial returns, or if a vulnerability allows it to get hacked, this is not my issue. I might be sympathetic, but it certainly isn’t my fault. Please conduct your own due diligence for everything, including whether you want to use this code at all.