Switch to multistage build

Dockerfile

@@ -1,34 +1,19 @@
+#STEP 1 of multistage build ---Compile Bluetooth stack-----
+
 #use armv7hf compatible base image
-FROM balenalib/armv7hf-debian:stretch
+FROM balenalib/armv7hf-debian:stretch as builder
 
 #enable building ARM container on x86 machinery on the web (comment out next line if built on Raspberry) 
 RUN [ "cross-build-start" ]
 
-#labeling
-LABEL maintainer="netpi@hilscher.com" \
-      version="V1.2.1" \
-      description="Debian with bluez protocol stack"
-
-#version
-ENV HILSCHERNETPI_BLUEZ_VERSION 1.2.1
+#environment variables
 ENV BLUEZ_VERSION 5.50 
 
-#copy files
-COPY "./init.d/*" /etc/init.d/
+RUN apt-get update \
+    && apt-get install -y build-essential wget \
+       libical-dev libdbus-1-dev libglib2.0-dev libreadline-dev libudev-dev systemd
 
-#install prerequisites
-RUN apt-get update  \
-    && apt-get install -y openssh-server build-essential wget dbus git \
-       libical-dev libdbus-1-dev libglib2.0-dev libreadline-dev libudev-dev systemd \
-    && echo 'root:root' | chpasswd \
-    && sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config \
-    && sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd \
-    && mkdir /var/run/sshd \
-#get BCM chip firmware 
-    && mkdir /etc/firmware \
-    && curl -o /etc/firmware/BCM43430A1.hcd -L https://github.com/OpenELEC/misc-firmware/raw/master/firmware/brcm/BCM43430A1.hcd \
-#get bluez source
-    && wget -P /tmp/ https://www.kernel.org/pub/linux/bluetooth/bluez-${BLUEZ_VERSION}.tar.gz \
+RUN wget -P /tmp/ https://www.kernel.org/pub/linux/bluetooth/bluez-${BLUEZ_VERSION}.tar.gz \
     && tar xf /tmp/bluez-${BLUEZ_VERSION}.tar.gz -C /tmp \
 #compile bluez
     && cd /tmp/bluez-${BLUEZ_VERSION} \
@@ -41,19 +26,86 @@ RUN apt-get update  \
        --enable-maintainer-mode \
        --enable-deprecated \
     && make \
-#install bluez
-    && make install \
+#install bluez tools
+    && make install
+#stop processing ARM emulation (comment out next line if built on Raspberry)
+RUN [ "cross-build-end" ]
+
+
+#STEP 2 of multistage build ----Create the final image-----
+
+#use armv7hf compatible base image
+FROM balenalib/armv7hf-debian:stretch
+
+#dynamic build arguments coming from the /hooks/build file
+ARG BUILD_DATE
+ARG VCS_REF
+
+#metadata labels
+LABEL org.label-schema.build-date=$BUILD_DATE \
+      org.label-schema.vcs-url="https://github.com/HilscherAutomation/netPI-bluetooth" \
+      org.label-schema.vcs-ref=$VCS_REF
+
+#enable building ARM container on x86 machinery on the web (comment out next line if built on Raspberry) 
+RUN [ "cross-build-start" ]
+
+#version
+ENV HILSCHERNETPI_BLUEZ_VERSION 1.2.1
+
+#labeling
+LABEL maintainer="netpi@hilscher.com" \
+      version=$HILSCHERNETPI_BLUEZ_VERSION \
+      description="Bluetooth"
+
+#install prerequisites
+RUN apt-get update  \
+    && apt-get install -y openssh-server dbus git curl libglib2.0-dev \
+    && echo 'root:root' | chpasswd \
+    && sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config \
+    && sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd \
+    && mkdir /var/run/sshd \
+#get BCM chip firmware 
+    && mkdir /etc/firmware \
+    && curl -o /etc/firmware/BCM43430A1.hcd -L https://github.com/OpenELEC/misc-firmware/raw/master/firmware/brcm/BCM43430A1.hcd \
+#create folders for bluetooth tools
+    && mkdir -p '/usr/bin' '/usr/libexec/bluetooth' '/usr/lib/cups/backend' '/etc/dbus-1/system.d' \
+       '/usr/share/dbus-1/services' '/usr/share/dbus-1/system-services' '/usr/include/bluetooth' \
+       '/usr/share/man/man1' '/usr/share/man/man8' '/usr/lib/pkgconfig' '/usr/lib/bluetooth/plugins' \
+       '/lib/udev/rules.d' '/lib/systemd/system' '/usr/lib/systemd/user' '/lib/udev' \
 #install userland raspberry tools
     && git clone --depth 1 https://github.com/raspberrypi/firmware /tmp/firmware \
     && mv /tmp/firmware/hardfp/opt/vc /opt \
     && echo "/opt/vc/lib" >/etc/ld.so.conf.d/00-vmcs.conf \
     && /sbin/ldconfig \
 #clean up
     && rm -rf /tmp/* \
-    && apt-get remove wget \ 
+    && apt-get remove git curl \
     && apt-get -yqq autoremove \
     && apt-get -y clean \
     && rm -rf /var/lib/apt/lists/*
+#copy files
+COPY "./init.d/*" /etc/init.d/
+#copy bluez tools from builder container
+COPY --from=builder /usr/bin/bluetoothctl /usr/bin/btmon /usr/bin/rctest /usr/bin/l2test /usr/bin/l2ping \
+                    /usr/bin/bccmd /usr/bin/bluemoon /usr/bin/hex2hcd /usr/bin/mpris-proxy /usr/bin/btattach \
+                    /usr/bin/hciattach /usr/bin/hciconfig /usr/bin/hcitool /usr/bin/hcidump /usr/bin/rfcomm \
+                    /usr/bin/sdptool /usr/bin/ciptool /usr/bin/
+COPY --from=builder /usr/bin/ciptool /usr/bin/
+COPY --from=builder /usr/libexec/bluetooth/bluetoothd /usr/libexec/bluetooth/obexd /usr/libexec/bluetooth/
+COPY --from=builder /usr/lib/cups/backend/bluetooth /usr/lib/cups/backend/
+COPY --from=builder /etc/dbus-1/system.d/bluetooth.conf /etc/dbus-1/system.d/
+COPY --from=builder /usr/share/dbus-1/services/org.bluez.obex.service /usr/share/dbus-1/services/
+COPY --from=builder /usr/share/dbus-1/system-services/org.bluez.service /usr/share/dbus-1/system-services/
+COPY --from=builder /usr/include/bluetooth/* /usr/include/bluetooth/
+COPY --from=builder /usr/share/man/man1* /usr/share/man/man1/
+COPY --from=builder /usr/share/man/man8/bluetoothd.8 /usr/share/man/man8/
+COPY --from=builder /usr/lib/pkgconfig/bluez.pc /usr/lib/pkgconfig/
+COPY --from=builder /usr/lib/bluetooth/plugins/external-dummy.so /usr/lib/bluetooth/plugins/
+COPY --from=builder /usr/lib/bluetooth/plugins/external-dummy.la /usr/lib/bluetooth/plugins/
+COPY --from=builder /lib/udev/rules.d/97-hid2hci.rules /lib/udev/rules.d/
+COPY --from=builder /lib/systemd/system/bluetooth.service /lib/systemd/system/
+COPY --from=builder /usr/lib/systemd/user/obex.service /usr/lib/systemd/user/
+COPY --from=builder /lib/udev/hid2hci /lib/udev/
 
 #SSH port
 EXPOSE 22

README.md

@@ -1,5 +1,10 @@
 ## Bluetooth
 
+[![](https://images.microbadger.com/badges/image/hilschernetpi/netpi-bluetooth.svg)](https://microbadger.com/images/hilschernetpi/netpi-bluetooth "Bluetooth")
+[![](https://images.microbadger.com/badges/commit/hilschernetpi/netpi-bluetooth.svg)](https://microbadger.com/images/hilschernetpi//netpi-bluetooth "Bluetooth")
+[![Docker Registry](https://img.shields.io/docker/pulls/hilschernetpi/netpi-bluetooth.svg)](https://registry.hub.docker.com/u/hilschernetpi/netpi-bluetooth/) 
+[![Image last updated](https://img.shields.io/badge/dynamic/json.svg?url=https://api.microbadger.com/v1/images/hilschernetpi/netpi-bluetooth&label=Image%20last%20updated&query=$.LastUpdated&colorB=007ec6)](http://microbadger.com/images/hilschernetpi/netpi-bluetooth "Image last updated") 
+
 Made for [netPI](https://www.netiot.com/netpi/), the Raspberry Pi 3B Architecture based industrial suited Open Edge Connectivity Ecosystem
 
 ### Debian with SSH, dbus and latest bluez bluetooth stack 
@@ -18,7 +23,9 @@ Hint: Using this mode makes port mapping unnecessary since all the container's u
 
 ##### Privileged mode
 
-Only the privileged mode option lifts the enforced container limitations to allow usage of bluetooth in a container.
+The privileged mode option needs to be activated to lift the standard Docker enforced container limitations. With this setting the container and the applications inside are the getting (almost) all capabilities as if running on the Host directly. 
+
+netPI's secure reference software architecture prohibits root access to the Host system always. Even if priviledged mode is activated the intrinsic security of the Host Linux Kernel can not be compromised.
 
 ##### Host device
 
@@ -28,25 +35,25 @@ To prevent the container from failing to load the BCM chip with firmware(when re
 
 #### Getting started
 
-STEP 1. Open netPI's landing page under `https://<netpi's ip address>`.
+STEP 1. Open netPI's website in your browser (https).
 
 STEP 2. Click the Docker tile to open the [Portainer.io](http://portainer.io/) Docker management user interface.
 
-STEP 3. Enter the following parameters under **Containers > Add Container**
-
-* **Image**: `hilschernetpi/netpi-bluetooth`
-
-* **Network > Network**: `Host`
-
-* **Restart policy"** : `always`
+STEP 3. Enter the following parameters under *Containers > + Add Container*
 
-* **Runtime > Devices > add device**: `Host "/dev/ttyAMA0" -> Container "/dev/ttyAMA0"` and `Host "/dev/vcio" -> Container "/dev/vcio"`
+Parameter | Value | Remark
+:---------|:------ |:------
+*Image* | **hilschernetpi/netpi-bluetooth** |
+*Network > Network* | **host** |
+*Restart policy* | **always**
+*Runtime > Devices > +add device* | *Host path* **/dev/ttyAMA0** -> *Container path* **/dev/ttyAMA0** |
+*Runtime > Devices > +add device* | *Host path* **/dev/vcio** -> *Container path* **/dev/vcio** | 
+*Runtime > Privileged mode* | **On** |
 
-* **Runtime > Privileged mode** : `On`
 
-STEP 4. Press the button **Actions > Start/Deploy container**
+STEP 4. Press the button *Actions > Start/Deploy container*
 
-Pulling the image may take a while (5-10mins). Sometimes it takes so long that a time out is indicated. In this case repeat the **Actions > Start/Deploy container** action.
+Pulling the image may take a while (5-10mins). Sometimes it may take too long and a time out is indicated. In this case repeat STEP 4.
 
 #### Accessing
 

hooks/build

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+echo "Build hook is running"
+docker build --build-arg BUILD_DATE=`date -u +"%Y-%m-%dT%H:%M:%SZ"` \
+             --build-arg VCS_REF=`git rev-parse --short HEAD` \
+             -t $IMAGE_NAME .
+