Add docker support for hub

tools/Dockerfile

@@ -0,0 +1,23 @@
+FROM alpine as builder
+
+# Ensure ca-certficates are up to date
+# RUN update-ca-certificates
+
+# Download and verify portmaster-start binary.
+RUN mkdir /init
+RUN wget https://updates.safing.io/linux_amd64/start/portmaster-start_v0-9-5 -O /init/portmaster-start 
+COPY start-checksum.txt /init/start-checksum
+RUN cd /init && sha256sum -c /init/start-checksum
+RUN chmod 555 /init/portmaster-start
+
+# Use minimal image as base.
+FROM alpine
+
+# Copy the static executable.
+COPY --from=builder /init/portmaster-start /init/portmaster-start 
+
+# Copy the init script
+COPY container-init.sh /init.sh
+
+# Run the hub.
+ENTRYPOINT ["/init.sh"]

tools/container-init.sh

@@ -0,0 +1,30 @@
+#!/bin/sh
+
+DATA="/data"
+START="/data/portmaster-start"
+INIT_START="/init/portmaster-start"
+
+# Set safe shell options.
+set -euf -o pipefail
+
+# Check if data dir is mounted.
+if [ ! -d $DATA ]; then
+  echo "Nothing mounted at $DATA, aborting."
+  exit 1
+fi
+
+# Copy init start to correct location, if not available.
+if [ ! -f $START ]; then
+  cp $INIT_START $START
+fi
+
+# Download updates.
+echo "running: $START update --data /data --intel-only"
+$START update --data /data --intel-only
+
+# Remove PID file, which could have been left after a crash.
+rm -f $DATA/hub-lock.pid
+
+# Always start the SPN Hub with the updated main start binary.
+echo "running: $START hub --data /data -- $@"
+$START hub --data /data -- $@

tools/start-checksum.txt

@@ -0,0 +1 @@
+ce290b85aa47073e405da597457299ef2dbf72da4f97199efc8fc8826d43886a  ./portmaster-start