From c5323cd2e2eb8289712c7b9a3b4deb613f2ae8aa Mon Sep 17 00:00:00 2001
From: Jan-Erik Rediger <janerik@fnordig.de>
Date: Fri, 24 May 2024 23:42:04 +0200
Subject: [PATCH] A docker file to run the backend

---
 backend/Dockerfile     | 48 ++++++++++++++++++++++++++++++++++++++++++
 backend/src/sandbox.rs | 10 ++++++---
 2 files changed, 55 insertions(+), 3 deletions(-)
 create mode 100644 backend/Dockerfile

diff --git a/backend/Dockerfile b/backend/Dockerfile
new file mode 100644
index 0000000..d2c647c
--- /dev/null
+++ b/backend/Dockerfile
@@ -0,0 +1,48 @@
+FROM ubuntu:24.04 as harebuild
+
+RUN apt-get update -qq \
+  && apt-get install -qy --no-install-recommends \
+    build-essential \
+    git \
+    scdoc \
+    ca-certificates \
+    wget
+
+RUN wget https://c9x.me/compile/release/qbe-1.2.tar.xz && \
+  tar -xf qbe-1.2.tar.xz && \
+  cd qbe-1.2 && \
+  make && \
+  make install
+
+RUN git clone https://git.sr.ht/~sircmpwn/harec && \
+      cd harec && \
+      cp configs/linux.mk config.mk && \
+      make && \
+      make install
+
+RUN git clone https://git.sr.ht/~sircmpwn/hare && \
+      cd hare && \
+      cp configs/linux.mk config.mk && \
+      make && \
+      make install
+
+FROM rust:1.78 as rustbuild
+
+WORKDIR /src
+COPY ./ ./
+RUN cargo build --release
+
+FROM ubuntu:24.04
+
+RUN apt-get update -qq \
+  && apt-get install -qy --no-install-recommends \
+    ca-certificates \
+    tzdata \
+    bubblewrap \
+    binutils \
+    vim
+
+COPY --from=harebuild /usr/local /usr/local
+COPY --from=rustbuild /src/target/release/backend /usr/local/bin/backend
+
+ENTRYPOINT ["/usr/local/bin/backend"]
diff --git a/backend/src/sandbox.rs b/backend/src/sandbox.rs
index 9d6544d..e8c26e5 100644
--- a/backend/src/sandbox.rs
+++ b/backend/src/sandbox.rs
@@ -1,6 +1,5 @@
 use std::fs::File;
 use std::io::Write;
-use std::os::fd::AsRawFd;
 use std::process::Command;
 
 use tempfile::{TempDir, NamedTempFile};
@@ -14,13 +13,18 @@ const STATIC_ARGS: &[&str] = &[
     "--proc", "/proc",
     "--dev", "/dev",
     "--ro-bind", "/etc/resolv.conf", "/etc/resolv.conf",
-    "--ro-bind", "/nix", "/nix",
+    "--symlink", "usr/lib", "/lib",
+    "--symlink", "usr/lib64", "/lib64",
+    "--symlink", "usr/bin", "/bin",
+    "--symlink", "usr/sbin", "/sbin",
     "--unshare-all",
     "--die-with-parent",
     "--clearenv",
+    "--setenv", "PATH", "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+    "--setenv", "HAREPATH", "/usr/local/src/hare/stdlib",
 ];
 
-const HARE_COMMAND: &str = "/nix/store/cnysps4xzry4g26zyz7mmxfjj6wagpa6-hare-0.24.0/bin/hare";
+const HARE_COMMAND: &str = "/usr/local/bin/hare";
 
 /// Default command timeout in seconds.
 const DEFAULT_TIMEOUT: u32 = 10;