From c0187089f493e1fabee2a4f1239e2e12710f5dab Mon Sep 17 00:00:00 2001
From: Seth For Privacy <40500387+sethforprivacy@users.noreply.github.com>
Date: Mon, 22 Jun 2026 20:57:26 -0400
Subject: [PATCH] Optimize final image: runtime libs instead of -dev, pin base
 image

The final runtime stage installed full -dev packages (headers, static
archives, build-time deps) when only the runtime shared libraries are
needed. Replace them with the runtime-only equivalents, verified via
`ldd` on the built p2pool binary against the pinned base.

Changes:
- Final stage: install runtime libs instead of -dev packages
  (libuv1t64, libzmq5, libsodium23, libpgm-5.3-0t64, libnorm1t64,
  libgssapi-krb5-2, libcurl4t64, libidn2-0). Note the t64 names on
  Ubuntu 24.04 due to the 64-bit time_t transition.
- Pin both stages to ubuntu:24.04 (current LTS) instead of
  ubuntu:latest for reproducible builds. Renovate's docker manager
  keeps this current.
- Add --depth 1 --shallow-submodules to the git clone for faster,
  lighter source checkout.

Local verification (native arm64):
- Build succeeds (exit 0).
- `docker run --rm p2pool:test --help` prints "P2Pool v4.17" + usage.
- `ldd` on the binary in the final image: all libs resolve, none missing.
- Image size: 317MB -> 188MB (-129MB, -41%).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 Dockerfile | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 886c38c..36ff119 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,7 +1,7 @@
 ARG P2POOL_BRANCH=v4.17
 
-# Select latest Ubuntu LTS for the build image base
-FROM ubuntu:latest as build
+# Pin to the latest Ubuntu LTS for the build image base (kept current by Renovate)
+FROM ubuntu:24.04 as build
 LABEL author="sethforprivacy@protonmail.com" \
       maintainer="sethforprivacy@protonmail.com"
 
@@ -24,20 +24,22 @@ WORKDIR /p2pool
 
 # Git pull p2pool source at specified tag/branch
 ARG P2POOL_BRANCH
-RUN git clone --recursive --branch ${P2POOL_BRANCH} https://github.com/SChernykh/p2pool .
+RUN git clone --recursive --depth 1 --shallow-submodules --branch ${P2POOL_BRANCH} https://github.com/SChernykh/p2pool .
 
 # Make static p2pool binary
 ARG NPROC
 RUN test -z "$NPROC" && nproc > /nproc || echo -n "$NPROC" > /nproc && mkdir build && cd build && cmake .. && make -j"$(cat /nproc)"
 
-# Select latest Ubuntu LTS for the image base
-FROM ubuntu:latest
+# Pin to the latest Ubuntu LTS for the image base (kept current by Renovate)
+FROM ubuntu:24.04
 
-# Install remaining dependencies
+# Install only the runtime shared libraries that the p2pool binary links against
+# (runtime equivalents of the build-stage -dev packages, verified via ldd on the
+# built binary against the pinned Ubuntu 24.04 base)
 RUN apt-get update \
     && apt-get upgrade -y \
-    && apt-get install --no-install-recommends -y libuv1-dev libzmq3-dev libsodium-dev \
-    libpgm-dev libnorm-dev libgss-dev libcurl4-openssl-dev libidn2-0-dev \
+    && apt-get install --no-install-recommends -y libuv1t64 libzmq5 libsodium23 \
+    libpgm-5.3-0t64 libnorm1t64 libgssapi-krb5-2 libcurl4t64 libidn2-0 \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/*