Running Dockerfile.slim with a fresh named volume crashed on startup:
[NODE] open chain: open badger: Error Creating Dir: "/data/chain"
error: mkdir /data/chain: permission denied
Docker copies the mount-point's directory ownership (from the image)
into a new named volume at first attach. In the previous Dockerfile
/data was created implicitly by the VOLUME directive, which means it
was owned by root — but the container runs as the unprivileged
`dchain` user, so it couldn't `mkdir /data/chain` on first boot.
Fix: explicitly `mkdir /data && chown dchain:dchain /data` in the
same RUN that creates the user, before the VOLUME directive. Fresh
volumes now inherit dchain:dchain ownership automatically; no
operator-side `docker run --user root chown` workaround needed.
Operators already running with a root-owned volume from before this
fix need to chown once manually:
docker run --rm -v dchain_data:/data --user root alpine \
sh -c 'chown -R 100:101 /data'
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
When v2.0.0 added the golang.org/x/image/webp dependency (used by the
media scrubber for WebP decoding), go mod tidy bumped the module's
minimum Go version in go.mod:
module go-blockchain
go 1.25.0
The three Dockerfiles in the repo were still pinned to older images:
/Dockerfile FROM golang:1.24-alpine
/deploy/prod/Dockerfile.slim FROM golang:1.24-alpine
/docker/media-sidecar/Dockerfile FROM golang:1.22-alpine
Result: `docker build` on any of them fails at `go mod download` with
go: go.mod requires go >= 1.25.0 (running go 1.24.13; GOTOOLCHAIN=local)
because Alpine's golang image pins GOTOOLCHAIN=local to keep the
toolchain reproducible.
Fix: bump all three to golang:1.25-alpine. The media-sidecar module
doesn't actually need 1.25 (it's self-contained and only uses stdlib),
but keeping all three in sync avoids surprise the next time somebody
adds a dep.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
