* proper fix for SSH environment pollution (see https://bugzilla.mindrot.org/show_bug.cgi?id=1285)

10 years ago · 35611fb24e
parent 823f62f641
commit 35611fb24e
7 changed files with 18 additions and 24 deletions
--- a/docker/gitian-bitcoin-host/Dockerfile
+++ b/docker/gitian-bitcoin-host/Dockerfile
@ -11,11 +11,10 @@ RUN apt-get install -y parallel patch

 ADD gitian.patch /home/debian/

-WORKDIR /home/debian
-
 ## patch to allow paralle creation of VMs
-RUN cd gitian-builder && patch -p1 < ../gitian.patch
+RUN cd /home/debian/gitian-builder && patch -p1 < ../gitian.patch

+ADD input-sources/ /home/debian/input-sources/
 ADD build-bitcoin.sh /home/debian/
 ADD sign.sh /home/debian/

--- a/docker/gitian-bitcoin-host/README.md
+++ b/docker/gitian-bitcoin-host/README.md
@ -34,13 +34,11 @@ This script will create the running docker container and provide details about h
 ```
 $ scripts/spawn-gitian-bitcoin-host.sh
 You can now SSH into container 3bc0d0611374ca4d4730fd5fb1067808b1bcfd072ec7cf029393a7fd99ec856e:
-ssh -o SendEnv= -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no debian@172.17.0.3
+ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no debian@172.17.0.3
 $ 
 ```

-Use this specific SSH command line to get a shell in the container and proceed to next steps.
-
-**NOTE:** the SendEnv= is there to overcome an [issue](https://github.com/devrandom/gitian-builder/issues/56) in gitian-builder that allows pollution of the LXC environment.
+You can use this specific SSH command line to get a shell in the container and proceed to next steps.

 Preparing the gitian environment
 --------------------------------
--- a/docker/gitian-bitcoin-host/build-bitcoin.sh
+++ b/docker/gitian-bitcoin-host/build-bitcoin.sh
@ -1,5 +1,4 @@
 #!/bin/bash
-set -e

 if [[ ! $# -eq 1 ]]; then
 	echo "Please specify version" 1>&2
@ -8,12 +7,12 @@ fi

 VERSION="$1"

-git clone https://github.com/bitcoin/bitcoin.git
-cd bitcoin
-git checkout v${VERSION}
+git clone https://github.com/bitcoin/bitcoin.git && \
+cd bitcoin && \
+git checkout v${VERSION} || exit $?

-cd ../gitian-builder
-mkdir -p inputs; cd inputs/
+cd ../gitian-builder && \
+mkdir -p inputs && cd inputs/ || exit $?

 ## get each dependency
 ## they are validated afterwards by gbuild
@ -21,12 +20,12 @@ while read -r URL FNAME; do
 	if [ -z "$URL" ]; then
 		continue
 	fi
-	wget --no-check-certificate "$URL" -O "$FNAME"
-done < ../input-sources/${VERSION}.txt
+	wget --no-check-certificate "$URL" -O "$FNAME" || exit $?
+done < ../input-sources/${VERSION}.txt || exit $?

 cd ..
-./bin/gbuild ../bitcoin/contrib/gitian-descriptors/boost-linux.yml
+./bin/gbuild ../bitcoin/contrib/gitian-descriptors/boost-linux.yml || exit $?
 mv build/out/boost-*.zip inputs/
-./bin/gbuild ../bitcoin/contrib/gitian-descriptors/deps-linux.yml
+./bin/gbuild ../bitcoin/contrib/gitian-descriptors/deps-linux.yml || exit $?
 mv build/out/bitcoin-deps-*.zip inputs/
 ./bin/gbuild --commit bitcoin=v${VERSION} ../bitcoin/contrib/gitian-descriptors/gitian-linux.yml
--- a/docker/gitian-host/Dockerfile
+++ b/docker/gitian-host/Dockerfile
@ -51,15 +51,13 @@ RUN wget http://archive.ubuntu.com/ubuntu/pool/universe/v/vm-builder/vm-builder_
 RUN tar -zxvf vm-builder_0.12.4+bzr489.orig.tar.gz && cd vm-builder-0.12.4+bzr489 && python setup.py install

 ## these must always be loaded when you login as 'debian' user
-RUN echo 'export USE_LXC=1' >> .bash_profile
-RUN echo 'export GITIAN_HOST_IP=10.0.3.2' >> .bash_profile
-RUN echo 'export LXC_GUEST_IP=10.0.3.5' >> .bash_profile
+ADD bash_profile /home/debian/.bash_profile

 ## script used to build base VMs
 ADD build-base-vms.sh /home/debian/

 RUN git clone https://github.com/devrandom/gitian-builder.git --depth=1
-RUN chown -R debian.debian . && chown -R apt-cacher-ng.apt-cacher-ng /var/cache/apt-cacher-ng/
+RUN chown -R debian.debian .bash_profile . && chown -R apt-cacher-ng.apt-cacher-ng /var/cache/apt-cacher-ng/

 ## suggested: run this image with mounted volumes for pre-downloaded inputs and apt-cacher-ng cache
 ## -v inputs:/home/debian/gitian-builder/inputs -v apt-cacher-ng:/var/cache/apt-cacher-ng
--- a/docker/gitian-host/README.md
+++ b/docker/gitian-host/README.md
@ -23,7 +23,7 @@ Afterwards you can spawn a gitian-host container as follows:
 ```
 $ scripts/spawn-gitian-host.sh
 You can now SSH into container 8a955ff5607b62d4c295745f27bbc38f2e8e011ea93053e641617d50ad2aa5a2:
-ssh -o SendEnv= -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no debian@172.17.0.2
+ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no debian@172.17.0.2
 $ 
 ```

--- a/docker/scripts/spawn-gitian-bitcoin-host.sh
+++ b/docker/scripts/spawn-gitian-bitcoin-host.sh
@ -6,4 +6,4 @@ CID=$(docker run -d --privileged gdm85/gitian-bitcoin-host) || exit $?
 IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' $CID) || exit $?

 echo "You can now SSH into container $CID:"
-echo "ssh -o SendEnv= -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no debian@$IP"
+echo "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no debian@$IP"
--- a/docker/scripts/spawn-gitian-host.sh
+++ b/docker/scripts/spawn-gitian-host.sh
@ -6,4 +6,4 @@ CID=$(docker run -d --privileged gdm85/gitian-host) || exit $?
 IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' $CID) || exit $?

 echo "You can now SSH into container $CID:"
-echo "ssh -o SendEnv= -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no debian@$IP"
+echo "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no debian@$IP"