* added documentation & scripts for full automation of gitian bitcoin builds

10 years ago · 5a444d84a8
parent 22c9a8a461
commit 5a444d84a8
9 changed files with 50 additions and 44 deletions
--- a/docker/gitian-bitcoin-host/Dockerfile
+++ b/docker/gitian-bitcoin-host/Dockerfile
@ -11,7 +11,6 @@ WORKDIR /home/debian

 RUN cd gitian-builder && patch -p1 < ../gitian.patch

-ADD step1.sh /home/debian/
-ADD step2.sh /home/debian/
+ADD build-bitcoin.sh /home/debian/

 RUN chown -R debian.debian /home/debian/
--- a/docker/gitian-bitcoin-host/README.md
+++ b/docker/gitian-bitcoin-host/README.md
@ -5,59 +5,41 @@ This image currently supports only building of bitcoin 0.9.1, but it can be easi

 It is based on https://github.com/bitcoin/bitcoin/blob/0.9.1/doc/release-process.md (and more recent versions).

-Preparing the gitian environment
--------------------------------
+Before proceeding make sure you have created the necessary gdm85/wheezy and gdm85/gitian-host images, see [these instructions](../gitian-host/README.md).

-First, login into the freshly spawned gitian-host container with 'debian' user. If you login via ssh then do not forget to discard environment with:
+Afterwards you can create this image by running scripts/create-gitian-bitcoin-host.sh.

-```sh
-ssh -o SendEnv= debian@your-gitian-host
-```
-This is to overcome an issue in gitian-builder that allows pollution of the LXC environment.
-
-Step 1: base VMs
----------------
+Preparing the gitian environment
+--------------------------------

-Step 1 is a script that allows creation of the base VMs. In your debian home directory, as debian user, run:
+If you have already prepared the base VMs inside the gitian host container, all what you need to do is:

 ```sh
-./step1.sh
+ssh -o SendEnv= debian@your-gitian-host ./build-bitcoin.sh
 ```

-And wait for the creation of i386 and amd64 images.
-Once done, you have prepared a gitian builder environment for deterministic bitcoin builds. You might want to stop the container and create an image to store away so that in future you can fork from here for new builds.
+That is a script that will build dependencies and bitcoin for both i386 and amd64 Linux architectures.

-Step 2: building dependencies & bitcoin
---------------------------------------
-
-This will build all dependencies:
-```sh
-./step2.sh
-```
-
-(You can also run both step1.sh and step2.sh altogether):
-```sh
-ssh -o SendEnv= debian@your-gitian-host "step1.sh && step2.sh"
-```
+**NOTE:** the SendEnv= is there to overcome an issue in gitian-builder that allows pollution of the LXC environment.

 Signing
 -------

 Now you have completed the build of bitcoin and only the signing part is left.
-Before doing that, you can inspect that signatures are matching with other developers by peeking inside ~/gitian.sigs
+Before doing that, you can inspect that signatures are matching with other developers by peeking inside ~/gitian.sigs of the running container.

-Script to sign the build:
+In order to sign you have to either put your private key in the container's ~/.gnupg or perform the signing externally, at your option.
+If you have the private key in the container (so displayed by `gpg -K`), then you can use this script:
 ```bash
 #!/bin/bash
 set -e
 export SIGNER=yourSignerName
 export VERSION=0.9.1

+cd gitian-builder
 ./bin/gsign --signer $SIGNER --release ${VERSION} --destination ../gitian.sigs/ ../bitcoin/contrib/gitian-descriptors/gitian-linux.yml
 ```

-***NOTE:*** this will fail if you do not have $SIGNER's secret key in `gpg -K`
-
 Submitting your signature
 -------------------------

--- a/docker/gitian-bitcoin-host/build-bitcoin.sh
+++ b/docker/gitian-bitcoin-host/build-bitcoin.sh
--- a/docker/gitian-host/README.md
+++ b/docker/gitian-host/README.md
@ -1,18 +1,15 @@
-What is this?
-=============
+Gitian host docker container
+============================

 A [Dockerfile](http://docs.docker.io/reference/builder/) to generate a [gitian-builder](https://gitian.org/) host image, that can subsequently be used for reproducible builds using LXC VMs.

-It goes like this:
-```<your real host> -> docker -> gitian-host container -> <LXC containers to perform gbuilds>```
-
-Yes, it's a bit of an inception.
+Hierarchy:
+```<your real host (running docker daemon> -> gitian-host container -> <LXC containers to perform gbuilds>```

 See also https://github.com/devrandom/gitian-builder/issues/53

 How to build the image
 ----------------------
-
 I have not yet pushed images to the [Docker Registry](https://index.docker.io/), but it is a non-issue because you are supposed to create your images from scratch.

 First run **scripts/build-wheezy.sh** to get a Debian Wheezy image debootstrapped from Debian repositories.
@ -24,15 +21,24 @@ At this point run **scripts/create-gitian-host.sh**, if all goes well then you c
 ```
 $ scripts/spawn-gitian-host.sh
 You can now SSH into container 8a955ff5607b62d4c295745f27bbc38f2e8e011ea93053e641617d50ad2aa5a2:
-ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no debian@172.17.0.2
+ssh -o SendEnv= -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no debian@172.17.0.2
 $ 
 ```

 **NOTE:** when I say "run", what I really mean is "read the script, study it for your own learning purposes, then run it" ;)

-This will create a privileged container that you can access with the SSH command displayed
+This will create a privileged container that you can access with the SSH command displayed.
+
+First step
+----------
+
+As first step it is reccomended to run the script ./build-base-vms.sh; this will take a while to create the VMs.
+Once done, you have prepared a gitian builder environment for deterministic bitcoin builds. You might want to stop the container and create an image to store away so that in future you can fork from there for new builds.
+
+Derived images
+--------------
+A [bitcoin gitian host container](../gitian-bitcoin/host/README.md) is available.

 Credits
 -------
-
 Thanks to jpetazzo for [dind](https://github.com/jpetazzo/dind) and to the vibrant Docker community for the help&assistance!
--- a/docker/gitian-host/build-base-vms.sh
+++ b/docker/gitian-host/build-base-vms.sh
--- a/docker/scripts/create-gitian-bitcoin-host.sh
+++ b/docker/scripts/create-gitian-bitcoin-host.sh
@ -0,0 +1,8 @@
+#!/bin/bash
+
+set -e
+
+BASENAME=$(dirname $(readlink -m $0))
+
+cd $BASENAME/../gitian-bitcoin-host && \
+docker build --tag=gdm85/gitian-bitcoin-host .
--- a/docker/scripts/create-gitian-host.sh
+++ b/docker/scripts/create-gitian-host.sh
@ -1,6 +1,8 @@
 #!/bin/bash

-cd ../gitian-host || exit $?
+BASENAME=$(dirname $(readlink -m $0))
+
+cd $BASENAME/../gitian-host || exit $?

 if [ ! -f authorized_keys ]; then
 	echo "No authorized_keys file found in $PWD"
--- a/docker/scripts/spawn-gitian-bitcoin-host.sh
+++ b/docker/scripts/spawn-gitian-bitcoin-host.sh
@ -0,0 +1,9 @@
+#!/bin/bash
+
+set -e
+
+CID=$(docker run -d --privileged gdm85/gitian-bitcoin-host) || exit $?
+IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' $CID) || exit $?
+
+echo "You can now SSH into container $CID:"
+echo "ssh -o SendEnv= -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no debian@$IP"
--- a/docker/scripts/spawn-gitian-host.sh
+++ b/docker/scripts/spawn-gitian-host.sh
@ -6,4 +6,4 @@ CID=$(docker run -d --privileged gdm85/gitian-host) || exit $?
 IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' $CID) || exit $?

 echo "You can now SSH into container $CID:"
-echo "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no debian@$IP"
+echo "ssh -o SendEnv= -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no debian@$IP"