From 5a444d84a80dea5669b9a37cd7328f6cd80dfd21 Mon Sep 17 00:00:00 2001
From: gdm85 <gdm85@users.noreply.github.com>
Date: Tue, 3 Jun 2014 10:27:47 +0200
Subject: [PATCH] * added documentation & scripts for full automation of gitian
 bitcoin builds

---
 docker/gitian-bitcoin-host/Dockerfile         |  3 +-
 docker/gitian-bitcoin-host/README.md          | 42 ++++++-------------
 .../{step2.sh => build-bitcoin.sh}            |  0
 docker/gitian-host/README.md                  | 26 +++++++-----
 .../{build-vms.sh => build-base-vms.sh}       |  0
 docker/scripts/create-gitian-bitcoin-host.sh  |  8 ++++
 docker/scripts/create-gitian-host.sh          |  4 +-
 docker/scripts/spawn-gitian-bitcoin-host.sh   |  9 ++++
 docker/scripts/spawn-gitian-host.sh           |  2 +-
 9 files changed, 50 insertions(+), 44 deletions(-)
 rename docker/gitian-bitcoin-host/{step2.sh => build-bitcoin.sh} (100%)
 rename docker/gitian-host/{build-vms.sh => build-base-vms.sh} (100%)
 create mode 100755 docker/scripts/create-gitian-bitcoin-host.sh
 create mode 100755 docker/scripts/spawn-gitian-bitcoin-host.sh

diff --git a/docker/gitian-bitcoin-host/Dockerfile b/docker/gitian-bitcoin-host/Dockerfile
index 7078d7b..1dff3b6 100644
--- a/docker/gitian-bitcoin-host/Dockerfile
+++ b/docker/gitian-bitcoin-host/Dockerfile
@@ -11,7 +11,6 @@ WORKDIR /home/debian
 
 RUN cd gitian-builder && patch -p1 < ../gitian.patch
 
-ADD step1.sh /home/debian/
-ADD step2.sh /home/debian/
+ADD build-bitcoin.sh /home/debian/
 
 RUN chown -R debian.debian /home/debian/
diff --git a/docker/gitian-bitcoin-host/README.md b/docker/gitian-bitcoin-host/README.md
index 28f350b..e676f71 100644
--- a/docker/gitian-bitcoin-host/README.md
+++ b/docker/gitian-bitcoin-host/README.md
@@ -5,59 +5,41 @@ This image currently supports only building of bitcoin 0.9.1, but it can be easi
 
 It is based on https://github.com/bitcoin/bitcoin/blob/0.9.1/doc/release-process.md (and more recent versions).
 
-Preparing the gitian environment
---------------------------------
+Before proceeding make sure you have created the necessary gdm85/wheezy and gdm85/gitian-host images, see [these instructions](../gitian-host/README.md).
 
-First, login into the freshly spawned gitian-host container with 'debian' user. If you login via ssh then do not forget to discard environment with:
+Afterwards you can create this image by running scripts/create-gitian-bitcoin-host.sh.
 
-```sh
-ssh -o SendEnv= debian@your-gitian-host
-```
-This is to overcome an issue in gitian-builder that allows pollution of the LXC environment.
-
-Step 1: base VMs
-----------------
+Preparing the gitian environment
+--------------------------------
 
-Step 1 is a script that allows creation of the base VMs. In your debian home directory, as debian user, run:
+If you have already prepared the base VMs inside the gitian host container, all what you need to do is:
 
 ```sh
-./step1.sh
+ssh -o SendEnv= debian@your-gitian-host ./build-bitcoin.sh
 ```
 
-And wait for the creation of i386 and amd64 images.
-Once done, you have prepared a gitian builder environment for deterministic bitcoin builds. You might want to stop the container and create an image to store away so that in future you can fork from here for new builds.
+That is a script that will build dependencies and bitcoin for both i386 and amd64 Linux architectures.
 
-Step 2: building dependencies & bitcoin
----------------------------------------
-
-This will build all dependencies:
-```sh
-./step2.sh
-```
-
-(You can also run both step1.sh and step2.sh altogether):
-```sh
-ssh -o SendEnv= debian@your-gitian-host "step1.sh && step2.sh"
-```
+**NOTE:** the SendEnv= is there to overcome an issue in gitian-builder that allows pollution of the LXC environment.
 
 Signing
 -------
 
 Now you have completed the build of bitcoin and only the signing part is left.
-Before doing that, you can inspect that signatures are matching with other developers by peeking inside ~/gitian.sigs
+Before doing that, you can inspect that signatures are matching with other developers by peeking inside ~/gitian.sigs of the running container.
 
-Script to sign the build:
+In order to sign you have to either put your private key in the container's ~/.gnupg or perform the signing externally, at your option.
+If you have the private key in the container (so displayed by `gpg -K`), then you can use this script:
 ```bash
 #!/bin/bash
 set -e
 export SIGNER=yourSignerName
 export VERSION=0.9.1
 
+cd gitian-builder
 ./bin/gsign --signer $SIGNER --release ${VERSION} --destination ../gitian.sigs/ ../bitcoin/contrib/gitian-descriptors/gitian-linux.yml
 ```
 
-***NOTE:*** this will fail if you do not have $SIGNER's secret key in `gpg -K`
-
 Submitting your signature
 -------------------------
 
diff --git a/docker/gitian-bitcoin-host/step2.sh b/docker/gitian-bitcoin-host/build-bitcoin.sh
similarity index 100%
rename from docker/gitian-bitcoin-host/step2.sh
rename to docker/gitian-bitcoin-host/build-bitcoin.sh
diff --git a/docker/gitian-host/README.md b/docker/gitian-host/README.md
index 1b61799..a59e683 100644
--- a/docker/gitian-host/README.md
+++ b/docker/gitian-host/README.md
@@ -1,18 +1,15 @@
-What is this?
-=============
+Gitian host docker container
+============================
 
 A [Dockerfile](http://docs.docker.io/reference/builder/) to generate a [gitian-builder](https://gitian.org/) host image, that can subsequently be used for reproducible builds using LXC VMs.
 
-It goes like this:
-```<your real host> -> docker -> gitian-host container -> <LXC containers to perform gbuilds>```
-
-Yes, it's a bit of an inception.
+Hierarchy:
+```<your real host (running docker daemon> -> gitian-host container -> <LXC containers to perform gbuilds>```
 
 See also https://github.com/devrandom/gitian-builder/issues/53
 
 How to build the image
 ----------------------
-
 I have not yet pushed images to the [Docker Registry](https://index.docker.io/), but it is a non-issue because you are supposed to create your images from scratch.
 
 First run **scripts/build-wheezy.sh** to get a Debian Wheezy image debootstrapped from Debian repositories.
@@ -24,15 +21,24 @@ At this point run **scripts/create-gitian-host.sh**, if all goes well then you c
 ```
 $ scripts/spawn-gitian-host.sh
 You can now SSH into container 8a955ff5607b62d4c295745f27bbc38f2e8e011ea93053e641617d50ad2aa5a2:
-ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no debian@172.17.0.2
+ssh -o SendEnv= -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no debian@172.17.0.2
 $ 
 ```
 
 **NOTE:** when I say "run", what I really mean is "read the script, study it for your own learning purposes, then run it" ;)
 
-This will create a privileged container that you can access with the SSH command displayed
+This will create a privileged container that you can access with the SSH command displayed.
+
+First step
+----------
+
+As first step it is reccomended to run the script ./build-base-vms.sh; this will take a while to create the VMs.
+Once done, you have prepared a gitian builder environment for deterministic bitcoin builds. You might want to stop the container and create an image to store away so that in future you can fork from there for new builds.
+
+Derived images
+--------------
+A [bitcoin gitian host container](../gitian-bitcoin/host/README.md) is available.
 
 Credits
 -------
-
 Thanks to jpetazzo for [dind](https://github.com/jpetazzo/dind) and to the vibrant Docker community for the help&assistance!
diff --git a/docker/gitian-host/build-vms.sh b/docker/gitian-host/build-base-vms.sh
similarity index 100%
rename from docker/gitian-host/build-vms.sh
rename to docker/gitian-host/build-base-vms.sh
diff --git a/docker/scripts/create-gitian-bitcoin-host.sh b/docker/scripts/create-gitian-bitcoin-host.sh
new file mode 100755
index 0000000..4623258
--- /dev/null
+++ b/docker/scripts/create-gitian-bitcoin-host.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+set -e
+
+BASENAME=$(dirname $(readlink -m $0))
+
+cd $BASENAME/../gitian-bitcoin-host && \
+docker build --tag=gdm85/gitian-bitcoin-host .
diff --git a/docker/scripts/create-gitian-host.sh b/docker/scripts/create-gitian-host.sh
index b6ea0f8..80d4041 100755
--- a/docker/scripts/create-gitian-host.sh
+++ b/docker/scripts/create-gitian-host.sh
@@ -1,6 +1,8 @@
 #!/bin/bash
 
-cd ../gitian-host || exit $?
+BASENAME=$(dirname $(readlink -m $0))
+
+cd $BASENAME/../gitian-host || exit $?
 
 if [ ! -f authorized_keys ]; then
 	echo "No authorized_keys file found in $PWD"
diff --git a/docker/scripts/spawn-gitian-bitcoin-host.sh b/docker/scripts/spawn-gitian-bitcoin-host.sh
new file mode 100755
index 0000000..499bda9
--- /dev/null
+++ b/docker/scripts/spawn-gitian-bitcoin-host.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+set -e
+
+CID=$(docker run -d --privileged gdm85/gitian-bitcoin-host) || exit $?
+IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' $CID) || exit $?
+
+echo "You can now SSH into container $CID:"
+echo "ssh -o SendEnv= -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no debian@$IP"
diff --git a/docker/scripts/spawn-gitian-host.sh b/docker/scripts/spawn-gitian-host.sh
index 49d8dd3..7235795 100755
--- a/docker/scripts/spawn-gitian-host.sh
+++ b/docker/scripts/spawn-gitian-host.sh
@@ -6,4 +6,4 @@ CID=$(docker run -d --privileged gdm85/gitian-host) || exit $?
 IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' $CID) || exit $?
 
 echo "You can now SSH into container $CID:"
-echo "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no debian@$IP"
+echo "ssh -o SendEnv= -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no debian@$IP"