* added workaround for Docker glitch with file permissions

* a few improvements to documentation, describing steps needed to build bitcoin
10 years ago · afc8353fe0
parent bb1d304753
commit afc8353fe0
3 changed files with 41 additions and 17 deletions
--- a/docker/gitian-bitcoin-host/README.md
+++ b/docker/gitian-bitcoin-host/README.md
@ -2,13 +2,12 @@ Building bitcoin with a gitian-builder Docker container
 =======================================================

 This image allows automated gitian builds of bitcoin using a docker container.
-Before proceeding make sure you have created the necessary *wheezy* and *gitian-host* images, see [these instructions](../gitian-host/README.md).
+Before proceeding make sure you have created the necessary *wheezy* and *gitian-host* images, see [these instructions](../gitian-host/README.md) for the creation of both.

-Afterwards you can create the image by running [create-gitian-bitcoin-host.sh).
-](../scripts/create-gitian-bitcoin-host.sh).
+Afterwards you can create the *gitian-bitcoin-host* image by running [scripts/create-gitian-bitcoin-host.sh](../scripts/create-gitian-bitcoin-host.sh).

 NOTE: this image currently supports only building of bitcoin 0.9.1, but it can be easily adapted to build other versions.
-You can submit the source lists for other versions as a patch or pull request.
+You can submit the source lists for other versions as a patch or pull request, see directory [input-sources/](input-sources/) for currently available versions.

 Preamble
 --------
@ -24,21 +23,40 @@ See also:
 - https://www.docker.io/
 - http://www.ubuntu.com/

+Spawning a container
+--------------------
+
+You can spawn a new container for Gitian bitcoin builds with:
+
+- [scripts/spawn-gitian-bitcoin-host.sh](scripts/spawn-gitian-bitcoin-host.sh)
+
+This script will create the running docker container and provide details about how to connect via SSH to the container, example:
+```
+$ scripts/spawn-gitian-bitcoin-host.sh
+You can now SSH into container 3bc0d0611374ca4d4730fd5fb1067808b1bcfd072ec7cf029393a7fd99ec856e:
+ssh -o SendEnv= -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no debian@172.17.0.3
+$ 
+```
+
+Use this specific SSH command line to get a shell in the container and proceed to next steps.
+
+**NOTE:** the SendEnv= is there to overcome an [issue](https://github.com/devrandom/gitian-builder/issues/56) in gitian-builder that allows pollution of the LXC environment.
+
 Preparing the gitian environment
 --------------------------------

-If you have already prepared the base VMs ([/build-base-vms.sh](../gitian-host/build-base-vms.sh)) inside the gitian host container, all what you need to do is:
+First prepare the base VMs inside the gitian host container by running:

-```sh
-ssh -o SendEnv= debian@your-gitian-host ./build-bitcoin.sh 0.9.1
-```
+- [./build-base-vms.sh](../gitian-host/build-base-vms.sh)
+
+This operation will take a while; afterwards you can proceed to building bitcoin with:
+
+- [./build-bitcoin.sh](build-bitcoin.sh) 0.9.1

 Notice the parameter 0.9.1, that is the version we are going to build.

 [build-bitcoin.sh](build-bitcoin.sh) is a script that will download & build all the dependencies and then bitcoin itself, for both i386 and amd64 Linux architectures.

-**NOTE:** the SendEnv= is there to overcome an [issue](https://github.com/devrandom/gitian-builder/issues/56) in gitian-builder that allows pollution of the LXC environment.
-
 Signing
 -------

--- a/docker/gitian-host/Dockerfile
+++ b/docker/gitian-host/Dockerfile
@ -37,14 +37,14 @@ EXPOSE 22
 RUN echo "%sudo ALL=NOPASSWD: /usr/bin/lxc-start" > /etc/sudoers.d/gitian-lxc
 RUN echo 'debian ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/debian-sudo

-##NOTE: all the chown/chmod hacks are workarounds to docker's glitches
-RUN useradd -m -s /bin/bash debian && adduser debian sudo && mkdir /home/debian/.ssh && chown debian.debian /home/debian/.ssh
-
-WORKDIR /home/debian
+RUN useradd -m -s /bin/bash debian && adduser debian sudo && mkdir /home/debian/.ssh

 ## provide authorized keys to allow connections inside host
-ADD authorized_keys /home/debian/.ssh/authorized_keys
-RUN chown -R debian.debian .ssh && chmod -R go-rwx /home/debian/.ssh
+## NOTE: this is placed in debian user directory by setup.sh script
+## reason is that there is a Docker glitch with file permissions when adding this
+ADD authorized_keys /root/
+
+WORKDIR /home/debian

 ## download in clear HTTP & check md5 right afterwards
 RUN wget http://archive.ubuntu.com/ubuntu/pool/universe/v/vm-builder/vm-builder_0.12.4+bzr489.orig.tar.gz && echo "ec12e0070a007989561bfee5862c89a32c301992dd2771c4d5078ef1b3014f03  vm-builder_0.12.4+bzr489.orig.tar.gz" | sha256sum -c
--- a/docker/gitian-host/setup.sh
+++ b/docker/gitian-host/setup.sh
@ -42,7 +42,7 @@ fi
 for SUBSYS in $(cut -d: -f2 /proc/1/cgroup)
 do
        [ -d $CGROUP/$SUBSYS ] || mkdir $CGROUP/$SUBSYS
-        mountpoint -q $CGROUP/$SUBSYS || 
+        mountpoint -q $CGROUP/$SUBSYS ||
                mount -n -t cgroup -o $SUBSYS cgroup $CGROUP/$SUBSYS

        # The two following sections address a bug which manifests itself
@ -109,6 +109,12 @@ umount /dev/shm
 rmdir /dev/shm
 ln -s /run/shm /dev/shm

+##NOTE: this is setup here instead of Dockerfile because of a Docker glitch
+cp /root/authorized_keys /home/debian/.ssh/ && \
+rm /root/authorized_keys && \
+chmod -R go-rwx /home/debian/.ssh &&
+chown -R debian.debian /home/debian/.ssh || exit $?
+
 ## test that debian user has access to its own .ssh (yes, Docker glitches crawling...)
 su -c 'cat /home/debian/.ssh/authorized_keys' -l -- debian || exit $?