diff --git a/docker/gitian-bitcoin-host/README.md b/docker/gitian-bitcoin-host/README.md index a6cfbb5..2706b31 100644 --- a/docker/gitian-bitcoin-host/README.md +++ b/docker/gitian-bitcoin-host/README.md @@ -2,13 +2,12 @@ Building bitcoin with a gitian-builder Docker container ======================================================= This image allows automated gitian builds of bitcoin using a docker container. -Before proceeding make sure you have created the necessary *wheezy* and *gitian-host* images, see [these instructions](../gitian-host/README.md). +Before proceeding make sure you have created the necessary *wheezy* and *gitian-host* images, see [these instructions](../gitian-host/README.md) for the creation of both. -Afterwards you can create the image by running [create-gitian-bitcoin-host.sh). -](../scripts/create-gitian-bitcoin-host.sh). +Afterwards you can create the *gitian-bitcoin-host* image by running [scripts/create-gitian-bitcoin-host.sh](../scripts/create-gitian-bitcoin-host.sh). NOTE: this image currently supports only building of bitcoin 0.9.1, but it can be easily adapted to build other versions. -You can submit the source lists for other versions as a patch or pull request. +You can submit the source lists for other versions as a patch or pull request, see directory [input-sources/](input-sources/) for currently available versions. Preamble -------- @@ -24,21 +23,40 @@ See also: - https://www.docker.io/ - http://www.ubuntu.com/ +Spawning a container +-------------------- + +You can spawn a new container for Gitian bitcoin builds with: + +- [scripts/spawn-gitian-bitcoin-host.sh](scripts/spawn-gitian-bitcoin-host.sh) + +This script will create the running docker container and provide details about how to connect via SSH to the container, example: +``` +$ scripts/spawn-gitian-bitcoin-host.sh +You can now SSH into container 3bc0d0611374ca4d4730fd5fb1067808b1bcfd072ec7cf029393a7fd99ec856e: +ssh -o SendEnv= -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no debian@172.17.0.3 +$ +``` + +Use this specific SSH command line to get a shell in the container and proceed to next steps. + +**NOTE:** the SendEnv= is there to overcome an [issue](https://github.com/devrandom/gitian-builder/issues/56) in gitian-builder that allows pollution of the LXC environment. + Preparing the gitian environment -------------------------------- -If you have already prepared the base VMs ([/build-base-vms.sh](../gitian-host/build-base-vms.sh)) inside the gitian host container, all what you need to do is: +First prepare the base VMs inside the gitian host container by running: -```sh -ssh -o SendEnv= debian@your-gitian-host ./build-bitcoin.sh 0.9.1 -``` +- [./build-base-vms.sh](../gitian-host/build-base-vms.sh) + +This operation will take a while; afterwards you can proceed to building bitcoin with: + +- [./build-bitcoin.sh](build-bitcoin.sh) 0.9.1 Notice the parameter 0.9.1, that is the version we are going to build. [build-bitcoin.sh](build-bitcoin.sh) is a script that will download & build all the dependencies and then bitcoin itself, for both i386 and amd64 Linux architectures. -**NOTE:** the SendEnv= is there to overcome an [issue](https://github.com/devrandom/gitian-builder/issues/56) in gitian-builder that allows pollution of the LXC environment. - Signing ------- diff --git a/docker/gitian-host/Dockerfile b/docker/gitian-host/Dockerfile index 9660d79..8d140b0 100644 --- a/docker/gitian-host/Dockerfile +++ b/docker/gitian-host/Dockerfile @@ -37,14 +37,14 @@ EXPOSE 22 RUN echo "%sudo ALL=NOPASSWD: /usr/bin/lxc-start" > /etc/sudoers.d/gitian-lxc RUN echo 'debian ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/debian-sudo -##NOTE: all the chown/chmod hacks are workarounds to docker's glitches -RUN useradd -m -s /bin/bash debian && adduser debian sudo && mkdir /home/debian/.ssh && chown debian.debian /home/debian/.ssh - -WORKDIR /home/debian +RUN useradd -m -s /bin/bash debian && adduser debian sudo && mkdir /home/debian/.ssh ## provide authorized keys to allow connections inside host -ADD authorized_keys /home/debian/.ssh/authorized_keys -RUN chown -R debian.debian .ssh && chmod -R go-rwx /home/debian/.ssh +## NOTE: this is placed in debian user directory by setup.sh script +## reason is that there is a Docker glitch with file permissions when adding this +ADD authorized_keys /root/ + +WORKDIR /home/debian ## download in clear HTTP & check md5 right afterwards RUN wget http://archive.ubuntu.com/ubuntu/pool/universe/v/vm-builder/vm-builder_0.12.4+bzr489.orig.tar.gz && echo "ec12e0070a007989561bfee5862c89a32c301992dd2771c4d5078ef1b3014f03 vm-builder_0.12.4+bzr489.orig.tar.gz" | sha256sum -c diff --git a/docker/gitian-host/setup.sh b/docker/gitian-host/setup.sh index 7518750..0464ec7 100755 --- a/docker/gitian-host/setup.sh +++ b/docker/gitian-host/setup.sh @@ -42,7 +42,7 @@ fi for SUBSYS in $(cut -d: -f2 /proc/1/cgroup) do [ -d $CGROUP/$SUBSYS ] || mkdir $CGROUP/$SUBSYS - mountpoint -q $CGROUP/$SUBSYS || + mountpoint -q $CGROUP/$SUBSYS || mount -n -t cgroup -o $SUBSYS cgroup $CGROUP/$SUBSYS # The two following sections address a bug which manifests itself @@ -109,6 +109,12 @@ umount /dev/shm rmdir /dev/shm ln -s /run/shm /dev/shm +##NOTE: this is setup here instead of Dockerfile because of a Docker glitch +cp /root/authorized_keys /home/debian/.ssh/ && \ +rm /root/authorized_keys && \ +chmod -R go-rwx /home/debian/.ssh && +chown -R debian.debian /home/debian/.ssh || exit $? + ## test that debian user has access to its own .ssh (yes, Docker glitches crawling...) su -c 'cat /home/debian/.ssh/authorized_keys' -l -- debian || exit $?