From 6f4fa12ed4a57d3955113a76510a8a7c2bc06e28 Mon Sep 17 00:00:00 2001 From: nolim1t Date: Fri, 27 Nov 2020 11:43:13 +0700 Subject: [PATCH 1/8] Add 0.21 release candidate --- 0.21/Dockerfile | 237 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 237 insertions(+) create mode 100644 0.21/Dockerfile diff --git a/0.21/Dockerfile b/0.21/Dockerfile new file mode 100644 index 0000000..38239e0 --- /dev/null +++ b/0.21/Dockerfile @@ -0,0 +1,237 @@ +# This Dockerfile builds Bitcoin Core and packages it into a minimal `final` image + +# VERSION of Bitcoin Core to be build +# NOTE: Unlike our other images this one is NOT prefixed with `v`, +# as many things (like download URLs) use this form instead. +ARG VERSION=v0.21.0rc2 + + +# CPU architecture to build binaries for +ARG ARCH + +# Define default versions so that they don't have to be repeated throughout the file +ARG VER_ALPINE=3.12 + +# $USER name, and data $DIR to be used in the `final` image +ARG USER=bitcoind +ARG DIR=/data + +# Choose where to get bitcoind sources from, options: release, git +# NOTE: Only `SOURCE=git` can be used for RC releases +ARG SOURCE=git + +# Choose where to get BerkeleyDB from, options: prebuilt, compile +# NOTE: When compiled here total execution time exceeds allowed CI limits, so pre-built one is used by default +ARG BDB_SOURCE=prebuilt + + + +# +## `preparer-base` installs dependencies needed by both ways of fetching the source, +# as well as imports GPG keys needed to verify authenticity of the source. +# +FROM alpine:${VER_ALPINE} AS preparer-base + +# Make sure APKs are downloaded over SSL. See: https://github.com/gliderlabs/docker-alpine/issues/184 +RUN sed -i 's|http://dl-cdn.alpinelinux.org|https://alpine.global.ssl.fastly.net|g' /etc/apk/repositories + +RUN apk add --no-cache gnupg + +ENV KEYS 71A3B16735405025D447E8F274810B012346C9A6 01EA5486DE18A882D4C2684590C8019E36C2E964 +RUN timeout 16s gpg --keyserver keyserver.ubuntu.com --recv-keys $KEYS + +# Print imported keys, but also ensure there's no other keys in the system +RUN gpg --list-keys | tail -n +3 | tee /tmp/keys.txt && \ + gpg --list-keys $KEYS | diff - /tmp/keys.txt + + + +# +## Option #1: [default] Fetch bitcoind source from release tarballs +# +FROM preparer-base AS preparer-release + +ARG VERSION + +# Download checksums +ADD https://bitcoincore.org/bin/bitcoin-core-$VERSION/SHA256SUMS.asc ./ + +# Download source code (intentionally different website than checksums) +ADD https://bitcoin.org/bin/bitcoin-core-$VERSION/bitcoin-$VERSION.tar.gz ./ + +# Verify that hashes are signed with the previously imported key +RUN gpg --verify SHA256SUMS.asc + +# Verify that downloaded source-code archive matches exactly the hash that's provided +RUN grep " bitcoin-$VERSION.tar.gz\$" SHA256SUMS.asc | sha256sum -c - + +# Extract +RUN tar -xzf "bitcoin-$VERSION.tar.gz" && \ + rm -f "bitcoin-$VERSION.tar.gz" + + + +# +## Option #2: Fetch bitcoind source from GitHub +# +FROM preparer-base AS preparer-git + +ARG VERSION + +RUN apk add --no-cache git + +# Fetch the source code at a specific TAG +RUN git clone -b "v$VERSION" --depth=1 https://github.com/bitcoin/bitcoin.git "/bitcoin-$VERSION/" + +# Verify tag, and copy source code to predetermined location on success +RUN cd "/bitcoin-$VERSION/" && \ + git verify-tag "v$VERSION" + + + +# +## Alias to go around `COPY` not accepting ARGs in value passed to `--from=` +# +FROM preparer-${SOURCE} AS preparer + + + +# +## `berkeleydb-prebuilt` downloads a pre-built BerkeleyDB to make sure +# the overall build time of this Dockerfile fits within CI limits. +# +FROM lncm/berkeleydb:v4.8.30.NC${ARCH:+-${ARCH}} AS berkeleydb-prebuilt + +# +## `berkeleydb-compile` builds BerkeleyDB from source using script provided in bitcoind repo. +# +FROM alpine:${VER_ALPINE} AS berkeleydb-compile +# TODO: implement ^^ +RUN echo "Not implemented" && exit 1 + + +FROM berkeleydb-${BDB_SOURCE} AS berkeleydb + + + +# +## `builder` builds Bitcoin Core regardless on how the source, and BDB code were obtained. +# +# NOTE: this stage is emulated using QEMU +# NOTE: `${ARCH:+${ARCH}/}` - if ARCH is set, append `/` to it, leave it empty otherwise +FROM ${ARCH:+${ARCH}/}alpine:${VER_ALPINE} AS builder + +ARG VERSION +ARG SOURCE + +# Use APK repos over HTTPS. See: https://github.com/gliderlabs/docker-alpine/issues/184 +RUN sed -i 's|http://dl-cdn.alpinelinux.org|https://alpine.global.ssl.fastly.net|g' /etc/apk/repositories + +RUN apk add --no-cache \ + autoconf \ + automake \ + boost-dev \ + build-base \ + chrpath \ + file \ + libevent-dev \ + libressl \ + libtool \ + linux-headers \ + zeromq-dev + +# Fetch pre-built berkeleydb +COPY --from=berkeleydb /opt/ /opt/ + +# Change to the extracted directory +WORKDIR /bitcoin-$VERSION/ + +# Copy bitcoin source (downloaded & verified in previous stages) +COPY --from=preparer /bitcoin-$VERSION/ ./ + +ENV BITCOIN_PREFIX /opt/bitcoin-$VERSION + +RUN ./autogen.sh + +# TODO: Try to optimize on passed params +RUN ./configure LDFLAGS=-L/opt/db4/lib/ CPPFLAGS=-I/opt/db4/include/ \ + --prefix="$BITCOIN_PREFIX" \ + --disable-man \ + --disable-shared \ + --disable-ccache \ + --enable-static \ + --enable-reduce-exports \ + --without-gui \ + --without-libs \ + --with-utils \ + --with-daemon + +RUN make -j$(( $(nproc) + 1 )) check +RUN make install + +# List installed binaries pre-strip & strip them +RUN ls -lh "$BITCOIN_PREFIX/bin/" +RUN strip -v "$BITCOIN_PREFIX/bin/bitcoin"* + +# List installed binaries post-strip & print their checksums +RUN ls -lh "$BITCOIN_PREFIX/bin/" +RUN sha256sum "$BITCOIN_PREFIX/bin/bitcoin"* + + + +# +## `final` aggregates build results from previous stages into a necessary minimum +# ready to be used, and published to Docker Hub. +# +# NOTE: this stage is emulated using QEMU +# NOTE: `${ARCH:+${ARCH}/}` - if ARCH is set, append `/` to it, leave it empty otherwise +FROM ${ARCH:+${ARCH}/}alpine:${VER_ALPINE} AS final + +ARG VERSION +ARG USER +ARG DIR + +LABEL maintainer="Damian Mee (@meeDamian)" + +# Use APK repos over HTTPS. See: https://github.com/gliderlabs/docker-alpine/issues/184 +RUN sed -i 's|http://dl-cdn.alpinelinux.org|https://alpine.global.ssl.fastly.net|g' /etc/apk/repositories + +RUN apk add --no-cache \ + boost-filesystem \ + boost-thread \ + libevent \ + libsodium \ + libstdc++ \ + libzmq + +COPY --from=builder /opt/bitcoin-$VERSION/bin/bitcoin* /usr/local/bin/ + +# NOTE: Default GID == UID == 1000 +RUN adduser --disabled-password \ + --home "$DIR/" \ + --gecos "" \ + "$USER" + +USER $USER + +# Prevents `VOLUME $DIR/.bitcoind/` being created as owned by `root` +RUN mkdir -p "$DIR/.bitcoin/" + +# Expose volume containing all `bitcoind` data +VOLUME $DIR/.bitcoin/ + +# REST interface +EXPOSE 8080 + +# P2P network (mainnet, testnet & regnet respectively) +EXPOSE 8333 18333 18444 + +# RPC interface (mainnet, testnet & regnet respectively) +EXPOSE 8332 18332 18443 + +# ZMQ ports (for transactions & blocks respectively) +EXPOSE 28332 28333 + +ENTRYPOINT ["bitcoind"] + +CMD ["-zmqpubrawblock=tcp://0.0.0.0:28332", "-zmqpubrawtx=tcp://0.0.0.0:28333"] From 22c270a6b55e03f81808dd0650efc9a03a33ca63 Mon Sep 17 00:00:00 2001 From: nolim1t Date: Fri, 27 Nov 2020 13:36:54 +0700 Subject: [PATCH 2/8] Fix version --- 0.21/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/0.21/Dockerfile b/0.21/Dockerfile index 38239e0..055edb5 100644 --- a/0.21/Dockerfile +++ b/0.21/Dockerfile @@ -3,7 +3,7 @@ # VERSION of Bitcoin Core to be build # NOTE: Unlike our other images this one is NOT prefixed with `v`, # as many things (like download URLs) use this form instead. -ARG VERSION=v0.21.0rc2 +ARG VERSION=0.21.0rc2 # CPU architecture to build binaries for From 9b4710909b7cb389391e4d8172ca1ac8d64ddad9 Mon Sep 17 00:00:00 2001 From: nolim1t Date: Fri, 27 Nov 2020 18:09:14 +0700 Subject: [PATCH 3/8] Remove tests temporarily so can see if this compiles on arm --- 0.21/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/0.21/Dockerfile b/0.21/Dockerfile index 055edb5..f6fa45b 100644 --- a/0.21/Dockerfile +++ b/0.21/Dockerfile @@ -159,6 +159,7 @@ RUN ./configure LDFLAGS=-L/opt/db4/lib/ CPPFLAGS=-I/opt/db4/include/ \ --disable-man \ --disable-shared \ --disable-ccache \ + --disable-tests \ --enable-static \ --enable-reduce-exports \ --without-gui \ From 25396be791e9d0412a67e6f343141798d90cf736 Mon Sep 17 00:00:00 2001 From: nolim1t Date: Sat, 28 Nov 2020 13:54:07 +0700 Subject: [PATCH 4/8] Add docker hub login info --- .github/workflows/single-test.yml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/.github/workflows/single-test.yml b/.github/workflows/single-test.yml index 9805093..251e86a 100644 --- a/.github/workflows/single-test.yml +++ b/.github/workflows/single-test.yml @@ -1,7 +1,7 @@ name: Test build bitcoind on push to vX.Z-test branch env: - APP: bitcoind + APP: nolim1t/bitcoind ACTIONS_ALLOW_UNSECURE_COMMANDS: true on: @@ -41,6 +41,16 @@ jobs: --build-arg "ARCH=${{ matrix.arch }}" --build-arg "SOURCE=git" --tag "$APP" + + - name: Push ${{ env.APP }} to docker hub + run: > + if [[ ! -z ${{ secrets.DOCKER_HUB_USER }} ]] && [[ ! -z ${{ secrets.DOCKER_USER }} ]] && [[ ! -z ${{ secrets.DOCKER_PASS }} ]]; then + echo "Pushing to docker hub if credentials exist" + echo ${{ secrets.DOCKER_PASS }} | docker login -u=${{ secrets.DOCKER_USER }} --password-stdin + docker push ${{ env.APP }} + else + echo "Not pushing to docker up as credentials don't exist" + fi - name: Show built image details run: docker images "$APP" From 1c587aa285008c7348d85986ea53a7e7ecb637d2 Mon Sep 17 00:00:00 2001 From: nolim1t Date: Sat, 28 Nov 2020 17:10:06 +0700 Subject: [PATCH 5/8] Fix up tagging --- .github/workflows/single-test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/single-test.yml b/.github/workflows/single-test.yml index 251e86a..556e79f 100644 --- a/.github/workflows/single-test.yml +++ b/.github/workflows/single-test.yml @@ -40,14 +40,14 @@ jobs: docker build "$MINOR/" --build-arg "ARCH=${{ matrix.arch }}" --build-arg "SOURCE=git" - --tag "$APP" + --tag "${APP}:${MINOR}-${{ matrix.arch }}" - name: Push ${{ env.APP }} to docker hub run: > if [[ ! -z ${{ secrets.DOCKER_HUB_USER }} ]] && [[ ! -z ${{ secrets.DOCKER_USER }} ]] && [[ ! -z ${{ secrets.DOCKER_PASS }} ]]; then echo "Pushing to docker hub if credentials exist" echo ${{ secrets.DOCKER_PASS }} | docker login -u=${{ secrets.DOCKER_USER }} --password-stdin - docker push ${{ env.APP }} + docker push "${{ env.APP }}:${MINOR}-${{ matrix.arch }}" else echo "Not pushing to docker up as credentials don't exist" fi From a8b24dd99d99e1c44d998006fd0976b713659942 Mon Sep 17 00:00:00 2001 From: nolim1t Date: Sun, 29 Nov 2020 13:38:14 +0700 Subject: [PATCH 6/8] Fix up sanity tests --- .github/workflows/single-test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/single-test.yml b/.github/workflows/single-test.yml index 556e79f..75a411d 100644 --- a/.github/workflows/single-test.yml +++ b/.github/workflows/single-test.yml @@ -64,10 +64,10 @@ jobs: ARGS=${*:-"--version"} printf "\n$ %s %s\n" "$ENTRYPOINT" "$ARGS" - docker run --rm --entrypoint "$ENTRYPOINT" "$APP" $ARGS + docker run --rm --entrypoint "$ENTRYPOINT" "${APP}:${MINOR}-${{ matrix.arch }}" $ARGS } - docker inspect "$APP" | jq '.' + docker inspect "${APP}:${MINOR}-${{ matrix.arch }}" | jq '.' printf "\n" run bitcoind | head -n 1 From 569a020f474a14da2d48d23c105d7022dd1a18d9 Mon Sep 17 00:00:00 2001 From: nolim1t Date: Fri, 15 Jan 2021 09:30:14 +0700 Subject: [PATCH 7/8] Switch everything back to be more consistent now that the release is out --- 0.21/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/0.21/Dockerfile b/0.21/Dockerfile index f6fa45b..2a626b7 100644 --- a/0.21/Dockerfile +++ b/0.21/Dockerfile @@ -3,7 +3,7 @@ # VERSION of Bitcoin Core to be build # NOTE: Unlike our other images this one is NOT prefixed with `v`, # as many things (like download URLs) use this form instead. -ARG VERSION=0.21.0rc2 +ARG VERSION=0.21.0 # CPU architecture to build binaries for @@ -18,7 +18,7 @@ ARG DIR=/data # Choose where to get bitcoind sources from, options: release, git # NOTE: Only `SOURCE=git` can be used for RC releases -ARG SOURCE=git +ARG SOURCE=release # Choose where to get BerkeleyDB from, options: prebuilt, compile # NOTE: When compiled here total execution time exceeds allowed CI limits, so pre-built one is used by default From 803ac34d8a75bc2a13cb179982183172f5b71d85 Mon Sep 17 00:00:00 2001 From: nolim1t Date: Fri, 15 Jan 2021 12:49:33 +0700 Subject: [PATCH 8/8] Update README with v0.21.0 --- README.md | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 4671ff1..8ad5256 100644 --- a/README.md +++ b/README.md @@ -64,6 +64,7 @@ This repo builds [`bitcoind`] in an auditable way, and packages it into a minima > **NOTE:** For an always up-to-date list see: https://hub.docker.com/r/lncm/bitcoind/tags +* `v0.21.0` * `v0.20.0` * `v0.19.1` * `v0.19.0.1` @@ -80,7 +81,7 @@ This repo builds [`bitcoind`] in an auditable way, and packages it into a minima First pull the image from [Docker Hub]: ```bash -docker pull lncm/bitcoind:v0.20.0 +docker pull lncm/bitcoind:v0.21.0 ``` > **NOTE:** Running above will automatically choose native architecture of your CPU. @@ -90,11 +91,17 @@ docker pull lncm/bitcoind:v0.20.0 Or, to pull a specific CPU architecture: ```bash -docker pull lncm/bitcoind:v0.20.0-arm64v8 +docker pull lncm/bitcoind:v0.21.0-arm64v8 ``` #### Start +First of all, create a directory in your home directory called `.bitcoin` + +Next, create a config file. You can take a look at the following samples: thebox-compose-system ([1](https://github.com/lncm/thebox-compose-system/blob/master/bitcoin/bitcoin.conf)) / bitcoin main repo [(2)](https://github.com/bitcoin/bitcoin/blob/master/share/examples/bitcoin.conf) + +Some guides on how to configure bitcoin can be found [here](https://github.com/bitcoin/bitcoin/blob/master/doc/bitcoin-conf.md) (bitcoin git repo) + Then to start bitcoind, run: ```bash @@ -105,7 +112,7 @@ docker run -it --rm --detach \ -p 28332:28332 \ -p 28333:28333 \ --name bitcoind \ - lncm/bitcoind:v0.20.0 + lncm/bitcoind:v0.21.0 ``` That will run bitcoind such that: