From ab073827cf46e568527f3fe309495c3d6336ffb0 Mon Sep 17 00:00:00 2001 From: Sander van Grieken Date: Sun, 19 Mar 2023 14:29:29 +0100 Subject: [PATCH 1/3] build: use uid of user building the build containers --- contrib/android/Dockerfile | 4 +++- contrib/android/build.sh | 2 ++ contrib/build-linux/appimage/Dockerfile | 4 +++- contrib/build-linux/appimage/build.sh | 2 ++ contrib/build-linux/sdist/Dockerfile | 4 +++- contrib/build-linux/sdist/build.sh | 2 ++ contrib/build-wine/Dockerfile | 4 +++- contrib/build-wine/build.sh | 2 ++ 8 files changed, 20 insertions(+), 4 deletions(-) diff --git a/contrib/android/Dockerfile b/contrib/android/Dockerfile index 19ad50903..9188dba08 100644 --- a/contrib/android/Dockerfile +++ b/contrib/android/Dockerfile @@ -2,6 +2,8 @@ FROM debian:bullseye@sha256:43ef0c6c3585d5b406caa7a0f232ff5a19c1402aeb415f68bcd1cf9d10180af8 +ARG UID=1000 + ENV DEBIAN_FRONTEND=noninteractive ENV ANDROID_HOME="/opt/android" @@ -145,7 +147,7 @@ ENV USER="user" ENV HOME_DIR="/home/${USER}" ENV WORK_DIR="${HOME_DIR}/wspace" \ PATH="${HOME_DIR}/.local/bin:${PATH}" -RUN useradd --create-home --shell /bin/bash ${USER} +RUN useradd --uid $UID --create-home --shell /bin/bash ${USER} RUN usermod -append --groups sudo ${USER} RUN echo "%sudo ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers WORKDIR ${WORK_DIR} diff --git a/contrib/android/build.sh b/contrib/android/build.sh index eed613c20..a57abb81f 100755 --- a/contrib/android/build.sh +++ b/contrib/android/build.sh @@ -11,6 +11,7 @@ PROJECT_ROOT_OR_FRESHCLONE_ROOT="$PROJECT_ROOT" CONTRIB="$PROJECT_ROOT/contrib" CONTRIB_ANDROID="$CONTRIB/android" DISTDIR="$PROJECT_ROOT/dist" +BUILD_UID=$(/usr/bin/stat -c %u "$PROJECT_ROOT") . "$CONTRIB"/build_tools_util.sh @@ -39,6 +40,7 @@ fi info "building docker image." docker build \ $DOCKER_BUILD_FLAGS \ + --build-arg UID=$BUILD_UID \ -t electrum-android-builder-img \ --file "$CONTRIB_ANDROID/Dockerfile" \ "$PROJECT_ROOT" diff --git a/contrib/build-linux/appimage/Dockerfile b/contrib/build-linux/appimage/Dockerfile index e92b6eb0d..f86285204 100644 --- a/contrib/build-linux/appimage/Dockerfile +++ b/contrib/build-linux/appimage/Dockerfile @@ -4,6 +4,8 @@ FROM debian:buster@sha256:233c3bbc892229c82da7231980d50adceba4db56a08c0b7053a4852782703459 +ARG UID=1000 + ENV LC_ALL=C.UTF-8 LANG=C.UTF-8 ENV DEBIAN_FRONTEND=noninteractive @@ -75,7 +77,7 @@ ENV USER="user" ENV HOME_DIR="/home/${USER}" ENV WORK_DIR="${HOME_DIR}/wspace" \ PATH="${HOME_DIR}/.local/bin:${PATH}" -RUN useradd --create-home --shell /bin/bash ${USER} +RUN useradd --uid $UID --create-home --shell /bin/bash ${USER} RUN usermod -append --groups sudo ${USER} RUN echo "%sudo ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers WORKDIR ${WORK_DIR} diff --git a/contrib/build-linux/appimage/build.sh b/contrib/build-linux/appimage/build.sh index 6f48142a2..45a914823 100755 --- a/contrib/build-linux/appimage/build.sh +++ b/contrib/build-linux/appimage/build.sh @@ -11,6 +11,7 @@ PROJECT_ROOT_OR_FRESHCLONE_ROOT="$PROJECT_ROOT" CONTRIB="$PROJECT_ROOT/contrib" CONTRIB_APPIMAGE="$CONTRIB/build-linux/appimage" DISTDIR="$PROJECT_ROOT/dist" +BUILD_UID=$(/usr/bin/stat -c %u "$PROJECT_ROOT") . "$CONTRIB"/build_tools_util.sh @@ -24,6 +25,7 @@ fi info "building docker image." docker build \ $DOCKER_BUILD_FLAGS \ + --build-arg UID=$BUILD_UID \ -t electrum-appimage-builder-img \ "$CONTRIB_APPIMAGE" diff --git a/contrib/build-linux/sdist/Dockerfile b/contrib/build-linux/sdist/Dockerfile index 2caf62cf7..3fe81e0b9 100644 --- a/contrib/build-linux/sdist/Dockerfile +++ b/contrib/build-linux/sdist/Dockerfile @@ -1,5 +1,7 @@ FROM debian:bullseye@sha256:43ef0c6c3585d5b406caa7a0f232ff5a19c1402aeb415f68bcd1cf9d10180af8 +ARG UID=1000 + ENV LC_ALL=C.UTF-8 LANG=C.UTF-8 ENV DEBIAN_FRONTEND=noninteractive @@ -22,7 +24,7 @@ ENV USER="user" ENV HOME_DIR="/home/${USER}" ENV WORK_DIR="${HOME_DIR}/wspace" \ PATH="${HOME_DIR}/.local/bin:${PATH}" -RUN useradd --create-home --shell /bin/bash ${USER} +RUN useradd --uid $UID --create-home --shell /bin/bash ${USER} RUN usermod -append --groups sudo ${USER} RUN echo "%sudo ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers WORKDIR ${WORK_DIR} diff --git a/contrib/build-linux/sdist/build.sh b/contrib/build-linux/sdist/build.sh index 361dadcd6..fe97ba0a7 100755 --- a/contrib/build-linux/sdist/build.sh +++ b/contrib/build-linux/sdist/build.sh @@ -11,6 +11,7 @@ PROJECT_ROOT_OR_FRESHCLONE_ROOT="$PROJECT_ROOT" CONTRIB="$PROJECT_ROOT/contrib" CONTRIB_SDIST="$CONTRIB/build-linux/sdist" DISTDIR="$PROJECT_ROOT/dist" +BUILD_UID=$(/usr/bin/stat -c %u "$PROJECT_ROOT") . "$CONTRIB"/build_tools_util.sh @@ -24,6 +25,7 @@ fi info "building docker image." docker build \ $DOCKER_BUILD_FLAGS \ + --build-arg UID=$BUILD_UID \ -t electrum-sdist-builder-img \ "$CONTRIB_SDIST" diff --git a/contrib/build-wine/Dockerfile b/contrib/build-wine/Dockerfile index 9b4dfbbdb..5703e81e6 100644 --- a/contrib/build-wine/Dockerfile +++ b/contrib/build-wine/Dockerfile @@ -1,5 +1,7 @@ FROM debian:bullseye@sha256:43ef0c6c3585d5b406caa7a0f232ff5a19c1402aeb415f68bcd1cf9d10180af8 +ARG UID=1000 + # need ca-certificates before using snapshot packages RUN apt update -qq > /dev/null && apt install -qq --yes --no-install-recommends \ ca-certificates @@ -63,7 +65,7 @@ ENV USER="user" ENV HOME_DIR="/home/${USER}" ENV WORK_DIR="${HOME_DIR}/wspace" \ PATH="${HOME_DIR}/.local/bin:${PATH}" -RUN useradd --create-home --shell /bin/bash ${USER} +RUN useradd --uid $UID --create-home --shell /bin/bash ${USER} RUN usermod -append --groups sudo ${USER} RUN echo "%sudo ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers WORKDIR ${WORK_DIR} diff --git a/contrib/build-wine/build.sh b/contrib/build-wine/build.sh index e73dec054..09ff475d1 100755 --- a/contrib/build-wine/build.sh +++ b/contrib/build-wine/build.sh @@ -10,6 +10,7 @@ PROJECT_ROOT="$(dirname "$(readlink -e "$0")")/../.." PROJECT_ROOT_OR_FRESHCLONE_ROOT="$PROJECT_ROOT" CONTRIB="$PROJECT_ROOT/contrib" CONTRIB_WINE="$CONTRIB/build-wine" +BUILD_UID=$(/usr/bin/stat -c %u "$PROJECT_ROOT") . "$CONTRIB"/build_tools_util.sh @@ -26,6 +27,7 @@ fi info "building docker image." docker build \ $DOCKER_BUILD_FLAGS \ + --build-arg UID=$BUILD_UID \ -t electrum-wine-builder-img \ "$CONTRIB_WINE" From 6e472efd5f58d988c8db1366550d7b0b3a7b339a Mon Sep 17 00:00:00 2001 From: SomberNight Date: Mon, 20 Mar 2023 01:47:41 +0000 Subject: [PATCH 2/3] build: follow-up prev: only use host userid for local dev builds reproducibility probably needs a hardcoded userid Also, move the UID arg later in the dockerfiles, for better caching. (if local dev build and repro build set different UIDs, the build caches will diverge at that step) --- contrib/android/Dockerfile | 3 +-- contrib/android/build.sh | 5 ++++- contrib/build-linux/appimage/Dockerfile | 3 +-- contrib/build-linux/appimage/build.sh | 5 ++++- contrib/build-linux/sdist/Dockerfile | 3 +-- contrib/build-linux/sdist/build.sh | 5 ++++- contrib/build-wine/Dockerfile | 3 +-- contrib/build-wine/build.sh | 5 ++++- 8 files changed, 20 insertions(+), 12 deletions(-) diff --git a/contrib/android/Dockerfile b/contrib/android/Dockerfile index 9188dba08..a408cc5e2 100644 --- a/contrib/android/Dockerfile +++ b/contrib/android/Dockerfile @@ -2,8 +2,6 @@ FROM debian:bullseye@sha256:43ef0c6c3585d5b406caa7a0f232ff5a19c1402aeb415f68bcd1cf9d10180af8 -ARG UID=1000 - ENV DEBIAN_FRONTEND=noninteractive ENV ANDROID_HOME="/opt/android" @@ -143,6 +141,7 @@ RUN apt -y update -qq \ # create new user to avoid using root; but with sudo access and no password for convenience. +ARG UID=1000 ENV USER="user" ENV HOME_DIR="/home/${USER}" ENV WORK_DIR="${HOME_DIR}/wspace" \ diff --git a/contrib/android/build.sh b/contrib/android/build.sh index a57abb81f..7e4120314 100755 --- a/contrib/android/build.sh +++ b/contrib/android/build.sh @@ -37,10 +37,13 @@ if [ ! -z "$ELECBUILD_NOCACHE" ] ; then DOCKER_BUILD_FLAGS="--pull --no-cache" fi +if [ -z "$ELECBUILD_COMMIT" ] ; then # local dev build + DOCKER_BUILD_FLAGS="$DOCKER_BUILD_FLAGS --build-arg UID=$BUILD_UID" +fi + info "building docker image." docker build \ $DOCKER_BUILD_FLAGS \ - --build-arg UID=$BUILD_UID \ -t electrum-android-builder-img \ --file "$CONTRIB_ANDROID/Dockerfile" \ "$PROJECT_ROOT" diff --git a/contrib/build-linux/appimage/Dockerfile b/contrib/build-linux/appimage/Dockerfile index f86285204..c93f73513 100644 --- a/contrib/build-linux/appimage/Dockerfile +++ b/contrib/build-linux/appimage/Dockerfile @@ -4,8 +4,6 @@ FROM debian:buster@sha256:233c3bbc892229c82da7231980d50adceba4db56a08c0b7053a4852782703459 -ARG UID=1000 - ENV LC_ALL=C.UTF-8 LANG=C.UTF-8 ENV DEBIAN_FRONTEND=noninteractive @@ -73,6 +71,7 @@ RUN apt-get update -q && \ apt-get clean # create new user to avoid using root; but with sudo access and no password for convenience. +ARG UID=1000 ENV USER="user" ENV HOME_DIR="/home/${USER}" ENV WORK_DIR="${HOME_DIR}/wspace" \ diff --git a/contrib/build-linux/appimage/build.sh b/contrib/build-linux/appimage/build.sh index 45a914823..be2184d77 100755 --- a/contrib/build-linux/appimage/build.sh +++ b/contrib/build-linux/appimage/build.sh @@ -22,10 +22,13 @@ if [ ! -z "$ELECBUILD_NOCACHE" ] ; then DOCKER_BUILD_FLAGS="--pull --no-cache" fi +if [ -z "$ELECBUILD_COMMIT" ] ; then # local dev build + DOCKER_BUILD_FLAGS="$DOCKER_BUILD_FLAGS --build-arg UID=$BUILD_UID" +fi + info "building docker image." docker build \ $DOCKER_BUILD_FLAGS \ - --build-arg UID=$BUILD_UID \ -t electrum-appimage-builder-img \ "$CONTRIB_APPIMAGE" diff --git a/contrib/build-linux/sdist/Dockerfile b/contrib/build-linux/sdist/Dockerfile index 3fe81e0b9..1a7a468a9 100644 --- a/contrib/build-linux/sdist/Dockerfile +++ b/contrib/build-linux/sdist/Dockerfile @@ -1,7 +1,5 @@ FROM debian:bullseye@sha256:43ef0c6c3585d5b406caa7a0f232ff5a19c1402aeb415f68bcd1cf9d10180af8 -ARG UID=1000 - ENV LC_ALL=C.UTF-8 LANG=C.UTF-8 ENV DEBIAN_FRONTEND=noninteractive @@ -20,6 +18,7 @@ RUN apt-get update -q && \ apt-get clean # create new user to avoid using root; but with sudo access and no password for convenience. +ARG UID=1000 ENV USER="user" ENV HOME_DIR="/home/${USER}" ENV WORK_DIR="${HOME_DIR}/wspace" \ diff --git a/contrib/build-linux/sdist/build.sh b/contrib/build-linux/sdist/build.sh index fe97ba0a7..af895b01b 100755 --- a/contrib/build-linux/sdist/build.sh +++ b/contrib/build-linux/sdist/build.sh @@ -22,10 +22,13 @@ if [ ! -z "$ELECBUILD_NOCACHE" ] ; then DOCKER_BUILD_FLAGS="--pull --no-cache" fi +if [ -z "$ELECBUILD_COMMIT" ] ; then # local dev build + DOCKER_BUILD_FLAGS="$DOCKER_BUILD_FLAGS --build-arg UID=$BUILD_UID" +fi + info "building docker image." docker build \ $DOCKER_BUILD_FLAGS \ - --build-arg UID=$BUILD_UID \ -t electrum-sdist-builder-img \ "$CONTRIB_SDIST" diff --git a/contrib/build-wine/Dockerfile b/contrib/build-wine/Dockerfile index 5703e81e6..8fb6acf5c 100644 --- a/contrib/build-wine/Dockerfile +++ b/contrib/build-wine/Dockerfile @@ -1,7 +1,5 @@ FROM debian:bullseye@sha256:43ef0c6c3585d5b406caa7a0f232ff5a19c1402aeb415f68bcd1cf9d10180af8 -ARG UID=1000 - # need ca-certificates before using snapshot packages RUN apt update -qq > /dev/null && apt install -qq --yes --no-install-recommends \ ca-certificates @@ -61,6 +59,7 @@ RUN wget -nc https://dl.winehq.org/wine-builds/Release.key && \ apt-get clean # create new user to avoid using root; but with sudo access and no password for convenience. +ARG UID=1000 ENV USER="user" ENV HOME_DIR="/home/${USER}" ENV WORK_DIR="${HOME_DIR}/wspace" \ diff --git a/contrib/build-wine/build.sh b/contrib/build-wine/build.sh index 09ff475d1..06b503e46 100755 --- a/contrib/build-wine/build.sh +++ b/contrib/build-wine/build.sh @@ -24,10 +24,13 @@ if [ ! -z "$ELECBUILD_NOCACHE" ] ; then DOCKER_BUILD_FLAGS="--pull --no-cache" fi +if [ -z "$ELECBUILD_COMMIT" ] ; then # local dev build + DOCKER_BUILD_FLAGS="$DOCKER_BUILD_FLAGS --build-arg UID=$BUILD_UID" +fi + info "building docker image." docker build \ $DOCKER_BUILD_FLAGS \ - --build-arg UID=$BUILD_UID \ -t electrum-wine-builder-img \ "$CONTRIB_WINE" From c9b6a6c01e20f66c9d00d517d42947e991b50950 Mon Sep 17 00:00:00 2001 From: SomberNight Date: Mon, 20 Mar 2023 02:02:14 +0000 Subject: [PATCH 3/3] build: fix repro builds where host userid != 1000 - repro builds to use fixed uid=1000 inside the container - in case the file permissions leak into the binaries, they are still reproducible - chown 1000:1000 fresh_clone - repro builds to create fresh_clone dir outside git clone - otherwise the local dev build would still interact with the fresh_clone dir - due to e.g. recursive "find -exec touch", - and even the "docker build" cmd itself would try to stat/read it - see https://github.com/docker/for-linux/issues/380 - and "rm -rf fresh_clone" needs sudo if the host uid is not 1000 - this way the local dev build does not need sudo to recap: - local dev builds use the host userid inside the container, directly operate on the project dir - does not need sudo - repro builds create a fresh git clone, chown it to 1000, and use userid=1000 inside the container - if the host userid is 1000, does not need sudo - otherwise, needs sudo closes https://github.com/spesmilo/electrum/issues/8261 --- .gitignore | 4 ---- contrib/android/build.sh | 17 ++++++++++++----- contrib/build-linux/appimage/.dockerignore | 1 - contrib/build-linux/appimage/build.sh | 17 ++++++++++++----- contrib/build-linux/sdist/.dockerignore | 1 - contrib/build-linux/sdist/build.sh | 17 ++++++++++++----- contrib/build-wine/.dockerignore | 1 - contrib/build-wine/build.sh | 17 ++++++++++++----- 8 files changed, 48 insertions(+), 27 deletions(-) diff --git a/.gitignore b/.gitignore index 739ef9783..8ac25d80a 100644 --- a/.gitignore +++ b/.gitignore @@ -34,14 +34,10 @@ contrib/build-wine/build/ contrib/build-wine/.cache/ contrib/build-wine/dist/ contrib/build-wine/signed/ -contrib/build-wine/fresh_clone/ -contrib/build-linux/sdist/fresh_clone/ contrib/build-linux/appimage/build/ contrib/build-linux/appimage/.cache/ -contrib/build-linux/appimage/fresh_clone/ contrib/osx/.cache/ contrib/osx/build-venv/ -contrib/android/fresh_clone contrib/android/android_debug.keystore contrib/secp256k1/ contrib/zbar/ diff --git a/contrib/android/build.sh b/contrib/android/build.sh index 7e4120314..0c58faaf8 100755 --- a/contrib/android/build.sh +++ b/contrib/android/build.sh @@ -52,11 +52,11 @@ docker build \ # maybe do fresh clone if [ ! -z "$ELECBUILD_COMMIT" ] ; then info "ELECBUILD_COMMIT=$ELECBUILD_COMMIT. doing fresh clone and git checkout." - FRESH_CLONE="$CONTRIB_ANDROID/fresh_clone/electrum" && \ - rm -rf "$FRESH_CLONE" && \ - umask 0022 && \ - git clone "$PROJECT_ROOT" "$FRESH_CLONE" && \ - cd "$FRESH_CLONE" + FRESH_CLONE="/tmp/electrum_build/android/fresh_clone/electrum" + rm -rf "$FRESH_CLONE" 2>/dev/null || ( info "we need sudo to rm prev FRESH_CLONE." && sudo rm -rf "$FRESH_CLONE" ) + umask 0022 + git clone "$PROJECT_ROOT" "$FRESH_CLONE" + cd "$FRESH_CLONE" git checkout "$ELECBUILD_COMMIT" PROJECT_ROOT_OR_FRESHCLONE_ROOT="$FRESH_CLONE" else @@ -72,6 +72,13 @@ fi info "building binary..." mkdir --parents "$PROJECT_ROOT_OR_FRESHCLONE_ROOT"/.buildozer/.gradle +# check uid and maybe chown. see #8261 +if [ ! -z "$ELECBUILD_COMMIT" ] ; then # fresh clone (reproducible build) + if [ $(id -u) != "1000" ] || [ $(id -g) != "1000" ] ; then + info "need to chown -R FRESH_CLONE dir. prompting for sudo." + sudo chown -R 1000:1000 "$FRESH_CLONE" + fi +fi docker run -it --rm \ --name electrum-android-builder-cont \ -v "$PROJECT_ROOT_OR_FRESHCLONE_ROOT":/home/user/wspace/electrum \ diff --git a/contrib/build-linux/appimage/.dockerignore b/contrib/build-linux/appimage/.dockerignore index d75fb8304..a4fb4fb12 100644 --- a/contrib/build-linux/appimage/.dockerignore +++ b/contrib/build-linux/appimage/.dockerignore @@ -1,3 +1,2 @@ build/ .cache/ -fresh_clone/ diff --git a/contrib/build-linux/appimage/build.sh b/contrib/build-linux/appimage/build.sh index be2184d77..a6f5cabeb 100755 --- a/contrib/build-linux/appimage/build.sh +++ b/contrib/build-linux/appimage/build.sh @@ -35,11 +35,11 @@ docker build \ # maybe do fresh clone if [ ! -z "$ELECBUILD_COMMIT" ] ; then info "ELECBUILD_COMMIT=$ELECBUILD_COMMIT. doing fresh clone and git checkout." - FRESH_CLONE="$CONTRIB_APPIMAGE/fresh_clone/electrum" && \ - rm -rf "$FRESH_CLONE" && \ - umask 0022 && \ - git clone "$PROJECT_ROOT" "$FRESH_CLONE" && \ - cd "$FRESH_CLONE" + FRESH_CLONE="/tmp/electrum_build/appimage/fresh_clone/electrum" + rm -rf "$FRESH_CLONE" 2>/dev/null || ( info "we need sudo to rm prev FRESH_CLONE." && sudo rm -rf "$FRESH_CLONE" ) + umask 0022 + git clone "$PROJECT_ROOT" "$FRESH_CLONE" + cd "$FRESH_CLONE" git checkout "$ELECBUILD_COMMIT" PROJECT_ROOT_OR_FRESHCLONE_ROOT="$FRESH_CLONE" else @@ -47,6 +47,13 @@ else fi info "building binary..." +# check uid and maybe chown. see #8261 +if [ ! -z "$ELECBUILD_COMMIT" ] ; then # fresh clone (reproducible build) + if [ $(id -u) != "1000" ] || [ $(id -g) != "1000" ] ; then + info "need to chown -R FRESH_CLONE dir. prompting for sudo." + sudo chown -R 1000:1000 "$FRESH_CLONE" + fi +fi docker run -it \ --name electrum-appimage-builder-cont \ -v "$PROJECT_ROOT_OR_FRESHCLONE_ROOT":/opt/electrum \ diff --git a/contrib/build-linux/sdist/.dockerignore b/contrib/build-linux/sdist/.dockerignore index d364c6400..e69de29bb 100644 --- a/contrib/build-linux/sdist/.dockerignore +++ b/contrib/build-linux/sdist/.dockerignore @@ -1 +0,0 @@ -fresh_clone/ diff --git a/contrib/build-linux/sdist/build.sh b/contrib/build-linux/sdist/build.sh index af895b01b..11a746273 100755 --- a/contrib/build-linux/sdist/build.sh +++ b/contrib/build-linux/sdist/build.sh @@ -35,11 +35,11 @@ docker build \ # maybe do fresh clone if [ ! -z "$ELECBUILD_COMMIT" ] ; then info "ELECBUILD_COMMIT=$ELECBUILD_COMMIT. doing fresh clone and git checkout." - FRESH_CLONE="$CONTRIB_SDIST/fresh_clone/electrum" && \ - rm -rf "$FRESH_CLONE" && \ - umask 0022 && \ - git clone "$PROJECT_ROOT" "$FRESH_CLONE" && \ - cd "$FRESH_CLONE" + FRESH_CLONE="/tmp/electrum_build/sdist/fresh_clone/electrum" + rm -rf "$FRESH_CLONE" 2>/dev/null || ( info "we need sudo to rm prev FRESH_CLONE." && sudo rm -rf "$FRESH_CLONE" ) + umask 0022 + git clone "$PROJECT_ROOT" "$FRESH_CLONE" + cd "$FRESH_CLONE" git checkout "$ELECBUILD_COMMIT" PROJECT_ROOT_OR_FRESHCLONE_ROOT="$FRESH_CLONE" else @@ -47,6 +47,13 @@ else fi info "building binary..." +# check uid and maybe chown. see #8261 +if [ ! -z "$ELECBUILD_COMMIT" ] ; then # fresh clone (reproducible build) + if [ $(id -u) != "1000" ] || [ $(id -g) != "1000" ] ; then + info "need to chown -R FRESH_CLONE dir. prompting for sudo." + sudo chown -R 1000:1000 "$FRESH_CLONE" + fi +fi docker run -it \ --name electrum-sdist-builder-cont \ -v "$PROJECT_ROOT_OR_FRESHCLONE_ROOT":/opt/electrum \ diff --git a/contrib/build-wine/.dockerignore b/contrib/build-wine/.dockerignore index f1aa3647c..a3e70a019 100644 --- a/contrib/build-wine/.dockerignore +++ b/contrib/build-wine/.dockerignore @@ -3,4 +3,3 @@ build/ .cache/ dist/ signed/ -fresh_clone/ diff --git a/contrib/build-wine/build.sh b/contrib/build-wine/build.sh index 06b503e46..f3bc4e6a9 100755 --- a/contrib/build-wine/build.sh +++ b/contrib/build-wine/build.sh @@ -37,11 +37,11 @@ docker build \ # maybe do fresh clone if [ ! -z "$ELECBUILD_COMMIT" ] ; then info "ELECBUILD_COMMIT=$ELECBUILD_COMMIT. doing fresh clone and git checkout." - FRESH_CLONE="$CONTRIB_WINE/fresh_clone/electrum" && \ - rm -rf "$FRESH_CLONE" && \ - umask 0022 && \ - git clone "$PROJECT_ROOT" "$FRESH_CLONE" && \ - cd "$FRESH_CLONE" + FRESH_CLONE="/tmp/electrum_build/windows/fresh_clone/electrum" + rm -rf "$FRESH_CLONE" 2>/dev/null || ( info "we need sudo to rm prev FRESH_CLONE." && sudo rm -rf "$FRESH_CLONE" ) + umask 0022 + git clone "$PROJECT_ROOT" "$FRESH_CLONE" + cd "$FRESH_CLONE" git checkout "$ELECBUILD_COMMIT" PROJECT_ROOT_OR_FRESHCLONE_ROOT="$FRESH_CLONE" else @@ -49,6 +49,13 @@ else fi info "building binary..." +# check uid and maybe chown. see #8261 +if [ ! -z "$ELECBUILD_COMMIT" ] ; then # fresh clone (reproducible build) + if [ $(id -u) != "1000" ] || [ $(id -g) != "1000" ] ; then + info "need to chown -R FRESH_CLONE dir. prompting for sudo." + sudo chown -R 1000:1000 "$FRESH_CLONE" + fi +fi docker run -it \ --name electrum-wine-builder-cont \ -v "$PROJECT_ROOT_OR_FRESHCLONE_ROOT":/opt/wine64/drive_c/electrum \