Merge pull request #10235 from SomberNight/202509_ci_appimage

ci: fix appimage build

.cirrus.yml

@@ -344,8 +344,10 @@ task:
       only_if: $CIRRUS_CRON == ""
     - trigger_type: automatic
       only_if: $CIRRUS_CRON == "nightly"
-  container:
-    dockerfile: contrib/build-linux/appimage/Dockerfile
+  compute_engine_instance:
+    image_project: cirrus-images
+    image: family/docker-builder
+    platform: linux
     cpu: 2
     memory: 2G
   pip_cache:
@@ -361,11 +363,9 @@ task:
       - cat contrib/make_libsecp256k1.sh | sha256sum
       - git ls-files -s contrib/build-linux/appimage/
   build_script:
-    - ./contrib/build-linux/appimage/make_appimage.sh
+    - ./contrib/build-linux/appimage/build.sh
   binaries_artifacts:
     path: "dist/*"
-  env:
-    CIRRUS_DOCKER_CONTEXT: contrib/build-linux/appimage
   depends_on:
     - "unittests: py3.10"
 

contrib/android/Dockerfile

@@ -174,17 +174,16 @@ RUN apt -y update -qq \
 
 # create new user to avoid using root; but with sudo access and no password for convenience.
 ARG UID=1000
-ENV USER="user"
-ENV HOME_DIR="/home/${USER}"
+RUN if [ "$UID" != "0" ] ; then useradd --uid $UID --create-home --shell /bin/bash "user" ; fi
+RUN usermod -append --groups sudo $(id -nu $UID || echo "user")
+RUN echo "%sudo ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
+RUN HOME_DIR=$(getent passwd $UID | cut -d: -f6)
 ENV WORK_DIR="${HOME_DIR}/wspace" \
     PATH="${HOME_DIR}/.local/bin:${PATH}"
-RUN useradd --uid $UID --create-home --shell /bin/bash ${USER}
-RUN usermod -append --groups sudo ${USER}
-RUN echo "%sudo ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
 WORKDIR ${WORK_DIR}
-RUN chown --recursive ${USER} ${WORK_DIR} ${ANDROID_SDK_HOME}
-RUN chown ${USER} /opt
-USER ${USER}
+RUN chown --recursive ${UID} ${WORK_DIR} ${ANDROID_SDK_HOME}
+RUN chown ${UID} /opt
+USER ${UID}
 
 # venv, VIRTUAL_ENV is used by buildozer to indicate a venv environment
 ENV VIRTUAL_ENV=/opt/venv

contrib/android/build.sh

@@ -63,11 +63,14 @@ else
 fi
 
 DOCKER_RUN_FLAGS=""
-
 if [[ "$3" == "release" ]] ; then
     info "'release' mode selected. mounting ~/.keystore inside container."
     DOCKER_RUN_FLAGS="-v $HOME/.keystore:/home/user/.keystore"
 fi
+if sh -c ": >/dev/tty" >/dev/null 2>/dev/null; then
+    info "/dev/tty is available and usable"
+    DOCKER_RUN_FLAGS="$DOCKER_RUN_FLAGS -it"
+fi
 
 info "building binary..."
 mkdir --parents "$PROJECT_ROOT_OR_FRESHCLONE_ROOT"/.buildozer/.gradle
@@ -78,7 +81,7 @@ if [ ! -z "$ELECBUILD_COMMIT" ] ; then  # fresh clone (reproducible build)
         sudo chown -R 1000:1000 "$FRESH_CLONE"
     fi
 fi
-docker run -it --rm \
+docker run --rm \
     --name electrum-android-builder-cont \
     -v "$PROJECT_ROOT_OR_FRESHCLONE_ROOT":/home/user/wspace/electrum \
     -v "$PROJECT_ROOT_OR_FRESHCLONE_ROOT"/.buildozer/.gradle:/home/user/.gradle \

contrib/build-linux/appimage/Dockerfile

@@ -75,13 +75,12 @@ RUN apt-get update -q && \
 
 # create new user to avoid using root; but with sudo access and no password for convenience.
 ARG UID=1000
-ENV USER="user"
-ENV HOME_DIR="/home/${USER}"
+RUN if [ "$UID" != "0" ] ; then useradd --uid $UID --create-home --shell /bin/bash "user" ; fi
+RUN usermod -append --groups sudo $(id -nu $UID || echo "user")
+RUN echo "%sudo ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
+RUN HOME_DIR=$(getent passwd $UID | cut -d: -f6)
 ENV WORK_DIR="${HOME_DIR}/wspace" \
     PATH="${HOME_DIR}/.local/bin:${PATH}"
-RUN useradd --uid $UID --create-home --shell /bin/bash ${USER}
-RUN usermod -append --groups sudo ${USER}
-RUN echo "%sudo ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
 WORKDIR ${WORK_DIR}
-RUN chown --recursive ${USER} ${WORK_DIR}
-USER ${USER}
+RUN chown --recursive ${UID} ${WORK_DIR}
+USER ${UID}

contrib/build-linux/appimage/build.sh

@@ -13,10 +13,6 @@ CONTRIB_APPIMAGE="$CONTRIB/build-linux/appimage"
 DISTDIR="$PROJECT_ROOT/dist"
 BUILD_UID=$(/usr/bin/stat -c %u "$PROJECT_ROOT")
 
-# when bumping the runtime commit also check if the `type2-runtime-reproducible-build.patch` still works
-TYPE2_RUNTIME_COMMIT="5e7217b7cfeecee1491c2d251e355c3cf8ba6e4d"
-TYPE2_RUNTIME_REPO="https://github.com/AppImage/type2-runtime.git"
-
 . "$CONTRIB"/build_tools_util.sh
 
 
@@ -52,29 +48,13 @@ fi
 
 # build the type2-runtime binary, this build step uses a separate docker container
 # defined in the type2-runtime repo (patched with type2-runtime-reproducible-build.patch)
-TYPE2_RUNTIME_REPO_DIR="$PROJECT_ROOT_OR_FRESHCLONE_ROOT/contrib/build-linux/appimage/.cache/appimage/type2-runtime"
-(
-    if [ -f "$TYPE2_RUNTIME_REPO_DIR/runtime-x86_64" ]; then
-        info "type2-runtime already built, skipping"
-        exit 0
-    fi
-    clone_or_update_repo "$TYPE2_RUNTIME_REPO" "$TYPE2_RUNTIME_COMMIT" "$TYPE2_RUNTIME_REPO_DIR"
+"$CONTRIB_APPIMAGE/make_type2_runtime.sh" || fail "Error building type2-runtime."
 
-    # Apply patch to make runtime build reproducible
-    info "Applying type2-runtime patch..."
-    cd "$TYPE2_RUNTIME_REPO_DIR"
-    git apply "$CONTRIB_APPIMAGE/patches/type2-runtime-reproducible-build.patch" || fail "Failed to apply runtime repo patch"
-
-    info "building type2-runtime in build container..."
-    cd "$TYPE2_RUNTIME_REPO_DIR/scripts/docker"
-    env ARCH=x86_64 ./build-with-docker.sh
-    mv "./runtime-x86_64" "$TYPE2_RUNTIME_REPO_DIR/"
-
-    # clean up the empty created 'out' dir to prevent permission issues
-    rm -rf "$TYPE2_RUNTIME_REPO_DIR/out"
-
-    info "runtime build successful: $(sha256sum "$TYPE2_RUNTIME_REPO_DIR/runtime-x86_64")"
-)
+DOCKER_RUN_FLAGS=""
+if sh -c ": >/dev/tty" >/dev/null 2>/dev/null; then
+    info "/dev/tty is available and usable"
+    DOCKER_RUN_FLAGS="-it"
+fi
 
 info "building binary..."
 # check uid and maybe chown. see #8261
@@ -84,7 +64,7 @@ if [ ! -z "$ELECBUILD_COMMIT" ] ; then  # fresh clone (reproducible build)
         sudo chown -R 1000:1000 "$FRESH_CLONE"
     fi
 fi
-docker run -it \
+docker run $DOCKER_RUN_FLAGS \
     --name electrum-appimage-builder-cont \
     -v "$PROJECT_ROOT_OR_FRESHCLONE_ROOT":/opt/electrum \
     --rm \

contrib/build-linux/appimage/make_type2_runtime.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+
+set -e
+
+PROJECT_ROOT="$(dirname "$(readlink -e "$0")")/../../.."
+PROJECT_ROOT_OR_FRESHCLONE_ROOT="$PROJECT_ROOT"
+CONTRIB="$PROJECT_ROOT/contrib"
+CONTRIB_APPIMAGE="$CONTRIB/build-linux/appimage"
+
+# when bumping the runtime commit also check if the `type2-runtime-reproducible-build.patch` still works
+TYPE2_RUNTIME_COMMIT="5e7217b7cfeecee1491c2d251e355c3cf8ba6e4d"
+TYPE2_RUNTIME_REPO="https://github.com/AppImage/type2-runtime.git"
+
+. "$CONTRIB"/build_tools_util.sh
+
+
+TYPE2_RUNTIME_REPO_DIR="$PROJECT_ROOT_OR_FRESHCLONE_ROOT/contrib/build-linux/appimage/.cache/appimage/type2-runtime"
+if [ -f "$TYPE2_RUNTIME_REPO_DIR/runtime-x86_64" ]; then
+    info "type2-runtime already built, skipping"
+    exit 0
+fi
+clone_or_update_repo "$TYPE2_RUNTIME_REPO" "$TYPE2_RUNTIME_COMMIT" "$TYPE2_RUNTIME_REPO_DIR"
+
+# Apply patch to make runtime build reproducible
+info "Applying type2-runtime patch..."
+cd "$TYPE2_RUNTIME_REPO_DIR"
+git apply "$CONTRIB_APPIMAGE/patches/type2-runtime-reproducible-build.patch" || fail "Failed to apply runtime repo patch"
+
+info "building type2-runtime in build container..."
+cd "$TYPE2_RUNTIME_REPO_DIR/scripts/docker"
+env ARCH=x86_64 ./build-with-docker.sh
+mv "./runtime-x86_64" "$TYPE2_RUNTIME_REPO_DIR/"
+
+# clean up the empty created 'out' dir to prevent permission issues
+rm -rf "$TYPE2_RUNTIME_REPO_DIR/out"
+
+info "runtime build successful: $(sha256sum "$TYPE2_RUNTIME_REPO_DIR/runtime-x86_64")"

contrib/build-linux/sdist/Dockerfile

@@ -18,13 +18,12 @@ RUN apt-get update -q && \
 
 # create new user to avoid using root; but with sudo access and no password for convenience.
 ARG UID=1000
-ENV USER="user"
-ENV HOME_DIR="/home/${USER}"
+RUN if [ "$UID" != "0" ] ; then useradd --uid $UID --create-home --shell /bin/bash "user" ; fi
+RUN usermod -append --groups sudo $(id -nu $UID || echo "user")
+RUN echo "%sudo ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
+RUN HOME_DIR=$(getent passwd $UID | cut -d: -f6)
 ENV WORK_DIR="${HOME_DIR}/wspace" \
     PATH="${HOME_DIR}/.local/bin:${PATH}"
-RUN useradd --uid $UID --create-home --shell /bin/bash ${USER}
-RUN usermod -append --groups sudo ${USER}
-RUN echo "%sudo ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
 WORKDIR ${WORK_DIR}
-RUN chown --recursive ${USER} ${WORK_DIR}
-USER ${USER}
+RUN chown --recursive ${UID} ${WORK_DIR}
+USER ${UID}

contrib/build-linux/sdist/build.sh

@@ -46,6 +46,12 @@ else
     info "not doing fresh clone."
 fi
 
+DOCKER_RUN_FLAGS=""
+if sh -c ": >/dev/tty" >/dev/null 2>/dev/null; then
+    info "/dev/tty is available and usable"
+    DOCKER_RUN_FLAGS="-it"
+fi
+
 info "building binary..."
 # check uid and maybe chown. see #8261
 if [ ! -z "$ELECBUILD_COMMIT" ] ; then  # fresh clone (reproducible build)
@@ -54,7 +60,7 @@ if [ ! -z "$ELECBUILD_COMMIT" ] ; then  # fresh clone (reproducible build)
         sudo chown -R 1000:1000 "$FRESH_CLONE"
     fi
 fi
-docker run -it \
+docker run $DOCKER_RUN_FLAGS \
     --name electrum-sdist-builder-cont \
     -v "$PROJECT_ROOT_OR_FRESHCLONE_ROOT":/opt/electrum \
     --rm \

contrib/build-wine/Dockerfile

@@ -58,16 +58,15 @@ RUN DEBIAN_CODENAME=$(lsb_release --codename --short) && \
 
 # create new user to avoid using root; but with sudo access and no password for convenience.
 ARG UID=1000
-ENV USER="user"
-ENV HOME_DIR="/home/${USER}"
+RUN if [ "$UID" != "0" ] ; then useradd --uid $UID --create-home --shell /bin/bash "user" ; fi
+RUN usermod -append --groups sudo $(id -nu $UID || echo "user")
+RUN echo "%sudo ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
+RUN HOME_DIR=$(getent passwd $UID | cut -d: -f6)
 ENV WORK_DIR="${HOME_DIR}/wspace" \
     PATH="${HOME_DIR}/.local/bin:${PATH}"
-RUN useradd --uid $UID --create-home --shell /bin/bash ${USER}
-RUN usermod -append --groups sudo ${USER}
-RUN echo "%sudo ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
 WORKDIR ${WORK_DIR}
-RUN chown --recursive ${USER} ${WORK_DIR}
-RUN chown ${USER} /opt
-USER ${USER}
+RUN chown --recursive ${UID} ${WORK_DIR}
+RUN chown ${UID} /opt
+USER ${UID}
 
 RUN mkdir --parents "/opt/wine64/drive_c/electrum"

contrib/build-wine/build.sh

@@ -48,6 +48,12 @@ else
     info "not doing fresh clone."
 fi
 
+DOCKER_RUN_FLAGS=""
+if sh -c ": >/dev/tty" >/dev/null 2>/dev/null; then
+    info "/dev/tty is available and usable"
+    DOCKER_RUN_FLAGS="-it"
+fi
+
 info "building binary..."
 # check uid and maybe chown. see #8261
 if [ ! -z "$ELECBUILD_COMMIT" ] ; then  # fresh clone (reproducible build)
@@ -56,7 +62,7 @@ if [ ! -z "$ELECBUILD_COMMIT" ] ; then  # fresh clone (reproducible build)
         sudo chown -R 1000:1000 "$FRESH_CLONE"
     fi
 fi
-docker run -it \
+docker run $DOCKER_RUN_FLAGS \
     --name electrum-wine-builder-cont \
     -v "$PROJECT_ROOT_OR_FRESHCLONE_ROOT":/opt/wine64/drive_c/electrum \
     --rm \