build: fix repro builds where host userid != 1000

- repro builds to use fixed uid=1000 inside the container
  - in case the file permissions leak into the binaries, they are still reproducible
  - chown 1000:1000 fresh_clone
- repro builds to create fresh_clone dir outside git clone
  - otherwise the local dev build would still interact with the fresh_clone dir
    - due to e.g. recursive "find -exec touch",
    - and even the "docker build" cmd itself would try to stat/read it
      - see https://github.com/docker/for-linux/issues/380
  - and "rm -rf fresh_clone" needs sudo if the host uid is not 1000
  - this way the local dev build does not need sudo

to recap:
- local dev builds use the host userid inside the container, directly operate on the project dir
  - does not need sudo
- repro builds create a fresh git clone, chown it to 1000, and use userid=1000 inside the container
  - if the host userid is 1000, does not need sudo
  - otherwise, needs sudo

closes https://github.com/spesmilo/electrum/issues/8261

.gitignore

@@ -34,14 +34,10 @@ contrib/build-wine/build/
 contrib/build-wine/.cache/
 contrib/build-wine/dist/
 contrib/build-wine/signed/
-contrib/build-wine/fresh_clone/
-contrib/build-linux/sdist/fresh_clone/
 contrib/build-linux/appimage/build/
 contrib/build-linux/appimage/.cache/
-contrib/build-linux/appimage/fresh_clone/
 contrib/osx/.cache/
 contrib/osx/build-venv/
-contrib/android/fresh_clone
 contrib/android/android_debug.keystore
 contrib/secp256k1/
 contrib/zbar/

contrib/android/build.sh

@@ -52,11 +52,11 @@ docker build \
 # maybe do fresh clone
 if [ ! -z "$ELECBUILD_COMMIT" ] ; then
     info "ELECBUILD_COMMIT=$ELECBUILD_COMMIT. doing fresh clone and git checkout."
-    FRESH_CLONE="$CONTRIB_ANDROID/fresh_clone/electrum" && \
-        rm -rf "$FRESH_CLONE" && \
-        umask 0022 && \
-        git clone "$PROJECT_ROOT" "$FRESH_CLONE" && \
-        cd "$FRESH_CLONE"
+    FRESH_CLONE="/tmp/electrum_build/android/fresh_clone/electrum"
+    rm -rf "$FRESH_CLONE" 2>/dev/null || ( info "we need sudo to rm prev FRESH_CLONE." && sudo rm -rf "$FRESH_CLONE" )
+    umask 0022
+    git clone "$PROJECT_ROOT" "$FRESH_CLONE"
+    cd "$FRESH_CLONE"
     git checkout "$ELECBUILD_COMMIT"
     PROJECT_ROOT_OR_FRESHCLONE_ROOT="$FRESH_CLONE"
 else
@@ -72,6 +72,13 @@ fi
 
 info "building binary..."
 mkdir --parents "$PROJECT_ROOT_OR_FRESHCLONE_ROOT"/.buildozer/.gradle
+# check uid and maybe chown. see #8261
+if [ ! -z "$ELECBUILD_COMMIT" ] ; then  # fresh clone (reproducible build)
+    if [ $(id -u) != "1000" ] || [ $(id -g) != "1000" ] ; then
+        info "need to chown -R FRESH_CLONE dir. prompting for sudo."
+        sudo chown -R 1000:1000 "$FRESH_CLONE"
+    fi
+fi
 docker run -it --rm \
     --name electrum-android-builder-cont \
     -v "$PROJECT_ROOT_OR_FRESHCLONE_ROOT":/home/user/wspace/electrum \

contrib/build-linux/appimage/.dockerignore

@@ -1,3 +1,2 @@
 build/
 .cache/
-fresh_clone/

contrib/build-linux/appimage/build.sh

@@ -35,11 +35,11 @@ docker build \
 # maybe do fresh clone
 if [ ! -z "$ELECBUILD_COMMIT" ] ; then
     info "ELECBUILD_COMMIT=$ELECBUILD_COMMIT. doing fresh clone and git checkout."
-    FRESH_CLONE="$CONTRIB_APPIMAGE/fresh_clone/electrum" && \
-        rm -rf "$FRESH_CLONE" && \
-        umask 0022 && \
-        git clone "$PROJECT_ROOT" "$FRESH_CLONE" && \
-        cd "$FRESH_CLONE"
+    FRESH_CLONE="/tmp/electrum_build/appimage/fresh_clone/electrum"
+    rm -rf "$FRESH_CLONE" 2>/dev/null || ( info "we need sudo to rm prev FRESH_CLONE." && sudo rm -rf "$FRESH_CLONE" )
+    umask 0022
+    git clone "$PROJECT_ROOT" "$FRESH_CLONE"
+    cd "$FRESH_CLONE"
     git checkout "$ELECBUILD_COMMIT"
     PROJECT_ROOT_OR_FRESHCLONE_ROOT="$FRESH_CLONE"
 else
@@ -47,6 +47,13 @@ else
 fi
 
 info "building binary..."
+# check uid and maybe chown. see #8261
+if [ ! -z "$ELECBUILD_COMMIT" ] ; then  # fresh clone (reproducible build)
+    if [ $(id -u) != "1000" ] || [ $(id -g) != "1000" ] ; then
+        info "need to chown -R FRESH_CLONE dir. prompting for sudo."
+        sudo chown -R 1000:1000 "$FRESH_CLONE"
+    fi
+fi
 docker run -it \
     --name electrum-appimage-builder-cont \
     -v "$PROJECT_ROOT_OR_FRESHCLONE_ROOT":/opt/electrum \

contrib/build-linux/sdist/.dockerignore

@@ -1 +0,0 @@
-fresh_clone/

contrib/build-linux/sdist/build.sh

@@ -35,11 +35,11 @@ docker build \
 # maybe do fresh clone
 if [ ! -z "$ELECBUILD_COMMIT" ] ; then
     info "ELECBUILD_COMMIT=$ELECBUILD_COMMIT. doing fresh clone and git checkout."
-    FRESH_CLONE="$CONTRIB_SDIST/fresh_clone/electrum" && \
-        rm -rf "$FRESH_CLONE" && \
-        umask 0022 && \
-        git clone "$PROJECT_ROOT" "$FRESH_CLONE" && \
-        cd "$FRESH_CLONE"
+    FRESH_CLONE="/tmp/electrum_build/sdist/fresh_clone/electrum"
+    rm -rf "$FRESH_CLONE" 2>/dev/null || ( info "we need sudo to rm prev FRESH_CLONE." && sudo rm -rf "$FRESH_CLONE" )
+    umask 0022
+    git clone "$PROJECT_ROOT" "$FRESH_CLONE"
+    cd "$FRESH_CLONE"
     git checkout "$ELECBUILD_COMMIT"
     PROJECT_ROOT_OR_FRESHCLONE_ROOT="$FRESH_CLONE"
 else
@@ -47,6 +47,13 @@ else
 fi
 
 info "building binary..."
+# check uid and maybe chown. see #8261
+if [ ! -z "$ELECBUILD_COMMIT" ] ; then  # fresh clone (reproducible build)
+    if [ $(id -u) != "1000" ] || [ $(id -g) != "1000" ] ; then
+        info "need to chown -R FRESH_CLONE dir. prompting for sudo."
+        sudo chown -R 1000:1000 "$FRESH_CLONE"
+    fi
+fi
 docker run -it \
     --name electrum-sdist-builder-cont \
     -v "$PROJECT_ROOT_OR_FRESHCLONE_ROOT":/opt/electrum \

contrib/build-wine/.dockerignore

@@ -3,4 +3,3 @@ build/
 .cache/
 dist/
 signed/
-fresh_clone/

contrib/build-wine/build.sh

@@ -37,11 +37,11 @@ docker build \
 # maybe do fresh clone
 if [ ! -z "$ELECBUILD_COMMIT" ] ; then
     info "ELECBUILD_COMMIT=$ELECBUILD_COMMIT. doing fresh clone and git checkout."
-    FRESH_CLONE="$CONTRIB_WINE/fresh_clone/electrum" && \
-        rm -rf "$FRESH_CLONE" && \
-        umask 0022 && \
-        git clone "$PROJECT_ROOT" "$FRESH_CLONE" && \
-        cd "$FRESH_CLONE"
+    FRESH_CLONE="/tmp/electrum_build/windows/fresh_clone/electrum"
+    rm -rf "$FRESH_CLONE" 2>/dev/null || ( info "we need sudo to rm prev FRESH_CLONE." && sudo rm -rf "$FRESH_CLONE" )
+    umask 0022
+    git clone "$PROJECT_ROOT" "$FRESH_CLONE"
+    cd "$FRESH_CLONE"
     git checkout "$ELECBUILD_COMMIT"
     PROJECT_ROOT_OR_FRESHCLONE_ROOT="$FRESH_CLONE"
 else
@@ -49,6 +49,13 @@ else
 fi
 
 info "building binary..."
+# check uid and maybe chown. see #8261
+if [ ! -z "$ELECBUILD_COMMIT" ] ; then  # fresh clone (reproducible build)
+    if [ $(id -u) != "1000" ] || [ $(id -g) != "1000" ] ; then
+        info "need to chown -R FRESH_CLONE dir. prompting for sudo."
+        sudo chown -R 1000:1000 "$FRESH_CLONE"
+    fi
+fi
 docker run -it \
     --name electrum-wine-builder-cont \
     -v "$PROJECT_ROOT_OR_FRESHCLONE_ROOT":/opt/wine64/drive_c/electrum \