AaronFiore/electrum
1
0
Fork 0
Code Activity

build: fix repro builds where host userid != 1000

Browse Source 
- repro builds to use fixed uid=1000 inside the container
  - in case the file permissions leak into the binaries, they are still reproducible
  - chown 1000:1000 fresh_clone
- repro builds to create fresh_clone dir outside git clone
  - otherwise the local dev build would still interact with the fresh_clone dir
    - due to e.g. recursive "find -exec touch",
    - and even the "docker build" cmd itself would try to stat/read it
      - see https://github.com/docker/for-linux/issues/380
  - and "rm -rf fresh_clone" needs sudo if the host uid is not 1000
  - this way the local dev build does not need sudo

to recap:
- local dev builds use the host userid inside the container, directly operate on the project dir
  - does not need sudo
- repro builds create a fresh git clone, chown it to 1000, and use userid=1000 inside the container
  - if the host userid is 1000, does not need sudo
  - otherwise, needs sudo

closes https://github.com/spesmilo/electrum/issues/8261
This commit is contained in:
SomberNight
2023-03-20 02:02:14 +00:00
parent 6e472efd5f
commit c9b6a6c01e
8 changed files with 48 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored
View File

@@ -34,14 +34,10 @@ contrib/build-wine/build/
contrib/build-wine/.cache/ contrib/build-wine/.cache/
contrib/build-wine/dist/ contrib/build-wine/dist/
contrib/build-wine/signed/ contrib/build-wine/signed/
contrib/build-wine/fresh_clone/
contrib/build-linux/sdist/fresh_clone/
contrib/build-linux/appimage/build/ contrib/build-linux/appimage/build/
contrib/build-linux/appimage/.cache/ contrib/build-linux/appimage/.cache/
contrib/build-linux/appimage/fresh_clone/
contrib/osx/.cache/ contrib/osx/.cache/
contrib/osx/build-venv/ contrib/osx/build-venv/
contrib/android/fresh_clone
contrib/android/android_debug.keystore contrib/android/android_debug.keystore
contrib/secp256k1/ contrib/secp256k1/
contrib/zbar/ contrib/zbar/

17
contrib/android/build.sh
View File

@@ -52,11 +52,11 @@ docker build \
# maybe do fresh clone # maybe do fresh clone
if [ ! -z "$ELECBUILD_COMMIT" ] ; then if [ ! -z "$ELECBUILD_COMMIT" ] ; then
info "ELECBUILD_COMMIT=$ELECBUILD_COMMIT. doing fresh clone and git checkout." info "ELECBUILD_COMMIT=$ELECBUILD_COMMIT. doing fresh clone and git checkout."
FRESH_CLONE="$CONTRIB_ANDROID/fresh_clone/electrum" && \ FRESH_CLONE="/tmp/electrum_build/android/fresh_clone/electrum"
rm -rf "$FRESH_CLONE" && \ rm -rf "$FRESH_CLONE" 2>/dev/null || ( info "we need sudo to rm prev FRESH_CLONE." && sudo rm -rf "$FRESH_CLONE" )
umask 0022 && \ umask 0022
git clone "$PROJECT_ROOT" "$FRESH_CLONE" && \ git clone "$PROJECT_ROOT" "$FRESH_CLONE"
cd "$FRESH_CLONE" cd "$FRESH_CLONE"
git checkout "$ELECBUILD_COMMIT" git checkout "$ELECBUILD_COMMIT"
PROJECT_ROOT_OR_FRESHCLONE_ROOT="$FRESH_CLONE" PROJECT_ROOT_OR_FRESHCLONE_ROOT="$FRESH_CLONE"
else else
@@ -72,6 +72,13 @@ fi
info "building binary..." info "building binary..."
mkdir --parents "$PROJECT_ROOT_OR_FRESHCLONE_ROOT"/.buildozer/.gradle mkdir --parents "$PROJECT_ROOT_OR_FRESHCLONE_ROOT"/.buildozer/.gradle
# check uid and maybe chown. see #8261
if [ ! -z "$ELECBUILD_COMMIT" ] ; then # fresh clone (reproducible build)
if [ $(id -u) != "1000" ] || [ $(id -g) != "1000" ] ; then
info "need to chown -R FRESH_CLONE dir. prompting for sudo."
sudo chown -R 1000:1000 "$FRESH_CLONE"
fi
fi
docker run -it --rm \ docker run -it --rm \
--name electrum-android-builder-cont \ --name electrum-android-builder-cont \
-v "$PROJECT_ROOT_OR_FRESHCLONE_ROOT":/home/user/wspace/electrum \ -v "$PROJECT_ROOT_OR_FRESHCLONE_ROOT":/home/user/wspace/electrum \

1
contrib/build-linux/appimage/.dockerignore
View File

@@ -1,3 +1,2 @@
build/ build/
.cache/ .cache/
fresh_clone/

17
contrib/build-linux/appimage/build.sh
View File

@@ -35,11 +35,11 @@ docker build \
# maybe do fresh clone # maybe do fresh clone
if [ ! -z "$ELECBUILD_COMMIT" ] ; then if [ ! -z "$ELECBUILD_COMMIT" ] ; then
info "ELECBUILD_COMMIT=$ELECBUILD_COMMIT. doing fresh clone and git checkout." info "ELECBUILD_COMMIT=$ELECBUILD_COMMIT. doing fresh clone and git checkout."
FRESH_CLONE="$CONTRIB_APPIMAGE/fresh_clone/electrum" && \ FRESH_CLONE="/tmp/electrum_build/appimage/fresh_clone/electrum"
rm -rf "$FRESH_CLONE" && \ rm -rf "$FRESH_CLONE" 2>/dev/null || ( info "we need sudo to rm prev FRESH_CLONE." && sudo rm -rf "$FRESH_CLONE" )
umask 0022 && \ umask 0022
git clone "$PROJECT_ROOT" "$FRESH_CLONE" && \ git clone "$PROJECT_ROOT" "$FRESH_CLONE"
cd "$FRESH_CLONE" cd "$FRESH_CLONE"
git checkout "$ELECBUILD_COMMIT" git checkout "$ELECBUILD_COMMIT"
PROJECT_ROOT_OR_FRESHCLONE_ROOT="$FRESH_CLONE" PROJECT_ROOT_OR_FRESHCLONE_ROOT="$FRESH_CLONE"
else else
@@ -47,6 +47,13 @@ else
fi fi
info "building binary..." info "building binary..."
# check uid and maybe chown. see #8261
if [ ! -z "$ELECBUILD_COMMIT" ] ; then # fresh clone (reproducible build)
if [ $(id -u) != "1000" ] || [ $(id -g) != "1000" ] ; then
info "need to chown -R FRESH_CLONE dir. prompting for sudo."
sudo chown -R 1000:1000 "$FRESH_CLONE"
fi
fi
docker run -it \ docker run -it \
--name electrum-appimage-builder-cont \ --name electrum-appimage-builder-cont \
-v "$PROJECT_ROOT_OR_FRESHCLONE_ROOT":/opt/electrum \ -v "$PROJECT_ROOT_OR_FRESHCLONE_ROOT":/opt/electrum \

1
contrib/build-linux/sdist/.dockerignore
View File

@@ -1 +0,0 @@
fresh_clone/

17
contrib/build-linux/sdist/build.sh
View File

@@ -35,11 +35,11 @@ docker build \
# maybe do fresh clone # maybe do fresh clone
if [ ! -z "$ELECBUILD_COMMIT" ] ; then if [ ! -z "$ELECBUILD_COMMIT" ] ; then
info "ELECBUILD_COMMIT=$ELECBUILD_COMMIT. doing fresh clone and git checkout." info "ELECBUILD_COMMIT=$ELECBUILD_COMMIT. doing fresh clone and git checkout."
FRESH_CLONE="$CONTRIB_SDIST/fresh_clone/electrum" && \ FRESH_CLONE="/tmp/electrum_build/sdist/fresh_clone/electrum"
rm -rf "$FRESH_CLONE" && \ rm -rf "$FRESH_CLONE" 2>/dev/null || ( info "we need sudo to rm prev FRESH_CLONE." && sudo rm -rf "$FRESH_CLONE" )
umask 0022 && \ umask 0022
git clone "$PROJECT_ROOT" "$FRESH_CLONE" && \ git clone "$PROJECT_ROOT" "$FRESH_CLONE"
cd "$FRESH_CLONE" cd "$FRESH_CLONE"
git checkout "$ELECBUILD_COMMIT" git checkout "$ELECBUILD_COMMIT"
PROJECT_ROOT_OR_FRESHCLONE_ROOT="$FRESH_CLONE" PROJECT_ROOT_OR_FRESHCLONE_ROOT="$FRESH_CLONE"
else else
@@ -47,6 +47,13 @@ else
fi fi
info "building binary..." info "building binary..."
# check uid and maybe chown. see #8261
if [ ! -z "$ELECBUILD_COMMIT" ] ; then # fresh clone (reproducible build)
if [ $(id -u) != "1000" ] || [ $(id -g) != "1000" ] ; then
info "need to chown -R FRESH_CLONE dir. prompting for sudo."
sudo chown -R 1000:1000 "$FRESH_CLONE"
fi
fi
docker run -it \ docker run -it \
--name electrum-sdist-builder-cont \ --name electrum-sdist-builder-cont \
-v "$PROJECT_ROOT_OR_FRESHCLONE_ROOT":/opt/electrum \ -v "$PROJECT_ROOT_OR_FRESHCLONE_ROOT":/opt/electrum \

1
contrib/build-wine/.dockerignore
View File

@@ -3,4 +3,3 @@ build/
.cache/ .cache/
dist/ dist/
signed/ signed/
fresh_clone/

17
contrib/build-wine/build.sh
View File

@@ -37,11 +37,11 @@ docker build \
# maybe do fresh clone # maybe do fresh clone
if [ ! -z "$ELECBUILD_COMMIT" ] ; then if [ ! -z "$ELECBUILD_COMMIT" ] ; then
info "ELECBUILD_COMMIT=$ELECBUILD_COMMIT. doing fresh clone and git checkout." info "ELECBUILD_COMMIT=$ELECBUILD_COMMIT. doing fresh clone and git checkout."
FRESH_CLONE="$CONTRIB_WINE/fresh_clone/electrum" && \ FRESH_CLONE="/tmp/electrum_build/windows/fresh_clone/electrum"
rm -rf "$FRESH_CLONE" && \ rm -rf "$FRESH_CLONE" 2>/dev/null || ( info "we need sudo to rm prev FRESH_CLONE." && sudo rm -rf "$FRESH_CLONE" )
umask 0022 && \ umask 0022
git clone "$PROJECT_ROOT" "$FRESH_CLONE" && \ git clone "$PROJECT_ROOT" "$FRESH_CLONE"
cd "$FRESH_CLONE" cd "$FRESH_CLONE"
git checkout "$ELECBUILD_COMMIT" git checkout "$ELECBUILD_COMMIT"
PROJECT_ROOT_OR_FRESHCLONE_ROOT="$FRESH_CLONE" PROJECT_ROOT_OR_FRESHCLONE_ROOT="$FRESH_CLONE"
else else
@@ -49,6 +49,13 @@ else
fi fi
info "building binary..." info "building binary..."
# check uid and maybe chown. see #8261
if [ ! -z "$ELECBUILD_COMMIT" ] ; then # fresh clone (reproducible build)
if [ $(id -u) != "1000" ] || [ $(id -g) != "1000" ] ; then
info "need to chown -R FRESH_CLONE dir. prompting for sudo."
sudo chown -R 1000:1000 "$FRESH_CLONE"
fi
fi
docker run -it \ docker run -it \
--name electrum-wine-builder-cont \ --name electrum-wine-builder-cont \
-v "$PROJECT_ROOT_OR_FRESHCLONE_ROOT":/opt/wine64/drive_c/electrum \ -v "$PROJECT_ROOT_OR_FRESHCLONE_ROOT":/opt/wine64/drive_c/electrum \