AaronFiore/electrum
1
0
Fork 0
Code Activity

Merge pull request #7697 from SomberNight/202203_build_nosudo

Browse Source 
build: rm need for sudo in most places; and do not run as root
This commit is contained in:
ghost43
2022-03-04 12:28:37 +00:00
committed by GitHub
parent fcf54432f7 b726fe85e1
commit cc8587aec2
16 changed files with 89 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
contrib/android/Dockerfile
View File

@@ -94,11 +94,6 @@ RUN curl --location --progress-bar \
&& rm -rf "${APACHE_ANT_ARCHIVE}"
ENV USER="user"
ENV HOME_DIR="/home/${USER}"
ENV WORK_DIR="${HOME_DIR}/wspace" \
PATH="${HOME_DIR}/.local/bin:${PATH}"
# install system/build dependencies
# https://github.com/kivy/buildozer/blob/master/docs/source/installation.rst#android-on-ubuntu-2004-64bit
# TODO probably need to pin versions of at least some of these for over-time reproducibility?
@@ -136,17 +131,15 @@ RUN apt -y update -qq \
&& apt -y clean
# prepare non root env
# create new user to avoid using root; but with sudo access and no password for convenience.
ENV USER="user"
ENV HOME_DIR="/home/${USER}"
ENV WORK_DIR="${HOME_DIR}/wspace" \
PATH="${HOME_DIR}/.local/bin:${PATH}"
RUN useradd --create-home --shell /bin/bash ${USER}
# with sudo access and no password
RUN usermod -append --groups sudo ${USER}
RUN echo "%sudo ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
WORKDIR ${WORK_DIR}
# user needs ownership/write access to these directories
RUN chown --recursive ${USER} ${WORK_DIR} ${ANDROID_SDK_HOME}
RUN chown ${USER} /opt
USER ${USER}

7
contrib/android/Readme.md
View File

@@ -13,12 +13,7 @@ similar system.
1. Install Docker
```
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
$ sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
$ sudo apt-get update
$ sudo apt-get install -y docker-ce
```
See `contrib/docker_notes.md`.
2. Build binaries

8
contrib/android/build.sh
View File

@@ -22,7 +22,7 @@ if [ ! -z "$ELECBUILD_NOCACHE" ] ; then
fi
info "building docker image."
sudo docker build \
docker build \
$DOCKER_BUILD_FLAGS \
-t electrum-android-builder-img \
--file "$CONTRIB_ANDROID/Dockerfile" \
@@ -33,7 +33,7 @@ sudo docker build \
if [ ! -z "$ELECBUILD_COMMIT" ] ; then
info "ELECBUILD_COMMIT=$ELECBUILD_COMMIT. doing fresh clone and git checkout."
FRESH_CLONE="$CONTRIB_ANDROID/fresh_clone/electrum" && \
sudo rm -rf "$FRESH_CLONE" && \
rm -rf "$FRESH_CLONE" && \
umask 0022 && \
git clone "$PROJECT_ROOT" "$FRESH_CLONE" && \
cd "$FRESH_CLONE"
@@ -51,7 +51,7 @@ fi
info "building binary..."
mkdir --parents "$PROJECT_ROOT_OR_FRESHCLONE_ROOT"/.buildozer/.gradle
sudo docker run -it --rm \
docker run -it --rm \
--name electrum-android-builder-cont \
-v "$PROJECT_ROOT_OR_FRESHCLONE_ROOT":/home/user/wspace/electrum \
-v "$PROJECT_ROOT_OR_FRESHCLONE_ROOT"/.buildozer/.gradle:/home/user/.gradle \
@@ -63,5 +63,5 @@ sudo docker run -it --rm \
# make sure resulting binary location is independent of fresh_clone
if [ ! -z "$ELECBUILD_COMMIT" ] ; then
mkdir --parents "$DISTDIR/"
sudo cp -f "$FRESH_CLONE/dist"/* "$DISTDIR/"
cp -f "$FRESH_CLONE/dist"/* "$DISTDIR/"
fi

12
contrib/build-linux/appimage/Dockerfile
View File

@@ -56,3 +56,15 @@ RUN apt-get update -q && \
rm -rf /var/lib/apt/lists/* && \
apt-get autoremove -y && \
apt-get clean
# create new user to avoid using root; but with sudo access and no password for convenience.
ENV USER="user"
ENV HOME_DIR="/home/${USER}"
ENV WORK_DIR="${HOME_DIR}/wspace" \
PATH="${HOME_DIR}/.local/bin:${PATH}"
RUN useradd --create-home --shell /bin/bash ${USER}
RUN usermod -append --groups sudo ${USER}
RUN echo "%sudo ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
WORKDIR ${WORK_DIR}
RUN chown --recursive ${USER} ${WORK_DIR}
USER ${USER}

7
contrib/build-linux/appimage/README.md
View File

@@ -14,12 +14,7 @@ see [issue #5159](https://github.com/spesmilo/electrum/issues/5159).
1. Install Docker
```
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
$ sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
$ sudo apt-get update
$ sudo apt-get install -y docker-ce
```
See `contrib/docker_notes.md`.
2. Build binary

8
contrib/build-linux/appimage/build.sh
View File

@@ -22,7 +22,7 @@ if [ ! -z "$ELECBUILD_NOCACHE" ] ; then
fi
info "building docker image."
sudo docker build \
docker build \
$DOCKER_BUILD_FLAGS \
-t electrum-appimage-builder-img \
"$CONTRIB_APPIMAGE"
@@ -31,7 +31,7 @@ sudo docker build \
if [ ! -z "$ELECBUILD_COMMIT" ] ; then
info "ELECBUILD_COMMIT=$ELECBUILD_COMMIT. doing fresh clone and git checkout."
FRESH_CLONE="$CONTRIB_APPIMAGE/fresh_clone/electrum" && \
sudo rm -rf "$FRESH_CLONE" && \
rm -rf "$FRESH_CLONE" && \
umask 0022 && \
git clone "$PROJECT_ROOT" "$FRESH_CLONE" && \
cd "$FRESH_CLONE"
@@ -42,7 +42,7 @@ else
fi
info "building binary..."
sudo docker run -it \
docker run -it \
--name electrum-appimage-builder-cont \
-v "$PROJECT_ROOT_OR_FRESHCLONE_ROOT":/opt/electrum \
--rm \
@@ -53,5 +53,5 @@ sudo docker run -it \
# make sure resulting binary location is independent of fresh_clone
if [ ! -z "$ELECBUILD_COMMIT" ] ; then
mkdir --parents "$DISTDIR/"
sudo cp -f "$FRESH_CLONE/dist"/* "$DISTDIR/"
cp -f "$FRESH_CLONE/dist"/* "$DISTDIR/"
fi

12
contrib/build-linux/sdist/Dockerfile
View File

@@ -16,3 +16,15 @@ RUN apt-get update -q && \
rm -rf /var/lib/apt/lists/* && \
apt-get autoremove -y && \
apt-get clean
# create new user to avoid using root; but with sudo access and no password for convenience.
ENV USER="user"
ENV HOME_DIR="/home/${USER}"
ENV WORK_DIR="${HOME_DIR}/wspace" \
PATH="${HOME_DIR}/.local/bin:${PATH}"
RUN useradd --create-home --shell /bin/bash ${USER}
RUN usermod -append --groups sudo ${USER}
RUN echo "%sudo ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
WORKDIR ${WORK_DIR}
RUN chown --recursive ${USER} ${WORK_DIR}
USER ${USER}

7
contrib/build-linux/sdist/README.md
View File

@@ -9,12 +9,7 @@ similar system.
1. Install Docker
```
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
$ sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
$ sudo apt-get update
$ sudo apt-get install -y docker-ce
```
See `contrib/docker_notes.md`.
2. Build source tarball

8
contrib/build-linux/sdist/build.sh
View File

@@ -22,7 +22,7 @@ if [ ! -z "$ELECBUILD_NOCACHE" ] ; then
fi
info "building docker image."
sudo docker build \
docker build \
$DOCKER_BUILD_FLAGS \
-t electrum-sdist-builder-img \
"$CONTRIB_SDIST"
@@ -31,7 +31,7 @@ sudo docker build \
if [ ! -z "$ELECBUILD_COMMIT" ] ; then
info "ELECBUILD_COMMIT=$ELECBUILD_COMMIT. doing fresh clone and git checkout."
FRESH_CLONE="$CONTRIB_SDIST/fresh_clone/electrum" && \
sudo rm -rf "$FRESH_CLONE" && \
rm -rf "$FRESH_CLONE" && \
umask 0022 && \
git clone "$PROJECT_ROOT" "$FRESH_CLONE" && \
cd "$FRESH_CLONE"
@@ -42,7 +42,7 @@ else
fi
info "building binary..."
sudo docker run -it \
docker run -it \
--name electrum-sdist-builder-cont \
-v "$PROJECT_ROOT_OR_FRESHCLONE_ROOT":/opt/electrum \
--rm \
@@ -53,5 +53,5 @@ sudo docker run -it \
# make sure resulting binary location is independent of fresh_clone
if [ ! -z "$ELECBUILD_COMMIT" ] ; then
mkdir --parents "$DISTDIR/"
sudo cp -f "$FRESH_CLONE/dist"/* "$DISTDIR/"
cp -f "$FRESH_CLONE/dist"/* "$DISTDIR/"
fi

15
contrib/build-wine/Dockerfile
View File

@@ -53,3 +53,18 @@ RUN wget -nc https://dl.winehq.org/wine-builds/Release.key && \
rm -rf /var/lib/apt/lists/* && \
apt-get autoremove -y && \
apt-get clean
# create new user to avoid using root; but with sudo access and no password for convenience.
ENV USER="user"
ENV HOME_DIR="/home/${USER}"
ENV WORK_DIR="${HOME_DIR}/wspace" \
PATH="${HOME_DIR}/.local/bin:${PATH}"
RUN useradd --create-home --shell /bin/bash ${USER}
RUN usermod -append --groups sudo ${USER}
RUN echo "%sudo ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
WORKDIR ${WORK_DIR}
RUN chown --recursive ${USER} ${WORK_DIR}
RUN chown ${USER} /opt
USER ${USER}
RUN mkdir --parents "/opt/wine64/drive_c/electrum"

7
contrib/build-wine/README.md
View File

@@ -9,12 +9,7 @@ similar system.
1. Install Docker
```
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
$ sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
$ sudo apt-get update
$ sudo apt-get install -y docker-ce
```
See `contrib/docker_notes.md`.
Note: older versions of Docker might not work well
(see [#6971](https://github.com/spesmilo/electrum/issues/6971)).

4
contrib/build-wine/build-electrum-git.sh
View File

@@ -31,7 +31,7 @@ for i in ./locale/*; do
done
popd
find -exec touch -d '2000-11-11T11:11:11+00:00' {} +
find -exec touch -h -d '2000-11-11T11:11:11+00:00' {} +
popd
@@ -60,7 +60,7 @@ wine "$WINE_PYHOME/scripts/pyinstaller.exe" --noconfirm --ascii --clean --name $
# set timestamps in dist, in order to make the installer reproducible
pushd dist
find -exec touch -d '2000-11-11T11:11:11+00:00' {} +
find -exec touch -h -d '2000-11-11T11:11:11+00:00' {} +
popd
info "building NSIS installer"

8
contrib/build-wine/build.sh
View File

@@ -21,7 +21,7 @@ if [ ! -z "$ELECBUILD_NOCACHE" ] ; then
fi
info "building docker image."
sudo docker build \
docker build \
$DOCKER_BUILD_FLAGS \
-t electrum-wine-builder-img \
"$CONTRIB_WINE"
@@ -30,7 +30,7 @@ sudo docker build \
if [ ! -z "$ELECBUILD_COMMIT" ] ; then
info "ELECBUILD_COMMIT=$ELECBUILD_COMMIT. doing fresh clone and git checkout."
FRESH_CLONE="$CONTRIB_WINE/fresh_clone/electrum" && \
sudo rm -rf "$FRESH_CLONE" && \
rm -rf "$FRESH_CLONE" && \
umask 0022 && \
git clone "$PROJECT_ROOT" "$FRESH_CLONE" && \
cd "$FRESH_CLONE"
@@ -41,7 +41,7 @@ else
fi
info "building binary..."
sudo docker run -it \
docker run -it \
--name electrum-wine-builder-cont \
-v "$PROJECT_ROOT_OR_FRESHCLONE_ROOT":/opt/wine64/drive_c/electrum \
--rm \
@@ -52,5 +52,5 @@ sudo docker run -it \
# make sure resulting binary location is independent of fresh_clone
if [ ! -z "$ELECBUILD_COMMIT" ] ; then
mkdir --parents "$PROJECT_ROOT/contrib/build-wine/dist/"
sudo cp -f "$FRESH_CLONE/contrib/build-wine/dist"/*.exe "$PROJECT_ROOT/contrib/build-wine/dist/"
cp -f "$FRESH_CLONE/contrib/build-wine/dist"/*.exe "$PROJECT_ROOT/contrib/build-wine/dist/"
fi

2
contrib/build-wine/make_win.sh
View File

@@ -64,7 +64,7 @@ fi
info "Resetting modification time in C:\Python..."
# (Because of some bugs in pyinstaller)
pushd /opt/wine64/drive_c/python*
find -exec touch -d '2000-11-11T11:11:11+00:00' {} +
find -exec touch -h -d '2000-11-11T11:11:11+00:00' {} +
popd
ls -l /opt/wine64/drive_c/python*

21
contrib/docker_notes.md Normal file
View File

@@ -0,0 +1,21 @@
# Notes about using Docker in the build scripts
- To install Docker:
This assumes an Ubuntu (x86_64) host, but it should not be too hard to adapt to another similar system.
```
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
$ sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
$ sudo apt-get update
$ sudo apt-get install -y docker-ce
```
- To communicate with the docker daemon, the build scripts either need to be called via sudo,
or the unix user on the host system (e.g. the user you run as) needs to be
part of the `docker` group. i.e.:
```
$ sudo usermod -aG docker ${USER}
```
(and then reboot or similar for it to take effect)

2
contrib/make_libusb.sh
View File

@@ -48,7 +48,7 @@ info "Building $pkgname..."
|| fail "Could not configure $pkgname. Please make sure you have a C compiler installed and try again."
fi
make -j4 || fail "Could not build $pkgname"
make install || fail "Could not install $pkgname"
make install || warn "Could not install $pkgname"
. "$here/$pkgname/libusb/.libs/libusb-1.0.la"
host_strip "$here/$pkgname/libusb/.libs/$dlname"
TARGET_NAME="$dlname"