zebra.lucky
/
electrum
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

build: fix repro builds where host userid != 1000 

- repro builds to use fixed uid=1000 inside the container
  - in case the file permissions leak into the binaries, they are still reproducible
  - chown 1000:1000 fresh_clone
- repro builds to create fresh_clone dir outside git clone
  - otherwise the local dev build would still interact with the fresh_clone dir
    - due to e.g. recursive "find -exec touch",
    - and even the "docker build" cmd itself would try to stat/read it
      - see https://github.com/docker/for-linux/issues/380
  - and "rm -rf fresh_clone" needs sudo if the host uid is not 1000
  - this way the local dev build does not need sudo

to recap:
- local dev builds use the host userid inside the container, directly operate on the project dir
  - does not need sudo
- repro builds create a fresh git clone, chown it to 1000, and use userid=1000 inside the container
  - if the host userid is 1000, does not need sudo
  - otherwise, needs sudo

closes https://github.com/spesmilo/electrum/issues/8261
master
SomberNight 3 years ago
parent
6e472efd5f
commit
c9b6a6c01e
No known key found for this signature in database
GPG Key ID: B33B5F232C6271E9
8 changed files with 48 additions and 27 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      .gitignore
  2. 17
      contrib/android/build.sh
  3. 1
      contrib/build-linux/appimage/.dockerignore
  4. 17
      contrib/build-linux/appimage/build.sh
  5. 1
      contrib/build-linux/sdist/.dockerignore
  6. 17
      contrib/build-linux/sdist/build.sh
  7. 1
      contrib/build-wine/.dockerignore
  8. 17
      contrib/build-wine/build.sh

4
.gitignore vendored
Unescape View File

@ -34,14 +34,10 @@ contrib/build-wine/build/
contrib/build-wine/.cache/
contrib/build-wine/dist/
contrib/build-wine/signed/
contrib/build-wine/fresh_clone/
contrib/build-linux/sdist/fresh_clone/
contrib/build-linux/appimage/build/
contrib/build-linux/appimage/.cache/
contrib/build-linux/appimage/fresh_clone/
contrib/osx/.cache/
contrib/osx/build-venv/
contrib/android/fresh_clone
contrib/android/android_debug.keystore
contrib/secp256k1/
contrib/zbar/

17
contrib/android/build.sh
Unescape View File

@ -52,11 +52,11 @@ docker build \
# maybe do fresh clone
if [ ! -z "$ELECBUILD_COMMIT" ] ; then
info "ELECBUILD_COMMIT=$ELECBUILD_COMMIT. doing fresh clone and git checkout."
FRESH_CLONE="$CONTRIB_ANDROID/fresh_clone/electrum" && \
rm -rf "$FRESH_CLONE" && \
umask 0022 && \
git clone "$PROJECT_ROOT" "$FRESH_CLONE" && \
cd "$FRESH_CLONE"
FRESH_CLONE="/tmp/electrum_build/android/fresh_clone/electrum"
rm -rf "$FRESH_CLONE" 2>/dev/null || ( info "we need sudo to rm prev FRESH_CLONE." && sudo rm -rf "$FRESH_CLONE" )
umask 0022
git clone "$PROJECT_ROOT" "$FRESH_CLONE"
cd "$FRESH_CLONE"
git checkout "$ELECBUILD_COMMIT"
PROJECT_ROOT_OR_FRESHCLONE_ROOT="$FRESH_CLONE"
else
@ -72,6 +72,13 @@ fi
info "building binary..."
mkdir --parents "$PROJECT_ROOT_OR_FRESHCLONE_ROOT"/.buildozer/.gradle
# check uid and maybe chown. see #8261
if [ ! -z "$ELECBUILD_COMMIT" ] ; then # fresh clone (reproducible build)
if [ $(id -u) != "1000" ] || [ $(id -g) != "1000" ] ; then
info "need to chown -R FRESH_CLONE dir. prompting for sudo."
sudo chown -R 1000:1000 "$FRESH_CLONE"
fi
fi
docker run -it --rm \
--name electrum-android-builder-cont \
-v "$PROJECT_ROOT_OR_FRESHCLONE_ROOT":/home/user/wspace/electrum \

1
contrib/build-linux/appimage/.dockerignore
Unescape View File

@ -1,3 +1,2 @@
build/
.cache/
fresh_clone/

17
contrib/build-linux/appimage/build.sh
Unescape View File

@ -35,11 +35,11 @@ docker build \
# maybe do fresh clone
if [ ! -z "$ELECBUILD_COMMIT" ] ; then
info "ELECBUILD_COMMIT=$ELECBUILD_COMMIT. doing fresh clone and git checkout."
FRESH_CLONE="$CONTRIB_APPIMAGE/fresh_clone/electrum" && \
rm -rf "$FRESH_CLONE" && \
umask 0022 && \
git clone "$PROJECT_ROOT" "$FRESH_CLONE" && \
cd "$FRESH_CLONE"
FRESH_CLONE="/tmp/electrum_build/appimage/fresh_clone/electrum"
rm -rf "$FRESH_CLONE" 2>/dev/null || ( info "we need sudo to rm prev FRESH_CLONE." && sudo rm -rf "$FRESH_CLONE" )
umask 0022
git clone "$PROJECT_ROOT" "$FRESH_CLONE"
cd "$FRESH_CLONE"
git checkout "$ELECBUILD_COMMIT"
PROJECT_ROOT_OR_FRESHCLONE_ROOT="$FRESH_CLONE"
else
@ -47,6 +47,13 @@ else
fi
info "building binary..."
# check uid and maybe chown. see #8261
if [ ! -z "$ELECBUILD_COMMIT" ] ; then # fresh clone (reproducible build)
if [ $(id -u) != "1000" ] || [ $(id -g) != "1000" ] ; then
info "need to chown -R FRESH_CLONE dir. prompting for sudo."
sudo chown -R 1000:1000 "$FRESH_CLONE"
fi
fi
docker run -it \
--name electrum-appimage-builder-cont \
-v "$PROJECT_ROOT_OR_FRESHCLONE_ROOT":/opt/electrum \

1
contrib/build-linux/sdist/.dockerignore vendored
Unescape View File

@ -1 +0,0 @@
fresh_clone/

17
contrib/build-linux/sdist/build.sh vendored
Unescape View File

@ -35,11 +35,11 @@ docker build \
# maybe do fresh clone
if [ ! -z "$ELECBUILD_COMMIT" ] ; then
info "ELECBUILD_COMMIT=$ELECBUILD_COMMIT. doing fresh clone and git checkout."
FRESH_CLONE="$CONTRIB_SDIST/fresh_clone/electrum" && \
rm -rf "$FRESH_CLONE" && \
umask 0022 && \
git clone "$PROJECT_ROOT" "$FRESH_CLONE" && \
cd "$FRESH_CLONE"
FRESH_CLONE="/tmp/electrum_build/sdist/fresh_clone/electrum"
rm -rf "$FRESH_CLONE" 2>/dev/null || ( info "we need sudo to rm prev FRESH_CLONE." && sudo rm -rf "$FRESH_CLONE" )
umask 0022
git clone "$PROJECT_ROOT" "$FRESH_CLONE"
cd "$FRESH_CLONE"
git checkout "$ELECBUILD_COMMIT"
PROJECT_ROOT_OR_FRESHCLONE_ROOT="$FRESH_CLONE"
else
@ -47,6 +47,13 @@ else
fi
info "building binary..."
# check uid and maybe chown. see #8261
if [ ! -z "$ELECBUILD_COMMIT" ] ; then # fresh clone (reproducible build)
if [ $(id -u) != "1000" ] || [ $(id -g) != "1000" ] ; then
info "need to chown -R FRESH_CLONE dir. prompting for sudo."
sudo chown -R 1000:1000 "$FRESH_CLONE"
fi
fi
docker run -it \
--name electrum-sdist-builder-cont \
-v "$PROJECT_ROOT_OR_FRESHCLONE_ROOT":/opt/electrum \

1
contrib/build-wine/.dockerignore
Unescape View File

@ -3,4 +3,3 @@ build/
.cache/
dist/
signed/
fresh_clone/

17
contrib/build-wine/build.sh
Unescape View File

@ -37,11 +37,11 @@ docker build \
# maybe do fresh clone
if [ ! -z "$ELECBUILD_COMMIT" ] ; then
info "ELECBUILD_COMMIT=$ELECBUILD_COMMIT. doing fresh clone and git checkout."
FRESH_CLONE="$CONTRIB_WINE/fresh_clone/electrum" && \
rm -rf "$FRESH_CLONE" && \
umask 0022 && \
git clone "$PROJECT_ROOT" "$FRESH_CLONE" && \
cd "$FRESH_CLONE"
FRESH_CLONE="/tmp/electrum_build/windows/fresh_clone/electrum"
rm -rf "$FRESH_CLONE" 2>/dev/null || ( info "we need sudo to rm prev FRESH_CLONE." && sudo rm -rf "$FRESH_CLONE" )
umask 0022
git clone "$PROJECT_ROOT" "$FRESH_CLONE"
cd "$FRESH_CLONE"
git checkout "$ELECBUILD_COMMIT"
PROJECT_ROOT_OR_FRESHCLONE_ROOT="$FRESH_CLONE"
else
@ -49,6 +49,13 @@ else
fi
info "building binary..."
# check uid and maybe chown. see #8261
if [ ! -z "$ELECBUILD_COMMIT" ] ; then # fresh clone (reproducible build)
if [ $(id -u) != "1000" ] || [ $(id -g) != "1000" ] ; then
info "need to chown -R FRESH_CLONE dir. prompting for sudo."
sudo chown -R 1000:1000 "$FRESH_CLONE"
fi
fi
docker run -it \
--name electrum-wine-builder-cont \
-v "$PROJECT_ROOT_OR_FRESHCLONE_ROOT":/opt/wine64/drive_c/electrum \

Write Preview
Loading…
Cancel
Save