zebra.lucky
/
electrum
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Merge pull request #7697 from SomberNight/202203_build_nosudo 

build: rm need for sudo in most places; and do not run as root
master
ghost43 4 years ago committed by GitHub
parent
fcf54432f7 b726fe85e1
commit
cc8587aec2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
16 changed files with 89 additions and 56 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 17
      contrib/android/Dockerfile
  2. 7
      contrib/android/Readme.md
  3. 8
      contrib/android/build.sh
  4. 12
      contrib/build-linux/appimage/Dockerfile
  5. 7
      contrib/build-linux/appimage/README.md
  6. 8
      contrib/build-linux/appimage/build.sh
  7. 12
      contrib/build-linux/sdist/Dockerfile
  8. 7
      contrib/build-linux/sdist/README.md
  9. 8
      contrib/build-linux/sdist/build.sh
  10. 15
      contrib/build-wine/Dockerfile
  11. 7
      contrib/build-wine/README.md
  12. 4
      contrib/build-wine/build-electrum-git.sh
  13. 8
      contrib/build-wine/build.sh
  14. 2
      contrib/build-wine/make_win.sh
  15. 21
      contrib/docker_notes.md
  16. 2
      contrib/make_libusb.sh

17
contrib/android/Dockerfile
Unescape View File

@ -94,11 +94,6 @@ RUN curl --location --progress-bar \
&& rm -rf "${APACHE_ANT_ARCHIVE}" && rm -rf "${APACHE_ANT_ARCHIVE}"
ENV USER="user"
ENV HOME_DIR="/home/${USER}"
ENV WORK_DIR="${HOME_DIR}/wspace" \
PATH="${HOME_DIR}/.local/bin:${PATH}"
# install system/build dependencies # install system/build dependencies
# https://github.com/kivy/buildozer/blob/master/docs/source/installation.rst#android-on-ubuntu-2004-64bit # https://github.com/kivy/buildozer/blob/master/docs/source/installation.rst#android-on-ubuntu-2004-64bit
# TODO probably need to pin versions of at least some of these for over-time reproducibility? # TODO probably need to pin versions of at least some of these for over-time reproducibility?
@ -136,17 +131,15 @@ RUN apt -y update -qq \
&& apt -y clean && apt -y clean
# prepare non root env # create new user to avoid using root; but with sudo access and no password for convenience.
ENV USER="user"
ENV HOME_DIR="/home/${USER}"
ENV WORK_DIR="${HOME_DIR}/wspace" \
PATH="${HOME_DIR}/.local/bin:${PATH}"
RUN useradd --create-home --shell /bin/bash ${USER} RUN useradd --create-home --shell /bin/bash ${USER}
# with sudo access and no password
RUN usermod -append --groups sudo ${USER} RUN usermod -append --groups sudo ${USER}
RUN echo "%sudo ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers RUN echo "%sudo ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
WORKDIR ${WORK_DIR} WORKDIR ${WORK_DIR}
# user needs ownership/write access to these directories
RUN chown --recursive ${USER} ${WORK_DIR} ${ANDROID_SDK_HOME} RUN chown --recursive ${USER} ${WORK_DIR} ${ANDROID_SDK_HOME}
RUN chown ${USER} /opt RUN chown ${USER} /opt
USER ${USER} USER ${USER}

7
contrib/android/Readme.md
Unescape View File

@ -13,12 +13,7 @@ similar system.
1. Install Docker 1. Install Docker
``` See `contrib/docker_notes.md`.
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
$ sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
$ sudo apt-get update
$ sudo apt-get install -y docker-ce
```
2. Build binaries 2. Build binaries

8
contrib/android/build.sh
Unescape View File

@ -22,7 +22,7 @@ if [ ! -z "$ELECBUILD_NOCACHE" ] ; then
fi fi
info "building docker image." info "building docker image."
sudo docker build \ docker build \
$DOCKER_BUILD_FLAGS \ $DOCKER_BUILD_FLAGS \
-t electrum-android-builder-img \ -t electrum-android-builder-img \
--file "$CONTRIB_ANDROID/Dockerfile" \ --file "$CONTRIB_ANDROID/Dockerfile" \
@ -33,7 +33,7 @@ sudo docker build \
if [ ! -z "$ELECBUILD_COMMIT" ] ; then if [ ! -z "$ELECBUILD_COMMIT" ] ; then
info "ELECBUILD_COMMIT=$ELECBUILD_COMMIT. doing fresh clone and git checkout." info "ELECBUILD_COMMIT=$ELECBUILD_COMMIT. doing fresh clone and git checkout."
FRESH_CLONE="$CONTRIB_ANDROID/fresh_clone/electrum" && \ FRESH_CLONE="$CONTRIB_ANDROID/fresh_clone/electrum" && \
sudo rm -rf "$FRESH_CLONE" && \ rm -rf "$FRESH_CLONE" && \
umask 0022 && \ umask 0022 && \
git clone "$PROJECT_ROOT" "$FRESH_CLONE" && \ git clone "$PROJECT_ROOT" "$FRESH_CLONE" && \
cd "$FRESH_CLONE" cd "$FRESH_CLONE"
@ -51,7 +51,7 @@ fi
info "building binary..." info "building binary..."
mkdir --parents "$PROJECT_ROOT_OR_FRESHCLONE_ROOT"/.buildozer/.gradle mkdir --parents "$PROJECT_ROOT_OR_FRESHCLONE_ROOT"/.buildozer/.gradle
sudo docker run -it --rm \ docker run -it --rm \
--name electrum-android-builder-cont \ --name electrum-android-builder-cont \
-v "$PROJECT_ROOT_OR_FRESHCLONE_ROOT":/home/user/wspace/electrum \ -v "$PROJECT_ROOT_OR_FRESHCLONE_ROOT":/home/user/wspace/electrum \
-v "$PROJECT_ROOT_OR_FRESHCLONE_ROOT"/.buildozer/.gradle:/home/user/.gradle \ -v "$PROJECT_ROOT_OR_FRESHCLONE_ROOT"/.buildozer/.gradle:/home/user/.gradle \
@ -63,5 +63,5 @@ sudo docker run -it --rm \
# make sure resulting binary location is independent of fresh_clone # make sure resulting binary location is independent of fresh_clone
if [ ! -z "$ELECBUILD_COMMIT" ] ; then if [ ! -z "$ELECBUILD_COMMIT" ] ; then
mkdir --parents "$DISTDIR/" mkdir --parents "$DISTDIR/"
sudo cp -f "$FRESH_CLONE/dist"/* "$DISTDIR/" cp -f "$FRESH_CLONE/dist"/* "$DISTDIR/"
fi fi

12
contrib/build-linux/appimage/Dockerfile
Unescape View File

@ -56,3 +56,15 @@ RUN apt-get update -q && \
rm -rf /var/lib/apt/lists/* && \ rm -rf /var/lib/apt/lists/* && \
apt-get autoremove -y && \ apt-get autoremove -y && \
apt-get clean apt-get clean
# create new user to avoid using root; but with sudo access and no password for convenience.
ENV USER="user"
ENV HOME_DIR="/home/${USER}"
ENV WORK_DIR="${HOME_DIR}/wspace" \
PATH="${HOME_DIR}/.local/bin:${PATH}"
RUN useradd --create-home --shell /bin/bash ${USER}
RUN usermod -append --groups sudo ${USER}
RUN echo "%sudo ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
WORKDIR ${WORK_DIR}
RUN chown --recursive ${USER} ${WORK_DIR}
USER ${USER}

7
contrib/build-linux/appimage/README.md
Unescape View File

@ -14,12 +14,7 @@ see [issue #5159](https://github.com/spesmilo/electrum/issues/5159).
1. Install Docker 1. Install Docker
``` See `contrib/docker_notes.md`.
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
$ sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
$ sudo apt-get update
$ sudo apt-get install -y docker-ce
```
2. Build binary 2. Build binary

8
contrib/build-linux/appimage/build.sh
Unescape View File

@ -22,7 +22,7 @@ if [ ! -z "$ELECBUILD_NOCACHE" ] ; then
fi fi
info "building docker image." info "building docker image."
sudo docker build \ docker build \
$DOCKER_BUILD_FLAGS \ $DOCKER_BUILD_FLAGS \
-t electrum-appimage-builder-img \ -t electrum-appimage-builder-img \
"$CONTRIB_APPIMAGE" "$CONTRIB_APPIMAGE"
@ -31,7 +31,7 @@ sudo docker build \
if [ ! -z "$ELECBUILD_COMMIT" ] ; then if [ ! -z "$ELECBUILD_COMMIT" ] ; then
info "ELECBUILD_COMMIT=$ELECBUILD_COMMIT. doing fresh clone and git checkout." info "ELECBUILD_COMMIT=$ELECBUILD_COMMIT. doing fresh clone and git checkout."
FRESH_CLONE="$CONTRIB_APPIMAGE/fresh_clone/electrum" && \ FRESH_CLONE="$CONTRIB_APPIMAGE/fresh_clone/electrum" && \
sudo rm -rf "$FRESH_CLONE" && \ rm -rf "$FRESH_CLONE" && \
umask 0022 && \ umask 0022 && \
git clone "$PROJECT_ROOT" "$FRESH_CLONE" && \ git clone "$PROJECT_ROOT" "$FRESH_CLONE" && \
cd "$FRESH_CLONE" cd "$FRESH_CLONE"
@ -42,7 +42,7 @@ else
fi fi
info "building binary..." info "building binary..."
sudo docker run -it \ docker run -it \
--name electrum-appimage-builder-cont \ --name electrum-appimage-builder-cont \
-v "$PROJECT_ROOT_OR_FRESHCLONE_ROOT":/opt/electrum \ -v "$PROJECT_ROOT_OR_FRESHCLONE_ROOT":/opt/electrum \
--rm \ --rm \
@ -53,5 +53,5 @@ sudo docker run -it \
# make sure resulting binary location is independent of fresh_clone # make sure resulting binary location is independent of fresh_clone
if [ ! -z "$ELECBUILD_COMMIT" ] ; then if [ ! -z "$ELECBUILD_COMMIT" ] ; then
mkdir --parents "$DISTDIR/" mkdir --parents "$DISTDIR/"
sudo cp -f "$FRESH_CLONE/dist"/* "$DISTDIR/" cp -f "$FRESH_CLONE/dist"/* "$DISTDIR/"
fi fi

12
contrib/build-linux/sdist/Dockerfile vendored
Unescape View File

@ -16,3 +16,15 @@ RUN apt-get update -q && \
rm -rf /var/lib/apt/lists/* && \ rm -rf /var/lib/apt/lists/* && \
apt-get autoremove -y && \ apt-get autoremove -y && \
apt-get clean apt-get clean
# create new user to avoid using root; but with sudo access and no password for convenience.
ENV USER="user"
ENV HOME_DIR="/home/${USER}"
ENV WORK_DIR="${HOME_DIR}/wspace" \
PATH="${HOME_DIR}/.local/bin:${PATH}"
RUN useradd --create-home --shell /bin/bash ${USER}
RUN usermod -append --groups sudo ${USER}
RUN echo "%sudo ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
WORKDIR ${WORK_DIR}
RUN chown --recursive ${USER} ${WORK_DIR}
USER ${USER}

7
contrib/build-linux/sdist/README.md vendored
Unescape View File

@ -9,12 +9,7 @@ similar system.
1. Install Docker 1. Install Docker
``` See `contrib/docker_notes.md`.
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
$ sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
$ sudo apt-get update
$ sudo apt-get install -y docker-ce
```
2. Build source tarball 2. Build source tarball

8
contrib/build-linux/sdist/build.sh vendored
Unescape View File

@ -22,7 +22,7 @@ if [ ! -z "$ELECBUILD_NOCACHE" ] ; then
fi fi
info "building docker image." info "building docker image."
sudo docker build \ docker build \
$DOCKER_BUILD_FLAGS \ $DOCKER_BUILD_FLAGS \
-t electrum-sdist-builder-img \ -t electrum-sdist-builder-img \
"$CONTRIB_SDIST" "$CONTRIB_SDIST"
@ -31,7 +31,7 @@ sudo docker build \
if [ ! -z "$ELECBUILD_COMMIT" ] ; then if [ ! -z "$ELECBUILD_COMMIT" ] ; then
info "ELECBUILD_COMMIT=$ELECBUILD_COMMIT. doing fresh clone and git checkout." info "ELECBUILD_COMMIT=$ELECBUILD_COMMIT. doing fresh clone and git checkout."
FRESH_CLONE="$CONTRIB_SDIST/fresh_clone/electrum" && \ FRESH_CLONE="$CONTRIB_SDIST/fresh_clone/electrum" && \
sudo rm -rf "$FRESH_CLONE" && \ rm -rf "$FRESH_CLONE" && \
umask 0022 && \ umask 0022 && \
git clone "$PROJECT_ROOT" "$FRESH_CLONE" && \ git clone "$PROJECT_ROOT" "$FRESH_CLONE" && \
cd "$FRESH_CLONE" cd "$FRESH_CLONE"
@ -42,7 +42,7 @@ else
fi fi
info "building binary..." info "building binary..."
sudo docker run -it \ docker run -it \
--name electrum-sdist-builder-cont \ --name electrum-sdist-builder-cont \
-v "$PROJECT_ROOT_OR_FRESHCLONE_ROOT":/opt/electrum \ -v "$PROJECT_ROOT_OR_FRESHCLONE_ROOT":/opt/electrum \
--rm \ --rm \
@ -53,5 +53,5 @@ sudo docker run -it \
# make sure resulting binary location is independent of fresh_clone # make sure resulting binary location is independent of fresh_clone
if [ ! -z "$ELECBUILD_COMMIT" ] ; then if [ ! -z "$ELECBUILD_COMMIT" ] ; then
mkdir --parents "$DISTDIR/" mkdir --parents "$DISTDIR/"
sudo cp -f "$FRESH_CLONE/dist"/* "$DISTDIR/" cp -f "$FRESH_CLONE/dist"/* "$DISTDIR/"
fi fi

15
contrib/build-wine/Dockerfile
Unescape View File

@ -53,3 +53,18 @@ RUN wget -nc https://dl.winehq.org/wine-builds/Release.key && \
rm -rf /var/lib/apt/lists/* && \ rm -rf /var/lib/apt/lists/* && \
apt-get autoremove -y && \ apt-get autoremove -y && \
apt-get clean apt-get clean
# create new user to avoid using root; but with sudo access and no password for convenience.
ENV USER="user"
ENV HOME_DIR="/home/${USER}"
ENV WORK_DIR="${HOME_DIR}/wspace" \
PATH="${HOME_DIR}/.local/bin:${PATH}"
RUN useradd --create-home --shell /bin/bash ${USER}
RUN usermod -append --groups sudo ${USER}
RUN echo "%sudo ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
WORKDIR ${WORK_DIR}
RUN chown --recursive ${USER} ${WORK_DIR}
RUN chown ${USER} /opt
USER ${USER}
RUN mkdir --parents "/opt/wine64/drive_c/electrum"

7
contrib/build-wine/README.md
Unescape View File

@ -9,12 +9,7 @@ similar system.
1. Install Docker 1. Install Docker
``` See `contrib/docker_notes.md`.
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
$ sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
$ sudo apt-get update
$ sudo apt-get install -y docker-ce
```
Note: older versions of Docker might not work well Note: older versions of Docker might not work well
(see [#6971](https://github.com/spesmilo/electrum/issues/6971)). (see [#6971](https://github.com/spesmilo/electrum/issues/6971)).

4
contrib/build-wine/build-electrum-git.sh
Unescape View File

@ -31,7 +31,7 @@ for i in ./locale/*; do
done done
popd popd
find -exec touch -d '2000-11-11T11:11:11+00:00' {} + find -exec touch -h -d '2000-11-11T11:11:11+00:00' {} +
popd popd
@ -60,7 +60,7 @@ wine "$WINE_PYHOME/scripts/pyinstaller.exe" --noconfirm --ascii --clean --name $
# set timestamps in dist, in order to make the installer reproducible # set timestamps in dist, in order to make the installer reproducible
pushd dist pushd dist
find -exec touch -d '2000-11-11T11:11:11+00:00' {} + find -exec touch -h -d '2000-11-11T11:11:11+00:00' {} +
popd popd
info "building NSIS installer" info "building NSIS installer"

8
contrib/build-wine/build.sh
Unescape View File

@ -21,7 +21,7 @@ if [ ! -z "$ELECBUILD_NOCACHE" ] ; then
fi fi
info "building docker image." info "building docker image."
sudo docker build \ docker build \
$DOCKER_BUILD_FLAGS \ $DOCKER_BUILD_FLAGS \
-t electrum-wine-builder-img \ -t electrum-wine-builder-img \
"$CONTRIB_WINE" "$CONTRIB_WINE"
@ -30,7 +30,7 @@ sudo docker build \
if [ ! -z "$ELECBUILD_COMMIT" ] ; then if [ ! -z "$ELECBUILD_COMMIT" ] ; then
info "ELECBUILD_COMMIT=$ELECBUILD_COMMIT. doing fresh clone and git checkout." info "ELECBUILD_COMMIT=$ELECBUILD_COMMIT. doing fresh clone and git checkout."
FRESH_CLONE="$CONTRIB_WINE/fresh_clone/electrum" && \ FRESH_CLONE="$CONTRIB_WINE/fresh_clone/electrum" && \
sudo rm -rf "$FRESH_CLONE" && \ rm -rf "$FRESH_CLONE" && \
umask 0022 && \ umask 0022 && \
git clone "$PROJECT_ROOT" "$FRESH_CLONE" && \ git clone "$PROJECT_ROOT" "$FRESH_CLONE" && \
cd "$FRESH_CLONE" cd "$FRESH_CLONE"
@ -41,7 +41,7 @@ else
fi fi
info "building binary..." info "building binary..."
sudo docker run -it \ docker run -it \
--name electrum-wine-builder-cont \ --name electrum-wine-builder-cont \
-v "$PROJECT_ROOT_OR_FRESHCLONE_ROOT":/opt/wine64/drive_c/electrum \ -v "$PROJECT_ROOT_OR_FRESHCLONE_ROOT":/opt/wine64/drive_c/electrum \
--rm \ --rm \
@ -52,5 +52,5 @@ sudo docker run -it \
# make sure resulting binary location is independent of fresh_clone # make sure resulting binary location is independent of fresh_clone
if [ ! -z "$ELECBUILD_COMMIT" ] ; then if [ ! -z "$ELECBUILD_COMMIT" ] ; then
mkdir --parents "$PROJECT_ROOT/contrib/build-wine/dist/" mkdir --parents "$PROJECT_ROOT/contrib/build-wine/dist/"
sudo cp -f "$FRESH_CLONE/contrib/build-wine/dist"/*.exe "$PROJECT_ROOT/contrib/build-wine/dist/" cp -f "$FRESH_CLONE/contrib/build-wine/dist"/*.exe "$PROJECT_ROOT/contrib/build-wine/dist/"
fi fi

2
contrib/build-wine/make_win.sh
Unescape View File

@ -64,7 +64,7 @@ fi
info "Resetting modification time in C:\Python..." info "Resetting modification time in C:\Python..."
# (Because of some bugs in pyinstaller) # (Because of some bugs in pyinstaller)
pushd /opt/wine64/drive_c/python* pushd /opt/wine64/drive_c/python*
find -exec touch -d '2000-11-11T11:11:11+00:00' {} + find -exec touch -h -d '2000-11-11T11:11:11+00:00' {} +
popd popd
ls -l /opt/wine64/drive_c/python* ls -l /opt/wine64/drive_c/python*

21
contrib/docker_notes.md
Unescape View File

@ -0,0 +1,21 @@
# Notes about using Docker in the build scripts
- To install Docker:
This assumes an Ubuntu (x86_64) host, but it should not be too hard to adapt to another similar system.
```
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
$ sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
$ sudo apt-get update
$ sudo apt-get install -y docker-ce
```
- To communicate with the docker daemon, the build scripts either need to be called via sudo,
or the unix user on the host system (e.g. the user you run as) needs to be
part of the `docker` group. i.e.:
```
$ sudo usermod -aG docker ${USER}
```
(and then reboot or similar for it to take effect)

2
contrib/make_libusb.sh
Unescape View File

@ -48,7 +48,7 @@ info "Building $pkgname..."
|| fail "Could not configure $pkgname. Please make sure you have a C compiler installed and try again." || fail "Could not configure $pkgname. Please make sure you have a C compiler installed and try again."
fi fi
make -j4 || fail "Could not build $pkgname" make -j4 || fail "Could not build $pkgname"
make install || fail "Could not install $pkgname" make install || warn "Could not install $pkgname"
. "$here/$pkgname/libusb/.libs/libusb-1.0.la" . "$here/$pkgname/libusb/.libs/libusb-1.0.la"
host_strip "$here/$pkgname/libusb/.libs/$dlname" host_strip "$here/$pkgname/libusb/.libs/$dlname"
TARGET_NAME="$dlname" TARGET_NAME="$dlname"

Write Preview
Loading…
Cancel
Save