From b80f59ad57676f55618d303346563de409d657fc Mon Sep 17 00:00:00 2001
From: nmfretz <nmfretz@gmail.com>
Date: Tue, 10 Sep 2024 15:42:47 +1000
Subject: [PATCH] Update Dockerfile

---
 Dockerfile | 101 ++++++++++++++++++++++++++++++++++++++++-------------
 1 file changed, 76 insertions(+), 25 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 95772af..977c67a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,24 +1,74 @@
-ARG VERSION="0.19.1"
-
-ARG LEGACY_BITCOIN_CORE_RELEASE_KEY="01EA5486DE18A882D4C2684590C8019E36C2E964"
-ARG ANDREW_CHOW="152812300785C96444D3334D17565732E08E5E41"
-ARG JON_ATACK="82921A4B88FD454B7EB8CE3C796C4109063D4EAF"
-ARG JONAS_SCHNELLI="32EE5C4C3FA15CCADB46ABE529D4BCB6416F53EC"
-ARG MATT_CORALLO="07DF3E57A548CCFB7530709189BBB8663E2E65CE"
-ARG LUKE_DASHJR="E463A93F5F3117EEDE6C7316BD02942421F4889F"
-ARG PETER_TODD="37EC7D7B0A217CDB4B4E007E7FAB114267E4FA04"
-ARG PIETER_WUILLE="133EAC179436F14A5CF1B794860FEB804E669320"
-ARG SJORS_PROVOOST="ED9BDF7AD6A55E232E84524257FF9BDBCC301009"
-ARG KEYS="${LEGACY_BITCOIN_CORE_RELEASE_KEY} ${ANDREW_CHOW} ${JON_ATACK} ${JONAS_SCHNELLI} ${MATT_CORALLO} ${LUKE_DASHJR} ${PETER_TODD} ${PIETER_WUILLE} ${SJORS_PROVOOST}"
+# Bitcoin Core Release Keys as of 4/Sep/2024
+# - https://github.com/bitcoin-core/guix.sigs/tree/main/builder-keys
+# - https://api.github.com/repos/bitcoin-core/guix.sigs/contents/builder-keys
+ARG KEYS="\
+    # 0xb10c:
+    982A193E3CE0EED535E09023188CBB2648416AD5 \
+    # CoinForensics:
+    101598DC823C1B5F9A6624ABA5E0907A0380E6C3 \
+    # Emzy:
+    9EDAFF80E080659604F4A76B2EBB056FD847F8A7 \
+    # Sjors:
+    ED9BDF7AD6A55E232E84524257FF9BDBCC301009 \
+    # TheCharlatan:
+    A8FC55F3B04BA3146F3492E79303B33A305224CB \
+    # achow101:
+    152812300785C96444D3334D17565732E08E5E41 \
+    # benthecarman:
+    0AD83877C1F0CD1EE9BD660AD7CC770B81FD22A8 \
+    # cfields:
+    C060A6635913D98A3587D7DB1C2491FFEB0EF770 \
+    # darosior:
+    590B7292695AFFA5B672CBB2E13FC145CD3F4304 \
+    # davidgumberg:
+    41E442A14C342C877AE4DC8F3B6305FA06DE51D5 \
+    # dunxen:
+    948444FCE03B05BA5AB0591EC37B1C1D44C786EE \
+    # fanquake:
+    E777299FC265DD04793070EB944D35F9AC3DB76A \
+    # glozow:
+    6B002C6EA3F91B1B0DF0C9BC8F617F1200A6D25C \
+    # guggero:
+    F4FC70F07310028424EFC20A8E4256593F177720 \
+    # hebasto:
+    D1DBF2C4B96F2DEBF4C16654410108112E7EA81F \
+    # jackielove4u:
+    287AE4CA1187C68C08B49CB2D11BD4F33F1DB499 \
+    # josibake:
+    616516B8EB6ED02882FC4A7A8ADCB558C4F33D65 \
+    # kvaciral:
+    C388F6961FB972A95678E327F62711DBDCA8AE56 \
+    # laanwj:
+    71A3B16735405025D447E8F274810B012346C9A6 \
+    # luke-jr:
+    1A3E761F19D2CC7785C5502EA291A2C45D0C504A \
+    # m3dwards:
+    E86AE73439625BBEE306AAE6B66D427F873CB1A3 \
+    # pinheadmz:
+    E61773CD6E01040E2F1BD78CE7E2984B6289C93A \
+    # satsie:
+    2F78ACF677029767C8736F13747A7AE2FB0FD25B \
+    # sipa:
+    133EAC179436F14A5CF1B794860FEB804E669320 \
+    # svanstaa:
+    9ED99C7A355AE46098103E74476E74C8529A9006 \
+    # theStack:
+    6A8F9C266528E25AEB1D7731C2371D91CB716EA7 \
+    # vertiond:
+    28E72909F1717FE9607754F8A7BEB2621678D37D \
+    # willcl-ark:
+    67AA5B46E7AF78053167FE343B8F814A784218F8 \
+    # willyko:
+    79D00BAC68B56D422F945A8F8E3A8F3247DBCBBF \
+"
 
 # Build stage
-FROM --platform=$BUILDPLATFORM debian:stable-slim as builder
-LABEL maintainer="Luke Childs <lukechilds123@gmail.com>"
+FROM --platform=$BUILDPLATFORM debian:stable-slim AS builder
+LABEL org.opencontainers.image.authors="Umbrel, Inc. <https://umbrel.com>"
 
-ARG TARGETARCH
-
-ARG ARCH
 ARG VERSION
+ARG TARGETPLATFORM
+# re-declared from above
 ARG KEYS
 
 WORKDIR /build
@@ -27,17 +77,18 @@ RUN echo "Installing build deps"
 RUN apt-get update
 RUN apt-get install -y wget pgp
 
-RUN echo "Deriving tarball name from \$TARGETARCH"
-RUN [ "${TARGETARCH}" = "amd64" ] && echo "bitcoin-${VERSION}-x86_64-linux-gnu.tar.gz"    > /tarball-name || true
-RUN [ "${TARGETARCH}" = "arm64" ] && echo "bitcoin-${VERSION}-aarch64-linux-gnu.tar.gz"   > /tarball-name || true
-RUN [ "${TARGETARCH}" = "arm" ]   && echo "bitcoin-${VERSION}-arm-linux-gnueabihf.tar.gz" > /tarball-name || true
-RUN echo "Tarball name: $(cat /tarball-name)"
+RUN echo "Deriving tarball name from \$TARGETPLATFORM" && \
+    case "${TARGETPLATFORM}" in \
+      "linux/amd64")  echo "bitcoin-${VERSION}-x86_64-linux-gnu.tar.gz"    > /tarball-name ;; \
+      "linux/arm64")  echo "bitcoin-${VERSION}-aarch64-linux-gnu.tar.gz"   > /tarball-name ;; \
+      *) echo "Unsupported platform: ${TARGETPLATFORM}" && exit 1 ;; \
+    esac && \
+    echo "Tarball name: $(cat /tarball-name)"
 
 RUN echo "Downloading release assets"
 RUN wget https://bitcoincore.org/bin/bitcoin-core-${VERSION}/$(cat /tarball-name)
 RUN wget https://bitcoincore.org/bin/bitcoin-core-${VERSION}/SHA256SUMS.asc
-# This file only exists after v22 so allow it to fail
-RUN wget https://bitcoincore.org/bin/bitcoin-core-${VERSION}/SHA256SUMS || true
+RUN wget https://bitcoincore.org/bin/bitcoin-core-${VERSION}/SHA256SUMS
 RUN echo "Downloaded release assets:" && ls
 
 RUN echo "Verifying PGP signatures"
@@ -48,7 +99,7 @@ RUN echo "PGP signature verification passed"
 RUN echo "Verifying checksums"
 RUN [ -f SHA256SUMS ] && cp SHA256SUMS /sha256sums || cp SHA256SUMS.asc /sha256sums
 RUN grep $(cat /tarball-name) /sha256sums | sha256sum -c
-RUN echo "Chucksums verified ok"
+RUN echo "Checksums verified ok"
 
 RUN echo "Extracting release assets"
 RUN tar -zxvf $(cat /tarball-name) --strip-components=1